aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-05-21Add support for --cacert in DarwinSSL.Vilmos Nebehaj
Security Framework on OS X makes it possible to supply extra anchor (CA) certificates via the Certificate, Key, and Trust Services API. This commit makes the '--cacert' option work using this API. More information: https://developer.apple.com/library/mac/documentation/security/Reference/certifkeytrustservices/Reference/reference.html The HTTPS tests now pass on OS X except 314, which requires the '--crl' option to work.
2014-05-22http.c: Fixed compilation warningSteve Holme
warning: suggest braces around empty body in an 'else' statement
2014-05-22bits.close: Fixed compilation warningSteve Holme
warning: implicit declaration of function 'connclose'
2014-05-22bits.close: introduce connection close trackingDaniel Stenberg
Make all code use connclose() and connkeep() when changing the "close state" for a connection. These two macros take a string argument with an explanation, and debug builds of curl will include that in the debug output. Helps tracking connection re-use/close issues.
2014-05-20http2: make connection re-use workDaniel Stenberg
Http2 connections would wrongly get closed after each individual request. Co-authored-by: Tatsuhiro Tsujikawa Bug: http://curl.haxx.se/bug/view.cgi?id=1374
2014-05-20ALPN: fix typo in http/1.1 identifierFabian Frank
According to https://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-05 it is "http/1.1" and not "http/1.0".
2014-05-18build: Slight rename of new LIB_* makefile file variablesSteve Holme
In order to try and be consistent between curl and libcurl renamed the recently introduced LIB_* makefile file variables.
2014-05-17axtls: Fixed too long source lineDan Fandrich
2014-05-16axtls: Add a TODO to a potential blocking call with no timeoutDan Fandrich
2014-05-15HTTP: CREDSPERREQUEST is for HTTP tooDaniel Stenberg
Commit 517b06d657ace (in 7.36.0) that brought the CREDSPERREQUEST flag only set it for HTTPS, making HTTP less good at doing connection re-use than it should be. Now set it for HTTP as well. Simple test case "curl -v -u foo:bar localhost --next -u bar:foo localhos" Bug: http://curl.haxx.se/mail/lib-2014-05/0127.html Reported-by: Kamil Dudka
2014-05-15CURLINFO_SSL_VERIFYRESULT: assign at first connect callDaniel Stenberg
The variable wasn't assigned at all until step3 which would lead to a failed connect never assigning the variable and thus returning a bad value. Reported-by: Larry Lin Bug: http://curl.haxx.se/mail/lib-2014-04/0203.html
2014-05-15timers: fix timer regression involving redirects / reconnectsDaniel Stenberg
In commit 0b3750b5c23c25f (released in 7.36.0) we fixed a timeout issue but instead broke the timings. To fix this, I introduce a new timestamp to use for the timeouts and restored the previous timestamp and timestamp position so that the old timer functionality is restored. In addition to that, that change also broke connection timeouts for when more than one connect was used (as it would then count the total time from the first connect and not for the most recent one). Now Curl_timeleft() has been modified so that it checks against different start times depending on which timeout it checks. Test 1303 is updated accordingly. Bug: http://curl.haxx.se/mail/lib-2014-05/0147.html Reported-by: Ryan Braud
2014-05-15darwinssl: Updated copyright following recent changesSteve Holme
2014-05-14darwinssl: fix potential crash when attempting to copy an identityNick Zitzmann
from a P12 file This could've happened if SecPKCS12Import() returned noErr _and_ no identity.
2014-05-12openssl: unbreak PKCS12 supportDaniel Stenberg
Regression introduced in ce362e8eb9c (7.31.0) Bug: http://curl.haxx.se/bug/view.cgi?id=1371 Reported-by: Dmitry
2014-05-11Makefile.inc: Added resource file to assist Visual Studio project generationSteve Holme
2014-05-11sasl: Fixed missing qop in the client's challenge-response messageSteve Holme
Whilst the qop directive isn't required to be present in a client's response, as servers should assume a qop of "auth" if it isn't specified, some may return authentication failure if it is missing.
2014-05-09Makefile.inc: Separated the lib and lib/vtls source file variablesSteve Holme
To cater for the automatic generation of the new Visual Studio project files, moved the lib file list into a separated variable so that lib and lib/vtls can be referenced independently.
2014-05-09Makefile.b32: Fixed for vtls changesSteve Holme
Follow up fix to commits a47c142a88, 11e8066ef9 and 92b9ae5c5d. Bug: http://curl.haxx.se/mail/lib-2014-05/0025.html Reported and assisted by: Jon Torrey
2014-05-09getinfo.c: Fixed compilation warningSteve Holme
The indicated statement is not reachable.
2014-05-09http: avoid auth failure on a duplicated headerKamil Dudka
... 'WWW-Authenticate: Negotiate' received from server Reported by: David Woodhouse Bug: https://bugzilla.redhat.com/1093348
2014-05-08mk-ca-bundle: added -pPatrick Watson
-p takes a list of Mozilla trust purposes and levels for certificates to include in output. Takes the form of a comma separated list of purposes, a colon, and a comma separated list of levels.
2014-05-07http2: Compile with latest nghttp2Tatsuhiro Tsujikawa
Now nghttp2_submit_request returns assigned stream ID, we don't have to check stream ID using before_stream_send_callback. The adjust_priority_callback was removed.
