The LDAP tools code no longer has any knowledge of the NSS
file names; the certpath2keypath() function has been deleted
and we now simply use the certdbpath as keydbpath when it is
provided (it makes no difference in the end). But note that
because we need to maintain backwards compatibility, the
libssldap code used by the ldapssl_.*_init() functions still
knows the default name of the NSS module file (secmod.db),
and the code also relies on the fact that the suffix for the
key and cert files is ".db" and that the first letter in the
main part of the name is either 'c' or 'k'.
Also fixed a bug that caused the module file name specified on
the LDAP tools command line (-m name) to be ignored.
The ldapsearch and ldapcmp tools now exit with LDAP_NO_MEMORY
if an LDIF fragment can't be constructed.
Also fixed some issues reported by lint:
Return values that were ignored.
Make more functions and global variables static.
Add /*ARGSUSED*/ and similar lint-friendly comments.
If HAVE_LIBNLS is not defined, OS functions (iconv and Win32
native APIs) are used for character set conversion of command
line arguments.
Fix bug # 177766 - LDAP tools should reject second -h argument.
A second -p argument is also rejected.
Fix bug # 159139 - HP/UX: LDAP command line tools do no charset conversion.
Removed special case makefile rules for convutf8.cpp on HP/UX.
If a NULL keypasswd value is passed to ldapssl_enable_clientauth()
then it is assumed that the application has already unlocked
the key DB or has installed its own GetPassword callback.
Also improved some error reporting.
The prldap_tsd_destroy() function (which is called when a
thread exits) was not freeing the information contained within
the PRLDAP_ErrorInfo structure. Added prldap_free_errorinfo()
and a way to determine if that thread-private data looks like
error information (the plei_magic field). At the moment, only
one kind of thread-private data is stored anyway (the error
information).
The prldap_allocate_map() function, which is called when a new
LDAP session is created, was blindly setting the thread-private
error information pointer to NULL. But if a different thread
created or used an LDAP session than called ldap_unbind(), old
error information may have been left in memory. Now the error
info. pointer is reset and reused, which was the original goal.
[@nsAboutProtocolHandler:122]] This is a regression fix from the fix
for bug 163225. The assertions never made sense and now they are
exposed. r=bzbarsky, sr=darin
- make TLS intolerant server detection over proxies work
(this bug 87902)
- on connection failure, only retry without TLS when it is really
likely to help (bug 149910)
- remove obsolete workarounds in SSL i/o layer
(see removed comments in patch)
- avoid to confuse programmers reading code,
by renaming TLSStepUp (which means something else)
to the correct term STARTTLS (what the code is actually doing).
(As suggested by nelsonb)
- If an invalid or expired etc. server certificate is presented,
a warning is shown. If the user decides to cancel,
network activity should stop immediately.
(we currently warn multiple times) (bug 87209)
r=javi/darin/ducarroz/dmose sr=alecf
Added two new libssldap public functions: ldapssl_set_option() and
ldapssl_get_option().
Also fixed a bug in ldapsinit:do_ldapssl_connect() that sometimes
caused PR_Close() to be called twice on an SSL file descriptor
if an error occurred (once in do_ldapssl_connect() itself and
once in the libprldap close function that is called from
do_ldapssl_connect()).
Also updated the NSPR and NSS "error code to string" mapping
tables that are used by ldapssl_err2string().
Also fixed a bug in common.c:ldaptool_print_lderror (LDAP command
line tools) where we did not check for SSL errors when the
error code was "can't connect." We were only checking on
"server down" errors.
Changes:
* Added EXTRA_COMPONENTS variable to build. Use it to automagically install files into the components dir.
* Added SYSINSTALL variable. Use it install files onto the system.
* Move mozilla-config generation from configure to makefiles
* mozilla-config will now generate paths based upon the MRE-based directory layout.
* Generate mozilla script from template
The installation heirarchy currently looks like:
$prefix -> /bin/mozilla
/bin/mozilla-config
/include/mozilla-ver/*
/lib/mozilla-ver (mozappdir)
/components
/res
/defaults
/chrome
There is preliminary build support for MRE dirs as well though the component manager hasn't had MRE support added yet.
$prefix -> /lib/mre/mre-ver (mredir)
/components
Fix bug # 121276 - use sigthreadmask instead of sigprocmask (AIX).
Fix bug # 81584 - strtok use and STRTOK on Linux.
The charray() code now uses strtok_r() if available.
strtok_r() is now used everywhere on Linux if available.
New libssldap public function: ldapssl_set_strength().
New command line tool option: -3 ("no third").
Fix bug # 134035 - LDAP command line tools don't report vendor mismatch.
Improved error checks and reporting for SSL errors in tools.
ldap_url_search() now uses the port from the LDAP * if no hostport
is included in the URL. This is a change in behavior, but the old
behavior was wrong.
