aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
AgeCommit message (Collapse)Author
2014-12-27nss: Don't ignore Curl_extract_certinfo() OOM failureSteve Holme
2014-12-27nss: Don't ignore Curl_ssl_init_certinfo() OOM failureSteve Holme
2014-12-27nss: Use 'CURLcode result' for curl result codesSteve Holme
...and don't use CURLE_OK in failure/success comparisons.
2014-12-27darwinssl: Use 'CURLcode result' for curl result codesSteve Holme
2014-12-27polarssl: Use 'CURLcode result' for curl result codesSteve Holme
2014-12-26vtls: Don't set cert info count until memory allocation is successfulSteve Holme
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs member variable to the requested count, which could then be used incorrectly as libcurl closes down.
2014-12-26vtls: Use CURLcode for Curl_ssl_init_certinfo() return typeSteve Holme
The return type for this function was 0 on success and 1 on error. This was then examined by the calling functions and, in most cases, used to return CURLE_OUT_OF_MEMORY. Instead use CURLcode for the return type and return the out of memory error directly, propagating it up the call stack.
2014-12-25vtls: Use bool for Curl_ssl_getsessionid() return typeSteve Holme
The return type of this function is a boolean value, and even uses a bool internally, so use bool in the function declaration as well as the variables that store the return value, to avoid any confusion.
2014-12-25schannel: Minor code style policing for castsSteve Holme
2014-12-25schannel: Prefer 'CURLcode result' for curl result codesSteve Holme
2014-12-25cyassl: Prefer 'CURLcode result' for curl result codesSteve Holme
2014-12-24gtls: Use preferred 'CURLcode result'Steve Holme
2014-12-24openssl: Prefer we don't use NULL in comparisonsSteve Holme
2014-12-23openssl.c Fix for compilation errors with older versions of OpenSSLSteve Holme
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
2014-12-22openssl: fix SSL/TLS versions in verbose outputDaniel Stenberg
2014-12-22openssl: make it compile against openssl 1.1.0-DEV master branchDaniel Stenberg
2014-12-21openssl: warn for SRP set if SSLv3 is used, not for TLS versionDaniel Stenberg
... as it requires TLS and it was was left to warn on the default from when default was SSL...
2014-12-15darwinssl: fix incorrect usage of aprintf()Nick Zitzmann
Commit b13923f changed an snprintf() to use aprintf(), but the API usage wasn't correct, and was causing a crash to occur. This fixes it.
2014-12-14darwinssl: aprintf() to allocate the session keyDaniel Stenberg
... to avoid using a fixed memory size that risks being too large or too small.
2014-12-14curl_schannel: Improvements to memory re-allocation strategyMarc Hoersken
- do not grow memory by doubling its size - do not leak previously allocated memory if reallocation fails - replace while-loop with a single check to make sure that the requested amount of data fits into the buffer Bug: http://curl.haxx.se/bug/view.cgi?id=1450 Reported-by: Warren Menzer
2014-12-14curl_schannel.c: Data may be available before connection shutdownMarc Hoersken
2014-12-09schannel_recv: return the correct codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1462 Reported-by: Tae Hyoung Ahn
2014-12-09http2: avoid logging neg "failure" if h2 was not requestedDaniel Stenberg
2014-12-03NSS: enable the CAPATH optionDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1457 Patch-by: Tomasz Kojm
2014-11-24SSL: Add PEM format support for public key pinningmoparisthebest
2014-11-09vtls.h: Fixed compiler warning when compiled without SSLSteve Holme
vtls.c:185:46: warning: unused parameter 'data'
2014-11-04SSL: PolarSSL default min SSL version TLS 1.0Jay Satiro
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.
2014-11-02openssl: Use 'CURLcode result'Steve Holme
More CURLcode fixes.
2014-11-01openssl: Use 'CURLcode result'Steve Holme
More standardisation of CURLcode usage and coding style.
2014-11-01openssl: Use 'CURLcode result'Steve Holme
...and some minor code style changes.
2014-10-30code cleanup: Use 'CURLcode result'Steve Holme
2014-10-29openssl: enable NPN separately from ALPNDaniel Stenberg
... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue
2014-10-29vtls.c: Fixed compilation warningSteve Holme
conversion from 'size_t' to 'unsigned int', possible loss of data
2014-10-29nss: drop the code for libcurl-level downgrade to SSLv3Kamil Dudka
This code was already deactivated by commit ec783dc142129d3860e542b443caaa78a6172d56.
2014-10-29openssl: fix a line length warningKamil Dudka
2014-10-29Fixed error message since we require ALPN support.Guenter Knauf
2014-10-29Check for ALPN via OpenSSL version number.Guenter Knauf
This check works also with to non-configure platforms.
2014-10-24darwinssl: detect possible future removal of SSLv3 from the frameworkNick Zitzmann
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
2014-10-24gskit.c: remove SSLv3 from SSL default.Patrick Monnerat
2014-10-24gskit.c: use 'CURLcode result'Patrick Monnerat
2014-10-24SSL: Remove SSLv3 from SSL default due to POODLE attackJay Satiro
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc
2014-10-24code cleanup: we prefer 'CURLcode result'Daniel Stenberg
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-23gnutls: removed dead codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien
2014-10-23Curl_rand: Uninitialized variable: rDaniel Stenberg
This is not actually used uninitialized but we silence warnings. Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien
2014-10-20nss: reset SSL handshake state machineKamil Dudka
... when the handshake succeeds This fixes a connection failure when FTPS handle is reused.
2014-10-14Implement pinned public key in GSKit backendPatrick Monnerat
2014-10-13pinning: minor code style policingDaniel Stenberg
2014-10-13Factorize pinned public key code into generic file handling and backend specificPatrick Monnerat
2014-10-13vtls: remove QsoSSLPatrick Monnerat
2014-10-13gskit: supply dummy randomization functionPatrick Monnerat