diff options
| author | Joe Orton <notroj@users.noreply.github.com> | 2009-08-18 14:53:47 +0000 |
|---|---|---|
| committer | Joe Orton <notroj@users.noreply.github.com> | 2009-08-18 14:53:47 +0000 |
| commit | 7a442e2f3fcf145a504431dee8895225b787e520 (patch) | |
| tree | d25fc8b287467c2fc9f3e74fbc984a7427a01fce | |
| parent | 4bd99af3f2e0afa48e03448d06f4c92a1e3d74e5 (diff) | |
| download | neon-git-0.28.6.tar.gz | |
Tag release 0.28.6.0.28.6
| -rw-r--r-- | BUGS | 10 | ||||
| -rw-r--r-- | Makefile.in | 10 | ||||
| -rw-r--r-- | NEWS | 53 | ||||
| -rw-r--r-- | README | 18 | ||||
| -rw-r--r-- | configure.in | 1 | ||||
| -rw-r--r-- | doc/feat.xml | 23 | ||||
| -rw-r--r-- | doc/manual.xml | 3 | ||||
| -rw-r--r-- | doc/ref/neon.xml | 26 | ||||
| -rw-r--r-- | doc/ref/opts.xml | 11 | ||||
| -rw-r--r-- | doc/ref/sessflags.xml | 11 | ||||
| -rw-r--r-- | doc/security.xml | 135 | ||||
| -rw-r--r-- | macros/neon.m4 | 95 | ||||
| -rw-r--r-- | neon.mak | 12 | ||||
| -rw-r--r-- | po/cs.po | 252 | ||||
| -rw-r--r-- | po/de.po | 248 | ||||
| -rw-r--r-- | po/fr.po | 247 | ||||
| -rw-r--r-- | po/ja.po | 248 | ||||
| -rw-r--r-- | po/neon.pot | 232 | ||||
| -rw-r--r-- | po/nn.po | 248 | ||||
| -rw-r--r-- | po/pl.po | 242 | ||||
| -rw-r--r-- | po/ru.po | 245 | ||||
| -rw-r--r-- | po/tr.po | 248 | ||||
| -rw-r--r-- | po/zh_CN.po | 253 | ||||
| -rw-r--r-- | src/ChangeLog | 5563 | ||||
| -rw-r--r-- | src/Makefile.in | 47 | ||||
| -rw-r--r-- | src/ne_acl.c (renamed from src/ne_oldacl.c) | 0 | ||||
| -rw-r--r-- | src/ne_acl.h | 4 | ||||
| -rw-r--r-- | src/ne_acl3744.c | 179 | ||||
| -rw-r--r-- | src/ne_acl3744.h | 85 | ||||
| -rw-r--r-- | src/ne_alloc.c | 8 | ||||
| -rw-r--r-- | src/ne_alloc.h | 4 | ||||
| -rw-r--r-- | src/ne_auth.c | 78 | ||||
| -rw-r--r-- | src/ne_gnutls.c | 259 | ||||
| -rw-r--r-- | src/ne_ntlm.c | 700 | ||||
| -rw-r--r-- | src/ne_ntlm.h | 44 | ||||
| -rw-r--r-- | src/ne_openssl.c | 133 | ||||
| -rw-r--r-- | src/ne_private.h | 47 | ||||
| -rw-r--r-- | src/ne_privssl.h | 5 | ||||
| -rw-r--r-- | src/ne_request.c | 174 | ||||
| -rw-r--r-- | src/ne_session.c | 200 | ||||
| -rw-r--r-- | src/ne_session.h | 89 | ||||
| -rw-r--r-- | src/ne_socket.c | 110 | ||||
| -rw-r--r-- | src/ne_socket.h | 57 | ||||
| -rw-r--r-- | src/ne_socks.c | 354 | ||||
| -rw-r--r-- | src/ne_string.c | 6 | ||||
| -rw-r--r-- | src/ne_string.h | 10 | ||||
| -rw-r--r-- | test/Makefile.in | 18 | ||||
| -rw-r--r-- | test/acl.c (renamed from test/oldacl.c) | 0 | ||||
| -rw-r--r-- | test/acl3744.c | 105 | ||||
| -rw-r--r-- | test/common/child.c | 17 | ||||
| -rw-r--r-- | test/common/tests.c | 135 | ||||
| -rwxr-xr-x | test/makekeys.sh | 88 | ||||
| -rw-r--r-- | test/openssl.conf | 20 | ||||
| -rw-r--r-- | test/request.c | 62 | ||||
| -rw-r--r-- | test/run.sh | 2 | ||||
| -rw-r--r-- | test/socket.c | 202 | ||||
| -rw-r--r-- | test/ssl.c | 161 | ||||
| -rw-r--r-- | test/string-tests.c | 42 | ||||
| -rw-r--r-- | test/util-socks.c | 294 | ||||
| -rw-r--r-- | test/utils.c | 9 | ||||
| -rw-r--r-- | test/utils.h | 27 |
61 files changed, 1027 insertions, 11182 deletions
@@ -30,18 +30,8 @@ Pragma: no-cache Connection: close W8����s0�� -* for a server with multiple A addresses, a successful connect() will - "pin" that address for future attempts to connect. If subsequently - a connect() fails, neon should at least iterate through the entire - address list and at best should do the DNS lookup again. - -* should 207 code strclean the error string from the response body? - * load_client_cert fails with: load_client_cert: (did not fail to load clicert without pkey) on RHEL4 openssl. - -* --with-ca-bundle only allows trusting a PEM bundle; support - by directory as well diff --git a/Makefile.in b/Makefile.in index 0042435..1d5ed08 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# Copyright (C) 2001-2009 Joe Orton <joe@manyfish.co.uk> +# Copyright (C) 2001-2008 Joe Orton <joe@manyfish.co.uk> # Copyright (C) 1994, 1995-8, 1999, 2000 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -62,8 +62,7 @@ LINGUAS = @ALL_LINGUAS@ DIST_HEADERS = ne_request.h ne_session.h ne_utils.h ne_uri.h ne_socket.h \ ne_basic.h ne_207.h ne_props.h ne_xml.h ne_dates.h ne_string.h \ ne_defs.h ne_locks.h ne_alloc.h ne_md5.h ne_i18n.h ne_redirect.h \ - ne_auth.h ne_compress.h ne_acl.h ne_ssl.h ne_xmlreq.h ne_pkcs11.h \ - ne_acl3744.h + ne_auth.h ne_compress.h ne_acl.h ne_ssl.h ne_xmlreq.h ne_pkcs11.h all: subdirs @@ -204,11 +203,6 @@ compile-gmo: $(MSGFMT) --statistics -c -o po/$$f.gmo $(top_srcdir)/po/$$f.po; \ done -update-copyright: Makefile - sed -n '/^Copyright/q;p' < README > README.orig - (cat README.orig; grep -h Copyright src/*.[ch] \ - | sed -r 's/\(C\) [12].+[0-9],? /(C) /;s/^ *//;s/ *$$//;/Orton/d' | sort -u) > README - doc-status: @echo -n "Missing docs for:" @for f in `nm src/.libs/libneon.so | grep ' T ' | colrm 1 11`; do \ @@ -1,17 +1,14 @@ -Changes in release 0.29.0: -* New interfaces: - - ne_socket.h: ne_sock_writev() (Julien Reichel), ne_sock_set_error(), - ne_iaddr_raw() - - added ne_acl3744.h, updated WebDAV ACL support (Henrik Holst) - - added built-in SOCKS v4/v4a/v5 support: ne_socket.h:ne_sock_proxy(), - and ne_session.h:ne_session_socks_proxy() - - added support for system-default proxies: ne_session_system_proxy(), - implemented using libproxy where available. - - added NE_SESSFLAG_EXPECT100 session flag -* Deprecated interfaces: - - ne_acl.h is obsoleted by ne_acl3744.h -* Other changes: - - ne_free() implemented as a function on Win32 (thanks to Helge Hess) +Changes in release 0.28.6: +* SECURITY (CVE-2009-2473): Fix "billion laughs" attack against expat; + could allow a Denial of Service attack by a malicious server. +* SECURITY (CVE-2009-2474): Fix handling of an embedded NUL byte in + a certificate subject name with OpenSSL; could allow an undetected + MITM attack against an SSL server if a trusted CA issues such a cert. + +Changes in release 0.28.5: +* Enable support for X.509v1 CA certificates in GnuTLS. +* Fix handling of EINTR in connect() calls. +* Fix use of builds with SOCK_CLOEXEC support on older Linux kernels. Changes in release 0.28.4: * Fix ne_forget_auth (Kai Sommerfeld) @@ -28,7 +25,7 @@ Changes in release 0.28.3: Digest domain parameter support; could allow a DoS by a malicious server * Fix parsing of *-Authenticate response header with LWS after quoted value * Fix ne_set_progress(, NULL, ) to match pre-0.27 behaviour (and not crash) -* Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Kng) +* Fix to disable Nagle on Win32 with newer toolchain (thanks to Stefan Küng) * Fix build on Netware (Guenter Knauf) * Document existing ne_uri_parse() API postcondition and ne_uri_resolve() pre/postconditions regarding the ->path field in ne_uri structures @@ -197,7 +194,7 @@ Changes in release 0.25.5: with mismatched key/cert pair. * Fix build issue on AIX 5.1. * Fix warnings if built against OpenSSL >= 0.9.8. -* Win32: fix issues in SSPI implementation (Stefan Kng). +* Win32: fix issues in SSPI implementation (Stefan Küng). Changes in release 0.25.4: * GSSAPI fixes for non-MIT implementations (Mikhail Teterin). @@ -401,7 +398,7 @@ Changes in release 0.23.5: * Fix rejection of SSL server certificates which had commonName as the least specific attribute in the subject name. * Fix to dereference entities (e.g. "&") in attribute values with libxml. -* Fix ne_socket.c build on HP-UX 10.20 (thanks to Branko ibej) +* Fix ne_socket.c build on HP-UX 10.20 (thanks to Branko Èibej) * Remove misguided insistence on "secure" versions of zlib/OpenSSL; no checks for zlib version are now performed, only OpenSSL 0.9.6 is required. --with-force-ssl, --with-force-zlib option removed. @@ -486,12 +483,12 @@ Changes in release 0.22.0: * XML request bodies use a content-type of "application/xml" now; applications can use NE_XML_MEDIA_TYPE from ne_xml.h * Fix decompress code on big-endian or 64-bit platforms. -* Fix to build on Darwin 6 (aka Mac OS X 10.2) (Wilfredo Snchez, +* Fix to build on Darwin 6 (aka Mac OS X 10.2) (Wilfredo Sánchez, <wsanchez@mit.edu>) * Win32 changes: - remove conflict between OpenSSL's X509_NAME and recent versions of - the Platform SDK (Branko ibej) - - fix inverted debug/non-debug build logic (Branko ibej) + the Platform SDK (Branko Èibej) + - fix inverted debug/non-debug build logic (Branko Èibej) - add NODAV and OPENSSL_STATIC flags to neon.mak (Gerald Richter) Changes in release 0.21.3: @@ -505,7 +502,7 @@ Changes in release 0.21.2: * Fix 'make install' for VPATH builds. * Use $(mandir) for installing man pages (Rodney Dawes). * Follow some simple (yet illegal) relativeURI redirects. -* Always build ne_compress.obj in Win32 build (Branko ibej). +* Always build ne_compress.obj in Win32 build (Branko Èibej). * Fix decompression logic bug (Justin Erenkrantz <jerenkrantz@apache.org>) (could give a decompress failure for particular responses) * Fix ne_proppatch() to submit lock tokens for available locks. @@ -587,12 +584,12 @@ Changes in release 0.20.0: * Miscellaneous cleanups and fixes (Jeff Johnson <jbj@redhat.com>). Changes in release 0.19.4: -* Support bundled build of expat 1.95.x (Branko ibej). +* Support bundled build of expat 1.95.x (Branko Èibej). Changes in release 0.19.3: * For platforms lacking snprintf or vsnprintf in libc, require trio. -* Add NE_FMT_OFF_T to fix Win32 build (Dan Berlin, Branko ibej). -* Fix SSL support in Win32 build (Branko ibej). +* Add NE_FMT_OFF_T to fix Win32 build (Dan Berlin, Branko Èibej). +* Fix SSL support in Win32 build (Branko Èibej). Changes in release 0.19.2: * Fix non-SSL build broken in 0.19.1. @@ -645,8 +642,8 @@ Changes in release 0.19.0: Changes in release 0.18.5: * Removed old neon.dsp, neon.dsw. -* Update Win32 build to add OpenSSL and zlib support (Branko ibej). -* Fix ne_compress.c to compile on Win32 (Branko ibej). +* Update Win32 build to add OpenSSL and zlib support (Branko Èibej). +* Fix ne_compress.c to compile on Win32 (Branko Èibej). Changes in release 0.18.4: * Fixes for Content-Type parsing using ne_content_type_handler (Greg Stein) @@ -657,7 +654,7 @@ Changes in release 0.18.3: * Fix parsing lock timeout from server (Arun Garg). * Send Timeout headers in LOCK and refresh LOCK requests (Arun Garg). * Updated neon.mak and config.hw.in for Win32 build (patch from - Branko ibej <brane@xbc.nu>). + Branko Èibej <brane@xbc.nu>). * Define XML_BYTE_ORDER for bundled expat build in support macro NEON_XML_PARSER(). @@ -867,7 +864,7 @@ Changes in release 0.14.0: - all properties not handled by caller are stored as flat properties. * Untested: add basic SOCKSv5 support: configure --with-socks. - please report success/failure to neon@webdav.org -* Win32/MSVC build files from Magnus Sirwi <sirwio@hotmail.com>. +* Win32/MSVC build files from Magnus Sirwiö <sirwio@hotmail.com>. * Fix for expat detection from Shane Mayer <shanemayer42@yahoo.com>. * Namespace-protect md5 code and more. - md5_* -> ne_md5_* @@ -38,15 +38,11 @@ licensed under the terms of the GNU GPL; see test/COPYING for terms. The autoconf macros in the "macros" directory are under a less restrictive license, see each file for details. -neon is Copyright (C) 1999-2008 Joe Orton <joe@manyfish.co.uk> +neon is Copyright (C) 1999-2006 Joe Orton <joe@manyfish.co.uk> Portions are: -Copyright (C) Aleix Conchillo Flaque <aleix@member.fsf.org> -Copyright (C) Arun Garg <arung@pspl.co.in> -Copyright (C) Daniel Stenberg <daniel@haxx.se> -Copyright (C) Free Software Foundation, Inc. -Copyright (C) Henrik Holst <henrik.holst2@gmail.com> -Copyright (C) Jiang Lei <tristone@deluxe.ocn.ne.jp> -Copyright (C) Kai Sommerfeld <kso@openoffice.org> -Copyright (C) Kai Sommerfeld <kso@openoffice.org> -Copyright (C) Vladimir Berezniker @ http://public.xdi.org/=vmpn -Copyright (C) Yves Martin <ymartin59@free.fr> +Copyright (C) 1999-2000 Tommi Komulainen <Tommi.Komulainen@iki.fi> +Copyright (C) 1999-2000 Peter Boos <pedib@colorfullife.com> +Copyright (C) 1991, 1995, 1996, 1997 Free Software Foundation, Inc. +Copyright (C) 2004 Aleix Conchillo Flaque <aleix@member.fsf.org> +Copyright (C) 2004 Jiang Lei <tristone@deluxe.ocn.ne.jp> +Copyright (C) 2004-2005 Vladimir Berezniker @ http://public.xdi.org/=vmpn diff --git a/configure.in b/configure.in index a114b7b..9f0d9dc 100644 --- a/configure.in +++ b/configure.in @@ -153,7 +153,6 @@ NEON_LINK_FLAGS="$NEON_LINK_FLAGS -export-symbols-regex '^ne_[[^_]]'" if test x${enable_shared}${pic_mode}z = xnodefaultz; then CFLAGS="$CFLAGS -prefer-pic" - AC_MSG_NOTICE([Using PIC for static library build]) fi # Bundled language catalogs diff --git a/doc/feat.xml b/doc/feat.xml index bb447a7..547ab9f 100644 --- a/doc/feat.xml +++ b/doc/feat.xml @@ -20,25 +20,24 @@ session can use a persistent (also known as "keep-alive") connection.</para></listitem> <listitem><para>Modern HTTP authentication support: a complete -implementation of the new authentication standard, RFC2617, supporting -the Digest, Basic, and Negotiate protocols. Credentials are supplied -by an application-defined callback as appropriate.</para></listitem> +implementation of the new authentication standard, RFC2617, +supporting the Digest (MD5) and Basic schemes, including integrity +checking. Credentials are supplied by an application-defined +callback.</para></listitem> <listitem><para>Proxy server support; a session can be set to use a proxy server. Authentication is supported for the Proxy as well -as the origin server. The system's proxy configuration can be -optionally used, on some platforms.</para></listitem> +as the origin server.</para></listitem> <listitem><para>Complete SSL support; a simple interface for enabling SSL, hiding the complexity of using an SSL library directly. Client certificate support, callback-based server certificate -verification, along with functions to load trusted CA certificates. -Smartcard-based client certs are also supported via a wrapper -interface for PKCS#11 modules.</para></listitem> +verification, along with functions to load trusted CA +certificates.</para></listitem> - <listitem><para>Compressed response support: responses - compressed using the "deflate" algorithm can be transparently - decompressed.</para></listitem> +<!-- + <listitem><para>Compression support.</para></listitem> +--> <listitem><para>Generic XML parsing interface for handling XML response bodies using SAX-like callbacks. Both the expat and libxml @@ -47,7 +46,7 @@ XML parser libraries are supported.</para></listitem> <listitem><para>WebDAV metadata support; set and remove properties, query properties (PROPFIND); simple interface for retrieving "flat" byte-string properties, more advanced support for -parsing "complex" structured XML properties.</para></listitem> +parsing "complex" XML structured properties.</para></listitem> <!-- <listitem><para>WebDAV locking support</para></listitem> diff --git a/doc/manual.xml b/doc/manual.xml index 82f669c..b99f2ac 100644 --- a/doc/manual.xml +++ b/doc/manual.xml @@ -32,7 +32,6 @@ <!ENTITY section.features SYSTEM "feat.xml"> <!ENTITY section.using SYSTEM "using.xml"> <!ENTITY section.xml SYSTEM "xml.xml"> -<!ENTITY section.security SYSTEM "security.xml"> <!ENTITY section.ssl SYSTEM "ssl.xml"> <!ENTITY biblio SYSTEM "biblio.xml"> @@ -130,8 +129,6 @@ ignoring the WebDAV support if desired.</para> §ion.using; - §ion.security; - </chapter> <chapter id="api"> diff --git a/doc/ref/neon.xml b/doc/ref/neon.xml index bada559..0c2a626 100644 --- a/doc/ref/neon.xml +++ b/doc/ref/neon.xml @@ -59,7 +59,7 @@ otherwise handled to avoid process termination when writing to a socket which has been shutdown by the peer.