diff --git a/mozilla/directory/c-sdk/ldap/clients/tools/Options.txt b/mozilla/directory/c-sdk/ldap/clients/tools/Options.txt index e361177bcd6..01c97f60526 100644 --- a/mozilla/directory/c-sdk/ldap/clients/tools/Options.txt +++ b/mozilla/directory/c-sdk/ldap/clients/tools/Options.txt @@ -18,42 +18,42 @@ The "avail" lists included options that are available for use. common.c (supported by all of the tools): - raw: nvEMRHZ0d:D:f:h:I:j:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y: - sorted: 0 DEHIKMNOPQRVWXYZ dfhikmnpvwy - avail: [2-9] J g (not used by any of the tools) + raw: nvEMRHZ0d:D:f:h:I:j:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J: + sorted: 0 DEHIJKMNOPQRVWXYZ dfhikmnpvwy + avail: 2 [4-9] g (not used by any of the tools) ldapcmp.c: raw: Bb:l:s:z: sorted: B blsz all: 0 BDHIKMNOPQRVWXYZ bdfhiklmnpsvwyz - avail: [1-9] ACFGJLSTU acegjoqrtu + avail: [12] [4-9] ACFGLSTU acegjoqrtu ldapcompare.c: raw: cq sorted: cq all: 0 DEHIKMNOPQRVWXYZ cdfhikmnpqvwy - avail: [1-9] ABCFJLSTU abegjlorstuxz + avail: [12] [4-9] ABCFLSTU abegjlorstuxz ldapdelete.c (deprecated) raw: c sorted: c all: 0 DHIKMNOPQRVWXYZ cdfhikmnpvwy - avail: [1-9] ABCFGJLSTU abegjloqrstuxz + avail: [12] [4-9] ABCFGLSTU abegjloqrstuxz ldapmodify.c raw: aAbcFe:B:q sorted: ABF abceq all: 0 ABDFHIKMNOPQRVWXYZ abcdefhikmnpqvwy - avail: [1-9] CGJLSTU gjlorstuxz + avail: [12] [4-9] CGLSTU gjlorstuxz ldapmodrdn.c (deprecated) raw: cr sorted: cr all: 0 DHIKMNOPQRVWXYZ cdfhikmnprvwy - avail: [1-9] ABCFGJLSTU abegjloqstuxz + avail: [12] [4-9] ABCFGLSTU abegjloqstuxz ldapsearch.c raw: ABLTU1eotuxa:b:F:G:l:S:s:z:C: sorted: 1 ABCFGLSTU abeostuxz all: 01 ABCDFGHIKLMNOPQRSTUVWXYZ abdefhikmnopstuvwxyz - avail: [2-9] J cgjlqr + avail: 2 [4-9] cgjlqr diff --git a/mozilla/directory/c-sdk/ldap/clients/tools/common.c b/mozilla/directory/c-sdk/ldap/clients/tools/common.c index e9ee631b4a3..4826533b0bc 100644 --- a/mozilla/directory/c-sdk/ldap/clients/tools/common.c +++ b/mozilla/directory/c-sdk/ldap/clients/tools/common.c @@ -97,6 +97,7 @@ ldaptool_common_usage( int two_hosts ) fprintf( stderr, " -m pathname\tpath to security module database\n"); #endif /* LDAP_TOOL_PKCS11 */ fprintf( stderr, " -W\t\tSSL key password\n" ); + fprintf( stderr, " -3\t\tcheck hostnames in SSL certificates\n" ); #ifdef LDAP_TOOL_PKCS11 fprintf( stderr, " -Q [token][:certificate name]\tPKCS 11\n" ); @@ -181,6 +182,7 @@ static int isW = 0; static int isw = 0; static int isD = 0; static int isj = 0; +static int ssl_strength = LDAPTOOL_DEFSSLSTRENGTH; static char *ssl_certdbpath = LDAPTOOL_DEFCERTDBPATH; static char *ssl_keydbpath = LDAPTOOL_DEFKEYDBPATH; /* @@ -299,8 +301,18 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, if ( lib_version_mismatch_is_fatal ) { exit( LDAP_LOCAL_ERROR ); } - } else if ( strcmp( ldai.ldapai_vendor_name, LDAP_VENDOR_NAME ) == 0 - && ldai.ldapai_vendor_version < LDAP_VENDOR_VERSION ) { + } else if ( strcmp( ldai.ldapai_vendor_name, LDAP_VENDOR_NAME ) != 0 ) { + fprintf( stderr, "%s: this program requires %s's LDAP\n" + "\tlibrary version %2.2f or greater; running with\n" + "\t%s's version %2.2f.\n", + ldaptool_progname, LDAP_VENDOR_NAME, + (float)LDAP_VENDOR_VERSION / 100, + ldai.ldapai_vendor_name, + (float)ldai.ldapai_vendor_version / 100 ); + if ( lib_version_mismatch_is_fatal ) { + exit( LDAP_LOCAL_ERROR ); + } + } else if ( ldai.ldapai_vendor_version < LDAP_VENDOR_VERSION ) { fprintf( stderr, "%s: this program requires %s's LDAP\n" "\tlibrary version %2.2f or greater; running with" " version %2.2f.