aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-06-11Curl_output_digest: support auth-int for empty entity bodyDaniel Stenberg
By always returning the md5 for an empty body when auth-int is asked for, libcurl now at least sometimes does the right thing. Bug: http://curl.haxx.se/bug/view.cgi?id=1235 Patched-by: Nach M. S.
2013-06-11multi_socket: reduce timeout inaccuracy marginDaniel Stenberg
Allow less room for "triggered too early" mistakes by applications / timers on non-windows platforms. Starting now, we assume that a timeout call is never made earlier than 3 milliseconds before the actual timeout. This greatly improves timeout accuracy on Linux. Bug: http://curl.haxx.se/bug/view.cgi?id=1228 Reported-by: Hang Su
2013-06-10cert_stuff: avoid double free in the PKCS12 codeDaniel Stenberg
In the pkcs12 code, we get a list of x509 records returned from PKCS12_parse but when iterating over the list and passing each to SSL_CTX_add_extra_chain_cert() we didn't also properly remove them from the "stack", which made them get freed twice (both in sk_X509_pop_free() and then later in SSL_CTX_free). This isn't really documented anywhere... Bug: http://curl.haxx.se/bug/view.cgi?id=1236 Reported-by: Nikaiw
2013-06-10cert_stuff: remove code duplication in the pkcs12 logicDaniel Stenberg
2013-06-08axtls: honor disabled VERIFYHOSTAleksey Tulinov
When VERIFYHOST == 0, libcurl should let invalid certificates to pass.
2013-06-08curl_easy_setopt.3: HTTP header with no contentPeter Gal
Update the documentation on how to specify a HTTP header with no content.
2013-06-07RELEASE-NOTES: synced with 87cf677eca55Daniel Stenberg
Added 11 bugs and 7 contributors
2013-06-06lib1500: remove bad checkDaniel Stenberg
After curl_multi_wait() returns, this test checked that we got exactly one file descriptor told to read from, but we cannot be sure that is true. curl_multi_wait() will sometimes return earlier without any file descriptor to handle, just just because it is a suitable time to call *perform(). This problem showed up with commit 29bf0598. Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html Reported-by: Fabian Keil
2013-06-04tests/Makefile: typo in the perlcheck targetDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1239 Reported-by: Christian Weisgerber
2013-06-04test1230: verify CONNECT to a numerical ipv6-addressDaniel Stenberg
2013-06-04sws: support extracting test number from CONNECT ipv6-address!Daniel Stenberg
If an ipv6-address is provided to CONNECT, the last hexadecimal group in the address will be used as the test number! For example the address "[1234::ff]" would be treated as test case 255.
2013-06-04curl_multi_wait: only use internal timer if not -1Daniel Stenberg
commit 29bf0598aad5 introduced a problem when the "internal" timeout is prefered to the given if shorter, as it didn't consider the case where -1 was returned. Now the internal timeout is only considered if not -1. Reported-by: Tor Arntsen Bug: http://curl.haxx.se/mail/lib-2013-06/0015.html
2013-06-03libcurl-tutorial.3: added a section on IPv6Dan Fandrich
Also added a (correctly-escaped) backslash to the autoexec.bat example file and a new Windows character device name with a colon as examples of other characters that are special and potentially dangerous (this reverts and reworks commit 7d8d2a54).
2013-06-03curl_multi_wait: reduce timeout if the multi handle wants toDaniel Stenberg
If the multi handle's pending timeout is less than what is passed into this function, it will now opt to use the shorter time anyway since it is a very good hint that the handle wants to process something in a shorter time than what otherwise would happen. curl_multi_wait.3 was updated accordingly to clarify This is the reason for bug #1224 Bug: http://curl.haxx.se/bug/view.cgi?id=1224 Reported-by: Andrii Moiseiev
2013-06-03multi_runsingle: switch an if() condition for readabilityDaniel Stenberg
... because there's an identical check right next to it so using the operators in the check in the same order increases readability.
