1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

328 Commits

Author SHA1 Message Date
Andrei Benea
fb80a0a082 Fix a buffer overflow in pubkey_show(). 2011-04-14 23:02:29 +02:00
Daniel Stenberg
c66b0b32fb OpenSSL: no-sslv2 aware
Allow openSSL without SSL2 to be used. This fix is inspired by the fix
provided by Cristian Rodríguez.

Reported by: Cristian Rodríguez
2011-04-10 19:14:22 +02:00
Peter Sylvester
2531cd94a5 TSL-SRP: enabled with OpenSSL
If a new enough OpenSSL version is used, configure detects the TLS-SRP
support and enables it.
2011-03-25 23:09:28 +01:00
Dan Fandrich
61fc9044c7 Call ERR_peek_error instead of ERR_peek_last_error
The latter isn't available in older OpenSSL versions, and is
less useful since it returns the most recent error instead of
the first one encountered.
2011-02-10 12:29:34 -08:00
Bjoern Sikora
0e9626ba39 ssluse: improved error message on SSL_CTX_new failures
"SSL: couldn't create a context" really isn't that helpful, now it'll
also extract an explanation from OpenSSL and append to the right.
2011-02-02 18:25:57 +01:00
Darshan Mody
03be2c99ba Fixed compile using OpenSSL versions < 0.9.4a 2011-01-20 12:11:22 -08:00
Daniel Stenberg
adb49ad8bb Curl_timeleft: s/conn/data in first argument
As the function doesn't really use the connectdata struct but only the
SessionHanadle struct I modified what argument it wants.
2011-01-04 23:13:10 +01:00
Daniel Stenberg
c0c89cd44e get_cert_chain: support larger data sets
512 bytes turned out too short for some data, so now we allocate a
larger buffer instead

Bug: http://curl.haxx.se/mail/archive-2011-01/0002.html
2011-01-04 10:20:28 +01:00
Daniel Stenberg
ae29142198 pubkey_show: allocate buffer to fit any-size result
The loop condition was wrong so keys larger than 340 bits would overflow
the local stack-based buffer.
2011-01-01 15:33:57 +01:00
Daniel Stenberg
2dded8fedb ossl_seed: no more RAND_screen
RAND_screen() is slow, not thread-safe and not needed anymore since OpenSSL
uses the thread-safe win32 CryptoAPI nowadays.
2010-12-23 14:36:07 +01:00
Heinrich Ko
315e5277dc ossl_connect_common: detect connection re-use
ossl_connect_common() now checks whether or not 'struct
connectdata->state' is equal 'ssl_connection_complete' and if so, will
return CURLE_OK with 'done' set to 'TRUE'. This check prevents
ossl_connect_common() from creating a new ssl connection on an existing
ssl session which causes openssl to fail when it tries to parse an
encrypted TLS packet since the cipher data was effectively thrown away
when the new ssl connection was created.

Bug: http://curl.haxx.se/mail/lib-2010-11/0169.html
2010-12-06 14:41:18 +01:00
Yang Tse
dc3e7df1c9 fix compiler warning 2010-11-08 04:03:11 +01:00
Daniel Stenberg
87374a47c9 Revert: use Host: name for SNI and cert name checks
This reverts commit b0fd03f5b8,
4b2fbe1e97, afecd1aa13, 68cde058f6
2010-11-05 10:25:58 +01:00
Daniel Stenberg
b0fd03f5b8 certcheck: use the custom Host: name for checks
If you use a custom Host: name in a request to a SSL server, libcurl
will now use that given name when it verifies the server certificate to
be correct rather than using the host name used in the actual URL.
2010-11-04 15:18:35 +01:00
Daniel Stenberg
4b2fbe1e97 SNI: simplify the custom host name use
The redirect check is already done at the position where the customhost
field is assigned so there's no point in doing that a second time.
2010-11-04 15:16:27 +01:00
Daniel Stenberg
afecd1aa13 host: get the custom Host: name more genericly
When given a custom host name in a Host: header, we can use it for
several different purposes other than just cookies, so we rename it and
use it for SSL SNI etc.
2010-11-04 14:58:15 +01:00
Hongli Lai (Phusion)
68cde058f6 SNI: set name to custom Host header
OpenSSL SNI host name should be set to the custom Host header, if the
user provided one.
2010-11-04 14:10:56 +01:00
Daniel Stenberg
aca67e2775 ssluse: removed redundant check that is always true 2010-09-12 16:29:04 +02:00
Daniel Stenberg
811fcccfc9 multi: fix FTPS connecting the data connection with OpenSSL
Commit 496002ea1c (released in 7.20.1) broke FTPS when using the
multi interface and OpenSSL was used. The condition for the non-blocking
connect was incorrect.

