Skip to content
  1. Dec 15, 2010
  2. Dec 09, 2010
  3. Nov 19, 2010
  4. Nov 14, 2010
  5. Nov 09, 2010
  6. Nov 08, 2010
  7. Nov 04, 2010
  8. Oct 17, 2010
  9. Oct 12, 2010
  10. Oct 08, 2010
  11. Sep 30, 2010
  12. Sep 28, 2010
  13. Sep 21, 2010
  14. Sep 20, 2010
  15. Sep 18, 2010
  16. Sep 12, 2010
  17. Aug 25, 2010
  18. Aug 15, 2010
  19. Aug 11, 2010
  20. Aug 10, 2010
  21. Aug 06, 2010
  22. Aug 02, 2010
  23. Jul 14, 2010
  24. Jul 13, 2010
  25. Jun 30, 2010
    • Kamil Dudka's avatar
      http_ntlm: add support for NSS · f3b77e56
      Kamil Dudka authored
      When configured with '--without-ssl --with-nss', NTLM authentication
      now uses NSS crypto library for MD5 and DES.  For MD4 we have a local
      implementation in that case.  More details are available at
      https://bugzilla.redhat.com/603783
      
      In order to get it working, curl_global_init() must be called with
      CURL_GLOBAL_SSL or CURL_GLOBAL_ALL.  That's necessary because NSS needs
      to be initialized globally and we do so only when the NSS library is
      actually required by protocol.  The mentioned call of curl_global_init()
      is responsible for creating of the initialization mutex.
      
      There was also slightly changed the NSS initialization scenario, in
      particular, loading of the NSS PEM module.  It used to be loaded always
      right after the NSS library was initialized.  Now the library is
      initialized as soon as any SSL or NTLM is required, while the PEM module
      is prevented from being loaded until the SSL is actually required.
      f3b77e56
  26. Jun 28, 2010
  27. Jun 16, 2010
  28. Jun 05, 2010
    • Constantine Sapuntzakis's avatar
      OpenSSL: fix spurious SSL connection aborts · a0dd9df9
      Constantine Sapuntzakis authored
      Was seeing spurious SSL connection aborts using libcurl and
      OpenSSL. I tracked it down to uncleared error state on the
      OpenSSL error stack - patch attached deals with that.
      
      Rough idea of problem:
      
      Code that uses libcurl calls some library that uses OpenSSL but
      don't clear the OpenSSL error stack after an error.
      
      ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
      the OS. Returns -1 to indicate an error
      
      ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
      ERR_get_error to check the OpenSSL error stack, finds an old
      error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
      SSL_ERROR_WANT_WRITE.
      
      ssluse.c returns an error and aborts the connection
      
      Solution:
      
      Clear the openssl error stack before calling SSL_* operation if
      we're going to call SSL_get_error afterwards.
      
      Notes:
      
      This is much more likely to happen with multi because it's easier
      to intersperse other calls to the OpenSSL library in the same
      thread.
      a0dd9df9
  29. Jun 04, 2010
  30. Jun 02, 2010
  31. Jun 01, 2010
    • Daniel Stenberg's avatar
      multi_socket: handles timer inaccuracy better for timeouts · 2c72732e
      Daniel Stenberg authored
      Igor Novoseltsev reported a problem with the multi socket API and
      using timeouts and timers. It boiled down to a problem with
      libcurl's use of GetTickCount() interally to figure out the
      current time, while Igor's own application code used another
      function call.
      
      It made his app call the socket API timeout function a bit
      _before_ libcurl would consider the timeout to trigger, and that
      could easily lead to timeouts or stalls in the app. It seems
      GetTickCount() in general often has no better resolution than
      16ms and switching to the alternative function
      QueryPerformanceCounter has its share of problems:
      http://www.virtualdub.org/blog/pivot/entry.php?id=106
      
      We address this problem by simply having libcurl treat timers
      that already has occured or will occur within 40ms subject for
      treatment. I'm confident that there are other implementations and
      operating systems with similarly in accurate timer functions so
      it makes sense to have applied generically and I don't believe we
      sacrifice much by adding a 40ms inaccuracy on these timeouts.
      2c72732e
  32. May 24, 2010
    • Howard Chu's avatar
      LDAP: properly implemented as a curl_handler · 2e056353
      Howard Chu authored
      makes the LDAP code much cleaner, nicer and in general being a
      better libcurl citizen. If a new enough OpenLDAP version is
      detect, the new and shiny lib/openldap.c code is then used
      instead of the old cruft
      
      Code by Howard, minor cleanups by Daniel.
      2e056353
  33. May 21, 2010