aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-01-22configure: remove detection of the old yassl emulation APIDaniel Stenberg
... as that is ancient history and not used.
2015-01-22OCSP stapling: disabled when build with BoringSSLDaniel Stenberg
2015-01-22openssl: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. Thanks-to: Joe Mason - for the work-around for the OpenSSL bug.
2015-01-22BoringSSL: fix build for non-configure buildsDaniel Stenberg
HAVE_BORINGSSL gets defined now by configure and should be defined by other build systems in case a BoringSSL build is desired.
2015-01-22configure: fix BoringSSL detection and detect libressslDaniel Stenberg
2015-01-22curl_sasl: Reinstate the sasl_ prefix for locally scoped functionsSteve Holme
Commit 7a8b2885e2 made some functions static and removed the public Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which is the naming convention we use in this source file.
2015-01-22curl_sasl: Minor code policing following recent commitsSteve Holme
2015-01-22openvms: Handle openssl/0.8.9zb version parsingJohn Malmberg
packages/vms/gnv_link_curl.com was assuming only a single letter suffix in the openssl version. That assumption has been fixed for 7.40.
2015-01-22BoringSSL: detected by configure, switches off NTLMDaniel Stenberg
2015-01-22BoringSSL: no PKCS12 support nor ERR_remove_stateDaniel Stenberg
2015-01-22BoringSSL: fix buildLeith Bade
2015-01-20curl_sasl.c: chlglen is not used when cryptography is disabledSteve Holme
2015-01-20curl_sasl.c: Fixed compilation warning when cyptography is disabledSteve Holme
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local variable
2015-01-20curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI definedSteve Holme
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier This error could also happen for non-SSPI builds when cryptography is disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20SASL: make some procedures local-scopedPatrick Monnerat
2015-01-20SASL: common state engine for imap/pop3/smtpPatrick Monnerat
2015-01-20SASL: common URL option and auth capabilities decoders for all protocolsPatrick Monnerat
2015-01-20IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.Patrick Monnerat
2015-01-20ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6Daniel Stenberg
Reported-by: Chris Young
2015-01-20timeval: typecast for better type (on Amiga)Chris Young
There is an issue with conflicting "struct timeval" definitions with certain AmigaOS releases and C libraries, depending on what gets included when. It's a minor difference - the OS one is unsigned, whereas the common structure has signed elements. If the OS one ends up getting defined, this causes a timing calculation error in curl. It's easy enough to resolve this at the curl end, by casting the potentially errorneous calculation to a signed long.
2015-01-19openssl: do public key pinning check independentlyDaniel Stenberg
... of the other cert verification checks so that you can set verifyhost and verifypeer to FALSE and still check the public key. Bug: http://curl.haxx.se/bug/view.cgi?id=1471 Reported-by: Kyle J. McKay
2015-01-19OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.Patrick Monnerat
2015-01-18ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAPSteve Holme
For consistency with other USE_WIN32_ defines as well as the USE_OPENLDAP define.
2015-01-18http_negotiate: Use dynamic buffer for SPN generationSteve Holme
Use a dynamicly allocated buffer for the temporary SPN variable similar to how the SASL GSS-API code does, rather than using a fixed buffer of 2048 characters.
2015-01-18sasl_gssapi: Make Curl_sasl_build_gssapi_spn() publicSteve Holme
2015-01-18sasl_gssapi: Fixed memory leak with local SPN variableSteve Holme
2015-01-17http_negotiate.c: unused variable 'ret'Daniel Stenberg
2015-01-17gskit.h: Code policing of function pointer argumentsSteve Holme
2015-01-17vtls: Removed unimplemented overrides of curlssl_close_all()Steve Holme
Carrying on from commit 037cd0d991, removed the following unimplemented instances of curlssl_close_all(): Curl_axtls_close_all() Curl_darwinssl_close_all() Curl_cyassl_close_all() Curl_gskit_close_all() Curl_gtls_close_all() Curl_nss_close_all() Curl_polarssl_close_all()
2015-01-17vtls: Separate the SSL backend definition from the API setupSteve Holme
Slight code cleanup as the SSL backend #define is mixed up with the API function setup.
2015-01-17vtls: Fixed compilation errors when SSL not usedSteve Holme
Fixed the following warning and error from commit 3af90a6e19 when SSL is not being used: url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; assuming extern returning int error LNK2019: unresolved external symbol Curl_ssl_cert_status_request referenced in function Curl_setopt
2015-01-17http_negotiate: Added empty decoded challenge message info textSteve Holme
2015-01-17http_negotiate: Return CURLcode in Curl_input_negotiate() instead of intSteve Holme
2015-01-17http_negotiate_sspi: Prefer use of 'attrs' for context attributesSteve Holme
Use the same variable name as other areas of SSPI code.
2015-01-17http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()Steve Holme
Use the SECURITY_STATUS typedef rather than a unsigned long for the QuerySecurityPackageInfo() return and rename the variable as per other areas of SSPI code.
2015-01-17http_negotiate_sspi: Use 'CURLcode result' for CURL result codeSteve Holme
2015-01-16curl_endian: Fixed build when 64-bit integers are not supported (Part 2)Steve Holme
Missed Curl_read64_be() in commit bb12d44471 :(
2015-01-16CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0Daniel Stenberg
2015-01-16curlver.h: next release is 7.41.0 due to the changesDaniel Stenberg
2015-01-16RELEASE-NOTES: mention the new OCSP stapling options, bump versionDaniel Stenberg
2015-01-16opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/MakefileDaniel Stenberg
2015-01-16help: add --cert-status to --help outputDaniel Stenberg
2015-01-16copyright years: after OCSP stapling changesDaniel Stenberg
2015-01-16curl: add --cert-status optionAlessandro Ghedini
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2015-01-16nss: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires NSS 3.15 or higher.
2015-01-16gtls: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP response verfication to fail even on valid responses.
2015-01-16url: add CURLOPT_SSL_VERIFYSTATUS optionAlessandro Ghedini
This option can be used to enable/disable certificate status verification using the "Certificate Status Request" TLS extension defined in RFC6066 section 8. This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the certificate status verification fails, and the Curl_ssl_cert_status_request() function, used to check whether the SSL backend supports the status_request extension.
2015-01-16TheArtOfHttpScripting: skip the date at the top, we have gitDaniel Stenberg
2015-01-16TheArtOfHttpScripting: phrase it TLS lib agnosticDaniel Stenberg
2015-01-16TODO: Added some SMB ideasSteve Holme