45b9b62de4
openssl: SSL_SESSION->ssl_version no longer exist
...
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!
Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
2015-02-05 11:57:33 +01:00
0d41c3e46b
MD5: fix compiler warnings and code style nits
2015-02-04 08:09:06 +01:00
57d6d253a1
MD5: replace implementation
...
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5
Code-by: Alexander Peslyak
2015-02-04 08:09:06 +01:00
7f1d76f7ee
MD4: fix compiler warnings and code style nits
2015-02-04 08:09:06 +01:00
211d5329f4
MD4: replace implementation
...
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4
Code-by: Alexander Peslyak
2015-02-04 08:09:05 +01:00
cfc6d460cb
telnet: Prefer 'CURLcode result' for curl result codes
2015-02-04 00:09:31 +00:00
0ebe2c15d1
hostasyn: Prefer 'CURLcode result' for curl result codes
2015-02-04 00:07:39 +00:00
28c9e1edf4
schannel: Prefer 'CURLcode result' for curl result codes
2015-02-04 00:07:16 +00:00
b3cbf4500d
unit1601: MD5 unit tests
2015-02-03 23:05:55 +01:00
83bb07027d
unit1600: unit test for Curl_ntlm_core_mk_nt_hash
2015-02-03 21:03:11 +01:00
0a7182f6ad
curl_sasl.c: More code policing
...
Better use of 80 character line limit, comment corrections and line
spacing preferences.
2015-02-02 16:50:39 +00:00
4161624e94
TODO: moved WinSSL/SChannel todo items into docs
2015-01-31 12:30:11 +01:00
8ca3b05624
curl_sasl.c: Fixed compilation warning when cryptography is disabled
...
curl_sasl.c:1506: warning: unused variable 'chlg'
2015-01-29 11:48:11 +00:00
6fdc8651bd
curl_sasl.c: Fixed compilation warning when verbose debug output disabled
...
curl_sasl.c:1317: warning: unused parameter 'conn'
2015-01-28 22:48:01 +00:00
8cc70db2db
ntlm_core: Use own odd parity function when crypto engine doesn't have one
2015-01-28 22:34:53 +00:00
c469369b86
ntlm_core: Prefer sizeof(key) rather than hard coded sizes
2015-01-28 22:34:52 +00:00
58e39b4da5
ntlm_core: Added consistent comments to DES functions
2015-01-28 22:34:51 +00:00
300876a7a6
des: Added Curl_des_set_odd_parity()
...
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
2015-01-28 22:34:49 +00:00
595a66ce0f
sasl: Minor code policing and grammar corrections
2015-01-28 19:23:37 +00:00
3cc9e9383b
ldap: build with BoringSSL
2015-01-28 14:22:11 +01:00
9d964e5477
security: avoid compiler warning
...
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.
Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
7b2012f262
sasl: remove XOAUTH2 from default enabled authentication mechanism.
2015-01-27 18:08:18 +01:00
fe79f20957
imap: remove automatic password setting: it breaks external sasl authentication
2015-01-27 17:34:40 +01:00
0d24f64473
sasl: implement EXTERNAL authentication mechanism.
...
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
2015-01-27 17:24:55 +01:00
e1bb13c09f
openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
...
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
2015-01-27 12:53:41 +00:00
a268a804b7
openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
...
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.
Reported-by: John E. Malmberg
2015-01-27 12:47:48 +00:00
5691325440
curl_setup: Disable SMB/CIFS support when HTTP only
2015-01-26 18:48:44 +00:00
23c6f0a344
OCSP stapling: disabled when build with BoringSSL
2015-01-22 23:34:43 +01:00
d1cf5d5706
openssl: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.
Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
e888e30476
BoringSSL: fix build for non-configure builds
...
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
12e45b8462
curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
...
Commit 7a8b2885e2
2015-01-22 21:32:41 +00:00
c260c9fad3
curl_sasl: Minor code policing following recent commits
2015-01-22 21:08:18 +00:00
eb748f159a
BoringSSL: detected by configure, switches off NTLM
2015-01-22 16:39:01 +01:00
d6c4695dcd
BoringSSL: no PKCS12 support nor ERR_remove_state
2015-01-22 16:39:01 +01:00
261208d432
BoringSSL: fix build
2015-01-22 16:39:01 +01:00
795f013006
curl_sasl.c: chlglen is not used when cryptography is disabled
2015-01-20 19:28:54 +00:00
71f8fdee81
curl_sasl.c: Fixed compilation warning when cyptography is disabled
...
