aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-01-02OpenSSL: Fix forcing SSLv3 connectionsBarry Abrahamson
Some feedback provided by byte_bucket on IRC pointed out that commit db11750cfa5b1 wasn’t really correct because it allows for “upgrading” to a newer protocol when it should be only allowing for SSLv3. This change fixes that. When SSLv3 connection is forced, don't allow SSL negotiations for newer versions. Feedback provided by byte_bucket in #curl. This behavior is also consistent with the other force flags like --tlsv1.1 which doesn't allow for TLSv1.2 negotiation, etc Feedback-by: byte_bucket Bug: http://curl.haxx.se/bug/view.cgi?id=1319
2014-01-02Trial to fix the nmake Makefile for vtls files.Guenter Knauf
2014-01-02Fix NetWare build for vtls files.Guenter Knauf
2014-01-01OpenSSL: Fix forcing SSLv3 connectionsBarry Abrahamson
Since ad34a2d5c87c7f4b14e8dded3 (present in 7.34.0 release) forcing SSLv3 will always return the error "curl: (35) Unsupported SSL protocol version" Can be replicated with `curl -I -3 https://www.google.com/`. This fix simply allows for v3 to be forced.
2013-12-31imap: Fixed line length warningSteve Holme
2013-12-31mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TUSteve Holme
Following commit 0aafd77fa4c6f2, replaced the internal usage of FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we expect API programmers to use. This negates the need for separate definitions which were subtly different under different platforms/compilers.
2013-12-30mprintf: Added support for I, I32 and I64 size specifiersSteve Holme
Added support to the built-in printf() replacement functions, for these non-ANSI extensions when compiling under Visual Studio, Borland, Watcom and MinGW. This fixes problems when generating libcurl source code that contains curl_off_t variables.
2013-12-28connect.c: Fixed compilation warningSteve Holme
warning: 'res' may be used uninitialized in this function
2013-12-28connect: Try all addresses in first connection attemptBjörn Stenberg
Fixes a bug when all addresses in the first family fail immediately, due to "Network unreachable" for example, curl would hang and never try the next address family. Iterate through all address families when to trying establish the first connection attempt. Bug: http://curl.haxx.se/bug/view.cgi?id=1315 Reported-by: Michal Górny and Anthony G. Basile
2013-12-27sendf.c: Fixed compilation warning from f2d234a4dd9bccSteve Holme
sendf.c:450:81: warning: Longer than 79 columns
2013-12-27FILE: Fixed sending of data would always return CURLE_WRITE_ERRORSteve Holme
Introduced in commit 2a4ee0d2215556 sending of data via the FILE protocol would always return CURLE_WRITE_ERROR regardless of whether CURL_WRITEFUNC_PAUSE was returned from the callback function or not.
2013-12-26FILE: we don't support paused transfers using this protocolDaniel Stenberg
Make sure that we detect such attempts and return a proper error code instead of silently handling this in problematic ways. Updated the documentation to mention this limitation. Bug: http://curl.haxx.se/bug/view.cgi?id=1286
2013-12-26vtls: Updated comments referencing sslgen.c and ssluse.cSteve Holme
2013-12-26vtls: Fixed up include of vtls.hSteve Holme
2013-12-25curl_dofree: allow free(NULL)Daniel Stenberg
Previously this memdebug free() replacement didn't properly work with a NULL argument which has made us write code that avoids calling free(NULL) - which causes some extra nuisance and unnecessary code. Starting now, we should allow free(NULL) even when built with the memdebug system enabled. free(NULL) is permitted by POSIX
2013-12-25Curl_thread_create: use Curl_safefree to allow NULL betterDaniel Stenberg
free() itself allows a NULL input but our memory debug system requires Curl_safefree() to be used instead when a "legitimate" NULL may be freed. Like in the code here. Pointed-out-by: Steve Holme
2013-12-25threaded resolver: Use pthread_t * for curl_thread_tLuke Dashjr
... since pthread_t may be non-scalar and/or may represent a real thread with scalar 0. Bug: http://curl.haxx.se/bug/view.cgi?id=1314
2013-12-24imap: Fixed auth preference not being honored when CAPABILITY not supportedSteve Holme
If a user indicated they preferred to authenticate using a SASL mechanism, but SASL authentication wasn't supported by the server, curl would always fall back to clear text when CAPABILITY wasn't supported, even though the user didn't want to use this.
2013-12-24pop3: Fixed auth preference not being honored when CAPA not supportedSteve Holme
If a user indicated they preferred to authenticate using APOP or a SASL mechanism, but neither were supported by the server, curl would always fall back to clear text when CAPA wasn't supported, even though the user didn't want to use this. This also fixes the auto build failure caused by commit 6f2d5f0562f64a.
2013-12-24Curl_pp_readresp: use memmove not memcpy, possibly overlapping areasDaniel Stenberg
Fixes commit 1deac31eba7
2013-12-24pop3: Fixed APOP being determined by CAPA response rather than by timestampSteve Holme
This commit replaces that of 9f260b5d6610f3 because according to RFC-2449, section 6, there is no APOP capability "...even though APOP is an optional command in [POP3]. Clients discover server support of APOP by the presence in the greeting banner of an initial challenge enclosed in angle brackets."
