aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2011-03-15buildfix: spell define correctlyDaniel Stenberg
2011-03-15nss: do not ignore value of CURLOPT_SSL_VERIFYPEERKamil Dudka
When NSS-powered libcurl connected to a SSL server with CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer certificate was accepted by libcurl and did not ask the second time when connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one. This patch turns off the SSL session cache for the particular SSL socket if peer verification is disabled. In order to avoid any performance impact, the peer verification is completely skipped in that case, which makes it even faster than before. Bug: https://bugzilla.redhat.com/678580
2011-03-15protocol handler cleanup: SSL awarenessDaniel Stenberg
As a follow-up to commit 8831000bc0: don't assume that the SSL powered protocol alternatives are available.
2011-03-15ldap: use the new protocol handler setupDaniel Stenberg
Use the new flags field and stop using the old protocol defines.
2011-03-14protocols: use CURLPROTO_ internallyDaniel Stenberg
The PROT_* set of internal defines for the protocols is no longer used. We now use the same bits internally as we have defined in the public header using the CURLPROTO_ prefix. This is for simplicity and because the PROT_* prefix was already used duplicated internally for a set of KRB4 values. The PROTOPT_* defines were moved up to just below the struct definition within which they are used.
2011-03-14protocol handler: added flags fieldDaniel Stenberg
The protocol handler struct got a 'flags' field for special information and characteristics of the given protocol. This now enables us to move away central protocol information such as CLOSEACTION and DUALCHANNEL from single defines in a central place, out to each protocol's definition. It also made us stop abusing the protocol field for other info than the protocol, and we could start cleaning up other protocol-specific things by adding flags bits to set in the handler struct. The "protocol" field connectdata struct was removed as well and the code now refers directly to the conn->handler->protocol field instead. To make things work properly, the code now always store a conn->given pointer that points out the original handler struct so that the code can learn details from the original protocol even if conn->handler is modified along the way - for example when switching to go over a HTTP proxy.
2011-03-14sslgen: define Curl_ssl_connect_nonblocking for non-SSLDaniel Stenberg
The non-blocking connect improvement for IMAP showed that we didn't properly define the Curl_ssl_connect_nonblocking function for non-SSL builds. Reported by: Tor Arntsen
2011-03-14mk-ca-bundle.pl: Only download if modifiedAsk Bjørn Hansen
Only download and convert the certdata to the ca-bundle.crt if Mozilla changed the data The Perl LWP module (which in a bit of a circular reference is used by mk-ca-bundle.pl) is now indirectly using this script. I made this small tweak to make it easier to automatically maintain the generated ca-bundle.crt file in version control.
2011-03-13SSH: add protocol lock directionDaniel Stenberg
Some protocols have to call the underlying functions without regard to what exact state the socket signals. For example even if the socket says "readable", the send function might need to be called while uploading, or vice versa. This is the case for libssh2 based protocols: SCP and SFTP and we now introduce a define to set those protocols and we make the multi interface code aware of this concept. This is another fix to make test 582 run properly.
2011-03-13state: add missing state to debug tableDaniel Stenberg
As a new state recently was added to the IMAP state machine it has to be in the array of names as well as otherwise libcurl crashes when a debug version runs...
2011-03-13ssh_statemach_act: set cselect for sftp uploadDaniel Stenberg
For uploads we want to use the _sending_ function even when the socket turns out readable as the underlying libssh2 sftp send function will deal with both accordingly. This is what the cselect_bits magic is for. Fixes test 582.
2011-03-13Merge branch 'imap' of https://github.com/bnoordhuis/curl into bnoordhuis-imapDaniel Stenberg
2011-03-13VC: add missing fileKarl M
http_negotiate_sspi.c was added to the source tree recently
2011-03-13GSS: handle reuse fixMarcus Sundberg
Make GSS authentication work when a curl handle is reused for multiple authenticated requests, by always setting negdata->state in output_auth_headers(). Signed-off-by: Marcus Sundberg <marcus.sundberg@aptilo.com>
2011-03-13SFTP: gracefully handle shutdown earlyDaniel Stenberg
When using the multi interface and a handle using SFTP was removed very early on, we would get a segfault due to the code assumed data was there that hadn't yet been setup. Bug: http://curl.haxx.se/mail/lib-2011-03/0066.html Reported by: Saqib Ali
2011-03-12PROT_CLOSEACTION: added SFTP and SCPDaniel Stenberg
Both SFTP and SCP are protocols that need to shut down stuff properly when the connection is about to get torned down. The primary effect of not doing this shows up as memory leaks (when using SCP or SFTP with the multi interface). This is one of the problems detected by test 582.
2011-03-12readwrite_upload: stop upload at file sizeDaniel Stenberg
As we know how much to send, we can and should stop once we've sent that much data as it avoids having to rely on other mechanisms to detect the end. This is one of the problems detected by test 582. Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12sftp upload: expire to advance state machineDaniel Stenberg
When using the multi_socket API to do SFTP upload, it is important that we set a quick expire when leaving the SSH_SFTP_UPLOAD_INIT state as there's nothing happening on the socket so there's no read or write to wait for, but the next libssh2 API function needs to be called to get the ball rolling. This is one of the problems detected by test 582. Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-10sources: update source headersDaniel Stenberg
All C and H files now (should) feature the proper project curl source code header, which includes basic info, a copyright statement and some basic disclaimers.
2011-03-08cyassl: fix compiler warningsDaniel Stenberg
2011-03-08SSL: (part 2) Added CyaSSL to SSL abstraction layerTodd A Ouska
This is the modified existing files commit.
