| 999c2179 | 21-Feb-2022 |
Daniel Stenberg |
libssh2: don't typecast socket to int for libssh2_session_handshake
Since libssh2_socket_t uses SOCKET on windows which can be larger than
int.
Closes #8492 |
| 441db465 | 21-Feb-2022 |
Daniel Stenberg |
RELEASE-NOTES: fix typo and make one desc shorter |
| e8f6e274 | 21-Feb-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| a63c91ad | 21-Feb-2022 |
Daniel Stenberg |
CURLOPT_XFERINFOFUNCTION.3: fix typo in example
Reported-by: coralw on github
Fixes #8487
Closes #8488 |
| 754ee8e0 | 21-Feb-2022 |
Daniel Stenberg |
README: disable linkchecks for the sponsor links
Closes #8489 |
| f7ba0ecc | 20-Feb-2022 |
Jay Satiro |
openssl: check if sessionid flag is enabled before retrieving session
Ideally, Curl_ssl_getsessionid should not be called unless sessionid
caching is enabled. There is a debug assertion
openssl: check if sessionid flag is enabled before retrieving session
Ideally, Curl_ssl_getsessionid should not be called unless sessionid
caching is enabled. There is a debug assertion in the function to help
ensure that. Therefore, the pattern in all vtls is basically:
if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();}
There was one instance in openssl.c where sessionid was not checked
beforehand and this change fixes that.
Prior to this change an assertion would occur in openssl debug builds
during connection stage if session caching was disabled.
Reported-by: Jim Beveridge
Fixes https://github.com/curl/curl/issues/8472
Closes https://github.com/curl/curl/pull/8484
show more ...
|
| e0dc9765 | 20-Feb-2022 |
Jay Satiro |
multi: allow user callbacks to call curl_multi_assign
Several years ago a change was made to block user callbacks from calling
back into the API when not supported (recursive calls). One
multi: allow user callbacks to call curl_multi_assign
Several years ago a change was made to block user callbacks from calling
back into the API when not supported (recursive calls). One of the calls
blocked was curl_multi_assign. Recently the blocking was extended to the
multi interface API, however curl_multi_assign may need to be called
from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION).
I can't think of any callback where it would be unsafe to call
curl_multi_assign so I removed the restriction entirely.
Reported-by: Michael Wallner
Ref: https://github.com/curl/curl/commit/b46cfbc
Ref: https://github.com/curl/curl/commit/340bb19
Fixes https://github.com/curl/curl/issues/8480
Closes https://github.com/curl/curl/pull/8483
show more ...
|
| ccc2752c | 17-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
ssl: reduce allocated space for ssl backend when FTP is disabled
Add assert() for the backend pointer in many places
Closes #8471 |
| 9fff7feb | 20-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
checkprefix: remove strlen calls
Closes #8481 |
| d60fa59b | 20-Feb-2022 |
1337vt <32816722+1337vt@users.noreply.github.com> |
curl.h: fix typo
Closes https://github.com/curl/curl/pull/8482 |
| 14d9358a | 19-Feb-2022 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
sectransp: mark a 3DES cipher as weak
- Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak.
All other 3DES ciphers are already marked as weak.
Closes https://gith
sectransp: mark a 3DES cipher as weak
- Change TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA strength to weak.
All other 3DES ciphers are already marked as weak.
Closes https://github.com/curl/curl/pull/8479
show more ...
|
| f36e32b5 | 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix EXC_BAD_ACCESS on incomplete CA cert
- Do not create trust anchor object for a CA certificate until after it
is processed.
Prior to this change the object was cre
bearssl: fix EXC_BAD_ACCESS on incomplete CA cert
- Do not create trust anchor object for a CA certificate until after it
is processed.
Prior to this change the object was created at state BR_PEM_BEGIN_OBJ
(certificate processing begin state). An incomplete certificate (for
example missing a newline at the end) never reaches BR_PEM_END_OBJ
(certificate processing end state) and therefore the trust anchor data
was not set in those objects, which caused EXC_BAD_ACCESS.
Ref: https://github.com/curl/curl/pull/8106
Closes https://github.com/curl/curl/pull/8476
show more ...
|
| 8af1cef2 | 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix connect error on expired cert and no verify
- When peer verification is disabled use the x509_decode engine instead
of the x509_minimal engine to parse and extract the pub
bearssl: fix connect error on expired cert and no verify
- When peer verification is disabled use the x509_decode engine instead
of the x509_minimal engine to parse and extract the public key from
the first cert of the chain.
Prior to this change in such a case no key was extracted and that caused
CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if
any validity check fails but the x509_decode won't.