2013-06-02curl_schannel.c: Removed variable unused since 35874298e4Marc Hoersken
2013-06-02curl_setup.h: Fixed redefinition warning using mingw-w64Marc Hoersken
2013-05-30multi_runsingle: add braces to clarify the codeDaniel Stenberg
2013-05-28libcurl-tutorial.3: remove incorrect backslashDaniel Stenberg
A single backslash in the content is not legal nroff syntax. Reported and fixed by: Eric S. Raymond Bug: http://curl.haxx.se/bug/view.cgi?id=1234
2013-05-28curl_formadd.3: fixed wrong "end-marker" syntaxDaniel Stenberg
Reported and fixed by: Eric S. Raymond Bug: http://curl.haxx.se/bug/view.cgi?id=1233
2013-05-28curl.1: clarify that --silent still outputs dataDaniel Stenberg
2013-05-27Digest auth: escape user names with \ or " in themDaniel Stenberg
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
2013-05-22ossl_recv: SSL_read() returning 0 is an error tooMike Giancola
SSL_read can return 0 for "not successful", according to the open SSL documentation: http://www.openssl.org/docs/ssl/SSL_read.html
2013-05-22ossl_send: SSL_write() returning 0 is an error tooMike Giancola
We found that in specific cases if the connection is abruptly closed, the underlying socket is listed in a close_wait state. We continue to call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs report the socket closed / connection finished. Since we have cases where the multi connection is only used once, this can pose a problem for us. I've read that if another connection was to come in, curl would see the socket as bad and attempt to close it at that time - unfortunately, this does not work for us. I found that in specific situations, if SSL_write returns 0, curl did not recognize the socket as closed (or errored out) and did not report it to the application. I believe we need to change the code slightly, to check if ssl_write returns 0. If so, treat it as an error - the same as a negative return code. For OpenSSL - the ssl_write documentation is here: http://www.openssl.org/docs/ssl/SSL_write.html
2013-05-21KNOWN_BUGS: curl -OJC- fails to resumeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1169
2013-05-21Curl_cookie_add: handle IPv6 hostsDaniel Stenberg
1 - don't skip host names with a colon in them in an attempt to bail out on HTTP headers in the cookie file parser. It was only a shortcut anyway and trying to parse a file with HTTP headers will still be handled, only slightly slower. 2 - don't skip domain names based on number of dots. The original netscape cookie spec had this oddity mentioned and while our code decreased the check to only check for two, the existing cookie spec has no such dot counting required. Bug: http://curl.haxx.se/bug/view.cgi?id=1221 Reported-by: Stefan Neis
2013-05-20curl_easy_setopt.3: expand the PROGRESSFUNCTION sectionDaniel Stenberg
Explain the callback and its arguments better and with more descriptive text.
2013-05-19tests: add test1394 file to the tarballDaniel Stenberg
2013-05-19tarball: include the xmlstream exampleDaniel Stenberg
2013-05-19xmlstream: XML stream parsing example source codeDavid Strauss
Add an XML stream parsing example using Expat. Add missing ignore for the binary from an unrelated example.
2013-05-18cookies: only consider full path matchesYAMADA Yasuharu
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
2013-05-16axtls: prevent memleaks on SSL handshake failuresEric Hu
2013-05-12Revert "WIN32 MemoryTracking: track wcsdup() _wcsdup() and _tcsdup() usage"Daniel Stenberg
This reverts commit 8ec2cb5544b86306b702484ea785b6b9596562ab. We don't have any code anywhere in libcurl (or the curl tool) that use wcsdup so there's no such memory use to track. It seems to cause mild problems with the Borland compiler though that we may avoid by reverting this change again. Bug: http://curl.haxx.se/mail/lib-2013-05/0070.html
2013-05-12RELEASE-NOTES: synced with ae26ee3489588f0Daniel Stenberg
2013-05-11Updated zlib version in build files.Guenter Knauf
2013-05-09OS X framework: fix invalid symbolic linkRenaud Guillard
2013-05-09nss: give PR_INTERVAL_NO_WAIT instead of -1 to PR_Recv/PR_SendDaniel Stenberg
Reported by: David Strauss Bug: http://curl.haxx.se/mail/lib-2013-05/0088.html
2013-05-08libtest: gitignore more binary filesDaniel Stenberg
2013-05-07servercert: allow empty subjectDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1220 Patch by: John Gardiner Myers
2013-05-07tests: Added new SMTP tests to verify commit 99b40451836dSteve Holme
2013-05-07runtests.pl: support nonewline="yes" in client/stdin sectionsDaniel Stenberg
2013-05-06build: fixed unit1394 for debug and metlink buildsDaniel Stenberg
2013-05-06unit1394.c: plug the curl tool unit test inKamil Dudka
2013-05-06unit1394.c: basis of a unit test for parse_cert_parameter()Jared Jennings
2013-05-06src/Makefile.am: build static lib for unit tests if enabledKamil Dudka
2013-05-06tool_getparam: ensure string termination in parse_cert_parameter()Kamil Dudka
2013-05-06tool_getparam: fix memleak in handling the -E optionKamil Dudka
2013-05-06tool_getparam: describe what parse_cert_parameter() doesKamil Dudka
... and de-duplicate the code initializing *passphrase
2013-05-06curl.1: document escape sequences recognized by -EKamil Dudka
2013-05-06curl -E: allow to escape ':' in cert nicknameJared Jennings