- 17 May, 2016 10 commits
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
...as otherwise the TLS libs will skip the CN/SAN check and just allow connection to any server. curl previously skipped this function when SNI wasn't used or when connecting to an IP address specified host. CVE-2016-3739 Bug: https://curl.haxx.se/docs/adv_20160518A.html Reported-by: Moti Avrahami
-
Frank Gevaerts authored
Closes #811
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Closes #762
-
Daniel Stenberg authored
-
Daniel Stenberg authored
CID 1361815: Explicit null dereferenced (FORWARD_NULL)
-
Daniel Stenberg authored
CID 1361811: Explicit null dereferenced (FORWARD_NULL)
-
Daniel Stenberg authored
CID 1024412: Memory - illegal accesses (OVERRUN). Claimed to happen when we run over 'workend' but the condition says <= workend and for all I can see it should be safe. Compensating for the warning by adding a byte margin in the buffer. Also, removed the extra brace level indentation in the code and made it so that 'workend' is only assigned once within the function.
-
- 16 May, 2016 3 commits
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Jay Satiro authored
- Return value type must match function type. s/CURLM_OUT_OF_MEMORY/CURLE_OUT_OF_MEMORY/ Caught by Travis CI
-
- 14 May, 2016 1 commit
-
-
Daniel Stenberg authored
The proper FTP wildcard init is now more properly done in Curl_pretransfer() and the corresponding cleanup in Curl_close(). The previous place of init/cleanup code made the internal pointer to be NULL when this feature was used with the multi_socket() API, as it was made within the curl_multi_perform() function. Reported-by: Jonathan Cardoso Machado Fixes #800
-
- 13 May, 2016 2 commits
-
-
Jay Satiro authored
Because the old OpenSSL link now redirects to their master documentation (currently 1.1.0), which does not document the required actions for OpenSSL <= 1.0.2.
-
Viktor Szakats authored
-
- 12 May, 2016 7 commits
-
-
Daniel Stenberg authored
Added 8 bug fixes and 5 more contrbutors
-
Jay Satiro authored
Prior to this change a width arg could be erroneously output, and also width and precision args could not be used together without crashing. "%0*d%s", 2, 9, "foo" Before: "092" After: "09foo" "%*.*s", 5, 2, "foo" Before: crash After: " fo" Test 557 is updated to verify this and more
-
Michael Kaufmann authored
Follow-up commit to 58231795 Closes #648
-
Per Malmberg authored
The new way of disabling certificate verification doesn't work on Mountain Lion (OS X 10.8) so we need to use the old way in that version too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 and 10.11. Closes #802
-
Cory Benfield authored
curl's representation of HTTP/2 responses involves transforming the response to a format that is similar to HTTP/1.1. Prior to this change, curl would do this by separating header names and values with only a colon, without introducing a space after the colon. While this is technically a valid way to represent a HTTP/1.1 header block, it is much more common to see a space following the colon. This change introduces that space, to ensure that incautious tools are safely able to parse the header block. This also ensures that the difference between the HTTP/1.1 and HTTP/2 response layout is as minimal as possible. Bug: https://github.com/curl/curl/issues/797 Closes #798 Fixes #797
-
Kamil Dudka authored
... introduced in curl-7_48_0-293-g2968c839: Error: COMPILER_WARNING: lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’ lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’ may alter its value [-Wconversion]
-
Jay Satiro authored
- In the case of recv error, limit returning 'connection still in place' to EINPROGRESS, EAGAIN and EWOULDBLOCK. This is an improvement on the parent commit which changed the openssl connection check to use recv MSG_PEEK instead of SSL_peek. Ref: https://github.com/curl/curl/commit/856baf5#comments
-
- 10 May, 2016 1 commit
-
-
Anders Bakken authored
Calling SSL_peek can cause bytes to be read from the raw socket which in turn can upset the select machinery that determines whether there's data available on the socket. Since Curl_ossl_check_cxn only tries to determine whether the socket is alive and doesn't actually need to see the bytes SSL_peek seems like the wrong function to call. We're able to occasionally reproduce a connect timeout due to this bug. What happens is that Curl doesn't know to call SSL_connect again after the peek happens since data is buffered in the SSL buffer and thus select won't fire for this socket. Closes #795
-
- 09 May, 2016 1 commit
-
-
Daniel Stenberg authored
Only protocols that actually have a protocol registered for ALPN and NPN should try to get that negotiated in the TLS handshake. That is only HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN would wrongly be used in all handshakes if libcurl was built with it enabled. Reported-by: Jay Satiro Fixes #789
-
- 08 May, 2016 2 commits
-
-
Daniel Stenberg authored
-
Antonio Larrosa authored
Sometimes, in systems with both ipv4 and ipv6 addresses but where the network doesn't support ipv6, Curl_is_connected returns an error (intermittently) even if the ipv4 socket connects successfully. This happens because there's a for-loop that iterates on the sockets but the error variable is not resetted when the ipv4 is checked and is ok. This patch fixes this problem by setting error to 0 when checking the second socket and not having a result yet. Fixes #794
-
- 05 May, 2016 1 commit
-
-
Jay Satiro authored
-
- 03 May, 2016 1 commit
-
-
Daniel Stenberg authored
Reported-by: Oleg Pudeyev and fuchaoqun Fixes #648
-
- 02 May, 2016 5 commits
-
-
Daniel Stenberg authored
Reported-by: rcanavan Assisted-by: Isaac Boukris Closes #785
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Closes #727
-
- 01 May, 2016 6 commits
-
-
Daniel Stenberg authored
-
Isaac Boukris authored
Mention possible content-length mismatch with sum of bytes reported by write callbacks when auto decoding is enabled. See #785
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-