upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-12-23 08:09:34 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
21846 commits 38 branches 309 tags 68 MiB
Commit graph

1849 commits

Author SHA1 Message Date
Pierangelo Masarati
568e3b7faa fix uninit'ed vars (ITS#7039) 2011-09-08 23:32:58 +02:00
Howard Chu
06ec9f1db2 ITS#7035 don't loop forever in wait4msg 2011-09-06 21:13:49 -07:00
Howard Chu
6546ecd39c ITS#7022 cleanup prev commit 2011-08-24 15:37:52 -07:00
Rich Megginson
a7aac14d2a ITS#7022 NSS_Init* functions are not thread safe 
The NSS_InitContext et. al, and their corresponding shutdown functions,
are not thread safe.  There can only be one thread at a time calling
these functions.  Protect the calls with a mutex.  Create the mutex
using a PR_CallOnce to ensure that the mutex is only created once and
not used before created.  Move the registration of the nss shutdown
callback to also use a PR_CallOnce.  Removed the call to
SSL_ClearSessionCache() because it is always called at shutdown, and we must
not call it more than once.
 2011-08-24 15:34:47 -07:00
Jan Vcelak
3dae953fd6 ITS#7014 TLS: don't check hostname if reqcert is 'allow' 
If server certificate hostname does not match the server hostname,
connection is closed even if client has set TLS_REQCERT to 'allow'. This
is wrong - the documentation says, that bad certificates are being
ignored when TLS_REQCERT is set to 'allow'.
 2011-08-24 15:27:29 -07:00
Rich Megginson
210b156ece ITS#7002 MozNSS: fix VerifyCert allow/try behavior 
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set.  This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
 2011-07-28 14:09:55 -07:00
Rich Megginson
fb4b4f7445 ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key 
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
 2011-07-28 14:00:15 -07:00
Jan Vcelak
e8ac17e17c ITS#6998 MozNSS: when cert not required, ignore issuer expiration 
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.
 2011-07-21 11:59:06 -07:00
Rich Megginson
d944920fd3 ITS#6980 free the result of SSL_PeerCertificate 
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.
 2011-06-29 16:56:26 -07:00
Howard Chu
7ee3dee647 ITS#6828 set ld_errno on connect failures 2011-06-27 18:43:31 -07:00
Howard Chu
052ac2f64a ITS#6828 silence warning in prev commit 2011-06-24 18:03:11 -07:00
Howard Chu
d0973003f7 ITS#6978 bail out on invalid input 2011-06-23 13:17:08 -07:00
Rich Megginson
5e467e4899 ITS#6862 MozNSS - workaround PR_SetEnv bug 2011-06-21 15:58:49 -07:00
Rich Megginson
d78cf81648 ITS#6975 MozNSS - allow cacertdir in most cases 
OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error.  Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail.  This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors.  The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.
 2011-06-21 15:56:55 -07:00
Jan Vcelak
65e163d268 ITS#6947 Handle missing '\n' termination in LDIF input 2011-06-20 18:18:34 -07:00
Howard Chu
9f7d119ce3 Add LDAP_OPT_X_TLS_PACKAGE 
to return the name of the underlying TLS implementation
 2011-06-10 02:11:26 -07:00
Howard Chu
33f3de77f1 ITS#6828 fix TLS setup with async connect 2011-06-08 18:27:54 -07:00
Hallvard Furuseth
fac36dcba7 ITS#6932: Clean up strange asserts & nearby code. 
Mostly found by Klocwork: Issues #213,298-300,331,342-343,374,390,410.
 2011-05-05 15:55:29 +02:00
Hallvard Furuseth
06dca7858e ITS#6931 Catch NULL ld for LDAP_OPT_SESSION_REFCNT. 
Klocwork issue#111, ldap_get_option().
 2011-05-05 14:10:32 +02:00
Hallvard Furuseth
a1cb490d0c ITS#6930 Plug ldapi://too-long-path socket leak. 
