aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
AgeCommit message (Collapse)Author
2015-01-12curl_schannel.c: mark session as removed from cache if not freedMarc Hoersken
If the session is still used by active SSL/TLS connections, it cannot be closed yet. Thus we mark the session as not being cached any longer so that the reference counting mechanism in Curl_schannel_shutdown is used to close and free the session. Reported-by: Jean-Francois Durand
2015-01-09NSS: fix compiler error when built http2-enabledDaniel Stenberg
2015-01-07darwinssl: fix session ID keys to only reuse identical sessionsDaniel Stenberg
...to avoid a session ID getting cached without certificate checking and then after a subsequent _enabling_ of the check libcurl could still re-use the session done without cert checks. Bug: http://curl.haxx.se/docs/adv_20150108A.html Reported-by: Marc Hesse
2014-12-30vtls: Use '(void) arg' for unused parametersSteve Holme
Prefer void for unused parameters, rather than assigning an argument to itself as a) unintelligent compilers won't optimize it out, b) it can't be used for const parameters, c) it will cause compilation warnings for clang with -Wself-assign and d) is inconsistent with other areas of the curl source code.
2014-12-30schannel: Moved the ISC return flag definitions to the SSPI moduleSteve Holme
Moved our Initialize Security Context return attribute definitions to the SSPI module, as a) these can be used by other SSPI based providers and b) the ISC required attributes are defined there.
2014-12-28darwinssl: Fixed compilation warningSteve Holme
vtls.c:683:43: warning: unused parameter 'data'
2014-12-28vtls: Fixed compilation warning and an ignored return codeSteve Holme
curl_schannel.h:123: warning: right-hand operand of comma expression has no effect Some instances of the curlssl_close_all() function were declared with a void return type whilst others as int. The schannel version returned CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the return code was ignored by the calling function Curl_ssl_close_all(). For the time being and to keep the internal API consistent, changed all declarations to use a void return type. To reduce code we might want to consider removing the unimplemented versions and use a void #define like schannel does.
2014-12-27nss: Don't ignore Curl_extract_certinfo() OOM failureSteve Holme
2014-12-27nss: Don't ignore Curl_ssl_init_certinfo() OOM failureSteve Holme
2014-12-27nss: Use 'CURLcode result' for curl result codesSteve Holme
...and don't use CURLE_OK in failure/success comparisons.
2014-12-27darwinssl: Use 'CURLcode result' for curl result codesSteve Holme
2014-12-27polarssl: Use 'CURLcode result' for curl result codesSteve Holme
2014-12-26vtls: Don't set cert info count until memory allocation is successfulSteve Holme
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs member variable to the requested count, which could then be used incorrectly as libcurl closes down.
2014-12-26vtls: Use CURLcode for Curl_ssl_init_certinfo() return typeSteve Holme
The return type for this function was 0 on success and 1 on error. This was then examined by the calling functions and, in most cases, used to return CURLE_OUT_OF_MEMORY. Instead use CURLcode for the return type and return the out of memory error directly, propagating it up the call stack.
2014-12-25vtls: Use bool for Curl_ssl_getsessionid() return typeSteve Holme
The return type of this function is a boolean value, and even uses a bool internally, so use bool in the function declaration as well as the variables that store the return value, to avoid any confusion.
2014-12-25schannel: Minor code style policing for castsSteve Holme
2014-12-25schannel: Prefer 'CURLcode result' for curl result codesSteve Holme
2014-12-25cyassl: Prefer 'CURLcode result' for curl result codesSteve Holme
2014-12-24gtls: Use preferred 'CURLcode result'Steve Holme
2014-12-24openssl: Prefer we don't use NULL in comparisonsSteve Holme
2014-12-23openssl.c Fix for compilation errors with older versions of OpenSSLSteve Holme
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
2014-12-22openssl: fix SSL/TLS versions in verbose outputDaniel Stenberg
2014-12-22openssl: make it compile against openssl 1.1.0-DEV master branchDaniel Stenberg
2014-12-21openssl: warn for SRP set if SSLv3 is used, not for TLS versionDaniel Stenberg
... as it requires TLS and it was was left to warn on the default from when default was SSL...
2014-12-15darwinssl: fix incorrect usage of aprintf()Nick Zitzmann
Commit b13923f changed an snprintf() to use aprintf(), but the API usage wasn't correct, and was causing a crash to occur. This fixes it.
2014-12-14darwinssl: aprintf() to allocate the session keyDaniel Stenberg
... to avoid using a fixed memory size that risks being too large or too small.
2014-12-14curl_schannel: Improvements to memory re-allocation strategyMarc Hoersken
- do not grow memory by doubling its size - do not leak previously allocated memory if reallocation fails - replace while-loop with a single check to make sure that the requested amount of data fits into the buffer Bug: http://curl.haxx.se/bug/view.cgi?id=1450 Reported-by: Warren Menzer
2014-12-14curl_schannel.c: Data may be available before connection shutdownMarc Hoersken
2014-12-09schannel_recv: return the correct codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1462 Reported-by: Tae Hyoung Ahn
2014-12-09http2: avoid logging neg "failure" if h2 was not requestedDaniel Stenberg
2014-12-03NSS: enable the CAPATH optionDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1457 Patch-by: Tomasz Kojm
2014-11-24SSL: Add PEM format support for public key pinningmoparisthebest
2014-11-09vtls.h: Fixed compiler warning when compiled without SSLSteve Holme
vtls.c:185:46: warning: unused parameter 'data'
2014-11-04SSL: PolarSSL default min SSL version TLS 1.0Jay Satiro
- Prior to this change no SSL minimum version was set by default at runtime for PolarSSL. Therefore in most cases PolarSSL would probably have defaulted to a minimum version of SSLv3 which is no longer secure.
2014-11-02openssl: Use 'CURLcode result'Steve Holme
More CURLcode fixes.
2014-11-01openssl: Use 'CURLcode result'Steve Holme
More standardisation of CURLcode usage and coding style.
2014-11-01openssl: Use 'CURLcode result'Steve Holme
...and some minor code style changes.
2014-10-30code cleanup: Use 'CURLcode result'Steve Holme
2014-10-29openssl: enable NPN separately from ALPNDaniel Stenberg
... and allow building with nghttp2 but completely without NPN and ALPN, as nghttp2 can still be used for plain-text HTTP. Reported-by: Lucas Pardue
2014-10-29vtls.c: Fixed compilation warningSteve Holme
conversion from 'size_t' to 'unsigned int', possible loss of data
2014-10-29nss: drop the code for libcurl-level downgrade to SSLv3Kamil Dudka
This code was already deactivated by commit ec783dc142129d3860e542b443caaa78a6172d56.
2014-10-29openssl: fix a line length warningKamil Dudka
2014-10-29Fixed error message since we require ALPN support.Guenter Knauf
2014-10-29Check for ALPN via OpenSSL version number.Guenter Knauf
This check works also with to non-configure platforms.
2014-10-24darwinssl: detect possible future removal of SSLv3 from the frameworkNick Zitzmann
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
2014-10-24gskit.c: remove SSLv3 from SSL default.Patrick Monnerat
2014-10-24gskit.c: use 'CURLcode result'Patrick Monnerat
2014-10-24SSL: Remove SSLv3 from SSL default due to POODLE attackJay Satiro
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc
2014-10-24code cleanup: we prefer 'CURLcode result'Daniel Stenberg
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-23gnutls: removed dead codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien