curl/lib
Jay Satiro d58ba66eec mbedtls: Fix pinned key return value on fail
- Switch from verifying a pinned public key in a callback during the
certificate verification to inline after the certificate verification.

The callback method had three problems:

1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
was not returned.

2. If peer certificate verification was disabled the pinned key
verification did not take place as it should.

3. (related to #2) If there was no certificate of depth 0 the callback
would not have checked the pinned public key.

Though all those problems could have been fixed it would have made the
code more complex. Instead we now verify inline after the certificate
verification in mbedtls_connect_step2.

Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
Ref: https://github.com/bagder/curl/pull/601
2016-01-18 03:48:10 -05:00
..
vtls mbedtls: Fix pinned key return value on fail 2016-01-18 03:48:10 -05:00
.gitignore gitignore: ignore more generated VC Makefiles 2015-09-03 23:35:41 +02:00
amigaos.c
amigaos.h
arpa_telnet.h
asyn-ares.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
asyn-thread.c
asyn.h
base64.c
checksrc.pl checksrc: add crude // detection 2015-10-21 23:18:04 +02:00
checksrc.whitelist checksrc.whitelist: "missing space after close paren" 2015-11-07 23:20:50 +01:00
CMakeLists.txt
config-amigaos.h
config-dos.h
config-mac.h
config-os400.h
config-riscos.h
config-symbian.h
config-tpf.h
config-vxworks.h
config-win32.h config-win32: Fix warning HAVE_WINSOCK2_H undefined 2015-12-07 19:07:51 -05:00
config-win32ce.h
conncache.c conncache: fixed memory leak on OOM (torture tests) 2015-05-24 11:19:07 +02:00
conncache.h bundles: store no/default/pipeline/multiplex 2015-05-18 09:33:36 +02:00
connect.c getconnectinfo: Don't call recv(2) if socket == -1 2015-11-16 22:42:13 +01:00
connect.h http2: set TCP_NODELAY unconditionally 2015-09-27 23:23:58 +02:00
content_encoding.c
content_encoding.h
cookie.c cookies: Add support for Mozilla's Publix Suffix List 2015-10-17 16:37:49 +02:00
cookie.h
curl_addrinfo.c lwip: Fix compatibility issues with later versions 2015-12-07 14:27:55 -05:00
curl_addrinfo.h lib: Only define curl_dofreeaddrinfo if struct addrinfo is available 2015-11-27 10:51:22 +01:00
curl_base64.h
curl_config.h.cmake cmake: Add missing feature macros in config header (Part 2) 2015-11-11 22:18:24 +00:00
curl_des.c des: Fixed compilation warning from commit 613e5022fe 2015-08-30 21:45:30 +01:00
curl_des.h des: Fix header conditional for Curl_des_set_odd_parity 2015-10-08 02:07:12 -04:00
curl_endian.c
curl_endian.h
curl_fnmatch.c
curl_fnmatch.h
curl_gethostname.c
curl_gethostname.h
curl_gssapi.c curl_gssapi: remove 'const' to fix compiler warnings 2015-08-02 00:24:38 +02:00
curl_gssapi.h
curl_hmac.h
curl_ldap.h
curl_md4.h
curl_md5.h
curl_memory.h Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
curl_memrchr.c
curl_memrchr.h
curl_multibyte.c
curl_multibyte.h
curl_ntlm_core.c curl_ntlm_core: fix 2 curl_off_t constant overflows. 2015-11-05 15:20:43 +01:00
curl_ntlm_core.h
curl_ntlm_msgs.c
curl_ntlm_msgs.h
curl_ntlm_wb.c ntlm_wb: Fix theoretical memory leak 2015-07-16 14:22:45 -04:00
curl_ntlm_wb.h
curl_ntlm.c ntlm: mark deliberate switch case fall-through 2015-08-24 11:29:22 +02:00
curl_ntlm.h
curl_printf.h
curl_rtmp.c
curl_rtmp.h
curl_sasl_gssapi.c sasl: Updated SPN variables and comments for consistency 2015-08-31 12:43:58 +01:00
