Commit Graph

1373 Commits

Author SHA1 Message Date
Kamil Dudka
26613d7817 nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
Do not use the error messages from NSS for errors not occurring in NSS.
2013-01-15 13:20:56 +01:00
Kamil Dudka
b36f1d26f8 nss: clear session cache if a client cert from file is used
This commit fixes a regression introduced in 052a08ff.

NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
and if we connect second time to the same server, the cached cert/key
pair is used.  If we use multiple client certificates for different
paths on the same server, we need to clear the session cache to force
NSS to call the hook again.  The commit 052a08ff prevented the session
cache from being cleared if a client certificate from file was used.

The condition is now fixed to cover both cases: consssl->client_nickname
is not NULL if a client certificate from the NSS database is used and
connssl->obj_clicert is not NULL if a client certificate from file is
used.

Review by: Kai Engert
2013-01-11 10:59:11 +01:00
Daniel Stenberg
431ead1c9a RELEASE-NOTES: synced with e3ed2b82e6 2012-12-27 20:15:07 +01:00
Kamil Dudka
68d2830ee9 nss: prevent NSS from crashing on client auth hook failure
Although it is not explicitly stated in the documentation, NSS uses
*pRetCert and *pRetKey even if the client authentication hook returns
a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
afterwards, NSS destroys the certificate once again, which causes a
double free.

Reported by: Bob Relyea
2012-12-03 13:34:36 +01:00
Daniel Stenberg
ba476bb6d8 bump: start working on 7.28.2 2012-11-20 10:27:36 +01:00
Daniel Stenberg
b9fdb721f2 RELEASE-NOTES: synced with 52af6e69f0 / 7.28.1 2012-11-20 08:05:42 +01:00
Anthony Bryan
c830115c48 RELEASE-NOTES: NSS can be used for metalink hashing 2012-11-20 00:14:31 +01:00
Kamil Dudka
32be348af2 test2032: spurious failure caused by premature termination
Bug: http://curl.haxx.se/mail/lib-2012-11/0095.html
2012-11-19 13:36:10 +01:00
Daniel Stenberg
dd75cba3ef RELEASE-NOTES: synced with ee588fe088
4 more bug fixes and 4 more contributors
2012-11-17 14:23:41 +01:00
Daniel Stenberg
53c83ee3ed RELEASE-NOTES: synced with fa1ae0abcd 2012-11-14 22:32:19 +01:00
Daniel Stenberg
6a4bdb027b RELEASE-NOTES: synced with 7c0cbcf2f6 2012-11-13 13:03:38 +01:00
Kamil Dudka
49c37e6c1c tool_metalink: allow to use hash algorithms provided by NSS
Fixes bug #3578163:
http://sourceforge.net/tracker/?func=detail&atid=100976&aid=3578163&group_id=976
2012-11-09 10:42:54 +01:00
Daniel Stenberg
9096f4f451 RELEASE-NOTES: synced with 487538e87a
6 new bugfixes and 3 more contributors...
2012-11-07 23:21:55 +01:00
Daniel Stenberg
0da6c113ce RELEASE-NOTES: synced with fa6d78829f 2012-11-06 12:03:29 +01:00
Daniel Stenberg
ff32546d81 version-bump: towards 7.28.1! 2012-10-10 22:35:08 +02:00
Daniel Stenberg
33c02d4771 RELEASE-NOTES: synced with 8373ca3641
One bug, one contributor. Getting ready for release.
2012-10-10 21:58:16 +02:00
Daniel Stenberg
6b18f18b4c RELEASE-NOTES: synced with 971f5bcedd
9 new bug fixes, 5 changes, 6 more contributors
2012-10-02 10:39:51 +02:00
Kamil Dudka
f05e51362f ssh: do not crash if MD5 fingerprint is not provided by libssh2
The MD5 fingerprint cannot be computed when running in FIPS mode.
2012-09-12 16:49:10 +02:00
Daniel Stenberg
a492632022 RELEASE-NOTES: synced with 6c6f1f64c2
6 bug fixes to mention, 5 contributors
2012-09-09 14:55:52 +02:00
Daniel Stenberg
cb2feb9def RELEASE-NOTES: synced with abb0da9193 2012-09-03 23:20:33 +02:00
Kamil Dudka
52b6eda4f2 nss: do not print misleading NSS error codes 2012-08-09 13:33:49 +02:00
Daniel Stenberg
73342f0ee0 RELEASE-NOTES: synced with 0774386b23
5 more bug fixes, one change, 6 contributors
2012-08-08 23:19:05 +02:00
Daniel Stenberg
4dd44d9c20 RELEASE-NOTES: added missing link 2012-08-08 23:01:14 +02:00
Daniel Stenberg
77f72aa6c3 RELEASE-NOTES: synced with b4a558041f 2012-08-07 23:20:06 +02:00
Daniel Stenberg
dd4699c111 version bump: start towards next release
Let's call it 7.27.1 for now, but it it probably going to become 7.28.0
when released.
2012-07-27 23:57:27 +02:00
Daniel Stenberg
7f9f94a1df RELEASE-NOTES: remove mentioned of bug never in a release
The --silent bug came with 7561a0fc83 which was never in a release.
Pointed out by Kamil Dudka
2012-07-27 00:31:15 +02:00
Daniel Stenberg
3b4d430cd8 RELEASE-NOTES: synced with 33b815e894
4 more bugfixes, 3 more contributors
2012-07-27 00:15:17 +02:00
Kamil Dudka
d317ca50ae http: print reason phrase from HTTP status line on error
Bug: https://bugzilla.redhat.com/676596
2012-07-22 02:12:43 +02:00
Dan Fandrich
cb787b70bf Fixed some typos in documentation 2012-07-20 21:02:58 +02:00
Daniel Stenberg
8276791749 RELEASE-NOTES: synced with 9d11716933
Fixed 6 bugs, added 3 contributors
2012-07-15 22:39:06 +02:00
Daniel Stenberg
e5843470e8 docs: switch to proper UTF-8 for text file encoding 2012-07-09 19:28:51 +02:00
Daniel Stenberg
329be28d69 RELEASE-NOTES: added a URL reference to cookie docs 2012-07-09 13:11:44 +02:00
Daniel Stenberg
68e6b56a2a RELEASE-NOTES: synced with 5a99bce07d 2012-07-07 14:47:46 +02:00
Daniel Stenberg
07e3ea7f26 RELEASE-NOTES: link to more metalink info 2012-06-25 23:03:52 +02:00
Daniel Stenberg
4afc33db8d RELEASE-NOTES: synced with d025af9bb5 2012-06-25 23:02:32 +02:00
Yang Tse
819afe46ee schannel: remove version number and identify its use with 'schannel' literal
Version number is removed in order to make this info consistent with
how we do it with other MS and Linux system libraries for which we don't
provide this info.

