aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-03-25Curl_cert_hostcheck: reject IP address wildcard matchesDaniel Stenberg
There are server certificates used with IP address in the CN field, but we MUST not allow wild cart certs for hostnames given as IP addresses only. Therefore we must make Curl_cert_hostcheck() fail such attempts. Bug: http://curl.haxx.se/docs/adv_20140326B.html Reported-by: Richard Moore
2014-03-25url: Fixed connection re-use when using different log-in credentialsSteve Holme
In addition to FTP, other connection based protocols such as IMAP, POP3, SMTP, SCP, SFTP and LDAP require a new connection when different log-in credentials are specified. Fixed the detection logic to include these other protocols. Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-22polarssl: avoid extra newlines in debug messagesGisle Vanem
The debug messages printed inside PolarSSL always seems to end with a newline. So 'infof()' should not add one. Besides the trace 'line' should be 'const'.
2014-03-20rtsp: parse "Session:" header properlyDaniel Stenberg
The parser skipped the initial letter, which presumably often is whitespace but doesn't have to be. Reported-by: Mike Hasselberg Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
2014-03-19trynextip: don't store 'ai' on failed connects...Daniel Stenberg
It leads to the "next family" tries starting from the wrong point and thus fails! Bug: http://curl.haxx.se/bug/view.cgi?id=1337 Reported-by: ricker
2014-03-19polarssl: fix possible handshake timeout issue in multi.Gaël PORTAY
Because of the socket is unblocking, PolarSSL does need call to getsock to get the action to perform in multi environment. In some cases, it might happen we have not received yet all data to perform the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state is updated but because of the getsock has not the proper #define macro to, the library never prevents to select socket for input thus the socket will never be awaken when last data is available. Thus it leads to timeout.
2014-03-18polarssl: break compatibility with version older than 1.3.Gaël PORTAY
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl version previous than 1.3.
2014-03-18polarssl: drop use of 1.2 compatibility header.Gaël PORTAY
API has changed since version 1.3. A compatibility header has been created to ensure forward compatibility for code using old API: * x509 certificate structure has been renamed to from x509_cert to x509_crt * new dedicated setter for RSA certificates ssl_set_own_cert_rsa, ssl_set_own_cert is for generic keys * ssl_default_ciphersuites has been replaced by function ssl_list_ciphersuites() This patch drops the use of the compatibly header.
2014-03-18polarssl: added missing end-of-comment from previous commitDaniel Stenberg
2014-03-17polarssl: now require 1.3.0+Daniel Stenberg
Also fixed a function name change in the version requirement bump
2014-03-17polarssl: fix compilationhasufell
Rename x509_cert to x509_crt and add "compat-1.2.h" include. This would still need some more thorough conversion in order to drop "compat-1.2.h" include.
2014-03-15nss: allow to enable/disable new AES GCM cipher-suitesKamil Dudka
... if built against a new enough version of NSS
2014-03-15nss: allow to enable/disable new HMAC-SHA256 cipher-suitesKamil Dudka
... if built against a new enough version of NSS
2014-03-15nss: do not enable AES cipher-suites by defaultKamil Dudka
... but allow them to be enabled/disabled explicitly. The default policy should be maintained at the NSS level.
2014-03-15ssh: prevent a logic error that could result in an infinite loopDan Fandrich
2014-03-14ssh: removed a redundant close state transitionDan Fandrich
2014-03-14ssh: abort immediately on a header callback errorDan Fandrich
2014-03-14chunked-encoding: provide a readable error string for chunked errorsDaniel Stenberg
2014-03-10http2: free resources on disconnectTatsuhiro Tsujikawa
... and use Curl_safefree() instead of free()
2014-03-10openssl: info massage with SSL version usedDaniel Stenberg
Patch-by: byte_bucket
2014-03-09README.http2: clarify the build prerequisitesDaniel Stenberg
2014-03-06ssh: fix compiler warning converting ssize_t to intDaniel Stenberg
2014-03-06ssh: Fixed a style warningDan Fandrich
Also, combined a couple of #ifdef sections
2014-03-06ssh: Pass errors from libssh2_sftp_read up the stackDan Fandrich
2014-03-06parse_remote_port: error out on illegal port numbers betterDaniel Stenberg
2014-03-05remote_port: allow connect to port 0Daniel Stenberg
Port number zero is perfectly allowed to connect to. I moved to storing the remote port number in an int so that -1 means undefined and 0-65535 can be used for legitimate port numbers.
