/pam_ldap-184/pam_ldap.h:71: /* SSL config states */ /pam_ldap-184/pam_ldap.h:72:#define SSL_OFF 0 /pam_ldap-184/pam_ldap.h:73:#define SSL_LDAPS 1 /pam_ldap-184/pam_ldap.h:74:#define SSL_START_TLS 2 /pam_ldap-184/pam_ldap.h:75: int ssl_on; /pam_ldap-184/pam_ldap.h:76: /* SSL path */ /pam_ldap-184/pam_ldap.h:111:#define PASSWORD_MD5 2 /pam_ldap-184/pam_ldap.h:123: /* tls check peer */ /pam_ldap-184/pam_ldap.h:124: int tls_checkpeer; /pam_ldap-184/pam_ldap.h:125: /* tls ca certificate file */ /pam_ldap-184/pam_ldap.h:126: char *tls_cacertfile; /pam_ldap-184/pam_ldap.h:127: /* tls ca certificate dir */ /pam_ldap-184/pam_ldap.h:128: char *tls_cacertdir; /pam_ldap-184/pam_ldap.h:129: /* tls ciphersuite */ /pam_ldap-184/pam_ldap.h:130: char *tls_ciphers; /pam_ldap-184/pam_ldap.h:131: /* tls certificate */ /pam_ldap-184/pam_ldap.h:132: char *tls_cert; /pam_ldap-184/pam_ldap.h:133: /* tls key */ /pam_ldap-184/pam_ldap.h:134: char *tls_key; /pam_ldap-184/pam_ldap.h:135: /* tls randfile */ /pam_ldap-184/pam_ldap.h:136: char *tls_randfile; /pam_ldap-184/Makefile.in:77:pam_ldap_so_SOURCES = pam_ldap.c pam_ldap.h md5.c md5.h /pam_ldap-184/Makefile.in:99:pam_ldap_so_OBJECTS = pam_ldap.o md5.o /pam_ldap-184/Makefile.in:119:DEP_FILES = .deps/md5.P .deps/pam_ldap.P /pam_ldap-184/CVSVersionInfo.txt:9:PreBuild: configure --with-ldap-lib=netscape4 --with-ldap-dir=/usr/local/ldapsdk4 --enable-rfc2307bis --disable-ssl /pam_ldap-184/certutil:5:# inspired by Netscape PKCS #11 toolkit /pam_ldap-184/certutil:11:# certutil can be used with various OpenSSL routines and tools /pam_ldap-184/certutil:12:# that utilize OpenSSL. Example: /pam_ldap-184/certutil:14:# $ openssl s_client -CApath certdir /pam_ldap-184/certutil:120: HASH=`openssl x509 -in $FILE -hash -noout 2>/dev/null`.0 /pam_ldap-184/certutil:133: echo `openssl x509 -in $CDIR/$HASH -subject -noout` /pam_ldap-184/certutil:158: SUBJECT=`openssl x509 -in $CDIR/$HASH -subject -noout` /pam_ldap-184/certutil:159: ISSUER=`openssl x509 -in $CDIR/$HASH -issuer -noout` /pam_ldap-184/certutil:191: openssl x509 -in $CDIR/$HASH -text /pam_ldap-184/configure:1271:# Check whether --enable-ssl or --disable-ssl was given. /pam_ldap-184/configure:1272:if test "${enable_ssl+set}" = set; then /pam_ldap-184/configure:1460:for ac_hdr in des.h crypt.h /pam_ldap-184/configure:1581:for ac_hdr in ldap_ssl.h /pam_ldap-184/configure:2496:if test "$enable_ssl" \!= "no"; then /pam_ldap-184/config.h.in:19:/* Define to 1 if you have the header file. */ /pam_ldap-184/config.h.in:20:#undef HAVE_DES_H /pam_ldap-184/config.h.in:61:/* Define to 1 if you have the `ldap_pvt_tls_set_option' function. */ /pam_ldap-184/config.h.in:62:#undef HAVE_LDAP_PVT_TLS_SET_OPTION /pam_ldap-184/config.h.in:79:/* Define to 1 if you have the header file. */ /pam_ldap-184/config.h.in:80:#undef HAVE_LDAP_SSL_H /pam_ldap-184/config.h.in:82:/* Define to 1 if you have the `ldap_start_tls_s' function. */ /pam_ldap-184/config.h.in:83:#undef HAVE_LDAP_START_TLS_S /pam_ldap-184/md5.h:24:/*$Id: md5.h,v 1.3 2002/08/05 03:56:55 lukeh Exp $ */ /pam_ldap-184/md5.h:26: Independent implementation of MD5 (RFC 1321). /pam_ldap-184/md5.h:28: This code implements the MD5 Algorithm defined in RFC 1321. /pam_ldap-184/md5.h:32: The original and principal author of md5.h is L. Peter Deutsch /pam_ldap-184/md5.h:37: 1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5); /pam_ldap-184/md5.h:43:#ifndef md5_INCLUDED /pam_ldap-184/md5.h:44:# define md5_INCLUDED /pam_ldap-184/md5.h:54:typedef unsigned char md5_byte_t; /* 8-bit byte */ /pam_ldap-184/md5.h:55:typedef unsigned int md5_word_t; /* 32-bit word */ /pam_ldap-184/md5.h:57:/* Define the state of the MD5 Algorithm. */ /pam_ldap-184/md5.h:58:typedef struct md5_state_s { /pam_ldap-184/md5.h:59: md5_word_t count[2]; /* message length in bits, lsw first */ /pam_ldap-184/md5.h:60: md5_word_t abcd[4]; /* digest buffer */ /pam_ldap-184/md5.h:61: md5_byte_t buf[64]; /* accumulate block */ /pam_ldap-184/md5.h:62:} md5_state_t; /pam_ldap-184/md5.h:71:void _pam_ldap_md5_init(P1(md5_state_t *pms)); /pam_ldap-184/md5.h:73:void _pam_ldap_md5_init(md5_state_t *pms); /pam_ldap-184/md5.h:78:void _pam_ldap_md5_append(P3(md5_state_t *pms, const md5_byte_t *data, int nbytes)); /pam_ldap-184/md5.h:80:void _pam_ldap_md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes); /pam_ldap-184/md5.h:85:void _pam_ldap_md5_finish(P2(md5_state_t *pms, md5_byte_t digest[16])); /pam_ldap-184/md5.h:87:void _pam_ldap_md5_finish(md5_state_t *pms, md5_byte_t digest[16]); /pam_ldap-184/md5.h:94:#endif /* md5_INCLUDED */ /pam_ldap-184/README:12: o Support for Netscape's SSL API and proprietary extensions /pam_ldap-184/README:47:CRAM-MD5) or with transport security (like SSL/TLS). With simple /pam_ldap-184/README:110:Q: Where is ldap_ssl.h? It's in the Netscape LDAP /pam_ldap-184/README:112:don't want to use SSL, removed -DSSL from CFLAGS. I /pam_ldap-184/README:113:don't have any experience building with the SSL/TLS /pam_ldap-184/README:129:pam_password [clear|crypt|md5|nds|ad|exop] /pam_ldap-184/README:139:md5 -- use inbuilt MD5 code to hash password /pam_ldap-184/README:161:Your