</simpara></listitem> - <listitem><simpara>OpenSSL and GnuTLS require global + <listitem><simpara>OpenSSL and GnuTLSrequire global initialization to load shared lookup tables.</simpara></listitem> @@ -82,19 +82,9 @@ </refsect2> <refsect2> - <title>Asynchronous signal safety</title> - - <para>No function in &neon; is defined to be <quote>async-signal safe</quote> - - that is, no function is safe to call from a signal handler. Any - call into the &neon; library from a signal handler will have - undefined behaviour - in other words, it may crash the - process.</para> - </refsect2> - - <refsect2> <title>Functions using global state</title> - <para>Any function in &neon; may modify the + <para>Any function call in &neon; may modify the <literal>errno</literal> global variable as a side-effect. Except where explicitly documented, the value of <literal>errno</literal> is unspecified after any &neon; function call.</para> @@ -186,18 +176,6 @@ outside these prefixes.</simpara></listitem> </varlistentry> - <varlistentry> - <term>pakchois_</term> - <listitem><simpara>Namespace used by the pakchois - library.</simpara></listitem> - </varlistentry> - - <varlistentry> - <term>px_</term> - <listitem><simpara>Namespace used by the libproxy - library.</simpara></listitem> - </varlistentry> - </variablelist> </refsect2> diff --git a/doc/ref/opts.xml b/doc/ref/opts.xml index dec5abc..ff87372 100644 --- a/doc/ref/opts.xml +++ b/doc/ref/opts.xml @@ -98,17 +98,14 @@ parameter.</para> <programlisting>&egsess; ne_set_useragent(sess, "MyApplication/2.1");</programlisting> + <para>Disable use of persistent connections:</para> + <programlisting>ne_session *sess = ne_session_create(...); +ne_set_persist(sess, 0);</programlisting> + <para>Set a 30 second read timeout:</para> <programlisting>&egsess; ne_set_read_timeout(sess, 30);</programlisting> </refsect1> - <refsect1> - <title>See also</title> - - <para><xref linkend="ne_session_create"/>, <xref - linkend="ne_set_session_flag"/>.</para> - </refsect1> - </refentry> diff --git a/doc/ref/sessflags.xml b/doc/ref/sessflags.xml index e3e15d5..3249d5d 100644 --- a/doc/ref/sessflags.xml +++ b/doc/ref/sessflags.xml @@ -90,14 +90,6 @@ extension</simpara> </listitem> </varlistentry> - <varlistentry> - <term><constant>NE_SESSFLAG_EXPECT100</constant></term> - <listitem> - <simpara>enable this flag to enable the request flag - <constant>NE_REQFLAG_EXPECT100</constant> for new - requests</simpara> - </listitem> - </varlistentry> </variablelist> </refsect1> @@ -113,8 +105,7 @@ <refsect1> <title>See also</title> - <para><xref linkend="ne_session_create"/>, <xref - linkend="ne_set_request_flag"/>.</para> + <para><xref linkend="ne_session_create"/>.</para> </refsect1> diff --git a/doc/security.xml b/doc/security.xml deleted file mode 100644 index f014276..0000000 --- a/doc/security.xml +++ /dev/null @@ -1,135 +0,0 @@ -<sect1 id="security"> - - <title>HTTP Client Security</title> - - <para>&neon; is intended to be secure against a specific threat - model: use of a malicious HTTP server. Under this threat model, a - range of attacks are possible against a client when the user (or - application) can be tricked into accessing an HTTP server which is - controlled by an attacker. This section documents various types of - possible attack and describes what mitigation is used in - &neon;.</para> - - <sect2> - <title>CPU or memory consumption attacks</title> - - <para>&neon; uses fixed resource limits to prevent the following - attacks:</para> - - <itemizedlist> - <listitem> - <para>memory/CPU consumption attack using an unbounded number - of response header fields</para> - </listitem> - - <listitem> - <para>memory consumption attack using an unbounded length of - individual response header lines (or continuation - headers)</para> - </listitem> - - <listitem> - <para>memory consumption attack against the PROPFIND code - using an unbounded number of properties (propstat elements) - per resource</para> - </listitem> - - <listitem> - <para>memory consumption attack against the PROPFIND code - using an unbounded CDATA element in a "flat property" - value</para> - </listitem> - </itemizedlist> - - <para>Memory consumption attacks against applications based on - &neon; by use of unbounded response length are also possible, but - must be mitigated at application level. Memory consumption in - &neon; itself is fixed and is not proportional to the response - size.</para> - - <para>Test cases for all the above attacks are present in the - &neon; test suite.</para> - - </sect2> - - <sect2> - <title>SSL/TLS connection security</title> - - <para>When using a connection secured by SSL/TLS, it is necessary - for clients to verify that the X.509 certificate presented by the - server matches the server's expected identity. The algorithm - required for this purpose is described in RFC 2818 and RFC 3280, - and is implemented by &neon; in the following manner:</para> - - <itemizedlist> - <listitem> - <para>the hostname argument passed to <xref - linkend="ne_session_create"/> is the expected identity of the - server</para> - </listitem> - - <listitem> - <para>the subjectAltName extension of the certificate is used - for comparision against the expected identity, in preference - to the Subject name's commonName attribute.</para> - </listitem> - - <listitem> - <para>the dNSName, iPAddress, and uniformResourceIdentifier - classes of GeneralName are supported in subjectAltName - comparison.</para> - </listitem> - - <listitem> - <para>if no subjectAltName is present in the certificate, the - most specific commonName attribute in the Subject name is used - for comparison instead.</para> - </listitem> - </itemizedlist> - - <para>In the case where a server certificate is presented that - does not match the expected identity (or is otherwise not - trusted), &neon; will fail the request by default. This behaviour - can be overridden by the use of a callback installed using <xref - linkend="ne_ssl_set_verify"/>, which allows the application to - present the certificate details to a user for manual/off-line - verification, if possible.</para> - - <para>Test cases for the correctness of the implementation of the - identity verification algorithm are present in the &neon; test - suite.</para> - - </sect2> - - <sect2> - <title>Control character insertion in error messages</title> - - <para>Where error messages (as returned by (<xref - linkend="ne_get_error"/>) contain data supplied by the server, the - untrusted data is sanitised to prevent both control characters and - non-ASCII characters from being used. This prevents any attacks - where such error messages are exposed to the user and can - potentially distort the presentation of the interface (for - example, through the use of a carriage return character in a text - user interface).</para> - </sect2> - - <sect2> - <title>Attacks against authentication credentials</title> - - <para>Authentication credentials can be compromised by a - "downgrade attack" by an active attacker; for example, where a - MITM presents a Basic authentication challenge in place of the - server's Digest challenge. &neon; mitigates these attacks by - allowing the application (and hence, user) to specify that only a - specific set of authentication protocols is permitted.</para> - - <para>&neon; supports the Digest and Negotiate authentication - schemes, which both allow authentication of users without passing - credentials in cleartext over the wire. The "domain" parameter is - supported in Digest, allowing the server to restrict an - authentication session to a particular set of URIs.