Reported by: Georg Lippitsch
Bug: http://curl.haxx.se/mail/lib-2010-07/0270.html
2010-08-01 23:50:46 +02:00
Constantine Sapuntzakis
a0dd9df9ab OpenSSL: fix spurious SSL connection aborts
Was seeing spurious SSL connection aborts using libcurl and
OpenSSL. I tracked it down to uncleared error state on the
OpenSSL error stack - patch attached deals with that.

Rough idea of problem:

Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.

ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error

ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old
error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE.

ssluse.c returns an error and aborts the connection

Solution:

Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.

Notes:

This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same
thread.
2010-06-05 23:41:58 +02:00
Daniel Stenberg
77cfeadfa6 OpenSSL: multi interface handshake could hang
John-Mark Bell filed bug #3000052 that identified a problem (with
an associated patch) with the OpenSSL handshake state machine
when the multi interface is used:

Performing an https request using a curl multi handle and using
select or epoll to wait for events results in a hang. It appears
that the cause is the fix for bug #2958179, which makes
ossl_connect_common unconditionally return from the step 2 loop
when fetching from a multi handle.

When ossl_connect_step2 has completed, it updates
connssl->connecting_state to ssl_connect_3. ossl_connect_common
will then return to the caller, as a multi handle is in
use. Eventually, the client code will call curl_multi_fdset to
obtain an updated fdset to select or epoll on. For https
requests, curl_multi_fdset will cause https_getsock to be called.
https_getsock will only return a socket handle if the
connecting_state is ssl_connect_2_reading or
ssl_connect_2_writing.  Therefore, the client will never obtain a
valid fdset, and thus not drive the multi handle, resulting in a
hang.

(http://curl.haxx.se/bug/view.cgi?id=3000052)
2010-05-14 22:35:08 +02:00
Howard Chu
bc8fc9803f sendrecv: make them two pairs of send/recv to properly deal with FTPS
FTP(S) use two connections that can be set to different recv and
send functions independently, so by introducing recv+send pairs
in the same manner we already have sockets/connections we can
work with FTPS fine.

This commit fixes the FTPS regression introduced in change d64bd82.
2010-05-11 22:48:38 +02:00
Howard Chu
d64bd82bdc sendrecv: split the I/O handling into private handler
Howard Chu brought the bulk work of this patch that properly
moves out the sending and recving of data to the parts of the
code that are properly responsible for the various ways of doing
so.

Daniel Stenberg assisted with polishing a few bits and fixed some
minor flaws in the original patch.

Another upside of this patch is that we now abuse CURLcodes less
with the "magic" -1 return codes and instead use CURLE_AGAIN more
consistently.
2010-05-07 15:05:34 +02:00
Kamil Dudka
ff8711135e refactorize interface of Curl_ssl_recv/Curl_ssl_send 2010-04-04 23:37:18 +02:00
Daniel Stenberg
2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Daniel Stenberg
6bf071df7e - Andrei Benea filed bug report #2956698 and pointed out that the
CURLOPT_CERTINFO feature leaked memory due to a missing OpenSSL function
  call. He provided the patch to fix it too.

  http://curl.haxx.se/bug/view.cgi?id=2956698
2010-03-02 13:41:18 +00:00
Daniel Stenberg
496002ea1c - Wesley Miaw reported bug #2958179 which identified a case of looping during
OpenSSL based SSL handshaking even though the multi interface was used and
  there was no good reason for it.

  http://curl.haxx.se/bug/view.cgi?id=2958179
2010-03-01 21:59:07 +00:00
Yang Tse
12d01bc5f7 - avoid OpenSSL 0.9.8 ENGINE_by_id memory leak
- cleanup parenthesis usage in return statements
2010-02-05 09:33:36 +00:00
Yang Tse
d65cf7889b fix printf-style format strings 2010-01-28 15:34:18 +00:00
Daniel Stenberg
552c3de357 - Johan van Selst found and fixed a OpenSSL session ref count leak:
ossl_connect_step3() increments an SSL session handle reference counter on
  each call. When sessions are re-used this reference counter may be
  incremented many times, but it will be decremented only once when done (by
  Curl_ossl_session_free()); and the internal OpenSSL data will not be freed
  if this reference count remains positive. When a session is re-used the
  reference counter should be corrected by explicitly calling
  SSL_SESSION_free() after each consecutive SSL_get1_session() to avoid
  introducing a memory leak.

