Commit Graph

18300 Commits

Author SHA1 Message Date
Daniel Stenberg
7d2f61f66a openssl: replace call to OPENSSL_config
OPENSSL_config() is "strongly recommended" to use but unfortunately that
function makes an exit() call on wrongly formatted config files which
makes it hard to use in some situations. OPENSSL_config() itself calls
CONF_modules_load_file() and we use that instead and we ignore its
return code!

Reported-by: Jan Ehrhardt
Bug: http://curl.haxx.se/bug/view.cgi?id=1401
2014-08-07 12:40:31 +02:00
Fabian Keil
40e13829af runtests.pl: Pad test case numbers with up to three zeroes
Test case numbers with four digits have been available for a
while now.
2014-08-07 10:17:25 +02:00
Steve Holme
f719a97e12 docs: Added Negotiate to the SSPI current credentials usage description 2014-08-07 08:04:40 +01:00
Steve Holme
6c6983f477 TODO: HTTP Digest via Windows SSPI 2014-08-06 22:58:42 +01:00
Steve Holme
c399f6eeb2 TODO: FTP GSSAPI via Windows SSPI 2014-08-06 21:54:27 +01:00
Steve Holme
f8a8ed73fe http_negotiate_sspi: Fixed specific username and password not working
Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati
2014-08-06 20:31:19 +01:00
Steve Holme
f8af8606a5 http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8
If the server rejects our authentication attempt and curl hasn't
called CompleteAuthToken() then the status variable will be
SEC_I_CONTINUE_NEEDED and not SEC_E_OK.

As such the existing detection mechanism for determining whether or not
the authentication process has finished is not sufficient.

However, the WWW-Authenticate: Negotiate header line will not contain
any data when the server has exhausted the negotiation, so we can use
that coupled with the already allocated context pointer.
2014-08-06 07:17:13 +01:00
Daniel Stenberg
524833e155 RELEASE-NOTES: synced with 5b37db44a3 2014-08-05 09:38:04 +02:00
Dan Fandrich
5b37db44a3 parsedate.c: fix the return code for an overflow edge condition 2014-08-05 09:25:47 +02:00
Toby Peterson
0e452a02f1 darwinssl: don't use strtok()
The GetDarwinVersionNumber() function uses strtok, which is not
thread-safe.
2014-08-05 08:58:49 +02:00
Daniel Stenberg
ea6d371e7c Curl_ossl_version: adapted to detect BoringSSL
This seems to be the way it should work. Right now we can't build with
BoringSSL and try this out properly due to a minor API breakage.
2014-08-05 00:29:37 +02:00
Daniel Stenberg
7efff86639 Curl_ossl_version: detect and show libressl
LibreSSL is otherwise OpenSSL API compliant (so far)
2014-08-04 23:54:44 +02:00
Tatsuhiro Tsujikawa
67920e1516 HTTP/2: Fix infinite loop in readwrite_data()
To prevent infinite loop in readwrite_data() function when stream is
reset before any response body comes, reset closed flag to false once
it is evaluated to true.
2014-08-03 22:49:56 +02:00
Dan Fandrich
4d4dd7aea0 gtls: only define Curl_gtls_seed if Nettle is not being used 2014-08-03 11:18:08 +02:00
Dan Fandrich
cac1dd58a8 ssl: provide Curl_ssl_backend even if no SSL library is available 2014-08-03 10:43:31 +02:00
Tatsuhiro Tsujikawa
595f5f0e43 HTTP2: Support expect: 100-continue
"Expect: 100-continue", which was once deprecated in HTTP/2, is now
resurrected in HTTP/2 draft 14.  This change adds its support to
HTTP/2 code.  This change also includes stricter header field
checking.
2014-08-02 23:15:46 +02:00
Daniel Stenberg
e4f6adb023 CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it 2014-08-02 23:09:22 +02:00
Daniel Stenberg
8da2124060 FEATURES: minor update 2014-08-01 09:00:06 +02:00
Daniel Stenberg
b9f6ca1d32 openssl: make ossl_send return CURLE_OK better
Previously it only returned a CURLcode for errors, which is when it
returns a different size than what was passed in to it.

The http2 code only checked the curlcode and thus failed.
2014-08-01 00:01:02 +02:00
Daniel Stenberg
05e81222d4 RELEASE-NOTES: synced with 7bb4c8cadb 2014-07-31 23:24:17 +02:00
Michael Wallner
7bb4c8cadb CURLOPT_HEADEROPT.3: typo: do -> to 2014-07-31 17:52:08 +02:00
Marcel Raad
f8f2188888 schannel: use CryptGenRandom for random numbers
This function is available for every Windows version since Windows 95/NT.

