aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2013-10-30base64: Added basic validation to base64 input string when decodingSteve Holme
A base64 string should be a multiple of 4 characters in length, not contain any more than 2 padding characters and only contain padding characters at the end of string. For example: Y3VybA== Strings such as the following are considered invalid: Y= - Invalid length Y== - Invalid length Y=== - More than two padding characters Y=x= - Padding character contained within string
2013-10-29bugfix: Don't block waiting for socket1 connect.Björn Stenberg
This patch fixes a bug in Happy Eyeballs where curl would wait for a connect response from socket1 before checking socket2. Also, it updates error messages for failed connections, showing the ip addresses that failed rather than just the host name repeatedly. Bug: http://curl.haxx.se/mail/lib-2013-10/0236.html Reported-by: Paul Marks
2013-10-28sasl: Updated create_digest_md5_message() to use a dynamic bufferSteve Holme
2013-10-28OS400: coding style standardsPatrick Monnerat
2013-10-27email: Added support for cancelling NTLM authenticationSteve Holme
2013-10-27sasl: Removed unused variables from commit b87ba2c94217c0Steve Holme
2013-10-27email: Added support for cancelling DIGEST-MD5 authenticationSteve Holme
2013-10-27email: Corrected a couple of typos from 1e39b95682781fSteve Holme
2013-10-27email: Added support for canceling CRAM-MD5 authenticationSteve Holme
2013-10-27Typo fix in trynextip().Björn Stenberg
2013-10-27Add "Happy Eyeballs" for IPv4/IPv6.Björn Stenberg
This patch invokes two socket connect()s nearly simultaneously, and the socket that is first connected "wins" and is subsequently used for the connection. The other is terminated. There is a very slight IPv4 preference, in that if both sockets connect simultaneously IPv4 is checked first and thus will win.
2013-10-27email: Added initial support for cancelling authenticationSteve Holme
Should a client application fail to decode an authentication message received from a server, or not support any of the parameters given by the server in the message, then the authentication phrase should be cancelled gracefully by the client rather than simply terminating the connection. The authentication phrase should be cancelled by simply sending a '*' to the server, in response to erroneous data being received, as per RFC-3501, RFC-4954 and RFC-5034. This patch adds the necessary state machine constants and appropriate response handlers in order to add this functionality for the CRAM-MD5, DIGEST-MD5 and NTLM authentication mechanisms.
2013-10-27email: Moved authentication message parsing into a separate functionSteve Holme
...in preparation for upcoming modifications.
2013-10-27ftp: Fixed compiler warningSteve Holme
warning: 'result' may be used uninitialized in this function
2013-10-26FTP: make the data connection work when going through proxyDaniel Stenberg
This is a regression since the switch to always-multi internally c43127414d89c. Test 1316 was modified since we now clearly call the Curl_client_write() function when doing the LIST transfer part and then the handler->protocol says FTP and ftpc.transfertype is 'A' which implies text converting even though that the response is initially a HTTP CONNECT response in this case.
2013-10-26email: Added references to SASL LOGIN authentication draft proposalSteve Holme
2013-10-26smtp: Fixed response code parsing for bad AUTH continuation responsesSteve Holme
This workaround had been previously been implemented for IMAP and POP3 but not SMTP. Some of the recent test case additions implemented this behaviour to emulate a bad server and the SMTP code didn't cope with it.
2013-10-26gskit.c: Code policing following commit 2cc9246477285dSteve Holme
Corrected 80 character line length error and pointer declarations (some of which were previously incorrect)
2013-10-25OS400: sync RPG wrapper, zlib support, fix header file names, ...Patrick Monnerat
IFS compilation support, SSL GSKit backend by default, TLSv1.[12] support in GSKit for OS400 >= V7R1, no more tabs in make scripts.
2013-10-24sasl: Fixed memory leak in OAUTH2 message creationSteve Holme
2013-10-23sasl: fix compiler warningDaniel Stenberg
error: unused variable 'table16'
2013-10-23tests: Added POP3 DIGEST-MD5 authentication testSteve Holme
2013-10-21ssh: initialize per-handle data in ssh_connect()Kamil Dudka
... if not already initialized. This fixes a regression introduced by commit 4ad8e142da463ab208d5b5565e53291c8e5ef038, which caused test619 to intermittently fail on certain machines (namely Fedora build hosts).
2013-10-18email: Fixed QUIT / LOGOUT being sent when SSL connect failsSteve Holme
2013-10-18curl_sasl: initialize NSS before using cryptoKamil Dudka
2013-10-17SSL: Follow up work to commits 6a1363128f1107 and 87861c9b0e8155Steve Holme
Changed the failure code when TLS v1.1 and v1.2 is requested but not supported by older OpenSSL versions, following review from libcurl peers, and reduced the number of required preprocessor if statements.
2013-10-16SSL: Added unsupported cipher version check for OpenSSLSteve Holme
...with the use of CURL_SSLVERSION_TLSv1_1 and CURL_SSLVERSION_TLSv1_2 being conditional on OpenSSL v1.0.1 as the appropriate flags are not supported under earlier versions.
2013-10-16SSL: Corrected typo from commit 87861c9b0e8155Steve Holme
2013-10-16SSL: Fixed OpenSSL builds prior to v1.0.1Steve Holme
Commit ad34a2d5c87c7f relies on definitions that are only present in OpenSSL v1.0.1 and up. This quick fix allows the builds that use older versions of OpenSSL to continue building.