Klocwork issue#117, ldap_connect_to_path().
 2011-05-05 13:52:08 +02:00
Howard Chu
9b463b59ec ITS#6898 fix regression from ITS#6625 
compound statements need brackets, duh.
 2011-04-09 16:55:00 -07:00
Howard Chu
f8a5ce4a6e ITS#6870 move ldif.c and fetch.c from liblutil to libldap 2011-03-24 06:49:04 +00:00
Howard Chu
31a8460417 ITS#6863, fix crashes in ITS#6714 patch. From Jan Vcelak @ Red Hat 2011-03-16 18:23:26 +00:00
Howard Chu
6f1d218652 ITS#6832 #elif cleanup 2011-02-17 00:36:30 +00:00
Howard Chu
bbecfa740d ITS#6811, more for #6802 PKCS11 fork() handling from Rich Megginson @ Red Hat 2011-01-29 20:40:20 +00:00
Pierangelo Masarati
45d580e941 do not hijack loop counter (ITS#6813; blind fix) 2011-01-29 11:05:08 +00:00
Howard Chu
2d545befdd Cleanup version checking 2011-01-27 21:43:22 +00:00
Howard Chu
d27f458b37 ITS#6802 restart modules for fork() - from Rich Megginson @ Red Hat 2011-01-27 21:38:40 +00:00
Howard Chu
ba70ec8b2c ITS#6791 fix cert usage types/values - from Rich Megginson @ Red Hat 2011-01-27 21:34:35 +00:00
Howard Chu
5224536a8e ITS#6790 fix default cipher suites - from Rich Megginson @ Red Hat 2011-01-27 21:32:39 +00:00
Hallvard Furuseth
9eb5ecba15 ITS#5421 comment ldapoptions vs ldapoptions_prefix 2011-01-20 10:45:14 +00:00
Pierangelo Masarati
6d8e0d5b3e increment lconn_refcnt so connection does not get closed (ITS#6788) 2011-01-18 23:53:24 +00:00
Hallvard Furuseth
b9609cedf5 Catch ber errors in vc (Verify Credentials) 2011-01-17 13:15:27 +00:00
Hallvard Furuseth
8021cbd8f1 ITS#6738 Catch ber errors in libldap/ldap_sync.c. 
Also remove variable tag in ldap_sync_search_intermediate()
and reduce  ber_scanf("tm", &tag, foo)  to  tag=ber_scanf("m", foo).
 2011-01-17 12:20:56 +00:00
Hallvard Furuseth
dd640af54f Fix ITS#6672: Do not return LDAP_MUTEX_LOCK(). 
It has type void.
 2011-01-12 14:25:37 +00:00
Hallvard Furuseth
77f78f1d57 vc.c: ber_printf/flatten rc==LBER_ERROR -> rc<0 2011-01-12 14:23:07 +00:00
Howard Chu
6a544b7193 Silence stupid MUTEX_FIRSTCREATE warnings 2011-01-11 21:34:55 +00:00
Pierangelo Masarati
45205bdf70 don't leak reqdata 2011-01-08 12:51:43 +00:00
Kurt Zeilenga
be897b6679 Outline SASL interactive API (no meat) 2011-01-06 18:37:23 +00:00
Kurt Zeilenga
966cef8c9a Happy New Year 2011-01-05 00:42:37 +00:00
Kurt Zeilenga
390ba8c84e VC adjust controls tag 2011-01-04 16:01:07 +00:00
Pierangelo Masarati
e2440ccb00 fix previous commit 2011-01-04 01:02:12 +00:00
Pierangelo Masarati
fdafc6384e fix error handling/arg checking 2011-01-03 23:40:02 +00:00
Kurt Zeilenga
37dcb1d791 Remove authzid parameter from verify credential response. 
If client wants authzid, it can ask by adding an Authorization Identity
Request inner control.
 2011-01-03 22:05:23 +00:00
Kurt Zeilenga
7f4c7ebc1c Extend Verify Credentials encode/decode per -devel post. 
