Age | Commit message (Collapse) | Author |
|
|
|
Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.
|
|
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek
|
|
To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.
|
|
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
|
|
|
|
warning: 'sasl_digest_get_key_value' defined but not used
|
|
|
|
|
|
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
|
|
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:
When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
|
|
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
|
|
Includes docs and new test cases: 1525, 1526 and 1527
Co-written-by: Vijay Panghal
|
|
Without request body there's no point in asking for 100-continue.
Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
|
|
When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!
Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan
|
|
|
|
In addition to commit fe260b75e7 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.
|
|
Reported-by: Melissa
|
|
Follow up to 9317eced984 makes test 1056 work again.
|
|
Remove a superfluous "negotiated http2" info line
|
|
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
|
|
|
|
Specifying user credentials when the SMTP server doesn't support
authentication would cause curl to display "No known authentication
mechanisms supported!" and return CURLE_LOGIN_DENIED.
Reported-by: Tom Sparrow
Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html
|
|
|
|
Reported-by: Richard Moore
|
|
There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.
Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore
|
|
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.
Bug: http://curl.haxx.se/docs/adv_20140326A.html
|
|
The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.
|
|
The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.
Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
|
|
It leads to the "next family" tries starting from the wrong point and thus
fails!
Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker
|
|
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.
In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
|
|
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
|
|
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
* x509 certificate structure has been renamed to from x509_cert to
x509_crt
* new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
ssl_set_own_cert is for generic keys
* ssl_default_ciphersuites has been replaced by function
ssl_list_ciphersuites()
This patch drops the use of the compatibly header.
|
|
|
|
Also fixed a function name change in the version requirement bump
|
|
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
|
|
... if built against a new enough version of NSS
|
|
... if built against a new enough version of NSS
|
|
... but allow them to be enabled/disabled explicitly. The default
policy should be maintained at the NSS level.
|
|
|
|
|