Skip to content
  1. Jan 15, 2013
  2. Jan 11, 2013
    • Kamil Dudka's avatar
      nss: clear session cache if a client cert from file is used · b36f1d26
      Kamil Dudka authored
      This commit fixes a regression introduced in 052a08ff.
      
      NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
      and if we connect second time to the same server, the cached cert/key
      pair is used.  If we use multiple client certificates for different
      paths on the same server, we need to clear the session cache to force
      NSS to call the hook again.  The commit 052a08ff prevented the session
      cache from being cleared if a client certificate from file was used.
      
      The condition is now fixed to cover both cases: consssl->client_nickname
      is not NULL if a client certificate from the NSS database is used and
      connssl->obj_clicert is not NULL if a client certificate from file is
      used.
      
      Review by: Kai Engert
      b36f1d26
  3. Jan 08, 2013
    • Yang Tse's avatar
      build: fix circular header inclusion with other packages · 5a053ffe
      Yang Tse authored
      This commit renames lib/setup.h to lib/curl_setup.h and
      renames lib/setup_once.h to lib/curl_setup_once.h.
      
      Removes the need and usage of a header inclusion guard foreign
      to libcurl. [1]
      
      Removes the need and presence of an alarming notice we carried
      in old setup_once.h [2]
      
      ----------------------------------------
      
      1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
          up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
          this single inclusion guard is enough to ensure that inclusion of
          lib/setup_once.h done from lib/setup.h is only done once.
      
          Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
          protect inclusion of setup_once.h even after commit ec691ca3, this
          was to avoid a circular header inclusion triggered when building a
          c-ares enabled version with c-ares sources available which also has
          a setup_once.h header. Commit ec691ca3 exposes the real nature of
          __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
          foreign to libcurl belonging to c-ares's setup_once.h
      
          The renaming this commit does, fixes the circular header inclusion,
          and as such removes the need and usage of a header inclusion guard
          foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.
      
      2 - Due to the circular interdependency of old lib/setup_once.h and the
          c-ares setup_once.h header, old file lib/setup_once.h has carried
          back from 2006 up to now days an alarming and prominent notice about
          the need of keeping libcurl's and c-ares's setup_once.h in sync.
      
          Given that this commit fixes the circular interdependency, the need
          and presence of mentioned notice is removed.
      
          All mentioned interdependencies come back from now old days when
          the c-ares project lived inside a curl subdirectory. This commit
          removes last traces of such fact.
      5a053ffe
  4. Jan 06, 2013
    • Yang Tse's avatar
      Revert changes relative to lib/*.[ch] recent renaming · 4a5aa668
      Yang Tse authored
      This reverts renaming and usage of lib/*.h header files done
      28-12-2012, reverting 2 commits:
      
        f871de00... build: make use of 76 lib/*.h renamed files
        ffd8e127... build: rename 76 lib/*.h files
      
      This also reverts removal of redundant include guard (redundant thanks
      to changes in above commits) done 2-12-2013, reverting 1 commit:
      
        c087374c... curl_setup.h: remove redundant include guard
      
      This also reverts renaming and usage of lib/*.c source files done
      3-12-2013, reverting 3 commits:
      
        13606bbf... build: make use of 93 lib/*.c renamed files
        5b6e7927... build: rename 93 lib/*.c files
        7d83dfff... build: commit 13606bbf follow-up 1
      
      Start of related discussion thread:
      
        http://curl.haxx.se/mail/lib-2013-01/0012.html
      
      Asking for confirmation on pushing this revertion commit:
      
        http://curl.haxx.se/mail/lib-2013-01/0048.html
      
      Confirmation summary:
      
        http://curl.haxx.se/mail/lib-2013-01/0079.html
      
      NOTICE: The list of 2 files that have been modified by other
      intermixed commits, while renamed, and also by at least one
      of the 6 commits this one reverts follows below. These 2 files
      will exhibit a hole in history unless git's '--follow' option
      is used when viewing logs.
      
        lib/curl_imap.h
        lib/curl_smtp.h
      4a5aa668
  5. Jan 03, 2013
    • Yang Tse's avatar
      build: rename 93 lib/*.c files · 5b6e7927
      Yang Tse authored
      93 lib/*.c source files renamed to use our standard naming scheme.
      
      This commit only does the file renaming.
      
