upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24473 commits 38 branches 309 tags 68 MiB
Commit graph

2084 commits

Author SHA1 Message Date
Caolán McNamara
f584da2fe7 ITS#10375 libldap/tls2: const up oids 
to move it out of the .data section
 2025-07-28 15:19:04 +01:00
Howard Chu
7d2805f27c ITS#10370 libldap: don't assert on network input 2025-07-23 22:05:25 +01:00
Howard Chu
76e1492809 ITS#10356 libldap: implement LDAP_OPT_REFHOPLIMIT 2025-06-20 02:35:44 +00:00
Michael Kourlas
585e6aa9a5 ITS#10330 keep socket non-blocking during polling in ldap_int_tls_start 
During TLS negotiation, if a timeout is set, ldap_int_tls_start sets the
socket to non-blocking and calls ldap_int_poll in a loop if
ldap_int_tls_connect does not succeed the first time it is called.

However, ldap_int_poll sets the socket back to blocking and we currently
do not set it back to non-blocking. This means that a subsequent call to
ldap_int_tls_connect may hang and the configured timeout will not be
enforced. To fix this, we now set the socket back to non-blocking after
ldap_int_poll is called.
 2025-06-19 13:49:40 +00:00
Michael Kourlas
76b9c476dd ITS#10330 do not poll socket in ldap_int_tls_start if no timeout set 
This probably had no effect, but is unnecessary.
 2025-06-19 13:49:40 +00:00
Ondřej Kuzník
6063498361 ITS#10297 Defer hostname resolution til first use 2025-05-09 09:31:26 +01:00
Howard Chu
10456f5850 ITS#10326 mbedtls: always call mbedtls_ssl_set_hostname() 
Even if hostname is NULL, the library requires this be called once.
If non-NULL, mbedtls may do a hostname check which is redundant
since libldap does its own check.
 2025-04-22 17:26:46 +01:00
Ondřej Kuzník
2ba10ad59c ITS#10229 Adjust ldap_result behaviour with LDAP_MSG_RECEIVED 2024-12-16 16:18:53 +00:00
Ondřej Kuzník
d143f7a2dc ITS#8047 Fix TLS connection timeout handling 
The test for async in ldap_int_tls_start was inverted, we already
support calling ldap_int_tls_connect repeatedly. And so long as
LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
able to do the right thing.

Might require a new result code rather than reporposing
LDAP_X_CONNECTING for this.
 2024-10-26 20:51:35 +00:00
Ondřej Kuzník
40b6592adf ITS#10263 Reject modifications with invalid whitespace 2024-10-26 16:49:39 +00:00
Ondřej Kuzník
3f6cec3b46 ITS#10264 Free NoD data we stored locally 2024-10-02 13:23:44 +01:00
Ondřej Kuzník
139944ac1e ITS#7982 Log TLS proto+cipher suite on client side 2024-09-27 14:21:20 +01:00
Ryan Tandy
aa7b1a3db9 ITS#10253 Fix incompatible pointer type 2024-08-21 17:48:45 -07:00
Howard Chu
c9ab732ec1 ITS#10247 libldap: add ldap_url_check_ext() to check URL extensions 
And check validity earlier, in ldap_initialize() and ldap_init_fd().
 2024-08-20 15:39:04 +00:00
Howard Chu
4fc6a3c064 ITS#10247 libldap: reject unrecognized critical URL extensions 2024-08-20 15:39:04 +00:00
Howard Chu
1fc09713b1 ITS#10224 libldap: check for OpenSSL EVP_Digest* failure 2024-06-07 15:34:23 +01:00
Howard Chu
4dfe057b58 ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure 2024-06-07 15:34:01 +01:00
Howard Chu
4d53ae28cf ITS#10216 libldap: fix OpenSSL channel binding digest 
The OBJ_find_ API is undocumented but this is what OpenSSL libcrypto does itself.
 2024-05-16 16:01:39 +01:00
Howard Chu
283b994104 ITS#10209 libldap: only use OPENSSL_INIT_NO_ATEXIT if it's defined 
Fake OpenSSL clones like LibreSSL don't support it.

