generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
18,439 Commits 5 Branches 157 Tags
Commit Graph

7659 Commits

Author SHA1 Message Date
Steve Holme
9c5f851ec9 ntlm: Use 'CURLcode result' 
Continuing commit 0eb3d15ccb more return code variable name changes.
 2014-10-26 09:14:10 +00:00
Steve Holme
3fe5b462f7 ntlm: Only define ntlm data structure when USE_NTLM is defined 2014-10-25 22:36:49 +01:00
Steve Holme
28ff8babad ntlm: Changed handles to be dynamic like other SSPI handles 
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
 2014-10-25 14:16:06 +01:00
Steve Holme
f9f212fb93 ntlm: Renamed handle variables to match other SSPI structures 
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
 2014-10-25 14:15:57 +01:00
Steve Holme
df97ab3e5f ntlm: Renamed SSPI based input token variables 
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
 2014-10-25 14:15:48 +01:00
Steve Holme
c18329cef6 ntlm: We prefer 'CURLcode result' 
Continuing commit 0eb3d15ccb more return code variable name changes.
 2014-10-25 14:06:21 +01:00
Nick Zitzmann
bd87aec5a7 darwinssl: detect possible future removal of SSLv3 from the framework 
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
 2014-10-24 18:59:13 -05:00
Patrick Monnerat
3ca560439c gskit.c: remove SSLv3 from SSL default. 2014-10-24 16:08:21 +02:00
Patrick Monnerat
897ef500e5 gskit.c: use 'CURLcode result' 2014-10-24 15:16:05 +02:00
Jay Satiro
ec783dc142 SSL: Remove SSLv3 from SSL default due to POODLE attack 
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.

- Update CURLOPT_SSLVERSION doc
 2014-10-24 13:41:56 +02:00
Daniel Stenberg
2b04257491 pipelining: only output "is not blacklisted" in debug builds 2014-10-24 11:12:34 +02:00
Daniel Stenberg
fb6e8a5aa4 url.c: use 'CURLcode result' 2014-10-24 08:51:04 +02:00
Daniel Stenberg
0eb3d15ccb code cleanup: we prefer 'CURLcode result' 
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

 if(result) or if(!result)

instead of

 if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
 2014-10-24 08:23:19 +02:00
Daniel Stenberg
1752e9c088 Curl_add_timecondition: skip superfluous varible assignment 
Detected by cppcheck.
 2014-10-24 08:23:19 +02:00
Daniel Stenberg
65db980106 Curl_pp_flushsend: skip superfluous assignment 
Detected by cppcheck.
 2014-10-24 08:23:19 +02:00
Daniel Stenberg
8e34d3f9ef Curl_pp_readresp: remove superfluous assignment 
Variable already assigned a few lines up.

Detected by cppcheck.
 2014-10-24 08:23:19 +02:00
Daniel Stenberg
5b73f35761 Curl_proxyCONNECT: remove superfluous statement 
The variable is already assigned, skip the duplicate assignment.

Pointed out by cppcheck.
 2014-10-24 08:23:19 +02:00
Guenter Knauf
ede9884c59 Added MinGW support to build with nghttp2. 2014-10-24 04:22:04 +02:00
Guenter Knauf
4b7d499e64 Some cosmetics and simplifies. 2014-10-23 16:27:40 +02:00
Guenter Knauf
2be6941f42 Remove dependency on openssl and cut. 
Prefer usage of Perl modules for sha1 calculation since there
might be systems where openssl is not installed or not in path.
If openssl is used for sha1 calculation then dont rely on cut
since it is usually not available on other systems than Linux.
 2014-10-23 15:22:56 +02:00
Daniel Stenberg
9f5744a72f gnutls: removed dead code 
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
 2014-10-23 10:01:58 +02:00
Daniel Stenberg
e36115d688 Curl_rand: Uninitialized variable: r 
This is not actually used uninitialized but we silence warnings.

Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
 2014-10-23 10:01:36 +02:00
Kamil Dudka
0aecdf6828 nss: reset SSL handshake state machine 
... when the handshake succeeds

This fixes a connection failure when FTPS handle is reused.
 2014-10-20 18:55:51 +02:00
Steve Holme
fa9f5ed982 ntlm: Fixed empty type-2 decoded message info text 
Updated the info text when the base-64 decode of the type-2 message
returns a null buffer to be more specific.
 2014-10-16 20:30:08 +01:00
Steve Holme
72147c62f7 ntlm: Fixed empty/bad base-64 decoded buffer return codes 2014-10-16 20:24:56 +01:00
Steve Holme
7a91296f1d ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token 2014-10-16 20:19:33 +01:00
Steve Holme
d4ea51734e sasl_sspi: Fixed some typos 2014-10-15 21:58:30 +01:00
Steve Holme
2ae142e663 sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO 2014-10-15 21:24:10 +01:00
Bruno Thomsen
3621045631 mk-ca-bundle: added SHA-384 signature algorithm 
Certificates based on SHA-1 are being phased out[1].
So we should expect a rise in certificates based on SHA-2.
Adding SHA-384 as a valid signature algorithm.

