summaryrefslogtreecommitdiff
path: root/source4/lib/tls
AgeCommit message (Collapse)AuthorFilesLines
2012-07-18s4-lib/tls: Try socket_send() multiple times to send partial packetsAndrew Bartlett1-13/+26
This works around an artificial limitation in socket_wrapper that breaks some versions of GnuTLS when we return a short write. Instead, keep pushing until the OS will not take it. The correct solution will be to use tls_tstream, but the client code for this is not yet tested and needs the ldap client layer changed to use it. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Jul 18 11:23:55 CEST 2012 on sn-devel-104
2012-02-18s4:lib/tls - include GNUTLS headers consistently using <...>Matthias Dieter Wallnöfer3-4/+4
These are system-specific. Reviewed-by: Jelmer Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Sat Feb 18 00:43:58 CET 2012 on sn-devel-104
2012-02-10s4-lib/tls: remove unused tls_support()Andrew Bartlett2-15/+0
Found by callcatcher: http://www.skynet.ie/~caolan/Packages/callcatcher.html Andrew Bartlett
2011-11-30s4:lib/tls - call "gnutls_transport_set_lowat" only on GNUTLS < 3.0Matthias Dieter Wallnöfer2-0/+8
This function call together with the lowat feature has been removed in release 3.0 as described in this mailing list post: http://old.nabble.com/gnutls_transport_set_lowat-deprecated-td32554230.html. Since we do not make any use of lowat (esprimed by each function call) we are free to simply omit it on v3.0 and later. This addresses bug #8537. Reviewed by: abartlet + metze Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Wed Nov 30 20:11:14 CET 2011 on sn-devel-104
2011-08-13s4:lib: use tevent_ fns names instead of legcay event_ onesSimo Sorce1-10/+10
2011-08-08build: provide tevent-util as a public libraryAndrew Bartlett1-1/+1
This is needed so that OpenChange can get at _tevent_req_nterr(), which is referenced by generated PIDL output. Andrew Bartlett
2011-03-10s4:lib/tls/wscript - exclude known broken GNUTLS releasesMatthias Dieter Wallnöfer1-2/+2
This definitely fixes bug #7218. Autobuild-User: Matthias Dieter Wallnöfer <mdw@samba.org> Autobuild-Date: Thu Mar 10 11:58:27 CET 2011 on sn-devel-104
2011-01-18s4:tls_tstream: also use a dynamic buffer for the pull sideStefan Metzmacher1-3/+12
Maybe that fixes the remaining issues with some gnutls versions. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 18 17:26:08 CET 2011 on sn-devel-104
2011-01-18s4:tls_tstream: fix partial reads, so that the gnutls layer doesn't read the ↵Stefan Metzmacher1-1/+6
same data twice metze
2010-12-04tls_tstream: use a dynamic buffer for the push caseStefan Metzmacher1-6/+21
Some versions of gnutls doesn't handle EAGAIN correctly, so we better allow sending buffers without a low size limitation, the limit is now UINT16_MAX (0xFFFF) and we allocate the buffer with talloc each time. metze
2010-12-04tls_tstream: increase the buffer sizeMatthieu Patou1-1/+1
The problem is that with certain version of gnutls are not working properly if the server is sending in different packet things like (at least) * Certificate * Server Key exchange * Client certificate Somehow it really expect this to be done in one packet as some structures used _gnutls_send_handshake are reinitialized at every packet exchange and intermediate steps didn't expect it Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-11-29s4:lib/tls/tls_tstream.c - quiet warning on Solaris "cc" by castsMatthias Dieter Wallnöfer1-2/+2
2010-10-31s4: Remove the old perl/m4/make/mk-based build system.Jelmer Vernooij2-53/+0
The new waf-based build system now has all the same functionality, and the old build system has been broken for quite some time. Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
2010-10-27tls: Inform the user if the cert/ca/private key can't be savedMatthieu Patou1-3/+12
Most of the time this problem is due to a missing <private>/tls dir. Should close bug 7640. Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Oct 27 20:08:54 UTC 2010 on sn-devel-104
2010-10-26waf: Remove lib prefix from libraries manually.Jelmer Vernooij1-1/+1
2010-10-24s4: Rename LIBSAMBA-* to libsamba-*Jelmer Vernooij1-1/+1
2010-10-10tls: add missing dependency on util_tevent.Jelmer Vernooij1-1/+1
2010-10-08s4:lib/tls: buffer writes in tstream_tls_push_function()Stefan Metzmacher1-10/+76
This works arround bugs in gnutls_handshake(), which diesn't handle EAGAIN correctly, when they use the push function. Thanks to Marcel.Ritter@rrze.uni-erlangen.de and Matthieu Patou <mat@samba.org> for the debugging work on bug #7218. metze
