Daniel Stenberg
f1fa7b8ba4
Bug report #1759542 ( http://curl.haxx.se/bug/view.cgi?id=1759542 ). A bad use
...
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
2007-07-29 12:54:05 +00:00
Daniel Stenberg
d12759c73e
Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
...
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
2007-07-11 22:20:46 +00:00
Daniel Stenberg
96c093f27c
Andre Guibert de Bruet fixed a memory leak when PKCS #12 parsing failed
2007-05-22 20:46:51 +00:00
Daniel Stenberg
a9d49769ff
Andre Guibert de Bruet fixed a memory leak in the function that verifies the
...
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
2007-05-22 19:51:44 +00:00
Yang Tse
d9e89e170f
fix out of memory handling issue
2007-04-07 04:51:35 +00:00
Daniel Stenberg
c1f117700a
Pointless to check for non-NULL pointers that already have been dereferenced
...
and they have to be non-NULL long before this check.
CID 22 in the coverity.com scan
2007-03-31 21:10:05 +00:00
Yang Tse
d58c7a8bdd
Update message
2007-03-27 18:16:35 +00:00
Yang Tse
fba4cd0e62
Internal function Curl_select() renamed to Curl_socket_ready()
2007-03-26 23:23:46 +00:00
Yang Tse
f08ac86834
fix compiler warning
2007-03-25 02:30:58 +00:00
Daniel Stenberg
d314453037
yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check for
...
it and avoid it, even if this cripples the CCC command
2007-03-14 23:40:46 +00:00
Gisle Vanem
c514a2a89a
Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-files
...
since they're already included through "setup.h".
2007-02-26 04:24:26 +00:00
Yang Tse
3a634a273a
curlassert macro replaced with DEBUGASSERT macro defined in setup_once.h
2007-02-21 19:03:20 +00:00
Linus Nielsen Feltzing
2f5e99ca02
New FTP CCC functionality - adds passive and active mode to accomodate for different server behaviour
2007-02-20 22:02:11 +00:00
Yang Tse
a1d5983991
use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handling
2007-02-16 18:19:35 +00:00
Daniel Stenberg
91386937ff
- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MS
...
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the
timeouts with millisecond resolution instead. The only restriction to that
is the alarm() (sometimes) used to abort name resolves as that uses full
seconds. I fixed the FTP response timeout part of the patch.
Internally we now count and keep the timeouts in milliseconds but it also
means we multiply set timeouts with 1000. The effect of this is that no
timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
equals 24.86 days. We probably couldn't before either since the code did
*1000 on the timeout values on several places already.
2007-02-05 22:51:32 +00:00
Dan Fandrich
9e61c904ac
Display crypto engine name correctly in debug message.
2007-01-10 21:21:53 +00:00
Linus Nielsen Feltzing
55123424c8
Removed unused variable in Curl_ossl_shutdown()
2007-01-08 10:03:19 +00:00
Daniel Stenberg
4750e6f3c5
- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
...
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
will make libcurl shutdown SSL/TLS after the authentication is done on a
FTP-SSL operation.
2007-01-05 23:11:14 +00:00
Daniel Stenberg
be0d17e812
cleaned up Curl_write() and the sub functions it uses for various protocols.
...
They all now return ssize_t to Curl_write().
Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
Daniel Stenberg
f830d77307
Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
...
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
2006-11-08 21:49:14 +00:00
Daniel Stenberg
4e717cdb30
Armel Asselin separated CA cert verification problems from problems with
...
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-21 11:32:05 +00:00
Yang Tse
ec956b0334
Explicit typecast for Curl_debug() size argument
2006-10-17 10:04:13 +00:00
Yang Tse
c30e908034
Compiler warning fix
2006-09-10 23:37:42 +00:00
Yang Tse
d157c29269
Fix compiler warnings
2006-07-19 21:14:02 +00:00
Yang Tse
483a586d55
Avoid variable declaration shadowing previously declared one
2006-07-19 18:46:56 +00:00
Yang Tse
f3c508f6e8
Update error buffer size used for SSL_strerror()
2006-07-17 05:05:57 +00:00
Daniel Stenberg
a3949c7786
with a very recent yassl, we now can display 'yassl' when the OpenSSL API is
...
in fact provided by yassl instead
2006-06-29 07:35:02 +00:00
Daniel Stenberg
8df5dcb193
proper use of newlines
2006-06-09 12:07:34 +00:00
Daniel Stenberg
2bd3033f68
NTLM2 session response support
2006-06-07 14:14:04 +00:00
Daniel Stenberg
c9c5ce2365
David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
...
