aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-01-19openssl: do public key pinning check independentlyDaniel Stenberg
... of the other cert verification checks so that you can set verifyhost and verifypeer to FALSE and still check the public key. Bug: http://curl.haxx.se/bug/view.cgi?id=1471 Reported-by: Kyle J. McKay
2015-01-18ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAPSteve Holme
For consistency with other USE_WIN32_ defines as well as the USE_OPENLDAP define.
2015-01-18http_negotiate: Use dynamic buffer for SPN generationSteve Holme
Use a dynamicly allocated buffer for the temporary SPN variable similar to how the SASL GSS-API code does, rather than using a fixed buffer of 2048 characters.
2015-01-18sasl_gssapi: Make Curl_sasl_build_gssapi_spn() publicSteve Holme
2015-01-18sasl_gssapi: Fixed memory leak with local SPN variableSteve Holme
2015-01-17http_negotiate.c: unused variable 'ret'Daniel Stenberg
2015-01-17gskit.h: Code policing of function pointer argumentsSteve Holme
2015-01-17vtls: Removed unimplemented overrides of curlssl_close_all()Steve Holme
Carrying on from commit 037cd0d991, removed the following unimplemented instances of curlssl_close_all(): Curl_axtls_close_all() Curl_darwinssl_close_all() Curl_cyassl_close_all() Curl_gskit_close_all() Curl_gtls_close_all() Curl_nss_close_all() Curl_polarssl_close_all()
2015-01-17vtls: Separate the SSL backend definition from the API setupSteve Holme
Slight code cleanup as the SSL backend #define is mixed up with the API function setup.
2015-01-17vtls: Fixed compilation errors when SSL not usedSteve Holme
Fixed the following warning and error from commit 3af90a6e19 when SSL is not being used: url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; assuming extern returning int error LNK2019: unresolved external symbol Curl_ssl_cert_status_request referenced in function Curl_setopt
2015-01-17http_negotiate: Added empty decoded challenge message info textSteve Holme
2015-01-17http_negotiate: Return CURLcode in Curl_input_negotiate() instead of intSteve Holme
2015-01-17http_negotiate_sspi: Prefer use of 'attrs' for context attributesSteve Holme
Use the same variable name as other areas of SSPI code.
2015-01-17http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()Steve Holme
Use the SECURITY_STATUS typedef rather than a unsigned long for the QuerySecurityPackageInfo() return and rename the variable as per other areas of SSPI code.
2015-01-17http_negotiate_sspi: Use 'CURLcode result' for CURL result codeSteve Holme
2015-01-16curl_endian: Fixed build when 64-bit integers are not supported (Part 2)Steve Holme
Missed Curl_read64_be() in commit bb12d44471 :(
2015-01-16copyright years: after OCSP stapling changesDaniel Stenberg
2015-01-16nss: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires NSS 3.15 or higher.
2015-01-16gtls: add support for the Certificate Status Request TLS extensionAlessandro Ghedini
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP response verfication to fail even on valid responses.
2015-01-16url: add CURLOPT_SSL_VERIFYSTATUS optionAlessandro Ghedini
This option can be used to enable/disable certificate status verification using the "Certificate Status Request" TLS extension defined in RFC6066 section 8. This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the certificate status verification fails, and the Curl_ssl_cert_status_request() function, used to check whether the SSL backend supports the status_request extension.
2015-01-16curl_endian: Fixed build when 64-bit integers are not supportedSteve Holme
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html Reported-by: John E. Malmberg
2015-01-14Curl_pretransfer: reset expected transfer sizesDaniel Stenberg
Reported-by: Mohammad AlSaleh Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
2015-01-12curl_schannel.c: mark session as removed from cache if not freedMarc Hoersken
If the session is still used by active SSL/TLS connections, it cannot be closed yet. Thus we mark the session as not being cached any longer so that the reference counting mechanism in Curl_schannel_shutdown is used to close and free the session. Reported-by: Jean-Francois Durand
2015-01-09Merge pull request #134 from vszakats/mingw-m64Guenter Knauf
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-09Merge pull request #136 from vszakats/mingw-allow-custom-cflagsGuenter Knauf
mingw build: allow to pass custom CFLAGS
2015-01-09NSS: fix compiler error when built http2-enabledDaniel Stenberg
2015-01-09gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitionsSteve Holme
Better code reuse and consistency in calls to gss_import_name().