      ----------------------------------------
      
        renamed:    lib/amigaos.c -> lib/curl_amigaos.c
        renamed:    lib/asyn-ares.c -> lib/curl_asyn_ares.c
        renamed:    lib/asyn-thread.c -> lib/curl_asyn_thread.c
        renamed:    lib/axtls.c -> lib/curl_axtls.c
        renamed:    lib/base64.c -> lib/curl_base64.c
        renamed:    lib/bundles.c -> lib/curl_bundles.c
        renamed:    lib/conncache.c -> lib/curl_conncache.c
        renamed:    lib/connect.c -> lib/curl_connect.c
        renamed:    lib/content_encoding.c -> lib/curl_content_encoding.c
        renamed:    lib/cookie.c -> lib/curl_cookie.c
        renamed:    lib/cyassl.c -> lib/curl_cyassl.c
        renamed:    lib/dict.c -> lib/curl_dict.c
        renamed:    lib/easy.c -> lib/curl_easy.c
        renamed:    lib/escape.c -> lib/curl_escape.c
        renamed:    lib/file.c -> lib/curl_file.c
        renamed:    lib/fileinfo.c -> lib/curl_fileinfo.c
        renamed:    lib/formdata.c -> lib/curl_formdata.c
        renamed:    lib/ftp.c -> lib/curl_ftp.c
        renamed:    lib/ftplistparser.c -> lib/curl_ftplistparser.c
        renamed:    lib/getenv.c -> lib/curl_getenv.c
        renamed:    lib/getinfo.c -> lib/curl_getinfo.c
        renamed:    lib/gopher.c -> lib/curl_gopher.c
        renamed:    lib/gtls.c -> lib/curl_gtls.c
        renamed:    lib/hash.c -> lib/curl_hash.c
        renamed:    lib/hmac.c -> lib/curl_hmac.c
        renamed:    lib/hostasyn.c -> lib/curl_hostasyn.c
        renamed:    lib/hostcheck.c -> lib/curl_hostcheck.c
        renamed:    lib/hostip.c -> lib/curl_hostip.c
        renamed:    lib/hostip4.c -> lib/curl_hostip4.c
        renamed:    lib/hostip6.c -> lib/curl_hostip6.c
        renamed:    lib/hostsyn.c -> lib/curl_hostsyn.c
        renamed:    lib/http.c -> lib/curl_http.c
        renamed:    lib/http_chunks.c -> lib/curl_http_chunks.c
        renamed:    lib/http_digest.c -> lib/curl_http_digest.c
        renamed:    lib/http_negotiate.c -> lib/curl_http_negotiate.c
        renamed:    lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
        renamed:    lib/http_proxy.c -> lib/curl_http_proxy.c
        renamed:    lib/idn_win32.c -> lib/curl_idn_win32.c
        renamed:    lib/if2ip.c -> lib/curl_if2ip.c
        renamed:    lib/imap.c -> lib/curl_imap.c
        renamed:    lib/inet_ntop.c -> lib/curl_inet_ntop.c
        renamed:    lib/inet_pton.c -> lib/curl_inet_pton.c
        renamed:    lib/krb4.c -> lib/curl_krb4.c
        renamed:    lib/krb5.c -> lib/curl_krb5.c
        renamed:    lib/ldap.c -> lib/curl_ldap.c
        renamed:    lib/llist.c -> lib/curl_llist.c
        renamed:    lib/md4.c -> lib/curl_md4.c
        renamed:    lib/md5.c -> lib/curl_md5.c
        renamed:    lib/memdebug.c -> lib/curl_memdebug.c
        renamed:    lib/mprintf.c -> lib/curl_mprintf.c
        renamed:    lib/multi.c -> lib/curl_multi.c
        renamed:    lib/netrc.c -> lib/curl_netrc.c
        renamed:    lib/non-ascii.c -> lib/curl_non_ascii.c
        renamed:    lib/curl_non-ascii.h -> lib/curl_non_ascii.h
        renamed:    lib/nonblock.c -> lib/curl_nonblock.c
        renamed:    lib/nss.c -> lib/curl_nss.c
        renamed:    lib/nwlib.c -> lib/curl_nwlib.c
        renamed:    lib/nwos.c -> lib/curl_nwos.c
        renamed:    lib/openldap.c -> lib/curl_openldap.c
        renamed:    lib/parsedate.c -> lib/curl_parsedate.c
        renamed:    lib/pingpong.c -> lib/curl_pingpong.c
        renamed:    lib/polarssl.c -> lib/curl_polarssl.c
        renamed:    lib/pop3.c -> lib/curl_pop3.c
        renamed:    lib/progress.c -> lib/curl_progress.c
        renamed:    lib/qssl.c -> lib/curl_qssl.c
        renamed:    lib/rawstr.c -> lib/curl_rawstr.c
        renamed:    lib/rtsp.c -> lib/curl_rtsp.c
        renamed:    lib/security.c -> lib/curl_security.c
        renamed:    lib/select.c -> lib/curl_select.c
        renamed:    lib/sendf.c -> lib/curl_sendf.c
        renamed:    lib/share.c -> lib/curl_share.c
        renamed:    lib/slist.c -> lib/curl_slist.c
        renamed:    lib/smtp.c -> lib/curl_smtp.c
        renamed:    lib/socks.c -> lib/curl_socks.c
        renamed:    lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
        renamed:    lib/socks_sspi.c -> lib/curl_socks_sspi.c
        renamed:    lib/speedcheck.c -> lib/curl_speedcheck.c
        renamed:    lib/splay.c -> lib/curl_splay.c
        renamed:    lib/ssh.c -> lib/curl_ssh.c
        renamed:    lib/sslgen.c -> lib/curl_sslgen.c
        renamed:    lib/ssluse.c -> lib/curl_ssluse.c
        renamed:    lib/strdup.c -> lib/curl_strdup.c
        renamed:    lib/strequal.c -> lib/curl_strequal.c
        renamed:    lib/strerror.c -> lib/curl_strerror.c
        renamed:    lib/strtok.c -> lib/curl_strtok.c
        renamed:    lib/strtoofft.c -> lib/curl_strtoofft.c
        renamed:    lib/telnet.c -> lib/curl_telnet.c
        renamed:    lib/tftp.c -> lib/curl_tftp.c
        renamed:    lib/timeval.c -> lib/curl_timeval.c
        renamed:    lib/transfer.c -> lib/curl_transfer.c
        renamed:    lib/url.c -> lib/curl_url.c
        renamed:    lib/version.c -> lib/curl_version.c
        renamed:    lib/warnless.c -> lib/curl_warnless.c
        renamed:    lib/wildcard.c -> lib/curl_wildcard.c
      
