aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2012-11-06CURLOPT_SSL_VERIFYHOST: stop supporting the 1 valueDaniel Stenberg
After a research team wrote a document[1] that found several live source codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST option thinking it was a boolean, this change now bans 1 as a value and will make libcurl return error for it. 1 was never a sensible value to use in production but was introduced back in the days to help debugging. It was always documented clearly this way. 1 was never supported by all SSL backends in libcurl, so this cleanup makes the treatment of it unified. The report's list of mistakes for this option were all PHP code and while there's a binding layer between libcurl and PHP, the PHP team has decided that they have an as thin layer as possible on top of libcurl so they will not alter or specifically filter a 'TRUE' value for this particular option. I sympathize with that position. [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-11-06gnutls: fix compiler warningsDaniel Stenberg
2012-11-06gnutls: print alerts during handshakeAlessandro Ghedini
2012-11-06gnutls: fix the error_is_fatal logicAlessandro Ghedini
2012-11-06RELEASE-NOTES: synced with fa6d78829fd30adDaniel Stenberg
2012-11-06httpcustomheader.c: free the headers after useDaniel Stenberg
2012-11-06uniformly use AM_CPPFLAGS, avoid deprecated INCLUDESDave Reisner
Since automake 1.12.4, the warnings are issued on running automake: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') Avoid INCLUDES and roll these flags into AM_CPPFLAGS. Compile tested on: Ubuntu 10.04 (automake 1:1.11.1-1) Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2) Arch Linux (automake 1.12.4)
2012-11-06libauthretry.c: shorten lines to fit within 80 colsDaniel Stenberg
2012-11-05ftp_readresp: fix build without krb4 supportDaniel Stenberg
Oops, my previous commit broke builds with krb support.
2012-11-04test/README: mention the 1500 test number rangeDaniel Stenberg
2012-11-04FTP: prevent the multi interface from blockingDaniel Stenberg
As pointed out in Bug report #3579064, curl_multi_perform() would wrongly use a blocking mechanism internally for some commands which could lead to for example a very long block if the LIST response never showed. The solution was to make sure to properly continue to use the multi interface non-blocking state machine. The new test 1501 verifies the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3579064 Reported by: Guido Berhoerster
2012-11-01winbuild: Use machine type of development environmentMarc Hoersken
This patch restores the original behavior instead of always falling back to x86 if no MACHINE-type was specified.
2012-11-01winbuild: Additional clean upMarc Hoersken
2012-11-01Even more winbuild refactoringSapien2
2012-11-01Minor winbuild refactoringSapien2
2012-11-01Architecture selection for winbuild and minor makefiles refactoringSapien2
2012-11-01BUGS: fix the bug tracker URLDaniel Stenberg
The URL we used before is the one that goes directly to 'add' a bug report, but since you can only do that after first having logged in to sourceforge, the link often doesn't work for visitors. Bug: http://curl.haxx.se/bug/view.cgi?id=3582408 Reported by: Oscar Norlander
2012-11-01evhiperfifo: fix the pointer passed to WRITEDATADaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=3582407 Reported by: Oscar Norlander
2012-11-01Fixed MSVC libssh2 static build.Guenter Knauf
Since libssh2 supports now agent stuff it also depends on user32.lib. Posted to the list by Jan Ehrhardt.
2012-10-23tlsauthtype: deal with the string case insensitivelyDaniel Stenberg
When given a string as 'srp' it didn't work, but required 'SRP'. Starting now, the check disregards casing. Bug: http://curl.haxx.se/bug/view.cgi?id=3578418 Reported by: Jeff Connelly
2012-10-23asyn-ares: restore working with c-ares < 1.6.1Daniel Stenberg
Back in those days the public ares.h header didn't include the ares_version.h header so it needs to be included here. Bug: http://curl.haxx.se/bug/view.cgi?id=3577710
2012-10-22metalink/md5: Use CommonCrypto on Apple operating systemsNick Zitzmann
Previously the Metalink code used Apple's CommonCrypto library only if curl was built using the --with-darwinssl option. Now we use CommonCrypto on all Apple operating systems including Tiger or later, or iOS 5 or later, so you don't need to build --with-darwinssl anymore. Also rolled out this change to libcurl's md5 code.
2012-10-18href_extractor.c: fix the URLDaniel Stenberg
2012-10-18href_extractor: example code extracting href elementsMichaƂ Kowalczyk
It does so in a streaming manner using the "Streaming HTML parser".
