#
10db3ef2 |
| 11-May-2019 |
Marcel Raad |
lib: reduce variable scopes Fixes Codacy/CppCheck warnings. Closes https://github.com/curl/curl/pull/3872
|
#
8ece8177 |
| 14-May-2019 |
Daniel Stenberg |
cleanup: remove FIXME and TODO comments They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing
cleanup: remove FIXME and TODO comments They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883
show more ...
|
#
be6e281c |
| 30-Apr-2019 |
Daniel Stenberg |
multi: provide Curl_multiuse_state to update information As soon as a TLS backend gets ALPN conformation about the specific HTTP version it can now set the multiplex situation for the "b
multi: provide Curl_multiuse_state to update information As soon as a TLS backend gets ALPN conformation about the specific HTTP version it can now set the multiplex situation for the "bundle" and trigger moving potentially queued up transfers to the CONNECT state.
show more ...
|
Revision tags: curl-7_64_1 |
|
#
880cd5dd |
| 25-Feb-2019 |
Daniel Stenberg |
strerror: make the strerror function use local buffers Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata stru
strerror: make the strerror function use local buffers Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata struct by 11.8%, from 2160 to 1904 bytes with no functionality or performance loss. This also fixes a bug in schannel's Curl_verify_certificate where it called Curl_sspi_strerror when it should have called Curl_strerror for string from GetLastError. the only effect would have been no text or the wrong text being shown for the error. Co-authored-by: Jay Satiro Closes #3612
show more ...
|
#
531b7ad4 |
| 24-Feb-2019 |
georgeok |
schannel: support CALG_ECDH_EPHEM algorithm Add support for Ephemeral elliptic curve Diffie-Hellman key exchange algorithm option when selecting ciphers. This became available on the
schannel: support CALG_ECDH_EPHEM algorithm Add support for Ephemeral elliptic curve Diffie-Hellman key exchange algorithm option when selecting ciphers. This became available on the Win10 SDK. Closes https://github.com/curl/curl/pull/3608
show more ...
|
#
06480704 |
| 13-Feb-2019 |
Jay Satiro |
schannel: restore some debug output but only for debug builds Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy debug output in DEBUGF but omitted a few lines.
schannel: restore some debug output but only for debug builds Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy debug output in DEBUGF but omitted a few lines. Ref: https://github.com/curl/curl/commit/84c10dc#r32292900
show more ...
|
#
84c10dc1 |
| 11-Feb-2019 |
Daniel Stenberg |
schannel: be quiet Convert numerous infof() calls into debug-build only messages since they are annoyingly verbose for regular applications. Removed a few. Bug: https://curl.hax
schannel: be quiet Convert numerous infof() calls into debug-build only messages since they are annoyingly verbose for regular applications. Removed a few. Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html Reported-by: Volker Schmid Closes #3552
show more ...
|
#
927a5bd1 |
| 06-Feb-2019 |
Chris Araman |
url: close TLS before removing conn from cache - Fix potential crashes in schannel shutdown. Ensure any TLS shutdown messages are sent before removing the association between th
url: close TLS before removing conn from cache - Fix potential crashes in schannel shutdown. Ensure any TLS shutdown messages are sent before removing the association between the connection and the easy handle. Reverts @bagder's previous partial fix for #3412. Fixes https://github.com/curl/curl/issues/3412 Fixes https://github.com/curl/curl/issues/3505 Closes https://github.com/curl/curl/pull/3531
show more ...
|
Revision tags: curl-7_64_0 |
|
#
a730432e |
| 29-Jan-2019 |
georgeok |
spnego_sspi: add support for channel binding Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS acce
spnego_sspi: add support for channel binding Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
show more ...
|
#
180501cb |
| 29-Jan-2019 |
Daniel Stenberg |
schannel: stop calling it "winssl" Stick to "Schannel" everywhere. The configure option --with-winssl is kept to allow existing builds to work but --with-schannel is added as an alia
schannel: stop calling it "winssl" Stick to "Schannel" everywhere. The configure option --with-winssl is kept to allow existing builds to work but --with-schannel is added as an alias. Closes #3504
show more ...
|
#
ce6f73b9 |
| 20-Jan-2019 |
Archangel_SDY |
schannel: preserve original certificate path parameter Fixes #3480 Closes #3487
|
Revision tags: curl-7_63_0 |
|
#
09662337 |
| 27-Nov-2018 |
georgeok |
ntlm_sspi: add support for channel binding Windows extended potection (aka ssl channel binding) is required to login to ntlm IIS endpoint, otherwise the server returns 401 responses.
ntlm_sspi: add support for channel binding Windows extended potection (aka ssl channel binding) is required to login to ntlm IIS endpoint, otherwise the server returns 401 responses. Fixes #3280 Closes #3321
show more ...
|
#
6ee67297 |
| 18-Jan-2019 |
Daniel Stenberg |
schannel: on connection close there might not be a transfer Reported-by: Marcel Raad Fixes #3412 Closes #3483
|
#
dcd6f810 |
| 22-Nov-2018 |
Daniel Stenberg |
snprintf: renamed and we now only use msnprintf() The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differen
snprintf: renamed and we now only use msnprintf() The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
show more ...
