Age | Commit message (Collapse) | Author |
|
Since the public pinning support was brought in e644866caf4. GnuTLS
2.11.3 was released in October 2010.
Figured out in #2890
|
|
... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.
|
|
|
|
|
|
... to make make the files appear in distribution tarballs
Closes #2856
|
|
- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
how to set it
Closes https://github.com/curl/curl/pull/2868
|
|
Closes #2867
|
|
Fixes #2837
Closes #2858
Reported-by: Markus Elfring
|
|
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.
Acked-by: Nikos Mavrogiannopoulos
Closes #2333
|
|
Since it will slip and the version is the important part there, not the
date.
|
|
|
|
Closes #2793
|
|
Closes #2804
|
|
Closes #2794
|
|
The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.
Closes #2788
|
|
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.
This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.
Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.
Closes #2787
|
|
|
|
+ The hackerone bounty and its process
- We don't and can't handle pre-notification
|
|
Apparently the C => HTML converter on the web site doesn't quite like it
otherwise.
Reported-by: Jeroen Ooms
|
|
|
|
Closes #2724
|
|
... and not the other way around, which this previously said.
Reported-by: Vasiliy Faronov
Fixes #2723
Closes #2726
|
|
When size_t is not a typedef for unsigned long (as usually the case on
Windows), GCC emits -Wformat warnings when using lu and lx format
specifiers with size_t. Silence them with explicit casts to
unsigned long.
Closes https://github.com/curl/curl/pull/2721
|
|
|
|
|
|
Closes #2706
|
|
|
|
|
|
|
|
|
|
Closes #2704
|
|
|
|
The code treated the set version as the *exact* version to require in
the TLS handshake, which is not what other TLS backends do and probably
not what most people expect either.
Reported-by: Andreas Olsson
Assisted-by: Gaurav Malhotra
Fixes #2691
Closes #2694
|
|
Reported-by: Andreas Olsson
Fixes #2692
Closes #2693
|
|
The previous example was a little bit confusing, because SSL* structure
(or other "in use" SSL connection pointer) is not accessible after the
transfer is completed, therefore working with the raw TLS library
specific pointer needs to be done during transfer.
Closes #2690
|
|
|
|
|
|
Follow-up to b6a16afa0aa5
|
|
Closes #2673
|
|
|
|
Closes #2663
|
|
|
|
|
|
Closes #2657
|
|
Closes #2120
|
|
Closes #2281
|
|
Implemented by Björn in 946ce5b61f
|
|
Given the contstraints of SChannel, I'm exposing these as the algorithms
themselves instead; while replicating the ciphersuite as specified by
OpenSSL would have been preferable, I found no way in the SChannel API
to do so.
To use this from the commandline, you need to pass the names of contants
defining the desired algorithms. For example, curl --ciphers
"CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM"
https://github.com The specific names come from wincrypt.h
Closes #2630
|
|
|
|
|