bdfeaa0f95
#ifdef out a few more functions when SSL is disabled.
2007-09-25 06:45:05 +00:00
9f44a95522
Renamed several libcurl error codes and options to make them more general
...
and allow reuse by multiple protocols. Several unused error codes were
removed. In all cases, macros were added to preserve source (and binary)
compatibility with the old names. These macros are subject to removal at
a future date, but probably not before 2009. An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.
Documented some newer error codes in libcurl-error(3)
2007-08-30 20:34:57 +00:00
8cf0814a14
Fixed some minor type mismatches and missing consts mainly found by splint.
2007-08-27 06:31:28 +00:00
d994fcf2b1
Remove leading space in curl_version_info ss_version field.
2007-08-24 09:06:17 +00:00
ad9cb40b6f
Some #if --> #ifdef
...
undef standard *printf before (re)defining them
2007-08-07 12:44:38 +00:00
50c10aa5bf
Patrick Monnerat and I modified libcurl so that now it *copies* all strings
...
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
2007-08-01 21:20:01 +00:00
f1fa7b8ba4
Bug report #1759542 ( http://curl.haxx.se/bug/view.cgi?id=1759542 ). A bad use
...
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
2007-07-29 12:54:05 +00:00
d12759c73e
Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
...
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
2007-07-11 22:20:46 +00:00
96c093f27c
Andre Guibert de Bruet fixed a memory leak when PKCS #12 parsing failed
2007-05-22 20:46:51 +00:00
a9d49769ff
Andre Guibert de Bruet fixed a memory leak in the function that verifies the
...
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
2007-05-22 19:51:44 +00:00
d9e89e170f
fix out of memory handling issue
2007-04-07 04:51:35 +00:00
c1f117700a
Pointless to check for non-NULL pointers that already have been dereferenced
...
and they have to be non-NULL long before this check.
CID 22 in the coverity.com scan
2007-03-31 21:10:05 +00:00
d58c7a8bdd
Update message
2007-03-27 18:16:35 +00:00
fba4cd0e62
Internal function Curl_select() renamed to Curl_socket_ready()
2007-03-26 23:23:46 +00:00
f08ac86834
fix compiler warning
2007-03-25 02:30:58 +00:00
d314453037
yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check for
...
it and avoid it, even if this cripples the CCC command
2007-03-14 23:40:46 +00:00
c514a2a89a
Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-files
...
since they're already included through "setup.h".
2007-02-26 04:24:26 +00:00
3a634a273a
curlassert macro replaced with DEBUGASSERT macro defined in setup_once.h
2007-02-21 19:03:20 +00:00
2f5e99ca02
New FTP CCC functionality - adds passive and active mode to accomodate for different server behaviour
2007-02-20 22:02:11 +00:00
a1d5983991
use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handling
2007-02-16 18:19:35 +00:00
91386937ff
- Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MS
...
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the
timeouts with millisecond resolution instead. The only restriction to that
is the alarm() (sometimes) used to abort name resolves as that uses full
seconds. I fixed the FTP response timeout part of the patch.
Internally we now count and keep the timeouts in milliseconds but it also
means we multiply set timeouts with 1000. The effect of this is that no
timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
equals 24.86 days. We probably couldn't before either since the code did
*1000 on the timeout values on several places already.
2007-02-05 22:51:32 +00:00
9e61c904ac
Display crypto engine name correctly in debug message.
2007-01-10 21:21:53 +00:00
55123424c8
Removed unused variable in Curl_ossl_shutdown()
2007-01-08 10:03:19 +00:00
4750e6f3c5
- Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
...
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
will make libcurl shutdown SSL/TLS after the authentication is done on a
FTP-SSL operation.
2007-01-05 23:11:14 +00:00
be0d17e812
cleaned up Curl_write() and the sub functions it uses for various protocols.
...
They all now return ssize_t to Curl_write().
Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
f830d77307
Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
...
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
2006-11-08 21:49:14 +00:00
4e717cdb30
Armel Asselin separated CA cert verification problems from problems with
...
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-21 11:32:05 +00:00
ec956b0334
Explicit typecast for Curl_debug() size argument
2006-10-17 10:04:13 +00:00
c30e908034
Compiler warning fix
2006-09-10 23:37:42 +00:00
d157c29269
Fix compiler warnings
2006-07-19 21:14:02 +00:00
483a586d55
Avoid variable declaration shadowing previously declared one
2006-07-19 18:46:56 +00:00
f3c508f6e8
Update error buffer size used for SSL_strerror()
2006-07-17 05:05:57 +00:00
a3949c7786
with a very recent yassl, we now can display 'yassl' when the OpenSSL API is
...
in fact provided by yassl instead
2006-06-29 07:35:02 +00:00
8df5dcb193
proper use of newlines
2006-06-09 12:07:34 +00:00
2bd3033f68
NTLM2 session response support
2006-06-07 14:14:04 +00:00
c9c5ce2365
David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
...
