- Anatoli Tubman found and fixed a crash with Negotiate authentication used on
a re-used connection where both requests used Negotiate.

- Kaspar Brand made GnuTLS-built libcurl properly acknowledge the option that
forces it to prefer SSLv3.

- Sam Listopad provided a patch in feature-request #1900014
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
use OpenSSL) support a full chain of certificates i

- Sam Listopad provided a patch in feature-request #1900014
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
use OpenSSL) support a full chain of certificates in a given PKCS12
certificate.

show more ...

- Georg Lippitsch made the src/Makefile.vc6 makefile use the same memory model
options as the lib/Makefile.vc6 already did.

- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
happened if you set the connection cache size to 1 and for example failed to
login to an FTP site. Bug report #189

- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
happened if you set the connection cache size to 1 and for example failed to
login to an FTP site. Bug report #1896698
(http://curl.haxx.se/bug/view.cgi?id=1896698)

show more ...

- Fixed test case 405 to not fail when libcurl is built with GnuTLS

- Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
know exactly when it has completed

- Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
know exactly when it has completed the SSL negotiation or not so that there
won't be accidental re-uses of connections that are wrongly believed to be
in SSL-completed-negotiate state.

show more ...

- We no longer support setting the CURLOPT_URL option from inside a callback
such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location:
following. The patch that introdu

- We no longer support setting the CURLOPT_URL option from inside a callback
such as the CURLOPT_SSL_CTX_FUNCTION one treat that as if it was a Location:
following. The patch that introduced this feature was done for 7.11.0, but
this code and functionality has been broken since about 7.15.4 (March 2006)
with the introduction of non-blocking OpenSSL "connects".

It was a hack to begin with and since it doesn't work and hasn't worked
correctly for a long time and nobody has even noticed, I consider it a very
suitable subject for plain removal. And so it was done.

show more ...

- We're no longer providing a very old ca-bundle in the curl tarball. You can
get a fresh one downloaded and created with 'make ca-bundle' or you can get
one from here => http://curl.haxx

- We're no longer providing a very old ca-bundle in the curl tarball. You can
get a fresh one downloaded and created with 'make ca-bundle' or you can get
one from here => http://curl.haxx.se/docs/caextract.html if you want a fresh
new one extracted from Mozilla's recent list of ca certs.

The configure option --with-ca-bundle now lets you specify what file to use
as default ca bundle for your build. If not specified, the configure script
will check a few known standard places for a global ca cert to use.

show more ...

- Jerome Muffat-Meridol helped me fix Curl_done() to close the current
connection by force when it was called before the entire request is
completed, simply because we can't know if the c

- Jerome Muffat-Meridol helped me fix Curl_done() to close the current
connection by force when it was called before the entire request is
completed, simply because we can't know if the connection really can be
re-used safely at that point.

show more ...

- Made the gnutls code path not even try to get the server cert if no peer
verification is requested. Previously it would even return failure if gnutls
failed to get the server cert even

- Made the gnutls code path not even try to get the server cert if no peer
verification is requested. Previously it would even return failure if gnutls
failed to get the server cert even though no verification was asked for.

- Fix my Curl_timeleft() leftover mistake in the gnutls code

show more ...

new mirror and mirror recount after cleansing

- Pooyan McSporran found and fixed a flaw where you first would do a normal
http request and then you'd reuse the handle and replace the Accept: header,
as then libcurl would send two Acc

- Pooyan McSporran found and fixed a flaw where you first would do a normal
http request and then you'd reuse the handle and replace the Accept: header,
as then libcurl would send two Accept: headers!

show more ...

Bug report #1888932 (http://curl.haxx.se/bug/view.cgi?id=1888932) points
out and provides test program that demonstrates that libcurl might not set
error description message for error CURLE_C

Bug report #1888932 (http://curl.haxx.se/bug/view.cgi?id=1888932) points
out and provides test program that demonstrates that libcurl might not set
error description message for error CURLE_COULDNT_RESOLVE_HOST for Windows
threaded name resolver builds. Fixed now.

show more ...

- Mike Hommey filed and fixed bug report #1889856
(http://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl
layer, cleaning-up and reinitializing curl ends up with https re

- Mike Hommey filed and fixed bug report #1889856
(http://curl.haxx.se/bug/view.cgi?id=1889856): When using the gnutls ssl
layer, cleaning-up and reinitializing curl ends up with https requests
failing with "ASN1 parser: Element was not found" errors. Obviously a
regression added in 7.16.3.

show more ...

G�nter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and
creates a suitable ca-bundle.crt file in PEM format for use with curl. The
recommended way to run it is to use 'mak

G�nter Knauf added lib/mk-ca-bundle.pl which gets the Firefox ca bundle and
creates a suitable ca-bundle.crt file in PEM format for use with curl. The
recommended way to run it is to use 'make ca-bundle' in the build tree root.

show more ...

- Refactored a lot of timeout code into a few functions in an attempt to make
them all use the same (hopefully correct) logic to make it less error-prone
and easier to introduce library-w

- Refactored a lot of timeout code into a few functions in an attempt to make
them all use the same (hopefully correct) logic to make it less error-prone
and easier to introduce library-wide where it should be used.

show more ...

Fix problem in strdup replacement when dealing with absolutely huge strings.

- Niklas Angebrand made the cookie support in libcurl properly deal with the
"HttpOnly" feature introduced by Microsoft and apparently also supported by
Firefox: http://msdn2.microsoft.co

- Niklas Angebrand made the cookie support in libcurl properly deal with the
"HttpOnly" feature introduced by Microsoft and apparently also supported by
Firefox: http://msdn2.microsoft.com/en-us/library/ms533046.aspx . HttpOnly
is now supported when received from servers in HTTP headers, when written to
cookie jars and when read from existing cookie jars.

show more ...

- Dmitry Kurochkin fixed Curl_done() for pipelining, as it could previously
crash!

- Michal Marek fixed minor mistake in test case 553 that prevented it from
working on other IP-addresses or port numbers.

start over on 7.18.1

- Kevin Reed filed bug report #1879375
(http://curl.haxx.se/bug/view.cgi?id=1879375) which describes how libcurl
got lost in this scenario: proxy tunnel (or HTTPS over proxy), ask to do a

- Kevin Reed filed bug report #1879375
(http://curl.haxx.se/bug/view.cgi?id=1879375) which describes how libcurl
got lost in this scenario: proxy tunnel (or HTTPS over proxy), ask to do any
proxy authentication and the proxy replies with an auth (like NTLM) and then
closes the connection after that initial informational response.

libcurl would not properly re-initialize the connection to the proxy and
continue the auth negotiation like supposed. It does now however, as it will
now detect if one or more authentication methods were available and asked
for, and will thus retry the connection and continue from there.

- I made the progress callback get called properly during proxy CONNECT.

show more ...

and Igor Franchuk is his name!

"Igor" pointed out that CURLOPT_COOKIELIST set to "ALL" leaked memory, and so
did "SESS". Fixed now.