Skip to content
  1. Jun 04, 2016
  2. Jun 01, 2016
    • Viktor Szakats's avatar
      makefile.m32: add crypt32 for winssl builds · 55ab64ed
      Viktor Szakats authored
      Dependency added by 6cabd785
      
      Closes #849
      55ab64ed
    • Ivan Avdeev's avatar
      vtls: fix ssl session cache race condition · 31c521b0
      Ivan Avdeev authored
      Sessionid cache management is inseparable from managing individual
      session lifetimes. E.g. for reference-counted sessions (like those in
      SChannel and OpenSSL engines) every session addition and removal
      should be accompanied with refcount increment and decrement
      respectively. Failing to do so synchronously leads to a race condition
      that causes symptoms like use-after-free and memory corruption.
      This commit:
       - makes existing session cache locking explicit, thus allowing
         individual engines to manage lock's scope.
       - fixes OpenSSL and SChannel engines by putting refcount management
         inside this lock's scope in relevant places.
       - adds these explicit locking calls to other engines that use
         sessionid cache to accommodate for this change. Note, however,
         that it is unknown whether any of these engines could also have
         this race.
      
      Bug: https://github.com/curl/curl/issues/815
      Fixes #815
      Closes #847
      31c521b0
    • Andrew Kurushin's avatar
      schannel: add CURLOPT_CERTINFO support · 6cabd785
      Andrew Kurushin authored
      Closes #822
      6cabd785
  3. May 31, 2016
  4. May 30, 2016
  5. May 28, 2016
  6. May 24, 2016
  7. May 23, 2016
  8. May 20, 2016
  9. May 19, 2016
  10. May 18, 2016
  11. May 17, 2016
  12. May 16, 2016
  13. May 14, 2016
    • Daniel Stenberg's avatar
      ftp wildcard: segfault due to init only in multi_perform · cba96213
      Daniel Stenberg authored
      The proper FTP wildcard init is now more properly done in Curl_pretransfer()
      and the corresponding cleanup in Curl_close().
      
      The previous place of init/cleanup code made the internal pointer to be NULL
      when this feature was used with the multi_socket() API, as it was made within
      the curl_multi_perform() function.
      
      Reported-by: Jonathan Cardoso Machado
      Fixes #800
      cba96213
  14. May 13, 2016
  15. May 12, 2016
    • Jay Satiro's avatar
      mprintf: Fix processing of width and prec args · 68701e51
      Jay Satiro authored
      Prior to this change a width arg could be erroneously output, and also
      width and precision args could not be used together without crashing.
      
      "%0*d%s", 2, 9, "foo"
      
      Before: "092"
      After: "09foo"
      
      "%*.*s", 5, 2, "foo"
      
      Before: crash
      After: "   fo"
      
      Test 557 is updated to verify this and more
      68701e51
    • Michael Kaufmann's avatar
      ConnectionExists: follow-up fix for proxy re-use · 117a0ffe
      Michael Kaufmann authored
      Follow-up commit to 58231795
      
      Closes #648
      117a0ffe
    • Per Malmberg's avatar
      darwinssl: fix certificate verification disable on OS X 10.8 · 3cf33990
      Per Malmberg authored
      The new way of disabling certificate verification doesn't work on
      Mountain Lion (OS X 10.8) so we need to use the old way in that version
      too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2
      and 10.11.
      
      Closes #802
      3cf33990
    • Cory Benfield's avatar
      http2: Add space between colon and header value · 0761a51e
      Cory Benfield authored
      curl's representation of HTTP/2 responses involves transforming the
      response to a format that is similar to HTTP/1.1. Prior to this change,
      curl would do this by separating header names and values with only a
      colon, without introducing a space after the colon.
      
      While this is technically a valid way to represent a HTTP/1.1 header
      block, it is much more common to see a space following the colon. This
      change introduces that space, to ensure that incautious tools are safely
      able to parse the header block.
      
      This also ensures that the difference between the HTTP/1.1 and HTTP/2
      response layout is as minimal as possible.
      
      Bug: https://github.com/curl/curl/issues/797
      
      Closes #798
      Fixes #797
      0761a51e
    • Kamil Dudka's avatar
      openssl: fix compile-time warning in Curl_ossl_check_cxn() · ea06ad2e
      Kamil Dudka authored
      ... introduced in curl-7_48_0-293-g2968c83:
      
      Error: COMPILER_WARNING:
      lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’
      lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’
      may alter its value [-Wconversion]
      ea06ad2e
    • Jay Satiro's avatar
      openssl: stricter connection check function · 2968c839
      Jay Satiro authored
      - In the case of recv error, limit returning 'connection still in place'
      to EINPROGRESS, EAGAIN and EWOULDBLOCK.
      
      This is an improvement on the parent commit which changed the openssl
      connection check to use recv MSG_PEEK instead of SSL_peek.
      
      Ref: https://github.com/curl/curl/commit/856baf5#comments
      2968c839
  16. May 10, 2016
    • Anders Bakken's avatar
      TLS: SSL_peek is not a const operation · 856baf5a
      Anders Bakken authored
      Calling SSL_peek can cause bytes to be read from the raw socket which in
      turn can upset the select machinery that determines whether there's data
      available on the socket.
      
      Since Curl_ossl_check_cxn only tries to determine whether the socket is
      alive and doesn't actually need to see the bytes SSL_peek seems like
      the wrong function to call.
      
      We're able to occasionally reproduce a connect timeout due to this
      bug. What happens is that Curl doesn't know to call SSL_connect again
      after the peek happens since data is buffered in the SSL buffer and thus
      select won't fire for this socket.
      
      Closes #795
      856baf5a
  17. May 09, 2016
    • Daniel Stenberg's avatar
      TLS: move the ALPN/NPN enable bits to the connection · f6767f54
      Daniel Stenberg authored
      Only protocols that actually have a protocol registered for ALPN and NPN
      should try to get that negotiated in the TLS handshake. That is only
      HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
      would wrongly be used in all handshakes if libcurl was built with it
      enabled.
      
      Reported-by: Jay Satiro
      
      Fixes #789
      f6767f54
  18. May 08, 2016
    • Antonio Larrosa's avatar
      connect: fix invalid "Network is unreachable" errors · ae8f6620
      Antonio Larrosa authored
      Sometimes, in systems with both ipv4 and ipv6 addresses but where the
      network doesn't support ipv6, Curl_is_connected returns an error
      (intermittently) even if the ipv4 socket connects successfully.
      
      This happens because there's a for-loop that iterates on the sockets but
      the error variable is not resetted when the ipv4 is checked and is ok.
      
      This patch fixes this problem by setting error to 0 when checking the
      second socket and not having a result yet.
      
      Fixes #794
      ae8f6620