Age | Commit message (Collapse) | Author | |
---|---|---|---|
2014-04-18 | connect.c: fix multiple possible dereferences of null pointers | Marc Hoersken | |
In case the first address in the tempaddr array is NULL, the code would previously dereference an unchecked null pointer. | |||
2014-04-18 | tftp.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-04-18 | socks_sspi.c: added pointer guards to FreeContextBuffer calls | Marc Hoersken | |
The FreeContextBuffer SAL declaration does not declare the pointer as optional, therefore it must not be NULL. | |||
2014-04-18 | md5.c: fix use of uninitialized variable | Marc Hoersken | |
2014-04-18 | curl_schannel.c: added explicit cast of structure pointers | Marc Hoersken | |
2014-04-18 | curl_schannel.c: fix possible dereference of null pointer | Marc Hoersken | |
2014-04-18 | imap: Extended FETCH support to include PARTIAL URL specifier | Steve Holme | |
2014-04-18 | url.c: Fixed typo in comment | Steve Holme | |
2014-04-18 | imap: Expanded mailbox SEARCH support to use URL query strings | Steve Holme | |
2014-04-18 | imap: Added support for parsing URL query strings | Steve Holme | |
Added support for parsing query strings from the URL as defined by RFC-5092. | |||
2014-04-18 | imap: Introduced the SEARCH state | Steve Holme | |
2014-04-18 | imap: Fixed untagged response detection when no data after command | Steve Holme | |
Should a command return untagged responses that contained no data then the imap_matchresp() function would not detect them as valid responses, as it wasn't taking the CRLF characters into account at the end of each line. | |||
2014-04-17 | README.http2: mention some alt-svc thoughts | Daniel Stenberg | |
2014-04-14 | url: only use if_nametoindex() if IFNAMSIZ is available | Dan Fandrich | |
2014-04-08 | sas: Added DIGEST-MD5 qop-option validation in native challange handling | Steve Holme | |
Given that we presently support "auth" and not "auth-int" or "auth-conf" for native challenge-response messages, added client side validation of the quality-of-protection options from the server's challenge message. | |||
2014-04-06 | strerror: fix comment about vxworks' strerror_r buffer size | Daniel Stenberg | |
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html Reported-by: Jeroen Koekkoek | |||
2014-04-06 | sasl: Added forward declaration of structures following recent changes | Steve Holme | |
To avoid urldata.h being included from the header file or that the source file has the correct include order as highlighted by one of the auto builds recently. | |||
2014-04-06 | sasl: Fixed compilation warning | Steve Holme | |
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message' | |||
2014-04-06 | sasl: Added curl_memory.h include as per test 1132 | Steve Holme | |
2014-04-06 | sasl: Fixed compilation warning in SSPI builds | Steve Holme | |
warning: 'sasl_digest_get_key_value' defined but not used | |||
2014-04-06 | sasl: Corrected missing free of decoded challenge message from 607883f13c | Steve Holme | |
2014-04-06 | sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 | Steve Holme | |
2014-04-06 | sasl: Post DIGEST-MD5 SSPI code tidy up | Steve Holme | |
* Added comments to SSPI NTLM message generation * Added comments to native DIGEST-MD5 code * Removed redundant identity pointer | |||
2014-04-06 | sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code | Steve Holme | |
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not be included, regardless of whether USE__WINDOWS_SSPI is defined or not. This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM in curl_setup.h. | |||
2014-04-06 | sasl: Added support for DIGEST-MD5 via Windows SSPI | Steve Holme | |
2014-04-06 | http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined | Steve Holme | |
2014-04-06 | Makefile.vc6: Added curl_sasl_sspi.c | Steve Holme | |
2014-04-06 | ntlm: Moved the identity generation into shared SSPI code | Steve Holme | |
2014-04-06 | sasl: Renamed SSPI module following short name clash | Steve Holme | |
2014-04-05 | sasl: Added initial stub functions for SSPI DIGEST-MD support | Steve Holme | |
