Commits · f19ace8d33e468969d3329e6bb17d6c032147e91 · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

Jan 27, 2011
- nss: avoid memory leaks and failure of NSS shutdown · dc0a7161
  Kamil Dudka authored Jan 27, 2011
```
... in case more than one CA is loaded.

Bug: https://bugzilla.redhat.com/670802
```
  dc0a7161
Jan 18, 2011

nss: fix a bug in handling of CURLOPT_CAPATH · fc77790b

Kamil Dudka authored Jan 18, 2011

... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702

fc77790b

Jan 04, 2011
- Curl_timeleft: s/conn/data in first argument · adb49ad8
  Daniel Stenberg authored Jan 04, 2011
```
As the function doesn't really use the connectdata struct but only the
SessionHanadle struct I modified what argument it wants.
```
  adb49ad8
- nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash · d8f6d1c3
  Kamil Dudka authored Jan 04, 2011
```
Bug: https://bugzilla.redhat.com/623663
```
  d8f6d1c3
Jan 02, 2011

Curl_nss_connect: avoid PATH_MAX · 2b3fbc8c

Daniel Stenberg authored Jan 02, 2011

Since some systems don't have PATH_MAX and it isn't that clever to
assume a fixed maximum path length, the code now allocates buffer space
instead of using stack.

Reported by: Samuel Thibault
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608521

2b3fbc8c

Jun 30, 2010

http_ntlm: add support for NSS · f3b77e56

Kamil Dudka authored Jun 27, 2010

When configured with '--without-ssl --with-nss', NTLM authentication
now uses NSS crypto library for MD5 and DES. For MD4 we have a local
implementation in that case. More details are available at
https://bugzilla.redhat.com/603783

In order to get it working, curl_global_init() must be called with
CURL_GLOBAL_SSL or CURL_GLOBAL_ALL. That's necessary because NSS needs
to be initialized globally and we do so only when the NSS library is
actually required by protocol. The mentioned call of curl_global_init()
is responsible for creating of the initialization mutex.

There was also slightly changed the NSS initialization scenario, in
particular, loading of the NSS PEM module. It used to be loaded always
right after the NSS library was initialized. Now the library is
initialized as soon as any SSL or NTLM is required, while the PEM module
is prevented from being loaded until the SSL is actually required.

f3b77e56

May 11, 2010
- sendrecv: make them two pairs of send/recv to properly deal with FTPS · bc8fc980
  Howard Chu authored May 11, 2010
```
FTP(S) use two connections that can be set to different recv and
send functions independently, so by introducing recv+send pairs
in the same manner we already have sockets/connections we can
work with FTPS fine.

This commit fixes the FTPS regression introduced in change d64bd82b.
```
  bc8fc980
- nss: make it possible to read ASCII and DER CRL · 3e759f4f
  Kamil Dudka authored May 11, 2010
  
  3e759f4f
- nss: add CRL to cache instead of read-only NSS db · 2e8b2183
  Kamil Dudka authored May 11, 2010
  
  2e8b2183
May 07, 2010

sendrecv: split the I/O handling into private handler · d64bd82b

Howard Chu authored May 07, 2010

Howard Chu brought the bulk work of this patch that properly
moves out the sending and recving of data to the parts of the
code that are properly responsible for the various ways of doing
so.

Daniel Stenberg assisted with polishing a few bits and fixed some
minor flaws in the original patch.

Another upside of this patch is that we now abuse CURLcodes less
with the "magic" -1 return codes and instead use CURLE_AGAIN more
consistently.

d64bd82b

Apr 24, 2010
- nss: fix SSL handshake timeout underflow · 82e9b78a
  Kamil Dudka authored Apr 24, 2010
  
  82e9b78a
Apr 06, 2010
- nss: handle client certificate related errors · ef1ac363
  Kamil Dudka authored Apr 06, 2010
  
  ef1ac363
Apr 04, 2010
- refactorize interface of Curl_ssl_recv/Curl_ssl_send · ff871113
  Kamil Dudka authored Apr 04, 2010
  
  ff871113
Mar 31, 2010
- fix compiler warning with a cast. · 7b913444
  Guenter Knauf authored Mar 31, 2010
  
  7b913444
Mar 24, 2010
- remove the CVSish $Id$ lines · 2309b4e3
  Daniel Stenberg authored Mar 24, 2010
  
  2309b4e3
Feb 17, 2010
- use curl standard indentation and line lengths · 23bab783
  Daniel Stenberg authored Feb 17, 2010
  
  23bab783
Dec 02, 2009
- lib/nss.c: avoid use of uninitialized value · fb2425b1
  Kamil Dudka authored Dec 02, 2009
  
  fb2425b1
Nov 12, 2009

- libcurl-NSS now tries to reconnect with TLS disabled in case it detects · 571309dc

Kamil Dudka authored Nov 12, 2009

  a broken TLS server. However it does not happen if SSL version is selected
  manually. The approach was originally taken from PSM. Kaspar Brand helped me
  to complete the patch. Original bug reports:
  https://bugzilla.redhat.com/525496
  https://bugzilla.redhat.com/527771

571309dc

- Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly · d547d00f

Kamil Dudka authored Nov 12, 2009

  closed NSPR descriptor. The issue was hard to find, reported several times
  before and always closed unresolved. More info at the RH bug:
  https://bugzilla.redhat.com/534176

d547d00f

Nov 05, 2009
- - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works · 676e0c28
  Kamil Dudka authored Nov 05, 2009
```
  in non-blocking mode.
```
  676e0c28
Oct 28, 2009

Since the NSS lib closes the socket the memory tracking system wrongly gets a · 6a79b0e8

Daniel Stenberg authored Oct 28, 2009

false positive on a leaked socket, so this introduces a way to tell the system
that the socket is indeed closed without explicitly closing it!

