Age | Commit message (Collapse) | Author |
|
Added axTLS to autotool files and glue code to misc other files.
axtls.h maps SSL API functions, but may change.
axtls.c is just a stub file and will definitely change.
|
|
Howard Chu brought the bulk work of this patch that properly
moves out the sending and recving of data to the parts of the
code that are properly responsible for the various ways of doing
so.
Daniel Stenberg assisted with polishing a few bits and fixed some
minor flaws in the original patch.
Another upside of this patch is that we now abuse CURLcodes less
with the "magic" -1 return codes and instead use CURLE_AGAIN more
consistently.
|
|
This is Hoi-Ho Chan's patch with some minor fixes by me. There
are some potential issues in this, but none worse than we can
sort out on the list and over time.
|
|
|
|
|
|
which could have caused a double free when reusing curl handle.
|
|
|
|
|
|
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
libcurl did not deal with SSL session ids properly if the server rejected a
re-use of one. Starting now, it will forget the rejected one and remember
the new. This change was for OpenSSL only, it is likely that other SSL lib
code needs similar fixes.
|
|
Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi
interface and provided a patch that fixed the problem!
|
|
|
|
|
|
inclusion by the curl tool without colliding with the curl_strequal functions.
|
|
Changed checkprefix() to use it and those instances of strnequal() that
compare host names or other protocol strings that are defined to be
independent of case in the C locale. This should fix a few more
Turkish locale problems.
|
|
|
|
|
|
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
or FTPS), libcurl will gather lots of server certificate info and that info
can then get extracted by a client after the request has completed with
curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
helped me test and smoothen out this feature.
Unfortunately, this feature currently only works with libcurl built to use
OpenSSL.
This feature was sponsored by networking4all.com - thanks!
|
|
CURLINFO_APPCONNECT_TIME. This is set with the "application layer"
handshake/connection is completed (typically SSL, TLS or SSH). By using this
you can figure out the application layer's own connect time. You can extract
the time stamp using curl's -w option and the new variable named
'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
|
|
libraries are supported. Starting now, each underlying SSL library support
code does a set of defines for the 16 functions the generic layer (sslgen.c)
uses (all these new function defines use the prefix "curlssl_"). This
greatly simplified the generic layer in readability by involving much less
#ifdefs and other preprocessor stuff and should make it easier for people to
make libcurl work with new SSL libraries.
Hopefully I can later on document these 16 functions somewhat as well.
I also made most of the internal SSL-dependent functions (using Curl_ssl_
prefix) #defined to nothing when no SSL support is requested - previously
they would unnecessarily call mostly empty functions.
|
|
of tetetest's patch for curl_easy_send()
|
|
better control at the exact state of the connection's SSL status so that we
know exactly when it has completed the SSL negotiation or not so that there
won't be accidental re-uses of connections that are wrongly believed to be
in SSL-completed-negotiate state.
|
|
|
|
(http://curl.haxx.se/bug/view.cgi?id=1856628) and provided a fix for the
(small) memory leak in the SSL session ID caching code. It happened when a
previous entry in the cache was re-used.
|
|
a problem with SSL session caching that prevent it from working, and the
associated fix!
|
|
from the other day. It is time to setup the internal SSL libs and treat them
with a "handler" struct similar to how we deal with the protocols these days...
|
|
|
|
while () => while()
and some other minor re-indentings
|
|
|
|
|
|
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
|
|
|
|
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
|
|
support for the OS/400 Secure Sockets Layer library
|
|
survive getting called twice
|
|
since they're already included through "setup.h".
|
|
|
|
SSL/TLS layer. http://www.mozilla.org/projects/security/pki/nss/
|
|
|
|
|
|
|
|
|
|
|
|
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
will make libcurl shutdown SSL/TLS after the authentication is done on a
FTP-SSL operation.
|
|
|
|
They all now return ssize_t to Curl_write().
Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
|
|
|
|
handle that is part of a multi handle first removes the handle from the
stack.
- Added CURLOPT_SSL_SESSIONID_CACHE and --no-sessionid to disable SSL
session-ID re-use on demand since there obviously are broken servers out
there that misbehave with session-IDs used.
|
|
|
|
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
|
|
(when using OpenSSL).
|