Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-18 | curl_schannel.c: added explicit cast of structure pointers | Marc Hoersken | |
2014-04-18 | curl_schannel.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-02-24 | curl_schannel.c: Updated copyright years | Marc Hoersken | |
2014-02-24 | winssl: Enable hostname verification of IP address using SAN or CN | David Ryskalczyk | |
Original commit message was: Don't omit CN verification in SChannel when an IP address is used. Side-effect of this change: SChannel and CryptoAPI do not support the iPAddress subjectAltName according to RFC 2818. If present, SChannel will first compare the IP address to the dNSName subjectAltNames and then fallback to the most specific Common Name in the Subject field of the certificate. This means that after this change curl will not connect to SSL/TLS hosts as long as the IP address is not specified in the SAN or CN of the server certificate or the verifyhost option is disabled. | |||
2014-01-31 | winssl: improved default SSL/TLS protocol selection | Marc Hoersken | |
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 if it is not explicitly enabled within grbitEnabledProtocols. More information can be found on MSDN: http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx | |||
2013-12-26 | vtls: Updated comments referencing sslgen.c and ssluse.c | Steve Holme | |
2013-12-26 | vtls: Fixed up include of vtls.h | Steve Holme | |
2013-12-20 | vtls: moved all TLS/SSL source and header files into subdir | Daniel Stenberg | |