2010-10-08s4:lib/tls: make more clear what the immediate event is forStefan Metzmacher1-6/+6
metze
2010-10-08s4:lib/tls: fix enabled logic in tstream_tls_params_server()Stefan Metzmacher2-2/+12
metze
2010-09-28s4:lib/tls: add gnutls backend for tstreamStefan Metzmacher3-3/+1298
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Sep 28 02:29:42 UTC 2010 on sn-devel-104
2010-07-16s4-loadparm: 2nd half of lp_ to lpcfg_ conversionAndrew Tridgell1-8/+8
this converts all callers that use the Samba4 loadparm lp_ calling convention to use the lpcfg_ prefix. Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2010-04-06s4-waf: mark the wscript files as python so vim/emacs knows how to highlight ↵Andrew Tridgell1-0/+2
them
2010-04-06s4-waf: disable_gnutls is goneAndrew Tridgell1-1/+1
2010-04-06build: need to mark disabled libraries as DISABLEDAndrew Tridgell1-2/+4
2010-04-06build: honor both --enable-gnutls and --disable-gnutlsAndrew Tridgell1-5/+12
This shows how we can do the dual-boolean rules we use so much with autoconf
2010-04-06build: add cflags from pkg_config results to header/function testsAndrew Tridgell1-4/+8
When we find a package with pkg_config we may need to use the resulting ccflags and ldflags in later tests. Support this by adding lib= options to CHECK_FUNC and CHECK_HEADER This gets gnutls on FreeBSD working
2010-04-06build: configure fixes for opensolarisAndrew Tridgell1-0/+7
2010-04-06build: updated configure checks or new syntaxAndrew Tridgell1-6/+3
2010-04-06build: fixed gnutls checkAndrew Tridgell1-1/+1
2010-04-06build: nearly there on samba4 buildAndrew Tridgell1-1/+3
2010-04-06build: check for libgpg-errorAndrew Tridgell1-1/+3
2010-04-06build: gcrypt functionsAndrew Tridgell1-1/+1
2010-04-06build: more config checksAndrew Tridgell1-0/+3
2010-04-06build: waf build for lib/tlsAndrew Tridgell1-0/+27
2009-12-15s4:tls: fix the build on SolarisBrian Lu1-0/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-10-14s4: Changes the old occurences of "lp_realm" in "lp_dnsdomain" where neededMatthias Dieter Wallnöfer1-1/+2
For KERBEROS applications the realm should be upcase (function "lp_realm") but for DNS ones it should be used lowcase (function "lp_dnsdomain"). This patch implements the use of both in the right way.
2009-08-12raise the debug level for a common messageAndrew Tridgell1-1/+1
when a client disconnects we expect this to happen, so don't print an error each time
2009-07-31s4:tls: avoid using talloc_reference() in tls_init_client()Stefan Metzmacher1-6/+2
metze
2009-07-31s4:tls: avoid using talloc_reference() in tls_init_server()Stefan Metzmacher1-8/+1
metze
2009-07-28s4:tls Enable GnuTLS back to version 1.4 (an into the future)Andrew Bartlett1-1/+1
We think we have the bug fixed. Andrew Bartlett
2009-06-19Fixed some uninitialised variablesMatthias Dieter Wallnöfer1-2/+1
I tried hard to not change the program logic. Should fix bug #6439.
2009-02-24Make S4 build on OpenSolaris.Jeremy Allison2-1/+3
Jeremy.
2009-02-18fixed some of the TLS problemsAndrew Tridgell3-10/+22
This fixes two things in the TLS support for Samba4. The first is to use a somewhat more correct hostname instead of 'Samba' when generating the test certificates. That allows TLS test clients (such as gnutls-cli) to connect to Samba4 using auto-generated certificates. The second fix is to add a call to gcry_control() to tell gcrypt to use /dev/urandom instead of /dev/random (on systems that support that). That means that test certificate generation is now very fast, which was previously an impediment to putting the TLS tests on the build farm.
2009-01-15Fix indentation for some configure options.Jelmer Vernooij1-1/+1
2009-01-08Don't attempt to use GNUTLS >= 2.6, as it is known broken with the ↵Jelmer Vernooij1-30/+28
socket-tls backend.
2008-12-29s4:lib/tevent: rename structsStefan Metzmacher2-7/+7
list="" list="$list event_context:tevent_context" list="$list fd_event:tevent_fd" list="$list timed_event:tevent_timer" for s in $list; do o=`echo $s | cut -d ':' -f1` n=`echo $s | cut -d ':' -f2` r=`git grep "struct $o" |cut -d ':' -f1 |sort -u` files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4` for f in $files; do cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp mv $f.tmp $f done done metze
2008-12-24Rename samba-socket -> samba_socket to fix a couple more compilerJelmer Vernooij1-1/+1
warnings.
2008-12-23Fix more compiler warnings.Jelmer Vernooij1-10/+10
2008-10-23Make lp_tls_* return absolute paths.Jelmer Vernooij1-5/+5