Age | Commit message (Collapse) | Author | |
---|---|---|---|
2015-01-27 | openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE | Steve Holme | |
Modified the Curl_ossl_cert_status_request() function to return FALSE when built with BoringSSL or when OpenSSL is missing the necessary TLS extensions. | |||
2015-01-27 | openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' | Steve Holme | |
Fixed the build of openssl.c when OpenSSL is built without the necessary TLS extensions for OCSP stapling. Reported-by: John E. Malmberg | |||
2015-01-26 | curl_setup: Disable SMB/CIFS support when HTTP only | Brad Spencer | |
2015-01-23 | RELEASE-NOTES: Synced with 37824498a3 | Steve Holme | |
2015-01-22 | configure: remove detection of the old yassl emulation API | Daniel Stenberg | |
... as that is ancient history and not used. | |||
2015-01-22 | OCSP stapling: disabled when build with BoringSSL | Daniel Stenberg | |
2015-01-22 | openssl: add support for the Certificate Status Request TLS extension | Alessandro Ghedini | |
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. Thanks-to: Joe Mason - for the work-around for the OpenSSL bug. | |||
2015-01-22 | BoringSSL: fix build for non-configure builds | Daniel Stenberg | |
HAVE_BORINGSSL gets defined now by configure and should be defined by other build systems in case a BoringSSL build is desired. | |||
2015-01-22 | configure: fix BoringSSL detection and detect libresssl | Daniel Stenberg | |
2015-01-22 | curl_sasl: Reinstate the sasl_ prefix for locally scoped functions | Steve Holme | |
Commit 7a8b2885e2 made some functions static and removed the public Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which is the naming convention we use in this source file. | |||
2015-01-22 | curl_sasl: Minor code policing following recent commits | Steve Holme | |
2015-01-22 | openvms: Handle openssl/0.8.9zb version parsing | John Malmberg | |
packages/vms/gnv_link_curl.com was assuming only a single letter suffix in the openssl version. That assumption has been fixed for 7.40. | |||
2015-01-22 | BoringSSL: detected by configure, switches off NTLM | Daniel Stenberg | |
2015-01-22 | BoringSSL: no PKCS12 support nor ERR_remove_state | Daniel Stenberg | |
2015-01-22 | BoringSSL: fix build | Leith Bade | |
2015-01-20 | curl_sasl.c: chlglen is not used when cryptography is disabled | Steve Holme | |
2015-01-20 | curl_sasl.c: Fixed compilation warning when cyptography is disabled | Steve Holme | |
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local variable | |||
2015-01-20 | curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined | Steve Holme | |
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier This error could also happen for non-SSPI builds when cryptography is disabled (CURL_DISABLE_CRYPTO_AUTH is defined). | |||
2015-01-20 | SASL: make some procedures local-scoped | Patrick Monnerat | |
2015-01-20 | SASL: common state engine for imap/pop3/smtp | Patrick Monnerat | |
2015-01-20 | SASL: common URL option and auth capabilities decoders for all protocols | Patrick Monnerat | |
2015-01-20 | IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. | Patrick Monnerat | |
2015-01-20 | ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 | Daniel Stenberg | |
Reported-by: Chris Young | |||
2015-01-20 | timeval: typecast for better type (on Amiga) | Chris Young | |
There is an issue with conflicting "struct timeval" definitions with certain AmigaOS releases and C libraries, depending on what gets included when. It's a minor difference - the OS one is unsigned, whereas the common structure has signed elements. If the OS one ends up getting defined, this causes a timing calculation error in curl. It's easy enough to resolve this at the curl end, by casting the potentially errorneous calculation to a signed long. | |||
2015-01-19 | openssl: do public key pinning check independently | Daniel Stenberg | |
... of the other cert verification checks so that you can set verifyhost and verifypeer to FALSE and still check the public key. Bug: http://curl.haxx.se/bug/view.cgi?id=1471 Reported-by: Kyle J. McKay | |||
2015-01-19 | OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too. | Patrick Monnerat | |
2015-01-18 | ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP | Steve Holme | |
For consistency with other USE_WIN32_ defines as well as the USE_OPENLDAP define. | |||
2015-01-18 | http_negotiate: Use dynamic buffer for SPN generation | Steve Holme | |
Use a dynamicly allocated buffer for the temporary SPN variable similar to how the SASL GSS-API code does, rather than using a fixed buffer of 2048 characters. | |||
2015-01-18 | sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public | Steve Holme | |
2015-01-18 | sasl_gssapi: Fixed memory leak with local SPN variable | Steve Holme | |
2015-01-17 | http_negotiate.c: unused variable 'ret' | Daniel Stenberg | |
2015-01-17 | gskit.h: Code policing of function pointer arguments | Steve Holme | |
2015-01-17 | vtls: Removed unimplemented overrides of curlssl_close_all() | Steve Holme | |
Carrying on from commit 037cd0d991, removed the following unimplemented instances of curlssl_close_all(): Curl_axtls_close_all() Curl_darwinssl_close_all() Curl_cyassl_close_all() Curl_gskit_close_all() Curl_gtls_close_all() Curl_nss_close_all() Curl_polarssl_close_all() | |||
2015-01-17 | vtls: Separate the SSL backend definition from the API setup | Steve Holme | |
Slight code cleanup as the SSL backend #define is mixed up with the API function setup. | |||
2015-01-17 | vtls: Fixed compilation errors when SSL not used | Steve Holme | |
Fixed the following warning and error from commit 3af90a6e19 when SSL is not being used: url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; assuming extern returning int error LNK2019: unresolved external symbol Curl_ssl_cert_status_request referenced in function Curl_setopt | |||
2015-01-17 | http_negotiate: Added empty decoded challenge message info text | Steve Holme | |
2015-01-17 | http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int | Steve Holme | |
2015-01-17 | http_negotiate_sspi: Prefer use of 'attrs' for context attributes | Steve Holme | |
Use the same variable name as other areas of SSPI code. | |||
2015-01-17 | http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() | Steve Holme | |
Use the SECURITY_STATUS typedef rather than a unsigned long for the QuerySecurityPackageInfo() return and rename the variable as per other areas of SSPI code. | |||
2015-01-17 | http_negotiate_sspi: Use 'CURLcode result' for CURL result code | Steve Holme | |
2015-01-16 | curl_endian: Fixed build when 64-bit integers are not supported (Part 2) | Steve Holme | |
Missed Curl_read64_be() in commit bb12d44471 :( | |||
2015-01-16 | CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 | Daniel Stenberg | |
2015-01-16 | curlver.h: next release is 7.41.0 due to the changes | Daniel Stenberg | |
2015-01-16 | RELEASE-NOTES: mention the new OCSP stapling options, bump version | Daniel Stenberg | |
2015-01-16 | opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile | Daniel Stenberg | |
2015-01-16 | help: add --cert-status to --help output | Daniel Stenberg | |
2015-01-16 | copyright years: after OCSP stapling changes | Daniel Stenberg | |
2015-01-16 | curl: add --cert-status option | Alessandro Ghedini | |
This enables the CURLOPT_SSL_VERIFYSTATUS functionality. | |||
2015-01-16 | nss: add support for the Certificate Status Request TLS extension | Alessandro Ghedini | |
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires NSS 3.15 or higher. | |||
2015-01-16 | gtls: add support for the Certificate Status Request TLS extension | Alessandro Ghedini | |
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP response verfication to fail even on valid responses. |