summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* pop3: Fixed auth preference not being honored when CAPA not supportedSteve Holme2013-12-241-2/+6
| | | | | | | | | If a user indicated they preferred to authenticate using APOP or a SASL mechanism, but neither were supported by the server, curl would always fall back to clear text when CAPA wasn't supported, even though the user didn't want to use this. This also fixes the auto build failure caused by commit 6f2d5f0562f64a.
* Curl_pp_readresp: use memmove not memcpy, possibly overlapping areasDaniel Stenberg2013-12-241-1/+1
| | | | Fixes commit 1deac31eba7
* pop3: Fixed APOP being determined by CAPA response rather than by timestampSteve Holme2013-12-241-9/+7
| | | | | | | | This commit replaces that of 9f260b5d6610f3 because according to RFC-2449, section 6, there is no APOP capability "...even though APOP is an optional command in [POP3]. Clients discover server support of APOP by the presence in the greeting banner of an initial challenge enclosed in angle brackets."
* FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGEDaniel Stenberg2013-12-221-1/+8
| | | | | | | | | | | | | | | | | | The FILE:// code doesn't support this option - and it doesn't make sense to support it as long as it works as it does since then it'd only block even longer. But: setting CURLOPT_MAX_RECV_SPEED_LARGE would make the transfer first get done and then libcurl would wait until the average speed would get low enough. This happened because the transfer happens completely in the DO state for FILE:// but then it would still unconditionally continue in to the PERFORM state where the speed check is made. Starting now, the code will skip from DO_DONE to DONE immediately if no socket is set to be recv()ed or send()ed to. Bug: http://curl.haxx.se/bug/view.cgi?id=1312 Reported-by: Mohammad AlSaleh
* email: Fixed segfault introduced in commit 195b63f99c2fe3Steve Holme2013-12-223-3/+3
|
* code police: fix indent level to silence checksrc complaintsDaniel Stenberg2013-12-223-6/+6
|
* email: Extended the login options to support multiple auth mechanismsSteve Holme2013-12-213-62/+99
|
* Curl_pp_readresp: replace stupid loop with memcpyDaniel Stenberg2013-12-221-4/+2
|
* Curl_pp_readresp: zero terminate lineDaniel Stenberg2013-12-221-1/+1
| | | | | | | | | The comment in the code mentions the zero terminating after having copied data, but it mistakingly zero terminated the source data and not the destination! This caused the test 864 problem discussed on the list: http://curl.haxx.se/mail/lib-2013-12/0113.html Signed-off-by: Daniel Stenberg <daniel@haxx.se>
* Revert "pop3: Added debug information to assist with test864 failure"Steve Holme2013-12-211-3/+0
| | | | This reverts commit 727d798d680f29c8b3cb7d7f03d6b6a3eb4356da.
* pop3: Added debug information to assist with test864 failureSteve Holme2013-12-211-0/+3
|
* pop3: Fixed APOP timestamp detection from commit 1cfb436a2f1795Steve Holme2013-12-201-3/+3
|
* Makefile.inc: use standard source headerDaniel Stenberg2013-12-201-8/+21
|
* Makefile.inc: specify the vtls sources+headers separatelyDaniel Stenberg2013-12-201-36/+39
|
* vtls: renamed sslgen.[ch] to vtls.[ch]Daniel Stenberg2013-12-2024-29/+29
|
* openssl: renamed backend files to openssl.[ch]Daniel Stenberg2013-12-204-4/+4
|
* vtls: moved all TLS/SSL source and header files into subdirDaniel Stenberg2013-12-2023-17/+17
|
* vtls: created subdir, moved sslgen.[ch] there, updated all include linesDaniel Stenberg2013-12-2025-34/+29
|
* pop3: Fixed selection of APOP when server replies with an invalid timestampSteve Holme2013-12-201-2/+6
| | | | | | | Although highlighted by a bug in commit 1cfb436a2f1795, APOP authentication could be chosen if the server was to reply with an empty or missing timestamp in the server greeting and APOP was given in the capability list by the server.
* pop3: Fixed processing of more than one response when sent in same packetSteve Holme2013-12-201-6/+9
| | | | | | Added a loop to pop3_statemach_act() in which Curl_pp_readresp() is called until the cache is drained. Without this multiple responses received in a single packet could result in a hang or delay.
