summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--pki/base/native-tools/src/bulkissuance/bulkissuance.c110
-rw-r--r--pki/base/native-tools/src/revoker/revoker.c110
-rw-r--r--pki/base/native-tools/src/setpin/setpin.c5
-rw-r--r--pki/base/native-tools/src/sslget/sslget.c107
-rw-r--r--pki/base/ra/apache/conf/httpd.conf2
-rw-r--r--pki/base/ra/apache/conf/nss.conf4
-rwxr-xr-xpki/base/ra/etc/init.d/httpd8
-rw-r--r--pki/base/tps/apache/conf/httpd.conf2
-rw-r--r--pki/base/tps/apache/conf/nss.conf4
-rwxr-xr-xpki/base/tps/etc/init.d/httpd8
-rw-r--r--pki/base/tps/src/authentication/LDAP_Authentication.cpp7
-rw-r--r--pki/base/tps/src/include/tus/tus_db.h1
-rw-r--r--pki/base/tps/src/tus/tus_db.c4
-rw-r--r--pki/base/tps/tools/tus/test.c5
14 files changed, 254 insertions, 123 deletions
diff --git a/pki/base/native-tools/src/bulkissuance/bulkissuance.c b/pki/base/native-tools/src/bulkissuance/bulkissuance.c
index 310dca06f..1517b20df 100644
--- a/pki/base/native-tools/src/bulkissuance/bulkissuance.c
+++ b/pki/base/native-tools/src/bulkissuance/bulkissuance.c
@@ -444,47 +444,62 @@ do_connect(
{
PRFileDesc * ssl_sock;
PRFileDesc * tcp_sock;
- PRStatus prStatus;
- SECStatus result;
- int rv = SECSuccess;
+ PRStatus prStatus;
+ SECStatus result;
+ int rv = SECSuccess;
PRSocketOptionData opt;
- tcp_sock = PR_NewTCPSocket();
+ int family = PR_NetAddrFamily( addr );
+
+ tcp_sock = PR_OpenTCPSocket( family );
if (tcp_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket on tcp socket");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcp_sock, &opt);
if (prStatus != PR_SUCCESS) {
- PR_Close(tcp_sock);
- return SECSuccess;
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
+ /* Don't return SECFailure? */
+ return SECSuccess;
}
prStatus = PR_Connect(tcp_sock, addr, PR_SecondsToInterval(3));
if (prStatus != PR_SUCCESS) {
- errWarn("PR_Connect");
+ errWarn("PR_Connect");
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
exit(6);
}
ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
/* XXX if this import fails, close tcp_sock and return. */
if (!ssl_sock) {
- PR_Close(tcp_sock);
- exit(7);
- return SECFailure;
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
+ exit(7);
}
rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- exit(8);
+ errWarn("SSL_ResetHandshake");
+ exit(8);
}
result = do_io( ssl_sock, connection);
- PR_Close(ssl_sock);
+ if( ssl_sock != NULL ) {
+ PR_Close(ssl_sock);
+ ssl_sock = NULL;
+ }
return SECSuccess;
}
@@ -520,57 +535,81 @@ client_main(
int connections,
SECKEYPrivateKey ** privKey,
CERTCertificate ** cert,
- const char * hostName,
- char * nickName)
+ const char * hostName,
+ char * nickName)
{
- PRFileDesc *model_sock = NULL;
+ PRFileDesc *model_sock = NULL;
int rv;
- PRUint32 ipAddress; /* in host byte order */
- PRNetAddr addr;
- /* Assemble NetAddr struct for connections. */
- ipAddress = getIPAddress(hostName);
FPRINTF(stderr, "port: %d\n", port);
- addr.inet.family = PR_AF_INET;
- addr.inet.port = PR_htons(port);
- addr.inet.ip = PR_htonl(ipAddress);
-
/* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
NSS_SetDomesticPolicy();
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
