Age | Commit message (Collapse) | Author |
|
7.74.0
|
|
CVE-2020-8286
Reported by anonymous
Bug: https://curl.se/docs/CVE-2020-8286.html
|
|
Reported-by: Kovalkov Dmitrii and Per Nilsson
Fixes #6254
Fixes #6256
Closes #6260
|
|
To fix a memory-leak.
Closes #6267
|
|
Follow-up to 4c9768565ec3a9 (from Sep 2008)
Closes #6268
|
|
Update a few format specifiers to match what is being printed.
Closes #6241
|
|
EVP_MD_CTX_create will allocate memory for the context and returns
NULL in case the allocation fails. Make sure to catch any allocation
failures and exit early if so.
In passing, also move to EVP_DigestInit rather than EVP_DigestInit_ex
as the latter is intended for ENGINE selection which we don't do.
Closes #6224
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Emil Engler <me@emilengler.com>
|
|
Follow-up from 4d2f8006777
|
|
Closes #6172
|
|
Closes #6153
|
|
Follow-up to 68a513247409
Use a new separate define that is the combination of both
HAVE_OPENSSL_SRP and USE_TLS_SRP: USE_OPENSSL_SRP
Bug: https://curl.haxx.se/mail/lib-2020-10/0037.html
Closes #6094
|
|
... and fix a few occurances
Closes #6088
|
|
clang 10, mingw-w64:
```
vtls/openssl.c:2917:33: warning: comparison of integers of different signs: 'DWORD' (aka 'unsigned long') and 'HRESULT' (aka 'long')
[-Wsign-compare]
if(GetLastError() != CRYPT_E_NOT_FOUND)
~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~~~~
```
Approved-by: Daniel Stenberg
Closes #6062
|
|
Closes #6045
|
|
... in the code of gtls, nss, and openssl
Closes #5735
|
|
Follow-up from #5466 and f3d501dc678d80
Reported-by: Javier Navarro
Fixes #6025
Closes #6026
|
|
This matches what is returned in other TLS backends in the same
situation.
Reviewed-by: Jay Satiro
Reviewed-by: Emil Engler
Follow-up to 5a3efb1
Reported-by: iammrtau on github
Fixes #6003
Closes #6018
|
|
curl 7.72.0
|
|
curl 7.71.1
|
|
Closes #5629
|
|
configure --enable-debug now enables -Wassign-enum with clang,
identifying several enum "abuses" also fixed.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/879007f8118771f4896334731aaca5850a154675#commitcomment-42087553
Closes #5929
|
|
If the error reason from the lib is
SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED, libcurl will return
CURLE_PEER_FAILED_VERIFICATION and not CURLE_SSL_CONNECT_ERROR.
This unifies the libcurl return code and makes libressl run test 313
(CRL testing) fine.
Closes #5934
|
|
The code section that is OpenSSL 3+ specific now uses the same logic as
is used in the version < 3 section. It caused a compiler error without
it.
Closes #5907
|
|
Use uppercase C for internal symbols.
Closes #5906
|
|
As internal global names should use captical C.
Closes #5906
|
|
As internal global names should use captical C.
Closes #5906
|
|
Closes #5892
|
|
USE_TLS_SRP will be true if *any* selected TLS backend can use SRP
HAVE_OPENSSL_SRP is defined when OpenSSL can use it
HAVE_GNUTLS_SRP is defined when GnuTLS can use it
Clarify in the curl_verison_info docs that CURL_VERSION_TLSAUTH_SRP is
set if at least one of the supported backends offers SRP.
Reported-by: Stefan Strogin
Fixes #5865
Closes #5870
|
|
OpenSSL undefines the conflicting symbols but BoringSSL does not so we
must do it ourselves.
Reported-by: Samuel Tranchet
Assisted-by: Javier Blazquez
Ref: https://bugs.chromium.org/p/boringssl/issues/detail?id=371
Ref: https://github.com/openssl/openssl/blob/OpenSSL_1_1_1g/include/openssl/ossl_typ.h#L66-L73
Fixes https://github.com/curl/curl/issues/5669
Closes https://github.com/curl/curl/pull/5857
|
|
The get_cert_location function allocates memory only on success.