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-10 22:17:42 +00:00
Daniel Stenberg
1946058e7b
Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
...
connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
2006-05-09 12:43:49 +00:00
Daniel Stenberg
9bece2b313
additional renames of Curl_ourerrno => Curl_sockerrno
2006-05-05 10:24:27 +00:00
Daniel Stenberg
e85e30546c
Roland Blom filed bug report #1481217
...
(http://curl.haxx.se/bug/view.cgi?id=1481217 ), with follow-ups by Michele Bini
and David Byron. libcurl previously wrongly used GetLastError() on windows to
get error details after socket-related function calls, when it really should
use WSAGetLastError() instead.
When changing to this, the former function Curl_ourerrno() is now instead
called Curl_sockerrno() as it is necessary to only use it to get errno from
socket-related functions as otherwise it won't work as intended on Windows.
2006-05-04 22:39:47 +00:00
Daniel Stenberg
38898ba4af
corrected the SSL timeout, as Ates Goral's patch did it and that works (opposed
...
to my previous brain-damaged version)
2006-04-18 22:10:19 +00:00
Daniel Stenberg
676597e961
Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and
...
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL
connection time-out!
2006-04-10 21:49:55 +00:00
Daniel Stenberg
5a4b43848a
First commit of David McCreedy's EBCDIC and TPF changes.
2006-04-07 21:50:47 +00:00
Daniel Stenberg
83367f67de
Xavier Bouchoux made the SSL connection non-blocking for the multi interface
...
(when using OpenSSL).
2006-03-21 21:54:44 +00:00
Daniel Stenberg
d494d62953
David McCreedy found a use of the wrong variable when display the error
...
text from OpenSSL.
2006-03-13 23:34:25 +00:00
Daniel Stenberg
8bba99ae56
Lots of users on Windows have reported getting the "SSL: couldn't set
...
callback" error message so I've now made the setting of that callback not be
as critical as before. The function is only used for additional loggging/
trace anyway so a failure just means slightly less data. It should still be
able to proceed and connect fine to the server.
2006-03-06 22:35:51 +00:00
Dan Fandrich
178afd81a9
Fixed lcc compiler warnings.
2005-12-19 19:47:14 +00:00
Dan Fandrich
e2df946eee
Fixed some compiler warnings on lcc.
2005-12-13 18:54:31 +00:00
Daniel Stenberg
083c5e17e1
Yang Tse fixed: Openssl 0.9.9 makes 'const' the SSL_METHOD parameter in
...
SSL_CTX_new and others, and also makes functions SSLv23_client_method,
TLSv1_client_method, etc return a 'const' SSL_METHOD pointer. Previous
versions do not use the 'const' qualifier.
2005-12-05 15:14:04 +00:00
Gisle Vanem
67b4d9b232
Recent OpenSSL returns a 'const' in '*_client_method()'. So avoid
...
'assignment discards qualifiers from pointer target type' warning.
2005-12-04 18:47:36 +00:00
Daniel Stenberg
9ace303528
Yang Tse fixed compiler warnings
2005-11-13 23:53:14 +00:00
Daniel Stenberg
20b17d6b04
the debug callback was called with CURLINFO_TEXT with the data size one
...
too big
2005-08-10 22:57:14 +00:00
Daniel Stenberg
4e26b2a65b
fix compiler warning
2005-04-13 06:52:03 +00:00
Daniel Stenberg
6e61939382
GnuTLS support added. There's now a "generic" SSL layer that we use all over
...
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).
As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.
TODO.gnutls contains a few known outstanding issues for the GnuTLS support.
GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00
Daniel Stenberg
ab4086bc24
Updated the copyright year since changes have been this year.
2005-03-31 07:02:02 +00:00
Dan Fandrich
b01151e81c
Reduced the length of data read from the random entropy file.
2005-03-04 22:36:56 +00:00
Dan Fandrich
67bd6f9ccd
Don't try to read the whole of the random file because when /dev/urandom is
...
used, it slows initialization too much reading an infinitely long file!
