upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-20 22:59:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24473 commits 38 branches 309 tags 68 MiB
Commit graph

98 commits

Author SHA1 Message Date
Ondřej Kuzník
6063498361 ITS#10297 Defer hostname resolution til first use 2025-05-09 09:31:26 +01:00
Howard Chu
1fc09713b1 ITS#10224 libldap: check for OpenSSL EVP_Digest* failure 2024-06-07 15:34:23 +01:00
Howard Chu
4dfe057b58 ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure 2024-06-07 15:34:01 +01:00
Howard Chu
4d53ae28cf ITS#10216 libldap: fix OpenSSL channel binding digest 
The OBJ_find_ API is undocumented but this is what OpenSSL libcrypto does itself.
 2024-05-16 16:01:39 +01:00
Howard Chu
283b994104 ITS#10209 libldap: only use OPENSSL_INIT_NO_ATEXIT if it's defined 
Fake OpenSSL clones like LibreSSL don't support it.

In general we will make no effort to support fake OpenSSL clones.
 2024-05-09 17:19:15 +00:00
Quanah Gibson-Mount
073232bbc7 Happy New Year! 2024-03-26 19:45:07 +00:00
Howard Chu
a5953812f0 ITS#9952 TLS/OpenSSL: disable use of atexit() 
This will only have any effect if libldap is the first caller to
initialize OpenSSL, but that should be all that matters when libldap
is part of a dynmically loaded module. It prevents the crash in the
example cases given.
 2024-02-18 10:57:07 +00:00
Howard Chu
f196fa17dc ITS#10124 libldap: fix dhparam init with OpenSSL 3.x 2023-11-06 09:08:43 +00:00
Howard Chu
8c482cec9a ITS#10094 libldap/OpenSSL: fix setting ciphersuites 
Don't try old-style ciphersuite list if only v1.3 or newer ciphers were specified
 2023-10-20 16:33:02 +00:00
Ian Puleston
818e2a5455 ITS#10035 Fix setting TLSv1.3 ciphersuite 2023-03-31 02:15:49 +01:00
Howard Chu
e62d05d26c ITS#9436 libldap: OpenSSL 3.0 compat 2022-02-03 16:42:44 +00:00
Orgad Shaneh
04093763f9 ITS#9791 Fix compilation with openssl exclusions 2022-01-25 15:41:07 +00:00
Quanah Gibson-Mount
788e9592ba Happy New Year! 2022-01-07 18:40:00 +00:00
Howard Chu
d285c05106 ITS#9686 plug peercert memleak 2021-09-15 13:03:13 +01:00
Howard Chu
ff0defdc13 ITS#6248 fix prev commit tlso_ca_list 
Don't quit on first dir failure, try them all before giving up.
 2021-07-22 23:54:25 +01:00
Howard Chu
dfcaa3f01e ITS#6248 support multiple CAcert dirs 2021-07-22 21:07:21 +01:00
Howard Chu
2c0707cf13 ITS#9157 save TLS errmsg in ld->ld_error 2021-07-22 15:27:31 +01:00
Bin Lan
457f5bd4a9 ITS#9602 Silence warnings in libldap/tls_o.c 2021-06-29 13:16:37 +01:00
Howard Chu
cd3567d750 ITS#9521 additional ciphersuite fixes 
Actually check version of matched ciphersuite names.
Also, don't change existing TLS1.3 suites if none are specified
in the new suite string. Avoids ITS#9546.
 2021-05-06 20:16:40 +01:00
Andreas Schulze
680091b5b4 ITS#8586 load cert+chain from TLSCertificateFile 
For OpenSSL
 2021-04-12 20:32:09 +01:00
Howard Chu
e0dcf4c4d7 ITS#9518 fix prev commit 2021-04-09 19:29:11 +01:00
Howard Chu
fe6a740381 ITS#9521 clarify - affects OpenSSL 1.1.1, not 1.1.0 2021-04-09 18:23:53 +01:00
Howard Chu
2a3b64f4e6 ITS#9518 add LDAP_OPT_X_TLS_PROTOCOL_MAX option 
OpenSSL only
 2021-04-09 18:12:40 +01:00
Howard Chu
b72bce2400 ITS#9521 Set TLSv1.3 cipher suites for OpenSSL 1.1 2021-04-09 15:59:22 +01:00
Matus Honek
1cb4d2f0c9 ITS#8904 - Ensure SSLv3 is enabled when necessary 
Either at compilation time, or as a system-wide configuration, OpenSSL
may have disabled SSLv3 protocol by default. This change ensures the
protocol NO flag is cleared when necessary, hence allowing for the
protocol to be used.
 2021-02-26 18:30:38 +00:00
Quanah Gibson-Mount
a84d11dcce ITS#9422 - Update for TLS v1.3 2021-02-25 21:32:58 +00:00
Quanah Gibson-Mount
61f619043e ITS#8580 - Explicitly honor the server side cipher suite preference 2021-01-28 20:22:50 +00:00
Quanah Gibson-Mount
efaf9a4a17 Happy New Year! 2021-01-11 19:25:53 +00:00
Howard Chu
536767798b ITS#9054 fix typo 2020-08-27 11:22:58 +01:00
Quanah Gibson-Mount
c1411b8199 ITS#9323 - Limit to OpenSSL 1.0.2 or later 2020-08-25 21:52:04 +00:00
Howard Chu
608a822349 ITS#9318 add TLS_REQSAN option 
Add an option to specify how subjectAlternativeNames should be
handled when validating the names in a server certificate.
 2020-08-21 18:05:08 +00:00
Howard Chu
2386a11649 ITS#9054 Add support for multiple EECDH curves 
Requires OpenSSL 1.0.2 or newer
 2020-08-21 07:58:07 +01:00
Howard Chu
4265849b0f ITS#9176 check for failure setting SNI 2020-04-27 18:54:02 +01:00
Howard Chu
b8f34888c3 ITS#9176 check for numeric addrs before passing SNI 2020-04-27 18:25:49 +01:00
Howard Chu
5c0efb9ce8 ITS#9176 Add TLS SNI support to libldap 
Implemented for OpenSSL, GnuTLS just stubbed
 2020-04-27 03:41:12 +01:00
Isaac Boukris
4c545ee078 ITS#9242 - ifdef tls-endpoint code in openssl pre 0.9.8 2020-04-25 22:50:52 +02:00
Isaac Boukris
3cd50fa8b3 ITS#9189 rework sasl-cbinding support 
Add LDAP_OPT_X_SASL_CBINDING option to define the binding type to use,
defaults to "none".

