Commit Graph

3902 Commits

Author SHA1 Message Date
Daniel Stenberg
296046510b serios info leakage! 2003-08-03 21:33:25 +00:00
Daniel Stenberg
db9f87f697 When proxy authentication is used in a CONNECT request (as used for all SSL
connects and otherwise enforced tunnel-thru-proxy requests), the same
authentication header is also wrongly sent to the remote host.

The name and password can then be captured by an evil host and possibly get
used for malicious purposes.
2003-08-02 23:36:35 +00:00
Daniel Stenberg
3270ea55dd updated as the second proxy-auth header was a proof of a serious info leak
bug!!
2003-08-02 23:35:59 +00:00
Daniel Stenberg
a358ac24f4 Joerg Mueller-Tolk fixed a minor mistake 2003-08-01 14:20:48 +00:00
Daniel Stenberg
8bedd43b28 recent action 2003-08-01 12:33:19 +00:00
Daniel Stenberg
9ea2087ede David Byron's makefile fix to allow 7.10.6 to build fine using VC 2003-08-01 07:53:27 +00:00
Daniel Stenberg
9f7c634133 add a check for 'ar' since the lack of it bit Jared Ingersoll
we might need to check for some other tools too that on Solaris are put
in those weird dirs...
2003-07-30 15:10:26 +00:00
Daniel Stenberg
da20d68a12 removed silly target that only works when building from CVS 2003-07-30 14:26:36 +00:00
Daniel Stenberg
d3e512c738 Jörg Müller-Tolk updated this to build fine with 7.10.6 2003-07-30 14:19:44 +00:00
Daniel Stenberg
339f84fe1f ftp proxy support would be nice 2003-07-30 13:41:59 +00:00
Daniel Stenberg
2d41b735ec updated to match the recent ftp patch that makes it check for resumability 2003-07-30 07:52:02 +00:00
Daniel Stenberg
e3b4dd08ff Daniel Noguerol made the ftp code output "Accept-Ranges: bytes" in similar
style like other faked HTTP headers when NOBODY and HEADER are used.
2003-07-30 07:51:33 +00:00
Daniel Stenberg
6809a906bb Make sure to generate an uncompressed hugehelp.c file for inclusion in
the distribution archive, as it isn't sure zlib is present everywhere. Those
who care much for compressed help should regenerate the file.
2003-07-30 07:33:41 +00:00
Daniel Stenberg
1c35cbcc07 Reverted the 'filetime' struct field back to a 'long' as time_t is sometimes
unsigned and we want this to be able to hold -1 for illegal/unset values.
2003-07-30 07:22:28 +00:00
Daniel Stenberg
5f8989a436 CURLDEBUG not MALLOCDEBUG 2003-07-29 11:07:38 +00:00
Daniel Stenberg
aa7b0648ff Fixes based on Gisle Vanem's input since this script failed due to
possibly crlf newlines.
2003-07-28 23:00:56 +00:00
Daniel Stenberg
2fbe61960f Digest *OR* Basic authorization test 2003-07-28 22:17:37 +00:00
Daniel Stenberg
bdb5e5a250 7.10.6 2003-07-28 12:13:48 +00:00
Daniel Stenberg
48a580e609 clear http->send_buffer when we have freed the memory it pointed to 2003-07-28 10:21:57 +00:00
Daniel Stenberg
1361fc69b9 updated to the new ftp dir parsing code that allows a preceeding double
slash
2003-07-28 09:02:15 +00:00
Daniel Stenberg
93352e56d8 As noticed by Kevin Roth, we shall not speak of root dir when it isn't
necessarily the root...
2003-07-28 08:53:12 +00:00
Daniel Stenberg
d9246ff24d François Pons brought a patch that once again made curl deal with ftp and
"double slash" as indicating the root directory. In the RFC1738-fix of April
30, that ability was removed (since it is not the "right" way).
2003-07-28 08:50:02 +00:00
Daniel Stenberg
9301bc3444 use the correct 'test71' file name for the temp file 2003-07-28 08:23:46 +00:00
Daniel Stenberg
76352c4e2d got a bug report on -F in config files, so I wrote up this test to verify
