openldap/libraries/libldap
Rich Megginson 210b156ece ITS#7002 MozNSS: fix VerifyCert allow/try behavior
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set.  This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
2011-07-28 14:09:55 -07:00
..
abandon.c Happy New Year 2011-01-05 00:42:37 +00:00
add.c Happy New Year 2011-01-05 00:42:37 +00:00
addentry.c Happy New Year 2011-01-05 00:42:37 +00:00
apitest.c Happy New Year 2011-01-05 00:42:37 +00:00
assertion.c Happy New Year 2011-01-05 00:42:37 +00:00
bind.c Happy New Year 2011-01-05 00:42:37 +00:00
cancel.c Happy New Year 2011-01-05 00:42:37 +00:00
charray.c Happy New Year 2011-01-05 00:42:37 +00:00
compare.c Happy New Year 2011-01-05 00:42:37 +00:00
controls.c Happy New Year 2011-01-05 00:42:37 +00:00
cyrus.c ITS#6828 fix TLS setup with async connect 2011-06-08 18:27:54 -07:00
dds.c Happy New Year 2011-01-05 00:42:37 +00:00
delete.c Happy New Year 2011-01-05 00:42:37 +00:00
deref.c Happy New Year 2011-01-05 00:42:37 +00:00
dnssrv.c Happy New Year 2011-01-05 00:42:37 +00:00
dntest.c Happy New Year 2011-01-05 00:42:37 +00:00
error.c Happy New Year 2011-01-05 00:42:37 +00:00
extended.c Happy New Year 2011-01-05 00:42:37 +00:00
fetch.c ITS#6870 move ldif.c and fetch.c from liblutil to libldap 2011-03-24 06:49:04 +00:00
filter.c Happy New Year 2011-01-05 00:42:37 +00:00
free.c Happy New Year 2011-01-05 00:42:37 +00:00
ftest.c Happy New Year 2011-01-05 00:42:37 +00:00
getattr.c Happy New Year 2011-01-05 00:42:37 +00:00
getdn.c Happy New Year 2011-01-05 00:42:37 +00:00
getentry.c Happy New Year 2011-01-05 00:42:37 +00:00
getvalues.c Happy New Year 2011-01-05 00:42:37 +00:00
gssapi.c Happy New Year 2011-01-05 00:42:37 +00:00
init.c ITS#6832 #elif cleanup 2011-02-17 00:36:30 +00:00
ldap_sync.c ITS#6932: Clean up strange asserts & nearby code. 2011-05-05 15:55:29 +02:00
ldap-int.h ITS#6828 fix TLS setup with async connect 2011-06-08 18:27:54 -07:00
ldap-tls.h Happy New Year 2011-01-05 00:42:37 +00:00
ldap.conf Remove extrananous space in DN (in comment) 2007-02-19 23:39:01 +00:00
ldif.c ITS#6947 Handle missing '\n' termination in LDIF input 2011-06-20 18:18:34 -07:00
ldifutil.c ITS#6978 bail out on invalid input 2011-06-23 13:17:08 -07:00
Makefile.in ITS#6870 move ldif.c and fetch.c from liblutil to libldap 2011-03-24 06:49:04 +00:00
messages.c Happy New Year 2011-01-05 00:42:37 +00:00
modify.c Happy New Year 2011-01-05 00:42:37 +00:00
modrdn.c Happy New Year 2011-01-05 00:42:37 +00:00
open.c ITS#6828 set ld_errno on connect failures 2011-06-27 18:43:31 -07:00
options.c ITS#6931 Catch NULL ld for LDAP_OPT_SESSION_REFCNT. 2011-05-05 14:10:32 +02:00
os-ip.c do not hijack loop counter (ITS#6813; blind fix) 2011-01-29 11:05:08 +00:00
os-local.c ITS#6930 Plug ldapi://too-long-path socket leak. 2011-05-05 13:52:08 +02:00
pagectrl.c Happy New Year 2011-01-05 00:42:37 +00:00
passwd.c Happy New Year 2011-01-05 00:42:37 +00:00
ppolicy.c Happy New Year 2011-01-05 00:42:37 +00:00
print.c Happy New Year 2011-01-05 00:42:37 +00:00
references.c Happy New Year 2011-01-05 00:42:37 +00:00
request.c ITS#6828 fix TLS setup with async connect 2011-06-08 18:27:54 -07:00
result.c Happy New Year 2011-01-05 00:42:37 +00:00
sasl.c Happy New Year 2011-01-05 00:42:37 +00:00
sbind.c Happy New Year 2011-01-05 00:42:37 +00:00
schema.c Happy New Year 2011-01-05 00:42:37 +00:00
search.c Happy New Year 2011-01-05 00:42:37 +00:00
sort.c Happy New Year 2011-01-05 00:42:37 +00:00
sortctrl.c Happy New Year 2011-01-05 00:42:37 +00:00
stctrl.c Happy New Year 2011-01-05 00:42:37 +00:00
string.c Happy New Year 2011-01-05 00:42:37 +00:00
t61.c Happy New Year 2011-01-05 00:42:37 +00:00
test.c Happy New Year 2011-01-05 00:42:37 +00:00
tls2.c Add LDAP_OPT_X_TLS_PACKAGE 2011-06-10 02:11:26 -07:00
tls_g.c Happy New Year 2011-01-05 00:42:37 +00:00
tls_m.c ITS#7002 MozNSS: fix VerifyCert allow/try behavior 2011-07-28 14:09:55 -07:00
tls_o.c Happy New Year 2011-01-05 00:42:37 +00:00
turn.c Happy New Year 2011-01-05 00:42:37 +00:00
txn.c Happy New Year 2011-01-05 00:42:37 +00:00
unbind.c Happy New Year 2011-01-05 00:42:37 +00:00
url.c Happy New Year 2011-01-05 00:42:37 +00:00
urltest.c Happy New Year 2011-01-05 00:42:37 +00:00
utf-8-conv.c Happy New Year 2011-01-05 00:42:37 +00:00
utf-8.c Happy New Year 2011-01-05 00:42:37 +00:00
util-int.c Fix ITS#6672: Do not return LDAP_MUTEX_LOCK(). 2011-01-12 14:25:37 +00:00
vc.c Catch ber errors in vc (Verify Credentials) 2011-01-17 13:15:27 +00:00
vlvctrl.c Happy New Year 2011-01-05 00:42:37 +00:00
whoami.c Happy New Year 2011-01-05 00:42:37 +00:00