curl_sasl_sspi.c sasl_sspi: fix identity memory leak in digest authentication 2015-11-12 19:11:40 +00:00
curl_sasl.c sasl; fix checksrc warnings 2015-11-15 23:15:00 +01:00
curl_sasl.h oauth2: Support OAUTHBEARER failures sent as continuation responses 2015-11-15 20:11:53 +00:00
curl_sec.h
curl_setup_once.h
curl_setup.h lwip: Fix compatibility issues with later versions 2015-12-07 14:27:55 -05:00
curl_sspi.c sspi: Fix typo from left over from old code which referenced NTLM 2015-08-01 23:09:03 +01:00
curl_sspi.h curl_sspi: fix possibly undefined CRYPT_E_REVOKED 2015-09-10 02:17:33 -04:00
curl_threads.c
curl_threads.h
curlx.h
dict.c
dict.h
dotdot.c
dotdot.h
easy.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
easyif.h
escape.c
escape.h
file.c read_callback: move to SessionHandle from connectdata 2015-05-20 23:06:45 +02:00
file.h
fileinfo.c
fileinfo.h
firefox-db2pem.sh
formdata.c formdata: Check if length is too large for memory 2015-12-07 02:43:24 -05:00
formdata.h formadd: support >2GB files on windows 2015-11-02 08:41:46 +01:00
ftp.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
ftp.h
ftplistparser.c ftplistparser.c: fix handling of file LISTings using Windows EOL 2015-12-23 14:19:36 +01:00
ftplistparser.h
getenv.c
getinfo.c getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value 2015-11-06 00:30:16 -05:00
getinfo.h
gopher.c gopher: don't send NUL byte 2015-10-01 18:15:11 +02:00
gopher.h
hash.c unit1603: Added unit tests for hash functions 2015-11-12 22:49:32 +01:00
hash.h hostip: fix unintended destruction of hash table 2015-05-18 11:15:43 +02:00
hmac.c
hostasyn.c
hostcheck.c
hostcheck.h
hostip4.c
hostip6.c
hostip.c hostip: fix unintended destruction of hash table 2015-05-18 11:15:43 +02:00
hostip.h hostcache: made all host caches use structs, not pointers 2015-05-12 09:46:53 +02:00
hostsyn.c
http2.c http2: handle the received SETTINGS frame 2016-01-08 23:06:59 +01:00
http2.h http2: added three stream prio/deps options 2015-10-23 08:22:38 +02:00
http_chunks.c HTTP: ignore "Content-Encoding: compress" 2015-07-25 00:46:01 +02:00
http_chunks.h
http_digest.c
http_digest.h
http_negotiate_sspi.c
http_negotiate.c
http_negotiate.h
http_proxy.c FTP: do the HTTP CONNECT for data connection blocking 2015-06-17 14:00:12 +02:00
http_proxy.h FTP: fixed compiling with --disable-proxy, broken in b88f980a 2015-06-18 23:20:10 +02:00
http.c http2: Support trailer fields 2015-12-15 23:47:46 +01:00
http.h http2: Support trailer fields 2015-12-15 23:47:46 +01:00
idn_win32.c
if2ip.c build: fix failures with -Wcast-align and -Werror 2015-09-26 23:10:20 +02:00
if2ip.h
imap.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
imap.h
inet_ntop.c
inet_ntop.h
inet_pton.c inet_pton.c: Fix MSVC run-time check failure (2) 2015-09-03 11:37:50 +02:00
inet_pton.h
krb5.c
ldap.c
libcurl.def
libcurl.plist
libcurl.rc
libcurl.vers.in
llist.c
llist.h
Makefile.am libcurl: VERSIONINFO update 2015-07-21 14:01:19 +02:00
makefile.amiga
Makefile.b32 makefiles: Added our standard copyright header 2015-08-30 14:51:13 +01:00
makefile.dj build: fix for MSDOS/djgpp 2015-10-21 13:00:52 -04:00
Makefile.inc vtls: added support for mbedTLS 2015-10-20 07:57:24 +02:00
Makefile.m32 makefiles: Added our standard copyright header 2015-08-30 14:51:13 +01:00
Makefile.netware makefiles: Added our standard copyright header 2015-08-30 14:51:13 +01:00
Makefile.vc6 build: removed bundles.c from make files 2015-05-14 14:55:48 +02:00
