- Apr 20, 2018
-
-
Stephan Mühlstrasser authored
Curl_cert_hostcheck operates with the host character set, therefore the ASCII subjectAltName string retrieved with OpenSSL must be converted to the host encoding before comparison. Closes #2493
-
Jay Satiro authored
- Support handling verbose-mode trace messages of type SSL3_RT_INNER_CONTENT_TYPE, SSL3_MT_ENCRYPTED_EXTENSIONS, SSL3_MT_END_OF_EARLY_DATA, SSL3_MT_KEY_UPDATE, SSL3_MT_NEXT_PROTO, SSL3_MT_MESSAGE_HASH Reported-by: <iz8mbw@users.noreply.github.com> Fixes https://github.com/curl/curl/issues/2403
-
- Apr 19, 2018
-
-
Daniel Stenberg authored
Regression from f786d1f1 Reported-by: wncboy on github Fixes #2445 Closes #2508
-
Daniel Stenberg authored
-
Daniel Stenberg authored
This triggered an assert if called more than once in debug mode (and a memory leak if not debug build). With the right sequence of HTTP/2 headers incoming it can happen. Detected by OSS-Fuzz Closes #2507 Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7764
-
- Apr 18, 2018
-
-
Dan McNulty authored
- Move verify_certificate functionality in schannel.c into a new file called schannel_verify.c. Additionally, some structure defintions from schannel.c have been moved to schannel.h to allow them to be used in schannel_verify.c. - Make verify_certificate functionality for Schannel available on all versions of Windows instead of just Windows CE. verify_certificate will be invoked on Windows CE or when the user specifies CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER. - In verify_certificate, create a custom certificate chain engine that exclusively trusts the certificate store backed by the CURLOPT_CAINFO file. - doc updates of --cacert/CAINFO support for schannel - Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString when available. This implements a TODO in schannel.c to improve handling of multiple SANs in a certificate. In particular, all SANs will now be searched instead of just the first name. - Update tool_operate.c to not search for the curl-ca-bundle.crt file when using Schannel to maintain backward compatibility. Previously, any curl-ca-bundle.crt file found in that search would have been ignored by Schannel. But, with CAINFO support, the file found by that search would have been used as the certificate store and could cause issues for any users that have curl-ca-bundle.crt in the search path. - Update url.c to not set the build time CURL_CA_BUNDLE if the selected SSL backend is Schannel. We allow setting CA location for schannel only when explicitly specified by the user via CURLOPT_CAINFO / --cacert. - Add new test cases 3000 and 3001. These test cases check that the first and last SAN, respectively, matches the connection hostname. New test certificates have been added for these cases. For 3000, the certificate prefix is Server-localhost-firstSAN and for 3001, the certificate prefix is Server-localhost-secondSAN. - Remove TODO 15.2 (Add support for custom server certificate validation), this commit addresses it. Closes https://github.com/curl/curl/pull/1325
-
- Apr 17, 2018
-
-
Jay Satiro authored
- Fix warning 'integer from pointer without a cast' on 3rd arg in CertOpenStore. The arg type HCRYPTPROV may be a pointer or integer type of the same size. Follow-up to e35b0256. Caught by Marc's CI builds.
-
Jakub Wilk authored
Closes https://github.com/curl/curl/pull/2503
-
Daniel Stenberg authored
-
Kees Dekker authored
- Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2, OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH, NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH. - Use lib.exe for making the static library instead of link.exe /lib. The latter is undocumented and could cause problems as noted in the comments. - Remove a dangling URL that no longer worked. (I was not able to find the IDN download at MSDN/microsoft.com, so it seems to be removed.) - Remove custom override for release-ssh2-ssl-dll-zlib configuration. Nobody knows why it was there and as far as we can see is unnecessary. Closes https://github.com/curl/curl/pull/2474
-
- Apr 16, 2018
-
-
Jess authored
Closes #2484
-
Archangel_SDY authored
Users can now specify a client certificate in system certificates store explicitly using expression like `--cert "CurrentUser\MY\<thumbprint>"` Closes #2376
-
toughengineer authored
If you pass empty user/pass asking curl to use Windows Credential Storage (as stated in the docs) and it has valid credentials for the domain, e.g. curl -v -u : --ntlm example.com currently authentication fails. This change fixes it by providing proper SPN string to the SSPI API calls. Fixes https://github.com/curl/curl/issues/1622 Closes https://github.com/curl/curl/pull/1660
