Commit Graph

3932 Commits

Author SHA1 Message Date
Daniel Stenberg
590f0358d8 - Anatoli Tubman found and fixed a crash with Negotiate authentication used on
a re-used connection where both requests used Negotiate.
2008-03-01 22:32:03 +00:00
Gunter Knauf
8f4fda1d6f fixed commented define for SSPI. 2008-02-28 11:34:08 +00:00
Gunter Knauf
7513d29a48 another small change to the makefiles to simplify rules. 2008-02-27 01:36:01 +00:00
Gunter Knauf
724ad15dad some more minor makefile changes; removed useless dist target. 2008-02-26 21:41:19 +00:00
Gunter Knauf
79aa6c841e fixed install target to create a ca-bundle.crt since we have no longer one in the project. 2008-02-26 21:24:03 +00:00
Gunter Knauf
9682c2037e Added support for server name indication (RFC 4366).
Patch submitted by Kaspar Brand.
2008-02-26 10:30:13 +00:00
Daniel Stenberg
74241e7d85 - Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
forces it to prefer SSLv3.
2008-02-25 07:51:39 +00:00
Daniel Stenberg
6982ed4db7 - Sam Listopad provided a patch in feature-request #1900014
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
  use OpenSSL) support a full chain of certificates in a given PKCS12
  certificate.
2008-02-23 12:27:45 +00:00
Daniel Stenberg
e9bb7b7712 - Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
happened if you set the connection cache size to 1 and for example failed to
  login to an FTP site. Bug report #1896698
  (http://curl.haxx.se/bug/view.cgi?id=1896698)
2008-02-21 17:52:16 +00:00
Daniel Stenberg
3bb4602227 assert that the *connp is a non-NULL pointer when Curl_done() is called 2008-02-21 12:28:45 +00:00
Daniel Stenberg
9019fc5671 oops, fixed to build 2008-02-20 10:01:28 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Daniel Stenberg
55700cb01f - We no longer support setting the CURLOPT_URL option from inside a callback
such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location:
  following. The patch that introduced this feature was done for 7.11.0, but
  this code and functionality has been broken since about 7.15.4 (March 2006)
  with the introduction of non-blocking OpenSSL "connects".

  It was a hack to begin with and since it doesn't work and hasn't worked
  correctly for a long time and nobody has even noticed, I consider it a very
  suitable subject for plain removal. And so it was done.
2008-02-20 08:28:02 +00:00
Gunter Knauf
f9a6062081 applied patch to disable SSLv2 by default; discussion:
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
2008-02-19 23:10:07 +00:00
Yang Tse
7b5c86033a fix compiler warnings: 'statement is unreachable' 2008-02-19 17:25:19 +00:00
Yang Tse
d2125cf501 fix compiler warnings: 'enumerated type mixed with another type' 2008-02-19 15:07:50 +00:00
Daniel Stenberg
0d722204c3 https_getsock() should be static all over (and did some fixed indenting) 2008-02-18 19:53:31 +00:00
Gunter Knauf
e2b50b203d added check symbol for linking with POSIX prelude. 2008-02-18 15:30:11 +00:00
Yang Tse
ab0de23d83 fix compiler warnings:
'enumerated type mixed with another type'

and

  'variable was set but never used'
2008-02-18 13:05:46 +00:00
Daniel Stenberg
fb23b85770 - We're no longer providing a very old ca-bundle in the curl tarball. You can
get a fresh one downloaded and created with 'make ca-bundle' or you can get
  one from here => http://curl.haxx.se/docs/caextract.html if you want a fresh
  new one extracted from Mozilla's recent list of ca certs.

  The configure option --with-ca-bundle now lets you specify what file to use
  as default ca bundle for your build. If not specified, the configure script
  will check a few known standard places for a global ca cert to use.
2008-02-18 11:35:12 +00:00
Daniel Stenberg
ba3e7a8656 rephrased comment 2008-02-17 13:49:01 +00:00
Daniel Stenberg
240bae4eb2 In Curl_done() if premature is TRUE, it means this connection was said to be
DONE before the entire request operation is complete and thus we can't know in
what state it is for re-using, so we're forced to close it. In a perfect world
we can add code that keep track of if we really must close it here or not, but
currently we have no such detail knowledge.

