aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-10-29nss: drop the code for libcurl-level downgrade to SSLv3Kamil Dudka
This code was already deactivated by commit ec783dc142129d3860e542b443caaa78a6172d56.
2014-10-29openssl: fix a line length warningKamil Dudka
2014-10-29Added NetWare support to build with nghttp2.Guenter Knauf
2014-10-29Fixed error message since we require ALPN support.Guenter Knauf
2014-10-29Check for ALPN via OpenSSL version number.Guenter Knauf
This check works also with to non-configure platforms.
2014-10-28sasl_sspi: Fixed typo in commentSteve Holme
2014-10-28code cleanup: We prefer 'CURLcode result'Steve Holme
2014-10-28mk-ca-bundle: spell fix "version"Daniel Stenberg
2014-10-27HTTP: return larger than 3 digit response codes tooDaniel Stenberg
HTTP 1.1 is clearly specified to only allow three digit response codes, and libcurl used sscanf("%3d") for that purpose. This made libcurl support smaller numbers but not larger. It does now, but we will not make any specific promises nor document this further since it is going outside of what HTTP is. Bug: http://curl.haxx.se/bug/view.cgi?id=1441 Reported-by: Balaji
2014-10-26ntlm: We prefer 'CURLcode result'Steve Holme
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-26Cosmetics: lowercase non-special subroutine names.Guenter Knauf
2014-10-26http_negotiate: We prefer 'CURLcode result'Steve Holme
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-26http_negotiate: Fixed missing check for USE_SPNEGOSteve Holme
2014-10-26sspi: Synchronization of cleanup code between auth mechanismsSteve Holme
2014-10-26sspi: Renamed max token length variablesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-26sspi: Renamed expiry time stamp variablesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-26sspi: Only call CompleteAuthToken() when complete is neededSteve Holme
Don't call CompleteAuthToken() after InitializeSecurityContext() has returned SEC_I_CONTINUE_NEEDED as this return code only indicates the function should be called again after receiving a response back from the server. This only affected the Digest and NTLM authentication code.
2014-10-26ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()Steve Holme
For consistency with other areas of the NTLM code propagate all errors from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just CURLE_OUT_OF_MEMORY.
2014-10-26ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash()Steve Holme
2014-10-26ntlm: Use 'CURLcode result'Steve Holme
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-25ntlm: Only define ntlm data structure when USE_NTLM is definedSteve Holme
2014-10-25ntlm: Changed handles to be dynamic like other SSPI handlesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-25ntlm: Renamed handle variables to match other SSPI structuresSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-25ntlm: Renamed SSPI based input token variablesSteve Holme
Code cleanup to try and synchronise code between the different SSPI based authentication mechanisms.
2014-10-25ntlm: We prefer 'CURLcode result'Steve Holme
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-24darwinssl: detect possible future removal of SSLv3 from the frameworkNick Zitzmann
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
2014-10-24gskit.c: remove SSLv3 from SSL default.Patrick Monnerat
2014-10-24gskit.c: use 'CURLcode result'Patrick Monnerat
2014-10-24SSL: Remove SSLv3 from SSL default due to POODLE attackJay Satiro
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc
2014-10-24pipelining: only output "is not blacklisted" in debug buildsDaniel Stenberg
2014-10-24url.c: use 'CURLcode result'Daniel Stenberg
2014-10-24code cleanup: we prefer 'CURLcode result'Daniel Stenberg
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24Curl_add_timecondition: skip superfluous varible assignmentDaniel Stenberg
Detected by cppcheck.
2014-10-24Curl_pp_flushsend: skip superfluous assignmentDaniel Stenberg
Detected by cppcheck.
2014-10-24Curl_pp_readresp: remove superfluous assignmentDaniel Stenberg
Variable already assigned a few lines up. Detected by cppcheck.
2014-10-24Curl_proxyCONNECT: remove superfluous statementDaniel Stenberg
The variable is already assigned, skip the duplicate assignment. Pointed out by cppcheck.
2014-10-24Added MinGW support to build with nghttp2.Guenter Knauf
2014-10-23Some cosmetics and simplifies.Guenter Knauf
2014-10-23Remove dependency on openssl and cut.Guenter Knauf
Prefer usage of Perl modules for sha1 calculation since there might be systems where openssl is not installed or not in path. If openssl is used for sha1 calculation then dont rely on cut since it is usually not available on other systems than Linux.
2014-10-23gnutls: removed dead codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien
2014-10-23Curl_rand: Uninitialized variable: rDaniel Stenberg
This is not actually used uninitialized but we silence warnings. Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien
2014-10-20nss: reset SSL handshake state machineKamil Dudka
... when the handshake succeeds This fixes a connection failure when FTPS handle is reused.
2014-10-16ntlm: Fixed empty type-2 decoded message info textSteve Holme
Updated the info text when the base-64 decode of the type-2 message returns a null buffer to be more specific.
2014-10-16ntlm: Fixed empty/bad base-64 decoded buffer return codesSteve Holme
2014-10-16ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 tokenSteve Holme
2014-10-15sasl_sspi: Fixed some typosSteve Holme
2014-10-15sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSOSteve Holme
2014-10-15mk-ca-bundle: added SHA-384 signature algorithmBruno Thomsen
Certificates based on SHA-1 are being phased out[1]. So we should expect a rise in certificates based on SHA-2. Adding SHA-384 as a valid signature algorithm. [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
2014-10-14Implement pinned public key in GSKit backendPatrick Monnerat
2014-10-14cleanups: reduce variable scopeDaniel Stenberg
cppcheck pointed these out.