|
#
8a49b291 |
| 07-Nov-2018 |
Daniel Gustafsson |
winssl: be consistent in Schannel capitalization The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. C
winssl: be consistent in Schannel capitalization The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. Closes #3243 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
#
7f4c3585 |
| 30-Oct-2018 |
marcosdiazr |
schannel: make CURLOPT_CERTINFO support using Issuer chain Closes #3197
|
#
832661b3 |
| 31-Oct-2018 |
Daniel Stenberg |
schannel: use Curl_ prefix for global private symbols Curl_verify_certificate() must use the Curl_ prefix since it is globally available in the lib and otherwise steps outside of our nam
schannel: use Curl_ prefix for global private symbols Curl_verify_certificate() must use the Curl_ prefix since it is globally available in the lib and otherwise steps outside of our namespace! Closes #3201
show more ...
|
Revision tags: curl-7_62_0 |
|
#
2e5651a5 |
| 18-Sep-2018 |
Jay Satiro |
vtls: fix ssl version "or later" behavior change for many backends - Treat CURL_SSLVERSION_MAX_NONE the same as CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
vtls: fix ssl version "or later" behavior change for many backends - Treat CURL_SSLVERSION_MAX_NONE the same as CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use the minimum version also as the maximum. This is a follow-up to 6015cef which changed the behavior of setting the SSL version so that the requested version would only be the minimum and not the maximum. It appears it was (mostly) implemented in OpenSSL but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to mean use just TLS v1.0 and now it means use TLS v1.0 *or later*. - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL. Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was erroneously treated as always TLS 1.3, and would cause an error if OpenSSL was built without TLS 1.3 support. Co-authored-by: Daniel Gustafsson Fixes https://github.com/curl/curl/issues/2969 Closes https://github.com/curl/curl/pull/3012
show more ...
|
#
10009222 |
| 06-Sep-2018 |
Daniel Stenberg |
schannel: avoid switch-cases that go to default anyway SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of mingw and would require an ifdef otherwise. Reported
schannel: avoid switch-cases that go to default anyway SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of mingw and would require an ifdef otherwise. Reported-by: Thomas Glanzmann Approved-by: Marc Hörsken Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html Closes #2950
show more ...
|
Revision tags: curl-7_61_1 |
|
#
5a3efb1d |
| 16-Aug-2018 |
Han Han |
schannel: unified error code handling Closes #2901
|
#
6b6c2b8d |
| 23-Aug-2018 |
Ihor Karpenko |
schannel: client certificate store opening fix 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG ) while opening certificate store would be sufficient in this scenario
schannel: client certificate store opening fix 1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG ) while opening certificate store would be sufficient in this scenario and less-demanding in sense of required user credentials ( for example, IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore call without any of flags mentioned above ), 2) as 'cert_store_name' is a DWORD, attempt to format its value like a string ( in "Failed to open cert store" error message ) will throw null pointer exception 3) adding GetLastError(), in my opinion, will make error message more useful. Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html Closes #2909
show more ...
|
#
2c33105d |
| 12-Jul-2018 |
Marcel Raad |
schannel: enable CALG_TLS1PRF for w32api >= 5.1 The definition of CALG_TLS1PRF has been fixed in the 5.1 branch: https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e
schannel: enable CALG_TLS1PRF for w32api >= 5.1 The definition of CALG_TLS1PRF has been fixed in the 5.1 branch: https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/commits/73aedcc0f2e6ba370de0d86ab878ad76a0dda7b5
show more ...
|
Revision tags: curl-7_61_0 |
|
#
48cf45c5 |
| 10-Jul-2018 |
Marcel Raad |
schannel: fix MinGW compile break Original MinGW's w32api has a sytax error in its definition of CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF until this bug [1] i
schannel: fix MinGW compile break Original MinGW's w32api has a sytax error in its definition of CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF until this bug [1] is fixed. [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h [1] https://osdn.net/projects/mingw/ticket/38391 Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043 Closes https://github.com/curl/curl/pull/2728
show more ...
|
#
424f1cfe |
| 08-Jul-2018 |
Marcel Raad |
schannel: fix -Wsign-compare warning MinGW warns: /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in conditional expression [-Wsign-compare] Fix this by casti
schannel: fix -Wsign-compare warning MinGW warns: /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in conditional expression [-Wsign-compare] Fix this by casting the ptrdiff_t to size_t as we know it's positive. Closes https://github.com/curl/curl/pull/2721
show more ...
|
#
07f7c93f |
| 08-Jul-2018 |
Marcel Raad |
schannel: workaround for wrong function signature in w32api Original MinGW's w32api has CryptHashData's second parameter as BYTE * instead of const BYTE *. Closes https://github
schannel: workaround for wrong function signature in w32api Original MinGW's w32api has CryptHashData's second parameter as BYTE * instead of const BYTE *. Closes https://github.com/curl/curl/pull/2721
show more ...
|