+ /* SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE); */
+
+ /*
+ * Rifle through the values for the host
+ */
+
+ PRAddrInfo *ai;
+ void *iter;
+ PRNetAddr addr;
+ int family = PR_AF_INET;
+
+ ai = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+ if (ai) {
+ FPRINTF( stderr, "addr='%s'\n", PR_GetCanonNameFromAddrInfo( ai ) );
+ iter = NULL;
+ while ((iter = PR_EnumerateAddrInfo(iter, ai, 0, &addr)) != NULL) {
+ family = PR_NetAddrFamily(&addr);
+ FPRINTF( stderr, "family='%d'\n", family );
+ break;
+ }
+ PR_FreeAddrInfo(ai);
+ }
- /* configure model SSL socket. */
+ PR_SetNetAddr( PR_IpAddrNull, family, port, &addr );
- model_sock = PR_NewTCPSocket();
+ model_sock = PR_OpenTCPSocket( family );
if (model_sock == NULL) {
- errExit("PR_NewTCPSocket on model socket");
+ errExit("PR_OpenTCPSocket on tcp socket");
}
+ /* Should we really be re-using the same socket? */
model_sock = SSL_ImportFD(NULL, model_sock);
+
+
+ /* check on success of call to SSL_ImportFD() */
if (model_sock == NULL) {
- errExit("SSL_ImportFD");
+ errExit("SSL_ImportFD");
}
+ /* enable ECC cipher also */
+
/* do SSL configuration. */
rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1);
if (rv < 0) {
- errExit("SSL_OptionSet SSL_SECURITY");
+ if( model_sock != NULL ) {
+ PR_Close( model_sock );
+ model_sock = NULL;
+ }
+ errExit("SSL_OptionSet SSL_SECURITY");
}
SSL_SetURL(model_sock, hostName);
SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
+ (void *)CERT_GetDefaultCertDB());
SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
SSL_GetClientAuthDataHook(model_sock,
- (SSLGetClientAuthData)my_GetClientAuthData,
- nickName);
+ (SSLGetClientAuthData)my_GetClientAuthData,
+ nickName);
/* I'm not going to set the HandshakeCallback function. */
@@ -578,7 +617,10 @@ client_main(
rv = do_connect(&addr, model_sock, 1);
- PR_Close(model_sock);
+ if( model_sock != NULL ) {
+ PR_Close( model_sock );
+ model_sock = NULL;
+ }
}
diff --git a/pki/base/native-tools/src/revoker/revoker.c b/pki/base/native-tools/src/revoker/revoker.c
index 08a002436..0aa6407b1 100644
--- a/pki/base/native-tools/src/revoker/revoker.c
+++ b/pki/base/native-tools/src/revoker/revoker.c
@@ -427,47 +427,62 @@ do_connect(
{
PRFileDesc * ssl_sock;
PRFileDesc * tcp_sock;
- PRStatus prStatus;
- SECStatus result;
- int rv = SECSuccess;
+ PRStatus prStatus;
+ SECStatus result;
+ int rv = SECSuccess;
PRSocketOptionData opt;
- tcp_sock = PR_NewTCPSocket();
+ int family = PR_NetAddrFamily( addr );
+
+ tcp_sock = PR_OpenTCPSocket( family );
if (tcp_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket on tcp socket");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcp_sock, &opt);
if (prStatus != PR_SUCCESS) {
- PR_Close(tcp_sock);
- return SECSuccess;
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
+ /* Don't return SECFailure? */
+ return SECSuccess;
}
prStatus = PR_Connect(tcp_sock, addr, PR_SecondsToInterval(3));
if (prStatus != PR_SUCCESS) {
- errWarn("PR_Connect");
+ errWarn("PR_Connect");
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
exit(6);
}
ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
