aboutsummaryrefslogtreecommitdiff
path: root/lib/ldap.c
AgeCommit message (Collapse)Author
2016-11-24proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov
* HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
2016-10-31ldap: fix includeDaniel Stenberg
Fix bug from 811a693b80
2016-10-31strcase: s/strequal/strcasecompareDaniel Stenberg
some more follow-ups to 811a693b80
2016-10-31ldap: fix strcase useDaniel Stenberg
follow-up to 811a693b80
2016-10-31strcasecompare: all case insensitive string compares ignore locale nowDaniel Stenberg
We had some confusions on when each function was used. We should not act differently on different locales anyway.
2016-10-31escape: avoid using curl_easy_unescape() internallyDaniel Stenberg
Since the internal Curl_urldecode() function has a better API.
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-04-29lib: include curl_printf.h as one of the last headersDaniel Stenberg
curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-03code: style updatesDaniel Stenberg
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-17checksrc: use space after commaDaniel Stenberg
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-03mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2015-01-28ldap: build with BoringSSLGisle Vanem
2015-01-18ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAPSteve Holme
For consistency with other USE_WIN32_ defines as well as the USE_OPENLDAP define.
2015-01-07ldap: Convert attribute output to UTF-8 when UnicodeSteve Holme
2015-01-07ldap: Convert DN output to UTF-8 when UnicodeSteve Holme
2015-01-07ldap/imap: Fixed spelling mistake in comments and variable namesSteve Holme
Reported-by: Michael Osipov
2015-01-04ldap: Fixed Unicode usage for all Win32 buildsSteve Holme
Otherwise, the fixes in the previous commits would only be applicable to IDN and SSPI based builds and not others such as OpenSSL with LDAP enabled.
2015-01-04ldap: Fixed memory leak from commit efb64fdf80Steve Holme
2015-01-04ldap: Fix memory leak from commit 3a805c5cc1Steve Holme
2015-01-04ldap: Fixed attribute variable warnings when Unicode is enabledSteve Holme
Use 'TCHAR *' for local attribute variable rather than 'char *'.
2015-01-04ldap: Fixed DN variable warnings when Unicode is enabledSteve Holme
Use 'TCHAR *' for local DN variable rather than 'char *'.
2015-01-04ldap: Remove the unescape_elements() functionSteve Holme
Due to the recent modifications this function is no longer used.
2015-01-04ldap.c: Fixed compilation warningSteve Holme
ldap.c:98: warning: extra tokens at end of #endif directive
2015-01-04ldap: Fixed support for Unicode filter in Win32 search callSteve Holme
2015-01-04ldap.c: Fixed compilation warningSteve Holme
ldap.c:802: warning: comparison between signed and unsigned integer expressions
2015-01-04ldap: Fixed support for Unicode attributes in Win32 search callSteve Holme
2015-01-04ldap: Fixed memory leak from commit efb64fdf80Steve Holme
The unescapped DN was not freed after a successful character conversion.
2015-01-04ldap.c: Fixed compilation errorSteve Holme
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes just 1
2015-01-04ldap.c: Fixed compilation warningSteve Holme
ldap.c:89: warning: extra tokens at end of #endif directive
2015-01-04ldap: Fixed support for Unicode DN in Win32 search callSteve Holme
2015-01-04ldap: Fixed Unicode user and password in Win32 bind callsSteve Holme
2015-01-04ldap: Fixed Unicode host name in Win32 initialisation callsSteve Holme
2015-01-04ldap: Use host.dispname for infof() connection failure messagesSteve Holme
As host.name may be encoded use dispname for infof() failure messages.
2015-01-03ldap: Prefer 'CURLcode result' for curl result codesSteve Holme
2015-01-03ldap: Pass write length in all Curl_client_write() callsSteve Holme
As we get the length for the DN and attribute variables, and we know the length for the line terminator, pass the length values rather than zero as this will save Curl_client_write() from having to perform an additional strlen() call.
2015-01-03ldap: Fixed attribute memory leaks on failed client writeSteve Holme
Fixed memory leaks from commit 086ad79970 as was noted in the commit comments.
2015-01-03ldap: Fixed DN memory leaks on failed client writeSteve Holme
Fixed memory leaks from commit 086ad79970 as was noted in the commit comments.
2014-12-10ldap: check Curl_client_write() return codesDaniel Stenberg
There might be one or two memory leaks left in the error paths.
2014-12-10ldap: rename variables to comply to curl standardsDaniel Stenberg
2014-05-22bits.close: Fixed compilation warningSteve Holme
warning: implicit declaration of function 'connclose'
2014-05-22bits.close: introduce connection close trackingDaniel Stenberg
Make all code use connclose() and connkeep() when changing the "close state" for a connection. These two macros take a string argument with an explanation, and debug builds of curl will include that in the debug output. Helps tracking connection re-use/close issues.
2014-04-23handler: make 'protocol' always specified as a single bitDaniel Stenberg
This makes the findprotocol() function work as intended so that libcurl can properly be restricted to not support HTTP while still supporting HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS bits in the protocol field. This fixes --proto and --proto-redir for most SSL protocols. This is done by adding a few new convenience defines that groups HTTP and HTTPS, FTP and FTPS etc that should then be used when the code wants to check for both protocols at once. PROTO_FAMILY_[protocol] style. Bug: https://github.com/bagder/curl/pull/97 Reported-by: drizzt
2013-09-10ldap.c: Fix compilation warningSteve Holme
warning: comparison between signed and unsigned integer expressions
2013-09-10ldap.c: Corrected build error from commit 857f999353f333Steve Holme
2013-09-09ldap: fix the build for systems with ldap_url_parse()Daniel Stenberg
Make sure that the custom struct fields are only used by code that doesn't use a struct defintion from the outside. Attempts to fix the problem introduced in 3dc6fc42bfc61b
2013-09-06LDAP: fix bad free() when URL parsing failedGeoff Beier
When an error occurs parsing an LDAP URL, The ludp->lud_attrs[i] entries could be freed even though they sometimes point to data within an allocated area. This change introduces a lud_attrs_dup[] array for the duplicated string pointers, and it removes the unused lud_exts array. Bug: http://curl.haxx.se/mail/lib-2013-08/0209.html