openldap libs *and* your SSL/RSAREF libs must be DYNAMIC LIBRARIES /pam_ldap-184/README:192:compiled shared but OpenSSL not: /pam_ldap-184/README:195:SSL_load_error_strings: referenced symbol not found /pam_ldap-184/md5.c:24:/*$Id: md5.c,v 1.4 2002/08/05 03:56:55 lukeh Exp $ */ /pam_ldap-184/md5.c:26: Independent implementation of MD5 (RFC 1321). /pam_ldap-184/md5.c:28: This code implements the MD5 Algorithm defined in RFC 1321. /pam_ldap-184/md5.c:32: The original and principal author of md5.c is L. Peter Deutsch /pam_ldap-184/md5.c:37: 1999-10-18 lpd Fixed typo in header comment (ansi2knr rather than md5). /pam_ldap-184/md5.c:41:#include "md5.h" /pam_ldap-184/md5.c:65: md5_state_t state; /pam_ldap-184/md5.c:66: md5_byte_t digest[16]; /pam_ldap-184/md5.c:69: md5_init(&state); /pam_ldap-184/md5.c:70: md5_append(&state, (const md5_byte_t *)test[i], strlen(test[i])); /pam_ldap-184/md5.c:71: md5_finish(&state, digest); /pam_ldap-184/md5.c:72: printf("MD5 (\"%s\") = ", test[i]); /pam_ldap-184/md5.c:166:md5_process(md5_state_t *pms, const md5_byte_t *data /*[64]*/) /pam_ldap-184/md5.c:168: md5_word_t /pam_ldap-184/md5.c:171: md5_word_t t; /pam_ldap-184/md5.c:182: md5_word_t X[16]; /pam_ldap-184/md5.c:183: const md5_byte_t *xp = data; /pam_ldap-184/md5.c:195: md5_word_t xbuf[16]; /pam_ldap-184/md5.c:196: const md5_word_t *X; /pam_ldap-184/md5.c:198: if (!((data - (const md5_byte_t *)0) & 3)) { /pam_ldap-184/md5.c:200: X = (const md5_word_t *)data; /pam_ldap-184/md5.c:326:void _pam_ldap_md5_init(md5_state_t *pms) /pam_ldap-184/md5.c:338:void _pam_ldap_md5_append(md5_state_t *pms, const md5_byte_t *data, int nbytes) /pam_ldap-184/md5.c:340: const md5_byte_t *p = data; /pam_ldap-184/md5.c:343: md5_word_t nbits = (md5_word_t)(nbytes << 3); /pam_ldap-184/md5.c:363: md5_process(pms, pms->buf); /pam_ldap-184/md5.c:368: md5_process(pms, p); /pam_ldap-184/md5.c:379:_pam_ldap_md5_finish(md5_state_t *pms, md5_byte_t digest[16]) /pam_ldap-184/md5.c:381: static const md5_byte_t pad[64] = { /pam_ldap-184/md5.c:387: md5_byte_t data[8]; /pam_ldap-184/md5.c:392: data[i] = (md5_byte_t)(pms->count[i >> 2] >> ((i & 3) << 3)); /pam_ldap-184/md5.c:394: _pam_ldap_md5_append(pms, pad, ((55 - (pms->count[0] >> 3)) & 63) + 1); /pam_ldap-184/md5.c:396: _pam_ldap_md5_append(pms, data, 8); /pam_ldap-184/md5.c:398: digest[i] = (md5_byte_t)(pms->abcd[i >> 2] >> ((i & 3) << 3)); /pam_ldap-184/pam_ldap.c:107:#elif defined(HAVE_DES_H) /pam_ldap-184/pam_ldap.c:108:#include /pam_ldap-184/pam_ldap.c:117:#ifdef HAVE_LDAP_SSL_H /pam_ldap-184/pam_ldap.c:118:#include /pam_ldap-184/pam_ldap.c:132:#include "md5.h" /pam_ldap-184/pam_ldap.c:159:static int ssl_initialized = 0; /pam_ldap-184/pam_ldap.c:216:/* TLS routines */ /pam_ldap-184/pam_ldap.c:217:#if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /pam_ldap-184/pam_ldap.c:218:static int _set_ssl_default_options (pam_ldap_session_t *); /pam_ldap-184/pam_ldap.c:219:static int _set_ssl_options (pam_ldap_session_t *); /pam_ldap-184/pam_ldap.c:262:static char *_get_md5_salt (char saltbuf[16]); /pam_ldap-184/pam_ldap.c:314: * We need to keep ourselves loaded so that ssl_initialized /pam_ldap-184/pam_ldap.c:318:void nasty_ssl_hack (void) __attribute__ ((constructor)); /pam_ldap-184/pam_ldap.c:321:# pragma init(nasty_ssl_hack) /pam_ldap-184/pam_ldap.c:326:nasty_ssl_hack (void) /pam_ldap-184/pam_ldap.c:632: result->ssl_on = SSL_OFF; /pam_ldap-184/pam_ldap.c:656: result->tls_checkpeer = -1; /pam_ldap-184/pam_ldap.c:657: result->tls_cacertfile = NULL; /pam_ldap-184/pam_ldap.c:658: result->tls_cacertdir = NULL; /pam_ldap-184/pam_ldap.c:659: result->tls_ciphers = NULL; /pam_ldap-184/pam_ldap.c:660: result->tls_cert = NULL; /pam_ldap-184/pam_ldap.c:661: result->tls_key = NULL; /pam_ldap-184/pam_ldap.c:662: result->tls_randfile = NULL; /pam_ldap-184/pam_ldap.c:885: else if (!strcasecmp (v, "md5")) /pam_ldap-184/pam_ldap.c:886: result->password_type = PASSWORD_MD5; /pam_ldap-184/pam_ldap.c:985: else if (!strcasecmp (k, "ssl")) /pam_ldap-184/pam_ldap.c:990: result->ssl_on = SSL_LDAPS; /pam_ldap-184/pam_ldap.c:992: else if (!strcasecmp (v, "start_tls")) /pam_ldap-184/pam_ldap.c:994: result->ssl_on = SSL_START_TLS; /pam_ldap-184/pam_ldap.c:1051: else if (!strcasecmp (k, "tls_checkpeer")) /pam_ldap-184/pam_ldap.c:1056: result->tls_checkpeer = 1; /* LDAP_OPT_X_TLS_HARD */ /pam_ldap-184/pam_ldap.c:1061: result->tls_checkpeer = 0; /* LDAP_OPT_X_TLS_NEVER */ /pam_ldap-184/pam_ldap.c:1064: else if (!strcasecmp (k, "tls_cacertfile")) /pam_ldap-184/pam_ldap.c:1066: CHECKPOINTER (result->tls_cacertfile = strdup (v)); /pam_ldap-184/pam_ldap.c:1068: else if (!strcasecmp (k, "tls_cacertdir")) /pam_ldap-184/pam_ldap.c:1070: CHECKPOINTER (result->tls_cacertdir = strdup (v)); /pam_ldap-184/pam_ldap.c:1072: else if (!strcasecmp (k, "tls_ciphers")) /pam_ldap-184/pam_ldap.c:1074: CHECKPOINTER (result->tls_ciphers = strdup (v)); /pam_ldap-184/pam_ldap.c:1076: else if (!strcasecmp (k, "tls_cert")) /pam_ldap-184/pam_ldap.c:1078: CHECKPOINTER (result->tls_cert = strdup (v)); /pam_ldap-184/pam_ldap.c:1080: else if (!strcasecmp (k, "tls_key")) /pam_ldap-184/pam_ldap.c:1082: