aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-03-28cyassl: CTX callback cosmetic changes and doc fixJay Satiro
- More descriptive fail message for NO_FILESYSTEM builds. - Cosmetic changes. - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
2015-03-27cyassl: add SSL context callback support for CyaSSLKyle L. Huff
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better handles CyaSSL instances using NO_FILESYSTEM.
2015-03-27cyassl: remove undefined reference to CyaSSL_no_filesystem_verifyKyle L. Huff
CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or CyaSSL. This reference causes build errors when compiling with NO_FILESYSTEM.
2015-03-27vtls: Don't accept unknown CURLOPT_SSLVERSION valuesJay Satiro
2015-03-27url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is definedJay Satiro
2015-03-26multi: on a request completion, check all CONNECT_PEND transfersDaniel Stenberg
... even if they don't have an associated connection anymore. It could leave the waiting transfers pending with no active one on the connection. Bug: http://curl.haxx.se/bug/view.cgi?id=1465 Reported-by: Jiri Dvorak
2015-03-25README.http2: refreshed and added TODO itemsDaniel Stenberg
2015-03-25polarssl: called mbedTLS in 1.3.10 and laterDaniel Stenberg
2015-03-25polarssl: remove dead codeDaniel Stenberg
and simplify code by changing if-elses to a switch() CID 1291706: Logically dead code. Execution cannot reach this statement
2015-03-25polarssl: remove superfluous for(;;) loopDaniel Stenberg
"unreachable: Since the loop increment is unreachable, the loop body will never execute more than once." Coverity CID 1291707
2015-03-25Curl_ssl_md5sum: return CURLcodeDaniel Stenberg
... since the funciton can fail on OOM. Check this return code. Coverity CID 1291705.
2015-03-25cyassl: default to highest possible TLS versionJay Satiro
(cyassl_connect_step1) - Use TLS 1.0-1.2 by default when available. CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade version. cyassl/cyassl@322f79f
2015-03-25cyassl: Check for invalid length parameter in Curl_cyassl_randomJay Satiro
2015-03-25cyassl: If wolfSSL then identify as such in version stringJay Satiro
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-24openssl: do the OCSP work-around for libressl tooDaniel Stenberg
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to still require the work-around for stapling to work.
2015-03-24openssl: verifystatus: only use the OCSP work-around <= 1.0.2aDaniel Stenberg
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html Reported-by: Alessandro Ghedini
2015-03-24openssl: adapt to ASN1/X509 things gone opaque in 1.1Daniel Stenberg
2015-03-24vtls: fix compile with --disable-crypto-auth but with SSLDan Fandrich
This is a strange combination of options, but is allowed.
2015-03-24CURLOPT_PATH_AS_IS: addedDaniel Stenberg
--path-as-is is the command line option Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 Added test in test 1241
2015-03-23curl_easy_recv/send: make them work with the multi interfaceYamada Yasuharu
By making sure Curl_getconnectinfo() uses the correct connection cache to find the last connection.
2015-03-23http2: move the init too for when its actually neededDaniel Stenberg
... it would otherwise lead to memory leakage if we never actually do the switch.
2015-03-23dict: rename byte to avoid compiler shadowed declaration warningDan Fandrich
This conflicted with a WolfSSL typedef.
2015-03-23cyassl: include version.h to ensure the version macros are definedDan Fandrich
2015-03-21darwinsssl: add support for TLS False StartNick Zitzmann
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21gtls: add check of return codeDaniel Stenberg
Coverity CID 1291167 pointed out that 'rc' was received but never used when gnutls_credentials_set() was used. Added return code check now.
2015-03-21gtls: dereferencing NULL pointerDaniel Stenberg
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when NULL if gnutls_certificate_get_peers() had previously failed.
2015-03-21gtls: avoid uninitialized variable.Daniel Stenberg
Coverity CID 1291166 pointed out that we could read this variable uninitialized.
