aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2013-11-05KNOWN_BUGS: STARTTRANSFER for POST requestsDaniel Stenberg
added 85. Wrong STARTTRANSFER timer accounting for POST requests
2013-11-05Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated stringDaniel Stenberg
Our own printf() replacement clearly can't properly handle %.*s with a string that isn't zero terminated. Instead of fixing the printf code or even figuring out what the proper posix behavior is, I reverted this piece of the code back to the previous version where it does malloc + memcpy instead. Regression added in e839446c2a5, released in curl 7.32.0. Reported-by: Felix Yan Bug: http://curl.haxx.se/bug/view.cgi?id=1295
2013-11-05RELEASE-NOTES: Synced with 7fc3b2ce382ed6Steve Holme
2013-11-05connect.h: Updated copyright year for last editSteve Holme
2013-11-04connect: Add connection delay to Happy Eyeballs.Björn Stenberg
This patch adds a 200ms delay between the first and second address family socket connection attempts. It also iterates over IP addresses in the order returned by the system, meaning most dual-stack systems will try IPv6 first. Additionally, it refactors the connect code, removing most code that handled synchronous connects. Since all sockets are now non-blocking, the logic can be made simpler.
2013-11-04winbind: Fixed ntlm_auth expecting eol following commit e17c1b25bc33ebSteve Holme
2013-11-04nss.c: Fixed compilation warnings (Take Two)Steve Holme
nss.c:702: warning: pointer targets in passing argument 3 of 'Curl_extract_certinfo' differ in signedness nss.c:702: warning: pointer targets in passing argument 4 of 'Curl_extract_certinfo' differ in signedness Made sure the cast was correctly "unsigned char *" to "char *" and not "unsigned char *" to "unsigned char *".
2013-11-04nss.c: Fixed compilation warningsSteve Holme
nss.c:700: warning: pointer targets in passing argument 3 of 'Curl_extract_certinfo' differ in signedness nss.c:700: warning: pointer targets in passing argument 4 of 'Curl_extract_certinfo' differ in signedness
2013-11-03tests: Added test for IMAP NOOP commandSteve Holme
2013-11-03tests: Added test for IMAP COPY commandSteve Holme
2013-11-03tests: Disable IMAP CLOSE and EXPUNGE command testsSteve Holme
This is temporary until curl supports either multiple custom commands or post-quote commands in IMAP.
2013-11-03tests: Added tests for IMAP CLOSE and EXPUNGE commandsSteve Holme
2013-11-03connect.c: Code policing on commit 5094bb53f4a027Steve Holme
No need for a rhs condition on a bitwise compare.
2013-11-03nss.c: Fixed compilation warningsSteve Holme
warning: implicit declaration of function 'Curl_extract_certinfo'
2013-11-03x509asn1.c: Fixed compilation warningsSteve Holme
warning: declaration of 'chsize' shadows a global declaration
2013-11-03DOCS: Expanded --request description to include POP3 and IMAP detailsSteve Holme
2013-11-03tool_help: Updated --list-only description to include POP3Steve Holme
2013-11-03DOCS: Updated --list-only description to include POP3Steve Holme
Additionally corrected typos in --oauth2-bearer protocol list.
2013-11-03base64: Fixed compilation warnings when using Curl_base64_decode()Steve Holme
curl_sasl.c:294: warning: dereferencing type-punned pointer will break strict-aliasing rules getpart.c:201: warning: dereferencing type-punned pointer will break strict-aliasing rules
2013-11-03connect: Fixed "Whut?" no server connection failuresSteve Holme
Introduced in commit 7d7df831981fee curl would loop displaying "Whut?" if it was trying to connect to an address and port that didn't have anything listening on it.
2013-11-03http: Post base64 decoding tidy upSteve Holme
Renamed copy_header_value() to Curl_copy_header_value() as this function is now non static. Simplified proxy flag in Curl_http_input_auth() when calling sub-functions. Removed unnecessary white space removal when using negotiate as it had been missed in commit cdccb422671aeb.
2013-11-03glob_range: pass the closing bracket for a-z rangesDaniel Stenberg
Regression since commit 5ca96cb844102 (release in 7.33.0) Reported-by: Marcin Gryszkalis
2013-11-02getpart: Fixed base64 encoded parts following commit e17c1b25bc33ebSteve Holme
2013-11-02http: Added proxy tunnel authentication message header value extractionSteve Holme
...following recent changes to Curl_base64_decode() rather than trying to parse a header line for the authentication mechanisms which is CRLF terminated and inline zero terminate it.