\n", @@ -319,7 +331,7 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, extra_opts = ""; } - common_opts = "nvEMRHZ0d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; + common_opts = "nvEMRHZ03d:D:f:h:j:I:K:N:O:P:p:Q:W:w:V:X:m:i:k:y:Y:J:"; /* note: optstring must include room for liblcache "C:" option */ if (( optstring = (char *) malloc( strlen( extra_opts ) + strlen( common_opts ) @@ -441,6 +453,11 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, } isW = 1; break; + + case '3': /* check hostnames in SSL certificates ("no third") */ + ssl_strength = LDAPSSL_AUTH_CNCHECK; + break; + #ifdef LDAP_TOOL_PKCS11 case 'm': /* SSL secmod path */ ssl_secmodpath = strdup( optarg); @@ -537,7 +554,8 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, case '0': /* zero -- override LDAP library version check */ break; /* already handled above */ - case 'J': + + case 'J': /* send an arbitrary control */ if ( (ctrl_arg = strdup( optarg)) == NULL ) { perror ("strdup"); exit (LDAP_NO_MEMORY); @@ -570,11 +588,17 @@ ldaptool_process_args( int argc, char **argv, char *extra_opts, /* If '-Z' is specified, check if '-P' is specified too. */ if ( isN || isW ) { if ( !isZ ) { - printf( "%s: with -N, -W options, please specify -Z\n\n", ldaptool_progname ); + fprintf( stderr, "%s: with -N, -W options, please specify -Z\n\n", ldaptool_progname ); return (-1); } } + /* if '-N' is specified, -W is needed too */ + if ( isN && NULL == ssl_passwd ) { + fprintf( stderr, "%s: with the -N option, please specify -W also\n\n", ldaptool_progname ); + return (-1); + } + if ( isj && isw ) { fprintf(stderr, "%s: -j and -w options cannot be specified simultaneously\n\n", ldaptool_progname ); return (-1); @@ -753,7 +777,7 @@ static int PinArgRegistration( void ) #ifndef _WIN32 if ( SVRCORE_CreateStdPinObj(&StdPinObj, filename, PR_TRUE) != SVRCORE_Success) { - printf("Security Initialization: Unable to create PinObj " + fprintf(stderr, "Security Initialization: Unable to create PinObj " "(%d)", PR_GetError()); return -1; } @@ -772,14 +796,14 @@ static int PinArgRegistration( void ) { local_pkcs_fns.pkcs_gettokenname(NULL, &tokenName); if ((err = SVRCORE_CreateNTUserPinObj(&NTUserPinObj)) != SVRCORE_Success){ - printf("Security Initialization: Unable to create NTUserPinObj " + fprintf(stderr, "Security Initialization: Unable to create NTUserPinObj " "(%d)", PR_GetError()); exit( LDAP_LOCAL_ERROR ); } if ((err = SVRCORE_CreateArgPinObj(&ArgPinObj, tokenName, pin, (SVRCOREPinObj *)NTUserPinObj)) != SVRCORE_Success) { - printf("Security Initialization: Unable to create ArgPinObj " + fprintf(stderr, "Security Initialization: Unable to create ArgPinObj " "(%d)", PR_GetError()); return -1; @@ -790,7 +814,7 @@ static int PinArgRegistration( void ) else { if ((err = SVRCORE_CreateNTUserPinObj(&NTUserPinObj)) != SVRCORE_Success){ - printf("Security Initialization: Unable to create NTUserPinObj " + fprintf( stderr, "Security Initialization: Unable to create NTUserPinObj " "(%d)", PR_GetError()); return -1; } @@ -798,14 +822,14 @@ static int PinArgRegistration( void ) { if ((err = SVRCORE_CreateFilePinObj(&FilePinObj, filename)) != SVRCORE_Success) { - printf("Security Initialization: Unable to create FilePinObj " + fprintf( stderr, "Security Initialization: Unable to create FilePinObj " "(%d)", PR_GetError()); return -1; } if ((err = SVRCORE_CreateAltPinObj(&AltPinObj, (SVRCOREPinObj *)FilePinObj, (SVRCOREPinObj *)NTUserPinObj)) != SVRCORE_Success) { - printf("Security Initialization: