e9e79622 | 21-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
vtls: fix socket check conditions fix condition to check the second socket during associate and disassociate connection Closes #8493 |
999c2179 | 21-Feb-2022 |
Daniel Stenberg |
libssh2: don't typecast socket to int for libssh2_session_handshake Since libssh2_socket_t uses SOCKET on windows which can be larger than int. Closes #8492 |
441db465 | 21-Feb-2022 |
Daniel Stenberg |
RELEASE-NOTES: fix typo and make one desc shorter |
e8f6e274 | 21-Feb-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced |
a63c91ad | 21-Feb-2022 |
Daniel Stenberg |
CURLOPT_XFERINFOFUNCTION.3: fix typo in example Reported-by: coralw on github Fixes #8487 Closes #8488 |
754ee8e0 | 21-Feb-2022 |
Daniel Stenberg |
README: disable linkchecks for the sponsor links Closes #8489 |
f7ba0ecc | 20-Feb-2022 |
Jay Satiro |
openssl: check if sessionid flag is enabled before retrieving session Ideally, Curl_ssl_getsessionid should not be called unless sessionid caching is enabled. There is a debug assertion
openssl: check if sessionid flag is enabled before retrieving session Ideally, Curl_ssl_getsessionid should not be called unless sessionid caching is enabled. There is a debug assertion in the function to help ensure that. Therefore, the pattern in all vtls is basically: if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();} There was one instance in openssl.c where sessionid was not checked beforehand and this change fixes that. Prior to this change an assertion would occur in openssl debug builds during connection stage if session caching was disabled. Reported-by: Jim Beveridge Fixes https://github.com/curl/curl/issues/8472 Closes https://github.com/curl/curl/pull/8484
show more ...
|
e0dc9765 | 20-Feb-2022 |
Jay Satiro |
multi: allow user callbacks to call curl_multi_assign Several years ago a change was made to block user callbacks from calling back into the API when not supported (recursive calls). One
multi: allow user callbacks to call curl_multi_assign Several years ago a change was made to block user callbacks from calling back into the API when not supported (recursive calls). One of the calls blocked was curl_multi_assign. Recently the blocking was extended to the multi interface API, however curl_multi_assign may need to be called from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION). I can't think of any callback where it would be unsafe to call curl_multi_assign so I removed the restriction entirely. Reported-by: Michael Wallner Ref: https://github.com/curl/curl/commit/b46cfbc Ref: https://github.com/curl/curl/commit/340bb19 Fixes https://github.com/curl/curl/issues/8480 Closes https://github.com/curl/curl/pull/8483
show more ...
|
ccc2752c | 17-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
ssl: reduce allocated space for ssl backend when FTP is disabled Add assert() for the backend pointer in many places Closes #8471 |
9fff7feb | 20-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
checkprefix: remove strlen calls Closes #8481 |
d60fa59b | 20-Feb-2022 |
1337vt <32816722+1337vt@users.noreply.github.com> |
curl.h: fix typo Closes https://github.com/curl/curl/pull/8482 |
14d9358a | 19-Feb-2022 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
sectransp: mark a 3DES cipher as weak - Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak. All other 3DES ciphers are already marked as weak. Closes https://gith
sectransp: mark a 3DES cipher as weak - Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak. All other 3DES ciphers are already marked as weak. Closes https://github.com/curl/curl/pull/8479
show more ...
|
f36e32b5 | 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix EXC_BAD_ACCESS on incomplete CA cert - Do not create trust anchor object for a CA certificate until after it is processed. Prior to this change the object was cre
bearssl: fix EXC_BAD_ACCESS on incomplete CA cert - Do not create trust anchor object for a CA certificate until after it is processed. Prior to this change the object was created at state BR_PEM_BEGIN_OBJ (certificate processing begin state). An incomplete certificate (for example missing a newline at the end) never reaches BR_PEM_END_OBJ (certificate processing end state) and therefore the trust anchor data was not set in those objects, which caused EXC_BAD_ACCESS. Ref: https://github.com/curl/curl/pull/8106 Closes https://github.com/curl/curl/pull/8476
show more ...
|
8af1cef2 | 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix connect error on expired cert and no verify - When peer verification is disabled use the x509_decode engine instead of the x509_minimal engine to parse and extract the pub
bearssl: fix connect error on expired cert and no verify - When peer verification is disabled use the x509_decode engine instead of the x509_minimal engine to parse and extract the public key from the first cert of the chain. Prior to this change in such a case no key was extracted and that caused CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if any validity check fails but the x509_decode won't. Ref: https://github.com/curl/curl/pull/8106 Closes https://github.com/curl/curl/pull/8475
show more ...
