| 23666978 | 21-Nov-2018 |
UnknownShadow200 |
CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and description
Closes #3295 |
| 2fcc4367 | 21-Nov-2018 |
Daniel Gustafsson |
configure: Fix typo in comment |
| 549310e9 | 14-Nov-2018 |
Michael Kaufmann |
openssl: support session resume with TLS 1.3
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a sessi
openssl: support session resume with TLS 1.3
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.
Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.
The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.
A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.
This approach also works for old SSL/TLS versions and old OpenSSL versions.
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Fixes #3202
Closes #3271
show more ...
|
| 30a65381 | 13-Nov-2018 |
Michael Kaufmann |
ssl: fix compilation with OpenSSL 0.9.7
- ENGINE_cleanup() was used without including "openssl/engine.h"
- enable engine support for OpenSSL 0.9.7
Closes #3266 |
| 59311bd3 | 20-Nov-2018 |
Daniel Stenberg |
openssl: disable TLS renegotiation with BoringSSL
Since we're close to feature freeze, this change disables this feature
with an #ifdef. Define ALLOW_RENEG at build-time to enable.
openssl: disable TLS renegotiation with BoringSSL
Since we're close to feature freeze, this change disables this feature
with an #ifdef. Define ALLOW_RENEG at build-time to enable.
This could be converted to a bit for CURLOPT_SSL_OPTIONS to let
applications opt-in this.
Concern-raised-by: David Benjamin
Fixes #3283
Closes #3293
show more ...
|
| 6765e6d9 | 05-Nov-2018 |
Romain Fliedel |
ares: remove fd from multi fd set when ares is about to close the fd
When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would
ares: remove fd from multi fd set when ares is about to close the fd
When using c-ares for asyn dns, the dns socket fd was silently closed
by c-ares without curl being aware. curl would then 'realize' the fd
has been removed at next call of Curl_resolver_getsock, and only then
notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with
CURL_POLL_REMOVE. At this point the fd is already closed.
By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this
patch allows curl to be notified that the fd is not longer needed
for neither for write nor read. At this point by calling
Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE
before the fd is actually closed by ares.
In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore
since it does not allow passing a different sock_state_cb_data
Closes #3238
show more ...
|
| 47ccb2d2 | 05-Nov-2018 |
Romain Fliedel |
examples/ephiperfifo: report error when epoll_ctl fails |
| 7c96f6a1 | 14-Nov-2018 |
pkubaj |
ntlm: Remove redundant ifdef USE_OPENSSL
lib/curl_ntlm.c had code that read as follows:
#ifdef USE_OPENSSL
# ifdef USE_OPENSSL
# else
# ..
# endif
#e
ntlm: Remove redundant ifdef USE_OPENSSL
lib/curl_ntlm.c had code that read as follows:
#ifdef USE_OPENSSL
# ifdef USE_OPENSSL
# else
# ..
# endif
#endif
Remove the redundant USE_OPENSSL along with #else (it's not possible to
reach it anyway). The removed construction is a leftover from when the
SSLeay support was removed.
Closes #3269
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
| 78ff4e0d | 20-Nov-2018 |
Han Han |
ssl: replace all internal uses of CURLE_SSL_CACERT
Closes #3291 |
| 89d2e95f | 19-Nov-2018 |
Han Han |
docs: add more description to unified ssl error codes |
| 0fd4427f | 19-Nov-2018 |
Han Han |
curle: move deprecated error code to ifndef block |
| c19ed66a | 19-Nov-2018 |
Patrick Monnerat |
os400: add CURLOPT_CURLU to ILE/RPG binding. |
| ee90ca02 | 19-Nov-2018 |
Patrick Monnerat |
os400: Add curl_easy_conn_upkeep() to ILE/RPG binding. |
| 50397e1f | 19-Nov-2018 |
Patrick Monnerat |
os400: fix return type of curl_easy_pause() in ILE/RPG binding. |
| e6d390a7 | 19-Nov-2018 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| a04ed00a | 15-Nov-2018 |
Daniel Stenberg |
impacket: add LICENSE
The license for the impacket package was not in our tree.
