#
2838362a |
| 02-Aug-2009 |
Daniel Stenberg |
clarified configure detection of GnuTLS
|
#
6d891d2a |
| 01-Aug-2009 |
Daniel Stenberg |
- Curt Bogmine reported a problem with SNI enabled on a particular server. We should introduce an option to disable SNI, but as we're in feature freeze now I've addressed the obvious bug
- Curt Bogmine reported a problem with SNI enabled on a particular server. We should introduce an option to disable SNI, but as we're in feature freeze now I've addressed the obvious bug here (pointed out by Peter Sylvester): we shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected. Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular option for SNI, or are we simply not using it?
show more ...
|
#
c0e8bed5 |
| 01-Aug-2009 |
Daniel Stenberg |
- Scott Cantor posted the bug report #2829955 (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert verification flaw found and exploited by Moxie Marlinspike. The
- Scott Cantor posted the bug report #2829955 (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert verification flaw found and exploited by Moxie Marlinspike. The presentation he did at Black Hat is available here: https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike Apparently at least one CA allowed a subjectAltName or CN that contain a zero byte, and thus clients that assumed they would never have zero bytes were exploited to OK a certificate that didn't actually match the site. Like if the name in the cert was "example.com\0theatualsite.com", libcurl would happily verify that cert for example.com. libcurl now better use the length of the extracted name, not assuming it is zero terminated.
show more ...
|
#
0dce2ff8 |
| 01-Aug-2009 |
Daniel Stenberg |
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present only in some OpenSSL installs - like on Windows) isn't thread-safe and we agreed that moving it to the global_in
- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present only in some OpenSSL installs - like on Windows) isn't thread-safe and we agreed that moving it to the global_init() function is a decent way to deal with this situation.
show more ...
|
#
2642638f |
| 01-Aug-2009 |
Daniel Stenberg |
- Alexander Beedie provided the patch for a noproxy problem: If I have set CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually could still end up using a proxy if
- Alexander Beedie provided the patch for a noproxy problem: If I have set CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually could still end up using a proxy if a proxy environment variable was set.
show more ...
|
#
06841282 |
| 27-Jul-2009 |
Daniel Stenberg |
- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to send when using FTP, as a sign that libcurl shall si
- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to send when using FTP, as a sign that libcurl shall simply ignore the response from the server instead of treating it as an error. Not treating a 400+ FTP response code as an error means that failed commands will not abort the chain of commands, nor will they cause the connection to get disconnected.
show more ...
|
#
b347a7a9 |
| 26-Jul-2009 |
Daniel Stenberg |
- Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and provided the solution too: to u
- Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm, and provided the solution too: to use OpenSSL_add_all_algorithms() instead of the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in OpenSSL 0.9.5
show more ...
|
#
47c392e1 |
| 22-Jul-2009 |
Daniel Stenberg |
- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA. They introduce known_host support for SSH keys to libcurl. See docs for details.
|
#
4c207a00 |
| 22-Jul-2009 |
Michal Marek |
- David Binderman found a memory and fd leak in lib/gtls.c:load_file() (https://bugzilla.novell.com/523919). When looking at the code, I found that also the ptr pointer can leak.
|
#
5cf78472 |
| 08-Jul-2009 |
Daniel Stenberg |
- Constantine Sapuntzakis posted bug report #2813123 (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the problem: Url A is accessed using auth. Url A re
- Constantine Sapuntzakis posted bug report #2813123 (http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the problem: Url A is accessed using auth. Url A redirects to Url B (on a different server0. Url B reuses a persistent connection. Url B has auth, even though it's on a different server. Note: if Url B does not reuse a persistent connection, auth is not sent.
show more ...
|
#
18f238dd |
| 29-Jun-2009 |
Daniel Stenberg |
my CURLINFO_CERTINFO fix
|
#
4f551259 |
| 29-Jun-2009 |
Daniel Stenberg |
- Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port range if given colon-separated after the host name/address part. Like "192.168.0.1:2000-10000"
|
#
a0474685 |
| 16-Jun-2009 |
Daniel Stenberg |
- Reuven Wachtfogel made curl -o - properly produce a binary output on windows (no newline translations). Use -B/--use-ascii if you rather get the ascii approach.
|
#
0b317b72 |
| 16-Jun-2009 |
Michal Marek |
- When doing non-anonymous ftp via http proxies and the password is not provided in the url, add it there (squid needs this).
|
#
4b6d3a2b |
| 15-Jun-2009 |
Daniel Stenberg |
- Eric Wong's patch: This allows curl(1) to be used as a client-side tunnel for arbitrary stream protocols by abusing chunked transfer encoding in both the HTTP request and HTT
- Eric Wong's patch: This allows curl(1) to be used as a client-side tunnel for arbitrary stream protocols by abusing chunked transfer encoding in both the HTTP request and HTTP response. This requires server support for sending a response while a request is still being read, of course. If attempting to read from stdin returns EAGAIN, then we pause our sender. This leaves curl to attempt to read from the socket while reading from stdin (and thus sending) is paused.
show more ...
|
#
35217709 |
| 10-Jun-2009 |
Daniel Stenberg |
- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and contributed a range of patches to fix them.
|
#
16ae283f |
| 09-Jun-2009 |
Yang Tse |
initialize fread callback pointer to avoid compiler warning
|
#
3e0c067e |
| 08-Jun-2009 |
Daniel Stenberg |
- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount issue with client certs that caused issues like segfaults. http://curl.haxx.se/mail/lib-2009-05/0316.html
|
#
f90551ff |
| 08-Jun-2009 |
Daniel Stenberg |
- Triggered by bug report #2798852 and the patch in there, I fixed configure to detect gnutls build options with pkg-config only and not libgnutls-config anymore since GnuTLS has stopped
- Triggered by bug report #2798852 and the patch in there, I fixed configure to detect gnutls build options with pkg-config only and not libgnutls-config anymore since GnuTLS has stopped distributing that tool. If an explicit path is given to configure, we will instead guess on how to link and use that lib. I did not use the patch from the bug report.
show more ...
|
#
f45500c6 |
| 08-Jun-2009 |
Daniel Stenberg |
djgpp build fix
|
#
e08f81c8 |
| 07-Jun-2009 |
Daniel Stenberg |
Bill Hoffman (6 June 2009) - Added some cmake docs and fixed socklen_t in the build.
|
#
9324f1c2 |
| 07-Jun-2009 |
Daniel Stenberg |
- Eric Wong fixed --no-buffer to actually switch off output buffering. Been broken since 7.19.0
|
#
027cb376 |
| 05-Jun-2009 |
Yang Tse |
mention last changes
|
#
ce1a5841 |
| 05-Jun-2009 |
Daniel Stenberg |
remove conflict markers
|
#
1012c570 |
| 05-Jun-2009 |
Daniel Stenberg |
- Setting the Content-Length: header from your app when you do a POST or PUT is almost always a VERY BAD IDEA. Yet there are still apps out there doing this, and now recently it triggered
- Setting the Content-Length: header from your app when you do a POST or PUT is almost always a VERY BAD IDEA. Yet there are still apps out there doing this, and now recently it triggered a bug/side-effect in libcurl as when libcurl sends a POST or PUT with NTLM, it sends an empty post first when it knows it will just get a 401/407 back. If the app then replaced the Content-Length header, it caused the server to wait for input that libcurl wouldn't send. Aaron Oneal reported this problem in bug report #2799008 http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.
show more ...
|