Daniel Stenberg
d8cf2d42c0
prevent warning for non-SSL builds
2003-11-24 11:44:04 +00:00
Daniel Stenberg
1e98727c55
FTPS support added as RFC2228 and the murray-ftp-auth-ssl draft describe it
2003-11-24 07:15:37 +00:00
Daniel Stenberg
dfe0118033
Mathias Axelsson found a case where we free()d the server certificate twice!
2003-11-15 10:00:20 +00:00
Daniel Stenberg
14f795816d
Georg Horn's fixes to do different CA cert verifications. They can now be
...
done even if the result is ignored, as some sites seem to require that.
2003-10-23 07:44:55 +00:00
Daniel Stenberg
597c1fe6bc
rewritten alternative name check
2003-10-16 13:44:34 +00:00
Daniel Stenberg
c6a0bb99af
bad license situation for the altname patch
2003-10-15 14:42:11 +00:00
Daniel Stenberg
ff5b6ff528
fixed to build fine without ssl
2003-10-08 13:06:50 +00:00
Daniel Stenberg
6494889e3b
Neil Dunbar provided a patch that now makes libcurl check SSL
...
subjectAltNames when matching certs. This is apparently detailed in RFC2818
as the right thing to do. I had to add configure checks for inet_pton() and
our own (strictly speaking, code from BIND written by Paul Vixie) provided
code for the function for platforms that miss it.
2003-10-07 21:46:47 +00:00
Daniel Stenberg
481094db90
warn if no CN is available if verify is only set to 1
2003-09-03 20:47:17 +00:00
Daniel Stenberg
a8c78cbbb0
CRYPTO_cleanup_all_ex_data() is not present in all OpenSSL versions so
...
we need to check for its presence in the configure script
2003-08-19 09:56:16 +00:00
Daniel Stenberg
dafc652f63
Loren Kirkby pointed out that we need to call CRYPTO_cleanup_all_ex_data()
...
when we cleanup the SSL stuff to not leak any memory.
I wish this was documented anywhere.
2003-08-19 07:51:09 +00:00
Daniel Stenberg
f9c3347f7c
re-use existing variable instead of declaring a new local one
2003-07-05 13:27:02 +00:00
Daniel Stenberg
45fc760985
Peter Sylvester's patch was applied that introduces the following:
...
CURLOPT_SSL_CTX_FUNCTION to set a callback that gets called with the
OpenSSL's ssl_ctx pointer passed in and allow a callback to act on it. If
anything but CURLE_OK is returned, that will also be returned by libcurl
all the way back. If this function changes the CURLOPT_URL, libcurl will
detect this and instead go use the new URL.
CURLOPT_SSL_CTX_DATA is a pointer you set to get passed to the callback set
with CURLOPT_SSL_CTX_FUNCTION.
2003-07-04 16:29:23 +00:00
Daniel Stenberg
308bc9d919
use CURLDEBUG instead of MALLOCDEBUG for preprocessor conditions
2003-06-26 11:22:12 +00:00
Daniel Stenberg
d288222e80
work-around SSL implementation flaws better, pointed out in bug report
...
#745122 .
2003-06-02 13:27:03 +00:00
Daniel Stenberg
f213e857ab
Andy Cedilnik fixed some compiler warnings
2003-05-01 13:37:36 +00:00
Daniel Stenberg
0b839c4f77
return the same error for the sslv2 "certificate verify failed" code
2003-04-14 22:00:36 +00:00
Daniel Stenberg
21873b52e9
Restored the SSL error codes since they was broken in the 7.10.4 release,
...
also now attempt to detect and return the specific CACERT error code.
2003-04-14 12:53:29 +00:00
Daniel Stenberg
9558f229db
Fixup after talks with Richard Bramante. We should now make better
...
comparisons before re-using SSL connections and re-using SSL connection IDs.
2003-03-31 05:13:26 +00:00
Daniel Stenberg
afffce80f0
Philippe Raoult needed this to build on FreeBSD
2003-03-13 21:41:02 +00:00
Daniel Stenberg
8755a6d1ac
Richard Gorton improved the random_the_seed() function for systems where
...
we don't find/know of a good random source. This way, we get a better
randomness which in turn should make SSL connections more secure.
2003-03-11 18:55:34 +00:00
Daniel Stenberg
9121b1f41d
the strequal and strnequal should now be called with the proper curl_ prefix
2003-02-28 12:20:08 +00:00
Daniel Stenberg
a3d3642a30
spell better
2003-02-27 23:10:38 +00:00
Daniel Stenberg
69ab4cd391
include <sys/socket.h> to compile the fd_set stuff properly on all systems
2003-02-14 09:03:03 +00:00
Daniel Stenberg
f56d006f93
Re-arranged the SSL connection code (again). The recent fix was not a very
...
good one. This should work fine again.
