| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
The error path would previously add a freed entry to the linked list.
Reported-by: Toby Peterson
Fixes #1053
|
|
Cokie with the same domain but different tailmatching property are now
considered different and do not replace each other. If header contains
following lines then two cookies will be set: Set-Cookie: foo=bar;
domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz;
domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033
This matches Chrome, Opera, Safari, and Firefox behavior. When sending
stored tokens to foo.com Chrome, Opera, Firefox store send them in the
stored order, while Safari pre-sort the cookies.
Closes #1050
|
|
Type required for YourClass::func C++ function (using size_t in line
with the documentation for CURLOPT_WRITEFUNCTION) and missing second
colon when specifying the static function for CURLOPT_WRITEFUNCTION.
|
|
Closes #1046
|
|
|
|
|
|
|
|
A libssh2 library in the standard system location was being used in
preference to the desired one while linking.
|
|
|
|
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.
This is suitable for manual NTLM authentication.
Reviewed-by: Jay Satiro
Closes https://github.com/curl/curl/pull/904
|
|
|
|
|
|
As it seems to be a rarely used cipher suite (for securely established
but _unencrypted_ connections), I believe it is fine not to provide an
alias for the misspelled variant.
|
|
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not
override protocols denied by --proto and CURLOPT_PROTOCOLS.
- Add a test to enforce: --proto deny must override --proto-redir allow
Closes https://github.com/curl/curl/pull/1031
|
|
Follow-up to 6140dfcf3e784
Reported-by: Alexander Sinditskiy
|
|
Discussed in #997
Assisted-by: Jay Satiro
|
|
|
|
Bug: https://github.com/curl/curl/issues/1017
Reported-by: Jeroen Ooms
|
|
|
|
Closes https://github.com/curl/curl/pull/1028
|
|
LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all
versions returning `LibreSSL/2.0.0` for any LibreSSL version.
This change provides a local OpenSSL_version_num function replacement
returning LIBRESSL_VERSION_NUMBER instead.
Closes #1029
|
|
Closes #1025
Closes #1026
Closes #1027
|
|
Follow-up fix to d9321562
|
|
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
multiple times without crashing - and other libs might call it! We
basically cannot call it without risking a crash. The function is a
no-op since OpenSSL 1.1.0.
Not calling this function only risks a small memory leak with OpenSSL <
1.1.0.
Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
Reported-by: Todd Short
|
|
|
|
|
|
RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now.
|
|
Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems.
|
|
|
|
Prior to this commit this example failed with error
'Cannot APPEND with unknown input file size'.
Bug: https://github.com/curl/curl/issues/1008
Reported-by: lukaszgn@users.noreply.github.com
Closes https://github.com/curl/curl/pull/1011
|
|
Recent versions of mbedTLS are available under either Apache 2.0 or GPL
2.0, see https://tls.mbed.org/how-to-get
Closes #1019
|
|
|
|
|
|
... but don't send the actual header over the wire as it isn't accepted.
Chunked uploading is still triggered using this method.
Fixes #1013
Fixes #662
|
|
OpenSSL 1.0.1 and 1.0.2 build an error queue that is stored per-thread
so we need to clean it when easy handles are freed, in case the thread
will be killed in which the easy handle was used. All OpenSSL code in
libcurl should extract the error in association with the error already
so clearing this queue here should be harmless at worst.
Fixes #964
|
|
|
|
|
|
|
|
|
|
CVE-2016-7167
Bug: https://curl.haxx.se/docs/adv_20160914.html
|
|
CVE-2016-7167
Bug: https://curl.haxx.se/docs/adv_20160914.html
|
|
Reported-by: Ryan Scott
Fixes #1007
|
|
|
|
NTLM support with mbedTLS was added in 497e7c9 but requires that mbedTLS
is built with the MD4 functions available, which it isn't in default
builds. This now adapts if the funtion isn't there and builds libcurl
without NTLM support if so.
Fixes #1004
|
|
- Change maximum allowed line length from 80 to 79.
|
|
Note that since the added examples are for column alignment I had to
encapsulate with ~~~c markdown to preserve their alignment.
|
|
The `curl-config --static-libs` command should not output paths like
-l/usr/lib/libssl.so, instead print the absolute path without `-l`.
This also removes the confusing message "Static linking is broken" which
was printed because curl-config --static-libs was disfunctional even
though the static libcurl.a library works properly.
Fixes https://github.com/curl/curl/issues/841
|
|
... like when a HTTP/0.9 response comes back without any headers at all
and just a body this now prevents that body from being sent to the
callback etc.
Adapted test 1144 to verify.
Fixes #973
Assisted-by: Ray Satiro
|
