- 27 Aug, 2016 2 commits
-
-
Daniel Stenberg authored
... instead of if() before the switch(), add a default to the switch so that the compilers don't warn on "warning: enumeration value 'PLATFORM_DONT_CARE' not handled in switch" anymore.
-
Steve Holme authored
-
- 26 Aug, 2016 7 commits
-
-
Jay Satiro authored
- Disable ALPN on Wine. - Don't pass input secbuffer when ALPN is disabled. When ALPN support was added a change was made to pass an input secbuffer to initialize the context. When ALPN is enabled the buffer contains the ALPN information, and when it's disabled the buffer is empty. In either case this input buffer caused problems with Wine and connections would not complete. Bug: https://github.com/curl/curl/issues/983 Reported-by: Christian Fillion
-
Peter Wang authored
Serialise the call to PK11_FindSlotByName() to avoid spurious errors in a multi-threaded environment. The underlying cause is a race condition in nssSlot_IsTokenPresent(). Bug: https://bugzilla.mozilla.org/1297397 Closes #985
-
Kamil Dudka authored
... when we are not asked to use a certificate from file
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Dan Fandrich authored
-
- 25 Aug, 2016 5 commits
-
-
Michael Kaufmann authored
- unknown protocols probably won't send more headers (e.g. WebSocket) - improved comments and moved them to the correct case statements Closes #899
-
Daniel Stenberg authored
synced with OpenSSL git master commit cc06906707
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... instead of relying on the pkg-config autoconf macros to be present. Fixes #972 (again...)
-
Jay Satiro authored
.. also remove same from scp
-
- 23 Aug, 2016 1 commit
-
-
Ales Novak authored
When we're uploading using FTP and the server issues a tiny pause between opening the connection to the client's secondary socket, the client's initial poll() times out, which leads to second poll() which does not wait for POLLIN on the secondary socket. So that poll() also has to time out, creating a long (200ms) pause. This patch adds the correct flag to the secondary socket, making the second poll() correctly wait for the connection there too. Signed-off-by: Ales Novak <alnovak@suse.cz> Closes #978
-
- 22 Aug, 2016 1 commit
-
-
Daniel Stenberg authored
-
- 21 Aug, 2016 6 commits
-
-
Daniel Stenberg authored
With commit c2f9b78a we added a new dependency on pkg-config for developers which may be unwanted. This change make the configure script still work as before if pkg-config isn't installed, it'll just use the old zlib detection logic without pkg-config. Reported-by: Marc Hörsken Fixes #972
-
Marc Hoersken authored
This reverts commit 9cb1059f. As discussed in #835 SOCKS5 supports IPv6 proxies and destinations.
-
Marco Deckel authored
Closes #820
-
Steve Holme authored
Only choose the GSSAPI authentication mechanism when the user name contains a Windows domain name or the user is a valid UPN. Fixes #718
-
Steve Holme authored
Completing commit 00417fd6 and 2708d425.
-
Steve Holme authored
From commit 2708d425.
-
- 20 Aug, 2016 9 commits
-
-
Marc Hoersken authored
Instead of displaying the requested hostname the one returned by the SOCKS5 proxy server is used in case of connection error. The requested hostname is displayed earlier in the connection sequence. The upper-value of the port is moved to a temporary variable and replaced with a 0-byte to make sure the hostname is 0-terminated.
-
Steve Holme authored
As of 7.25.0 and commit 54300072.
-
Marc Hoersken authored
Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
-
Marc Hoersken authored
Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
-
Steve Holme authored
Made by Visual Studio's auto-correct feature and missed by me in my own code reviews!
-
Steve Holme authored
Hooked up the HTTP authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. As per commit 00417fd6 existing functionality is maintained for now.
-
Marc Hoersken authored
-
Marc Hoersken authored
-
Steve Holme authored
Hooked up the SASL authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. For now existing functionality is maintained.
-
- 19 Aug, 2016 2 commits
-
-
Miroslav Franc authored
-
Daniel Stenberg authored
-
- 18 Aug, 2016 2 commits
-
-
Steve Holme authored
As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
-
Daniel Stenberg authored
-
- 17 Aug, 2016 3 commits
-
-
Steve Holme authored
...and removed some old ones
-
David Woodhouse authored
RFC7512 provides a standard method to reference certificates in PKCS#11 tokens, by means of a URI starting 'pkcs11:'. We're working on fixing various applications so that whenever they would have been able to use certificates from a file, users can simply insert a PKCS#11 URI instead and expect it to work. This expectation is now a part of the Fedora packaging guidelines, for example. This doesn't work with cURL because of the way that the colon is used to separate the certificate argument from the passphrase. So instead of curl -E 'pkcs11:manufacturer=piv_II;id=%01' … I instead need to invoke cURL with the colon escaped, like this: curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … This is suboptimal because we want *consistency* — the URI should be usable in place of a filename anywhere, without having strange differences for different applications. This patch therefore disables the processing in parse_cert_parameter() when the string s...
-
Daniel Stenberg authored
-
- 16 Aug, 2016 2 commits
-
-
Daniel Stenberg authored
This allows for better memmory debugging and torture tests.
-
Daniel Stenberg authored
This fixes tests that were added after 113f04e6 as the tests would fail otherwise. We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix regressions with old and stupid proxies, but we could possibly switch to using it only for CONNECT or only for NTLM in a future if we want to gradually reduce it. Fixes #954 Reported-by: János Fekete
-