Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-08-09 | docs: Update SPNEGO and GSS-API related doc sections | Michael Osipov | |
Reflect recent changes in SPNEGO and GSS-API code in the docs. Update them with appropriate namings and remove visible spots for GSS-Negotiate. | |||
2014-08-07 | docs: Added Negotiate to the SSPI current credentials usage description | Steve Holme | |
2014-08-06 | TODO: HTTP Digest via Windows SSPI | Steve Holme | |
2014-08-06 | TODO: FTP GSSAPI via Windows SSPI | Steve Holme | |
2014-08-02 | CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it | Daniel Stenberg | |
2014-08-01 | FEATURES: minor update | Daniel Stenberg | |
2014-07-31 | CURLOPT_HEADEROPT.3: typo: do -> to | Michael Wallner | |
2014-07-31 | curl_version_info.3: 'ssl_version_num' is always 0 | Daniel Stenberg | |
... and has been so since 2005 | |||
2014-07-31 | ssl: generalize how the ssl backend identifier is set | Daniel Stenberg | |
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS one which was missing previously. | |||
2014-07-30 | opts: fixed some typos | Dan Fandrich | |
2014-07-30 | curl_tlsinfo -> curl_tlssessioninfo | Michael Wallner | |
2014-07-29 | libcurl.m4: include the standard source header | Daniel Stenberg | |
... with permission from David Shaw | |||
2014-07-24 | symbols: CURL_VERSION_GSSNEGOTIATE is deprecated | Daniel Stenberg | |
2014-07-23 | http2: more and better error checking | Daniel Stenberg | |
1 - fixes the warnings when built without http2 support 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 basically when they are about http2 specific things. | |||
2014-07-23 | symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 | Daniel Stenberg | |
2014-07-19 | CURLOPT_CHUNK_BGN_FUNCTION: fix typo | Alessandro Ghedini | |
2014-07-17 | THANKS: added new contributors from 7.37.1 announcement | Daniel Stenberg | |
2014-07-16 | Remove all traces of FBOpenSSL SPNEGO support | David Woodhouse | |
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Workâ˘. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success. | |||
2014-07-10 | CURLOPT_UPLOAD: Corrected argument type | Steve Holme | |
2014-07-09 | FAQ: expand the thread-safe section | Daniel Stenberg | |
... with a mention of *NOSIGNAL, based on talk in bug #1386 | |||
2014-07-05 | Update instances of some obsolete CURLOPTs to their new names | Dan Fandrich | |
2014-07-03 | example: use correct type (long) for CURLOPT_FOLLOWLOCATION | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_FOLLOWLOCATION. | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_ERRORBUFFER. | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_COPYPOSTFIELDS. | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_ADDRESS_SCOPE. | Dimitrios Siganos | |
2014-07-03 | curl.1: minor language fix | Daniel Stenberg | |
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html | |||
2014-07-02 | opts: fixed some CURLOPT references so they get turned into links | Dan Fandrich | |
2014-07-01 | opts: Document the socket callback function parameters | Dan Fandrich | |
2014-06-28 | opts: Fixed some typos | Steve Holme | |
2014-06-25 | curl_easy_setopt.3: fixed the error code for an unsupported option | Dan Fandrich | |
2014-06-24 | opts: added some DEFAULT and RETURN VALUE sections | Dan Fandrich | |
2014-06-21 | libcurl docs: man page edits | Daniel Stenberg | |
mainly to improve how the web versions render | |||
2014-06-21 | curl_easy_setopt.3: fixed some typos | Dan Fandrich | |
2014-06-21 | lib man pages: update easy setopt option references | Daniel Stenberg | |
... by using the "\fIopt(3)\fP" syntax they will be linked properly when the web version of the page is generated. | |||
2014-06-21 | opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default | Daniel Stenberg | |
2014-06-21 | curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception | Daniel Stenberg | |
... to the always-copy-char *-argument. And fix some minor mistakes. | |||
2014-06-21 | curl_easy_setopt.3: refer to the individual man pages | Daniel Stenberg | |
With all the new individual option man pages created, this now refers to each separate one instead of duplicaing the info. Also makes this page easier to overview. | |||
2014-06-21 | opts: fixed mancheck for out-of-tree builds | Dan Fandrich | |
2014-06-21 | curl_easy_setopt.3: shorten | Daniel Stenberg | |
shorten descriptions, mostly refer to the separate descriptions | |||
2014-06-21 | CURLOPT_DNS_LOCAL_IP4.3: better short desc | Daniel Stenberg | |
2014-06-20 | opts: document CURLE_OUT_OF_MEMORY among other return values | Dan Fandrich | |
2014-06-20 | opts: fixed some typos | Dan Fandrich | |
2014-06-20 | opts: various corrections | Daniel Stenberg | |
2014-06-20 | opts: add the rest of the options | Daniel Stenberg | |
... and fixed mancheck to ignore obsolete options | |||
2014-06-20 | opts: the final bunch of options as man pages | Daniel Stenberg | |
Now all current options have their own man pages. | |||
2014-06-19 | opts: 37 additional man pages | Daniel Stenberg | |
2014-06-19 | CURLOPT_URL: move up the text from "Notes" | Daniel Stenberg | |
2014-06-19 | ROADMAP: removed, now ROADMAP.md | Daniel Stenberg | |
2014-06-19 | ROADMAP.md: make it markdown formatted | Daniel Stenberg | |