In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number
of SecureTransport functions, some of which we were using. We now check
to see if the replacement functions are present, and if so, we use them
instead.  The old functions are still present for users of older
cats. Also fixed a build warning that started to appear under Mountain
Lion

Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket

For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types.

Removing this option as it currently only functions to lure people into
wrongly using it and falsely believing that libcurl will work fine
without using nonblocking sockets internally - which leads to hard to
track or understand errors.

"If this option is used several times, the last one will be used."
uniformity

Commit e351972b brought in the ssh agent support but some uses of
the libssh2 agent API was done unconditionally which wasn't good enough
since that API hasn't always been present.

... to please checksrc.pl

... and make the list of cipher-suites in nss.c readable by humans.

Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html

5 more bug fixes, one change, 6 contributors

CURLSSH_AUTH_AGENT is a new auth type for SSH

I am about to merge the first patch that adds changes into the pending
release, and thus we bump the minor number.

Fixed this (harmless) clang-analyzer warning. Also fixed the source
indentation level.

By reading the ->head pointer and using that instead of the ->size
number to figure out if there's a list remaining we avoid the (false
positive) clang-analyzer warning that we might dereference of a null
pointer.

I suspect this is a regression introduced in commit 207cf150, included
since 7.24.0.

Avoid showing '(nil)' as hostname in verbose output by making sure the
hostname fixup function is called early enough to set the pointers that
are used for this. The name data is set again for each request even for
re-used connections to handle multiple hostnames over the same
connection (like with proxy) or that the casing etc of the host name is
changed between requests (which has proven to be important at least once
in the past).

Test1011 was modified to use a redirect with a re-used a connection
since it then showed the bug and now lo longer does. There's currently
no easy way to have the test suite detect 'nil' texts in verbose ouputs
so no tests will detect if this problem gets reintroduced.

Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html
Reported by: Gisle Vanem

These are now addressed:

323 - patch - select.c / Curl_socket_check() interrupted

325 - Avoid leak of local device string when reusing connection

... and removal of trailing whitespace on a single line

Ensure that the copy of the CURLOPT_INTERFACE string is freed if we
decide we can reuse an existing connection.

This is the same fix applied for the conditional code that uses select()
that was already done for the poll specific code in commit
b61e8b81.

We found a problem with ftp transfer using libcurl (7.23 and 7.25)
inside an application which is receiving unix signals (SIGUSR1,
SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE
defined).

Curl_socket_check() uses poll() to wait for the socket, and retries it
when a signal is received (EINTR). However, if a signal is received and
it also happens that the timeout has been reached, Curl_socket_check()
returns -1 instead of 0 (indicating an error instead of a timeout).

In our case, the result is an aborted connection even before the ftp
banner is received from the server, and a return value of
CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(),
in pingpong.c, actually returns OOM if Curl_socket_check() fails :-)
Funny to debug on a system on which OOM is a possible cause).

Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html

bug #3544688 "crash during retry with libcurl and SFTP"

Due to WSAPoll bugs, libcurl does not work as intended. When the cURL
library is used to setup a connection to an incorrect port, normally the
result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll,
the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was
reached */.

On August 1, Jan Koen Annot opened a case for this to Microsoft Premier
Online (https://premier.microsoft.com/).  The support engineer handling
the case wrote that the case description is quite clear.  He will try to
reproduce the issue and then proceed with troubleshooting it.

Reported by: Jan Koen Annot
Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html

When figuring out if the data stream needs to be rewound when the
request is to be resent, we must not access the HTTP struct unless the
protocol used is indeed HTTP...

Bug: http://curl.haxx.se/bug/view.cgi?id=3544688

Braces, not parentheses, should be used for shell variable names.

Bug: http://curl.haxx.se/bug/view.cgi?id=3551460
Reported by: Edward Sheldrake

This fixes a build failure of lib/ssluse.c.

Bug: http://curl.haxx.se/bug/view.cgi?id=3552997

Stupid lack of range checks caused the code to overwrite local variables
after glob number nine. Added checks now.

Bug: http://curl.haxx.se/bug/view.cgi?id=3546353

Fix a bug where closed sockets (fd -1) were left in the all_sockets
list, because of missing parens in a pointer arithmetic expression

Reenable the tests that were locking up due to this bug.