parent
54bacfed35
commit
9d8fa89777
1
.gitignore
vendored
1
.gitignore
vendored
@ -18,3 +18,4 @@
|
|||||||
/openldap-2.4.45.tgz
|
/openldap-2.4.45.tgz
|
||||||
/openldap-2.4.46.tgz
|
/openldap-2.4.46.tgz
|
||||||
/openldap-2.4.47.tgz
|
/openldap-2.4.47.tgz
|
||||||
|
/openldap-2.4.50.tgz
|
||||||
|
@ -0,0 +1,36 @@
|
|||||||
|
From 85fc8974f5c32a9a052baafaa9499c8484e043c2 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Quanah Gibson-Mount <quanah@openldap.org>
|
||||||
|
Date: Tue, 28 Apr 2020 20:49:53 +0000
|
||||||
|
Subject: [PATCH] ITS#8650 - Fix Debug usage to follow RE24 format
|
||||||
|
|
||||||
|
---
|
||||||
|
libraries/libldap/tls2.c | 6 +++---
|
||||||
|
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
|
||||||
|
index c1f15cbc1..ebe5bf125 100644
|
||||||
|
--- a/libraries/libldap/tls2.c
|
||||||
|
+++ b/libraries/libldap/tls2.c
|
||||||
|
@@ -907,8 +907,8 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
|
||||||
|
} else if ( sb->sb_trans_needs_write ) {
|
||||||
|
wr=1;
|
||||||
|
}
|
||||||
|
- Debug1( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
|
||||||
|
- wr ? "write": "read" );
|
||||||
|
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ldap_int_tls_connect needs %s\n",
|
||||||
|
+ wr ? "write": "read", 0, 0 );
|
||||||
|
|
||||||
|
/* This is mostly copied from result.c:wait4msg(), should
|
||||||
|
* probably be moved into a separate function */
|
||||||
|
@@ -946,7 +946,7 @@ ldap_int_tls_start ( LDAP *ld, LDAPConn *conn, LDAPURLDesc *srv )
|
||||||
|
start_time_tv.tv_sec = curr_time_tv.tv_sec;
|
||||||
|
start_time_tv.tv_usec = curr_time_tv.tv_usec;
|
||||||
|
tv = tv0;
|
||||||
|
- Debug3( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
|
||||||
|
+ Debug( LDAP_DEBUG_TRACE, "ldap_int_tls_start: ld %p %ld s %ld us to go\n",
|
||||||
|
(void *)ld, (long) tv.tv_sec, (long) tv.tv_usec );
|
||||||
|
ret = ldap_int_poll( ld, sd, &tv, wr);
|
||||||
|
if ( ret < 0 ) {
|
||||||
|
--
|
||||||
|
2.25.4
|
||||||
|
|
@ -1,55 +0,0 @@
|
|||||||
From 69709289b083c53ba41d2cef7d65120220f8c59b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Sumit Bose <sbose@redhat.com>
|
|
||||||
Date: Tue, 7 May 2013 17:02:57 +0200
|
|
||||||
Subject: [PATCH] LDAPI SASL fix
|
|
||||||
|
|
||||||
Resolves: #960222
|
|
||||||
---
|
|
||||||
libraries/libldap/cyrus.c | 19 ++++++++++++++++---
|
|
||||||
1 Datei geändert, 16 Zeilen hinzugefügt(+), 3 Zeilen entfernt(-)
|
|
||||||
|
|
||||||
diff --git a/libraries/libldap/cyrus.c b/libraries/libldap/cyrus.c
|
|
||||||
index 28c241b..a9acf36 100644
|
|
||||||
--- a/libraries/libldap/cyrus.c
|
|
||||||
+++ b/libraries/libldap/cyrus.c
|
|
||||||
@@ -394,6 +394,8 @@ ldap_int_sasl_bind(
|
|
||||||
struct berval ccred = BER_BVNULL;
|
|
||||||
int saslrc, rc;
|
|
||||||
unsigned credlen;
|
|
||||||
+ char my_hostname[HOST_NAME_MAX + 1];
|
|
||||||
+ int free_saslhost = 0;
|
|
||||||
|
|
||||||
Debug( LDAP_DEBUG_TRACE, "ldap_int_sasl_bind: %s\n",
|
|
||||||
mechs ? mechs : "<null>", 0, 0 );
|
|
||||||
@@ -454,14 +456,25 @@ ldap_int_sasl_bind(
|
|
||||||
|
|
||||||
/* If we don't need to canonicalize just use the host
|
|
||||||
* from the LDAP URI.
