- Oct 15, 2013
-
-
Tyler Hall authored
According to the documentation for libssh2_userauth_list(), a NULL return value is not necessarily an error. You must call libssh2_userauth_authenticated() to determine if the SSH_USERAUTH_NONE request was successful. This fixes a segv when using sftp on a server that allows logins with an empty password. When NULL was interpreted as an error, it would free the session but not flag an error since the libssh2 errno would be clear. This resulted in dereferencing a NULL session pointer. Signed-off-by: Tyler Hall <tylerwhall@gmail.com>
-
Gergely Nagy authored
CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, CURL_SSLVERSION_TLSv1_2 enum values are added to force exact TLS version (CURL_SSLVERSION_TLSv1 means TLS 1.x). axTLS: axTLS only supports TLS 1.0 and 1.1 but it cannot be set that only one of these should be used, so we don't allow the new enum values. darwinssl: Added support for the new enum values. SChannel: Added support for the new enum values. CyaSSL: Added support for the new enum values. Bug: The original CURL_SSLVERSION_TLSv1 value enables only TLS 1.0 (it did the same before this commit), because CyaSSL cannot be configured to use TLS 1.0-1.2. GSKit: GSKit doesn't seem to support TLS 1.1 and TLS 1.2, so we do not allow those values. Bugfix: There was a typo that caused wrong SSL versions to be passed to GSKit. NSS: TLS minor version cannot be set, so we don't allow the new enum values. QsoSSL: TLS minor version cannot be set, so we don't allow the new enum values. OpenSSL: Added support for the new enum values. Bugfix: The original CURL_SSLVERSION_TLSv1 value enabled only TLS 1.0, now it enables 1.0-1.2. Command-line tool: Added command line options for the new values.
-
- Oct 14, 2013
-
-
Nick Zitzmann authored
SecPKCS12Import() returns a few errors that are enumerated in OS X's headers but not in iOS' headers for some reason.
-
- Oct 13, 2013
-
-
Daniel Stenberg authored
Reported-by: Petr Pisar
-
Andrej E Baranov authored
Write to CURLOPT_ERRORBUFFER information about mismatch alternative certificate subject names. Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru>
-
- Oct 12, 2013
-
-
Kamil Dudka authored
This fixes a regression introduced by commit 0feeab78 limiting the speed of SCP upload to 16384 B/s on a fast connection (such as localhost).
-
Dan Fandrich authored
-
- Oct 09, 2013
-
-
Gisle Vanem authored
lib/curl_setup_once.h assumed lwIP on Windows uses 'SetLastError()' to set network errors. It doesn't; it uses 'errno'.
-
- Oct 07, 2013
-
-
Derek Higgins authored
When using the -w '%{http_code}' flag and simulating a Not Modified then 304 should be output.
-
- Oct 03, 2013
-
-
Nick Zitzmann authored
Credit (for catching a cipher I forgot to add to the blocked ciphers list): https://www.ssllabs.com/ssltest/viewMyClient.html
-
- Oct 02, 2013
-
-
Daniel Stenberg authored
Setting only CURLOPT_SSL_VERIFYHOST without CURLOPT_SSL_VERIFYPEER set should still verify that the host name fields in the server certificate is fine or return failure. Bug: http://curl.haxx.se/mail/lib-2013-10/0002.html Reported-by: Ishan SinghLevett
-
- Sep 28, 2013
-
-
Daniel Stenberg authored
If no WINVER and/or _WIN32_IWNNT define was set, the Windows platform SDK often defaults to high value, e.g. 0x601 (whoch may probably depend on the Windows version being used, in my case Windows 7). If WINVER >= 0x600 then winsock2.h includes some defines for WSAPoll(), e.g. POLLIN, POLLPRI, POLLOUT etc. These defines clash with cURL's lib/select.h. Make sure HAVE_STRUCT_POLLFD is defined then. Bug: http://curl.haxx.se/bug/view.cgi?id=1282 Reported-by: "kdekker" Patch-by: Marcel Raad
-
Steve Holme authored
The function "ssl_ui_reader" was declared but never referenced The function "ssl_ui_writer" was declared but never referenced
-
- Sep 25, 2013
-
-
Steve Holme authored
-
Steve Holme authored
There is an implicit conversion from "unsigned long" to "long"
-
- Sep 24, 2013
-
-
Steve Holme authored
Moved the standard SASL mechanism strings into curl_sasl.h rather than hard coding the same values over and over again in the protocols that use SASL authentication. For more information about the mechanism strings see: http://www.iana.org/assignments/sasl-mechanisms
-
- Sep 21, 2013
-
-
Daniel Stenberg authored
In ossl_connect_step2() when the "Unknown SSL protocol error" occurs, it would output the local port number instead of the remote one which showed when doing SSL over a proxy (but with the correct remote host name). As libcurl only speaks SSL to the remote we know it is the remote port. Bug: http://curl.haxx.se/bug/view.cgi?id=1281 Reported-by: Gordon Marler
-
- Sep 20, 2013
-
-
Steve Holme authored
Added the ability to use an XOAUTH2 bearer token [RFC6750] with POP3 for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "AUTH XOAUTH2 <bearer token>".
