Commits · 2286f566d03fdab4e3ab3d73998a42ffa95e801d · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Nov 12, 2009

- libcurl-NSS now tries to reconnect with TLS disabled in case it detects · 571309dc

Kamil Dudka authored Nov 12, 2009

  a broken TLS server. However it does not happen if SSL version is selected
  manually. The approach was originally taken from PSM. Kaspar Brand helped me
  to complete the patch. Original bug reports:
  https://bugzilla.redhat.com/525496
  https://bugzilla.redhat.com/527771

571309dc

- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly · d547d00f

Kamil Dudka authored Nov 12, 2009

  closed NSPR descriptor. The issue was hard to find, reported several times
  before and always closed unresolved. More info at the RH bug:
  https://bugzilla.redhat.com/534176

d547d00f

Nov 05, 2009
- - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works · 676e0c28
  Kamil Dudka authored Nov 05, 2009
```
  in non-blocking mode.
```
  676e0c28
Oct 28, 2009

Since the NSS lib closes the socket the memory tracking system wrongly gets a · 6a79b0e8

Daniel Stenberg authored Oct 28, 2009

false positive on a leaked socket, so this introduces a way to tell the system
that the socket is indeed closed without explicitly closing it!

6a79b0e8

Oct 18, 2009
- - Kevin Baughman found a double close() problem with libcurl-NSS, as when · 167a9281
  Daniel Stenberg authored Oct 18, 2009
```
  libcurl called NSS to close the SSL "session" it also closed the actual
  socket.
```
  167a9281
Oct 07, 2009
- fix gcc warnings in lib/nss.c · b38e28b6
  Kamil Dudka authored Oct 07, 2009
  
  b38e28b6
Sep 21, 2009

added support for new SQLite cert database format: added a runtime check for... · 9448659f

Guenter Knauf authored Sep 21, 2009

added support for new SQLite cert database format: added a runtime check for version 3.12.0, and depending on the result add 'sql:' prefix to cert database directory so that newer SQLIte database format works.

9448659f

added aditional check for the directory specified with SSL_DIR, and fall back... · 40027148
Guenter Knauf authored Sep 21, 2009
```
added aditional check for the directory specified with SSL_DIR, and fall back to hardcoded directory if not a valid directory.
```
40027148

Sep 08, 2009
- added debug output for NSS certpath. · 5d4a1e24
  Guenter Knauf authored Sep 08, 2009
  
  5d4a1e24
Sep 06, 2009
- added casts to silent compiler warning on 64bit systems. · 5e379634
  Guenter Knauf authored Sep 06, 2009
  
  5e379634
- use our define struct_stat to be compatible with largefile support. · 56a161e0
  Guenter Knauf authored Sep 06, 2009
  
  56a161e0
- added base64.h include to silent warnings about missing prototype for ATOB_ConvertAsciiToItem. · 2786ecae
  Guenter Knauf authored Sep 06, 2009
  
  2786ecae
Aug 28, 2009
- - Improved error message for not matching certificate subject name in · 1a255e0e
  Kamil Dudka authored Aug 28, 2009
```
  libcurl-NSS. Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9
```
  1a255e0e
Aug 13, 2009
- - Changed NSS code to not ignore the value of ssl.verifyhost and produce more · 6293fe98
  Kamil Dudka authored Aug 13, 2009
```
  verbose error messages. Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=516056
```
  6293fe98
Jul 20, 2009

- Claes Jakobsson improved the support for client certificates handling · 5f0cae80

Kamil Dudka authored Jul 20, 2009

  in NSS-powered libcurl. Now the client certificates can be selected
  automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
  slots is no more performed. It used to cause problems with HW tokens.

- Fixed reference counting for NSS client certificates. Now the PEM reader
  module should be always properly unloaded on Curl_nss_cleanup(). If the unload
  fails though, libcurl will try to reuse the already loaded instance.

5f0cae80

Jun 08, 2009
- - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount · 3e0c067e
  Daniel Stenberg authored Jun 08, 2009
```
  issue with client certs that caused issues like segfaults.
  http://curl.haxx.se/mail/lib-2009-05/0316.html
```
  3e0c067e
May 28, 2009
- Fixed a few comment typos (from the FreeBSD ports) · 15eaf27b
  Dan Fandrich authored May 28, 2009
  
  15eaf27b
May 27, 2009
- - Claes Jakobsson fixed libcurl-NSS to build fine even without the · 0bf9c1e8
  Daniel Stenberg authored May 27, 2009
```
  PK11_CreateGenericObject() function.
```
  0bf9c1e8
May 11, 2009

- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth · 6e1632c6

Daniel Stenberg authored May 11, 2009

at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12

If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.