2013-10-15NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE optionPaul Donohue
2013-10-15ssh: Handle successful SSH_USERAUTH_NONETyler Hall
According to the documentation for libssh2_userauth_list(), a NULL return value is not necessarily an error. You must call libssh2_userauth_authenticated() to determine if the SSH_USERAUTH_NONE request was successful. This fixes a segv when using sftp on a server that allows logins with an empty password. When NULL was interpreted as an error, it would free the session but not flag an error since the libssh2 errno would be clear. This resulted in dereferencing a NULL session pointer. Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
2013-10-15SSL: protocol version can be specified more preciselyGergely Nagy
CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version (CURL_SSLVERSION_TLSv1 means TLS 1.x). axTLS: axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one of these should be used, so we don't allow the new enum values. darwinssl: Added support for the new enum values. SChannel: Added support for the new enum values. CyaSSL: Added support for the new enum values. Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it did the same before this commit), because CyaSSL cannot be configured to use TLS 1.0-1.2. GSKit: GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow those values. Bugfix: There was a typo that caused wrong SSL versions to be passed to GSKit. NSS: TLS minor version cannot be set, so we don't allow the new enum values. QsoSSL: TLS minor version cannot be set, so we don't allow the new enum values. OpenSSL: Added support for the new enum values. Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0, now it enables 1.0-1.2. Command-line tool: Added command line options for the new values.
2013-10-14darwinssl: un-break iOS build after PKCS#12 feature addedNick Zitzmann
SecPKCS12Import() returns a few errors that are enumerated in OS X's headers but not in iOS' headers for some reason.
2013-10-13OpenSSL: improve the grammar of the language in 39beaa5ffbccDaniel Stenberg
Reported-by: Petr Pisar
2013-10-13OpenSSL: use failf() when subjectAltName mismatchesAndrej E Baranov
Write to CURLOPT_ERRORBUFFER information about mismatch alternative certificate subject names. Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
2013-10-12ssh: improve the logic for detecting blocking directionKamil Dudka
This fixes a regression introduced by commit 0feeab78 limiting the speed of SCP upload to 16384 B/s on a fast connection (such as localhost).
2013-10-12Fixed typo in Makefile.inc that left http2.h out of the tar ballDan Fandrich
2013-10-09curl_setup_once: fix errno access for lwip on WindowsGisle Vanem
lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to set network errors. It doesn't; it uses 'errno'.
2013-10-07HTTP: Output http response 304 when modified time is too oldDerek Higgins
When using the -w '%{http_code}' flag and simulating a Not Modified then 304 should be output.
2013-10-02darwinssl: block TLS_RSA_WITH_NULL_SHA256 cipherNick Zitzmann
Credit (for catching a cipher I forgot to add to the blocked ciphers list): https://www.ssllabs.com/ssltest/viewMyClient.html
2013-10-02OpenSSL: acknowledge CURLOPT_SSL_VERIFYHOST without VERIFYPEERDaniel Stenberg
Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett
2013-09-28win32: fix Visual Studio 2010 build with WINVER >= 0x600Daniel Stenberg
If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform SDK often defaults to high value, e.g. 0x601 (whoch may probably depend on the Windows version being used, in my case Windows 7). If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(), e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's lib/select.h. Make sure HAVE_STRUCT_POLLFD is defined then. Bug: http://curl.haxx.se/bug/view.cgi?id=1282 Reported-by: "kdekker" Patch-by: Marcel Raad
2013-09-28ssluse.c: Fixed compilation warnings when ENGINE not supportedSteve Holme
The function "ssl_ui_reader" was declared but never referenced The function "ssl_ui_writer" was declared but never referenced
2013-09-25imap: Added clarification to the code about odd continuation responsesSteve Holme
2013-09-25ftp.c: Fixed compilation warningSteve Holme
There is an implicit conversion from "unsigned long" to "long"
2013-09-24sasl: Centralised the authentication mechanism stringsSteve Holme
Moved the standard SASL mechanism strings into curl_sasl.h rather than hard coding the same values over and over again in the protocols that use SASL authentication. For more information about the mechanism strings see: http://www.iana.org/assignments/sasl-mechanisms
2013-09-21openssl: use correct port number in error messageDaniel Stenberg
In ossl_connect_step2() when the "Unknown SSL protocol error" occurs, it would output the local port number instead of the remote one which showed when doing SSL over a proxy (but with the correct remote host name). As libcurl only speaks SSL to the remote we know it is the remote port. Bug: http://curl.haxx.se/bug/view.cgi?id=1281 Reported-by: Gordon Marler
2013-09-20pop3: Added basic SASL XOAUTH2 supportSteve Holme
Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "AUTH XOAUTH2 <bearer token>".
2013-09-19darwinssl: enable BEAST workaround on iOS 7 & laterNick Zitzmann
iOS 7 finally added the option to enable 1/n-1 when using TLS 1.0 and a CBC cipher, so we now always turn that on unless the user manually turns it off using CURLSSLOPT_ALLOW_BEAST. It appears Apple also added some new PSK ciphers, but no interface to use them yet, so we at least support printing them if we find them.
2013-09-17cookies: add expirationYAMADA Yasuharu
Implement: Expired Cookies These following situation, curl removes cookie(s) from struct CookieInfo if the cookie expired. - Curl_cookie_add() - Curl_cookie_getlist() - cookie_output()