Age | Commit message (Collapse) | Author |
|
... as it requires TLS and it was was left to warn on the default from
when default was SSL...
|
|
Commit b13923f changed an snprintf() to use aprintf(), but the API usage
wasn't correct, and was causing a crash to occur. This fixes it.
|
|
... to avoid using a fixed memory size that risks being too large or too
small.
|
|
- do not grow memory by doubling its size
- do not leak previously allocated memory if reallocation fails
- replace while-loop with a single check to make sure
that the requested amount of data fits into the buffer
Bug: http://curl.haxx.se/bug/view.cgi?id=1450
Reported-by: Warren Menzer
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1462
Reported-by: Tae Hyoung Ahn
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1457
Patch-by: Tomasz Kojm
|
|
|
|
vtls.c:185:46: warning: unused parameter 'data'
|
|
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
|
|
More CURLcode fixes.
|
|
More standardisation of CURLcode usage and coding style.
|
|
...and some minor code style changes.
|
|
|
|
... and allow building with nghttp2 but completely without NPN and ALPN,
as nghttp2 can still be used for plain-text HTTP.
Reported-by: Lucas Pardue
|
|
conversion from 'size_t' to 'unsigned int', possible loss of data
|
|
This code was already deactivated by commit
ec783dc142129d3860e542b443caaa78a6172d56.
|
|
|
|
|
|
This check works also with to non-configure platforms.
|
|
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
|
|
|
|
|
|
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
|
|
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.
Also, unify code for checking for CURLcode errors with:
if(result) or if(!result)
instead of
if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
|
|
This is not actually used uninitialized but we silence warnings.
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
|
|
... when the handshake succeeds
This fixes a connection failure when FTPS handle is reused.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
It turned out some features were not enabled in the build since for
example url.c #ifdefs on features that are defined on a per-backend
basis but vtls.h didn't include the backend headers.
CURLOPT_CERTINFO was one such feature that was accidentally disabled.
|
|
This fixes a copy-paste mistake from commit 2968f957.
|
|
|
|
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).
Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().
Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
|
|
First try to fix possible memory leaks, in this case:
Only connssl->ctxt xor onnssl->cred being initialized.
|
|
|
|
... to further remove specific TLS backend knowledge from url.c
|
|
|
|
|
|
Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
|
|
|
|
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
|
|
SecCertificateCopyPublicKey() is not available on iPhone. Use
CopyCertSubject() instead to see if the certificate returned by
SecCertificateCreateWithData() is valid.
Reported-by: Toby Peterson
|
|
Forwards the setting as minimum ssl version (if set) to polarssl. If
the server does not support the requested version the SSL Handshake will
fail.
Bug: http://curl.haxx.se/bug/view.cgi?id=1419
|
|
SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even
if the buffer holds an invalid or corrupt certificate. Call
SecCertificateCopyPublicKey() to make sure cacert is a valid
certificate.
|