aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-10-24SSL: Remove SSLv3 from SSL default due to POODLE attackJay Satiro
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, openssl effectively making the default TLS 1.x. axTLS is not affected since it supports only TLS, and gnutls is not affected since it already defaults to TLS 1.x. - Update CURLOPT_SSLVERSION doc
2014-10-24pipelining: only output "is not blacklisted" in debug buildsDaniel Stenberg
2014-10-24url.c: use 'CURLcode result'Daniel Stenberg
2014-10-24code cleanup: we prefer 'CURLcode result'Daniel Stenberg
... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24Curl_add_timecondition: skip superfluous varible assignmentDaniel Stenberg
Detected by cppcheck.
2014-10-24Curl_pp_flushsend: skip superfluous assignmentDaniel Stenberg
Detected by cppcheck.
2014-10-24Curl_pp_readresp: remove superfluous assignmentDaniel Stenberg
Variable already assigned a few lines up. Detected by cppcheck.
2014-10-24Curl_proxyCONNECT: remove superfluous statementDaniel Stenberg
The variable is already assigned, skip the duplicate assignment. Pointed out by cppcheck.
2014-10-24Added MinGW support to build with nghttp2.Guenter Knauf
2014-10-23Some cosmetics and simplifies.Guenter Knauf
2014-10-23Remove dependency on openssl and cut.Guenter Knauf
Prefer usage of Perl modules for sha1 calculation since there might be systems where openssl is not installed or not in path. If openssl is used for sha1 calculation then dont rely on cut since it is usually not available on other systems than Linux.
2014-10-23gnutls: removed dead codeDaniel Stenberg
Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien
2014-10-23Curl_rand: Uninitialized variable: rDaniel Stenberg
This is not actually used uninitialized but we silence warnings. Bug: http://curl.haxx.se/bug/view.cgi?id=1437 Reported-by: Julien
2014-10-20nss: reset SSL handshake state machineKamil Dudka
... when the handshake succeeds This fixes a connection failure when FTPS handle is reused.
2014-10-16ntlm: Fixed empty type-2 decoded message info textSteve Holme
Updated the info text when the base-64 decode of the type-2 message returns a null buffer to be more specific.
2014-10-16ntlm: Fixed empty/bad base-64 decoded buffer return codesSteve Holme
2014-10-16ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 tokenSteve Holme
2014-10-15sasl_sspi: Fixed some typosSteve Holme
2014-10-15sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSOSteve Holme
2014-10-15mk-ca-bundle: added SHA-384 signature algorithmBruno Thomsen
Certificates based on SHA-1 are being phased out[1]. So we should expect a rise in certificates based on SHA-2. Adding SHA-384 as a valid signature algorithm. [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
2014-10-14Implement pinned public key in GSKit backendPatrick Monnerat
2014-10-14cleanups: reduce variable scopeDaniel Stenberg
cppcheck pointed these out.
2014-10-14singleipconnect: remove dead assignment never usedDaniel Stenberg
cppcheck pointed this out.
2014-10-13pinning: minor code style policingDaniel Stenberg
2014-10-13Factorize pinned public key code into generic file handling and backend specificPatrick Monnerat
2014-10-13vtls: remove QsoSSLPatrick Monnerat
2014-10-13gskit: supply dummy randomization functionPatrick Monnerat
2014-10-13vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementationPatrick Monnerat
2014-10-09vtls: have vtls.h include the backend header filesDaniel Stenberg
It turned out some features were not enabled in the build since for example url.c #ifdefs on features that are defined on a per-backend basis but vtls.h didn't include the backend headers. CURLOPT_CERTINFO was one such feature that was accidentally disabled.
2014-10-09Cmake: Got rid of setup_curl_dependenciesJakub Zakrzewski
There is no need for such function. Include_directories propagate by themselves and having a function with one simple link statement makes little sense.
2014-10-08nss: do not fail if a CRL is already cachedKamil Dudka
This fixes a copy-paste mistake from commit 2968f957.
2014-10-08FormAdd: precaution against memdup() of NULL pointerDaniel Stenberg
Coverity CID 252518. This function is in general far too complicated for its own good and really should be broken down into several smaller funcitons instead - but I'm adding this protection here now since it seems there's a risk the code flow can end up here and dereference a NULL pointer.
2014-10-08do_sec_send: remove dead codeDaniel Stenberg
Coverity CID 1241951. The condition 'len >= 0' would always be true at that point and thus not necessary to check for.
2014-10-08krb5_encode: remove unused argumentDaniel Stenberg
Coverity CID 1241957. Removed the unused argument. As this struct and pointer now are used only for krb5, there's no need to keep unused function arguments around.
2014-10-07GnuTLS: Implement public key pinningmoparisthebest
2014-10-07SSL: implement public key pinningmoparisthebest
Option --pinnedpubkey takes a path to a public key in DER format and only connect if it matches (currently only implemented with OpenSSL). Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). Extract a public RSA key from a website like so: openssl s_client -connect google.com:443 2>&1 < /dev/null | \ sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ | openssl rsa -pubin -outform DER > google.com.der
2014-10-07multi_runsingle: fix possible memory leakDaniel Stenberg
Coverity CID 1202837. 'newurl' can in fact be allocated even when Curl_retry_request() returns failure so free it if need be.
2014-10-07ares::Curl_resolver_cancel: skip checking for NULL connDaniel Stenberg
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be the subsequent statement would dereference it!
2014-10-06ssh_statemach_act: split out assignment from checkDaniel Stenberg
just a minor code style thing to make the code clearer
2014-10-04curl_schannel.c: Fixed possible memory or handle leakMarc Hoersken
First try to fix possible memory leaks, in this case: Only connssl->ctxt xor onnssl->cred being initialized.
2014-10-04choose_mech: fix return codeDaniel Stenberg
Coverity CID 1241950. The pointer is never NULL but it might point to NULL.
2014-10-04Curl_sec_read_msg: spell out that we ignore return codeDaniel Stenberg
Coverity CID 1241947. Since if sscanf() fails, the previously set value remains set.
2014-10-04nonblock: call with (void) to show we ignore the return codeDaniel Stenberg
Coverity pointed out several of these.
2014-10-03parse_proxy: remove dead code.Daniel Stenberg
Coverity CID 982331.
2014-10-03Curl_debug: document switch fallthroughsDaniel Stenberg
2014-10-03curl_multi_remove_handle: remove dead codeDaniel Stenberg
Coverify CID 1157776. Removed a superfluous if() that always evaluated true (and an else clause that never ran), and then re-indented the function accordingly.
2014-10-03Curl_pipeline_server_blacklisted: handle a NULL server nameDaniel Stenberg
Coverity CID 1215284. The server name is extracted with Curl_copy_header_value() and passed in to this function, and copy_header_value can actually can fail and return NULL.
2014-10-03ssh: comment "fallthrough" in switch statementDaniel Stenberg
2014-10-03ssh: improve key file searchJeremy Lin
For private keys, use the first match from: user-specified key file (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa Note that the previous code only looked for id_dsa files. id_rsa is now generally preferred, as it supports larger key sizes. For public keys, use the user-specified key file, if provided. Otherwise, try to extract the public key from the private key file. This means that passing --pubkey is typically no longer required, and makes the key-handling behavior more like OpenSSH.
2014-10-02detect_proxy: fix possible single-byte memory leakDaniel Stenberg
Coverity CID 1202836. If the proxy environment variable returned an empty string, it would be leaked. While an empty string is not really a proxy, other logic in this function already allows a blank string to be returned so allow that here to avoid the leak.