  (http://curl.haxx.se/bug/view.cgi?id=2926284)
2010-01-08 23:45:23 +00:00
Daniel Stenberg
10a11e3abe - David Byron fixed Curl_ossl_cleanup to actually call ENGINE_cleanup when
available.
2009-12-17 13:29:41 +00:00
Daniel Stenberg
3b1de97eaa minor indent change 2009-12-10 20:19:56 +00:00
Yang Tse
59939313f8 Make usage of calloc()'s arguments consistent with rest of code base 2009-11-18 10:33:54 +00:00
Yang Tse
3b8d7fddf7 Client certificate ENG file type requires OpenSSL 0.9.7 or newer 2009-11-15 12:58:50 +00:00
Yang Tse
a8ddd6ce31 OpenSSL 0.9.7 or newer required for ENGINE_CTRL_GET_CMD_FROM_NAME definition 2009-11-14 11:33:49 +00:00
Daniel Stenberg
9c49e51f7e - Camille Moncelier added support for the file type SSL_FILETYPE_ENGINE for
the client certificate. It also disable the key name test as some engines
  can select a private key/cert automatically (When there is only one key
  and/or certificate on the hardware device used by the engine)
2009-11-14 07:53:34 +00:00
Gunter Knauf
6daede08cb we only need to call ASN1_STRING_length() if ASN1_STRING_type() detects UTF-8,
else ASN1_STRING_to_UTF8() returns the string length.
2009-10-14 02:32:27 +00:00
Daniel Stenberg
e3d623f190 - Chris Mumford filed bug report #2861587
(http://curl.haxx.se/bug/view.cgi?id=2861587) identifying that libcurl used
  the OpenSSL function X509_load_crl_file() wrongly and failed if it would
  load a CRL file with more than one certificate within. This is now fixed.
2009-09-25 18:09:38 +00:00
Yang Tse
c7c84e7420 fix compiler warning: end-of-loop code not reached 2009-09-25 13:05:36 +00:00
Yang Tse
37489a855f fix compiler warning: variable "sni" was set but never used 2009-09-24 13:24:08 +00:00
Daniel Stenberg
250ba99498 - Sven Anders reported that we introduced a cert verfication flaw for OpenSSL-
powered libcurl in 7.19.6. If there was a X509v3 Subject Alternative Name
  field in the certficate it had to match and so even if non-DNS and non-IP
  entry was present it caused the verification to fail.
2009-09-16 20:44:18 +00:00
Gunter Knauf
68f7d5b8d3 add cast to silent compiler warning with 64bit systems. 2009-08-29 04:34:44 +00:00
Gunter Knauf
e8baa332d7 fix shadow definition of outp. 2009-08-29 04:26:02 +00:00
Daniel Stenberg
e73fe837a8 - Peter Sylvester made the HTTPS test server use specific certificates for
each test, so that the test suite can now be used to actually test the
  verification of cert names etc. This made an error show up in the OpenSSL-
  specific code where it would attempt to match the CN field even if a
  subjectAltName exists that doesn't match. This is now fixed and verified
  in test 311.
2009-08-11 21:48:58 +00:00
Daniel Stenberg
35eb9fc6ad avoid possible NULL dereference caused by my previous fix 2009-08-03 14:07:57 +00:00
Daniel Stenberg
781b82baf5 Reverted the zero-byte-in-name check to instead rely on the fact that strlen
and the name length differ in those cases and thus leave the matching function
unmodified from before, as the matching functions never have to bother with
the zero bytes in legitimate cases. Peter Sylvester helped me realize that
this fix is slightly better as it leaves more code unmodified and makes the
detection a bit more obvious in the code.
2009-08-03 08:45:19 +00:00
Daniel Stenberg
0b66efac9c Extended my embedded-zero-in-cert-name fix based on a comment from Scott
Cantor. My previous attempt was half-baked and didn't cover the normal CN
case.
2009-08-02 22:34:00 +00:00
Daniel Stenberg
6d891d2a3b - Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
  now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
  shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
  Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
  option for SNI, or are we simply not using it?
2009-08-01 22:11:58 +00:00
Daniel Stenberg
c0e8bed5bf - Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
  verification flaw found and exploited by Moxie Marlinspike. The presentation
  he did at Black Hat is available here:
  https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike

  Apparently at least one CA allowed a subjectAltName or CN that contain a
  zero byte, and thus clients that assumed they would never have zero bytes
  were exploited to OK a certificate that didn't actually match the site. Like
  if the name in the cert was "example.com\0theatualsite.com", libcurl would
  happily verify that cert for example.com.