[1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/

Signed-off-by: Bruno Thomsen <bth@kamstrup.dk>
 2014-10-15 13:23:22 +02:00
Patrick Monnerat
473322ec66 Implement pinned public key in GSKit backend 2014-10-14 14:58:26 +02:00
Daniel Stenberg
628290b5e6 cleanups: reduce variable scope 
cppcheck pointed these out.
 2014-10-14 09:44:06 +02:00
Daniel Stenberg
c2d5f2ef98 singleipconnect: remove dead assignment never used 
cppcheck pointed this out.
 2014-10-14 09:16:28 +02:00
Daniel Stenberg
9d64ab7d5a pinning: minor code style policing 2014-10-13 22:22:49 +02:00
Patrick Monnerat
357ff4d1dc Factorize pinned public key code into generic file handling and backend specific 2014-10-13 18:34:51 +02:00
Patrick Monnerat
265b9a2e49 vtls: remove QsoSSL 2014-10-13 16:33:47 +02:00
Patrick Monnerat
ec8330b21d gskit: supply dummy randomization function 2014-10-13 15:02:58 +02:00
Patrick Monnerat
8fdf832e5f vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation 2014-10-13 14:39:50 +02:00
Daniel Stenberg
6637b237e6 vtls: have vtls.h include the backend header files 
It turned out some features were not enabled in the build since for
example url.c #ifdefs on features that are defined on a per-backend
basis but vtls.h didn't include the backend headers.

CURLOPT_CERTINFO was one such feature that was accidentally disabled.
 2014-10-09 22:34:34 +02:00
Jakub Zakrzewski
a3154295c5 Cmake: Got rid of setup_curl_dependencies 
There is no need for such function. Include_directories propagate by
themselves and having a function with one simple link statement makes
little sense.
 2014-10-09 13:48:30 +02:00
Kamil Dudka
9e37a7f9a5 nss: do not fail if a CRL is already cached 
This fixes a copy-paste mistake from commit 2968f957.
 2014-10-08 17:31:04 +02:00
Daniel Stenberg
b74205d022 FormAdd: precaution against memdup() of NULL pointer 
Coverity CID 252518. This function is in general far too complicated for
its own good and really should be broken down into several smaller
funcitons instead - but I'm adding this protection here now since it
seems there's a risk the code flow can end up here and dereference a
NULL pointer.
 2014-10-08 13:53:41 +02:00
Daniel Stenberg
87c8e00b7a do_sec_send: remove dead code 
Coverity CID 1241951. The condition 'len >= 0' would always be true at
that point and thus not necessary to check for.
 2014-10-08 12:48:06 +02:00
Daniel Stenberg
b90f6e87cf krb5_encode: remove unused argument 
Coverity CID 1241957. Removed the unused argument. As this struct and
pointer now are used only for krb5, there's no need to keep unused
function arguments around.
 2014-10-08 12:25:07 +02:00
moparisthebest
e644866caf GnuTLS: Implement public key pinning 2014-10-07 14:55:39 +02:00
moparisthebest
93e450793c SSL: implement public key pinning 
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
 2014-10-07 14:44:19 +02:00
Daniel Stenberg
d1b56d0043 multi_runsingle: fix possible memory leak 
Coverity CID 1202837. 'newurl' can in fact be allocated even when
Curl_retry_request() returns failure so free it if need be.
 2014-10-07 13:57:13 +02:00
Daniel Stenberg
6352df87b1 ares::Curl_resolver_cancel: skip checking for NULL conn 
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
the subsequent statement would dereference it!
 2014-10-07 13:33:43 +02:00
Daniel Stenberg
4bc31df3e4 ssh_statemach_act: split out assignment from check 
just a minor code style thing to make the code clearer
 2014-10-06 08:49:43 +02:00
Marc Hoersken
330346d51c curl_schannel.c: Fixed possible memory or handle leak 
First try to fix possible memory leaks, in this case:
Only connssl->ctxt xor onnssl->cred being initialized.
 2014-10-04 18:24:23 +02:00
Daniel Stenberg
793ac8035c choose_mech: fix return code 
Coverity CID 1241950. The pointer is never NULL but it might point to
NULL.
 2014-10-04 15:37:42 +02:00