Age | Commit message (Collapse) | Author |
|
Instead of using a fixed 256 byte buffer in the connectdata struct.
In my build, this reduces the size of the connectdata struct by 11.8%,
from 2160 to 1904 bytes with no functionality or performance loss.
This also fixes a bug in schannel's Curl_verify_certificate where it
called Curl_sspi_strerror when it should have called Curl_strerror for
string from GetLastError. the only effect would have been no text or the
wrong text being shown for the error.
Co-authored-by: Jay Satiro
Closes #3612
|
|
Attempt to add support for Secure Channel binding when negotiate
authentication is used. The problem to solve is that by default IIS
accepts channel binding and curl doesn't utilise them. The result was a
401 response. Scope affects only the Schannel(winssl)-SSPI combination.
Fixes https://github.com/curl/curl/issues/3503
Closes https://github.com/curl/curl/pull/3509
|
|
We use "conn" everywhere to be a pointer to the connection.
Introduces two functions that "attaches" and "detaches" the connection
to and from the transfer.
Going forward, we should favour using "data->conn" (since a transfer
always only has a single connection or none at all) to "conn->data"
(since a connection can have none, one or many transfers associated with
it and updating conn->data to be correct is error prone and a frequent
reason for internal issues).
Closes #3442
|
|
Ensure that the parameters in the comment match the actual names in the
prototype.
Closes #3079
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Address various spellings of "credentials".
Closes https://github.com/curl/curl/pull/2496
|
|
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.
Closes https://github.com/curl/curl/pull/2497
|
|
Reported-by: Carsten (talksinmath)
Fixes #1384
Closes #1395
|
|
|
|
Completing commit 00417fd66c and 2708d4259b.
|
|
|
|
As Windows SSPI authentication calls fail when a particular mechanism
isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
and Negotiate to allow both HTTP and SASL authentication the opportunity
to query support for a supported mechanism before selecting it.
For now each function returns TRUE to maintain compatability with the
existing code when called.
|
|
Typo introduced in commit ad5e9bfd5d.
|
|
|
|
Closes #754
|
|
Reported-by: Michael Osipov
|
|
|
|
* Prefer dereference of string pointer rather than strlen()
* Free challenge pointer in one place
* Additional comments
|
|
To be consistent with the Kerberos 5 context and other authentication
code.
|
|
Corrected typos from commit ad5e9bfd5d and 6d6f9ca1d9.
|
|
Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
|
|
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
|