aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2004-11-15clean up start time and t_startsingle use so that redirect_time works properlyDaniel Stenberg
2004-10-06removed tabs and trailing whitespace from sourceDaniel Stenberg
2004-09-02improved error message when client cert return failureDaniel Stenberg
2004-08-10In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input isDaniel Stenberg
already UTF-8 encoded. We check for this case and copy the raw string manually to avoid the problem. This code can be made conditional in the future when OpenSSL has been fixed. Work-around brought by Alexis S. L. Carvalho.
2004-07-29added typecast in an attempt to fix a mingw32 warningDaniel Stenberg
2004-07-04SSL_get_verify_result() returns a long, so we receive the result in a longDaniel Stenberg
and not an int.
2004-07-01Variable type cleanups to please the picky MIPSPro compiler.Daniel Stenberg
2004-06-30Prevent a very long password to buffer overflow the global variable weDaniel Stenberg
use when built with a very old OpenSSL version.
2004-06-30make the SSL connect use the same default connect timeout define as theDaniel Stenberg
generic connect uses
2004-06-24Replaced all uses of sprintf() with the safer snprintf(). It is just aDaniel Stenberg
precaution to prevent mistakes to lead to buffer overflows.
2004-06-22Gisle fixed the wildcard checks for certificates.Daniel Stenberg
2004-06-19prevent compiler warningDaniel Stenberg
2004-06-18Gisle's "SSL patch" from June 16th 2004, modified by me as discussed on theDaniel Stenberg
mailing list.
2004-06-13use Curl_strcasestr() when checking wildcard cert namesDaniel Stenberg
2004-05-18* seed_enough() was converted to a macro to avoid the IRIX compiler warningDaniel Stenberg
about that passed-in argument not being used. * killed trailing whitespace
2004-05-17Peter Sylvester's patch that addresses two flaws in the peer certificate nameDaniel Stenberg
verification: - when multiple common names are used (as in the curl tests), the last name needs to be selected. - allow comparing with encoded values, at least with BMP and ISO latin1 encoded T61strings.
2004-05-13memory cleanup and check fixDaniel Stenberg
2004-05-11curl_global_init_mem() allows the memory functions to be replaced.Daniel Stenberg
memory.h is included everywhere for this.
2004-04-29Gisle made the code use ERR_error_string_n()Daniel Stenberg
2004-04-27Made host name and proxy name get stored in a 'struct hostname' and setDaniel Stenberg
all things up to work with encoded host names internally, as well as keeping 'display names' to show in debug messages. IDN resolves work for me now using ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right.
2004-04-26Tor Arntsen fixed a 'Statement not reachable'-warningDaniel Stenberg
2004-04-20Cleaned up hostname/name/gname and path/ppath confusion. Removed the fixed-Daniel Stenberg
length limit of the hostname part of the URL.
2004-03-23variable type usage cleanup to please picky compilersDaniel Stenberg
2004-03-11don't let the EINTR stuff build on windowsDaniel Stenberg
2004-03-10Jeff Lawson fixed the SSL connection to deal with received signals during theDaniel Stenberg
connect.
2004-03-09Use curl_socket_t instead of int for holding sockets. The typedefs andDaniel Stenberg
defines are in setup.h.
2004-01-29Dan Fandrich's cleanup patch to make pedantic compiler options cause lessDaniel Stenberg
warnings. Minor edits by me.
2004-01-16Gisle Vanem's patch for variables that "might be used uninitialized"Daniel Stenberg
2004-01-07updated year in the copyright stringDaniel Stenberg
2003-11-24prevent warning for non-SSL buildsDaniel Stenberg
2003-11-24FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe itDaniel Stenberg
2003-11-15Mathias Axelsson found a case where we free()d the server certificate twice!Daniel Stenberg
2003-10-23Georg Horn's fixes to do different CA cert verifications. They can now beDaniel Stenberg
done even if the result is ignored, as some sites seem to require that.
2003-10-16rewritten alternative name checkDaniel Stenberg
2003-10-15bad license situation for the altname patchDaniel Stenberg
2003-10-08fixed to build fine without sslDaniel Stenberg
2003-10-07 Neil Dunbar provided a patch that now makes libcurl check SSLDaniel Stenberg
subjectAltNames when matching certs. This is apparently detailed in RFC2818 as the right thing to do. I had to add configure checks for inet_pton() and our own (strictly speaking, code from BIND written by Paul Vixie) provided code for the function for platforms that miss it.
2003-09-03warn if no CN is available if verify is only set to 1Daniel Stenberg
2003-08-19CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions soDaniel Stenberg
we need to check for its presence in the configure script
2003-08-19Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()Daniel Stenberg
when we cleanup the SSL stuff to not leak any memory. I wish this was documented anywhere.
2003-07-05re-use existing variable instead of declaring a new local oneDaniel Stenberg
2003-07-04Peter Sylvester's patch was applied that introduces the following:Daniel Stenberg
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If anything but CURLE_OK is returned, that will also be returned by libcurl all the way back. If this function changes the CURLOPT_URL, libcurl will detect this and instead go use the new URL. CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set with CURLOPT_SSL_CTX_FUNCTION.
2003-06-26use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditionsDaniel Stenberg
2003-06-02work-around SSL implementation flaws better, pointed out in bug reportDaniel Stenberg
#745122.
2003-05-01Andy Cedilnik fixed some compiler warningsDaniel Stenberg
2003-04-14return the same error for the sslv2 "certificate verify failed" codeDaniel Stenberg
2003-04-14Restored the SSL error codes since they was broken in the 7.10.4 release,Daniel Stenberg
also now attempt to detect and return the specific CACERT error code.
2003-03-31Fixup after talks with Richard Bramante. We should now make betterDaniel Stenberg
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-13Philippe Raoult needed this to build on FreeBSDDaniel Stenberg
2003-03-11Richard Gorton improved the random_the_seed() function for systems whereDaniel Stenberg
we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure.