aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-10-07GnuTLS: Implement public key pinningmoparisthebest
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-10-07multi_runsingle: fix possible memory leakDaniel Stenberg
Coverity CID 1202837. 'newurl' can in fact be allocated even when Curl_retry_request() returns failure so free it if need be.
2014-10-07ares::Curl_resolver_cancel: skip checking for NULL connDaniel Stenberg
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be the subsequent statement would dereference it!
2014-10-07parseconfig: skip a NULL checkDaniel Stenberg
Coverity CID 1154198. This NULL check implies that the pointer _can_ be NULL at this point, which it can't. Thus it is dead code. It tricks static analyzers to warn about dereferencing the pointer since the code seems to imply it can be NULL.
2014-10-07multi-uv.c: call curl_multi_info_read() betterWaldek Kozba
Improves it for low-latency cases (like the communication with localhost)
2014-10-06tool_go_sleep: use (void) to spell out we ignore the return valueDaniel Stenberg
Coverity CID 1222080.
2014-10-06ssh_statemach_act: split out assignment from checkDaniel Stenberg
just a minor code style thing to make the code clearer
2014-10-04curl_schannel.c: Fixed possible memory or handle leakMarc Hoersken
First try to fix possible memory leaks, in this case: Only connssl->ctxt xor onnssl->cred being initialized.
2014-10-04getparameter: remove dead codeDaniel Stenberg
Coverity CID 1061126. 'parse' will always be non-NULL here.
2014-10-04getparameter: comment a switch FALLTHROUGHDaniel Stenberg
Coverity CID 1061118. Point out that it is on purpose.
2014-10-04choose_mech: fix return codeDaniel Stenberg
Coverity CID 1241950. The pointer is never NULL but it might point to NULL.
2014-10-04Curl_sec_read_msg: spell out that we ignore return codeDaniel Stenberg
Coverity CID 1241947. Since if sscanf() fails, the previously set value remains set.
2014-10-04nonblock: call with (void) to show we ignore the return codeDaniel Stenberg
Coverity pointed out several of these.
2014-10-03parse_proxy: remove dead code.Daniel Stenberg
Coverity CID 982331.
2014-10-03Curl_debug: document switch fallthroughsDaniel Stenberg
2014-10-03curl_multi_remove_handle: remove dead codeDaniel Stenberg
Coverify CID 1157776. Removed a superfluous if() that always evaluated true (and an else clause that never ran), and then re-indented the function accordingly.
2014-10-03Curl_pipeline_server_blacklisted: handle a NULL server nameDaniel Stenberg
Coverity CID 1215284. The server name is extracted with Curl_copy_header_value() and passed in to this function, and copy_header_value can actually can fail and return NULL.
2014-10-03ssh: comment "fallthrough" in switch statementDaniel Stenberg
2014-10-03ssh: improve key file searchJeremy Lin
For private keys, use the first match from: user-specified key file (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa Note that the previous code only looked for id_dsa files. id_rsa is now generally preferred, as it supports larger key sizes. For public keys, use the user-specified key file, if provided. Otherwise, try to extract the public key from the private key file. This means that passing --pubkey is typically no longer required, and makes the key-handling behavior more like OpenSSH.
2014-10-03CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole listDaniel Stenberg
2014-10-02detect_proxy: fix possible single-byte memory leakDaniel Stenberg
Coverity CID 1202836. If the proxy environment variable returned an empty string, it would be leaked. While an empty string is not really a proxy, other logic in this function already allows a blank string to be returned so allow that here to avoid the leak.
2014-10-02multi_runsingle: fix memory leakDaniel Stenberg
Coverity CID 1202837. There's a potential risk that 'newurl' gets overwritten when it was already pointing to allocated memory.
2014-10-02pop3_perform_authentication: fix memory leakDaniel Stenberg
Coverity CID 1215287. There's a potential risk for a memory leak in here, and moving the free call to be unconditional seems like a cheap price to remove the risk.
