A ref change was pushed to the OpenLDAP (openldap.git) repository. It will be available in the public mirror shortly.
The branch, master has been updated via 210b156ece28a71cb625283fa5c30ee76d639cdc (commit) via fb4b4f7445d9392fbae097cc861e4cfb1694dcae (commit) from ff7acea2d25b4037f93431909512aeedba33127c (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 210b156ece28a71cb625283fa5c30ee76d639cdc Author: Rich Megginson rmeggins@redhat.com Date: Thu Jul 28 14:08:37 2011 -0700
ITS#7002 MozNSS: fix VerifyCert allow/try behavior
If the olcTLSVerifyClient is set to a value other than "never", the server should request that the client send a client certificate for possible use with client cert auth (e.g. SASL/EXTERNAL). If set to "allow", if the client sends a cert, and there are problems with it, the server will warn about problems, but will allow the SSL session to proceed without a client cert. If set to "try", if the client sends a cert, and there are problems with it, the server will warn about those problems, and shutdown the SSL session. If set to "demand" or "hard", the client must send a cert, and the server will shutdown the SSL session if there are problems. I added a new member of the tlsm context structure - tc_warn_only - if this is set, tlsm_verify_cert will only warn about errors, and only if TRACE level debug is set. This allows the server to warn but allow bad certs if "allow" is set, and warn and fail if "try" is set.
commit fb4b4f7445d9392fbae097cc861e4cfb1694dcae Author: Rich Megginson rmeggins@redhat.com Date: Mon Jul 25 20:27:59 2011 -0600
ITS#7001 MozNSS: free the return of tlsm_find_and_verify_cert_key
If tlsm_find_and_verify_cert_key finds the cert and/or key, and it fails to verify them, it will leave them allocated for the caller to dispose of. There were a couple of places that were not disposing of the cert and key upon error.
-----------------------------------------------------------------------
Summary of changes: libraries/libldap/tls_m.c | 78 +++++++++++++++++++++++++++++++++++++------- 1 files changed, 65 insertions(+), 13 deletions(-)
-
openldap-commit2develīŧ OpenLDAP.org