  libcurl now better use the length of the extracted name, not assuming it is
  zero terminated.
2009-08-01 21:56:59 +00:00
Daniel Stenberg
0dce2ff8a0 - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
  agreed that moving it to the global_init() function is a decent way to deal
  with this situation.
2009-08-01 11:09:02 +00:00
Daniel Stenberg
9b5c00a664 From: Johan van Selst
"you replaced the old SSLeay_add_ssl_algorithms() call
with OpenSSL_add_all_algorithms(), however unlike the name suggests,
the second function is not a superset of the first. When using SSL
both these functions will need to be called in order to offer complete
functionality"
2009-07-27 18:31:48 +00:00
Daniel Stenberg
b347a7a96e - Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed
out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm,
  and provided the solution too: to use OpenSSL_add_all_algorithms() instead
  of the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
  OpenSSL 0.9.5
2009-07-26 17:33:36 +00:00
Daniel Stenberg
9cb68c6e32 - Modified the separators used for CURLOPT_CERTINFO in multi-part outputs. I
don't know how they got wrong in the first place, but using this output
  format makes it possible to quite easily separate the string into an array
  of multiple items.
2009-06-29 20:45:42 +00:00
Daniel Stenberg
352177090f - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
2009-06-10 21:26:11 +00:00
Daniel Stenberg
eecb713616 - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check
for a failure properly.
2009-05-27 21:15:38 +00:00
Daniel Stenberg
bf085e2c4b - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile
fine with Nokia 5th edition 1.0 SDK for Symbian.
2009-05-27 21:11:11 +00:00
Daniel Stenberg
a16cca7680 - Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.
2009-05-04 21:57:14 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Yang Tse
9cc6ab3922 use HAVE_LIMITS_H symbol to protect limits.h inclusion 2009-04-14 13:50:32 +00:00
Yang Tse
2c27e24bb4 include <limits.h> for INT_MAX definition 2009-04-14 13:26:06 +00:00
Yang Tse
c382c550e7 fix compiler warning: implicit conversion shortens 64-bit value into a 32-bit value 2009-04-14 12:53:53 +00:00
Yang Tse
c621546bd6 fix compiler warning: implicit conversion shortens 64-bit value into a 32-bit value 2009-04-13 07:18:39 +00:00
Yang Tse
0211e420ed fix compiler warning: passing arg 1 of `sk_num' from incompatible pointer type 2009-04-03 12:08:32 +00:00
Daniel Stenberg
f4e8c406bb - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
2009-03-08 22:56:55 +00:00
Daniel Stenberg
8fa8df95fb - The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
disable "rfc4507bis session ticket support".  rfc4507bis was later turned
  into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077

  The enabled extension concerns the session management. I wonder how often
  libcurl stops a connection and then resumes a TLS session. also, sending the
  session data is some overhead. .I suggest that you just use your proposed
  patch (which explicitly disables TICKET).

  If someone writes an application with libcurl and openssl who wants to
  enable the feature, one can do this in the SSL callback.

  Sharad Gupta brought this to my attention. Peter Sylvester helped me decide
  on the proper action.
2009-01-26 14:36:18 +00:00
Dan Fandrich
5591550167 Fixed a couple more locale-dependent toupper conversions, mainly for
clarity.  This does fix one problem that causes ;type=i FTP URLs
to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
used (test case 561)

Added tests 561 and 1092 through 1094 to test various combinations
of ;type= and ;mode= URLs that could potentially fail in the Turkish
locale.
2009-01-21 04:42:47 +00:00
Daniel Stenberg
59227bf075 - Peter Korsgaard fixed building libcurl with "configure --with-ssl
--disable-verbose".
2008-12-28 22:00:36 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Daniel Stenberg
9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg
a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Yang Tse
ad61b58036 fix compiler warning 2008-10-14 02:35:39 +00:00
Yang Tse
21b523fcd3 Official OpenSSL released versions up to and including 0.9.8i as well as
2008-09-24 stable snapshot have a buf_mem_st.length structure member with
'int' data type.

OpenSSL un-released 0.9.9 CVS version has a buf_mem_st.length structure member
with 'size_t' data type since 2007-Oct-09.

These 4 typecasts should silence compiler warnings in all cases.
2008-09-24 13:55:23 +00:00
Gisle Vanem
2a09ffc648 Avoid 'warning: comparison between signed and unsigned'. 2008-09-23 13:16:36 +00:00
Daniel Stenberg
4c9768565e - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
  or FTPS), libcurl will gather lots of server certificate info and that info
  can then get extracted by a client after the request has completed with
  curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
  helped me test and smoothen out this feature.

  Unfortunately, this feature currently only works with libcurl built to use
  OpenSSL.

