Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-12-09 | http2: avoid logging neg "failure" if h2 was not requested | Daniel Stenberg | |
2014-10-29 | nss: drop the code for libcurl-level downgrade to SSLv3 | Kamil Dudka | |
This code was already deactivated by commit ec783dc142129d3860e542b443caaa78a6172d56. | |||
2014-10-24 | SSL: Remove SSLv3 from SSL default due to POODLE attack | Jay Satiro | |
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc | |||
2014-10-20 | nss: reset SSL handshake state machine | Kamil Dudka | |
... when the handshake succeeds This fixes a connection failure when FTPS handle is reused. | |||
2014-10-08 | nss: do not fail if a CRL is already cached | Kamil Dudka | |
This fixes a copy-paste mistake from commit 2968f957. | |||
2014-07-30 | vtls: make the random function mandatory in the TLS backend | Daniel Stenberg | |
To force each backend implementation to really attempt to provide proper random. If a proper random function is missing, then we can explicitly make use of the default one we use when TLS support is missing. This commit makes sure it works for darwinssl, gnutls, nss and openssl. | |||
2014-07-28 | nss: do not check the version of NSS at run time | Kamil Dudka | |
The minimal required version of NSS is 3.14.x so it does not make sense to check for NSS 3.12.0+ at run time. | |||
2014-07-04 | nss: make the list of CRL items global | Kamil Dudka | |
Otherwise NSS could use an already freed item for another connection. | |||
2014-07-04 | nss: fix a memory leak when CURLOPT_CRLFILE is used | Kamil Dudka | |
2014-07-04 | nss: make crl_der allocated on heap | Kamil Dudka | |
... and spell it as crl_der instead of crlDER | |||
2014-07-04 | nss: let nss_{cache,load}_crl return CURLcode | Kamil Dudka | |
2014-07-02 | nss: make the fallback to SSLv3 work again | Kamil Dudka | |
This feature was unintentionally disabled by commit ff92fcfb. | |||
2014-07-02 | nss: do not abort on connection failure | Kamil Dudka | |
... due to calling SSL_VersionRangeGet() with NULL file descriptor reported-by: upstream tests 305 and 404 | |||
2014-04-25 | nss: propagate blocking direction from NSPR I/O | Kamil Dudka | |
... during the non-blocking SSL handshake | |||
2014-04-22 | nss: implement non-blocking SSL handshake | Kamil Dudka | |
2014-04-22 | nss: split Curl_nss_connect() into 4 functions | Kamil Dudka | |
2014-03-31 | http2: remove _DRAFT09 from the NPN_HTTP2 enum | Daniel Stenberg | |
We're progressing throught drafts so there's no point in having a fixed one in a symbol that'll survive. | |||
2014-03-15 | nss: allow to enable/disable new AES GCM cipher-suites | Kamil Dudka | |
... if built against a new enough version of NSS | |||
2014-03-15 | nss: allow to enable/disable new HMAC-SHA256 cipher-suites | Kamil Dudka | |
... if built against a new enough version of NSS | |||
2014-03-15 | nss: do not enable AES cipher-suites by default | Kamil Dudka | |
... but allow them to be enabled/disabled explicitly. The default policy should be maintained at the NSS level. | |||
2014-03-03 | NSS: avoid compiler warnings when built without http2 support | Daniel Stenberg | |
2014-02-10 | NPN/ALPN: allow disabling via command line | Fabian Frank | |
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL | |||
2014-02-10 | nss: use correct preprocessor macro | Fabian Frank | |
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection, but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a preprocessor macro. | |||
2014-02-07 | nss: support pre-ALPN versions | Daniel Stenberg | |
2014-02-07 | nss: ALPN and NPN support | Fabian Frank | |
Add ALPN and NPN support for NSS. This allows cURL to negotiate HTTP/2.0 connections when built with NSS. | |||
2014-02-06 | nss: Updated copyright year for recent edits | Steve Holme | |
2014-02-06 | nss: prefer highest available TLS version | Fabian Frank | |
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3 if --tlsv1[.N] was not specified on the command line. | |||
2014-01-29 | nss: do not use the NSS_ENABLE_ECC define | Kamil Dudka | |
It is not provided by NSS public headers. Bug: https://bugzilla.redhat.com/1058776 | |||
2014-01-29 | nss: do not fail if NSS does not implement a cipher | Kamil Dudka | |
... that the user does not ask for | |||
2013-12-26 | vtls: Updated comments referencing sslgen.c and ssluse.c | Steve Holme | |
2013-12-26 | vtls: Fixed up include of vtls.h | Steve Holme | |
2013-12-20 | vtls: moved all TLS/SSL source and header files into subdir | Daniel Stenberg | |