Age | Commit message (Collapse) | Author |
|
in non-blocking mode.
|
|
false positive on a leaked socket, so this introduces a way to tell the system
that the socket is indeed closed without explicitly closing it!
|
|
libcurl called NSS to close the SSL "session" it also closed the actual
socket.
|
|
|
|
version 3.12.0, and depending on the result add 'sql:' prefix to cert database directory so that newer SQLIte database format works.
|
|
back to hardcoded directory if not a valid directory.
|
|
|
|
|
|
|
|
ATOB_ConvertAsciiToItem.
|
|
libcurl-NSS. Originally reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9
|
|
verbose error messages. Originally reported at:
https://bugzilla.redhat.com/show_bug.cgi?id=516056
|
|
in NSS-powered libcurl. Now the client certificates can be selected
automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
slots is no more performed. It used to cause problems with HW tokens.
- Fixed reference counting for NSS client certificates. Now the PEM reader
module should be always properly unloaded on Curl_nss_cleanup(). If the unload
fails though, libcurl will try to reuse the already loaded instance.
|
|
issue with client certs that caused issues like segfaults.
http://curl.haxx.se/mail/lib-2009-05/0316.html
|
|
|
|
PK11_CreateGenericObject() function.
|
|
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12
If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.
|
|
|
|
|
|
|
|
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
is found in Redhat's bug tracker:
https://bugzilla.redhat.com/show_bug.cgi?id=453612
There are still memory leaks present, but they seem to have other reasons.
|
|
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
explicitly.
|
|
|
|
|
|
|
|
I have to jump through a few hoops now with the NSS library initialization
since another part of an application may have already initialized NSS by the
time Curl gets invoked. This patch is more careful to only shutdown the NSS
library if Curl did the initialization.
It also adds in a bit of code to set the default ciphers if the app that
call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
ciphers. One might argue that this lets other application developers get
lazy and/or they aren't using the NSS API correctly, and you'd be right.
But still, this will avoid terribly difficult-to-trace crashes and is
generally helpful.
|
|
codes for all calls to malloc and strdup that were missing. I also changed
a few malloc(13) to use arrays on the stack and a few malloc(PATH_MAX) to
instead use aprintf() to lower memory use.
I also fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
in use.
|
|
used in strequal.c so now all test cases run fine for me again.
|
|
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
uses strcasecmp() in multiple places where it causes failures when the
Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
strcasecmp() on those letters are different in Turkish than in English (or
just about all other languages). I thus introduced a totally new internal
function in libcurl (called Curl_ascii_equal) for doing case insentive
comparisons for english-(ascii?) style strings that thus will make "file"
and "FILE" match even if the Turkish locale is selected.
|
|
implementation".
|
|
|
|
|
|
|
|
|
|
handshake with a SSLv2 server, and it turned out to be because it didn't
recognize the cipher named "rc4-md5". In our list that cipher was named
plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported
that it made things work for him again.
|
|
number of entries in a provided table is doomed to fail in the long run. Now
we use the NUM_OF_CIPHERS define instead to figure out the amount.
|
|
|
|
always fire up a new connection rather than using the existing one when the
multi interface is used. Original bug report:
https://bugzilla.redhat.com/show_bug.cgi?id=450140
|
|
the check_issuer_cert() proto
|
|
warning in the code though but we need NSS' base64.h header for that and we
don't currently have a suitable way to include it as our own base64.h header
kind of "blocks" it.
|
|
|
|
libraries are supported. Starting now, each underlying SSL library support
code does a set of defines for the 16 functions the generic layer (sslgen.c)
uses (all these new function defines use the prefix "curlssl_"). This
greatly simplified the generic layer in readability by involving much less
#ifdefs and other preprocessor stuff and should make it easier for people to
make libcurl work with new SSL libraries.
Hopefully I can later on document these 16 functions somewhat as well.
I also made most of the internal SSL-dependent functions (using Curl_ssl_
prefix) #defined to nothing when no SSL support is requested - previously
they would unnecessarily call mostly empty functions.
|
|
|
|
OpenSSL, NSS and GnuTLS-built libcurls.
|
|
OpenSSL, NSS and GnuTLS-built libcurls.
|
|
|
|
better control at the exact state of the connection's SSL status so that we
know exactly when it has completed the SSL negotiation or not so that there
won't be accidental re-uses of connections that are wrongly believed to be
in SSL-completed-negotiate state.
|
|
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
|
|
function itself adds that. Fixed on 50 or something strings!
|
|
consistency
|