[Git][openldap/openldap][OPENLDAP_REL_ENG_2_5] 13 commits: ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure
Quanah Gibson-Mount pushed to branch OPENLDAP_REL_ENG_2_5 at openldap / OpenLDAP
Commits: 248d7402 by Howard Chu at 2024-06-28T16:50:47+00:00 ITS#10223 libldap: check for OpenSSL SSL_CTX_set_ciphersuites failure
- - - - - 07dc2133 by Quanah Gibson-Mount at 2024-06-28T16:52:07+00:00 ITS#10223
- - - - - bee6e76c by Howard Chu at 2024-06-28T16:52:18+00:00 ITS#10224 libldap: check for OpenSSL EVP_Digest* failure
- - - - - 979eed81 by Quanah Gibson-Mount at 2024-06-28T16:52:36+00:00 ITS#10224
- - - - - 08a78a02 by François Kooman at 2024-06-28T16:52:53+00:00 ITS#9827 update Argon2 defaults
- switch to argon2id by default (from argon2i) - use OWASP recommended parameters as defaults
This only affects builds that use libargon2, e.g. Debian, and not builds that use libsodium as argon2id is already the default there, and better parameters are used
References: https://bugs.openldap.org/show_bug.cgi?id=9827 Signed-off-by: François Kooman <fkooman@tuxed.net>
- - - - - 412d897c by Quanah Gibson-Mount at 2024-06-28T16:53:05+00:00 ITS#9827 - Use 7MB memory/5 iterations as default
This has the same protections as 19MB/2 iterations, but requires less system memory
- - - - - a85ed561 by Quanah Gibson-Mount at 2024-06-28T16:53:20+00:00 ITS#9827
- - - - - 230bd39c by Nadezhda Ivanova at 2024-06-28T16:58:05+00:00 ITS#10219 Modify of olcDisabled by removing and adding a value invokes db_open twice
Do not invoke db_open if the database is not actually disabled
- - - - - 910c2be2 by Quanah Gibson-Mount at 2024-06-28T16:58:36+00:00 ITS#10219
- - - - - 5baa8723 by Nadezhda Ivanova at 2024-06-28T16:59:11+00:00 ITS#10227 Asyncmeta will not reset a connection if a bind operation fails with LDAP_OTHER, leaving the connection in invalid state
- - - - - 66117ce8 by Quanah Gibson-Mount at 2024-06-28T17:02:41+00:00 ITS#10227
- - - - - 12d105b1 by Howard Chu at 2024-06-28T17:02:46+00:00 ITS#10231 slapadd: check for NULL suffix in error message
- - - - - d161fa7f by Quanah Gibson-Mount at 2024-06-28T17:02:52+00:00 ITS#10231
- - - - -
6 changed files:
- CHANGES - libraries/libldap/tls_o.c - servers/slapd/back-asyncmeta/bind.c - servers/slapd/bconfig.c - servers/slapd/pwmods/argon2.c - servers/slapd/slapadd.c
View it on GitLab: https://git.openldap.org/openldap/openldap/-/compare/9f48f3f3b618f4844472178...
-
Quanah Gibson-Mount (@quanah)