upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-21 15:19:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24473 commits 38 branches 309 tags 68 MiB
Commit graph

260 commits

Author SHA1 Message Date
Ondřej Kuzník
6063498361 ITS#10297 Defer hostname resolution til first use 2025-05-09 09:31:26 +01:00
Ondřej Kuzník
d143f7a2dc ITS#8047 Fix TLS connection timeout handling 
The test for async in ldap_int_tls_start was inverted, we already
support calling ldap_int_tls_connect repeatedly. And so long as
LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
able to do the right thing.

Might require a new result code rather than reporposing
LDAP_X_CONNECTING for this.
 2024-10-26 20:51:35 +00:00
Quanah Gibson-Mount
073232bbc7 Happy New Year! 2024-03-26 19:45:07 +00:00
Quanah Gibson-Mount
788e9592ba Happy New Year! 2022-01-07 18:40:00 +00:00
Nadezhda Ivanova
db389d38ce ITS#9502 Implement LDAP_OPT_TCP_USER_TIMEOUT 2021-04-22 21:52:12 +00:00
Howard Chu
e0dcf4c4d7 ITS#9518 fix prev commit 2021-04-09 19:29:11 +01:00
Howard Chu
2a3b64f4e6 ITS#9518 add LDAP_OPT_X_TLS_PROTOCOL_MAX option 
OpenSSL only
 2021-04-09 18:12:40 +01:00
Ondřej Kuzník
3bd1b0909a ITS#9001 Use a TAvl for request tracking in libldap 2021-03-30 15:46:40 +01:00
HoweverAT
9d594a118e ITS#8847 Add SOCKET_BIND_ADDRESSES Option 2021-03-25 18:47:11 +00:00
Paul B. Henson
146889f205 ITS#9419 Add support for HAProxy proxy protocol v2 2021-02-24 18:11:09 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Howard Chu
4c74bd0a41 ITS#9332 add placeholder in LDAP_LDO_TLS_NULLARG 2020-09-01 20:25:00 +01:00
Howard Chu
608a822349 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 18:05:08 +00:00
Ryan Tandy
a4474d3584 ITS#9235 Delete LDAP_THREAD_SAFE 2020-07-03 17:24:16 -07:00
Ryan Tandy
a5c0b59398 ITS#9235 Define LDAP_R_COMPILE iff building with threads 2020-07-03 17:23:14 -07:00
Isaac Boukris
4cac398b19 ITS#9189 - initialize ldo_sasl_cbinding in LDAP_LDO_SASL_NULLARG 
Reported-by: Ryan Tandy @ryan
 2020-04-23 22:28:51 +00:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
e50741e459 ITS#6567 - More cleanup 2020-04-13 17:19:35 +00:00
Quanah Gibson-Mount
c6493c45b5 ITS#6567 - Remove non-cyrus-sasl GSSAPI bits 2020-04-10 18:19:33 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Nadezhda Ivanova
f239bbd3c6 Add LDAP_OPT_KEEPCONN option 
This option instructs try_read1msg to not free the connection on read error
or on Notice of disconnections, but leave it to the caller. It is needed,
for example, by back-asyncmeta, who expects to have control on when
its target connections are freed. Must be used with caution.
 2019-02-28 17:27:54 +00:00
Ondřej Kuzník
e6ae7d5136 ITS#8731 Make loading ldap-int.h possible from server code again 2019-02-19 17:14:26 +00:00
Ondřej Kuzník
254d2adab0 ITS#8731 Rework logging 2019-02-15 16:51:53 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Ondřej Kuzník
8e34ed8c78 ITS#8753 Public key pinning support in libldap 2017-11-13 17:24:49 +00:00
Ondřej Kuzník
91ebfc82ea ITS#8753 Move base64 decoding to separate file 2017-11-13 16:51:01 +00:00
Howard Chu
b402a2805f Add options to use DER format cert+keys directly 
Instead of loading from files.
 2017-04-09 00:13:42 +01:00
Quanah Gibson-Mount
1df85d3427 Happy New Year! 2017-01-03 12:36:47 -08:00
Quanah Gibson-Mount
6c4d6c880b Happy New Year! 2016-01-29 13:32:05 -06:00
Howard Chu
db3175eaba ITS#8262 more 
extended ops
 2015-10-02 05:14:53 +01:00
Howard Chu
34ccd14f3e ITS#8262 add ldap_build_*_req functions 
Basic ops except abandon and unbind; since they get no reply
it's not important for the caller to know their msgID.
 2015-10-02 05:02:15 +01:00
Howard Chu
e75fbc953f ITS#8201 LDAPSTACKGUARD feature 2015-07-16 18:58:23 +01:00
Quanah Gibson-Mount
1705fa7e55 Happy New Year 2015-02-11 15:36:57 -06:00
Kurt Zeilenga
5c878c1bf2 Happy new year (belated) 2014-01-25 05:21:25 -08:00
Howard Chu
e631ce808e ITS#7595 Add Elliptic Curve support for OpenSSL 2013-09-07 09:47:40 -07:00
Howard Chu
ca310ebff4 Add channel binding support 
Currently only implemented for OpenSSL.
Needs an option to set the criticality flag.
 2013-08-26 23:31:48 -07:00
Howard Chu
1e68029078 Drop ldap_int_sasl_mutex 
It was introduced for Cyrus 1.5 in 2001; we've been on 2.x since 2002 and
Cyrus does its own locking when needed.
 2013-04-24 00:52:52 -07:00
Kurt Zeilenga
0fd1bf30b8 Happy New Year 2013-01-02 10:22:57 -08:00
Ralf Haferkamp
c728ebf586 ITS#7428 Use non-blocking IO during SSL Handshake 
If a timeout is set, perform the SSL Handshake using non-blocking IO.  This way
we can timeout if SSL Handshake gets stuck for whatever reason.

