Skip to content
  1. Jun 22, 2016
    • Daniel Stenberg's avatar
      headers: forward declare CURL, CURLM and CURLSH as structs · 9adf3c47
      Daniel Stenberg authored
      Instead of typedef'ing to void, typedef to their corresponding actual
      struct names to allow compilers to type-check.
      
      Assisted-by: Reinhard Max
      9adf3c47
    • Jay Satiro's avatar
      vtls: Only call add/getsession if session id is enabled · 04b4ee54
      Jay Satiro authored
      Prior to this change we called Curl_ssl_getsessionid and
      Curl_ssl_addsessionid regardless of whether session ID reusing was
      enabled. According to comments that is in case session ID reuse was
      disabled but then later enabled.
      
      The old way was not intuitive and probably not something users expected.
      When a user disables session ID caching I'd guess they don't expect the
      session ID to be cached anyway in case the caching is later enabled.
      04b4ee54
  2. Jun 21, 2016
  3. Jun 19, 2016
  4. Jun 17, 2016
  5. Jun 16, 2016
  6. Jun 15, 2016
  7. Jun 11, 2016
  8. Jun 09, 2016
  9. Jun 08, 2016
  10. Jun 07, 2016
  11. Jun 06, 2016
  12. Jun 05, 2016
  13. Jun 04, 2016
  14. Jun 03, 2016
  15. Jun 01, 2016
    • Benjamin Kircher's avatar
      libcurl-multi.3: fix small typo · 873b4346
      Benjamin Kircher authored
      Closes #850
      873b4346
    • Viktor Szakats's avatar
      makefile.m32: add crypt32 for winssl builds · 55ab64ed
      Viktor Szakats authored
      Dependency added by 6cabd785
      
      Closes #849
      55ab64ed
    • Ivan Avdeev's avatar
      vtls: fix ssl session cache race condition · 31c521b0
      Ivan Avdeev authored
      Sessionid cache management is inseparable from managing individual
      session lifetimes. E.g. for reference-counted sessions (like those in
      SChannel and OpenSSL engines) every session addition and removal
      should be accompanied with refcount increment and decrement
      respectively. Failing to do so synchronously leads to a race condition
      that causes symptoms like use-after-free and memory corruption.
      This commit:
       - makes existing session cache locking explicit, thus allowing
         individual engines to manage lock's scope.
       - fixes OpenSSL and SChannel engines by putting refcount management
         inside this lock's scope in relevant places.
       - adds these explicit locking calls to other engines that use
         sessionid cache to accommodate for this change. Note, however,
         that it is unknown whether any of these engines could also have
         this race.
      
      Bug: https://github.com/curl/curl/issues/815
      Fixes #815
      Closes #847
      31c521b0
    • Andrew Kurushin's avatar
      schannel: add CURLOPT_CERTINFO support · 6cabd785
      Andrew Kurushin authored
      Closes #822
      6cabd785
  16. May 31, 2016