Skip to content
  1. Feb 01, 2016
  2. Jan 29, 2016
  3. Jan 28, 2016
  4. Jan 27, 2016
  5. Jan 26, 2016
  6. Jan 25, 2016
  7. Jan 24, 2016
  8. Jan 21, 2016
  9. Jan 18, 2016
    • Jay Satiro's avatar
      mbedtls: Fix pinned key return value on fail · d58ba66e
      Jay Satiro authored
      - Switch from verifying a pinned public key in a callback during the
      certificate verification to inline after the certificate verification.
      
      The callback method had three problems:
      
      1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
      was not returned.
      
      2. If peer certificate verification was disabled the pinned key
      verification did not take place as it should.
      
      3. (related to #2) If there was no certificate of depth 0 the callback
      would not have checked the pinned public key.
      
      Though all those problems could have been fixed it would have made the
      code more complex. Instead we now verify inline after the certificate
      verification in mbedtls_connect_step2.
      
      Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
      Ref: https://github.com/bagder/curl/pull/601
      d58ba66e
    • Jay Satiro's avatar
      tests: Add a test for pinnedpubkey fail even when insecure · d5663711
      Jay Satiro authored
      Because disabling the peer verification (--insecure) must not disable
      the public key pinning check (--pinnedpubkey).
      d5663711
  10. Jan 17, 2016
  11. Jan 15, 2016
  12. Jan 14, 2016
  13. Jan 13, 2016
  14. Jan 12, 2016
    • Daniel Stenberg's avatar
      configure: assume IPv6 works when cross-compiled · 4bed87f8
      Daniel Stenberg authored
      The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
      works, and testing like that doesn't work for cross-compiles. These days
      IPv6 support is widespread so a blind guess is probably more likely to
      be 'yes' than 'no' now.
      
      Further: anyone who cross-compiles can use configure's --disable-ipv6 to
      explicitly disable IPv6 and that also works for cross-compiles.
      
      Made happen after discussions in issue #594
      4bed87f8
  15. Jan 11, 2016
  16. Jan 10, 2016
  17. Jan 09, 2016
  18. Jan 08, 2016
    • Tatsuhiro Tsujikawa's avatar
      http2: Ensure that http2_handle_stream_close is called · b019af41
      Tatsuhiro Tsujikawa authored
      Previously, when HTTP/2 is enabled and used, and stream has content
      length known, Curl_read was not called when there was no bytes left to
      read. Because of this, we could not make sure that
      http2_handle_stream_close was called for every stream. Since we use
      http2_handle_stream_close to emit trailer fields, they were
      effectively ignored. This commit changes the code so that Curl_read is
      called even if no bytes left to read, to ensure that
      http2_handle_stream_close is called for every stream.
      
      Discussed in https://github.com/bagder/curl/pull/564
      b019af41