Skip to content
  1. May 23, 2014
    • Tatsuhiro Tsujikawa's avatar
      openssl: Fix uninitialized variable use in NPN callback · c7638d93
      Tatsuhiro Tsujikawa authored
      OpenSSL passes out and outlen variable uninitialized to
      select_next_proto_cb callback function.  If the callback function
      returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled
      values in out and outlen and processes as such.  Previously, if there
      is no overlap in protocol lists, curl code does not fill any values in
      these variables and returns SSL_TLSEXT_ERR_OK, which means we are
      triggering undefined behavior.  valgrind warns this.
      
      This patch fixes this issue by fallback to HTTP/1.1 if there is no
      overlap.
      c7638d93
    • Daniel Stenberg's avatar
  2. May 22, 2014
  3. May 21, 2014
  4. May 20, 2014
  5. May 19, 2014
  6. May 18, 2014
  7. May 17, 2014