Skip to content
  1. Nov 13, 2012
  2. Nov 12, 2012
  3. Nov 09, 2012
  4. Nov 08, 2012
    • Daniel Stenberg's avatar
      hostcheck: only build for the actual users · 0af1a9d2
      Daniel Stenberg authored
      and make local function static
      0af1a9d2
    • Oscar Koeroo's avatar
      SSL: Several SSL-backend related fixes · 1394cad3
      Oscar Koeroo authored
      axTLS:
      
      This will make the axTLS backend perform the RFC2818 checks, honoring
      the VERIFYHOST setting similar to the OpenSSL backend.
      
      Generic for OpenSSL and axTLS:
      
      Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
      files to make them genericly available for both the OpenSSL, axTLS and
      other SSL backends. They are now in the new lib/hostcheck.c file.
      
      CyaSSL:
      
      CyaSSL now also has the RFC2818 checks enabled by default. There is a
      limitation that the verifyhost can not be enabled exclusively on the
      Subject CN field comparison. This SSL backend will thus behave like the
      NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
      setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
      too.
      
      Schannel:
      
      Updated the schannel information messages: Split the IP address usage
      message from the verifyhost setting and changed the message about
      disabling SNI (Server Name Indication, used in HTTP virtual hosting)
      into a message stating that the Subject Alternative Names checks are
      being disabled when verifyhost is set to 0 or 1. As a side effect of
      switching off the RFC2818 related servername checks with
      SCH_CRED_NO_SERVERNAME_CHECK
      (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
      is being disabled. This effect is not documented in MSDN, but Wireshark
      output clearly shows the effect (details on the libcurl maillist).
      
      PolarSSL:
      
      Fix the prototype change in PolarSSL of ssl_set_session() and the move
      of the peer_cert from the ssl_context to the ssl_session. Found this
      change in the PolarSSL SVN between r1316 and r1317 where the
      POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
      PolarSSL version 1.1.4 the check is to discriminate between lower then
      PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
      trunk jumped from version 1.1.1 to 1.2.0.
      
      Generic:
      
      All the SSL backends are fixed and checked to work with the
      ssl.verifyhost as a boolean, which is an internal API change.
      1394cad3
    • Daniel Stenberg's avatar
      libcurl: VERSIONINFO update · 18c0e9bd
      Daniel Stenberg authored
      Since we added the curl_multi_wait function, the VERSIONINFO needed
      updating.
      
      Reported by: Patrick Monnerat
      18c0e9bd
    • Guenter Knauf's avatar
      Added .def file to output. · c70c1a22
      Guenter Knauf authored
      Requested by Johnny Luong on the libcurl list.
      c70c1a22
    • Guenter Knauf's avatar
      5a4f6413
    • Fabian Keil's avatar
      Fix compilation of lib1501 · 6d1b493f
      Fabian Keil authored
      6d1b493f
    • Daniel Stenberg's avatar
      Curl_readwrite: remove debug output · 7840c4c7
      Daniel Stenberg authored
      The text "additional stuff not fine" text was added for debug purposes a
      while ago, but it isn't really helping anyone and for some reason some
      Linux distributions provide their libcurls built with debug info still
      present and thus (far too many) users get to read this info.
      7840c4c7
  5. Nov 07, 2012
  6. Nov 06, 2012
  7. Nov 05, 2012
  8. Nov 04, 2012