Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-12-25 | cyassl: Prefer 'CURLcode result' for curl result codes | Steve Holme | |
2014-12-24 | gtls: Use preferred 'CURLcode result' | Steve Holme | |
2014-12-24 | openssl: Prefer we don't use NULL in comparisons | Steve Holme | |
2014-12-23 | openssl.c Fix for compilation errors with older versions of OpenSSL | Steve Holme | |
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared openssl.c:1411: error: 'TLS1_2_VERSION' undeclared | |||
2014-12-22 | openssl: fix SSL/TLS versions in verbose output | Daniel Stenberg | |
2014-12-22 | openssl: make it compile against openssl 1.1.0-DEV master branch | Daniel Stenberg | |
2014-12-21 | openssl: warn for SRP set if SSLv3 is used, not for TLS version | Daniel Stenberg | |
... as it requires TLS and it was was left to warn on the default from when default was SSL... | |||
2014-12-15 | darwinssl: fix incorrect usage of aprintf() | Nick Zitzmann | |
Commit b13923f changed an snprintf() to use aprintf(), but the API usage wasn't correct, and was causing a crash to occur. This fixes it. | |||
2014-12-14 | darwinssl: aprintf() to allocate the session key | Daniel Stenberg | |
... to avoid using a fixed memory size that risks being too large or too small. | |||
2014-12-14 | curl_schannel: Improvements to memory re-allocation strategy | Marc Hoersken | |
- do not grow memory by doubling its size - do not leak previously allocated memory if reallocation fails - replace while-loop with a single check to make sure that the requested amount of data fits into the buffer Bug: http://curl.haxx.se/bug/view.cgi?id=1450 Reported-by: Warren Menzer | |||
2014-12-14 | curl_schannel.c: Data may be available before connection shutdown | Marc Hoersken | |
2014-12-09 | schannel_recv: return the correct code | Daniel Stenberg | |
Bug: http://curl.haxx.se/bug/view.cgi?id=1462 Reported-by: Tae Hyoung Ahn | |||
2014-12-09 | http2: avoid logging neg "failure" if h2 was not requested | Daniel Stenberg | |
2014-12-03 | NSS: enable the CAPATH option | Daniel Stenberg | |
Bug: http://curl.haxx.se/bug/view.cgi?id=1457 Patch-by: Tomasz Kojm | |||
2014-11-24 | SSL: Add PEM format support for public key pinning | moparisthebest | |
2014-11-09 | vtls.h: Fixed compiler warning when compiled without SSL | Steve Holme | |
vtls.c:185:46: warning: unused parameter 'data' | |||
2014-11-04 | SSL: PolarSSL default min SSL version TLS 1.0 | Jay Satiro | |
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure. | |||
2014-11-02 | openssl: Use 'CURLcode result' | Steve Holme | |
More CURLcode fixes. | |||
2014-11-01 | openssl: Use 'CURLcode result' | Steve Holme | |
More standardisation of CURLcode usage and coding style. | |||
2014-11-01 | openssl: Use 'CURLcode result' | Steve Holme | |
...and some minor code style changes. | |||
2014-10-30 | code cleanup: Use 'CURLcode result' | Steve Holme | |
2014-10-29 | openssl: enable NPN separately from ALPN | Daniel Stenberg | |
... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue | |||
2014-10-29 | vtls.c: Fixed compilation warning | Steve Holme | |
conversion from 'size_t' to 'unsigned int', possible loss of data | |||
2014-10-29 | nss: drop the code for libcurl-level downgrade to SSLv3 | Kamil Dudka | |
This code was already deactivated by commit ec783dc142129d3860e542b443caaa78a6172d56. | |||
2014-10-29 | openssl: fix a line length warning | Kamil Dudka | |
2014-10-29 | Fixed error message since we require ALPN support. | Guenter Knauf | |
2014-10-29 | Check for ALPN via OpenSSL version number. | Guenter Knauf | |
This check works also with to non-configure platforms. | |||
2014-10-24 | darwinssl: detect possible future removal of SSLv3 from the framework | Nick Zitzmann | |
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3. | |||
2014-10-24 | gskit.c: remove SSLv3 from SSL default. | Patrick Monnerat | |
2014-10-24 | gskit.c: use 'CURLcode result' | Patrick Monnerat | |
2014-10-24 | SSL: Remove SSLv3 from SSL default due to POODLE attack | Jay Satiro | |
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc | |||
2014-10-24 | code cleanup: we prefer 'CURLcode result' | Daniel Stenberg | |
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK) | |||
2014-10-23 | gnutls: removed dead code | Daniel Stenberg | |
Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien | |||
2014-10-23 | Curl_rand: Uninitialized variable: r | Daniel Stenberg | |
This is not actually used uninitialized but we silence warnings. Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien | |||
2014-10-20 | nss: reset SSL handshake state machine | Kamil Dudka | |
... when the handshake succeeds This fixes a connection failure when FTPS handle is reused. | |||
2014-10-14 | Implement pinned public key in GSKit backend | Patrick Monnerat | |
2014-10-13 | pinning: minor code style policing | Daniel Stenberg | |
2014-10-13 | Factorize pinned public key code into generic file handling and backend specific | Patrick Monnerat | |
2014-10-13 | vtls: remove QsoSSL | Patrick Monnerat | |
2014-10-13 | gskit: supply dummy randomization function | Patrick Monnerat | |
2014-10-13 | vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation | Patrick Monnerat | |
2014-10-09 | vtls: have vtls.h include the backend header files | Daniel Stenberg | |
It turned out some features were not enabled in the build since for example url.c #ifdefs on features that are defined on a per-backend basis but vtls.h didn't include the backend headers. CURLOPT_CERTINFO was one such feature that was accidentally disabled. | |||
2014-10-08 | nss: do not fail if a CRL is already cached | Kamil Dudka | |
This fixes a copy-paste mistake from commit 2968f957. | |||
2014-10-07 | GnuTLS: Implement public key pinning | moparisthebest | |
2014-10-07 | SSL: implement public key pinning | moparisthebest | |
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der | |||
2014-10-04 | curl_schannel.c: Fixed possible memory or handle leak | Marc Hoersken | |
First try to fix possible memory leaks, in this case: Only connssl->ctxt xor onnssl->cred being initialized. | |||
2014-09-13 | curlssl: make tls backend symbols use curlssl in the name | Daniel Stenberg | |
2014-09-13 | url: let the backend decide CURLOPT_SSL_CTX_ support | Daniel Stenberg | |
... to further remove specific TLS backend knowledge from url.c | |||
2014-09-13 | vtls: have the backend tell if it supports CERTINFO | Daniel Stenberg | |
2014-09-13 | CURLOPT_CAPATH: return failure if set without backend support | Daniel Stenberg | |