Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Commits on Aug 12, 2009
  1. 7.19.6

    authored
  2. - Carsten Lange reported a bug and provided a patch for TFTP upload a…

    authored
    …nd the
    
      sending of the TSIZE option. I don't like fixing bugs just hours before
      a release, but since it was broken and the patch fixes this for him I decided
      to get it in anyway.
  3. pasted here (and renumbered) from the TODO-RELEASE since they are in …

    authored
    …fact
    
    bugs we know about that will appear in the next release (too)
Commits on Aug 11, 2009
  1. - Peter Sylvester made the HTTPS test server use specific certificate…

    authored
    …s for
    
      each test, so that the test suite can now be used to actually test the
      verification of cert names etc. This made an error show up in the OpenSSL-
      specific code where it would attempt to match the CN field even if a
      subjectAltName exists that doesn't match. This is now fixed and verified
      in test 311.
  2. credit

    authored
  3. - Benbuck Nason posted the bug report #2835196

    authored
      (http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler
      warnings when mixing ints and bools.
  4. @dfandrich

    Include the Android make file in the source package even though the

    dfandrich authored
    config.h issue hasn't been completely solved.  This will save some effort
    for someone desperate to use curl on Android.
  5. Fix definition of CURLOPT_SOCKS5_GSSAPI_SERVICE from LONG to OBJECTPOINT

    Patrick Monnerat authored
    Fix OS400 makefile for tests to use the new Makefile.inc in libtest
    Update the OS400 wrappers and RPG binding according to the current CVS source state
  6. Added links to more details on most issues. Moved all these issues to…

    authored
    … 7.19.7
    
    now since we won't manage to get them done for 7.19.6.
  7. @dfandrich
Commits on Aug 9, 2009
  1. @dfandrich
Commits on Aug 7, 2009
  1. @gknauf

    fix cast for some systems which are broken due to absense of socklen_…

    gknauf authored
    …t, therefore now use curl_socklen_t.
Commits on Aug 6, 2009
  1. @gknauf
  2. @gknauf
  3. @gknauf

    cast to fix 64bit build warnings. From manpage:

    gknauf authored
    POSIX.1-2001. Note that RFC 2553 defines a prototype where the last parameter cnt is of type size_t.
    Many systems follow RFC 2553. Glibc 2.0 and 2.1 have size_t, but 2.2 has socklen_t.
Commits on Aug 4, 2009
  1. RFC1867 was updated by RFC2388

    authored
Commits on Aug 3, 2009
  1. Fix bad sentence.

    Gisle Vanem authored
  2. - Timo Teras changed the reason code used in the resolve callback don…

    authored
    …e when
    
      ares_cancel() is used, to be ARES_ECANCELLED instead of ARES_ETIMEOUT to
      better allow the callback to know what's happening.
  3. 256 - "More questions about ares behavior"

    authored
    yet another issue not yet sorted out
  4. indentation fixes only

    authored
  5. - Joshua Kwan fixed the init routine to fill in the defaults for stuf…

    authored
    …f that
    
      fails to get inited by other means. This fixes a case of when the c-ares
      init fails when internet access is fone.
  6. Reverted the zero-byte-in-name check to instead rely on the fact that…

    authored
    … strlen
    
    and the name length differ in those cases and thus leave the matching function
    unmodified from before, as the matching functions never have to bother with
    the zero bytes in legitimate cases. Peter Sylvester helped me realize that
    this fix is slightly better as it leaves more code unmodified and makes the
    detection a bit more obvious in the code.
Commits on Aug 2, 2009
  1. Extended my embedded-zero-in-cert-name fix based on a comment from Scott

    authored
    Cantor. My previous attempt was half-baked and didn't cover the normal CN
    case.
Commits on Aug 1, 2009
  1. - Curt Bogmine reported a problem with SNI enabled on a particular se…

    authored
    …rver. We
    
      should introduce an option to disable SNI, but as we're in feature freeze
      now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
      shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
      Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
      option for SNI, or are we simply not using it?
  2. - Scott Cantor posted the bug report #2829955

    authored
      (http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
      verification flaw found and exploited by Moxie Marlinspike. The presentation
      he did at Black Hat is available here:
      https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike
    
      Apparently at least one CA allowed a subjectAltName or CN that contain a
      zero byte, and thus clients that assumed they would never have zero bytes
      were exploited to OK a certificate that didn't actually match the site. Like
      if the name in the cert was "example.com\0theatualsite.com", libcurl would
      happily verify that cert for example.com.
    
      libcurl now better use the length of the extracted name, not assuming it is
      zero terminated.
  3. - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (pr…

    authored
    …esent
    
      only in some OpenSSL installs - like on Windows) isn't thread-safe and we
      agreed that moving it to the global_init() function is a decent way to deal
      with this situation.
  4. - Alexander Beedie provided the patch for a noproxy problem: If I hav…

    authored
    …e set
    
      CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
      could still end up using a proxy if a proxy environment variable was set.
  5. updated with recent issues

    authored
Something went wrong with that request. Please try again.