]>
granicus.if.org Git - curl/log
Steve Holme [Mon, 9 Feb 2015 20:58:33 +0000 (20:58 +0000)]
openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
Tatsuhiro Tsujikawa [Mon, 9 Feb 2015 13:30:24 +0000 (22:30 +0900)]
http2: Fix bug that associated stream canceled on PUSH_PROMISE
Previously we don't ignore PUSH_PROMISE header fields in on_header
callback. It makes header values mixed with following HEADERS,
resulting protocol error.
Jay Satiro [Fri, 2 Jan 2015 17:33:41 +0000 (12:33 -0500)]
polarssl: Fix exclusive SSL protocol version options
Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.
http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich
Jay Satiro [Fri, 2 Jan 2015 17:37:45 +0000 (12:37 -0500)]
gskit: Fix exclusive SSLv3 option
Daniel Stenberg [Mon, 9 Feb 2015 09:33:54 +0000 (10:33 +0100)]
curl.1: clarify that -X is used for all requests
Reported-by: Jon Seymour
Daniel Stenberg [Sat, 7 Feb 2015 23:05:55 +0000 (00:05 +0100)]
curl.1: add warning when using -H and redirects
Steve Holme [Sat, 7 Feb 2015 20:50:30 +0000 (20:50 +0000)]
schannel: Removed curl_ prefix from source files
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
Daniel Stenberg [Fri, 6 Feb 2015 13:36:25 +0000 (14:36 +0100)]
md5: use axTLS's own MD5 functions when available
Daniel Stenberg [Fri, 6 Feb 2015 13:26:01 +0000 (14:26 +0100)]
MD(4|5): make the MD4_* and MD5_* functions static
Daniel Stenberg [Fri, 6 Feb 2015 13:04:16 +0000 (14:04 +0100)]
axtls: fix conversion from size_t to int warning
Steve Holme [Thu, 5 Feb 2015 20:31:12 +0000 (20:31 +0000)]
ftp: Use 'CURLcode result' for curl result codes
Daniel Stenberg [Thu, 5 Feb 2015 10:56:29 +0000 (11:56 +0100)]
openssl: SSL_SESSION->ssl_version no longer exist
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!
Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
Dan Fandrich [Wed, 4 Feb 2015 21:59:14 +0000 (22:59 +0100)]
unit1600: Fix compilation when NTLM is disabled
Daniel Stenberg [Tue, 3 Feb 2015 09:09:35 +0000 (10:09 +0100)]
MD5: fix compiler warnings and code style nits
Daniel Stenberg [Tue, 3 Feb 2015 09:06:20 +0000 (10:06 +0100)]
MD5: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
Code-by: Alexander Peslyak
Daniel Stenberg [Tue, 3 Feb 2015 09:00:54 +0000 (10:00 +0100)]
MD4: fix compiler warnings and code style nits
Daniel Stenberg [Tue, 3 Feb 2015 08:55:47 +0000 (09:55 +0100)]
MD4: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
Code-by: Alexander Peslyak
Steve Holme [Wed, 4 Feb 2015 00:09:31 +0000 (00:09 +0000)]
telnet: Prefer 'CURLcode result' for curl result codes
Steve Holme [Wed, 4 Feb 2015 00:05:30 +0000 (00:05 +0000)]
hostasyn: Prefer 'CURLcode result' for curl result codes
Steve Holme [Wed, 4 Feb 2015 00:03:05 +0000 (00:03 +0000)]
schannel: Prefer 'CURLcode result' for curl result codes
Daniel Stenberg [Tue, 3 Feb 2015 21:52:18 +0000 (22:52 +0100)]
unit1601: MD5 unit tests
Daniel Stenberg [Tue, 3 Feb 2015 19:59:54 +0000 (20:59 +0100)]
unit1600: unit test for Curl_ntlm_core_mk_nt_hash
Daniel Stenberg [Tue, 3 Feb 2015 09:44:41 +0000 (10:44 +0100)]
unit1600: NTLM unit test
Daniel Stenberg [Tue, 3 Feb 2015 09:46:39 +0000 (10:46 +0100)]
tests/README: add a new range, clean up some language
Jay Satiro [Sun, 11 Jan 2015 05:10:05 +0000 (00:10 -0500)]
opts: CURLOPT_CAINFO availability depends on SSL engine
Daniel Stenberg [Tue, 3 Feb 2015 06:57:54 +0000 (07:57 +0100)]
getpass: protect include with proper #ifdef
Reported-by: Tamir
Daniel Stenberg [Mon, 2 Feb 2015 23:30:45 +0000 (00:30 +0100)]
getpass_r: read from stdin, not stdout!