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-10 22:17:42 +00:00
1946058e7b
Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
...
connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
2006-05-09 12:43:49 +00:00
9bece2b313
additional renames of Curl_ourerrno => Curl_sockerrno
2006-05-05 10:24:27 +00:00
e85e30546c
Roland Blom filed bug report #1481217
...
(http://curl.haxx.se/bug/view.cgi?id=1481217 ), with follow-ups by Michele Bini
and David Byron. libcurl previously wrongly used GetLastError() on windows to
get error details after socket-related function calls, when it really should
use WSAGetLastError() instead.
When changing to this, the former function Curl_ourerrno() is now instead
called Curl_sockerrno() as it is necessary to only use it to get errno from
socket-related functions as otherwise it won't work as intended on Windows.
2006-05-04 22:39:47 +00:00
38898ba4af
corrected the SSL timeout, as Ates Goral's patch did it and that works (opposed
...
to my previous brain-damaged version)
2006-04-18 22:10:19 +00:00
676597e961
Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and
...
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL
connection time-out!
2006-04-10 21:49:55 +00:00
5a4b43848a
First commit of David McCreedy's EBCDIC and TPF changes.
2006-04-07 21:50:47 +00:00
83367f67de
Xavier Bouchoux made the SSL connection non-blocking for the multi interface
...
(when using OpenSSL).
2006-03-21 21:54:44 +00:00
d494d62953
David McCreedy found a use of the wrong variable when display the error
...
text from OpenSSL.
2006-03-13 23:34:25 +00:00
8bba99ae56
Lots of users on Windows have reported getting the "SSL: couldn't set
...
callback" error message so I've now made the setting of that callback not be
as critical as before. The function is only used for additional loggging/
trace anyway so a failure just means slightly less data. It should still be
able to proceed and connect fine to the server.
2006-03-06 22:35:51 +00:00
178afd81a9
Fixed lcc compiler warnings.
2005-12-19 19:47:14 +00:00
e2df946eee
Fixed some compiler warnings on lcc.
2005-12-13 18:54:31 +00:00
083c5e17e1
Yang Tse fixed: Openssl 0.9.9 makes 'const' the SSL_METHOD parameter in
...
SSL_CTX_new and others, and also makes functions SSLv23_client_method,
TLSv1_client_method, etc return a 'const' SSL_METHOD pointer. Previous
versions do not use the 'const' qualifier.
2005-12-05 15:14:04 +00:00
67b4d9b232
Recent OpenSSL returns a 'const' in '*_client_method()'. So avoid
...
'assignment discards qualifiers from pointer target type' warning.
2005-12-04 18:47:36 +00:00
9ace303528
Yang Tse fixed compiler warnings
2005-11-13 23:53:14 +00:00
20b17d6b04
the debug callback was called with CURLINFO_TEXT with the data size one
...
too big
2005-08-10 22:57:14 +00:00
4e26b2a65b
fix compiler warning
2005-04-13 06:52:03 +00:00
6e61939382
GnuTLS support added. There's now a "generic" SSL layer that we use all over
...
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).
As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.
TODO.gnutls contains a few known outstanding issues for the GnuTLS support.
GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00
ab4086bc24
Updated the copyright year since changes have been this year.
2005-03-31 07:02:02 +00:00
b01151e81c
Reduced the length of data read from the random entropy file.
2005-03-04 22:36:56 +00:00
67bd6f9ccd
Don't try to read the whole of the random file because when /dev/urandom is
...
used, it slows initialization too much reading an infinitely long file!
2005-03-04 20:10:29 +00:00
446b9467da
init fix for non-SSL builds
2005-02-10 07:45:08 +00:00
61a1e3cd01
better error checking and SSL init by David Byron
2005-02-09 23:04:51 +00:00
83bab78bda
Hzhijun reported a memory leak in the SSL certificate code, that leaked the
...
remote certificate name when it didn't match the used host name.
2005-01-10 09:48:39 +00:00
754d6c3abd
Remove 'data' initialiser.
2004-12-19 11:39:34 +00:00
3d647b9a98
if the pkcs12.h header exists, include it already in urldata.h to work around
...
a precedence problem with the zlib header. See CHANGES for details.
2004-12-19 09:37:32 +00:00
8ad47a13e5
Samuel Listopad added support for PKCS12 formatted certificates.
2004-12-18 10:42:48 +00:00
553082e24a
prevent compiler warning when built without engine support
2004-12-14 22:06:25 +00:00
10d6d8b2ae
Header files are in openssl/ only if USE_OPENSSL is set.
2004-12-14 20:25:23 +00:00
7d3f5d7ac1
urldata.h: Removed engine_list.
...
ssluse.*: Added SSL_strerror(). Curl_SSL_engines_list() now returns a slist
which must be freed by caller.
2004-12-14 14:20:21 +00:00
07f107ae20
Moved the engine stuff from the root-level of the SessionHandle struct to the
...
UrlState sub-struct. Also made the engine_list exist for non-ssl builds to
make curl build.
