- Sep 10, 2014
-
-
Paul Howarth authored
Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html
-
Daniel Stenberg authored
As a sort of step forward, this script will now first try to get the data from the HTTPS URL using curl, and only if that fails it will switch back to the HTTP transfer using perl's native LWP functionality. To reduce the risk of this script being tricked. Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so we can't really ever completely disable HTTP, but chances are that most users already have a ca cert bundle that trusts the mozilla.org site that this script downloads from. A future version of this script will probably switch to require a dedicated "insecure" command line option to allow downloading over HTTP (or unverified HTTPS).
-
Daniel Stenberg authored
krb4 has been dropped since a while now
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Edited format to look better on the web, added a "it is about trust" section.
-
Daniel Stenberg authored
CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Test 61 was modified to verify this. CVE-2014-3620 Reported-by: Tim Ruehsen URL: http://curl.haxx.se/docs/adv_20140910B.html
-
Tim Rühsen authored
By not detecting and rejecting domain names for partial literal IP addresses properly when parsing received HTTP cookies, libcurl can be fooled to both send cookies to wrong sites and to allow arbitrary sites to set cookies for others. CVE-2014-3613 Bug: http://curl.haxx.se/docs/adv_20140910A.html
-
- Sep 09, 2014
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Only minor edits to make it generate nice HTML output using markdown, as this document serves both in source release tarballs as on the web site. URL: http://curl.haxx.se/docs/sslcerts.html
-
Daniel Stenberg authored
Reported-By: Frank Gevaerts
-
- Sep 08, 2014
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Catalin Patulea authored
Signed-off-by: Catalin Patulea <cat@vv.carleton.ca>
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Sep 07, 2014
-
-
Daniel Stenberg authored
-
Brandon Casey authored
Historically the default "unknown" value for progress.size_dl and progress.size_ul has been zero, since these values are initialized implicitly by the calloc that allocates the curl handle that these variables are a part of. Users of curl that install progress callbacks may expect these values to always be >= 0. Currently it is possible for progress.size_dl and progress.size_ul to by set to a value of -1, if Curl_pgrsSetDownloadSize() or Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few places currently do, and a following patch will add more). So lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() so they make sure that these variables always contain a value that is >= 0. Updates test579 and test599. Signed-off-by: Brandon Casey <drafnel@gmail.com>
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
-
Steve Holme authored
As the current element in the list is free()d by Curl_llist_remove(), when the associated connection is pending, reworked the loop to avoid accessing the next element through e->next afterward.
-
- Sep 06, 2014
-
-
Steve Holme authored
warning: implicit conversion from enumeration type 'CURLMcode' to different enumeration type 'CURLcode'
-
Steve Holme authored
Small follow up to commit 898808fa to use auth constants rather than hard code value when clearing picked authentication mechanism.
-
Steve Holme authored
-
- Sep 05, 2014
-
-
Vilmos Nebehaj authored
SecCertificateCopyPublicKey() is not available on iPhone. Use CopyCertSubject() instead to see if the certificate returned by SecCertificateCreateWithData() is valid. Reported-by: Toby Peterson
-
- Sep 04, 2014
-
-
Steve Holme authored
-
Daniel Stenberg authored
-
- Sep 03, 2014
-
-
Daniel Stenberg authored
... and a minor wording edit
-
Daniel Stenberg authored
Dennis Clarke from Blastwave.org for ensuring that nightly builds run smooth on Solaris!
-
- Sep 02, 2014
-
-
Daniel Stenberg authored
... as the struct is free()d in the end anyway. It was first pointed out to me that one of the ->msglist assignments were supposed to have been ->pending but was a copy and paste mistake when I realized none of the clearing of pointers had to be there.
-
Daniel Stenberg authored
... instead of scanning through all handles, stash only the actual handles that are in that state in the new ->pending list and scan that list only. It should be mostly empty or very short. And only used for pipelining. This avoids a rather hefty slow-down especially notable if you add many handles to the same multi handle. Regression introduced in commit 0f147887 (version 7.30.0). Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html Reported-by: David Meyer
-
- Sep 01, 2014
-
-
Daniel Stenberg authored
-
Andre Heinecke authored
Forwards the setting as minimum ssl version (if set) to polarssl. If the server does not support the requested version the SSL Handshake will fail. Bug: http://curl.haxx.se/bug/view.cgi?id=1419
-