moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
22,743 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

21 Commits

Author SHA1 Message Date
Gisle Vanem 61825be02b vtls: select ssl backend case-insensitive (follow-up) 
- Do a case-insensitive comparison of CURL_SSL_BACKEND env as well.

- Change Curl_strcasecompare calls to strcasecompare
  (maps to the former but shorter).

Follow-up to c290b8f.

Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313

Co-authored-by: Jay Satiro
 2017-09-06 02:27:33 -04:00
Jay Satiro 0b5665c98a digest_sspi: Don't reuse context if the user/passwd has changed 
Bug: https://github.com/curl/curl/issues/1685
Reported-by: paulharris@users.noreply.github.com

Assisted-by: Isaac Boukris

Closes https://github.com/curl/curl/pull/1742
 2017-08-10 01:40:05 -04:00
klemens f7df67cff0 spelling fixes 
Closes #1356
 2017-03-26 23:56:23 +02:00
Marcel Raad 727917555d
digest_sspi: fix compilation warning 
MSVC complains:
warning C4701: potentially uninitialized local variable 'output_token_len' used
 2017-02-27 13:05:22 +01:00
Jay Satiro af5fbb14bb digest_sspi: Handle 'stale=TRUE' directive in HTTP digest 
- If the server has provided another challenge use it as the replacement
  input token if stale=TRUE. Otherwise previous credentials have failed
  so return CURLE_LOGIN_DENIED.

Prior to this change the stale directive was ignored and if another
challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING.

Ref: https://tools.ietf.org/html/rfc2617#page-10

Bug: https://github.com/curl/curl/issues/928
Reported-by: tarek112@users.noreply.github.com
 2017-02-21 01:04:59 -05:00
Max Khon f77dabefd8 digest_sspi: Fix nonce-count generation in HTTP digest 
- on the first invocation: keep security context returned by
  InitializeSecurityContext()

- on subsequent invocations: use MakeSignature() instead of
  InitializeSecurityContext() to generate HTTP digest response

Bug: https://github.com/curl/curl/issues/870
Reported-by: Andreas Roth

Closes https://github.com/curl/curl/pull/1251
 2017-02-20 00:53:01 -05:00
Max Khon 89b7898846 digest_sspi: copy terminating NUL as well 
Curl_auth_decode_digest_http_message(): copy terminating NUL as later
Curl_override_sspi_http_realm() expects a NUL-terminated string.

Fixes #1180
 2016-12-29 00:21:14 +01:00
Daniel Stenberg 8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Marcel Raad 4f97d9832c
digest_sspi: fix include 
Fix compile break from 811a693b80
 2016-10-31 12:51:27 +01:00
Daniel Stenberg 811a693b80 strcasecompare: all case insensitive string compares ignore locale now 
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
 2016-10-31 08:46:35 +01:00
Steve Holme 43dbd76616 vauth: Added check for supported SSPI based authentication mechanisms 
Completing commit 00417fd66c and 2708d4259b.
 2016-08-21 10:27:09 +01:00
Steve Holme a0f212946b vauth: Introduced Curl_auth_is_<mechansism>_supported() functions 
As Windows SSPI authentication calls fail when a particular mechanism
isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5
and Negotiate to allow both HTTP and SASL authentication the opportunity
to query support for a supported mechanism before selecting it.

For now each function returns TRUE to maintain compatability with the
existing code when called.
 2016-08-18 20:31:20 +01:00
Jay Satiro c5cffce56e vauth: Fix memleak by freeing credentials if out of memory 
This is a follow up to the parent commit dcdd4be which fixes one leak
but creates another by failing to free the credentials handle if out of
memory. Also there's a second location a few lines down where we fail to
do same. This commit fixes both of those issues.
 2016-07-20 22:00:45 -04:00
Saurav Babu dcdd4be352 vauth: Fixed memory leak due to function returning without free 
This patch allocates memory to "output_token" only when it is required
so that memory is not leaked if function returns.
 2016-07-20 23:21:49 +02:00
Daniel Stenberg 434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Viktor Szakats a24f71aac4 URLs: change http to https in many places 
Closes #754
 2016-04-06 11:58:34 +02:00
Steve Holme cbc52ff341 vauth: Corrected a number of typos in comments 
Reported-by: Michael Osipov
 2016-04-06 00:21:07 +01:00
Steve Holme 9feb2676a4 vauth: Removed the need for a separate GSS-API based SPN function 2016-04-03 20:26:03 +01:00
Steve Holme 58a7bc96ec vauth: Refactored function names after move to new vauth directory 
Renamed all the SASL functions that moved to the new vauth directory to
include the correct module name.
 2016-03-25 17:40:12 +00:00
Steve Holme 7d2a5a05f6 vauth: Updated the copyright year after recent changes 
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing changes.
 2016-03-25 17:40:12 +00:00
Steve Holme 51358a3f40 vauth: Moved the DIGEST authentication code to the new vauth directory 2016-03-25 12:05:23 +00:00