aboutsummaryrefslogtreecommitdiff
path: root/lib/gtls.c
AgeCommit message (Collapse)Author
2007-02-20New FTP CCC functionality - adds passive and active mode to accomodate for ↵Linus Nielsen Feltzing
different server behaviour
2007-02-19fixed code to compile and removed one warningDaniel Stenberg
2007-02-16use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handlingYang Tse
2007-02-05- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MSDaniel Stenberg
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the timeouts with millisecond resolution instead. The only restriction to that is the alarm() (sometimes) used to abort name resolves as that uses full seconds. I fixed the FTP response timeout part of the patch. Internally we now count and keep the timeouts in milliseconds but it also means we multiply set timeouts with 1000. The effect of this is that no timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which equals 24.86 days. We probably couldn't before either since the code did *1000 on the timeout values on several places already.
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-12-16Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPEDaniel Stenberg
during certain conditions when GnuTLS is used.
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.
2006-10-21Armel Asselin separated CA cert verification problems from problems withDaniel Stenberg
reading the (local) CA cert file to let users easier pinpoint the actual problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-08-16Use gnutls_strerror() for clearer error message.Gisle Vanem
2006-05-05additional renames of Curl_ourerrno => Curl_sockerrnoDaniel Stenberg
2006-05-04Mark Eichin submitted bug report #1480821Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a problem with how libcurl dealt with GnuTLS and a case where gnutls returned GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected return code, making Curl_ssl_send() confuse the upper layer - causing random 28 bytes trash data to get inserted in the transfered stream. The proper fix was to make the Curl_gtls_send() function return the proper return codes that the callers would expect. The Curl_ossl_send() function already did this.
2005-11-13to build with old gnutls verions, don't use the *_t typesDaniel Stenberg
2005-11-11Dima Barsky patched problem #1348930: the GnuTLS code completely ignoredDaniel Stenberg
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
2005-10-22 Dima Barsky reported a problem with GnuTLS-enabled libcurl in bug reportDaniel Stenberg
#1334338 (http://curl.haxx.se/bug/view.cgi?id=1334338). When reading an SSL stream from a server and the server requests a "rehandshake", the current code simply returns this as an error. I have no good way to test this, but I've added a crude attempt of dealing with this situation slightly better - it makes a blocking handshake if this happens. Done like this because fixing this the "proper" way (that would handshake asynchronously) will require quite some work and I really need a good way to test this to do such a change.
2005-08-24Fixed CA cert verification using GnuTLS with the default bundle, whichDaniel Stenberg
previously failed due to GnuTLS not allowing x509 v1 CA certs by default.
2005-04-22Fixed the CN extractionDaniel Stenberg
2005-04-13oops, only negative numbers are errorsDaniel Stenberg
2005-04-13don't bail out just because the ca file has a problem, it might be OKDaniel Stenberg
2005-04-09Blah, revert my removal of the extra check since the problem is there for real.Daniel Stenberg
Archived thread of the help-gnutls mailing list regarding this problem: http://lists.gnu.org/archive/html/help-gnutls/2005-04/msg00000.html (and I _am_ sorry for my confused behaviour on this problem.)
2005-04-09OK, I must've been halucinating or something because I no longer see theDaniel Stenberg
bug I thought I saw before when I changed this...!
2005-04-07Unfortunately, if a ca file name is set the function fails for whatever reasonDaniel Stenberg
(missing file, bad file, etc), gnutls will no longer handshake properly but it just loops forever. Therefore, we must return error if we get an error when setting the CA cert file name. This is not the same behaviour as with OpenSSL. Question/report posted to the help-gnutls mailing list, April 8 2005.
2005-04-07GnuTLS support added. There's now a "generic" SSL layer that we use all overDaniel Stenberg
internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls