aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-01-22openssl: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. Thanks-to: Joe Mason - for the work-around for the OpenSSL bug.
2015-01-22BoringSSL: fix build for non-configure buildsDaniel Stenberg
HAVE_BORINGSSL gets defined now by configure and should be defined by other build systems in case a BoringSSL build is desired.
2015-01-22curl_sasl: Reinstate the sasl_ prefix for locally scoped functionsSteve Holme
Commit 7a8b2885e2 made some functions static and removed the public Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which is the naming convention we use in this source file.
2015-01-22curl_sasl: Minor code policing following recent commitsSteve Holme
2015-01-22BoringSSL: detected by configure, switches off NTLMDaniel Stenberg
2015-01-22BoringSSL: no PKCS12 support nor ERR_remove_stateDaniel Stenberg
2015-01-22BoringSSL: fix buildLeith Bade
2015-01-20curl_sasl.c: chlglen is not used when cryptography is disabledSteve Holme
2015-01-20curl_sasl.c: Fixed compilation warning when cyptography is disabledSteve Holme
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local variable
2015-01-20curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI definedSteve Holme
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier This error could also happen for non-SSPI builds when cryptography is disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20SASL: make some procedures local-scopedPatrick Monnerat
2015-01-20SASL: common state engine for imap/pop3/smtpPatrick Monnerat
2015-01-20SASL: common URL option and auth capabilities decoders for all protocolsPatrick Monnerat
2015-01-20IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.Patrick Monnerat
2015-01-20ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6Daniel Stenberg
Reported-by: Chris Young
2015-01-20timeval: typecast for better type (on Amiga)Chris Young
There is an issue with conflicting "struct timeval" definitions with certain AmigaOS releases and C libraries, depending on what gets included when. It's a minor difference - the OS one is unsigned, whereas the common structure has signed elements. If the OS one ends up getting defined, this causes a timing calculation error in curl. It's easy enough to resolve this at the curl end, by casting the potentially errorneous calculation to a signed long.
2015-01-19openssl: do public key pinning check independentlyDaniel Stenberg
... of the other cert verification checks so that you can set verifyhost and verifypeer to FALSE and still check the public key. Bug: http://curl.haxx.se/bug/view.cgi?id=1471 Reported-by: Kyle J. McKay
2015-01-18ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAPSteve Holme
For consistency with other USE_WIN32_ defines as well as the USE_OPENLDAP define.
2015-01-18http_negotiate: Use dynamic buffer for SPN generationSteve Holme
Use a dynamicly allocated buffer for the temporary SPN variable similar to how the SASL GSS-API code does, rather than using a fixed buffer of 2048 characters.
2015-01-18sasl_gssapi: Make Curl_sasl_build_gssapi_spn() publicSteve Holme
2015-01-18sasl_gssapi: Fixed memory leak with local SPN variableSteve Holme
2015-01-17http_negotiate.c: unused variable 'ret'Daniel Stenberg
2015-01-17gskit.h: Code policing of function pointer argumentsSteve Holme
2015-01-17vtls: Removed unimplemented overrides of curlssl_close_all()Steve Holme
Carrying on from commit 037cd0d991, removed the following unimplemented instances of curlssl_close_all(): Curl_axtls_close_all() Curl_darwinssl_close_all() Curl_cyassl_close_all() Curl_gskit_close_all() Curl_gtls_close_all() Curl_nss_close_all() Curl_polarssl_close_all()
2015-01-17vtls: Separate the SSL backend definition from the API setupSteve Holme
Slight code cleanup as the SSL backend #define is mixed up with the API function setup.
2015-01-17vtls: Fixed compilation errors when SSL not usedSteve Holme
Fixed the following warning and error from commit 3af90a6e19 when SSL is not being used: url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; assuming extern returning int error LNK2019: unresolved external symbol Curl_ssl_cert_status_request referenced in function Curl_setopt
2015-01-17http_negotiate: Added empty decoded challenge message info textSteve Holme
2015-01-17http_negotiate: Return CURLcode in Curl_input_negotiate() instead of intSteve Holme
2015-01-17http_negotiate_sspi: Prefer use of 'attrs' for context attributesSteve Holme
Use the same variable name as other areas of SSPI code.
2015-01-17http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()Steve Holme
Use the SECURITY_STATUS typedef rather than a unsigned long for the QuerySecurityPackageInfo() return and rename the variable as per other areas of SSPI code.
2015-01-17http_negotiate_sspi: Use 'CURLcode result' for CURL result codeSteve Holme
2015-01-16curl_endian: Fixed build when 64-bit integers are not supported (Part 2)Steve Holme
Missed Curl_read64_be() in commit bb12d44471 :(
2015-01-16copyright years: after OCSP stapling changesDaniel Stenberg
2015-01-16nss: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires NSS 3.15 or higher.
2015-01-16gtls: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP response verfication to fail even on valid responses.
2015-01-16url: add CURLOPT_SSL_VERIFYSTATUS optionAlessandro Ghedini
This option can be used to enable/disable certificate status verification using the "Certificate Status Request" TLS extension defined in RFC6066 section 8. This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the certificate status verification fails, and the Curl_ssl_cert_status_request() function, used to check whether the SSL backend supports the status_request extension.
2015-01-16curl_endian: Fixed build when 64-bit integers are not supportedSteve Holme
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html Reported-by: John E. Malmberg
2015-01-14Curl_pretransfer: reset expected transfer sizesDaniel Stenberg
Reported-by: Mohammad AlSaleh Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
2015-01-12curl_schannel.c: mark session as removed from cache if not freedMarc Hoersken
If the session is still used by active SSL/TLS connections, it cannot be closed yet. Thus we mark the session as not being cached any longer so that the reference counting mechanism in Curl_schannel_shutdown is used to close and free the session. Reported-by: Jean-Francois Durand
2015-01-09Merge pull request #134 from vszakats/mingw-m64Guenter Knauf
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-09Merge pull request #136 from vszakats/mingw-allow-custom-cflagsGuenter Knauf
mingw build: allow to pass custom CFLAGS
2015-01-09NSS: fix compiler error when built http2-enabledDaniel Stenberg
2015-01-09gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitionsSteve Holme
Better code reuse and consistency in calls to gss_import_name().
2015-01-09mingw build: allow to pass custom CFLAGSViktor Szakats
2015-01-08FTP: if EPSV fails on IPV6 connections, bail outDaniel Stenberg
... instead of trying PASV, since PASV can't work with IPv6. Reported-by: Vojtěch Král
2015-01-08FTP: fix IPv6 host using link-local addressDaniel Stenberg
... and make sure we can connect the data connection to a host name that is longer than 48 bytes. Also simplifies the code somewhat by re-using the original host name more, as it is likely still in the DNS cache. Original-Patch-by: Vojtěch Král Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2015-01-08NetWare build: added TLS-SRP enabled build.Guenter Knauf
2015-01-08sasl_gssapi: Fixed build on NetBSD with built-in GSS-APISteve Holme
Bug: http://curl.haxx.se/bug/view.cgi?id=1469 Reported-by: Thomas Klausner
2015-01-08add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGSViktor Szakats
2015-01-07darwinssl: fix session ID keys to only reuse identical sessionsDaniel Stenberg
...to avoid a session ID getting cached without certificate checking and then after a subsequent _enabling_ of the check libcurl could still re-use the session done without cert checks. Bug: http://curl.haxx.se/docs/adv_20150108A.html Reported-by: Marc Hesse