</para> - - </sect2> - -</sect1> diff --git a/macros/neon.m4 b/macros/neon.m4 index 439d8d7..d8fe451 100644 --- a/macros/neon.m4 +++ b/macros/neon.m4 @@ -136,18 +136,12 @@ AC_DEFUN([NE_VERSIONS_BUNDLED], [ # Define the current versions. NE_VERSION_MAJOR=0 -NE_VERSION_MINOR=29 -NE_VERSION_PATCH=0 -NE_VERSION_TAG=-dev - -# libtool library interface versioning. Release policy dictates that -# for neon 0.x.y, each x brings an incompatible interface change, and -# each y brings no interface change, and since this policy has been -# followed since 0.1, x == CURRENT, y == RELEASE, 0 == AGE. For -# 1.x.y, this will become N + x == CURRENT, y == RELEASE, x == AGE, -# where N is constant (and equal to CURRENT + 1 from the final 0.x -# release) -NE_LIBTOOL_VERSINFO="${NE_VERSION_MINOR}:${NE_VERSION_PATCH}:0" +NE_VERSION_MINOR=28 +NE_VERSION_PATCH=6 +NE_VERSION_TAG= + +# 0.28.x is backwards-compatible with 0.27.x, so AGE=1 +NE_LIBTOOL_VERSINFO="28:${NE_VERSION_PATCH}:1" NE_DEFINE_VERSIONS @@ -156,11 +150,7 @@ NE_DEFINE_VERSIONS dnl Adds an ABI variation tag which will be added to the SONAME of dnl a shared library. e.g. NE_ADD_ABITAG(FOO) AC_DEFUN([NE_ADD_ABITAG], [ -if test "x${NE_LIBTOOL_RELEASE}y" = "xy"; then - NE_LIBTOOL_RELEASE="$1" -else - NE_LIBTOOL_RELEASE="${NE_LIBTOOL_RELEASE}-$1" -fi +: Disabled for 0.28 to retain 0.27 ABI ]) dnl Define the minimum required versions, usage: @@ -269,6 +259,7 @@ NEON_CHECK_VERSION([ NEON_CHECK_SUPPORT([zlib], [ZLIB], [zlib]) NEON_CHECK_SUPPORT([ipv6], [IPV6], [IPv6]) NEON_CHECK_SUPPORT([lfs], [LFS], [LFS]) + NEON_CHECK_SUPPORT([socks], [SOCKS], [SOCKSv5]) NEON_CHECK_SUPPORT([ts_ssl], [TS_SSL], [thread-safe SSL]) neon_got_library=yes if test $NE_FLAG_LFS = yes; then @@ -718,12 +709,12 @@ if test "x$neon_no_acl" = "xyes"; then AC_MSG_RESULT(no) else AC_MSG_RESULT(yes) - NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_oldacl ne_acl3744" + NEON_EXTRAOBJS="$NEON_EXTRAOBJS ne_acl" fi NEON_SSL() +NEON_SOCKS() NEON_GSSAPI() -NEON_LIBPROXY() AC_SUBST(NEON_CFLAGS) AC_SUBST(NEON_LIBS) @@ -858,21 +849,19 @@ good dnl Less noisy replacement for PKG_CHECK_MODULES AC_DEFUN([NE_PKG_CONFIG], [ -m4_define([ne_cvar], m4_translit(ne_cv_pkg_[$2], [.-], [__]))dnl - AC_PATH_PROG(PKG_CONFIG, pkg-config, no) if test "$PKG_CONFIG" = "no"; then : Not using pkg-config $4 else - AC_CACHE_CHECK([for $2 pkg-config data], ne_cvar, + AC_CACHE_CHECK([for $2 pkg-config data], ne_cv_pkg_$2, [if $PKG_CONFIG $2; then - ne_cvar=yes + ne_cv_pkg_$2=yes else - ne_cvar=no + ne_cv_pkg_$2=no fi]) - if test "$ne_cvar" = "yes"; then + if test "$ne_cv_pkg_$2" = "yes"; then $1_CFLAGS=`$PKG_CONFIG --cflags $2` $1_LIBS=`$PKG_CONFIG --libs $2` : Using provided pkg-config data @@ -881,10 +870,7 @@ else : No pkg-config for $2 provided $4 fi -fi - -m4_undefine([ne_cvar]) -]) +fi]) dnl Check for an SSL library (GNU TLS or OpenSSL) AC_DEFUN([NEON_SSL], [ @@ -975,6 +961,12 @@ gnutls) ne_gnutls_ver=`$GNUTLS_CONFIG --version` ]) + case $ne_gnutls_ver in + 1.0.?|1.0.1?|1.0.20|1.0.21) + AC_MSG_ERROR([GNU TLS version $ne_gnutls_ver is too old -- 1.0.22 or later required]) + ;; + esac + AC_CHECK_HEADER([gnutls/gnutls.h],, [AC_MSG_ERROR([could not find gnutls/gnutls.h in include path])]) @@ -983,16 +975,9 @@ gnutls) AC_DEFINE([HAVE_GNUTLS], 1, [Define if GnuTLS support is enabled]) # Check for functions in later releases - NE_CHECK_FUNCS([gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ - gnutls_sign_callback_set \ - gnutls_certificate_get_x509_cas \ - gnutls_certificate_verify_peers2]) - - # fail if gnutls_certificate_verify_peers2 is not found - if test x${ac_cv_func_gnutls_certificate_verify_peers2} != xyes; then - AC_MSG_ERROR([GnuTLS version predates gnutls_certificate_verify_peers2, newer version required]) - fi - + NE_CHECK_FUNCS(gnutls_session_get_data2 gnutls_x509_dn_get_rdn_ava \ + gnutls_sign_callback_set) + # Check for iconv support if using the new RDN access functions: if test ${ac_cv_func_gnutls_x509_dn_get_rdn_ava}X${ac_cv_header_iconv_h} = yesXyes; then AC_CHECK_FUNCS(iconv) @@ -1090,20 +1075,6 @@ if test "x$KRB5_CONFIG" != "xnone"; then NEON_LIBS=$ne_save_LIBS fi]) -AC_DEFUN([NEON_LIBPROXY], [ -AC_ARG_WITH(libproxy, AS_HELP_STRING(--without-libproxy, disable libproxy support)) -if test "x$with_libproxy" != "xno"; then - NE_PKG_CONFIG(NE_PXY, libproxy-1.0, - [AC_DEFINE(HAVE_LIBPROXY, 1, [Define if libproxy is supported]) - CPPFLAGS="$CPPFLAGS $NE_PXY_CFLAGS" - NEON_LIBS="$NEON_LIBS ${NE_PXY_LIBS}" - NE_ENABLE_SUPPORT(LIBPXY, [libproxy support enabled])], - [NE_DISABLE_SUPPORT(LIBPXY, [libproxy support not enabled])]) -else - NE_DISABLE_SUPPORT(LIBPXY, [libproxy support not enabled]) -fi -]) - dnl Adds an --enable-warnings argument to configure to allow enabling dnl compiler warnings AC_DEFUN([NEON_WARNINGS],[ @@ -1152,7 +1123,23 @@ esac]) dnl Macro to optionally enable socks support AC_DEFUN([NEON_SOCKS], [ -]) + +AC_ARG_WITH([socks], AS_HELP_STRING([--with-socks],[use SOCKSv5 library])) + +if test "$with_socks" = "yes"; then + ne_save_LIBS=$LIBS + + AC_CHECK_HEADERS(socks.h, + [AC_CHECK_LIB(socks5, connect, [:], + [AC_MSG_ERROR([could not find libsocks5 for SOCKS support])])], + [AC_MSG_ERROR([could not find socks.h for SOCKS support])]) + + NE_ENABLE_SUPPORT(SOCKS, [SOCKSv5 support is enabled]) + NEON_LIBS="$NEON_LIBS -lsocks5" + LIBS=$ne_save_LIBS +else + NE_DISABLE_SUPPORT(SOCKS, [SOCKSv5 support is not enabled]) +fi]) AC_DEFUN([NEON_WITH_LIBS], [ AC_ARG_WITH([libs], @@ -121,7 +121,6 @@ LIB32_OBJS= \ "$(INTDIR)\ne_request.obj" \ "$(INTDIR)\ne_session.obj" \ "$(INTDIR)\ne_socket.obj" \ - "$(INTDIR)\ne_socks.obj" \ "$(INTDIR)\ne_sspi.obj" \ "$(INTDIR)\ne_string.obj" \ "$(INTDIR)\ne_uri.obj" \ @@ -133,8 +132,7 @@ LIB32_OBJS= \ "$(INTDIR)\ne_207.obj" \ "$(INTDIR)\ne_xml.obj" \ "$(INTDIR)\ne_xmlreq.obj" \ - "$(INTDIR)\ne_oldacl.obj" \ - "$(INTDIR)\ne_acl3744.obj" \ + "$(INTDIR)\ne_acl.obj" \ "$(INTDIR)\ne_props.obj" \ "$(INTDIR)\ne_locks.obj" !ENDIF @@ -163,8 +161,7 @@ ALL: ".\src\config.h" "$(TARGET)" CLEAN: $(ZLIB_CLEAN) -@erase "$(INTDIR)\ne_207.obj" -@erase "$(INTDIR)\ne_alloc.obj" - -@erase "$(INTDIR)\ne_oldacl.obj" - -@erase "$(INTDIR)\ne_acl3744.obj" + -@erase "$(INTDIR)\ne_acl.obj" -@erase "$(INTDIR)\ne_auth.obj" -@erase "$(INTDIR)\ne_basic.obj" -@erase "$(INTDIR)\ne_compress.obj" @@ -180,7 +177,6 @@ CLEAN: $(ZLIB_CLEAN) -@erase "$(INTDIR)\ne_stubssl.obj" -@erase "$(INTDIR)\ne_pkcs11.obj" -@erase "$(INTDIR)\ne_socket.obj" - -@erase "$(INTDIR)\ne_socks.obj" -@erase "$(INTDIR)\ne_sspi.obj" -@erase "$(INTDIR)\ne_string.obj" -@erase "$(INTDIR)\ne_uri.obj" @@ -212,8 +208,7 @@ CLEAN: $(ZLIB_CLEAN) "$(INTDIR)\ne_207.obj": .\src\ne_207.c "$(INTDIR)\ne_alloc.obj": .\src\ne_alloc.c -"$(INTDIR)\ne_acl3744.obj": .\src\ne_acl3744.c -"$(INTDIR)\ne_oldacl.obj": .\src\ne_oldacl.c +"$(INTDIR)\ne_acl.obj": .\src\ne_acl.c "$(INTDIR)\ne_auth.obj": .\src\ne_auth.c "$(INTDIR)\ne_basic.obj": .\src\ne_basic.c "$(INTDIR)\ne_compress.obj": .\src\ne_compress.c @@ -229,7 +224,6 @@ CLEAN: $(ZLIB_CLEAN) "$(INTDIR)\ne_stubssl.obj": .\src\ne_stubssl.c "$(INTDIR)\ne_pkcs11.obj": .\src\ne_pkcs11.c "$(INTDIR)\ne_socket.obj": .\src\ne_socket.c -"$(INTDIR)\ne_socks.obj": .\src\ne_socks.c "$(INTDIR)\ne_sspi.obj": .\src\ne_sspi.c "$(INTDIR)\ne_string.obj": .\src\ne_string.c "$(INTDIR)\ne_uri.obj": .