Skip to content
Commits on Jan 18, 2016
  1. @jay

    mbedtls: Fix pinned key return value on fail

    - Switch from verifying a pinned public key in a callback during the
    certificate verification to inline after the certificate verification.
    
    The callback method had three problems:
    
    1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
    was not returned.
    
    2. If peer certificate verification was disabled the pinned key
    verification did not take place as it should.
    
    3. (related to #2) If there was no certificate of depth 0 the callback
    would not have checked the pinned public key.
    
    Though all those problems could have been fixed it would have made the
    code more complex. Instead we now verify inline after the certificate
    verification in mbedtls_connect_step2.
    
    Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
    Ref: curl#601
    jay committed Jan 18, 2016
  2. @jay

    tests: Add a test for pinnedpubkey fail even when insecure

    Because disabling the peer verification (--insecure) must not disable
    the public key pinning check (--pinnedpubkey).
    jay committed Jan 18, 2016
Commits on Jan 17, 2016
  1. @mrtazz @jay

    CURLINFO_RESPONSE_CODE.3: add example

    mrtazz committed with jay Jan 16, 2016
Commits on Jan 15, 2016
  1. @kdudka

    ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL

    The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
    empty strings specially since curl-7_25_0-31-g05a443a but the behavior
    was unintentionally removed in curl-7_38_0-47-gfa7d04f.
    
    This commit restores the original behavior and clarifies it in the
    documentation that NULL and "" have both the same meaning when passed
    to CURLOPT_SSH_PUBLIC_KEYFILE.
    
    Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
    kdudka committed Jan 15, 2016
Commits on Jan 14, 2016
  1. @bagder

    RELEASE-NOTES: synced with 35083ca

    bagder committed Jan 14, 2016
  2. @bagder

    openssl: improved error detection/reporting

    ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
    1.1.0+ returned a new func number of another cerfificate fail so this
    required a fix and this is the better way to catch this error anyway.
    bagder committed Jan 14, 2016
  3. @bagder
Commits on Jan 13, 2016
  1. @bagder
Commits on Jan 12, 2016
  1. @bagder

    configure: assume IPv6 works when cross-compiled

    The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
    works, and testing like that doesn't work for cross-compiles. These days
    IPv6 support is widespread so a blind guess is probably more likely to
    be 'yes' than 'no' now.
    
    Further: anyone who cross-compiles can use configure's --disable-ipv6 to
    explicitly disable IPv6 and that also works for cross-compiles.
    
    Made happen after discussions in issue #594
    bagder committed Jan 12, 2016
Commits on Jan 11, 2016
  1. @bagder

    TODO: "Try to URL encode given URL"

    Closes #514
    bagder committed Jan 12, 2016
  2. @bagder

    ConnectionExists: only do pipelining/multiplexing when asked

    When an HTTP/2 upgrade request fails (no protocol switch), it would
    previously detect that as still possible to pipeline on (which is
    acorrect) and do that when PIPEWAIT was enabled even if pipelining was
    not explictily enabled.
    
    It should only pipelined if explicitly asked to.
    
    Closes #584
    bagder committed Jan 10, 2016
  3. @MoSal @bagder

    lib: Prefix URLs with lower-case protocol names/schemes

    Before this patch, if a URL does not start with the protocol
    name/scheme, effective URLs would be prefixed with upper-case protocol
    names/schemes. This behavior might not be expected by library users or
    end users.
    
    For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
    URL is "hostname/path". The effective URL would be
    "HTTPS://hostname/path" instead of "https://hostname/path".
    
    After this patch, effective URLs would be prefixed with a lower-case
    protocol name/scheme.
    
    Closes #597
    
    Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
    MoSal committed with bagder Jan 9, 2016
  4. @ghedo @bagder
  5. @ghedo @bagder

    scripts: fix zsh completion generation

    The script should use the just-built curl, not the system one. This fixes
    zsh completion generation when no system curl is installed.
    ghedo committed with bagder Dec 27, 2015
  6. @ghedo @bagder

    zsh.pl: fail if no curl is found

    Instead of generation a broken completion file.
    ghedo committed with bagder Dec 27, 2015
Commits on Jan 10, 2016
  1. @mkauf @bagder
  2. @jay

    runtests: Add mbedTLS to the SSL backends

    .. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.
    jay committed Jan 10, 2016
Commits on Jan 9, 2016
  1. @sithglan @bagder
  2. @tatsuhiro-t @jay
Commits on Jan 8, 2016
  1. @tatsuhiro-t @jay

    http2: Ensure that http2_handle_stream_close is called

    Previously, when HTTP/2 is enabled and used, and stream has content
    length known, Curl_read was not called when there was no bytes left to
    read. Because of this, we could not make sure that
    http2_handle_stream_close was called for every stream. Since we use
    http2_handle_stream_close to emit trailer fields, they were
    effectively ignored. This commit changes the code so that Curl_read is
    called even if no bytes left to read, to ensure that
    http2_handle_stream_close is called for every stream.
    
    Discussed in curl#564
    tatsuhiro-t committed with jay Jan 7, 2016
  2. @bagder

    http2: handle the received SETTINGS frame

    This regression landed in 5778e6f and made libcurl not act on received
    settings and instead stayed with its internal defaults.
    
    Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
    Reported-by: Bankde
    bagder committed Jan 8, 2016
  3. @bagder
  4. @tatsuhiro-t @jay
Commits on Jan 7, 2016
  1. @mkauf @bagder

    connection reuse: IDN host names fixed

    Use the ACE form of IDN hostnames as key in the connection cache.  Add
    new tests.
    
    Closes #592
    mkauf committed with bagder Jan 7, 2016
  2. @bagder
  3. @jay

    mbedtls: Fix ALPN support

    - Fix ALPN reply detection.
    
    - Wrap nghttp2 code in ifdef USE_NGHTTP2.
    
    
    Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
    jay committed Jan 7, 2016
  4. @jay

    http2: Fix client write for trailers on stream close

    Check that the trailer buffer exists before attempting a client write
    for trailers on stream close.
    
    Refer to comments in curl#564
    jay committed Jan 6, 2016
Commits on Jan 6, 2016
  1. @bagder
Commits on Jan 5, 2016
  1. @bagder

    ConnectionExists: add missing newline in infof() call

    Mistake from commit a464f33
    bagder committed Jan 5, 2016
  2. @bagder

    multiplex: allow only once HTTP/2 is actually used

    To make sure curl doesn't allow multiplexing before a connection is
    upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
    connection uses HTTP/2 as well and not only check what's wanted.
    
    Closes #584
    
    Patch-by: c0ff
    bagder committed Jan 5, 2016
Commits on Jan 4, 2016
  1. @jay

    curl_global_init.3: Add Windows-specific info for init via DLL

    - Add to both curl_global_init.3 and libcurl.3 the caveat for Windows
    that initializing libcurl via a DLL's DllMain or static initializer
    could cause a deadlock.
    
    Bug: curl#586
    Reported-by: marc-groundctl@users.noreply.github.com
    jay committed Jan 4, 2016
  2. @bagder
  3. @bagder
  4. @bagder
  5. @bagder

    examples: added descriptions

    bagder committed Jan 4, 2016
Something went wrong with that request. Please try again.