Permalink
Commits on Nov 9, 2012
  1. tool_metalink: introduce metalink_cleanup() in the internal API

    ... to release resources allocated at global scope
    kdudka committed Oct 31, 2012
Commits on Nov 8, 2012
  1. hostcheck: only build for the actual users

    and make local function static
    bagder committed Nov 8, 2012
  2. SSL: Several SSL-backend related fixes

    axTLS:
    
    This will make the axTLS backend perform the RFC2818 checks, honoring
    the VERIFYHOST setting similar to the OpenSSL backend.
    
    Generic for OpenSSL and axTLS:
    
    Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
    files to make them genericly available for both the OpenSSL, axTLS and
    other SSL backends. They are now in the new lib/hostcheck.c file.
    
    CyaSSL:
    
    CyaSSL now also has the RFC2818 checks enabled by default. There is a
    limitation that the verifyhost can not be enabled exclusively on the
    Subject CN field comparison. This SSL backend will thus behave like the
    NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
    setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
    too.
    
    Schannel:
    
    Updated the schannel information messages: Split the IP address usage
    message from the verifyhost setting and changed the message about
    disabling SNI (Server Name Indication, used in HTTP virtual hosting)
    into a message stating that the Subject Alternative Names checks are
    being disabled when verifyhost is set to 0 or 1. As a side effect of
    switching off the RFC2818 related servername checks with
    SCH_CRED_NO_SERVERNAME_CHECK
    (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
    is being disabled. This effect is not documented in MSDN, but Wireshark
    output clearly shows the effect (details on the libcurl maillist).
    
    PolarSSL:
    
    Fix the prototype change in PolarSSL of ssl_set_session() and the move
    of the peer_cert from the ssl_context to the ssl_session. Found this
    change in the PolarSSL SVN between r1316 and r1317 where the
    POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
    PolarSSL version 1.1.4 the check is to discriminate between lower then
    PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
    trunk jumped from version 1.1.1 to 1.2.0.
    
    Generic:
    
    All the SSL backends are fixed and checked to work with the
    ssl.verifyhost as a boolean, which is an internal API change.
    okoeroo committed with bagder Nov 3, 2012
  3. libcurl: VERSIONINFO update

    Since we added the curl_multi_wait function, the VERSIONINFO needed
    updating.
    
    Reported by: Patrick Monnerat
    bagder committed Nov 8, 2012
  4. Added .def file to output.

    Requested by Johnny Luong on the libcurl list.
    gknauf committed Nov 8, 2012
  5. Fix compilation of lib1501

    Fabian Keil committed with bagder Nov 8, 2012
  6. Curl_readwrite: remove debug output

    The text "additional stuff not fine" text was added for debug purposes a
    while ago, but it isn't really helping anyone and for some reason some
    Linux distributions provide their libcurls built with debug info still
    present and thus (far too many) users get to read this info.
    bagder committed Nov 8, 2012
Commits on Nov 7, 2012
  1. RELEASE-NOTES: synced with 487538e

    6 new bugfixes and 3 more contributors...
    bagder committed Nov 7, 2012
  2. http_perhapsrewind: consider NTLM over proxy too

    The logic previously checked for a started NTLM negotiation only for
    host and not also with proxy, leading to problems doing POSTs over a
    proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the
    check.
    
    Bug: http://curl.haxx.se/bug/view.cgi?id=3582321
    Reported by: John Suprock
    bagder committed Nov 7, 2012
Commits on Nov 6, 2012
  1. test1413: verify redirects to URLs with fragments

    The bug report claimed it didn't work. This problem was probably fixed
    in 473003f.
    
    Bug: http://curl.haxx.se/bug/view.cgi?id=3581898
    bagder committed Nov 6, 2012
  2. URL parser: cut off '#' fragments from URLs (better)

    The existing logic only cut off the fragment from the separate 'path'
    buffer which is used when sending HTTP to hosts. The buffer that held
    the full URL used for proxies were not dealt with. It is now.
    