|
|
||||||
+ * Always use the result of gethostname() for LDAPI.
|
|
||||||
*/
|
|
||||||
- if ( nocanon )
|
|
||||||
+ if (ld->ld_defconn->lconn_server->lud_scheme != NULL &&
|
|
||||||
+ strcmp("ldapi", ld->ld_defconn->lconn_server->lud_scheme) == 0) {
|
|
||||||
+ rc = gethostname(my_hostname, HOST_NAME_MAX + 1);
|
|
||||||
+ if (rc == 0) {
|
|
||||||
+ saslhost = my_hostname;
|
|
||||||
+ } else {
|
|
||||||
+ saslhost = "localhost";
|
|
||||||
+ }
|
|
||||||
+ } else if ( nocanon )
|
|
||||||
saslhost = ld->ld_defconn->lconn_server->lud_host;
|
|
||||||
- else
|
|
||||||
+ else {
|
|
||||||
saslhost = ldap_host_connected_to( ld->ld_defconn->lconn_sb,
|
|
||||||
"localhost" );
|
|
||||||
+ free_saslhost = 1;
|
|
||||||
+ }
|
|
||||||
rc = ldap_int_sasl_open( ld, ld->ld_defconn, saslhost );
|
|
||||||
- if ( !nocanon )
|
|
||||||
+ if ( free_saslhost )
|
|
||||||
LDAP_FREE( saslhost );
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
1.7.11.7
|
|
||||||
|
|
@ -1,227 +0,0 @@
|
|||||||
ITS#7595 Add Elliptic Curve support for OpenSSL
|
|
||||||
|
|
||||||
Cherry-picked upstream e631ce808ed56119e61321463d06db7999ba5a08
|
|
||||||
Author: Howard Chu <hyc@openldap.org>
|
|
||||||
Date: Sat Sep 7 09:47:19 2013 -0700
|
|
||||||
|
|
||||||
diff --git a/doc/man/man5/slapd-config.5 b/doc/man/man5/slapd-config.5
|
|
||||||
index 9c72e8296..2311c3096 100644
|
|
||||||
--- a/doc/man/man5/slapd-config.5
|
|
||||||
+++ b/doc/man/man5/slapd-config.5
|
|
||||||
@@ -922,6 +922,13 @@ are not used.
|
|
||||||
When using Mozilla NSS these parameters are always generated randomly
|
|
||||||
so this directive is ignored.
|
|
||||||
.TP
|
|
||||||
+.B olcTLSECName: <name>
|
|
||||||
+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
|
|
||||||
+ephemeral key exchange. This is required to enable ECDHE algorithms in
|
|
||||||
+OpenSSL. This option is not used with GnuTLS; the curves may be
|
|
||||||
+chosen in the GnuTLS ciphersuite specification. This option is also
|
|
||||||
+ignored for Mozilla NSS.
|
|
||||||
+.TP
|
|
||||||
.B olcTLSProtocolMin: <major>[.<minor>]
|
|
||||||
Specifies minimum SSL/TLS protocol version that will be negotiated.
|
|
||||||
If the server doesn't support at least that version,
|
|
||||||
diff --git a/doc/man/man5/slapd.conf.5 b/doc/man/man5/slapd.conf.5
|
|
||||||
index f504adcf9..ef03e0ad8 100644
|
|
||||||
--- a/doc/man/man5/slapd.conf.5
|
|
||||||
+++ b/doc/man/man5/slapd.conf.5
|
|
||||||
@@ -1153,6 +1153,13 @@ are not used.