/* XXX if this import fails, close tcp_sock and return. */
if (!ssl_sock) {
- PR_Close(tcp_sock);
- exit(7);
- return SECFailure;
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
+ exit(7);
}
rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- exit(8);
+ errWarn("SSL_ResetHandshake");
+ exit(8);
}
result = do_io( ssl_sock, connection);
- PR_Close(ssl_sock);
+ if( ssl_sock != NULL ) {
+ PR_Close(ssl_sock);
+ ssl_sock = NULL;
+ }
return SECSuccess;
}
@@ -503,57 +518,81 @@ client_main(
int connections,
SECKEYPrivateKey ** privKey,
CERTCertificate ** cert,
- const char * hostName,
- char * nickName)
+ const char * hostName,
+ char * nickName)
{
- PRFileDesc *model_sock = NULL;
+ PRFileDesc *model_sock = NULL;
int rv;
- PRUint32 ipAddress; /* in host byte order */
- PRNetAddr addr;
- /* Assemble NetAddr struct for connections. */
- ipAddress = getIPAddress(hostName);
FPRINTF(stderr, "port: %d\n", port);
- addr.inet.family = PR_AF_INET;
- addr.inet.port = PR_htons(port);
- addr.inet.ip = PR_htonl(ipAddress);
-
/* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
NSS_SetDomesticPolicy();
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
+ /* SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE); */
+
+ /*
+ * Rifle through the values for the host
+ */
+
+ PRAddrInfo *ai;
+ void *iter;
+ PRNetAddr addr;
+ int family = PR_AF_INET;
+
+ ai = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+ if (ai) {
+ FPRINTF( stderr, "addr='%s'\n", PR_GetCanonNameFromAddrInfo( ai ) );
+ iter = NULL;
+ while ((iter = PR_EnumerateAddrInfo(iter, ai, 0, &addr)) != NULL) {
+ family = PR_NetAddrFamily(&addr);
+ FPRINTF( stderr, "family='%d'\n", family );
+ break;
+ }
+ PR_FreeAddrInfo(ai);
+ }
- /* configure model SSL socket. */
+ PR_SetNetAddr( PR_IpAddrNull, family, port, &addr );
- model_sock = PR_NewTCPSocket();
+ model_sock = PR_OpenTCPSocket( family );
if (model_sock == NULL) {
- errExit("PR_NewTCPSocket on model socket");
+ errExit("PR_OpenTCPSocket on tcp socket");
}
+ /* Should we really be re-using the same socket? */
model_sock = SSL_ImportFD(NULL, model_sock);
+
+
+ /* check on success of call to SSL_ImportFD() */
if (model_sock == NULL) {
- errExit("SSL_ImportFD");
+ errExit("SSL_ImportFD");
}
+ /* enable ECC cipher also */
+
/* do SSL configuration. */
rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1);
if (rv < 0) {
- errExit("SSL_OptionSet SSL_SECURITY");
+ if( model_sock != NULL ) {
+ PR_Close( model_sock );
+ model_sock = NULL;
+ }
+ errExit("SSL_OptionSet SSL_SECURITY");
}
SSL_SetURL(model_sock, hostName);
SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
+ (void *)CERT_GetDefaultCertDB());
SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
SSL_GetClientAuthDataHook(model_sock,
- (SSLGetClientAuthData)my_GetClientAuthData,
- nickName);
+ (SSLGetClientAuthData)my_GetClientAuthData,
+ nickName);
/* I'm not going to set the HandshakeCallback function. */
@@ -561,7 +600,10 @@ client_main(
rv = do_connect(&addr, model_sock, 1);
- PR_Close(model_sock);
+ if( model_sock != NULL ) {
+ PR_Close( model_sock );
+ model_sock = NULL;
+ }
}
diff --git a/pki/base/native-tools/src/setpin/setpin.c b/pki/base/native-tools/src/setpin/setpin.c
