1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 23:15:08 -05:00
Commit Graph

214 Commits

Author SHA1 Message Date
Daniel Stenberg
91386937ff - Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MS
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the
  timeouts with millisecond resolution instead. The only restriction to that
  is the alarm() (sometimes) used to abort name resolves as that uses full
  seconds. I fixed the FTP response timeout part of the patch.

  Internally we now count and keep the timeouts in milliseconds but it also
  means we multiply set timeouts with 1000. The effect of this is that no
  timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
  equals 24.86 days.  We probably couldn't before either since the code did
  *1000 on the timeout values on several places already.
2007-02-05 22:51:32 +00:00
Dan Fandrich
9e61c904ac Display crypto engine name correctly in debug message. 2007-01-10 21:21:53 +00:00
Linus Nielsen Feltzing
55123424c8 Removed unused variable in Curl_ossl_shutdown() 2007-01-08 10:03:19 +00:00
Daniel Stenberg
4750e6f3c5 - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.
2007-01-05 23:11:14 +00:00
Daniel Stenberg
be0d17e812 cleaned up Curl_write() and the sub functions it uses for various protocols.
They all now return ssize_t to Curl_write().

Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
Daniel Stenberg
f830d77307 Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
2006-11-08 21:49:14 +00:00
Daniel Stenberg
4e717cdb30 Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-21 11:32:05 +00:00
Yang Tse
ec956b0334 Explicit typecast for Curl_debug() size argument 2006-10-17 10:04:13 +00:00
Yang Tse
c30e908034 Compiler warning fix 2006-09-10 23:37:42 +00:00
Yang Tse
d157c29269 Fix compiler warnings 2006-07-19 21:14:02 +00:00
Yang Tse
483a586d55 Avoid variable declaration shadowing previously declared one 2006-07-19 18:46:56 +00:00
Yang Tse
f3c508f6e8 Update error buffer size used for SSL_strerror() 2006-07-17 05:05:57 +00:00
Daniel Stenberg
a3949c7786 with a very recent yassl, we now can display 'yassl' when the OpenSSL API is
in fact provided by yassl instead
2006-06-29 07:35:02 +00:00
Daniel Stenberg
8df5dcb193 proper use of newlines 2006-06-09 12:07:34 +00:00
Daniel Stenberg
2bd3033f68 NTLM2 session response support 2006-06-07 14:14:04 +00:00
Daniel Stenberg
c9c5ce2365 David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-10 22:17:42 +00:00
Daniel Stenberg
1946058e7b Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
2006-05-09 12:43:49 +00:00
Daniel Stenberg
9bece2b313 additional renames of Curl_ourerrno => Curl_sockerrno 2006-05-05 10:24:27 +00:00
Daniel Stenberg
e85e30546c Roland Blom filed bug report #1481217
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele Bini
and David Byron. libcurl previously wrongly used GetLastError() on windows to
get error details after socket-related function calls, when it really should
use WSAGetLastError() instead.

