aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-06-17SMB: rangecheck values read off incoming packetDaniel Stenberg
CVE-2015-3237 Detected by Coverity. CID 1299430. Bug: http://curl.haxx.se/docs/adv_20150617B.html
2015-06-17schannel: schannel_recv overhaulJay Satiro
This commit is several drafts squashed together. The changes from each draft are noted below. If any changes are similar and possibly contradictory the change in the latest draft takes precedence. Bug: https://github.com/bagder/curl/issues/244 Reported-by: Chris Araman %% %% Draft 1 %% - return 0 if len == 0. that will have to be documented. - continue on and process the caches regardless of raw recv - if decrypted data will be returned then set the error code to CURLE_OK and return its count - if decrypted data will not be returned and the connection has closed (eg nread == 0) then return 0 and CURLE_OK - if decrypted data will not be returned and the connection *hasn't* closed then set the error code to CURLE_AGAIN --only if an error code isn't already set-- and return -1 - narrow the Win2k workaround to only Win2k %% %% Draft 2 %% - Trying out a change in flow to handle corner cases. %% %% Draft 3 %% - Back out the lazier decryption change made in draft2. %% %% Draft 4 %% - Some formatting and branching changes - Decrypt all encrypted cached data when len == 0 - Save connection closed state - Change special Win2k check to use connection closed state %% %% Draft 5 %% - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the connection isn't closed. %% %% Draft 6 %% - Save the last error only if it is an unrecoverable error. Prior to this I saved the last error state in all cases; unfortunately the logic to cover that in all cases would lead to some muddle and I'm concerned that could then lead to a bug in the future so I've replaced it by only recording an unrecoverable error and that state will persist. - Do not recurse on renegotiation. Instead we'll continue on to process any trailing encrypted data received during the renegotiation only. - Move the err checks in cleanup after the check for decrypted data. In either case decrypted data is always returned but I think it's easier to understand when those err checks come after the decrypted data check. %% %% Draft 7 %% - Regardless of len value go directly to cleanup if there is an unrecoverable error or a close_notify was already received. Prior to this change we only acknowledged those two states if len != 0. - Fix a bug in connection closed behavior: Set the error state in the cleanup, because we don't know for sure it's an error until that time. - (Related to above) In the case the connection is closed go "greedy" with the decryption to make sure all remaining encrypted data has been decrypted even if it is not needed at that time by the caller. This is necessary because we can only tell if the connection closed gracefully (close_notify) once all encrypted data has been decrypted. - Do not renegotiate when an unrecoverable error is pending. %% %% Draft 8 %% - Don't show 'server closed the connection' info message twice. - Show an info message if server closed abruptly (missing close_notify).
2015-06-16Fix typo in docsPaul Oliver
s/curret/current/
2015-06-16docs: update URLsViktor Szakats
2015-06-16RELEASE-NOTES: synced with f29f2cbd00dbe5fDaniel Stenberg
2015-06-15README: use secure protocol for Git repositoryViktor Szakats
2015-06-15HTTP2.md: use SSL/TLS IETF URLsViktor Szakats
2015-06-15LICENSE-MIXING: update URLsViktor Szakats
* use SSL/TLS where available * follow permanent redirects
2015-06-15LICENSE-MIXING: refreshedDaniel Stenberg
2015-06-15curl_easy_duphandle: see also *resetDaniel Stenberg
2015-06-15rtsp_do: fix DEAD CODEDaniel Stenberg
"At condition p_request, the value of p_request cannot be NULL." Coverity CID 1306668.
2015-06-15security:choose_mech fix DEAD CODE warningDaniel Stenberg
... by removing the "do {} while (0)" block. Coverity CID 1306669
2015-06-15curl.1: netrc is in man section 5Daniel Stenberg
2015-06-15curl.1: small format fixDaniel Stenberg
use \fI-style instead of .BR for references
2015-06-14urldata: store POST size in state.infilesize tooDaniel Stenberg
... to simplify checking when PUT _or_ POST have completed. Reported-by: Frank Meier Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-06-14test1530: added http to required featuresDan Fandrich
2015-06-14build: Fix typo from OpenSSL 1.0.2 version detection fixDrake Arconis
2015-06-14build: Properly detect OpenSSL 1.0.2 when using configureDrake Arconis
2015-06-13curl_multi_info_read.3: fix example formattingJay Satiro
2015-06-13BINDINGS: there's a new R binding in town!Daniel Stenberg
2015-06-11BINDINGS: added the Xojo bindingDaniel Stenberg
2015-06-11schannel: Add support for optional client certificatesJoel Depooter
Some servers will request a client certificate, but not require one. This change allows libcurl to connect to such servers when using schannel as its ssl/tls backend. When a server requests a client certificate, libcurl will now continue the handshake without one, rather than terminating the handshake. The server can then decide if that is acceptable or not. Prior to this change, libcurl would terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS error.
