aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2008-10-15- Pascal Terjan filed bug #2154627Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl uses strcasecmp() in multiple places where it causes failures when the Turkish locale is used. This is because 'i' and 'I' isn't the same letter so strcasecmp() on those letters are different in Turkish than in English (or just about all other languages). I thus introduced a totally new internal function in libcurl (called Curl_ascii_equal) for doing case insentive comparisons for english-(ascii?) style strings that thus will make "file" and "FILE" match even if the Turkish locale is selected.
2008-10-14fix compiler warningYang Tse
2008-09-24Official OpenSSL released versions up to and including 0.9.8i as well asYang Tse
2008-09-24 stable snapshot have a buf_mem_st.length structure member with 'int' data type. OpenSSL un-released 0.9.9 CVS version has a buf_mem_st.length structure member with 'size_t' data type since 2007-Oct-09. These 4 typecasts should silence compiler warnings in all cases.
2008-09-23Avoid 'warning: comparison between signed and unsigned'.Gisle Vanem
2008-09-05- Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. ByDaniel Stenberg
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks!
2008-07-30- PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies aDaniel Stenberg
true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that would set it to something non-zero would return before the assign in almost all error cases. The internal variable is now set to non-zero from the start of the function only to get cleared later on if things work out fine.
2008-06-11- I did a cleanup of the internal generic SSL layer and how the various SSLDaniel Stenberg
libraries are supported. Starting now, each underlying SSL library support code does a set of defines for the 16 functions the generic layer (sslgen.c) uses (all these new function defines use the prefix "curlssl_"). This greatly simplified the generic layer in readability by involving much less #ifdefs and other preprocessor stuff and should make it easier for people to make libcurl work with new SSL libraries. Hopefully I can later on document these 16 functions somewhat as well. I also made most of the internal SSL-dependent functions (using Curl_ssl_ prefix) #defined to nothing when no SSL support is requested - previously they would unnecessarily call mostly empty functions.
2008-06-11fix compiler warning: conversion from `pointer to void' to `pointer to intYang Tse
function(pointer to char,int,int,pointer to void)' is compiler dependent
2008-06-10- I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILEDaniel Stenberg
functionality killed it due to its unconditional use of X509_STORE_set_flags...
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06- Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, forDaniel Stenberg
OpenSSL, NSS and GnuTLS-built libcurls.
2008-05-26fix: preprocessor complaining about macro redefinitionYang Tse
2008-05-09- Make Curl_write and it's callees accept a const pointer, in preparationMichal Marek
of tetetest's patch for curl_easy_send()
2008-04-14- Stefan Krause reported a case where the OpenSSL handshake phase wasn'tDaniel Stenberg
properly acknowledging the timeout values, like if you pulled the network plug in the midst of it.
2008-02-26Added support for server name indication (RFC 4366).Gunter Knauf
Patch submitted by Kaspar Brand.
2008-02-23- Sam Listopad provided a patch in feature-request #1900014Daniel Stenberg
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to use OpenSSL) support a full chain of certificates in a given PKCS12 certificate.
2008-02-20- Based on initial work done by Gautam Kachroo to address a bug, we now keepDaniel Stenberg
better control at the exact state of the connection's SSL status so that we know exactly when it has completed the SSL negotiation or not so that there won't be accidental re-uses of connections that are wrongly believed to be in SSL-completed-negotiate state.
2008-02-19applied patch to disable SSLv2 by default; discussion:Gunter Knauf
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976 Submitted by Kaspar Brand.
2008-02-07- Refactored a lot of timeout code into a few functions in an attempt to makeDaniel Stenberg
them all use the same (hopefully correct) logic to make it less error-prone and easier to introduce library-wide where it should be used.
2008-01-15Calls to Curl_failf() are not supposed to provide a trailing newline as theDaniel Stenberg
function itself adds that. Fixed on 50 or something strings!
2007-12-08All static functions that were previously name Curl_* something no longerDaniel Stenberg
use that prefix as we use that prefix only for library-wide internal global symbols.
