upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-22 07:39:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
6593 commits 38 branches 309 tags 68 MiB
Commit graph

76 commits

Author SHA1 Message Date
Howard Chu
5528772f23 In ldap_int_tls_start, authid is very temporary, not const. 2002-04-19 04:35:16 +00:00
Howard Chu
202aa8c793 Fix memory leak in previous commit 2002-04-18 16:02:02 +00:00
Howard Chu
17ae956518 Added ldap_X509dn2bv() 
deleted ldap_pvt_tls_get_peer()
  changed ldap_pvt_tls_get_peer_dn() to use ldap_X509dn2bv()
  added ldap_pvt_tls_get_my_dn()
 2002-04-18 12:29:30 +00:00
Pierangelo Masarati
4a8ab5dbf2 Mostly based on patches provided by Hallvard B. Furuseth 
ITS#1677 - cast away const warnings
ITS#1678 - unsigned char args to ctype funcs
ITS#1682 - don't redefine ldap_debug
ITS#1683 - uninitialized vars
ITS#1703 - ldo_debug initialization
ITS#1705 - unsigned testing
ITS#1706 - socklen_t args
ITS#1719 - back-tcl update (other cleanups/fixes/improvements; yet untested)
ITS#1724 - integerNormalize/integerFilter/integerIndexer bugs
ITS#1725 - libdes not required

Implement back-null (/dev/null style backend)
Cleanup some misc warnings ("%lu" format, unused/uninitialized vars,
        ambiguous operator precedence)

Kurt, please regenerate configure
 2002-04-08 09:43:22 +00:00
Howard Chu
5c70106657 ITS#1708 ldap_pvt_tls_sb_ctx() et al 2002-04-05 06:48:03 +00:00
Kurt Zeilenga
b0b8546f05 Patch: More format bugs (ITS#1702) 
================
Written by Hallvard B. Furuseth and placed into the public domain.
This software is not subject to any license of the University of Oslo.
 2002-04-02 18:56:26 +00:00
Julius Enarusai
e86782aab9 Added LDAP_LOG messages 2002-04-01 23:39:36 +00:00
Kurt Zeilenga
fcf9f451a5 Copyright 2001, Adrian Thurston, All rights reserved. 
This software is not subject to any license of
Xandros Corporation.

This is free software; you can redistribute and use it under the same
terms as OpenLDAP itself.