2005-03-04 20:10:29 +00:00
Daniel Stenberg
446b9467da
init fix for non-SSL builds
2005-02-10 07:45:08 +00:00
Daniel Stenberg
61a1e3cd01
better error checking and SSL init by David Byron
2005-02-09 23:04:51 +00:00
Daniel Stenberg
83bab78bda
Hzhijun reported a memory leak in the SSL certificate code, that leaked the
...
remote certificate name when it didn't match the used host name.
2005-01-10 09:48:39 +00:00
Gisle Vanem
754d6c3abd
Remove 'data' initialiser.
2004-12-19 11:39:34 +00:00
Daniel Stenberg
3d647b9a98
if the pkcs12.h header exists, include it already in urldata.h to work around
...
a precedence problem with the zlib header. See CHANGES for details.
2004-12-19 09:37:32 +00:00
Daniel Stenberg
8ad47a13e5
Samuel Listopad added support for PKCS12 formatted certificates.
2004-12-18 10:42:48 +00:00
Daniel Stenberg
553082e24a
prevent compiler warning when built without engine support
2004-12-14 22:06:25 +00:00
Dan Fandrich
10d6d8b2ae
Header files are in openssl/ only if USE_OPENSSL is set.
2004-12-14 20:25:23 +00:00
Gisle Vanem
7d3f5d7ac1
urldata.h: Removed engine_list.
...
ssluse.*: Added SSL_strerror(). Curl_SSL_engines_list() now returns a slist
which must be freed by caller.
2004-12-14 14:20:21 +00:00
Daniel Stenberg
07f107ae20
Moved the engine stuff from the root-level of the SessionHandle struct to the
...
UrlState sub-struct. Also made the engine_list exist for non-ssl builds to
make curl build.
2004-12-14 09:36:22 +00:00
Gisle Vanem
bdb0620529
Added handling of CURLINFO_SSL_ENGINES;
...
Added Curl_SSL_engines_list(), cleanup SSL in url.c
(no HAVE_OPENSSL_x etc.).
2004-12-13 16:43:00 +00:00
Daniel Stenberg
8e34e75100
Curl_select's timeout arg is an int
2004-11-22 13:28:44 +00:00
Daniel Stenberg
1a05a90f1c
David Phillips' FD_SETSIZE fix
2004-11-19 08:52:33 +00:00
Daniel Stenberg
5931d43a36
clean up start time and t_startsingle use so that redirect_time works properly
2004-11-15 11:27:03 +00:00
Daniel Stenberg
39af394a1c
removed tabs and trailing whitespace from source
2004-10-06 07:50:18 +00:00
Daniel Stenberg
6fa624cf8c
improved error message when client cert return failure
2004-09-02 21:03:41 +00:00
Daniel Stenberg
4934e6471b
In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is
...
already UTF-8 encoded. We check for this case and copy the raw string manually
to avoid the problem. This code can be made conditional in the future when
OpenSSL has been fixed. Work-around brought by Alexis S. L. Carvalho.
2004-08-10 08:06:43 +00:00
Daniel Stenberg
ae2f002b44
added typecast in an attempt to fix a mingw32 warning
2004-07-29 07:34:17 +00:00
Daniel Stenberg
4511f7ac50
SSL_get_verify_result() returns a long, so we receive the result in a long
...
and not an int.
2004-07-04 21:42:32 +00:00
Daniel Stenberg
090b89cc76
Variable type cleanups to please the picky MIPSPro compiler.
2004-07-01 08:10:21 +00:00
Daniel Stenberg
85bd4621db
Prevent a very long password to buffer overflow the global variable we
...
use when built with a very old OpenSSL version.
2004-06-30 11:53:34 +00:00
Daniel Stenberg
ba40eccc90
make the SSL connect use the same default connect timeout define as the
...
generic connect uses
2004-06-30 09:22:48 +00:00
Daniel Stenberg
feb2dd2835
Replaced all uses of sprintf() with the safer snprintf(). It is just a
...
precaution to prevent mistakes to lead to buffer overflows.
2004-06-24 11:54:11 +00:00
Daniel Stenberg
76920413d9
Gisle fixed the wildcard checks for certificates.
2004-06-22 08:51:22 +00:00
Daniel Stenberg
cf3f1ef284
prevent compiler warning
2004-06-19 09:38:08 +00:00
Daniel Stenberg
bd3d5a17b4
Gisle's "SSL patch" from June 16th 2004, modified by me as discussed on the
...
mailing list.
