| Age | Commit message (Collapse) | Author |
|---|
|
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
multiple times without crashing - and other libs might call it! We
basically cannot call it without risking a crash. The function is a
no-op since OpenSSL 1.1.0.
Not calling this function only risks a small memory leak with OpenSSL <
1.1.0.
Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
Reported-by: Todd Short
|
|
Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems.
|
|
... instead of relying on the pkg-config autoconf macros to be present.
Fixes #972 (again...)
|
|
With commit c2f9b78 we added a new dependency on pkg-config for
developers which may be unwanted. This change make the configure script
still work as before if pkg-config isn't installed, it'll just use the
old zlib detection logic without pkg-config.
Reported-by: Marc Hörsken
Fixes #972
|
|
|
|
Closes #956
|
|
|
|
Another follow up for crypt32.lib linking with winssl
|
|
follow-up from 120bf29e
|
|
Necessary since 6cabd78531f
|
|
These configure vars are modified in a curl-specific way and modified by
the configure process, but are never loaded from cache, even though they
are designated as _cv_. We should implement proper AC_CACHE_CHECKs for
them eventually.
|
|
This was automated by:
sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \
ack -o 'ac_cv_.*?\b' | \
sort -u | xargs -n1 bash -c \
'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \
$(git ls-files)
This only changed the prefix for 16 variables actually checked with
AC_CACHE_CHECK.
|
|
'strncasecmp' was once provided by libresolv (no trailing e) for SunOS,
but this check is broken and most likely adds nothing useful. Removing
now.
Reported-by: Irfan Adilovic
Discussed in #770
|
|
https://github.com/wolfSSL/wolfssl/issues/366
|
|
|
|
- Warn if --with-ca-bundle file does not exist.
- Warn if --with-ca-path directory does not contain certificates.
- Improve help messages for both.
Example configure output:
ca cert bundle: /some/file (warning: certs not found)
ca cert path: /some/dir (warning: certs not found)
Bug: https://github.com/curl/curl/issues/404
Reported-by: Jeffrey Walton
|
|
|
|
As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
BoringSSL #ifdefs in cURL should be unnecessary:
- BoringSSL provides no-op stubs for compatibility which replaces most
#ifdefs.
- DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
the compatibility codepath.
- With a small tweak to an extend_key_56_to_64 call, the NTLM code
builds fine.
- Switch OCSP-related #ifdefs to the more generally useful
OPENSSL_NO_OCSP.
The only #ifdefs which remain are Curl_ossl_version and the #undefs to
work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
that to the consumer. The in-header workaround makes things sensitive to
include order.)
This change errs on the side of removing conditionals despite many of
the restored codepaths being no-ops. (BoringSSL generally adds no-op
compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
bad enough!)
Closes #640
|
|
When trying to verify a peer without having any root CA certificates
set, this makes libcurl use the TLS library's built in default as
fallback.
Closes #569
|
|
|
|
|
|
The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
works, and testing like that doesn't work for cross-compiles. These days
IPv6 support is widespread so a blind guess is probably more likely to
be 'yes' than 'no' now.
Further: anyone who cross-compiles can use configure's --disable-ipv6 to
explicitly disable IPv6 and that also works for cross-compiles.
Made happen after discussions in issue #594
|
|
This patch was "nicked" from the MINGW-packages project by Daniel.
https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.
Also fix the mistake in configure that checks for the wrong lib name.
Closes #566
|
|
|
|
Fixes #534
Closes #537
|
|
- If mingw ssl make sure -lgdi32 comes after ssl libs
- Allow PKG_CONFIG to set pkg-config location and options
Bug: https://github.com/bagder/curl/pull/501
Reported-by: Kang Lin
|
|
closes #496
|
|
... to make test 1014 work again after e77b5b7453.
|
|
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.
The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.
Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
|
|
'make V=1' will make the build verbose like before
|
|
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.
gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.
Signed-off-by: Mike Crowe <mac@mcrowe.com>
|
|
Turns out HMAC_Init is now deprecated in openssl master (and I spelled
HMAC_Init_ex wrong in previous commit)
|
|
Since boringssl brought back DES_set_odd_parity again, it cannot be used
to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
seems better anyway.
URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
Original-patch-by: Bertrand Simonnet
Closes #393
|
|
... since boringssl moved the former ones and the check started to fail.
URL: https://android.googlesource.com/platform/external/curl/+/f551028d5caab29d4b4a4ae8c159c76c3cfd4887%5E!/
Original-patch-by: Bertrand Simonnet
|
|
This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3.
... since libidn has since been fixed.
|
|
To make it easier to link with static versions of OpenSSL, the configure
script now checks if -ldl is needed for linking.
Help-by: TJ Saunders
|
|
This option disables any attempts in configure to create dependency on
stuff requiring linking to librt.so and libpthread.so, in this case this
means clock_gettime(CLOCK_MONOTONIC, &mt).
We were in need to build curl which doesn't link libpthread.so to avoid
the following bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16628.
|
|
For security reasons, until there is a fix.
Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
Reported-by: Gustavo Grieco, Feist Josselin
|
|
This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
and utilize recent version of nghttp2 to simplify the code,
First we use nghttp2_option_set_no_recv_client_magic function to
detect nghttp2 v1.0.0. That function only exists since v1.0.0.
Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
validates received header field. If it found error, RST_STREAM with
PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize
this feature to simplify libcurl code. This commit does this.
Migration from 0.7 series are done based on nghttp2 migration
document. For libcurl, we removed the code sending first 24 bytes
client magic. It is now done by nghttp2 library.
on_invalid_frame_recv callback signature changed, and is updated
accordingly.
|
|
commit 5b66860652 was incomplete so here's a follow-up fix
Reported-by: Dagobert Michelsen
Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445
|
|
|
|
|
|
Bug: https://github.com/bagder/curl/pull/171
|
|
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
|
|
Allows the user to easier override its path.
Bug: http://curl.haxx.se/bug/view.cgi?id=1486
|
|
This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.
This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133,
which fixes the same sort of problem for NSS builds.
|
|
This change was made in CyaSSL/WolfSSL ver. 3.4.0
|
|
OpenSSL handling was a little broken.
|
|
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
|