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
variable
2015-01-20 19:25:43 +00:00
6005b0d99c
curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
...
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier
This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20 19:24:47 +00:00
7a8b2885e2
SASL: make some procedures local-scoped
2015-01-20 18:17:55 +01:00
79543caf90
SASL: common state engine for imap/pop3/smtp
2015-01-20 17:33:05 +01:00
e1ea18f90e
SASL: common URL option and auth capabilities decoders for all protocols
2015-01-20 15:27:25 +01:00
5f09cbcdbd
IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters.
2015-01-20 14:14:26 +01:00
960b04e137
ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
...
Reported-by: Chris Young
2015-01-20 09:03:55 +01:00
089783c838
timeval: typecast for better type (on Amiga)
...
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when. It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements. If the OS one ends up
getting defined, this causes a timing calculation error in curl.
It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
2015-01-20 08:53:14 +01:00
be57f689b0
openssl: do public key pinning check independently
...
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.
Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
2015-01-19 23:20:13 +01:00
2cc571f9e3
ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
...
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
1cbc8fd3d1
http_negotiate: Use dynamic buffer for SPN generation
...
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
2015-01-18 15:45:12 +00:00
9c4fa400cf
sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public
2015-01-18 15:42:26 +00:00
b9fd757d03
sasl_gssapi: Fixed memory leak with local SPN variable
2015-01-18 15:40:07 +00:00
3a9419f65a
http_negotiate.c: unused variable 'ret'
2015-01-17 23:14:40 +01:00
1d25acb038
gskit.h: Code policing of function pointer arguments
2015-01-17 17:02:01 +00:00
5d5c78b47f
vtls: Removed unimplemented overrides of curlssl_close_all()
...
Carrying on from commit 037cd0d991
2015-01-17 16:41:03 +00:00
8bb3443a21
vtls: Separate the SSL backend definition from the API setup
...
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
2015-01-17 15:38:22 +00:00
30ef1a0779
vtls: Fixed compilation errors when SSL not used
...
Fixed the following warning and error from commit 3af90a6e19
2015-01-17 15:16:07 +00:00
81b98dafa1
http_negotiate: Added empty decoded challenge message info text
2015-01-17 14:58:36 +00:00
47438daa60
http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int
2015-01-17 14:57:17 +00:00
36e6404228
http_negotiate_sspi: Prefer use of 'attrs' for context attributes
...
Use the same variable name as other areas of SSPI code.
2015-01-17 13:28:44 +00:00
930be07067
http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
...
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
2015-01-17 13:28:03 +00:00
30eb6bbdc9
http_negotiate_sspi: Use 'CURLcode result' for CURL result code
2015-01-17 13:15:09 +00:00
a2f8887b79
curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
...
Missed Curl_read64_be() in commit bb12d44471
2015-01-16 23:01:27 +00:00
a4065ebf1c
copyright years: after OCSP stapling changes
2015-01-16 23:23:29 +01:00
f46c6fbee0
nss: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires NSS 3.15 or higher.
2015-01-16 23:23:29 +01:00
f13669a375
gtls: add support for the Certificate Status Request TLS extension
...
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.
This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
2015-01-16 23:23:29 +01:00
3af90a6e19
url: add CURLOPT_SSL_VERIFYSTATUS option
...
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.
This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
bb12d44471
curl_endian: Fixed build when 64-bit integers are not supported
...
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
2015-01-16 12:31:24 +00:00
cc28bc472e
Curl_pretransfer: reset expected transfer sizes
...
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
2015-01-14 23:31:57 +01:00
e9834808e9
curl_schannel.c: mark session as removed from cache if not freed
...
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.
Reported-by: Jean-Francois Durand
2015-01-12 21:56:05 +01:00
d21b66835f
Merge pull request #134 from vszakats/mingw-m64
...
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-09 22:03:12 +01:00
4e58589b0e
Merge pull request #136 from vszakats/mingw-allow-custom-cflags
...
mingw build: allow to pass custom CFLAGS
2015-01-09 22:02:23 +01:00
e6b4b4b66d
NSS: fix compiler error when built http2-enabled
2015-01-09 21:55:52 +01:00
355bf01c82
gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
...
Better code reuse and consistency in calls to gss_import_name().