|
|
||||||
When using Mozilla NSS these parameters are always generated randomly
|
|
||||||
so this directive is ignored.
|
|
||||||
.TP
|
|
||||||
+.B TLSECName <name>
|
|
||||||
+Specify the name of a curve to use for Elliptic curve Diffie-Hellman
|
|
||||||
+ephemeral key exchange. This is required to enable ECDHE algorithms in
|
|
||||||
+OpenSSL. This option is not used with GnuTLS; the curves may be
|
|
||||||
+chosen in the GnuTLS ciphersuite specification. This option is also
|
|
||||||
+ignored for Mozilla NSS.
|
|
||||||
+.TP
|
|
||||||
.B TLSProtocolMin <major>[.<minor>]
|
|
||||||
Specifies minimum SSL/TLS protocol version that will be negotiated.
|
|
||||||
If the server doesn't support at least that version,
|
|
||||||
diff --git a/include/ldap.h b/include/ldap.h
|
|
||||||
index c245651c2..0964a193e 100644
|
|
||||||
--- a/include/ldap.h
|
|
||||||
+++ b/include/ldap.h
|
|
||||||
@@ -158,6 +158,7 @@ LDAP_BEGIN_DECL
|
|
||||||
#define LDAP_OPT_X_TLS_NEWCTX 0x600f
|
|
||||||
#define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */
|
|
||||||
#define LDAP_OPT_X_TLS_PACKAGE 0x6011
|
|
||||||
+#define LDAP_OPT_X_TLS_ECNAME 0x6012
|
|
||||||
|
|
||||||
#define LDAP_OPT_X_TLS_NEVER 0
|
|
||||||
#define LDAP_OPT_X_TLS_HARD 1
|
|
||||||
diff --git a/libraries/libldap/ldap-int.h b/libraries/libldap/ldap-int.h
|
|
||||||
index 66e04ae80..db7193f4f 100644
|
|
||||||
--- a/libraries/libldap/ldap-int.h
|
|
||||||
+++ b/libraries/libldap/ldap-int.h
|
|
||||||
@@ -165,6 +165,7 @@ struct ldaptls {
|
|
||||||
char *lt_ciphersuite;
|
|
||||||
char *lt_crlfile;
|
|
||||||
char *lt_randfile; /* OpenSSL only */
|
|
||||||
+ char *lt_ecname; /* OpenSSL only */
|
|
||||||
int lt_protocol_min;
|
|
||||||
};
|
|
||||||
#endif
|
|
||||||
@@ -250,6 +251,7 @@ struct ldapoptions {
|
|
||||||
#define ldo_tls_certfile ldo_tls_info.lt_certfile
|
|
||||||
#define ldo_tls_keyfile ldo_tls_info.lt_keyfile
|
|
||||||
#define ldo_tls_dhfile ldo_tls_info.lt_dhfile
|
|
||||||
+#define ldo_tls_ecname ldo_tls_info.lt_ecname
|
|
||||||
#define ldo_tls_cacertfile ldo_tls_info.lt_cacertfile
|
|
||||||
#define ldo_tls_cacertdir ldo_tls_info.lt_cacertdir
|
|
||||||
#define ldo_tls_ciphersuite ldo_tls_info.lt_ciphersuite
|
|
||||||
diff --git a/libraries/libldap/tls2.c b/libraries/libldap/tls2.c
|
|
||||||
index d25c190ea..0451b01af 100644
|
|
||||||
--- a/libraries/libldap/tls2.c
|
|
||||||
+++ b/libraries/libldap/tls2.c
|
|
||||||
@@ -118,6 +118,10 @@ ldap_int_tls_destroy( struct ldapoptions *lo )
|
|
||||||
LDAP_FREE( lo->ldo_tls_dhfile );
|
|
||||||
lo->ldo_tls_dhfile = NULL;
|
|
||||||
}
|
|
||||||
+ if ( lo->ldo_tls_ecname ) {
|
|
||||||
+ LDAP_FREE( lo->ldo_tls_ecname );
|
|
||||||
+ lo->ldo_tls_ecname = NULL;
|
|
