moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00
Code Issues Releases Wiki Activity
15,518 Commits 10 Branches 144 Tags 113 MiB
C 66.7%
Python 12.4%
M4 6.9%
Perl 6.7%
DIGITAL Command Language 2.9%
Other 4.3%
da82f59b69
Go to file
Daniel Stenberg da82f59b69 CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value 
After a research team wrote a document[1] that found several live source
codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
option thinking it was a boolean, this change now bans 1 as a value and
will make libcurl return error for it.

1 was never a sensible value to use in production but was introduced
back in the days to help debugging. It was always documented clearly
this way.

1 was never supported by all SSL backends in libcurl, so this cleanup
makes the treatment of it unified.

The report's list of mistakes for this option were all PHP code and
while there's a binding layer between libcurl and PHP, the PHP team has
decided that they have an as thin layer as possible on top of libcurl so
they will not alter or specifically filter a 'TRUE' value for this
particular option. I sympathize with that position.

[1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-11-06 19:46:53 +01:00
CMake cmake: use standard findxxx modules for cmake v2.8+ 2012-09-17 23:22:09 +02:00
docs CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value 2012-11-06 19:46:53 +01:00
include version-bump: towards 7.28.1! 2012-10-10 22:35:08 +02:00
lib CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value 2012-11-06 19:46:53 +01:00
m4 configure: remove the --enable/disable-nonblocking options 2012-08-16 19:24:33 +02:00
packages Updated Symbian build files 2012-09-03 22:54:58 +02:00
perl removed trailing whitespace 2011-12-30 03:36:18 +01:00
src uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES 2012-11-06 00:32:21 +01:00
tests uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES 2012-11-06 00:32:21 +01:00
winbuild winbuild: Use machine type of development environment 2012-11-01 22:23:05 +01:00
.gitattributes Tell git to not convert configure-related files. 2012-07-17 20:35:23 +02:00
.gitignore Moved some patterns to subfolder's .gitignore. 2012-07-03 14:31:50 +02:00
acinclude.m4 configure: NATIVE_WINDOWS no longer defined in config files 2012-04-12 13:08:48 +02:00
Android.mk Updated build docs w.r.t. Android and binary sizes 2012-09-03 22:41:03 +02:00
buildconf curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
buildconf.bat curl tool: use configuration files from lib directory - follow-up II 2012-04-09 21:39:03 +02:00
CHANGES CHANGES: move all contents from CHANGES to CHANGES.0 2010-06-21 22:27:39 +02:00
CHANGES.0 removed trailing whitespace 2011-12-30 03:36:18 +01:00
CMakeLists.txt configure: NATIVE_WINDOWS no longer defined in config files 2012-04-12 13:08:48 +02:00
configure.ac configure: update the copyright years for the output 2012-08-19 00:18:34 +02:00
COPYING Updated copyright year. 2012-04-13 20:35:02 +02:00
CTestConfig.cmake ENH: move dashboard location 2009-07-15 19:40:46 +00:00
curl-config.in curl-config: parentheses fix 2012-08-07 14:13:09 +02:00
curl-style.el remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
GIT-INFO s/CVS/git 2010-03-22 00:41:34 +01:00
install-sh removed trailing whitespace 2010-02-14 19:40:18 +00:00
libcurl.pc.in Fix libcurl.pc and curl-config generation for static MingW* cross builds 2012-05-26 00:01:00 +02:00
log2changes.pl log2changes.pl: fix the Version output 2012-06-07 23:50:00 +02:00
MacOSX-Framework MacOSX-Framework: updates for Snowleopard 2010-09-21 00:07:45 +02:00
Makefile.am make: make distclean work again 2012-07-20 21:56:27 +02:00
Makefile.dist Changed some main makefile targets. 2011-09-25 17:43:50 +02:00
Makefile.msvc.names build: refactoring of msvc makefiles to allow overriding of library filenames. 2010-12-20 21:53:44 +01:00
maketgz curl tool: use configuration files from lib directory 2012-04-06 23:37:05 +02:00
missing renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h. 2009-07-14 13:25:14 +00:00
mkinstalldirs remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
README various changes of CVS to git 2010-03-22 00:34:09 +01:00
RELEASE-NOTES RELEASE-NOTES: synced with fa6d78829f 2012-11-06 12:03:29 +01:00
sample.emacs remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
TODO-RELEASE TODO-RELEASE: cleanup for 7.28.0 2012-10-09 00:34:16 +02:00
vc6curl.dsw Renamed vc6 workspace and project files to avoid filename clash when used for conversion to later VS versions. 2009-05-08 17:51:44 +00:00

README 

                                  _   _ ____  _
                              ___| | | |  _ \| |
                             / __| | | | |_) | |
                            | (__| |_| |  _ <| |___
                             \___|\___/|_| \_\_____|

README

  Curl is a command line tool for transferring data specified with URL
  syntax. Find out how to use curl by reading the curl.1 man page or the
  MANUAL document. Find out how to install Curl by reading the INSTALL
  document.

  libcurl is the library curl is using to do its job. It is readily
  available to be used by your software. Read the libcurl.3 man page to
  learn how!

  You find answers to the most frequent questions we get in the FAQ document.

  Study the COPYING file for distribution terms and similar. If you distribute
  curl binaries or other binaries that involve libcurl, you might enjoy the
  LICENSE-MIXING document.

CONTACT

  If you have problems, questions, ideas or suggestions, please contact us
  by posting to a suitable mailing list. See http://curl.haxx.se/mail/

  All contributors to the project are listed in the THANKS document.

WEB SITE

  Visit the curl web site for the latest news and downloads:

        http://curl.haxx.se/

GIT

  To download the very latest source off the GIT server do this:

    git clone git://github.com/bagder/curl.git

  (you'll get a directory named curl created, filled with the source code)

NOTICE

  Curl contains pieces of source code that is Copyright (c) 1998, 1999
  Kungliga Tekniska Högskolan. This notice is included here to comply with the
  distribution terms.