aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-09-23gnutls: Report actual GnuTLS error message for certificate errorsMike Crowe
If GnuTLS fails to read the certificate then include whatever reason it provides in the failure message reported to the client. Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22RELEASE-NOTES: synced with 6b56901b56eDaniel Stenberg
2015-09-22gnutls: Support CURLOPT_KEYPASSWDMike Crowe
The gnutls vtls back-end was previously ignoring any password set via CURLOPT_KEYPASSWD. Presumably this was because gnutls_certificate_set_x509_key_file did not support encrypted keys. gnutls now has a gnutls_certificate_set_x509_key_file2 function that does support encrypted keys. Let's determine at compile time whether the available gnutls supports this new function. If it does then use it to pass the password. If it does not then emit a helpful diagnostic if a password is set. This is preferable to the previous behaviour of just failing to read the certificate without giving a reason in that case. Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22CURLINFO_TLS_SESSION: always return backend infoDaniel Stenberg
... even for those that don't support providing anything in the 'internals' struct member since it offers a convenient way for applications to figure this out.
2015-09-22tool: remove redundant libcurl checkDaniel Hwang
The easysrc generation is run only when --libcurl is initialized. Ref: https://github.com/bagder/curl/issues/429 Closes #448
2015-09-22CURLOPT_PROXY.3: A proxy given as env variable gets no special treatmentRichard van den Berg
Closes #449
2015-09-22TODO: 5.7 More compressionsDaniel Stenberg
Like for example brotli, as being implemented in Firefox now.
2015-09-21tool_operate: Don't call easysrc cleanup unless --libcurlJay Satiro
- Review of 4d95491. The author changed it so easysrc only initializes when --libcurl but did not do the same for the call to easysrc cleanup. Ref: https://github.com/bagder/curl/issues/429
2015-09-20CURLOPT_PINNEDPUBLICKEY.3: replace test.com with example.comViktor Szakats
closes #443
2015-09-20KNOWN_BUGS: 91 "curl_easy_perform hangs with imap and PolarSSL"Daniel Stenberg
Closes #334
2015-09-20KNOWN_BUGS: add link to #85Daniel Stenberg
2015-09-20tests: disable 1801 until fixedDaniel Stenberg
It is unreliable and causes CI problems on github Closes #380
2015-09-20RELEASE-NOTES: synced with 4d95491636eeDaniel Stenberg
2015-09-20tool: generate easysrc only on --libcurlDaniel Lee Hwang
Code should only be generated when --libcurl is used. Bug: https://github.com/bagder/curl/issues/429 Reported-by: @greafhe, Jay Satiro Closes #429 Closes #442
2015-09-19vtls: Change designator name for server's pubkey hashJay Satiro
- Change the designator name we use to show the base64 encoded sha256 hash of the server's public key from 'pinnedpubkey' to 'public key hash'. Though the server's public key hash is only shown when comparing pinned public key hashes, the server's hash may not match one of the pinned.