2014-10-02imap_perform_authentication: fix memory leakDaniel Stenberg
Coverity CID 1215296. There's a potential risk for a memory leak in here, and moving the free call to be unconditional seems like a cheap price to remove the risk.
2014-10-02wait_or_timeout: return failure when Curl_poll() failsDaniel Stenberg
Coverity detected this. CID 1241954. When Curl_poll() returns a negative value 'mcode' was uninitialized. Pretty harmless since this is debug code only and would at worst cause an error to _not_ be returned...
2014-10-01curl.1: mention quoting in the URL sectionDaniel Stenberg
and separate the example URLs with newlines
2014-09-30smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" errorBill Nagel
This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL appears to require the same pointer on a write that follows a retry (CURLE_AGAIN) as discussed here: http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr
2014-09-30RELEASE-NOTES: synced with 53cbea22310f15Daniel Stenberg
2014-09-30file: reject paths using embedded %00Daniel Stenberg
Mostly because we use C strings and they end at a binary zero so we know we can't open a file name using an embedded binary zero. Reported-by: research@g0blin.co.uk
2014-09-26test506: Fixed a couple of memory leaks in testDan Fandrich
2014-09-25CURLOPT_COOKIELIST: Added "RELOAD" commandYousuke Kimoto
2014-09-25CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303Michael Wallner
2014-09-23threaded-resolver: revert Curl_expire_latest() switchDaniel Stenberg
The switch to using Curl_expire_latest() in commit cacdc27f52b was a mistake and was against the advice even mentioned in that commit. The comparison in asyn-thread.c:Curl_resolver_is_resolved() makes Curl_expire() the suitable function to use. Bug: http://curl.haxx.se/bug/view.cgi?id=1426 Reported-By: graysky
2014-09-19libcurl docs: improvements all overDaniel Stenberg
2014-09-19build: Added WinIDN build configuration optionsSteve Holme
Added initial support for WinIDN build configurations to the VC10+ project files.
2014-09-19tutorial: signals aren't used for the threaded resolverDaniel Stenberg
2014-09-19FAQ: update the pronunciation sectionDaniel Stenberg
As we weren't using the correct phonetic description and doing it correctly involves funny letters that I'm sure will cause problems for people in a text document so I instead rephrased it and link to a WAV file with a person actually saying 'curl'. Reported-By: Dimitar Boevski
2014-09-18CURLOPT_COOKIE*: added more cross-referencesDaniel Stenberg
2014-09-18BINDINGS: add node-libcurlDaniel Stenberg
Reported-By: Jonathan Cardoso Machado URL: http://curl.haxx.se/mail/lib-2014-09/0102.html
2014-09-15README.http2: updated to reflect current statusDaniel Stenberg
2014-09-13formdata: removed unnecessary USE_SSLEAY useDaniel Stenberg
2014-09-13curlssl: make tls backend symbols use curlssl in the nameDaniel Stenberg
2014-09-13url: let the backend decide CURLOPT_SSL_CTX_ supportDaniel Stenberg
... to further remove specific TLS backend knowledge from url.c
2014-09-13vtls: have the backend tell if it supports CERTINFODaniel Stenberg
2014-09-13configure: allow --with-ca-path with PolarSSL tooCatalin Patulea
Missed this in af45542c. Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
2014-09-13CURLOPT_CAPATH: return failure if set without backend supportDaniel Stenberg
2014-09-13http2: Fix busy loop when EOF is encounteredTatsuhiro Tsujikawa
Previously we did not handle EOF from underlying transport socket and wrongly just returned error code CURL_AGAIN from http2_recv, which caused busy loop since socket has been closed. This patch adds the code to handle EOF situation and tells the upper layer that we got EOF.
2014-09-13build: Added batch wrapper to checksrc.plSteve Holme
2014-09-13RELEASE-NOTES: Synced with bd3df5ec6dSteve Holme