This project is mirrored from https://git.openldap.org/openldap/openldap.git. Pull mirroring updated .
  1. 31 Aug, 2011 1 commit
    • Howard Chu's avatar
      For test063 · 8d74f717
      Howard Chu authored
      add hex timestamp to lutil_debug() output
      Fix LASTMOD race condition in accesslog.c
      Set refreshInterval even if using refreshAndPersist, since
      fallbacks will use refresh params
      8d74f717
  2. 27 Aug, 2011 1 commit
  3. 26 Aug, 2011 3 commits
  4. 25 Aug, 2011 1 commit
  5. 24 Aug, 2011 8 commits
  6. 23 Aug, 2011 1 commit
  7. 22 Aug, 2011 6 commits
  8. 21 Aug, 2011 2 commits
  9. 18 Aug, 2011 1 commit
  10. 17 Aug, 2011 2 commits
  11. 16 Aug, 2011 2 commits
  12. 15 Aug, 2011 1 commit
  13. 13 Aug, 2011 1 commit
  14. 11 Aug, 2011 3 commits
  15. 10 Aug, 2011 3 commits
  16. 29 Jul, 2011 1 commit
  17. 28 Jul, 2011 3 commits
    • Rich Megginson's avatar
      ITS#7002 MozNSS: fix VerifyCert allow/try behavior · 210b156e
      Rich Megginson authored and Howard Chu's avatar Howard Chu committed
      If the olcTLSVerifyClient is set to a value other than "never", the server
      should request that the client send a client certificate for possible use
      with client cert auth (e.g. SASL/EXTERNAL).
      If set to "allow", if the client sends a cert, and there are problems with
      it, the server will warn about problems, but will allow the SSL session to
      proceed without a client cert.
      If set to "try", if the client sends a cert, and there are problems with
      it, the server will warn about those problems, and shutdown the SSL session.
      If set to "demand" or "hard", the client must send a cert, and the server
      will shutdown the SSL session if there are problems.
      I added a new member of the tlsm context structure - tc_warn_only - if this
      is set, tlsm_verify_cert will only warn about errors, and only if TRACE
      level debug is set.  This allows the server to warn but allow bad certs
      if "allow" is set, and warn and fail if "try" is set.
      210b156e
    • Rich Megginson's avatar
      ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key · fb4b4f74
      Rich Megginson authored and Howard Chu's avatar Howard Chu committed
      If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
      to verify them, it will leave them allocated for the caller to dispose of.
      There were a couple of places that were not disposing of the cert and key
      upon error.
      fb4b4f74
    • Howard Chu's avatar
      ITS#7000 fix bad patch in ITS#6472 · ff7acea2
      Howard Chu authored
      ff7acea2