- Sep 12, 2014
-
-
Ray Satiro authored
I use the curl repo mainly on Windows with the typical Windows git checkout which converts the LF line endings in the curl repo to CRLF automatically on checkout. The automatic conversion is not done on files in the repo with mixed line endings. I recently noticed some weird output with projects/build-openssl.bat that I traced back to mixed line endings, so I scanned the repo and there are files (excluding the test data) that have mixed line endings. I used this command below to do the scan. Unfortunately it's not as easy as git grep, at least not on Windows. This gets the names of all the files in the repo's HEAD, gets each of those files raw from HEAD, checks for mixed line endings of both LF and CRLF, and prints the name if mixed. I excluded path tests/data/test* because those can have mixed line endings if I understand correctly. for f in `git ls-tree --name-only --full-tree -r HEAD`; do if [ -n "${f##tests/data/test*}" ]; then git show "HEAD:$f" | \ ...
-
- Sep 11, 2014
-
-
Viktor Szakats authored
-
Daniel Stenberg authored
It interprets them as italic indictors unless we backtick the word.
-
- Sep 10, 2014
-
-
Daniel Stenberg authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
Added support for Kerberos 5 to the email protocols following the recent additions in 7.38.0. Removed Kerberos 4 as this has been gone for a while now.
-
Paul Howarth authored
Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
-
Daniel Stenberg authored
As a sort of step forward, this script will now first try to get the data from the HTTPS URL using curl, and only if that fails it will switch back to the HTTP transfer using perl's native LWP functionality. To reduce the risk of this script being tricked. Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so we can't really ever completely disable HTTP, but chances are that most users already have a ca cert bundle that trusts the mozilla.org site that this script downloads from. A future version of this script will probably switch to require a dedicated "insecure" command line option to allow downloading over HTTP (or unverified HTTPS).
-
Daniel Stenberg authored
krb4 has been dropped since a while now
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Edited format to look better on the web, added a "it is about trust" section.
-
Daniel Stenberg authored
CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html
-
Tim Rühsen authored
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
-
- Sep 09, 2014
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Only minor edits to make it generate nice HTML output using markdown, as this document serves both in source release tarballs as on the web site. URL: http://curl.haxx.se/docs/sslcerts.html
-
Daniel Stenberg authored
Reported-By: Frank Gevaerts
-
- Sep 08, 2014
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Catalin Patulea authored
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Sep 07, 2014
-
-
Daniel Stenberg authored
-
Brandon Casey authored
Historically the default "unknown" value for progress.size_dl and progress.size_ul has been zero, since these values are initialized implicitly by the calloc that allocates the curl handle that these variables are a part of. Users of curl that install progress callbacks may expect these values to always be >= 0. Currently it is possible for progress.size_dl and progress.size_ul to by set to a value of -1, if Curl_pgrsSetDownloadSize() or Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few places currently do, and a following patch will add more). So lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() so they make sure that these variables always contain a value that is >= 0. Updates test579 and test599. Signed-off-by: Brandon Casey <drafnel@gmail.com>
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
As the current element in the list is free()d by Curl_llist_remove(), when the associated connection is pending, reworked the loop to avoid accessing the next element through e->next afterward.
-
- Sep 06, 2014
-
-
Steve Holme authored
warning: implicit conversion from enumeration type 'CURLMcode' to different enumeration type 'CURLcode'
-
Steve Holme authored
Small follow up to commit 898808fa to use auth constants rather than hard code value when clearing picked authentication mechanism.
-
Steve Holme authored
-
- Sep 05, 2014
-
-
Vilmos Nebehaj authored
SecCertificateCopyPublicKey() is not available on iPhone. Use CopyCertSubject() instead to see if the certificate returned by SecCertificateCreateWithData() is valid. Reported-by: Toby Peterson
-
- Sep 04, 2014
-
-
Steve Holme authored
-