reference:
http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx
2014-07-31 13:10:54 +02:00
Daniel Stenberg
0c23ec232b curl_version_info.3: 'ssl_version_num' is always 0
... and has been so since 2005
2014-07-31 12:27:15 +02:00
Daniel Stenberg
a439e438f3 ssl: generalize how the ssl backend identifier is set
Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS
one which was missing previously.
2014-07-31 12:19:51 +02:00
Dan Fandrich
028a408d57 axtls: define curlssl_random using axTLS's PRNG 2014-07-31 01:12:38 +02:00
Dan Fandrich
3d5be801b9 cyassl: fix the test for ASN_NO_SIGNER_E
It's an enum so a macro test won't work. The CyaSSL changelog doesn't
say exactly when this error code was introduced, but it's likely
to be 2.7.0.
2014-07-31 00:31:36 +02:00
Dan Fandrich
1aa6418af9 cyassl: use RNG_GenerateBlock to generate a good random number 2014-07-31 00:09:13 +02:00
Dan Fandrich
524bb823c9 opts: fixed some typos 2014-07-30 23:37:24 +02:00
Dan Fandrich
2c1db913f7 smtp: fixed a segfault during test 1320 torture test
Under these circumstances, the connection hasn't been fully established
and smtp_connect hasn't been called, yet smtp_done still calls the state
machine which dereferences the NULL conn pointer in struct pingpong.
2014-07-30 23:37:24 +02:00
Daniel Stenberg
01a0168806 vtls: repair build without TLS support
... by defining Curl_ssl_random() properly
2014-07-30 23:17:41 +02:00
Daniel Stenberg
0e811d8c59 polarssl: provide a (weak) random function
This now provides a weak random function since PolarSSL doesn't have a
quick and easy way to provide a good one. It does however provide the
framework to make one so it _can_ and _should_ be done...
2014-07-30 20:59:16 +02:00
Michael Wallner
df52f3500c curl_tlsinfo -> curl_tlssessioninfo 2014-07-30 11:11:29 +02:00
Daniel Stenberg
f0369223cd cyassl: use the default (weeker) random
I couldn't find any dedicated function in its API to get a "good" random
with.
2014-07-30 10:08:27 +02:00
Daniel Stenberg
16cb818a74 cyassl: made it compile with version 2.0.6 again
ASN_NO_SIGNER_E didn't exist back then!
2014-07-30 10:07:42 +02:00
Daniel Stenberg
8dfd22089c vtls: make the random function mandatory in the TLS backend
To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.
2014-07-30 00:05:47 +02:00
Daniel Stenberg
37faf55e17 libcurl.m4: include the standard source header
... with permission from David Shaw
2014-07-29 00:06:36 +02:00
Kamil Dudka
30b093f6fc nss: do not check the version of NSS at run time
The minimal required version of NSS is 3.14.x so it does not make sense
to check for NSS 3.12.0+ at run time.
2014-07-28 16:27:04 +02:00
Anthon Pang
f3bd3deddd curl.h: bring back CURLE_OBSOLETE16
Removing defines, even obsolete ones that haven't been used for a very
long time, still break a lot of applications.

Bug: https://github.com/bagder/curl/pull/106
2014-07-28 10:51:50 +02:00
Fabian Keil
6543f6e36c tests: Fix a couple of incomplete response lines 2014-07-26 23:12:53 +02:00
Fabian Keil
2fab0d45a9 runtests.pl: Remove filteroff() which hasn't been used since 2001 2014-07-26 23:02:50 +02:00
Fabian Keil
dc7a598126 runtests.pl: Don't expect $TESTDIR/DISABLED to exist
If a non-standard $TESTDIR is used the file may not be necessary.

Previously a "missing" file resulted in the warning:
readline() on closed filehandle D at ./runtests.pl line 4940.
2014-07-26 23:01:31 +02:00
Fabian Keil
5828e886e6 getpart.pm: Fix a comment typo 2014-07-26 23:01:22 +02:00
Daniel Stenberg
c56aa6f121 c-ares: fix build without IPv6 support
Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html
Reported-by: Spork Schivago
2014-07-25 09:26:13 +02:00
Daniel Stenberg
e1b13eba75 Curl_base64url_encode: unit-tested in 1302 2014-07-25 08:38:16 +02:00
Daniel Stenberg
aae4e4bf70 base64: added Curl_base64url_encode()
This is now used by the http2 code. It has two different symbols at the
end of the base64 table to make the output "url safe".

Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62
2014-07-25 08:24:03 +02:00
Marcel Raad
9c1cf96664 SSPI Negotiate: Fix 3 memory leaks
Curl_base64_decode allocates the output string by itself and two other
strings were not freed either.
2014-07-24 23:50:53 +02:00
Daniel Stenberg
821d4a1e55 symbols: CURL_VERSION_GSSNEGOTIATE is deprecated 2014-07-24 23:47:32 +02:00
Daniel Stenberg
4e11bd156e test1013.pl: GSS-Negotiate doesn't exist as a feature anymore 2014-07-24 23:46:11 +02:00
Sergey Nikulov
64010d603c libtest: fixed duplicated line in Makefile
Bug: https://github.com/bagder/curl/pull/105
2014-07-24 15:19:46 +02:00
Patrick Monnerat
c31dec7f98 GSSAPI: remove useless *_MECHANISM defines. 2014-07-23 18:56:19 +02:00