index 06306beb4..a0179c63e 100644
--- a/pki/base/native-tools/src/setpin/setpin.c
+++ b/pki/base/native-tools/src/setpin/setpin.c
@@ -47,6 +47,7 @@
#include <ldap.h>
#include <ldap_ssl.h>
+#include <ldappr.h>
#define USE_NSS_RANDOM
@@ -610,7 +611,7 @@ void doLDAPBind() {
/* ld = ldapssl_init(o_host,port,LDAPSSL_AUTH_CNCHECK); */
}
else {
- ld = ldap_init(o_host,port);
+ ld = prldap_init(o_host,port,1);
}
if (ld == NULL) {
errcode=4;
@@ -618,7 +619,7 @@ void doLDAPBind() {
}
if (o_debug) {
- fprintf(stderr,"# ldap_init completed\n");
+ fprintf(stderr,"# prldap_init completed\n");
}
r = ldap_simple_bind_s(ld,o_binddn,o_bindpw);
diff --git a/pki/base/native-tools/src/sslget/sslget.c b/pki/base/native-tools/src/sslget/sslget.c
index d08a9cf4c..6a8abda23 100644
--- a/pki/base/native-tools/src/sslget/sslget.c
+++ b/pki/base/native-tools/src/sslget/sslget.c
@@ -417,47 +417,62 @@ do_connect(
{
PRFileDesc * ssl_sock;
PRFileDesc * tcp_sock;
- PRStatus prStatus;
- SECStatus result;
- int rv = SECSuccess;
+ PRStatus prStatus;
+ SECStatus result;
+ int rv = SECSuccess;
PRSocketOptionData opt;
- tcp_sock = PR_NewTCPSocket();
+ int family = PR_NetAddrFamily( addr );
+
+ tcp_sock = PR_OpenTCPSocket( family );
if (tcp_sock == NULL) {
- errExit("PR_NewTCPSocket");
+ errExit("PR_OpenTCPSocket on tcp socket");
}
opt.option = PR_SockOpt_Nonblocking;
opt.value.non_blocking = PR_FALSE;
prStatus = PR_SetSocketOption(tcp_sock, &opt);
if (prStatus != PR_SUCCESS) {
- PR_Close(tcp_sock);
- return SECSuccess;
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
+ /* Don't return SECFailure? */
+ return SECSuccess;
}
prStatus = PR_Connect(tcp_sock, addr, PR_SecondsToInterval(3));
if (prStatus != PR_SUCCESS) {
- errWarn("PR_Connect");
+ errWarn("PR_Connect");
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
exit(6);
}
ssl_sock = SSL_ImportFD(model_sock, tcp_sock);
/* XXX if this import fails, close tcp_sock and return. */
if (!ssl_sock) {
- PR_Close(tcp_sock);
- exit(7);
- return SECFailure;
+ if( tcp_sock != NULL ) {
+ PR_Close(tcp_sock);
+ tcp_sock = NULL;
+ }
+ exit(7);
}
rv = SSL_ResetHandshake(ssl_sock, /* asServer */ 0);
if (rv != SECSuccess) {
- errWarn("SSL_ResetHandshake");
- exit(8);
+ errWarn("SSL_ResetHandshake");
+ exit(8);
}
result = do_io( ssl_sock, connection);
- PR_Close(ssl_sock);
+ if( ssl_sock != NULL ) {
+ PR_Close(ssl_sock);
+ ssl_sock = NULL;
+ }
return SECSuccess;
}
@@ -493,39 +508,56 @@ client_main(
int connections,
SECKEYPrivateKey ** privKey,
CERTCertificate ** cert,
- const char * hostName,
- char * nickName)
+ const char * hostName,
+ char * nickName)
{
- PRFileDesc *model_sock = NULL;
+ PRFileDesc *model_sock = NULL;
int rv;
- PRUint32 ipAddress; /* in host byte order */
- PRNetAddr addr;
- /* Assemble NetAddr struct for connections. */
- ipAddress = getIPAddress(hostName);
FPRINTF(stderr, "port: %d\n", port);
- addr.inet.family = PR_AF_INET;
- addr.inet.port = PR_htons(port);
- addr.inet.ip = PR_htonl(ipAddress);
-
/* all suites except RSA_NULL_MD5 are enabled by Domestic Policy */
NSS_SetDomesticPolicy();
/* all the SSL2 and SSL3 cipher suites are enabled by default. */
SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE);
- /* configure model SSL socket. */
+ /*
+ * Rifle through the values for the host
+ */
+
+ PRAddrInfo *ai;
+ void *iter;
+ PRNetAddr addr;
+ int family = PR_AF_INET;
+
+ ai = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+ if (ai) {
+ FPRINTF( stderr, "addr='%s'\n", PR_GetCanonNameFromAddrInfo( ai ) );
+ iter = NULL;
+ while ((iter = PR_EnumerateAddrInfo(iter, ai, 0, &addr)) != NULL) {
+ family = PR_NetAddrFamily(&addr);
+ FPRINTF( stderr, "family='%d'\n", family );
+ break;
+ }
+ PR_FreeAddrInfo(ai);
+ }
+
+ PR_SetNetAddr( PR_IpAddrNull, family, port, &addr );
- model_sock = PR_NewTCPSocket();
+ model_sock = PR_OpenTCPSocket( family );
if (model_sock == NULL) {
- errExit("PR_NewTCPSocket on model socket");
+ errExit("PR_OpenTCPSocket on tcp socket");
}
+ /* Should we really be re-using the same socket? */
model_sock = SSL_ImportFD(NULL, model_sock);
+
+
+ /* check on success of call to SSL_ImportFD() */
if (model_sock == NULL) {
- errExit("SSL_ImportFD");
+ errExit("SSL_ImportFD");
}
/* enable ECC cipher also */
@@ -534,19 +566,23 @@ client_main(
rv = SSL_OptionSet(model_sock, SSL_SECURITY, 1);
if (rv < 0) {
- errExit("SSL_OptionSet SSL_SECURITY");
+ if( model_sock != NULL ) {
+ PR_Close( model_sock );
+ model_sock = NULL;
+ }
+ errExit("SSL_OptionSet SSL_SECURITY");
}
SSL_SetURL(model_sock, hostName);
SSL_AuthCertificateHook(model_sock, mySSLAuthCertificate,
- (void *)CERT_GetDefaultCertDB());
+ (void *)CERT_GetDefaultCertDB());
SSL_BadCertHook(model_sock, myBadCertHandler, NULL);
SSL_GetClientAuthDataHook(model_sock,
- (SSLGetClientAuthData)my_GetClientAuthData,
- nickName);
+ (SSLGetClientAuthData)my_GetClientAuthData,
+ nickName);
/* I'm not going to set the HandshakeCallback function. */
@@ -554,7 +590,10 @@ client_main(
rv = do_connect(&addr, model_sock, 1);
- PR_Close(model_sock);
+ if( model_sock != NULL ) {
+ PR_Close( model_sock );
+ model_sock = NULL;
+ }
}
diff --git a/pki/base/ra/apache/conf/httpd.conf b/pki/base/ra/apache/conf/httpd.conf
index 7362d80ce..4e6d2151f 100644
--- a/pki/base/ra/apache/conf/httpd.conf
+++ b/pki/base/ra/apache/conf/httpd.conf
@@ -217,7 +217,7 @@ MaxRequestsPerChild 0
#
#Listen 12.34.56.78:80
-Listen 0.0.0.0:[PORT]
+Listen [PORT]
#
# Dynamic Shared Object (DSO) Support
diff --git a/pki/base/ra/apache/conf/nss.conf b/pki/base/ra/apache/conf/nss.conf
index 2d8ad8720..668074e4c 100644
--- a/pki/base/ra/apache/conf/nss.conf
+++ b/pki/base/ra/apache/conf/nss.conf
@@ -15,9 +15,9 @@
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
-Listen 0.0.0.0:[SECURE_PORT]
+Listen [SECURE_PORT]
-Listen 0.0.0.0:[NON_CLIENTAUTH_SECURE_PORT]
+Listen [NON_CLIENTAUTH_SECURE_PORT]
##
## SSL Global Context
diff --git a/pki/base/ra/etc/init.d/httpd b/pki/base/ra/etc/init.d/httpd
index 77c60966c..bacfeb214 100755
--- a/pki/base/ra/etc/init.d/httpd
+++ b/pki/base/ra/etc/init.d/httpd
@@ -231,7 +231,7 @@ get_pki_status_definitions()
if [ "$head" == "$listen_statement" ] ; then
# once the 'unsecure' listen statement has been found,
# extract the numeric port information
- port=`echo $line | cut -d: -f2`
+ port=`echo $line | cut -b8-`