In general we will make no effort to support fake OpenSSL clones.
 2024-05-09 17:19:15 +00:00
Quanah Gibson-Mount
073232bbc7 Happy New Year! 2024-03-26 19:45:07 +00:00
Howard Chu
a5953812f0 ITS#9952 TLS/OpenSSL: disable use of atexit() 
This will only have any effect if libldap is the first caller to
initialize OpenSSL, but that should be all that matters when libldap
is part of a dynmically loaded module. It prevents the crash in the
example cases given.
 2024-02-18 10:57:07 +00:00
Howard Chu
5e13ef87a9 Revert "ITS#9952 libldap: use atexit for TLS teardown" 
This reverts commit 337455eb3a.
The change was non-portable, caused ITS#10176. OpenSSL 3 is
broken and should be fixed.
 2024-02-13 17:29:05 +00:00
johan pascal
5a45cf6087 ITS#10014 Non blocking TLS session accept for mbedtls handle 2024-01-30 16:25:41 +00:00
Howard Chu
e40d3640a7 ITS#10145 ldap_url_parse_ext: fail earlier on bad URL enclosure 2023-12-16 14:01:46 +00:00
Howard Chu
4c80d78dcc ITS#10144 libldap: RDNs must contain at least 1 AVA 2023-12-16 12:47:55 +00:00
Howard Chu
f196fa17dc ITS#10124 libldap: fix dhparam init with OpenSSL 3.x 2023-11-06 09:08:43 +00:00
hyc
0ec664b0da ITS#10100 fix Windows timestamps 
Simplify, instead of trying to maintain offset between performance
counter and systemtime, just use performance counter.
 2023-10-23 19:47:23 +00:00
Howard Chu
8c482cec9a ITS#10094 libldap/OpenSSL: fix setting ciphersuites 
Don't try old-style ciphersuite list if only v1.3 or newer ciphers were specified
 2023-10-20 16:33:02 +00:00
Florin Crișan
b7a22d380e ITS#10101 libldap: fix double sb_close when first TLS connection fails 2023-09-21 17:34:59 +01:00
Ondřej Kuzník
4b7b2172d9 ITS#10060 Try harder to find a finished operation with msgid=LDAP_RES_ANY 2023-07-19 14:53:47 +00:00
Ondřej Kuzník
3676f3ad69 ITS#10060 Return tag of last message if all=LDAP_MSG_ALL 2023-07-19 14:53:47 +00:00
Howard Chu
337455eb3a ITS#9952 libldap: use atexit for TLS teardown 2023-05-31 16:04:15 +00:00
Ian Puleston
12d2382b53 ITS#10023 libldap: fix asynch connects 
This is option #1
 2023-05-25 16:56:00 +00:00
johan pascal
f7e6c71e13 ITS#10014: Add TLS handle using MbedTLS 2023-03-31 05:19:30 +00:00
Ian Puleston
818e2a5455 ITS#10035 Fix setting TLSv1.3 ciphersuite 2023-03-31 02:15:49 +01:00
Howard Chu
9682229983 ITS#10015 libldap: fix KEEPALIVE opts from ITS#9490 2023-02-22 11:33:16 +00:00
Howard Chu
372b40ad18 ITS#10003: ldap_open_internal_connection: fix mutex usage 
Note: this is a non-standard function with no use cases
 2023-02-17 15:52:35 +00:00
Ondřej Kuzník
12bf5a95ba ITS#9045 rlock only if there may be other threads 
We can't rlock if we've registered ourselves as a writer. We can only
figure that out by checking if we're the thread that initiated the
pause: is the server paused already?
 2023-01-23 11:53:36 +00:00
Howard Chu
41f87c53ec ITS#9937 libldap: fix put_simple_filter() with invalid filter 
Add check for trivial input string.
 2022-10-20 12:38:02 +01:00
Ondřej Kuzník
1220282dd5 ITS#8196/ITS#9714 Switch to xorshift 2022-09-19 16:32:39 +00:00
Howard Chu
3f2abd0b2e ITS#9904 ldap_url_parsehosts: check for strdup failure 
Avoid unnecessary strdup in IPv6 addr parsing, check for strdup
failure when dup'ing scheme.

Code present since 2000, 8da110a9e7
 2022-08-25 17:01:13 +01:00
Howard Chu
ea8dd2d279 ITS#9904 ldif_open_url: check for ber_strdup failure 
Code present since 1999, df8f7cbb9b
 2022-08-24 14:40:51 +01:00
Michael Osipov
519e0c94c9 ITS#9901 libldap: fix non-std printf %p arguments 2022-08-22 16:44:05 +00:00
Howard Chu
6c9eea7306 ITS#9899 libldap: fix non-std syntax in cyrus.c 
Broken in 3cd50fa8b3 for ITS#9189
 2022-08-22 16:44:05 +00:00
Howard Chu
aef1c05089 ITS#9894 don't use gmake-specific features 2022-08-15 20:53:03 +00:00
Howard Chu
d47f212679 Add nonstd cbind SASL secprop 
For Cyrus SASL 2.2, 8735185e9d
 2022-07-28 15:46:07 +00:00
Ondřej Kuzník
c07e961d40 ITS#9876 Some more leaks plugged 2022-07-08 15:45:55 +00:00
Howard Chu
78618653c2 ITS#9876 Coverity fixes: plug memleaks 2022-07-05 03:49:34 +01:00
Howard Chu
0b78166a47 ITS#9157: check for NULL ld 2022-05-21 16:39:29 +01:00
Howard Chu
1c197bbef9 Revert "ITS#9828 Fix ldap_count_values_len pointer confusion" 
This reverts commit 7e7fad5e03.
 2022-04-25 17:26:37 +01:00