The file number used was wrong. This bug was introduced over 10 years
ago, proving this function isn't used much...
Bug: http://curl.haxx.se/bug/view.cgi?id=1476
Reported-by: Tamir
Daniel Stenberg [Mon, 2 Feb 2015 22:32:38 +0000 (23:32 +0100)]
test1135: verify the CURL_EXTERN order in header files
Daniel Stenberg [Mon, 2 Feb 2015 22:11:44 +0000 (23:11 +0100)]
Makefile.am: fix 'make distcheck'
... by removing generated files from the *_DIST variable [*] and instead
generate them with a .dist suffix, since that is then handled and put
into the release archive by our generic dist-hook.
[*] = 'make distcheck' fails with non-existing files listed there
Steve Holme [Mon, 2 Feb 2015 16:44:00 +0000 (16:44 +0000)]
curl_sasl.c: More code policing
Better use of 80 character line limit, comment corrections and line
spacing preferences.
Daniel Stenberg [Mon, 2 Feb 2015 14:38:54 +0000 (15:38 +0100)]
libcurl-symbols: first basic shot for autogenerated docs
Daniel Stenberg [Mon, 2 Feb 2015 14:38:29 +0000 (15:38 +0100)]
FAQ: minor edit of 3.22
Steve Holme [Sun, 1 Feb 2015 21:56:59 +0000 (21:56 +0000)]
build: Added removal of Visual Studio project files
Added the removal of the locally generated project files so one
may revert to a clean repository.
Steve Holme [Sun, 1 Feb 2015 21:25:04 +0000 (21:25 +0000)]
build: Renamed top level Visual Studio solution files
In preparation for adding the test suite and examples projects renamed
the top level "all" solution files to better describe what they are.
This will also enable us to use "curl" rather than "curlsrc" for the
command line tool solution and project files, which will simplify some
of the configuration.
Steve Holme [Sun, 1 Feb 2015 21:02:57 +0000 (21:02 +0000)]
build: Enabled DEBUGBUILD in Visual Studio debug builds
Defined the DEBUGBUILD pre-processor variable to allow extra logging,
which is particularly useful in debug builds, as we use this and Visual
Studio typically uses _DEBUG.
We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is
defined but that would also affect the makefile based builds which we
probably don't want to do.
Steve Holme [Sun, 1 Feb 2015 18:56:05 +0000 (19:56 +0100)]
build: Removed unused Visual Studio bscmake settings
Daniel Stenberg [Mon, 2 Feb 2015 12:14:14 +0000 (13:14 +0100)]
CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0
And modify the text to refer to HTTP 2 as it isn't called "2.0".
Reported-By: Michael Wallner
Marc Hoersken [Sat, 31 Jan 2015 11:30:11 +0000 (12:30 +0100)]
TODO: moved WinSSL/SChannel todo items into docs
Michael Kaufmann [Thu, 29 Jan 2015 21:34:21 +0000 (22:34 +0100)]
CURLOPT_SEEKFUNCTION.3: also when server closes a connection
Steve Holme [Thu, 29 Jan 2015 11:48:11 +0000 (11:48 +0000)]
curl_sasl.c: Fixed compilation warning when cryptography is disabled
curl_sasl.c:1506: warning: unused variable 'chlg'
Steve Holme [Wed, 28 Jan 2015 22:48:01 +0000 (22:48 +0000)]
curl_sasl.c: Fixed compilation warning when verbose debug output disabled
curl_sasl.c:1317: warning: unused parameter 'conn'
Steve Holme [Wed, 28 Jan 2015 20:59:27 +0000 (20:59 +0000)]
ntlm_core: Use own odd parity function when crypto engine doesn't have one
Steve Holme [Wed, 28 Jan 2015 20:55:06 +0000 (20:55 +0000)]
ntlm_core: Prefer sizeof(key) rather than hard coded sizes
Steve Holme [Wed, 28 Jan 2015 20:53:40 +0000 (20:53 +0000)]
ntlm_core: Added consistent comments to DES functions
Steve Holme [Wed, 28 Jan 2015 20:43:32 +0000 (20:43 +0000)]
des: Added Curl_des_set_odd_parity()
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
Steve Holme [Wed, 28 Jan 2015 19:45:54 +0000 (19:45 +0000)]
tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests
Steve Holme [Wed, 28 Jan 2015 19:40:03 +0000 (19:40 +0000)]
tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests
Steve Holme [Wed, 28 Jan 2015 19:35:35 +0000 (19:35 +0000)]
tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests
Steve Holme [Wed, 28 Jan 2015 19:11:19 +0000 (19:11 +0000)]
sasl: Minor code policing and grammar corrections
Gisle Vanem [Wed, 28 Jan 2015 13:22:11 +0000 (14:22 +0100)]
ldap: build with BoringSSL
Daniel Stenberg [Wed, 28 Jan 2015 09:09:56 +0000 (10:09 +0100)]
security: avoid compiler warning
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
Daniel Stenberg [Fri, 23 Jan 2015 13:24:19 +0000 (14:24 +0100)]
runtests: identify BoringSSL and libressl
Patrick Monnerat [Tue, 27 Jan 2015 18:10:18 +0000 (19:10 +0100)]
docs: cite SASL external authentication.
