Skip to content
  1. Feb 09, 2012
    • Daniel Stenberg's avatar
      --ssl-allow-beast added · 62d15f15
      Daniel Stenberg authored
      This new option tells curl to not work around a security flaw in the
      SSL3 and TLS1.0 protocols. It uses the new libcurl option
      CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.
      62d15f15
    • Daniel Stenberg's avatar
      CURLOPT_SSL_OPTIONS: added · 2a699bc6
      Daniel Stenberg authored
      Allow an appliction to set libcurl specific SSL options. The first and
      only options supported right now is CURLSSLOPT_ALLOW_BEAST.
      
      It will make libcurl to disable any work-arounds the underlying SSL
      library may have to address a known security flaw in the SSL3 and TLS1.0
      protocol versions.
      
      This is a reaction to us unconditionally removing that behavior after
      this security advisory:
      
      http://curl.haxx.se/docs/adv_20120124B.html
      
      ... it did however cause a lot of programs to fail because of old
      servers not liking this work-around. Now programs can opt to decrease
      the security in order to interoperate with old servers better.
      2a699bc6
    • Dave Reisner's avatar
      curl: use new library-side TCP_KEEPALIVE options · 2a266c1c
      Dave Reisner authored
      Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via
      the sockopt callback. If --keepalive-time is used, apply the value to
      CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL.
      2a266c1c
    • Dave Reisner's avatar
      add library support for tuning TCP_KEEPALIVE · 705f0f7a
      Dave Reisner authored
      This adds three new options to control the behavior of TCP keepalives:
      
      - CURLOPT_TCP_KEEPALIVE: enable/disable probes
      - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe
      - CURLOPT_TCP_KEEPINTVL: delay between successive probes
      
      While not all operating systems support the TCP_KEEPIDLE and
      TCP_KEEPINTVL knobs, the library will still allow these options to be
      set by clients, silently ignoring the values.
      705f0f7a
  2. Feb 07, 2012
  3. Feb 06, 2012
  4. Jan 31, 2012
  5. Jan 28, 2012
    • Martin Storsjo's avatar
      Explicitly link to the nettle/gcrypt libraries · f710aa40
      Martin Storsjo authored
      When support for nettle was added in 64f328c7, I overlooked
      the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS
      if the check succeeded, if a custom success code block was present.
      (The previous version of the check had an empty block for
      successful checks, adding the lib to LIBS implicitly.)
      
      Therefore, explicitly add either nettle or gcrypt to LIBS, after
      deciding which one to use. Even if they can be linked in
      transitively, it is safer to actually link explicitly to them.
      
      This fixes building with gnutls with linkers that don't allow
      linking transitively, such as for windows.
      f710aa40
    • Pierre Ynard's avatar
      more resilient connection times among IP addresses · f4d3c0cb
      Pierre Ynard authored
      When connecting to a domain with multiple IP addresses, allow different,
      decreasing connection timeout values. This should guarantee some
      connections attempts with sufficiently long timeouts, while still
      providing fallback.
      f4d3c0cb
    • Pierre Ynard's avatar
      remove write-only variable · 4d2737bc
      Pierre Ynard authored
      4d2737bc
  6. Jan 26, 2012
  7. Jan 25, 2012
  8. Jan 24, 2012
  9. Jan 22, 2012
  10. Jan 21, 2012
  11. Jan 20, 2012
  12. Jan 19, 2012
  13. Jan 18, 2012