- Sep 23, 2015
-
-
Mike Crowe authored
If GnuTLS fails to read the certificate then include whatever reason it provides in the failure message reported to the client. Signed-off-by: Mike Crowe <mac@mcrowe.com>
-
- Sep 22, 2015
-
-
Mike Crowe authored
The gnutls vtls back-end was previously ignoring any password set via CURLOPT_KEYPASSWD. Presumably this was because gnutls_certificate_set_x509_key_file did not support encrypted keys. gnutls now has a gnutls_certificate_set_x509_key_file2 function that does support encrypted keys. Let's determine at compile time whether the available gnutls supports this new function. If it does then use it to pass the password. If it does not then emit a helpful diagnostic if a password is set. This is preferable to the previous behaviour of just failing to read the certificate without giving a reason in that case. Signed-off-by: Mike Crowe <mac@mcrowe.com>
-
Daniel Stenberg authored
... even for those that don't support providing anything in the 'internals' struct member since it offers a convenient way for applications to figure this out.
-
- Sep 20, 2015
-
-
Jay Satiro authored
- Change the designator name we use to show the base64 encoded sha256 hash of the server's public key from 'pinnedpubkey' to 'public key hash'. Though the server's public key hash is only shown when comparing pinned public key hashes, the server's hash may not match one of the pinned.
-
- Sep 19, 2015
-
-
Isaac Boukris authored
With NTLM a new connection will always require authentication. Fixes #435
-
Daniel Hwang authored
Add a "pinnedpubkey" section to the "Server Certificate" verbose Bug: https://github.com/bagder/curl/issues/410 Reported-by: W. Mark Kubacki Closes #430 Closes #410
-
Jakub Zakrzewski authored
Introduced with commit 65d141e6 Closes #440
-
Alessandro Ghedini authored
-
Alessandro Ghedini authored
Fixes #427
-
- Sep 18, 2015
-
-
Kamil Dudka authored
Without this workaround, NSS re-uses a session cache entry despite the server name does not match. This causes SNI host name to differ from the actual host name. Consequently, certain servers (e.g. github.com) respond by 400 to such requests. Bug: https://bugzilla.mozilla.org/1202264
-
Kamil Dudka authored
-
- Sep 17, 2015
-
-
Daniel Stenberg authored
... without sha256 support and no define saying so. Reported-by: Rajkumar Mandal
-
- Sep 13, 2015
-
-
Daniel Stenberg authored
-
- Sep 10, 2015
-
-
Jay Satiro authored
Bug: https://github.com/bagder/curl/pull/411 Reported-by: Viktor Szakats
-
- Sep 08, 2015
-
-
Daniel Stenberg authored
If the port number in the proxy string ended weirdly or the number is too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 numerical address is used without enclosing brackets. Also mention the bracket requirement for IPv6 numerical addresses to the man page for CURLOPT_PROXY. Closes #415 Reported-by: Marcel Raad
-
Daniel Stenberg authored
In some timing-dependnt cases when a 4xx response immediately followed after a 150 when a STOR was issued, this function would wrongly return 'complete == true' while 'wait_data_conn' was still set. Closes #405 Reported-by: Patricia Muscalu
-
- Sep 04, 2015
-
-
Kamil Dudka authored
It causes dynamic linking issues at run-time after an update of NSS. Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
-
- Sep 03, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an HTTP/2 message containing connection-specific header fields; any message containing connection-specific header fields MUST be treated as malformed" Closes #401
-
Marcel Raad authored
This fixes another run-time check failure because of a narrowing cast on Visual C++. Closes #408
-
- Aug 31, 2015
-
-
Steve Holme authored
Introduced in commit 59f3f92b this function is only implemented when CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define the function in the header file either.
-
Steve Holme authored
In places the "host name" and "realm" variable was referred to as "instance" whilst in others it was referred to as "host".
-
- Aug 30, 2015
-
-
Steve Holme authored
Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native Windows builds don't use the autoconf tools.
-
Steve Holme authored
curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined; assuming extern returning int
-
Steve Holme authored
But kept the original author, when they were specified in a comment, as the initial copyright holder.
-
- Aug 25, 2015
-
-
Sergei Nikulov authored
Closes #399
-
- Aug 24, 2015
-
-
Razvan Cojocaru authored
This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64 bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable. Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
-
Daniel Stenberg authored
Leftovers from when we removed the private socket hash. Coverity CID 1317365, "Logically dead code"
-
Daniel Stenberg authored
Coverity CID 1317367, "Missing break in switch"
-
Daniel Stenberg authored
"Explicit null dereferenced (FORWARD_NULL)" Coverity CID 1317366
-
- Aug 23, 2015
-
-
Nathaniel Waisbrot authored
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
-
- Aug 22, 2015
-
-
Daniel Stenberg authored
... so improve the #ifdefs for using our local implementation.
-
- Aug 21, 2015
-
-
Alessandro Ghedini authored
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server doesn't present a certificate at all. Closes #392
-
Daniel Stenberg authored
The multi state machine would otherwise go into the DO_MORE state after DO, even for the case when the FTP state machine had already performed those duties, which caused libcurl to get stuck in that state and fail miserably. This occured for for active ftp uploads. Reported-by: Patricia Muscalu
-
- Aug 20, 2015
-
-
Erik Janssen authored
Based-on-patch-by: Jim Hollinger
-
Erik Janssen authored
-
- Aug 19, 2015
-
-
Marcel Raad authored
Visual Studio complains with a message box: "Run-Time Check Failure #1 - A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example: char c = (i & 0xFF); Changing the code in this way will not affect the quality of the resulting optimized code." This is because only 'val' is cast to unsigned char, so the "& 0xff" has no effect. Closes #387
-
- Aug 18, 2015
-
-
Jay Satiro authored
find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
-
- Aug 11, 2015
-
-
Anders Bakken authored
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the SessionHandle. Apparently mod_h2 will sometimes send a frame for a stream_id we're finished with. Use nghttp2_session_get_stream_user_data and nghttp2_session_set_stream_user_data to identify SessionHandles instead of a hash. Closes #372
-
- Aug 10, 2015
-
-
Viktor Szakats authored
closes #371
-