aboutsummaryrefslogtreecommitdiff
path: root/lib/ssluse.c
AgeCommit message (Collapse)Author
2004-01-29Dan Fandrich's cleanup patch to make pedantic compiler options cause lessDaniel Stenberg
warnings. Minor edits by me.
2004-01-16Gisle Vanem's patch for variables that "might be used uninitialized"Daniel Stenberg
2004-01-07updated year in the copyright stringDaniel Stenberg
2003-11-24prevent warning for non-SSL buildsDaniel Stenberg
2003-11-24FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe itDaniel Stenberg
2003-11-15Mathias Axelsson found a case where we free()d the server certificate twice!Daniel Stenberg
2003-10-23Georg Horn's fixes to do different CA cert verifications. They can now beDaniel Stenberg
done even if the result is ignored, as some sites seem to require that.
2003-10-16rewritten alternative name checkDaniel Stenberg
2003-10-15bad license situation for the altname patchDaniel Stenberg
2003-10-08fixed to build fine without sslDaniel Stenberg
2003-10-07 Neil Dunbar provided a patch that now makes libcurl check SSLDaniel Stenberg
subjectAltNames when matching certs. This is apparently detailed in RFC2818 as the right thing to do. I had to add configure checks for inet_pton() and our own (strictly speaking, code from BIND written by Paul Vixie) provided code for the function for platforms that miss it.
2003-09-03warn if no CN is available if verify is only set to 1Daniel Stenberg
2003-08-19CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions soDaniel Stenberg
we need to check for its presence in the configure script
2003-08-19Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()Daniel Stenberg
when we cleanup the SSL stuff to not leak any memory. I wish this was documented anywhere.
2003-07-05re-use existing variable instead of declaring a new local oneDaniel Stenberg
2003-07-04Peter Sylvester's patch was applied that introduces the following:Daniel Stenberg
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If anything but CURLE_OK is returned, that will also be returned by libcurl all the way back. If this function changes the CURLOPT_URL, libcurl will detect this and instead go use the new URL. CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set with CURLOPT_SSL_CTX_FUNCTION.
2003-06-26use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditionsDaniel Stenberg
2003-06-02work-around SSL implementation flaws better, pointed out in bug reportDaniel Stenberg
#745122.
2003-05-01Andy Cedilnik fixed some compiler warningsDaniel Stenberg
2003-04-14return the same error for the sslv2 "certificate verify failed" codeDaniel Stenberg
2003-04-14Restored the SSL error codes since they was broken in the 7.10.4 release,Daniel Stenberg
also now attempt to detect and return the specific CACERT error code.
2003-03-31Fixup after talks with Richard Bramante. We should now make betterDaniel Stenberg
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-13Philippe Raoult needed this to build on FreeBSDDaniel Stenberg
2003-03-11Richard Gorton improved the random_the_seed() function for systems whereDaniel Stenberg
we don't find/know of a good random source. This way, we get a better randomness which in turn should make SSL connections more secure.
2003-02-28the strequal and strnequal should now be called with the proper curl_ prefixDaniel Stenberg
2003-02-27spell betterDaniel Stenberg
2003-02-14include <sys/socket.h> to compile the fd_set stuff properly on all systemsDaniel Stenberg
2003-02-05Re-arranged the SSL connection code (again). The recent fix was not a veryDaniel Stenberg
good one. This should work fine again.
2003-02-04Improved error reporting in case of bad SSL_connect()s, and we also noDaniel Stenberg
longer use the SSL functions that store the error message in a static buffer since that is not very multi-thread friendly.
2003-01-29removed the local variables for emacs and vim, use the new sample.emacsDaniel Stenberg
way for emacs, and vim users should provide a similar non-polluting style
2003-01-16copyright year update in the source headerDaniel Stenberg
2003-01-07Philippe Raoult's fix to handle wildcard certificate name checksDaniel Stenberg
2002-12-13Evan Jordan's fix for a memory leak. Bug report 650989.Daniel Stenberg
2002-12-09The fread() callback pointer and associated pointer is now stored in theDaniel Stenberg
connectdata struct instead, and is no longer modified within the 'set' struct as previously (which was a really BAAAD thing).
2002-09-03updated source code boilerplate/headerDaniel Stenberg
2002-08-30if verifypeer is enabled but nether CAfile nor CApath is, then don't tryDaniel Stenberg
to load "verify_locations"
2002-08-30CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, weDaniel Stenberg
proceed fine with the already existing options, just having a different internal library default for capath.
2002-06-10This fix MIGHT make us build nicely with OpenSSL 0.9.7. This fix is basedDaniel Stenberg
on a patch from Jacob Meuser, input from Götz Babin-Ebell and my own browsing of the latest include files.
2002-05-21ASN1 files don't work for the *chain_file(), make them use the previousDaniel Stenberg
version
2002-05-20Roland Zimmermann's hint, we use SSL_CTX_use_certificate_chain_file() insteadDaniel Stenberg
of the previous one that used SSL_CTX_use_certificate_file()
2002-03-19copyright string (year) updateDaniel Stenberg
2002-01-30now re-seed by force (even if already seeded) if a random file or egd socketDaniel Stenberg
is given
2002-01-29- T. Bharath pointed out that we seed SSL on every connect, which is a time-Daniel Stenberg
consuming operation that should only be needed to do once. We patched libcurl to now only seed on the first connect when unseeded. The seeded status is global so it'll now only happen once during a program's life time.
2002-01-17Richard Archer made it compile and build with OpenSSL versions prior toDaniel Stenberg
0.9.5
2002-01-09Cris Bailiff found out that when the SSL session cache was filled, libcurlDaniel Stenberg
would crash. This corrects the problem.
2002-01-08added a missing failf() before returning an error codeDaniel Stenberg
2002-01-07Modified to use non-blocking sockets all the time.Daniel Stenberg
2001-12-17Götz Babin-Ebell's OpenSSL ENGINE patchDaniel Stenberg
2001-12-11failf() calls should not have newlines in the message string!Daniel Stenberg
2001-11-14Samuel Listopad's fix to allow global_init => global_cleanup => global_initDaniel Stenberg
for ssl