UNSECURE_PORT=$port
echo " Unsecure Port = http://[SERVER_NAME]:${UNSECURE_PORT}"
total_ports=`expr ${total_ports} + 1`
@@ -251,7 +251,7 @@ get_pki_status_definitions()
[ ${total_ports} -eq 2 ] ; then
# once the 'non-clientauth' listen statement has been found,
# extract the numeric port information
- non_clientauth_port=`echo $line | cut -d: -f2`
+ non_clientauth_port=`echo $line | cut -b8-`
NON_CLIENTAUTH_PORT=$non_clientauth_port
echo " Secure Non-Clientauth Port = https://[SERVER_NAME]:${NON_CLIENTAUTH_PORT}"
total_ports=`expr ${total_ports} + 1`
@@ -261,7 +261,7 @@ get_pki_status_definitions()
[ ${total_ports} -eq 1 ] ; then
# once the 'clientauth' listen statement has been found,
# extract the numeric port information
- clientauth_port=`echo $line | cut -d: -f2`
+ clientauth_port=`echo $line | cut -b8-`
CLIENTAUTH_PORT=$clientauth_port
echo " Secure Clientauth Port = https://[SERVER_NAME]:${CLIENTAUTH_PORT}"
total_ports=`expr ${total_ports} + 1`
@@ -483,7 +483,7 @@ get_pki_secure_port()
if [ "$head" == "$listen_statement" ] ; then
# once the 'clientauth' listen statement has been found,
# extract the numeric port information
- port=`echo $line | cut -d: -f2`
+ port=`echo $line | cut -b8-`
SECURE_PORT=$port
return 0
fi
diff --git a/pki/base/tps/apache/conf/httpd.conf b/pki/base/tps/apache/conf/httpd.conf
index a5dcf8390..7d1e8acdf 100644
--- a/pki/base/tps/apache/conf/httpd.conf
+++ b/pki/base/tps/apache/conf/httpd.conf
@@ -217,7 +217,7 @@ MaxRequestsPerChild 0
#
#Listen 12.34.56.78:80
-Listen 0.0.0.0:[PORT]
+Listen [PORT]
#
# Dynamic Shared Object (DSO) Support
diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf
index c619ec26e..70c64116f 100644
--- a/pki/base/tps/apache/conf/nss.conf
+++ b/pki/base/tps/apache/conf/nss.conf
@@ -15,9 +15,9 @@
# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
# Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
#
-Listen 0.0.0.0:[SECURE_PORT]
+Listen [SECURE_PORT]
-Listen 0.0.0.0:[NON_CLIENTAUTH_SECURE_PORT]
+Listen [NON_CLIENTAUTH_SECURE_PORT]
##
## SSL Global Context
diff --git a/pki/base/tps/etc/init.d/httpd b/pki/base/tps/etc/init.d/httpd
index 567381c6e..5c3611f77 100755
--- a/pki/base/tps/etc/init.d/httpd
+++ b/pki/base/tps/etc/init.d/httpd
@@ -234,7 +234,7 @@ get_pki_status_definitions()
if [ "$head" == "$listen_statement" ] ; then
# once the 'unsecure' listen statement has been found,
# extract the numeric port information
- port=`echo $line | cut -d: -f2`
+ port=`echo $line | cut -b8-`
UNSECURE_PORT=$port
echo " Unsecure Port = http://[SERVER_NAME]:${UNSECURE_PORT}/cgi-bin/so/enroll.cgi"
echo " (ESC Security Officer Enrollment)"
@@ -257,7 +257,7 @@ get_pki_status_definitions()
[ ${total_ports} -eq 2 ] ; then
# once the 'non-clientauth' listen statement has been found,
# extract the numeric port information
- non_clientauth_port=`echo $line | cut -d: -f2`
+ non_clientauth_port=`echo $line | cut -b8-`
NON_CLIENTAUTH_PORT=$non_clientauth_port
echo " Secure Non-Clientauth Port = https://[SERVER_NAME]:${NON_CLIENTAUTH_PORT}/cgi-bin/so/enroll.cgi"
echo " (ESC Security Officer Enrollment)"
@@ -270,7 +270,7 @@ get_pki_status_definitions()
