upstream/openldap
1
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2026-01-02 04:59:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
19705 commits 38 branches 309 tags 68 MiB
Commit graph

19705 commits

This branch
This branch
All branches
Author SHA1 Message Date
Howard Chu
fdb3443366 More abandon paranoia 2011-08-24 14:57:36 -07:00
Howard Chu
5829eb44a1 ITS#7025 handle Abandon in backglue 2011-08-23 13:48:59 -07:00
Howard Chu
4f5d087b4f Don't replicate refint repair ops 2011-08-22 14:05:58 -07:00
Pierangelo Masarati
415b8ec84b release mutex only *after* backend connection initialization (ITS#6993) 2011-08-22 11:23:54 -06:00
Pierangelo Masarati
58255ab250 further cleanup of ldapsearch response 2011-08-22 11:19:30 -06:00
Pierangelo Masarati
71eda709c6 referral is a legitimate result 2011-08-22 11:19:30 -06:00
Pierangelo Masarati
72e8a15068 make sure size limits are passed to ldapsearch 2011-08-22 11:19:30 -06:00
Pierangelo Masarati
15987caa11 error messages from ldapsearch changed 2011-08-22 08:43:57 -06:00
Pierangelo Masarati
3e504bcbbf add notes about pwdAllowUserChange (more about ITS#7021) 2011-08-20 19:03:15 -06:00
Pierangelo Masarati
bdbdae3e5f according to draft-behera, this attribute only affects password modifies by self (ITS#7021) 2011-08-20 18:52:54 -06:00
Howard Chu
433812db38 For #6982 fix a66fb16 2011-08-18 01:52:52 -07:00
Pierangelo Masarati
17cfffdd29 fix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com) 2011-08-17 12:57:56 -06:00
Pierangelo Masarati
fb83bf08bc make sure frontend gets the {-1} (ITS#7016) 2011-08-16 22:18:23 -06:00
Howard Chu
a66fb1630c hack for #6982 - keep o_abandon set in op_free 2011-08-16 13:51:10 -07:00
Howard Chu
20a8da0b7c Revert "More for ITS#6892" 
This reverts commit 3cb2ca8bbd.
Patch has no benefit
 2011-08-16 13:49:27 -07:00
Howard Chu
3cb2ca8bbd More for ITS#6892 2011-08-15 15:40:46 -07:00
Pierangelo Masarati
0d0d64518f host part of unique URI must be empty (ITS#7018) 2011-08-13 23:34:31 +02:00
Pierangelo Masarati
8c2fc29786 cleanup slapd.ldif; install it (ITS#7015) 2011-08-11 17:34:29 +02:00
Pierangelo Masarati
f0810d6535 typo in comment 2011-08-11 17:09:36 +02:00
Pierangelo Masarati
d75803ed3f use ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009) 2011-08-11 12:16:01 +02:00
Pierangelo Masarati
e080ba6e9d honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken) 2011-08-10 22:40:49 +02:00
Pierangelo Masarati
6b74e9002b make sure 2-arg statements have exactly 2 args (related to ITS#7012) 2011-08-10 20:26:59 +02:00
Pierangelo Masarati
55c70629aa TLS config statements always need an argument (related to ITS#7012) 2011-08-10 20:26:59 +02:00
Howard Chu
a31a8ed20e ITS#6999 fix syncrepl timeout in refreshAndPersist 2011-07-29 13:05:45 -07:00
Rich Megginson
210b156ece ITS#7002 MozNSS: fix VerifyCert allow/try behavior 
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set.  This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
 2011-07-28 14:09:55 -07:00
Rich Megginson
fb4b4f7445 ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key 
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
 2011-07-28 14:00:15 -07:00
Howard Chu
ff7acea2d2 ITS#7000 fix bad patch in ITS#6472 2011-07-28 13:52:47 -07:00
Howard Chu
890d4c6216 ITS#7003 fix typo 2011-07-28 13:48:08 -07:00
Jan Vcelak
e8ac17e17c ITS#6998 MozNSS: when cert not required, ignore issuer expiration 
When server certificate is not required in a TLS session (e.g.
TLS_REQCERT is set to 'never'), ignore expired issuer certificate error
and do not terminate the connection.
 2011-07-21 11:59:06 -07:00
Howard Chu
8eecc9a017 Only return requested attrs in sssvlv response 2011-07-18 12:53:23 -07:00
Howard Chu
db106f89e6 ITS#6985 fix sssvlv target offset, ordering match 2011-07-18 12:41:51 -07:00
Pierangelo Masarati
c86677ef41 blind fix build on solaris native compilers (ITS#6992) 2011-07-08 08:48:59 +02:00
Pierangelo Masarati
c0b669e14f fix config emit (ITS#6986) 2011-07-07 08:16:23 +02:00
Howard Chu
c02e681121 ITS#6982 fix md5 memset invocation 2011-07-01 22:55:06 -07:00
Pierangelo Masarati
8df4c357be authTimestamp should be manageable (ITS#6873) 2011-06-30 21:55:28 +02:00
Pierangelo Masarati
92f4a3b2a7 response tag is [1] according to RFC 2589 (ITS#6886) 2011-06-30 21:24:12 +02:00
Rich Megginson
d944920fd3 ITS#6980 free the result of SSL_PeerCertificate 
In tlsm_auth_cert_handler, we get the peer's cert from the socket using
SSL_PeerCertificate.  This value is allocated and/or cached.  We must
destroy it using CERT_DestroyCertificate.
 2011-06-29 16:56:26 -07:00
Howard Chu
7ee3dee647 ITS#6828 set ld_errno on connect failures 2011-06-27 18:43:31 -07:00
Rein Tollevik
ffa8eca405 Merge branch 'master' of ssh://git-master.openldap.org/~git/git/openldap 2011-06-27 14:21:35 +02:00
Rein Tollevik
62861cae0e ITS#6716 Extend test where consumer/provider holds CSNs with differing SIDs. 2011-06-27 14:17:39 +02:00
Howard Chu
230f433ec7 ITS#6872 re-enable test058 2011-06-27 04:48:25 -07:00
Howard Chu
ebf07016ef ITS#6872 fix test058 breakage from prev patch 2011-06-27 04:46:43 -07:00
Howard Chu
052ac2f64a ITS#6828 silence warning in prev commit 2011-06-24 18:03:11 -07:00
Howard Chu
d76be4828c ITS#6977 fix verbose check in client tools 2011-06-23 17:10:37 -07:00
Howard Chu
d0973003f7 ITS#6978 bail out on invalid input 2011-06-23 13:17:08 -07:00
Howard Chu
b1f26a8b17 Fix NO_THREADS typo 2011-06-22 20:03:24 -07:00
Quanah Gibson-Mount
15ae0134ee Disable test058 until it someone can track down what's wrong with it 2011-06-22 15:16:08 -07:00
Howard Chu
b0fcec8d65 ITS#6716 Use sorted CSNs in syncrepl too 2011-06-22 00:32:00 -07:00
Howard Chu
6da3e3473c ITS#6716 use sorted CSNs, fix sessionlog 
track a CSN per SID in the log->sl_mincsn
 2011-06-22 00:30:13 -07:00
Howard Chu
249422aa28 ITS#6716 Keep CSN lists sorted by SID 2011-06-21 22:35:14 -07:00