Commits · e5d6c331d7bc02d1104dd33498de5a14c4798e6f · James Lowden / OpenLDAP

Oct 28, 2011
- ITS#7028 man: ldap_sync(3) ldap_sync_destroy type · e5d6c331
  Jan Vcelak authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  e5d6c331
- ITS#7028 man: slapo-unique(5) quoting keywords · a46a9346
  Jan Vcelak authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  a46a9346
- ITS#7023 document TLSCACertificateFile in the man page as it is in the Admin Guide · a5e31932
  Francis Swasey authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  a5e31932
- ITS#7022 cleanup prev commit · bfaa79f4
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  bfaa79f4
- ITS#7022 NSS_Init* functions are not thread safe · 9e68ff52
  Rich Megginson authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  The NSS_InitContext et. al, and their corresponding shutdown functions, are not thread safe. There can only be one thread at a time calling these functions. Protect the calls with a mutex. Create the mutex using a PR_CallOnce to ensure that the mutex is only created once and not used before created. Move the registration of the nss shutdown callback to also use a PR_CallOnce. Removed the call to SSL_ClearSessionCache() because it is always called at shutdown, and we must not call it more than once.
  9e68ff52
- ITS#7014 TLS: don't check hostname if reqcert is 'allow' · 09c5f495
  Jan Vcelak authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  If server certificate hostname does not match the server hostname, connection is closed even if client has set TLS_REQCERT to 'allow'. This is wrong - the documentation says, that bad certificates are being ignored when TLS_REQCERT is set to 'allow'.
  09c5f495
- More abandon paranoia · 0836855e
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  0836855e
Oct 06, 2011
- Don't replicate refint repair ops · 291fcdc6
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  291fcdc6
- error messages from ldapsearch changed · 720ecb1e
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  720ecb1e
- further cleanup of ldapsearch response · f83f79bf
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  f83f79bf
- referral is a legitimate result · df19d018
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  df19d018
- make sure size limits are passed to ldapsearch · 6169e8e0
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  6169e8e0
- ITS#7021 · 8860bb0e
  Quanah Gibson-Mount authored 13 years ago
  
  8860bb0e
- add notes about pwdAllowUserChange (more about ITS#7021) · 22f14d88
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  22f14d88
- according to draft-behera, this attribute only affects password modifies by self (ITS#7021) · b6ec428a
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  b6ec428a
Oct 05, 2011
- For #6982 fix a66fb163 · 42314730
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  42314730
- ITS#7017 · 42af02e8
  Quanah Gibson-Mount authored 13 years ago
  
  42af02e8
- fix TTL tolerance (ITS#7017, patch by jvcelak@redhat.com) · 229aa3f4
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  229aa3f4
- ITS#7016 · e5cc533c
  Quanah Gibson-Mount authored 13 years ago
  
  e5cc533c
- make sure frontend gets the {-1} (ITS#7016) · b485adcd
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  b485adcd
- hack for #6982 - keep o_abandon set in op_free · b85f9aa4
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  b85f9aa4
- Revert "More for ITS#6892" · 99278733
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  This reverts commit 3cb2ca8b. Patch has no benefit
  99278733
- ITS#6892 again · 9dd567df
  Quanah Gibson-Mount authored 13 years ago
  
  9dd567df
- More for ITS#6892 · 8aee88ed
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  8aee88ed
- ITS#7018 · 77d3df16
  Quanah Gibson-Mount authored 13 years ago
  
  77d3df16
- host part of unique URI must be empty (ITS#7018) · 859df1ba
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  859df1ba
- ITS#7015 · 6c6fc33c
  Quanah Gibson-Mount authored 13 years ago
  
  6c6fc33c
- cleanup slapd.ldif; install it (ITS#7015) · 44f8baca
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  44f8baca
- typo in comment · 7c1afdab
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  7c1afdab
- use ldap_search_ext(timelimit) instead of ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009) · 122e3a50
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  122e3a50
- ITS #7009 · 3e49c45d
  Quanah Gibson-Mount authored 13 years ago
  
  3e49c45d
- honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken) · a3db8bde
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  a3db8bde
- ITS#7012 · a7048759
  Quanah Gibson-Mount authored 13 years ago
  
  a7048759
- make sure 2-arg statements have exactly 2 args (related to ITS#7012) · 5f002e65
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  5f002e65
- TLS config statements always need an argument (related to ITS#7012) · 06ebd8dd
  Pierangelo Masarati authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  06ebd8dd
- ITS#6999 · 0cfa7d4c
  Quanah Gibson-Mount authored 13 years ago
  
  0cfa7d4c
- ITS#6999 fix syncrepl timeout in refreshAndPersist · 190e0e3a
  Howard Chu authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  190e0e3a
- ITS#7001 · 5dc9531b
  Quanah Gibson-Mount authored 13 years ago
  
  ITS#7002
  5dc9531b
- ITS#7002 MozNSS: fix VerifyCert allow/try behavior · 734ba5e1
  Rich Megginson authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  If the olcTLSVerifyClient is set to a value other than "never", the server should request that the client send a client certificate for possible use with client cert auth (e.g. SASL/EXTERNAL). If set to "allow", if the client sends a cert, and there are problems with it, the server will warn about problems, but will allow the SSL session to proceed without a client cert. If set to "try", if the client sends a cert, and there are problems with it, the server will warn about those problems, and shutdown the SSL session. If set to "demand" or "hard", the client must send a cert, and the server will shutdown the SSL session if there are problems. I added a new member of the tlsm context structure - tc_warn_only - if this is set, tlsm_verify_cert will only warn about errors, and only if TRACE level debug is set. This allows the server to warn but allow bad certs if "allow" is set, and warn and fail if "try" is set.
  734ba5e1
- ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key · 2864c9c3
  Rich Megginson authored 13 years ago and Quanah Gibson-Mount committed 13 years ago
  
  If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails to verify them, it will leave them allocated for the caller to dispose of. There were a couple of places that were not disposing of the cert and key upon error.
  2864c9c3