Kamil Dudka
30b093f6fc
nss: do not check the version of NSS at run time
...
The minimal required version of NSS is 3.14.x so it does not make sense
to check for NSS 3.12.0+ at run time.
2014-07-28 16:27:04 +02:00
Kamil Dudka
ca2aa61b66
nss: make the list of CRL items global
...
Otherwise NSS could use an already freed item for another connection.
2014-07-04 13:15:03 +02:00
Kamil Dudka
52cd5ac21c
nss: fix a memory leak when CURLOPT_CRLFILE is used
2014-07-04 08:25:05 +02:00
Kamil Dudka
caa4db8a51
nss: make crl_der allocated on heap
...
... and spell it as crl_der instead of crlDER
2014-07-04 00:37:40 +02:00
Kamil Dudka
2968f957aa
nss: let nss_{cache,load}_crl return CURLcode
2014-07-04 00:20:59 +02:00
Kamil Dudka
7581dee10a
nss: make the fallback to SSLv3 work again
...
This feature was unintentionally disabled by commit ff92fcfb
.
2014-07-02 18:11:05 +02:00
Kamil Dudka
7c21558503
nss: do not abort on connection failure
...
... due to calling SSL_VersionRangeGet() with NULL file descriptor
reported-by: upstream tests 305 and 404
2014-07-02 17:59:03 +02:00
Kamil Dudka
9c941e92c4
nss: propagate blocking direction from NSPR I/O
...
... during the non-blocking SSL handshake
2014-04-25 15:08:12 +02:00
Kamil Dudka
8868a226cd
nss: implement non-blocking SSL handshake
2014-04-22 22:56:14 +02:00
Kamil Dudka
a43bba3a34
nss: split Curl_nss_connect() into 4 functions
2014-04-22 22:56:14 +02:00
Daniel Stenberg
ef813c7097
http2: remove _DRAFT09 from the NPN_HTTP2 enum
...
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Kamil Dudka
67061e3f4e
nss: allow to enable/disable new AES GCM cipher-suites
...
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
c864d81289
nss: allow to enable/disable new HMAC-SHA256 cipher-suites
...
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
b4f6cd46eb
nss: do not enable AES cipher-suites by default
...
... but allow them to be enabled/disabled explicitly. The default
policy should be maintained at the NSS level.
2014-03-15 13:07:55 +01:00
Daniel Stenberg
6f416fa462
NSS: avoid compiler warnings when built without http2 support
2014-03-03 08:39:25 +01:00
Fabian Frank
909a68c121
NPN/ALPN: allow disabling via command line
...
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.
TODO: honor this option with GnuTLS and OpenSSL
2014-02-10 13:06:17 +01:00
Fabian Frank
70bd9784de
nss: use correct preprocessor macro
...
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection,
but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a
preprocessor macro.
2014-02-10 08:09:02 +01:00
Daniel Stenberg
09d907ee68
nss: support pre-ALPN versions
2014-02-07 15:38:45 +01:00
Fabian Frank
f3a12460ad
nss: ALPN and NPN support
...
Add ALPN and NPN support for NSS. This allows cURL to negotiate
HTTP/2.0 connections when built with NSS.
2014-02-07 15:35:23 +01:00
Steve Holme
265f2e9ed7
nss: Updated copyright year for recent edits
2014-02-06 22:32:56 +00:00
Fabian Frank
ff92fcfb90
nss: prefer highest available TLS version
...
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
if --tlsv1[.N] was not specified on the command line.
2014-02-06 23:09:56 +01:00
Kamil Dudka
665c160f0a
nss: do not use the NSS_ENABLE_ECC define
...
It is not provided by NSS public headers.
Bug: https://bugzilla.redhat.com/1058776
2014-01-29 13:57:21 +01:00
Kamil Dudka
e15e73b741
nss: do not fail if NSS does not implement a cipher
...
... that the user does not ask for
2014-01-29 13:46:17 +01:00
Steve Holme
f88f9bed00
vtls: Updated comments referencing sslgen.c and ssluse.c
2013-12-26 21:42:22 +00:00
Steve Holme
9aa6e4357a
vtls: Fixed up include of vtls.h
2013-12-26 21:25:51 +00:00
Daniel Stenberg
a47c142a88
vtls: moved all TLS/SSL source and header files into subdir
2013-12-20 17:12:42 +01:00