- Apr 19, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
... since apparently "BSD make" doesn't support it. Reported-by: Thomas Klausner Fixes #1432
-
Daniel Stenberg authored
-
Daniel Stenberg authored
-
- Apr 18, 2017
-
-
Marcel Raad authored
This fixes 3 warnings issued by MinGW: 1. PR_ImportTCPSocket actually has a paramter of type PROsfd instead of PRInt32, which is 64 bits on Windows. Fixed this by including the corresponding header file instead of redeclaring the function, which is supported even though it is in the private include folder. [1] 2. In 64-bit mode, size_t is 64 bits while CK_ULONG is 32 bits, so an explicit narrowing cast is needed. 3. Curl_timeleft returns time_t instead of long since commit 21aa32d3. [1] https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSPR/Reference/PR_ImportTCPSocket Closes https://github.com/curl/curl/pull/1393
-
Jay Satiro authored
Move the sessionid flag to ssl_primary_config so that ssl and proxy_ssl will each have their own sessionid flag. Regression since HTTPS-Proxy support was added in cb4e2be7. Prior to that this issue had been fixed in 247d890d, CVE-2016-5419. Bug: https://github.com/curl/curl/issues/1341 Reported-by: <lijian996@users.noreply.github.com> The new incarnation of this bug is called CVE-2017-7468 and is documented here: https://curl.haxx.se/docs/adv_20170419.html
-
- Apr 17, 2017
-
-
David Benjamin authored
X.509 certificates carry public keys, not private keys. Fields corresponding to the private half of the key will always be NULL. Closes #1425
-
David Benjamin authored
ERR_error_string with NULL parameter is not thread-safe. The library writes the string into some static buffer. Two threads doing this at once may clobber each other and run into problems. Switch to ERR_error_string_n which avoids this problem and is explicitly bounds-checked. Also clean up some remnants of OpenSSL 0.9.5 around here. A number of comments (fixed buffer size, explaining that ERR_error_string_n was added in a particular version) date to when ossl_strerror tried to support pre-ERR_error_string_n OpenSSLs. Closes #1424
-
David Benjamin authored
Rather than making assumptions about the values, use a switch-case. Closes #1424
-
Daniel Gustafsson authored
A few random typos, and minor whitespace cleanups, found in comments while reading code. Closes #1423
-
Marcel Raad authored
This makes test 1135 pass with CRLF checkouts. Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 Closes https://github.com/curl/curl/pull/1422
-
Marcel Raad authored
Ignore everything after the version numbers in LIBCURL_VERSION and LIBCURL_VERSION_NUM to ged rid of the extra CR character. This makes tests 1022 and 1023 pass on Linux with a CRLF checkout. Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 Closes https://github.com/curl/curl/pull/1422
-
Marcel Raad authored
Bash on Linux errors out on CR characters. This makes tests 1221 and 1222 pass on Linux with a CRLF checkout. Ref: https://github.com/curl/curl/pull/1344#issuecomment-289243166 Closes https://github.com/curl/curl/pull/1422
-
- Apr 16, 2017
-
-
Marcel Raad authored
MinGW-w64 complains: warning: conversion to 'long int' from 'time_t {aka long long int}' may alter its value [-Wconversion] Fix this by using the correct type.
-
Daniel Stenberg authored
-
- Apr 15, 2017
-
-
Larry Stefani authored
Add missing newhandle free call in push_promise(). Closes #1416
-
Larry Stefani authored
Add missing our_ssl_sessionid free call in mbed_connect_step3(). Closes #1417
-
Marcel Raad authored
This adds -Werror-implicit-function-declaration for GCC 2.95+ so that these errors are visible at the point where they occur instead of only at link time. Implicit function declarations are illegal in C99 and C++ anyway, and the same warning has been turned into an error for ICC in commit 3072c5b8. Ref: https://gcc.gnu.org/onlinedocs/gcc-2.95.2/gcc_2.html#SEC8 Ref: https://curl.haxx.se/mail/lib-2017-04/0001.html Closes https://github.com/curl/curl/pull/1419
-
- Apr 12, 2017
-
-
Marcel Raad authored
Ref: https://github.com/curl/curl/issues/1408 Closes https://github.com/curl/curl/pull/1412
-
Marcel Raad authored
Follow-up to aa573c3c Ref: https://github.com/curl/curl/pull/1406
-
- Apr 11, 2017
-
-
Daniel Stenberg authored
If the existing timer is still in there but has expired, the new timer should be added. Reported-by: Rainer Canavan Bug: https://curl.haxx.se/mail/lib-2017-04/0030.html Closes #1407
-
Daniel Stenberg authored
Reported-by: Marcel Raad Fixes #1408 Closes #1409
-
Marcel Raad authored
ssl_session_init was only introduced in version 1.3.8, the penultimate version. The function only contains a memset, so replace it with that. Suggested-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1401
-
Marcel Raad authored
The POSIX standard location is <poll.h>. Using <sys/poll.h> results in warning spam when using the musl standard library. Closes https://github.com/curl/curl/pull/1406
-
- Apr 10, 2017
-
-
Alexis La Goutte authored
Closes #1402
-
Kamil Dudka authored
... because they may include an intermediate certificate for a client certificate and the intermediate certificate needs to be presented to the server, no matter if we verify the peer or not. Reported-by: thraidh Closes #851
-
Daniel Stenberg authored
-
Dan Fandrich authored
-
- Apr 09, 2017
-
-
Daniel Stenberg authored
Reported-by: Alex Bligh Bug: https://curl.haxx.se/mail/lib-2017-04/0044.html
-
- Apr 08, 2017
-
-
Daniel Stenberg authored
Issues and PRs with no activity for 180 days will get marked as stale, and if no further activity happens within 14 more days, the issue gets closed. This follows our established policy of not letting stalled bugs "get in the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugs Closes #1398
-
Jay Satiro authored
- Change documented param type to char ** from incorrect long *.
-
Marcel Raad authored
--without-ssl is needed instead of --with-winssl.
-
Marcel Raad authored
... by moving the variables into the correct #ifdef block.
-
- Apr 07, 2017
-
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Closes #1397
-
Marcel Raad authored
When UNICODE is not defined, the Curl_convert_UTF8_to_tchar macro maps directly to its argument. As it is declared as a pointer to const and InitializeSecurityContext expects a pointer to non-const, both MSVC and MinGW issue a warning about implicitly casting away the const. Fix this by declaring the variables as pointers to non-const. Closes https://github.com/curl/curl/pull/1394
-
Isaac Boukris authored
Reported-by: Carsten (talksinmath) Fixes #1384 Closes #1395
-
- Apr 06, 2017
-
-
Marcel Raad authored
Curl_timeleft returns time_t instead of long since commit 21aa32d3.
-
Daniel Stenberg authored
-
Daniel Stenberg authored
Previously, periods of fast speed between periods of slow speed would not count and could still erroneously trigger a timeout. Reported-by: Paul Harris Fixes #1345 Closes #1390
-