||||||
+ }
|
|
||||||
if ( lo->ldo_tls_cacertfile ) {
|
|
||||||
LDAP_FREE( lo->ldo_tls_cacertfile );
|
|
||||||
lo->ldo_tls_cacertfile = NULL;
|
|
||||||
@@ -232,6 +236,10 @@ ldap_int_tls_init_ctx( struct ldapoptions *lo, int is_server )
|
|
||||||
lts.lt_dhfile = LDAP_STRDUP( lts.lt_dhfile );
|
|
||||||
__atoe( lts.lt_dhfile );
|
|
||||||
}
|
|
||||||
+ if ( lts.lt_ecname ) {
|
|
||||||
+ lts.lt_ecname = LDAP_STRDUP( lts.lt_ecname );
|
|
||||||
+ __atoe( lts.lt_ecname );
|
|
||||||
+ }
|
|
||||||
#endif
|
|
||||||
lo->ldo_tls_ctx = ti->ti_ctx_new( lo );
|
|
||||||
if ( lo->ldo_tls_ctx == NULL ) {
|
|
||||||
@@ -257,6 +265,7 @@ error_exit:
|
|
||||||
LDAP_FREE( lts.lt_crlfile );
|
|
||||||
LDAP_FREE( lts.lt_cacertdir );
|
|
||||||
LDAP_FREE( lts.lt_dhfile );
|
|
||||||
+ LDAP_FREE( lts.lt_ecname );
|
|
||||||
#endif
|
|
||||||
return rc;
|
|
||||||
}
|
|
||||||
@@ -646,6 +655,10 @@ ldap_pvt_tls_get_option( LDAP *ld, int option, void *arg )
|
|
||||||
*(char **)arg = lo->ldo_tls_dhfile ?
|
|
||||||
LDAP_STRDUP( lo->ldo_tls_dhfile ) : NULL;
|
|
||||||
break;
|
|
||||||
+ case LDAP_OPT_X_TLS_ECNAME:
|
|
||||||
+ *(char **)arg = lo->ldo_tls_ecname ?
|
|
||||||
+ LDAP_STRDUP( lo->ldo_tls_ecname ) : NULL;
|
|
||||||
+ break;
|
|
||||||
case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
|
|
||||||
*(char **)arg = lo->ldo_tls_crlfile ?
|
|
||||||
LDAP_STRDUP( lo->ldo_tls_crlfile ) : NULL;
|
|
||||||
@@ -765,6 +778,10 @@ ldap_pvt_tls_set_option( LDAP *ld, int option, void *arg )
|
|
||||||
if ( lo->ldo_tls_dhfile ) LDAP_FREE( lo->ldo_tls_dhfile );
|
|
||||||
lo->ldo_tls_dhfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
|
|
||||||
return 0;
|
|
||||||
+ case LDAP_OPT_X_TLS_ECNAME:
|
|
||||||
+ if ( lo->ldo_tls_ecname ) LDAP_FREE( lo->ldo_tls_ecname );
|
|
||||||
+ lo->ldo_tls_ecname = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
|
|
||||||
+ return 0;
|
|
||||||
case LDAP_OPT_X_TLS_CRLFILE: /* GnuTLS only */
|
|
||||||
if ( lo->ldo_tls_crlfile ) LDAP_FREE( lo->ldo_tls_crlfile );
|
|
||||||
lo->ldo_tls_crlfile = arg ? LDAP_STRDUP( (char *) arg ) : NULL;
|
|
||||||
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
|
|
||||||
index f24060b7e..1370923af 100644
|
|
||||||
--- a/libraries/libldap/tls_o.c
|
|
||||||
+++ b/libraries/libldap/tls_o.c
|
|
||||||
@@ -373,10 +373,9 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
- if ( lo->ldo_tls_dhfile ) {
|
|
||||||
- DH *dh = NULL;
|
|
||||||
+ if ( is_server && lo->ldo_tls_dhfile ) {
|
|
||||||
+ DH *dh;
|
|
||||||
BIO *bio;
|
|
||||||
- SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );
|
|
||||||
|
|
||||||
if (( bio=BIO_new_file( lt->lt_dhfile,"r" )) == NULL ) {
|
|
||||||
Debug( LDAP_DEBUG_ANY,
|
|
||||||