\src\ne_uri.c @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.4\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2002-04-09 11:12+0100\n" "Last-Translator: Petr Prazak <prazak@grisoft.cz>\n" "Language-Team: cz\n" @@ -35,99 +35,99 @@ msgstr "Nelze se pipojit k serveru" msgid "Could not authenticate to proxy server: %s" msgstr "Nelze se pipojit k proxy serveru" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 #, fuzzy msgid "GSSAPI authentication error: " msgstr "Je vyadovna autentizace na %s `%s':\n" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Nelze zpracovat velikost bloku" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "Nelze zpracovat velikost bloku" @@ -170,32 +170,33 @@ msgstr "Nelze otevt soubor: " msgid "Could not initialize zlib" msgstr "Nelze otevt soubor: " -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +# src/console_fe.c:992 +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "Nelze zapsat do souboru: %s" # src/console_fe.c:992 -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "Nelze zapsat do souboru: %s" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -214,17 +215,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -331,33 +332,33 @@ msgstr "%s: Chyba: Nelze najt adresu vzdlenho potae (%s).\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" # src/console_fe.c:992 -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "Nelze zapsat do souboru: %s" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Nelze navzat SSL spojen pes proxy server." -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "Nelze navzat SSL spojen" # src/console_fe.c:961 -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "Nelze se pipojit k proxy serveru" # src/console_fe.c:961 -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "Nelze se pipojit k serveru" @@ -385,206 +386,73 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 #, fuzzy msgid "Connection closed" msgstr "Server ukonil spojen." -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 #, fuzzy msgid "Secure connection truncated" msgstr "Spojen vyprelo." -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Chyba: %s\n" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Chyba: %s\n" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "dek je pli dlouh" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "Pota nenalezen" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 #, fuzzy msgid "Connection timed out" msgstr "%s: spojen vyprelo." -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 #, fuzzy msgid "Could not create SSL structure" msgstr "Nelze navzat SSL spojen" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -#, fuzzy -msgid "connection not permitted" -msgstr "%s: spojen vyprelo." - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "Nelze odeslat tlo poadavku" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "Nelze nast tlo odpovdi" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "Nelze poslat poadavek" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "Nelze pest stavov dek" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "Je vyadovna autentizace na %s `%s':\n" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "Nelze poslat poadavek" - -# src/console_fe.c:961 -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "Nelze se pipojit k serveru" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -# src/console_fe.c:961 -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "Nelze se pipojit k serveru" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "Nelze nast tlo odpovdi" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -# src/console_fe.c:961 -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "Nelze se pipojit k serveru" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "Nelze nast tlo odpovdi" - # src/console_fe.c:821 #: src/ne_xml.c:280 #, fuzzy, c-format @@ -592,17 +460,17 @@ msgid "XML parse error at line %d: invalid element name" msgstr "Chyba zpracovn XML na dku %d: %s." # src/common.c:87 -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Neznm systmov chyba" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" # src/console_fe.c:821 -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "Chyba zpracovn XML na dku %d: %s." @@ -5,7 +5,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.3\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2002-01-13 13:37+0100\n" "Last-Translator: Thomas Schultz <tststs@gmx.de>\n" "Language-Team: de\n" @@ -32,99 +32,99 @@ msgstr "Verbindungsaufbau zum Server gescheitert." msgid "Could not authenticate to proxy server: %s" msgstr "Verbindungsaufbau zum Proxy-Server gescheitert." -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 #, fuzzy msgid "GSSAPI authentication error: " msgstr "Anmeldung wird bentigt auf %s `%s':\n" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Parser-Fehler bei Ermittlung der Blockgre" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "Parser-Fehler bei Ermittlung der Blockgre" @@ -164,31 +164,31 @@ msgstr "Konnte Datei nicht ffnen: " msgid "Could not initialize zlib" msgstr "Konnte Datei nicht ffnen: " -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "Konnte nicht in diese Datei schreiben: %s" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -207,17 +207,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -322,30 +322,30 @@ msgstr "%s: Fehler: Konnte den Namen des Servers nicht auflsen (%s).\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "Konnte nicht in diese Datei schreiben: %s" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Konnte durch den Proxy-Server keine SSL-Verbindung herstellen" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "Konnte keine SSL-Sitzung herstellen" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "Verbindungsaufbau zum Proxy-Server gescheitert." -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "Verbindungsaufbau zum Server gescheitert." @@ -373,218 +373,88 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 #, fuzzy msgid "Connection closed" msgstr "Verbindung vom Server geschlossen" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 #, fuzzy msgid "Secure connection truncated" msgstr "Verbindung wegen Zeitberschreitung abgebrochen." -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Fehler: %s\n" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Fehler: %s\n" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "Zeile zu lang" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "Host nicht gefunden" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 #, fuzzy msgid "Connection timed out" msgstr "%s: Verbindung wegen Zeitberschreitung geschlossen." -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 #, fuzzy msgid "Could not create SSL structure" msgstr "Konnte keine SSL-Sitzung herstellen" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -#, fuzzy -msgid "connection not permitted" -msgstr "%s: Verbindung wegen Zeitberschreitung geschlossen." - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "Konnte den Rumpf der Anfrage nicht schicken" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "Konnte Rumpf der Antwort nicht lesen" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "Konnte keine Anfrage (request) schicken" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "Konnte Status-Zeile des Servers nicht lesen" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "Anmeldung wird bentigt auf %s `%s':\n" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "Konnte keine Anfrage (request) schicken" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "Verbindungsaufbau zum Server gescheitert." - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "Verbindungsaufbau zum Server gescheitert." - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "Konnte Rumpf der Antwort nicht lesen" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "Verbindungsaufbau zum Server gescheitert." - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "Konnte Rumpf der Antwort nicht lesen" - #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "Fehler beim XML-Parsing in Zeile %d: %s." -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Unbekannter System-Fehler" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "Fehler beim XML-Parsing in Zeile %d: %s." @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy 0.9.3\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2000-01-31 00:00+0100\n" "Last-Translator: Sylvain Glaize <mokona@puupuu.org>\n" "Language-Team: fr\n" @@ -32,98 +32,98 @@ msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" msgid "Could not authenticate to proxy server: %s" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 msgid "GSSAPI authentication error: " msgstr "" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" @@ -163,31 +163,31 @@ msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" msgid "Could not initialize zlib" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -206,17 +206,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -320,31 +320,31 @@ msgstr "%s: erreur: impossible de trouver le nom de l'hte distant.