| #
fbf5d507 |
| 18-Sep-2024 |
Daniel Stenberg |
lib/src: white space edits to comply better with code style
... as checksrc now finds and complains about these.
Closes #14921
|
| #
39b9ccea |
| 02-Aug-2024 |
Stefan Eissing |
x509asn1: raise size limit for x509 certification information
Raise the limit for certification information from 10 thousand to 100
thousand bytes. Certificates can be larger than 10k.
x509asn1: raise size limit for x509 certification information
Raise the limit for certification information from 10 thousand to 100
thousand bytes. Certificates can be larger than 10k.
Change the infof() debug output to add '...' at the end when the max
limit it can handle is exceeded.
Reported-by: Sergio Durigan Junior
Fixes #14352
Closes #14354
show more ...
|
| #
27959ecc |
| 30-Jul-2024 |
Stefan Eissing |
x509asn1: unittests and fixes for gtime2str
Fix issues in GTime2str() and add unit test cases to verify correct
behaviour.
Follow-up to 3c914bc6801
Closes #14316
|
| #
3c914bc6 |
| 30-Jul-2024 |
Daniel Stenberg |
x509asn1: clean up GTime2str
Co-authored-by: Stefan Eissing
Reported-by: Dov Murik
Closes #14307
|
| #
3a537a4d |
| 28-Jun-2024 |
z2_ <88509734+z2-2z@users.noreply.github.com> |
x509asn1: remove superfluous free()
|
| #
36e9222c |
| 20-Jun-2024 |
z2_ <88509734+z2-2z@users.noreply.github.com> |
x509asn1: prevent NULL dereference
Closes #13978
|
| #
35c0117f |
| 13-Mar-2024 |
Sergey Markelov |
mbedtls: support CURLOPT_CERTINFO
Closes #13113
|
| #
cb96ca1b |
| 19-Jun-2024 |
Daniel Stenberg |
x509asn1: ASN1tostr() should fail when 'constructed' is set
This is a regression from my refactor in 623c3a8fa0bdb (#12808)
Follow-up to 623c3a8fa0bdb2751f14b37417
Closes #
x509asn1: ASN1tostr() should fail when 'constructed' is set
This is a regression from my refactor in 623c3a8fa0bdb (#12808)
Follow-up to 623c3a8fa0bdb2751f14b37417
Closes #13972
show more ...
|
| #
dc497d7b |
| 19-Jun-2024 |
Daniel Stenberg |
x509asn1: remove two static variables
cnOID and sanOID were not used outside of the OID table anyway
Closes #13971
|
| #
8dc4493d |
| 16-Jun-2024 |
Daniel Stenberg |
x509asn1: make Curl_extract_certinfo store error message
To help us all better understand where the error actually comes from.
Ref: #13958
Closes #13959
|
| #
08872971 |
| 13-May-2024 |
Viktor Szakats |
lib/v*: tidy up types and casts
Also add a couple of negative checks.
Cherry-picked from #13489
Closes #13622
|
| #
eacec9a3 |
| 02-Jun-2024 |
Bo Anderson |
x509asn1: add some common ECDSA OIDs
Closes #13857
|
| #
9aa1d412 |
| 02-Jun-2024 |
Bo Anderson |
x509asn1: fallback to dotted OID representation
Reported-by: Luke Hamburg
Fixes #13845
Closes #13858
|
| #
13ca4386 |
| 17-May-2024 |
Daniel Stenberg |
x509asn1: return error on missing OID
to avoid crash when dereferencing a NULL pointer.
Reported-by: Trzik on github
Patch-by: Trzik on github
Fixes #13684
Closes #13685
|
| #
623c3a8f |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: switch from malloc to dynbuf
Closes #12808
|
| #
cd48e8f8 |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: make utf8asn1str() use dynbuf instead of malloc + memcpy
Closes #12808
|
| #
98b41dd4 |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: reduce malloc in Curl_extract_certinfo
Using dynbuf
Closes #12808
|
| #
641257ea |
| 26-Jan-2024 |
Daniel Stenberg |
x509asn1: remove code for WANT_VERIFYHOST
No code ever sets this anymore since we dropped gskit
Follow-up to 78d6232f1f326b9ab4d
Closes #12804
|
| #
3829759b |
| 08-Dec-2023 |
Viktor Szakats |
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1]
build: enable missing OpenSSF-recommended warnings, with fixes
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.html
as of 2023-11-29 [1].
