aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
AgeCommit message (Collapse)Author
2015-03-25polarssl: remove superfluous for(;;) loopDaniel Stenberg
"unreachable: Since the loop increment is unreachable, the loop body will never execute more than once." Coverity CID 1291707
2015-03-25Curl_ssl_md5sum: return CURLcodeDaniel Stenberg
... since the funciton can fail on OOM. Check this return code. Coverity CID 1291705.
2015-03-25cyassl: default to highest possible TLS versionJay Satiro
(cyassl_connect_step1) - Use TLS 1.0-1.2 by default when available. CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade version. cyassl/cyassl@322f79f
2015-03-25cyassl: Check for invalid length parameter in Curl_cyassl_randomJay Satiro
2015-03-25cyassl: If wolfSSL then identify as such in version stringJay Satiro
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-24openssl: do the OCSP work-around for libressl tooDaniel Stenberg
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to still require the work-around for stapling to work.
2015-03-24openssl: verifystatus: only use the OCSP work-around <= 1.0.2aDaniel Stenberg
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html Reported-by: Alessandro Ghedini
2015-03-24openssl: adapt to ASN1/X509 things gone opaque in 1.1Daniel Stenberg
2015-03-24vtls: fix compile with --disable-crypto-auth but with SSLDan Fandrich
This is a strange combination of options, but is allowed.
2015-03-23cyassl: include version.h to ensure the version macros are definedDan Fandrich
2015-03-21darwinsssl: add support for TLS False StartNick Zitzmann
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21gtls: add check of return codeDaniel Stenberg
Coverity CID 1291167 pointed out that 'rc' was received but never used when gnutls_credentials_set() was used. Added return code check now.
2015-03-21gtls: dereferencing NULL pointerDaniel Stenberg
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when NULL if gnutls_certificate_get_peers() had previously failed.
2015-03-21gtls: avoid uninitialized variable.Daniel Stenberg
Coverity CID 1291166 pointed out that we could read this variable uninitialized.
2015-03-21nss: error: unused variable 'connssl'Daniel Stenberg
2015-03-20cyassl: use new library version macro when availableDan Fandrich
2015-03-20nss: add support for TLS False StartAlessandro Ghedini
2015-03-20url: add CURLOPT_SSL_FALSESTART optionAlessandro Ghedini
This option can be used to enable/disable TLS False Start defined in the RFC draft-bmoeller-tls-falsestart.
2015-03-20gtls: implement CURLOPT_CERTINFOAlessandro Ghedini
2015-03-20openssl: try to avoid accessing OCSP structs when possibleAlessandro Ghedini
2015-03-19axtls: version 1.5.2 now requires that config.h be manually includedDan Fandrich
2015-03-18nss: explicitly tell NSS to disable NPN/ALPNKamil Dudka
... if disabled at libcurl level. Otherwise, we would allow to negotiate NPN despite curl was invoked with the --no-npn option.
2015-03-17checksrc: detect and remove space before trailing semicolonsDaniel Stenberg
2015-03-17checksrc: use space after commaDaniel Stenberg
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-12openssl: use colons properly in the ciphers listDaniel Stenberg
While the previous string worked, this is the documented format. Reported-by: Richard Moore
2015-03-12openssl: sort the ciphers on strengthDaniel Stenberg
This makes curl pick better (stronger) ciphers by default. The strongest available ciphers are fine according to the HTTP/2 spec so an OpenSSL built curl is no longer rejected by string HTTP/2 servers. Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12openssl: show the cipher selection to useDaniel Stenberg
2015-03-10gtls: correctly align certificate status verification messagesAlessandro Ghedini
2015-03-10gtls: don't print double newline after certificate datesAlessandro Ghedini
2015-03-10gtls: print negotiated TLS version and full cipher suite nameAlessandro Ghedini
Instead of priting cipher and MAC algorithms names separately, print the whole cipher suite string which also includes the key exchange algorithm, along with the negotiated TLS version.
2015-03-10gtls: fix compiler warningsDaniel Stenberg
2015-03-10gtls: add support for CURLOPT_CAPATHAlessandro Ghedini
2015-03-07http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*Daniel Stenberg
Since they already exist and will make comparing easier
2015-03-07polarssl: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-07nss: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-07gtls: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-07openssl: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-05openssl: remove all uses of USE_SSLEAYDaniel Stenberg
SSLeay was the name of the library that was subsequently turned into OpenSSL many moons ago (1999). curl does not work with the old SSLeay library since years. This is now reflected by only using USE_OPENSSL in code that depends on OpenSSL.
2015-03-03vtls: use curl_printf.h all overDaniel Stenberg
No need to use _MPRINTF_REPLACE internally.
2015-02-25nss: do not skip Curl_nss_seed() if data is NULLKamil Dudka
In that case, we only skip writing the error message for failed NSS initialization (while still returning the correct error code).
2015-02-25nss: improve error handling in Curl_nss_random()Kamil Dudka
The vtls layer now checks the return value, so it is no longer necessary to abort if a random number cannot be provided by NSS. This also fixes the following Coverity report: Error: FORWARD_NULL (CWE-476): lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
2015-02-19nss: fix NPN/ALPN protocol negotiationAlessandro Ghedini
Correctly check for memcmp() return value (it returns 0 if the strings match). This is not really important, since curl is going to use http/1.1 anyway, but it's still a bug I guess.
2015-02-19polarssl: fix ALPN protocol negotiationAlessandro Ghedini
Correctly check for strncmp() return value (it returns 0 if the strings match).
2015-02-19gtls: fix build with HTTP2Alessandro Ghedini
2015-02-15By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]"Nick Zitzmann
2015-02-12openssl: fix a compile-time warningKamil Dudka
lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
2015-02-11openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detectionSteve Holme
For consistency with other conditionally compiled code in openssl.c, use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are not included.
2015-02-09openssl: Disable OCSP in old versions of OpenSSLSteve Holme
Versions of OpenSSL prior to v0.9.8h do not support the necessary functions for OCSP stapling.