aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2012-11-06CURLOPT_SSL_VERIFYHOST: stop supporting the 1 valueDaniel Stenberg
After a research team wrote a document[1] that found several live source codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST option thinking it was a boolean, this change now bans 1 as a value and will make libcurl return error for it. 1 was never a sensible value to use in production but was introduced back in the days to help debugging. It was always documented clearly this way. 1 was never supported by all SSL backends in libcurl, so this cleanup makes the treatment of it unified. The report's list of mistakes for this option were all PHP code and while there's a binding layer between libcurl and PHP, the PHP team has decided that they have an as thin layer as possible on top of libcurl so they will not alter or specifically filter a 'TRUE' value for this particular option. I sympathize with that position. [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-11-06gnutls: fix compiler warningsDaniel Stenberg
2012-11-06gnutls: print alerts during handshakeAlessandro Ghedini
2012-11-06gnutls: fix the error_is_fatal logicAlessandro Ghedini
2012-11-06uniformly use AM_CPPFLAGS, avoid deprecated INCLUDESDave Reisner
Since automake 1.12.4, the warnings are issued on running automake: warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS') Avoid INCLUDES and roll these flags into AM_CPPFLAGS. Compile tested on: Ubuntu 10.04 (automake 1:1.11.1-1) Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2) Arch Linux (automake 1.12.4)
2012-11-05ftp_readresp: fix build without krb4 supportDaniel Stenberg
Oops, my previous commit broke builds with krb support.
2012-11-04FTP: prevent the multi interface from blockingDaniel Stenberg
As pointed out in Bug report #3579064, curl_multi_perform() would wrongly use a blocking mechanism internally for some commands which could lead to for example a very long block if the LIST response never showed. The solution was to make sure to properly continue to use the multi interface non-blocking state machine. The new test 1501 verifies the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3579064 Reported by: Guido Berhoerster
2012-10-23tlsauthtype: deal with the string case insensitivelyDaniel Stenberg
When given a string as 'srp' it didn't work, but required 'SRP'. Starting now, the check disregards casing. Bug: http://curl.haxx.se/bug/view.cgi?id=3578418 Reported by: Jeff Connelly
2012-10-23asyn-ares: restore working with c-ares < 1.6.1Daniel Stenberg
Back in those days the public ares.h header didn't include the ares_version.h header so it needs to be included here. Bug: http://curl.haxx.se/bug/view.cgi?id=3577710
2012-10-22metalink/md5: Use CommonCrypto on Apple operating systemsNick Zitzmann
Previously the Metalink code used Apple's CommonCrypto library only if curl was built using the --with-darwinssl option. Now we use CommonCrypto on all Apple operating systems including Tiger or later, or iOS 5 or later, so you don't need to build --with-darwinssl anymore. Also rolled out this change to libcurl's md5 code.
2012-10-16darwinssl: un-broke iOS build, fix error on server disconnectNick Zitzmann
The iOS build was broken by a reference to a function that only existed under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the server disconnected before libcurl got the chance to hang up first and SecureTransport was in use, then we'd raise an error instead of failing gracefully.
2012-10-16gnutls: put reset code into else blockAlessandro Ghedini
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551
2012-10-09curl_multi_wait: no wait if no descriptors to wait forDaniel Stenberg
This is a minor change in behavior after having been pointed out by Mark Tully and discussed on the list. Initially this case would internally call poll() with no sockets and a timeout which would equal a sleep for that specified time. Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html Reported by: Mark Tully
2012-10-08ssluse.c: md5.h is required for Curl_ossl_md5sumMarc Hoersken
2012-10-06curl_schannel.c: Fixed caching more data than requiredMarc Hoersken
Do not fill the decrypted data buffer with more data unless required in order to return the requested amount of data.
2012-10-06curl_schannel: Removed buffer limit and optimized buffer strategyMarc Hoersken
Since there are servers that seem to return very big encrypted data packages, we need to be able to handle those without having an internal size limit. To avoid the buffer growing to fast to early the initial size was decreased and the minimum free space in the buffer was decreased as well.
2012-10-04lib/socks.c: Merged two size variables into oneMarc Hoersken
2012-10-04lib/socks.c: Avoid type conversions where possibleMarc Hoersken
Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
2012-10-04lib/curl_schannel.c: Hide size_t conversion warningMarc Hoersken
2012-10-04krb5/curl_rtmp.c: Hide size_t to int type conversion warningMarc Hoersken
2012-10-04security.c: Aligned internal type to return typeMarc Hoersken
Use ssize_t instead of int to avoid conversion problems on 64-bit systems. Also added curlx_sztosi where necessary.
