moparisthebest
/
curl
mirror of https://github.com/moparisthebest/curl
1
0
Fork 0
Code Issues Releases Wiki Activity
18,366 Commits 10 Branches 144 Tags 113 MiB
Commit Graph

28 Commits

Author SHA1 Message Date
Kamil Dudka 9e37a7f9a5 nss: do not fail if a CRL is already cached 
This fixes a copy-paste mistake from commit 2968f957.
 2014-10-08 17:31:04 +02:00
Daniel Stenberg 8dfd22089c vtls: make the random function mandatory in the TLS backend 
To force each backend implementation to really attempt to provide proper
random. If a proper random function is missing, then we can explicitly
make use of the default one we use when TLS support is missing.

This commit makes sure it works for darwinssl, gnutls, nss and openssl.
 2014-07-30 00:05:47 +02:00
Kamil Dudka 30b093f6fc nss: do not check the version of NSS at run time 
The minimal required version of NSS is 3.14.x so it does not make sense
to check for NSS 3.12.0+ at run time.
 2014-07-28 16:27:04 +02:00
Kamil Dudka ca2aa61b66 nss: make the list of CRL items global 
Otherwise NSS could use an already freed item for another connection.
 2014-07-04 13:15:03 +02:00
Kamil Dudka 52cd5ac21c nss: fix a memory leak when CURLOPT_CRLFILE is used 2014-07-04 08:25:05 +02:00
Kamil Dudka caa4db8a51 nss: make crl_der allocated on heap 
... and spell it as crl_der instead of crlDER
 2014-07-04 00:37:40 +02:00
Kamil Dudka 2968f957aa nss: let nss_{cache,load}_crl return CURLcode 2014-07-04 00:20:59 +02:00
Kamil Dudka 7581dee10a nss: make the fallback to SSLv3 work again 
This feature was unintentionally disabled by commit ff92fcfb.
 2014-07-02 18:11:05 +02:00
Kamil Dudka 7c21558503 nss: do not abort on connection failure 
... due to calling SSL_VersionRangeGet() with NULL file descriptor

reported-by: upstream tests 305 and 404
 2014-07-02 17:59:03 +02:00
Kamil Dudka 9c941e92c4 nss: propagate blocking direction from NSPR I/O 
... during the non-blocking SSL handshake
 2014-04-25 15:08:12 +02:00
Kamil Dudka 8868a226cd nss: implement non-blocking SSL handshake 2014-04-22 22:56:14 +02:00
Kamil Dudka a43bba3a34 nss: split Curl_nss_connect() into 4 functions 2014-04-22 22:56:14 +02:00
Daniel Stenberg ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum 
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
 2014-03-31 08:40:24 +02:00
Kamil Dudka 67061e3f4e nss: allow to enable/disable new AES GCM cipher-suites 
... if built against a new enough version of NSS
 2014-03-15 13:07:55 +01:00
Kamil Dudka c864d81289 nss: allow to enable/disable new HMAC-SHA256 cipher-suites 
... if built against a new enough version of NSS
 2014-03-15 13:07:55 +01:00
Kamil Dudka b4f6cd46eb nss: do not enable AES cipher-suites by default 
... but allow them to be enabled/disabled explicitly.  The default
policy should be maintained at the NSS level.
 2014-03-15 13:07:55 +01:00
Daniel Stenberg 6f416fa462 NSS: avoid compiler warnings when built without http2 support 2014-03-03 08:39:25 +01:00
Fabian Frank 909a68c121 NPN/ALPN: allow disabling via command line 
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.

TODO: honor this option with GnuTLS and OpenSSL
 2014-02-10 13:06:17 +01:00
Fabian Frank 70bd9784de nss: use correct preprocessor macro 
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection,
but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a
preprocessor macro.
 2014-02-10 08:09:02 +01:00
Daniel Stenberg 09d907ee68 nss: support pre-ALPN versions 2014-02-07 15:38:45 +01:00
Fabian Frank f3a12460ad nss: ALPN and NPN support 
Add ALPN and NPN support for NSS. This allows cURL to negotiate
HTTP/2.0 connections when built with NSS.
 2014-02-07 15:35:23 +01:00
Steve Holme 265f2e9ed7 nss: Updated copyright year for recent edits 2014-02-06 22:32:56 +00:00
Fabian Frank ff92fcfb90 nss: prefer highest available TLS version 
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
if --tlsv1[.N] was not specified on the command line.
 2014-02-06 23:09:56 +01:00
Kamil Dudka 665c160f0a nss: do not use the NSS_ENABLE_ECC define 
It is not provided by NSS public headers.

Bug: https://bugzilla.redhat.com/1058776
 2014-01-29 13:57:21 +01:00
Kamil Dudka e15e73b741 nss: do not fail if NSS does not implement a cipher 
... that the user does not ask for
 2014-01-29 13:46:17 +01:00
Steve Holme f88f9bed00 vtls: Updated comments referencing sslgen.c and ssluse.c 2013-12-26 21:42:22 +00:00
Steve Holme 9aa6e4357a vtls: Fixed up include of vtls.h 2013-12-26 21:25:51 +00:00
Daniel Stenberg a47c142a88 vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00