When changing to this, the former function Curl_ourerrno() is now instead
called Curl_sockerrno() as it is necessary to only use it to get errno from
socket-related functions as otherwise it won't work as intended on Windows.
2006-05-04 22:39:47 +00:00
Daniel Stenberg
38898ba4af corrected the SSL timeout, as Ates Goral's patch did it and that works (opposed
to my previous brain-damaged version)
2006-04-18 22:10:19 +00:00
Daniel Stenberg
676597e961 Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL
connection time-out!
2006-04-10 21:49:55 +00:00
Daniel Stenberg
5a4b43848a First commit of David McCreedy's EBCDIC and TPF changes. 2006-04-07 21:50:47 +00:00
Daniel Stenberg
83367f67de Xavier Bouchoux made the SSL connection non-blocking for the multi interface
(when using OpenSSL).
2006-03-21 21:54:44 +00:00
Daniel Stenberg
d494d62953 David McCreedy found a use of the wrong variable when display the error
text from OpenSSL.
2006-03-13 23:34:25 +00:00
Daniel Stenberg
8bba99ae56 Lots of users on Windows have reported getting the "SSL: couldn't set
callback" error message so I've now made the setting of that callback not be
as critical as before. The function is only used for additional loggging/
trace anyway so a failure just means slightly less data. It should still be
able to proceed and connect fine to the server.
2006-03-06 22:35:51 +00:00
Dan Fandrich
178afd81a9 Fixed lcc compiler warnings. 2005-12-19 19:47:14 +00:00
Dan Fandrich
e2df946eee Fixed some compiler warnings on lcc. 2005-12-13 18:54:31 +00:00
Daniel Stenberg
083c5e17e1 Yang Tse fixed: Openssl 0.9.9 makes 'const' the SSL_METHOD parameter in
SSL_CTX_new and others, and also makes functions SSLv23_client_method,
TLSv1_client_method, etc return a 'const' SSL_METHOD pointer. Previous
versions do not use the 'const' qualifier.
2005-12-05 15:14:04 +00:00
Gisle Vanem
67b4d9b232 Recent OpenSSL returns a 'const' in '*_client_method()'. So avoid
'assignment discards qualifiers from pointer target type' warning.
2005-12-04 18:47:36 +00:00
Daniel Stenberg
9ace303528 Yang Tse fixed compiler warnings 2005-11-13 23:53:14 +00:00
Daniel Stenberg
20b17d6b04 the debug callback was called with CURLINFO_TEXT with the data size one
too big
2005-08-10 22:57:14 +00:00
Daniel Stenberg
4e26b2a65b fix compiler warning 2005-04-13 06:52:03 +00:00
Daniel Stenberg
6e61939382 GnuTLS support added. There's now a "generic" SSL layer that we use all over
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00
Daniel Stenberg
ab4086bc24 Updated the copyright year since changes have been this year. 2005-03-31 07:02:02 +00:00
Dan Fandrich
b01151e81c Reduced the length of data read from the random entropy file. 2005-03-04 22:36:56 +00:00
Dan Fandrich
67bd6f9ccd Don't try to read the whole of the random file because when /dev/urandom is
used, it slows initialization too much reading an infinitely long file!
2005-03-04 20:10:29 +00:00
Daniel Stenberg
446b9467da init fix for non-SSL builds 2005-02-10 07:45:08 +00:00
Daniel Stenberg
61a1e3cd01 better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
Daniel Stenberg
83bab78bda Hzhijun reported a memory leak in the SSL certificate code, that leaked the
remote certificate name when it didn't match the used host name.
2005-01-10 09:48:39 +00:00
Gisle Vanem
754d6c3abd Remove 'data' initialiser. 2004-12-19 11:39:34 +00:00
Daniel Stenberg
3d647b9a98 if the pkcs12.h header exists, include it already in urldata.h to work around
