When a checkpoint happens, if we remove the CSN from the pending list,
accesslog won't pass it onto the accesslog DB. But in a delta-mmr
scenario, an accesslog entry without a CSN faces a race where it might
be applied twice - that usually fails and causes a full refresh, other
times it can cause a silent desync - both are undesirable.
Move install of CA cert to a pool thread, otherwise cn=config deadlocks
on dynamically loaded overlay.
Dup/release entry before attempting to modify it, to avoid deadlocks
in back-bdb/hdb.
Always use PKCS#8 format when storing private keys.
Make two successive modifications of the same attribute separate. This
lets the consumer interpret the log entry the same way as the server
that produced it.
Still depends on the log entry attributes being read in the same order
as they were written.
Prevent spurious contextCSN generation
and ignore consumers when we have no contextCSN yet.
But make sure to propagate valid contextCSN updates to
accesslog/syncprov for delta consumers.
config_fp_parse_line processes backslash escapes. When existing rewrite
rules were reloaded while inserting a new rule, this caused backslashes
to be lost from every rule except the most recently inserted one.
config_parse_ldif performs similar splitting, but leaves backslashes
alone.
If dds is present early in the overlay stack, the modify ops from
dds_expire can trigger other overlays before they have initialized.
Avoid that by delaying the first expiry until startup has finished.
If multiple ppolicy overlays are present on a glued tree, they all
attempt to update the policy operational attributes in response to
password-related activities. The redundant mod ops will cause the
entire op to fail. Check for these ops before inserting new ones.