6e1632c6

Apr 24, 2009
- - Kamil Dudka fixed another NSS-related leak when client certs were used. · 828a2628
  Daniel Stenberg authored Apr 24, 2009
  
  828a2628
Apr 21, 2009
- libcurl's memory.h renamed to curl_memory.h · 33a3753c
  Yang Tse authored Apr 21, 2009
  
  33a3753c
Apr 14, 2009
- Kamil Dudka's follow-up fix · 97f27ea5
  Daniel Stenberg authored Apr 14, 2009
  
  97f27ea5
Apr 13, 2009

- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned · 235c0077

Daniel Stenberg authored Apr 13, 2009

  out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
  is found in Redhat's bug tracker:
  https://bugzilla.redhat.com/show_bug.cgi?id=453612

  There are still memory leaks present, but they seem to have other reasons.

235c0077

Mar 18, 2009
- - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when · 5f19822e
  Daniel Stenberg authored Mar 18, 2009
```
  NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.
```
  5f19822e
Feb 27, 2009
- Indentation fixes, untabify and related whitespace-cleanup. No code changed. · 794b4da8
  Daniel Stenberg authored Feb 27, 2009
  
  794b4da8
Feb 17, 2009
- - Kamil Dudka made NSS-powered builds compile and run again! · a24fe59e
  Daniel Stenberg authored Feb 17, 2009
  
  a24fe59e
Jan 07, 2009

fix compiler warnings · dd058b8d
Daniel Stenberg authored Jan 07, 2009

dd058b8d

- Rob Crittenden did once again provide an NSS update: · 3c2ad402

Daniel Stenberg authored Jan 07, 2009

I have to jump through a few hoops now with the NSS library initialization
since another part of an application may have already initialized NSS by the
time Curl gets invoked. This patch is more careful to only shutdown the NSS
library if Curl did the initialization.

It also adds in a bit of code to set the default ciphers if the app that
call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
ciphers. One might argue that this lets other application developers get
lazy and/or they aren't using the NSS API correctly, and you'd be right.
But still, this will avoid terribly difficult-to-trace crashes and is
generally helpful.

3c2ad402

Nov 15, 2008

based on a report by Jim Meyering, I went over and added checks for return · da6c1516

Daniel Stenberg authored Nov 15, 2008

codes for all calls to malloc and strdup that were missing. I also changed
a few malloc(13) to use arrays on the stack and a few malloc(PATH_MAX) to
instead use aprintf() to lower memory use.
I also fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
in use.

da6c1516

Oct 16, 2008
- Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function · 9d16b408
  Daniel Stenberg authored Oct 16, 2008
```
used in strequal.c so now all test cases run fine for me again.
```
  9d16b408
Oct 15, 2008

- Pascal Terjan filed bug #2154627 · a579d670

Daniel Stenberg authored Oct 15, 2008

  (http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.

a579d670

Sep 23, 2008
- - Rob Crittenden brought a patch to "add some locking for thread-safety to NSS · 23e5402b
  Daniel Stenberg authored Sep 23, 2008
```
  implementation".
```
  23e5402b
Sep 06, 2008
- remove unnecessary typecasting of malloc() · 59e378f4
  Yang Tse authored Sep 06, 2008
  
  59e378f4
Sep 04, 2008
- Made some variables const · bb67388b
  Dan Fandrich authored Sep 04, 2008
  
  bb67388b
- fix print formatting string directives · 3dcd2b82
  Yang Tse authored Sep 04, 2008
  
  3dcd2b82
Jun 21, 2008
- made Curl_nss_send() take const data to kill compiler warning · 98042b85
  Daniel Stenberg authored Jun 21, 2008
  
  98042b85
Jun 20, 2008

- Phil Pellouchoud found a case where libcurl built with NSS failed to · da97f78a

Daniel Stenberg authored Jun 20, 2008

handshake with a SSLv2 server, and it turned out to be because it didn't
recognize the cipher named "rc4-md5". In our list that cipher was named
plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported
that it made things work for him again.

da97f78a

Jun 19, 2008
- Removed the #define of ciphernum since keeping a define updated to be the · 68b67e24
  Daniel Stenberg authored Jun 19, 2008
```
number of entries in a provided table is doomed to fail in the long run. Now
we use the NUM_OF_CIPHERS define instead to figure out the amount.
```
  68b67e24
- s/strcasecmp/strequal to make it more portable · c1e2341f
  Daniel Stenberg authored Jun 19, 2008
  
  c1e2341f
Jun 18, 2008

- Rob Crittenden brought a fix for the NSS layer that makes libcurl no longer · e547bfa9

Daniel Stenberg authored Jun 18, 2008

  always fire up a new connection rather than using the existing one when the
  multi interface is used. Original bug report:
  https://bugzilla.redhat.com/show_bug.cgi?id=450140

e547bfa9