Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						85bd4621db 
					 
					
						
						
							
							Prevent a very long password to buffer overflow the global variable we  
						
						... 
						
						
						
						use when built with a very old OpenSSL version. 
						
						
					 
					
						2004-06-30 11:53:34 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						ba40eccc90 
					 
					
						
						
							
							make the SSL connect use the same default connect timeout define as the  
						
						... 
						
						
						
						generic connect uses 
						
						
					 
					
						2004-06-30 09:22:48 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						feb2dd2835 
					 
					
						
						
							
							Replaced all uses of sprintf() with the safer snprintf(). It is just a  
						
						... 
						
						
						
						precaution to prevent mistakes to lead to buffer overflows. 
						
						
					 
					
						2004-06-24 11:54:11 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						76920413d9 
					 
					
						
						
							
							Gisle fixed the wildcard checks for certificates.  
						
						
						
						
					 
					
						2004-06-22 08:51:22 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						cf3f1ef284 
					 
					
						
						
							
							prevent compiler warning  
						
						
						
						
					 
					
						2004-06-19 09:38:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						bd3d5a17b4 
					 
					
						
						
							
							Gisle's "SSL patch" from June 16th 2004, modified by me as discussed on the  
						
						... 
						
						
						
						mailing list. 
						
						
					 
					
						2004-06-18 06:20:43 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						be72eaa327 
					 
					
						
						
							
							use Curl_strcasestr() when checking wildcard cert names  
						
						
						
						
					 
					
						2004-06-13 08:33:26 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						2511d1193a 
					 
					
						
						
							
							* seed_enough() was converted to a macro to avoid the IRIX compiler warning  
						
						... 
						
						
						
						about that passed-in argument not being used.
* killed trailing whitespace 
						
						
					 
					
						2004-05-18 07:25:13 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a9893ca79a 
					 
					
						
						
							
							Peter Sylvester's patch that addresses two flaws in the peer certificate name  
						
						... 
						
						
						
						verification:
- when multiple common names are used (as in the curl tests), the last name
needs to be selected.
- allow comparing with encoded values, at least with BMP and ISO latin1
encoded T61strings. 
						
						
					 
					
						2004-05-17 22:01:16 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						b5f85ba77d 
					 
					
						
						
							
							memory cleanup and check fix  
						
						
						
						
					 
					
						2004-05-13 15:19:02 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						bbafb2eb27 
					 
					
						
						
							
							curl_global_init_mem() allows the memory functions to be replaced.  
						
						... 
						
						
						
						memory.h is included everywhere for this. 
						
						
					 
					
						2004-05-11 11:30:23 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						699ebe2f0b 
					 
					
						
						
							
							Gisle made the code use ERR_error_string_n()  
						
						
						
						
					 
					
						2004-04-29 07:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						4b9f8e766d 
					 
					
						
						
							
							Made host name and proxy name get stored in a 'struct hostname' and set  
						
						... 
						
						
						
						all things up to work with encoded host names internally, as well as keeping
'display names' to show in debug messages. IDN resolves work for me now using
ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right. 
						
						
					 
					
						2004-04-27 13:56:23 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						fb1039f2ab 
					 
					
						
						
							
							Tor Arntsen fixed a 'Statement not reachable'-warning  
						
						
						
						
					 
					
						2004-04-26 11:52:43 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						b7a7600465 
					 
					
						
						
							
							Cleaned up hostname/name/gname and path/ppath confusion. Removed the fixed-  
						
						... 
						
						
						
						length limit of the hostname part of the URL. 
						
						
					 
					
						2004-04-20 07:53:24 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						0c791d1e76 
					 
					
						
						
							
							variable type usage cleanup to please picky compilers  
						
						
						
						
					 
					
						2004-03-23 15:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						326e8b9fc1 
					 
					
						
						
							
							don't let the EINTR stuff build on windows  
						
						
						
						
					 
					
						2004-03-11 12:57:04 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						40e892bb36 
					 
					
						
						
							
							Jeff Lawson fixed the SSL connection to deal with received signals during the  
						
						... 
						
						
						
						connect. 
						
						
					 
					
						2004-03-10 08:43:01 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						ce5805a955 
					 
					
						
						
							
							Use curl_socket_t instead of int for holding sockets. The typedefs and  
						
						... 
						
						
						
						defines are in setup.h. 
						
						
					 
					
						2004-03-09 22:52:50 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						4d17d6876e 
					 
					
						
						
							
							Dan Fandrich's cleanup patch to make pedantic compiler options cause less  
						
						... 
						
						
						
						warnings. Minor edits by me. 
						
						
					 
					
						2004-01-29 13:56:45 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						61e3d75def 
					 
					
						
						
							
							Gisle Vanem's patch for variables that "might be used uninitialized"  
						
						
						
						
					 
					
						2004-01-16 09:17:04 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						053f6c85ef 
					 
					
						
						
							
							updated year in the copyright string  
						
						
						
						
					 
					
						2004-01-07 09:19:33 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						d8cf2d42c0 
					 
					
						
						
							
							prevent warning for non-SSL builds  
						
						
						
						
					 
					
						2003-11-24 11:44:04 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						1e98727c55 
					 
					
						
						
							
							FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe it  
						
						
						
						
					 
					
						2003-11-24 07:15:37 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						dfe0118033 
					 
					
						
						
							
							Mathias Axelsson found a case where we free()d the server certificate twice!  
						
						
						
						
					 
					
						2003-11-15 10:00:20 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						14f795816d 
					 
					
						
						
							
							Georg Horn's fixes to do different CA cert verifications. They can now be  
						
						... 
						
