summaryrefslogtreecommitdiff
path: root/lib/sslgen.c
Commit message (Collapse)AuthorAgeFilesLines
* OS400: new SSL backend GSKitPatrick Monnerat2013-07-151-0/+2
|
* ssluse.c,sslgen.c,sslgen.h: move certinfo support to generic SSLPatrick Monnerat2013-07-151-0/+65
|
* sslgen.c: fix Curl_rand() compiler warningYang Tse2013-07-151-31/+29
| | | | Use simple seeding method upon RANDOM_FILE seeding method failure.
* sslgen.c: fix unreleased Curl_rand() infinite recursionYang Tse2013-07-151-3/+4
|
* formpost: better random boundariesDaniel Stenberg2013-06-251-5/+74
| | | | | | | | | | | | | | | | | | | | | | | | | | When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+541
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 93 lib/*.c filesYang Tse2013-01-031-541/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 93 lib/*.c source files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: lib/amigaos.c -> lib/curl_amigaos.c renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c renamed: lib/axtls.c -> lib/curl_axtls.c renamed: lib/base64.c -> lib/curl_base64.c renamed: lib/bundles.c -> lib/curl_bundles.c renamed: lib/conncache.c -> lib/curl_conncache.c renamed: lib/connect.c -> lib/curl_connect.c renamed: lib/content_encoding.c -> lib/curl_content_encoding.c renamed: lib/cookie.c -> lib/curl_cookie.c renamed: lib/cyassl.c -> lib/curl_cyassl.c renamed: lib/dict.c -> lib/curl_dict.c renamed: lib/easy.c -> lib/curl_easy.c renamed: lib/escape.c -> lib/curl_escape.c renamed: lib/file.c -> lib/curl_file.c renamed: lib/fileinfo.c -> lib/curl_fileinfo.c renamed: lib/formdata.c -> lib/curl_formdata.c renamed: lib/ftp.c -> lib/curl_ftp.c renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c renamed: lib/getenv.c -> lib/curl_getenv.c renamed: lib/getinfo.c -> lib/curl_getinfo.c renamed: lib/gopher.c -> lib/curl_gopher.c renamed: lib/gtls.c -> lib/curl_gtls.c renamed: lib/hash.c -> lib/curl_hash.c renamed: lib/hmac.c -> lib/curl_hmac.c renamed: lib/hostasyn.c -> lib/curl_hostasyn.c renamed: lib/hostcheck.c -> lib/curl_hostcheck.c renamed: lib/hostip.c -> lib/curl_hostip.c renamed: lib/hostip4.c -> lib/curl_hostip4.c renamed: lib/hostip6.c -> lib/curl_hostip6.c renamed: lib/hostsyn.c -> lib/curl_hostsyn.c renamed: lib/http.c -> lib/curl_http.c renamed: lib/http_chunks.c -> lib/curl_http_chunks.c renamed: lib/http_digest.c -> lib/curl_http_digest.c renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c renamed: lib/http_proxy.c -> lib/curl_http_proxy.c renamed: lib/idn_win32.c -> lib/curl_idn_win32.c renamed: lib/if2ip.c -> lib/curl_if2ip.c renamed: lib/imap.c -> lib/curl_imap.c renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c renamed: lib/inet_pton.c -> lib/curl_inet_pton.c renamed: lib/krb4.c -> lib/curl_krb4.c renamed: lib/krb5.c -> lib/curl_krb5.c renamed: lib/ldap.c -> lib/curl_ldap.c renamed: lib/llist.c -> lib/curl_llist.c renamed: lib/md4.c -> lib/curl_md4.c renamed: lib/md5.c -> lib/curl_md5.c renamed: lib/memdebug.c -> lib/curl_memdebug.c renamed: lib/mprintf.c -> lib/curl_mprintf.c renamed: lib/multi.c -> lib/curl_multi.c renamed: lib/netrc.c -> lib/curl_netrc.c renamed: lib/non-ascii.c -> lib/curl_non_ascii.c renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h renamed: lib/nonblock.c -> lib/curl_nonblock.c renamed: lib/nss.c -> lib/curl_nss.c renamed: lib/nwlib.c -> lib/curl_nwlib.c renamed: lib/nwos.c -> lib/curl_nwos.c renamed: lib/openldap.c -> lib/curl_openldap.c renamed: lib/parsedate.c -> lib/curl_parsedate.c renamed: lib/pingpong.c -> lib/curl_pingpong.c renamed: lib/polarssl.c -> lib/curl_polarssl.c renamed: lib/pop3.c -> lib/curl_pop3.c renamed: lib/progress.c -> lib/curl_progress.c renamed: lib/qssl.c -> lib/curl_qssl.c renamed: lib/rawstr.c -> lib/curl_rawstr.c renamed: lib/rtsp.c -> lib/curl_rtsp.c renamed: lib/security.c -> lib/curl_security.c renamed: lib/select.c -> lib/curl_select.c renamed: lib/sendf.c -> lib/curl_sendf.c renamed: lib/share.c -> lib/curl_share.c renamed: lib/slist.c -> lib/curl_slist.c renamed: lib/smtp.c -> lib/curl_smtp.c renamed: lib/socks.c -> lib/curl_socks.c renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c renamed: lib/speedcheck.c -> lib/curl_speedcheck.c renamed: lib/splay.c -> lib/curl_splay.c renamed: lib/ssh.c -> lib/curl_ssh.c renamed: lib/sslgen.c -> lib/curl_sslgen.c renamed: lib/ssluse.c -> lib/curl_ssluse.c renamed: lib/strdup.c -> lib/curl_strdup.c renamed: lib/strequal.c -> lib/curl_strequal.c renamed: lib/strerror.c -> lib/curl_strerror.c renamed: lib/strtok.c -> lib/curl_strtok.c renamed: lib/strtoofft.c -> lib/curl_strtoofft.c renamed: lib/telnet.c -> lib/curl_telnet.c renamed: lib/tftp.c -> lib/curl_tftp.c renamed: lib/timeval.c -> lib/curl_timeval.c renamed: lib/transfer.c -> lib/curl_transfer.c renamed: lib/url.c -> lib/curl_url.c renamed: lib/version.c -> lib/curl_version.c renamed: lib/warnless.c -> lib/curl_warnless.c renamed: lib/wildcard.c -> lib/curl_wildcard.c ----------------------------------------
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-16/+16
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>Yang Tse2012-12-141-4/+0
| | | | Inclusion of top two most included header files now done in setup_once.h
* sslgen.c: cleanup temporary compile-time SSL-backend checkYang Tse2012-06-281-36/+4
|
* sslgen: avoid compiler error in SSPI buildsDaniel Stenberg2012-06-271-0/+5
|
* sslgen.c: add compile-time check for SSL-backend completenessYang Tse2012-06-271-0/+33
|
* DarwinSSL: several adjustmentsNick Zitzmann2012-06-261-1/+1
| | | | | | | | - Renamed st_ function prefix to darwinssl_ - Renamed Curl_st_ function prefix to Curl_darwinssl_ - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h - Fixed a teensy little bug that made non-blocking connection attempts block - Made it so that it builds cleanly against the iOS 5.1 SDK
* SSL cleanup: use crypto functions through the sslgen layerDaniel Stenberg2012-06-261-0/+15
| | | | | | curl_ntlm_msgs.c would previously use an #ifdef maze and direct SSL-library calls instead of using the SSL layer we have for this purpose.
* darwinssl: add support for native Mac OS X/iOS SSLNick Zitzmann2012-06-261-0/+2
|
* schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPIMarc Hoersken2012-06-111-0/+2
|
* ssl: fix duplicated SSL handshake with multi interface and proxyKamil Dudka2012-06-081-5/+5
| | | | | Bug: https://bugzilla.redhat.com/788526 Reported by: Enrico Scholz
* ssl session caching: fix compiler warningsYang Tse2012-01-181-23/+16
|
* Use Curl_ssl_connect for non-blocking connect fallbackSven Wegener2011-12-191-2/+1
| | | | | | | This gets the appconnect time right for ssl backends, which don't support non-blocking connects. Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
* SSLSESSION_SHARED: new macro to check if session is sharedDaniel Stenberg2011-11-251-16/+13
| | | | | | Added convenience macro to use to check if a handle is using a shared SSL session, and fixed so that Curl_ssl_close_all() doesn't lock when the session isn't shared.
* getsessionid: don't ever return while lockedDaniel Stenberg2011-11-171-9/+13
| | | | Also, check for the session sharing bit instead of comparing pointers
* Curl_ssl_getsessionid: increase the value, not the pointerDaniel Stenberg2011-11-171-1/+1
|
* SSL session share: move the age counter to the share objectAlejandro Alvarez Ayllon2011-11-171-5/+16
| | | | | Previously the age counter would be counted individually in each easy handle that shared SSL sessions!
