Age | Commit message (Collapse) | Author |
|
- Remove the SNI disabled when host verification disabled message
since that is incorrect.
- Show a message for legacy versions of Windows <= XP that connections
may fail since those versions of WinSSL lack SNI, algorithms, etc.
Bug: https://github.com/curl/curl/pull/1240
|
|
Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/
Closes: https://github.com/curl/curl/pull/1247
|
|
- Test for and set HAVE_FSETXATTR when support for extended file
attributes is present.
Closes https://github.com/curl/curl/pull/1176
|
|
SSL_CTX_add_extra_chain_cert takes ownership of the given certificate
while, despite the similar name, SSL_CTX_add_client_CA does not. Thus
it's best to call SSL_CTX_add_client_CA before
SSL_CTX_add_extra_chain_cert, while the code still has ownership of the
argument.
Closes https://github.com/curl/curl/pull/1236
|
|
closes #1227
|
|
SSL session reuse with TLS session tickets is not supported yet.
Use SSL session IDs instead.
See https://github.com/curl/curl/issues/1109
|
|
SSL session reuse with TLS session tickets is not supported yet.
Use SSL session IDs instead.
Fixes https://github.com/curl/curl/issues/1109
|
|
This bugfix is similar to commit c111178bd4.
|
|
This repairs cookies for localhost.
Non-PSL builds will now only accept "localhost" without dots, while PSL
builds okeys everything not listed as PSL.
Added test 1258 to verify.
This was a regression brought in a76825a5efa6b4
|
|
Thumbs-up-by: Jay Satiro
Closes #1225
|
|
The winbuild/ build files is now the single MSVC makefile build choice.
Closes #1215
|
|
|
|
A regression brought in cb4e2be
Reported-by: Michael Kaufmann
Bug: https://github.com/curl/curl/issues/1174#issuecomment-274018791
|
|
When using multi, mbedtls handshake is in non blocking mode. vtls must
set wait for read/write flags for the socket.
Closes #1223
|
|
Replace use of fixed macro BUFSIZE to define the size of the receive
buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
buffer size. Upon setting, resize buffer if larger than the current
default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
like SFTP.
Closes #1222
|
|
Closes https://github.com/curl/curl/pull/1217
|
|
Fix compile warnings that appeared only when curl has been configured
with '--disable-verbose'.
|
|
Regression since 1d4202ad, which moved the buffer into a more narrow
scope, but the data in that buffer was used outside of that more narrow
scope.
Reported-by: Dan Fandrich
Bug: https://curl.haxx.se/mail/lib-2017-01/0093.html
|
|
- Fix logic error in Curl_ossl_random.
Broken a few days ago in 807698d.
|
|
|
|
Ref: https://github.com/curl/curl/pull/1160
|
|
Before:
```
% src/curl https://sigsegv.ninja/ -v --http2
...
> GET / HTTP/1.1
> Host: sigsegv.ninja
> User-Agent: curl/7.52.2-DEV
> Accept: */*
>
...
```
After:
```
% src/curl https://sigsegv.ninja/ -v --http2
...
> GET / HTTP/2
> Host: sigsegv.ninja
> User-Agent: curl/7.52.2-DEV
> Accept: */*
>
```
|
|
curl_addrinfo.c:519:20: error: conversion to ‘curl_socklen_t {aka
unsigned int}’ from ‘long unsigned int’ may alter its value
[-Werror=conversion]
Follow-up to 1d786faee1046f
|
|
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.
In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.
On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.
Also add new --abstract-unix-socket tool parameter.
Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
|
|
Assisted-by: Tim Rühsen
|
|
It made the german ß get converted to ss, IDNA2003 style, and we can't
have that for the .de TLD - a primary reason for our switch to IDNA2008.
Test 165 verifies.
|
|
Follow-up to f30cbcac1
Closes #1207
|
|
Under condition using http_proxy env var, noproxy list was the
combination of --noproxy option and NO_PROXY env var previously. Since
this commit, --noproxy option overrides NO_PROXY environment variable
even if use http_proxy env var.
Closes #1140
|
|
If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not
defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list.
Thus refactor to set proxy to NULL instead of calling detect_proxy() if
define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not
define CURL_DISABLE_HTTP and the host is not in the noproxy list.
|
|
The combination of --noproxy option and http_proxy env var works well
both for proxied hosts and non-proxied hosts.
However, when combining NO_PROXY env var with --proxy option,
non-proxied hosts are not reachable while proxied host is OK.
This patch allows us to access non-proxied hosts even if using NO_PROXY
env var with --proxy option.
|
|
References: http://unicode.org/faq/idn.html
http://unicode.org/reports/tr46
Closes #1206
|
|
Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during
configure instead of relying on the version number. GnuTLS has options
to turn these features off and we ca just work with with such builds
like we work with older versions.
Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>
Closes #1204
|
|
Follow-up to 3463408.
Prior to 3463408 file:// hostnames were silently stripped.
Prior to this commit it did not work when a schemeless url was used with
file as the default protocol.
Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html
Closes https://github.com/curl/curl/pull/1124
Also fix for drive letters:
- Support --proto-default file c:/foo/bar.txt
- Support file://c:/foo/bar.txt
- Fail when a file:// drive letter is detected and not MSDOS/Windows.
Bug: https://github.com/curl/curl/issues/1187
Reported-by: Anatol Belski
Assisted-by: Anatol Belski
|
|
Regression introduced in commit f682156a4fc6c4
Reported-by: John Kohl
Bug: https://curl.haxx.se/mail/lib-2017-01/0055.html
|
|
Both IMAP and POP3 response characters are used internally, but when
appended to the STARTTLS denial message likely could confuse the user.
Closes https://github.com/curl/curl/pull/1203
|
|
- Format the numeric denial code as an integer instead of a character.
|
|
... when checking for a too large request.
|
|
|
|
|
|
Fixes #1184
|
|
Failure to decompress is now a write error instead of the weird
"function not found".
|
|
Curl_auth_decode_digest_http_message(): copy terminating NUL as later
Curl_override_sspi_http_realm() expects a NUL-terminated string.
Fixes #1180
|
|
Reviewed-by: Nick Zitzmann
Closes #1173
|
|
Reviewed-by: Nick Zitzmann
Fixes #1172
|
|
Fixed an old leftover use of the USE_SSLEAY define which would make a
socket get removed from the applications sockets to monitor when the
multi_socket API was used, leading to timeouts.
Bug: #1174
|
|
|
|
|
|
To avoid dereferencing a NULL pointer.
Reported-by: Daniel Romero
|
|
|
|
... it only confuses people.
|