|
b8443719 | 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix session resumption (session id) Prior to this change br_ssl_client_reset was mistakenly called with resume_session param set to 0, which disabled session resumption.
bearssl: fix session resumption (session id) Prior to this change br_ssl_client_reset was mistakenly called with resume_session param set to 0, which disabled session resumption. Ref: https://github.com/curl/curl/pull/8106 Closes https://github.com/curl/curl/pull/8474
show more ...
|
bbe70421 | 17-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
openssl: fix build for version < 1.1.0 Closes #8470 |
df957e10 | 17-Feb-2022 |
Joel Depooter |
schannel: move the algIds array out of schannel.h This array is only used by the SCHANNEL_CRED struct in the schannel_acquire_credential_handle function. It can therefore be kept as
schannel: move the algIds array out of schannel.h This array is only used by the SCHANNEL_CRED struct in the schannel_acquire_credential_handle function. It can therefore be kept as a local variable. This is a minor update to bbb71507b7bab52002f9b1e0880bed6a32834511. This change also updates the NUM_CIPHERS value to accurately count the number of ciphers options listed in schannel.c, which is 47 instead of 45. It is unlikely that anyone tries to set all 47 values, but if they had tried, the last two would not have been set. Closes #8469
show more ...
|
161cbc50 | 16-Feb-2022 |
Alejandro R. Sedeño |
configure.ac: use user-specified gssapi dir when using pkg-config Using the system pkg-config path in the face of a user-specified library path is asking to link the wrong library.
configure.ac: use user-specified gssapi dir when using pkg-config Using the system pkg-config path in the face of a user-specified library path is asking to link the wrong library. Reported-by: Michael Kaufmann Fixes #8289 Closes #8456
show more ...
|
6a595e12 | 24-Jan-2022 |
Kevin Adler |
os400: Add link to QADRT devkit to README.OS400 Closes #8455 |
86ad624c | 24-Jan-2022 |
Kevin Adler |
os400: Add function wrapper for system command The wrapper will exit if the system command failed instead of blindly continuing on. In addition, only copy docs which exist, sinc
os400: Add function wrapper for system command The wrapper will exit if the system command failed instead of blindly continuing on. In addition, only copy docs which exist, since now the copy failure will cause the build to stop. Closes #8455
show more ...
|
a70600ca | 24-Jan-2022 |
Kevin Adler |
os400: Default build to target current release V6R1M0 is not available as a target release since IBM i 7.2. To keep from having to keep this up to date in git, default to the current
os400: Default build to target current release V6R1M0 is not available as a target release since IBM i 7.2. To keep from having to keep this up to date in git, default to the current release. Users can configure this to whatever release they want to actually build for. Closes #8455
show more ...
|
d324ac81 | 17-Feb-2022 |
Daniel Stenberg |
docs/INTERNALS.md: clean up, refer to the book The explanatory parts are now in the everything curl book (which can also use images etc). This document now refers to that resource and on
docs/INTERNALS.md: clean up, refer to the book The explanatory parts are now in the everything curl book (which can also use images etc). This document now refers to that resource and only leaves listings of supported versions of libs, tools and operating systems. See https://everything.curl.dev/internals Closes #8467
show more ...
|
049f3765 | 16-Feb-2022 |
Marcel Raad |
des: fix compile break for OpenSSL without DES When `USE_OPENSSL` was defined but OpenSSL had no DES support and a different crypto library was used for that, `Curl_des_set_odd_parity`
des: fix compile break for OpenSSL without DES When `USE_OPENSSL` was defined but OpenSSL had no DES support and a different crypto library was used for that, `Curl_des_set_odd_parity` was called but not defined. This could for example happen on Windows and macOS when using OpenSSL v3 with deprecated features disabled. Use the same condition for the function definition as used at the caller side, but leaving out the OpenSSL part to avoid including OpenSSL headers. Closes https://github.com/curl/curl/pull/8459
show more ...
|
a9bc534a | 17-Feb-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced |
eb754596 | 16-Feb-2022 |
Daniel Stenberg |
docs/DEPRECATE: remove NPN support in August 2022 Closes #8458 |