Steve Holme
58e39b4da5
ntlm_core: Added consistent comments to DES functions
2015-01-28 22:34:51 +00:00
Steve Holme
300876a7a6
des: Added Curl_des_set_odd_parity()
...
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
2015-01-28 22:34:49 +00:00
Steve Holme
595a66ce0f
sasl: Minor code policing and grammar corrections
2015-01-28 19:23:37 +00:00
Gisle Vanem
3cc9e9383b
ldap: build with BoringSSL
2015-01-28 14:22:11 +01:00
Daniel Stenberg
9d964e5477
security: avoid compiler warning
...
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
Patrick Monnerat
7b2012f262
sasl: remove XOAUTH2 from default enabled authentication mechanism.
2015-01-27 18:08:18 +01:00
Patrick Monnerat
fe79f20957
imap: remove automatic password setting: it breaks external sasl authentication
2015-01-27 17:34:40 +01:00
Patrick Monnerat
0d24f64473
sasl: implement EXTERNAL authentication mechanism.
...
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
2015-01-27 17:24:55 +01:00
Steve Holme
e1bb13c09f
openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
...
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
2015-01-27 12:53:41 +00:00
Steve Holme
a268a804b7
openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
...
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
2015-01-27 12:47:48 +00:00
Brad Spencer
5691325440
curl_setup: Disable SMB/CIFS support when HTTP only
2015-01-26 18:48:44 +00:00
Daniel Stenberg
23c6f0a344
OCSP stapling: disabled when build with BoringSSL
2015-01-22 23:34:43 +01:00
Alessandro Ghedini
d1cf5d5706
openssl: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
e888e30476
BoringSSL: fix build for non-configure builds
...
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Steve Holme
12e45b8462
curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
...
Commit 7a8b2885e2
made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
2015-01-22 21:32:41 +00:00
Steve Holme
c260c9fad3
curl_sasl: Minor code policing following recent commits
2015-01-22 21:08:18 +00:00
Daniel Stenberg
eb748f159a
BoringSSL: detected by configure, switches off NTLM
2015-01-22 16:39:01 +01:00
Daniel Stenberg
d6c4695dcd
BoringSSL: no PKCS12 support nor ERR_remove_state
2015-01-22 16:39:01 +01:00
Leith Bade
261208d432
BoringSSL: fix build
2015-01-22 16:39:01 +01:00
Steve Holme
795f013006
curl_sasl.c: chlglen is not used when cryptography is disabled
2015-01-20 19:28:54 +00:00
Steve Holme
71f8fdee81
curl_sasl.c: Fixed compilation warning when cyptography is disabled
...
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
2015-01-20 19:25:43 +00:00
Steve Holme
6005b0d99c
curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
...
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20 19:24:47 +00:00
Patrick Monnerat
7a8b2885e2
SASL: make some procedures local-scoped
2015-01-20 18:17:55 +01:00
Patrick Monnerat
79543caf90
SASL: common state engine for imap/pop3/smtp
2015-01-20 17:33:05 +01:00
Patrick Monnerat
e1ea18f90e
SASL: common URL option and auth capabilities decoders for all protocols
2015-01-20 15:27:25 +01:00
Patrick Monnerat
5f09cbcdbd
IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
2015-01-20 14:14:26 +01:00
Daniel Stenberg
960b04e137
ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
...
Reported-by: Chris Young
2015-01-20 09:03:55 +01:00
Chris Young
089783c838
timeval: typecast for better type (on Amiga)
...
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
2015-01-20 08:53:14 +01:00
Daniel Stenberg
be57f689b0
openssl: do public key pinning check independently
...
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
2015-01-19 23:20:13 +01:00
Steve Holme
2cc571f9e3
ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
...
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
1cbc8fd3d1
http_negotiate: Use dynamic buffer for SPN generation
...
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
2015-01-18 15:45:12 +00:00
Steve Holme
9c4fa400cf
sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
2015-01-18 15:42:26 +00:00
Steve Holme
b9fd757d03
sasl_gssapi: Fixed memory leak with local SPN variable
2015-01-18 15:40:07 +00:00
Daniel Stenberg
3a9419f65a
http_negotiate.c: unused variable 'ret'
2015-01-17 23:14:40 +01:00
Steve Holme
1d25acb038
gskit.h: Code policing of function pointer arguments
2015-01-17 17:02:01 +00:00
Steve Holme
5d5c78b47f
vtls: Removed unimplemented overrides of curlssl_close_all()
...
Carrying on from commit 037cd0d991
, removed the following unimplemented
instances of curlssl_close_all():
Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
2015-01-17 16:41:03 +00:00
Steve Holme
8bb3443a21
vtls: Separate the SSL backend definition from the API setup
...
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
2015-01-17 15:38:22 +00:00
Steve Holme
30ef1a0779
vtls: Fixed compilation errors when SSL not used
...