2015-01-09 20:37:47 +00:00
b4f13a4952
mingw build: allow to pass custom CFLAGS
2015-01-09 21:03:54 +01:00
99e71e6a84
FTP: if EPSV fails on IPV6 connections, bail out
...
... instead of trying PASV, since PASV can't work with IPv6.
Reported-by: Vojtěch Král
2015-01-08 22:32:37 +01:00
9a452ba3a1
FTP: fix IPv6 host using link-local address
...
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.
Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.
Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2015-01-08 22:32:37 +01:00
c712fe01a9
NetWare build: added TLS-SRP enabled build.
2015-01-08 21:40:35 +01:00
5c0e66d632
sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
...
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
2015-01-08 19:36:58 +00:00
acc8089bc2
add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-08 18:19:03 +01:00
4ce22c607b
darwinssl: fix session ID keys to only reuse identical sessions
...
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.
Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
2015-01-07 22:55:56 +01:00
178bd7db34
url-parsing: reject CRLFs within URLs
...
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
2015-01-07 22:55:56 +01:00
f7d5ecec9c
ldap: Convert attribute output to UTF-8 when Unicode
2015-01-07 20:01:29 +00:00
4e420600c1
ldap: Convert DN output to UTF-8 when Unicode
2015-01-07 20:01:27 +00:00
9547954978
hostip: remove 'stale' argument from Curl_fetch_addr proto
...
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
2015-01-07 14:06:12 +00:00
4626f31d0e
ldap/imap: Fixed spelling mistake in comments and variable names
...
Reported-by: Michael Osipov
2015-01-07 13:50:56 +00:00
39217edb12
curl_multibyte.h: Eliminated some trailing whitespace
2015-01-05 10:08:08 +01:00
ea93252ef1
ldap: Fixed Unicode usage for all Win32 builds
...
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
2015-01-04 22:19:30 +00:00
f6b168de4c
ldap: Fixed memory leak from commit efb64fdf80
2015-01-04 20:33:58 +00:00
4113ad50e4
ldap: Fix memory leak from commit 3a805c5cc1
2015-01-04 20:06:04 +00:00
c37dcf0edb
ldap: Fixed attribute variable warnings when Unicode is enabled
...
Use 'TCHAR *' for local attribute variable rather than 'char *'.
2015-01-04 16:25:17 +00:00
5359936d07
ldap: Fixed DN variable warnings when Unicode is enabled
...
Use 'TCHAR *' for local DN variable rather than 'char *'.
2015-01-04 16:21:13 +00:00
ea4f98dca6
ldap: Remove the unescape_elements() function
...
Due to the recent modifications this function is no longer used.
2015-01-04 16:11:36 +00:00
f9b50910e0
ldap.c: Fixed compilation warning
...
ldap.c:98: warning: extra tokens at end of #endif directive
2015-01-04 16:11:08 +00:00
84143dc57d
ldap: Fixed support for Unicode filter in Win32 search call
2015-01-04 15:16:22 +00:00
747bad7c09
ldap.c: Fixed compilation warning
...
ldap.c:802: warning: comparison between signed and unsigned integer
expressions
2015-01-04 15:16:21 +00:00
3a805c5cc1
ldap: Fixed support for Unicode attributes in Win32 search call
2015-01-04 14:27:51 +00:00
7241527956
ldap: Fixed memory leak from commit efb64fdf80
...
The unescapped DN was not freed after a successful character conversion.
2015-01-04 14:21:29 +00:00
825b0c7968
ldap.c: Fixed compilation error
...
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
just 1
2015-01-04 13:16:20 +00:00
2948954535
ldap.c: Fixed compilation warning
...
ldap.c:89: warning: extra tokens at end of #endif directive
2015-01-04 13:04:06 +00:00
efb64fdf80
ldap: Fixed support for Unicode DN in Win32 search call
2015-01-04 12:10:26 +00:00
6416dc998b
ldap: Fixed Unicode user and password in Win32 bind calls
2015-01-04 01:57:09 +00:00
0f26148423
ldap: Fixed Unicode host name in Win32 initialisation calls
2015-01-04 01:56:08 +00:00
Daniel Stenberg
Steve Holme
Marc Hoersken
Gisle Vanem
Patrick Monnerat
Brad Spencer
Alessandro Ghedini
Leith Bade
Chris Young
Guenter Knauf
Viktor Szakats
Dan Fandrich