upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-02-18 18:18:06 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
23128 commits 38 branches 313 tags 89 MiB
Commit graph

1791 commits

Author SHA1 Message Date
Howard Chu
10b6e5a964 ITS#9521 additional ciphersuite fixes 
Actually check version of matched ciphersuite names.
Also, don't change existing TLS1.3 suites if none are specified
in the new suite string. Avoids ITS#9546.
 2021-05-10 15:04:41 +00:00
Howard Chu
5452fb154e ITS#9530 ldo_defbase now must be freed in ldap_ld_free() 2021-04-30 16:58:38 +00:00
Norm Green
32e965c271 ITS#9530 fix double-free of LDAP_OPT_DEFBASE 2021-04-30 16:58:32 +00:00
Howard Chu
a48267c234 ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1.1 2021-04-09 18:37:15 +00:00
Quanah Gibson-Mount
4feb73d349 Happy New Year! 2021-01-11 19:32:31 +00:00
Howard Chu
4bdfffd288 ITS#9425 add more checks to ldap_X509dn2bv 2020-12-15 21:26:54 +00:00
Howard Chu
8c1d96ee36 ITS#9423 ldap_X509dn2bv: check for invalid BER after RDN count 2020-12-15 21:22:56 +00:00
Howard Chu
5f2b1e0b02 ITS#9332 add placeholder in LDAP_LDO_TLS_NULLARG 2020-09-01 20:21:22 +01:00
Howard Chu
d2139d5cc9 ITS#9054 fix typo 2020-08-27 15:05:46 +00:00
Howard Chu
ec5eba5393 ITS#9328 cldap: check for error on connected socket 
libldap doesn't use a connected socket for UDP sessions, but 3rd
parties can, passed in with ldap_init_fd().
 2020-08-26 21:38:17 +00:00
Howard Chu
730ba65ec2 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 22:43:47 +00:00
Howard Chu
aacec4c810 ITS#9054 Add support for multiple EECDH curves 
Requires OpenSSL 1.0.2 or newer
 2020-08-21 22:21:43 +00:00
Ondřej Kuzník
9893706828 ITS#9279 Send Netscape expired control as a bare string 2020-07-27 17:39:52 +00:00
Ondřej Kuzník
0687e289e4 ITS#9279 Expose Netscape password policy controls in libldap 2020-07-22 22:11:44 +00:00
Howard Chu
c91cafcf10 ITS#9287 use getaddrinfo for ldap_pvt_get_fqdn 
If getaddrinfo is available, should use it here
 2020-07-16 21:33:53 +00:00
Quanah Gibson-Mount
e40678626e ITS#9275 -- Update wording to remove slave and master terms, consolidate on provider/consumer 2020-06-22 19:11:40 +00:00
Quanah Gibson-Mount
85fc8974f5 ITS#8650 - Fix Debug usage to follow RE24 format 2020-04-28 20:49:53 +00:00
Howard Chu
7cf7aa3141 ITS#8650 loop on incomplete TLS handshake 
Always retry ldap_int_tls_connect() if it didn't complete,
regardless of blocking or non-blocking socket. Code from
ITS#7428 was wrong to only retry for async.
 2020-04-13 16:32:35 +00:00
Quanah Gibson-Mount
f8b92e8e28 ITS#9175 - Fix argument cast 
Fixes potential segfault in ldapsearch
 2020-02-21 21:11:49 +00:00
Howard Chu
a64febc5c6 ITS#9147 plug descriptor leak if ldaps connect fails 2020-01-11 23:15:28 +00:00
Quanah Gibson-Mount
ea3194a644 Happy New Year! 2020-01-09 17:39:19 +00:00
Ryan Tandy
29859d5d31 ITS#9069 Do not call gnutls_global_set_mutex() 
Since GnuTLS moved to implicit initialization on library load, calling
this function deinitializes GnuTLS and then re-initializes it.

When GnuTLS uses /dev/urandom as an entropy source (getrandom() not
available, or older versions of GnuTLS), and the application closed all
file descriptors at startup, this could result in GnuTLS opening
/dev/urandom over one of the application's file descriptors when
re-initialized.

Additionally, the custom mutex functions are never reset, so if libldap
is unloaded (for example via dlclose()) after calling this, its code may
be unmapped and the application could crash when GnuTLS calls the mutex
functions.