a precedence problem with the zlib header. See CHANGES for details.
2004-12-19 09:37:32 +00:00
Daniel Stenberg
8ad47a13e5 Samuel Listopad added support for PKCS12 formatted certificates. 2004-12-18 10:42:48 +00:00
Daniel Stenberg
553082e24a prevent compiler warning when built without engine support 2004-12-14 22:06:25 +00:00
Dan Fandrich
10d6d8b2ae Header files are in openssl/ only if USE_OPENSSL is set. 2004-12-14 20:25:23 +00:00
Gisle Vanem
7d3f5d7ac1 urldata.h: Removed engine_list.
ssluse.*: Added SSL_strerror(). Curl_SSL_engines_list() now returns a slist
which must be freed by caller.
2004-12-14 14:20:21 +00:00
Daniel Stenberg
07f107ae20 Moved the engine stuff from the root-level of the SessionHandle struct to the
UrlState sub-struct. Also made the engine_list exist for non-ssl builds to
make curl build.
2004-12-14 09:36:22 +00:00
Gisle Vanem
bdb0620529 Added handling of CURLINFO_SSL_ENGINES;
Added Curl_SSL_engines_list(), cleanup SSL in url.c
(no HAVE_OPENSSL_x etc.).
2004-12-13 16:43:00 +00:00
Daniel Stenberg
8e34e75100 Curl_select's timeout arg is an int 2004-11-22 13:28:44 +00:00
Daniel Stenberg
1a05a90f1c David Phillips' FD_SETSIZE fix 2004-11-19 08:52:33 +00:00
Daniel Stenberg
5931d43a36 clean up start time and t_startsingle use so that redirect_time works properly 2004-11-15 11:27:03 +00:00
Daniel Stenberg
39af394a1c removed tabs and trailing whitespace from source 2004-10-06 07:50:18 +00:00
Daniel Stenberg
6fa624cf8c improved error message when client cert return failure 2004-09-02 21:03:41 +00:00
Daniel Stenberg
4934e6471b In OpenSSL 0.9.7d and earlier, ASN1_STRING_to_UTF8 fails if the input is
already UTF-8 encoded. We check for this case and copy the raw string manually
to avoid the problem. This code can be made conditional in the future when
OpenSSL has been fixed. Work-around brought by Alexis S. L. Carvalho.
2004-08-10 08:06:43 +00:00
Daniel Stenberg
ae2f002b44 added typecast in an attempt to fix a mingw32 warning 2004-07-29 07:34:17 +00:00
Daniel Stenberg
4511f7ac50 SSL_get_verify_result() returns a long, so we receive the result in a long
and not an int.
2004-07-04 21:42:32 +00:00
Daniel Stenberg
090b89cc76 Variable type cleanups to please the picky MIPSPro compiler. 2004-07-01 08:10:21 +00:00
Daniel Stenberg
85bd4621db Prevent a very long password to buffer overflow the global variable we
use when built with a very old OpenSSL version.
2004-06-30 11:53:34 +00:00
Daniel Stenberg
ba40eccc90 make the SSL connect use the same default connect timeout define as the
generic connect uses
2004-06-30 09:22:48 +00:00
Daniel Stenberg
feb2dd2835 Replaced all uses of sprintf() with the safer snprintf(). It is just a
precaution to prevent mistakes to lead to buffer overflows.
2004-06-24 11:54:11 +00:00
Daniel Stenberg
76920413d9 Gisle fixed the wildcard checks for certificates. 2004-06-22 08:51:22 +00:00
Daniel Stenberg
cf3f1ef284 prevent compiler warning 2004-06-19 09:38:08 +00:00
Daniel Stenberg
bd3d5a17b4 Gisle's "SSL patch" from June 16th 2004, modified by me as discussed on the
mailing list.
2004-06-18 06:20:43 +00:00
Daniel Stenberg
be72eaa327 use Curl_strcasestr() when checking wildcard cert names 2004-06-13 08:33:26 +00:00
Daniel Stenberg
2511d1193a * seed_enough() was converted to a macro to avoid the IRIX compiler warning
about that passed-in argument not being used.
* killed trailing whitespace
2004-05-18 07:25:13 +00:00
Daniel Stenberg
a9893ca79a Peter Sylvester's patch that addresses two flaws in the peer certificate name
verification:

