- Oct 08, 2016
-
-
Daniel Stenberg authored
... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
-
Daniel Stenberg authored
The previous use of snprintf() could make libcurl silently truncate some input data and not report that back on overly large input, which could make data get sent over the network in a bad format. Example: $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Gustafsson authored
The subdirectory for logs in tests/ is named log/ without an 's' at the end.
-
- Oct 06, 2016
-
-
Daniel Stenberg authored
See #1054
-
Daniel Stenberg authored
-
Rainer Müller authored
The 'userp' argument is unused in this example code.
-
- Oct 05, 2016
-
-
Daniel Stenberg authored
-
- Oct 04, 2016
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
The error path would previously add a freed entry to the linked list. Reported-by: Toby Peterson Fixes #1053
-
- Oct 03, 2016
-
-
Sergei Kuzmin authored
Cokie with the same domain but different tailmatching property are now considered different and do not replace each other. If header contains following lines then two cookies will be set: Set-Cookie: foo=bar; domain=.foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 Set-Cookie: foo=baz; domain=foo.com; expires=Thu Mar 3 GMT 8:56:27 2033 This matches Chrome, Opera, Safari, and Firefox behavior. When sending stored tokens to foo.com Chrome, Opera, Firefox store send them in the stored order, while Safari pre-sort the cookies. Closes #1050
-
- Oct 01, 2016
-
-
Stephen Brokenshire authored
Type required for YourClass::func C++ function (using size_t in line with the documentation for CURLOPT_WRITEFUNCTION) and missing second colon when specifying the static function for CURLOPT_WRITEFUNCTION.
-
- Sep 30, 2016
-
-
Sebastian Mundry authored
Closes #1046
-
Sebastian Mundry authored
-
Daniel Stenberg authored
-
- Sep 26, 2016
-
-
Daniel Stenberg authored
-
- Sep 24, 2016
-
-
Dan Fandrich authored
A libssh2 library in the standard system location was being used in preference to the desired one while linking.
-
- Sep 23, 2016
-
-
Daniel Stenberg authored
-
- Sep 22, 2016
-
-
Michael Kaufmann authored
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether sending the request body shall be completed when the server responds early with an error status code. This is suitable for manual NTLM authentication. Reviewed-by: Jay Satiro Closes https://github.com/curl/curl/pull/904
-
Kamil Dudka authored
-
Kamil Dudka authored
-
Kamil Dudka authored
As it seems to be a rarely used cipher suite (for securely established but _unencrypted_ connections), I believe it is fine not to provide an alias for the misspelled variant.
-
- Sep 21, 2016
-
-
Jay Satiro authored
.. and add that --proto-redir and CURLOPT_REDIR_PROTOCOLS do not override protocols denied by --proto and CURLOPT_PROTOCOLS. - Add a test to enforce: --proto deny must override --proto-redir allow Closes https://github.com/curl/curl/pull/1031
-
Daniel Stenberg authored
Follow-up to 6140dfcf Reported-by: Alexander Sinditskiy
-
- Sep 20, 2016
-
-
Daniel Stenberg authored
Discussed in #997 Assisted-by: Jay Satiro
-
Daniel Stenberg authored
-
Jay Satiro authored
Bug: https://github.com/curl/curl/issues/1017 Reported-by: Jeroen Ooms
-
- Sep 19, 2016
-
-
Daniel Stenberg authored
-
Daniel Gustafsson authored
Closes https://github.com/curl/curl/pull/1028
-
Bernard Spil authored
LibreSSL defines `OPENSSL_VERSION_NUMBER` as `0x20000000L` for all versions returning `LibreSSL/2.0.0` for any LibreSSL version. This change provides a local OpenSSL_version_num function replacement returning LIBRESSL_VERSION_NUMBER instead. Closes #1029
-
rugk authored
Closes #1025 Closes #1026 Closes #1027
-
Daniel Stenberg authored
Follow-up fix to d9321562
-
Daniel Stenberg authored
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called multiple times without crashing - and other libs might call it! We basically cannot call it without risking a crash. The function is a no-op since OpenSSL 1.1.0. Not calling this function only risks a small memory leak with OpenSSL < 1.1.0. Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html Reported-by: Todd Short
-
Daniel Stenberg authored
-
- Sep 18, 2016
-
-
Jay Satiro authored
-
Nick Zitzmann authored
RC4 was a nice alternative to CBC back in the days of BEAST, but it's insecure and obsolete now.
-