moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
19,301 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

263 Commits

Author SHA1 Message Date
Kyle L. Huff 211f1e3c6b cyassl: remove undefined reference to CyaSSL_no_filesystem_verify 
CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.
 2015-03-27 23:31:12 +01:00
Jay Satiro e7a289ebb9 vtls: Don't accept unknown CURLOPT_SSLVERSION values 2015-03-27 09:32:23 +01:00
Daniel Stenberg 5b58bface3 polarssl: called mbedTLS in 1.3.10 and later 2015-03-25 09:19:57 +01:00
Daniel Stenberg 83b29e43cd polarssl: remove dead code 
and simplify code by changing if-elses to a switch()

CID 1291706: Logically dead code. Execution cannot reach this statement
 2015-03-25 09:01:11 +01:00
Daniel Stenberg 24908c12d7 polarssl: remove superfluous for(;;) loop 
"unreachable: Since the loop increment is unreachable, the loop body
will never execute more than once."

Coverity CID 1291707
 2015-03-25 08:49:34 +01:00
Daniel Stenberg 4e299192ed Curl_ssl_md5sum: return CURLcode 
... since the funciton can fail on OOM. Check this return code.

Coverity CID 1291705.
 2015-03-25 08:32:12 +01:00
Jay Satiro e35f2e61ec cyassl: default to highest possible TLS version 
(cyassl_connect_step1)
- Use TLS 1.0-1.2 by default when available.

CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
version.

cyassl/cyassl@322f79f
 2015-03-25 08:10:24 +01:00
Jay Satiro d29f8b460c cyassl: Check for invalid length parameter in Curl_cyassl_random 2015-03-25 08:08:12 +01:00
Jay Satiro ec31962640 cyassl: If wolfSSL then identify as such in version string 2015-03-25 08:08:12 +01:00
Dan Fandrich 35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded 
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
 2015-03-24 23:47:01 +01:00
Daniel Stenberg ac2827ac09 openssl: do the OCSP work-around for libressl too 
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
 2015-03-24 23:39:52 +01:00
Daniel Stenberg bd9ac3cff2 openssl: verifystatus: only use the OCSP work-around <= 1.0.2a 
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini
 2015-03-24 23:06:37 +01:00
Daniel Stenberg 7e6ca87a72 openssl: adapt to ASN1/X509 things gone opaque in 1.1 2015-03-24 22:59:33 +01:00
Dan Fandrich 56ae66d518 vtls: fix compile with --disable-crypto-auth but with SSL 
This is a strange combination of options, but is allowed.
 2015-03-24 21:41:22 +01:00
Dan Fandrich 430006c5e2 cyassl: include version.h to ensure the version macros are defined 2015-03-23 10:10:03 +01:00
Nick Zitzmann 7f5a170442 darwinsssl: add support for TLS False Start 
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
 2015-03-21 12:22:56 -05:00
Daniel Stenberg ed429b72d7 gtls: add check of return code 
Coverity CID 1291167 pointed out that 'rc' was received but never used when
gnutls_credentials_set() was used. Added return code check now.
 2015-03-21 16:53:43 +01:00
Daniel Stenberg fea13a17d8 gtls: dereferencing NULL pointer 
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
NULL if gnutls_certificate_get_peers() had previously failed.
 2015-03-21 16:53:23 +01:00
Daniel Stenberg 5f6f9e8b59 gtls: avoid uninitialized variable. 
Coverity CID 1291166 pointed out that we could read this variable
uninitialized.
 2015-03-21 16:53:09 +01:00
Daniel Stenberg b734518371 nss: error: unused variable 'connssl' 2015-03-21 15:47:03 +01:00
Dan Fandrich 6779c50e26 cyassl: use new library version macro when available 2015-03-20 23:49:53 +01:00
Alessandro Ghedini 185914fd31 nss: add support for TLS False Start 2015-03-20 20:14:35 +01:00
Alessandro Ghedini 4dcd25e138 url: add CURLOPT_SSL_FALSESTART option 
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
 2015-03-20 20:14:33 +01:00
Alessandro Ghedini a332922a52 gtls: implement CURLOPT_CERTINFO 2015-03-20 19:03:53 +01:00
Alessandro Ghedini 8854f8d45a openssl: try to avoid accessing OCSP structs when possible 2015-03-20 15:36:05 +01:00
Dan Fandrich 9e66d3f4d3 axtls: version 1.5.2 now requires that config.h be manually included 2015-03-19 10:11:17 +01:00
Kamil Dudka e3fbdc7c8a nss: explicitly tell NSS to disable NPN/ALPN 
... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
 2015-03-18 19:43:14 +01:00
Daniel Stenberg 2dc1a5ce93 checksrc: detect and remove space before trailing semicolons 2015-03-17 14:06:48 +01:00
Daniel Stenberg 9395999543 checksrc: use space after comma 2015-03-17 13:57:37 +01:00
Markus Elfring 29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free" 
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
 2015-03-16 12:13:56 +01:00
Daniel Stenberg 186e46d88d openssl: use colons properly in the ciphers list 
While the previous string worked, this is the documented format.

