Loading docs/KNOWN_BUGS +6 −16 Original line number Original line Diff line number Diff line Loading @@ -24,10 +24,9 @@ problems may have been fixed or changed somewhat since this was written! 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 2. TLS 2. TLS 2.1 Hangs with PolarSSL 2.1 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 DER in keychain 2.3 DER in keychain 2.3 GnuTLS backend skips really long certificate fields 2.4 GnuTLS backend skips really long certificate fields 3. Email protocols 3. Email protocols 3.1 IMAP SEARCH ALL truncated response 3.1 IMAP SEARCH ALL truncated response Loading Loading @@ -207,26 +206,17 @@ problems may have been fixed or changed somewhat since this was written! 2. TLS 2. TLS 2.1 Hangs with PolarSSL 2.1 CURLINFO_SSL_VERIFYRESULT has limited support "curl_easy_perform hangs with imap and PolarSSL" https://github.com/curl/curl/issues/334 Most likely, a fix similar to commit c111178bd4 (for mbedTLS) is necessary. Or if we just wait a little longer we'll rip out all support for PolarSSL instead... 2.2 CURLINFO_SSL_VERIFYRESULT has limited support CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS backends, so relying on this information in a generic app is flaky. backends, so relying on this information in a generic app is flaky. 2.3 DER in keychain 2.2 DER in keychain Curl doesn't recognize certificates in DER format in keychain, but it works Curl doesn't recognize certificates in DER format in keychain, but it works with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 2.4 GnuTLS backend skips really long certificate fields 2.3 GnuTLS backend skips really long certificate fields libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the field is too long in the cert, it'll just return an error and the field will field is too long in the cert, it'll just return an error and the field will Loading lib/vtls/polarssl.c +8 −0 Original line number Original line Diff line number Diff line Loading @@ -816,4 +816,12 @@ void Curl_polarssl_cleanup(void) (void)Curl_polarsslthreadlock_thread_cleanup(); (void)Curl_polarsslthreadlock_thread_cleanup(); } } int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) { ssl_context *ssl = (ssl_context *)&conn->ssl[sockindex].ssl; return ssl->in_msglen != 0; } #endif /* USE_POLARSSL */ #endif /* USE_POLARSSL */ lib/vtls/polarssl.h +2 −1 Original line number Original line Diff line number Diff line Loading @@ -31,6 +31,7 @@ /* Called on first use PolarSSL, setup threading if supported */ /* Called on first use PolarSSL, setup threading if supported */ int Curl_polarssl_init(void); int Curl_polarssl_init(void); void Curl_polarssl_cleanup(void); void Curl_polarssl_cleanup(void); int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); Loading Loading @@ -69,7 +70,7 @@ int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_version Curl_polarssl_version #define curlssl_version Curl_polarssl_version #define curlssl_check_cxn(x) ((void)x, -1) #define curlssl_check_cxn(x) ((void)x, -1) #define curlssl_data_pending(x,y) ((void)x, (void)y, 0) #define curlssl_data_pending(x,y) Curl_polarssl_data_pending(x, y) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) /* This might cause libcurl to use a weeker random! /* This might cause libcurl to use a weeker random! Loading Loading
docs/KNOWN_BUGS +6 −16 Original line number Original line Diff line number Diff line Loading @@ -24,10 +24,9 @@ problems may have been fixed or changed somewhat since this was written! 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 1.11 CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM 2. TLS 2. TLS 2.1 Hangs with PolarSSL 2.1 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 CURLINFO_SSL_VERIFYRESULT has limited support 2.2 DER in keychain 2.3 DER in keychain 2.3 GnuTLS backend skips really long certificate fields 2.4 GnuTLS backend skips really long certificate fields 3. Email protocols 3. Email protocols 3.1 IMAP SEARCH ALL truncated response 3.1 IMAP SEARCH ALL truncated response Loading Loading @@ -207,26 +206,17 @@ problems may have been fixed or changed somewhat since this was written! 2. TLS 2. TLS 2.1 Hangs with PolarSSL 2.1 CURLINFO_SSL_VERIFYRESULT has limited support "curl_easy_perform hangs with imap and PolarSSL" https://github.com/curl/curl/issues/334 Most likely, a fix similar to commit c111178bd4 (for mbedTLS) is necessary. Or if we just wait a little longer we'll rip out all support for PolarSSL instead... 2.2 CURLINFO_SSL_VERIFYRESULT has limited support CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS CURLINFO_SSL_VERIFYRESULT is only implemented for the OpenSSL and NSS backends, so relying on this information in a generic app is flaky. backends, so relying on this information in a generic app is flaky. 2.3 DER in keychain 2.2 DER in keychain Curl doesn't recognize certificates in DER format in keychain, but it works Curl doesn't recognize certificates in DER format in keychain, but it works with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 with PEM. https://curl.haxx.se/bug/view.cgi?id=1065 2.4 GnuTLS backend skips really long certificate fields 2.3 GnuTLS backend skips really long certificate fields libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the libcurl calls gnutls_x509_crt_get_dn() with a fixed buffer size and if the field is too long in the cert, it'll just return an error and the field will field is too long in the cert, it'll just return an error and the field will Loading
lib/vtls/polarssl.c +8 −0 Original line number Original line Diff line number Diff line Loading @@ -816,4 +816,12 @@ void Curl_polarssl_cleanup(void) (void)Curl_polarsslthreadlock_thread_cleanup(); (void)Curl_polarsslthreadlock_thread_cleanup(); } } int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex) { ssl_context *ssl = (ssl_context *)&conn->ssl[sockindex].ssl; return ssl->in_msglen != 0; } #endif /* USE_POLARSSL */ #endif /* USE_POLARSSL */
lib/vtls/polarssl.h +2 −1 Original line number Original line Diff line number Diff line Loading @@ -31,6 +31,7 @@ /* Called on first use PolarSSL, setup threading if supported */ /* Called on first use PolarSSL, setup threading if supported */ int Curl_polarssl_init(void); int Curl_polarssl_init(void); void Curl_polarssl_cleanup(void); void Curl_polarssl_cleanup(void); int Curl_polarssl_data_pending(const struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); CURLcode Curl_polarssl_connect(struct connectdata *conn, int sockindex); Loading Loading @@ -69,7 +70,7 @@ int Curl_polarssl_shutdown(struct connectdata *conn, int sockindex); #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_engines_list(x) ((void)x, (struct curl_slist *)NULL) #define curlssl_version Curl_polarssl_version #define curlssl_version Curl_polarssl_version #define curlssl_check_cxn(x) ((void)x, -1) #define curlssl_check_cxn(x) ((void)x, -1) #define curlssl_data_pending(x,y) ((void)x, (void)y, 0) #define curlssl_data_pending(x,y) Curl_polarssl_data_pending(x, y) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) #define curlssl_sha256sum(a,b,c,d) sha256(a,b,c,0) /* This might cause libcurl to use a weeker random! /* This might cause libcurl to use a weeker random! Loading