 -------------------------------------------------------------------
This patch adds an option to ldap_get_option which can be called after
ldap_start_tls in order to obtain the pointer to the SSL object used
 2002-03-11 03:39:08 +00:00
Howard Chu
63a4a19732 Send a warning to the client if we try to use a bad cert. 2002-01-27 03:48:08 +00:00
Howard Chu
c3c85b4062 Extended TLS_REQCERT/TLSVerifyClient syntax to 4 states: never,allow,try, 
and hard/demand.
 2002-01-27 02:56:18 +00:00
Howard Chu
c81d2bb855 Fix, errno was incorrect after SSL_read returned 0 bytes, caused slapd to 
close the connection prematurely.
 2002-01-26 13:43:22 +00:00
Howard Chu
923e64156d More cleanup in ldap_pvt_tls_destroy() 2002-01-12 02:31:41 +00:00
Howard Chu
07119f7342 Fix ldap_start_tls_s, don't check for TLS present on a non-existent sockbuf 2002-01-12 02:25:22 +00:00
Kurt Zeilenga
0e2af54a3f Update copyright statements 2002-01-04 21:17:25 +00:00
Howard Chu
fca5613e98 Hide (make static) sb_bio_method and tls_sbio structures. They're 
already completely hidden by accessor functions.
 2002-01-02 22:29:11 +00:00
Kurt Zeilenga
943800a534 We "understand" localhost to be same as the local hostname as 
returned by gethostname().
 2001-12-17 23:56:16 +00:00
Howard Chu
88e3454654 Add #include <openssl/safestack.h> to fix ITS#1412 2001-11-30 02:37:39 +00:00
Howard Chu
33ace5610c Added ldap_pvt_tls_destroy() to cleanup TLS library on shutdown 2001-11-06 20:52:59 +00:00
Pierangelo Masarati
192f83540c missing leading quote 2001-10-25 18:56:06 +00:00
Kurt Zeilenga
187f190fb6 Don't pass NULL string pointers to Debug 2001-10-25 18:32:59 +00:00
Kurt Zeilenga
7a4b9e3c32 Minor cleanup 2001-09-18 17:35:47 +00:00
Howard Chu
e4d8a87ddc Silence some typecast warnings 2001-09-18 05:22:53 +00:00
Howard Chu
966616b274 Don't pass NULL hostname to ldap_pvt_tls_check_hostname, use "localhost" 2001-09-18 05:19:55 +00:00
Kurt Zeilenga
241d6a558e Remove dead code 2001-09-09 04:47:03 +00:00
Kurt Zeilenga
553d80cedd Blindly fix TLS/SASL external interaction. 2001-09-09 03:42:26 +00:00
Kurt Zeilenga
05c9d4bfda Fix TLS ldap.conf issues 2001-09-05 21:22:41 +00:00
Howard Chu
f3501cbf50 Fix ldap_int_tls_start to set its error codes in ld->ld_errno. 2001-09-02 12:06:41 +00:00
Howard Chu
b10e0029a5 Full implementation of server identity checking per RFC2830 section 3.6 2001-09-02 11:23:28 +00:00
Howard Chu
44a3160fec Remove redundant call of SSL_set_info_callback, to allow users 
to override it in the SSL_CTX.
 2001-08-29 20:28:08 +00:00
Kurt Zeilenga
05960887bb Fix -H ldaps:// crashes due to rework of TLS code 2001-08-27 20:22:28 +00:00
Kurt Zeilenga
16fa8c4a21 Fix bug introduced during TLS rework 2001-08-02 04:20:11 +00:00
Kurt Zeilenga
77f776dfd1 Another round of TLS updates to support secure referral chasing 2001-06-25 19:17:42 +00:00
Kurt Zeilenga
350ffe6d15 Rework tls check 
Needs to be connection specific
 2001-06-25 18:20:14 +00:00
Kurt Zeilenga
c4f5497ac6 move TLS ctx to lconn struct in prep for supporting TLS with referrals 
need to rework cert check to use per lconn host name
 2001-06-25 07:33:42 +00:00
Kurt Zeilenga
4a23c08678 Fix up error handling 2001-06-22 21:01:04 +00:00
Kurt Zeilenga
deb9644a8a Should not be using reverse lookup names to check certificates. 2001-05-19 23:07:46 +00:00
Kurt Zeilenga
c0a06f25c2 Add ldap_pvt_tls_get_peer_dn() routine. Returns peer as an LDAP DN. 2001-01-18 00:40:58 +00:00
Kurt Zeilenga
1d1c1edf44 update rand file after use 2001-01-10 21:14:13 +00:00
Kurt Zeilenga
6053ed1058 ITS#903: validate hostname in server cert from Norbert Klasen 
adapted as needed.
 2000-11-22 20:23:38 +00:00
Kurt Zeilenga
511a84bc31 First cut of SASL/EXTERNAL 2000-10-31 23:00:35 +00:00
Kurt Zeilenga
edef4b2970 ITS#821: TLS data ready fix from <mattc@chartist.com> 2000-10-16 20:26:56 +00:00
Kurt Zeilenga
2cdbfd069b Add missing newlines 2000-10-05 18:30:06 +00:00
Kurt Zeilenga
778b665242 Fix up some free'ing. 2000-10-02 17:43:39 +00:00
Kurt Zeilenga
90d557402b Should modify code to bail on initialization errors... 
For now, just (void) the return
 2000-09-21 19:56:04 +00:00
Randy Kunkee
ab3be5d76d Include <ac/param.h> to pick up MAXPATHLEN. 2000-09-13 07:26:55 +00:00
Kurt Zeilenga
92c55c4454 Clean up 2000-09-13 01:12:47 +00:00
Kurt Zeilenga
d554a31b58 Move ldap_pvt_tls_init call to ldap_pvt_tls_start 
Relax user-only options on TLS_RANDFILE and TLS_REQCERT
 2000-09-13 00:54:45 +00:00
Kurt Zeilenga
2c30c90876 Rework TLS code (only supports default connection) 2000-09-12 00:30:05 +00:00
Kurt Zeilenga
5518aefda0 Change default to SSL_PEER_NONE (don't require peer certificate). 2000-09-01 23:24:17 +00:00
Kurt Zeilenga
a2afb207be Move ldap_start_tls_s() to tls.c 2000-08-25 02:16:15 +00:00