aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-07openssl: Fix verification of server-sent legacy intermediatesJay Satiro
- Try building a chain using issuers in the trusted store first to avoid problems with server-sent legacy intermediates. Prior to this change server-sent legacy intermediates with missing legacy issuers would cause verification to fail even if the client's CA bundle contained a valid replacement for the intermediate and an alternate chain could be constructed that would verify successfully. https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
2015-06-05BINDINGS: update several URLsDaniel Stenberg
Stop linking to the curl.haxx.se anchor pages, they are usually only themselves pointers to the real page so better point there directly instead.
2015-06-05BINDINGS: the curl-rust bindingDaniel Stenberg
2015-06-05curl.h: add CURL_HTTP_VERSION_2Daniel Stenberg
The protocol is named "HTTP/2" after all. It is an alias for the existing CURL_HTTP_VERSION_2_0 enum.
2015-06-05openssl: removed error string #ifdefDaniel Stenberg
ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
2015-06-05openssl: removed USERDATA_IN_PWD_CALLBACK kludgeDaniel Stenberg
Code for OpenSSL 0.9.4 serves no purpose anymore!
2015-06-05openssl: remove SSL_get_session()-using codeDaniel Stenberg
It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or later.
2015-06-05openssl: remove dummy callback use from SSL_CTX_set_verify()Daniel Stenberg
The existing callback served no purpose.
2015-06-04LIBCURL-STRUCTS: clarify for multiplexingDaniel Stenberg
2015-06-03cookie: Stop exporting any-domain cookiesJay Satiro
Prior to this change any-domain cookies (cookies without a domain that are sent to any domain) were exported with domain name "unknown". Bug: https://github.com/bagder/curl/issues/292
2015-06-03RELEASE-PROCEDURE: refreshed 'coming dates'Daniel Stenberg
2015-06-02curl_setup: Change fopen text macros to use 't' for MSDOSJay Satiro
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 Reported-by: Gisle Vanem
2015-06-02curl_multi_timeout.3: added exampleDaniel Stenberg
2015-06-02curl_multi_perform.3: added exampleDaniel Stenberg
2015-06-02curl_multi_info_read.3: added exampleDaniel Stenberg
2015-06-02checksrc: detect fopen() for text without the FOPEN_* macrosDaniel Stenberg
Follow-up to e8423f9ce150 with discussionis in https://github.com/bagder/curl/pull/258 This check scans for fopen() with a mode string without 'b' present, as it may indicate that an FOPEN_* define should rather be used.
2015-06-01curl_getdate.3: update RFC referenceDaniel Stenberg
2015-06-01curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXTJay Satiro
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt" - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt" This change is to explicitly specify when we need to read/write text. Unfortunately 't' is not part of POSIX fopen so we can't specify it directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT. Prior to this change we had an issue on Windows if an application that uses libcurl overrides the default file mode to binary. The default file mode in Windows is normally text mode (translation mode) and that's what libcurl expects. Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055 Reported-by: Orgad Shaneh
2015-06-01http2-upload.c: use PIPEWAIT for playing HTTP/2 betterDaniel Stenberg
2015-06-01http2-download: check for CURLPIPE_MULTIPLEX properlyDaniel Stenberg
Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html Reported-by: Rafayel Mkrtchyan
2015-05-31HTTP-NTLM: fail auth on connection close instead of loopingIsaac Boukris
Bug: https://github.com/bagder/curl/issues/256
2015-05-315.6 Refuse "downgrade" redirectsDaniel Stenberg
2015-05-31README.pingpong: removedDaniel Stenberg
2015-05-30ROADMAP: remove HTTP/2 multiplexing - its here nowDaniel Stenberg
2015-05-30HTTP2.md: formatted properlyDaniel Stenberg
2015-05-30HTTP2: moved docs into docs/ and make it markdownDaniel Stenberg
2015-05-30README.http2: refreshed and added multiplexing infoDaniel Stenberg
2015-05-28dist: add the http2 examplesDaniel Stenberg
2015-05-28http2 examples: clean up some commentsDaniel Stenberg
2015-05-28examples: added two programs doing multiplexed HTTP/2Daniel Stenberg
2015-05-27scripts: moved contributors.sh and contrithanks.sh into subdirDaniel Stenberg
2015-05-27RELEASE-NOTES: synced with c005790ff1c0aDaniel Stenberg
2015-05-27openssl: typo in commentDaniel Melani
2015-05-27openssl: Use TLS_client_method for OpenSSL 1.1.0+Jay Satiro
SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The equivalent is TLS_client_method. https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
2015-05-26FAQ: How do I port libcurl to my OS?Daniel Stenberg
2015-05-25CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domainJay Satiro
Document that if Set-Cookie is used without a domain then the cookie is sent for any domain and will not be modified. Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html Reported-by: Alexander Dyagilev
2015-05-25http2: Copy data passed in Curl_http2_switched into HTTP/2 connection bufferTatsuhiro Tsujikawa
Previously, after seeing upgrade to HTTP/2, we feed data followed by upgrade response headers directly to nghttp2_session_mem_recv() in Curl_http2_switched(). But it turns out that passed buffer, mem, is part of stream->mem, and callbacks called by nghttp2_session_mem_recv() will write stream specific data into stream->mem, overwriting input data. This will corrupt input, and most likely frame length error is detected by nghttp2 library. The fix is first copy the passed data to HTTP/2 connection buffer, httpc->inbuf, and call nghttp2_session_mem_recv().
2015-05-24CURLOPT_COOKIE.3: Explain that the cookies won't be modifiedJay Satiro
The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the outgoing request(s)." However there seems to be some user confusion about cookie modification. Document that the cookies set by this option are not modified by the cookie engine. Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html Reported-by: Alexander Dyagilev
2015-05-24CURLOPT_COOKIELIST.3: Add exampleJay Satiro
2015-05-24testcurl.pl: use rel2abs to make the source directory absoluteDan Fandrich
This function makes a platform-specific absolute path which uses backslashes on Windows. This form works when passing it on the command-line, as well as if the source is on another drive.
2015-05-24conncache: fixed memory leak on OOM (torture tests)Dan Fandrich
2015-05-24perl: remove subdir, not touched in 9 yearsDaniel Stenberg
2015-05-24log2changes.pl: moved to scripts/Daniel Stenberg
2015-05-24scripts: add zsh.pl for generating zsh completionAlessandro Ghedini
2015-05-23test1510: another flaky testDan Fandrich
2015-05-22security: fix "Unchecked return value" from sscanf()Daniel Stenberg
By (void) prefixing it and adding a comment. Did some minor related cleanups. Coverity CID 1299423.
2015-05-22security: simplify choose_mechDaniel Stenberg
Coverity CID 1299424 identified dead code because of checks that could never equal true (if the mechanism's name was NULL). Simplified the function by removing a level of pointers and removing the loop and array that weren't used.
2015-05-22RTSP: catch attempted unsupported requests betterDaniel Stenberg
Replace use of assert with code that properly catches bad input at run-time even in non-debug builds. This flaw was sort of detected by Coverity CID 1299425 which claimed the "case RTSPREQ_NONE" was dead code.
2015-05-22share_init: fix OOM crashDaniel Stenberg
A failed calloc() would lead to NULL pointer use. Coverity CID 1299427.
2015-05-22parse_proxy: switch off tunneling if non-HTTP proxyDaniel Stenberg
non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html Reported-by: Sean Boudreau