Unable to create AltPinObj " + fprintf( stderr, "Security Initialization: Unable to create AltPinObj " "(%d)", PR_GetError()); return -1; } @@ -890,6 +914,12 @@ ldaptool_ldap_init( int second_host ) } #endif /* LDAP_TOOL_PKCS11 */ + /* set the default SSL strength (used for all future ld's we create) */ + if ( ldapssl_set_strength( NULL, ssl_strength ) < 0 ) { + perror( "ldapssl_set_strength" ); + exit( LDAP_LOCAL_ERROR ); + } + if (secure) { if ( !user_port ) { port = LDAPS_PORT; @@ -1555,7 +1585,7 @@ ldaptool_parse_ctrl_arg(char *ctrl_arg, char sep, char **ctrl_oid, int *ctrl_criticality, char **ctrl_value, int *vlen) { - char *s, *p, *d; + char *s, *p; int strict; /* Initialize passed variables with default values */ diff --git a/mozilla/directory/c-sdk/ldap/clients/tools/ldaptool.h b/mozilla/directory/c-sdk/ldap/clients/tools/ldaptool.h index 477680624c1..863a5cc36c1 100644 --- a/mozilla/directory/c-sdk/ldap/clients/tools/ldaptool.h +++ b/mozilla/directory/c-sdk/ldap/clients/tools/ldaptool.h @@ -103,6 +103,7 @@ extern "C" { #define LDAPTOOL_DEFSEP "=" /* used by ldapcmp and ldapsearch */ #define LDAPTOOL_DEFHOST "localhost" +#define LDAPTOOL_DEFSSLSTRENGTH LDAPSSL_AUTH_CERT #define LDAPTOOL_DEFCERTDBPATH "." #define LDAPTOOL_DEFKEYDBPATH "." #define LDAPTOOL_DEFREFHOPLIMIT 5 diff --git a/mozilla/directory/c-sdk/ldap/include/ldap_ssl.h b/mozilla/directory/c-sdk/ldap/include/ldap_ssl.h index b3c3d975484..d52aa72c003 100755 --- a/mozilla/directory/c-sdk/ldap/include/ldap_ssl.h +++ b/mozilla/directory/c-sdk/ldap/include/ldap_ssl.h @@ -48,6 +48,7 @@ LDAP * LDAP_CALL ldapssl_init( const char *defhost, int defport, /* * Install I/O routines to make SSL over LDAP possible. * Use this after ldap_init() or just use ldapssl_init() instead. + * Returns 0 if all goes well. */ int LDAP_CALL ldapssl_install_routines( LDAP *ld ); @@ -86,6 +87,7 @@ int LDAP_CALL ldapssl_install_routines( LDAP *ld ); /* * Initialize the secure parts (Security and SSL) of the runtime for use * by a client application. This is only called once. + * Returns 0 if all goes well. */ int LDAP_CALL ldapssl_client_init( @@ -119,6 +121,8 @@ int LDAP_CALL ldapssl_client_init( * Furthermore, the port number must be passed * via the "defport" parameter, and cannot * be passed via a host:port option. + * + * Returns 0 if all goes well. */ int LDAP_CALL ldapssl_serverauth_init( @@ -127,6 +131,7 @@ int LDAP_CALL ldapssl_serverauth_init( /* * Initialize the secure parts (Security and SSL) of the runtime for use * by a client application that may want to do SSL client authentication. + * Returns 0 if all goes well. */ int LDAP_CALL ldapssl_clientauth_init( @@ -142,6 +147,8 @@ int LDAP_CALL ldapssl_clientauth_init( * problems which can be caused by passing in wrong host & portname * values. The same warning applies to the ldapssl_advclientauth_init() * function. + * + * Returns 0 if all goes well. */ int LDAP_CALL ldapssl_advclientauth_init( @@ -162,16 +169,24 @@ const char * LDAP_CALL ldapssl_err2string( const int prerrno ); /* * Enable SSL client authentication on the given ld. + * Returns 0 if all goes well. */ int LDAP_CALL ldapssl_enable_clientauth( LDAP *ld, char *keynickname, char *keypasswd, char *certnickname ); +/* + * Set the SSL strength for an existing SSL-enabled LDAP session handle. + * + * See the description of ldapssl_serverauth_init() above for valid + * sslstrength values. If ld is NULL, the default for new LDAP session + * handles is set. + * + * Returns 0 if all goes well. + */ +int LDAP_CALL