aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2007-03-14yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check forDaniel Stenberg
it and avoid it, even if this cripples the CCC command
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-21curlassert macro replaced with DEBUGASSERT macro defined in setup_once.hYang Tse
2007-02-20New FTP CCC functionality - adds passive and active mode to accomodate for ↵Linus Nielsen Feltzing
different server behaviour
2007-02-16use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handlingYang Tse
2007-02-05- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MSDaniel Stenberg
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the timeouts with millisecond resolution instead. The only restriction to that is the alarm() (sometimes) used to abort name resolves as that uses full seconds. I fixed the FTP response timeout part of the patch. Internally we now count and keep the timeouts in milliseconds but it also means we multiply set timeouts with 1000. The effect of this is that no timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which equals 24.86 days. We probably couldn't before either since the code did *1000 on the timeout values on several places already.
2007-01-10Display crypto engine name correctly in debug message.Dan Fandrich
2007-01-08Removed unused variable in Curl_ossl_shutdown()Linus Nielsen Feltzing
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.
2006-11-08Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION withoutDaniel Stenberg
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the SSL handshake. This is now stopped.
2006-10-21Armel Asselin separated CA cert verification problems from problems withDaniel Stenberg
reading the (local) CA cert file to let users easier pinpoint the actual problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-17Explicit typecast for Curl_debug() size argumentYang Tse
2006-09-10Compiler warning fixYang Tse
2006-07-19Fix compiler warningsYang Tse
2006-07-19Avoid variable declaration shadowing previously declared oneYang Tse
2006-07-17Update error buffer size used for SSL_strerror()Yang Tse
2006-06-29with a very recent yassl, we now can display 'yassl' when the OpenSSL API isDaniel Stenberg
in fact provided by yassl instead
2006-06-09proper use of newlinesDaniel Stenberg
2006-06-07NTLM2 session response supportDaniel Stenberg
2006-05-10David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extendedDaniel Stenberg
checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-09Robson Braga Araujo fixed two problems in the recently added non-blocking SSLDaniel Stenberg
connects. The state machine was not reset properly so that subsequent connects using the same handle would fail, and there were two memory leaks.
2006-05-05additional renames of Curl_ourerrno => Curl_sockerrnoDaniel Stenberg
2006-05-04Roland Blom filed bug report #1481217Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele Bini and David Byron. libcurl previously wrongly used GetLastError() on windows to get error details after socket-related function calls, when it really should use WSAGetLastError() instead. When changing to this, the former function Curl_ourerrno() is now instead called Curl_sockerrno() as it is necessary to only use it to get errno from socket-related functions as otherwise it won't work as intended on Windows.
2006-04-18corrected the SSL timeout, as Ates Goral's patch did it and that works (opposedDaniel Stenberg
to my previous brain-damaged version)
2006-04-10Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT andDaniel Stenberg
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL connection time-out!
2006-04-07First commit of David McCreedy's EBCDIC and TPF changes.Daniel Stenberg
2006-03-21Xavier Bouchoux made the SSL connection non-blocking for the multi interfaceDaniel Stenberg
(when using OpenSSL).
2006-03-13David McCreedy found a use of the wrong variable when display the errorDaniel Stenberg
text from OpenSSL.
2006-03-06Lots of users on Windows have reported getting the "SSL: couldn't setDaniel Stenberg
callback" error message so I've now made the setting of that callback not be as critical as before. The function is only used for additional loggging/ trace anyway so a failure just means slightly less data. It should still be able to proceed and connect fine to the server.
2005-12-19Fixed lcc compiler warnings.Dan Fandrich
2005-12-13Fixed some compiler warnings on lcc.Dan Fandrich
2005-12-05Yang Tse fixed: Openssl 0.9.9 makes 'const' the SSL_METHOD parameter inDaniel Stenberg
SSL_CTX_new and others, and also makes functions SSLv23_client_method, TLSv1_client_method, etc return a 'const' SSL_METHOD pointer. Previous versions do not use the 'const' qualifier.
2005-12-04Recent OpenSSL returns a 'const' in '*_client_method()'. So avoidGisle Vanem
'assignment discards qualifiers from pointer target type' warning.
2005-11-13Yang Tse fixed compiler warningsDaniel Stenberg
2005-08-10the debug callback was called with CURLINFO_TEXT with the data size oneDaniel Stenberg
too big
2005-04-13fix compiler warningDaniel Stenberg
2005-04-07GnuTLS support added. There's now a "generic" SSL layer that we use all overDaniel Stenberg
internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls
2005-03-31Updated the copyright year since changes have been this year.Daniel Stenberg
2005-03-04Reduced the length of data read from the random entropy file.Dan Fandrich
2005-03-04Don't try to read the whole of the random file because when /dev/urandom isDan Fandrich
used, it slows initialization too much reading an infinitely long file!
2005-02-10init fix for non-SSL buildsDaniel Stenberg
2005-02-09better error checking and SSL init by David ByronDaniel Stenberg
2005-01-10Hzhijun reported a memory leak in the SSL certificate code, that leaked theDaniel Stenberg
remote certificate name when it didn't match the used host name.
2004-12-19Remove 'data' initialiser.Gisle Vanem
2004-12-19if the pkcs12.h header exists, include it already in urldata.h to work aroundDaniel Stenberg
a precedence problem with the zlib header. See CHANGES for details.
2004-12-18Samuel Listopad added support for PKCS12 formatted certificates.Daniel Stenberg
2004-12-14prevent compiler warning when built without engine supportDaniel Stenberg
2004-12-14Header files are in openssl/ only if USE_OPENSSL is set.Dan Fandrich
2004-12-14urldata.h: Removed engine_list.Gisle Vanem
ssluse.*: Added SSL_strerror(). Curl_SSL_engines_list() now returns a slist which must be freed by caller.