Skip to content
  1. Sep 24, 2018
    • Daniel Stenberg's avatar
      openssl: load built-in engines too · e2dd435d
      Daniel Stenberg authored
      Regression since 38203f15
      
      Reported-by: Jean Fabrice
      Fixes #3023
      Closes #3040
      e2dd435d
    • Christian Heimes's avatar
      OpenSSL: enable TLS 1.3 post-handshake auth · b939bc47
      Christian Heimes authored
      OpenSSL 1.1.1 requires clients to opt-in for post-handshake
      authentication.
      
      Fixes: https://github.com/curl/curl/issues/3026
      
      
      Signed-off-by: default avatarChristian Heimes <christian@python.org>
      
      Closes https://github.com/curl/curl/pull/3027
      b939bc47
    • Even Rouault's avatar
      Curl_dedotdotify(): always nul terminate returned string. · 55b51b8c
      Even Rouault authored
      This fixes potential out-of-buffer access on "file:./" URL
      
      $ valgrind curl "file:./"
      ==24516== Memcheck, a memory error detector
      ==24516== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
      ==24516== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
      ==24516== Command: /home/even/install-curl-git/bin/curl file:./
      ==24516==
      ==24516== Conditional jump or move depends on uninitialised value(s)
      ==24516==    at 0x4C31F9C: strcmp (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==24516==    by 0x4EBB315: seturl (urlapi.c:801)
      ==24516==    by 0x4EBB568: parseurl (urlapi.c:861)
      ==24516==    by 0x4EBC509: curl_url_set (urlapi.c:1199)
      ==24516==    by 0x4E644C6: parseurlandfillconn (url.c:2044)
      ==24516==    by 0x4E67AEF: create_conn (url.c:3613)
      ==24516==    by 0x4E68A4F: Curl_connect (url.c:4119)
      ==24516==    by 0x4E7F0A4: multi_runsingle (multi.c:1440)
      ==24516==    by 0x4E808E5: curl_multi_perform (multi.c:2173)
      ==24516==    by 0x4E7558C: easy_transfer (easy.c:686)
      ==24516==    by 0x4E75801: easy_perform (easy.c:779)
      ==24516==    by 0x4E75868: curl_easy_perform (easy.c:798)
      
      Was originally spotted by
      https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10637
      Credit to OSS-Fuzz
      
      Closes #3039
      55b51b8c
  2. Sep 23, 2018
  3. Sep 22, 2018
  4. Sep 21, 2018
  5. Sep 20, 2018
  6. Sep 19, 2018
  7. Sep 18, 2018
  8. Sep 17, 2018
  9. Sep 16, 2018
  10. Sep 15, 2018
  11. Sep 14, 2018