Patrick Monnerat [Tue, 27 Jan 2015 17:08:18 +0000 (18:08 +0100)]
sasl: remove XOAUTH2 from default enabled authentication mechanism.
Patrick Monnerat [Tue, 27 Jan 2015 17:03:56 +0000 (18:03 +0100)]
test: add test cases for sasl external authentication (imap/pop3/smtp).
Patrick Monnerat [Tue, 27 Jan 2015 16:34:40 +0000 (17:34 +0100)]
imap: remove automatic password setting: it breaks external sasl authentication
Patrick Monnerat [Tue, 27 Jan 2015 16:24:55 +0000 (17:24 +0100)]
sasl: implement EXTERNAL authentication mechanism.
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
Steve Holme [Tue, 27 Jan 2015 11:55:19 +0000 (11:55 +0000)]
openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
Steve Holme [Tue, 27 Jan 2015 11:52:14 +0000 (11:52 +0000)]
openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
Brad Spencer [Mon, 26 Jan 2015 16:15:32 +0000 (12:15 -0400)]
curl_setup: Disable SMB/CIFS support when HTTP only
Steve Holme [Fri, 23 Jan 2015 07:57:09 +0000 (07:57 +0000)]
RELEASE-NOTES: Synced with
37824498a3
Daniel Stenberg [Thu, 22 Jan 2015 22:53:52 +0000 (23:53 +0100)]
configure: remove detection of the old yassl emulation API
... as that is ancient history and not used.
Daniel Stenberg [Thu, 22 Jan 2015 22:34:43 +0000 (23:34 +0100)]
OCSP stapling: disabled when build with BoringSSL
Alessandro Ghedini [Mon, 16 Jun 2014 13:05:17 +0000 (15:05 +0200)]
openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
Daniel Stenberg [Thu, 22 Jan 2015 22:04:10 +0000 (23:04 +0100)]
BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
Daniel Stenberg [Thu, 22 Jan 2015 21:51:17 +0000 (22:51 +0100)]
configure: fix BoringSSL detection and detect libresssl
Steve Holme [Thu, 22 Jan 2015 20:58:15 +0000 (20:58 +0000)]
curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
Commit
7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
Steve Holme [Thu, 22 Jan 2015 20:47:38 +0000 (20:47 +0000)]
curl_sasl: Minor code policing following recent commits
John Malmberg [Fri, 16 Jan 2015 03:28:34 +0000 (21:28 -0600)]
openvms: Handle openssl/0.8.9zb version parsing
packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version. That assumption has been fixed for 7.40.