2003-02-05 07:43:05 +00:00
Daniel Stenberg
5d28f3781b
Improved error reporting in case of bad SSL_connect()s, and we also no
...
longer use the SSL functions that store the error message in a static buffer
since that is not very multi-thread friendly.
2003-02-04 12:29:57 +00:00
Daniel Stenberg
a7c72b7abf
removed the local variables for emacs and vim, use the new sample.emacs
...
way for emacs, and vim users should provide a similar non-polluting style
2003-01-29 10:14:20 +00:00
Daniel Stenberg
f26a338a54
copyright year update in the source header
2003-01-16 21:08:12 +00:00
Daniel Stenberg
ca134d5522
Philippe Raoult's fix to handle wildcard certificate name checks
2003-01-07 16:33:11 +00:00
Daniel Stenberg
3aea0d3d68
Evan Jordan's fix for a memory leak. Bug report 650989.
2002-12-13 14:08:49 +00:00
Daniel Stenberg
4bcc866c52
The fread() callback pointer and associated pointer is now stored in the
...
connectdata struct instead, and is no longer modified within the 'set' struct
as previously (which was a really BAAAD thing).
2002-12-09 15:37:54 +00:00
Daniel Stenberg
ba4e69bebc
updated source code boilerplate/header
2002-09-03 11:52:59 +00:00
Daniel Stenberg
56c43604d0
if verifypeer is enabled but nether CAfile nor CApath is, then don't try
...
to load "verify_locations"
2002-08-30 12:07:42 +00:00
Daniel Stenberg
0e0caf7c06
CURLE_SSL_INSECURE is removed again and so is CURLOPT_SSL_INSECURE, we
...
proceed fine with the already existing options, just having a different
internal library default for capath.
2002-08-30 11:09:49 +00:00
Daniel Stenberg
8b77f40f99
This fix MIGHT make us build nicely with OpenSSL 0.9.7. This fix is based
...
on a patch from Jacob Meuser, input from Gtz Babin-Ebell and my own
browsing of the latest include files.
2002-06-10 12:38:10 +00:00
Daniel Stenberg
323f195036
ASN1 files don't work for the *chain_file(), make them use the previous
...
version
2002-05-21 08:15:42 +00:00
Daniel Stenberg
fe3ba1dd11
Roland Zimmermann's hint, we use SSL_CTX_use_certificate_chain_file() instead
...
of the previous one that used SSL_CTX_use_certificate_file()
2002-05-20 14:25:35 +00:00
Daniel Stenberg
974f314f57
copyright string (year) update
2002-03-19 07:54:55 +00:00
Daniel Stenberg
5b58e61f28
now re-seed by force (even if already seeded) if a random file or egd socket
...
is given
2002-01-30 08:17:23 +00:00
Daniel Stenberg
f114caca90
- T. Bharath pointed out that we seed SSL on every connect, which is a time-
...
consuming operation that should only be needed to do once. We patched
libcurl to now only seed on the first connect when unseeded. The seeded
status is global so it'll now only happen once during a program's life time.
2002-01-29 14:11:38 +00:00
Daniel Stenberg
eba8035e12
Richard Archer made it compile and build with OpenSSL versions prior to
...
0.9.5
2002-01-17 10:40:13 +00:00
Daniel Stenberg
d84a0c51e0
Cris Bailiff found out that when the SSL session cache was filled, libcurl
...
would crash. This corrects the problem.
2002-01-09 09:38:37 +00:00
Daniel Stenberg
d57e09889a
added a missing failf() before returning an error code
2002-01-08 23:23:24 +00:00
Daniel Stenberg
d3299beec7
Modified to use non-blocking sockets all the time.
2002-01-07 18:38:01 +00:00
Daniel Stenberg
af6c394785
Gtz Babin-Ebell's OpenSSL ENGINE patch
2001-12-17 23:01:39 +00:00
Daniel Stenberg
e192261788
failf() calls should not have newlines in the message string!
2001-12-11 13:13:01 +00:00
Daniel Stenberg
b8ff21124a
Samuel Listopad's fix to allow global_init => global_cleanup => global_init
...
for ssl
2001-11-14 07:11:39 +00:00
Daniel Stenberg
2f77b0a4c6
we can now tell ssl to use TLSv1 protocol, and we now use defines instead
...
of real integers for versions, the defines are added to curl.h
2001-11-05 14:06:42 +00:00
Sterling Hughes
8e91d5de8e
looks nicer and is better compatible with older vim versions
2001-10-11 09:32:19 +00:00
Daniel Stenberg
645413f5ef
Lots of praise and glory to Vojtech Minarik for setting up a test server
...
and providing me with test-certificates that helped me nail the problem with
curl not discovering with a bad certificate was used.
2001-09-19 21:49:11 +00:00