Jerome Muffat-Meridol helped us work this out.
2008-02-17 13:43:32 +00:00
Daniel Stenberg
4180ca7638 don't do the GOT_NOTHING error check if the DONE function was called with
premature set TRUE, which means it was done before the request comleted. It
could then very well not have received any data.
2008-02-17 13:40:35 +00:00
Daniel Stenberg
0e73361a06 added a comment about the ignoring of the Curl_done() return code 2008-02-17 13:38:19 +00:00
Daniel Stenberg
550d6f74b9 oops, that was debug code not meant to be committed like this... 2008-02-16 13:44:23 +00:00
Daniel Stenberg
f7b71c2abe fix warnings about shadowing 2008-02-16 13:41:55 +00:00
Gunter Knauf
0da90b5d91 seems that curently we dont need the imports from (l)ldapx.imp. 2008-02-16 00:44:14 +00:00
Gunter Knauf
3e635a2334 re-ordered the module dependency list;
removed unsused ldap module dependency since the module didnt autounload from protected address space.
2008-02-16 00:15:30 +00:00
Daniel Stenberg
e78652d850 - Made the gnutls code path not even try to get the server cert if no peer
verification is requested. Previously it would even return failure if gnutls
  failed to get the server cert even though no verification was asked for.

- Fix my Curl_timeleft() leftover mistake in the gnutls code
2008-02-15 22:37:00 +00:00
Daniel Stenberg
48918c3047 mention that we explicitly ignore the return code 2008-02-15 21:38:54 +00:00
Yang Tse
dc42d6fb8d log SSH public key authentication failure and reason 2008-02-15 17:00:56 +00:00
Daniel Stenberg
d25aab2704 - Pooyan McSporran found and fixed a flaw where you first would do a normal
http request and then you'd reuse the handle and replace the Accept: header,
  as then libcurl would send two Accept: headers!
2008-02-15 08:56:06 +00:00
Gunter Knauf
cfaf88aab4 fixed version var. 2008-02-15 00:41:54 +00:00
Gunter Knauf
ecc75be6f3 moved info block up before help block so that it can also be displayed before help option; trial to add a version number. 2008-02-15 00:26:26 +00:00
Daniel Stenberg
fcc320ee40 Yang Tse pointed out a few remaining quirks from my timeout refactoring from
Feb 7 that didn't abort properly on timeouts. These are actually old
problems but now they should be fixed.
2008-02-11 22:03:31 +00:00
Gunter Knauf
019f6a1926 open pipe to openssl commandline instead of writing into temp file. 2008-02-11 18:52:45 +00:00
Dan Fandrich
44fba11b34 Fixed unused variable warning. 2008-02-11 18:27:36 +00:00
Gunter Knauf
df07c87b89 added strict to make sure all vars are properly defined;
added -t switch to make text info of CAs optional;
added -q switch to be really quiet.
2008-02-11 15:00:00 +00:00
Yang Tse
736af32b49 Bug report #1888932 (http://curl.haxx.se/bug/view.cgi?id=1888932) points
out and provides test program that demonstrates that libcurl might not set
error description message for error CURLE_COULDNT_RESOLVE_HOST for Windows
threaded name resolver builds. Fixed now.
2008-02-10 04:20:09 +00:00
Gunter Knauf
08e5c0812f added -b switch to provide a backup functionality for existing ca-bundle.crt file. 2008-02-10 01:29:24 +00:00
Gunter Knauf
a8c71961e0 fixed another wrong var in error message. 2008-02-09 15:32:54 +00:00
Gunter Knauf
63d595a047 fixed wrong var in error message. 2008-02-09 15:00:07 +00:00
Daniel Stenberg
4c841a1f0c - Mike Hommey filed and fixed bug report #1889856
(http://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl
  layer, cleaning-up and reinitializing curl ends up with https requests
  failing with "ASN1 parser: Element was not found" errors. Obviously a
  regression added in 7.16.3.
2008-02-08 22:02:00 +00:00
Daniel Stenberg
a2bff51ede include mk-ca-bundle.pl in the tarballs 2008-02-08 09:56:23 +00:00
Gunter Knauf
c764331dd9 use argument to specify output filename if present. 2008-02-08 02:38:12 +00:00
Gunter Knauf
586444b6b8 fixed regex to fetch certdata.txt version since it was replaced by CVS (argh!)
added a switch to display certdata.txt version header.
2008-02-08 01:58:11 +00:00
Gunter Knauf
d76a74cc5e added Perl script to create a fresh ca-bundle.crt. 2008-02-08 01:08:25 +00:00
Daniel Stenberg
1b701c746f - Refactored a lot of timeout code into a few functions in an attempt to make
them all use the same (hopefully correct) logic to make it less error-prone
  and easier to introduce library-wide where it should be used.
2008-02-07 22:25:04 +00:00
Daniel Stenberg
15bf168527 ca-bundle.crt documentational updates that more clearly describe the bundle
ca-bundle.crt file as outdated and in need for replacement by anyone who wants
to verify modern peers as the one we have is from year 2000!
2008-02-07 15:43:36 +00:00
Yang Tse
20e9fc73e2 Fix problem in strdup replacement when dealing with absolutely huge strings. 2008-02-06 19:01:13 +00:00