CHECKPOINTER (result->tls_key = strdup (v)); /pam_ldap-184/pam_ldap.c:1084: else if (!strcasecmp (k, "tls_randfile")) /pam_ldap-184/pam_ldap.c:1086: CHECKPOINTER (result->tls_randfile = strdup (v)); /pam_ldap-184/pam_ldap.c:1138:#if defined(HAVE_LDAPSSL_INIT) || defined(HAVE_LDAP_START_TLS_S) /pam_ldap-184/pam_ldap.c:1139: if (result->ssl_on == SSL_LDAPS) /pam_ldap-184/pam_ldap.c:1226: if (session->conf->ssl_on == SSL_LDAPS && ssl_initialized == 0) /pam_ldap-184/pam_ldap.c:1235: ssl_initialized = 1; /pam_ldap-184/pam_ldap.c:1238: if (session->conf->ssl_on) /pam_ldap-184/pam_ldap.c:1246:#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) /pam_ldap-184/pam_ldap.c:1247: /* set defaults for global TLS-related options */ /pam_ldap-184/pam_ldap.c:1248: if (_set_ssl_default_options (session) != LDAP_SUCCESS) /pam_ldap-184/pam_ldap.c:1250: syslog (LOG_ERR, "pam_ldap: _set_ssl_default_options failed"); /pam_ldap-184/pam_ldap.c:1282:#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) /pam_ldap-184/pam_ldap.c:1283: if (session->conf->ssl_on == SSL_LDAPS) /pam_ldap-184/pam_ldap.c:1285: int tls = LDAP_OPT_X_TLS_HARD; /pam_ldap-184/pam_ldap.c:1286: int rc = ldap_set_option (session->ld, LDAP_OPT_X_TLS, &tls); /pam_ldap-184/pam_ldap.c:1289: syslog (LOG_ERR, "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS) %s", /pam_ldap-184/pam_ldap.c:1294: /* set up SSL per-context settings */ /pam_ldap-184/pam_ldap.c:1295: if (_set_ssl_options (session) != LDAP_SUCCESS) /pam_ldap-184/pam_ldap.c:1297: syslog (LOG_ERR, "pam_ldap: _set_ssl_options failed"); /pam_ldap-184/pam_ldap.c:1300:#endif /* LDAP_OPT_X_TLS */ /pam_ldap-184/pam_ldap.c:1357:#ifdef HAVE_LDAP_START_TLS_S /pam_ldap-184/pam_ldap.c:1358: if (session->conf->ssl_on == SSL_START_TLS) /pam_ldap-184/pam_ldap.c:1372: /* set up SSL context */ /pam_ldap-184/pam_ldap.c:1373: if (_set_ssl_options (session) != LDAP_SUCCESS) /pam_ldap-184/pam_ldap.c:1375: syslog (LOG_ERR, "pam_ldap: _set_ssl_options failed"); /pam_ldap-184/pam_ldap.c:1378: rc = ldap_start_tls_s (session->ld, NULL, NULL); /pam_ldap-184/pam_ldap.c:1387:#endif /* HAVE_LDAP_START_TLS_S */ /pam_ldap-184/pam_ldap.c:1391:#if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /pam_ldap-184/pam_ldap.c:1392:/* Some global TLS-specific options need to be set before we create our /pam_ldap-184/pam_ldap.c:1395:_set_ssl_default_options (pam_ldap_session_t * session) /pam_ldap-184/pam_ldap.c:1399:#ifdef LDAP_OPT_X_TLS_RANDOM_FILE /pam_ldap-184/pam_ldap.c:1401: if (session->conf->tls_randfile != NULL) /pam_ldap-184/pam_ldap.c:1403: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, /pam_ldap-184/pam_ldap.c:1404: session->conf->tls_randfile); /pam_ldap-184/pam_ldap.c:1408: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_RANDOM_FILE): %s", /pam_ldap-184/pam_ldap.c:1413:#endif /* LDAP_OPT_X_TLS_RANDOM_FILE */ /pam_ldap-184/pam_ldap.c:1416: if (session->conf->tls_cacertfile != NULL) /pam_ldap-184/pam_ldap.c:1418: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, /pam_ldap-184/pam_ldap.c:1419: session->conf->tls_cacertfile); /pam_ldap-184/pam_ldap.c:1423: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE): %s", /pam_ldap-184/pam_ldap.c:1429: if (session->conf->tls_cacertdir != NULL) /pam_ldap-184/pam_ldap.c:1432: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, /pam_ldap-184/pam_ldap.c:1433: session->conf->tls_cacertdir); /pam_ldap-184/pam_ldap.c:1437: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR): %s", /pam_ldap-184/pam_ldap.c:1443: if (session->conf->tls_checkpeer > -1) /pam_ldap-184/pam_ldap.c:1446: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, /pam_ldap-184/pam_ldap.c:1447: &session->conf->tls_checkpeer); /pam_ldap-184/pam_ldap.c:1451: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT): %s", /pam_ldap-184/pam_ldap.c:1457: if (session->conf->tls_ciphers != NULL) /pam_ldap-184/pam_ldap.c:1460: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, /pam_ldap-184/pam_ldap.c:1461: session->conf->tls_ciphers); /pam_ldap-184/pam_ldap.c:1465: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CIPHER_SUITE): %s", /pam_ldap-184/pam_ldap.c:1471: if (session->conf->tls_cert != NULL) /pam_ldap-184/pam_ldap.c:1473: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, /pam_ldap-184/pam_ldap.c:1474: session->conf->tls_cert); /pam_ldap-184/pam_ldap.c:1478: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_CERTFILE): %s", /pam_ldap-184/pam_ldap.c:1484: if (session->conf->tls_key != NULL) /pam_ldap-184/pam_ldap.c:1486: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, /pam_ldap-184/pam_ldap.c:1487: session->conf->tls_key); /pam_ldap-184/pam_ldap.c:1491: "pam_ldap: ldap_set_option(LDAP_OPT_X_TLS_KEYFILE): %s", /pam_ldap-184/pam_ldap.c:1500:/* Now we can set the per-context TLS-specific options. */ /pam_ldap-184/pam_ldap.c:1502:_set_ssl_options (pam_ldap_session_t * session) /pam_ldap-184/pam_ldap.c:1636: if (session->conf->ssl_on == SSL_START_TLS) /pam_ldap-184/pam_ldap.c:1638: rc = ldap_start_tls_s (session->ld, NULL, NULL); /pam_ldap-184/pam_ldap.c:1980: * controls? do we need to implement DIGEST-MD5 