- Oct 03, 2017
-
-
Michael Kaufmann authored
Compare these settings in Curl_ssl_config_matches(): - verifystatus (CURLOPT_SSL_VERIFYSTATUS) - random_file (CURLOPT_RANDOM_FILE) - egdsocket (CURLOPT_EGDSOCKET) Also copy the setting "verifystatus" in Curl_clone_primary_ssl_config(), and copy the setting "sessionid" unconditionally. This means that reusing connections that are secured with a client certificate is now possible, and the statement "TLS session resumption is disabled when a client certificate is used" in the old advisory at https://curl.haxx.se/docs/adv_20170419.html is obsolete. Reviewed-by: Daniel Stenberg Closes #1917
-
Michael Kaufmann authored
Reviewed-by: Daniel Stenberg Closes #1919
-
Patrick Monnerat authored
-
Daniel Stenberg authored
... now with a -formadd suffix. While the new mime API is introduced in 7.56.0 we must acknowledge that lots of users can't upgrade their curl versions immediately.
-
- Oct 02, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... a single double quote could leave the entry path buffer without a zero terminating byte. CVE-2017-1000254 Test 1152 added to verify. Reported-by: Max Dymond Bug: https://curl.haxx.se/docs/adv_20171004.html
-
Sergei Nikulov authored
Fixes https://github.com/curl/curl/issues/1500 Reported-by: Jay Satiro Fixes https://github.com/curl/curl/pull/1662 Assisted-by: Tom Seddon Assisted-by: <dpull@users.noreply.github.com> Assisted-by: <elelel@users.noreply.github.com> Closes https://github.com/curl/curl/pull/1924
-
- Oct 01, 2017
-
-
Patrick Monnerat authored
-
Patrick Monnerat authored
-
Patrick Monnerat authored
Include a guide to form/mime API conversion.
-
- Sep 30, 2017
-
-
Daniel Stenberg authored
... this will let the second occurance override the first. Added test 1161 to verify. Reported-by: Max Dymond Fixes #1932 Closes #1933
-
Dan Fandrich authored
Otherwise, the test fails when the -b test option is used to set a different test port range.
-
Dan Fandrich authored
When curl and libcurl are built with some protocols disabled, they stop setting and receiving some options that don't make sense with those protocols. In particular, when HTTP is disabled many options aren't set that are used only by HTTP. However, some options that appear to be HTTP-only are actually used by other protocols as well (some despite having HTTP in the name) and should be set, but weren't. This change now causes some of these options to be set and used for more (or for all) protocols. In particular, this fixes tests 646 through 649 in an HTTP-disabled build, which use the MIME API in the mail protocols.
-
- Sep 29, 2017
-
-
Daniel Stenberg authored
The fix done in 20ea22ff
-
Daniel Stenberg authored
Regression brought by 2bc230de Detected by OSS-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3513 Assisted-by: Max Dymond Closes #1930
-
Anders Bakken authored
The timer should be started after conn->connecttime is set. Otherwise the timer could expire without this condition being true: /* should we try another protocol family? */ if(i == 0 && conn->tempaddr[1] == NULL && curlx_tvdiff(now, conn->connecttime) >= HAPPY_EYEBALLS_TIMEOUT) { Ref: #1928
-
- Sep 28, 2017
-
-
Michael Kaufmann authored
Closes #1922
-
Michael Kaufmann authored
Closes #1921
-
Michael Kaufmann authored
Closes #1920
-
Michael Kaufmann authored
A connection can only be reused if the flags "conn_to_host" and "conn_to_port" match. Therefore it is not necessary to copy these flags in reuse_conn(). Closes #1918
-
- Sep 27, 2017
-
-
Daniel Stenberg authored
When building with -std=c++14 on cygwin, this header won't be automatically included as it otherwise is. The <sys/select.h> include decision should ideally be reversed and be avoided where that header file doesn't exist. Reported-by: Ian Fette Fixes #1925
-
- Sep 25, 2017
-
-
Daniel Stenberg authored
-
- Sep 24, 2017
-
-
Michael Kaufmann authored
-
- Sep 23, 2017
-
-
Jay Satiro authored
.. and include the core NTLM header in all NTLM-related source files. Follow up to 6f86022d. Since then http_ntlm checks NTLM_NEEDS_NSS_INIT but did not include vtls.h where it was defined. Closes https://github.com/curl/curl/pull/1911
-
Daniel Stenberg authored
When trying to bump the value with one and the value is already at max, it causes an integer overflow. Closes #1908 Detected by oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3465 Assisted-by: Max Dymond
-
Michael Kaufmann authored
-
Jay Satiro authored
- Use spaces instead of tabs as the delimiter. Follow up to 7c52b12d which added the entry. The entry had used tabs but the symbol-scan parser doesn't recognize tabs and would fail the symbol.
-
- Sep 22, 2017
-
-
Viktor Szakats authored
In MultiSSL mode (i.e. when more than one SSL backend is compiled in), we cannot use the compile time flag `USE_NSS` as indicator that the NSS backend is in use. As far as Metalink is concerned, the SSL backend is only used for MD5, SHA-1 and SHA-256 calculations, therefore one of the available SSL backends is selected at compile time, in a strict order of preference. Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used to determine whether the SSL backend used for Metalink is the NSS backend, and use that to guard the code that wants to de-initialize the NSS-specific data structure. Ref: https://github.com/curl/curl/pull/1848
-
Viktor Szakats authored
With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778 (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
-
Daniel Stenberg authored
...fixup from b8e0fe19
-
Daniel Stenberg authored
Updates test 800 to verify Fixes #1902 Closes #1903
-
Daniel Stenberg authored
... as the test cases themselves do that and it makes it easier to add crazy test cases. Test 800 updated to use user name + password that need quoting. Test 856 updated to trigger an auth fail differently. Ref: #1902
-
Daniel Stenberg authored
... it just returns error: Bug: https://github.com/curl/curl/commit/1328f69d53f2f2e937696ea954c480412b018451#commitcomment-24470367 Reported-by: Marcel Raad Closes #1906
-
Patrick Monnerat authored
Also suppress length argument of curl_mime_name() (names are always zero-terminated).
-
- Sep 21, 2017
-
-
Dirk Feytons authored
In some cases the RSA key does not support verifying it because it's located on a smart card, an engine wants to hide it, ... Check the flags on the key before trying to verify it. OpenSSL does the same thing internally; see ssl/ssl_rsa.c Closes #1904
-
Marcel Raad authored
Otherwise, typecheck-gcc.h warns on MinGW-w64.
-
- Sep 20, 2017
-
-
Patrick Monnerat authored
... in hope coverity will like it much.
-
Patrick Monnerat authored
-
Daniel Stenberg authored
Detected by coverity. CID 1418137.
-
Daniel Stenberg authored
Regression since ce0881ed Coverity CID 1418139 and CID 1418136 found it, but it was also seen in torture testing.
-