2004-06-18 06:20:43 +00:00
Daniel Stenberg
be72eaa327
use Curl_strcasestr() when checking wildcard cert names
2004-06-13 08:33:26 +00:00
Daniel Stenberg
2511d1193a
* seed_enough() was converted to a macro to avoid the IRIX compiler warning
...
about that passed-in argument not being used.
* killed trailing whitespace
2004-05-18 07:25:13 +00:00
Daniel Stenberg
a9893ca79a
Peter Sylvester's patch that addresses two flaws in the peer certificate name
...
verification:
- when multiple common names are used (as in the curl tests), the last name
needs to be selected.
- allow comparing with encoded values, at least with BMP and ISO latin1
encoded T61strings.
2004-05-17 22:01:16 +00:00
Daniel Stenberg
b5f85ba77d
memory cleanup and check fix
2004-05-13 15:19:02 +00:00
Daniel Stenberg
bbafb2eb27
curl_global_init_mem() allows the memory functions to be replaced.
...
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
Daniel Stenberg
699ebe2f0b
Gisle made the code use ERR_error_string_n()
2004-04-29 07:36:40 +00:00
Daniel Stenberg
4b9f8e766d
Made host name and proxy name get stored in a 'struct hostname' and set
...
all things up to work with encoded host names internally, as well as keeping
'display names' to show in debug messages. IDN resolves work for me now using
ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right.
2004-04-27 13:56:23 +00:00
Daniel Stenberg
fb1039f2ab
Tor Arntsen fixed a 'Statement not reachable'-warning
2004-04-26 11:52:43 +00:00
Daniel Stenberg
b7a7600465
Cleaned up hostname/name/gname and path/ppath confusion. Removed the fixed-
...
length limit of the hostname part of the URL.
2004-04-20 07:53:24 +00:00
Daniel Stenberg
0c791d1e76
variable type usage cleanup to please picky compilers
2004-03-23 15:20:57 +00:00
Daniel Stenberg
326e8b9fc1
don't let the EINTR stuff build on windows
2004-03-11 12:57:04 +00:00
Daniel Stenberg
40e892bb36
Jeff Lawson fixed the SSL connection to deal with received signals during the
...
connect.
2004-03-10 08:43:01 +00:00
Daniel Stenberg
ce5805a955
Use curl_socket_t instead of int for holding sockets. The typedefs and
...
defines are in setup.h.
2004-03-09 22:52:50 +00:00
Daniel Stenberg
4d17d6876e
Dan Fandrich's cleanup patch to make pedantic compiler options cause less
...
warnings. Minor edits by me.
2004-01-29 13:56:45 +00:00
Daniel Stenberg
61e3d75def
Gisle Vanem's patch for variables that "might be used uninitialized"
2004-01-16 09:17:04 +00:00
Daniel Stenberg
053f6c85ef
updated year in the copyright string
2004-01-07 09:19:33 +00:00
Daniel Stenberg
d8cf2d42c0
prevent warning for non-SSL builds
2003-11-24 11:44:04 +00:00
Daniel Stenberg
1e98727c55
FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe it
2003-11-24 07:15:37 +00:00
Daniel Stenberg
dfe0118033
Mathias Axelsson found a case where we free()d the server certificate twice!
2003-11-15 10:00:20 +00:00
Daniel Stenberg
14f795816d
Georg Horn's fixes to do different CA cert verifications. They can now be
...
done even if the result is ignored, as some sites seem to require that.
2003-10-23 07:44:55 +00:00
Daniel Stenberg
597c1fe6bc
rewritten alternative name check
2003-10-16 13:44:34 +00:00
Daniel Stenberg
c6a0bb99af
bad license situation for the altname patch
2003-10-15 14:42:11 +00:00
Daniel Stenberg
ff5b6ff528
fixed to build fine without ssl
2003-10-08 13:06:50 +00:00
Daniel Stenberg
6494889e3b
Neil Dunbar provided a patch that now makes libcurl check SSL
...
subjectAltNames when matching certs. This is apparently detailed in RFC2818
as the right thing to do. I had to add configure checks for inet_pton() and
our own (strictly speaking, code from BIND written by Paul Vixie) provided
code for the function for platforms that miss it.
