mirror of
https://github.com/curl/curl.git
synced 2025-03-07 15:27:17 +08:00
ebf315e6f3
This change replaces RFC 2818 based hostname check in OpenSSL build with RFC 6125 [1] based one. The hostname check in RFC 2818 is ambiguous and each project implements it in the their own way and they are slightly different. I check curl, gnutls, Firefox and Chrome and they are all different. I don't think there is a bug in current implementation of hostname check. But it is not as strict as the modern browsers do. Currently, curl allows multiple wildcard character '*' and it matches '.'. (as described in the comment in ssluse.c). Firefox implementation is also based on RFC 2818 but it only allows at most one wildcard character and it must be in the left-most label in the pattern and the wildcard must not be followed by any character in the label.[2] Chromium implementation is based on RFC 6125 as my patch does. Firefox and Chromium both require wildcard in the left-most label in the presented identifier. This patch is more strict than the current implementation, so there may be some cases where old curl works but new one does not. But at the same time I think it is good practice to follow the modern browsers do and follow the newer RFC. [1] http://tools.ietf.org/html/rfc6125#section-6.4.3 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483 |
||
|---|---|---|
| CMake | ||
| docs | ||
| include | ||
| lib | ||
| m4 | ||
| packages | ||
| perl | ||
| src | ||
| tests | ||
| winbuild | ||
| .gitattributes | ||
| .gitignore | ||
| acinclude.m4 | ||
| Android.mk | ||
| buildconf | ||
| buildconf.bat | ||
| CHANGES | ||
| CHANGES.0 | ||
| CMakeLists.txt | ||
| configure.ac | ||
| COPYING | ||
| CTestConfig.cmake | ||
| curl-config.in | ||
| curl-style.el | ||
| GIT-INFO | ||
| install-sh | ||
| libcurl.pc.in | ||
| log2changes.pl | ||
| MacOSX-Framework | ||
| Makefile.am | ||
| Makefile.dist | ||
| Makefile.msvc.names | ||
| maketgz | ||
| missing | ||
| mkinstalldirs | ||
| README | ||
| RELEASE-NOTES | ||
| sample.emacs | ||
| TODO-RELEASE | ||
| vc6curl.dsw | ||
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
README
Curl is a command line tool for transferring data specified with URL
syntax. Find out how to use curl by reading the curl.1 man page or the
MANUAL document. Find out how to install Curl by reading the INSTALL
document.
libcurl is the library curl is using to do its job. It is readily
available to be used by your software. Read the libcurl.3 man page to
learn how!
You find answers to the most frequent questions we get in the FAQ document.
Study the COPYING file for distribution terms and similar. If you distribute
curl binaries or other binaries that involve libcurl, you might enjoy the
LICENSE-MIXING document.
CONTACT
If you have problems, questions, ideas or suggestions, please contact us
by posting to a suitable mailing list. See http://curl.haxx.se/mail/
All contributors to the project are listed in the THANKS document.
WEB SITE
Visit the curl web site for the latest news and downloads:
http://curl.haxx.se/
GIT
To download the very latest source off the GIT server do this:
git clone git://github.com/bagder/curl.git
(you'll get a directory named curl created, filled with the source code)
NOTICE
Curl contains pieces of source code that is Copyright (c) 1998, 1999
Kungliga Tekniska Högskolan. This notice is included here to comply with the
distribution terms.