Gisle Vanem
3cc9e9383b
ldap: build with BoringSSL
2015-01-28 14:22:11 +01:00
Daniel Stenberg
9d964e5477
security: avoid compiler warning
...
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
Daniel Stenberg
153e9c0278
runtests: identify BoringSSL and libressl
2015-01-28 10:10:59 +01:00
Patrick Monnerat
980ba2202c
docs: cite SASL external authentication.
2015-01-27 19:10:18 +01:00
Patrick Monnerat
7b2012f262
sasl: remove XOAUTH2 from default enabled authentication mechanism.
2015-01-27 18:08:18 +01:00
Patrick Monnerat
ed9a4b9fc4
test: add test cases for sasl external authentication (imap/pop3/smtp).
2015-01-27 18:03:56 +01:00
Patrick Monnerat
fe79f20957
imap: remove automatic password setting: it breaks external sasl authentication
2015-01-27 17:34:40 +01:00
Patrick Monnerat
0d24f64473
sasl: implement EXTERNAL authentication mechanism.
...
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
2015-01-27 17:24:55 +01:00
Steve Holme
e1bb13c09f
openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
...
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
2015-01-27 12:53:41 +00:00
Steve Holme
a268a804b7
openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
...
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
2015-01-27 12:47:48 +00:00
Brad Spencer
5691325440
curl_setup: Disable SMB/CIFS support when HTTP only
2015-01-26 18:48:44 +00:00
Steve Holme
db6bcbd83f
RELEASE-NOTES: Synced with 37824498a3
2015-01-23 07:57:09 +00:00
Daniel Stenberg
37824498a3
configure: remove detection of the old yassl emulation API
...
... as that is ancient history and not used.
2015-01-22 23:53:52 +01:00
Daniel Stenberg
23c6f0a344
OCSP stapling: disabled when build with BoringSSL
2015-01-22 23:34:43 +01:00
Alessandro Ghedini
d1cf5d5706
openssl: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
e888e30476
BoringSSL: fix build for non-configure builds
...
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Daniel Stenberg
3d5648f9ee
configure: fix BoringSSL detection and detect libresssl
2015-01-22 22:52:53 +01:00
Steve Holme
12e45b8462
curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
...
Commit 7a8b2885e2
made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
2015-01-22 21:32:41 +00:00
Steve Holme
c260c9fad3
curl_sasl: Minor code policing following recent commits
2015-01-22 21:08:18 +00:00
John Malmberg
731e6a6662
openvms: Handle openssl/0.8.9zb version parsing
...
packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version. That assumption has been fixed for 7.40.
2015-01-22 17:00:25 +01:00
Daniel Stenberg
eb748f159a
BoringSSL: detected by configure, switches off NTLM
2015-01-22 16:39:01 +01:00
Daniel Stenberg
d6c4695dcd
BoringSSL: no PKCS12 support nor ERR_remove_state
2015-01-22 16:39:01 +01:00
Leith Bade
261208d432
BoringSSL: fix build
2015-01-22 16:39:01 +01:00
Steve Holme
795f013006
curl_sasl.c: chlglen is not used when cryptography is disabled
2015-01-20 19:28:54 +00:00
Steve Holme
71f8fdee81
curl_sasl.c: Fixed compilation warning when cyptography is disabled
...
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
2015-01-20 19:25:43 +00:00
Steve Holme
6005b0d99c
curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
...
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20 19:24:47 +00:00
Patrick Monnerat
7a8b2885e2
SASL: make some procedures local-scoped
2015-01-20 18:17:55 +01:00
Patrick Monnerat
79543caf90
SASL: common state engine for imap/pop3/smtp
2015-01-20 17:33:05 +01:00
Patrick Monnerat
e1ea18f90e
SASL: common URL option and auth capabilities decoders for all protocols
2015-01-20 15:27:25 +01:00
Patrick Monnerat
5f09cbcdbd
IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
2015-01-20 14:14:26 +01:00
Daniel Stenberg
960b04e137
ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
...
Reported-by: Chris Young
2015-01-20 09:03:55 +01:00
Chris Young
089783c838
timeval: typecast for better type (on Amiga)
...
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
2015-01-20 08:53:14 +01:00
Daniel Stenberg
be57f689b0
openssl: do public key pinning check independently
...
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
2015-01-19 23:20:13 +01:00
Patrick Monnerat
fca58f6212
OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.
2015-01-19 13:52:40 +01:00
Steve Holme
2cc571f9e3
ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
...
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
1cbc8fd3d1
http_negotiate: Use dynamic buffer for SPN generation
...
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
2015-01-18 15:45:12 +00:00
Steve Holme
9c4fa400cf
sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
2015-01-18 15:42:26 +00:00
Steve Holme
b9fd757d03
sasl_gssapi: Fixed memory leak with local SPN variable
2015-01-18 15:40:07 +00:00
Daniel Stenberg
3a9419f65a
http_negotiate.c: unused variable 'ret'
2015-01-17 23:14:40 +01:00
Steve Holme
1d25acb038
gskit.h: Code policing of function pointer arguments
2015-01-17 17:02:01 +00:00
Steve Holme
5d5c78b47f
vtls: Removed unimplemented overrides of curlssl_close_all()
...
Carrying on from commit 037cd0d991
, removed the following unimplemented
instances of curlssl_close_all():
Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
2015-01-17 16:41:03 +00:00
Steve Holme
8bb3443a21
vtls: Separate the SSL backend definition from the API setup
...
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
2015-01-17 15:38:22 +00:00
Steve Holme
30ef1a0779
vtls: Fixed compilation errors when SSL not used
...
Fixed the following warning and error from commit 3af90a6e19
when SSL
is not being used:
url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
assuming extern returning int
error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
referenced in function Curl_setopt
2015-01-17 15:16:07 +00:00
Steve Holme
81b98dafa1
http_negotiate: Added empty decoded challenge message info text
2015-01-17 14:58:36 +00:00
Steve Holme
47438daa60
http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
2015-01-17 14:57:17 +00:00
Steve Holme
36e6404228
http_negotiate_sspi: Prefer use of 'attrs' for context attributes
...
Use the same variable name as other areas of SSPI code.
2015-01-17 13:28:44 +00:00
Steve Holme
930be07067
http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
...
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
2015-01-17 13:28:03 +00:00
Steve Holme
30eb6bbdc9
http_negotiate_sspi: Use 'CURLcode result' for CURL result code
2015-01-17 13:15:09 +00:00
Steve Holme
a2f8887b79
curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
...
Missed Curl_read64_be() in commit bb12d44471
:(
2015-01-16 23:01:27 +00:00
Daniel Stenberg
b2c01f02d5
CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0
2015-01-16 23:41:50 +01:00