Age | Commit message (Collapse) | Author |
|
This now provides a weak random function since PolarSSL doesn't have a
quick and easy way to provide a good one. It does however provide the
framework to make one so it _can_ and _should_ be done...
|
|
|
|
I couldn't find any dedicated function in its API to get a "good" random
with.
|
|
ASN_NO_SIGNER_E didn't exist back then!
|
|
To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.
This commit makes sure it works for darwinssl, gnutls, nss and openssl.
|
|
... with permission from David Shaw
|
|
The minimal required version of NSS is 3.14.x so it does not make sense
to check for NSS 3.12.0+ at run time.
|
|
Removing defines, even obsolete ones that haven't been used for a very
long time, still break a lot of applications.
Bug: https://github.com/bagder/curl/pull/106
|
|
|
|
|
|
If a non-standard $TESTDIR is used the file may not be necessary.
Previously a "missing" file resulted in the warning:
readline() on closed filehandle D at ./runtests.pl line 4940.
|
|
|
|
Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
Reported-by: Spork Schivago
|
|
|
|
This is now used by the http2 code. It has two different symbols at the
end of the base64 table to make the output "url safe".
Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62
|
|
Curl_base64_decode allocates the output string by itself and two other
strings were not freed either.
|
|
|
|
|
|
Bug: https://github.com/bagder/curl/pull/105
|
|
|
|
... to aid when for example prefixed with a space or other weird
character.
|
|
|
|
warning C4267: '=' : conversion from 'size_t' to 'long', possible loss
of data
The member connection_id of struct connectdata is a long (always a
32-bit signed integer on Visual C++) and the member next_connection_id
of struct conncache is a size_t, so one of them should be changed to
match the other.
This patch the size_t in struct conncache to long (the less invasive
change as that variable is only ever used in a single code line).
Bug: http://curl.haxx.se/bug/view.cgi?id=1399
|
|
|
|
1 - fixes the warnings when built without http2 support
2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
|
|
CyaSSL 3.0.0 returns a unique error code if no CA cert is available,
so translate that into CURLE_SSL_CACERT_BADFILE when peer verification
is requested.
|
|
|
|
No longer necessary after Michael Osipov's rework
|
|
|
|
|
|
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
- CURL_VERSION_GSSNEGOTIATE is deprecated which
is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
CURUL_VERSION_SPNEGO now.
- Remove display of feature 'GSS-Negotiate'
|
|
|
|
That auth mech has never existed neither on MS nor on Unix side.
There is only Negotiate over SPNEGO.
|
|
Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from
HTTP, FTP and SOCKS on Unix
|
|
This reverts commit cb3e6dfa3511 and instead fixes the problem
differently.
The reverted commit addressed a test failure in test 1021 by simplifying
and generalizing the code flow in a way that damaged the
performance. Now we modify the flow so that Curl_proxyCONNECT() again
does as much as possible in one go, yet still do test 1021 with and
without valgrind. It failed due to mistakes in the multi state machine.
Bug: http://curl.haxx.se/bug/view.cgi?id=1397
Reported-by: Paul Saab
|
|
with CURL_NO_OLDIES defined, it doesn't compile because this deprecated
symbol (*INFILE) is used
Bug: http://curl.haxx.se/bug/view.cgi?id=1398
|
|
|
|
This fixes a build failure on Debian caused by commit
24c3cdce88f39731506c287cb276e8bf4a1ce393.
Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
|
|
The curl tool project files for VC8 to VC12 would set this setting to
$(IntDir) which is the Visual Studio default value. To avoid confusion
when viewing settings from within Visual Studio and for consistency
with the libcurl project files removed this setting.
Conflicts:
projects/Windows/VC10/src/curlsrc.tmpl
projects/Windows/VC11/src/curlsrc.tmpl
projects/Windows/VC12/src/curlsrc.tmpl
projects/Windows/VC8/src/curlsrc.tmpl
projects/Windows/VC9/src/curlsrc.tmpl
|
|
The curl tool project files for VC7 to VC12 would set this settings to
$(IntDir)$(TargetName).pch which is the Visual Studio default value. To
avoid confusion when viewing settings from within Visual Studio and for
consistency with the libcurl project files removed this setting.
Conflicts:
projects/Windows/VC10/src/curlsrc.tmpl
projects/Windows/VC11/src/curlsrc.tmpl
projects/Windows/VC12/src/curlsrc.tmpl
projects/Windows/VC8/src/curlsrc.tmpl
projects/Windows/VC9/src/curlsrc.tmpl
|
|
The curl tool project files for VC7 to VC12 would set these settings to
$(IntDir) which is the Visual Studio default value. To avoid confusion
when viewing settings from within Visual Studio and for consistency
with the libcurl project files removed these two settings.
|
|
This prevents targets like tool_hugehelp.c from leaving around
half-constructed files if the rule fails with GNU make.
Reported-by: Rafaël Carré <funman@videolan.org>
|
|
|
|
|
|
|
|
|
|
|
|
It's wrong to assume that we can send a single SPNEGO packet which will
complete the authentication. It's a *negotiation* — the clue is in the
name. So make sure we handle responses from the server.
Curl_input_negotiate() will already handle bailing out if it thinks the
state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
talking to us, so we should avoid endless loops that way.
|
|
GSSAPI doesn't work very well if we forget everything ever time.
XX: Is Curl_http_done() the right place to do the final cleanup?
|
|
This is the correct way to do SPNEGO. Just ask for it
Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket
isn't available. Of course, we bail out when the server responds with the
challenge packet, since we don't expect that. But I'll fix that bug next...
|