Fixed the following warning and error from commit 3af90a6e19
when SSL
is not being used:
url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
assuming extern returning int
error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
referenced in function Curl_setopt
2015-01-17 15:16:07 +00:00
Steve Holme
81b98dafa1
http_negotiate: Added empty decoded challenge message info text
2015-01-17 14:58:36 +00:00
Steve Holme
47438daa60
http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
2015-01-17 14:57:17 +00:00
Steve Holme
36e6404228
http_negotiate_sspi: Prefer use of 'attrs' for context attributes
...
Use the same variable name as other areas of SSPI code.
2015-01-17 13:28:44 +00:00
Steve Holme
930be07067
http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
...
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
2015-01-17 13:28:03 +00:00
Steve Holme
30eb6bbdc9
http_negotiate_sspi: Use 'CURLcode result' for CURL result code
2015-01-17 13:15:09 +00:00
Steve Holme
a2f8887b79
curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
...
Missed Curl_read64_be() in commit bb12d44471
:(
2015-01-16 23:01:27 +00:00
Daniel Stenberg
a4065ebf1c
copyright years: after OCSP stapling changes
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f46c6fbee0
nss: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires NSS 3.15 or higher.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f13669a375
gtls: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
3af90a6e19
url: add CURLOPT_SSL_VERIFYSTATUS option
...
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
Steve Holme
bb12d44471
curl_endian: Fixed build when 64-bit integers are not supported
...
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
2015-01-16 12:31:24 +00:00
Daniel Stenberg
cc28bc472e
Curl_pretransfer: reset expected transfer sizes
...
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
2015-01-14 23:31:57 +01:00
Marc Hoersken
e9834808e9
curl_schannel.c: mark session as removed from cache if not freed
...
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.
Reported-by: Jean-Francois Durand
2015-01-12 21:56:05 +01:00
Guenter Knauf
d21b66835f
Merge pull request #134 from vszakats/mingw-m64
...
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-09 22:03:12 +01:00
Guenter Knauf
4e58589b0e
Merge pull request #136 from vszakats/mingw-allow-custom-cflags
...
mingw build: allow to pass custom CFLAGS
2015-01-09 22:02:23 +01:00
Daniel Stenberg
e6b4b4b66d
NSS: fix compiler error when built http2-enabled
2015-01-09 21:55:52 +01:00
Steve Holme
355bf01c82
gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
...
Better code reuse and consistency in calls to gss_import_name().
2015-01-09 20:37:47 +00:00
Viktor Szakats
b4f13a4952
mingw build: allow to pass custom CFLAGS
2015-01-09 21:03:54 +01:00
Daniel Stenberg
99e71e6a84
FTP: if EPSV fails on IPV6 connections, bail out
...
... instead of trying PASV, since PASV can't work with IPv6.
Reported-by: Vojtěch Král
2015-01-08 22:32:37 +01:00
Daniel Stenberg
9a452ba3a1
FTP: fix IPv6 host using link-local address
...
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.
Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.
Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2015-01-08 22:32:37 +01:00
Guenter Knauf
c712fe01a9
NetWare build: added TLS-SRP enabled build.
2015-01-08 21:40:35 +01:00
Steve Holme
5c0e66d632
sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
...
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
2015-01-08 19:36:58 +00:00
Viktor Szakats
acc8089bc2
add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-08 18:19:03 +01:00
Daniel Stenberg
4ce22c607b
darwinssl: fix session ID keys to only reuse identical sessions
...
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.
Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
2015-01-07 22:55:56 +01:00
Daniel Stenberg
178bd7db34
url-parsing: reject CRLFs within URLs
...
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
2015-01-07 22:55:56 +01:00
Steve Holme
f7d5ecec9c
ldap: Convert attribute output to UTF-8 when Unicode
2015-01-07 20:01:29 +00:00
Steve Holme
4e420600c1
ldap: Convert DN output to UTF-8 when Unicode
2015-01-07 20:01:27 +00:00
Daniel Stenberg
9547954978
hostip: remove 'stale' argument from Curl_fetch_addr proto
...
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
2015-01-07 14:06:12 +00:00
Steve Holme
4626f31d0e
ldap/imap: Fixed spelling mistake in comments and variable names
...
Reported-by: Michael Osipov
2015-01-07 13:50:56 +00:00
Dan Fandrich
39217edb12
curl_multibyte.h: Eliminated some trailing whitespace
2015-01-05 10:08:08 +01:00
Steve Holme
ea93252ef1
ldap: Fixed Unicode usage for all Win32 builds
...
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
2015-01-04 22:19:30 +00:00
Steve Holme
f6b168de4c
ldap: Fixed memory leak from commit efb64fdf80
2015-01-04 20:33:58 +00:00
Steve Holme
4113ad50e4
ldap: Fix memory leak from commit 3a805c5cc1
2015-01-04 20:06:04 +00:00
Steve Holme
c37dcf0edb
ldap: Fixed attribute variable warnings when Unicode is enabled
...
Use 'TCHAR *' for local attribute variable rather than 'char *'.
2015-01-04 16:25:17 +00:00
Steve Holme
5359936d07
ldap: Fixed DN variable warnings when Unicode is enabled
...