2003-10-07 21:46:47 +00:00
Daniel Stenberg
481094db90
warn if no CN is available if verify is only set to 1
2003-09-03 20:47:17 +00:00
Daniel Stenberg
a8c78cbbb0
CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions so
...
we need to check for its presence in the configure script
2003-08-19 09:56:16 +00:00
Daniel Stenberg
dafc652f63
Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()
...
when we cleanup the SSL stuff to not leak any memory.
I wish this was documented anywhere.
2003-08-19 07:51:09 +00:00
Daniel Stenberg
f9c3347f7c
re-use existing variable instead of declaring a new local one
2003-07-05 13:27:02 +00:00
Daniel Stenberg
45fc760985
Peter Sylvester's patch was applied that introduces the following:
...
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the
OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If
anything but CURLE_OK is returned, that will also be returned by libcurl
all the way back. If this function changes the CURLOPT_URL, libcurl will
detect this and instead go use the new URL.
CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set
with CURLOPT_SSL_CTX_FUNCTION.
2003-07-04 16:29:23 +00:00
Daniel Stenberg
308bc9d919
use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions
2003-06-26 11:22:12 +00:00
Daniel Stenberg
d288222e80
work-around SSL implementation flaws better, pointed out in bug report
...
#745122 .
2003-06-02 13:27:03 +00:00
Daniel Stenberg
f213e857ab
Andy Cedilnik fixed some compiler warnings
2003-05-01 13:37:36 +00:00
Daniel Stenberg
0b839c4f77
return the same error for the sslv2 "certificate verify failed" code
2003-04-14 22:00:36 +00:00
Daniel Stenberg
21873b52e9
Restored the SSL error codes since they was broken in the 7.10.4 release,
...
also now attempt to detect and return the specific CACERT error code.
2003-04-14 12:53:29 +00:00
Daniel Stenberg
9558f229db
Fixup after talks with Richard Bramante. We should now make better
...
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-31 05:13:26 +00:00
Daniel Stenberg
afffce80f0
Philippe Raoult needed this to build on FreeBSD
2003-03-13 21:41:02 +00:00
Daniel Stenberg
8755a6d1ac
Richard Gorton improved the random_the_seed() function for systems where
...
we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure.
2003-03-11 18:55:34 +00:00
Daniel Stenberg
9121b1f41d
the strequal and strnequal should now be called with the proper curl_ prefix
2003-02-28 12:20:08 +00:00
Daniel Stenberg
a3d3642a30
spell better
2003-02-27 23:10:38 +00:00
Daniel Stenberg
69ab4cd391
include <sys/socket.h> to compile the fd_set stuff properly on all systems
2003-02-14 09:03:03 +00:00
Daniel Stenberg
f56d006f93
Re-arranged the SSL connection code (again). The recent fix was not a very
...
good one. This should work fine again.
2003-02-05 07:43:05 +00:00
Daniel Stenberg
5d28f3781b
Improved error reporting in case of bad SSL_connect()s, and we also no
...
longer use the SSL functions that store the error message in a static buffer
since that is not very multi-thread friendly.
2003-02-04 12:29:57 +00:00
Daniel Stenberg
a7c72b7abf
removed the local variables for emacs and vim, use the new sample.emacs
...
way for emacs, and vim users should provide a similar non-polluting style
2003-01-29 10:14:20 +00:00
Daniel Stenberg
f26a338a54
copyright year update in the source header
2003-01-16 21:08:12 +00:00
Daniel Stenberg
ca134d5522
Philippe Raoult's fix to handle wildcard certificate name checks
2003-01-07 16:33:11 +00:00
Daniel Stenberg
3aea0d3d68
Evan Jordan's fix for a memory leak. Bug report 650989.
2002-12-13 14:08:49 +00:00
Daniel Stenberg
4bcc866c52
The fread() callback pointer and associated pointer is now stored in the
...
connectdata struct instead, and is no longer modified within the 'set' struct
as previously (which was a really BAAAD thing).
2002-12-09 15:37:54 +00:00
Daniel Stenberg
ba4e69bebc
updated source code boilerplate/header
2002-09-03 11:52:59 +00:00
Daniel Stenberg
56c43604d0
if verifypeer is enabled but nether CAfile nor CApath is, then don't try
...
to load "verify_locations"
2002-08-30 12:07:42 +00:00
Daniel Stenberg
0e0caf7c06
CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, we
...
proceed fine with the already existing options, just having a different
internal library default for capath.
