[@nsAboutProtocolHandler:122]] This is a regression fix from the fix
for bug 163225. The assertions never made sense and now they are
exposed. r=bzbarsky, sr=darin
- make TLS intolerant server detection over proxies work
(this bug 87902)
- on connection failure, only retry without TLS when it is really
likely to help (bug 149910)
- remove obsolete workarounds in SSL i/o layer
(see removed comments in patch)
- avoid to confuse programmers reading code,
by renaming TLSStepUp (which means something else)
to the correct term STARTTLS (what the code is actually doing).
(As suggested by nelsonb)
- If an invalid or expired etc. server certificate is presented,
a warning is shown. If the user decides to cancel,
network activity should stop immediately.
(we currently warn multiple times) (bug 87209)
r=javi/darin/ducarroz/dmose sr=alecf
Added two new libssldap public functions: ldapssl_set_option() and
ldapssl_get_option().
Also fixed a bug in ldapsinit:do_ldapssl_connect() that sometimes
caused PR_Close() to be called twice on an SSL file descriptor
if an error occurred (once in do_ldapssl_connect() itself and
once in the libprldap close function that is called from
do_ldapssl_connect()).
Also updated the NSPR and NSS "error code to string" mapping
tables that are used by ldapssl_err2string().
Also fixed a bug in common.c:ldaptool_print_lderror (LDAP command
line tools) where we did not check for SSL errors when the
error code was "can't connect." We were only checking on
"server down" errors.
Changes:
* Added EXTRA_COMPONENTS variable to build. Use it to automagically install files into the components dir.
* Added SYSINSTALL variable. Use it install files onto the system.
* Move mozilla-config generation from configure to makefiles
* mozilla-config will now generate paths based upon the MRE-based directory layout.
* Generate mozilla script from template
The installation heirarchy currently looks like:
$prefix -> /bin/mozilla
/bin/mozilla-config
/include/mozilla-ver/*
/lib/mozilla-ver (mozappdir)
/components
/res
/defaults
/chrome
There is preliminary build support for MRE dirs as well though the component manager hasn't had MRE support added yet.
$prefix -> /lib/mre/mre-ver (mredir)
/components
Fix bug # 121276 - use sigthreadmask instead of sigprocmask (AIX).
Fix bug # 81584 - strtok use and STRTOK on Linux.
The charray() code now uses strtok_r() if available.
strtok_r() is now used everywhere on Linux if available.
New libssldap public function: ldapssl_set_strength().
New command line tool option: -3 ("no third").
Fix bug # 134035 - LDAP command line tools don't report vendor mismatch.
Improved error checks and reporting for SSL errors in tools.
ldap_url_search() now uses the port from the LDAP * if no hostport
is included in the URL. This is a change in behavior, but the old
behavior was wrong.
