aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2008-02-23- Sam Listopad provided a patch in feature-request #1900014Daniel Stenberg
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to use OpenSSL) support a full chain of certificates in a given PKCS12 certificate.
2008-02-20- Based on initial work done by Gautam Kachroo to address a bug, we now keepDaniel Stenberg
better control at the exact state of the connection's SSL status so that we know exactly when it has completed the SSL negotiation or not so that there won't be accidental re-uses of connections that are wrongly believed to be in SSL-completed-negotiate state.
2008-02-19applied patch to disable SSLv2 by default; discussion:Gunter Knauf
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976 Submitted by Kaspar Brand.
2008-02-07- Refactored a lot of timeout code into a few functions in an attempt to makeDaniel Stenberg
them all use the same (hopefully correct) logic to make it less error-prone and easier to introduce library-wide where it should be used.
2008-01-15Calls to Curl_failf() are not supposed to provide a trailing newline as theDaniel Stenberg
function itself adds that. Fixed on 50 or something strings!
2007-12-08All static functions that were previously name Curl_* something no longerDaniel Stenberg
use that prefix as we use that prefix only for library-wide internal global symbols.
2007-12-04Fix compiler warning: variable may be used uninitializedYang Tse
2007-12-03Now libcurl (built with OpenSSL) doesn't return error anymore if the remoteDaniel Stenberg
SSL-based server doesn't present a certificate when the request is told to ignore certificate verification anyway.
2007-11-05removed space after if and while before the parenthesis for better source codeDaniel Stenberg
consistency
2007-10-03I renamed the CURLE_SSL_PEER_CERTIFICATE error code toDaniel Stenberg
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this return code get used by the previous SSH MD5 fingerprint check in case it fails.
2007-09-25#ifdef out a few more functions when SSL is disabled.Dan Fandrich
2007-08-30Renamed several libcurl error codes and options to make them more generalDan Fandrich
and allow reuse by multiple protocols. Several unused error codes were removed. In all cases, macros were added to preserve source (and binary) compatibility with the old names. These macros are subject to removal at a future date, but probably not before 2009. An application can be tested to see if it is using any obsolete code by compiling it with the CURL_NO_OLDIES macro defined. Documented some newer error codes in libcurl-error(3)
2007-08-27Fixed some minor type mismatches and missing consts mainly found by splint.Dan Fandrich
2007-08-24Remove leading space in curl_version_info ss_version field.Patrick Monnerat
2007-08-07Some #if --> #ifdefPatrick Monnerat
undef standard *printf before (re)defining them
2007-08-01Patrick Monnerat and I modified libcurl so that now it *copies* all stringsDaniel Stenberg
passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.
2007-07-29Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad useDaniel Stenberg
of a socket after it has been closed, when the FTP-SSL data connection is taken down.
2007-07-11Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:Daniel Stenberg
fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.
2007-05-22Andre Guibert de Bruet fixed a memory leak when PKCS #12 parsing failedDaniel Stenberg
2007-05-22Andre Guibert de Bruet fixed a memory leak in the function that verifies theDaniel Stenberg
peer's name in the SSL certificate when built for OpenSSL. The leak happens for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN name from UTF8.
2007-04-07fix out of memory handling issueYang Tse
2007-03-31Pointless to check for non-NULL pointers that already have been dereferencedDaniel Stenberg
and they have to be non-NULL long before this check. CID 22 in the coverity.com scan
2007-03-27Update messageYang Tse
2007-03-26Internal function Curl_select() renamed to Curl_socket_ready()Yang Tse
2007-03-25fix compiler warningYang Tse
2007-03-14yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check forDaniel Stenberg
it and avoid it, even if this cripples the CCC command
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-21curlassert macro replaced with DEBUGASSERT macro defined in setup_once.hYang Tse
2007-02-20New FTP CCC functionality - adds passive and active mode to accomodate for ↵Linus Nielsen Feltzing
different server behaviour
2007-02-16use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handlingYang Tse
2007-02-05- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MSDaniel Stenberg
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the timeouts with millisecond resolution instead. The only restriction to that is the alarm() (sometimes) used to abort name resolves as that uses full seconds. I fixed the FTP response timeout part of the patch. Internally we now count and keep the timeouts in milliseconds but it also means we multiply set timeouts with 1000. The effect of this is that no timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which equals 24.86 days. We probably couldn't before either since the code did *1000 on the timeout values on several places already.
2007-01-10Display crypto engine name correctly in debug message.Dan Fandrich
2007-01-08Removed unused variable in Curl_ossl_shutdown()Linus Nielsen Feltzing
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.
2006-11-08Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION withoutDaniel Stenberg
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the SSL handshake. This is now stopped.
2006-10-21Armel Asselin separated CA cert verification problems from problems withDaniel Stenberg
reading the (local) CA cert file to let users easier pinpoint the actual problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-17Explicit typecast for Curl_debug() size argumentYang Tse
2006-09-10Compiler warning fixYang Tse
2006-07-19Fix compiler warningsYang Tse
2006-07-19Avoid variable declaration shadowing previously declared oneYang Tse
2006-07-17Update error buffer size used for SSL_strerror()Yang Tse
2006-06-29with a very recent yassl, we now can display 'yassl' when the OpenSSL API isDaniel Stenberg
in fact provided by yassl instead
2006-06-09proper use of newlinesDaniel Stenberg
2006-06-07NTLM2 session response supportDaniel Stenberg
2006-05-10David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extendedDaniel Stenberg
checks on the to-be-returned socket to make sure it truly seems to be alive and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-09Robson Braga Araujo fixed two problems in the recently added non-blocking SSLDaniel Stenberg
connects. The state machine was not reset properly so that subsequent connects using the same handle would fail, and there were two memory leaks.
2006-05-05additional renames of Curl_ourerrno => Curl_sockerrnoDaniel Stenberg
2006-05-04Roland Blom filed bug report #1481217Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele Bini and David Byron. libcurl previously wrongly used GetLastError() on windows to get error details after socket-related function calls, when it really should use WSAGetLastError() instead. When changing to this, the former function Curl_ourerrno() is now instead called Curl_sockerrno() as it is necessary to only use it to get errno from socket-related functions as otherwise it won't work as intended on Windows.
2006-04-18corrected the SSL timeout, as Ates Goral's patch did it and that works (opposedDaniel Stenberg
to my previous brain-damaged version)