2012-10-03lib/curl_schannel: Increased maximum buffer size to factor 128Marc Hoersken
2012-10-02multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitationDaniel Stenberg
During the periods of rate limitation, the speedcheck function wasn't called and thus the values weren't updated accordingly and it would then easily trigger wrongly once data got transferred again. Also, the progress callback's return code was not acknowledged in this state so it could make an "abort" return code to get ignored and not have the documented effect of aborting an ongoing transfer. Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html Reported by: Jie He
2012-09-28Curl_reconnect_request: clear pointer on failureDaniel Stenberg
The Curl_reconnect_request() function could end up returning a pointer to a free()d struct when Curl_done() failed inside. Clearing the pointer unconditionally after Curl_done() avoids this risk. Reported by: Ho-chi Chen Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
2012-09-23Makefile.vc6: Added missing default library advapi32.libMarc Hoersken
2012-09-19HTTP_ONLY: disable more protocolsDaniel Stenberg
2012-09-17setup.h: fixed for MS VC10 buildSergei Nikulov
Bug: http://curl.haxx.se/bug/view.cgi?id=3568327
2012-09-16curl_multi_wait: Add parameter to return number of active socketsSara Golemon
Minor change to recently introduced function. BC breaking, but since curl_multi_wait() doesn't exist in any releases that should be fine.
2012-09-14socks.c: Fixed warning: conversion to 'int' from 'long unsigned int'Marc Hoersken
2012-09-14http_negotiate.c: Fxied warning: unused variable 'rc'Marc Hoersken
2012-09-14ssh.c: Fixed warning: implicit conversion from enumeration typeMarc Hoersken
2012-09-14socks.c: Check that IPv6 is enabled before using it's featuresMarc Hoersken
2012-09-14checksrc: Fixed line length and comment indentationMarc Hoersken
2012-09-14socks.c: Updated error messages to handle hostname and IPv6Marc Hoersken
2012-09-14socks.c: Added support for IPv6 connections through SOCKSv5 proxyMarc Hoersken
2012-09-13parse_proxy: treat "socks://x" as a socks4 proxyDaniel Stenberg
Selected socks proxy in Google's Chrome browser. Resulting in the following environment variables: NO_PROXY=localhost,127.0.0.0/8 ALL_PROXY=socks://localhost:1080/ all_proxy=socks://localhost:1080/ no_proxy=localhost,127.0.0.0/8 ... and libcurl didn't treat 'socks://' as socks but instead picked HTTP proxy. Reported by: Scott Bailey Bug: http://curl.haxx.se/bug/view.cgi?id=3566860
2012-09-12ssh: do not crash if MD5 fingerprint is not provided by libssh2Kamil Dudka
The MD5 fingerprint cannot be computed when running in FIPS mode.
2012-09-12ssh: move the fingerprint checking code to a separate fncKamil Dudka
2012-09-11wincrypt: Fixed cross-compilation issues caused by include nameMarc Hoersken
For some reason WinCrypt.h is named wincrypt.h under MinGW.
2012-09-11md5.c: Added support for Microsoft Windows CryptoAPIMarc Hoersken
2012-09-11nss.c: Fixed warning: 'err' may be used uninitialized in this functionMarc Hoersken
2012-09-09curl_schannel.c: Reference count the credential/session handleMarc Hoersken
Reference counting the credential handle should avoid that such a handle is freed while it is still required for connection shutdown
2012-09-08darwinssl: fixed for older Mac OS X versionsNick Zitzmann
SSL didn't work on older cats if built on a newer cat with weak-linking turned on to support the older cat
2012-09-06SOCKS: truly disable it if CURL_DISABLE_PROXY is definedDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=3561305 Patch by: Marcel Raad
2012-09-04mk-ca-bundle: detect start of trust section betterDaniel Stenberg
Each certificate section of the input certdata.txt file has a trust section following it with details. This script failed to detect the start of the trust for at least one cert[*], which made the script continue pass that section into the next one where it found an 'untrusted' marker and as a result that certficate was not included in the output. [*] = "Hellenic Academic and Research Institutions RootCA 2011" Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
2012-09-04gnutls: do not fail on non-fatal handshake errorsAlessandro Ghedini
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402
2012-09-04SMTP: only send SIZE if supportedFrantišek Kučera
SMTP client will send SIZE parameter in MAIL FROM command only if server supports it. Without this patch server might say "504 Command parameter not implemented" and reject the message. Bug: http://curl.haxx.se/bug/view.cgi?id=3564114
2012-09-01multi: add curl_multi_wait()Sara Golemon
/* * Name: curl_multi_wait() * * Desc: Poll on all fds within a CURLM set as well as any * additional fds passed to the function. * * Returns: CURLMcode type, general multi error code. */ CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle, struct curl_waitfd extra_fds[], unsigned int extra_nfds, int timeout_ms);
2012-09-01darwinssl: Bugfix for previous commit for older catsNick Zitzmann
I accidentally broke functionality for versions of OS X prior to Mountain Lion in the previous commit. This commit fixes the problems.
2012-08-31NTLM: re-use existing connection betterJoe Mason
If we need an NTLM connection and one already exists, always choose that one.