@@ -395,7 +394,35 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
||||||
}
|
|
||||||
BIO_free( bio );
|
|
||||||
SSL_CTX_set_tmp_dh( ctx, dh );
|
|
||||||
+ SSL_CTX_set_options( ctx, SSL_OP_SINGLE_DH_USE );
|
|
||||||
+ DH_free( dh );
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+#ifdef SSL_OP_SINGLE_ECDH_USE
|
|
||||||
+ if ( is_server && lo->ldo_tls_ecname ) {
|
|
||||||
+ EC_KEY *ecdh;
|
|
||||||
+
|
|
||||||
+ int nid = OBJ_sn2nid( lt->lt_ecname );
|
|
||||||
+ if ( nid == NID_undef ) {
|
|
||||||
+ Debug( LDAP_DEBUG_ANY,
|
|
||||||
+ "TLS: could not use EC name `%s'.\n",
|
|
||||||
+ lo->ldo_tls_ecname,0,0);
|
|
||||||
+ tlso_report_error();
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ ecdh = EC_KEY_new_by_curve_name( nid );
|
|
||||||
+ if ( ecdh == NULL ) {
|
|
||||||
+ Debug( LDAP_DEBUG_ANY,
|
|
||||||
+ "TLS: could not generate key for EC name `%s'.\n",
|
|
||||||
+ lo->ldo_tls_ecname,0,0);
|
|
||||||
+ tlso_report_error();
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ SSL_CTX_set_tmp_ecdh( ctx, ecdh );
|
|
||||||
+ SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
|
|
||||||
+ EC_KEY_free( ecdh );
|
|
||||||
}
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if ( tlso_opt_trace ) {
|
|
||||||
SSL_CTX_set_info_callback( ctx, tlso_info_cb );
|
|
||||||
diff --git a/servers/slapd/bconfig.c b/servers/slapd/bconfig.c
|
|
||||||
index 250f14100..8b1e4e582 100644
|
|
||||||
--- a/servers/slapd/bconfig.c
|
|
||||||
+++ b/servers/slapd/bconfig.c
|
|
||||||
@@ -194,6 +194,7 @@ enum {
|
|
||||||
CFG_ACL_ADD,
|
|
||||||
CFG_SYNC_SUBENTRY,
|
|
||||||
CFG_LTHREADS,
|
|
||||||
+ CFG_TLS_ECNAME,
|
|
||||||
|
|
||||||
CFG_LAST
|
|
||||||
};
|
|
||||||
@@ -738,6 +739,14 @@ static ConfigTable config_back_cf_table[] = {
|
|
||||||
#endif
|
|
||||||
"( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' "
|
|
||||||
"SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
|
|
||||||
+ { "TLSECName", NULL, 2, 2, 0,
|
|
||||||
+#ifdef HAVE_TLS
|
|
||||||
+ CFG_TLS_ECNAME|ARG_STRING|ARG_MAGIC, &config_tls_option,
|
|
||||||
+#else
|
|
||||||
+ ARG_IGNORED, NULL,
|
|
||||||
+#endif
|
|
||||||
+ "( OLcfgGlAt:96 NAME 'olcTLSECName' "
|
|
||||||
+ "SYNTAX OMsDirectoryString SINGLE-VALUE )", NULL, NULL },
|
|
||||||
{ "TLSProtocolMin", NULL, 2, 2, 0,
|
|
||||||
#ifdef HAVE_TLS
|
|
||||||
CFG_TLS_PROTOCOL_MIN|ARG_STRING|ARG_MAGIC, &config_tls_config,
|
|
||||||
@@ -819,7 +828,7 @@ static ConfigOCs cf_ocs[] = {
|
|
||||||
"olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ "
|
|
||||||
"olcTLSCACertificatePath $ olcTLSCertificateFile $ "
|
|
||||||
"olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ "
|
|
||||||
- "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ "
|
|
