Commit Graph

59 Commits

Author SHA1 Message Date
Daniel Stenberg
b40b989523 I simplified the SSL session id re-use code now to *always* ditch the previous
one and store the current one, as it makes the code less complex and I'm not
even sure I can check for the same session id using memcmp() like that.
2009-05-05 08:33:29 +00:00
Daniel Stenberg
915dfb494e - Inspired by Michael Smith's session id fix for OpenSSL, I did the
corresponding fix in the GnuTLS code: make sure to store the new session id
  in case the re-used one is rejected.
2009-05-04 22:20:09 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Daniel Stenberg
12bfcb501c - Andre Guibert de Bruet fixed the gnutls-using code: There are a few places
in the gnutls code where we were checking for negative values for errors,
  when the man pages state that GNUTLS_E_SUCCESS is returned on success and
  other values indicate error conditions.
2009-03-08 22:52:05 +00:00
Daniel Stenberg
d207ea1652 - As Daniel Fandrich figured out, we must do the GnuTLS initing in the
curl_global_init() function to properly maintain the performing functions
  thread-safe. We've previously (28 April 2007) moved the init to a later time
  just to avoid it to fail very early when libgcrypt dislikes the situation,
  but that move was bad and the fix should rather be in libgcrypt or
  elsewhere.
2009-02-25 12:51:17 +00:00
Dan Fandrich
9a4c887c4a Added support for Digest and NTLM authentication using GnuTLS. 2009-02-12 20:48:40 +00:00
Dan Fandrich
9aac2328c6 Made an array static const 2008-11-18 09:11:34 +00:00
Dan Fandrich
e5084c1eca Added #include "rawstr.h" 2008-11-18 08:53:51 +00:00
Daniel Stenberg
4cbc0f6c2e - Rainer Canavan filed bug #2255627
(http://curl.haxx.se/bug/view.cgi?id=2255627) which pointed out that a
  program using libcurl's multi interface to download a HTTPS page with a
  libcurl built powered by OpenSSL, would easily get silly and instead hand
  over SSL details as data instead of the actual HTTP headers and body. This
  happened because libcurl would consider the connection handshake done too
  early. This problem was introduced at September 22nd 2008 with my fix of the
  bug #2107377

  The correct fix is now instead done within the GnuTLS-handling code, as both
  the OpenSSL and the NSS code already deal with this situation in similar
  fashion. I added test case 560 in an attempt to verify this fix, but
  unfortunately it didn't trigger it even before this fix!
2008-11-11 22:19:27 +00:00
Daniel Stenberg
9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg
a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Daniel Stenberg
3940e69c91 fix warning in GnuTLS build by making sure Curl_gtls_send() takes a const
void *
2008-06-10 21:53:59 +00:00
Daniel Stenberg
621c2b9015 - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 20:52:32 +00:00
Daniel Stenberg
3fe8251dfb - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 18:40:21 +00:00
Gunter Knauf
9682c2037e Added support for server name indication (RFC 4366).
Patch submitted by Kaspar Brand.
2008-02-26 10:30:13 +00:00
Daniel Stenberg
74241e7d85 - Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
forces it to prefer SSLv3.
2008-02-25 07:51:39 +00:00
Daniel Stenberg
9019fc5671 oops, fixed to build 2008-02-20 10:01:28 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Daniel Stenberg
55700cb01f - We no longer support setting the CURLOPT_URL option from inside a callback
such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location:
  following. The patch that introduced this feature was done for 7.11.0, but
  this code and functionality has been broken since about 7.15.4 (March 2006)
  with the introduction of non-blocking OpenSSL "connects".

  It was a hack to begin with and since it doesn't work and hasn't worked
  correctly for a long time and nobody has even noticed, I consider it a very
  suitable subject for plain removal. And so it was done.
2008-02-20 08:28:02 +00:00
Daniel Stenberg
550d6f74b9 oops, that was debug code not meant to be committed like this... 2008-02-16 13:44:23 +00:00
Daniel Stenberg
f7b71c2abe fix warnings about shadowing 2008-02-16 13:41:55 +00:00
Daniel Stenberg
e78652d850 - Made the gnutls code path not even try to get the server cert if no peer
verification is requested. Previously it would even return failure if gnutls
  failed to get the server cert even though no verification was asked for.

- Fix my Curl_timeleft() leftover mistake in the gnutls code
2008-02-15 22:37:00 +00:00
Daniel Stenberg
4c841a1f0c - Mike Hommey filed and fixed bug report #1889856
(http://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl
  layer, cleaning-up and reinitializing curl ends up with https requests
  failing with "ASN1 parser: Element was not found" errors. Obviously a
  regression added in 7.16.3.
2008-02-08 22:02:00 +00:00
Daniel Stenberg
1b701c746f - Refactored a lot of timeout code into a few functions in an attempt to make
them all use the same (hopefully correct) logic to make it less error-prone
  and easier to introduce library-wide where it should be used.
2008-02-07 22:25:04 +00:00
Daniel Stenberg
cbd1a77ec2 if () => if()
while () => while()
and some other minor re-indentings
2007-11-07 09:21:35 +00:00
Daniel Stenberg
ce81cd21d3 I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.
2007-10-03 08:07:50 +00:00
Dan Fandrich
9f44a95522 Renamed several libcurl error codes and options to make them more general
and allow reuse by multiple protocols. Several unused error codes were
removed.  In all cases, macros were added to preserve source (and binary)
compatibility with the old names.  These macros are subject to removal at
a future date, but probably not before 2009.  An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.

