| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Bump.
Four security issues fixed.
Closes #38938.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
|
|
Compilation against openssl is forced if `--with-nghttp2` is specified
and `--with-libressl` is omitted, because the default `--with-darwinssl`
(Secure Transport) lacks support for ALPN which is necessary to negotiate
HTTP/2 over TLS encrypted connections.
Also fixed a problem where `--with-libressl` was ignored on Lion.
More info:
* [cURL HTTP/2 Support](http://curl.haxx.se/dev/readme-http2.html)
* [cURL ALPN Support](http://curl.haxx.se/docs/ssl-compared.html)
Closes #37979.
Closes #36942.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
|
|
Closes #37255.
Signed-off-by: Tim D. Smith <git@tim-smith.us>
|
|
Closes #35684.
|
|
See lengthy comment below for bug.
Closes #35682.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
|
|
Closes #35672.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
|
|
Closes #34645.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
New ground has been broken. New seeds have been sowed, etc etc. This
makes the necessary changes to LibreSSL and cURL to enable the latter
to be built with the former. This has been supported upstream for the
last 3 months, and cURL officially supports LibreSSL
[now](http://daniel.haxx.se/blog/2014/08/05/libressl-vs-boringssl-for-cu
rl/) and [has done](http://curl.haxx.se/changes.html) since 7.38.0. A
recompile of LibreSSL and cURL is necessary if you wish to adopt this
locally, but the dependents of cURL should not need to be recompiled.
Closes #34499.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
|
|
|
|
|
|
Closes #33769.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
Kills ssl2 from OpenSSL. This PR relates to #31745. Force recompiles
everything that relies on OpenSSL from the master branch to enforce the
new OpenSSL no-ssl2 rule.
|
|
|
|
|
|
|
|
|
|
curl is keg-only, and this test was running against the system curl.
|
|
Closes #28053.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
Closes #27970.
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
Also, make sure that the libmetalink option is declared.
|
|
curl will opportunistically pick up unrequested librares, despite
superenv filtering. This adds a few extra options for things curl can
find on its own, and explicitly disables anything that's unrequested.
|
|
|
|
|
|
|
|
The openssl that ships with OS X does not support TLS 1.1 or 1.2. This
is a security issue for for applications that use functionality from
libssl.
On 10.8 and newer, Apple has deprecated use of openssl and added support
for TLS 1.1 and 1.2 to its Secure Transport framework (or "darwinssl" in
curl). On older versions of OS X, a newer openssl is required to obtain
such functionality.
Thus, we default to using darwinssl where it makes sense. An option to
use Homebrew's openssl is provided. On platforms where Secure Transport
does not support the newer protocols, we simply use Homebrew's openssl.
Closes #25824.
|
|
Closes #25286.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
Closes #25127.
|
|
Closes #23488.
Signed-off-by: Adam Vandenberg <flangy@gmail.com>
|
|
Signed-off-by: Mike McQuaid <mike@mikemcquaid.com>
|
|
|
|
|
|
Closes #21046.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
|
|
|
|
since curl 7.27, there is an option to build with support for Secure Transport,
the native API for doing SSL on Mac OS X and iOS.
http://daniel.haxx.se/blog/2012/06/28/darwin-native-ssl-for-curl/
Closes #19136.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
|
|
Closes #17691.
Signed-off-by: Adam Vandenberg <flangy@gmail.com>
|
|
Closes #15023.
Signed-off-by: Jack Nagel <jacknagel@gmail.com>
|
|
Signed-off-by: Adam Vandenberg <flangy@gmail.com>
|