||||||
+ "olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSECName $ "
|
|
||||||
"olcTLSCRLFile $ olcTLSProtocolMin $ olcToolThreads $ olcWriteTimeout $ "
|
|
||||||
"olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ "
|
|
||||||
"olcDitContentRules $ olcLdapSyntaxes ) )", Cft_Global },
|
|
||||||
@@ -3824,6 +3833,7 @@ config_tls_option(ConfigArgs *c) {
|
|
||||||
case CFG_TLS_CA_PATH: flag = LDAP_OPT_X_TLS_CACERTDIR; break;
|
|
||||||
case CFG_TLS_CA_FILE: flag = LDAP_OPT_X_TLS_CACERTFILE; break;
|
|
||||||
case CFG_TLS_DH_FILE: flag = LDAP_OPT_X_TLS_DHFILE; break;
|
|
||||||
+ case CFG_TLS_ECNAME: flag = LDAP_OPT_X_TLS_ECNAME; break;
|
|
||||||
#ifdef HAVE_GNUTLS
|
|
||||||
case CFG_TLS_CRL_FILE: flag = LDAP_OPT_X_TLS_CRLFILE; break;
|
|
||||||
#endif
|
|
@ -1,34 +0,0 @@
|
|||||||
ITS#7595 don't try to use EC if OpenSSL lacks it
|
|
||||||
|
|
||||||
Cherry-picked upstream 721e46fe6695077d63a3df6ea2e397920a72308d
|
|
||||||
Author: Howard Chu <hyc@openldap.org>
|
|
||||||
Date: Sun Sep 8 06:32:23 2013 -0700
|
|
||||||
|
|
||||||
diff --git a/libraries/libldap/tls_o.c b/libraries/libldap/tls_o.c
|
|
||||||
index 1a81bc625..71c2b055c 100644
|
|
||||||
--- a/libraries/libldap/tls_o.c
|
|
||||||
+++ b/libraries/libldap/tls_o.c
|
|
||||||
@@ -321,8 +321,12 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
||||||
DH_free( dh );
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef SSL_OP_SINGLE_ECDH_USE
|
|
||||||
if ( is_server && lo->ldo_tls_ecname ) {
|
|
||||||
+#ifdef OPENSSL_NO_EC
|
|
||||||
+ Debug( LDAP_DEBUG_ANY,
|
|
||||||
+ "TLS: Elliptic Curves not supported.\n", 0,0,0 );
|
|
||||||
+ return -1;
|
|
||||||
+#else
|
|
||||||
EC_KEY *ecdh;
|
|
||||||
|
|
||||||
int nid = OBJ_sn2nid( lt->lt_ecname );
|
|
||||||
@@ -344,8 +348,8 @@ tlso_ctx_init( struct ldapoptions *lo, struct ldaptls *lt, int is_server )
|
|
||||||
SSL_CTX_set_tmp_ecdh( ctx, ecdh );
|
|
||||||
SSL_CTX_set_options( ctx, SSL_OP_SINGLE_ECDH_USE );
|
|
||||||
EC_KEY_free( ecdh );
|
|
||||||
- }
|
|
||||||
#endif
|
|
||||||
+ }
|
|
||||||
|
|
||||||
if ( tlso_opt_trace ) {
|
|
||||||
SSL_CTX_set_info_callback( ctx, tlso_info_cb );
|
|
@ -4,8 +4,8 @@
|
|||||||
%global check_password_version 1.1
|
%global check_password_version 1.1
|
||||||
|
|
||||||
Name: openldap
|
Name: openldap
|
||||||
Version: 2.4.47
|
Version: 2.4.50
|
||||||
Release: 5%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: LDAP support libraries
|
Summary: LDAP support libraries
|
||||||
License: OpenLDAP
|
License: OpenLDAP
|
||||||
URL: http://www.openldap.org/
|
URL: http://www.openldap.org/
|
||||||
@ -32,11 +32,8 @@ Patch17: openldap-allop-overlay.patch
|
|||||||
# the proper fix is to link all perl modules against libperl
|