2013-10-31http: Added authentication message header value extractionSteve Holme
...following recent changes to Curl_base64_decode() rather than trying to parse a header line for the authentication mechanisms which is CRLF terminated and inline zero terminate it.
2013-10-30curl_multi_wait: accept 0 from multi_timeout() as valid timeoutDaniel Stenberg
The code rejected 0 as a valid timeout while in fact the function could indeed legitimately return that and it should be respected. Reported-by: Bjorn Stenberg
2013-10-30email: Corrected a couple of typos from commit aa0eaef4838ccdSteve Holme
2013-10-30TODO: Removed the 'Graceful base64 decoding failure' sectionsSteve Holme
Updated following the recent changes to support graceful failures during the authentication phrase.
2013-10-30email: Post graceful SASL authentication cancellation tidy upSteve Holme
2013-10-30tests: use proper padding in NTLM responsesKamil Dudka
2013-10-30NSS: support for CERTINFO featurePatrick Monnerat
2013-10-30base64: removed trailing white spaceDaniel Stenberg
and updated copyright year
2013-10-30base64: Added basic validation to base64 input string when decodingSteve Holme
A base64 string should be a multiple of 4 characters in length, not contain any more than 2 padding characters and only contain padding characters at the end of string. For example: Y3VybA== Strings such as the following are considered invalid: Y= - Invalid length Y== - Invalid length Y=== - More than two padding characters Y=x= - Padding character contained within string
2013-10-29RELEASE-NOTES: synced with 255826c40f9316Daniel Stenberg
2013-10-29bugfix: Don't block waiting for socket1 connect.Björn Stenberg
This patch fixes a bug in Happy Eyeballs where curl would wait for a connect response from socket1 before checking socket2. Also, it updates error messages for failed connections, showing the ip addresses that failed rather than just the host name repeatedly. Bug: http://curl.haxx.se/mail/lib-2013-10/0236.html Reported-by: Paul Marks
2013-10-28sasl: Updated create_digest_md5_message() to use a dynamic bufferSteve Holme
2013-10-28SECURITY: "curl security for developers"Daniel Stenberg
Describes our security process from a project and curl developer's perspective.
2013-10-28OS400: coding style standardsPatrick Monnerat
2013-10-27email: Added support for cancelling NTLM authenticationSteve Holme
2013-10-27sasl: Removed unused variables from commit b87ba2c94217c0Steve Holme
2013-10-27email: Added support for cancelling DIGEST-MD5 authenticationSteve Holme
2013-10-27email: Corrected a couple of typos from 1e39b95682781fSteve Holme
2013-10-27docs/examples/httpput.c: fix build for MSVCGisle Vanem
"Dan Fandrich" <dan@coneharvesters.com> wrote: >> But I'm not sure <unistd.h> is needed at all. > > It's needed for close(2). But the only reason that's needed is because fstat > is used instead of stat(2); if you fix that, then you could remove that > include altogether. Okay. I've tested the following with MSVC and MingW. htttput.c now simply uses stat():
2013-10-27email: Added support for canceling CRAM-MD5 authenticationSteve Holme
2013-10-27Typo fix in trynextip().Björn Stenberg
2013-10-27TODO: remove "Happy Eyeball dual stack connect"Daniel Stenberg
... as it was just merged in commit 7d7df
2013-10-27Add "Happy Eyeballs" for IPv4/IPv6.Björn Stenberg
This patch invokes two socket connect()s nearly simultaneously, and the socket that is first connected "wins" and is subsequently used for the connection. The other is terminated. There is a very slight IPv4 preference, in that if both sockets connect simultaneously IPv4 is checked first and thus will win.
2013-10-27email: Added initial support for cancelling authenticationSteve Holme
Should a client application fail to decode an authentication message received from a server, or not support any of the parameters given by the server in the message, then the authentication phrase should be cancelled gracefully by the client rather than simply terminating the connection. The authentication phrase should be cancelled by simply sending a '*' to the server, in response to erroneous data being received, as per RFC-3501, RFC-4954 and RFC-5034. This patch adds the necessary state machine constants and appropriate response handlers in order to add this functionality for the CRAM-MD5, DIGEST-MD5 and NTLM authentication mechanisms.
2013-10-27email: Moved authentication message parsing into a separate functionSteve Holme
...in preparation for upcoming modifications.
2013-10-27ftp: Fixed compiler warningSteve Holme
warning: 'result' may be used uninitialized in this function