Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-07-16 | Remove all traces of FBOpenSSL SPNEGO support | David Woodhouse | |
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Workâ˘. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success. | |||
2014-07-10 | CURLOPT_UPLOAD: Corrected argument type | Steve Holme | |
2014-07-09 | FAQ: expand the thread-safe section | Daniel Stenberg | |
... with a mention of *NOSIGNAL, based on talk in bug #1386 | |||
2014-07-05 | Update instances of some obsolete CURLOPTs to their new names | Dan Fandrich | |
2014-07-03 | example: use correct type (long) for CURLOPT_FOLLOWLOCATION | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_FOLLOWLOCATION. | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_ERRORBUFFER. | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_COPYPOSTFIELDS. | Dimitrios Siganos | |
2014-07-03 | Document type of argument for CURLOPT_ADDRESS_SCOPE. | Dimitrios Siganos | |
2014-07-03 | curl.1: minor language fix | Daniel Stenberg | |
Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html | |||
2014-07-02 | opts: fixed some CURLOPT references so they get turned into links | Dan Fandrich | |
2014-07-01 | opts: Document the socket callback function parameters | Dan Fandrich | |
2014-06-28 | opts: Fixed some typos | Steve Holme | |
2014-06-25 | curl_easy_setopt.3: fixed the error code for an unsupported option | Dan Fandrich | |
2014-06-24 | opts: added some DEFAULT and RETURN VALUE sections | Dan Fandrich | |
2014-06-21 | libcurl docs: man page edits | Daniel Stenberg | |
mainly to improve how the web versions render | |||
2014-06-21 | curl_easy_setopt.3: fixed some typos | Dan Fandrich | |
2014-06-21 | lib man pages: update easy setopt option references | Daniel Stenberg | |
... by using the "\fIopt(3)\fP" syntax they will be linked properly when the web version of the page is generated. | |||
2014-06-21 | opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default | Daniel Stenberg | |
2014-06-21 | curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception | Daniel Stenberg | |
... to the always-copy-char *-argument. And fix some minor mistakes. | |||
2014-06-21 | curl_easy_setopt.3: refer to the individual man pages | Daniel Stenberg | |
With all the new individual option man pages created, this now refers to each separate one instead of duplicaing the info. Also makes this page easier to overview. | |||
2014-06-21 | opts: fixed mancheck for out-of-tree builds | Dan Fandrich | |
2014-06-21 | curl_easy_setopt.3: shorten | Daniel Stenberg | |
shorten descriptions, mostly refer to the separate descriptions | |||
2014-06-21 | CURLOPT_DNS_LOCAL_IP4.3: better short desc | Daniel Stenberg | |
2014-06-20 | opts: document CURLE_OUT_OF_MEMORY among other return values | Dan Fandrich | |
2014-06-20 | opts: fixed some typos | Dan Fandrich | |
2014-06-20 | opts: various corrections | Daniel Stenberg | |
2014-06-20 | opts: add the rest of the options | Daniel Stenberg | |
... and fixed mancheck to ignore obsolete options | |||
2014-06-20 | opts: the final bunch of options as man pages | Daniel Stenberg | |
Now all current options have their own man pages. | |||
2014-06-19 | opts: 37 additional man pages | Daniel Stenberg | |
2014-06-19 | CURLOPT_URL: move up the text from "Notes" | Daniel Stenberg | |
2014-06-19 | ROADMAP: removed, now ROADMAP.md | Daniel Stenberg | |
2014-06-19 | ROADMAP.md: make it markdown formatted | Daniel Stenberg | |
2014-06-19 | ROADMAP: initial commit of "curl the next few years" | Daniel Stenberg | |
To be further discussed, debated and edited | |||
2014-06-19 | opts: more man pages | Daniel Stenberg | |
2014-06-19 | CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' | Daniel Stenberg | |
2014-06-19 | opts: makefile now includes all current man pages | Daniel Stenberg | |
2014-06-19 | opts: 11 more man pages | Daniel Stenberg | |
2014-06-18 | opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE | Dan Fandrich | |
2014-06-18 | opts: fixed a couple of typos | Dan Fandrich | |
2014-06-18 | opts: 16 more man pages | Daniel Stenberg | |
2014-06-18 | opts: more man pages | Daniel Stenberg | |
2014-06-18 | CURLOPT_READFUNCTION.3: add short desc | Daniel Stenberg | |
2014-06-18 | CURLOPT_LOW_SPEED_LIMIT.3: language | Daniel Stenberg | |
2014-06-18 | opts: 4 more man pages | Daniel Stenberg | |
2014-06-18 | opts: add all existing man pages to the dist | Daniel Stenberg | |
2014-06-18 | libcurl build: use correct dir when cd'ing to opts for pdf building | Daniel Stenberg | |
2014-06-18 | opts: fixed a few typos | Dan Fandrich | |
2014-06-18 | opts: 29 more options as man pages | Daniel Stenberg | |
2014-06-17 | opts: 9 more options as separate man pages | Daniel Stenberg | |