- Feb 09, 2012
-
-
Dave Reisner authored
Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via the sockopt callback. If --keepalive-time is used, apply the value to CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL.
-
Dave Reisner authored
This adds three new options to control the behavior of TCP keepalives: - CURLOPT_TCP_KEEPALIVE: enable/disable probes - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe - CURLOPT_TCP_KEEPINTVL: delay between successive probes While not all operating systems support the TCP_KEEPIDLE and TCP_KEEPINTVL knobs, the library will still allow these options to be set by clients, silently ignoring the values.
-
- Feb 07, 2012
-
-
Daniel Stenberg authored
When CURLOPT_REFERER has been used, curl_easy_reset() did not properly clear it. Verified with the new test 598 Bug: http://curl.haxx.se/bug/view.cgi?id=3481551 Reported by: Michael Day
-
- Feb 06, 2012
-
-
Daniel Stenberg authored
We want to continue to the next URL to try even on failures returned from libcurl. This makes -f with ranges still get subsequent URLs even if occasional ones return error. This was a regression as it used to work and broke in the 7.23.0 release. Added test case 1328 to verify the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3481223 Reported by: Juan Barreto
-
- Jan 31, 2012
-
-
Daniel Stenberg authored
When the target host was given as a IPv6 numerical address, it was not properly put within square brackets for the Host: header in the CONNECT request. The "normal" request did fine. Reported by: "zooloo" Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
-
- Jan 28, 2012
-
-
Martin Storsjo authored
When support for nettle was added in 64f328c7, I overlooked the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS if the check succeeded, if a custom success code block was present. (The previous version of the check had an empty block for successful checks, adding the lib to LIBS implicitly.) Therefore, explicitly add either nettle or gcrypt to LIBS, after deciding which one to use. Even if they can be linked in transitively, it is safer to actually link explicitly to them. This fixes building with gnutls with linkers that don't allow linking transitively, such as for windows.
-
Pierre Ynard authored
When connecting to a domain with multiple IP addresses, allow different, decreasing connection timeout values. This should guarantee some connections attempts with sufficiently long timeouts, while still providing fallback.
-
Pierre Ynard authored
-
- Jan 26, 2012
-
-
Pierre Joye authored
-
Pierre Joye authored
-
- Jan 25, 2012
-
-
Yang Tse authored
-
Daniel Stenberg authored
-
Yang Tse authored
-
Yang Tse authored
-
Dan Fandrich authored
-
- Jan 24, 2012
-
-
Daniel Stenberg authored
Synced and prepared for 7.24.0 release. Two security problems, one bug fix, two more contributors.
-
Daniel Stenberg authored
With advice from Nikos Mavrogiannopoulos, changed the priority string to add "actual priorities" and favour ARCFOUR. This makes libcurl work better when enforcing SSLv3 with GnuTLS. Both in the sense that the libmicrohttpd test is now working again but also that it mitigates a weakness in the older SSL/TLS protocols. Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html Reported by: Christian Grothoff
-
Daniel Stenberg authored
Related to the security vulnerability: CVE-2012-0036 Bug: http://curl.haxx.se/docs/adv_20120124.html
-
Daniel Stenberg authored
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
-
Daniel Stenberg authored
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around despite the fact that SSL_OP_ALL is documented to do "rather harmless" workarounds. The libcurl code uses the SSL_OP_ALL define and thus logically always disables the OpenSSL fix. In order to keep the secure work-around workding, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change makes sure of this. Reported by: product-security at Apple
-
- Jan 22, 2012
-
-
Daniel Stenberg authored
3 more bugfixes, 3 more contributors
-
- Jan 21, 2012
-
-
Daniel Stenberg authored
-
Dan Fandrich authored
-
- Jan 20, 2012
-
-
Daniel Stenberg authored
Using a URL with embedded user name and password didn't work if the host was given as a numerical IPv6 string, like ftp://user:password@[::1]/ Reported by: Brandon Wang Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html
-
- Jan 19, 2012
-
-
Yang Tse authored
-
Yang Tse authored
-
Yang Tse authored
avoid checking preprocessor definition official value
-
Pierre Joye authored
-
Daniel Stenberg authored
As is pointed out in this bug report, there can indeed be situation where --stderr has a point even when the "real" stderr can be redirected. Remove the superfluous and wrong comment. bug: http://curl.haxx.se/bug/view.cgi?id=3476020
-
- Jan 18, 2012
-
-
-
Yang Tse authored
-
Daniel Stenberg authored
Apparently ssl_get_ciphersuite() is needed to get the name of the used cipher suite.
-
Daniel Stenberg authored
The value was turned negative when it shouldn't have been
-
Daniel Stenberg authored
... it is now named havege_random! Reported by: Robert Schumann Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html
-
Daniel Stenberg authored
5 more bug fixes, 1 more contributor
-
Colin Hogben authored
Add simple telnet tests which (ab)use the http server. The second test checks for an input file handling bug.
-
Colin Hogben authored
Remove wrongly implemented optimisation of telnet upload, apparently intended to allow the library to avoid manually polling for input.
-
Colin Hogben authored
Fix a bug where input was read from stdin even when a different FILE * had been configured via CURLOPT_READDATA
-
Yang Tse authored
bug: http://curl.haxx.se/bug/view.cgi?id=3474308
-