Commit e536c3ad authored by Kurt Zeilenga's avatar Kurt Zeilenga
Browse files

From HEAD:

+       Fixed libldap disable DH key exchange with DH params (ITS#4354)
+       Fixed libldap_r pool destroy hang (ITS#4349)
+       Fixed slapd(8) solaris select(2) issue (ITS#4357)
parent 2a5d79cb
OpenLDAP 2.3 Change Log
OpenLDAP 2.3.19 Engineering
Fixed slaptools when --disable-debug (ITS#4351)
Fixed libldap disable DH key exchange with DH params (ITS#4354)
Fixed libldap_r pool destroy hang (ITS#4349)
Build environment
Fixed slaptools when --disable-debug (ITS#4351)
Fixed slapd(8) solaris select(2) issue (ITS#4357)
OpenLDAP 2.3.18 Release
Fixed slapd syncrepl variable used before set bug (ITS#4331)
......
......@@ -945,7 +945,11 @@ it is of critical importance that it is protected carefully.
This directive specifies the file that contains parameters for Diffie-Hellman
ephemeral key exchange. This is required in order to use a DSA certificate on
the server. If multiple sets of parameters are present in the file, all of
them will be processed.
them will be processed. Note that setting this option may also enable
Anonymous Diffie-Hellman key exchanges in certain non-default cipher suites.
You should append "!ADH" to your cipher suites if you have changed them
from the default, otherwise no certificate exchanges or verification will
be done.
.TP
.B TLSRandFile <filename>
Specifies the file to obtain random bits from when /dev/[u]random
......
......@@ -382,7 +382,9 @@ ldap_pvt_tls_init_def_ctx( int is_server )
tls_opt_require_cert == LDAP_OPT_X_TLS_ALLOW ?
tls_verify_ok : tls_verify_cb );
SSL_CTX_set_tmp_rsa_callback( tls_def_ctx, tls_tmp_rsa_cb );
SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb );
if ( tls_opt_dhfile ) {
SSL_CTX_set_tmp_dh_callback( tls_def_ctx, tls_tmp_dh_cb );
}
#ifdef HAVE_OPENSSL_CRL
if ( tls_opt_crlcheck ) {
X509_STORE *x509_s = SSL_CTX_get_cert_store( tls_def_ctx );
......
......@@ -378,8 +378,10 @@ ldap_pvt_thread_pool_destroy ( ldap_pvt_thread_pool_t *tpool, int run_pending )
? LDAP_INT_THREAD_POOL_FINISHING
: LDAP_INT_THREAD_POOL_STOPPING;
ldap_pvt_thread_cond_broadcast(&pool->ltp_cond);
ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
if ( pool->ltp_open_count ) {
ldap_pvt_thread_cond_broadcast(&pool->ltp_cond);
ldap_pvt_thread_cond_wait(&pool->ltp_cond, &pool->ltp_mutex);
}
while ((ctx = LDAP_STAILQ_FIRST(&pool->ltp_pending_list)) != NULL)
{
......
......@@ -1857,21 +1857,17 @@ slapd_daemon_task(
case -1: { /* failure - try again */
int err = sock_errno();
if( err == EBADF
#ifdef WSAENOTSOCK
/* you'd think this would be EBADF */
|| err == WSAENOTSOCK
#endif
) {
if (++ebadf < SLAPD_EBADF_LIMIT)
continue;
}
if( err != EINTR ) {
Debug( LDAP_DEBUG_ANY,
"daemon: select failed (%d): %s\n",
err, sock_errstr(err), 0 );
slapd_shutdown = 2;
ebadf++;
/* Don't log unless we got it twice in a row */
if ( !( ebadf & 1 )) {
Debug( LDAP_DEBUG_ANY,
"daemon: select failed count %d err (%d): %s\n",
ebadf, err, sock_errstr(err) );
}
if ( ebadf >= SLAPD_EBADF_LIMIT )
slapd_shutdown = 2;
}
}
continue;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment