| Age | Commit message (Collapse) | Author |
|---|
|
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.
Reported-by: Jean-Francois Durand
|
|
|
|
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.
Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
|
|
Prefer void for unused parameters, rather than assigning an argument to
itself as a) unintelligent compilers won't optimize it out, b) it can't
be used for const parameters, c) it will cause compilation warnings for
clang with -Wself-assign and d) is inconsistent with other areas of the
curl source code.
|
|
Moved our Initialize Security Context return attribute definitions to
the SSPI module, as a) these can be used by other SSPI based providers
and b) the ISC required attributes are defined there.
|
|
vtls.c:683:43: warning: unused parameter 'data'
|
|
curl_schannel.h:123: warning: right-hand operand of comma expression
has no effect
Some instances of the curlssl_close_all() function were declared with a
void return type whilst others as int. The schannel version returned
CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
return code was ignored by the calling function Curl_ssl_close_all().
For the time being and to keep the internal API consistent, changed all
declarations to use a void return type.
To reduce code we might want to consider removing the unimplemented
versions and use a void #define like schannel does.
|
|
|
|
|
|
...and don't use CURLE_OK in failure/success comparisons.
|
|
|
|
|
|
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
member variable to the requested count, which could then be used
incorrectly as libcurl closes down.
|
|
The return type for this function was 0 on success and 1 on error. This
was then examined by the calling functions and, in most cases, used to
return CURLE_OUT_OF_MEMORY.
Instead use CURLcode for the return type and return the out of memory
error directly, propagating it up the call stack.
|
|
The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as well as
the variables that store the return value, to avoid any confusion.
|
|
|
|
|
|
|
|
|
|
|
|
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
|
|
|
|
|
|
... as it requires TLS and it was was left to warn on the default from
when default was SSL...
|
|
Commit b13923f changed an snprintf() to use aprintf(), but the API usage
wasn't correct, and was causing a crash to occur. This fixes it.
|
|
... to avoid using a fixed memory size that risks being too large or too
small.
|
|
- do not grow memory by doubling its size
- do not leak previously allocated memory if reallocation fails
- replace while-loop with a single check to make sure
that the requested amount of data fits into the buffer
Bug: http://curl.haxx.se/bug/view.cgi?id=1450
Reported-by: Warren Menzer
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1462
Reported-by: Tae Hyoung Ahn
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1457
Patch-by: Tomasz Kojm
|
|
|
|
vtls.c:185:46: warning: unused parameter 'data'
|
|
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
|
|
More CURLcode fixes.
|
|
More standardisation of CURLcode usage and coding style.
|
|
...and some minor code style changes.
|
|
|
|
... and allow building with nghttp2 but completely without NPN and ALPN,
as nghttp2 can still be used for plain-text HTTP.
Reported-by: Lucas Pardue
|
|
conversion from 'size_t' to 'unsigned int', possible loss of data
|
|
This code was already deactivated by commit
ec783dc142129d3860e542b443caaa78a6172d56.
|
|
|
|
|
|
This check works also with to non-configure platforms.
|
|
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
|
|
|
|
|
|
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.
- Update CURLOPT_SSLVERSION doc
|
|
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.
Also, unify code for checking for CURLcode errors with:
if(result) or if(!result)
instead of
if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
|