    Test case 5 was updated to use a fragment on a URL over a proxy.
    
    Bug: http://curl.haxx.se/bug/view.cgi?id=3579813
    bagder committed Nov 6, 2012
  3. test 2027/2030: take duplicate Digest requests into account

    With the reversion of ce8311c and the new clear logic, this flaw
    is present and we allow it.
    bagder committed Nov 5, 2012
  4. Curl_pretransfer: clear out unwanted auth methods

    As a handle can be re-used after having done HTTP auth in a previous
    request, it must make sure to clear out the HTTP types that aren't
    wanted in this new request.
    bagder committed Nov 5, 2012
  5. test1412: verify Digest with repeated URLs

    This test case verifies that bug 3582718 is fixed.
    
    Bug: http://curl.haxx.se/bug/view.cgi?id=3582718
    Reported by: Nick Zitzmann (originally)
    bagder committed Nov 4, 2012
  6. Revert "Zero out auth structs before transfer"

    This reverts commit ce8311c.
    
    The commit made test 2024 work but caused a regression with repeated
    Digest authentication. We need to fix this differently.
    bagder committed Nov 4, 2012
  7. CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value

    After a research team wrote a document[1] that found several live source
    codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
    option thinking it was a boolean, this change now bans 1 as a value and
    will make libcurl return error for it.
    
    1 was never a sensible value to use in production but was introduced
    back in the days to help debugging. It was always documented clearly
    this way.
    
    1 was never supported by all SSL backends in libcurl, so this cleanup
    makes the treatment of it unified.
    
    The report's list of mistakes for this option were all PHP code and
    while there's a binding layer between libcurl and PHP, the PHP team has
    decided that they have an as thin layer as possible on top of libcurl so
    they will not alter or specifically filter a 'TRUE' value for this
    particular option. I sympathize with that position.
    
    [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
    bagder committed Oct 27, 2012
  8. gnutls: fix compiler warnings

    bagder committed Nov 6, 2012
  9. gnutls: print alerts during handshake

    ghedo committed with bagder Oct 24, 2012
  10. gnutls: fix the error_is_fatal logic

    ghedo committed with bagder Oct 24, 2012
  11. RELEASE-NOTES: synced with fa6d788

    bagder committed Nov 6, 2012
Commits on Nov 5, 2012
  1. uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES

    Since automake 1.12.4, the warnings are issued on running automake:
    
      warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')
    
    Avoid INCLUDES and roll these flags into AM_CPPFLAGS.
    
    Compile tested on:
      Ubuntu 10.04 (automake 1:1.11.1-1)
      Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2)
      Arch Linux (automake 1.12.4)
    falconindy committed with bagder Oct 10, 2012
  2. ftp_readresp: fix build without krb4 support

    Oops, my previous commit broke builds with krb support.
    bagder committed Nov 5, 2012
Commits on Nov 4, 2012
  1. FTP: prevent the multi interface from blocking

    As pointed out in Bug report #3579064, curl_multi_perform() would
    wrongly use a blocking mechanism internally for some commands which
    could lead to for example a very long block if the LIST response never
    showed.
    
    The solution was to make sure to properly continue to use the multi
    interface non-blocking state machine.
    
    The new test 1501 verifies the fix.
    
    Bug: http://curl.haxx.se/bug/view.cgi?id=3579064
    Reported by: Guido Berhoerster
    bagder committed Nov 4, 2012
Commits on Nov 1, 2012
  1. winbuild: Use machine type of development environment

    This patch restores the original behavior instead of always
    falling back to x86 if no MACHINE-type was specified.
    mback2k committed Nov 1, 2012
  2. winbuild: Additional clean up

    mback2k committed Nov 1, 2012
  3. Even more winbuild refactoring

    sapien2 committed with mback2k Oct 25, 2012