LDAP command line tools now accept 2 new options:
-ZZ (issue a startTLS request)
-ZZZ (like -ZZ but require a successful response).
API extensions:
ldap_ssl.h: LDAP_EXOP_START_TLS macro (OID of start TLS extended op.).
libssldap: Added ldap_start_tls_s() function.
libprldap: Added prldap_is_installed() and prldap_import_connection().
libldap: Added new LDAP_X_OPT_SOCKETARG option for ldap_get_option()
and ldap_set_option() (get/set the socketarg associated
with the main LDAP TCP connection).
liblber: Added new LBER_SOCKBUF_OPT_SOCK_ARG option for
ber_sockbuf_set_option() and ber_sockbuf_get_option()
(get/set the socketarg associated with a Sockbuf).
Also, some refactoring was done in libssldap to simplify the code.
Updated NSPR and NSS component revision numbers.
Handle for part release numbers on Linux, e.g., 2.4.20-6
Use correct paths for NSPR headers and libraries.
Remove obsolete LDAP Makefiles (generated by configure these days).
Fix command line tools link error on Linux: link with -lstdc++
Fix most critical warnings in the core LDAP library code:
AIX has snprintf() so we now #define HAVE_SNPRINTF there.
Use snprintf() instead of sprintf() in ldap_perror().
Use snprintf() instead of sprintf() in ldap_init_getfilter_buf()
and improve error reporting for bad regular expressions.
Added two new libssldap public functions: ldapssl_set_option() and
ldapssl_get_option().
Also fixed a bug in ldapsinit:do_ldapssl_connect() that sometimes
caused PR_Close() to be called twice on an SSL file descriptor
if an error occurred (once in do_ldapssl_connect() itself and
once in the libprldap close function that is called from
do_ldapssl_connect()).
Also updated the NSPR and NSS "error code to string" mapping
tables that are used by ldapssl_err2string().
Also fixed a bug in common.c:ldaptool_print_lderror (LDAP command
line tools) where we did not check for SSL errors when the
error code was "can't connect." We were only checking on
"server down" errors.
Fix bug # 121276 - use sigthreadmask instead of sigprocmask (AIX).
Fix bug # 81584 - strtok use and STRTOK on Linux.
The charray() code now uses strtok_r() if available.
strtok_r() is now used everywhere on Linux if available.
New libssldap public function: ldapssl_set_strength().
New command line tool option: -3 ("no third").
Fix bug # 134035 - LDAP command line tools don't report vendor mismatch.
Improved error checks and reporting for SSL errors in tools.
richm%stanfordalumni.org
cls%seawood.org
mcs%pearlcrescent.com
mcs%netscape.com
djani%netscape.com
dmose%netscape.com
dmose%mozilla.org
chuckb%netscape.com
cboatwri