Documented some newer error codes in libcurl-error(3)
2007-08-30 20:34:57 +00:00
Patrick Monnerat
d994fcf2b1 Remove leading space in curl_version_info ss_version field. 2007-08-24 09:06:17 +00:00
Daniel Stenberg
50c10aa5bf Patrick Monnerat and I modified libcurl so that now it *copies* all strings
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
2007-08-01 21:20:01 +00:00
Daniel Stenberg
f1fa7b8ba4 Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
2007-07-29 12:54:05 +00:00
Dan Fandrich
4a2f0fb2be Made some const arrays static to avoid unnecessary stack usage. 2007-07-20 00:41:12 +00:00
Daniel Stenberg
4b1782c371 7.16.4 preps 2007-07-10 21:36:30 +00:00
Daniel Stenberg
503557e5ce Peter O'Gorman fixed libcurl to not init GnuTLS as early as we did before,
since it then inits libgcrypt and libgcrypt is being evil and EXITS the
application if it fails to get a fine random seed. That's really not a nice
thing to do by a library.
2007-04-28 21:01:30 +00:00
Daniel Stenberg
cea9695bcf Daniel Black filed bug #1704675 (http://curl.haxx.se/bug/view.cgi?id=1704675)
identifying a double-free problem in the SSL-dealing layer, telling GnuTLS to
free NULL credentials on closedown after a failure and a bad #ifdef for NSS
when closing down SSL.
2007-04-21 21:32:31 +00:00
Yang Tse
d58c7a8bdd Update message 2007-03-27 18:16:35 +00:00
Yang Tse
fba4cd0e62 Internal function Curl_select() renamed to Curl_socket_ready() 2007-03-26 23:23:46 +00:00
Gisle Vanem
c514a2a89a Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-files
since they're already included through "setup.h".
2007-02-26 04:24:26 +00:00
Linus Nielsen Feltzing
2f5e99ca02 New FTP CCC functionality - adds passive and active mode to accomodate for different server behaviour 2007-02-20 22:02:11 +00:00
Daniel Stenberg
ec1b351317 fixed code to compile and removed one warning 2007-02-19 11:47:04 +00:00
Yang Tse
a1d5983991 use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handling 2007-02-16 18:19:35 +00:00
Daniel Stenberg
91386937ff - Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MS
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the
  timeouts with millisecond resolution instead. The only restriction to that
  is the alarm() (sometimes) used to abort name resolves as that uses full
  seconds. I fixed the FTP response timeout part of the patch.

  Internally we now count and keep the timeouts in milliseconds but it also
  means we multiply set timeouts with 1000. The effect of this is that no
  timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
  equals 24.86 days.  We probably couldn't before either since the code did
  *1000 on the timeout values on several places already.
2007-02-05 22:51:32 +00:00
Daniel Stenberg
4750e6f3c5 - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.
2007-01-05 23:11:14 +00:00
Daniel Stenberg
fcccf9aa0d Brendan Jurd provided a fix that now prevents libcurl from getting a SIGPIPE
during certain conditions when GnuTLS is used.
2006-12-16 21:33:51 +00:00
Daniel Stenberg
be0d17e812 cleaned up Curl_write() and the sub functions it uses for various protocols.
They all now return ssize_t to Curl_write().

Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
Daniel Stenberg
4e717cdb30 Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-21 11:32:05 +00:00
Gisle Vanem
455087faae Use gnutls_strerror() for clearer error message. 2006-08-16 17:05:54 +00:00
Daniel Stenberg
9bece2b313 additional renames of Curl_ourerrno => Curl_sockerrno 2006-05-05 10:24:27 +00:00
Daniel Stenberg
758f6eed51 Mark Eichin submitted bug report #1480821
(http://curl.haxx.se/bug/view.cgi?id=1480821) He found and identified a
problem with how libcurl dealt with GnuTLS and a case where gnutls returned
GNUTLS_E_AGAIN indicating it would block. It would then return an unexpected
return code, making Curl_ssl_send() confuse the upper layer - causing random
28 bytes trash data to get inserted in the transfered stream.

The proper fix was to make the Curl_gtls_send() function return the proper
return codes that the callers would expect. The Curl_ossl_send() function
already did this.
2006-05-04 06:00:40 +00:00
Daniel Stenberg
7e81c35cdc to build with old gnutls verions, don't use the *_t types 2005-11-13 23:04:28 +00:00
Daniel Stenberg
5e3836055f Dima Barsky patched problem #1348930: the GnuTLS code completely ignored
client certificates! (http://curl.haxx.se/bug/view.cgi?id=1348930).
2005-11-11 23:20:07 +00:00