						
						
						done even if the result is ignored, as some sites seem to require that. 
						
						
					 
					
						2003-10-23 07:44:55 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						597c1fe6bc 
					 
					
						
						
							
							rewritten alternative name check  
						
						
						
						
					 
					
						2003-10-16 13:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						c6a0bb99af 
					 
					
						
						
							
							bad license situation for the altname patch  
						
						
						
						
					 
					
						2003-10-15 14:42:11 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						ff5b6ff528 
					 
					
						
						
							
							fixed to build fine without ssl  
						
						
						
						
					 
					
						2003-10-08 13:06:50 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						6494889e3b 
					 
					
						
						
							
							Neil Dunbar provided a patch that now makes libcurl check SSL  
						
						... 
						
						
						
						subjectAltNames when matching certs. This is apparently detailed in RFC2818
  as the right thing to do. I had to add configure checks for inet_pton() and
  our own (strictly speaking, code from BIND written by Paul Vixie) provided
  code for the function for platforms that miss it. 
						
						
					 
					
						2003-10-07 21:46:47 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						481094db90 
					 
					
						
						
							
							warn if no CN is available if verify is only set to 1  
						
						
						
						
					 
					
						2003-09-03 20:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a8c78cbbb0 
					 
					
						
						
							
							CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions so  
						
						... 
						
						
						
						we need to check for its presence in the configure script 
						
						
					 
					
						2003-08-19 09:56:16 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						dafc652f63 
					 
					
						
						
							
							Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()  
						
						... 
						
						
						
						when we cleanup the SSL stuff to not leak any memory.
I wish this was documented anywhere. 
						
						
					 
					
						2003-08-19 07:51:09 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f9c3347f7c 
					 
					
						
						
							
							re-use existing variable instead of declaring a new local one  
						
						
						
						
					 
					
						2003-07-05 13:27:02 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						45fc760985 
					 
					
						
						
							
							Peter Sylvester's patch was applied that introduces the following:  
						
						... 
						
						
						
						CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the
   OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If
   anything but CURLE_OK is returned, that will also be returned by libcurl
   all the way back. If this function changes the CURLOPT_URL, libcurl will
   detect this and instead go use the new URL.
   CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set
   with CURLOPT_SSL_CTX_FUNCTION. 
						
						
					 
					
						2003-07-04 16:29:23 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						308bc9d919 
					 
					
						
						
							
							use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions  
						
						
						
						
					 
					
						2003-06-26 11:22:12 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						d288222e80 
					 
					
						
						
							
							work-around SSL implementation flaws better, pointed out in bug report  
						
						... 
						
						
						
						#745122 . 
					
						2003-06-02 13:27:03 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f213e857ab 
					 
					
						
						
							
							Andy Cedilnik fixed some compiler warnings  
						
						
						
						
					 
					
						2003-05-01 13:37:36 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						0b839c4f77 
					 
					
						
						
							
							return the same error for the sslv2 "certificate verify failed" code  
						
						
						
						
					 
					
						2003-04-14 22:00:36 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						21873b52e9 
					 
					
						
						
							
							Restored the SSL error codes since they was broken in the 7.10.4 release,  
						
						... 
						
						
						
						also now attempt to detect and return the specific CACERT error code. 
						
						
					 
					
						2003-04-14 12:53:29 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						9558f229db 
					 
					
						
						
							
							Fixup after talks with Richard Bramante. We should now make better  
						
						... 
						
						
						
						comparisons before re-using SSL connections and re-using SSL connection IDs. 
						
						
					 
					
						2003-03-31 05:13:26 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						afffce80f0 
					 
					
						
						
							
							Philippe Raoult needed this to build on FreeBSD  
						
						
						
						
					 
					
						2003-03-13 21:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						8755a6d1ac 
					 
					
						
						
							
							Richard Gorton improved the random_the_seed() function for systems where  
						
						... 
						
						
						
						we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure. 
						
						
					 
					
						2003-03-11 18:55:34 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						9121b1f41d 
					 
					
						
						
							
							the strequal and strnequal should now be called with the proper curl_ prefix  
						
						
						
						
					 
					
						2003-02-28 12:20:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a3d3642a30 
					 
					
						
						
							
							spell better  
						
						
						
						
					 
					
						2003-02-27 23:10:38 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						69ab4cd391 
					 
					
						
						
							
							include <sys/socket.h> to compile the fd_set stuff properly on all systems  
						
						
						
						
					 
					
						2003-02-14 09:03:03 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f56d006f93 
					 
					
						
						
							
							Re-arranged the SSL connection code (again). The recent fix was not a very  
						
						... 
						
						
						
						good one. This should work fine again. 
						
						
					 
					
						2003-02-05 07:43:05 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						5d28f3781b 
					 
					
						
						
							
							Improved error reporting in case of bad SSL_connect()s, and we also no  
						
						... 
						
						
						
						longer use the SSL functions that store the error message in a static buffer
since that is not very multi-thread friendly. 
						
						
					 
					
						2003-02-04 12:29:57 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a7c72b7abf 
					 
					
						
						
							
							removed the local variables for emacs and vim, use the new sample.emacs  
						
						... 
						
						
						
						way for emacs, and vim users should provide a similar non-polluting style 
						
						
					 
					
						2003-01-29 10:14:20 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f26a338a54 
					 
					
						
						
							
							copyright year update in the source header  
						
						
						
						
					 
					
						2003-01-16 21:08:12 +00:00