RELEASE-NOTES: synced with 9016958aa8989

RELEASE-NOTES: add more contributors for this release

RELEASE-NOTES: synced with 0aedccc18a33a778535

disconnect: wipe out the keeps_speed time stamp

When closing a connection, the speedchecker's timestamp is now deleted
so that it cannot accidentally be used by a fresh connection on the

disconnect: wipe out the keeps_speed time stamp

When closing a connection, the speedchecker's timestamp is now deleted
so that it cannot accidentally be used by a fresh connection on the same
handle when examining the transfer speed.

Bug: https://bugzilla.redhat.com/679709

show more ...

RELEASE-NOTES: synced with b772f3a32146d7d

RELEASE-NOTES: synced with 32001ac4149b206

RELEASE-NOTES: synced with c4bc1d473f324

bump version: work towards 7.21.7

RELEASE-NOTES: two more contributors

RELEASE-NOTES: synced with 3242abd87a1262

RELEASE-NOTES: synced with 5aae3c13e2

RELEASE-NOTES: updated contributor amount

7.21.6: next planned release number

RELEASE-NOTES: synced with c246f63a71

RELEASE-NOTES: synced with f01df197981

nss: allow to use multiple client certificates for a single host

In case a client certificate is used, invalidate SSL session cache
at the end of a session. This forces NSS to ask for a

nss: allow to use multiple client certificates for a single host

In case a client certificate is used, invalidate SSL session cache
at the end of a session. This forces NSS to ask for a new client
certificate when connecting second time to the same host.

Bug: https://bugzilla.redhat.com/689031

show more ...

RELEASE-NOTES: synced with db59b6202d8

RELEASE-NOTES: synced with 11c2db2aa2a

RELEASE-NOTES: synced with 0c05ee3a33d4d7

nss: do not ignore value of CURLOPT_SSL_VERIFYPEER

When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certific

nss: do not ignore value of CURLOPT_SSL_VERIFYPEER

When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled. In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580

show more ...

RELEASE-NOTES: synced with e649a7baae2

RELEASE-NOTES: synced with 2345c1dd661c

nss: do not ignore failure of SSL handshake

Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16

SOCKOPTFUNCTION: callback can say already-connected

Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is

SOCKOPTFUNCTION: callback can say already-connected

Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
be treated as already connected and thus it will skip the connect()
call.

show more ...

nss: avoid memory leak on SSL connection failure