Loading docs/KNOWN_BUGS +6 −16 Original line number Diff line number Diff line Loading @@ -24,10 +24,9 @@ problems may have been fixed or changed somewhat since this was written! 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 2. TLS 2.1 Hangs with PolarSSL 2.2 CURLINFO_SSL_VERIFYRESULT has limited support 2.3 DER in keychain 2.4 GnuTLS backend skips really long certificate fields 2.1 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 DER in keychain 2.3 GnuTLS backend skips really long certificate fields 3. Email protocols 3.1 IMAP SEARCH ALL truncated response Loading Loading @@ -207,26 +206,17 @@ problems may have been fixed or changed somewhat since this was written! 2. TLS 2.1 Hangs with PolarSSL "curl_easy_perform hangs with imap and PolarSSL" https://github.com/curl/curl/issues/334 Most likely, a fix similar to commit c111178bd4 (for mbedTLS) is necessary. Or if we just wait a little longer we'll rip out all support for PolarSSL instead... 2.2 CURLINFO_SSL_VERIFYRESULT has limited support 2.1 CURLINFO_SSL_VERIFYRESULT has limited support CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS backends, so relying on this information in a generic app is flaky. 2.3 DER in keychain 2.2 DER in keychain Curl doesn't recognize certificates in DER format in keychain, but it works with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 2.4 GnuTLS backend skips really long certificate fields 2.3 GnuTLS backend skips really long certificate fields libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the field is too long in the cert, it'll just return an error and the field will Loading lib/vtls/polarssl.c +8 −0 Original line number Diff line number Diff line Loading @@ -816,4 +816,12 @@ void Curl_polarssl_cleanup(void) (void)Curl_polarsslthreadlock_thread_cleanup(); } int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) { ssl_context *ssl = (ssl_context *)&conn->ssl[sockindex].ssl; return ssl->in_msglen != 0; } #endif /* USE_POLARSSL */ lib/vtls/polarssl.h +2 −1 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ /* Called on first use PolarSSL, setup threading if supported */ int Curl_polarssl_init(void); void Curl_polarssl_cleanup(void); int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); Loading Loading @@ -69,7 +70,7 @@ int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_version Curl_polarssl_version #define curlssl_check_cxn(x) ((void)x, -1) #define curlssl_data_pending(x,y) ((void)x, (void)y, 0) #define curlssl_data_pending(x,y) Curl_polarssl_data_pending(x, y) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) /* This might cause libcurl to use a weeker random! Loading Loading
docs/KNOWN_BUGS +6 −16 Original line number Diff line number Diff line Loading @@ -24,10 +24,9 @@ problems may have been fixed or changed somewhat since this was written! 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 2. TLS 2.1 Hangs with PolarSSL 2.2 CURLINFO_SSL_VERIFYRESULT has limited support 2.3 DER in keychain 2.4 GnuTLS backend skips really long certificate fields 2.1 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 DER in keychain 2.3 GnuTLS backend skips really long certificate fields 3. Email protocols 3.1 IMAP SEARCH ALL truncated response Loading Loading @@ -207,26 +206,17 @@ problems may have been fixed or changed somewhat since this was written! 2. TLS 2.1 Hangs with PolarSSL "curl_easy_perform hangs with imap and PolarSSL" https://github.com/curl/curl/issues/334 Most likely, a fix similar to commit c111178bd4 (for mbedTLS) is necessary. Or if we just wait a little longer we'll rip out all support for PolarSSL instead... 2.2 CURLINFO_SSL_VERIFYRESULT has limited support 2.1 CURLINFO_SSL_VERIFYRESULT has limited support CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS backends, so relying on this information in a generic app is flaky. 2.3 DER in keychain 2.2 DER in keychain Curl doesn't recognize certificates in DER format in keychain, but it works with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 2.4 GnuTLS backend skips really long certificate fields 2.3 GnuTLS backend skips really long certificate fields libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the field is too long in the cert, it'll just return an error and the field will Loading
lib/vtls/polarssl.c +8 −0 Original line number Diff line number Diff line Loading @@ -816,4 +816,12 @@ void Curl_polarssl_cleanup(void) (void)Curl_polarsslthreadlock_thread_cleanup(); } int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) { ssl_context *ssl = (ssl_context *)&conn->ssl[sockindex].ssl; return ssl->in_msglen != 0; } #endif /* USE_POLARSSL */
lib/vtls/polarssl.h +2 −1 Original line number Diff line number Diff line Loading @@ -31,6 +31,7 @@ /* Called on first use PolarSSL, setup threading if supported */ int Curl_polarssl_init(void); void Curl_polarssl_cleanup(void); int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); Loading Loading @@ -69,7 +70,7 @@ int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_version Curl_polarssl_version #define curlssl_check_cxn(x) ((void)x, -1) #define curlssl_data_pending(x,y) ((void)x, (void)y, 0) #define curlssl_data_pending(x,y) Curl_polarssl_data_pending(x, y) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) /* This might cause libcurl to use a weeker random! Loading