Reported-by: Richard Moore
 2015-03-12 23:29:46 +01:00
Daniel Stenberg 0d1060f21e openssl: sort the ciphers on strength 
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
 2015-03-12 23:16:28 +01:00
Daniel Stenberg 1d3f1a80d0 openssl: show the cipher selection to use 2015-03-12 15:53:45 +01:00
Alessandro Ghedini fa895f2aa2 gtls: correctly align certificate status verification messages 2015-03-10 15:48:34 +01:00
Alessandro Ghedini a6a264ef2c gtls: don't print double newline after certificate dates 2015-03-10 15:20:03 +01:00
Alessandro Ghedini 3a757fddbb gtls: print negotiated TLS version and full cipher suite name 
Instead of priting cipher and MAC algorithms names separately, print the
whole cipher suite string which also includes the key exchange algorithm,
along with the negotiated TLS version.
 2015-03-10 15:18:14 +01:00
Daniel Stenberg d9973eaeb8 gtls: fix compiler warnings 2015-03-10 15:16:59 +01:00
Alessandro Ghedini 5a1614cecd gtls: add support for CURLOPT_CAPATH 2015-03-10 15:03:54 +01:00
Daniel Stenberg 00ea0e7db0 http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* 
Since they already exist and will make comparing easier
 2015-03-07 11:10:30 +01:00
Alessandro Ghedini adb4e41a1a polarssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini 42bc45be8e nss: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini 870a67e01f gtls: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini 2e9494b15d openssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Daniel Stenberg 709cf76f6b openssl: remove all uses of USE_SSLEAY 
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
 2015-03-05 10:57:52 +01:00
Daniel Stenberg 8aabbf5f8c vtls: use curl_printf.h all over 
No need to use _MPRINTF_REPLACE internally.
 2015-03-03 23:17:43 +01:00
Kamil Dudka 4909f7c795 nss: do not skip Curl_nss_seed() if data is NULL 
In that case, we only skip writing the error message for failed NSS
initialization (while still returning the correct error code).
 2015-02-25 10:23:07 +01:00
Kamil Dudka 7a1538d9cc nss: improve error handling in Curl_nss_random() 
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
 2015-02-25 10:23:06 +01:00
Alessandro Ghedini 63b4b8c7bd nss: fix NPN/ALPN protocol negotiation 
Correctly check for memcmp() return value (it returns 0 if the strings match).

This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.
 2015-02-19 23:09:12 +01:00
Alessandro Ghedini 633b3895d7 polarssl: fix ALPN protocol negotiation 
Correctly check for strncmp() return value (it returns 0 if the strings
match).
 2015-02-19 23:07:40 +01:00
Alessandro Ghedini 676ac46ff5 gtls: fix build with HTTP2 2015-02-19 19:00:51 +01:00