* pop3: Moved CAPA response handling to pop3_state_capa_resp()Steve Holme2013-12-191-82/+87
| | | | | | Similar to the processing of untagged CAPABILITY responses in IMAP and multi-line EHLO responses in SMTP, moved the processing of multi-line CAPA responses to pop3_state_capa_resp().
* pop3: Moved APOP detection into pop3_state_servergreet_resp()Steve Holme2013-12-191-26/+28
| | | | | | In an effort to reduce what pop3_endofresp() does and bring the POP3 source back inline with the IMAP and SMTP protocols, moved the APOP detection into pop3_state_servergreet_resp().
* imap/pop3/smtp: Added support for SASL authentication downgradesSteve Holme2013-12-183-6/+102
| | | | | | | | | Added support for downgrading the SASL authentication mechanism when the decoding of CRAM-MD5, DIGEST-MD5 and NTLM messages fails. This enhances the previously added support for graceful cancellation by allowing the client to retry a lesser SASL mechanism such as LOGIN or PLAIN, or even APOP / clear text (in the case of POP3 and IMAP) when supported by the server.
* smtp: fix compiler warningDaniel Stenberg2013-12-181-1/+0
| | | | smtp.c:478:21: error: unused variable 'smtpc' [-Werror=unused-variable]
* smtp: Moved the calculation of SASL login details into a separate functionSteve Holme2013-12-181-68/+92
|
* pop3: Moved the calculation of SASL login details into a separate functionSteve Holme2013-12-181-71/+93
|
* imap: Moved the calculation of SASL login details into a separate functionSteve Holme2013-12-181-68/+92
|
* smtp: Moved the sending of the AUTH command into a separate functionSteve Holme2013-12-181-13/+34
|
* pop3: Moved the sending of the AUTH command into a separate functionSteve Holme2013-12-181-13/+34
|
* imap: Moved the sending of the AUTHENICATE command into a separate functionSteve Holme2013-12-181-12/+33
|
* email: Renamed *_perform_authenticate() functionsSteve Holme2013-12-173-27/+23
| | | | | | In preparation for the upcoming SASL downgrade feature renamed the imap__perform_authenticate(), pop3__perform_authenticate() and smtp__perform_authenticate() functions.
* gtls: respect *VERIFYHOST independently of *VERIFYPEERDaniel Stenberg2013-12-161-6/+2
| | | | | | | | | | | | | | | Security flaw CVE-2013-6422 This is conceptually the same problem and fix that 3c3622b6 brought to the OpenSSL backend and that resulted in CVE-2013-4545. This version of the problem was independently introduced to the GnuTLS backend with commit 59cf93cc, present in the code since the libcurl 7.21.4 release. Advisory: http://curl.haxx.se/docs/adv_20131217.html Bug: http://curl.haxx.se/mail/lib-2013-11/0214.html Reported-by: Marc Deslauriers
* multi: add timer inaccuracy margin to timeout/connecttimeoutDaniel Stenberg2013-12-152-2/+5
| | | | | | | | | | | | | | | Since all systems have inaccuracy in the timeout handling it is imperative that we add an inaccuracy margin to the general timeout and connecttimeout handling with the multi interface. This way, when the timeout fires we should be fairly sure that it has passed the timeout value and will be suitably detected. For cases where the timeout fire before the actual timeout, we would otherwise consume the timeout action and still not run the timeout code since the condition wasn't met. Reported-by: He Qin Bug: http://curl.haxx.se/bug/view.cgi?id=1298
* login options: remove the ;[options] support from CURLOPT_USERPWDDaniel Stenberg2013-12-141-15/+6
| | | | | | | | | | | | | | | To avoid the regression when users pass in passwords containing semi- colons, we now drop the ability to set the login options with the same options. Support for login options in CURLOPT_USERPWD was added in 7.31.0. Test case 83 was modified to verify that colons and semi-colons can be used as part of the password when using -u (CURLOPT_USERPWD). Bug: http://curl.haxx.se/bug/view.cgi?id=1311 Reported-by: Petr Bahula Assisted-by: Steve Holme Signed-off-by: Daniel Stenberg <daniel@haxx.se>
* imap: Fixed exclude of clear text when using auth=* in commit 75cd7fd66762bbSteve Holme2013-12-141-1/+1
| | | | | | It is not 100% clear whether * should include clear text LOGIN or not from RFC-5092, however, including it is then consistent with current POP3 behaviour where clear text, APOP or SASL may be chosen.