2015-01-09mingw build: allow to pass custom CFLAGSViktor Szakats
2015-01-08FTP: if EPSV fails on IPV6 connections, bail outDaniel Stenberg
... instead of trying PASV, since PASV can't work with IPv6. Reported-by: Vojtěch Král
2015-01-08FTP: fix IPv6 host using link-local addressDaniel Stenberg
... and make sure we can connect the data connection to a host name that is longer than 48 bytes. Also simplifies the code somewhat by re-using the original host name more, as it is likely still in the DNS cache. Original-Patch-by: Vojtěch Král Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2015-01-08NetWare build: added TLS-SRP enabled build.Guenter Knauf
2015-01-08sasl_gssapi: Fixed build on NetBSD with built-in GSS-APISteve Holme
Bug: http://curl.haxx.se/bug/view.cgi?id=1469 Reported-by: Thomas Klausner
2015-01-08add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGSViktor Szakats
2015-01-07darwinssl: fix session ID keys to only reuse identical sessionsDaniel Stenberg
...to avoid a session ID getting cached without certificate checking and then after a subsequent _enabling_ of the check libcurl could still re-use the session done without cert checks. Bug: http://curl.haxx.se/docs/adv_20150108A.html Reported-by: Marc Hesse
2015-01-07url-parsing: reject CRLFs within URLsDaniel Stenberg
Bug: http://curl.haxx.se/docs/adv_20150108B.html Reported-by: Andrey Labunets
2015-01-07ldap: Convert attribute output to UTF-8 when UnicodeSteve Holme
2015-01-07ldap: Convert DN output to UTF-8 when UnicodeSteve Holme
2015-01-07hostip: remove 'stale' argument from Curl_fetch_addr protoDaniel Stenberg
Also, remove the log output of the resolved name is NOT in the cache in the spirit of only telling when something is actually happening.
2015-01-07ldap/imap: Fixed spelling mistake in comments and variable namesSteve Holme
Reported-by: Michael Osipov
2015-01-05curl_multibyte.h: Eliminated some trailing whitespaceDan Fandrich
2015-01-04ldap: Fixed Unicode usage for all Win32 buildsSteve Holme
Otherwise, the fixes in the previous commits would only be applicable to IDN and SSPI based builds and not others such as OpenSSL with LDAP enabled.
2015-01-04ldap: Fixed memory leak from commit efb64fdf80Steve Holme
2015-01-04ldap: Fix memory leak from commit 3a805c5cc1Steve Holme
2015-01-04ldap: Fixed attribute variable warnings when Unicode is enabledSteve Holme
Use 'TCHAR *' for local attribute variable rather than 'char *'.
2015-01-04ldap: Fixed DN variable warnings when Unicode is enabledSteve Holme
Use 'TCHAR *' for local DN variable rather than 'char *'.
2015-01-04ldap: Remove the unescape_elements() functionSteve Holme
Due to the recent modifications this function is no longer used.
2015-01-04ldap.c: Fixed compilation warningSteve Holme
ldap.c:98: warning: extra tokens at end of #endif directive
2015-01-04ldap: Fixed support for Unicode filter in Win32 search callSteve Holme
2015-01-04ldap.c: Fixed compilation warningSteve Holme
ldap.c:802: warning: comparison between signed and unsigned integer expressions
2015-01-04ldap: Fixed support for Unicode attributes in Win32 search callSteve Holme