Age | Commit message (Collapse) | Author |
|
|
|
If GnuTLS fails to read the certificate then include whatever reason it
provides in the failure message reported to the client.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
|
|
|
|
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.
gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
|
|
... even for those that don't support providing anything in the
'internals' struct member since it offers a convenient way for
applications to figure this out.
|
|
The easysrc generation is run only when --libcurl is initialized.
Ref: https://github.com/bagder/curl/issues/429
Closes #448
|
|
Closes #449
|
|
Like for example brotli, as being implemented in Firefox now.
|
|
- Review of 4d95491.
The author changed it so easysrc only initializes when --libcurl but did
not do the same for the call to easysrc cleanup.
Ref: https://github.com/bagder/curl/issues/429
|
|
closes #443
|
|
Closes #334
|
|
|
|
It is unreliable and causes CI problems on github
Closes #380
|
|
|
|
Code should only be generated when --libcurl is used.
Bug: https://github.com/bagder/curl/issues/429
Reported-by: @greafhe, Jay Satiro
Closes #429
Closes #442
|
|
- Change the designator name we use to show the base64 encoded sha256
hash of the server's public key from 'pinnedpubkey' to
'public key hash'.
Though the server's public key hash is only shown when comparing pinned
public key hashes, the server's hash may not match one of the pinned.
|
|
With NTLM a new connection will always require authentication.
Fixes #435
|
|
Add a "pinnedpubkey" section to the "Server Certificate" verbose
Bug: https://github.com/bagder/curl/issues/410
Reported-by: W. Mark Kubacki
Closes #430
Closes #410
|
|
Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f
Closes #440
|
|
|
|
Fixes #427
|
|
Without this workaround, NSS re-uses a session cache entry despite the
server name does not match. This causes SNI host name to differ from
the actual host name. Consequently, certain servers (e.g. github.com)
respond by 400 to such requests.
Bug: https://bugzilla.mozilla.org/1202264
|
|
|
|
|
|
... without sha256 support and no define saying so.
Reported-by: Rajkumar Mandal
|
|
CURLE_SSL_PINNEDPUBKEYNOTMATCH and CURLE_SSL_INVALIDCERTSTATUS
|
|
- Show how a certificate can be obtained using OpenSSL.
Bug: https://github.com/bagder/curl/pull/430
Reported-by: Daniel Hwang
|
|
|
|
|
|
|
|
|
|
|
|
|
|
s => is
Closes #428
|
|
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take
down the tone a bit.
It adds a warning for using -XHEAD on other methods becasue that may
lead to a hanging connection.
|
|
Bug: https://github.com/bagder/curl/pull/411
Reported-by: Viktor Szakats
|
|
|
|
|
|
long => double
|
|
Closes #409
|
|
If the port number in the proxy string ended weirdly or the number is
too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
numerical address is used without enclosing brackets.
Also mention the bracket requirement for IPv6 numerical addresses to the
man page for CURLOPT_PROXY.
Closes #415
Reported-by: Marcel Raad
|
|
In some timing-dependnt cases when a 4xx response immediately followed
after a 150 when a STOR was issued, this function would wrongly return
'complete == true' while 'wait_data_conn' was still set.
Closes #405
Reported-by: Patricia Muscalu
|
|
Closes #414
Closes #413
|
|
leavit => leaveit
closes #412
|
|
|
|
|
|
|
|
|
|
This reverts commit a60bde79f9adeb135d5c642a07f0d783fbfbbc25 I have
pushed by mistake. Apologies for my incompetent use of the git repo!
|
|
It causes dynamic linking issues at run-time after an update of NSS.
Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
|