Marc Hoersken
4161624e94
TODO: moved WinSSL/SChannel todo items into docs
2015-01-31 12:30:11 +01:00
Michael Kaufmann
04f246f8c7
CURLOPT_SEEKFUNCTION.3: also when server closes a connection
2015-01-29 22:34:21 +01:00
Steve Holme
8ca3b05624
curl_sasl.c: Fixed compilation warning when cryptography is disabled
...
curl_sasl.c:1506: warning: unused variable 'chlg'
2015-01-29 11:48:11 +00:00
Steve Holme
6fdc8651bd
curl_sasl.c: Fixed compilation warning when verbose debug output disabled
...
curl_sasl.c:1317: warning: unused parameter 'conn'
2015-01-28 22:48:01 +00:00
Steve Holme
8cc70db2db
ntlm_core: Use own odd parity function when crypto engine doesn't have one
2015-01-28 22:34:53 +00:00
Steve Holme
c469369b86
ntlm_core: Prefer sizeof(key) rather than hard coded sizes
2015-01-28 22:34:52 +00:00
Steve Holme
58e39b4da5
ntlm_core: Added consistent comments to DES functions
2015-01-28 22:34:51 +00:00
Steve Holme
300876a7a6
des: Added Curl_des_set_odd_parity()
...
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
2015-01-28 22:34:49 +00:00
Steve Holme
ef782d726e
tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests
2015-01-28 19:55:06 +00:00
Steve Holme
26d4e0ad4e
tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests
2015-01-28 19:51:15 +00:00
Steve Holme
e3558a551b
tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests
2015-01-28 19:50:34 +00:00
Steve Holme
595a66ce0f
sasl: Minor code policing and grammar corrections
2015-01-28 19:23:37 +00:00
Gisle Vanem
3cc9e9383b
ldap: build with BoringSSL
2015-01-28 14:22:11 +01:00
Daniel Stenberg
9d964e5477
security: avoid compiler warning
...
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
Daniel Stenberg
153e9c0278
runtests: identify BoringSSL and libressl
2015-01-28 10:10:59 +01:00
Patrick Monnerat
980ba2202c
docs: cite SASL external authentication.
2015-01-27 19:10:18 +01:00
Patrick Monnerat
7b2012f262
sasl: remove XOAUTH2 from default enabled authentication mechanism.
2015-01-27 18:08:18 +01:00
Patrick Monnerat
ed9a4b9fc4
test: add test cases for sasl external authentication (imap/pop3/smtp).
2015-01-27 18:03:56 +01:00
Patrick Monnerat
fe79f20957
imap: remove automatic password setting: it breaks external sasl authentication
2015-01-27 17:34:40 +01:00
Patrick Monnerat
0d24f64473
sasl: implement EXTERNAL authentication mechanism.
...
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
2015-01-27 17:24:55 +01:00
Steve Holme
e1bb13c09f
openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
...
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
2015-01-27 12:53:41 +00:00
Steve Holme
a268a804b7
openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
...
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
2015-01-27 12:47:48 +00:00
Brad Spencer
5691325440
curl_setup: Disable SMB/CIFS support when HTTP only
2015-01-26 18:48:44 +00:00
Steve Holme
db6bcbd83f
RELEASE-NOTES: Synced with 37824498a3
2015-01-23 07:57:09 +00:00
Daniel Stenberg
37824498a3
configure: remove detection of the old yassl emulation API
...
... as that is ancient history and not used.
2015-01-22 23:53:52 +01:00
Daniel Stenberg
23c6f0a344
OCSP stapling: disabled when build with BoringSSL
2015-01-22 23:34:43 +01:00
Alessandro Ghedini
d1cf5d5706
openssl: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
e888e30476
BoringSSL: fix build for non-configure builds
...
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Daniel Stenberg
3d5648f9ee
configure: fix BoringSSL detection and detect libresssl
2015-01-22 22:52:53 +01:00
Steve Holme
12e45b8462
curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
...
Commit 7a8b2885e2
2015-01-22 21:32:41 +00:00
Steve Holme
c260c9fad3
curl_sasl: Minor code policing following recent commits
2015-01-22 21:08:18 +00:00
John Malmberg
731e6a6662
openvms: Handle openssl/0.8.9zb version parsing
...
packages/vms/gnv_link_curl.com was assuming only a single letter suffix
in the openssl version. That assumption has been fixed for 7.40.
2015-01-22 17:00:25 +01:00
Daniel Stenberg
eb748f159a
BoringSSL: detected by configure, switches off NTLM
2015-01-22 16:39:01 +01:00
Daniel Stenberg
d6c4695dcd
BoringSSL: no PKCS12 support nor ERR_remove_state
2015-01-22 16:39:01 +01:00
Leith Bade
261208d432
BoringSSL: fix build
2015-01-22 16:39:01 +01:00
Steve Holme
795f013006
curl_sasl.c: chlglen is not used when cryptography is disabled
2015-01-20 19:28:54 +00:00
Steve Holme
71f8fdee81
curl_sasl.c: Fixed compilation warning when cyptography is disabled
...
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
2015-01-20 19:25:43 +00:00
Steve Holme
6005b0d99c
curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
...
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20 19:24:47 +00:00
Patrick Monnerat
7a8b2885e2
SASL: make some procedures local-scoped
2015-01-20 18:17:55 +01:00
Patrick Monnerat
79543caf90
SASL: common state engine for imap/pop3/smtp
2015-01-20 17:33:05 +01:00
Patrick Monnerat
e1ea18f90e
SASL: common URL option and auth capabilities decoders for all protocols
2015-01-20 15:27:25 +01:00
Patrick Monnerat
5f09cbcdbd
IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
2015-01-20 14:14:26 +01:00
Daniel Stenberg
960b04e137
ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
...
Reported-by: Chris Young
2015-01-20 09:03:55 +01:00
Chris Young
089783c838
timeval: typecast for better type (on Amiga)
...
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
2015-01-20 08:53:14 +01:00
Daniel Stenberg
be57f689b0
openssl: do public key pinning check independently
...
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
2015-01-19 23:20:13 +01:00
Patrick Monnerat
fca58f6212
OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too.
2015-01-19 13:52:40 +01:00
Steve Holme
2cc571f9e3
ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
...
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
1cbc8fd3d1
http_negotiate: Use dynamic buffer for SPN generation
...
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
2015-01-18 15:45:12 +00:00
Steve Holme
9c4fa400cf
sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
2015-01-18 15:42:26 +00:00
Steve Holme
b9fd757d03
sasl_gssapi: Fixed memory leak with local SPN variable
2015-01-18 15:40:07 +00:00