that is works... and it did! ;-)
2003-07-28 08:21:07 +00:00
Daniel Stenberg
428f41bd12 having it in CVS causes us problems *grrr* 2003-07-25 09:46:07 +00:00
Daniel Stenberg
99c32e460f Andrés García updated with the added files etc 2003-07-25 08:59:55 +00:00
Daniel Stenberg
83f249cf65 With an unknown CA path, we undef the variable. To build properly without
SSL/CA.
2003-07-25 08:47:34 +00:00
Daniel Stenberg
2c2baa93ea only check for CA bundle path if build with SSL support
set a conditional for the makefile if we know the CA path or not
2003-07-25 08:47:10 +00:00
Daniel Stenberg
f0278ca114 Removed #include <sys/resource.h>, as pointed out by Henry Bland we don't
need it.
2003-07-25 08:30:58 +00:00
Daniel Stenberg
297b1b5013 the test compared numericly if though it could contain a string, and I
lowered the number of retries to 10
2003-07-23 17:28:36 +00:00
Daniel Stenberg
e9f63bf4e8 When we re-use an existing connection we must make sure that we don't
accidentally re-use the connect_addr field, as that might no longer be
around. Fix verified by Tracy Boehrer who basicly debugged and tracked down
this problem.
2003-07-23 17:06:21 +00:00
Daniel Stenberg
556ce1c6a1 minor code style fix 2003-07-23 12:55:24 +00:00
Daniel Stenberg
cc4ff62681 Split out the changes from the year 2002 into a separate file, named
CHANGES.2002.
2003-07-23 11:59:20 +00:00
Daniel Stenberg
0423fd9b55 SSLCERTS was moved into the docs/ directory 2003-07-23 11:39:05 +00:00
Daniel Stenberg
789ab20bf7 moved SSLCERTS into the docs/ directory 2003-07-23 11:38:19 +00:00
Daniel Stenberg
b47462bd68 Daniel Kouril's fix to make the GSS-Negotiate work fine. 2003-07-23 11:28:59 +00:00
Daniel Stenberg
1a94fee42d Juan F. Codagnone's fixes to build properly on Windows again 2003-07-23 08:21:21 +00:00
Daniel Stenberg
a91ce6a5d6 Plain default version of this file, to allow users to build easier from
CVS. This will be updated by the configure script, and a default is placed
here by the maketgz script.
2003-07-23 08:11:28 +00:00
Daniel Stenberg
981ffd9fce reversed the check for GSSAPI when request that auth 2003-07-22 11:15:46 +00:00
Daniel Stenberg
e76c960624 CURLDEBUG, not MALLOCDEBUG 2003-07-22 10:00:37 +00:00
Daniel Stenberg
416c92cc6f More support for NTLM on proxies, now proxy state and nonce is stored in
a separate struct properly.
2003-07-22 09:59:36 +00:00
Daniel Stenberg
fb731eb3e7 The NTLM functions now take a 'proxy' argument as well. 2003-07-22 09:58:57 +00:00
Daniel Stenberg
6f2a4d290f Added a separate struct for the proxyntlm data, as it will/can be different
than the remote server's. That is, both the server and the proxy can in
fact require NTLM auth.
2003-07-22 09:58:18 +00:00
Daniel Stenberg
cefc8ba938 CURLDEBUG is the symbol now 2003-07-22 09:57:09 +00:00
Daniel Stenberg
d0bd644eef Don't depend on the TIME_WITH_SYS_TIME define. win32 doesn't have sys/time.h
and I don't think we need it.
2003-07-22 08:23:16 +00:00
Daniel Stenberg
071c95128e moved the proxyuser and proxypasswd fields from the sessionhandle to the
connectdata to work as expected
2003-07-21 13:16:30 +00:00
Daniel Stenberg
1a192c489b adjusted to support NTLM for proxies 2003-07-21 13:16:01 +00:00
Daniel Stenberg
56014e74a0 krb4-fixes for the moved user+password fields within the structs 2003-07-21 09:19:48 +00:00
Daniel Stenberg
172271498d pre4-commit 2003-07-21 08:25:31 +00:00
Daniel Stenberg
f2882cb88c pre4 2003-07-21 08:25:21 +00:00