upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-24 00:29:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
24436 commits 38 branches 309 tags 68 MiB
Commit graph

4956 commits

Author SHA1 Message Date
Howard Chu
76e1492809 ITS#10356 libldap: implement LDAP_OPT_REFHOPLIMIT 2025-06-20 02:35:44 +00:00
Michael Kourlas
585e6aa9a5 ITS#10330 keep socket non-blocking during polling in ldap_int_tls_start 
During TLS negotiation, if a timeout is set, ldap_int_tls_start sets the
socket to non-blocking and calls ldap_int_poll in a loop if
ldap_int_tls_connect does not succeed the first time it is called.

However, ldap_int_poll sets the socket back to blocking and we currently
do not set it back to non-blocking. This means that a subsequent call to
ldap_int_tls_connect may hang and the configured timeout will not be
enforced. To fix this, we now set the socket back to non-blocking after
ldap_int_poll is called.
 2025-06-19 13:49:40 +00:00
Michael Kourlas
76b9c476dd ITS#10330 do not poll socket in ldap_int_tls_start if no timeout set 
This probably had no effect, but is unnecessary.
 2025-06-19 13:49:40 +00:00
Ondřej Kuzník
6063498361 ITS#10297 Defer hostname resolution til first use 2025-05-09 09:31:26 +01:00
Howard Chu
e5a545d54c ITS#10328 librewrite: fix substitution cleanup 2025-04-24 16:47:31 +00:00
Howard Chu
10456f5850 ITS#10326 mbedtls: always call mbedtls_ssl_set_hostname() 
Even if hostname is NULL, the library requires this be called once.
If non-NULL, mbedtls may do a hostname check which is redundant
since libldap does its own check.
 2025-04-22 17:26:46 +01:00
Ondřej Kuzník
2ba10ad59c ITS#10229 Adjust ldap_result behaviour with LDAP_MSG_RECEIVED 2024-12-16 16:18:53 +00:00
Ondřej Kuzník
d143f7a2dc ITS#8047 Fix TLS connection timeout handling 
The test for async in ldap_int_tls_start was inverted, we already
support calling ldap_int_tls_connect repeatedly. And so long as
LBER_SB_OPT_NEEDS_* are managed correctly, the application should be
able to do the right thing.

Might require a new result code rather than reporposing
LDAP_X_CONNECTING for this.
 2024-10-26 20:51:35 +00:00
Ondřej Kuzník
40b6592adf ITS#10263 Reject modifications with invalid whitespace 2024-10-26 16:49:39 +00:00
Ondřej Kuzník
3f6cec3b46 ITS#10264 Free NoD data we stored locally 2024-10-02 13:23:44 +01:00
Ondřej Kuzník
139944ac1e ITS#7982 Log TLS proto+cipher suite on client side 2024-09-27 14:21:20 +01:00
Ryan Tandy
aa7b1a3db9 ITS#10253 Fix incompatible pointer type 2024-08-21 17:48:45 -07:00
Howard Chu
c9ab732ec1 ITS#10247 libldap: add ldap_url_check_ext() to check URL extensions 
And check validity earlier, in ldap_initialize() and ldap_init_fd().
 2024-08-20 15:39:04 +00:00
Howard Chu
4fc6a3c064 ITS#10247 libldap: reject unrecognized critical URL extensions 2024-08-20 15:39:04 +00:00
Howard Chu
1fc09713b1 ITS#10224 libldap: check for OpenSSL EVP_Digest* failure 2024-06-07 15:34:23 +01:00
Howard Chu
4dfe057b58 ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure 2024-06-07 15:34:01 +01:00
Quanah Gibson-Mount
15edb3b30f Merge remote-tracking branch 'origin/mdb.RE/0.9' 2024-05-21 17:16:40 +00:00
Quanah Gibson-Mount
3a29a24777 Prep for release 2024-05-21 17:16:06 +00:00
Howard Chu
4d53ae28cf ITS#10216 libldap: fix OpenSSL channel binding digest 
The OBJ_find_ API is undocumented but this is what OpenSSL libcrypto does itself.
 2024-05-16 16:01:39 +01:00
Howard Chu
283b994104 ITS#10209 libldap: only use OPENSSL_INIT_NO_ATEXIT if it's defined 
Fake OpenSSL clones like LibreSSL don't support it.