Makefile.vxworks
Makefile.Watcom copyrights: update Gisle Vanem's email 2015-10-20 13:33:01 +02:00
md4.c
md5.c
memdebug.c curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT 2015-06-01 03:21:23 -04:00
memdebug.h lwip: Fix compatibility issues with later versions 2015-12-07 14:27:55 -05:00
mk-ca-bundle.pl
mk-ca-bundle.vbs
mprintf.c
multi.c multi: fix off-by-one finit[] array size 2015-10-16 22:42:56 +02:00
multihandle.h http2: initial implementation of the push callback 2015-06-24 23:44:42 +02:00
multiif.h http2: setup the new pushed stream properly 2015-06-24 23:44:42 +02:00
netrc.c curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT 2015-06-01 03:21:23 -04:00
netrc.h
non-ascii.c
non-ascii.h
nonblock.c nonblock: fix setting non-blocking mode for Amiga 2015-11-27 23:29:30 +01:00
nonblock.h
nwlib.c
nwos.c
objnames-test08.sh
objnames-test10.sh
objnames.inc
openldap.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
parsedate.c
parsedate.h
pingpong.c
pingpong.h
pipeline.c pipeline: switch some code over to functions 2015-05-18 09:33:47 +02:00
pipeline.h pipeline: switch some code over to functions 2015-05-18 09:33:47 +02:00
pop3.c pop3: Differentiate between success and continuation responses 2015-11-20 07:01:01 +00:00
pop3.h
progress.c
progress.h
rawstr.c rawstr: Speed up Curl_raw_toupper by 40% 2015-11-02 22:57:13 +01:00
rawstr.h
rtsp.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
rtsp.h
security.c security:choose_mech fix DEAD CODE warning 2015-06-15 09:02:46 +02:00
select.c lwip: Fix compatibility issues with later versions 2015-12-07 14:27:55 -05:00
select.h
sendf.c Curl_read_plain: clean up ifdefs that break statements 2015-11-30 00:28:28 +01:00
sendf.h
setup-os400.h
setup-vms.h openssl: VMS support for SHA256 2015-07-14 01:25:36 -04:00
share.c share_init: fix OOM crash 2015-05-22 16:26:14 +02:00
share.h hostcache: made all host caches use structs, not pointers 2015-05-12 09:46:53 +02:00
sigpipe.h
slist.c
slist.h
smb.c smb.c: Fixed compilation warnings 2015-11-21 11:41:20 +00:00
smb.h
smtp.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
smtp.h
sockaddr.h
socks_gssapi.c
socks_sspi.c
socks.c socks: Fix incorrect port numbers in failed connect messages 2015-10-27 02:39:00 -04:00
socks.h
speedcheck.c
speedcheck.h
splay.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
splay.h
ssh.c ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL 2016-01-15 10:34:34 +01:00
ssh.h
strdup.c
strdup.h
strequal.c
strequal.h
strerror.c curl_sspi: fix possibly undefined CRYPT_E_REVOKED 2015-09-10 02:17:33 -04:00
strerror.h
strtok.c
strtok.h
strtoofft.c
strtoofft.h
telnet.c Revert "cleanup: general removal of TODO (and similar) comments" 2015-11-24 09:36:45 +01:00
telnet.h
tftp.c
tftp.h
timeval.c
timeval.h
transfer.c http2: Ensure that http2_handle_stream_close is called 2016-01-08 17:16:47 -05:00
transfer.h fread_func: move callback pointer from set to state struct 2015-10-15 23:32:19 +02:00
url.c ConnectionExists: only do pipelining/multiplexing when asked 2016-01-11 23:55:13 +01:00
url.h http2: init the pushed transfer properly 2015-06-24 23:44:42 +02:00
urldata.h oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
version.c version: Add flag CURL_VERSION_PSL for libpsl 2015-12-07 02:59:54 -05:00
warnless.c
warnless.h
wildcard.c
wildcard.h
x509asn1.c x509asn1: Fix host altname verification 2015-12-15 14:07:28 -05:00
x509asn1.h