# the proper fix is to link all perl modules against libperl
|
||||||
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
|
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327585
|
||||||
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
|
Patch19: openldap-switch-to-lt_dlopenadvise-to-get-RTLD_GLOBAL-set.patch
|
||||||
# ldapi sasl fix pending upstream inclusion
|
|
||||||
Patch20: openldap-ldapi-sasl.patch
|
|
||||||
Patch22: openldap-openssl-ITS7595-Add-EC-support-1.patch
|
|
||||||
Patch23: openldap-openssl-ITS7595-Add-EC-support-2.patch
|
|
||||||
Patch24: openldap-openssl-manpage-defaultCA.patch
|
Patch24: openldap-openssl-manpage-defaultCA.patch
|
||||||
|
Patch25: openldap-ITS-8650-Fix-Debug-usage-to-follow-RE24-format.patch
|
||||||
|
|
||||||
# check-password module specific patches
|
# check-password module specific patches
|
||||||
Patch90: check-password-makefile.patch
|
Patch90: check-password-makefile.patch
|
||||||
@ -113,10 +110,8 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi
|
|||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
%patch19 -p1
|
%patch19 -p1
|
||||||
%patch20 -p1
|
|
||||||
%patch22 -p1
|
|
||||||
%patch23 -p1
|
|
||||||
%patch24 -p1
|
%patch24 -p1
|
||||||
|
%patch25 -p1
|
||||||
|
|
||||||
# build smbk5pwd with other overlays
|
# build smbk5pwd with other overlays
|
||||||
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays
|
||||||
@ -486,6 +481,9 @@ exit 0
|
|||||||
%{_mandir}/man3/*
|
%{_mandir}/man3/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 17 2020 Matus Honek <mhonek@redhat.com> - 2.4.50-1
|
||||||
|
- Rebase to version 2.4.50 (#1742285)
|
||||||
|
|
||||||
* Tue Jun 16 2020 Tom Stellard <tstellar@redhat.com> - 2.4.47-5
|
* Tue Jun 16 2020 Tom Stellard <tstellar@redhat.com> - 2.4.47-5
|
||||||
- Spec file cleanups
|
- Spec file cleanups
|
||||||
- Add BuildRequres: gcc [1]
|
- Add BuildRequres: gcc [1]
|
||||||
|
2
sources
2
sources
@ -1,2 +1,2 @@
|
|||||||
SHA512 (ltb-project-openldap-ppolicy-check-password-1.1.tar.gz) = f3384a164ce5db488908cf6380bad8500b800b09d12a8f04e1b6ccb6f6af6ab3971fcdbe4acca7a1b6d16b408a11065c2b1ab2497863fe07d3c28262b0f6776e
|
SHA512 (ltb-project-openldap-ppolicy-check-password-1.1.tar.gz) = f3384a164ce5db488908cf6380bad8500b800b09d12a8f04e1b6ccb6f6af6ab3971fcdbe4acca7a1b6d16b408a11065c2b1ab2497863fe07d3c28262b0f6776e
|
||||||
SHA512 (openldap-2.4.47.tgz) = d424079e34207e3d24383a2bea70a07ded40714982a6767174d2b2cb208cd94feab5ef12157accae915b8e404e5773a7547aaef65f06b44dc3cc09c6a64d5a11
|
SHA512 (openldap-2.4.50.tgz) = f528043ff9de36f7b65d8816c9a9c24f0ac400041b2969965178ee6eae62c92a11af33a0a883e4954e5fff98a0738a9f9aa2faf5b385d21974754e045aab31ae
|
||||||
|
Loading…
Reference in New Issue
Block a user