This code is currently hidden behind #ifdefs (LDAP_USE_NON_BLOCKING_TLS) and
disabled by default as there seem to be some problems using NON-blocking
I/O during the TLS Handshake when linking against NSS (either a bug in NSS
itself of in tls_m.c, see discussion on -devel)

This patch adds an additional parameter to ldap_int_poll() in order to indicate
if we're waiting in order to perform a read or write operation.
 2012-11-21 14:25:18 +01:00
Mat Booth
e6d190c7de ITS#7332 Changes required to build with Microsoft Visual Studio 2012-07-23 08:29:39 -07:00
Frederik Deweerdt
8bb9e88d5f ITS#7270 Protect accesses to ldap_int_hostname with a mutex. 
Not protecting the accesses to ldap_int_hostname could lead to a double
free.
 2012-05-30 05:49:53 -07:00
Howard Chu
33f6bc4fe6 ITS#7167 only poll sockets for write as needed 2012-02-20 14:51:30 -08:00
Howard Chu
ce2c041671 Cleanup gssapi_flags -> ldo_gssapi_flags 2012-01-24 15:43:39 -08:00
Howard Chu
7ff18967d7 More for prev commit (270ef33acf) 2012-01-24 15:43:14 -08:00
Howard Chu
270ef33acf ITS#7118, #7133 tentative fix 
Move mutexes to end of structs, so libldap can ignore them
 2012-01-24 13:32:52 -08:00
Kurt Zeilenga
2bbf9804b9 Happy New Year! 2012-01-01 07:10:53 -08:00
Howard Chu
33f3de77f1 ITS#6828 fix TLS setup with async connect 2011-06-08 18:27:54 -07:00
Hallvard Furuseth
9eb5ecba15 ITS#5421 comment ldapoptions vs ldapoptions_prefix 2011-01-20 10:45:14 +00:00
Howard Chu
6a544b7193 Silence stupid MUTEX_FIRSTCREATE warnings 2011-01-11 21:34:55 +00:00