#
6f86022d |
| 30-Aug-2017 |
Viktor Szakats |
ntlm: use strict order for SSL backend #if branches With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL
ntlm: use strict order for SSL backend #if branches With the recently introduced MultiSSL support multiple SSL backends can be compiled into cURL That means that now the order of the SSL One option would be to use the same SSL backend as was configured via `curl_global_sslset()`, however, NTLMv2 support would appear to be available only with some SSL backends. For example, when eb88d778e (ntlm: Use Windows Crypt API, 2014-12-02) introduced support for NTLMv1 using Windows' Crypt API, it specifically did *not* introduce NTLMv2 support using Crypt API at the same time. So let's select one specific SSL backend for NTLM support when compiled with multiple SSL backends, using a priority order such that we support NTLMv2 even if only one compiled-in SSL backend can be used for that. Ref: https://github.com/curl/curl/pull/1848
show more ...
|
#
6869d65f |
| 02-Sep-2017 |
Patrick Monnerat |
Curl_base64_encode: always call with a real data handle. Some calls in different modules were setting the data handle to NULL, causing segmentation faults when using builds that enable c
Curl_base64_encode: always call with a real data handle. Some calls in different modules were setting the data handle to NULL, causing segmentation faults when using builds that enable character code conversions.
show more ...
|
Revision tags: curl-7_54_1, curl-7_54_0, curl-7_53_1, curl-7_53_0 |
|
#
88bdd7cf |
| 06-Feb-2017 |
Viktor Szakats |
use *.sourceforge.io and misc URL updates Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/ Closes: https://github.com/curl/curl/pull/1247
|
Revision tags: curl-7_52_1, curl-7_52_0 |
|
#
cb4e2be7 |
| 16-Nov-2016 |
Alex Rousskov |
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is est
proxy: Support HTTPS proxy and SOCKS+HTTP(s) * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
show more ...
|
Revision tags: curl-7_51_0 |
|
#
811a693b |
| 30-Sep-2016 |
Daniel Stenberg |
strcasecompare: all case insensitive string compares ignore locale now We had some confusions on when each function was used. We should not act differently on different locales anyway.
|
Revision tags: curl-7_50_3, curl-7_50_2, curl-7_50_1, curl-7_50_0, curl-7_49_1, curl-7_49_0 |
|
#
4f45240b |
| 29-Apr-2016 |
Daniel Stenberg |
lib: include curl_printf.h as one of the last headers curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((fo
lib: include curl_printf.h as one of the last headers curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
show more ...
|
#
a24f71aa |
| 06-Apr-2016 |
Viktor Szakats |
URLs: change http to https in many places Closes #754
|
#
f0bdd72c |
| 27-Mar-2016 |
Steve Holme |
http_ntlm: Renamed from curl_ntlm.[c|h] Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP
http_ntlm: Renamed from curl_ntlm.[c|h] Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
show more ...
|
Revision tags: curl-7_48_0, curl-7_47_1, curl-7_47_0, curl-7_46_0, curl-7_45_0, curl-7_44_0, curl-7_43_0, curl-7_42_1, curl-7_42_0, curl-7_41_0, curl-7_40_0, curl-7_39_0, curl-7_38_0, curl-7_37_1, curl-7_37_0, curl-7_36_0, curl-7_35_0, curl-7_34_0, curl-7_33_0, curl-7_32_0, curl-7_31_0, curl-7_30_0, curl-7_29_0, curl-7_28_1, curl-7_28_0, curl-7_27_0, curl-7_26_0, curl-7_25_0, curl-7_24_0, curl-7_23_1, curl-7_23_0, curl-7_22_0 |
|
#
662c1d87 |
| 28-Aug-2011 |
Yang Tse |
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm
NTLM: END of refactoring/splitting/moving First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
show more ...
|
#
260ee6b7 |
| 27-Aug-2011 |
Yang Tse |
NTLM_WB: move NTLM_WB specifics into curl_ntlm_wb.[ch]
|
#
b976d108 |
| 27-Aug-2011 |
Yang Tse |
NTLM_WB: final congruency naming adjustments Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb Configure script option --disable-wb-ntlm-auth renamed to --disable
NTLM_WB: final congruency naming adjustments Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE Static function wb_ntlm_close renamed to ntlm_wb_cleanup Static function wb_ntlm_initiate renamed to ntlm_wb_init Static function wb_ntlm_response renamed to ntlm_wb_response
show more ...