2015-06-11curl_easy_cleanup.3: provide more SEE ALSODaniel Stenberg
2015-06-10debug: remove http2 debug leftoversDaniel Stenberg
2015-06-10VERSIONS: now using markdownDaniel Stenberg
2015-06-10RELEASE-PROCEDURE: remove ascii logo at the top of fileDaniel Stenberg
2015-06-10INTERNALS: absorbed docs/LIBCURL-STRUCTSDaniel Stenberg
2015-06-09INTERNALS: cat lib/README* >> INTERNALSDaniel Stenberg
and a conversion to markdown. Removed the lib/README.* files. The idea being to move toward having INTERNALS as the one and only "book" of internals documentation. Added a TOC to top of the document.
2015-06-08openssl: LibreSSL and BoringSSL do not use TLS_client_methodJay Satiro
Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of TLS_client_method LibreSSL and BoringSSL didn't and still use SSLv23_client_method. Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 Reported-by: asavah@users.noreply.github.com
2015-06-09RELEASE-NOTES: synced with 20ac3458068Daniel Stenberg
2015-06-09CURLOPT_OPENSOCKETFUNCTION: return error at onceDaniel Stenberg
When CURL_SOCKET_BAD is returned in the callback, it should be treated as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently created when trying to connect to a server. Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html
2015-06-08fopen.c: fix a few compiler warningsDaniel Stenberg
2015-06-08docs: Spelling fixesVille Skyttä
2015-06-08docs: man page indentation and syntax fixesVille Skyttä
2015-06-08help: Add --proxy-service-name and --service-name to the --help outputLinus Nielsen
2015-06-07openssl: Fix verification of server-sent legacy intermediatesJay Satiro
- Try building a chain using issuers in the trusted store first to avoid problems with server-sent legacy intermediates. Prior to this change server-sent legacy intermediates with missing legacy issuers would cause verification to fail even if the client's CA bundle contained a valid replacement for the intermediate and an alternate chain could be constructed that would verify successfully. https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
2015-06-05BINDINGS: update several URLsDaniel Stenberg
Stop linking to the curl.haxx.se anchor pages, they are usually only themselves pointers to the real page so better point there directly instead.
2015-06-05BINDINGS: the curl-rust bindingDaniel Stenberg
2015-06-05curl.h: add CURL_HTTP_VERSION_2Daniel Stenberg
The protocol is named "HTTP/2" after all. It is an alias for the existing CURL_HTTP_VERSION_2_0 enum.
2015-06-05openssl: removed error string #ifdefDaniel Stenberg
ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
2015-06-05openssl: removed USERDATA_IN_PWD_CALLBACK kludgeDaniel Stenberg
Code for OpenSSL 0.9.4 serves no purpose anymore!
2015-06-05openssl: remove SSL_get_session()-using codeDaniel Stenberg
It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or later.
2015-06-05openssl: remove dummy callback use from SSL_CTX_set_verify()Daniel Stenberg
The existing callback served no purpose.
2015-06-04LIBCURL-STRUCTS: clarify for multiplexingDaniel Stenberg
2015-06-03cookie: Stop exporting any-domain cookiesJay Satiro
Prior to this change any-domain cookies (cookies without a domain that are sent to any domain) were exported with domain name "unknown". Bug: https://github.com/bagder/curl/issues/292
2015-06-03RELEASE-PROCEDURE: refreshed 'coming dates'Daniel Stenberg
2015-06-02curl_setup: Change fopen text macros to use 't' for MSDOSJay Satiro
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 Reported-by: Gisle Vanem
2015-06-02curl_multi_timeout.3: added exampleDaniel Stenberg
2015-06-02curl_multi_perform.3: added exampleDaniel Stenberg
2015-06-02curl_multi_info_read.3: added exampleDaniel Stenberg