On typical systems, GnuTLS system mutexes are probably the same as what
libldap uses anyway.
 2019-11-21 20:24:13 +00:00
Ondřej Kuzník
6091d74863 ITS#9081 Do not leak sb (ITS#8755 regression) 2019-10-15 00:20:33 +00:00
Quanah Gibson-Mount
1f25fbc9b9 ITS#7585 - Windows doesn't support LDAPI 
Adjust patch for ITS#7585 as Windows does not have LDAPI support.
 2019-07-23 14:46:22 +00:00
Quanah Gibson-Mount
12d5bbd1bf Revert "use AI_ADDRCONFIG if defined in the environment" 
This reverts commit 33945aeb96.

Depends on custom glibc from RedHat
 2019-07-19 16:23:18 +00:00
Quanah Gibson-Mount
b46e65aa71 Fix previous commit. It broke builds where --with-cyrus-sasl=no is set. 2019-06-27 17:45:38 +00:00
Howard Chu
1cadf3d0b4 ITS#9041 - Cleanup limits in cyrus.c 2019-06-25 14:58:56 +00:00
Ondřej Kuzník
877faea723 ITS#7996 Use a separate mutex in ldap_int_initialize 2019-06-21 13:03:01 +00:00
Ondřej Kuzník
8cb7f2f818 ITS#8755 Do not close the default SockBuf a second time 2019-06-20 17:41:37 +00:00
Jame Gerwe
c4decdfc54 ITS#8794 - Fix implicit declaration for ldap_is_ldapc_url 
Fix building OpenLDAP with -DLDAP_CONNECTIONLESS so that ldap_is_ldapc_url function is defined
 2019-06-17 17:28:49 +00:00
Ondřej Kuzník
c4f55cea87 ITS#8754 Don't try IPv6 addresses unless configured to 2019-06-13 18:44:09 +00:00
Côme Chilliet
8e6d1b8b81 ITS#8674 Return correct result from ldap_create_assertion_control_value 
ldap_create_assertion_control_value was returning ld->ld_errno
 upon success without reseting it to LDAP_SUCCESS first
 2019-06-13 18:42:03 +00:00
Ondřej Kuzník
cde56fad15 ITS#7996 Tighten race in ldap_int_initialize 2019-06-13 18:26:08 +00:00
Patrick Monnerat
e5f945bab4 ITS#7042 Allow unsetting of tls_* syncrepl options. 
This can be done by setting them to an empty string value.
 2019-06-13 18:23:58 +00:00
Jan Vcelak
33945aeb96 use AI_ADDRCONFIG if defined in the environment 2019-05-13 15:35:11 +00:00
Howard Chu
b68bf28591 ITS#7595 don't try to use EC if OpenSSL lacks it 2019-05-06 20:08:32 +00:00
Howard Chu
2e62a2511a ITS#7595 Add Elliptic Curve support for OpenSSL 2019-05-06 20:07:30 +00:00
Sumit Bose
f2ae471ad2 ITS#7585 fix ldapi with SASL_NOCANON 
Was using the ldapi socket path as a hostname
 2019-04-18 23:38:13 +00:00
Ondřej Kuzník
d1653bb1a5 ITS#8980 Actually return the computed status 2019-03-19 17:38:22 +00:00
Vernon Smith
d4a0a9b3a6 ITS#8980 fix async connections with non-blocking TLS 2019-02-28 17:41:06 +00:00
Quanah Gibson-Mount
a5a8739b44 ITS#8957 - Fix ASYNC TLS 
Fix ASYNC TLS by correctly handling a return code of -2 in addition to 0
 2019-01-31 23:43:35 +00:00
Quanah Gibson-Mount
61680107a1 ITS#8968 - Fix ASYNC connection on Solaris 10 
Fixes ASYNC connections to handle a return code of ENOTCONN as this is
what Solaris 10 does.
 2019-01-31 23:43:35 +00:00
Quanah Gibson-Mount
37e4d827db Happy New Year! 2019-01-14 18:49:30 +00:00
Howard Chu
0d34830b1c ITS#8353 CRYPTO_set_id_callback deprecated in OpenSSL 0.9.9 2019-01-02 16:01:07 +00:00
Howard Chu
11320a9156 ITS#8727 plug ber leaks 2018-12-20 04:26:56 +00:00
Howard Chu
09d82b8b51 ITS#8809 add missing includes 2018-09-24 16:57:28 +00:00
Ryan Tandy
8fab6492f7 Revert "ITS#8650 retry gnutls_handshake after GNUTLS_E_AGAIN" 
This reverts commit 7b5181da8c.
 2018-09-24 16:57:18 +00:00
Ondřej Kuzník
849f937d0a ITS#8842 Do some printability checks on the dc RDN 2018-07-10 13:33:35 +00:00
Quanah Gibson-Mount
eebf662409 Happy New Year 2018-03-22 15:41:52 +00:00
Howard Chu
e2c6bec025 Cleanup warnings 2018-02-09 17:50:45 +00:00