| Age | Commit message (Collapse) | Author |
|---|
|
Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():
Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
|
|
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.
Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
|
|
|
|
Commit b13923f changed an snprintf() to use aprintf(), but the API usage
wasn't correct, and was causing a crash to occur. This fixes it.
|
|
... to avoid using a fixed memory size that risks being too large or too
small.
|
|
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
|
|
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
|
|
SecCertificateCopyPublicKey() is not available on iPhone. Use
CopyCertSubject() instead to see if the certificate returned by
SecCertificateCreateWithData() is valid.
Reported-by: Toby Peterson
|
|
SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
if the buffer holds an invalid or corrupt certificate. Call
SecCertificateCopyPublicKey() to make sure cacert is a valid
certificate.
|
|
If the --cacert option is used with a CA certificate bundle that
contains multiple CA certificates, iterate through it, adding each
certificate as a trusted root CA.
|
|
The GetDarwinVersionNumber() function uses strtok, which is not
thread-safe.
|
|
To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.
This commit makes sure it works for darwinssl, gnutls, nss and openssl.
|
|
|
|
Security Framework on OS X makes it possible to supply extra anchor (CA)
certificates via the Certificate, Key, and Trust Services API. This
commit makes the '--cacert' option work using this API.
More information:
https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html
The HTTPS tests now pass on OS X except 314, which requires the '--crl'
option to work.
|
|
|
|
from a P12 file
This could've happened if SecPKCS12Import() returned noErr _and_ no
identity.
|
|
|
|
It turns out errSecDecode wasn't defined in Leopard's headers. So
we use the enum's value instead.
Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html
Reported by: Abram Pousada
|
|
|
|
|
|
|
