Re: Security fix: reset memory of Curl_easy->UserDefined->str

2018-03-04 Thread Harold Tessmann III
On 3/1/18, Prashant Chaudhari wrote: > I would like to add attached patch, which zero out the user defined data. I > am particularly targeting to reset the password/authentication secrets. I gave the proposed fix a quick look and think that it does not actually meet the

Re: crash issue: while invoking easy perform.

2018-03-04 Thread surya chandrika
Hi all, Updated to latest version : $ curl --version curl 7.58.0 (x86_64-redhat-linux-gnu) libcurl/7.58.0 NSS/3.28.4 zlib/1.2.7 libpsl/0.7.0 (+libicu/50.1.2) libssh2/1.8.0 nghttp2/1.21.1 Release-Date: 2018-01-24 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s

Re: 1700(!) contributors

2018-03-04 Thread bch
On Sun, Mar 4, 2018 at 4:36 PM Dennis Clarke wrote: > On 04/03/18 05:43 PM, Daniel Stenberg wrote: > > Hey, > > > > I just wanted to highlight that when I just now recounted the total > > number of contributors to our merry project, the number ended up at > > exactly 1700!

Re: 1700(!) contributors

2018-03-04 Thread Dennis Clarke
On 04/03/18 05:43 PM, Daniel Stenberg wrote: Hey, I just wanted to highlight that when I just now recounted the total number of contributors to our merry project, the number ended up at exactly 1700! See the full list of helpful people in the webified version of the list at:  

Re: Disable password prompts

2018-03-04 Thread Daniel Stenberg
On Sun, 25 Feb 2018, Christoph Reg wrote: When using a client cert with a passphrase, and the phrase is not set, by default curl prompts for the password on stdin. Is there an option to disable this behaviour and produce an error instead? Can't you just set a fixed password when none is

Re: About IP resolve problem when using HTTP proxy

2018-03-04 Thread Daniel Stenberg
On Wed, 28 Feb 2018, Lessandro Mariano wrote: I'm using CURLOPT_RESOLVE to provide a hostname for common name validation while connecting to local IPs via HTTPS (e.g. I want to connect to https://192.168.1.100/ and expect/validate the common name "abcdef123456"). This works fine, except when

curl turns twenty years old in 16 days

2018-03-04 Thread Daniel Stenberg
Hey The official birthday of curl is March 20 1998, which means that in just a little over two weeks the project turns 20 years old. To celebrate this fact, I'll be throwing out facts about curl's first 20 years on twitter using the #curl20 tag until that day:

1700(!) contributors

2018-03-04 Thread Daniel Stenberg
Hey, I just wanted to highlight that when I just now recounted the total number of contributors to our merry project, the number ended up at exactly 1700! See the full list of helpful people in the webified version of the list at: https://curl.haxx.se/docs/thanks.html Thank you everyone!

Re: crash issue: while invoking easy perform.

2018-03-04 Thread Daniel Stenberg
On Sat, 3 Mar 2018, surya chandrika wrote: acc to logic only curl_easy_perform () should be invoked, but not sure why BT shows curl_multi_perform () is it internally invoked from curl. Yes it is. Please let me know if anyone is familiar with this. ... curl 7.29.0

Re: Fwd: Security fix: reset memory of Curl_easy->UserDefined->str

2018-03-04 Thread Daniel Stenberg
On Fri, 2 Mar 2018, Prashant Chaudhari wrote: Please find attached unified diff file with the same fix. Thanks, I edited it slightly and turned it into a PR so that the CI could have a go at it before merge: https://github.com/curl/curl/pull/2359 -- / daniel.haxx.se

Re: Bearer token authentication?

2018-03-04 Thread Daniel Stenberg
On Fri, 2 Mar 2018, John Hascall wrote: Has any thought been given to the possibility of something along these lines: curl_easy_setopt(curl, CURLOPT_HTTPAUTH, CURLAUTH_BEARER); curl_easy_setopt(curl, CURLOPT_BEARER_TOKEN, token); You mean like @LEW21 made this PR?

Re: Query on HTTP(S) connection

2018-03-04 Thread Daniel Stenberg
On Fri, 2 Mar 2018, Ranjan Khanna wrote: 1. How can check using the curl handle if the connection is still established (the connection is not closed)? If CURLINFO_ACTIVESOCKET returns a socket, you know it was alive when libcurl last used it. 2. How can I close the underlying HTTP

Re: Some application distributes your library, without your copyright notice?

2018-03-04 Thread Daniel Stenberg
On Thu, 1 Mar 2018, Genghuang Wang wrote: Thanks, Daniel, as the copyright holder of this library, you have the right to decide what to do. I am just someone who discovers the fact of license issue and report to the copyright owner. Yes, thanks. Now the question is, will you contact with

Re: Query on HTTP(S) connection

2018-03-04 Thread Ranjan Khanna
Hello, Can anyone please help me with the following query: I am using curl_easy_perform for making HTTP(S) operations using the same curl handle (reusing the same curl handle for connection persistence). There are 2 things I want to achieve: 1. How can check using the curl handle if the