(ldapvc doesn't yet request/handle inner password policy control.
 2011-01-03 21:49:26 +00:00
Kurt Zeilenga
e6fd8bfbb0 Remove version from encoding 
(previously removed from SASL choices, but should be always absent)
 2011-01-03 19:21:03 +00:00
Howard Chu
8018924efd ITS#6741 support Bitstring in ldap_X509dn2bv() 2010-12-30 19:38:57 +00:00
Kurt Zeilenga
46f4813632 Remove dead code. 2010-12-30 17:46:26 +00:00
Pierangelo Masarati
f3dd90a553 s/0/O/ 2010-12-30 15:58:48 +00:00
Pierangelo Masarati
538b582cdc fix perror; removed extra sequence opening (is it needed; if yes, it must also be closed, see #if 0) 2010-12-30 15:51:25 +00:00
Pierangelo Masarati
7dfc54378c s/VCRequest/VCResponse/ 2010-12-30 14:12:26 +00:00
Howard Chu
f697a3ffed ITS#6742 from Rich Megginson @ Red Hat 2010-12-24 00:29:31 +00:00
Howard Chu
1bb648841b ITS#6453 cleanup on LDAP_TIMEOUT 2010-12-23 23:18:41 +00:00
Kurt Zeilenga
6119ad7294 Misc vc updates 2010-12-15 00:59:42 +00:00
Kurt Zeilenga
8a692a0034 Add comment regarding ASN.1 syntax 
rm version field
 2010-12-14 22:09:50 +00:00
Kurt Zeilenga
25aa65f693 cleanup 2010-12-14 21:14:31 +00:00
Kurt Zeilenga
d3b51f2614 LDAP "Verify Credentials" operation 
Client library implementation only
 2010-12-14 20:58:02 +00:00
Hallvard Furuseth
5feeec67d7 ITS#6747 Fix LDAP_CONNECTIONLESS Debug(), warnings 2010-12-14 15:06:32 +00:00
Howard Chu
439030a16d ITS#6714 non-blocking support from Richard Megginson @ Red Hat 2010-12-11 04:57:10 +00:00
Howard Chu
0215833bcd Cleanup prev commit 2010-12-11 04:51:21 +00:00
Howard Chu
a2053729f0 ITS#6744 - plug leak 2010-12-11 04:35:01 +00:00
Howard Chu
75bb972859 Partial fix for non-string types in cert DNs. (Need to add explicit support 
for Bitstring, maybe a few others.)
 2010-12-10 02:05:18 +00:00
Pierangelo Masarati
d5f101f836 typo in comment 2010-12-07 10:11:06 +00:00
Hallvard Furuseth
16b7df8397 ITS#6625 Remove some LDAP_R_COMPILEs 2010-12-06 11:31:58 +00:00
Hallvard Furuseth
5ecd624f50 Fix ITS#6625: mutex-protect ldap_free_connection() 2010-12-06 10:51:55 +00:00
Hallvard Furuseth
7cb9c496bf ITS#6625 concurrency patch cleanup 2010-12-06 10:41:41 +00:00
Pierangelo Masarati
603eec5758 remove #ifdef EAGAIN, EWOULDBLOCK (ITS#6603) 2010-11-24 14:47:46 +00:00
Hallvard Furuseth
7c29e2c7c5 ITS#6723: Handle EOF in test programs 2010-11-23 12:12:54 +00:00
Hallvard Furuseth
b75b769471 Fix cyrus.c rev 1.159 for --without-cyrus-sasl: 
It modified ldap_int_sasl_bind()'s prototype with but not without SASL.
