Skip to content
  1. Feb 02, 2016
  2. Feb 01, 2016
  3. Jan 29, 2016
  4. Jan 28, 2016
  5. Jan 27, 2016
  6. Jan 26, 2016
  7. Jan 25, 2016
  8. Jan 24, 2016
  9. Jan 21, 2016
  10. Jan 18, 2016
    • Jay Satiro's avatar
      mbedtls: Fix pinned key return value on fail · d58ba66e
      Jay Satiro authored
      - Switch from verifying a pinned public key in a callback during the
      certificate verification to inline after the certificate verification.
      
      The callback method had three problems:
      
      1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
      was not returned.
      
      2. If peer certificate verification was disabled the pinned key
      verification did not take place as it should.
      
      3. (related to #2) If there was no certificate of depth 0 the callback
      would not have checked the pinned public key.
      
      Though all those problems could have been fixed it would have made the
      code more complex. Instead we now verify inline after the certificate
      verification in mbedtls_connect_step2.
      
      Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
      Ref: https://github.com/bagder/curl/pull/601
      d58ba66e
    • Jay Satiro's avatar
      tests: Add a test for pinnedpubkey fail even when insecure · d5663711
      Jay Satiro authored
      Because disabling the peer verification (--insecure) must not disable
      the public key pinning check (--pinnedpubkey).
      d5663711
  11. Jan 17, 2016
  12. Jan 15, 2016
  13. Jan 14, 2016
  14. Jan 13, 2016
  15. Jan 12, 2016
    • Daniel Stenberg's avatar
      configure: assume IPv6 works when cross-compiled · 4bed87f8
      Daniel Stenberg authored
      The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
      works, and testing like that doesn't work for cross-compiles. These days
      IPv6 support is widespread so a blind guess is probably more likely to
      be 'yes' than 'no' now.
      
      Further: anyone who cross-compiles can use configure's --disable-ipv6 to
      explicitly disable IPv6 and that also works for cross-compiles.
      
      Made happen after discussions in issue #594
      4bed87f8
  16. Jan 11, 2016
  17. Jan 10, 2016