2015-09-19NTLM: Reset auth-done when using a fresh connectionIsaac Boukris
With NTLM a new connection will always require authentication. Fixes #435
2015-09-19ssl: add server cert's "sha256//" hash to verboseDaniel Hwang
Add a "pinnedpubkey" section to the "Server Certificate" verbose Bug: https://github.com/bagder/curl/issues/410 Reported-by: W. Mark Kubacki Closes #430 Closes #410
2015-09-19openldap: only part of LDAP query results receivedJakub Zakrzewski
Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f Closes #440
2015-09-19openssl: don't output certinfo dataAlessandro Ghedini
2015-09-19openssl: refactor certificate parsing to use OpenSSL memory BIOAlessandro Ghedini
Fixes #427
2015-09-18nss: prevent NSS from incorrectly re-using a sessionKamil Dudka
Without this workaround, NSS re-uses a session cache entry despite the server name does not match. This causes SNI host name to differ from the actual host name. Consequently, certain servers (e.g. github.com) respond by 400 to such requests. Bug: https://bugzilla.mozilla.org/1202264
2015-09-18nss: check return values of NSS functionsKamil Dudka
2015-09-17CURLOPT_PINNEDPUBLICKEY.3: mention error codeDaniel Stenberg
2015-09-17openssl: build with < 0.9.8Daniel Stenberg
... without sha256 support and no define saying so. Reported-by: Rajkumar Mandal
2015-09-17libcurl-errors.3: add two missing error codesDaniel Stenberg
CURLE_SSL_PINNEDPUBKEYNOTMATCH and CURLE_SSL_INVALIDCERTSTATUS
2015-09-14CURLOPT_PINNEDPUBLICKEY.3: Improve pubkey extraction exampleJay Satiro
- Show how a certificate can be obtained using OpenSSL. Bug: https://github.com/bagder/curl/pull/430 Reported-by: Daniel Hwang
2015-09-13http2: removed unused functionDaniel Stenberg
2015-09-12CURLINFO_ACTIVESOCKET.3: mention it replaces *LASTSOCKETDaniel Stenberg
2015-09-12opts: add CURLINFO_* man pages to distDaniel Stenberg
2015-09-12opts: 19 more CURLINFO_* options made into stand-alone man pagesDaniel Stenberg
2015-09-12RELEASE-NOTES: synced with fad9604613Daniel Stenberg
2015-09-11curl: customrequest_helper: deal with NULL custom methodDaniel Stenberg
2015-09-11CURLOPT_FNMATCH_FUNCTION.3: fix typoSvyatoslav Mishyn
s => is Closes #428
2015-09-11curl: point out unnecessary uses of -X in verbose modeDaniel Stenberg
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take down the tone a bit. It adds a warning for using -XHEAD on other methods becasue that may lead to a hanging connection.
2015-09-10curl_sspi: fix possibly undefined CRYPT_E_REVOKEDJay Satiro
Bug: https://github.com/bagder/curl/pull/411 Reported-by: Viktor Szakats
2015-09-09buildconf.bat: fix syntax errorJay Satiro
2015-09-09winbuild: run buildconf.bat if necessaryBenjamin Kircher
2015-09-08docs: fix argument type for CURLINFO_SPEED_*, CURLINFO_SIZE_*Svyatoslav Mishyn
long => double
2015-09-08cmake: IPv6 : disable Unix header check on Windows platformSergei Nikulov
Closes #409
2015-09-08parse_proxy: reject illegal port numbersDaniel Stenberg
If the port number in the proxy string ended weirdly or the number is too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 numerical address is used without enclosing brackets. Also mention the bracket requirement for IPv6 numerical addresses to the man page for CURLOPT_PROXY. Closes #415 Reported-by: Marcel Raad
2015-09-08FTP: do_more: add check for wait_data_conn in upload caseDaniel Stenberg
In some timing-dependnt cases when a 4xx response immediately followed after a 150 when a STOR was issued, this function would wrongly return 'complete == true' while 'wait_data_conn' was still set. Closes #405 Reported-by: Patricia Muscalu
2015-09-06CURLOPT_TLSAUTH_TYPE.3: update descriptionSvyatoslav Mishyn
Closes #414 Closes #413
2015-09-05CURLOPT_PATH_AS_IS.3: fix typoSvyatoslav Mishyn
leavit => leaveit closes #412
2015-09-05CURLINFO_SSL_VERIFYRESULT.3: add short descriptionSvyatoslav Mishyn
2015-09-05CURLINFO_SSL_ENGINES.3: add short descriptionSvyatoslav Mishyn
2015-09-05CURLINFO_CONTENT_LENGTH_UPLOAD.3: replace "receive" with "get" for consistencySvyatoslav Mishyn
2015-09-05CURLINFO_REDIRECT_TIME.3: remove redundant '!'Svyatoslav Mishyn
2015-09-04Revert "has: generate the curl/has.h header"Kamil Dudka
This reverts commit a60bde79f9adeb135d5c642a07f0d783fbfbbc25 I have pushed by mistake. Apologies for my incompetent use of the git repo!
2015-09-04nss: do not directly access SSL_ImplementedCiphers[]Kamil Dudka
It causes dynamic linking issues at run-time after an update of NSS. Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
2015-09-04has: generate the curl/has.h headerDaniel Stenberg
changed macro name, moved and renamed script to become docs/libcurl/has.pl, generate code that is checksrc compliant