2014-03-03multi_runsingle: move timestamp into INITDaniel Stenberg
Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the drawback that for actions that go back to the CONNECT state, the time stamp is reset and for the multi_socket API there's no corresponding Curl_expire() then so the timeout logic gets wrong! Reported-by: Brad Spencer Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html
2014-03-03hostcheck: update comment after previous changeDaniel Stenberg
2014-03-03hostcheck: Curl_cert_hostcheck is not used by NSS buildsDaniel Stenberg
2014-03-03x509asn: moved out Curl_verifyhost from NSS buildsDaniel Stenberg
... as it isn't used then!
2014-03-03NSS: avoid compiler warnings when built without http2 supportDaniel Stenberg
2014-03-03Rework Open Watcom make files to use standard Wmake featuresJiri Malak
Remove slash/backslash problem, now only slashes are used, Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it. Enable spaces in path. Use internal rm command for all host platforms Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported
2014-03-02parsedate: Fixed compilation warningJiri Malak
Remove compilation message for platforms where size of long type is equal size of int type.
2014-02-28transfer.c: Fixed non-HTTP2 builds from commit cde0cf7c5eSteve Holme
2014-02-28Fix bug that HTTP/2 hangs if whole response body is read with headersTatsuhiro Tsujikawa
For HTTP/2, we may read up everything including responde body with header fields in Curl_http_readwrite_headers. If no content-length is provided, curl waits for the connection close, which we emulate it using conn->proto.httpc.closed = TRUE. The thing is if we read everything, then http2_recv won't be called and we cannot signal the HTTP/2 stream has closed. As a workaround, we return nonzero from data_pending to call http2_recv.
2014-02-28http2: build with current nghttp2 versionDaniel Stenberg
nghttp2 has yet again extended its callback struct and this is an attempt to make curl compile with nghttp2 from current git
2014-02-25Merge pull request #93 from d235j/darwinssl_ip_address_fixnickzman
darwinssl: don't omit CN verification when an IP address is used
2014-02-24curl_schannel.c: Updated copyright yearsMarc Hoersken
2014-02-24winssl: Enable hostname verification of IP address using SAN or CNDavid Ryskalczyk
Original commit message was: Don't omit CN verification in SChannel when an IP address is used. Side-effect of this change: SChannel and CryptoAPI do not support the iPAddress subjectAltName according to RFC 2818. If present, SChannel will first compare the IP address to the dNSName subjectAltNames and then fallback to the most specific Common Name in the Subject field of the certificate. This means that after this change curl will not connect to SSL/TLS hosts as long as the IP address is not specified in the SAN or CN of the server certificate or the verifyhost option is disabled.
2014-02-23Don't omit CN verification in DarwinSSL when an IP address is used.David Ryskalczyk
2014-02-22easy: Fixed a memory leak on OOM conditionDan Fandrich
2014-02-19SFTP: skip reading the dir when NOBODY=1Daniel Stenberg
When asking for an SFTP directory with NOBODY set, no directory contents should be retrieved. Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html
2014-02-18axtls: comment the call ssl_read repeatedly loopDan Fandrich
2014-02-17http2: Support HTTP POST/PUTTatsuhiro Tsujikawa
This patch enables HTTP POST/PUT in HTTP2. We disabled Expect header field and chunked transfer encoding since HTTP2 forbids them. In HTTP1, Curl sends small upload data with request headers, but HTTP2 requires upload data must be in DATA frame separately. So we added some conditionals to achieve this.
2014-02-17multi: ignore sigpipe internallyDaniel Stenberg
When the multi API is used we must also ignore SIGPIPE signals when caused by things we do, like they can easily be generated by OpenSSL.
2014-02-17configure: Fix the --disable-crypto-auth optionDan Fandrich
It now disables NTLM and GSS authentication methods, and produces compilable code when SSL is enabled.
2014-02-17ConnectionDone: default maxconnects to 4 x number of easy handlesShao Shuchao
... as documented!
2014-02-16axtls: bump copyright yearDaniel Stenberg
2014-02-16axtls: call ssl_read repeatedlyFabian Frank
Perform more work in between sleeps. This is work around the fact that axtls does not expose any knowledge about when work needs to be performed. Depending on connection and how often perform is being called this can save ~25% of time on SSL handshakes (measured on 20ms latency connection calling perform roughly every 10ms).
2014-02-16ConnectionExists: re-use connections betterDaniel Stenberg
When allowing NTLM, the re-use connection logic was too focused on finding an existing NTLM connection to use and didn't properly allow re-use of other ones. This made the logic not re-use perfectly re-usable connections. Added test case 1418 and 1419 to verify. Regression brought in 8ae35102c (curl 7.35.0) Reported-by: Jeff King Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213