ourself? /pam_ldap-184/pam_ldap.c:2134: int rc2; /pam_ldap-184/pam_ldap.c:2136: rc2 = _get_password_policy_response_value (&(*ctlp)->ldctl_value, /pam_ldap-184/pam_ldap.c:2139: if (rc2 != LDAP_SUCCESS) /pam_ldap-184/pam_ldap.c:2147: rc = rc2; /pam_ldap-184/pam_ldap.c:2463:_get_md5_salt (char saltbuf[16]) /pam_ldap-184/pam_ldap.c:2465: md5_state_t state; /pam_ldap-184/pam_ldap.c:2466: md5_byte_t digest[16]; /pam_ldap-184/pam_ldap.c:2470: _pam_ldap_md5_init (&state); /pam_ldap-184/pam_ldap.c:2472: _pam_ldap_md5_append (&state, (unsigned char *) &tv, sizeof (tv)); /pam_ldap-184/pam_ldap.c:2474: _pam_ldap_md5_append (&state, (unsigned char *) &i, sizeof (i)); /pam_ldap-184/pam_ldap.c:2476: _pam_ldap_md5_append (&state, (unsigned char *) &i, sizeof (i)); /pam_ldap-184/pam_ldap.c:2477: _pam_ldap_md5_append (&state, (unsigned char *) saltbuf, sizeof (saltbuf)); /pam_ldap-184/pam_ldap.c:2478: _pam_ldap_md5_finish (&state, digest); /pam_ldap-184/pam_ldap.c:3016: case PASSWORD_MD5: /pam_ldap-184/pam_ldap.c:3017: _get_md5_salt (saltbuf); /pam_ldap-184/pam_ldap.c:3056: * To be able to change a password in AD via LDAP, an SSL connection /pam_ldap-184/pam_ldap.spec:12:Requires: openldap cyrus-sasl openssl /pam_ldap-184/pam_ldap.spec:19:clients, Netscapes SSL/OpenSSL, ypldapd, Netscape Directory Server password /pam_ldap-184/pam_ldap.5:136:specifying LDAP over TCP, IPC and SSL respectively. If applicable, /pam_ldap-184/pam_ldap.5:247:.B ssl /pam_ldap-184/pam_ldap.5:248:Specifies whether to use SSL/TLS or not (the default is not to). If /pam_ldap-184/pam_ldap.5:250:start_tls /pam_ldap-184/pam_ldap.5:251:is specified then StartTLS is used rather than raw LDAP over SSL. /pam_ldap-184/pam_ldap.5:254:client libraries support both SSL and StartTLS, and all related /pam_ldap-184/pam_ldap.5:264:.B tls_checkpeer /pam_ldap-184/pam_ldap.5:266:or not, when using SSL/TLS with the OpenLDAP client library. /pam_ldap-184/pam_ldap.5:270:.B tls_cacertdir /pam_ldap-184/pam_ldap.5:272:.B tls_cacertfile /pam_ldap-184/pam_ldap.5:275:.B tls_cacertdir /pam_ldap-184/pam_ldap.5:279:.B tls_cacertfile /pam_ldap-184/pam_ldap.5:282:.B tls_randfile /pam_ldap-184/pam_ldap.5:285:.B tls_ciphers /pam_ldap-184/pam_ldap.5:286:Specifies the ciphers to use for TLS. See your TLS implementation's /pam_ldap-184/pam_ldap.5:289:.B tls_cert /pam_ldap-184/pam_ldap.5:291:client TLS authentication. /pam_ldap-184/pam_ldap.5:293:.B tls_key /pam_ldap-184/pam_ldap.5:295:TLS authentication. /pam_ldap-184/pam_ldap.5:384:.B md5 /pam_ldap-184/pam_ldap.5:386:hash of the new password using MD5 and then replacing userPassword value /pam_ldap-184/configure.in:13:AC_ARG_ENABLE(ssl, [ --disable-ssl disable SSL/TSL support]) /pam_ldap-184/configure.in:70:AC_CHECK_HEADERS(des.h crypt.h) /pam_ldap-184/configure.in:73:AC_CHECK_HEADERS(ldap_ssl.h) /pam_ldap-184/configure.in:130:if test "$enable_ssl" \!= "no"; then /pam_ldap-184/configure.in:131: AC_CHECK_FUNCS(ldapssl_init ldap_start_tls_s ldap_pvt_tls_set_option) /pam_ldap-184/Makefile.am:5:pam_ldap_so_SOURCES = pam_ldap.c pam_ldap.h md5.c md5.h /pam_ldap-184/ldap.conf:245:#ssl on /pam_ldap-184/ldap.conf:247:# Netscape SDK SSL options /pam_ldap-184/ldap.conf:248:#sslpath /etc/ssl/certs /pam_ldap-184/ldap.conf:250:# OpenLDAP SSL mechanism /pam_ldap-184/ldap.conf:251:# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 /pam_ldap-184/ldap.conf:252:#ssl start_tls /pam_ldap-184/ldap.conf:253:#ssl on /pam_ldap-184/ldap.conf:255:# OpenLDAP SSL options /pam_ldap-184/ldap.conf:258:# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for /pam_ldap-184/ldap.conf:260:#tls_checkpeer yes /pam_ldap-184/ldap.conf:263:# At least one of these are required if tls_checkpeer is "yes" /pam_ldap-184/ldap.conf:264:#tls_cacertfile /etc/ssl/ca.cert /pam_ldap-184/ldap.conf:265:#tls_cacertdir /etc/ssl/certs /pam_ldap-184/ldap.conf:268:#tls_randfile /var/run/egd-pool /pam_ldap-184/ldap.conf:270:# SSL cipher suite /pam_ldap-184/ldap.conf:272:#tls_ciphers TLSv1 /pam_ldap-184/ldap.conf:276:#tls_cert /pam_ldap-184/ldap.conf:277:#tls_key /pam_ldap-184/ldap.conf:287:#pam_sasl_mech DIGEST-MD5 /README.TLS:1:Please note that if nss_ldap or pam_ldap are configured to use TLS, that the /README.TLS:6:the signature on the certificate against the list of certifying authorities /pam_ldap-184-dnsconfig.patch:248:+ /* Hack: if the port is the registered SSL port, enable SSL. */ /pam_ldap-184-dnsconfig.patch:251:+ result->ssl_on = SSL_LDAPS; /pam_ldap-184-dnsconfig.patch:253:+#endif /* SSL */ /nss_ldap-264/nss_ldap.5:18:platforms, Kerberos and SSL security, configurable schema mapping, /nss_ldap-264/nss_ldap.5:125:specifying LDAP over TCP, IPC and SSL respectively. If applicable, /nss_ldap-264/nss_ldap.5:237:.B ssl /nss_ldap-264/nss_ldap.5:238:Specifies whether to use SSL/TLS or not (the default is not to). If /nss_ldap-264/nss_ldap.5:240:start_tls /nss_ldap-264/nss_ldap.5:241:is specified then StartTLS is used rather than raw LDAP over SSL. /nss_ldap-264/nss_ldap.5:244:client libraries support both SSL and StartTLS, and all related /nss_ldap-264/nss_ldap.5:254:.B tls_checkpeer /nss_ldap-264/nss_ldap.5:256:or