aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-07-15gnutls: fix compiler warningDaniel Stenberg
conversion to 'int' from 'long int' may alter its value
2014-07-14gnutls: detect lack of SRP support in GnuTLS at run-time and try withoutDan Fandrich
Reported-by: David Woodhouse
2014-07-14gnutls: handle IP address in cert name checkDavid Woodhouse
Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function didn't actually check IP addresses in SubjectAltName, even though it was explicitly documented as doing so. So do it ourselves...
2014-07-14build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_rDan Fandrich
2014-07-13gnutls: improved error message if setting cipher list failsDan Fandrich
Reported-by: David Woodhouse
2014-07-13netrc: fixed thread safety problem by using getpwuid_r if availableDan Fandrich
The old way using getpwuid could cause problems in programs that enable reading from netrc files simultaneously in multiple threads. Reported-by: David Woodhouse
2014-07-12netrc: treat failure to find home dir same as missing netrc fileDan Fandrich
This previously caused a fatal error (with a confusing error code, at that). Reported by: Glen A Johnson Jr.
2014-07-12ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessionsSteve Holme
Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html Reported-by: David Woodhouse
2014-07-12gnutls: fixed a couple of uninitialized variable referencesDan Fandrich
2014-07-12gnutls: fixed compilation against versions < 2.12.0Dan Fandrich
The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but the code path in which they're referenced here is only ever used for somewhat older GnuTLS versions. This caused undeclared identifier errors when compiling against those.
2014-07-12gnutls: explicitly added SRP to the priority stringDan Fandrich
This seems to have become necessary for SRP support to work starting with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS before the function that takes this priority string, there should be no issue with backward compatibility.
2014-07-11gnutls: ignore invalid certificate dates with VERIFYPEER disabledDan Fandrich
This makes the behaviour consistent with what happens if a date can be extracted from the certificate but is expired.
2014-07-09url.c: Fixed memory leak on OOMDan Fandrich
This showed itself on some systems with torture failures in tests 1060 and 1061
2014-07-05Update instances of some obsolete CURLOPTs to their new namesDan Fandrich
2014-07-05compiler warnings: potentially uninitialized variablesMarcel Raad
... pointed out by MSVC2013 Bug: http://curl.haxx.se/bug/view.cgi?id=1391
2014-07-04nss: make the list of CRL items globalKamil Dudka
Otherwise NSS could use an already freed item for another connection.
2014-07-04nss: fix a memory leak when CURLOPT_CRLFILE is usedKamil Dudka
2014-07-04nss: make crl_der allocated on heapKamil Dudka
... and spell it as crl_der instead of crlDER
2014-07-04nss: let nss_{cache,load}_crl return CURLcodeKamil Dudka
2014-07-02progress callback: skip last callback update on errorsRay Satiro
When an error has been detected, skip the final forced call to the progress callback by making sure to pass the current return code variable in the Curl_done() call in the CURLM_STATE_DONE state. This avoids the "extra" callback that could occur even if you returned error from the progress callback. Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html Reported by: Jonathan Cardoso Machado
2014-07-02nss: make the fallback to SSLv3 work againKamil Dudka
This feature was unintentionally disabled by commit ff92fcfb.
2014-07-02nss: do not abort on connection failureKamil Dudka
... due to calling SSL_VersionRangeGet() with NULL file descriptor reported-by: upstream tests 305 and 404
2014-06-21lib: documentation updates in README.hostipColin Hogben
c-ares now does support IPv6; avoid implying threaded resolver is Windows-only; two referenced source files were renamed in 7de2f92
2014-06-15sasl: Added back qop argument mistakenly removed in e95ca7ceDan Fandrich
This caused segfaults on tests 823 869 907.
2014-06-15https: Fix build when http2 is disabledDan Fandrich
2014-06-14http2: better return code error checkingDaniel Stenberg
2014-06-13conncache: move the connection counter to the cache structLindley French
The static connection counter caused a race condition. Moving the connection id counter into conncache solves it, as well as simplifying the related logic.
2014-06-12http2: avoid segfault when usint the plain-text http2Daniel Stenberg
This regression was introduced when *init was split into *init and *setup...
2014-06-11curl_sasl: revert the goto for error bailoutDaniel Stenberg
They were added because of an older code path that used allocations and should not have been left in the code. With this change the logic goes back to how it was.
