Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						dfe0118033 
					 
					
						
						
							
							Mathias Axelsson found a case where we free()d the server certificate twice!  
						
						
						
						
					 
					
						2003-11-15 10:00:20 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						14f795816d 
					 
					
						
						
							
							Georg Horn's fixes to do different CA cert verifications. They can now be  
						
						... 
						
						
						
						done even if the result is ignored, as some sites seem to require that. 
						
						
					 
					
						2003-10-23 07:44:55 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						597c1fe6bc 
					 
					
						
						
							
							rewritten alternative name check  
						
						
						
						
					 
					
						2003-10-16 13:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						c6a0bb99af 
					 
					
						
						
							
							bad license situation for the altname patch  
						
						
						
						
					 
					
						2003-10-15 14:42:11 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						ff5b6ff528 
					 
					
						
						
							
							fixed to build fine without ssl  
						
						
						
						
					 
					
						2003-10-08 13:06:50 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						6494889e3b 
					 
					
						
						
							
							Neil Dunbar provided a patch that now makes libcurl check SSL  
						
						... 
						
						
						
						subjectAltNames when matching certs. This is apparently detailed in RFC2818
  as the right thing to do. I had to add configure checks for inet_pton() and
  our own (strictly speaking, code from BIND written by Paul Vixie) provided
  code for the function for platforms that miss it. 
						
						
					 
					
						2003-10-07 21:46:47 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						481094db90 
					 
					
						
						
							
							warn if no CN is available if verify is only set to 1  
						
						
						
						
					 
					
						2003-09-03 20:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a8c78cbbb0 
					 
					
						
						
							
							CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions so  
						
						... 
						
						
						
						we need to check for its presence in the configure script 
						
						
					 
					
						2003-08-19 09:56:16 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						dafc652f63 
					 
					
						
						
							
							Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()  
						
						... 
						
						
						
						when we cleanup the SSL stuff to not leak any memory.
I wish this was documented anywhere. 
						
						
					 
					
						2003-08-19 07:51:09 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f9c3347f7c 
					 
					
						
						
							
							re-use existing variable instead of declaring a new local one  
						
						
						
						
					 
					
						2003-07-05 13:27:02 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						45fc760985 
					 
					
						
						
							
							Peter Sylvester's patch was applied that introduces the following:  
						
						... 
						
						
						
						CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the
   OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If
   anything but CURLE_OK is returned, that will also be returned by libcurl
   all the way back. If this function changes the CURLOPT_URL, libcurl will
   detect this and instead go use the new URL.
   CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set
   with CURLOPT_SSL_CTX_FUNCTION. 
						
						
					 
					
						2003-07-04 16:29:23 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						308bc9d919 
					 
					
						
						
							
							use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions  
						
						
						
						
					 
					
						2003-06-26 11:22:12 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						d288222e80 
					 
					
						
						
							
							work-around SSL implementation flaws better, pointed out in bug report  
						
						... 
						
						
						
						#745122 . 
					
						2003-06-02 13:27:03 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f213e857ab 
					 
					
						
						
							
							Andy Cedilnik fixed some compiler warnings  
						
						
						
						
					 
					
						2003-05-01 13:37:36 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						0b839c4f77 
					 
					
						
						
							
							return the same error for the sslv2 "certificate verify failed" code  
						
						
						
						
					 
					
						2003-04-14 22:00:36 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						21873b52e9 
					 
					
						
						
							
							Restored the SSL error codes since they was broken in the 7.10.4 release,  
						
						... 
						
						
						
						also now attempt to detect and return the specific CACERT error code. 
						
						
					 
					
						2003-04-14 12:53:29 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						9558f229db 
					 
					
						
						
							
							Fixup after talks with Richard Bramante. We should now make better  
						
						... 
						
						
						
						comparisons before re-using SSL connections and re-using SSL connection IDs. 
						
						
					 
					
						2003-03-31 05:13:26 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						afffce80f0 
					 
					
						
						
							
							Philippe Raoult needed this to build on FreeBSD  
						
						
						
						
					 
					
						2003-03-13 21:41:02 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						8755a6d1ac 
					 
					
						
						
							
							Richard Gorton improved the random_the_seed() function for systems where  
						
						... 
						
						
						
						we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure. 
						
						
					 
					
						2003-03-11 18:55:34 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						9121b1f41d 
					 
					
						
						
							
							the strequal and strnequal should now be called with the proper curl_ prefix  
						
						
						
						
					 
					
						2003-02-28 12:20:08 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a3d3642a30 
					 
					
						
						
							
							spell better  
						
						
						
						
					 
					
						2003-02-27 23:10:38 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						69ab4cd391 
					 
					
						
						
							
							include <sys/socket.h> to compile the fd_set stuff properly on all systems  
						
						
						
						
					 
					
						2003-02-14 09:03:03 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f56d006f93 
					 
					
						
						
							
							Re-arranged the SSL connection code (again). The recent fix was not a very  
						
						... 
						
						
						
						good one. This should work fine again. 
						
						
					 
					
						2003-02-05 07:43:05 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						5d28f3781b 
					 
					
						
						
							
							Improved error reporting in case of bad SSL_connect()s, and we also no  
						
						... 
						
						
						
						longer use the SSL functions that store the error message in a static buffer
since that is not very multi-thread friendly. 
						
						
					 
					
						2003-02-04 12:29:57 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						a7c72b7abf 
					 
					
						
						
							
							removed the local variables for emacs and vim, use the new sample.emacs  
						
						... 
						