Identifier changed from 'WinSSPI' to 'schannel' given that this is the
actual provider of the SSL/TLS support. libcurl can still be built with
SSPI and without SCHANNEL support.
2012-06-13 16:42:48 +02:00
Marc Hoersken
0c86ccc647 sspi: Updated RELEASE-NOTES, FEATURES and THANKS 2012-06-11 19:00:37 +02:00
Steve Holme
c09c621af7 pop3: Added support for apop authentication 2012-06-09 13:49:37 +01:00
Kamil Dudka
68857e40d6 ssl: fix duplicated SSL handshake with multi interface and proxy
Bug: https://bugzilla.redhat.com/788526
Reported by: Enrico Scholz
2012-06-08 23:27:11 +02:00
Steve Holme
7759d10f36 pop3: Added support for sasl digest-md5 authentication 2012-06-04 21:50:16 +01:00
Steve Holme
79c2af3082 RELEASE-NOTES: Added missing addition of sasl login support 2012-06-03 19:28:08 +01:00
Steve Holme
8c0bfd3e0c pop3: Added support for sasl cram-md5 authentication 2012-06-03 19:13:16 +01:00
Daniel Stenberg
4cff10af69 RELEASE-NOTES: synced with c4e3578e4b
Also bumped the contributor number and next release is to become 7.27.0
2012-06-03 13:51:54 +02:00
Steve Holme
69ba0da827 pop3: Fixed the issue of having to supply the user name for all requests
Previously it wasn't possible to connect to POP3 and not specify the
user name as a CURLE_ACCESS_DENIED error would be returned. This error
occurred because USER would be sent to the server with a blank user name
if no mailbox user was specified as the server would reply with -ERR.

This wasn't a problem prior to the 7.26.0 release but with the
introduction of custom commands the user and/or application developer
might want to issue a CAPA command without having to log in as a
specific mailbox user.

Additionally this fix won't send the newly introduced AUTH command if no
user name is specified.
2012-06-02 22:11:37 +01:00
Kamil Dudka
72f4b534c4 nss: use human-readable error messages provided by NSS
Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
2012-05-28 11:24:24 +02:00
Daniel Stenberg
244e966138 bump to 7.26.1: start working towards next release 2012-05-24 18:32:34 +02:00
Daniel Stenberg
c262c35676 RELEASE-NOTES: synced with ef60fdbd73
Just before 7.26.0 is about to ship
2012-05-24 18:04:41 +02:00
Daniel Stenberg
cc36756aa2 RELEASE-NOTES: synced with 8ae1e657e8
And mention that this will become 7.26.0
2012-05-22 10:54:55 +02:00
Daniel Stenberg
6f998400d9 REALEASE-NOTES: synced with 64f48e884e 2012-04-29 23:10:37 +02:00
Kamil Dudka
a60edcc6d4 nss: provide human-readable names for NSS errors 2012-04-13 12:19:36 +02:00