aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-10-15mk-ca-bundle: added SHA-384 signature algorithmBruno Thomsen
Certificates based on SHA-1 are being phased out[1]. So we should expect a rise in certificates based on SHA-2. Adding SHA-384 as a valid signature algorithm. [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
2014-10-14OS400: fix bugs in curl_*escape_ccsid() and reduce variables scopePatrick Monnerat
2014-10-14Implement pinned public key in GSKit backendPatrick Monnerat
2014-10-14CURLOPT_TLSAUTH_*.3: fix reference typosDaniel Stenberg
2014-10-14cleanups: reduce variable scopeDaniel Stenberg
cppcheck pointed these out.
2014-10-14singleipconnect: remove dead assignment never usedDaniel Stenberg
cppcheck pointed this out.
2014-10-13pinning: minor code style policingDaniel Stenberg
2014-10-13Factorize pinned public key code into generic file handling and backend specificPatrick Monnerat
2014-10-13vtls: remove QsoSSLPatrick Monnerat
2014-10-13gskit: supply dummy randomization functionPatrick Monnerat
2014-10-13vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementationPatrick Monnerat
2014-10-13tests: move TESTCASES to Makefile.inc, add show for cmakePeter Wu
This change allows runtests.pl to be run from the CMake builddir: export srcdir=/tmp/curl/tests; perl -I$srcdir $srcdir/runtests.pl -l In order to make this possible, all test cases have been moved from Makefile.am to Makefile.inc. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-13cmake: enable IPv6 by default if availablePeter Wu
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if struct sockaddr_in6 is not found in netinet/in.h. Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more platform checks even though POSIX requires a thread-safe getaddrinfo. Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-12cmake: build tool_hugehelp (ENABLE_MANUAL)Peter Wu
Rather than always outputting an empty manual page for the '-M' option, generate a full manual page as done by autotools. For simplicity in CMake, always generate the gzipped page as it will not be used anyway when zlib is not available. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-10tests/http_pipe.py: Python 3 supportPeter Wu
The 2to3 tool converted socketserver (which I manually fixed up with an import fallback) and the print(e) line. The xrange option was converted to range, but it seems better to use the '*' operator here for simplicity. Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-10SECURITY: slightly nicer markdown formatDaniel Stenberg
2014-10-10RELEASE-PROCEDURE: better markdown, more contentDaniel Stenberg
2014-10-09RELEASE-NOTES: synced with 6637b237e6ebDaniel Stenberg
... and bumped the planned release version.
2014-10-09vtls: have vtls.h include the backend header filesDaniel Stenberg
It turned out some features were not enabled in the build since for example url.c #ifdefs on features that are defined on a per-backend basis but vtls.h didn't include the backend headers. CURLOPT_CERTINFO was one such feature that was accidentally disabled.
2014-10-09test2036: verify -O with no slash at all in the URLDaniel Stenberg
Similar to test 76 but that test's URL has a slash just no file name part.
2014-10-09get_url_file_name: make no slash equal empty stringDaniel Stenberg
2014-10-09get_url_file_name: never return a NULL string *and* OKDaniel Stenberg
Change 987a4a73 assumes that as it simplifies life in the calling function. Reported-by: Fabian Keil
2014-10-09Cmake: Build with GSSAPI (MIT or Heimdal)Jakub Zakrzewski
It tries hard to recognise SDK's on different platforms. On windows MIT Kerberos installs SDK with other things and puts path into registry. Heimdal have separate zip archive. On linux pkg-config is tried, then krb5-config script and finally old-style libs and headers detection. Command line args: * CMAKE_USE_GSSAPI - enables GSSAPI detection * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation (the one with include and lib directories)
2014-10-09Cmake: Got rid of setup_curl_dependenciesJakub Zakrzewski
There is no need for such function. Include_directories propagate by themselves and having a function with one simple link statement makes little sense.
2014-10-09Cmake: Avoid cycle directory dependencies.Jakub Zakrzewski
Because we prepended libraries to list, CMake had troubles resolving link directory order as it detected some cycles. Appending to list ensures that dependencies will preceed dependees.