						
						
						way for emacs, and vim users should provide a similar non-polluting style 
						
						
					 
					
						2003-01-29 10:14:20 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f26a338a54 
					 
					
						
						
							
							copyright year update in the source header  
						
						
						
						
					 
					
						2003-01-16 21:08:12 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						ca134d5522 
					 
					
						
						
							
							Philippe Raoult's fix to handle wildcard certificate name checks  
						
						
						
						
					 
					
						2003-01-07 16:33:11 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						3aea0d3d68 
					 
					
						
						
							
							Evan Jordan's fix for a memory leak. Bug report 650989.  
						
						
						
						
					 
					
						2002-12-13 14:08:49 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						4bcc866c52 
					 
					
						
						
							
							The fread() callback pointer and associated pointer is now stored in the  
						
						... 
						
						
						
						connectdata struct instead, and is no longer modified within the 'set' struct
as previously (which was a really BAAAD thing). 
						
						
					 
					
						2002-12-09 15:37:54 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						ba4e69bebc 
					 
					
						
						
							
							updated source code boilerplate/header  
						
						
						
						
					 
					
						2002-09-03 11:52:59 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						56c43604d0 
					 
					
						
						
							
							if verifypeer is enabled but nether CAfile nor CApath is, then don't try  
						
						... 
						
						
						
						to load "verify_locations" 
						
						
					 
					
						2002-08-30 12:07:42 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						0e0caf7c06 
					 
					
						
						
							
							CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, we  
						
						... 
						
						
						
						proceed fine with the already existing options, just having a different
internal library default for capath. 
						
						
					 
					
						2002-08-30 11:09:49 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						8b77f40f99 
					 
					
						
						
							
							This fix MIGHT make us build nicely with OpenSSL 0.9.7. This fix is based  
						
						... 
						
						
						
						on a patch from Jacob Meuser, input from Götz Babin-Ebell and my own
browsing of the latest include files. 
						
						
					 
					
						2002-06-10 12:38:10 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						323f195036 
					 
					
						
						
							
							ASN1 files don't work for the *chain_file(), make them use the previous  
						
						... 
						
						
						
						version 
						
						
					 
					
						2002-05-21 08:15:42 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						fe3ba1dd11 
					 
					
						
						
							
							Roland Zimmermann's hint, we use SSL_CTX_use_certificate_chain_file() instead  
						
						... 
						
						
						
						of the previous one that used SSL_CTX_use_certificate_file() 
						
						
					 
					
						2002-05-20 14:25:35 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						974f314f57 
					 
					
						
						
							
							copyright string (year) update  
						
						
						
						
					 
					
						2002-03-19 07:54:55 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						5b58e61f28 
					 
					
						
						
							
							now re-seed by force (even if already seeded) if a random file or egd socket  
						
						... 
						
						
						
						is given 
						
						
					 
					
						2002-01-30 08:17:23 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						f114caca90 
					 
					
						
						
							
							- T. Bharath pointed out that we seed SSL on every connect, which is a time-  
						
						... 
						
						
						
						consuming operation that should only be needed to do once. We patched
  libcurl to now only seed on the first connect when unseeded. The seeded
  status is global so it'll now only happen once during a program's life time. 
						
						
					 
					
						2002-01-29 14:11:38 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						eba8035e12 
					 
					
						
						
							
							Richard Archer made it compile and build with OpenSSL versions prior to  
						
						... 
						
						
						
						0.9.5 
						
						
					 
					
						2002-01-17 10:40:13 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						d84a0c51e0 
					 
					
						
						
							
							Cris Bailiff found out that when the SSL session cache was filled, libcurl  
						
						... 
						
						
						
						would crash. This corrects the problem. 
						
						
					 
					
						2002-01-09 09:38:37 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						d57e09889a 
					 
					
						
						
							
							added a missing failf() before returning an error code  
						
						
						
						
					 
					
						2002-01-08 23:23:24 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						d3299beec7 
					 
					
						
						
							
							Modified to use non-blocking sockets all the time.  
						
						
						
						
					 
					
						2002-01-07 18:38:01 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						af6c394785 
					 
					
						
						
							
							Götz Babin-Ebell's OpenSSL ENGINE patch  
						
						
						
						
					 
					
						2001-12-17 23:01:39 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						e192261788 
					 
					
						
						
							
							failf() calls should not have newlines in the message string!  
						
						
						
						
					 
					
						2001-12-11 13:13:01 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						b8ff21124a 
					 
					
						
						
							
							Samuel Listopad's fix to allow global_init => global_cleanup => global_init  
						
						... 
						
						
						
						for ssl 
						
						
					 
					
						2001-11-14 07:11:39 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						2f77b0a4c6 
					 
					
						
						
							
							we can now tell ssl to use TLSv1 protocol, and we now use defines instead  
						
						... 
						
						
						
						of real integers for versions, the defines are added to curl.h 
						
						
					 
					
						2001-11-05 14:06:42 +00:00 
						 
				 
			
				
					
						
							
							
								Sterling Hughes 
							
						 
					 
					
						
						
							
						
						8e91d5de8e 
					 
					
						
						
							
							looks nicer and is better compatible with older vim versions  
						
						
						
						
					 
					
						2001-10-11 09:32:19 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						645413f5ef 
					 
					
						
						
							
							Lots of praise and glory to Vojtech Minarik for setting up a test server  
						
						... 
						
						
						
						and providing me with test-certificates that helped me nail the problem with
curl not discovering with a bad certificate was used. 
						
						
					 
					
						2001-09-19 21:49:11 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						1fde1431c9 
					 
					
						
						
							
							narrowed some source lines to fit in 80 cols  
						
						
						
						
					 
					
						2001-09-12 08:14:35 +00:00 
						 
				 
			
				
					
						
							
							
								Daniel Stenberg 
							
						 
					 
					
						
						
							
						
						db7bde1d7a 
					 
					
						
						
							
							added ability to set prefered list of ciphers  
						
						
						
						
					 
					
						2001-09-11 22:21:02 +00:00