2007-12-04Fix compiler warning: variable may be used uninitializedYang Tse
2007-12-03Now libcurl (built with OpenSSL) doesn't return error anymore if the remoteDaniel Stenberg
SSL-based server doesn't present a certificate when the request is told to ignore certificate verification anyway.
2007-11-05removed space after if and while before the parenthesis for better source codeDaniel Stenberg
consistency
2007-10-03I renamed the CURLE_SSL_PEER_CERTIFICATE error code toDaniel Stenberg
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this return code get used by the previous SSH MD5 fingerprint check in case it fails.
2007-09-25#ifdef out a few more functions when SSL is disabled.Dan Fandrich
2007-08-30Renamed several libcurl error codes and options to make them more generalDan Fandrich
and allow reuse by multiple protocols. Several unused error codes were removed. In all cases, macros were added to preserve source (and binary) compatibility with the old names. These macros are subject to removal at a future date, but probably not before 2009. An application can be tested to see if it is using any obsolete code by compiling it with the CURL_NO_OLDIES macro defined. Documented some newer error codes in libcurl-error(3)
2007-08-27Fixed some minor type mismatches and missing consts mainly found by splint.Dan Fandrich
2007-08-24Remove leading space in curl_version_info ss_version field.Patrick Monnerat
2007-08-07Some #if --> #ifdefPatrick Monnerat
undef standard *printf before (re)defining them
2007-08-01Patrick Monnerat and I modified libcurl so that now it *copies* all stringsDaniel Stenberg
passed to it with curl_easy_setopt()! Previously it has always just refered to the data, forcing the user to keep the data around until libcurl is done with it. That is now history and libcurl will instead clone the given strings and keep private copies.
2007-07-29Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad useDaniel Stenberg
of a socket after it has been closed, when the FTP-SSL data connection is taken down.
2007-07-11Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:Daniel Stenberg
fail to connect if there is no Common Name field found in the remote cert. We should deprecate the support for this set to 1 anyway soon, since the feature is pointless and most likely never really used by anyone.
2007-05-22Andre Guibert de Bruet fixed a memory leak when PKCS #12 parsing failedDaniel Stenberg
2007-05-22Andre Guibert de Bruet fixed a memory leak in the function that verifies theDaniel Stenberg
peer's name in the SSL certificate when built for OpenSSL. The leak happens for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN name from UTF8.
2007-04-07fix out of memory handling issueYang Tse
2007-03-31Pointless to check for non-NULL pointers that already have been dereferencedDaniel Stenberg
and they have to be non-NULL long before this check. CID 22 in the coverity.com scan
2007-03-27Update messageYang Tse
2007-03-26Internal function Curl_select() renamed to Curl_socket_ready()Yang Tse
2007-03-25fix compiler warningYang Tse
2007-03-14yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check forDaniel Stenberg
it and avoid it, even if this cripples the CCC command
2007-02-26Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-filesGisle Vanem
since they're already included through "setup.h".
2007-02-21curlassert macro replaced with DEBUGASSERT macro defined in setup_once.hYang Tse
2007-02-20New FTP CCC functionality - adds passive and active mode to accomodate for ↵Linus Nielsen Feltzing
different server behaviour
2007-02-16use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handlingYang Tse
2007-02-05- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MSDaniel Stenberg
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the timeouts with millisecond resolution instead. The only restriction to that is the alarm() (sometimes) used to abort name resolves as that uses full seconds. I fixed the FTP response timeout part of the patch. Internally we now count and keep the timeouts in milliseconds but it also means we multiply set timeouts with 1000. The effect of this is that no timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which equals 24.86 days. We probably couldn't before either since the code did *1000 on the timeout values on several places already.
2007-01-10Display crypto engine name correctly in debug message.Dan Fandrich
2007-01-08Removed unused variable in Curl_ossl_shutdown()Linus Nielsen Feltzing
2007-01-05- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option toDaniel Stenberg
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it will make libcurl shutdown SSL/TLS after the authentication is done on a FTP-SSL operation.
2006-11-11cleaned up Curl_write() and the sub functions it uses for various protocols.Daniel Stenberg
They all now return ssize_t to Curl_write(). Unfortunately, Curl_read() is in a sorrier state but it too would benefit from a similar cleanup.