Daniel Stenberg [Thu, 22 Jan 2015 15:34:18 +0000 (16:34 +0100)]
BoringSSL: detected by configure, switches off NTLM
Daniel Stenberg [Thu, 22 Jan 2015 15:20:26 +0000 (16:20 +0100)]
BoringSSL: no PKCS12 support nor ERR_remove_state
Leith Bade [Thu, 22 Jan 2015 11:42:50 +0000 (22:42 +1100)]
BoringSSL: fix build
Steve Holme [Tue, 20 Jan 2015 19:28:54 +0000 (19:28 +0000)]
curl_sasl.c: chlglen is not used when cryptography is disabled
Steve Holme [Tue, 20 Jan 2015 19:25:43 +0000 (19:25 +0000)]
curl_sasl.c: Fixed compilation warning when cyptography is disabled
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
Steve Holme [Tue, 20 Jan 2015 19:21:56 +0000 (19:21 +0000)]
curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
Patrick Monnerat [Tue, 20 Jan 2015 17:17:55 +0000 (18:17 +0100)]
SASL: make some procedures local-scoped
Patrick Monnerat [Tue, 20 Jan 2015 16:33:05 +0000 (17:33 +0100)]
SASL: common state engine for imap/pop3/smtp
Patrick Monnerat [Tue, 20 Jan 2015 14:27:25 +0000 (15:27 +0100)]
SASL: common URL option and auth capabilities decoders for all protocols
Patrick Monnerat [Tue, 20 Jan 2015 13:14:26 +0000 (14:14 +0100)]
IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
Daniel Stenberg [Tue, 20 Jan 2015 08:03:55 +0000 (09:03 +0100)]
ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
Reported-by: Chris Young
Chris Young [Tue, 20 Jan 2015 07:53:14 +0000 (08:53 +0100)]
timeval: typecast for better type (on Amiga)
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
Daniel Stenberg [Mon, 19 Jan 2015 22:18:58 +0000 (23:18 +0100)]
openssl: do public key pinning check independently
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
Patrick Monnerat [Mon, 19 Jan 2015 12:52:40 +0000 (13:52 +0100)]
OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.
Steve Holme [Sun, 18 Jan 2015 20:25:37 +0000 (20:25 +0000)]
ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
Steve Holme [Sun, 18 Jan 2015 17:36:59 +0000 (17:36 +0000)]
http_negotiate: Use dynamic buffer for SPN generation
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
Steve Holme [Sun, 18 Jan 2015 17:12:28 +0000 (17:12 +0000)]
sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
Steve Holme [Sun, 18 Jan 2015 17:02:55 +0000 (17:02 +0000)]
sasl_gssapi: Fixed memory leak with local SPN variable
Daniel Stenberg [Sat, 17 Jan 2015 22:14:40 +0000 (23:14 +0100)]
http_negotiate.c: unused variable 'ret'
Steve Holme [Sat, 17 Jan 2015 16:49:39 +0000 (16:49 +0000)]
gskit.h: Code policing of function pointer arguments
Steve Holme [Sat, 17 Jan 2015 16:41:03 +0000 (16:41 +0000)]
vtls: Removed unimplemented overrides of curlssl_close_all()
Carrying on from commit
037cd0d991 , removed the following unimplemented
instances of curlssl_close_all():
Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
Steve Holme [Sat, 17 Jan 2015 16:03:49 +0000 (16:03 +0000)]
vtls: Separate the SSL backend definition from the API setup
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
Steve Holme [Sat, 17 Jan 2015 15:13:29 +0000 (15:13 +0000)]
vtls: Fixed compilation errors when SSL not used
Fixed the following warning and error from commit
3af90a6e19 when SSL
is not being used:
url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
assuming extern returning int
error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
referenced in function Curl_setopt
Steve Holme [Sat, 17 Jan 2015 11:59:44 +0000 (11:59 +0000)]
http_negotiate: Added empty decoded challenge message info text
Steve Holme [Sat, 17 Jan 2015 11:56:27 +0000 (11:56 +0000)]
http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
Steve Holme [Sat, 17 Jan 2015 11:27:36 +0000 (11:27 +0000)]
http_negotiate_sspi: Prefer use of 'attrs' for context attributes
Use the same variable name as other areas of SSPI code.
Steve Holme [Sat, 17 Jan 2015 11:24:06 +0000 (11:24 +0000)]
http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
Steve Holme [Sat, 17 Jan 2015 11:20:35 +0000 (11:20 +0000)]
http_negotiate_sspi: Use 'CURLcode result' for CURL result code
Steve Holme [Fri, 16 Jan 2015 23:01:27 +0000 (23:01 +0000)]
curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
Missed Curl_read64_be() in commit
bb12d44471 :(
Daniel Stenberg [Fri, 16 Jan 2015 22:41:50 +0000 (23:41 +0100)]
CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0
Daniel Stenberg [Fri, 16 Jan 2015 22:36:50 +0000 (23:36 +0100)]
curlver.h: next release is 7.41.0 due to the changes