      ----------------------------------------
      5b6e7927
    • Yang Tse's avatar
      build: make use of 93 lib/*.c renamed files · 13606bbf
      Yang Tse authored
      93 *.c source files renamed to use our standard naming scheme.
      
      This change affects 77 files in libcurl's source tree.
      13606bbf
  6. Dec 28, 2012
  7. Dec 14, 2012
  8. Dec 03, 2012
    • Kamil Dudka's avatar
      nss: prevent NSS from crashing on client auth hook failure · 68d2830e
      Kamil Dudka authored
      Although it is not explicitly stated in the documentation, NSS uses
      *pRetCert and *pRetKey even if the client authentication hook returns
      a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
      afterwards, NSS destroys the certificate once again, which causes a
      double free.
      
      Reported by: Bob Relyea
      68d2830e
  9. Nov 06, 2012
    • Daniel Stenberg's avatar
      CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value · da82f59b
      Daniel Stenberg authored
      After a research team wrote a document[1] that found several live source
      codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
      option thinking it was a boolean, this change now bans 1 as a value and
      will make libcurl return error for it.
      
      1 was never a sensible value to use in production but was introduced
      back in the days to help debugging. It was always documented clearly
      this way.
      
      1 was never supported by all SSL backends in libcurl, so this cleanup
      makes the treatment of it unified.
      
      The report's list of mistakes for this option were all PHP code and
      while there's a binding layer between libcurl and PHP, the PHP team has
      decided that they have an as thin layer as possible on top of libcurl so
      they will not alter or specifically filter a 'TRUE' value for this
      particular option. I sympathize with that position.
      
      [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
      da82f59b
  10. Sep 11, 2012
  11. Aug 10, 2012
  12. Aug 09, 2012
  13. Jun 28, 2012
  14. Jun 26, 2012
  15. May 28, 2012
  16. May 25, 2012
  17. Apr 16, 2012
  18. Apr 13, 2012
  19. Feb 09, 2012
  20. Oct 17, 2011
  21. Sep 03, 2011
  22. Aug 15, 2011
  23. Jul 26, 2011
  24. Apr 27, 2011
  25. Apr 19, 2011
  26. Apr 08, 2011
  27. Apr 04, 2011
  28. Mar 15, 2011
    • Kamil Dudka's avatar
      nss: do not ignore value of CURLOPT_SSL_VERIFYPEER · 806dbb02
      Kamil Dudka authored
      When NSS-powered libcurl connected to a SSL server with
      CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
      certificate was accepted by libcurl and did not ask the second time when
      connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.
      
      This patch turns off the SSL session cache for the particular SSL socket
      if peer verification is disabled.  In order to avoid any performance
      impact, the peer verification is completely skipped in that case, which
      makes it even faster than before.
      
      Bug: https://bugzilla.redhat.com/678580
      806dbb02
  29. Feb 22, 2011
  30. Feb 17, 2011
  31. Feb 16, 2011