2002-08-30 11:09:49 +00:00
Daniel Stenberg
8b77f40f99
This fix MIGHT make us build nicely with OpenSSL 0.9.7. This fix is based
...
on a patch from Jacob Meuser, input from Götz Babin-Ebell and my own
browsing of the latest include files.
2002-06-10 12:38:10 +00:00
Daniel Stenberg
323f195036
ASN1 files don't work for the *chain_file(), make them use the previous
...
version
2002-05-21 08:15:42 +00:00
Daniel Stenberg
fe3ba1dd11
Roland Zimmermann's hint, we use SSL_CTX_use_certificate_chain_file() instead
...
of the previous one that used SSL_CTX_use_certificate_file()
2002-05-20 14:25:35 +00:00
Daniel Stenberg
974f314f57
copyright string (year) update
2002-03-19 07:54:55 +00:00
Daniel Stenberg
5b58e61f28
now re-seed by force (even if already seeded) if a random file or egd socket
...
is given
2002-01-30 08:17:23 +00:00
Daniel Stenberg
f114caca90
- T. Bharath pointed out that we seed SSL on every connect, which is a time-
...
consuming operation that should only be needed to do once. We patched
libcurl to now only seed on the first connect when unseeded. The seeded
status is global so it'll now only happen once during a program's life time.
2002-01-29 14:11:38 +00:00
Daniel Stenberg
eba8035e12
Richard Archer made it compile and build with OpenSSL versions prior to
...
0.9.5
2002-01-17 10:40:13 +00:00
Daniel Stenberg
d84a0c51e0
Cris Bailiff found out that when the SSL session cache was filled, libcurl
...
would crash. This corrects the problem.
2002-01-09 09:38:37 +00:00
Daniel Stenberg
d57e09889a
added a missing failf() before returning an error code
2002-01-08 23:23:24 +00:00
Daniel Stenberg
d3299beec7
Modified to use non-blocking sockets all the time.
2002-01-07 18:38:01 +00:00
Daniel Stenberg
af6c394785
Götz Babin-Ebell's OpenSSL ENGINE patch
2001-12-17 23:01:39 +00:00
Daniel Stenberg
e192261788
failf() calls should not have newlines in the message string!
2001-12-11 13:13:01 +00:00
Daniel Stenberg
b8ff21124a
Samuel Listopad's fix to allow global_init => global_cleanup => global_init
...
for ssl
2001-11-14 07:11:39 +00:00
Daniel Stenberg
2f77b0a4c6
we can now tell ssl to use TLSv1 protocol, and we now use defines instead
...
of real integers for versions, the defines are added to curl.h
2001-11-05 14:06:42 +00:00
Sterling Hughes
8e91d5de8e
looks nicer and is better compatible with older vim versions
2001-10-11 09:32:19 +00:00
Daniel Stenberg
645413f5ef
Lots of praise and glory to Vojtech Minarik for setting up a test server
...
and providing me with test-certificates that helped me nail the problem with
curl not discovering with a bad certificate was used.
2001-09-19 21:49:11 +00:00
Daniel Stenberg
1fde1431c9
narrowed some source lines to fit in 80 cols
2001-09-12 08:14:35 +00:00
Daniel Stenberg
db7bde1d7a
added ability to set prefered list of ciphers
2001-09-11 22:21:02 +00:00
Daniel Stenberg
894b47da9b
ouputs the start and expire dates of the server certificate on verbose
...
output
2001-09-11 10:00:49 +00:00
Daniel Stenberg
46372c04ee
made it compile properly when not building with SSL support
2001-09-07 09:40:46 +00:00
Sterling Hughes
6147879837
Added formatting sections for emacs and vim
2001-09-07 04:01:32 +00:00
Daniel Stenberg
c3b448dcea
moved the session ID cache state variables into the UrlState struct within
...
the SessionHandle. It was previously wrongly put in UserDefined
2001-09-06 08:32:01 +00:00
Daniel Stenberg
86da31e031
Curl_SSL_Close_All() now checks that we have a session cache before we run
...
around killing entries in it!
2001-09-06 06:26:24 +00:00
Daniel Stenberg
0ece1b5c34
Major rename and redesign of the internal "backbone" structs. Details will
...
be posted in a minute to the libcurl list.
