Age | Commit message (Collapse) | Author |
|
|
|
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in
OpenSSL. Just don't get involved; there's no need to be making the
engine methods the default anyway.
https://github.com/OpenSC/libp11/pull/108
https://github.com/openssl/openssl/pull/1639
Merges #1042
|
|
|
|
This fixes a merge error in commit 7f3df80 caused by commit 332e8d6.
Additionally, this changes Curl_verify_windows_version for Windows App
builds to assume to always be running on the target Windows version.
There seems to be no way to determine the Windows version from a
UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the
Version Helper functions are supported.
Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878
Reported-by: Paul Joyce
Closes https://github.com/curl/curl/pull/1048
|
|
|
|
No longer attempt to use "doomed" to-be-closed connections when
pipelining. Prior to this change connections marked for deletion (e.g.
timeout) would be erroneously used, resulting in sporadic crashes.
As originally reported and fixed by Carlo Wood (origin unknown).
Bug: https://github.com/curl/curl/issues/627
Reported-by: Rider Linden
Closes https://github.com/curl/curl/pull/1075
Participation-by: nopjmp@users.noreply.github.com
|
|
To make it harder to do cross-protocol mistakes
|
|
Closes https://github.com/curl/curl/pull/1070
|
|
Fixes #1057
|
|
|
|
Closes #922
|
|
Closes #1066
|
|
There shouldn't be many devs out there anymore using such outdated macOS
versions. And it removes the dead link.
Closes #1049
|
|
|
|
5 more fixes, 2 more contributors
|
|
Not all reply messages were properly checked for their lengths, which
made it possible to access uninitialized memory (but this does not lead
to out of boundary accesses).
Closes #1052
|
|
|
|
128 arguments should be enough for everyone
|
|
... it no longer takes printf() arguments since it was only really taken
advantage by one user and it was not written and used in a safe
way. Thus the 'f' is removed from the function name and the proto is
changed.
Although the current code wouldn't end up in badness, it was a risk that
future changes could end up springf()ing too large data or passing in a
format string inadvertently.
|
|
The previous use of snprintf() could make libcurl silently truncate some
input data and not report that back on overly large input, which could
make data get sent over the network in a bad format.
Example:
$ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
|
|
|
|
|
|
The subdirectory for logs in tests/ is named log/ without an 's'
at the end.
|
|
See #1054
|
|
|
|
The 'userp' argument is unused in this example code.
|
|
|
|
|
|
|
|
|
|
|
|
The error path would previously add a freed entry to the linked list.
Reported-by: Toby Peterson
Fixes #1053
|
|
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other. If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033
This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.
Closes #1050
|
|
Type required for YourClass::func C++ function (using size_t in line
with the documentation for CURLOPT_WRITEFUNCTION) and missing second
colon when specifying the static function for CURLOPT_WRITEFUNCTION.
|
|
Closes #1046
|
|
|
|
|
|
|
|
A libssh2 library in the standard system location was being used in
preference to the desired one while linking.
|
|
|
|
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.
This is suitable for manual NTLM authentication.
Reviewed-by: Jay Satiro
Closes https://github.com/curl/curl/pull/904
|
|
|
|
|
|
As it seems to be a rarely used cipher suite (for securely established
but _unencrypted_ connections), I believe it is fine not to provide an
alias for the misspelled variant.
|
|
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.
- Add a test to enforce: --proto deny must override --proto-redir allow
Closes https://github.com/curl/curl/pull/1031
|
|
Follow-up to 6140dfcf3e784
Reported-by: Alexander Sinditskiy
|
|
Discussed in #997
Assisted-by: Jay Satiro
|
|
|
|
Bug: https://github.com/curl/curl/issues/1017
Reported-by: Jeroen Ooms
|
|
|