Age | Commit message (Collapse) | Author |
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1378
Reported and Patched-by: Marcel Raad
|
|
|
|
Bug: http://curl.haxx.se/mail/lib-2014-06/0003.html
Reported-by: Дмитрий Фалько
|
|
The SASL/Digest previously used the current time's seconds +
microseconds to add randomness but it is much better to instead get more
data from Curl_rand().
It will also allow us to easier "fake" that for debug builds on demand
in a future.
|
|
|
|
|
|
|
|
|
|
|
|
Rather than use a short 8-byte hex string, extended the cnonce to be
32-bytes long, like Windows SSPI does.
Used a combination of random data as well as the current date and
time for the generation.
|
|
|
|
gcc spit out warning: variable 'x' might be clobbered by 'longjmp' or
'vfork' messages for a few variables. These automatic variables were
expected to be changed between a setjmp/longjmp and hold their values,
so are now marked volatile.
|
|
|
|
As with commit 11397eb6dd, use $(TargetDir) and $(TargetName) for the
Import Library output rather than $(OutDir)\$(ProjectName)d.lib and
$(OutDir)\$(ProjectName).lib.
|
|
Like with the curl tool project files use $(TargetDir)$(TargetName).pdb
rather than $(OutDir)$(ProjectName)d.pdb for the Program Database File
output.
|
|
It might not be the most useful combo, but...
|
|
|
|
"Any two of the parameters, readfds, writefds, or exceptfds, can be
given as null. At least one must be non-null, and any non-null
descriptor set must contain at least one handle to a socket."
http://msdn.microsoft.com/en-ca/library/windows/desktop/ms740141(v=vs.85).aspx
When using select(), cURL doesn't adhere to this (WinSock-specific)
rule, and can ask to monitor empty fd_sets, which leads to select()
returning WSAEINVAL (i.e. EINVAL) and connections failing in mysterious
ways as a result (at least when using the curl_multi_socket_action()
interface).
Bug: http://curl.haxx.se/mail/lib-2014-05/0278.html
|
|
The previous #ifdef detection wasn't good enough.
Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html
Reported-by: Chris Young
|
|
And clarify that age 3 means 7.16.1 or later.
|
|
PolarSSL added ALPN support in their 1.3.6 release.
See:
https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released
|
|
Make sure that the URL is reset and cleared.
Bug: http://curl.haxx.se/mail/lib-2014-05/0235.html
Reported-by: Jonathan Cardoso Machado
|
|
|
|
|
|
OpenSSL passes out and outlen variable uninitialized to
select_next_proto_cb callback function. If the callback function
returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled
values in out and outlen and processes as such. Previously, if there
is no overlap in protocol lists, curl code does not fill any values in
these variables and returns SSL_TLSEXT_ERR_OK, which means we are
triggering undefined behavior. valgrind warns this.
This patch fixes this issue by fallback to HTTP/1.1 if there is no
overlap.
|
|
|
|
|
|
|
|
There is an implicit conversion from "unsigned long" to "long"
|
|
|
|
|
|
Fixed a copy / paste error from my 2011 project files.
|
|
|
|
Security Framework on OS X makes it possible to supply extra anchor (CA)
certificates via the Certificate, Key, and Trust Services API. This
commit makes the '--cacert' option work using this API.
More information:
https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html
The HTTPS tests now pass on OS X except 314, which requires the '--crl'
option to work.
|
|
warning: suggest braces around empty body in an 'else' statement
|
|
warning: implicit declaration of function 'connclose'
|
|
Make all code use connclose() and connkeep() when changing the "close
state" for a connection. These two macros take a string argument with an
explanation, and debug builds of curl will include that in the debug
output. Helps tracking connection re-use/close issues.
|
|
|
|
Renamed the CURLX_ONES file list definition in order to a) try and be
consistent with other file lists and b) to allow for the addition of
the curlx header files, which will assist with Visual Studio project
files generation rather than hard coding those files.
|
|
|
|
|
|
Possibly the final update before release...
|
|
Added a couple of outstanding tasks to the TODO section that we didn't
get time to do before the release.
|
|
Http2 connections would wrongly get closed after each individual
request.
Co-authored-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1374
|
|
According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05
it is "http/1.1" and not "http/1.0".
|
|
|
|
Added a default source directory so the user doesn't have to specify
one - the same as that, which the Visual Studio project files expect
the OpenSSL dependencies to be in.
|
|
|
|
To use an up to date download link as well as remove duplicate
information.
|
|
|