2015-03-21x509asn1: add /* fallthrough */ in switch() caseDaniel Stenberg
2015-03-21x509asn1: minor edit to unconfuse CoverityDaniel Stenberg
CID 1202732 warns on the previous use, although I cannot fine any problems with it. I'm doing this change only to make the code use a more familiar approach to accomplish the same thing.
2015-03-21nss: error: unused variable 'connssl'Daniel Stenberg
2015-03-20cyassl: use new library version macro when availableDan Fandrich
2015-03-20nss: add support for TLS False StartAlessandro Ghedini
2015-03-20url: add CURLOPT_SSL_FALSESTART optionAlessandro Ghedini
This option can be used to enable/disable TLS False Start defined in the RFC draft-bmoeller-tls-falsestart.
2015-03-20gtls: implement CURLOPT_CERTINFOAlessandro Ghedini
2015-03-20openssl: try to avoid accessing OCSP structs when possibleAlessandro Ghedini
2015-03-19HTTP: don't switch to HTTP/2 from 1.1 until we get the 101Daniel Stenberg
We prematurely changed protocol handler to HTTP/2 which made things very slow (and wrong). Reported-by: Stefan Eissing Bug: https://github.com/bagder/curl/issues/169
2015-03-19axtls: version 1.5.2 now requires that config.h be manually includedDan Fandrich
2015-03-18nss: explicitly tell NSS to disable NPN/ALPNKamil Dudka
... if disabled at libcurl level. Otherwise, we would allow to negotiate NPN despite curl was invoked with the --no-npn option.
2015-03-17checksrc: Fix whitelist on out-of-tree buildsDan Fandrich
2015-03-17Curl_sh_entry: remove unused 'timestamp'Stefan Bühler
2015-03-17HTTP: don't use Expect: headers when on HTTP/2Daniel Stenberg
Reported-by: Stefan Eissing Bug: https://github.com/bagder/curl/issues/169
2015-03-17checksrc: detect and remove space before trailing semicolonsDaniel Stenberg
2015-03-17checksrc: introduce a whitelisting conceptDaniel Stenberg
2015-03-17checksrc: use space after commaDaniel Stenberg
2015-03-17checksrc: use space before paren in "return (expr);"Daniel Stenberg
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-16Bug #149: Deletion of unnecessary checks before a few calls of cURL functionsMarkus Elfring
The following functions return immediately if a null pointer was passed. * Curl_cookie_cleanup * curl_formfree It is therefore not needed that a function caller repeats a corresponding check. This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16connect: Fix happy eyeballs logic for IPv4-only buildsJay Satiro
Bug: https://github.com/bagder/curl/pull/168 (trynextip) - Don't try the "other" protocol family unless IPv6 is available. In an IPv4-only build the other family can only be IPv6 which is unavailable. This change essentially stops IPv4-only builds from attempting the "happy eyeballs" secondary parallel connection that is supposed to be used by the "other" address family. Prior to this change in IPv4-only builds that secondary parallel connection attempt could be erroneously used by the same family (IPv4) which caused a bug where every address after the first for a host could be tried twice, often in parallel. This change fixes that bug. An example of the bug is shown below. Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4: * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000) * Rebuilt URL to: http://MTEST/ * Added connection 0. The cache now contains 1 members * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083 (connection #0) * Trying 127.0.0.2... * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163 (connection #0) * Trying 127.0.0.3... * connect to 127.0.0.2 port 80 failed: Connection refused * Trying 127.0.0.3... * connect to 127.0.0.3 port 80 failed: Connection refused * Trying 127.0.0.4... * connect to 127.0.0.3 port 80 failed: Connection refused * Trying 127.0.0.4... * connect to 127.0.0.4 port 80 failed: Connection refused * connect to 127.0.0.4 port 80 failed: Connection refused * Failed to connect to MTEST port 80: Connection refused * Closing connection 0 * The cache now contains 0 members * Expire cleared curl: (7) Failed to connect to MTEST port 80: Connection refused The bug was born in commit bagder/curl@2d435c7.