aboutsummaryrefslogtreecommitdiff
path: root/lib/nss.c
AgeCommit message (Collapse)Author
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-05-26fix: preprocessor complaining about macro redefinitionYang Tse
2008-02-20- Based on initial work done by Gautam Kachroo to address a bug, we now keepDaniel Stenberg
better control at the exact state of the connection's SSL status so that we know exactly when it has completed the SSL negotiation or not so that there won't be accidental re-uses of connections that are wrongly believed to be in SSL-completed-negotiate state.
2008-02-19applied patch to disable SSLv2 by default; discussion:Gunter Knauf
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976 Submitted by Kaspar Brand.
2008-01-15Calls to Curl_failf() are not supposed to provide a trailing newline as theDaniel Stenberg
function itself adds that. Fixed on 50 or something strings!
2007-11-05removed space after if and while before the parenthesis for better source codeDaniel Stenberg
consistency
2007-10-25Made libcurl built with NSS possible to ignore the peer verification.Daniel Stenberg
Previously it would fail if the ca bundle wasn't present, even if the code ignored the verification results.
2007-10-25prevent compiler warnings about shadowing and one case of unused variableDaniel Stenberg
2007-09-18Rob Crittenden provided an NSS update with the following highlights:Daniel Stenberg
o It looks for the NSS database first in the environment variable SSL_DIR, then in /etc/pki/nssdb, then it initializes with no database if neither of those exist. o If the NSS PKCS#11 libnspsem.so driver is available then PEM files may be loaded, including the ca-bundle. If it is not available then only certificates already in the NSS database are used. o Tries to detect whether a file or nickname is being passed in so the right thing is done o Added a bit of code to make the output more like the OpenSSL module, including displaying the certificate information when connecting in verbose mode o Improved handling of certificate errors (expired, untrusted, etc) The libnsspem.so PKCS#11 module is currently only available in Fedora 8/rawhide. Work will be done soon to upstream it. The NSS module will work with or without it, all that changes is the source of the certificates and keys.
2007-08-30Renamed several libcurl error codes and options to make them more generalDan Fandrich
and allow reuse by multiple protocols. Several unused error codes were removed. In all cases, macros were added to preserve source (and binary) compatibility with the old names. These macros are subject to removal at a future date, but probably not before 2009. An application can be tested to see if it is using any obsolete code by compiling it with the CURL_NO_OLDIES macro defined. Documented some newer error codes in libcurl-error(3)
2007-08-24Remove leading space in curl_version_info ss_version field.Patrick Monnerat
2007-08-01Patrick Monnerat and I modified libcurl so that now it *copies* all stringsDaniel Stenberg
passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.
2007-07-29Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad useDaniel Stenberg
of a socket after it has been closed, when the FTP-SSL data connection is taken down.
2007-07-20Made some const arrays static to avoid unnecessary stack usage.Dan Fandrich
2007-05-25Rob Crittenden fixed bug #1705802Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1705802), which was filed by Daniel Black identifying several FTP-SSL test cases fail when we build libcurl with NSS for TLS/SSL. Listed as #42 in KNOWN_BUGS.
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-16use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handlingYang Tse
2007-02-13use our own ISSPACE macroYang Tse
2007-02-12Rob Crittenden added support for NSS (Network Security Service) for theDaniel Stenberg
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/