The read callback must return the exact requested amount of data when it
is used for doing TFTP uploads. This is due to how it deals with data
internally. This could/should be fixed but for now we document the
existing behavior.
Reported by: Colin Blair
Bug: http://curl.haxx.se/mail/lib-2011-03/0319.html
This is a new documentation for the source tree. This information has
been present since a long time at
http://curl.haxx.se/mail/etiquette.html but now it is put into a plain
text version too for wider distribution. The web version will be
automatically generated from this source document.
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.
This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled. In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.
Bug: https://bugzilla.redhat.com/678580
All C and H files now (should) feature the proper project curl source
code header, which includes basic info, a copyright statement and some
basic disclaimers.
Stress that it is for client certificates and then mention that it also
works for all other SSL-based protocols apart from HTTPS and
FTPS. Namely POP3S, IMAPS and SMTPS for now.
This enables people to specify a path to the netrc file to use.
The new option override --netrc if both are present. However it
does follow --netrc-optional if specified.
On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.
"6.7 What are my obligations when using libcurl in my commercial apps?"
got the piece about what exactly "in all copies" mean to a user of the
code.
This interpretation is based on what other MIT-like licenses have made
more explicit.
Extended the intial HTTP protcol part and added a mention of --trace and
--trace-ascii.
Replaced most URLs in the text to use example.com instead of all the
made up strange names.
Shortened a bunch of lines.
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.
Bug: https://bugzilla.redhat.com/669702
