Skip to content
  1. Aug 18, 2016
  2. Aug 17, 2016
    • Steve Holme's avatar
      RELEASE-PROCEDURE: Added some more future release dates · cf582d7b
      Steve Holme authored
      ...and removed some old ones
      cf582d7b
    • David Woodhouse's avatar
      curl: allow "pkcs11:" prefix for client certificates · 01f69232
      David Woodhouse authored
      RFC7512 provides a standard method to reference certificates in PKCS#11
      tokens, by means of a URI starting 'pkcs11:'.
      
      We're working on fixing various applications so that whenever they would
      have been able to use certificates from a file, users can simply insert
      a PKCS#11 URI instead and expect it to work. This expectation is now a
      part of the Fedora packaging guidelines, for example.
      
      This doesn't work with cURL because of the way that the colon is used
      to separate the certificate argument from the passphrase. So instead of
      
         curl -E 'pkcs11:manufacturer=piv_II;id=%01' …
      
      I instead need to invoke cURL with the colon escaped, like this:
      
         curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …
      
      This is suboptimal because we want *consistency* — the URI should be
      usable in place of a filename anywhere, without having strange
      differences for different applications.
      
      This patch therefore disables the processing in parse_cert_parameter()
      when the string starts with 'pkcs11:'. It means you can't pass a
      passphrase with an unescaped PKCS#11 URI, but there's no need to do so
      because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
      the URI itself.
      
      Also, if users are already using RFC7512 URIs with the colon escaped as
      in the above example — even providing a passphrase for cURL to handling
      instead of using a pin-value attribute, that will continue to work
      because their string will start 'pkcs11\:' and won't match the check.
      
      What *does* break with this patch is the extremely unlikely case that a
      user has a file which is in the local directory and literally named
      just "pkcs11", and they have a passphrase on it. If that ever happened,
      the user would need to refer to it as './pkcs11:<passphrase>' instead.
      01f69232
    • Daniel Stenberg's avatar
      nss: make the global variables static · 667fcb04
      Daniel Stenberg authored
      667fcb04
  3. Aug 16, 2016
  4. Aug 15, 2016
  5. Aug 14, 2016
  6. Aug 13, 2016
  7. Aug 12, 2016
  8. Aug 11, 2016
  9. Aug 10, 2016
    • Daniel Stenberg's avatar
      RELEASE-NOTES: synced with e577c43b · 6301692f
      Daniel Stenberg authored
      6301692f
    • Erik Janssen's avatar
      rtsp: accept any RTSP session id · e577c43b
      Erik Janssen authored
      Makes libcurl work in communication with gstreamer-based RTSP
      servers. The original code validates the session id to be in accordance
      with the RFC. I think it is better not to do that:
      
      - For curl the actual content is a don't care.
      
      - The clarity of the RFC is debatable, is $ allowed or only as \$, that
        is imho not clear
      
      - Gstreamer seems to url-encode the session id but % is not allowed by
      the RFC
      
      - less code
      
      With this patch curl will correctly handle real-life lines like:
      Session: biTN4Kc.8%2B1w-AF.; timeout=60
      
      Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html
      e577c43b
  10. Aug 09, 2016