2014-06-11NTLM: set a fake entropy for debug builds with CURL_ENTROPY setDaniel Stenberg
Curl_rand() will return a dummy and repatable random value for this case. Makes it possible to write test cases that verify output. Also, fake timestamp with CURL_FORCETIME set. Only when built debug enabled of course. Curl_ssl_random() was not used anymore so it has been removed. Curl_rand() is enough. create_digest_md5_message: generate base64 instead of hex string curl_sasl: also fix memory leaks in some OOM situations
2014-06-11Curl_rand: Use a fake entropy for debug builds when CURL_ENTROPY setSteve Holme
2014-06-10getinfo: HTTP CONNECT code not reset between transfersMarcel Raad
httpproxycode is not reset in Curl_initinfo, so a 407 is not reset even if curl_easy_reset is called between transfers. Bug: http://curl.haxx.se/bug/view.cgi?id=1380
2014-06-09transfer: fix info messages when switching method on 301 and 302Alessandro Ghedini
The method change is forbidden by the obsolete RFC2616, but libcurl did it anyway for compatibility reasons. The new RFC7231 allows this behaviour so there's no need for the scary "Violate RFC 2616/10.3.x" notice. Also update the comments accordingly.
2014-06-05config-win32.h: Updated for VC12Steve Holme
Bug: http://curl.haxx.se/bug/view.cgi?id=1378 Reported and Patched-by: Marcel Raad
2014-06-03Curl_ossl_init: call OPENSSL_config for initing enginesDaniel Stenberg
Bug: http://curl.haxx.se/mail/lib-2014-06/0003.html Reported-by: Дмитрий Фалько
2014-06-03random: use Curl_rand() for proper random dataDaniel Stenberg
The SASL/Digest previously used the current time's seconds + microseconds to add randomness but it is much better to instead get more data from Curl_rand(). It will also allow us to easier "fake" that for debug builds on demand in a future.
2014-06-02curl_sasl: Fixed copy/paste error of now.tv_sec in commit eefeb73af4Steve Holme
2014-06-01curl_sasl: Fixed compilation warning under DEBUGBUILDSteve Holme
2014-06-01curl_sasl: Extended native DIGEST-MD5 cnonce to be a 32-byte hex stringSteve Holme
Rather than use a short 8-byte hex string, extended the cnonce to be 32-bytes long, like Windows SSPI does. Used a combination of random data as well as the current date and time for the generation.
2014-06-01curl_sasl_sspi: Fixed corrupt hostname in DIGEST-MD5 SPN generationSteve Holme
2014-05-28gnutls: allow building with nghttp2 but without ALPN supportDaniel Stenberg
It might not be the most useful combo, but...
2014-05-28gnutls: don't use deprecated type names anymoreAlessandro Ghedini
2014-05-27select: with winsock, avoid passing unsupported arguments to select()Brad Spencer
"Any two of the parameters, readfds, writefds, or exceptfds, can be given as null. At least one must be non-null, and any non-null descriptor set must contain at least one handle to a socket." http://msdn.microsoft.com/en-ca/library/windows/desktop/ms740141(v=vs.85).aspx When using select(), cURL doesn't adhere to this (WinSock-specific) rule, and can ask to monitor empty fd_sets, which leads to select() returning WSAEINVAL (i.e. EINVAL) and connections failing in mysterious ways as a result (at least when using the curl_multi_socket_action() interface). Bug: http://curl.haxx.se/mail/lib-2014-05/0278.html
2014-05-26url-parser: only use if_nametoindex if detected by configureDaniel Stenberg
The previous #ifdef detection wasn't good enough. Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html Reported-by: Chris Young
2014-05-25polarssl: add ALPN supportFabian Frank
PolarSSL added ALPN support in their 1.3.6 release. See: https://polarssl.org/tech-updates/releases/polarssl-1.3.6-released
2014-05-24curl_easy_reset: reset the URLDaniel Stenberg
Make sure that the URL is reset and cleared. Bug: http://curl.haxx.se/mail/lib-2014-05/0235.html Reported-by: Jonathan Cardoso Machado
2014-05-23openssl: Fix uninitialized variable use in NPN callbackTatsuhiro Tsujikawa
OpenSSL passes out and outlen variable uninitialized to select_next_proto_cb callback function. If the callback function returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled values in out and outlen and processes as such. Previously, if there is no overlap in protocol lists, curl code does not fill any values in these variables and returns SSL_TLSEXT_ERR_OK, which means we are triggering undefined behavior. valgrind warns this. This patch fixes this issue by fallback to HTTP/1.1 if there is no overlap.
2014-05-22tool_getparam.c: Fixed compilation warningsSteve Holme
There is an implicit conversion from "unsigned long" to "long"
2014-05-22http: Fix a compiler warning when http2 support is disabledDan Fandrich
2014-05-21darwinssl: fix lint & build warnings in the previous commitNick Zitzmann