2004-12-14 09:36:22 +00:00
bdb0620529
Added handling of CURLINFO_SSL_ENGINES;
...
Added Curl_SSL_engines_list(), cleanup SSL in url.c
(no HAVE_OPENSSL_x etc.).
2004-12-13 16:43:00 +00:00
8e34e75100
Curl_select's timeout arg is an int
2004-11-22 13:28:44 +00:00
1a05a90f1c
David Phillips' FD_SETSIZE fix
2004-11-19 08:52:33 +00:00
5931d43a36
clean up start time and t_startsingle use so that redirect_time works properly
2004-11-15 11:27:03 +00:00
39af394a1c
removed tabs and trailing whitespace from source
2004-10-06 07:50:18 +00:00
6fa624cf8c
improved error message when client cert return failure
2004-09-02 21:03:41 +00:00
4934e6471b
In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is
...
already UTF-8 encoded. We check for this case and copy the raw string manually
to avoid the problem. This code can be made conditional in the future when
OpenSSL has been fixed. Work-around brought by Alexis S. L. Carvalho.
2004-08-10 08:06:43 +00:00
ae2f002b44
added typecast in an attempt to fix a mingw32 warning
2004-07-29 07:34:17 +00:00
4511f7ac50
SSL_get_verify_result() returns a long, so we receive the result in a long
...
and not an int.
2004-07-04 21:42:32 +00:00
090b89cc76
Variable type cleanups to please the picky MIPSPro compiler.
2004-07-01 08:10:21 +00:00
85bd4621db
Prevent a very long password to buffer overflow the global variable we
...
use when built with a very old OpenSSL version.
2004-06-30 11:53:34 +00:00
ba40eccc90
make the SSL connect use the same default connect timeout define as the
...
generic connect uses
2004-06-30 09:22:48 +00:00
feb2dd2835
Replaced all uses of sprintf() with the safer snprintf(). It is just a
...
precaution to prevent mistakes to lead to buffer overflows.
2004-06-24 11:54:11 +00:00
76920413d9
Gisle fixed the wildcard checks for certificates.
2004-06-22 08:51:22 +00:00
cf3f1ef284
prevent compiler warning
2004-06-19 09:38:08 +00:00
bd3d5a17b4
Gisle's "SSL patch" from June 16th 2004, modified by me as discussed on the
...
mailing list.
2004-06-18 06:20:43 +00:00
be72eaa327
use Curl_strcasestr() when checking wildcard cert names
2004-06-13 08:33:26 +00:00
2511d1193a
* seed_enough() was converted to a macro to avoid the IRIX compiler warning
...
about that passed-in argument not being used.
* killed trailing whitespace
2004-05-18 07:25:13 +00:00
a9893ca79a
Peter Sylvester's patch that addresses two flaws in the peer certificate name
...
verification:
- when multiple common names are used (as in the curl tests), the last name
needs to be selected.
- allow comparing with encoded values, at least with BMP and ISO latin1
encoded T61strings.
2004-05-17 22:01:16 +00:00
b5f85ba77d
memory cleanup and check fix
2004-05-13 15:19:02 +00:00
bbafb2eb27
curl_global_init_mem() allows the memory functions to be replaced.
...
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
699ebe2f0b
Gisle made the code use ERR_error_string_n()
2004-04-29 07:36:40 +00:00
4b9f8e766d
Made host name and proxy name get stored in a 'struct hostname' and set
...
all things up to work with encoded host names internally, as well as keeping
'display names' to show in debug messages. IDN resolves work for me now using
ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right.
2004-04-27 13:56:23 +00:00
fb1039f2ab
Tor Arntsen fixed a 'Statement not reachable'-warning
2004-04-26 11:52:43 +00:00
b7a7600465
Cleaned up hostname/name/gname and path/ppath confusion. Removed the fixed-
...
length limit of the hostname part of the URL.
2004-04-20 07:53:24 +00:00
0c791d1e76
variable type usage cleanup to please picky compilers
2004-03-23 15:20:57 +00:00
326e8b9fc1
don't let the EINTR stuff build on windows
2004-03-11 12:57:04 +00:00
40e892bb36
Jeff Lawson fixed the SSL connection to deal with received signals during the
...
connect.
2004-03-10 08:43:01 +00:00
ce5805a955
Use curl_socket_t instead of int for holding sockets. The typedefs and
...
defines are in setup.h.
2004-03-09 22:52:50 +00:00
4d17d6876e
Dan Fandrich's cleanup patch to make pedantic compiler options cause less
...
warnings. Minor edits by me.
2004-01-29 13:56:45 +00:00
61e3d75def
Gisle Vanem's patch for variables that "might be used uninitialized"
2004-01-16 09:17:04 +00:00
053f6c85ef
updated year in the copyright string
2004-01-07 09:19:33 +00:00
d8cf2d42c0
prevent warning for non-SSL builds
2003-11-24 11:44:04 +00:00
1e98727c55
FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe it
2003-11-24 07:15:37 +00:00
Dan Fandrich