\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, fuzzy, c-format msgid "Could not write to file: %s" msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 #, fuzzy msgid "Could not connect to proxy server" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 #, fuzzy msgid "Could not connect to server" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" @@ -373,203 +373,74 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 msgid "Connection closed" msgstr "" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 msgid "Secure connection truncated" msgstr "" -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, fuzzy, c-format msgid "SSL error: %s" msgstr "" "%s: dans issue_error\n" "%s" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "" "%s: dans issue_error\n" "%s" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 msgid "Connection timed out" msgstr "" -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 #, fuzzy msgid "Could not create SSL structure" msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -msgid "connection not permitted" -msgstr "" - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "%s: erreur: impossible de se connecter l'hte distant.\n" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "%s: erreur: impossible d'ouvrir le fichier de ressources: %s\n" - #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" @@ -577,16 +448,16 @@ msgstr "" "%s: erreur dans le fichier de ressources la ligne %d:\n" "%s\n" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Erreur systme inconnue" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "" @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy 0.10.14\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2001-01-16 07:32+0900\n" "Last-Translator: Nobuyuki Tsuchimura <tutimura@nn.iij4u.or.jp>\n" "Language-Team: ja\n" @@ -31,99 +31,99 @@ msgstr "ץС³Ǥޤ" msgid "Could not authenticate to proxy server: %s" msgstr "ץС³Ǥޤ" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 #, fuzzy msgid "GSSAPI authentication error: " msgstr "%s ؤǧڤ %s ɬפǤ '%s':\n" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "chunk 礭ϤǤޤ" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "chunk 礭ϤǤޤ" @@ -163,31 +163,31 @@ msgstr "ե뤬ɤޤ: " msgid "Could not initialize zlib" msgstr "ե뤬ޤ: " -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "ե뤬ޤ: %s" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "ե뤬ޤ: %s" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -206,17 +206,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -319,30 +319,30 @@ msgstr "%s: 顼: СΥۥ̾ (%s) IP ɥ쥹ѴǤޤ\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "ե뤬ޤ: %s" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "ץС SSL ³Ǥޤ" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "ץС SSL ³Ǥޤ" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "ץС³Ǥޤ" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "ץС³Ǥޤ" @@ -370,203 +370,73 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 #, fuzzy msgid "Connection closed" msgstr "%s: ³Сڤޤ" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 #, fuzzy msgid "Secure connection truncated" msgstr "³ॢȡ" -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, c-format msgid "SSL error: %s" msgstr "" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, c-format msgid "SSL alert received: %s" msgstr "" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 #, fuzzy msgid "Connection timed out" msgstr "%s: ³ॢȤǤ" -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 #, fuzzy msgid "Could not create SSL structure" msgstr "ץС SSL ³Ǥޤ" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -#, fuzzy -msgid "connection not permitted" -msgstr "%s: ³ॢȤǤ" - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "response body ɤޤ" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "response body ɤޤ" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "chunk 礭ɤޤ" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "chunk 礭ɤޤ" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "%s ؤǧڤ %s ɬפǤ '%s':\n" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "ץС³Ǥޤ" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "ץС³Ǥޤ" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "ץС³Ǥޤ" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "response body ɤޤ" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "ץС³Ǥޤ" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "response body ɤޤ" - #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" @@ -574,16 +444,16 @@ msgstr "" "%s: rcfile %d ԤǴְäƤޤ:\n" "%s\n" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "̤ΤΥƥ२顼" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "" diff --git a/po/neon.pot b/po/neon.pot index a0adc3a..e88241c 100644 --- a/po/neon.pot +++ b/po/neon.pot @@ -8,7 +8,7 @@ msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n" "Language-Team: LANGUAGE <LL@li.org>\n" @@ -33,97 +33,97 @@ msgstr "" msgid "Could not authenticate to proxy server: %s" msgstr "" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 msgid "GSSAPI authentication error: " msgstr "" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 msgid "could not parse domain in Digest challenge" msgstr "" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 msgid "could not parse challenge" msgstr "" @@ -160,31 +160,31 @@ msgstr "" msgid "Could not initialize zlib" msgstr "" -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 #, c-format -msgid "SSL handshake failed, client certificate was requested: %s" +msgid "SSL negotiation failed, client certificate was requested: %s" msgstr "" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -203,17 +203,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -313,30 +313,30 @@ msgstr "" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, c-format msgid "Could not create socket" msgstr "" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "" @@ -364,201 +364,83 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 msgid "Connection closed" msgstr "" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 msgid "Secure connection truncated" msgstr "" -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, c-format msgid "SSL error: %s" msgstr "" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, c-format msgid "SSL alert received: %s" msgstr "" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 msgid "Connection timed out" msgstr "" -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 msgid "Could not create SSL structure" msgstr "" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -msgid "connection not permitted" -msgstr "" - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -msgid "Could not send message to proxy" -msgstr "" - -#: src/ne_socks.c:133 -msgid "Could not read initial response from proxy" -msgstr "" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -msgid "Could not send login message" -msgstr "" - -#: src/ne_socks.c:162 -msgid "Could not read login reply" -msgstr "" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -msgid "Authentication failed" -msgstr "" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -msgid "Could not send connect request" -msgstr "" - -#: src/ne_socks.c:215 -msgid "Could not read connect reply" -msgstr "" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -msgid "Could not connect" -msgstr "" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -msgid "Could not read address in connect reply" -msgstr "" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -msgid "could not establish connection to identd" -msgstr "" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -msgid "Could not read response from proxy" -msgstr "" - #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 msgid "Unknown error" msgstr "" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "" @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.4\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2002-11-07 18:11+0100\n" "Last-Translator: Karl Ove Hufthammer <karl@huftis.org>\n" "Language-Team: Norwegian Nynorsk <i18n-nn@lister.ping.uio.no>\n" @@ -33,99 +33,99 @@ msgstr "Klarte ikkje kopla til tenaren." msgid "Could not authenticate to proxy server: %s" msgstr "Klarte ikkje kopla til mellomtenar" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 #, fuzzy msgid "GSSAPI authentication error: " msgstr "Krev autentisering på %s «%s»:\n" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, fuzzy, c-format msgid "Negotiate response verification failure: %s" msgstr "Tenarsertifikatet er utgått på dato." -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Klarte ikkje tolka storleik på oppdelt svar" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "Klarte ikkje tolka storleik på oppdelt svar" @@ -165,31 +165,31 @@ msgstr "Klarte ikkje opna fil: " msgid "Could not initialize zlib" msgstr "Klarte ikkje opna fil: " -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "Klarte ikkje skriva til fil: %s" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "Klarte ikkje skriva til fil: %s" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -208,17 +208,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, fuzzy, c-format msgid "Server certificate changed: connection intercepted?" msgstr "Tenarsertifikatet er utgått på dato." @@ -323,30 +323,30 @@ msgstr "%s: Feil: Fann ikkje adressa til nettverksvert (%s).\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "Klarte ikkje skriva til fil: %s" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Klarte ikkje oppretta SSL-tilkopling til mellomtenar" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "Klarte ikkje forhandla SSL-økt" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "Klarte ikkje kopla til mellomtenar" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "Klarte ikkje kopla til tenaren." @@ -379,221 +379,91 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "Tenarsertifikatet er utgått på dato." -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 #, fuzzy msgid "Connection closed" msgstr "Tilkoplinga vart lukka av tenaren" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 #, fuzzy msgid "Secure connection truncated" msgstr "Sambandet vart tidsavbrote." -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Feil: %s\n" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Feil: %s\n" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "For lang linje" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "Fann ikkje vert" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 #, fuzzy msgid "Connection timed out" msgstr "%s: sambandet vart tidsavbrote." -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 #, fuzzy msgid "Client certificate verification failed" msgstr "Tenarsertifikatet er utgått på dato." -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 #, fuzzy msgid "SSL disabled due to lack of entropy" msgstr "SSL avslått grunna mangel på entropi" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 #, fuzzy msgid "SSL disabled due to library version mismatch" msgstr "SSL avslått grunna mangel på entropi" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 #, fuzzy msgid "Could not create SSL structure" msgstr "Klarte ikkje forhandla SSL-økt" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -#, fuzzy -msgid "connection not permitted" -msgstr "%s: sambandet vart tidsavbrote." - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "Klarte ikkje senda førespurnad" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "Klarte ikkje lesa svar" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "Klarte ikkje senda førespurnad" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "Klarte ikkje lesa statuslinja" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "Krev autentisering på %s «%s»:\n" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "Klarte ikkje senda førespurnad" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "Klarte ikkje kopla til tenaren." - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "Klarte ikkje kopla til tenaren." - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "Klarte ikkje lesa svar" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "Klarte ikkje kopla til tenaren." - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "Klarte ikkje lesa svar" - #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" msgstr "XML-tolkingsfeil på linje %d: %s." -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Ukjend systemfeil" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "XML-tolkingsfeil på linje %d: %s." @@ -7,8 +7,8 @@ msgid "" msgstr "" "Project-Id-Version: Neon 0.28.0\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" -"PO-Revision-Date: 2008-08-21 22:00+0200\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" +"PO-Revision-Date: 2007-11-24 14:00+0100\n" "Last-Translator: Arfrever Frehtes Taifersar Arahesis <Arfrever.FTA@gmail." "com>\n" "Language-Team: Polish Neon Translator Arfrever Frehtes Taifersar Arahesis " @@ -36,106 +36,106 @@ msgstr "Nie można autentykować się do serwera: %s" msgid "Could not authenticate to proxy server: %s" msgstr "Nie można autentykować się do serwera proxy: %s" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "odrzucone wezwanie %s" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "brakująca domena w wezwaniu Basic" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "niewłaściwy żeton Negotiate" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 msgid "GSSAPI authentication error: " msgstr "Błąd autentykacji GSSAPI: " -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "Porażka GSSAPI (kod %u)" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "ignorowanie pustej kontynuacji Negotiate" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" "weryfikacja odpowiedzi Negotiate nie udała się: niewłaściwy żeton nagłówka " "odpowiedzi" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "porażka weryfikacji odpowiedzi Negotiate: %s" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "nieznany algorytm w wezwaniu Digest" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "niekompatybilny algorytm w wezwaniu Digest" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "brakujący parametr w wezwaniu Digest" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "początkowe wezwanie Digest było nieaktualne" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "nieaktualne wezwanie Digest z nowym algorytmem lub