ldapssl_set_strength( LDAP *ld, int sslstrength ); + + #ifdef __cplusplus } #endif #endif /* !defined(LDAP_SSL_H) */ - - - - - diff --git a/mozilla/directory/c-sdk/ldap/libraries/libldap_ssl.ex b/mozilla/directory/c-sdk/ldap/libraries/libldap_ssl.ex index 64f8d0f0551..eb27cce5e1f 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/libldap_ssl.ex +++ b/mozilla/directory/c-sdk/ldap/libraries/libldap_ssl.ex @@ -7,6 +7,7 @@ 457 ldapssl_pkcs_init 458 ldapssl_err2string 459 ldapssl_serverauth_init +460 ldapssl_set_strength # the last Windows ordinal number that has been reserved for SSL is 469. # Windows ordinals 1100-1150 are reserved for privately/non-published diff --git a/mozilla/directory/c-sdk/ldap/libraries/libssldap/clientinit.c b/mozilla/directory/c-sdk/ldap/libraries/libssldap/clientinit.c index 8d431481768..7ae64ffeb82 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/libssldap/clientinit.c +++ b/mozilla/directory/c-sdk/ldap/libraries/libssldap/clientinit.c @@ -65,7 +65,6 @@ static PRStatus local_SSLPLCY_Install(void); * This little tricky guy keeps us from initializing twice */ static int inited = 0; -static int ssl_strength = LDAPSSL_AUTH_CERT; static char tokDes[34] = "Internal (Software) Database "; static char ptokDes[34] = "Internal (Software) Token "; @@ -390,35 +389,6 @@ ldapssl_clientauth_init( const char *certdbpath, void *certdbhandle, } -/* - * This is not the most elegant solution to SSL strength, but it - * works because ldapssl_advclientauth_init() is only called once. - */ - -int get_ssl_strength( void ) -{ - return ssl_strength; -} - -/* - * At some point we might want to consider protecting this - * with a mutex.. For now there is no need. - */ -int set_ssl_strength(int strength_val) -{ - - if (strength_val == LDAPSSL_AUTH_WEAK || - strength_val == LDAPSSL_AUTH_CERT || - strength_val == LDAPSSL_AUTH_CNCHECK ) { - ssl_strength = strength_val; - return LDAP_SUCCESS; - } - return LDAP_PARAM_ERROR; - -} - - - /* * Initialize ns/security so it can be used for SSL client authentication. * It is safe to call this more than once. @@ -487,10 +457,7 @@ ldapssl_advclientauth_init( inited = 1; - set_ssl_strength( sslstrength ); - - return( 0 ); - + return ( ldapssl_set_strength( NULL, sslstrength )); } @@ -591,12 +558,7 @@ ldapssl_pkcs_init( const struct ldapssl_pkcs_fns *pfns ) ldapssl_free((void **) &certdbName ); } - /* - set_ssl_strength( sslstrength ); - */ - - set_ssl_strength( LDAPSSL_AUTH_CERT ); - return( 0 ); + return ( ldapssl_set_strength( NULL, LDAPSSL_AUTH_CERT )); } @@ -637,10 +599,8 @@ ldapssl_serverauth_init(const char* certdbpath, void *certdbhandle, const int sslstrength ) { - int rc = LDAP_SUCCESS; - - if ((rc = set_ssl_strength( sslstrength )) != LDAP_SUCCESS) { - return ( rc ); + if ( ldapssl_set_strength( NULL, sslstrength ) != 0 ) { + return( -1 ); } return( ldapssl_clientauth_init( certdbpath, certdbhandle, diff --git a/mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c b/mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c index 09d8a197d70..2ffba861811 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c +++ b/mozilla/directory/c-sdk/ldap/libraries/libssldap/ldapsinit.c @@ -75,9 +75,11 @@ typedef struct ldapssl_std_functions { */ typedef struct ldapssl_session_info { int lssei_using_pcks_fns; + int lssei_ssl_strength; char *lssei_certnickname; char *lssei_keypasswd; LDAPSSLStdFunctions lssei_std_functions; + CERTCertDBHandle *lssei_certdbh; } LDAPSSLSessionInfo; @@ -103,12 +105,6 @@ void set_using_pkcs_functions( int