- Aug 29, 2014
-
-
Askar Safin authored
-
Askar Safin authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Aug 28, 2014
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Aug 27, 2014
-
-
Daniel Stenberg authored
When enabling CURLOPT_NOBODY, libcurl effectively switches off upload mode and will do a download (without a body). This is now better explained in this man page. Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html Reported-by: John Coffey
-
- Aug 26, 2014
-
-
Daniel Stenberg authored
-
- Aug 25, 2014
-
-
Dan Fandrich authored
-
Daniel Stenberg authored
I re-ran contributors.sh on all changes since 7.10 and I found these contributors who are mentioned in the commits but never were added to THANKS before! I also removed a couple of duplicates (mostly due to different spellings).
-
- Aug 22, 2014
-
-
Daniel Stenberg authored
Bug: http://curl.haxx.se/bug/view.cgi?id=1414 Reported-by: teo8976
-
Daniel Stenberg authored
-
Frank Meier authored
Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed since NTLM requires multiple requests that re-use the same connection for the authentication to work Solution: Ignore the forbid reuse flag in case the NTLM authentication handshake is in progress, according to the NTLM state flag. Fixed known bug #77.
-
- Aug 18, 2014
-
-
Daniel Stenberg authored
-
- Aug 16, 2014
-
-
Steve Holme authored
-
Steve Holme authored
Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other authentication mechanisms" following recent additions. Added SASL 14.2 GSSAPI via GSS-API libraries.
-
Steve Holme authored
This repeats what has already been documented in both the curl manpage and CURLOPT_USERPWD documentation but is provided here for completeness as someone may not especially read the latter when using libcurl.
-
Steve Holme authored
Added information about Kerberos V5 requiring the domain part in the user name. Mentioned that the user name can be specified in UPN format, and not just in Down-Level Logon Name format, following the information added in commit 7679cb3f reworking the exisitng information in the process.
-
Steve Holme authored
-
Steve Holme authored
-
- Aug 11, 2014
-
-
Kamil Dudka authored
Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html Reported-by: David Shaw
-
- Aug 08, 2014
-
-
Michael Osipov authored
Reflect recent changes in SPNEGO and GSS-API code in the docs. Update them with appropriate namings and remove visible spots for GSS-Negotiate.
-
- Aug 07, 2014
-
-
Steve Holme authored
-
- Aug 06, 2014
-
-
Steve Holme authored
-
Steve Holme authored
-
- Aug 02, 2014
-
-
Daniel Stenberg authored
-
- Aug 01, 2014
-
-
Daniel Stenberg authored
-
- Jul 31, 2014
-
-
Michael Wallner authored
-
Daniel Stenberg authored
... and has been so since 2005
-
Daniel Stenberg authored
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS one which was missing previously.
-
- Jul 30, 2014
-
-
Dan Fandrich authored
-
Michael Wallner authored
-
- Jul 28, 2014
-
-
Daniel Stenberg authored
... with permission from David Shaw
-
- Jul 24, 2014
-
-
Daniel Stenberg authored
-
- Jul 23, 2014
-
-
Daniel Stenberg authored
1 - fixes the warnings when built without http2 support 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 basically when they are about http2 specific things.
-
- Jul 22, 2014
-
-
Daniel Stenberg authored
-
- Jul 19, 2014
-
-
Alessandro Ghedini authored
-
- Jul 17, 2014
-
-
Daniel Stenberg authored
-
- Jul 16, 2014
-
-
David Woodhouse authored
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which allows client and server to negotiate the underlying mechanism which will actually be used to authenticate. This is *often* Kerberos, and can also be NTLM and other things. And to complicate matters, there are various different OIDs which can be used to specify the Kerberos mechanism too. A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, and will exchange GSSAPI tokens which are appropriate for that mechanism. But this SPNEGO implementation just strips the incoming SPNEGO packet and extracts the token, if any. And completely discards the information about *which* mechanism is being used. Then we *assume* it was Kerberos, and feed the token into gss_init_sec_context() with the default mechanism (GSS_S_NO_OID for the mech_type argument). Furthermore... broken as this code is, it was never even *used* for input tokens anyway, because higher layers of curl would just bail out if the server actually said anything *back* to us in the negotiation. We assume that we send a single token to the server, and it accepts it. If the server wants to continue the exchange (as is required for NTLM and for SPNEGO to do anything useful), then curl was broken anyway. So the only bit which actually did anything was the bit in Curl_output_negotiate(), which always generates an *initial* SPNEGO token saying "Hey, I support only the Kerberos mechanism and this is its token". You could have done that by manually just prefixing the Kerberos token with the appropriate bytes, if you weren't going to do any proper SPNEGO handling. There's no need for the FBOpenSSL library at all. The sane way to do SPNEGO is just to *ask* the GSSAPI library to do SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() is for. And then it should all Just Work™. That 'sane way' will be added in a subsequent patch, as will bug fixes for our failure to handle any exchange other than a single outbound token to the server which results in immediate success.
-
- Jul 10, 2014
-
-
Steve Holme authored
-