[ ${total_ports} -eq 1 ] ; then
# once the 'clientauth' listen statement has been found,
# extract the numeric port information
- clientauth_port=`echo $line | cut -d: -f2`
+ clientauth_port=`echo $line | cut -b8-`
CLIENTAUTH_PORT=$clientauth_port
echo " Secure Clientauth Port = https://[SERVER_NAME]:${CLIENTAUTH_PORT}/cgi-bin/sow/welcome.cgi"
echo " (ESC Security Officer Workstation)"
@@ -494,7 +494,7 @@ get_pki_secure_port()
if [ "$head" == "$listen_statement" ] ; then
# once the 'clientauth' listen statement has been found,
# extract the numeric port information
- port=`echo $line | cut -d: -f2`
+ port=`echo $line | cut -b8-`
SECURE_PORT=$port
return 0
fi
diff --git a/pki/base/tps/src/authentication/LDAP_Authentication.cpp b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
index da32898c4..22796b360 100644
--- a/pki/base/tps/src/authentication/LDAP_Authentication.cpp
+++ b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
@@ -25,6 +25,7 @@
#include "engine/RA.h"
#include "ldap.h"
#include "ldap_ssl.h"
+#include "ldappr.h"
#include "authentication/LDAP_Authentication.h"
#include "authentication/Authentication.h"
#include "main/Memory.h"
@@ -181,13 +182,15 @@ int LDAP_Authentication::Authenticate(AuthParams *params)
/* handling of SSL */
ld = ldapssl_init(host, port, 1);
} else {
- ld = ldap_init(host, port);
+ /* NOTE: ldapssl_init() already utilizes */
+ /* prldap (IPv6) functionality. */
+ ld = prldap_init(host, port, 1);
}
while (ld == NULL && retries < m_connectRetries) {
RA::IncrementAuthCurrentIndex(m_connInfo->GetHostPortListLen());
GetHostPort(&host, &portStr);
port = atoi(portStr);
- ld = ldap_init(host, port);
+ ld = prldap_init(host, port, 1);
retries++;
}
diff --git a/pki/base/tps/src/include/tus/tus_db.h b/pki/base/tps/src/include/tus/tus_db.h
index d56ebb27c..f468a82ab 100644
--- a/pki/base/tps/src/include/tus/tus_db.h
+++ b/pki/base/tps/src/include/tus/tus_db.h
@@ -45,6 +45,7 @@
#include "ldap.h"
#include "ldap_ssl.h"
+#include "ldappr.h"
#include "pk11func.h"
#include "cryptohi.h"
#include "keyhi.h"
diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c
index 63d4958ac..b2c72adc4 100644
--- a/pki/base/tps/src/tus/tus_db.c
+++ b/pki/base/tps/src/tus/tus_db.c
@@ -884,7 +884,9 @@ static int tus_check_conn()
/* enabling SSL */
ld = ldapssl_init(host, port, 1);
} else {
- ld = ldap_init(host, port);
+ /* NOTE: ldapssl_init() already utilizes */
+ /* prldap (IPv6) functionality. */
+ ld = prldap_init(host, port, 1);
}
if (ld == NULL) {
return status;
diff --git a/pki/base/tps/tools/tus/test.c b/pki/base/tps/tools/tus/test.c
index 8def4b390..b73415d1b 100644
--- a/pki/base/tps/tools/tus/test.c
+++ b/pki/base/tps/tools/tus/test.c
@@ -36,6 +36,7 @@
#include <stdio.h>
#include "ldap.h"
+#include "ldappr.h"
/* Specify the search criteria here. */
#define HOSTNAME "localhost"
@@ -57,8 +58,8 @@ main( int argc, char **argv )
/* STEP 1: Get a handle to an LDAP connection and
set any session preferences. */
- if ( (ld = ldap_init( HOSTNAME, PORTNUMBER )) == NULL ) {
- perror( "ldap_init" );
+ if ( (ld = prldap_init( HOSTNAME, PORTNUMBER, 1 )) == NULL ) {
+ perror( "prldap_init" );
return( 1 );
}