History log of /curl/RELEASE-NOTES (Results 1376 – 1400 of 2430)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 2838362a 02-Aug-2009 Daniel Stenberg

clarified configure detection of GnuTLS


# 6d891d2a 01-Aug-2009 Daniel Stenberg

- Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
now I've addressed the obvious bug

- Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
option for SNI, or are we simply not using it?

show more ...


# c0e8bed5 01-Aug-2009 Daniel Stenberg

- Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
verification flaw found and exploited by Moxie Marlinspike. The

- Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
verification flaw found and exploited by Moxie Marlinspike. The presentation
he did at Black Hat is available here:
https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike

Apparently at least one CA allowed a subjectAltName or CN that contain a
zero byte, and thus clients that assumed they would never have zero bytes
were exploited to OK a certificate that didn't actually match the site. Like
if the name in the cert was "example.com\0theatualsite.com", libcurl would
happily verify that cert for example.com.

libcurl now better use the length of the extracted name, not assuming it is
zero terminated.

show more ...


# 0dce2ff8 01-Aug-2009 Daniel Stenberg

- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
agreed that moving it to the global_in

- Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
agreed that moving it to the global_init() function is a decent way to deal
with this situation.

show more ...


# 2642638f 01-Aug-2009 Daniel Stenberg

- Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if

- Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
could still end up using a proxy if a proxy environment variable was set.

show more ...


# 06841282 27-Jul-2009 Daniel Stenberg

- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and
CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to
send when using FTP, as a sign that libcurl shall si

- All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and
CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to
send when using FTP, as a sign that libcurl shall simply ignore the response
from the server instead of treating it as an error. Not treating a 400+ FTP
response code as an error means that failed commands will not abort the
chain of commands, nor will they cause the connection to get disconnected.

show more ...


# b347a7a9 26-Jul-2009 Daniel Stenberg

- Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed
out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm,
and provided the solution too: to u

- Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed
out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm,
and provided the solution too: to use OpenSSL_add_all_algorithms() instead
of the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
OpenSSL 0.9.5

show more ...


# 47c392e1 22-Jul-2009 Daniel Stenberg

- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.
They introduce known_host support for SSH keys to libcurl. See docs for
details.


# 4c207a00 22-Jul-2009 Michal Marek

- David Binderman found a memory and fd leak in lib/gtls.c:load_file()
(https://bugzilla.novell.com/523919). When looking at the code, I found
that also the ptr pointer can leak.


# 5cf78472 08-Jul-2009 Daniel Stenberg

- Constantine Sapuntzakis posted bug report #2813123
(http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
problem:

Url A is accessed using auth. Url A re

- Constantine Sapuntzakis posted bug report #2813123
(http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
problem:

Url A is accessed using auth. Url A redirects to Url B (on a different
server0. Url B reuses a persistent connection. Url B has auth, even though
it's on a different server.

Note: if Url B does not reuse a persistent connection, auth is not sent.

show more ...


# 18f238dd 29-Jun-2009 Daniel Stenberg

my CURLINFO_CERTINFO fix


# 4f551259 29-Jun-2009 Daniel Stenberg

- Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port
range if given colon-separated after the host name/address part. Like
"192.168.0.1:2000-10000"


# a0474685 16-Jun-2009 Daniel Stenberg

- Reuven Wachtfogel made curl -o - properly produce a binary output on windows
(no newline translations). Use -B/--use-ascii if you rather get the ascii
approach.


# 0b317b72 16-Jun-2009 Michal Marek

- When doing non-anonymous ftp via http proxies and the password is not
provided in the url, add it there (squid needs this).


# 4b6d3a2b 15-Jun-2009 Daniel Stenberg

- Eric Wong's patch:

This allows curl(1) to be used as a client-side tunnel for arbitrary stream
protocols by abusing chunked transfer encoding in both the HTTP request and
HTT

- Eric Wong's patch:

This allows curl(1) to be used as a client-side tunnel for arbitrary stream
protocols by abusing chunked transfer encoding in both the HTTP request and
HTTP response. This requires server support for sending a response while a
request is still being read, of course.

If attempting to read from stdin returns EAGAIN, then we pause our sender.
This leaves curl to attempt to read from the socket while reading from stdin
(and thus sending) is paused.

show more ...


# 35217709 10-Jun-2009 Daniel Stenberg

- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.


# 16ae283f 09-Jun-2009 Yang Tse

initialize fread callback pointer to avoid compiler warning


# 3e0c067e 08-Jun-2009 Daniel Stenberg

- Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount
issue with client certs that caused issues like segfaults.
http://curl.haxx.se/mail/lib-2009-05/0316.html


# f90551ff 08-Jun-2009 Daniel Stenberg

- Triggered by bug report #2798852 and the patch in there, I fixed configure
to detect gnutls build options with pkg-config only and not libgnutls-config
anymore since GnuTLS has stopped

- Triggered by bug report #2798852 and the patch in there, I fixed configure
to detect gnutls build options with pkg-config only and not libgnutls-config
anymore since GnuTLS has stopped distributing that tool. If an explicit path
is given to configure, we will instead guess on how to link and use that
lib. I did not use the patch from the bug report.

show more ...


# f45500c6 08-Jun-2009 Daniel Stenberg

djgpp build fix


# e08f81c8 07-Jun-2009 Daniel Stenberg

Bill Hoffman (6 June 2009)
- Added some cmake docs and fixed socklen_t in the build.


# 9324f1c2 07-Jun-2009 Daniel Stenberg

- Eric Wong fixed --no-buffer to actually switch off output buffering. Been
broken since 7.19.0


# 027cb376 05-Jun-2009 Yang Tse

mention last changes


# ce1a5841 05-Jun-2009 Daniel Stenberg

remove conflict markers


# 1012c570 05-Jun-2009 Daniel Stenberg

- Setting the Content-Length: header from your app when you do a POST or PUT
is almost always a VERY BAD IDEA. Yet there are still apps out there doing
this, and now recently it triggered

- Setting the Content-Length: header from your app when you do a POST or PUT
is almost always a VERY BAD IDEA. Yet there are still apps out there doing
this, and now recently it triggered a bug/side-effect in libcurl as when
libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
knows it will just get a 401/407 back. If the app then replaced the
Content-Length header, it caused the server to wait for input that libcurl
wouldn't send. Aaron Oneal reported this problem in bug report #2799008
http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.

show more ...


1...<<51525354555657585960>>...98