aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2007-08-24Remove leading space in curl_version_info ss_version field.Patrick Monnerat
2007-08-07Some #if --> #ifdefPatrick Monnerat
undef standard *printf before (re)defining them
2007-08-01Patrick Monnerat and I modified libcurl so that now it *copies* all stringsDaniel Stenberg
passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.
2007-07-29Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad useDaniel Stenberg
of a socket after it has been closed, when the FTP-SSL data connection is taken down.
2007-07-11Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:Daniel Stenberg
fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.
2007-05-22Andre Guibert de Bruet fixed a memory leak when PKCS #12 parsing failedDaniel Stenberg
2007-05-22Andre Guibert de Bruet fixed a memory leak in the function that verifies theDaniel Stenberg
peer's name in the SSL certificate when built for OpenSSL. The leak happens for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN name from UTF8.
2007-04-07fix out of memory handling issueYang Tse
2007-03-31Pointless to check for non-NULL pointers that already have been dereferencedDaniel Stenberg
and they have to be non-NULL long before this check. CID 22 in the coverity.com scan
2007-03-27Update messageYang Tse
2007-03-26Internal function Curl_select() renamed to Curl_socket_ready()Yang Tse
2007-03-25fix compiler warningYang Tse
2007-03-14yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check forDaniel Stenberg
it and avoid it, even if this cripples the CCC command
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-21curlassert macro replaced with DEBUGASSERT macro defined in setup_once.hYang Tse
2007-02-20New FTP CCC functionality - adds passive and active mode to accomodate for ↵Linus Nielsen Feltzing
different server behaviour
2007-02-16use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handlingYang Tse
2007-02-05- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MSDaniel Stenberg
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the timeouts with millisecond resolution instead. The only restriction to that is the alarm() (sometimes) used to abort name resolves as that uses full seconds. I fixed the FTP response timeout part of the patch. Internally we now count and keep the timeouts in milliseconds but it also means we multiply set timeouts with 1000. The effect of this is that no timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which equals 24.86 days. We probably couldn't before either since the code did *1000 on the timeout values on several places already.
2007-01-10Display crypto engine name correctly in debug message.Dan Fandrich
2007-01-08Removed unused variable in Curl_ossl_shutdown()Linus Nielsen Feltzing
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.
2006-11-08Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION withoutDaniel Stenberg
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the SSL handshake. This is now stopped.
2006-10-21Armel Asselin separated CA cert verification problems from problems withDaniel Stenberg
reading the (local) CA cert file to let users easier pinpoint the actual problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-17Explicit typecast for Curl_debug() size argumentYang Tse
2006-09-10Compiler warning fixYang Tse
2006-07-19Fix compiler warningsYang Tse
2006-07-19Avoid variable declaration shadowing previously declared oneYang Tse
2006-07-17Update error buffer size used for SSL_strerror()Yang Tse
2006-06-29with a very recent yassl, we now can display 'yassl' when the OpenSSL API isDaniel Stenberg
in fact provided by yassl instead
2006-06-09proper use of newlinesDaniel Stenberg
2006-06-07NTLM2 session response supportDaniel Stenberg
2006-05-10David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extendedDaniel Stenberg
checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-09Robson Braga Araujo fixed two problems in the recently added non-blocking SSLDaniel Stenberg
connects. The state machine was not reset properly so that subsequent connects using the same handle would fail, and there were two memory leaks.
2006-05-05additional renames of Curl_ourerrno => Curl_sockerrnoDaniel Stenberg
2006-05-04Roland Blom filed bug report #1481217Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele Bini and David Byron. libcurl previously wrongly used GetLastError() on windows to get error details after socket-related function calls, when it really should use WSAGetLastError() instead. When changing to this, the former function Curl_ourerrno() is now instead called Curl_sockerrno() as it is necessary to only use it to get errno from socket-related functions as otherwise it won't work as intended on Windows.
2006-04-18corrected the SSL timeout, as Ates Goral's patch did it and that works (opposedDaniel Stenberg
to my previous brain-damaged version)
2006-04-10Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT andDaniel Stenberg
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL connection time-out!
2006-04-07First commit of David McCreedy's EBCDIC and TPF changes.Daniel Stenberg
2006-03-21Xavier Bouchoux made the SSL connection non-blocking for the multi interfaceDaniel Stenberg
(when using OpenSSL).
2006-03-13David McCreedy found a use of the wrong variable when display the errorDaniel Stenberg
text from OpenSSL.
2006-03-06Lots of users on Windows have reported getting the "SSL: couldn't setDaniel Stenberg
callback" error message so I've now made the setting of that callback not be as critical as before. The function is only used for additional loggging/ trace anyway so a failure just means slightly less data. It should still be able to proceed and connect fine to the server.
2005-12-19Fixed lcc compiler warnings.Dan Fandrich
2005-12-13Fixed some compiler warnings on lcc.Dan Fandrich
2005-12-05Yang Tse fixed: Openssl 0.9.9 makes 'const' the SSL_METHOD parameter inDaniel Stenberg
SSL_CTX_new and others, and also makes functions SSLv23_client_method, TLSv1_client_method, etc return a 'const' SSL_METHOD pointer. Previous versions do not use the 'const' qualifier.
2005-12-04Recent OpenSSL returns a 'const' in '*_client_method()'. So avoidGisle Vanem
'assignment discards qualifiers from pointer target type' warning.
2005-11-13Yang Tse fixed compiler warningsDaniel Stenberg
2005-08-10the debug callback was called with CURLINFO_TEXT with the data size oneDaniel Stenberg
too big
2005-04-13fix compiler warningDaniel Stenberg
2005-04-07GnuTLS support added. There's now a "generic" SSL layer that we use all overDaniel Stenberg
internally, with code provided by sslgen.c. All SSL-layer-specific code is then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS). As far as possible, internals should not need to know what SSL layer that is in use. Building with GnuTLS currently makes two test cases fail. TODO.gnutls contains a few known outstanding issues for the GnuTLS support. GnuTLS support is enabled with configure --with-gnutls