curl - cURL mirror with patches applied

Age	Commit message (Collapse)	Author
2007-01-03	- David McCreedy made changes to allow base64 encoding/decoding to work on	Daniel Stenberg
	non-ASCII platforms.
2006-11-02	prototype for gethostname is in unistd.h	Yang Tse

2006-10-17	Avoid typecasting a signed char to an int when using is*() functions, as that	Daniel Stenberg
	could very well cause a negate number get passed in and thus cause reading outside of the array usually used for this purpose. We avoid this by using the uppercase macro versions introduced just now that does some extra crazy typecasts to avoid byte codes > 127 to cause negative int values.
2006-09-09	Michele Bini fixed how the hostname is put in NTLM packages. As servers	Daniel Stenberg
	don't expect fully qualified names we need to cut them off at the first dot.
2006-07-19	Fix compiler warnings	Yang Tse

2006-06-07	NTLM2 session response support	Daniel Stenberg

2006-04-08	readint_le() not needed in USE_WINDOWS_SSPI code.	Gisle Vanem

2006-04-05	Michele Bini modified the NTLM code to work for his "weird IIS case"	Daniel Stenberg
	(http://curl.haxx.se/mail/lib-2006-02/0154.html) by adding the NTLM hash function in addition to the LM one and making some other adjustments in the order the different parts of the data block are sent in the Type-2 reply. Inspiration for this work was taken from the Firefox NTLM implementation. I edited the existing 21(!) NTLM test cases to run fine with these news. Due to the fact that we now properly include the host name in the Type-2 message the test cases now only compare parts of that chunk.
2005-11-14	Quagmire reported that he needed to raise a NTLM buffer for SSPI to work	Daniel Stenberg
	properly for a case, and so we did. We raised it even for non-SSPI builds but it should not do any harm. http://curl.haxx.se/bug/view.cgi?id=1356715
2005-11-08	Dmitry Bartsevich discovered some issues in compatibilty of SSPI-enabled	Daniel Stenberg
	version of libcurl with different Windows versions. Current version of libcurl imports SSPI functions from secur32.dll. However, under Windows NT 4.0 these functions are located in security.dll, under Windows 9x - in secur32.dll and Windows 2000 and XP contains both these DLLs (security.dll just forwards calls to secur32.dll). Dmitry's patch loads proper library dynamically depending on Windows version. Function InitSecurityInterface() is used to obtain pointers to all of SSPI function in one structure. : ----------------------------------------------------------------------
2005-10-13	Make sure that the user and domain strings fit in the target buffer before we	Daniel Stenberg
	copy them there.
2005-10-02	Avoid gcc warning "dereferencing type-punned pointer	Gisle Vanem
	will break strict-aliasing rules".
2005-09-20	Uses __stdcall instead of SEC_ENTRY since it seems (at least) mingw doesn't	Daniel Stenberg
	define SEC_ENTRY and thus fails unless this is done!
2005-09-19	Dmitry Bartsevich made the SSPI support work on Windows 9x as well	Daniel Stenberg

2005-04-07	GnuTLS support added. There's now a "generic" SSL layer that we use all over	Daniel Stenberg
	internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls
2005-03-14	hushing up more warnings	Daniel Stenberg

2005-03-14	Avoid "unused variable" warnings.	Gisle Vanem

2005-03-11	Fixed some compiler warnings.	Dan Fandrich

2005-03-10	Christopher R. Palmer made it possible to build libcurl with the	Daniel Stenberg
	USE_WINDOWS_SSPI on Windows, and then libcurl will be built to use the native way to do NTLM. SSPI also allows libcurl to pass on the current user and its password in the request.
2005-02-22	Curl_base64_decode() now returns an allocated buffer	Daniel Stenberg

2005-02-22	Thanks for the notification iDEFENCE. We are the "initial vendor" and we sure	Daniel Stenberg
	got no notification, no mail, no nothing. You didn't even bother to mail us when you went public with this. Cool. NTLM buffer overflow fix, as reported here: http://www.securityfocus.com/archive/1/391042
2004-12-07	Rene Bernhardt found and fixed a buffer overrun in the NTLM code, where	Daniel Stenberg
	libcurl always and unconditionally overwrote a stack-based array with 3 zero bytes. I edited the fix to make it less likely to occur again (and added a comment explaining the reason to the buffer size).
2004-07-04	explicit typecasts to prevent warnings	Daniel Stenberg

2004-06-21	typecasts to prevent compiler warnings	Daniel Stenberg

2004-05-25	remove trailing whitespace	Daniel Stenberg

2004-05-11	curl_global_init_mem() allows the memory functions to be replaced.	Daniel Stenberg
	memory.h is included everywhere for this.
2004-05-04	General HTTP authentication cleanup and fixes	Daniel Stenberg

2004-03-30	'authdone' was added to the sessionhandle and thus was removed from the	Daniel Stenberg
	argument to the NTLM function(s)
2004-03-22	Enabled 'NT responses' in the NTLM type-3 message.	Daniel Stenberg

2004-03-08	don't compare signed/unsigned	Daniel Stenberg

2004-03-08	strlen() returns size_t	Daniel Stenberg

2004-02-23	adjusted to the modified base64 protos	Daniel Stenberg

2004-02-23	The base64 encode function now takes a size_t for size, not an int as	Daniel Stenberg
	previously.
2004-01-07	updated year in the copyright string	Daniel Stenberg

2003-10-17	typecasts to prevent warnings	Daniel Stenberg

2003-10-17	make no user or no password just mean blank fields, not aborted operation	Daniel Stenberg

2003-10-05	weird typo removed	Daniel Stenberg

2003-09-15	When we issue a HTTP request, first make sure if the authentication phase	Daniel Stenberg
	is over or not, as if it isn't we shall not begin any PUT or POST operation. This cures bug report #805853, and test case 88 verifies it!
2003-09-04	no user or password set, bail out	Daniel Stenberg

2003-08-11	added include "http.h" to prevent a warning	Daniel Stenberg

2003-08-11	Serge Semashko added CURLOPT_PROXYAUTH support, and now NTLM for proxies	Daniel Stenberg
	work.
2003-07-22	More support for NTLM on proxies, now proxy state and nonce is stored in	Daniel Stenberg
	a separate struct properly.
2003-07-21	adjusted to support NTLM for proxies	Daniel Stenberg

2003-07-19	Access the user and passwd fields from the connectdata struct now instead	Daniel Stenberg
	of the sessionhandle struct, as that was not good.
2003-07-15	Moved the NTLM credentials to the connectdata struct instead, as NTLM	Daniel Stenberg
	authenticates connections and not single requests. This should make it work better when we mix requests from multiple hosts. Problem pointed out by Cris Bailiff.
2003-07-15	Dan Winship's patch added that makes use of DOMAIN\USER or DOMAIN/USER	Daniel Stenberg
	for the user field. I changed it slightly to stay with strchr() only instead of strpbrk() for portability reasons.
2003-06-26	Many fixes, most of them based on comments by Eric Glass	Daniel Stenberg

2003-06-13	Cris Bailiff's patch that should make us do NTLM correctly. When we've	Daniel Stenberg
	authenticated our connection, we can continue without any Authorization: headers as long as our connection is maintained.
2003-06-13	Cris Bailiff's bugfix	Daniel Stenberg

2003-06-13	use more curlish strings, these should be able to change...	Daniel Stenberg