not, when using SSL/TLS with the OpenLDAP client library. /nss_ldap-264/nss_ldap.5:260:.B tls_cacertdir /nss_ldap-264/nss_ldap.5:262:.B tls_cacertfile /nss_ldap-264/nss_ldap.5:265:.B tls_cacertdir /nss_ldap-264/nss_ldap.5:269:.B tls_cacertfile /nss_ldap-264/nss_ldap.5:272:.B tls_randfile /nss_ldap-264/nss_ldap.5:275:.B tls_ciphers /nss_ldap-264/nss_ldap.5:276:Specifies the ciphers to use for TLS. See your TLS implementation's /nss_ldap-264/nss_ldap.5:279:.B tls_cert /nss_ldap-264/nss_ldap.5:281:client TLS authentication. /nss_ldap-264/nss_ldap.5:283:.B tls_key /nss_ldap-264/nss_ldap.5:285:TLS authentication. /nss_ldap-264/doc/SolarisInstallNotes.txt:6:OpenLDAP 2.0.11 with OpenSSL 0.9.6a, OpenLDAP compiled for SSL/TLS, /nss_ldap-264/doc/SolarisInstallNotes.txt:7:OpenSSL compiled to use RSAREF. slapd running on a freeBSD 4.3-STABLE /nss_ldap-264/doc/SolarisInstallNotes.txt:16:solaris machine using SSL now, or so says my packet sniffer, snort. :) /nss_ldap-264/doc/SolarisInstallNotes.txt:18:1) your docs should say, "Your openldap libs *and* your SSL/RSAREF libs /nss_ldap-264/doc/SolarisInstallNotes.txt:22:called, and if it's in /usr/local/ssl/lib or /usr/local/lib it's not going /nss_ldap-264/doc/SolarisInstallNotes.txt:41:2) On Solaris, you need GNU Make and GNU binutils to compile openssl /nss_ldap-264/doc/SolarisInstallNotes.txt:47:2a) to compile OpenSSL with RSAREF and dynamic lib support, you must: /nss_ldap-264/doc/SolarisInstallNotes.txt:49:cd openssl-0.9.6a /nss_ldap-264/doc/SolarisInstallNotes.txt:55:for the SSL libraries, so this check will ALWAYS FAIL if libldap.so.2 was /nss_ldap-264/doc/SolarisInstallNotes.txt:56:compiled with TLS support. Go into the configure script and change: /nss_ldap-264/doc/SolarisInstallNotes.txt:71:Sun's SUNWski package seems to irritate OpenSSL to the point of coredump. /nss_ldap-264/doc/README.HPUX:3:thread local storage. Specifically, the Netscape SSL-enabled libraries /nss_ldap-264/util.h:70:#define NSS_LDAP_KEY_SSL "ssl" /nss_ldap-264/util.c:630: result->ldc_ssl_on = SSL_OFF; /nss_ldap-264/util.c:634: result->ldc_tls_checkpeer = -1; /nss_ldap-264/util.c:635: result->ldc_tls_cacertfile = NULL; /nss_ldap-264/util.c:636: result->ldc_tls_cacertdir = NULL; /nss_ldap-264/util.c:637: result->ldc_tls_ciphers = NULL; /nss_ldap-264/util.c:638: result->ldc_tls_cert = NULL; /nss_ldap-264/util.c:639: result->ldc_tls_key = NULL; /nss_ldap-264/util.c:640: result->ldc_tls_randfile = NULL; /nss_ldap-264/util.c:954: else if (!strcasecmp (k, NSS_LDAP_KEY_SSL)) /nss_ldap-264/util.c:959: result->ldc_ssl_on = SSL_LDAPS; /nss_ldap-264/util.c:961: else if (!strcasecmp (v, "start_tls")) /nss_ldap-264/util.c:963: result->ldc_ssl_on = SSL_START_TLS; /nss_ldap-264/util.c:1078: else if (!strcasecmp (k, "tls_checkpeer")) /nss_ldap-264/util.c:1083: result->ldc_tls_checkpeer = 1; /nss_ldap-264/util.c:1088: result->ldc_tls_checkpeer = 0; /nss_ldap-264/util.c:1091: else if (!strcasecmp (k, "tls_cacertfile")) /nss_ldap-264/util.c:1093: t = &result->ldc_tls_cacertfile; /nss_ldap-264/util.c:1095: else if (!strcasecmp (k, "tls_cacertdir")) /nss_ldap-264/util.c:1097: t = &result->ldc_tls_cacertdir; /nss_ldap-264/util.c:1099: else if (!strcasecmp (k, "tls_ciphers")) /nss_ldap-264/util.c:1101: t = &result->ldc_tls_ciphers; /nss_ldap-264/util.c:1103: else if (!strcasecmp (k, "tls_cert")) /nss_ldap-264/util.c:1105: t = &result->ldc_tls_cert; /nss_ldap-264/util.c:1107: else if (!strcasecmp (k, "tls_key")) /nss_ldap-264/util.c:1109: t = &result->ldc_tls_key; /nss_ldap-264/util.c:1111: else if (!strcasecmp (k, "tls_randfile")) /nss_ldap-264/util.c:1113: t = &result->ldc_tls_randfile; /nss_ldap-264/util.c:1274: result->ldc_ssl_on == SSL_LDAPS) /nss_ldap-264/ldap-nss.c:61:#ifdef HAVE_LDAP_SSL_H /nss_ldap-264/ldap-nss.c:62:#include /nss_ldap-264/ldap-nss.c:162:static int __ssl_initialized = 0; /nss_ldap-264/ldap-nss.c:203: * TLS routines: set global SSL session options. /nss_ldap-264/ldap-nss.c:205:#if defined(HAVE_LDAP_START_TLS_S) || defined(HAVE_LDAP_START_TLS) || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /nss_ldap-264/ldap-nss.c:206:static int do_ssl_options (ldap_config_t * cfg); /nss_ldap-264/ldap-nss.c:207:static int do_start_tls (ldap_session_t * session); /nss_ldap-264/ldap-nss.c:399:#ifdef HAVE_LDAP_START_TLS_S /nss_ldap-264/ldap-nss.c:400: if (__session.ls_config->ldc_ssl_on == SSL_START_TLS) /nss_ldap-264/ldap-nss.c:416: if (do_start_tls (&__session) == LDAP_SUCCESS) /nss_ldap-264/ldap-nss.c:418: debug ("TLS startup succeeded"); /nss_ldap-264/ldap-nss.c:422: debug ("TLS startup failed"); /nss_ldap-264/ldap-nss.c:426:#endif /* HAVE_LDAP_START_TLS_S */ /nss_ldap-264/ldap-nss.c:637: * Netscape SSL-enabled LDAP library does not /nss_ldap-264/ldap-nss.c:899: /* XXX: when using openssl this will *ALWAYS* close the fd */ /nss_ldap-264/ldap-nss.c:1175: if (__session.ls_state == LS_CONNECTED_TO_DSA && /nss_ldap-264/ldap-nss.c:1202: else if (__session.ls_state == LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:1232: if (__session.ls_state == LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:1327: * Initialize the SSL library. /nss_ldap-264/ldap-nss.c:1329: if (cfg->ldc_ssl_on == SSL_LDAPS) /nss_ldap-264/ldap-nss.c:1332: if (__ssl_initialized == 0 /nss_ldap-264/ldap-nss.c:1338: __ssl_initialized = 1; /nss_ldap-264/ldap-nss.c:1340:#endif /* SSL */ /nss_ldap-264/ldap-nss.c:1364:#if defined(HAVE_LDAP_START_TLS_S) || defined(HAVE_LDAP_START_TLS) /nss_ldap-264/ldap-nss.c:1366:do_start_tls (ldap_session_t * session) /nss_ldap-264/ldap-nss.c:1369:#ifdef HAVE_LDAP_START_TLS /nss_ldap-264/ldap-nss.c:1374: debug ("==> do_start_tls"); /nss_ldap-264/ldap-nss.c:1376: rc = ldap_start_tls (session->ls_conn, NULL, NULL, &msgid); /nss_ldap-264/ldap-nss.c:1379: debug ("<== do_start_tls (ldap_start_tls failed: %s)", ldap_err2string (rc)); /nss_ldap-264/ldap-nss.c:1400: debug ("<== do_start_tls (ldap_result2error failed: %s)", ldap_err2string (rc)); /nss_ldap-264/ldap-nss.c:1423: syslog (LOG_INFO, "nss_ldap: ldap_start_tls failed: %s", ldap_err2string (rc)); /nss_ldap-264/ldap-nss.c:1424: debug ("<== do_start_tls (ldap_start_tls failed: %s)", ldap_err2string (rc)); /nss_ldap-264/ldap-nss.c:1428: rc = ldap_install_tls (session->ls_conn); /nss_ldap-264/ldap-nss.c:1430: rc = ldap_start_tls_s (session->ls_conn, NULL, NULL); /nss_ldap-264/ldap-nss.c:1431:#endif /* HAVE_LDAP_START_TLS */ /nss_ldap-264/ldap-nss.c:1435: debug ("<== do_start_tls (start TLS failed: %s)", ldap_err2string(rc)); /nss_ldap-264/ldap-nss.c:1482: if (__session.ls_state == LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:1548:#if defined(HAVE_LDAP_START_TLS_S) || defined(HAVE_LDAP_START_TLS) /nss_ldap-264/ldap-nss.c:1549: if (cfg->ldc_ssl_on == SSL_START_TLS) /nss_ldap-264/ldap-nss.c:1565: /* set up SSL context */ /nss_ldap-264/ldap-nss.c:1566: if (do_ssl_options (cfg) != LDAP_SUCCESS) /nss_ldap-264/ldap-nss.c:1569: debug ("<== do_open (SSL setup failed)"); /nss_ldap-264/ldap-nss.c:1573: stat = do_map_error (do_start_tls (&__session)); /nss_ldap-264/ldap-nss.c:1576: debug (":== do_open (TLS startup succeeded)"); /nss_ldap-264/ldap-nss.c:1581: debug ("<== do_open (TLS startup failed)"); /nss_ldap-264/ldap-nss.c:1586:#endif /* HAVE_LDAP_START_TLS_S || HAVE_LDAP_START_TLS */ /nss_ldap-264/ldap-nss.c:1589: * If SSL is desired, either by the "ssl" option or if this /nss_ldap-264/ldap-nss.c:1592: if (cfg->ldc_ssl_on == SSL_LDAPS || /nss_ldap-264/ldap-nss.c:1597:#if defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS) /nss_ldap-264/ldap-nss.c:1598: int tls = LDAP_OPT_X_TLS_HARD; /nss_ldap-264/ldap-nss.c:1599: if (ldap_set_option (__session.ls_conn, LDAP_OPT_X_TLS, &tls) != /nss_ldap-264/ldap-nss.c:1603: debug ("<== do_open (TLS setup failed)"); /nss_ldap-264/ldap-nss.c:1607: /* set up SSL context */ /nss_ldap-264/ldap-nss.c:1608: if (do_ssl_options (cfg) != LDAP_SUCCESS) /nss_ldap-264/ldap-nss.c:1611: debug ("<== do_open (SSL setup failed)"); /nss_ldap-264/ldap-nss.c:1619: debug ("<== do_open (SSL setup failed)"); /nss_ldap-264/ldap-nss.c:1623:#ifndef LDAP_OPT_SSL /nss_ldap-264/ldap-nss.c:1624:#define LDAP_OPT_SSL 0x0A /nss_ldap-264/ldap-nss.c:1626: if (ldap_set_option (__session.ls_conn, LDAP_OPT_SSL, LDAP_OPT_ON) != /nss_ldap-264/ldap-nss.c:1630: debug ("<== do_open (SSL setup failed)"); /nss_ldap-264/ldap-nss.c:1682: debug ("<== do_open (failed to bind to DSA"); /nss_ldap-264/ldap-nss.c:1688: __session.ls_state = LS_CONNECTED_TO_DSA; /nss_ldap-264/ldap-nss.c:1690: debug ("<== do_open (session connected to DSA)"); /nss_ldap-264/ldap-nss.c:1696:#if defined HAVE_LDAP_START_TLS_S || (defined(HAVE_LDAP_SET_OPTION) && defined(LDAP_OPT_X_TLS)) /nss_ldap-264/ldap-nss.c:1698:do_ssl_options (ldap_config_t * cfg) /nss_ldap-264/ldap-nss.c:1702: debug ("==> do_ssl_options"); /nss_ldap-264/ldap-nss.c:1704:#ifdef LDAP_OPT_X_TLS_RANDOM_FILE /nss_ldap-264/ldap-nss.c:1705: if (cfg->ldc_tls_randfile != NULL) /nss_ldap-264/ldap-nss.c:1708: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_RANDOM_FILE, /nss_ldap-264/ldap-nss.c:1709: cfg->ldc_tls_randfile); /nss_ldap-264/ldap-nss.c:1713: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_RANDOM_FILE failed"); /nss_ldap-264/ldap-nss.c:1717:#endif /* LDAP_OPT_X_TLS_RANDOM_FILE */ /nss_ldap-264/ldap-nss.c:1719: if (cfg->ldc_tls_cacertfile != NULL) /nss_ldap-264/ldap-nss.c:1722: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTFILE, /nss_ldap-264/ldap-nss.c:1723: cfg->ldc_tls_cacertfile); /nss_ldap-264/ldap-nss.c:1727: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_CACERTFILE failed"); /nss_ldap-264/ldap-nss.c:1732: if (cfg->ldc_tls_cacertdir != NULL) /nss_ldap-264/ldap-nss.c:1735: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CACERTDIR, /nss_ldap-264/ldap-nss.c:1736: cfg->ldc_tls_cacertdir); /nss_ldap-264/ldap-nss.c:1740: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_CACERTDIR failed"); /nss_ldap-264/ldap-nss.c:1746: if (cfg->ldc_tls_checkpeer > -1) /nss_ldap-264/ldap-nss.c:1748: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, /nss_ldap-264/ldap-nss.c:1749: &cfg->ldc_tls_checkpeer); /nss_ldap-264/ldap-nss.c:1753: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_REQUIRE_CERT failed"); /nss_ldap-264/ldap-nss.c:1758: if (cfg->ldc_tls_ciphers != NULL) /nss_ldap-264/ldap-nss.c:1761: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, /nss_ldap-264/ldap-nss.c:1762: cfg->ldc_tls_ciphers); /nss_ldap-264/ldap-nss.c:1766: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_CIPHER_SUITE failed"); /nss_ldap-264/ldap-nss.c:1771: if (cfg->ldc_tls_cert != NULL) /nss_ldap-264/ldap-nss.c:1773: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, cfg->ldc_tls_cert); /nss_ldap-264/ldap-nss.c:1777: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_CERTFILE failed"); /nss_ldap-264/ldap-nss.c:1782: if (cfg->ldc_tls_key != NULL) /nss_ldap-264/ldap-nss.c:1784: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, cfg->ldc_tls_key); /nss_ldap-264/ldap-nss.c:1788: ("<== do_ssl_options: Setting of LDAP_OPT_X_TLS_KEYFILE failed"); /nss_ldap-264/ldap-nss.c:1793: debug ("<== do_ssl_options"); /nss_ldap-264/ldap-nss.c:2435: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:2965: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:2981: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:2997: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:3013: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:3025: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/ldap-nss.c:3037: if (__session.ls_state != LS_CONNECTED_TO_DSA) /nss_ldap-264/CVSVersionInfo.txt:10:PreBuild: configure --with-ldap-lib=netscape4 --with-ldap-dir=/usr/local/ldapsdk4 --enable-rfc2307bis --disable-ssl /nss_ldap-264/certutil:5:# inspired by Netscape PKCS #11 toolkit /nss_ldap-264/certutil:11:# certutil can be used with various OpenSSL routines and tools /nss_ldap-264/certutil:12:# that utilize OpenSSL. Example: /nss_ldap-264/certutil:14:# $ openssl s_client -CApath certdir /nss_ldap-264/certutil:120: HASH=`openssl x509 -in $FILE -hash -noout 2>/dev/null`.0 /nss_ldap-264/certutil:133: echo `openssl x509 -in $CDIR/$HASH -subject -noout` /nss_ldap-264/certutil:158: SUBJECT=`openssl x509 -in $CDIR/$HASH -subject -noout` /nss_ldap-264/certutil:159: ISSUER=`openssl x509 -in $CDIR/$HASH -issuer -noout` /nss_ldap-264/certutil:191: openssl x509 -in $CDIR/$HASH -text /nss_ldap-264/configure:4052:for ac_header in ldap_ssl.h /nss_ldap-264/configure:14176:if test "$enable_ssl" \!= "no"; then /nss_ldap-264/configure:14181:for ac_func in ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls /nss_ldap-264/config.h.in:153:/* Define to 1 if you have the `ldap_pvt_tls_set_option' function. */ /nss_ldap-264/config.h.in:154:#undef HAVE_LDAP_PVT_TLS_SET_OPTION /nss_ldap-264/config.h.in:168:/* Define to 1 if you have the header file. */ /nss_ldap-264/config.h.in:169:#undef HAVE_LDAP_SSL_H /nss_ldap-264/config.h.in:171:/* Define to 1 if you have the `ldap_start_tls' function. */ /nss_ldap-264/config.h.in:172:#undef HAVE_LDAP_START_TLS /nss_ldap-264/config.h.in:174:/* Define to 1 if you have the `ldap_start_tls_s' function. */ /nss_ldap-264/config.h.in:175:#undef HAVE_LDAP_START_TLS_S /nss_ldap-264/README:94:Your openldap libs *and* your SSL/RSAREF libs must be DYNAMIC LIBRARIES /nss_ldap-264/nss_ldap.spec:12:Requires: openldap cyrus-sasl openssl /nss_ldap-264/configure.in:136:AC_CHECK_HEADERS(ldap_ssl.h) /nss_ldap-264/configure.in:138:dnl AC_MSG_CHECKING(for ldap_ssl.h) /nss_ldap-264/configure.in:141:dnl #include ], , /nss_ldap-264/configure.in:144:dnl AC_DEFINE(HAVE_LDAP_SSL_H, 1) /nss_ldap-264/configure.in:296:dnl AC_CHECK_LIB(ssl, main,[LIBS="-lssl $LIBS"],,$LIBS) /nss_ldap-264/configure.in:341:if test "$enable_ssl" \!= "no"; then /nss_ldap-264/configure.in:342: AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls) /nss_ldap-264/ldap.conf:61:# hard_open: reconnect to DSA with exponential backoff if /nss_ldap-264/ldap.conf:63:# hard_init: reconnect to DSA with exponential backoff if /nss_ldap-264/ldap.conf:70:# persist: DSA connections are kept open (default) /nss_ldap-264/ldap.conf:71:# oneshot: DSA connections destroyed after request /nss_ldap-264/ldap.conf:274:#ssl on /nss_ldap-264/ldap.conf:276:# Netscape SDK SSL options /nss_ldap-264/ldap.conf:277:#sslpath /etc/ssl/certs /nss_ldap-264/ldap.conf:279:# OpenLDAP SSL mechanism /nss_ldap-264/ldap.conf:280:# start_tls mechanism uses the normal LDAP port, LDAPS typically 636 /nss_ldap-264/ldap.conf:281:#ssl start_tls /nss_ldap-264/ldap.conf:282:#ssl on /nss_ldap-264/ldap.conf:284:# OpenLDAP SSL options /nss_ldap-264/ldap.conf:287:# /etc/openldap/ldap.conf using the TLS_REQCERT setting. The default for /nss_ldap-264/ldap.conf:289:#tls_checkpeer yes /nss_ldap-264/ldap.conf:292:# At least one of these are required if tls_checkpeer is "yes" /nss_ldap-264/ldap.conf:293:#tls_cacertfile /etc/ssl/ca.cert /nss_ldap-264/ldap.conf:294:#tls_cacertdir /etc/ssl/certs /nss_ldap-264/ldap.conf:297:#tls_randfile /var/run/egd-pool /nss_ldap-264/ldap.conf:299:# SSL cipher suite /nss_ldap-264/ldap.conf:301:#tls_ciphers TLSv1 /nss_ldap-264/ldap.conf:305:#tls_cert /nss_ldap-264/ldap.conf:306:#tls_key /nss_ldap-264/ldap-nss.h:243:enum ldap_ssl_options /nss_ldap-264/ldap-nss.h:245: SSL_OFF, /nss_ldap-264/ldap-nss.h:246: SSL_LDAPS, /nss_ldap-264/ldap-nss.h:247: SSL_START_TLS /nss_ldap-264/ldap-nss.h:250:typedef