Граф коммитов

75 Коммитов

Автор SHA1 Сообщение Дата
Kamil Dudka 3e759f4fb6 nss: make it possible to read ASCII and DER CRL 2010-05-11 14:39:08 +02:00
Kamil Dudka 2e8b21833a nss: add CRL to cache instead of read-only NSS db 2010-05-11 14:37:43 +02:00
Howard Chu d64bd82bdc sendrecv: split the I/O handling into private handler
Howard Chu brought the bulk work of this patch that properly
moves out the sending and recving of data to the parts of the
code that are properly responsible for the various ways of doing
so.

Daniel Stenberg assisted with polishing a few bits and fixed some
minor flaws in the original patch.

Another upside of this patch is that we now abuse CURLcodes less
with the "magic" -1 return codes and instead use CURLE_AGAIN more
consistently.
2010-05-07 15:05:34 +02:00
Kamil Dudka 82e9b78a38 nss: fix SSL handshake timeout underflow 2010-04-24 23:23:01 +02:00
Kamil Dudka ef1ac363ee nss: handle client certificate related errors 2010-04-06 13:42:11 +02:00
Kamil Dudka ff8711135e refactorize interface of Curl_ssl_recv/Curl_ssl_send 2010-04-04 23:37:18 +02:00
Guenter Knauf 7b913444ec fix compiler warning with a cast. 2010-03-31 02:09:49 +02:00
Daniel Stenberg 2309b4e330 remove the CVSish $Id$ lines 2010-03-24 11:02:54 +01:00
Daniel Stenberg 23bab783d4 use curl standard indentation and line lengths 2010-02-17 12:13:55 +00:00
Kamil Dudka fb2425b147 lib/nss.c: avoid use of uninitialized value 2009-12-02 17:24:38 +00:00
Kamil Dudka 571309dc3e - libcurl-NSS now tries to reconnect with TLS disabled in case it detects
a broken TLS server. However it does not happen if SSL version is selected
  manually. The approach was originally taken from PSM. Kaspar Brand helped me
  to complete the patch. Original bug reports:
  https://bugzilla.redhat.com/525496
  https://bugzilla.redhat.com/527771
2009-11-12 11:16:31 +00:00
Kamil Dudka d547d00f2c - Kevin Baughman provided a fix preventing libcurl-NSS from crash on doubly
closed NSPR descriptor. The issue was hard to find, reported several times
  before and always closed unresolved. More info at the RH bug:
  https://bugzilla.redhat.com/534176
2009-11-12 10:54:10 +00:00
Kamil Dudka 676e0c28e7 - Dropped misleading timeouts in libcurl-NSS and made sure the SSL socket works
in non-blocking mode.
2009-11-05 15:41:31 +00:00
Daniel Stenberg 6a79b0e859 Since the NSS lib closes the socket the memory tracking system wrongly gets a
false positive on a leaked socket, so this introduces a way to tell the system
that the socket is indeed closed without explicitly closing it!
2009-10-28 20:30:23 +00:00
Daniel Stenberg 167a92810a - Kevin Baughman found a double close() problem with libcurl-NSS, as when
libcurl called NSS to close the SSL "session" it also closed the actual
  socket.
2009-10-18 00:10:13 +00:00
Kamil Dudka b38e28b6bc fix gcc warnings in lib/nss.c 2009-10-07 20:34:08 +00:00
Gunter Knauf 9448659fc6 added support for new SQLite cert database format: added a runtime check for version 3.12.0, and depending on the result add 'sql:' prefix to cert database directory so that newer SQLIte database format works. 2009-09-21 22:52:59 +00:00
Gunter Knauf 4002714825 added aditional check for the directory specified with SSL_DIR, and fall back to hardcoded directory if not a valid directory. 2009-09-21 22:46:38 +00:00
Gunter Knauf 5d4a1e245b added debug output for NSS certpath. 2009-09-08 01:13:49 +00:00
Gunter Knauf 5e3796349a added casts to silent compiler warning on 64bit systems. 2009-09-06 20:16:59 +00:00
Gunter Knauf 56a161e09a use our define struct_stat to be compatible with largefile support. 2009-09-06 19:45:08 +00:00
Gunter Knauf 2786ecaeef added base64.h include to silent warnings about missing prototype for ATOB_ConvertAsciiToItem. 2009-09-06 17:59:46 +00:00
Kamil Dudka 1a255e0e28 - Improved error message for not matching certificate subject name in
libcurl-NSS. Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=516056#c9
2009-08-28 12:06:51 +00:00
Kamil Dudka 6293fe98a0 - Changed NSS code to not ignore the value of ssl.verifyhost and produce more
verbose error messages. Originally reported at:
  https://bugzilla.redhat.com/show_bug.cgi?id=516056
2009-08-13 16:04:51 +00:00
Kamil Dudka 5f0cae8037 - Claes Jakobsson improved the support for client certificates handling
in NSS-powered libcurl. Now the client certificates can be selected
  automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
  slots is no more performed. It used to cause problems with HW tokens.

