Daniel Stenberg
590f0358d8
- Anatoli Tubman found and fixed a crash with Negotiate authentication used on
...
a re-used connection where both requests used Negotiate.
2008-03-01 22:32:03 +00:00
Gunter Knauf
8f4fda1d6f
fixed commented define for SSPI.
2008-02-28 11:34:08 +00:00
Gunter Knauf
7513d29a48
another small change to the makefiles to simplify rules.
2008-02-27 01:36:01 +00:00
Gunter Knauf
724ad15dad
some more minor makefile changes; removed useless dist target.
2008-02-26 21:41:19 +00:00
Gunter Knauf
79aa6c841e
fixed install target to create a ca-bundle.crt since we have no longer one in the project.
2008-02-26 21:24:03 +00:00
Gunter Knauf
9682c2037e
Added support for server name indication (RFC 4366).
...
Patch submitted by Kaspar Brand.
2008-02-26 10:30:13 +00:00
Daniel Stenberg
74241e7d85
- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
...
forces it to prefer SSLv3.
2008-02-25 07:51:39 +00:00
Daniel Stenberg
6982ed4db7
- Sam Listopad provided a patch in feature-request #1900014
...
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
use OpenSSL) support a full chain of certificates in a given PKCS12
certificate.
2008-02-23 12:27:45 +00:00
Daniel Stenberg
e9bb7b7712
- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
...
happened if you set the connection cache size to 1 and for example failed to
login to an FTP site. Bug report #1896698
(http://curl.haxx.se/bug/view.cgi?id=1896698 )
2008-02-21 17:52:16 +00:00
Daniel Stenberg
3bb4602227
assert that the *connp is a non-NULL pointer when Curl_done() is called
2008-02-21 12:28:45 +00:00
Daniel Stenberg
9019fc5671
oops, fixed to build
2008-02-20 10:01:28 +00:00
Daniel Stenberg
53a549000c
- Based on initial work done by Gautam Kachroo to address a bug, we now keep
...
better control at the exact state of the connection's SSL status so that we
know exactly when it has completed the SSL negotiation or not so that there
won't be accidental re-uses of connections that are wrongly believed to be
in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Daniel Stenberg
55700cb01f
- We no longer support setting the CURLOPT_URL option from inside a callback
...
such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location:
following. The patch that introduced this feature was done for 7.11.0, but
this code and functionality has been broken since about 7.15.4 (March 2006)
with the introduction of non-blocking OpenSSL "connects".
It was a hack to begin with and since it doesn't work and hasn't worked
correctly for a long time and nobody has even noticed, I consider it a very
suitable subject for plain removal. And so it was done.
2008-02-20 08:28:02 +00:00
Gunter Knauf
f9a6062081
applied patch to disable SSLv2 by default; discussion:
...
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
2008-02-19 23:10:07 +00:00
Yang Tse
7b5c86033a
fix compiler warnings: 'statement is unreachable'
2008-02-19 17:25:19 +00:00
Yang Tse
d2125cf501
fix compiler warnings: 'enumerated type mixed with another type'
2008-02-19 15:07:50 +00:00
Daniel Stenberg
0d722204c3
https_getsock() should be static all over (and did some fixed indenting)
2008-02-18 19:53:31 +00:00
Gunter Knauf
e2b50b203d
added check symbol for linking with POSIX prelude.
2008-02-18 15:30:11 +00:00
Yang Tse
ab0de23d83
fix compiler warnings:
...
'enumerated type mixed with another type'
and
'variable was set but never used'
2008-02-18 13:05:46 +00:00
Daniel Stenberg
fb23b85770
- We're no longer providing a very old ca-bundle in the curl tarball. You can
...
get a fresh one downloaded and created with 'make ca-bundle' or you can get
one from here => http://curl.haxx.se/docs/caextract.html if you want a fresh
new one extracted from Mozilla's recent list of ca certs.
The configure option --with-ca-bundle now lets you specify what file to use
as default ca bundle for your build. If not specified, the configure script
will check a few known standard places for a global ca cert to use.
2008-02-18 11:35:12 +00:00
Daniel Stenberg
ba3e7a8656
rephrased comment
2008-02-17 13:49:01 +00:00
Daniel Stenberg
240bae4eb2
In Curl_done() if premature is TRUE, it means this connection was said to be
...
DONE before the entire request operation is complete and thus we can't know in
what state it is for re-using, so we're forced to close it. In a perfect world
we can add code that keep track of if we really must close it here or not, but
currently we have no such detail knowledge.
Jerome Muffat-Meridol helped us work this out.
2008-02-17 13:43:32 +00:00
Daniel Stenberg
4180ca7638
don't do the GOT_NOTHING error check if the DONE function was called with
...
premature set TRUE, which means it was done before the request comleted. It
could then very well not have received any data.
2008-02-17 13:40:35 +00:00
Daniel Stenberg
0e73361a06
added a comment about the ignoring of the Curl_done() return code
2008-02-17 13:38:19 +00:00
Daniel Stenberg
550d6f74b9
oops, that was debug code not meant to be committed like this...