enum ldap_ssl_options ldap_ssl_options_t; /nss_ldap-264/ldap-nss.h:322: /* SSL enabled */ /nss_ldap-264/ldap-nss.h:323: ldap_ssl_options_t ldc_ssl_on; /nss_ldap-264/ldap-nss.h:324: /* SSL certificate path */ /nss_ldap-264/ldap-nss.h:331: /* tls check peer */ /nss_ldap-264/ldap-nss.h:332: int ldc_tls_checkpeer; /nss_ldap-264/ldap-nss.h:333: /* tls ca certificate file */ /nss_ldap-264/ldap-nss.h:334: char *ldc_tls_cacertfile; /nss_ldap-264/ldap-nss.h:335: /* tls ca certificate dir */ /nss_ldap-264/ldap-nss.h:336: char *ldc_tls_cacertdir; /nss_ldap-264/ldap-nss.h:337: /* tls ciphersuite */ /nss_ldap-264/ldap-nss.h:338: char *ldc_tls_ciphers; /nss_ldap-264/ldap-nss.h:339: /* tls certificate */ /nss_ldap-264/ldap-nss.h:340: char *ldc_tls_cert; /nss_ldap-264/ldap-nss.h:341: /* tls key */ /nss_ldap-264/ldap-nss.h:342: char *ldc_tls_key; /nss_ldap-264/ldap-nss.h:343: /* tls randfile */ /nss_ldap-264/ldap-nss.h:344: char *ldc_tls_randfile; /nss_ldap-264/ldap-nss.h:424: LS_CONNECTED_TO_DSA /nss_ldap-264/ldap-nss.h:446: /* index into ldc_uris: currently connected DSA */ /nss_ldap-257-mozldap.patch:1:Go back to using AC_TRY_COMPILE to detect , which requires /nss_ldap-257-mozldap.patch:41:-AC_CHECK_HEADERS(ldap_ssl.h) /nss_ldap-257-mozldap.patch:42:+dnl AC_CHECK_HEADERS(ldap_ssl.h) /nss_ldap-257-mozldap.patch:44:-dnl AC_MSG_CHECKING(for ldap_ssl.h) /nss_ldap-257-mozldap.patch:47:-dnl #include ], , /nss_ldap-257-mozldap.patch:50:-dnl AC_DEFINE(HAVE_LDAP_SSL_H, 1) /nss_ldap-257-mozldap.patch:53:+AC_MSG_CHECKING(for ldap_ssl.h) /nss_ldap-257-mozldap.patch:57:+ #include ],[], /nss_ldap-257-mozldap.patch:60:+ AC_DEFINE(HAVE_LDAP_SSL_H,1,[Define if you have .]) /nss_ldap-257-mozldap.patch:91: if test "$enable_ssl" \!= "no"; then /nss_ldap-257-mozldap.patch:92: AC_CHECK_FUNCS(ldapssl_client_init ldap_start_tls_s ldap_pvt_tls_set_option ldap_start_tls) /nss_ldap-257-mozldap.patch:142:@@ -1697,6 +1714,7 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:144: #endif /* LDAP_OPT_X_TLS_RANDOM_FILE */ /nss_ldap-257-mozldap.patch:146:+#ifdef LDAP_OPT_X_TLS_CACERTFILE /nss_ldap-257-mozldap.patch:147: if (cfg->ldc_tls_cacertfile != NULL) /nss_ldap-257-mozldap.patch:150:@@ -1709,7 +1727,9 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:156:+#ifdef LDAP_OPT_X_TLS_CACERTDIR /nss_ldap-257-mozldap.patch:157: if (cfg->ldc_tls_cacertdir != NULL) /nss_ldap-257-mozldap.patch:160:@@ -1722,7 +1742,9 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:166:+#ifdef LDAP_OPT_X_TLS_REQUIRE_CERT /nss_ldap-257-mozldap.patch:168: if (cfg->ldc_tls_checkpeer > -1) /nss_ldap-257-mozldap.patch:170:@@ -1735,7 +1757,9 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:176:+#ifdef LDAP_OPT_X_TLS_CIPHER_SUITE /nss_ldap-257-mozldap.patch:177: if (cfg->ldc_tls_ciphers != NULL) /nss_ldap-257-mozldap.patch:180:@@ -1748,7 +1772,9 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:186:+#ifdef LDAP_OPT_X_TLS_CERTFILE /nss_ldap-257-mozldap.patch:187: if (cfg->ldc_tls_cert != NULL) /nss_ldap-257-mozldap.patch:189: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_CERTFILE, cfg->ldc_tls_cert); /nss_ldap-257-mozldap.patch:190:@@ -1759,7 +1785,9 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:196:+#ifdef LDAP_OPT_X_TLS_CERTFILE /nss_ldap-257-mozldap.patch:197: if (cfg->ldc_tls_key != NULL) /nss_ldap-257-mozldap.patch:199: rc = ldap_set_option (NULL, LDAP_OPT_X_TLS_KEYFILE, cfg->ldc_tls_key); /nss_ldap-257-mozldap.patch:200:@@ -1770,6 +1798,7 @@ do_ssl_options (ldap_config_t * cfg) /nss_ldap-257-mozldap.patch:206: debug ("<== do_ssl_options"); /nss_ldap-257-over-recursion.patch:50:+ syslog (LOG_ERR, "nss_ldap: unable to connect to DSA without " /nss_ldap-257-over-recursion.patch:51:+ "information which may need to be retrieved from the DSA"); /nss_ldap-257-over-recursion.patch:63: if (__session.ls_state == LS_CONNECTED_TO_DSA) /nss_ldap-257-over-recursion.patch:101: __ssl_initialized = 1; /nss_ldap-257-over-recursion.patch:126:- debug ("<== do_open (failed to bind to DSA"); /nss_ldap-257-over-recursion.patch:127:+ debug ("<== do_open (failed to bind to DSA)"); /nss_ldap-257-over-recursion.patch:139:+ syslog (LOG_ERR, "nss_ldap: unable to connect to DSA without " /nss_ldap-257-over-recursion.patch:140:+ "information which may need to be retrieved from the DSA"); /nss_ldap.spec:10:Source5: README.TLS /nss_ldap.spec:33:BuildRequires: openssl-devel, pam-devel /nss_ldap.spec:49:clients, Netscape's SSL, ypldapd, Netscape Directory Server password /nss_ldap.spec:186:%doc README.TLS /nss_ldap.spec:414:- fix type mismatch bug in patch for using non-blocking start_tls in /nss_ldap.spec:426:- use ldap_start_tls in preference to ldap_start_tls_s, if found, so that /nss_ldap.spec:434:- force nss_ldap to mimic pam_ldap's behavior when the tls_checkpeer setting is /nss_ldap.spec:504:- add README.TLS to remind people that in order for TLS support to be usable, /nss_ldap.spec:636:- update to pam_ldap 124, incorporating TLS default option and doc fixes /nss_ldap.spec:682:- make nss_ldap fail when attempting to startup TLS fails, because that's what /nss_ldap.spec:734: to start TLS