-
Daniel Stenberg authored
... only set it when we actually have to run tests to reduce its impact on for example build commands etc. Fixes #2490 Closes #2492 Reported-by: Dmitry Mikhirev
-
Marcel Raad authored
The ifdefs have become quite long. Also, the condition for the definition of CURLOPT_SERVICE_NAME and for setting it from CURLOPT_SERVICE_NAME have diverged. We will soon also need the two options for NTLM, at least when using SSPI, for https://github.com/curl/curl/pull/1660. Just make the definitions unconditional to make that easier. Closes https://github.com/curl/curl/pull/2479
-
Daniel Stenberg authored
Fixes #2446 Closes #2488
-
Christian Schmitz authored
Closes #2500
-
- Apr 15, 2018
-
-
Daniel Gustafsson authored
Address various spellings of "credentials". Closes https://github.com/curl/curl/pull/2496
-
Dagobert Michelsen authored
With specific compiler options selecting the arch like -xarch=sparc on newer compilers like Oracle Studio 12.4 there is no definition of __sparcv8 but __sparcv8plus which means the V9 ISA, but limited to the 32ÎíÎñbit subset defined by the V8plus ISA specification, without the Visual Instruction Set (VIS), and without other implementation-specific ISA extensions. So it should be the same as __sparcv8. Closes https://github.com/curl/curl/pull/2491
-
Daniel Gustafsson authored
Fix typo in "semicolon" spelling and remove stray tab character. Closes https://github.com/curl/curl/pull/2498
-
Daniel Gustafsson authored
When a zeroed out allocation is required, use calloc() rather than malloc() followed by an explicit memset(). The result will be the same, but using calloc() everywhere increases consistency in the codebase and avoids the risk of subtle bugs when code is injected between malloc and memset by accident. Closes https://github.com/curl/curl/pull/2497
-
- Apr 12, 2018
-
-
Daniel Stenberg authored
Verified in test 1502 now Fixes #2485 Closes #2486 Reported-by: Ernst Sjöstrand
-
Daniel Stenberg authored
-
- Apr 11, 2018
-
-
Daniel Stenberg authored
... to aid debugging etc as it sometimes isn't immediately obvious why curl uses or doesn't use a proxy. Inspired by #2477 Closes #2480
-
- Apr 10, 2018
-
-
Daniel Stenberg authored
closes #2471
-
Daniel Stenberg authored
Extra-eye-on-this-by: Marcel Raad Closes #2478
-
Marcel Raad authored
This works now and precise is in the process of being decommissioned. Closes https://github.com/curl/curl/pull/2476
-
- Apr 09, 2018
-
-
Marcel Raad authored
In debug mode, MingGW-w64's GCC 7.3 issues null-dereference warnings when dereferencing pointers after DEBUGASSERT-ing that they are not NULL. Fix this by removing the DEBUGASSERTs. Suggested-by: Daniel Stenberg Ref: https://github.com/curl/curl/pull/2463
-
Kees Dekker authored
Follow up on https://github.com/curl/curl/pull/2472. Now using en-us instead of nl-nl as language code in the URL. Closes https://github.com/curl/curl/pull/2475
-
Kees Dekker authored
The setenv command no longer exists and visual studio build prompts got changed. Used Visual Studio 2015/2017 as reference. Closes #2472
-
- Apr 08, 2018
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
unit1309 and vtls/gtls: error: arithmetic on a null pointer treated as a cast from integer to pointer is a GNU extension Reported-by: Rikard Falkeborn Fixes #2466 Closes #2468
-
- Apr 07, 2018
-
-
Jay Satiro authored
- Use _fseeki64 instead of fseek (long) to seek curl_off_t in Windows. - Use CURL_FORMAT_CURL_OFF_T specifier instead of %ld to print curl_off_t. Caught by Marc's CI builds.
-
Daniel Stenberg authored
... and use this type instead of 'sa_family_t' in the code since several platforms don't have it. Closes #2463
-
Eric Gallager authored
-
Daniel Stenberg authored
-
Stefan Agner authored
Only treat response code as FTP response codes in case the protocol type is FTP. This fixes an issue where an HTTP download was treated as FTP in case libcurl returned with 33. This happens when the download has already finished and the server responses 416: HTTP/1.1 416 Requested Range Not Satisfiable This should not be treated as an FTP error. Fixes #2464 Closes #2465
-
- Apr 06, 2018
-
-
Daniel Stenberg authored
... since they return size_t anyway! closes #2462
-
Daniel Stenberg authored
-
Jay Satiro authored
.. and do the same for build-wolfssl.bat. Because MS calls it VC14.1. Closes https://github.com/curl/curl/pull/2189
-