Age | Commit message (Collapse) | Author |
|
|
|
Howard Chu brought the bulk work of this patch that properly
moves out the sending and recving of data to the parts of the
code that are properly responsible for the various ways of doing
so.
Daniel Stenberg assisted with polishing a few bits and fixed some
minor flaws in the original patch.
Another upside of this patch is that we now abuse CURLcodes less
with the "magic" -1 return codes and instead use CURLE_AGAIN more
consistently.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
a broken TLS server. However it does not happen if SSL version is selected
manually. The approach was originally taken from PSM. Kaspar Brand helped me
to complete the patch. Original bug reports:
https://bugzilla.redhat.com/525496
https://bugzilla.redhat.com/527771
|
|
closed NSPR descriptor. The issue was hard to find, reported several times
before and always closed unresolved. More info at the RH bug:
https://bugzilla.redhat.com/534176
|
|
in non-blocking mode.
|
|
false positive on a leaked socket, so this introduces a way to tell the system
that the socket is indeed closed without explicitly closing it!
|
|
libcurl called NSS to close the SSL "session" it also closed the actual
socket.
|
|
|
|
version 3.12.0, and depending on the result add 'sql:' prefix to cert database directory so that newer SQLIte database format works.
|
|
back to hardcoded directory if not a valid directory.
|
|
|
|
|
|
|
|
ATOB_ConvertAsciiToItem.
|
|
libcurl-NSS. Originally reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9
|
|
verbose error messages. Originally reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=516056
|
|
in NSS-powered libcurl. Now the client certificates can be selected
automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
slots is no more performed. It used to cause problems with HW tokens.
- Fixed reference counting for NSS client certificates. Now the PEM reader
module should be always properly unloaded on Curl_nss_cleanup(). If the unload
fails though, libcurl will try to reuse the already loaded instance.
|
|
issue with client certs that caused issues like segfaults.
http://curl.haxx.se/mail/lib-2009-05/0316.html
|
|
|
|
PK11_CreateGenericObject() function.
|
|
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12
If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.
|
|
|
|
|
|
|
|
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
is found in Redhat's bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=453612
There are still memory leaks present, but they seem to have other reasons.
|
|
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
|
|
|
|
|
|
|
|
I have to jump through a few hoops now with the NSS library initialization
since another part of an application may have already initialized NSS by the
time Curl gets invoked. This patch is more careful to only shutdown the NSS
library if Curl did the initialization.
It also adds in a bit of code to set the default ciphers if the app that
call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
ciphers. One might argue that this lets other application developers get
lazy and/or they aren't using the NSS API correctly, and you'd be right.
But still, this will avoid terribly difficult-to-trace crashes and is
generally helpful.
|
|
codes for all calls to malloc and strdup that were missing. I also changed
a few malloc(13) to use arrays on the stack and a few malloc(PATH_MAX) to
instead use aprintf() to lower memory use.
I also fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
in use.
|
|
used in strequal.c so now all test cases run fine for me again.
|
|
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
uses strcasecmp() in multiple places where it causes failures when the
Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
strcasecmp() on those letters are different in Turkish than in English (or
just about all other languages). I thus introduced a totally new internal
function in libcurl (called Curl_ascii_equal) for doing case insentive
comparisons for english-(ascii?) style strings that thus will make "file"
and "FILE" match even if the Turkish locale is selected.
|
|
implementation".
|
|
|
|
|
|
|
|
|
|
handshake with a SSLv2 server, and it turned out to be because it didn't
recognize the cipher named "rc4-md5". In our list that cipher was named
plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported
that it made things work for him again.
|
|
number of entries in a provided table is doomed to fail in the long run. Now
we use the NUM_OF_CIPHERS define instead to figure out the amount.
|
|
|
|
always fire up a new connection rather than using the existing one when the
multi interface is used. Original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=450140
|
|
the check_issuer_cert() proto
|