Age | Commit message (Collapse) | Author |
|
|
|
Some servers will request a client certificate, but not require one.
This change allows libcurl to connect to such servers when using
schannel as its ssl/tls backend. When a server requests a client
certificate, libcurl will now continue the handshake without one,
rather than terminating the handshake. The server can then decide
if that is acceptable or not. Prior to this change, libcurl would
terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS
error.
|
|
|
|
|
|
|
|
|
|
|
|
and a conversion to markdown. Removed the lib/README.* files. The idea
being to move toward having INTERNALS as the one and only "book" of
internals documentation.
Added a TOC to top of the document.
|
|
Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of
TLS_client_method LibreSSL and BoringSSL didn't and still use
SSLv23_client_method.
Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009
Reported-by: asavah@users.noreply.github.com
|
|
|
|
When CURL_SOCKET_BAD is returned in the callback, it should be treated
as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently
created when trying to connect to a server.
Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html
|
|
|
|
|
|
|
|
|
|
- Try building a chain using issuers in the trusted store first to avoid
problems with server-sent legacy intermediates.
Prior to this change server-sent legacy intermediates with missing
legacy issuers would cause verification to fail even if the client's CA
bundle contained a valid replacement for the intermediate and an
alternate chain could be constructed that would verify successfully.
https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
|
Stop linking to the curl.haxx.se anchor pages, they are usually only
themselves pointers to the real page so better point there directly
instead.
|
|
|
|
The protocol is named "HTTP/2" after all. It is an alias for the
existing CURL_HTTP_VERSION_2_0 enum.
|
|
ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
|
|
Code for OpenSSL 0.9.4 serves no purpose anymore!
|
|
It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
later.
|
|
The existing callback served no purpose.
|
|
|
|
Prior to this change any-domain cookies (cookies without a domain that
are sent to any domain) were exported with domain name "unknown".
Bug: https://github.com/bagder/curl/issues/292
|
|
|
|
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
Reported-by: Gisle Vanem
|
|
|
|
|
|
|
|
Follow-up to e8423f9ce150 with discussionis in
https://github.com/bagder/curl/pull/258
This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.
|
|
|
|
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"
This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.
Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh
|
|
|
|
Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html
Reported-by: Rafayel Mkrtchyan
|
|
Bug: https://github.com/bagder/curl/issues/256
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
equivalent is TLS_client_method.
https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
|
|
|