November 2014 - 389-devel - Fedora Mailing-Lists

please review: Ticket 47950 - Bind DN tracking unable to write to internalModifiersName without special permissions

by Mark Reynolds

https://fedorahosted.org/389/ticket/47950 https://fedorahosted.org/389/attachment/ticket/47950/0001-Ticket-47950-Bi...

9 years, 5 months

1
0
0 / 0

please review: Ticket 47958 - Memory leak in password admin if the admin entry does not exist

by Mark Reynolds

https://fedorahosted.org/389/ticket/47958/ https://fedorahosted.org/389/attachment/ticket/47958/0001-Ticket-47958-Me...

9 years, 5 months

1
0
0 / 0

please review: Ticket 47952 - passwordAdminDN attribute value is not properly returned to the client

by Mark Reynolds

https://fedorahosted.org/389/ticket/47952 https://fedorahosted.org/389/attachment/ticket/47952/0001-Ticket-47952-Pa...

9 years, 5 months

1
0
0 / 0

please review: Ticket 47956 - Create new config type for slapd structs

by Mark Reynolds

This is really part one of a fix for password administrators (https://fedorahosted.org/389/ticket/47952). https://fedorahosted.org/389/ticket/47956 https://fedorahosted.org/389/attachment/ticket/47956/0001-Ticket-47956-Cr...

9 years, 5 months

1
0
0 / 0

please review: Ticket47451 - dynamic plugins - need to unregister tasks created by plugins

by Mark Reynolds

https://fedorahosted.org/389/ticket/47451 https://fedorahosted.org/389/attachment/ticket/47451/0001-Ticket-47451-Ne...

9 years, 5 months

1
0
0 / 0

please review: [389 Project] #47928: Disable SSL v3, by default.

by Noriko Hosoi

https://fedorahosted.org/389/ticket/47928 https://fedorahosted.org/389/attachment/ticket/47928/0001-Ticket-47928-Di... git patch file (master) -- Changing the default SSL Version Min value from TLS 1.1 to TLS 1.0. On 11/13/2014 12:22 PM, 389 Project wrote: > Comment (by nhosoi): > > Description: > Changing the default SSL Version Min value from TLS 1.1 to TLS 1.0. > In dn: cn=encryption,cn=config, > 0) Setting no SSL version attrs (using defaults); supported max is TLS1.2 > ==> > SSL Initialization - Configured SSL version range: min: TLS1.0, max: > TLS1.2 > > 1) Setting old/new SSL version attrs; no conflict; supported max is TLS1.2 > sslVersionMin: TLS1.0 > sslVersionMax: TLS1.3 > nsSSL3: off > nsTLS1: on > ==> > SSL Initialization - Configured SSL version range: min: TLS1.0, max: > TLS1.2 > 2) Setting new SSL version attrs; supported max is TLS1.2 > sslVersionMin: TLS1.0 > sslVersionMax: TLS1.3 > ==> > SSL Initialization - Configured SSL version range: min: TLS1.0, max: > TLS1.2 > > 3) Setting old/new SSL version attrs; conflict (new min is stricter); > supported max is TLS1.2 > nsSSL3: on > sslVersionMin: TLS1.0 > ==> > SSL alert: Found unsecure configuration: nsSSL3: on; We strongly > recommend to dis > able nsSSL3 in cn=encryption,cn=config. > SSL alert: Configured range: min: TLS1.0, max: TLS1.2; but both nsSSL3 > and nsTLS1 > are on. Respect the supported range. > SSL Initialization - Configured SSL version range: min: TLS1.0, max: > TLS1.2 > > 4) Setting old/new SSL version attrs; conflict (old min is stricter); > supported max is TLS1.2 > nsSSL3: off > sslVersionMin: SSL3 > sslVersionMax: SSL3 > ==> > SSL alert: nsTLS1 is on, but the version range is lower than "TLS1.0"; > Configuring > the version range as default min: TLS1.0, max: TLS1.2. > SSL Initialization - Configured SSL version range: min: TLS1.0, max: > TLS1.2 > > 5) Setting old/new SSL version attrs; no conflict; setting SSL3 > nsSSL3: on > nsTLS1: off > sslVersionMin: SSL3 > sslVersionMax: SSL3 > ==> > SSL alert: Found unsecure configuration: nsSSL3: on; We strongly > recommend to disable > nsSSL3 in cn=encryption,cn=config. > SSL alert: Too low configured range: min: SSL3, max: SSL3; We strongly > recommend > to set sslVersionMin higher than TLS1.0. > SSL Initialization - Configured SSL version range: min: SSL3, max: SSL3 >

9 years, 5 months

1
0
0 / 0

please review: Ticket 47946 - idm-console-framework - ACI's are replaced by "ACI_ALL" after editing goup of ACI's including invalid one

by Mark Reynolds

https://fedorahosted.org/389/ticket/47946 https://fedorahosted.org/389/attachment/ticket/47946/0001-Ticket-47946-AC...

