- Feb 16, 2012
-
-
Kamil Dudka authored
-
- Feb 15, 2012
-
-
Steve Holme authored
Added information relating to the new CURLOPT_MAIL_AUTH parameter and reworked CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT to be a clearer. Fixed inconsistencies of "vocalisation of the abbreviation" versus "vocalisation of the first word" for all abbreviations. Corrected a typo in CURLOPT_NOPROXY.
-
Steve Holme authored
Fixed the use of angled brackets "<>" in the optional AUTH parameter as per RFC-2554 section 5. The address should not include them but an empty address should be replaced by them.
-
- Feb 14, 2012
-
-
Steve Holme authored
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to set the optional AUTH parameter in the MAIL FROM command. When this option is specified and an authentication mechanism is used to communicate with the mail server then the AUTH parameter will be included in the MAIL FROM command. This is particularly useful when the calling program is acting as a relay in a trusted environment and performing server to server communication, as it allows the relaying server to specify the address of the mailbox that was used to authenticate and send the original email.
-
toddouska authored
Modify configure.ac to test for new CyaSSL Init function and remove default install path to system. Change to CyaSSL OpenSSL header and proper Init in code as well. Note that this no longer detects or works with CyaSSL before v2
-
Daniel Stenberg authored
I accidentally left the lowest bits 01 before
-
Steve Holme authored
Fixed incorrect behavior in smtp_done() which would cause the end of block data to be sent to the SMTP server if libcurl was operating in connect only mode. This would cause the server to return an error as data would not be expected which in turn caused libcurl to return CURLE_RECV_ERROR.
-
- Feb 13, 2012
-
-
Daniel Stenberg authored
We will go straight to 7.25.0 due to the new additions
-
Daniel Stenberg authored
and updated the end year in the generic copyright string
-
Daniel Stenberg authored
9 bug fixes, 4 changes and numerous contributors Bumped release version and option counters
-
Colin Hogben authored
-
Alessandro Ghedini authored
Fix the str2num() function to not check if the input string starts with a digit, since strtol() supports numbers prepended with '-' (and '+') too. This makes the --max-redirs option work as documented.
-
- Feb 10, 2012
-
-
Daniel Stenberg authored
... by making sure that the string is always freed after the invoke as parse_proxy will always copy the data and this way there's a single free() instead of multiple ones.
-
Daniel Stenberg authored
The proxy parser function strips off trailing slashes off the proxy name which could lead to a mistaken zero length proxy name which would be treated as no proxy at all by subsequent functions! This is now detected and an error is returned. Verified by the new test 1329. Reported by: Chandrakant Bagul Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html
-
- Feb 09, 2012
-
-
Kamil Dudka authored
... and fix some typos from the 62d15f15 commit.
-
Rob Ward authored
-
Daniel Stenberg authored
This new option tells curl to not work around a security flaw in the SSL3 and TLS1.0 protocols. It uses the new libcurl option CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.
-
Daniel Stenberg authored
Allow an appliction to set libcurl specific SSL options. The first and only options supported right now is CURLSSLOPT_ALLOW_BEAST. It will make libcurl to disable any work-arounds the underlying SSL library may have to address a known security flaw in the SSL3 and TLS1.0 protocol versions. This is a reaction to us unconditionally removing that behavior after this security advisory: http://curl.haxx.se/docs/adv_20120124B.html ... it did however cause a lot of programs to fail because of old servers not liking this work-around. Now programs can opt to decrease the security in order to interoperate with old servers better.
-
Dave Reisner authored
Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via the sockopt callback. If --keepalive-time is used, apply the value to CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL.
-
Dave Reisner authored
This adds three new options to control the behavior of TCP keepalives: - CURLOPT_TCP_KEEPALIVE: enable/disable probes - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe - CURLOPT_TCP_KEEPINTVL: delay between successive probes While not all operating systems support the TCP_KEEPIDLE and TCP_KEEPINTVL knobs, the library will still allow these options to be set by clients, silently ignoring the values.
-
- Feb 07, 2012
-
-
Daniel Stenberg authored
When CURLOPT_REFERER has been used, curl_easy_reset() did not properly clear it. Verified with the new test 598 Bug: http://curl.haxx.se/bug/view.cgi?id=3481551 Reported by: Michael Day
-
- Feb 06, 2012
-
-
Daniel Stenberg authored
We want to continue to the next URL to try even on failures returned from libcurl. This makes -f with ranges still get subsequent URLs even if occasional ones return error. This was a regression as it used to work and broke in the 7.23.0 release. Added test case 1328 to verify the fix. Bug: http://curl.haxx.se/bug/view.cgi?id=3481223 Reported by: Juan Barreto
-
- Jan 31, 2012
-
-
Daniel Stenberg authored
When the target host was given as a IPv6 numerical address, it was not properly put within square brackets for the Host: header in the CONNECT request. The "normal" request did fine. Reported by: "zooloo" Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
-
- Jan 28, 2012
-
-
Martin Storsjo authored
When support for nettle was added in 64f328c7, I overlooked the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS if the check succeeded, if a custom success code block was present. (The previous version of the check had an empty block for successful checks, adding the lib to LIBS implicitly.) Therefore, explicitly add either nettle or gcrypt to LIBS, after deciding which one to use. Even if they can be linked in transitively, it is safer to actually link explicitly to them. This fixes building with gnutls with linkers that don't allow linking transitively, such as for windows.
-
Pierre Ynard authored
When connecting to a domain with multiple IP addresses, allow different, decreasing connection timeout values. This should guarantee some connections attempts with sufficiently long timeouts, while still providing fallback.
-
Pierre Ynard authored
-
- Jan 26, 2012
-
-
Pierre Joye authored
-
Pierre Joye authored
-
- Jan 25, 2012
-
-
Yang Tse authored
-
Daniel Stenberg authored
-
Yang Tse authored
-
Yang Tse authored
-
Dan Fandrich authored
-
- Jan 24, 2012
-
-
Daniel Stenberg authored
Synced and prepared for 7.24.0 release. Two security problems, one bug fix, two more contributors.
-
Daniel Stenberg authored
With advice from Nikos Mavrogiannopoulos, changed the priority string to add "actual priorities" and favour ARCFOUR. This makes libcurl work better when enforcing SSLv3 with GnuTLS. Both in the sense that the libmicrohttpd test is now working again but also that it mitigates a weakness in the older SSL/TLS protocols. Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html Reported by: Christian Grothoff
-
Daniel Stenberg authored
Related to the security vulnerability: CVE-2012-0036 Bug: http://curl.haxx.se/docs/adv_20120124.html
-
Daniel Stenberg authored
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a decoded manner now use the new Curl_urldecode() function to reject URLs with embedded control codes (anything that is or decodes to a byte value less than 32). URLs containing such codes could easily otherwise be used to do harm and allow users to do unintended actions with otherwise innocent tools and applications. Like for example using a URL like pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get a mail and instead this would delete one. This flaw is considered a security vulnerability: CVE-2012-0036 Security advisory at: http://curl.haxx.se/docs/adv_20120124.html Reported by: Dan Fandrich
-
Daniel Stenberg authored
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability (http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit to SSL_OP_ALL that _disables_ that work-around despite the fact that SSL_OP_ALL is documented to do "rather harmless" workarounds. The libcurl code uses the SSL_OP_ALL define and thus logically always disables the OpenSSL fix. In order to keep the secure work-around workding, the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change makes sure of this. Reported by: product-security at Apple
-
- Jan 22, 2012
-
-
Daniel Stenberg authored
3 more bugfixes, 3 more contributors
-