 2010-11-19 12:32:05 +00:00
Howard Chu
1ed2d0a485 ITS#6706 from Rich Megginson @ Red Hat - improve diagnostic messages 2010-11-15 20:47:24 +00:00
Howard Chu
750f7f895b ITS#6705 from Rich Megginson @ Red Hat - only use .0 files in cacertdir 2010-11-15 20:45:47 +00:00
Howard Chu
4c31652ee8 ITS#6704 from Rich Megginson @ Red Hat - use both cacert and cacertdir 2010-11-15 20:44:32 +00:00
Howard Chu
208308d4dd ITS#6703 from Rich Megginson @ Red Hat - reject non-files for cert/key pem files 2010-11-15 20:43:53 +00:00
Howard Chu
f26b5b6692 ITS#6689 from Rich Megginson @ Red Hat 2010-10-29 10:30:30 +00:00
Howard Chu
0f30db1c46 ITS#6625 concurrency patch from Doug Leavitt @ Oracle .com 2010-10-22 21:45:48 +00:00
Howard Chu
abe4a5f83b ITS#6673 GnuTLS hangs if you tell it to shut the read direction. Just 
shut the write direction; it will all be irrelevant since the socket
will be closed immediately after.
 2010-10-16 12:11:11 +00:00
Howard Chu
845bf30c5b Fix prev commit 2010-10-15 13:53:12 +00:00
Howard Chu
f1a18f4e53 Cleanup prev commit 2010-10-14 03:11:26 +00:00
Howard Chu
120d2ce228 More for prev commit. What about ldap_pvt_sasl_getmechs() ? 2010-10-14 01:47:09 +00:00
Howard Chu
fca72f333b Add ldap_sasl_interactive_bind() 2010-10-14 01:29:32 +00:00
Howard Chu
0b660dc9f6 ITS#6672 mutex cleanup 2010-10-13 08:43:15 +00:00
Pierangelo Masarati
2b1b37cd4b do not use lutil_atoix() (ITS#6654) 2010-09-21 00:10:44 +00:00
Pierangelo Masarati
9d77d61314 don't use lud_host when NULL (ITS#6653, fixed differently) 2010-09-21 00:05:36 +00:00
Howard Chu
f32f1a45d4 ITS#6639 set sock err to EAGAIN on partial write 2010-09-12 10:09:45 +00:00
Pierangelo Masarati
4601107e4e fix format specifier (ITS#6644) 2010-09-09 16:05:26 +00:00
Pierangelo Masarati
6c6e187b98 do not alter ld_nextref_proc (ITS#6602) 2010-07-27 00:55:51 +00:00
Pierangelo Masarati
d27038f6b4 fix previous commit 2010-07-26 19:45:36 +00:00
Pierangelo Masarati
c2ab1778a0 check mutex ownership 2010-07-26 19:26:59 +00:00
Howard Chu
71f062afee ITS#6595 remove unneeded token init code. From Rich Megginson @ RedHat. 2010-07-21 22:57:01 +00:00
Howard Chu
e0cac8a048 ITS#6589 allow self-signed server certs, from Rich Megginson @ RedHat.com 2010-07-14 23:11:34 +00:00
Howard Chu
ce1e201343 add ifdefs for SASL_GSS_CREDS to accomodate ancient Cyrus SASL 2010-06-12 22:10:16 +00:00
Howard Chu
33bfd730a1 ITS#6569 return server's error code on Disconnect 2010-06-02 03:30:19 +00:00
Howard Chu
d3a1be4e3f ITS#6568 plug cldap memleaks 2010-06-02 03:10:39 +00:00
Howard Chu
2dd75cf206 Support option SASL_GSS_CREDS 2010-05-13 06:08:21 +00:00
Pierangelo Masarati
a94b978e9d (blind) fix off-by-one bug (ITS#6223; fixed differently) 2010-04-18 02:42:56 +00:00
Howard Chu
b8013e828c No longer used 2010-04-15 21:29:50 +00:00
Pierangelo Masarati
ee156cfd7a serial can be longer than ber_int_t (ITS#6460) 2010-04-14 20:26:24 +00:00
Kurt Zeilenga
3dadeb3efe happy belated New Year 2010-04-13 22:17:29 +00:00
Pierangelo Masarati
9331182a07 union of operation-specific data in LDIFRecord (ITS#6194, by Rich Megginson) 2010-04-13 07:37:59 +00:00
Howard Chu
68b292d869 Cleanup prev commit 2010-04-12 20:21:13 +00:00
Howard Chu
86c361cdb8 In tmp_rsa_cb, new API is in 0.9.8 inclusive, not exclusive 2010-04-12 03:21:05 +00:00
Howard Chu
1dbefa75be ITS#6432 updated MozNSS context and PEM support 2010-04-12 02:44:28 +00:00
Pierangelo Masarati
d033f680b5 (ITS#6194) Patch - Enhancement - provide LDIF support as libldif 2010-04-12 02:01:55 +00:00
Howard Chu
e5302c2431 ITS#6510 ignore referrals on Bind response 2010-04-09 18:30:29 +00:00
Kurt Zeilenga
abdb6c683f ldap_parse_result should always free result when freeit is true. 2010-03-26 14:05:47 +00:00
Kurt Zeilenga
f967ec3b4e Set res parameter to NULL upon ldap_search_ext_s entry. Likewise for friends. 