2011-03-08SSL: Added CyaSSL to SSL abstraction layerTodd A Ouska
CyaSSL (available from git@github.com:cyassl/cyassl.git) has been added to the SSL abstraction layer. To test: 1) git CyaSSL sources 2) autoreconf -i 3) ./configure --disable-static 4) make 5) sudo make install 6) autoreconf -i 7) git curl sources (and this patch) 8) ./configure --disable-shared --with-cyassl --without-ssl --enable-debug 9) make 10) normal testing Please send questions or comments to todd@yassl.com .
2011-03-07Fixed libcurl to honour the --disable-ldaps configure optionDan Fandrich
2011-03-06cpp: correct #endif placementDaniel Stenberg
The end-of-file #endif in rawstr.h was not correcly positioned after all prototypes. Reported by: Boris Bug: http://curl.haxx.se/bug/view.cgi?id=3195205
2011-03-04transfer: avoid insane conversion of time_tStefan Krause
2011-02-26ssh_connect: treat libssh2 return code betterDaniel Stenberg
libssh2_knownhost_readfile() returns a negative value on error or otherwise number of parsed known hosts - this was previously not documented correctly in the libssh2 man page for the function. Bug: http://curl.haxx.se/mail/lib-2011-02/0327.html Reported by: murat
2011-02-25http: removed wrong unused comment.Julien Chaffraix
|premature| is used in Curl_http_done.
2011-02-25http: removed code duplication for stubbed https_getsock function.Julien Chaffraix
2011-02-22nss: do not ignore failure of SSL handshakeKamil Dudka
Flaw introduced in fc77790 and present in curl-7.21.4. Bug: https://bugzilla.redhat.com/669702#c16
2011-02-20netrc: Removed _NETRC_DEBUG code.Julien Chaffraix
This is not needed anymore as we have unit testing running on it.
2011-02-20tests: Cleaned up netrc testing.Julien Chaffraix
Removed the "netrc_debug" keyword replaced with --netrc-file additions. Removed the debug code from Curl_parsenetrc as it is superseeded by --netrc-file.
2011-02-20IMAP in multi mode: use Curl_ssl_connect_nonblocking() when upgrading the ↵Ben Noordhuis
connection to TLS/SSL.
2011-02-20IMAP in multi mode: use Curl_ssl_connect_nonblocking() when connecting.Ben Noordhuis
2011-02-18multi: close connection on timeoutMike Crowe
After a request times out, the connection wasn't properly closed and prevented to get re-used, so subsequent transfers could still mistakenly get to use the previously aborted connection.
2011-02-18multi: better failed connect treatmentDaniel Stenberg
When failing to connect the protocol during the CURLM_STATE_PROTOCONNECT state, Curl_done() has to be called with the premature flag set TRUE as for the pingpong protocols this can be important. When Curl_done() is called with premature == TRUE, it needs to call Curl_disconnect() with its 'dead_connection' argument set to TRUE as well so that any protocol handler's disconnect function won't attempt to use the (control) connection for anything. This problem caused the pingpong protocols to fail to disconnect when STARTTLS failed. Reported by: Alona Rossen Bug: http://curl.haxx.se/mail/lib-2011-02/0195.html
2011-02-18PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alertHoi-Ho Chan
Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>
2011-02-17SOCKOPTFUNCTION: callback can say already-connectedDaniel Stenberg
Introducing a few CURL_SOCKOPT* defines for conveniance. The new CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to be treated as already connected and thus it will skip the connect() call.
2011-02-17nss: avoid memory leak on SSL connection failureKamil Dudka
2011-02-17Set -fpcc-struct-return only for gcc compiler.Guenter Knauf
2011-02-16nss_load_key: fix unused variable warningDaniel Stenberg
2011-02-14gmtime: remove defineDaniel Stenberg
It turns out some systems rely on the gmtime or gmtime_r to be defined already in the system headers and thus my "precaution" redefining of them only caused trouble. They are now removed.
2011-02-13Added -m32 to CFLAGS to compile with x86_64 gcc.Guenter Knauf
2011-02-13Updated OpenSSL version, added links to docu.Guenter Knauf
2011-02-10Call ERR_peek_error instead of ERR_peek_last_errorDan Fandrich
The latter isn't available in older OpenSSL versions, and is less useful since it returns the most recent error instead of the first one encountered.
2011-02-10test1304: Added some unit tests for Curl_parsenetrc.Julien Chaffraix
Moved some definitons into the header file so that we can reuse them.
2011-02-09CURLE_TLSAUTH_FAILED: removedQuinn Slack
On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It was only being raised when an internal error occurred while allocating or setting the GnuTLS SRP client credentials struct. For TLS authentication failures, the general CURLE_SSL_CONNECT_ERROR seems appropriate; its error string already includes "passwords" as a possible cause. Having a separate TLS auth error code might also cause people to think that a TLS auth failure means the wrong username or password was entered, when it could also be a sign of a man-in-the-middle attack.
2011-02-09CURLOPT_SOCKOPTFUNCTION: return proper error codeDaniel Stenberg
When the callback returns an error, this function must make sure to return CURLE_ABORTED_BY_CALLBACK properly and not CURLE_OK as before to allow the callback to properly abort the operation.
2011-02-07netrc: Removed dead code.Julien Chaffraix
The main has not been updated from some time and is out of sync with the code. The code is now tested by several test cases so no need for a seperate code path.
2011-02-07netrc: Tightened up the type checks.Julien Chaffraix
The state should not be anonymous so that we can check if the values are fine. Added 2 unreachables states to the switch as a result of this change.
2011-02-07imap: Fixed typo in a comment.Julien Chaffraix