Use 'TCHAR *' for local DN variable rather than 'char *'.
2015-01-04 16:21:13 +00:00
Steve Holme
ea4f98dca6
ldap: Remove the unescape_elements() function
...
Due to the recent modifications this function is no longer used.
2015-01-04 16:11:36 +00:00
Steve Holme
f9b50910e0
ldap.c: Fixed compilation warning
...
ldap.c:98: warning: extra tokens at end of #endif directive
2015-01-04 16:11:08 +00:00
Steve Holme
84143dc57d
ldap: Fixed support for Unicode filter in Win32 search call
2015-01-04 15:16:22 +00:00
Steve Holme
747bad7c09
ldap.c: Fixed compilation warning
...
ldap.c:802: warning: comparison between signed and unsigned integer
expressions
2015-01-04 15:16:21 +00:00
Steve Holme
3a805c5cc1
ldap: Fixed support for Unicode attributes in Win32 search call
2015-01-04 14:27:51 +00:00
Steve Holme
7241527956
ldap: Fixed memory leak from commit efb64fdf80
...
The unescapped DN was not freed after a successful character conversion.
2015-01-04 14:21:29 +00:00
Steve Holme
825b0c7968
ldap.c: Fixed compilation error
...
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
just 1
2015-01-04 13:16:20 +00:00
Steve Holme
2948954535
ldap.c: Fixed compilation warning
...
ldap.c:89: warning: extra tokens at end of #endif directive
2015-01-04 13:04:06 +00:00
Steve Holme
efb64fdf80
ldap: Fixed support for Unicode DN in Win32 search call
2015-01-04 12:10:26 +00:00
Steve Holme
6416dc998b
ldap: Fixed Unicode user and password in Win32 bind calls
2015-01-04 01:57:09 +00:00
Steve Holme
0f26148423
ldap: Fixed Unicode host name in Win32 initialisation calls
2015-01-04 01:56:08 +00:00
Steve Holme
f460f12c9d
ldap: Use host.dispname for infof() connection failure messages
...
As host.name may be encoded use dispname for infof() failure messages.
2015-01-04 00:30:55 +00:00
Steve Holme
23bb054129
ldap: Prefer 'CURLcode result' for curl result codes
2015-01-03 18:46:32 +00:00
Steve Holme
d4b540f85a
ldap: Pass write length in all Curl_client_write() calls
...
As we get the length for the DN and attribute variables, and we know
the length for the line terminator, pass the length values rather than
zero as this will save Curl_client_write() from having to perform an
additional strlen() call.
2015-01-03 18:46:31 +00:00
Steve Holme
4967109ffc
ldap: Fixed attribute memory leaks on failed client write
...
Fixed memory leaks from commit 086ad79970
as was noted in the commit
comments.
2015-01-03 18:46:30 +00:00
Steve Holme
a68aa81320
ldap: Fixed DN memory leaks on failed client write
...
Fixed memory leaks from commit 086ad79970
as was noted in the commit
comments.
2015-01-03 18:46:28 +00:00
Steve Holme
0ea9381b7d
curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
...
curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
[8]') to parameter of type 'char *' converts
between pointers to integer types with different
sign
2015-01-02 21:14:36 +00:00
Steve Holme
1cb17b2a5d
ntlm: Use extend_key_56_to_64() for all cryptography engines
...
Rather than duplicate the code in setup_des_key() for OpenSSL and in
extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
the same, use extend_key_56_to_64() for all engines.
2015-01-02 20:17:05 +00:00
Steve Holme
34f0bd110f
curl_ntlm_core.c: Fixed compilation warning
...
curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
but not used
2015-01-02 16:28:03 +00:00
Steve Holme
a75ede4b9b
endian: Fixed bit-shift in 64-bit integer read functions
...
From commit 43792592ca
and 4bb5a351b2
.
Reported-by: Michael Osipov
2015-01-02 15:53:42 +00:00
Steve Holme
a3daf542ad
smb: Use endian functions for reading NBT and message size values
2015-01-01 20:48:05 +00:00
Steve Holme
4bb5a351b2
endian: Added big endian read functions
2015-01-01 20:45:29 +00:00
Steve Holme
43792592ca
endian: Added 64-bit integer read function
2015-01-01 20:45:00 +00:00
Steve Holme
7635577ad7
smb.c: Fixed compilation warnings
...
smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
char *' converts between pointers to integer types with
different sign
smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
char *' converts between pointers to integer types with
different sign
smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
char *' converts between pointers to integer types with
different sign
2015-01-01 04:56:16 +00:00
Steve Holme
0df2ed85fd
smb: Use endian functions for reading length and offset values
2014-12-31 16:52:12 +00:00
Steve Holme
5eae12fc80
endian: Added 16-bit integer write function
2014-12-31 16:03:01 +00:00
Steve Holme
b40e37f93d
endian: Fixed Linux compilation issues
...
Having files named endian.[c|h] seemed to cause issues under Linux so
renamed them both to have the curl_ prefix in the filenames.
2014-12-31 14:02:25 +00:00