Age | Commit message (Collapse) | Author |
|
CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1,
CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version
(CURL_SSLVERSION_TLSv1 means TLS 1.x).
axTLS:
axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one
of these should be used, so we don't allow the new enum values.
darwinssl:
Added support for the new enum values.
SChannel:
Added support for the new enum values.
CyaSSL:
Added support for the new enum values.
Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it
did the same before this commit), because CyaSSL cannot be configured to
use TLS 1.0-1.2.
GSKit:
GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow
those values.
Bugfix: There was a typo that caused wrong SSL versions to be passed to
GSKit.
NSS:
TLS minor version cannot be set, so we don't allow the new enum values.
QsoSSL:
TLS minor version cannot be set, so we don't allow the new enum values.
OpenSSL:
Added support for the new enum values.
Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0,
now it enables 1.0-1.2.
Command-line tool:
Added command line options for the new values.
|
|
SecPKCS12Import() returns a few errors that are enumerated in OS X's
headers but not in iOS' headers for some reason.
|
|
|
|
|
|
|
|
After the option rename in 5df04bfafd1
|
|
Reported-by: Petr Pisar
|
|
Write to CURLOPT_ERRORBUFFER information about mismatch alternative
certificate subject names.
Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
|
|
The option '--bearer' might be slightly ambiguous in name. It doesn't
create any conflict that I am aware of at the moment, however, OAUTH v2
is not the only authentication mechanism which uses "bearer" tokens.
Reported-by: Kyle L. Huff
URL: http://curl.haxx.se/mail/lib-2013-10/0064.html
|
|
This fixes a regression introduced by commit 0feeab78 limiting the speed
of SCP upload to 16384 B/s on a fast connection (such as localhost).
|
|
|
|
|
|
lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to
set network errors. It doesn't; it uses 'errno'.
|
|
|
|
When using the -w '%{http_code}' flag and simulating a Not Modified then
304 should be output.
|
|
|
|
|
|
|
|
Credit (for catching a cipher I forgot to add to the blocked ciphers list):
https://www.ssllabs.com/ssltest/viewMyClient.html
|
|
Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set
should still verify that the host name fields in the server certificate
is fine or return failure.
Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html
Reported-by: Ishan SinghLevett
|
|
CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS
backends and not for any other!
|
|
|
|
|
|
|
|
|
|
...as it is no longer required following capability and authentication
changes and is now causing problems following commit 49341628b50007 as
the test number is obtained from the client address in the EHLO.
|
|
|
|
...to the client address as this frees the RCPT strings to contain
just an email address and by passing the test number into curl as the
client address remains consistent with POP3 and IMAP tests as they are
specified in the URL.
|
|
|
|
The comment mentioned the need to free the data, but the example already
does that free
|
|
This is similar to getinmemory.c but with an initial POST.
Combined-by: Ulf Samuelsson
|
|
If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform
SDK often defaults to high value, e.g. 0x601 (whoch may probably depend
on the Windows version being used, in my case Windows 7).
If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(),
e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's
lib/select.h.
Make sure HAVE_STRUCT_POLLFD is defined then.
Bug: http://curl.haxx.se/bug/view.cgi?id=1282
Reported-by: "kdekker"
Patch-by: Marcel Raad
|
|
The function "ssl_ui_reader" was declared but never referenced
The function "ssl_ui_writer" was declared but never referenced
|
|
The latest version(s) of the icc compiler no longer accept the extra
space in the -we (warning enable), -wd (warning disable), etc.
Reported-by: Elmira A Semenova
Bug: http://curl.haxx.se/mail/lib-2013-09/0182.html
|
|
|
|
There is an implicit conversion from "unsigned long" to "long"
|
|
Moved the standard SASL mechanism strings into curl_sasl.h rather than
hard coding the same values over and over again in the protocols that
use SASL authentication.
For more information about the mechanism strings see:
http://www.iana.org/assignments/sasl-mechanisms
|
|
|
|
|
|
|
|
...from commit f81d1e16664976 due to copy paste error.
|
|
|
|
|
|
|
|
|
|
|
|
As someone reported on the mailing list a while back, the hard-coded
arbitrary timeout of 7s in test 1112 is not sufficient in some build
environments. At Arista Networks we build and test curl as part of our
automated build system, and we've run into this timeout 170 times so
far. Our build servers are typically quite busy building and testing a
lot of code in parallel, so despite being beefy machines with 32 cores
and 128GB of RAM we still hit this 7s timeout regularly.
URL: http://curl.haxx.se/mail/lib-2010-02/0200.html
|
|
|
|
RCPT_smtp() will now check for a correctly formatted TO address which
allows for invalid recipient addresses to be added.
|
|
As curl will send a HELO command after an negative EHLO response, added
the same detection from commit b07709f7417c3e to the HELO handler to
ensure the test server is identified correctly and an upload isn't
performed.
|