Note in manual that res parameter should be freed regardless of return value
of ldap_search_ext_s (or friends).
 2010-01-29 23:11:24 +00:00
Pierangelo Masarati
797387c4ef skip the serial, whatever its length (ITS#6460) 2010-01-24 19:16:57 +00:00
Howard Chu
127e504015 ITS#6405 in ldap_pvt_gettime, also check for microsecs going backward 2009-11-30 21:47:38 +00:00
Howard Chu
61be1d55d3 More for prev commit - only set if URL was provided. 
(should URL be mandatory?)
 2009-11-18 22:37:02 +00:00
Howard Chu
a248701ed2 ITS#6386 Must init conn->lconn_server 2009-11-18 22:23:14 +00:00
Pierangelo Masarati
a95b8cd488 honor -1 timeout (ITS#6388) 2009-11-18 14:57:52 +00:00
Howard Chu
b99fdb6506 ITS#6283 add missing env options 2009-11-15 21:48:49 +00:00
Howard Chu
9a65f35f2e partially revert prev commit 2009-11-06 02:20:40 +00:00
Howard Chu
86d9e86afd Minor cleanup in strval2str 2009-11-06 01:37:09 +00:00
Hallvard Furuseth
7b22b22202 ITS#6355: Fix uninitialiezed lso_tmp_rsa_cb() return value 2009-10-30 17:08:57 +00:00
Howard Chu
585940984c Fix prev commit, s/errno/err/g 2009-10-27 01:55:45 +00:00
Howard Chu
405c68abf9 For prev commit, check for EINTR/EAGAIN/EWOULDBLOCK 2009-10-26 23:52:55 +00:00
Howard Chu
a05d7015e0 ITS#6327, #6334 take ret=-1/EINTR into account 2009-10-26 23:36:39 +00:00
Howard Chu
30c55952d3 Cleanup prev commit 2009-10-26 19:19:20 +00:00
Howard Chu
1155f5ff20 ITS#6327 fix sb_sasl_generic_write retval for partial writes 2009-10-26 18:49:42 +00:00
Ralf Haferkamp
8fcdc29405 In case of certificate verification failures include failure reason 
into the error message (openssl only)
 2009-09-30 16:25:23 +00:00
Howard Chu
e0431681ad On OpenSSL 0.9.8 and newer, use RSA_generate_key_ex since 
RSA_generate_key is deprecated
 2009-09-25 23:31:24 +00:00
Pierangelo Masarati
4b4db7b529 keep compatibility with slapd's gmtime_mutex (ITS#6262) 2009-09-08 23:21:21 +00:00
Howard Chu
2ba0e44ad1 ITS#6278 PEM support for MozNSS from rmeggins@redhat.com, with header cleanups 2009-08-29 03:41:53 +00:00
Pierangelo Masarati
ba2bddafbd copy username, much like other string-valued options (more about ITS#6257) 2009-08-19 21:46:07 +00:00
Pierangelo Masarati
a846dad6fb cleanup previous commit 2009-08-19 13:10:30 +00:00
Pierangelo Masarati
9abaf38d1f silence warnings 2009-08-19 12:23:27 +00:00
Pierangelo Masarati
8776630509 address signedness issue 2009-08-19 12:06:04 +00:00
Hallvard Furuseth
f0d775609b More ITS#6262: Also define ldap_pvt_gmtime_[un]lock if localtime_r is missing 2009-08-19 10:10:31 +00:00
Pierangelo Masarati
637182b8f4 fix previous commit 2009-08-19 00:12:39 +00:00
