- Jun 13, 2013
-
-
Daniel Stenberg authored
Mention 7 recent bug fixes and their associated contributors
-
Daniel Stenberg authored
-
Daniel Stenberg authored
When curl_multi_wait() finds no file descriptor to wait for, it returns instantly and this must be handled gracefully within curl_easy_perform() or cause a busy-loop. Starting now, repeated fast returns without any file descriptors is detected and a gradually increasing sleep will be used (up to a max of 1000 milliseconds) before continuing the loop. Bug: http://curl.haxx.se/bug/view.cgi?id=1238 Reported-by: Miguel Angel
-
- Jun 12, 2013
-
-
Yamada Yasuharu authored
The initial fix to only compare full path names were done in commit 04f52e9b but found out to be incomplete. This takes should make the change more complete and there's now two additional tests to verify (test 31 and 62).
-
Sergei Nikulov authored
Makes it build on windows
-
Eric Hu authored
-
Eric Hu authored
-
- Jun 10, 2013
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
By always returning the md5 for an empty body when auth-int is asked for, libcurl now at least sometimes does the right thing. Bug: http://curl.haxx.se/bug/view.cgi?id=1235 Patched-by: Nach M. S.
-
Daniel Stenberg authored
Allow less room for "triggered too early" mistakes by applications / timers on non-windows platforms. Starting now, we assume that a timeout call is never made earlier than 3 milliseconds before the actual timeout. This greatly improves timeout accuracy on Linux. Bug: http://curl.haxx.se/bug/view.cgi?id=1228 Reported-by: Hang Su
-
Daniel Stenberg authored
In the pkcs12 code, we get a list of x509 records returned from PKCS12_parse but when iterating over the list and passing each to SSL_CTX_add_extra_chain_cert() we didn't also properly remove them from the "stack", which made them get freed twice (both in sk_X509_pop_free() and then later in SSL_CTX_free). This isn't really documented anywhere... Bug: http://curl.haxx.se/bug/view.cgi?id=1236 Reported-by: Nikaiw
-
Daniel Stenberg authored
-
- Jun 07, 2013
-
-
Aleksey Tulinov authored
When VERIFYHOST == 0, libcurl should let invalid certificates to pass.
-
Peter Gal authored
Update the documentation on how to specify a HTTP header with no content.
-
Daniel Stenberg authored
Added 11 bugs and 7 contributors
-
- Jun 06, 2013
-
-
Daniel Stenberg authored
After curl_multi_wait() returns, this test checked that we got exactly one file descriptor told to read from, but we cannot be sure that is true. curl_multi_wait() will sometimes return earlier without any file descriptor to handle, just just because it is a suitable time to call *perform(). This problem showed up with commit 29bf0598. Bug: http://curl.haxx.se/mail/lib-2013-06/0029.html Reported-by: Fabian Keil
-
- Jun 04, 2013
-
-
Daniel Stenberg authored
Bug: http://curl.haxx.se/bug/view.cgi?id=1239 Reported-by: Christian Weisgerber
-
Daniel Stenberg authored
-
Daniel Stenberg authored
If an ipv6-address is provided to CONNECT, the last hexadecimal group in the address will be used as the test number! For example the address "[1234::ff]" would be treated as test case 255.
-
Daniel Stenberg authored
commit 29bf0598 introduced a problem when the "internal" timeout is prefered to the given if shorter, as it didn't consider the case where -1 was returned. Now the internal timeout is only considered if not -1. Reported-by: Tor Arntsen Bug: http://curl.haxx.se/mail/lib-2013-06/0015.html
-
- Jun 03, 2013
-
-
Dan Fandrich authored
Also added a (correctly-escaped) backslash to the autoexec.bat example file and a new Windows character device name with a colon as examples of other characters that are special and potentially dangerous (this reverts and reworks commit 7d8d2a54).