Previously get_cert_location was able to allocate memory and return
error. It wasn't obvious and in this case the memory wasn't
released.
Fixes #5855
Closes #5860
|
|
... not newline separated from the previous line. This makes it output
asterisk prefixed properly like other verbose putput!
Reported-by: jmdavitt on github
Fixes #5826
Closes #5827
|
|
The shutdown function is for downgrading a connection from TLS to plain,
and this is not requested here.
Have ssl_close reset the TLS connection state.
This partially reverts commit f002c850d98d
Reported-by: Rasmus Melchior Jacobsen
Reported-by: Denis Goleshchikhin
Fixes #5797
|
|
Closes #5778
|
|
Closes https://github.com/curl/curl/pull/5754
|
|
`SSL_CTX_add0_chain_cert` and `SSL_CTX_clear_chain_certs` were
introduced in LibreSSL 2.9.1 [0].
[0] https://github.com/libressl-portable/openbsd/commit/0db809ee178457c8170abfae3931d7bd13abf3ef
Closes https://github.com/curl/curl/pull/5757
|
|
Except where the results are only used for character output.
getenv is not touched because it's part of the public API, and having
it return UTF-8 instead of ANSI would be a breaking change.
Fixes https://github.com/curl/curl/issues/5658
Fixes https://github.com/curl/curl/issues/5712
Closes https://github.com/curl/curl/pull/5718
|
|
Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
defined.
Closes #5667
|
|
Avoid reference to fields that do not exist when CURL_DISABLE_PROXY is
defined.
Reviewed-by: Nicolas Sterchele
Closes #5666
|
|
`http_proxy`/`proxy_ssl`/`tunnel_proxy` will not be available in `conn`
if `CURL_DISABLE_PROXY` is enabled. Repair the build with that
configuration.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Closes #5645
|
|
Fixes: 89865c149 ("gnutls: remove the BACKEND define kludge")
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
|
|
Reported-by: Gergely Nagy
Fixes #5617
Closes #5619
|
|
Updated terminology in docs, comments and phrases to refer to C strings
as "null-terminated". Done to unify with how most other C oriented docs
refer of them and what users in general seem to prefer (based on a
single highly unscientific poll on twitter).
Reported-by: coinhubs on github
Fixes #5598
Closes #5608
|
|
Don't reference fields that do not exist. Fixes build failure:
vtls/mbedtls.c: In function 'mbed_connect_step1':
vtls/mbedtls.c:249:54: error: 'struct connectdata' has no member named 'http_proxy'
Closes #5615
|
|
- Include wincrypt before OpenSSL includes so that the latter can
properly handle any conflicts between the two.
Closes https://github.com/curl/curl/pull/5606
|
|
This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default
locations. Instead the CA store can now be used at the same time.
The change is due to the impending release. The issue is still being
discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and
is now documented as experimental.
Ref: bc052cc (parent commit)
Ref: https://github.com/curl/curl/issues/5585
|
|
Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.
Closes https://github.com/curl/curl/pull/5587
|
|
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES*
functions that OpenSSL has. This change take advantage of that.
Co-authored-by: Daniel Stenberg
Closes #5556
Fixes #5548
|
|
On some systems, openssl 1.0.x is still the default, but it has been
patched to contain all the recent security fixes. As a result of this
patching, it is possible for macro X509_V_FLAG_NO_ALT_CHAINS to be
defined, while the previous behavior of openssl to not look at trusted
chains first, remains.
Fix it: ensure X509_V_FLAG_TRUSTED_FIRST is always set, do not try to
probe for the behavior of openssl based on the existence ofmacros.
Closes #5530
|
|
`http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY`
is enabled. Repair the build with that configuration.
Follow-up to f3d501dc67
Closes #5498
|
|
Added build to travis to verify
Closes #5466
|