Age | Commit message (Collapse) | Author |
|
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.
Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes #2691
Closes #2694
|
|
|
|
Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
|
|
The previous example was a little bit confusing, because SSL* structure
(or other "in use" SSL connection pointer) is not accessible after the
transfer is completed, therefore working with the raw TLS library
specific pointer needs to be done during transfer.
Closes #2690
|
|
... since default uses the threaded one and we test the c-ares build
already.
Closes #2689
|
|
Since it isn't used either and requires the getnameinfo check
Follow-up to 0aeca41702d2
|
|
Closes #2687
|
|
... and trim the threaded Curl_resolver_getsock() to return zero
millisecond wait times during the first three milliseconds so that
localhost or names in the OS resolver cache gets detected and used
faster.
Closes #2685
|
|
The linker is pretty dumb and processes things left to right, keeping a
tally of symbols it hasn't resolved yet. So, we need -ldl to appear
after -lcrypto otherwise the linker won't find the dl functions.
Closes #2684
|
|
|
|
|
|
... it was previously unchecked in two places and thus errors could
remain undetected and cause trouble.
Closes #2681
|
|
|
|
|
|
Follow-up to b6a16afa0aa5
|
|
... to work with longer passwords etc. Grow it from a 256 to a 4096
bytes buffer.
Reported-by: Dario Nieuwenhuis
Fixes #2676
Closes #2680
|
|
Closes #2673
|
|
Fixes #2677
Closes #2679
|
|
Follow-up to 2c15693.
Bug #2674
Closes #2675
|
|
Bug: https://curl.haxx.se/mail/lib-2018-06/0100.html
|
|
This will make possible to select the SSL backend (using
curl_global_sslset()) even when the libcurl is built using CMake
Closes #2665
|
|
By masking sure to use the *current* easy handle with extracted
connections from the cache, and make sure to NULLify the ->data pointer
when the connection is put into the cache to make this mistake easier to
detect in the future.
Reported-by: Will Dietz
Fixes #2669
Closes #2672
|
|
|
|
... run a few more tortured based and run all tests event-based.
Closes #2664
|
|
When the application just started the transfer and then stops it while
the name resolve in the background thread hasn't completed, we need to
wait for the resolve to complete and then cleanup data accordingly.
Enabled test 1553 again and added test 1590 to also check when the host
name resolves successfully.
Detected by OSS-fuzz.
Closes #1968
|
|
Ref: https://github.com/curl/curl/pull/2660
Closes https://github.com/curl/curl/pull/2662
|
|
|
|
Fixes my local configure to detect a custom installed c-ares without
pkgconfig.
|
|
Closes #2663
|
|
|
|
|
|
|
|
maketgz creates release tarballs and removes the -DEV string in curl
version (e.g. 7.58.0-DEV), else -DEV shows up on command line when curl
is run. maketgz works fine on linux but fails on OSX. Problem is with
the sed commands that use option -i without an extension. Maketgz
expects GNU sed instead of BSD and this simply won't work on OSX. Adding
a backup extension .bak after -i fixes this issue
Running the script as if on OSX gives this error:
sed: -e: No such file or directory
Adding a .bak extension resolves it
Closes #2660
|
|
Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for
building with static libs without pkg-config.
Reported-by: Marcel Raad
Fixes #2199
Closes #2659
|
|
First check if there's c-ares information given as pkg-config info and use
that as first preference.
Reported-by: pszemus on github
Fixes #2203
Closes #2658
|
|
Closes #2657
|
|
Closes #2120
|
|
Closes #2281
|
|
certdata.txt should be deleted also when the process is interrupted by
"same certificate downloaded, exiting"
The certdata.txt is currently kept on disk even if you give the -u
option
Closes #2655
|
|
Reported-by: Peter Wu
Closes #2654
|
|
Implemented by Björn in 946ce5b61f
|
|
Closes #2653
|
|
... and make use of that to make 1455 work better without using a fixed
local port number.
Fixes #2649
Closes #2650
|
|
The struct field is never set (since 5e0d9aea3) so remove the use of it
and remove the connectdata pointer from the prototype.
Reported-by: Tejas
Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html
Closes #2647
|
|
with clang-6.0:
```
vtls/schannel_verify.c: In function 'add_certs_to_store':
vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types]
&cert_context)) {
^
In file included from /usr/share/mingw-w64/include/schannel.h:10:0,
from /usr/share/mingw-w64/include/schnlsp.h:9,
from vtls/schannel.h:29,
from vtls/schannel_verify.c:40:
/usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}'
WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags,
^~~~~~~~~~~~~~~~
```
Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264
Closes https://github.com/curl/curl/pull/2648
|
|
Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.
To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h
Closes #2630
|
|
shifting the expiry date to 2037 for now
to be before the possibly problematic year 2038
similar in spirit to commit e6293cf8764e9eecb
Closes #2646
|
|
- Get rid of variable that was generating false positive warning
(unitialized)
- Fix issues in tests
- Reduce scope of several variables all over
etc
Closes #2631
|
|
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.
While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.
Fixes #2641
Closes #2644
|
|
|