-
Daniel Stenberg authored
If the multi handle's pending timeout is less than what is passed into this function, it will now opt to use the shorter time anyway since it is a very good hint that the handle wants to process something in a shorter time than what otherwise would happen. curl_multi_wait.3 was updated accordingly to clarify This is the reason for bug #1224 Bug: http://curl.haxx.se/bug/view.cgi?id=1224 Reported-by: Andrii Moiseiev
-
Daniel Stenberg authored
... because there's an identical check right next to it so using the operators in the check in the same order increases readability.
-
- Jun 02, 2013
-
-
Marc Hoersken authored
-
Marc Hoersken authored
-
- May 30, 2013
-
-
Daniel Stenberg authored
-
- May 28, 2013
-
-
Daniel Stenberg authored
A single backslash in the content is not legal nroff syntax. Reported and fixed by: Eric S. Raymond Bug: http://curl.haxx.se/bug/view.cgi?id=1234
-
Daniel Stenberg authored
Reported and fixed by: Eric S. Raymond Bug: http://curl.haxx.se/bug/view.cgi?id=1233
-
Daniel Stenberg authored
-
- May 27, 2013
-
-
Daniel Stenberg authored
When sending the HTTP Authorization: header for digest, the user name needs to be escaped if it contains a double-quote or backslash. Test 1229 was added to verify Reported and fixed by: Nach M. S Bug: http://curl.haxx.se/bug/view.cgi?id=1230
-
- May 22, 2013
-
-
Mike Giancola authored
SSL_read can return 0 for "not successful", according to the open SSL documentation: http://www.openssl.org/docs/ssl/SSL_read.html
-
Mike Giancola authored
We found that in specific cases if the connection is abruptly closed, the underlying socket is listed in a close_wait state. We continue to call the curl_multi_perform, curl_mutli_fdset etc. None of these APIs report the socket closed / connection finished. Since we have cases where the multi connection is only used once, this can pose a problem for us. I've read that if another connection was to come in, curl would see the socket as bad and attempt to close it at that time - unfortunately, this does not work for us. I found that in specific situations, if SSL_write returns 0, curl did not recognize the socket as closed (or errored out) and did not report it to the application. I believe we need to change the code slightly, to check if ssl_write returns 0. If so, treat it as an error - the same as a negative return code. For OpenSSL - the ssl_write documentation is here: http://www.openssl.org/docs/ssl/SSL_write.html
-
- May 21, 2013
-
-
Daniel Stenberg authored
Bug: http://curl.haxx.se/bug/view.cgi?id=1169
-
Daniel Stenberg authored
1 - don't skip host names with a colon in them in an attempt to bail out on HTTP headers in the cookie file parser. It was only a shortcut anyway and trying to parse a file with HTTP headers will still be handled, only slightly slower. 2 - don't skip domain names based on number of dots. The original netscape cookie spec had this oddity mentioned and while our code decreased the check to only check for two, the existing cookie spec has no such dot counting required. Bug: http://curl.haxx.se/bug/view.cgi?id=1221 Reported-by: Stefan Neis
-
- May 20, 2013
-
-
Daniel Stenberg authored
Explain the callback and its arguments better and with more descriptive text.
-
- May 19, 2013
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
David Strauss authored
Add an XML stream parsing example using Expat. Add missing ignore for the binary from an unrelated example.
-
- May 18, 2013
-
-
Yamada Yasuharu authored
I found a bug which cURL sends cookies to the path not to aim at. For example: - cURL sends a request to http://example.fake/hoge/ - server returns cookie which with path=/hoge; the point is there is NOT the '/' end of path string. - cURL sends a request to http://example.fake/hogege/ with the cookie. The reason for this old "feature" is because that behavior is what is described in the original netscape cookie spec: http://curl.haxx.se/rfc/cookie_spec.html The current cookie spec (RFC6265) clarifies the situation: http://tools.ietf.org/html/rfc6265#section-5.2.4
-
- May 16, 2013
-
-
Eric Hu authored
-