Add "tls-endpoint" binding type implementing "tls-server-end-point" from
RCF 5929, which is compatible with Windows.

Fix "tls-unique" to include the prefix in the bindings as per RFC 5056.
 2020-04-23 21:00:39 +02:00
Quanah Gibson-Mount
8505f774a5 Update to drop NON_BLOCKING ifdefs that were only really for moznss 2020-04-20 21:38:01 +00:00
Quanah Gibson-Mount
f6ad222e41 Happy New Year! 2020-01-09 16:50:21 +00:00
Ondřej Kuzník
aba073e171 ITS#8980 Actually return the computed status 2019-03-19 16:46:03 +00:00
Vernon Smith
8158888085 ITS#8980 fix async connections with non-blocking TLS 2019-02-28 17:02:40 +00:00
Ondřej Kuzník
09cec1f1b4 ITS#8731 Apply doc/devel/variadic_debug/03-libldap_Debug.cocci 2019-02-15 16:51:53 +00:00
Quanah Gibson-Mount
b45a6a7dc7 Happy New Year! 2019-01-14 18:46:16 +00:00
Howard Chu
d3b1558dcb ITS#8353 CRYPTO_set_id_callback deprecated in OpenSSL 0.9.9 2019-01-02 10:16:40 +00:00
Howard Chu
d7a778004b ITS#8809 add missing includes 2018-09-21 18:42:34 +01:00
Quanah Gibson-Mount
59e9ff6243 Happy New Year 2018-03-22 15:35:24 +00:00
Howard Chu
650b4822ce Avoid unnecessary C99 initializers 2018-01-25 15:40:26 +00:00
Howard Chu
f09ffffcbd Cleanup warnings 2018-01-25 15:36:00 +00:00
Bradley Baetz
e5ee07785e ITS#8791 fix OpenSSL 1.1.1 BIO_method compat 
Use the new methods unconditionally, define helper functions for older versions.
 2018-01-25 15:28:51 +00:00
Quanah Gibson-Mount
f5da6638ec ITS#8753, ITS#8774 - Fix compilation with older versions of OpenSSL 2017-11-17 14:30:45 -08:00