2001-08-30 22:48:34 +00:00
Daniel Stenberg
26983053c4
take port numbers into account when finding a previous session from the
...
cache
2001-08-29 09:36:41 +00:00
Daniel Stenberg
3c52c53ddd
Added SSL session ID caching, moved some SSL code from url.c to ssluse.c
2001-08-28 08:37:54 +00:00
Daniel Stenberg
df09214c62
strcasecmp() is banned from our code, should be strequal() everywhere!
...
Tim Costello reported bug report #454858 .
2001-08-24 06:20:47 +00:00
Daniel Stenberg
bd0afd8db4
removed the use of the global array for the password that was necessary
...
for OpenSSL versions prior to 0.9.4, this is conditional and should still
work with older versions.
2001-08-14 08:36:30 +00:00
Daniel Stenberg
95837043e2
Patrick Bihan-Faou introduced CURLOPT_SSL_VERIFYHOST and code to deal with
...
it.
2001-08-08 07:16:47 +00:00
Daniel Stenberg
813d7585c7
Nic Roets brought a fix for the certificate verification when using SSL.
2001-06-29 07:38:11 +00:00
Daniel Stenberg
e39e6c537e
removed a failf() that would overwrite the previous error message
2001-06-12 18:22:52 +00:00
Daniel Stenberg
b541537c66
curl_global_init() support for CURL_GLOBAL_NOT_SSL
2001-05-30 08:00:29 +00:00
Daniel Stenberg
d300cf4d84
T. Bharath's comments about SSL cleanup incorporated, and the two new
...
curl_global_* functions
2001-05-28 14:12:43 +00:00
Daniel Stenberg
8fd89d6b93
fixed Curl_SSLConnect() to return CURLcode errors, including the new error
...
code for peer certificate errors
2001-05-12 09:29:56 +00:00
Daniel Stenberg
a652db18bd
include debugmem for memory leak detection
2001-04-24 21:41:29 +00:00
Daniel Stenberg
cce05b9138
Björn Stenberg corrected the silly '(void)data' usage when SSL is not
...
used
2001-03-14 10:15:42 +00:00
Daniel Stenberg
11ee547a0e
Jörn Hartroth fixed a bad #endif placement
2001-03-14 08:20:41 +00:00
Daniel Stenberg
f2fd1b8856
two new random seed options: CURLOPT_RANDOM_FILE and CURLOPT_EGDSOCKET
2001-03-12 15:47:17 +00:00
Daniel Stenberg
2873c18132
removed compiler warning if HAVE_RAND_STATUS is false
2001-03-07 17:08:20 +00:00
Daniel Stenberg
2ef13230cb
new seeding stuff as mentioned by Albert Chin
2001-03-06 00:04:58 +00:00
Daniel Stenberg
a1d6ad2610
multiple connection support initial commit
2001-02-20 17:35:51 +00:00
Daniel Stenberg
4031104404
Internal symbols that aren't static are now prefixed with 'Curl_'
2001-01-05 10:11:41 +00:00
Daniel Stenberg
24dee483e9
dual-license fix
2001-01-03 09:29:33 +00:00
Daniel Stenberg
0cff279063
new urldata ssl layout and T. Bharath brought the new SSL cert verify function
2000-10-30 11:53:40 +00:00
Daniel Stenberg
60ee571bd6
CRYPTO_free() of course, it makes it run with previous openssl versions too
2000-09-26 07:03:59 +00:00
Daniel Stenberg
e40f0be7e3
No longer uses Free() as that was removed from OpenSSL with 0.9.6
2000-09-25 22:04:51 +00:00
Daniel Stenberg
b6e18f2f66
#include "setup.h" moved first of all includes
2000-08-24 14:26:33 +00:00
Daniel Stenberg
1ef3600a07
haxx.nu => haxx.se
2000-06-20 15:31:26 +00:00
Daniel Stenberg
96dde76b99
moved here from the newlib branch
2000-05-22 14:12:12 +00:00
Daniel Stenberg
d48939c0c0
makes use of HAVE_RAND_SCREEN instead of WIN32 for using RAND_screen()
2000-03-16 11:41:27 +00:00
Daniel Stenberg
d4e18e4179
Adjusted to run properly with OpenSSL 0.9.5.
2000-03-02 23:01:35 +00:00
Daniel Stenberg
ae1912cb0d
Initial revision
1999-12-29 14:20:26 +00:00