Log In
Log In
Places
All Projects
Status Monitor
Collapse sidebar
zimbra:collaboration:8.7
zimbra-openldap
ITS7683.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ITS7683.patch of Package zimbra-openldap
--- openldap-2.4.40/libraries/libldap/tls2.c.orig 2014-11-13 16:57:40.135579570 -0600 +++ openldap-2.4.40/libraries/libldap/tls2.c 2014-11-13 17:17:28.157816084 -0600 @@ -675,6 +675,37 @@ case LDAP_OPT_X_TLS_CONNECT_ARG: *(void **)arg = lo->ldo_tls_connect_arg; break; + case LDAP_OPT_X_TLS_VERSION: { + void *sess = NULL; + const char *retval = NULL; + if ( ld != NULL ) { + LDAPConn *conn = ld->ld_defconn; + if ( conn != NULL ) { + Sockbuf *sb = conn->lconn_sb; + sess = ldap_pvt_tls_sb_ctx( sb ); + if ( sess != NULL ) + retval = ldap_pvt_tls_get_version( sess ); + } + } + *(char **)arg = retval ? LDAP_STRDUP( retval ) : NULL; + break; + } + case LDAP_OPT_X_TLS_CIPHER: { + void *sess = NULL; + const char *retval = NULL; + if ( ld != NULL ) { + LDAPConn *conn = ld->ld_defconn; + if ( conn != NULL ) { + Sockbuf *sb = conn->lconn_sb; + sess = ldap_pvt_tls_sb_ctx( sb ); + if ( sess != NULL ) + retval = ldap_pvt_tls_get_cipher( sess ); + } + } + *(char **)arg = retval ? LDAP_STRDUP( retval ) : NULL; + break; + } + default: return -1; } @@ -981,6 +1012,20 @@ rc = ldap_X509dn2bv(&der_dn, dn, (LDAPDN_rewrite_func *)func, flags ); return rc; } + +const char * +ldap_pvt_tls_get_version( void *s ) +{ + tls_session *session = s; + return tls_imp->ti_session_version( session ); +} + +const char * +ldap_pvt_tls_get_cipher( void *s ) +{ + tls_session *session = s; + return tls_imp->ti_session_cipher( session ); +} #endif /* HAVE_TLS */ int --- openldap-2.4.40/libraries/libldap/tls_o.c.orig 2014-11-13 17:04:07.150247332 -0600 +++ openldap-2.4.40/libraries/libldap/tls_o.c 2014-11-13 17:06:06.982243339 -0600 @@ -676,6 +676,20 @@ return SSL_CIPHER_get_bits(SSL_get_current_cipher(s), NULL); } +static const char * +tlso_session_version( tls_session *sess ) +{ + tlso_session *s = (tlso_session *)sess; + return SSL_get_version(s); +} + +static const char * +tlso_session_cipher( tls_session *sess ) +{ + tlso_session *s = (tlso_session *)sess; + return SSL_CIPHER_get_name(SSL_get_current_cipher(s)); +} + /* * TLS support for LBER Sockbufs */ @@ -1283,6 +1297,8 @@ tlso_session_peer_dn, tlso_session_chkhost, tlso_session_strength, + tlso_session_version, + tlso_session_cipher, &tlso_sbio, --- openldap-2.4.40/libraries/libldap/ldap-tls.h.orig 2014-11-13 16:56:28.583581954 -0600 +++ openldap-2.4.40/libraries/libldap/ldap-tls.h 2014-11-13 16:57:23.267580132 -0600 @@ -41,6 +41,7 @@ typedef int (TI_session_dn)(tls_session *sess, struct berval *dn); typedef int (TI_session_chkhost)(LDAP *ld, tls_session *s, const char *name_in); typedef int (TI_session_strength)(tls_session *sess); +typedef const char *(TI_session_name)(tls_session *s); typedef void (TI_thr_init)(void); @@ -64,6 +65,8 @@ TI_session_dn *ti_session_peer_dn; TI_session_chkhost *ti_session_chkhost; TI_session_strength *ti_session_strength; + TI_session_name *ti_session_version; + TI_session_name *ti_session_cipher; Sockbuf_IO *ti_sbio; --- openldap-2.4.40/libraries/libldap/tls_g.c.orig 2014-11-13 17:01:30.654252546 -0600 +++ openldap-2.4.40/libraries/libldap/tls_g.c 2014-11-13 17:03:25.482248720 -0600 @@ -665,6 +665,20 @@ return gnutls_cipher_get_key_size( c ) * 8; } +static const char * +tlsg_session_version( tls_session *sess ) +{ + tlsg_session *s = (tlsg_session *)sess; + return gnutls_protocol_get_name(gnutls_protocol_get_version( s->session )); +} + +static const char * +tlsg_session_cipher( tls_session *sess ) +{ + tlsg_session *s = (tlsg_session *)sess; + return gnutls_cipher_get_name(gnutls_cipher_get( s->session )); +} + /* suites is a string of colon-separated cipher suite names. */ static int tlsg_parse_ciphers( tlsg_ctx *ctx, char *suites ) @@ -921,6 +935,8 @@ tlsg_session_peer_dn, tlsg_session_chkhost, tlsg_session_strength, + tlsg_session_version, + tlsg_session_cipher, &tlsg_sbio, --- openldap-2.4.40/doc/man/man3/ldap_get_option.3.orig 2014-11-13 17:10:58.383431731 -0600 +++ openldap-2.4.40/doc/man/man3/ldap_get_option.3 2014-11-13 17:13:12.593824599 -0600 @@ -608,6 +608,14 @@ and its contents need to be freed by the caller using .BR ldap_memfree (3). .TP +.B LDAP_OPT_X_TLS_CIPHER +Gets the cipher being used on an established TLS session. +.BR outvalue +must be +.BR "char **" , +and its contents need to be freed by the caller using +.BR ldap_memfree (3). +.TP .B LDAP_OPT_X_TLS_CIPHER_SUITE Sets/gets the allowed cipher suite. .BR invalue @@ -752,6 +760,14 @@ When using the OpenSSL library this is an SSL*. When using other crypto libraries this is a pointer to an OpenLDAP private structure. Applications generally should not use this option. +.TP +.B LDAP_OPT_X_TLS_VERSION +Gets the TLS version being used on an established TLS session. +.BR outvalue +must be +.BR "char **" , +and its contents need to be freed by the caller using +.BR ldap_memfree (3). .SH ERRORS On success, the functions return .BR LDAP_OPT_SUCCESS , --- openldap-2.4.40/include/ldap.h.orig 2014-11-13 17:13:26.897824122 -0600 +++ openldap-2.4.40/include/ldap.h 2014-11-13 17:13:58.789823060 -0600 @@ -158,6 +158,8 @@ #define LDAP_OPT_X_TLS_NEWCTX 0x600f #define LDAP_OPT_X_TLS_CRLFILE 0x6010 /* GNUtls only */ #define LDAP_OPT_X_TLS_PACKAGE 0x6011 +#define LDAP_OPT_X_TLS_VERSION 0x6013 /* read-only */ +#define LDAP_OPT_X_TLS_CIPHER 0x6014 /* read-only */ #define LDAP_OPT_X_TLS_NEVER 0 #define LDAP_OPT_X_TLS_HARD 1 --- openldap-2.4.40/include/ldap_pvt.h.orig 2014-11-13 16:55:18.919584275 -0600 +++ openldap-2.4.40/include/ldap_pvt.h 2014-11-13 16:55:43.983583440 -0600 @@ -420,6 +420,9 @@ LDAPDN_rewrite_dummy *func, unsigned flags )); LDAP_F (int) ldap_pvt_tls_get_strength LDAP_P(( void *ctx )); +LDAP_F (const char *) ldap_pvt_tls_get_version LDAP_P(( void *ctx )); +LDAP_F (const char *) ldap_pvt_tls_get_cipher LDAP_P(( void *ctx )); + LDAP_END_DECL /* --- openldap-2.4.40/servers/slapd/connection.c.orig 2014-11-13 17:07:32.258240498 -0600 +++ openldap-2.4.40/servers/slapd/connection.c 2014-11-13 17:09:17.778236982 -0600 @@ -1386,6 +1386,7 @@ } else if ( rc == 0 ) { void *ssl; struct berval authid = BER_BVNULL; + char msgbuf[32]; c->c_needs_tls_accept = 0; @@ -1403,9 +1404,11 @@ "unable to get TLS client DN, error=%d id=%lu\n", s, rc, c->c_connid ); } + sprintf(msgbuf, "tls_ssf=%u ssf=%u", c->c_tls_ssf, c->c_ssf); Statslog( LDAP_DEBUG_STATS, - "conn=%lu fd=%d TLS established tls_ssf=%u ssf=%u\n", - c->c_connid, (int) s, c->c_tls_ssf, c->c_ssf, 0 ); + "conn=%lu fd=%d TLS established %s tls_proto=%s tls_cipher=%s\n", + c->c_connid, (int) s, + msgbuf, ldap_pvt_tls_get_version( ssl ), ldap_pvt_tls_get_cipher( ssl )); slap_sasl_external( c, c->c_tls_ssf, &authid ); if ( authid.bv_val ) free( authid.bv_val ); } else if ( rc == 1 && ber_sockbuf_ctrl( c->c_sb,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Contact
Support
@OBShq
The Open Build Service is an
openSUSE project
.
Log In
Places
Places
All Projects
Status Monitor