2012-10-16darwinssl: un-broke iOS build, fix error on server disconnectNick Zitzmann
The iOS build was broken by a reference to a function that only existed under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the server disconnected before libcurl got the chance to hang up first and SecureTransport was in use, then we'd raise an error instead of failing gracefully.
2012-10-16gnutls: put reset code into else blockAlessandro Ghedini
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551
2012-10-13Fix now broken libmetalink-aware OpenSSL build.Guenter Knauf
2012-10-13Revert c44e674; add OpenSSL includes/defines.Guenter Knauf
The makefile is designed to build against a libmetalink devel package; therefore is does not matter what will change inside libmetalink. Add OpenSSL includes and defines for libmetalink-aware OpenSSL builds.
2012-10-10version-bump: towards 7.28.1!Daniel Stenberg
2012-10-10THANKS: 14 new contributors from 7.28.0Daniel Stenberg
2012-10-10RELEASE-NOTES: synced with 8373ca3641Daniel Stenberg
One bug, one contributor. Getting ready for release.
2012-10-09curl_multi_wait: no wait if no descriptors to wait forDaniel Stenberg
This is a minor change in behavior after having been pointed out by Mark Tully and discussed on the list. Initially this case would internally call poll() with no sockets and a timeout which would equal a sleep for that specified time. Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html Reported by: Mark Tully
2012-10-09TODO-RELEASE: cleanup for 7.28.0Daniel Stenberg
one issue is now KNOWN_BUG #79 the other we just skip since nobody is working on it or is planning to start working on it anytime soon
2012-10-09curl_multi_wait.3: style formatting mistakeDaniel Stenberg
2012-10-08ssluse.c: md5.h is required for Curl_ossl_md5sumMarc Hoersken
2012-10-08curl_multi_wait.3: fix the name of the man pageDaniel Stenberg
2012-10-08curl_multi_wait.3: renamed the last argument variable for clarityDaniel Stenberg
2012-10-06curl_schannel.c: Fixed caching more data than requiredMarc Hoersken
Do not fill the decrypted data buffer with more data unless required in order to return the requested amount of data.
2012-10-06curl_schannel: Removed buffer limit and optimized buffer strategyMarc Hoersken
Since there are servers that seem to return very big encrypted data packages, we need to be able to handle those without having an internal size limit. To avoid the buffer growing to fast to early the initial size was decreased and the minimum free space in the buffer was decreased as well.
2012-10-04lib/socks.c: Merged two size variables into oneMarc Hoersken
2012-10-04lib/socks.c: Avoid type conversions where possibleMarc Hoersken
Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04lib/curl_schannel.c: Hide size_t conversion warningMarc Hoersken
2012-10-04krb5/curl_rtmp.c: Hide size_t to int type conversion warningMarc Hoersken
2012-10-04security.c: Aligned internal type to return typeMarc Hoersken
Use ssize_t instead of int to avoid conversion problems on 64-bit systems. Also added curlx_sztosi where necessary.
2012-10-03lib/curl_schannel: Increased maximum buffer size to factor 128Marc Hoersken
2012-10-03winbuild/MakefileBuild.vc: Follow up on 0c8ccf7Marc Hoersken
2012-10-02RELEASE-NOTES: synced with 971f5bcedd418Daniel Stenberg
9 new bug fixes, 5 changes, 6 more contributors
2012-10-02multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitationDaniel Stenberg
During the periods of rate limitation, the speedcheck function wasn't called and thus the values weren't updated accordingly and it would then easily trigger wrongly once data got transferred again. Also, the progress callback's return code was not acknowledged in this state so it could make an "abort" return code to get ignored and not have the documented effect of aborting an ongoing transfer. Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html Reported by: Jie He
2012-10-01tool_metalink.c: Filtered resource URLs by typeTatsuhiro Tsujikawa
In Metalink v3, the type attribute of url element indicates the type of the resource the URL points to. It can include URL to the meta data, such as BitTorrent metainfo file. In Curl, we are not interested in these meta data URLs. Instead, we are only interested in the HTTP and FTP URLs. This change filters out non-HTTP and FTP URLs. If we don't filter out them, it will be downloaded by curl and hash check will fail if hash is provided and next URL will be tried. This change will cut this useless network transfer.
2012-10-01https.c example: remember to call curl_global_init()Kamil Dudka
... in order not to leak memory on initializing an SSL library. Reported by: Tomas Mlcoch