- May 30, 2015
-
-
Daniel Stenberg authored
-
- May 28, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- May 27, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Melani authored
-
Jay Satiro authored
SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The equivalent is TLS_client_method. https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
-
- May 26, 2015
-
-
Daniel Stenberg authored
-
- May 25, 2015
-
-
Jay Satiro authored
Document that if Set-Cookie is used without a domain then the cookie is sent for any domain and will not be modified. Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html Reported-by: Alexander Dyagilev
-
Tatsuhiro Tsujikawa authored
Previously, after seeing upgrade to HTTP/2, we feed data followed by upgrade response headers directly to nghttp2_session_mem_recv() in Curl_http2_switched(). But it turns out that passed buffer, mem, is part of stream->mem, and callbacks called by nghttp2_session_mem_recv() will write stream specific data into stream->mem, overwriting input data. This will corrupt input, and most likely frame length error is detected by nghttp2 library. The fix is first copy the passed data to HTTP/2 connection buffer, httpc->inbuf, and call nghttp2_session_mem_recv().
-
- May 24, 2015
-
-
Jay Satiro authored
The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the outgoing request(s)." However there seems to be some user confusion about cookie modification. Document that the cookies set by this option are not modified by the cookie engine. Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html Reported-by: Alexander Dyagilev
-
Jay Satiro authored
-
Dan Fandrich authored
This function makes a platform-specific absolute path which uses backslashes on Windows. This form works when passing it on the command-line, as well as if the source is on another drive.
-
Dan Fandrich authored
-
- May 23, 2015
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Alessandro Ghedini authored
-
Dan Fandrich authored
-
- May 22, 2015
-
-
Daniel Stenberg authored
By (void) prefixing it and adding a comment. Did some minor related cleanups. Coverity CID 1299423.
-
Daniel Stenberg authored
Coverity CID 1299424 identified dead code because of checks that could never equal true (if the mechanism's name was NULL). Simplified the function by removing a level of pointers and removing the loop and array that weren't used.
-
Daniel Stenberg authored
Replace use of assert with code that properly catches bad input at run-time even in non-debug builds. This flaw was sort of detected by Coverity CID 1299425 which claimed the "case RTSPREQ_NONE" was dead code.
-
Daniel Stenberg authored
A failed calloc() would lead to NULL pointer use. Coverity CID 1299427.
-
Daniel Stenberg authored
non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html Reported-by: Sean Boudreau
-
Daniel Stenberg authored
Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
-
Daniel Stenberg authored
Coverity CID 1299426 warned about possible NULL dereference otherwise, but that would only ever happen if we get invalid HTTP/2 data with frames for stream 0. Avoid this risk by returning early when stream 0 is used.
-
Daniel Stenberg authored
Follow-up fix from b0143a2a Detected by coverity. CID 1299429
-
Tatsuhiro Tsujikawa authored
This commit just add implicitly opened stream 1 to streams hash.
-
Jay Satiro authored
Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS and language specific, and invariably translated to something not very helpful like: "The message received was unexpected or badly formatted." Bug: https://github.com/bagder/curl/issues/267 Reported-by: Michael Osipov
-
Jay Satiro authored
Refer to b0143a2a for more information on the read-callback change.
-
- May 21, 2015
-
-
Daniel Stenberg authored
-
Dan Fandrich authored
This way, the build directory can be located on an entirely different filesystem from the source code (e.g. a tmpfs).
-
- May 20, 2015
-
-
Daniel Stenberg authored
With many easy handles using the same connection for multiplexing, it is important we store and keep the transfer-oriented stuff in the SessionHandle so that callbacks and callback data work fine even when many easy handles share the same physical connection.
-
Daniel Stenberg authored
It makes them easier to match output from the nghttpd test server.
-
Tatsuhiro Tsujikawa authored
Previously, when we send all given buffer in data_source_callback, we return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream temporarily for writing. This itself is good. If this is the sole stream in the session, nghttp2_session_want_write() returns zero, which means that libcurl does not check writeability of the underlying socket. This leads to very slow upload, because it seems curl only upload 16k something per 1 second. To fix this, if we still have data to send, call nghttp2_session_resume_data after nghttp2_session_send. This makes nghttp2_session_want_write() returns nonzero (if connection window still opens), and as a result, socket writeability is checked, and upload speed becomes normal.
-
Dmitry Eremin-Solenikov authored
Stop curl from failing when non-fatal alert is received during handshake. This e.g. fixes lots of problems when working with https sites through proxies.
-
Daniel Stenberg authored
Reported-by: bsammon Bug: https://github.com/bagder/curl/issues/282
-
Jay Satiro authored
.. also correct some variable naming in curl_easy_escape.3 Bug: https://github.com/bagder/curl/issues/281 Reported-by: <bsammon@users.noreply.github.com>
-
- May 19, 2015
-
-
Brian Prodoehl authored
BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and OpenSSL. re #275
-
Jay Satiro authored
-