curl/RELEASE-NOTES
Kamil Dudka 806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00

52 lines
2.0 KiB
Plaintext

Curl and libcurl 7.21.5
Public curl releases: 121
Command line options: 143
curl_easy_setopt() options: 185
Public functions in libcurl: 58
Known libcurl bindings: 39
Contributors: 854
This release includes the following changes:
o SOCKOPTFUNCTION: callback can say already-connected
o Added --netrc-file
o Added (new) support for cyassl
This release includes the following bugfixes:
o nss: avoid memory leak on SSL connection failure
o nss: do not ignore failure of SSL handshake
o multi: better failed connect handling when using FTP, SMTP, POP3 and IMAP
o runtests.pl: fix pid number concatenation that prevented it from killing
the correct process at times
o PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
o curl_easy_setopt.3: Removed wrong reference to CURLOPT_USERPASSWORD
o multi: close connection on timeout
o IMAP in multi mode does SSL connections non-blocking
o honours the --disable-ldaps configure option
o Force setopt constants written by --libcurl to be long
o ssh_connect: treat libssh2 return code better
o SFTP upload could stall the state machine when the multi_socket API was
used
o SFTP and SCP could leak memory when used with the multi interface and
the connection was closed
o Added missing file to repair the MSVC makefiles
o Fixed detection of recvfrom arguments on Android/bionic
o GSS: handle reuse fix
o transfer: avoid insane conversion of time_t
o nss: do not ignore value of CURLOPT_SSL_VERIFYPEER in certain cases
This release includes the following known bugs:
o see docs/KNOWN_BUGS (http://curl.haxx.se/docs/knownbugs.html)
This release would not have looked like this without help, code, reports and
advice from friends like these:
Mike Crowe, Kamil Dudka, Julien Chaffraix, Hoi-Ho Chan, Ben Noordhuis,
Dan Fandrich, Henry Ludemann, Karl M, Manuel Massing, Marcus Sundberg,
Stefan Krause, Todd A Ouska, Saqib Ali
Thanks! (and sorry if I forgot to mention someone)