- Jul 15, 2013
-
-
Patrick Monnerat authored
-
Patrick Monnerat authored
Use from qssl backend
-
Patrick Monnerat authored
-
Patrick Monnerat authored
Merge for resync
-
Patrick Monnerat authored
-
Yang Tse authored
Use simple seeding method upon RANDOM_FILE seeding method failure.
-
Yang Tse authored
-
- Jul 14, 2013
-
-
Dave Reisner authored
Implement wrappers around strtod to convert the user argument to a double with sane error checking. Use this to allow --max-time and --connect-timeout to accept decimal values instead of strictly integers. The manpage is updated to make mention of this feature and, additionally, forewarn that the actual timeout of the operation can vary in its precision (particularly as the value increases in its decimal precision).
-
Dave Reisner authored
-
Dave Reisner authored
strto* functions happily chomp off leading whitespace, so simply checking for str[0] can lead to false negatives. Do the full parse and check the out value instead.
-
John E. Malmberg authored
Update the build_vms.com to detect and use zlib shared image installed by the ZLIB kit produced by Jean-Francois Pieronne, and the also the future ZLIB 1.2.8 kit in addition to the older ZLIB kits. Also fix the indentation to match one of the common standards used for VMS DCL command files and removed the hard tab characters. Tested on OpenVMS 8.4 Alpha and IA64, and OpenVMS 7.3 VAX.
-
Yang Tse authored
-
- Jul 12, 2013
-
-
Yang Tse authored
-
Yang Tse authored
-
John E. Malmberg authored
Newer versions of curl are referencing a sk_pop symbol while the HP OpenSSL library has the symbol in uppercase only.
-
- Jul 11, 2013
- Jul 09, 2013
-
-
Kamil Dudka authored
This reverts commit 3a0e931f because the documentation of --time-cond was duplicated by mistake. Reported by: Dave Reisner
-
Kamil Dudka authored
-
Kamil Dudka authored
-
Kamil Dudka authored
-
- Jul 08, 2013
-
-
Yang Tse authored
-
Yang Tse authored
-
Guenter Knauf authored
-
Guenter Knauf authored
Issue posted to the list by malinowsky AT FTW DOT at.
-
- Jul 04, 2013
-
-
Guenter Knauf authored
-
- Jul 03, 2013
-
-
Dan Fandrich authored
This prevents it from being built during a "make check" since it depends on OpenSSL.
-
-
Nick Zitzmann authored
I just noticed that OS X no longer supports SSLv2. Other TLS engines return an error if the requested protocol isn't supported by the underlying engine, so we do that now for SSLv2 if the framework returns an error when trying to turn on SSLv2 support. (Note: As always, SSLv2 support is only enabled in curl when starting the app with the -2 argument; it's off by default. SSLv2 is really old and insecure.)
-
- Jul 01, 2013
-
-
Marc Hoersken authored
-
- Jun 30, 2013
-
-
Kamil Dudka authored
This commit fixes a regression introduced in fddb7b44. Reported by: Markus Moeller Bug: http://curl.haxx.se/mail/archive-2013-06/0052.html
-
- Jun 25, 2013
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Use the new improved Curl_rand() to generate better random nonce for Digest auth.
-
Daniel Stenberg authored
Bug: http://curl.haxx.se/bug/view.cgi?id=1252 Reported-by: Jean-Noël Rouvignac
-
Daniel Stenberg authored
The 10 first bug fixes for the pending release...
-
Daniel Stenberg authored
When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
-
Daniel Stenberg authored
When using %x, the number must be treated as unsigned as otherwise it would get sign-extended on for example 64bit machines and do wrong output. This problem showed when doing printf("%08x", 0xffeeddcc) on a 64bit host.
-