- Fixed reference counting for NSS client certificates. Now the PEM reader
  module should be always properly unloaded on Curl_nss_cleanup(). If the unload
  fails though, libcurl will try to reuse the already loaded instance.
2009-07-20 21:50:21 +00:00
Daniel Stenberg 3e0c067e43 - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount
issue with client certs that caused issues like segfaults.
  http://curl.haxx.se/mail/lib-2009-05/0316.html
2009-06-08 21:25:16 +00:00
Dan Fandrich 15eaf27bc7 Fixed a few comment typos (from the FreeBSD ports) 2009-05-28 21:32:31 +00:00
Daniel Stenberg 0bf9c1e881 - Claes Jakobsson fixed libcurl-NSS to build fine even without the
PK11_CreateGenericObject() function.
2009-05-27 22:01:03 +00:00
Daniel Stenberg 6e1632c606 - Kamil Dudka provided a fix for libcurl-NSS reported by Michael Cronenworth
at https://bugzilla.redhat.com/show_bug.cgi?id=453612#c12

  If an incorrect password is given while loading a private key, libcurl ends
  up in an infinite loop consuming memory. The bug is critical.
2009-05-11 09:13:49 +00:00
Daniel Stenberg 828a26286d - Kamil Dudka fixed another NSS-related leak when client certs were used. 2009-04-24 21:55:18 +00:00
Yang Tse 33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Daniel Stenberg 97f27ea585 Kamil Dudka's follow-up fix 2009-04-14 09:40:53 +00:00
Daniel Stenberg 235c0077b8 - Toshio Kuratomi reported a memory leak problem with libcurl+NSS that turned
out to be leaking cacerts. Kamil Dudka helped me complete the fix. The issue
  is found in Redhat's bug tracker:
  https://bugzilla.redhat.com/show_bug.cgi?id=453612

  There are still memory leaks present, but they seem to have other reasons.
2009-04-13 17:42:10 +00:00
Daniel Stenberg 5f19822e37 - Kamil Dudka brought a patch that enables 6 additional crypto algorithms when
NSS is used. These ciphers were added in NSS 3.4 and require to be enabled
  explicitly.
2009-03-18 12:48:51 +00:00
Daniel Stenberg 794b4da840 Indentation fixes, untabify and related whitespace-cleanup. No code changed. 2009-02-27 08:53:10 +00:00
Daniel Stenberg a24fe59ee4 - Kamil Dudka made NSS-powered builds compile and run again! 2009-02-17 12:18:34 +00:00
Daniel Stenberg dd058b8de6 fix compiler warnings 2009-01-07 14:12:01 +00:00
Daniel Stenberg 3c2ad4022c - Rob Crittenden did once again provide an NSS update:
I have to jump through a few hoops now with the NSS library initialization
  since another part of an application may have already initialized NSS by the
  time Curl gets invoked. This patch is more careful to only shutdown the NSS
  library if Curl did the initialization.

  It also adds in a bit of code to set the default ciphers if the app that
  call NSS_Init* did not call NSS_SetDomesticPolicy() or set specific
  ciphers. One might argue that this lets other application developers get
  lazy and/or they aren't using the NSS API correctly, and you'd be right.
  But still, this will avoid terribly difficult-to-trace crashes and is
  generally helpful.
2009-01-07 14:10:35 +00:00
Daniel Stenberg da6c15163b based on a report by Jim Meyering, I went over and added checks for return
codes for all calls to malloc and strdup that were missing. I also changed
a few malloc(13) to use arrays on the stack and a few malloc(PATH_MAX) to
instead use aprintf() to lower memory use.
I also fixed a memory leak in Curl_nss_connect() when CURLOPT_ISSUERCERT is
in use.
2008-11-15 23:43:10 +00:00
Daniel Stenberg 9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Daniel Stenberg 23e5402bec - Rob Crittenden brought a patch to "add some locking for thread-safety to NSS
implementation".
2008-09-23 10:27:04 +00:00
Yang Tse 59e378f48f remove unnecessary typecasting of malloc() 2008-09-06 05:29:05 +00:00
Dan Fandrich bb67388bbe Made some variables const 2008-09-04 19:43:35 +00:00
Yang Tse 3dcd2b82c4 fix print formatting string directives 2008-09-04 18:59:05 +00:00
Daniel Stenberg 98042b858d made Curl_nss_send() take const data to kill compiler warning 2008-06-21 21:19:42 +00:00
Daniel Stenberg da97f78ae0 - Phil Pellouchoud found a case where libcurl built with NSS failed to
handshake with a SSLv2 server, and it turned out to be because it didn't
  recognize the cipher named "rc4-md5". In our list that cipher was named
  plainly "rc4". I've now added rc4-md5 to work as an alias as Phil reported
  that it made things work for him again.
2008-06-20 11:15:54 +00:00
Daniel Stenberg 68b67e24f2 Removed the #define of ciphernum since keeping a define updated to be the
number of entries in a provided table is doomed to fail in the long run. Now
we use the NUM_OF_CIPHERS define instead to figure out the amount.
2008-06-19 05:47:27 +00:00
Daniel Stenberg c1e2341f0a s/strcasecmp/strequal to make it more portable 2008-06-19 05:42:45 +00:00
Daniel Stenberg e547bfa933 - Rob Crittenden brought a fix for the NSS layer that makes libcurl no longer
always fire up a new connection rather than using the existing one when the
  multi interface is used. Original bug report:
  https://bugzilla.redhat.com/show_bug.cgi?id=450140
2008-06-18 22:01:55 +00:00