  This feature was sponsored by networking4all.com - thanks!
2008-09-05 14:29:21 +00:00
Daniel Stenberg
ae654266df - PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a
true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or
  less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that
  would set it to something non-zero would return before the assign in almost
  all error cases. The internal variable is now set to non-zero from the start
  of the function only to get cleared later on if things work out fine.
2008-07-30 21:24:59 +00:00
Daniel Stenberg
04d5c8fb77 - I did a cleanup of the internal generic SSL layer and how the various SSL
libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.
2008-06-11 17:01:58 +00:00
Yang Tse
5980b3cbb0 fix compiler warning: conversion from pointer to void' to pointer to int
function(pointer to char,int,int,pointer to void)' is compiler dependent
2008-06-11 15:26:04 +00:00
Daniel Stenberg
0ace5f6553 - I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE
functionality killed it due to its unconditional use of
  X509_STORE_set_flags...
2008-06-10 20:49:17 +00:00
Daniel Stenberg
621c2b9015 - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 20:52:32 +00:00
Daniel Stenberg
3fe8251dfb - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 18:40:21 +00:00
Yang Tse
d6f8f16068 fix: preprocessor complaining about macro redefinition 2008-05-26 01:59:00 +00:00
Michal Marek
e2b82b4325 - Make Curl_write and it's callees accept a const pointer, in preparation
of tetetest's patch for curl_easy_send()
2008-05-09 11:27:54 +00:00
Daniel Stenberg
6a33a4456e - Stefan Krause reported a case where the OpenSSL handshake phase wasn't
properly acknowledging the timeout values, like if you pulled the network
  plug in the midst of it.
2008-04-14 15:26:34 +00:00
Gunter Knauf
9682c2037e Added support for server name indication (RFC 4366).
Patch submitted by Kaspar Brand.
2008-02-26 10:30:13 +00:00
Daniel Stenberg
6982ed4db7 - Sam Listopad provided a patch in feature-request #1900014
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
  use OpenSSL) support a full chain of certificates in a given PKCS12
  certificate.
2008-02-23 12:27:45 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Gunter Knauf
f9a6062081 applied patch to disable SSLv2 by default; discussion:
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
2008-02-19 23:10:07 +00:00
Daniel Stenberg
1b701c746f - Refactored a lot of timeout code into a few functions in an attempt to make
them all use the same (hopefully correct) logic to make it less error-prone
  and easier to introduce library-wide where it should be used.
2008-02-07 22:25:04 +00:00
Daniel Stenberg
ed6466d176 Calls to Curl_failf() are not supposed to provide a trailing newline as the
function itself adds that. Fixed on 50 or something strings!
2008-01-15 23:19:02 +00:00
Daniel Stenberg
662bee7193 All static functions that were previously name Curl_* something no longer
use that prefix as we use that prefix only for library-wide internal global
symbols.
2007-12-08 22:50:55 +00:00
Yang Tse
8fa599215b Fix compiler warning: variable may be used uninitialized 2007-12-04 00:15:03 +00:00
Daniel Stenberg
2be50baf97 Now libcurl (built with OpenSSL) doesn't return error anymore if the remote
SSL-based server doesn't present a certificate when the request is told to
ignore certificate verification anyway.
2007-12-03 11:39:27 +00:00
Daniel Stenberg
ad6e28073c removed space after if and while before the parenthesis for better source code
consistency
2007-11-05 09:45:09 +00:00
Daniel Stenberg
ce81cd21d3 I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.
2007-10-03 08:07:50 +00:00
Dan Fandrich
bdfeaa0f95 #ifdef out a few more functions when SSL is disabled. 2007-09-25 06:45:05 +00:00
Dan Fandrich
9f44a95522 Renamed several libcurl error codes and options to make them more general
and allow reuse by multiple protocols. Several unused error codes were
removed.  In all cases, macros were added to preserve source (and binary)
compatibility with the old names.  These macros are subject to removal at
a future date, but probably not before 2009.  An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.

Documented some newer error codes in libcurl-error(3)
2007-08-30 20:34:57 +00:00
Dan Fandrich
8cf0814a14 Fixed some minor type mismatches and missing consts mainly found by splint. 2007-08-27 06:31:28 +00:00
Patrick Monnerat
d994fcf2b1 Remove leading space in curl_version_info ss_version field. 2007-08-24 09:06:17 +00:00
Patrick Monnerat
ad9cb40b6f Some #if --> #ifdef
undef standard *printf before (re)defining them
2007-08-07 12:44:38 +00:00
Daniel Stenberg
50c10aa5bf Patrick Monnerat and I modified libcurl so that now it *copies* all strings
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
2007-08-01 21:20:01 +00:00