aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2003-10-07 Neil Dunbar provided a patch that now makes libcurl check SSLDaniel Stenberg
subjectAltNames when matching certs. This is apparently detailed in RFC2818 as the right thing to do. I had to add configure checks for inet_pton() and our own (strictly speaking, code from BIND written by Paul Vixie) provided code for the function for platforms that miss it.
2003-09-03warn if no CN is available if verify is only set to 1Daniel Stenberg
2003-08-19CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions soDaniel Stenberg
we need to check for its presence in the configure script
2003-08-19Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()Daniel Stenberg
when we cleanup the SSL stuff to not leak any memory. I wish this was documented anywhere.
2003-07-05re-use existing variable instead of declaring a new local oneDaniel Stenberg
2003-07-04Peter Sylvester's patch was applied that introduces the following:Daniel Stenberg
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If anything but CURLE_OK is returned, that will also be returned by libcurl all the way back. If this function changes the CURLOPT_URL, libcurl will detect this and instead go use the new URL. CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set with CURLOPT_SSL_CTX_FUNCTION.
2003-06-26use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditionsDaniel Stenberg
2003-06-02work-around SSL implementation flaws better, pointed out in bug reportDaniel Stenberg
#745122.
2003-05-01Andy Cedilnik fixed some compiler warningsDaniel Stenberg
2003-04-14return the same error for the sslv2 "certificate verify failed" codeDaniel Stenberg
2003-04-14Restored the SSL error codes since they was broken in the 7.10.4 release,Daniel Stenberg
also now attempt to detect and return the specific CACERT error code.
2003-03-31Fixup after talks with Richard Bramante. We should now make betterDaniel Stenberg
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-13Philippe Raoult needed this to build on FreeBSDDaniel Stenberg
2003-03-11Richard Gorton improved the random_the_seed() function for systems whereDaniel Stenberg
we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure.
2003-02-28the strequal and strnequal should now be called with the proper curl_ prefixDaniel Stenberg
2003-02-27spell betterDaniel Stenberg
2003-02-14include <sys/socket.h> to compile the fd_set stuff properly on all systemsDaniel Stenberg
2003-02-05Re-arranged the SSL connection code (again). The recent fix was not a veryDaniel Stenberg
good one. This should work fine again.
2003-02-04Improved error reporting in case of bad SSL_connect()s, and we also noDaniel Stenberg
longer use the SSL functions that store the error message in a static buffer since that is not very multi-thread friendly.
2003-01-29removed the local variables for emacs and vim, use the new sample.emacsDaniel Stenberg
way for emacs, and vim users should provide a similar non-polluting style
2003-01-16copyright year update in the source headerDaniel Stenberg
2003-01-07Philippe Raoult's fix to handle wildcard certificate name checksDaniel Stenberg
2002-12-13Evan Jordan's fix for a memory leak. Bug report 650989.Daniel Stenberg
2002-12-09The fread() callback pointer and associated pointer is now stored in theDaniel Stenberg
connectdata struct instead, and is no longer modified within the 'set' struct as previously (which was a really BAAAD thing).
2002-09-03updated source code boilerplate/headerDaniel Stenberg
2002-08-30if verifypeer is enabled but nether CAfile nor CApath is, then don't tryDaniel Stenberg
to load "verify_locations"
2002-08-30CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, weDaniel Stenberg
proceed fine with the already existing options, just having a different internal library default for capath.
2002-06-10This fix MIGHT make us build nicely with OpenSSL 0.9.7. This fix is basedDaniel Stenberg
on a patch from Jacob Meuser, input from Götz Babin-Ebell and my own browsing of the latest include files.
2002-05-21ASN1 files don't work for the *chain_file(), make them use the previousDaniel Stenberg
version
2002-05-20Roland Zimmermann's hint, we use SSL_CTX_use_certificate_chain_file() insteadDaniel Stenberg
of the previous one that used SSL_CTX_use_certificate_file()
2002-03-19copyright string (year) updateDaniel Stenberg
2002-01-30now re-seed by force (even if already seeded) if a random file or egd socketDaniel Stenberg
is given
2002-01-29- T. Bharath pointed out that we seed SSL on every connect, which is a time-Daniel Stenberg
consuming operation that should only be needed to do once. We patched libcurl to now only seed on the first connect when unseeded. The seeded status is global so it'll now only happen once during a program's life time.
2002-01-17Richard Archer made it compile and build with OpenSSL versions prior toDaniel Stenberg
0.9.5
2002-01-09Cris Bailiff found out that when the SSL session cache was filled, libcurlDaniel Stenberg
would crash. This corrects the problem.
2002-01-08added a missing failf() before returning an error codeDaniel Stenberg
2002-01-07Modified to use non-blocking sockets all the time.Daniel Stenberg
2001-12-17Götz Babin-Ebell's OpenSSL ENGINE patchDaniel Stenberg
2001-12-11failf() calls should not have newlines in the message string!Daniel Stenberg
2001-11-14Samuel Listopad's fix to allow global_init => global_cleanup => global_initDaniel Stenberg
for ssl
2001-11-05we can now tell ssl to use TLSv1 protocol, and we now use defines insteadDaniel Stenberg
of real integers for versions, the defines are added to curl.h
2001-10-11looks nicer and is better compatible with older vim versionsSterling Hughes
2001-09-19Lots of praise and glory to Vojtech Minarik for setting up a test serverDaniel Stenberg
and providing me with test-certificates that helped me nail the problem with curl not discovering with a bad certificate was used.
2001-09-12narrowed some source lines to fit in 80 colsDaniel Stenberg
2001-09-11added ability to set prefered list of ciphersDaniel Stenberg
2001-09-11ouputs the start and expire dates of the server certificate on verboseDaniel Stenberg
output
2001-09-07made it compile properly when not building with SSL supportDaniel Stenberg
2001-09-07Added formatting sections for emacs and vimSterling Hughes
2001-09-06moved the session ID cache state variables into the UrlState struct withinDaniel Stenberg
the SessionHandle. It was previously wrongly put in UserDefined
2001-09-06Curl_SSL_Close_All() now checks that we have a session cache before we runDaniel Stenberg
around killing entries in it!