summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPhil Pennock <pdp@exim.org>2016-12-31 23:22:22 -0500
committerPhil Pennock <pdp@exim.org>2016-12-31 23:22:22 -0500
commit4c57a40e227ea6585cf1dd4bef37fbb15e1f7e35 (patch)
tree89c90f326007dd3c737b68c2e70cdaab73089f48
parentcd1a5fe0ed22087c6afbe585ab0206c2a4a267aa (diff)
parentb738dd0fb2b443db9219013885be38e663c63685 (diff)
Merge remote-tracking branch 'github/pr/50'
GitHub user @YmrDtnJu "Björn" provided a patch to fix that we called ldap_start_tls_s on ldapi:// connections. This is obviously a correct change, since above we've avoiding initializing the TLS state if using ldapi. Added documentation noting this behaviour.
-rw-r--r--doc/doc-docbook/spec.xfpt3
-rw-r--r--doc/doc-txt/ChangeLog12
-rw-r--r--src/src/lookups/ldap.c2
3 files changed, 14 insertions, 3 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index 769b9e1c9..465a30525 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -15293,6 +15293,9 @@ connecting on a regular LDAP port. This is the LDAP equivalent of SMTP's
of SSL-on-connect.
In the event of failure to negotiate TLS, the action taken is controlled
by &%ldap_require_cert%&.
+.new
+This option is ignored for &`ldapi`& connections.
+.wen
.option ldap_version main integer unset
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5427392b9..7e02d30bc 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -4,16 +4,22 @@ This document describes *changes* to previous versions, that might
affect Exim's operation, with an unchanged configuration file. For new
options, and new features, see the NewStuff file next to this ChangeLog.
+
Exim version 4.89
-------------------
+
JH/01 Bug 1922: Support IDNA2008. This has slightly different conversion rules
than -2003 did; needs libidn2 in addition to linidn.
JH/02 The path option on a pipe transport is now expanded before use.
+PP/01 GitHub PR 50: Do not call ldap_start_tls_s on ldapi:// connections.
+ Patch provided by "Björn", documentation fix added too.
+
Exim version 4.88
-----------------
+
JH/01 Use SIZE on MAIL FROM in a cutthrough connection, if the destination
supports it and a size is available (ie. the sending peer gave us one).
@@ -152,11 +158,12 @@ HS/03 Use "auto" as the default EC curve parameter. For OpenSSL < 1.0.2
fallback to "prime256v1".
JH/34 SECURITY: Use proper copy of DATA command in error message.
- Could leak key material. Remotely explaoitable. CVE-2016-9963.
+ Could leak key material. Remotely exploitable. CVE-2016-9963.
Exim version 4.87
-----------------
+
JH/01 Bug 1664: Disable OCSP for GnuTLS library versions at/before 3.3.16
and 3.4.4 - once the server is enabled to respond to an OCSP request
it does even when not requested, resulting in a stapling non-aware
@@ -353,9 +360,9 @@ JH/48 Bug 1807: Fix ${extract } for the numeric/3-string case. While preparsing
extraction. Accept either.
-
Exim version 4.86
-----------------
+
JH/01 Bug 1545: The smtp transport option "retry_include_ip_address" is now
expanded.
@@ -478,6 +485,7 @@ HS/03 Add perl_taintmode main config option
Exim version 4.85
-----------------
+
TL/01 When running the test suite, the README says that variables such as
no_msglog_check are global and can be placed anywhere in a specific
test's script, however it was observed that placement needed to be near
diff --git a/src/src/lookups/ldap.c b/src/src/lookups/ldap.c
index 3db787cce..b8a326834 100644
--- a/src/src/lookups/ldap.c
+++ b/src/src/lookups/ldap.c
@@ -580,7 +580,7 @@ if (!lcp->bound ||
{
DEBUG(D_lookup) debug_printf("%sbinding with user=%s password=%s\n",
(lcp->bound)? "re-" : "", user, password);
- if (eldap_start_tls && !lcp->is_start_tls_called)
+ if (eldap_start_tls && !lcp->is_start_tls_called && !ldapi)
{
#if defined(LDAP_OPT_X_TLS) && !defined(LDAP_LIB_SOLARIS)
/* The Oracle LDAP libraries (LDAP_LIB_TYPE=SOLARIS) don't support this.