2014-05-07url.c: Fixed compilation warning/errorSteve Holme
Depending on compiler line 3505 could generate the following warning or error: * warning: ISO C90 forbids mixed declarations and code * A declaration cannot appear after an executable statement in a block * error C2275: 'size_t' : illegal use of this type as an expression
2014-05-06fix_hostname: strip off a single trailing dot from host nameDaniel Stenberg
Primarily for SNI, we need the host name without a trailing dot. "https://www.example.com." resolves fine but fails on SNI unless the dot is removed. Reported-by: Leon Winter Bug: http://curl.haxx.se/mail/lib-2014-04/0161.html
2014-05-05curl_multi_cleanup: ignore SIGPIPE betterJeff King
When looping and closing each individual connection left open, the SIGPIPE ignoring was not done and could thus lead to death by signal 13. Bug: http://thread.gmane.org/gmane.comp.version-control.git/238242
2014-05-05schannel: don't use the connect-timeout during sendDaniel Stenberg
As there's a default connection timeout and this wrongly used the connection timeout during a transfer after the connection is completed, this function would trigger timeouts during transfers erroneously. Bug: http://curl.haxx.se/bug/view.cgi?id=1352 Figured-out-by: Radu Simionescu
2014-05-04mprintf: allow %.s with data not being zero terminatedDaniel Stenberg
If the precision is indeed shorter than the string, don't strlen() to find the end because that's not how the precision operator works. I also added a unit test for curl_msnprintf to make sure this works and that the fix doesn't a few other basic use cases. I found a POSIX compliance problem that I marked TODO in the unit test, and I figure we need to add more tests in the future. Reported-by: Török Edwin
2014-05-04curl_ntlm_core: Fixed use of long long for VC6 and VC7Steve Holme
Commit 07b66cbfa4 unfortunately broke native NTLM message support in compilers, such as VC6, VC7 and others, that don't support long long type declarations. This commit fixes VC6 and VC7 as they support the __int64 extension, however, we should consider an additional fix for other compilers that don't support this.
2014-05-04config-win32.h: Fixed HAVE_LONGLONG for Visual Studio .NET 2003 and upSteve Holme
Fixed the HAVE_LONGLONG declaration as long long is supported in Visual Studio .NET 2003 (VC7.1) onwards.
2014-05-04openssl: biomem->data is not zero terminatedDaniel Stenberg
So printf(%s) on it or reading before bounds checking is wrong, fixing it. Could previously lead to reading out of boundary. Reported-by: Török Edwin
2014-05-03easy_perform: spelling mistake in error messageDaniel Stenberg
2014-04-28copyright: Updated following recent editsSteve Holme
2014-04-29Added a few more const where possibleDan Fandrich
2014-04-27http2: Compile with latest nghttp2Tatsuhiro Tsujikawa
commit 6d5f40238028f2d8c (Apr 27) or later nghttp2 is now required
2014-04-26INFILESIZE: fields in UserDefined must not be changed run-timeDaniel Stenberg
set.infilesize in this case was modified in several places, which could lead to repeated requests using the same handle to get unintendent/wrong consequences based on what the previous request did!
2014-04-25nss: propagate blocking direction from NSPR I/OKamil Dudka
... during the non-blocking SSL handshake
2014-04-23handler: make 'protocol' always specified as a single bitDaniel Stenberg
This makes the findprotocol() function work as intended so that libcurl can properly be restricted to not support HTTP while still supporting HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS bits in the protocol field. This fixes --proto and --proto-redir for most SSL protocols. This is done by adding a few new convenience defines that groups HTTP and HTTPS, FTP and FTPS etc that should then be used when the code wants to check for both protocols at once. PROTO_FAMILY_[protocol] style. Bug: https://github.com/bagder/curl/pull/97 Reported-by: drizzt
2014-04-23cyassl: Use error-ssl.h when availableDan Fandrich
Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use whichever one is available.
2014-04-22gtls: fix NULL pointer dereferenceDaniel Stenberg
gnutls_x509_crt_import() must not be called with a NULL certificate Bug: http://curl.haxx.se/mail/lib-2014-04/0145.html Reported-by: Damian Dixon
2014-04-22curl_global_init_mem: bump initialized even if already initializedDaniel Stenberg
As this makes curl_global_init_mem() behave the same way as curl_global_init() already does in that aspect - the same number of curl_global_cleanup() calls is then required to again decrease the counter and then eventually do the cleanup. Bug: http://curl.haxx.se/bug/view.cgi?id=1362 Reported-by: Tristan
2014-04-22nss: implement non-blocking SSL handshakeKamil Dudka
2014-04-22nss: split Curl_nss_connect() into 4 functionsKamil Dudka
2014-04-19multi.c: fix possible invalid memory access in case nfds overflowsMarc Hoersken
ufds might not be allocated in case nfds overflows to zero while extra_nfds is still non-zero. udfs is then accessed within the extra_nfds-based for loop.
2014-04-19netrc.c: fix multiple possible dereferences of null pointersMarc Hoersken
2014-04-19parsedate.c: check sscanf result before passing it to strlenMarc Hoersken
2014-04-19telnet.c: check sscanf results before passing them to snprintfMarc Hoersken
2014-04-19telnet.c: fix possible use of uninitialized variableMarc Hoersken
2014-04-19telnet.c: fix possible use of non-null-terminated stringsMarc Hoersken
2014-04-19url.c: fix possible use of non-null-terminated string with strlenMarc Hoersken
Follow up on b0e742544be22ede33206a597b22682e51e0c676