aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls/mbedtls.c
AgeCommit message (Collapse)Author
2016-03-05mbedtls: fix user-specified SSL protocol versionJay Satiro
Prior to this change when a single protocol CURL_SSLVERSION_ was specified by the user that version was set only as the minimum version but not as the maximum version as well.
2016-02-10mbedtls.c: re-indent to better match curl standardsDaniel Stenberg
2016-02-09mbedtls: fix memory leak when destroying SSL connection dataRafael Antonio
Closes #626
2016-02-09mbedtls: fix ALPN usage segfaultDaniel Stenberg
Since we didn't keep the input argument around after having called mbedtls, it could end up accessing the wrong memory when figuring out the ALPN protocols. Closes #642
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-01-18mbedtls: Fix pinned key return value on failJay Satiro
- Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: https://github.com/bagder/curl/pull/601
2016-01-10mbedtls: implement CURLOPT_PINNEDPUBLICKEYThomas Glanzmann
2016-01-07mbedtls: Fix ALPN supportJay Satiro
- Fix ALPN reply detection. - Wrap nghttp2 code in ifdef USE_NGHTTP2. Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-10-29mbedtls: fix "Structurally dead code"Daniel Stenberg
CID 1332129
2015-10-29mbedtls: fix "Logically dead code"Daniel Stenberg
CID 1332128
2015-10-23polarssl/mbedtls: fix name space pollutionDaniel Stenberg
Global private symbols MUST start with Curl_!
2015-10-23mbedTLS: THREADING_SUPPORT compilation fixDmitry S. Baikov
Closes #505
2015-10-22mbedtls:new profile with RSA min key len = 1024.m-gardet
Closes #502
2015-10-20vtls: added support for mbedTLSJonas Minnberg
closes #496