Ref: https://github.com/curl/curl/pull/8106
Closes https://github.com/curl/curl/pull/8475
show more ...
|
| b8443719 | 06-Dec-2021 |
Jan Venekamp <1422460+jan2000@users.noreply.github.com> |
bearssl: fix session resumption (session id)
Prior to this change br_ssl_client_reset was mistakenly called with
resume_session param set to 0, which disabled session resumption.
bearssl: fix session resumption (session id)
Prior to this change br_ssl_client_reset was mistakenly called with
resume_session param set to 0, which disabled session resumption.
Ref: https://github.com/curl/curl/pull/8106
Closes https://github.com/curl/curl/pull/8474
show more ...
|
| bbe70421 | 17-Feb-2022 |
MAntoniak <47522782+MAntoniak@users.noreply.github.com> |
openssl: fix build for version < 1.1.0
Closes #8470 |
| df957e10 | 17-Feb-2022 |
Joel Depooter |
schannel: move the algIds array out of schannel.h
This array is only used by the SCHANNEL_CRED struct in the
schannel_acquire_credential_handle function. It can therefore be kept as
schannel: move the algIds array out of schannel.h
This array is only used by the SCHANNEL_CRED struct in the
schannel_acquire_credential_handle function. It can therefore be kept as
a local variable. This is a minor update to
bbb71507b7bab52002f9b1e0880bed6a32834511.
This change also updates the NUM_CIPHERS value to accurately count the
number of ciphers options listed in schannel.c, which is 47 instead of
45. It is unlikely that anyone tries to set all 47 values, but if they
had tried, the last two would not have been set.
Closes #8469
show more ...
|
| 161cbc50 | 16-Feb-2022 |
Alejandro R. Sedeño |
configure.ac: use user-specified gssapi dir when using pkg-config
Using the system pkg-config path in the face of a user-specified
library path is asking to link the wrong library.
configure.ac: use user-specified gssapi dir when using pkg-config
Using the system pkg-config path in the face of a user-specified
library path is asking to link the wrong library.
Reported-by: Michael Kaufmann
Fixes #8289
Closes #8456
show more ...
|
| 6a595e12 | 24-Jan-2022 |
Kevin Adler |
os400: Add link to QADRT devkit to README.OS400
Closes #8455 |
| 86ad624c | 24-Jan-2022 |
Kevin Adler |
os400: Add function wrapper for system command
The wrapper will exit if the system command failed instead of blindly
continuing on.
In addition, only copy docs which exist, sinc
os400: Add function wrapper for system command
The wrapper will exit if the system command failed instead of blindly
continuing on.
In addition, only copy docs which exist, since now the copy failure will
cause the build to stop.
Closes #8455
show more ...
|
| a70600ca | 24-Jan-2022 |
Kevin Adler |
os400: Default build to target current release
V6R1M0 is not available as a target release since IBM i 7.2. To keep
from having to keep this up to date in git, default to the current
os400: Default build to target current release
V6R1M0 is not available as a target release since IBM i 7.2. To keep
from having to keep this up to date in git, default to the current
release. Users can configure this to whatever release they want to
actually build for.
Closes #8455
show more ...
|
| d324ac81 | 17-Feb-2022 |
Daniel Stenberg |
docs/INTERNALS.md: clean up, refer to the book
The explanatory parts are now in the everything curl book (which can
also use images etc). This document now refers to that resource and on
docs/INTERNALS.md: clean up, refer to the book
The explanatory parts are now in the everything curl book (which can
also use images etc). This document now refers to that resource and only
leaves listings of supported versions of libs, tools and operating
systems. See https://everything.curl.dev/internals
Closes #8467
show more ...
|
| 049f3765 | 16-Feb-2022 |
Marcel Raad |
des: fix compile break for OpenSSL without DES
When `USE_OPENSSL` was defined but OpenSSL had no DES support and a
different crypto library was used for that, `Curl_des_set_odd_parity`
des: fix compile break for OpenSSL without DES
When `USE_OPENSSL` was defined but OpenSSL had no DES support and a
different crypto library was used for that, `Curl_des_set_odd_parity`
was called but not defined. This could for example happen on Windows
and macOS when using OpenSSL v3 with deprecated features disabled.
Use the same condition for the function definition as used at the
caller side, but leaving out the OpenSSL part to avoid including
OpenSSL headers.
Closes https://github.com/curl/curl/pull/8459
show more ...
|
| a9bc534a | 17-Feb-2022 |
Daniel Stenberg |
RELEASE-NOTES: synced |
| eb754596 | 16-Feb-2022 |
Daniel Stenberg |
docs/DEPRECATE: remove NPN support in August 2022
Closes #8458 |
| 2ad44ce7 | 16-Feb-2022 |
Daniel Stenberg |
ftp: provide error message for control bytes in path
Closes #8460 |
