Daniel Stenberg [Tue, 23 Oct 2007 21:00:51 +0000 (21:00 +0000)]
Bug report #1812190 (http://curl.haxx.se/bug/view.cgi?id=1812190) points out
that libcurl tried to re-use connections a bit too much when using non-SSL
protocols tunneled over a HTTP proxy.
Daniel Stenberg [Mon, 22 Oct 2007 15:05:35 +0000 (15:05 +0000)]
Michal Marek forwarded the bug report
https://bugzilla.novell.com/show_bug.cgi?id=332917 about a HTTP redirect to
FTP that caused memory havoc. His work together with my efforts created two
fixes:
#1 - FTP::file was moved to struct ftp_conn, because is has to be dealt with
at connection cleanup, at which time the struct HandleData could be
used by another connection.
Also, the unused char *urlpath member is removed from struct FTP.
#2 - provide a Curl_reset_reqproto() function that frees
data->reqdata.proto.* on connection setup if needed (that is if the
SessionHandle was used by a different connection).
Daniel Stenberg [Mon, 22 Oct 2007 09:25:45 +0000 (09:25 +0000)]
Bug report #1815530 (http://curl.haxx.se/bug/view.cgi?id=1815530) points out
that specifying a proxy with a trailing slash didn't work (unless it also
contained a port number).
Fix a bug where fallback from AF_INET6 to AF_INET would not work properly together with relative search; if you had a search path of .a.com and .b.com, and foo.a.com would return ARES_ENODATA and foo.b.com would return ARES_ENOTFOUND, the lookup would not properly retry with AF_INET as it forgot the first ARES_ENODATA.
Dan Fandrich [Mon, 15 Oct 2007 16:24:46 +0000 (16:24 +0000)]
Fix LDAP compile error when LDAP is not available.
Fixed a typo in the LDAP configure code and made sure NULL is defined
in a test programs that need it.
Daniel Stenberg [Tue, 9 Oct 2007 14:53:50 +0000 (14:53 +0000)]
Add a paragraph about CURLOPT_CUSTOMREQUEST not actually changing libcurl's
behavior, it only changes the actual request method keyword and this is not
always what the user/app wants.
Daniel Stenberg [Sun, 7 Oct 2007 08:28:03 +0000 (08:28 +0000)]
Known bug #47, which confused libcurl if doing NTLM auth over a proxy with
a response that was larger than 16KB is now improved slightly so that now
the restriction at 16KB is for the headers only and it should be a rare
situation where the response-headers exceed 16KB. Thus, I consider #47 fixed
and the header limitation is now known as known bug #48.
Daniel Stenberg [Fri, 5 Oct 2007 14:37:33 +0000 (14:37 +0000)]
Michael Wallner made the CULROPT_COOKIELIST option support a new magic
string: "FLUSH". Using that will cause libcurl to flush its cookies to the
CURLOPT_COOKIEJAR file.
Daniel Stenberg [Thu, 4 Oct 2007 10:01:41 +0000 (10:01 +0000)]
Kim Rinnewitz reported that --local-port didn't work with TFTP transfers.
This happened because the tftp code always uncondionally did a bind()
without caring if one already had been done and then it failed. I wrote a
test case (1009) to verify this, but it is a bit error-prone since it will
have to pick a fixed local port number and since the tests are run on so
many different hosts in different situations I add it in disabled state.
Daniel Stenberg [Wed, 3 Oct 2007 08:45:00 +0000 (08:45 +0000)]
Alexey Pesternikov introduced CURLOPT_OPENSOCKETFUNCTION and
CURLOPT_OPENSOCKETDATA to set a callback that allows an application to replace
the socket() call used by libcurl. It basically allows the app to change
address, protocol or whatever of the socket. (I also did some whitespace
indent/cleanups in lib/url.c which kind of hides some of these changes, sorry
for mixing those in.)
Daniel Stenberg [Wed, 3 Oct 2007 08:07:50 +0000 (08:07 +0000)]
I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.
Daniel Stenberg [Wed, 3 Oct 2007 08:00:42 +0000 (08:00 +0000)]
Based on a patch brought by Johnny Luong, libcurl now offers
CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 and the curl tool --hostpubmd5. They both make
the SCP or SFTP connection verify the remote host's md5 checksum of the public
key before doing a connect, to reduce the risk of a man-in-the-middle attack.