2013-12-22FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGEDaniel Stenberg
The FILE:// code doesn't support this option - and it doesn't make sense to support it as long as it works as it does since then it'd only block even longer. But: setting CURLOPT_MAX_RECV_SPEED_LARGE would make the transfer first get done and then libcurl would wait until the average speed would get low enough. This happened because the transfer happens completely in the DO state for FILE:// but then it would still unconditionally continue in to the PERFORM state where the speed check is made. Starting now, the code will skip from DO_DONE to DONE immediately if no socket is set to be recv()ed or send()ed to. Bug: http://curl.haxx.se/bug/view.cgi?id=1312 Reported-by: Mohammad AlSaleh
2013-12-22email: Fixed segfault introduced in commit 195b63f99c2fe3Steve Holme
2013-12-22code police: fix indent level to silence checksrc complaintsDaniel Stenberg
2013-12-21email: Extended the login options to support multiple auth mechanismsSteve Holme
2013-12-22Curl_pp_readresp: replace stupid loop with memcpyDaniel Stenberg
2013-12-22Curl_pp_readresp: zero terminate lineDaniel Stenberg
The comment in the code mentions the zero terminating after having copied data, but it mistakingly zero terminated the source data and not the destination! This caused the test 864 problem discussed on the list: http://curl.haxx.se/mail/lib-2013-12/0113.html Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-12-21Revert "pop3: Added debug information to assist with test864 failure"Steve Holme
This reverts commit 727d798d680f29c8b3cb7d7f03d6b6a3eb4356da.
2013-12-21pop3: Added debug information to assist with test864 failureSteve Holme
2013-12-20pop3: Fixed APOP timestamp detection from commit 1cfb436a2f1795Steve Holme
2013-12-20Makefile.inc: use standard source headerDaniel Stenberg
2013-12-20Makefile.inc: specify the vtls sources+headers separatelyDaniel Stenberg
2013-12-20vtls: renamed sslgen.[ch] to vtls.[ch]Daniel Stenberg
2013-12-20openssl: renamed backend files to openssl.[ch]Daniel Stenberg
2013-12-20vtls: moved all TLS/SSL source and header files into subdirDaniel Stenberg
2013-12-20vtls: created subdir, moved sslgen.[ch] there, updated all include linesDaniel Stenberg
2013-12-20pop3: Fixed selection of APOP when server replies with an invalid timestampSteve Holme
Although highlighted by a bug in commit 1cfb436a2f1795, APOP authentication could be chosen if the server was to reply with an empty or missing timestamp in the server greeting and APOP was given in the capability list by the server.
2013-12-20pop3: Fixed processing of more than one response when sent in same packetSteve Holme
Added a loop to pop3_statemach_act() in which Curl_pp_readresp() is called until the cache is drained. Without this multiple responses received in a single packet could result in a hang or delay.
2013-12-19pop3: Moved CAPA response handling to pop3_state_capa_resp()Steve Holme
Similar to the processing of untagged CAPABILITY responses in IMAP and multi-line EHLO responses in SMTP, moved the processing of multi-line CAPA responses to pop3_state_capa_resp().
2013-12-19pop3: Moved APOP detection into pop3_state_servergreet_resp()Steve Holme
In an effort to reduce what pop3_endofresp() does and bring the POP3 source back inline with the IMAP and SMTP protocols, moved the APOP detection into pop3_state_servergreet_resp().
2013-12-18imap/pop3/smtp: Added support for SASL authentication downgradesSteve Holme
Added support for downgrading the SASL authentication mechanism when the decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances the previously added support for graceful cancellation by allowing the client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even APOP / clear text (in the case of POP3 and IMAP) when supported by the server.
2013-12-18smtp: fix compiler warningDaniel Stenberg
smtp.c:478:21: error: unused variable 'smtpc' [-Werror=unused-variable]
2013-12-18smtp: Moved the calculation of SASL login details into a separate functionSteve Holme
2013-12-18pop3: Moved the calculation of SASL login details into a separate functionSteve Holme
2013-12-18imap: Moved the calculation of SASL login details into a separate functionSteve Holme
2013-12-18smtp: Moved the sending of the AUTH command into a separate functionSteve Holme
2013-12-18pop3: Moved the sending of the AUTH command into a separate functionSteve Holme
2013-12-18imap: Moved the sending of the AUTHENICATE command into a separate functionSteve Holme
2013-12-17email: Renamed *_perform_authenticate() functionsSteve Holme
In preparation for the upcoming SASL downgrade feature renamed the imap__perform_authenticate(), pop3__perform_authenticate() and smtp__perform_authenticate() functions.
2013-12-16gtls: respect *VERIFYHOST independently of *VERIFYPEERDaniel Stenberg
Security flaw CVE-2013-6422 This is conceptually the same problem and fix that 3c3622b6 brought to the OpenSSL backend and that resulted in CVE-2013-4545. This version of the problem was independently introduced to the GnuTLS backend with commit 59cf93cc, present in the code since the libcurl 7.21.4 release. Advisory: http://curl.haxx.se/docs/adv_20131217.html Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html Reported-by: Marc Deslauriers