2014-04-05 | sasl: Combined DIGEST-MD5 message decoding and generation | Steve Holme | |
2014-04-05 | http2: Compile with current nghttp2, which supports h2-11 | Tatsuhiro Tsujikawa | |
2014-04-04 | PROXYHEADER: send these headers in "normal" proxy requests too | Daniel Stenberg | |
Updated the docs to clarify and the code accordingly, with test 1528 to verify: When CURLHEADER_SEPARATE is set and libcurl is asked to send a request to a proxy but it isn't CONNECT, then _both_ header lists (CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the single request is then made for both the proxy and the server. | |||
2014-04-04 | CURLOPT_HEADEROPT: added | Daniel Stenberg | |
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER is actually used or not. | |||
2014-04-04 | CURLOPT_PROXYHEADER: set headers for proxy-only | Daniel Stenberg | |
Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal | |||
2014-04-04 | HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue | Daniel Stenberg | |
Without request body there's no point in asking for 100-continue. Bug: http://curl.haxx.se/bug/view.cgi?id=1349 Reported-by: JimS | |||
2014-04-03 | ftp: in passive data connect wait for happy eyeballs sockets | Daniel Stenberg | |
When doing passive FTP, the multi state function needs to extract and use the happy eyeballs sockets to wait for to check for completion! Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined) Reported-by: Alan | |||
2014-04-03 | http2+openssl: fix compiler warnings in ALPN using code | Daniel Stenberg | |
2014-04-01 | smtp: Fixed login denied with a RFC-821 based server | Steve Holme | |
In addition to commit fe260b75e7 fixed the same issue for RFC-821 based SMTP servers and allow the credientials to be given to curl even though they are not used with the server. | |||
2014-04-01 | urldata: spellfix comment | Daniel Stenberg | |
Reported-by: Melissa | |||
2014-03-31 | ipv6: strip off zone identifiers in redirects too | Daniel Stenberg | |
Follow up to 9317eced984 makes test 1056 work again. | |||
2014-03-31 | http2: let openssl mention the exact protocol negotiated | Daniel Stenberg | |
Remove a superfluous "negotiated http2" info line | |||
2014-03-31 | http2: remove _DRAFT09 from the NPN_HTTP2 enum | Daniel Stenberg | |
We're progressing throught drafts so there's no point in having a fixed one in a symbol that'll survive. | |||
2014-03-31 | URL parser: IPv6 zone identifiers are now supported | Till Maas | |
2014-03-28 | smtp: Fixed login denied when server doesn't support AUTH capability | Steve Holme | |
Specifying user credentials when the SMTP server doesn't support authentication would cause curl to display "No known authentication mechanisms supported!" and return CURLE_LOGIN_DENIED. Reported-by: Tom Sparrow Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html | |||
2014-03-26 | hostcheck: added a system include to define struct in_addr | Dan Fandrich | |
2014-03-25 | Curl_cert_hostcheck: strip trailing dots in host name and wildcard | Daniel Stenberg | |
Reported-by: Richard Moore | |||
2014-03-25 | Curl_cert_hostcheck: reject IP address wildcard matches | Daniel Stenberg | |
There are server certificates used with IP address in the CN field, but we MUST not allow wild cart certs for hostnames given as IP addresses only. Therefore we must make Curl_cert_hostcheck() fail such attempts. Bug: http://curl.haxx.se/docs/adv_20140326B.html Reported-by: Richard Moore | |||
2014-03-25 | url: Fixed connection re-use when using different log-in credentials | Steve Holme | |
In addition to FTP, other connection based protocols such as IMAP, POP3, SMTP, SCP, SFTP and LDAP require a new connection when different log-in credentials are specified. Fixed the detection logic to include these other protocols. Bug: http://curl.haxx.se/docs/adv_20140326A.html | |||
2014-03-22 | polarssl: avoid extra newlines in debug messages | Gisle Vanem | |
The debug messages printed inside PolarSSL always seems to end with a newline. So 'infof()' should not add one. Besides the trace 'line' should be 'const'. |