Age | Commit message (Collapse) | Author |
|
|
|
allocation of the memory BIO was not being properly checked.
|
|
disable "rfc4507bis session ticket support". rfc4507bis was later turned
into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077
The enabled extension concerns the session management. I wonder how often
libcurl stops a connection and then resumes a TLS session. also, sending the
session data is some overhead. .I suggest that you just use your proposed
patch (which explicitly disables TICKET).
If someone writes an application with libcurl and openssl who wants to
enable the feature, one can do this in the SSL callback.
Sharad Gupta brought this to my attention. Peter Sylvester helped me decide
on the proper action.
|
|
clarity. This does fix one problem that causes ;type=i FTP URLs
to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
used (test case 561)
Added tests 561 and 1092 through 1094 to test various combinations
of ;type= and ;mode= URLs that could potentially fail in the Turkish
locale.
|
|
--disable-verbose".
|
|
inclusion by the curl tool without colliding with the curl_strequal functions.
|
|
used in strequal.c so now all test cases run fine for me again.
|
|
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
uses strcasecmp() in multiple places where it causes failures when the
Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
strcasecmp() on those letters are different in Turkish than in English (or
just about all other languages). I thus introduced a totally new internal
function in libcurl (called Curl_ascii_equal) for doing case insentive
comparisons for english-(ascii?) style strings that thus will make "file"
and "FILE" match even if the Turkish locale is selected.
|
|
|
|
2008-09-24 stable snapshot have a buf_mem_st.length structure member with
'int' data type.
OpenSSL un-released 0.9.9 CVS version has a buf_mem_st.length structure member
with 'size_t' data type since 2007-Oct-09.
These 4 typecasts should silence compiler warnings in all cases.
|
|
|
|
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
or FTPS), libcurl will gather lots of server certificate info and that info
can then get extracted by a client after the request has completed with
curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
helped me test and smoothen out this feature.
Unfortunately, this feature currently only works with libcurl built to use
OpenSSL.
This feature was sponsored by networking4all.com - thanks!
|
|
true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or
less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that
would set it to something non-zero would return before the assign in almost
all error cases. The internal variable is now set to non-zero from the start
of the function only to get cleared later on if things work out fine.
|
|
libraries are supported. Starting now, each underlying SSL library support
code does a set of defines for the 16 functions the generic layer (sslgen.c)
uses (all these new function defines use the prefix "curlssl_"). This
greatly simplified the generic layer in readability by involving much less
#ifdefs and other preprocessor stuff and should make it easier for people to
make libcurl work with new SSL libraries.
Hopefully I can later on document these 16 functions somewhat as well.
I also made most of the internal SSL-dependent functions (using Curl_ssl_
prefix) #defined to nothing when no SSL support is requested - previously
they would unnecessarily call mostly empty functions.
|
|
function(pointer to char,int,int,pointer to void)' is compiler dependent
|
|
functionality killed it due to its unconditional use of
X509_STORE_set_flags...
|
|
OpenSSL, NSS and GnuTLS-built libcurls.
|
|
OpenSSL, NSS and GnuTLS-built libcurls.
|
|
|
|
of tetetest's patch for curl_easy_send()
|
|
properly acknowledging the timeout values, like if you pulled the network
plug in the midst of it.
|
|
Patch submitted by Kaspar Brand.
|
|
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
use OpenSSL) support a full chain of certificates in a given PKCS12
certificate.
|
|
better control at the exact state of the connection's SSL status so that we
know exactly when it has completed the SSL negotiation or not so that there
won't be accidental re-uses of connections that are wrongly believed to be
in SSL-completed-negotiate state.
|
|
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
|
|
them all use the same (hopefully correct) logic to make it less error-prone
and easier to introduce library-wide where it should be used.
|
|
function itself adds that. Fixed on 50 or something strings!
|
|
use that prefix as we use that prefix only for library-wide internal global
symbols.
|
|
|
|
SSL-based server doesn't present a certificate when the request is told to
ignore certificate verification anyway.
|
|
consistency
|
|
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.
|
|
|
|
and allow reuse by multiple protocols. Several unused error codes were
removed. In all cases, macros were added to preserve source (and binary)
compatibility with the old names. These macros are subject to removal at
a future date, but probably not before 2009. An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.
Documented some newer error codes in libcurl-error(3)
|
|
|
|
|
|
undef standard *printf before (re)defining them
|
|
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
|
|
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
|
|
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
|
|
|
|
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
|
|
|
|
and they have to be non-NULL long before this check.
CID 22 in the coverity.com scan
|
|
|
|
|
|
|
|
it and avoid it, even if this cripples the CCC command
|
|
since they're already included through "setup.h".
|
|
|