6a79b0e8

Oct 18, 2009
- - Kevin Baughman found a double close() problem with libcurl-NSS, as when · 167a9281
  Daniel Stenberg authored Oct 18, 2009
```
  libcurl called NSS to close the SSL "session" it also closed the actual
  socket.
```
  167a9281
Oct 07, 2009
- fix gcc warnings in lib/nss.c · b38e28b6
  Kamil Dudka authored Oct 07, 2009
  
  b38e28b6
Sep 21, 2009

added support for new SQLite cert database format: added a runtime check for... · 9448659f

Guenter Knauf authored Sep 21, 2009

added support for new SQLite cert database format: added a runtime check for version 3.12.0, and depending on the result add 'sql:' prefix to cert database directory so that newer SQLIte database format works.

9448659f

added aditional check for the directory specified with SSL_DIR, and fall back... · 40027148
Guenter Knauf authored Sep 21, 2009
```
added aditional check for the directory specified with SSL_DIR, and fall back to hardcoded directory if not a valid directory.
```
40027148

Sep 08, 2009
- added debug output for NSS certpath. · 5d4a1e24
  Guenter Knauf authored Sep 08, 2009
  
  5d4a1e24
Sep 06, 2009
- added casts to silent compiler warning on 64bit systems. · 5e379634
  Guenter Knauf authored Sep 06, 2009
  
  5e379634
- use our define struct_stat to be compatible with largefile support. · 56a161e0
  Guenter Knauf authored Sep 06, 2009
  
  56a161e0
- added base64.h include to silent warnings about missing prototype for ATOB_ConvertAsciiToItem. · 2786ecae
  Guenter Knauf authored Sep 06, 2009
  
  2786ecae
Aug 28, 2009
- - Improved error message for not matching certificate subject name in · 1a255e0e
  Kamil Dudka authored Aug 28, 2009
```
  libcurl-NSS. Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9
```
  1a255e0e
Aug 13, 2009
- - Changed NSS code to not ignore the value of ssl.verifyhost and produce more · 6293fe98
  Kamil Dudka authored Aug 13, 2009
```
  verbose error messages. Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=516056
```
  6293fe98
Jul 20, 2009

- Claes Jakobsson improved the support for client certificates handling · 5f0cae80

Kamil Dudka authored Jul 20, 2009

  in NSS-powered libcurl. Now the client certificates can be selected
  automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
  slots is no more performed. It used to cause problems with HW tokens.

- Fixed reference counting for NSS client certificates. Now the PEM reader
  module should be always properly unloaded on Curl_nss_cleanup(). If the unload
  fails though, libcurl will try to reuse the already loaded instance.

5f0cae80

Jun 08, 2009
- - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount · 3e0c067e
  Daniel Stenberg authored Jun 08, 2009
```
  issue with client certs that caused issues like segfaults.
  http://curl.haxx.se/mail/lib-2009-05/0316.html
```
  3e0c067e
May 28, 2009
- Fixed a few comment typos (from the FreeBSD ports) · 15eaf27b
  Dan Fandrich authored May 28, 2009
  
  15eaf27b
May 27, 2009
- - Claes Jakobsson fixed libcurl-NSS to build fine even without the · 0bf9c1e8
  Daniel Stenberg authored May 27, 2009
```
  PK11_CreateGenericObject() function.
```
  0bf9c1e8
May 11, 2009

- Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth · 6e1632c6

Daniel Stenberg authored May 11, 2009

at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12

If an incorrect password is given while loading a private key, libcurl ends
up in an infinite loop consuming memory. The bug is critical.

6e1632c6

Apr 24, 2009
- - Kamil Dudka fixed another NSS-related leak when client certs were used. · 828a2628
  Daniel Stenberg authored Apr 24, 2009
  
  828a2628
Apr 21, 2009
- libcurl's memory.h renamed to curl_memory.h · 33a3753c
  Yang Tse authored Apr 21, 2009
  
  33a3753c
Apr 14, 2009
- Kamil Dudka's follow-up fix · 97f27ea5
  Daniel Stenberg authored Apr 14, 2009
  
  97f27ea5
Apr 13, 2009

- Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned · 235c0077

Daniel Stenberg authored Apr 13, 2009

  out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
  is found in Redhat's bug tracker:
  https://bugzilla.redhat.com/show_bug.cgi?id=453612

  There are still memory leaks present, but they seem to have other reasons.

235c0077