A ref change was pushed to the OpenLDAP (openldap.git) repository.
It will be available in the public mirror shortly.
The branch, OPENLDAP_REL_ENG_2_4 has been updated
via 423147307eaf98e71d9a7a4f70afe448c863998c (commit)
via 42af02e8088a23675b2324ddb9b33144f2d9f491 (commit)
via 229aa3f4400fba964d0a11d3849965120b9ef764 (commit)
via e5cc533c013b41e90f01d58ab28f4495291a8baf (commit)
via b485adcd757b19acdec11328a3c51a68e800b4cf (commit)
via b85f9aa43691a6beb7af6c3171e88bfe9f982a44 (commit)
via 99278733647a56e49a78f39055430b2cd676d00d (commit)
via 9dd567dfb32c350dcbc2c3f4f70a7407f65d5633 (commit)
via 8aee88ed603aa27e05292a86401ee2bb77f0126e (commit)
via 77d3df16cc1859feadf92081c25bc3c58f9a55ee (commit)
via 859df1ba669029aa428a4cd80bdf0bb4c1adfcf2 (commit)
via 6c6fc33c8d8e394570930de83840870b268adb7f (commit)
via 44f8baca76517c017c366bd0ef2cdfea58d6e0c1 (commit)
via 7c1afdabbb3ee24f78b341cf6f240410b3e403df (commit)
via 122e3a506e8908fff12b8f8c4ff11433047f51df (commit)
via 3e49c45d30ba7c86afcbe0f1be73dc712b64a4fb (commit)
via a3db8bded703a033635c49b02ea08f27552a1c3f (commit)
via a70487599255ba1323c8737397854f17453b4122 (commit)
via 5f002e65cb5acb6e5910ae0269dcf1f4696f9eb3 (commit)
via 06ebd8dd402d83428311bcc7f6c0871407858c2d (commit)
via 0cfa7d4c0653fb2d461cb6445027ebbf9f8468bf (commit)
via 190e0e3abf80233701e0d826a136b517612e926a (commit)
via 5dc9531b5434c808b9dc20fadfdaf8f765debaa3 (commit)
via 734ba5e12fef421a3b5287e2711e6f202804f1be (commit)
via 2864c9c31635a858effd91326a5ab4b07cb9405a (commit)
from b0f28f316a23dbda7b3aa65fedece532a0f58529 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 423147307eaf98e71d9a7a4f70afe448c863998c
Author: Howard Chu <h...@openldap.org>
Date: Thu Aug 18 01:52:52 2011 -0700
For #6982 fix a66fb16
commit 42af02e8088a23675b2324ddb9b33144f2d9f491
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:58:19 2011 -0700
ITS#7017
commit 229aa3f4400fba964d0a11d3849965120b9ef764
Author: Pierangelo Masarati <a...@openldap.org>
Date: Wed Aug 17 12:56:55 2011 -0600
fix TTL tolerance (ITS#7017, patch by jvce...@redhat.com)
commit e5cc533c013b41e90f01d58ab28f4495291a8baf
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:57:21 2011 -0700
ITS#7016
commit b485adcd757b19acdec11328a3c51a68e800b4cf
Author: Pierangelo Masarati <a...@openldap.org>
Date: Tue Aug 16 22:17:43 2011 -0600
make sure frontend gets the {-1} (ITS#7016)
commit b85f9aa43691a6beb7af6c3171e88bfe9f982a44
Author: Howard Chu <h...@openldap.org>
Date: Tue Aug 16 13:51:10 2011 -0700
hack for #6982 - keep o_abandon set in op_free
commit 99278733647a56e49a78f39055430b2cd676d00d
Author: Howard Chu <h...@openldap.org>
Date: Tue Aug 16 13:49:27 2011 -0700
Revert "More for ITS#6892"
This reverts commit 3cb2ca8bbd1ec8da8f27a608deefc7a2d45aa538.