2008-02-16 13:44:23 +00:00
Daniel Stenberg
f7b71c2abe
fix warnings about shadowing
2008-02-16 13:41:55 +00:00
Gunter Knauf
0da90b5d91
seems that curently we dont need the imports from (l)ldapx.imp.
2008-02-16 00:44:14 +00:00
Gunter Knauf
3e635a2334
re-ordered the module dependency list;
...
removed unsused ldap module dependency since the module didnt autounload from protected address space.
2008-02-16 00:15:30 +00:00
Daniel Stenberg
e78652d850
- Made the gnutls code path not even try to get the server cert if no peer
...
verification is requested. Previously it would even return failure if gnutls
failed to get the server cert even though no verification was asked for.
- Fix my Curl_timeleft() leftover mistake in the gnutls code
2008-02-15 22:37:00 +00:00
Daniel Stenberg
48918c3047
mention that we explicitly ignore the return code
2008-02-15 21:38:54 +00:00
Yang Tse
dc42d6fb8d
log SSH public key authentication failure and reason
2008-02-15 17:00:56 +00:00
Daniel Stenberg
d25aab2704
- Pooyan McSporran found and fixed a flaw where you first would do a normal
...
http request and then you'd reuse the handle and replace the Accept: header,
as then libcurl would send two Accept: headers!
2008-02-15 08:56:06 +00:00
Gunter Knauf
cfaf88aab4
fixed version var.
2008-02-15 00:41:54 +00:00
Gunter Knauf
ecc75be6f3
moved info block up before help block so that it can also be displayed before help option; trial to add a version number.
2008-02-15 00:26:26 +00:00
Daniel Stenberg
fcc320ee40
Yang Tse pointed out a few remaining quirks from my timeout refactoring from
...
Feb 7 that didn't abort properly on timeouts. These are actually old
problems but now they should be fixed.
2008-02-11 22:03:31 +00:00
Gunter Knauf
019f6a1926
open pipe to openssl commandline instead of writing into temp file.
2008-02-11 18:52:45 +00:00
Dan Fandrich
44fba11b34
Fixed unused variable warning.
2008-02-11 18:27:36 +00:00
Gunter Knauf
df07c87b89
added strict to make sure all vars are properly defined;
...
added -t switch to make text info of CAs optional;
added -q switch to be really quiet.
2008-02-11 15:00:00 +00:00
Yang Tse
736af32b49
Bug report #1888932 ( http://curl.haxx.se/bug/view.cgi?id=1888932 ) points
...
out and provides test program that demonstrates that libcurl might not set
error description message for error CURLE_COULDNT_RESOLVE_HOST for Windows
threaded name resolver builds. Fixed now.
2008-02-10 04:20:09 +00:00
Gunter Knauf
08e5c0812f
added -b switch to provide a backup functionality for existing ca-bundle.crt file.
2008-02-10 01:29:24 +00:00
Gunter Knauf
a8c71961e0
fixed another wrong var in error message.
2008-02-09 15:32:54 +00:00
Gunter Knauf
63d595a047
fixed wrong var in error message.
2008-02-09 15:00:07 +00:00
Daniel Stenberg
4c841a1f0c
- Mike Hommey filed and fixed bug report #1889856
...
(http://curl.haxx.se/bug/view.cgi?id=1889856 ): When using the gnutls ssl
layer, cleaning-up and reinitializing curl ends up with https requests
failing with "ASN1 parser: Element was not found" errors. Obviously a
regression added in 7.16.3.
2008-02-08 22:02:00 +00:00
Daniel Stenberg
a2bff51ede
include mk-ca-bundle.pl in the tarballs
2008-02-08 09:56:23 +00:00
Gunter Knauf
c764331dd9
use argument to specify output filename if present.
2008-02-08 02:38:12 +00:00
Gunter Knauf
586444b6b8
fixed regex to fetch certdata.txt version since it was replaced by CVS (argh!)
...
added a switch to display certdata.txt version header.
2008-02-08 01:58:11 +00:00
Gunter Knauf
d76a74cc5e
added Perl script to create a fresh ca-bundle.crt.
2008-02-08 01:08:25 +00:00
Daniel Stenberg
1b701c746f
- Refactored a lot of timeout code into a few functions in an attempt to make
...
them all use the same (hopefully correct) logic to make it less error-prone
and easier to introduce library-wide where it should be used.
2008-02-07 22:25:04 +00:00
Daniel Stenberg
15bf168527
ca-bundle.crt documentational updates that more clearly describe the bundle
...
ca-bundle.crt file as outdated and in need for replacement by anyone who wants
to verify modern peers as the one we have is from year 2000!
2008-02-07 15:43:36 +00:00
Yang Tse
20e9fc73e2
Fix problem in strdup replacement when dealing with absolutely huge strings.
2008-02-06 19:01:13 +00:00