Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

add hex timestamp to lutil_debug() output
Fix LASTMOD race condition in accesslog.c
Set refreshInterval even if using refreshAndPersist, since
fallbacks will use refresh params

Rich Megginson authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

OpenLDAP built with OpenSSL allows most any value of cacertdir - directory
is a file, directory does not contain any CA certs, directory does not
exist - users expect if they specify TLS_REQCERT=never, no matter what
the TLS_CACERTDIR setting is, TLS/SSL will just work.
TLS_CACERT, on the other hand, is a hard error.  Even if TLS_REQCERT=never,
if TLS_CACERT is specified and is not a valid CA cert file, TLS/SSL will
fail.  This patch makes CACERT errors hard errors, and makes CACERTDIR
errors "soft" errors.  The code checks CACERT first and, even though
the function will return an error, checks CACERTDIR anyway so that if the
user sets TRACE mode they will get CACERTDIR processing messages.

Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

to return the name of the underlying TLS implementation

Hallvard Furuseth authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

Mostly found by Klocwork: Issues #213,298-300,331,342-343,374,390,410.

Hallvard Furuseth authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

Klocwork issue#111, ldap_get_option().

Hallvard Furuseth authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

Klocwork issue#117, ldap_connect_to_path().

Hallvard Furuseth authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

lutil_get_filed_password() bug; klocwork issue#203.

Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago

compound statements need brackets, duh.
(cherry picked from commit 9b463b59)