Age | Commit message (Collapse) | Author |
|
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
|
|
|
|
Missed Curl_read64_be() in commit bb12d44471 :(
|
|
|
|
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires NSS 3.15 or higher.
|
|
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
|
|
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
|
|
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
|
|
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
|
|
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.
Reported-by: Jean-Francois Durand
|
|
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
|
|
mingw build: allow to pass custom CFLAGS
|
|
|
|
Better code reuse and consistency in calls to gss_import_name().
|
|
|
|
... instead of trying PASV, since PASV can't work with IPv6.
Reported-by: Vojtěch Král
|
|
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.
Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.
Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
|
|
|
|
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
|
|
|
|
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.
Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
|
|
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
|
|
|
|
|
|
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
|
|
Reported-by: Michael Osipov
|
|
|
|
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
|
|
|
|
|
|
Use 'TCHAR *' for local attribute variable rather than 'char *'.
|
|
Use 'TCHAR *' for local DN variable rather than 'char *'.
|
|
Due to the recent modifications this function is no longer used.
|
|
ldap.c:98: warning: extra tokens at end of #endif directive
|
|
|
|
ldap.c:802: warning: comparison between signed and unsigned integer
expressions
|
|
|
|
The unescapped DN was not freed after a successful character conversion.
|
|
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
just 1
|
|
ldap.c:89: warning: extra tokens at end of #endif directive
|
|
|
|
|
|
|
|
As host.name may be encoded use dispname for infof() failure messages.
|
|
|
|
As we get the length for the DN and attribute variables, and we know
the length for the line terminator, pass the length values rather than
zero as this will save Curl_client_write() from having to perform an
additional strlen() call.
|
|
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
|
|
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
|
|
curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
[8]') to parameter of type 'char *' converts
between pointers to integer types with different
sign
|
|
Rather than duplicate the code in setup_des_key() for OpenSSL and in
extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
the same, use extend_key_56_to_64() for all engines.
|