aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/curl_schannel.c
AgeCommit message (Collapse)Author
2014-12-14curl_schannel: Improvements to memory re-allocation strategyMarc Hoersken
- do not grow memory by doubling its size - do not leak previously allocated memory if reallocation fails - replace while-loop with a single check to make sure that the requested amount of data fits into the buffer Bug: http://curl.haxx.se/bug/view.cgi?id=1450 Reported-by: Warren Menzer
2014-12-14curl_schannel.c: Data may be available before connection shutdownMarc Hoersken
2014-12-09schannel_recv: return the correct codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1462 Reported-by: Tae Hyoung Ahn
2014-10-24SSL: Remove SSLv3 from SSL default due to POODLE attackJay Satiro
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc
2014-10-04curl_schannel.c: Fixed possible memory or handle leakMarc Hoersken
First try to fix possible memory leaks, in this case: Only connssl->ctxt xor onnssl->cred being initialized.
2014-07-31schannel: use CryptGenRandom for random numbersMarcel Raad
This function is available for every Windows version since Windows 95/NT. reference: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx
2014-05-05schannel: don't use the connect-timeout during sendDaniel Stenberg
As there's a default connection timeout and this wrongly used the connection timeout during a transfer after the connection is completed, this function would trigger timeouts during transfers erroneously. Bug: http://curl.haxx.se/bug/view.cgi?id=1352 Figured-out-by: Radu Simionescu
2014-04-18curl_schannel.c: added explicit cast of structure pointersMarc Hoersken
2014-04-18curl_schannel.c: fix possible dereference of null pointerMarc Hoersken
2014-02-24curl_schannel.c: Updated copyright yearsMarc Hoersken
2014-02-24winssl: Enable hostname verification of IP address using SAN or CNDavid Ryskalczyk
Original commit message was: Don't omit CN verification in SChannel when an IP address is used. Side-effect of this change: SChannel and CryptoAPI do not support the iPAddress subjectAltName according to RFC 2818. If present, SChannel will first compare the IP address to the dNSName subjectAltNames and then fallback to the most specific Common Name in the Subject field of the certificate. This means that after this change curl will not connect to SSL/TLS hosts as long as the IP address is not specified in the SAN or CN of the server certificate or the verifyhost option is disabled.
2014-01-31winssl: improved default SSL/TLS protocol selectionMarc Hoersken
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 if it is not explicitly enabled within grbitEnabledProtocols. More information can be found on MSDN: http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
2013-12-26vtls: Updated comments referencing sslgen.c and ssluse.cSteve Holme
2013-12-26vtls: Fixed up include of vtls.hSteve Holme
2013-12-20vtls: moved all TLS/SSL source and header files into subdirDaniel Stenberg