* libcurl: some OOM handling fixesYang Tse2011-10-071-1/+4
|
* SSL session sharing support addedAlejandro Alvarez2011-09-281-7/+42
| | | | With locking, plus test, plus documentation
* fix bool variables checking and assignmentYang Tse2011-09-051-3/+3
|
* stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse2011-07-261-3/+0
|
* source cleanup: unify look, style and indent levelsDaniel Stenberg2011-04-271-2/+2
| | | | | By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
* Curl_ssl_shutdown: restore send/recv pointersDaniel Stenberg2011-04-161-1/+4
| | | | | | | | When going back from SSL, put the send/recv function pointers back to the plain versions. Bug: http://curl.haxx.se/mail/lib-2011-04/0070.html Reported by: Mehmet Bozkurt
* SSL: (part 2) Added CyaSSL to SSL abstraction layerTodd A Ouska2011-03-081-0/+2
| | | | This is the modified existing files commit.
* SSL: fix memory leakQuinn Slack2011-01-101-1/+4
| | | | In OOM situation. Follow-up fix to commit a9cd4f4ed49e1a0.
* Preparing for axTLS. Actual SSL API functions are only stubbed.Eric Hu2010-12-151-0/+1
| | | | | | Added axTLS to autotool files and glue code to misc other files. axtls.h maps SSL API functions, but may change. axtls.c is just a stub file and will definitely change.
* sendrecv: split the I/O handling into private handlerHoward Chu2010-05-071-19/+0
| | | | | | | | | | | | | | Howard Chu brought the bulk work of this patch that properly moves out the sending and recving of data to the parts of the code that are properly responsible for the various ways of doing so. Daniel Stenberg assisted with polishing a few bits and fixed some minor flaws in the original patch. Another upside of this patch is that we now abuse CURLcodes less with the "magic" -1 return codes and instead use CURLE_AGAIN more consistently.
* PolarSSL: initial support addedHoi-Ho Chan2010-05-051-0/+2
| | | | | | This is Hoi-Ho Chan's patch with some minor fixes by me. There are some potential issues in this, but none worse than we can sort out on the list and over time.
* refactorize interface of Curl_ssl_recv/Curl_ssl_sendKamil Dudka2010-04-041-26/+10
|
* remove the CVSish $Id$ linesDaniel Stenberg2010-03-241-1/+0
|
* Fix insufficient initialization in Curl_clone_ssl_config()douglas steinwand2010-03-221-0/+10
| | | | which could have caused a double free when reusing curl handle.
* - Improved Curl_read() to not ignore the error returned from Curl_ssl_recv().Kamil Dudka2010-03-191-5/+5
|
* Make usage of calloc()'s arguments consistent with rest of code baseYang Tse2009-11-181-1/+1
|
* - Michael Smith posted bug report #2786255Daniel Stenberg2009-05-041-0/+16
| | | | | | | | (http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how libcurl did not deal with SSL session ids properly if the server rejected a re-use of one. Starting now, it will forget the rejected one and remember the new. This change was for OpenSSL only, it is likely that other SSL lib code needs similar fixes.
* - Bug report #2779733 (http://curl.haxx.se/bug/view.cgi?id=2779733) by SvenDaniel Stenberg2009-04-261-1/+5
| | | | | Wegener pointed out that CURLINFO_APPCONNECT_TIME didn't work with the multi interface and provided a patch that fixed the problem!
* libcurl's memory.h renamed to curl_memory.hYang Tse2009-04-211-1/+1
|
* corrected and clarified the top commentDaniel Stenberg2009-02-251-4/+4
|
* moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg2008-10-231-2/+2
| | | | inclusion by the curl tool without colliding with the curl_strequal functions.
* Created Curl_raw_nequal() which does a C-locale string case comparison.Dan Fandrich2008-10-231-3/+1
| | | | | | | Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems.
* remove unnecessary typecasting of calloc()Yang Tse2008-09-061-2/+1
|
* Only compile Curl_ssl_free_certinfo when SSL is enabledDan Fandrich2008-09-051-1/+1
|
* - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. ByDaniel Stenberg2008-09-051-0/+12
| | | | | | | | | | | | | enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS or FTPS), libcurl will gather lots of server certificate info and that info can then get extracted by a client after the request has completed with curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing helped me test and smoothen out this feature. Unfortunately, this feature currently only works with libcurl built to use OpenSSL. This feature was sponsored by networking4all.com - thanks!
* Introcuding a new timestamp for curl_easy_getinfo():Daniel Stenberg2008-07-031-2/+9
| | | | | | | | CURLINFO_APPCONNECT_TIME. This is set with the "application layer" handshake/connection is completed (typically SSL, TLS or SSH). By using this you can figure out the application layer's own connect time. You can extract the time stamp using curl's -w option and the new variable named 'time_appconnect'. This feature was sponsored by Lenny Rachitsky at NeuStar.
View Lorry Controller Status