Patch has no benefit
commit 9dd567dfb32c350dcbc2c3f4f70a7407f65d5633
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:52:12 2011 -0700
ITS#6892 again
commit 8aee88ed603aa27e05292a86401ee2bb77f0126e
Author: Howard Chu <h...@openldap.org>
Date: Mon Aug 15 15:40:46 2011 -0700
More for ITS#6892
commit 77d3df16cc1859feadf92081c25bc3c58f9a55ee
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:50:32 2011 -0700
ITS#7018
commit 859df1ba669029aa428a4cd80bdf0bb4c1adfcf2
Author: Pierangelo Masarati <a...@openldap.org>
Date: Sat Aug 13 23:33:19 2011 +0200
host part of unique URI must be empty (ITS#7018)
commit 6c6fc33c8d8e394570930de83840870b268adb7f
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:48:57 2011 -0700
ITS#7015
commit 44f8baca76517c017c366bd0ef2cdfea58d6e0c1
Author: Pierangelo Masarati <a...@openldap.org>
Date: Thu Aug 11 17:33:08 2011 +0200
cleanup slapd.ldif; install it (ITS#7015)
commit 7c1afdabbb3ee24f78b341cf6f240410b3e403df
Author: Pierangelo Masarati <a...@openldap.org>
Date: Thu Aug 11 17:02:25 2011 +0200
typo in comment
commit 122e3a506e8908fff12b8f8c4ff11433047f51df
Author: Pierangelo Masarati <a...@openldap.org>
Date: Thu Aug 11 12:16:01 2011 +0200
use ldap_search_ext(timelimit) instead of
ldap_set_option(LDAP_OPT_TIMELIMIT) (related to ITS#7009)
commit 3e49c45d30ba7c86afcbe0f1be73dc712b64a4fb
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:46:29 2011 -0700
ITS#7009
commit a3db8bded703a033635c49b02ea08f27552a1c3f
Author: Pierangelo Masarati <a...@openldap.org>
Date: Wed Aug 10 22:39:16 2011 +0200
honor TIMEOUT when appropriate (ITS#7009); also honor timelimit (was broken)
commit a70487599255ba1323c8737397854f17453b4122
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:45:20 2011 -0700
ITS#7012
commit 5f002e65cb5acb6e5910ae0269dcf1f4696f9eb3
Author: Pierangelo Masarati <a...@openldap.org>
Date: Wed Aug 10 20:22:33 2011 +0200
make sure 2-arg statements have exactly 2 args (related to ITS#7012)
commit 06ebd8dd402d83428311bcc7f6c0871407858c2d
Author: Pierangelo Masarati <a...@openldap.org>
Date: Wed Aug 10 19:40:20 2011 +0200
TLS config statements always need an argument (related to ITS#7012)
commit 0cfa7d4c0653fb2d461cb6445027ebbf9f8468bf
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:42:53 2011 -0700
ITS#6999
commit 190e0e3abf80233701e0d826a136b517612e926a
Author: Howard Chu <h...@openldap.org>
Date: Fri Jul 29 13:05:45 2011 -0700
ITS#6999 fix syncrepl timeout in refreshAndPersist
commit 5dc9531b5434c808b9dc20fadfdaf8f765debaa3
Author: Quanah Gibson-Mount <qua...@openldap.org>
Date: Wed Oct 5 16:41:45 2011 -0700
ITS#7001
ITS#7002
commit 734ba5e12fef421a3b5287e2711e6f202804f1be
Author: Rich Megginson <rmegg...@redhat.com>
Date: Thu Jul 28 14:08:37 2011 -0700
ITS#7002 MozNSS: fix VerifyCert allow/try behavior
If the olcTLSVerifyClient is set to a value other than "never", the server
should request that the client send a client certificate for possible use
with client cert auth (e.g. SASL/EXTERNAL).
If set to "allow", if the client sends a cert, and there are problems with
it, the server will warn about problems, but will allow the SSL session to
proceed without a client cert.
If set to "try", if the client sends a cert, and there are problems with
it, the server will warn about those problems, and shutdown the SSL session.
If set to "demand" or "hard", the client must send a cert, and the server
will shutdown the SSL session if there are problems.
I added a new member of the tlsm context structure - tc_warn_only - if this
is set, tlsm_verify_cert will only warn about errors, and only if TRACE
level debug is set. This allows the server to warn but allow bad certs
if "allow" is set, and warn and fail if "try" is set.
commit 2864c9c31635a858effd91326a5ab4b07cb9405a
Author: Rich Megginson <rmegg...@redhat.com>
Date: Mon Jul 25 20:27:59 2011 -0600
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails
to verify them, it will leave them allocated for the caller to dispose of.
There were a couple of places that were not disposing of the cert and key
upon error.
-----------------------------------------------------------------------
Summary of changes:
CHANGES | 10 +++++
clients/tools/ldapsearch.c | 41 +++++++++++---------
libraries/libldap/tls_m.c | 78 ++++++++++++++++++++++++++++++++------
servers/slapd/Makefile.in | 12 ++++++
servers/slapd/bconfig.c | 38 +++++++++++++-----
servers/slapd/config.c | 11 +++++
servers/slapd/operation.c | 18 ++++++---
servers/slapd/overlays/dds.c | 2 +-
servers/slapd/overlays/unique.c | 8 ++++
servers/slapd/slap.h | 4 +-
servers/slapd/slapd.ldif | 14 +++---
servers/slapd/syncrepl.c | 5 ++-
12 files changed, 181 insertions(+), 60 deletions(-)
---
http://www.openldap.org/devel/gitweb.cgi?p=openldap.git
