Age | Commit message (Collapse) | Author |
|
- Try building a chain using issuers in the trusted store first to avoid
problems with server-sent legacy intermediates.
Prior to this change server-sent legacy intermediates with missing
legacy issuers would cause verification to fail even if the client's CA
bundle contained a valid replacement for the intermediate and an
alternate chain could be constructed that would verify successfully.
https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
|
|
Stop linking to the curl.haxx.se anchor pages, they are usually only
themselves pointers to the real page so better point there directly
instead.
|
|
|
|
The protocol is named "HTTP/2" after all. It is an alias for the
existing CURL_HTTP_VERSION_2_0 enum.
|
|
ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
|
|
Code for OpenSSL 0.9.4 serves no purpose anymore!
|
|
It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
later.
|
|
The existing callback served no purpose.
|
|
|
|
Prior to this change any-domain cookies (cookies without a domain that
are sent to any domain) were exported with domain name "unknown".
Bug: https://github.com/bagder/curl/issues/292
|
|
|
|
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
Reported-by: Gisle Vanem
|
|
|
|
|
|
|
|
Follow-up to e8423f9ce150 with discussionis in
https://github.com/bagder/curl/pull/258
This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.
|
|
|
|
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"
This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.
Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh
|
|
|
|
Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html
Reported-by: Rafayel Mkrtchyan
|
|
Bug: https://github.com/bagder/curl/issues/256
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
equivalent is TLS_client_method.
https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
|
|
|
|
Document that if Set-Cookie is used without a domain then the cookie is
sent for any domain and will not be modified.
Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html
Reported-by: Alexander Dyagilev
|
|
Previously, after seeing upgrade to HTTP/2, we feed data followed by
upgrade response headers directly to nghttp2_session_mem_recv() in
Curl_http2_switched(). But it turns out that passed buffer, mem, is
part of stream->mem, and callbacks called by
nghttp2_session_mem_recv() will write stream specific data into
stream->mem, overwriting input data. This will corrupt input, and
most likely frame length error is detected by nghttp2 library. The
fix is first copy the passed data to HTTP/2 connection buffer,
httpc->inbuf, and call nghttp2_session_mem_recv().
|
|
The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the
outgoing request(s)." However there seems to be some user confusion
about cookie modification. Document that the cookies set by this option
are not modified by the cookie engine.
Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html
Reported-by: Alexander Dyagilev
|
|
|
|
This function makes a platform-specific absolute path which uses
backslashes on Windows. This form works when passing it on the
command-line, as well as if the source is on another drive.
|
|
|
|
|
|
|
|
|
|
|
|
By (void) prefixing it and adding a comment. Did some minor related
cleanups.
Coverity CID 1299423.
|
|
Coverity CID 1299424 identified dead code because of checks that could
never equal true (if the mechanism's name was NULL).
Simplified the function by removing a level of pointers and removing the
loop and array that weren't used.
|
|
Replace use of assert with code that properly catches bad input at
run-time even in non-debug builds.
This flaw was sort of detected by Coverity CID 1299425 which claimed the
"case RTSPREQ_NONE" was dead code.
|
|
A failed calloc() would lead to NULL pointer use.
Coverity CID 1299427.
|
|
non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL
Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html
Reported-by: Sean Boudreau
|