Pierangelo Masarati
f3cdcadf89 wrap gmtime for reentrancy (ITS#6262) 2009-08-18 23:48:15 +00:00
Pierangelo Masarati
5c916588b8 fix previous commit 2009-08-18 19:09:12 +00:00
Pierangelo Masarati
98a8b74d53 expose SASL_USERNAME when it makes sense (EXTERN needs work, much like SASL_SSL) (ITS#6257) 2009-08-18 18:47:56 +00:00
Howard Chu
b87553684a More for prev commit 2009-08-14 20:02:08 +00:00
Howard Chu
9b764c3f9e Fix prev commit again, IPPROTO_TCP is the documented correct approach 2009-08-13 21:35:38 +00:00
Howard Chu
f5bad5673b Fix prev commit, it was not Linux-only as it claimed to be. 2009-08-13 20:55:04 +00:00
Hallvard Furuseth
791035d93f Fix last commit: cast strcasecmp unsigned char* to char* 2009-08-07 21:46:25 +00:00
Howard Chu
e229b7c398 In session_chkhost get the last CN, not the first. 2009-08-07 11:59:42 +00:00
Howard Chu
d479db53e0 Minor cleanup 2009-07-31 03:26:03 +00:00
Howard Chu
403ee0b62e Fix, reqcert == ALLOW should ignore cert verification failures 2009-07-31 01:51:34 +00:00
Howard Chu
3f2101198b ITS#6239 use our own hostname checking for MozNSS 2009-07-31 01:32:51 +00:00
Howard Chu
d4f2a06887 Check for CN length match as well in chkhost 2009-07-30 21:52:09 +00:00
Howard Chu
91dc4501d4 Add VLV Error 2009-07-13 13:13:38 +00:00
Hallvard Furuseth
bbe015f65b ITS#6197 - normalize & speed up ldap_err2string/ldap_perror(): 
Use same result code -> string mapping for both, removing ldap_int_error():
- Classify unknown error codes as API/extension/etc like _err2string did.
- Pass all strings through _(), i.e. the optional gettext, as _perror did.

Also use a switch instead of linear search for the code->string mapping.
Hopefully the compiler will optimize that.  Though the extra gettext,
if anyone uses it, probably counters that speedup.
 2009-07-07 20:05:09 +00:00
Howard Chu
8680c13c5f Cleanup ciphernum 2009-07-03 02:06:24 +00:00
Howard Chu
d95bc8d2d8 Acknowledge richm 2009-07-02 23:19:44 +00:00
Howard Chu
4b8485c47a ITS#5696 Additional MozNSS support from rmeggins@redhat.com 2009-07-02 23:10:23 +00:00
Howard Chu
de91bde800 ITS#6192 add all digests. Also stop using SSLeay-compatible function 
names, we're only concerned with OpenSSL these days.
 2009-07-01 23:46:36 +00:00
Hallvard Furuseth
13cbd433bd Cast getpeername() arg from struct sockaddr_un* to struct sockaddr* 2009-06-11 16:21:52 +00:00
Ralf Haferkamp
5725d5d6e9 Introduce options to configure tcp-keepalive settings per connection. These 
settings only work on Linux and are ignore when not supported (see
discussion on -devel)
 2009-05-06 13:14:36 +00:00