val ) } -/* - * External functions... this function currently lives in clientinit.c - */ -int get_ssl_strength( void ); - - /* * Utility functions: */ @@ -120,7 +116,7 @@ static void ldapssl_free_socket_info( LDAPSSLSocketInfo **soipp ); * SSL Stuff */ -static int ldapssl_AuthCertificate(void *certdbarg, PRFileDesc *fd, +static int ldapssl_AuthCertificate(void *sessionarg, PRFileDesc *fd, PRBool checkSig, PRBool isServer); /* @@ -137,6 +133,12 @@ static SECStatus check_clientauth_nicknames_and_passwd( LDAP *ld, static char *get_keypassword( PK11SlotInfo *slot, PRBool retry, void *sessionarg ); +/* + * Static variables. + */ +static int default_ssl_strength = LDAPSSL_AUTH_CERT; + + /* * Like ldap_init(), except also install I/O routines from libsec so we * can support SSL. If defsecure is non-zero, SSL is enabled for the @@ -290,7 +292,7 @@ do_ldapssl_connect(const char *hostlist, int defport, int timeout, */ SSL_AuthCertificateHook( soi.soinfo_prfd, (SSLAuthCertificate)ldapssl_AuthCertificate, - (void *)CERT_GetDefaultCertDB()); + (void *)sseip ); if ( SSL_GetClientAuthDataHook( soi.soinfo_prfd, get_clientauth_data, clientauth ? sseip : NULL ) != 0 ) { @@ -382,7 +384,16 @@ ldapssl_install_routines( LDAP *ld ) ldap_set_lderrno( ld, LDAP_NO_MEMORY, NULL, NULL ); return( -1 ); } + + /* + * Initialize session info. + * XXX: it would be nice to be able to set these on a per-session basis: + * lssei_using_pcks_fns + * lssei_certdbh + */ + ssip->lssei_ssl_strength = default_ssl_strength; ssip->lssei_using_pcks_fns = using_pkcs_functions; + ssip->lssei_certdbh = CERT_GetDefaultCertDB(); /* * override a few functions, saving a pointer to the standard function @@ -489,6 +500,47 @@ ldapssl_enable_clientauth( LDAP *ld, char *keynickname, } +/* + * Set the SSL strength for an existing SSL-enabled LDAP session handle. + * + * See the description of ldapssl_serverauth_init() above for valid + * sslstrength values. If ld is NULL, the default for new LDAP session + * handles is set. + * + * Returns 0 if all goes well and -1 if an error occurs. + */ +int +LDAP_CALL +ldapssl_set_strength( LDAP *ld, int sslstrength ) +{ + int rc = 0; /* assume success */ + + if ( sslstrength != LDAPSSL_AUTH_WEAK && + sslstrength != LDAPSSL_AUTH_CERT && + sslstrength != LDAPSSL_AUTH_CNCHECK ) { + rc = -1; + } else { + if ( NULL == ld ) { /* set default strength */ + default_ssl_strength = sslstrength; + } else { /* set session-specific strength */ + PRLDAPSessionInfo sei; + LDAPSSLSessionInfo *sseip; + + memset( &sei, 0, sizeof( sei )); + sei.seinfo_size = PRLDAP_SESSIONINFO_SIZE; + if ( prldap_get_session_info( ld, NULL, &sei ) == LDAP_SUCCESS ) { + sseip = (LDAPSSLSessionInfo *)sei.seinfo_appdata; + sseip->lssei_ssl_strength = sslstrength; + } else { + rc = -1; + } + } + } + + return( rc ); +} + + static void ldapssl_free_session_info( LDAPSSLSessionInfo **ssipp ) { @@ -523,27 +575,25 @@ ldapssl_free_socket_info( LDAPSSLSocketInfo **soipp ) * the cn is checked against the host name, set with SSL_SetURL() */ -/* - * XXXceb NOTE, this needs to be fixed to check for the MITM hack 980623 - */ - static int -ldapssl_AuthCertificate(void *certdbarg, PRFileDesc *fd, PRBool checkSig, +ldapssl_AuthCertificate(void *sessionarg, PRFileDesc *fd, PRBool checkSig, PRBool isServer) { - SECStatus rv = SECFailure; - CERTCertDBHandle * handle; - CERTCertificate * cert; - SECCertUsage certUsage; - char * hostname = (char *)0; - - if (!certdbarg || !socket) + SECStatus rv = SECFailure; + LDAPSSLSessionInfo *sseip; + CERTCertificate *cert; + SECCertUsage certUsage; + char *hostname = (char *)0; + + if (!sessionarg || !socket) { return rv; + } - if (LDAPSSL_AUTH_WEAK == get_ssl_strength() ) - return SECSuccess; + sseip = (LDAPSSLSessionInfo *)sessionarg; - handle = (CERTCertDBHandle *)certdbarg; + if (LDAPSSL_AUTH_WEAK == sseip->lssei_ssl_strength ) { /* no check */ + return SECSuccess; + } if ( isServer ) { certUsage = certUsageSSLClient; @@ -552,13 +602,14 @@ ldapssl_AuthCertificate(void *certdbarg, PRFileDesc *fd, PRBool checkSig, } cert = SSL_PeerCertificate( fd ); - rv = CERT_VerifyCertNow(handle, cert, checkSig, certUsage, NULL); + rv = CERT_VerifyCertNow(sseip->lssei_certdbh, cert, checkSig, + certUsage, NULL); - if ( rv != SECSuccess || isServer ) + if ( rv != SECSuccess || isServer ) { return rv; + } - if ( LDAPSSL_AUTH_CNCHECK == get_ssl_strength() ) - { + if ( LDAPSSL_AUTH_CNCHECK == sseip->lssei_ssl_strength ) { /* cert is OK. This is the client side of an SSL connection. * Now check the name field in the cert against the desired hostname. * NB: This is our only defense against Man-In-The-Middle (MITM) diff --git a/mozilla/directory/c-sdk/ldap/libraries/macintosh/LDAPSSLClient.exp b/mozilla/directory/c-sdk/ldap/libraries/macintosh/LDAPSSLClient.exp index aae918f6c82..f4e2fd822bb 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/macintosh/LDAPSSLClient.exp +++ b/mozilla/directory/c-sdk/ldap/libraries/macintosh/LDAPSSLClient.exp @@ -10,6 +10,7 @@ ldapssl_advclientauth_init ldapssl_pkcs_init ldapssl_err2string ldapssl_serverauth_init +ldapssl_set_strength # the last Windows ordinal number that has been reserved for SSL is 469. # Windows ordinals 1100-1150 are reserved for privately/non-published diff --git a/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/ldapssl.def b/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/ldapssl.def index 8dadfba9756..65870dd5331 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/ldapssl.def +++ b/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/ldapssl.def @@ -12,6 +12,7 @@ ldapssl_pkcs_init @457 ldapssl_err2string @458 ldapssl_serverauth_init @459 + ldapssl_set_strength @460 ; the last Windows ordinal number that has been reserved for SSL is 469. ; Windows ordinals 1100-1150 are reserved for privately/non-published diff --git a/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nsldapssl32.def b/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nsldapssl32.def index 81c57eb2d2c..4952f28c4d6 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nsldapssl32.def +++ b/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nsldapssl32.def @@ -18,6 +18,7 @@ EXPORTS ldapssl_pkcs_init @457 ldapssl_err2string @458 ldapssl_serverauth_init @459 + ldapssl_set_strength @460 ; the last Windows ordinal number that has been reserved for SSL is 469. ; Windows ordinals 1100-1150 are reserved for privately/non-published diff --git a/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nssldap32.def b/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nssldap32.def index 125d3d5578e..e32b6c9cdea 100644 --- a/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nssldap32.def +++ b/mozilla/directory/c-sdk/ldap/libraries/msdos/winsock/nssldap32.def @@ -18,6 +18,7 @@ EXPORTS ldapssl_pkcs_init @457 ldapssl_err2string @458 ldapssl_serverauth_init @459 + ldapssl_set_strength @460 ; the last Windows ordinal number that has been reserved for SSL is 469. ; Windows ordinals 1100-1150 are reserved for privately/non-published