In general we will make no effort to support fake OpenSSL clones.
 2024-05-09 17:19:15 +00:00
Quanah Gibson-Mount
2606b60c7a Merge remote-tracking branch 'origin/mdb.RE/0.9' 2024-05-07 17:29:31 +00:00
Quanah Gibson-Mount
f0fddaa6fe Merge remote-tracking branch 'origin/mdb.RE/0.9' 2024-05-07 17:29:20 +00:00
Quanah Gibson-Mount
7c99799729 ITS#10212 2024-05-07 16:49:34 +00:00
Quanah Gibson-Mount
ccbec37209 ITS#10198 2024-05-07 16:49:00 +00:00
Howard Chu
d83d6b4ebe ITS#10212 LMDB: better fix 2024-05-03 20:44:48 +01:00
Howard Chu
37829ce493 ITS#10212 LMDB: init txnid for read-only DBs 2024-05-02 16:33:14 +01:00
Howard Chu
d3ae7c36e5 ITS#10198 Win32 mdb_strerror - stop passing "ignored" parameter 
The M$ docs say the parameter is ignored, but it actually isn't,
and will cause a SEGV if the pointed memory isn't an init'd va_list.
 2024-04-04 07:17:35 +01:00
Quanah Gibson-Mount
073232bbc7 Happy New Year! 2024-03-26 19:45:07 +00:00
Quanah Gibson-Mount
7077d5e601 ITS#9037 2024-03-26 16:25:55 +00:00
Quanah Gibson-Mount
f186e4d934 ITS#10189 - Remove extraneous #endif 2024-03-26 16:23:20 +00:00
Howard Chu
83dc42c5ca ITS#9037 mdb_page_search: fix error code when DBI record is missing 
Use the more relevant MDB_BAD_DBI instead of MDB_NOTFOUND error code
 2024-03-26 14:52:42 +00:00
Howard Chu
a5953812f0 ITS#9952 TLS/OpenSSL: disable use of atexit() 
This will only have any effect if libldap is the first caller to
initialize OpenSSL, but that should be all that matters when libldap
is part of a dynmically loaded module. It prevents the crash in the
example cases given.
 2024-02-18 10:57:07 +00:00
Howard Chu
5e13ef87a9 Revert "ITS#9952 libldap: use atexit for TLS teardown" 
This reverts commit 337455eb3a.
The change was non-portable, caused ITS#10176. OpenSSL 3 is
broken and should be fixed.
 2024-02-13 17:29:05 +00:00
johan pascal
5a45cf6087 ITS#10014 Non blocking TLS session accept for mbedtls handle 2024-01-30 16:25:41 +00:00
Quanah Gibson-Mount
9fa4626497 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2024-01-29 18:21:14 +00:00
Quanah Gibson-Mount
e96d8dfa39 Prep for release 2024-01-29 18:20:26 +00:00
Quanah Gibson-Mount
dc7a286207 Merge remote-tracking branch 'origin/mdb.RE/0.9' 2024-01-20 22:31:58 +00:00
Howard Chu
5eb93a3b8a ITS#10125: fix bad merge 
From ac011b2c5a
 2024-01-20 21:16:17 +00:00
Quanah Gibson-Mount
6973baf416 ITS#10137 2024-01-16 20:30:34 +00:00
Clément Renault
95670e37c9 ITS#10137 LMDB: Allow users to define MDB_IDL_LOGN 2024-01-16 20:30:01 +00:00
Quanah Gibson-Mount
7c55484ee1 ITS#10150 - Remove dead code 
Remove dead code for ancient version of macos
 2024-01-12 15:11:27 +00:00
Quanah Gibson-Mount
ea975636ab ITS#9378, ITS#10125 2024-01-11 22:35:25 +00:00
Howard Chu
ac011b2c5a ITS#10125 mdb_load: fix cursor reinit in Append mode 2024-01-11 22:33:43 +00:00
Howard Chu
9bafe54967 ITS#9378 Add replay tool 
Reads a replay log and executes all the write ops
 2024-01-09 17:41:21 +00:00
Howard Chu
4a19b804cf ITS#9378 Add explicit replay logging 
Logs essential ops so they can be replayed.
Ignores read ops for now.
 2024-01-09 17:27:59 +00:00
Howard Chu
e40d3640a7 ITS#10145 ldap_url_parse_ext: fail earlier on bad URL enclosure 2023-12-16 14:01:46 +00:00
Howard Chu
4c80d78dcc ITS#10144 libldap: RDNs must contain at least 1 AVA 2023-12-16 12:47:55 +00:00
Howard Chu
f196fa17dc ITS#10124 libldap: fix dhparam init with OpenSSL 3.x 2023-11-06 09:08:43 +00:00
hyc
0ec664b0da ITS#10100 fix Windows timestamps 
Simplify, instead of trying to maintain offset between performance
counter and systemtime, just use performance counter.
 2023-10-23 19:47:23 +00:00
Quanah Gibson-Mount
31ba06e1da ITS#10095 2023-10-23 19:45:12 +00:00