/* $OpenLDAP$ */
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
*
- * Copyright 2008-2009 The OpenLDAP Foundation.
+ * Copyright 2008-2012 The OpenLDAP Foundation.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* <http://www.OpenLDAP.org/license.html>.
*/
/* ACKNOWLEDGEMENTS: GNUTLS support written by Howard Chu and
- * Matt Backes; sponsored by The Written Word (thewrittenword.com)
+ * Emily Backes; sponsored by The Written Word (thewrittenword.com)
* and Stanford University (stanford.edu).
*/
#include "ldap-int.h"
#include "ldap-tls.h"
-#ifdef LDAP_R_COMPILE
-#include <ldap_pvt_thread.h>
-#endif
-
#include <gnutls/gnutls.h>
#include <gnutls/x509.h>
#include <gcrypt.h>
tlsg_ctx_ref( tls_ctx *ctx )
{
tlsg_ctx *c = (tlsg_ctx *)ctx;
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_lock( &c->ref_mutex );
-#endif
+ LDAP_MUTEX_LOCK( &c->ref_mutex );
c->refcount++;
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_unlock( &c->ref_mutex );
-#endif
+ LDAP_MUTEX_UNLOCK( &c->ref_mutex );
}
static void
if ( !c ) return;
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_lock( &c->ref_mutex );
-#endif
+ LDAP_MUTEX_LOCK( &c->ref_mutex );
refcount = --c->refcount;
-#ifdef LDAP_R_COMPILE
- ldap_pvt_thread_mutex_unlock( &c->ref_mutex );
-#endif
+ LDAP_MUTEX_UNLOCK( &c->ref_mutex );
if ( refcount )
return;
#ifdef HAVE_CIPHERSUITES
ber_init2( ber, cert, LBER_USE_DER );
tag = ber_skip_tag( ber, &len ); /* Sequence */
tag = ber_skip_tag( ber, &len ); /* Sequence */
- tag = ber_skip_tag( ber, &len ); /* Context + Constructed (version) */
- if ( tag == 0xa0 ) /* Version is optional */
+ tag = ber_peek_tag( ber, &len ); /* Context + Constructed (version) */
+ if ( tag == 0xa0 ) { /* Version is optional */
+ tag = ber_skip_tag( ber, &len );
tag = ber_get_int( ber, &i ); /* Int: Version */
- tag = ber_get_int( ber, &i ); /* Int: Serial */
+ }
+ tag = ber_skip_tag( ber, &len ); /* Int: Serial (can be longer than ber_int_t) */
+ ber_skip_data( ber, len );
tag = ber_skip_tag( ber, &len ); /* Sequence: Signature */
ber_skip_data( ber, len );
if ( !get_subject ) {
}
#ifdef LDAP_PF_INET6
- if (name[0] == '[' && strchr(name, ']')) {
- char *n2 = ldap_strdup(name+1);
- *strchr(n2, ']') = 0;
- if (inet_pton(AF_INET6, n2, &addr))
- ntype = IS_IP6;
- LDAP_FREE(n2);
+ if (inet_pton(AF_INET6, name, &addr)) {
+ ntype = IS_IP6;
} else
#endif
if ((ptr = strrchr(name, '.')) && isdigit((unsigned char)ptr[1])) {
assert( sbiod->sbiod_pvt != NULL );
p = (struct tls_data *)sbiod->sbiod_pvt;
- gnutls_bye ( p->session->session, GNUTLS_SHUT_RDWR );
+ gnutls_bye ( p->session->session, GNUTLS_SHUT_WR );
return 0;
}