Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-12-27 | polarssl: Use 'CURLcode result' for curl result codes | Steve Holme | |
2014-12-26 | vtls: Don't set cert info count until memory allocation is successful | Steve Holme | |
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs member variable to the requested count, which could then be used incorrectly as libcurl closes down. | |||
2014-12-26 | vtls: Use CURLcode for Curl_ssl_init_certinfo() return type | Steve Holme | |
The return type for this function was 0 on success and 1 on error. This was then examined by the calling functions and, in most cases, used to return CURLE_OUT_OF_MEMORY. Instead use CURLcode for the return type and return the out of memory error directly, propagating it up the call stack. | |||
2014-12-25 | vtls: Use bool for Curl_ssl_getsessionid() return type | Steve Holme | |
The return type of this function is a boolean value, and even uses a bool internally, so use bool in the function declaration as well as the variables that store the return value, to avoid any confusion. | |||
2014-12-25 | schannel: Minor code style policing for casts | Steve Holme | |
2014-12-25 | schannel: Prefer 'CURLcode result' for curl result codes | Steve Holme | |
2014-12-25 | cyassl: Prefer 'CURLcode result' for curl result codes | Steve Holme | |
2014-12-24 | gtls: Use preferred 'CURLcode result' | Steve Holme | |
2014-12-24 | openssl: Prefer we don't use NULL in comparisons | Steve Holme | |
2014-12-23 | openssl.c Fix for compilation errors with older versions of OpenSSL | Steve Holme | |
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared openssl.c:1411: error: 'TLS1_2_VERSION' undeclared | |||
2014-12-22 | openssl: fix SSL/TLS versions in verbose output | Daniel Stenberg | |
2014-12-22 | openssl: make it compile against openssl 1.1.0-DEV master branch | Daniel Stenberg | |
2014-12-21 | openssl: warn for SRP set if SSLv3 is used, not for TLS version | Daniel Stenberg | |
... as it requires TLS and it was was left to warn on the default from when default was SSL... | |||
2014-12-15 | darwinssl: fix incorrect usage of aprintf() | Nick Zitzmann | |
Commit b13923f changed an snprintf() to use aprintf(), but the API usage wasn't correct, and was causing a crash to occur. This fixes it. | |||
2014-12-14 | darwinssl: aprintf() to allocate the session key | Daniel Stenberg | |
... to avoid using a fixed memory size that risks being too large or too small. | |||
2014-12-14 | curl_schannel: Improvements to memory re-allocation strategy | Marc Hoersken | |
- do not grow memory by doubling its size - do not leak previously allocated memory if reallocation fails - replace while-loop with a single check to make sure that the requested amount of data fits into the buffer Bug: http://curl.haxx.se/bug/view.cgi?id=1450 Reported-by: Warren Menzer | |||
2014-12-14 | curl_schannel.c: Data may be available before connection shutdown | Marc Hoersken | |
2014-12-09 | schannel_recv: return the correct code | Daniel Stenberg | |
Bug: http://curl.haxx.se/bug/view.cgi?id=1462 Reported-by: Tae Hyoung Ahn | |||
2014-12-09 | http2: avoid logging neg "failure" if h2 was not requested | Daniel Stenberg | |
2014-12-03 | NSS: enable the CAPATH option | Daniel Stenberg | |
Bug: http://curl.haxx.se/bug/view.cgi?id=1457 Patch-by: Tomasz Kojm | |||
2014-11-24 | SSL: Add PEM format support for public key pinning | moparisthebest | |
2014-11-09 | vtls.h: Fixed compiler warning when compiled without SSL | Steve Holme | |
vtls.c:185:46: warning: unused parameter 'data' | |||
2014-11-04 | SSL: PolarSSL default min SSL version TLS 1.0 | Jay Satiro | |
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure. | |||
2014-11-02 | openssl: Use 'CURLcode result' | Steve Holme | |
More CURLcode fixes. | |||
2014-11-01 | openssl: Use 'CURLcode result' | Steve Holme | |
More standardisation of CURLcode usage and coding style. | |||
2014-11-01 | openssl: Use 'CURLcode result' | Steve Holme | |
...and some minor code style changes. | |||
2014-10-30 | code cleanup: Use 'CURLcode result' | Steve Holme | |
2014-10-29 | openssl: enable NPN separately from ALPN | Daniel Stenberg | |
... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue | |||
2014-10-29 | vtls.c: Fixed compilation warning | Steve Holme | |
conversion from 'size_t' to 'unsigned int', possible loss of data | |||
2014-10-29 | nss: drop the code for libcurl-level downgrade to SSLv3 | Kamil Dudka | |
This code was already deactivated by commit ec783dc142129d3860e542b443caaa78a6172d56. | |||
2014-10-29 | openssl: fix a line length warning | Kamil Dudka | |
2014-10-29 | Fixed error message since we require ALPN support. | Guenter Knauf | |
2014-10-29 | Check for ALPN via OpenSSL version number. | Guenter Knauf | |
This check works also with to non-configure platforms. | |||
2014-10-24 | darwinssl: detect possible future removal of SSLv3 from the framework | Nick Zitzmann | |
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3. | |||
2014-10-24 | gskit.c: remove SSLv3 from SSL default. | Patrick Monnerat | |
2014-10-24 | gskit.c: use 'CURLcode result' | Patrick Monnerat | |
2014-10-24 | SSL: Remove SSLv3 from SSL default due to POODLE attack | Jay Satiro | |
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc | |||
2014-10-24 | code cleanup: we prefer 'CURLcode result' | Daniel Stenberg | |
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK) | |||
2014-10-23 | gnutls: removed dead code | Daniel Stenberg | |
Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien | |||
2014-10-23 | Curl_rand: Uninitialized variable: r | Daniel Stenberg | |
This is not actually used uninitialized but we silence warnings. Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien | |||
2014-10-20 | nss: reset SSL handshake state machine | Kamil Dudka | |
... when the handshake succeeds This fixes a connection failure when FTPS handle is reused. | |||
2014-10-14 | Implement pinned public key in GSKit backend | Patrick Monnerat | |
2014-10-13 | pinning: minor code style policing | Daniel Stenberg | |
2014-10-13 | Factorize pinned public key code into generic file handling and backend specific | Patrick Monnerat | |
2014-10-13 | vtls: remove QsoSSL | Patrick Monnerat | |
2014-10-13 | gskit: supply dummy randomization function | Patrick Monnerat | |
2014-10-13 | vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation | Patrick Monnerat | |
2014-10-09 | vtls: have vtls.h include the backend header files | Daniel Stenberg | |
It turned out some features were not enabled in the build since for example url.c #ifdefs on features that are defined on a per-backend basis but vtls.h didn't include the backend headers. CURLOPT_CERTINFO was one such feature that was accidentally disabled. | |||
2014-10-08 | nss: do not fail if a CRL is already cached | Kamil Dudka | |
This fixes a copy-paste mistake from commit 2968f957. | |||
2014-10-07 | GnuTLS: Implement public key pinning | moparisthebest | |