9 years, 5 months

1
0
0 / 0

please review: Ticket 47953 - Should not check aci syntax when deleting aci

by Mark Reynolds

https://fedorahosted.org/389/ticket/47953 https://fedorahosted.org/389/attachment/ticket/47953/0001-Ticket-47953-Sh... https://fedorahosted.org/389/attachment/ticket/47953/0002-Ticket-47953-te...

9 years, 5 months

1
0
0 / 0

Please review for lib389 ticket 47691 (2nd): lib389 support for RPM builds of 389-ds

by thierry bordaz

Hello, This fix allows to run 389-DS CI tests when 389-ds is deployed as a rpm. It takes into account previous remarks done by Rich (no use of 'sudo' or 'systemctl'). The tests can be launched either being 'root' ('cd ds/dirsrvtests/tickets; py.test ') or with sudo ('cn ds/dirsrvtests/tickets; sudo py.tests'). Currently some ticket tests are failing. This is because those tests need to be fixed regarding master branch. Fixing those tests will be done with a separate ticket. https://fedorahosted.org/389/ticket/47691 https://fedorahosted.org/389/attachment/ticket/47691/0001-Ticket-47691-2-...

9 years, 5 months

1
0
0 / 0

Please review (take 5): [389 Project] #47945: Add SSL/TLS version info to the access log

by Noriko Hosoi

https://fedorahosted.org/389/ticket/47945 https://fedorahosted.org/389/attachment/ticket/47945/0001-Ticket-47945-Ad... git patch file (master) -- applied the change in comment:11 <https://fedorahosted.org/389/ticket/47945#comment:11> by Rich. Thank you!! Once approved, I'm going to attach the code slapi_getSSLVersion_str to this bug... *Bug 1161807* <https://bugzilla.redhat.com/show_bug.cgi?id=1161807> -[RFE] API to convert SSL version number to SSL version string --noriko On 11/10/2014 01:10 PM, 389 Project wrote: > #47945: Add SSL/TLS version info to the access log > -------------------------------------------------+------------------------- > Reporter: nhosoi | Owner: nhosoi > Type: defect | Status: > Priority: major | accepted > Component: Directory Server | Milestone: 1.3.3 > Resolution: | backlog > Blocked By: | Version: 1.3.0 > Review: review? | Keywords: > Red Hat Bugzilla: | Blocking: > [https://bugzilla.redhat.com/show_bug.cgi?id=1153737| Ticket origin: > 1153737] | Community > -------------------------------------------------+------------------------- > > Comment (by rmeggins): > > Thanks. Almost there > {{{ > if ((vnum & SSL_LIBRARY_VERSION_3_0) == SSL_LIBRARY_VERSION_3_0) { > ... > }}} > This will only work for TLSv1.x. I would like to see support for TLSv2.x > and later, something like this: > {{{ > if (vnum >= SSL_LIBRARY_VERSION_3_0) { > if (vnum == SSL_LIBRARY_VERSION_3_0) { /* SSL3 */ > if (buf && bufsize) { > PR_snprintf(buf, bufsize, "SSL3"); > } else { > vstr = slapi_ch_smprintf("SSL3"); > } > } else { /* TLS v X.Y */ > const char *TLSFMT = "TLS%d.%d"; > int minor_offset = 0; /* e.g. 0x0401 -> TLS v 2.1, not 2.0 */ > > if ((vnum & SSL_LIBRARY_VERSION_3_0) == > SSL_LIBRARY_VERSION_3_0) { > minor_offset = 1; /* e.g. 0x0301 -> TLS v 1.0, not 1.1 */ > } > if (buf && bufsize) { > PR_snprintf(buf, bufsize, TLSFMT, (vnum >> 8) - 2, (vnum & > 0xff) - minor_offset); > } else { > vstr = slapi_ch_smprintf(TLSFMT, (vnum >> 8) - 2, (vnum & > 0xff) - minor_offset); > } > } > } else { /* SSL2 or unknown */ > ... > } > }}} > That way, if vnum > SSL_LIBRARY_VERSION_3_0 (e.g. vnum == 0x0400 e.g. TLS > v2.0) our code will support it with no changes. >

9 years, 5 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

389-devel November 2014