- when multiple common names are used (as in the curl tests), the last name
needs to be selected.

- allow comparing with encoded values, at least with BMP and ISO latin1
encoded T61strings.
2004-05-17 22:01:16 +00:00
Daniel Stenberg
b5f85ba77d memory cleanup and check fix 2004-05-13 15:19:02 +00:00
Daniel Stenberg
bbafb2eb27 curl_global_init_mem() allows the memory functions to be replaced.
memory.h is included everywhere for this.
2004-05-11 11:30:23 +00:00
Daniel Stenberg
699ebe2f0b Gisle made the code use ERR_error_string_n() 2004-04-29 07:36:40 +00:00
Daniel Stenberg
4b9f8e766d Made host name and proxy name get stored in a 'struct hostname' and set
all things up to work with encoded host names internally, as well as keeping
'display names' to show in debug messages. IDN resolves work for me now using
ipv6, ipv4 and ares resolving. Even cookies on IDN sites seem to do right.
2004-04-27 13:56:23 +00:00
Daniel Stenberg
fb1039f2ab Tor Arntsen fixed a 'Statement not reachable'-warning 2004-04-26 11:52:43 +00:00
Daniel Stenberg
b7a7600465 Cleaned up hostname/name/gname and path/ppath confusion. Removed the fixed-
length limit of the hostname part of the URL.
2004-04-20 07:53:24 +00:00
Daniel Stenberg
0c791d1e76 variable type usage cleanup to please picky compilers 2004-03-23 15:20:57 +00:00
Daniel Stenberg
326e8b9fc1 don't let the EINTR stuff build on windows 2004-03-11 12:57:04 +00:00
Daniel Stenberg
40e892bb36 Jeff Lawson fixed the SSL connection to deal with received signals during the
connect.
2004-03-10 08:43:01 +00:00
Daniel Stenberg
ce5805a955 Use curl_socket_t instead of int for holding sockets. The typedefs and
defines are in setup.h.
2004-03-09 22:52:50 +00:00
Daniel Stenberg
4d17d6876e Dan Fandrich's cleanup patch to make pedantic compiler options cause less
warnings. Minor edits by me.
2004-01-29 13:56:45 +00:00
Daniel Stenberg
61e3d75def Gisle Vanem's patch for variables that "might be used uninitialized" 2004-01-16 09:17:04 +00:00
Daniel Stenberg
053f6c85ef updated year in the copyright string 2004-01-07 09:19:33 +00:00
Daniel Stenberg
d8cf2d42c0 prevent warning for non-SSL builds 2003-11-24 11:44:04 +00:00
Daniel Stenberg
1e98727c55 FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe it 2003-11-24 07:15:37 +00:00
Daniel Stenberg
dfe0118033 Mathias Axelsson found a case where we free()d the server certificate twice! 2003-11-15 10:00:20 +00:00
Daniel Stenberg
14f795816d Georg Horn's fixes to do different CA cert verifications. They can now be
done even if the result is ignored, as some sites seem to require that.
2003-10-23 07:44:55 +00:00
Daniel Stenberg
597c1fe6bc rewritten alternative name check 2003-10-16 13:44:34 +00:00
Daniel Stenberg
c6a0bb99af bad license situation for the altname patch 2003-10-15 14:42:11 +00:00
Daniel Stenberg
ff5b6ff528 fixed to build fine without ssl 2003-10-08 13:06:50 +00:00
Daniel Stenberg
6494889e3b Neil Dunbar provided a patch that now makes libcurl check SSL
subjectAltNames when matching certs. This is apparently detailed in RFC2818
  as the right thing to do. I had to add configure checks for inet_pton() and
  our own (strictly speaking, code from BIND written by Paul Vixie) provided
  code for the function for platforms that miss it.
2003-10-07 21:46:47 +00:00
Daniel Stenberg
481094db90 warn if no CN is available if verify is only set to 1 2003-09-03 20:47:17 +00:00
Daniel Stenberg
a8c78cbbb0 CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions so
we need to check for its presence in the configure script
2003-08-19 09:56:16 +00:00
Daniel Stenberg
dafc652f63 Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()
when we cleanup the SSL stuff to not leak any memory.

I wish this was documented anywhere.
2003-08-19 07:51:09 +00:00
Daniel Stenberg
f9c3347f7c re-use existing variable instead of declaring a new local one 2003-07-05 13:27:02 +00:00
Daniel Stenberg
45fc760985 Peter Sylvester's patch was applied that introduces the following:
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the
   OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If
   anything but CURLE_OK is returned, that will also be returned by libcurl
   all the way back. If this function changes the CURLOPT_URL, libcurl will
   detect this and instead go use the new URL.

   CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set
   with CURLOPT_SSL_CTX_FUNCTION.
2003-07-04 16:29:23 +00:00
Daniel Stenberg
308bc9d919 use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions 2003-06-26 11:22:12 +00:00
Daniel Stenberg
d288222e80 work-around SSL implementation flaws better, pointed out in bug report
#745122.
2003-06-02 13:27:03 +00:00
Daniel Stenberg
f213e857ab Andy Cedilnik fixed some compiler warnings 2003-05-01 13:37:36 +00:00
Daniel Stenberg
0b839c4f77 return the same error for the sslv2 "certificate verify failed" code 2003-04-14 22:00:36 +00:00
Daniel Stenberg
21873b52e9 Restored the SSL error codes since they was broken in the 7.10.4 release,
also now attempt to detect and return the specific CACERT error code.
2003-04-14 12:53:29 +00:00
Daniel Stenberg
9558f229db Fixup after talks with Richard Bramante. We should now make better
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-31 05:13:26 +00:00
Daniel Stenberg
afffce80f0 Philippe Raoult needed this to build on FreeBSD 2003-03-13 21:41:02 +00:00
Daniel Stenberg
8755a6d1ac Richard Gorton improved the random_the_seed() function for systems where
we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure.
2003-03-11 18:55:34 +00:00
Daniel Stenberg
9121b1f41d the strequal and strnequal should now be called with the proper curl_ prefix 2003-02-28 12:20:08 +00:00