Skip to content
  1. Jan 11, 2013
    • Kamil Dudka's avatar
      nss: clear session cache if a client cert from file is used · b36f1d26
      Kamil Dudka authored
      This commit fixes a regression introduced in 052a08ff.
      
      NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
      and if we connect second time to the same server, the cached cert/key
      pair is used.  If we use multiple client certificates for different
      paths on the same server, we need to clear the session cache to force
      NSS to call the hook again.  The commit 052a08ff prevented the session
      cache from being cleared if a client certificate from file was used.
      
      The condition is now fixed to cover both cases: consssl->client_nickname
      is not NULL if a client certificate from the NSS database is used and
      connssl->obj_clicert is not NULL if a client certificate from file is
      used.
      
      Review by: Kai Engert
      b36f1d26
  2. Dec 27, 2012
  3. Dec 03, 2012
    • Kamil Dudka's avatar
      nss: prevent NSS from crashing on client auth hook failure · 68d2830e
      Kamil Dudka authored
      Although it is not explicitly stated in the documentation, NSS uses
      *pRetCert and *pRetKey even if the client authentication hook returns
      a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
      afterwards, NSS destroys the certificate once again, which causes a
      double free.
      
      Reported by: Bob Relyea
      68d2830e
  4. Nov 20, 2012
  5. Nov 19, 2012
  6. Nov 17, 2012
  7. Nov 14, 2012
  8. Nov 13, 2012
  9. Nov 09, 2012
  10. Nov 07, 2012
  11. Nov 06, 2012
  12. Oct 10, 2012
  13. Oct 02, 2012
  14. Sep 12, 2012
  15. Sep 09, 2012
  16. Sep 03, 2012
  17. Aug 09, 2012
  18. Aug 08, 2012
  19. Aug 07, 2012
  20. Jul 27, 2012
  21. Jul 26, 2012
  22. Jul 22, 2012
  23. Jul 20, 2012
  24. Jul 15, 2012
  25. Jul 09, 2012
  26. Jul 07, 2012
  27. Jun 25, 2012
  28. Jun 13, 2012
    • Yang Tse's avatar
      schannel: remove version number and identify its use with 'schannel' literal · 819afe46
      Yang Tse authored
      Version number is removed in order to make this info consistent with
      how we do it with other MS and Linux system libraries for which we don't
      provide this info.
      
      Identifier changed from 'WinSSPI' to 'schannel' given that this is the
      actual provider of the SSL/TLS support. libcurl can still be built with
      SSPI and without SCHANNEL support.
      819afe46
  29. Jun 11, 2012
  30. Jun 09, 2012
  31. Jun 08, 2012
  32. Jun 04, 2012
  33. Jun 03, 2012