Enable new recommended warnings (except `-Wsign-conversion`):
- enable `-Wformat=2` for clang (in both cmake and autotools).
- add `CURL_PRINTF()` internal attribute and mark functions accepting
printf arguments with it. This is a copy of existing
`CURL_TEMP_PRINTF()` but using `__printf__` to make it compatible
with redefinting the `printf` symbol:
https://gcc.gnu.org/onlinedocs/gcc-3.0.4/gcc_5.html#SEC94
- fix `CURL_PRINTF()` and existing `CURL_TEMP_PRINTF()` for
mingw-w64 and enable it on this platform.
- enable `-Wimplicit-fallthrough`.
- enable `-Wtrampolines`.
- add `-Wsign-conversion` commented with a FIXME.
- cmake: enable `-pedantic-errors` the way we do it with autotools.
Follow-up to d5c0351055d5709da8f3e16c91348092fdb481aa #2747
- lib/curl_trc.h: use `CURL_FORMAT()`, this also fixes it to enable format
checks. Previously it was always disabled due to the internal `printf`
macro.
Fix them:
- fix bug where an `set_ipv6_v6only()` call was missed in builds with
`--disable-verbose` / `CURL_DISABLE_VERBOSE_STRINGS=ON`.
- add internal `FALLTHROUGH()` macro.
- replace obsolete fall-through comments with `FALLTHROUGH()`.
- fix fallthrough markups: Delete redundant ones (showing up as
warnings in most cases). Add missing ones. Fix indentation.
- silence `-Wformat-nonliteral` warnings with llvm/clang.
- fix one `-Wformat-nonliteral` warning.
- fix new `-Wformat` and `-Wformat-security` warnings.
- fix `CURL_FORMAT_SOCKET_T` value for mingw-w64. Also move its
definition to `lib/curl_setup.h` allowing use in `tests/server`.
- lib: fix two wrongly passed string arguments in log outputs.
Co-authored-by: Jay Satiro
- fix new `-Wformat` warnings on mingw-w64.
[1] https://github.com/ossf/wg-best-practices-os-developers/blob/56c0fde3895bfc55c8a973ef49a2572c507b2ae1/docs/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C%2B%2B.md
Closes #12489
show more ...
|
| #
fa714830 |
| 17-Nov-2023 |
Stefan Eissing |
vtls/vquic, keep peer name information together
- add `struct ssl_peer` to keep hostname, dispname and sni
for a filter
- allocate `sni` for use in VTLS backend
- eliminate `Cu
vtls/vquic, keep peer name information together
- add `struct ssl_peer` to keep hostname, dispname and sni
for a filter
- allocate `sni` for use in VTLS backend
- eliminate `Curl_ssl_snihost()` and its use of the download buffer
- use ssl_peer in SSL and QUIC filters
Closes #12349
show more ...
|
| #
78d6232f |
| 07-Aug-2023 |
Daniel Stenberg |
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
gskit: remove
We remove support for building curl with gskit.
- This is a niche TLS library, only running on some IBM systems
- no regular curl contributors use this backend
- no CI builds use or verify this backend
- gskit, or the curl adaption for it, lacks many modern TLS features
making it an inferior solution
- build breakages in this code take weeks or more to get detected
- fixing gskit code is mostly done "flying blind"
This removal has been advertized in DEPRECATED in Jan 2, 2023 and it has
been mentioned on the curl-library mailing list.
It could be brought back, this is not a ban. Given proper effort and
will, gskit support is welcome back into the curl TLS backend family.
Closes #11460
show more ...
|
| #
367a66b1 |
| 02-Aug-2023 |
Daniel Stenberg |
lib: fix a few *printf() flag mistakes
Reported-by: Gisle Vanem
Ref: #11574
Closes #11579
|
| #
7c8bae0d |
| 29-Jul-2023 |
Daniel Stenberg |
nss: remove support for this TLS library
Closes #11459
|
| #
8e85764b |
| 22-May-2023 |
Daniel Stenberg |
lib: remove unused functions, make single-use static
Closes #11174
|
| #
127eb0d8 |
| 21-May-2023 |
Daniel Stenberg |
misc: fix spelling mistakes
Reported-by: musvaage on github
Fixes #11171
Closes #11172
|