|
#
407e08ba |
| 26-Aug-2011 |
Yang Tse |
NTLM single-sign on adjustments (X) Functions renamed: Curl_output_ntlm_sso -> Curl_output_ntlm_wb sso_ntlm_close -> wb_ntlm_close sso_ntlm_response -> wb_ntlm_response
NTLM single-sign on adjustments (X) Functions renamed: Curl_output_ntlm_sso -> Curl_output_ntlm_wb sso_ntlm_close -> wb_ntlm_close sso_ntlm_response -> wb_ntlm_response sso_ntlm_initiate -> wb_ntlm_initiate Preprocessor symbols renamed: CURLAUTH_NTLM_SSO -> CURLAUTH_NTLM_WB CURL_VERSION_NTLM_SSO -> CURL_VERSION_NTLM_WB
show more ...
|
#
d535cff7 |
| 25-Aug-2011 |
Steve Holme |
http NTLM: refactoring followup Output of Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message() functions is now already base64 encoded.
|
#
fd00b382 |
| 24-Aug-2011 |
Yang Tse |
base64: fix Curl_base64_encode and Curl_base64_decode interfaces Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from a
base64: fix Curl_base64_encode and Curl_base64_decode interfaces Previous interfaces for these libcurl internal functions did not allow to tell apart a legitimate zero size result from an error condition. These functions now return a CURLcode indicating function success or otherwise specific error. Output size is returned using a pointer argument. All usage of these two functions, and others closely related, has been adapted to the new interfaces. Relative error and OOM handling adapted or added where missing. Unit test 1302 also adapted.
show more ...
|
#
006b011c |
| 22-Aug-2011 |
Steve Holme |
http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patch * Added function comments: - Curl_ntlm_decode_type2_message - Curl_ntlm_create_type1_message
http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patch * Added function comments: - Curl_ntlm_decode_type2_message - Curl_ntlm_create_type1_message - Curl_ntlm_create_type3_message * Modification of ntlm processing state to NTLMSTATE_TYPE2 is now done only when Curl_ntlm_decode_type2_message() has fully succeeded.
show more ...
|
#
b9d5e72a |
| 14-Aug-2011 |
Yang Tse |
http NTLM: reinstate "nssg.h" "curl_sspi.h" header inclusions
|
#
e575cbc8 |
| 14-Aug-2011 |
Yang Tse |
http NTLM: reinstate "memdebug.h" header inclusion Inclusion of header "memdebug.h" in http_ntlm.c got lost in commit 98fb0ef7.
|
#
dfb18da5 |
| 14-Aug-2011 |
Daniel Stenberg |
Curl_output_ntlm: remove unused variable
|
#
dc4f9d18 |
| 14-Aug-2011 |
Yang Tse |
http NTLM: fix 8 compiler warnings Strict splitting of http_ntlm.[ch] may trigger 8 compiler warnings when building with some compilers and strict compiler warnings enabled, depending
http NTLM: fix 8 compiler warnings Strict splitting of http_ntlm.[ch] may trigger 8 compiler warnings when building with some compilers and strict compiler warnings enabled, depending on other specific configuration options some could get triggered or not. Seven are related with 'unused function parameters' and another one with 'var may be used before its value is set'.
show more ...
|
#
98fb0ef7 |
| 14-Aug-2011 |
Yang Tse |
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future interna
http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch] For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
show more ...
|
#
b4d6db83 |
| 13-Aug-2011 |
Yang Tse |
http NTLM: change return type of Curl_input_ntlm() to CURLcode Remove CURLntlm enum, no longer required.
|
#
1e4187f8 |
| 12-Aug-2011 |
Yang Tse |
http NTLM: update NTLM type-* message structure descriptions - followup
|
#
092189c6 |
| 12-Aug-2011 |
Yang Tse |
http NTLM: update NTLM message structure notes
|
#
3293150d |
| 12-Aug-2011 |
Yang Tse |
http NTLM: more adjustments in preparation of code refactoring Use preprocessor symbol NTLM_BUFSIZE to define private NTLM buffer fixed size. Use a SessionHandle 'data' pointer vari
http NTLM: more adjustments in preparation of code refactoring Use preprocessor symbol NTLM_BUFSIZE to define private NTLM buffer fixed size. Use a SessionHandle 'data' pointer variable to ease refactoring. Update NTLM type-* message structure descriptions. Fix some more spacing and typos (Steve Holme).
show more ...
|
#
448f982d |
| 11-Aug-2011 |
Yang Tse |
http NTLM: fix compiler warning
|