* imap: Fixed incorrect fallback to clear text authenticationSteve Holme2013-12-132-12/+41
| | | | | | | | If a specific SASL authentication mechanism was requested by the user as part of the login options but wasn't supported by the server then curl would fallback to clear text, when it shouldn't, rather than reporting "No known authentication mechanisms supported" as the POP3 and SMTP protocols do.
* parsedate: avoid integer overflowEric Lubin2013-12-111-2/+2
| | | | | | | | | | | | | In C, signed integer overflow is undefined behavior. Thus, the compiler is allowed to assume that it will not occur. In the check for an overflow, the developer assumes that the signed integer of type time_t will wrap around if it overflows. However, this behavior is undefined in the C standard. Thus, when the compiler sees this, it simplifies t + delta < t to delta < 0. Since delta > 0 and delta < 0 can't both be true, the entire if statement is optimized out under certain optimization levels. Thus, the parsedate function would return PARSEDATE_OK with an undefined value in the time, instead of return -1 = PARSEDATE_FAIL.
* TFTP: let tftp_multi_statemach()'s return codes throughJames Dury2013-12-071-1/+1
| | | | | | | It would otherwise always clobber the return code with new function calls and it couldn't return timeout etc. Bug: http://curl.haxx.se/bug/view.cgi?id=1310
* darwinssl: Fix #if 10.6.0 for SecKeychainSearchMelissa Mears2013-12-071-4/+4
| | | | | | | | The comment here says that SecKeychainSearch causes a deprecation warning when used with a minimum Mac OS X SDK version of 10.7.0, which is correct. However, the #if guard did not match. It was intended to only use the code if 10.6.0 support was enabled, but it had 10.7.0 instead. This caused a warning if the minimum was exactly 10.7.0.
* digest: fix CURLAUTH_DIGEST_IEDaniel Stenberg2013-12-041-10/+11
| | | | | | | | | The URI that is passed in as part of the Authorization: header needs to be cut off at '?' if CURLAUTH_DIGEST_IE is set. Previously the code only did when calculating the MD5sum. Bug: http://curl.haxx.se/bug/view.cgi?id=1308 Patched-by: Sergey Tatarincev
* Curl_is_connected: use proxy name in error message when proxy is usedDaniel Stenberg2013-12-041-1/+2
| | | | | | | (bug introduced in 255826c4, never present in a release) Reported-by: Dima Tisnek Bug: http://curl.haxx.se/mail/lib-2013-12/0006.html
* imap/pop3: Post graceful cancellation consistency changesSteve Holme2013-12-042-5/+5
|
* pop3: Fix POP3_TYPE_ANY signed compilation warningMelissa Mears2013-12-041-1/+1
| | | | | | | | POP3_TYPE_ANY, or ~0, is written to pop3c->preftype in lib/pop3c.c, an unsigned int variable. The result of ~0 is -1, which caused a warning due to writing a negative number to an unsigned variable. To fix this, make the expression ~0U so that its value is considered the unsigned number UINT_MAX which is what SASL_AUTH_ANY does in curl_sasl.h.
* nss: make sure that 'sslver' is always initializedKamil Dudka2013-12-021-4/+5
|
* nss: unconditionally require NSS_InitContext()Kamil Dudka2013-12-021-26/+0
| | | | ... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway
* nss: allow to use TLS > 1.0 if built against recent NSSKamil Dudka2013-12-021-0/+22
| | | | Bug: http://curl.haxx.se/mail/lib-2013-11/0162.html
* nss: put SSL version selection into separate fncKamil Dudka2013-12-021-30/+42
|
* nss: use a better API for controlling SSL versionKamil Dudka2013-12-021-21/+19
| | | | This change introduces a dependency on NSS 3.14+.
* multi.c: Fixed compilation warningSteve Holme2013-12-011-3/+3
| | | | warning: declaration of 'pipe' shadows a global declaration
* base64: Corrected typo from commit f3ee587775c88aSteve Holme2013-12-011-2/+2
|