Imported now from upstream's
https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
impacket: add LICENSE
The license for the impacket package was not in our tree.
Imported now from upstream's
https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE
Reported-by: infinnovation-dev on github
Fixes #3276
Closes #3277
show more ...
|
| b88bf6e6 | 18-Nov-2018 |
Daniel Gustafsson |
tool_doswin: Fix uninitialized field warning
The partial struct initialization in 397664a065abffb7c3445ca9 caused
a warning on uninitialized MODULEENTRY32 struct members:
/src
tool_doswin: Fix uninitialized field warning
The partial struct initialization in 397664a065abffb7c3445ca9 caused
a warning on uninitialized MODULEENTRY32 struct members:
/src/tool_doswin.c:681:3: warning: missing initializer for field
'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}'
[-Wmissing-field-initializers]
This is sort of a bogus warning as the remaining members will be set
to zero by the compiler, as all omitted members are. Nevertheless,
remove the warning by omitting all members and setting the dwSize
members explicitly.
Closes #3254
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
show more ...
|
| 1cccf2f9 | 17-Nov-2018 |
Daniel Gustafsson |
openssl: Remove SSLEAY leftovers
Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
compatible with the SSLeay library. This removes the few leftovers that
were
openssl: Remove SSLEAY leftovers
Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't
compatible with the SSLeay library. This removes the few leftovers that
were omitted in the less frequently used platform targets.
Closes #3270
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
show more ...
|
| 07ebaf83 | 13-Nov-2018 |
Elia Tufarolo |
http_negotiate: do not close connection until negotiation is completed
Fix HTTP POST using CURLAUTH_NEGOTIATE.
Closes #3275 |
| 6d0e487f | 15-Nov-2018 |
Daniel Stenberg |
pop3: only do APOP with a valid timestamp
Brought-by: bobmitchell1956 on github
Fixes #3278
Closes #3279 |
| 27e4ac24 | 16-Nov-2018 |
Peter Wu |
openssl: do not log excess "TLS app data" lines for TLS 1.3
The SSL_CTX_set_msg_callback callback is not just called for the
Handshake or Alert protocols, but also for the raw record hea
openssl: do not log excess "TLS app data" lines for TLS 1.3
The SSL_CTX_set_msg_callback callback is not just called for the
Handshake or Alert protocols, but also for the raw record header
(SSL3_RT_HEADER) and the decrypted inner record type
(SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
* TLSv1.3 (IN), TLS app data, [no content] (0):
(Following this message, another callback for the decrypted
handshake/alert messages will be be present anyway.)
Closes https://github.com/curl/curl/pull/3281
show more ...
|
| 9cf7b7e6 | 15-Nov-2018 |
Marc Hoersken |
tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
but does not work together with SO_REUSEADDR being on.
The defa
tests: disable SO_EXCLUSIVEADDRUSE for stunnel on Windows
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
but does not work together with SO_REUSEADDR being on.
The default changes were made with stunnel 5.34 and 5.35.
show more ...
|
| 3d988c55 | 13-Nov-2018 |
Kamil Dudka |
nss: remove version selecting dead code
Closes #3262 |
| 0c448093 | 12-Nov-2018 |
Daniel Stenberg |
nss: set default max-tls to 1.3/1.2
Fixes #3261 |
| 2f5f31bb | 12-Nov-2018 |
Daniel Gustafsson |
tool_cb_wrt: Silence function cast compiler warning
Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
compiler warning on Windows cross compilation with GCC. See below
tool_cb_wrt: Silence function cast compiler warning
Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
compiler warning on Windows cross compilation with GCC. See below
for an example of the warning from the autobuild logs (whitespace
edited to fit):
/src/tool_cb_wrt.c:175:9: warning: cast from function call of type
'intptr_t {aka long long int}' to non-matching type 'void *'
[-Wbad-function-cast]
(HANDLE) _get_osfhandle(fileno(outs->stream)),
^
Store the return value from _get_osfhandle() in an intermediate
variable and cast the variable in WriteConsoleW() rather than the
function call directly to avoid a compiler warning.
In passing, also add inspection of the MultiByteToWideChar() return
value and return failure in case an error is reported.
Closes #3263
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
show more ...
|