-
- Sep 19, 2013
-
-
Nick Zitzmann authored
iOS 7 finally added the option to enable 1/n-1 when using TLS 1.0 and a CBC cipher, so we now always turn that on unless the user manually turns it off using CURLSSLOPT_ALLOW_BEAST. It appears Apple also added some new PSK ciphers, but no interface to use them yet, so we at least support printing them if we find them.
-
- Sep 17, 2013
-
-
Yamada Yasuharu authored
Implement: Expired Cookies These following situation, curl removes cookie(s) from struct CookieInfo if the cookie expired. - Curl_cookie_add() - Curl_cookie_getlist() - cookie_output()
-
Steve Holme authored
Avoid 'interface' literal that some MinGW versions define as a macro Additionally, corrected some very, very minor coding style errors.
-
- Sep 14, 2013
-
-
Steve Holme authored
-
- Sep 12, 2013
-
-
Kim Vandry authored
-
- Sep 11, 2013
-
-
Steve Holme authored
-
- Sep 10, 2013
-
-
Daniel Stenberg authored
Solaris with the SunStudio Compiler is reportedly missing this define, but as we're using it without any good reason on all the places it was used I've now instead switched to just use sensible buffer sizes that fit a 32 bit decimal number. Which also happens to be smaller than the common NI_MAXSERV value which is 32 on most machines. Bug: http://curl.haxx.se/bug/view.cgi?id=1277 Reported-by: D.Flinkmann
-
Daniel Stenberg authored
... instead of HTTP/2.0 to work fine with the nghttpx proxy/server.
-
Steve Holme authored
warning: comparison between signed and unsigned integer expressions
-
Jiri Hruska authored
Don't wait for the next callback call (usually 1 second) before continuing with protocol specific connection initialization.
-
Steve Holme authored
-
- Sep 09, 2013
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
This function was modified in nghttp2 git commit a1c3f89c72e51
-
Kamil Dudka authored
Otherwise, the FTP protocol would unnecessarily hang 60 seconds if aborted in the CURLOPT_HEADERFUNCTION callback. Reported by: Tomas Mlcoch Bug: https://bugzilla.redhat.com/1005686
-
Daniel Stenberg authored
Make sure that the custom struct fields are only used by code that doesn't use a struct defintion from the outside. Attempts to fix the problem introduced in 3dc6fc42
-
Jiri Hruska authored
Otherwise the connection can get stuck during various phases, waiting for new data on the socket using select() etc., but it will never be received as the data has already been read into SSL library.
-
Steve Holme authored
The transfer size would be calculated incorrectly if the email contained within the FETCH response, had been partially received by the pingpong layer. As such the following, example output, would be seen if the amount remaining was smaller than the amount received: * Excess found in a non pipelined read: excess = 1394, size = 262, maxdownload = 262, bytecount = 1374 * transfer closed with -1112 bytes remaining to read Bug: http://curl.haxx.se/mail/lib-2013-08/0170.html Reported-by: John Dunn
-
- Sep 07, 2013
-
-
Daniel Stenberg authored
Detected by test 1132
-
Nick Zitzmann authored
When building the code using LLVM Clang without NGHTTP2, I was getting this warning: ../lib/http.h:155:1: warning: empty struct is a GNU extension [-Wgnu] Placing a dummy variable into the data structure silenced the warning.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-