2014-10-09Cmake: Fix library list provided to cURL tests.Jakub Zakrzewski
The list must be set after those nice CMake tests as we mess with CMAKE_REQUIRED_LIBRARIES there.
2014-10-09Cmake: Check for OpenSSL before OpenLDAP.Jakub Zakrzewski
OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first may result in undefined symbols. Of course, the found OpenSSL libraries must also be linked whenever OpenLDAP is.
2014-10-09curl_multi_fdset.3: improved the formatting slightlyDaniel Stenberg
2014-10-09curl_multi_fdset: explain the fd_set argumentsDaniel Stenberg
2014-10-08nss: do not fail if a CRL is already cachedKamil Dudka
This fixes a copy-paste mistake from commit 2968f957.
2014-10-08OS400: upgrade interface for pinned public key (no implementation yet)Patrick Monnerat
2014-10-08FormAdd: precaution against memdup() of NULL pointerDaniel Stenberg
Coverity CID 252518. This function is in general far too complicated for its own good and really should be broken down into several smaller funcitons instead - but I'm adding this protection here now since it seems there's a risk the code flow can end up here and dereference a NULL pointer.
2014-10-08operate: avoid NULL dereferenceDaniel Stenberg
Coverity CID 1241948. dumpeasysrc() would get called with config->current set to NULL which could be dereferenced by a warnf() call.
2014-10-08do_sec_send: remove dead codeDaniel Stenberg
Coverity CID 1241951. The condition 'len >= 0' would always be true at that point and thus not necessary to check for.
2014-10-08krb5_encode: remove unused argumentDaniel Stenberg
Coverity CID 1241957. Removed the unused argument. As this struct and pointer now are used only for krb5, there's no need to keep unused function arguments around.
2014-10-08operate_do: skip superfluous check for NULL pointerDaniel Stenberg
Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL file name pointer so skip the check for that - it tricks coverity into believing it can happen and it then warns later on when we use 'outfile' without checking for NULL.
2014-10-07curl_easy_getinfo.3: spell-fixDaniel Stenberg
Reported-By: Luan Cestari
2014-10-07GnuTLS: Implement public key pinningmoparisthebest
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-10-07multi_runsingle: fix possible memory leakDaniel Stenberg
Coverity CID 1202837. 'newurl' can in fact be allocated even when Curl_retry_request() returns failure so free it if need be.
2014-10-07ares::Curl_resolver_cancel: skip checking for NULL connDaniel Stenberg
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be the subsequent statement would dereference it!
2014-10-07parseconfig: skip a NULL checkDaniel Stenberg
Coverity CID 1154198. This NULL check implies that the pointer _can_ be NULL at this point, which it can't. Thus it is dead code. It tricks static analyzers to warn about dereferencing the pointer since the code seems to imply it can be NULL.
2014-10-07multi-uv.c: call curl_multi_info_read() betterWaldek Kozba
Improves it for low-latency cases (like the communication with localhost)
2014-10-06tool_go_sleep: use (void) to spell out we ignore the return valueDaniel Stenberg
Coverity CID 1222080.
2014-10-06ssh_statemach_act: split out assignment from checkDaniel Stenberg
just a minor code style thing to make the code clearer
2014-10-04curl_schannel.c: Fixed possible memory or handle leakMarc Hoersken
First try to fix possible memory leaks, in this case: Only connssl->ctxt xor onnssl->cred being initialized.
2014-10-04getparameter: remove dead codeDaniel Stenberg
Coverity CID 1061126. 'parse' will always be non-NULL here.
2014-10-04getparameter: comment a switch FALLTHROUGHDaniel Stenberg
Coverity CID 1061118. Point out that it is on purpose.
2014-10-04choose_mech: fix return codeDaniel Stenberg
Coverity CID 1241950. The pointer is never NULL but it might point to NULL.
2014-10-04Curl_sec_read_msg: spell out that we ignore return codeDaniel Stenberg
Coverity CID 1241947. Since if sscanf() fails, the previously set value remains set.