domeną" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 msgid "could not parse domain in Digest challenge" msgstr "nie można parsować domeny w wezwaniu Digest" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "Porażka wzajemnego uwierzytelniania Digest: brakujące parametry" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: niezgodność posłańca klienta" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: nie można parsować licznika " "posłańca" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: niezgodność licznika posłańca (%" "u nie %u)" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" "Porażka wzajemnego uwierzytelniania Digest: niezgodność request-digest " "mismatch" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "wezwanie %s zignorowane" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 msgid "could not parse challenge" msgstr "nie można parsować wezwania" @@ -172,31 +172,31 @@ msgstr "Nie można " msgid "Could not initialize zlib" msgstr "Nie można zainicjalizować zlib" -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "[niedrukowalne:#%lu]" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "[niedrukowalne]" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "Certyfikat serwera nie posiada atrybutu commonName w nazwie tematu" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "Uzgodnienie SSL nie udało się, certyfikat klienta został zażądany: %s" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "Negocjacja SSL nie udała się: %s" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, c-format -msgid "SSL handshake failed: %s" -msgstr "Uzgodnienie SSL nie udało się: %s" +msgid "SSL negotiation failed: %s" +msgstr "Negocjacja SSL nie udała się: %s" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "Serwer nie wysłał łańcucha certyfikatu" @@ -216,17 +216,17 @@ msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" "Nie zwrócono żadnej aktywnej blokady dla <%s> w odpowiedzi LOCK refresh" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "Błąd weryfikacji certyfikatu: %s" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "Serwer SSL nie przedstawił certyfikatu" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "Certyfikat serwera zmienił się: połączenie przechwycone?" @@ -326,30 +326,30 @@ msgstr "Nie można rozwiązać nazwy hosta `%s': %s" msgid "Unknown transfer-coding in response" msgstr "Nieznane transfer-coding w odpowiedzi" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "Nieprawidłowe Content-Length w odpowiedzi" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "Nie można pisać do pliku: %s" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Nie można utworzyć połączenia SSL przez serwer proxy: %s" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, c-format msgid "Could not create socket" msgstr "Nie można utworzyć gniazda" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "Nie można połączyć się z serwerem proxy" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "Nie można połączyć się z serwerem" @@ -377,201 +377,83 @@ msgstr "wydawca nie jest zaufany" msgid "Server certificate verification failed: " msgstr "Weryfikacja certyfikatu serwera nie powiodła się: " -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 msgid "Connection closed" msgstr "Połączenie zamknięte" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 msgid "Secure connection truncated" msgstr "Bezpieczne połączenie obcięte" -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, c-format msgid "SSL error: %s" msgstr "Błąd SSL: %s" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "Kod błędu SSL %d/%d/%lu" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, c-format msgid "SSL alert received: %s" msgstr "Alarm SSL otrzymany: %s" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "Odczytywanie gniazda SSL nie powiodło się" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "Linia zbyt długa" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "Host nieznaleziony" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 msgid "Connection timed out" msgstr "Czas połączenia się skończył" -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "Numer deskryptoru gniazda przekracza FD_SETSIZE" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" -msgstr "Rodzina gniazda niewspierana" +msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "Weryfikacja certyfikatu klienta nie powiodła się" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "SSL wyłączone z powodu braku entropii" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "SSL wyłączone z powodu niezgodności wersji biblioteki" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 msgid "Could not create SSL structure" msgstr "Nie można utworzyć struktury SSL" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "porażka" - -#: src/ne_socks.c:68 -msgid "connection not permitted" -msgstr "połączenie niedozwolone" - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "sieć nieosiągalna" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "host nieosiągalny" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "TTL utraciło ważność" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "polecenie niewspierane" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "typ adresu niewspierany" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "%s: nierozpoznany błąd (%u)" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -msgid "Could not send message to proxy" -msgstr "Nie można wysłać wiadomości do proxy" - -#: src/ne_socks.c:133 -msgid "Could not read initial response from proxy" -msgstr "Nie można odczytać początkowej odpowiedzi od proxy" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "Nieprawidłowa wersja w odpowiedzi proxy" - -#: src/ne_socks.c:157 -msgid "Could not send login message" -msgstr "Nie można wysłać wiadomości logowania" - -#: src/ne_socks.c:162 -msgid "Could not read login reply" -msgstr "Nie można odczytać odpowiedzi logowania" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "Nieprawidłowa wersja w odpowiedzi logowania" - -#: src/ne_socks.c:168 -msgid "Authentication failed" -msgstr "Błąd uwierzytelniania" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "Brak akceptowalnej metody uwierzytelniania" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "Nieoczekiwana metoda uwierzytelniania wybrana" - -#: src/ne_socks.c:210 -msgid "Could not send connect request" -msgstr "Nie można wysłać żądania połączenia" - -#: src/ne_socks.c:215 -msgid "Could not read connect reply" -msgstr "Nie można odczytac odpowiedzi połączenia" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "Nieprawidłowa wersja w odpowiedzi połączenia" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -msgid "Could not connect" -msgstr "Nie można połączyć się" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "Nie można odczytać długości FQDN w odpowiedzi połączenia" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "Nieznany typ adresu w odpowiedzi połączenia" - -#: src/ne_socks.c:245 -msgid "Could not read address in connect reply" -msgstr "Nie można odczytać adresu w odpowiedzi połączenia" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "żądanie odrzucone lub nieudane" - -#: src/ne_socks.c:269 -msgid "could not establish connection to identd" -msgstr "Nie można połączyć się z identd" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "odrzucone z powodu niezgodności użytkownika identd" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "%s: nierozpoznana porażka (%u)" - -#: src/ne_socks.c:333 -msgid "Could not read response from proxy" -msgstr "Nie można odczytać odpowiedzi od proxy" - #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "Błąd podczas parsowania XML w linii %d: nieprawidłowa nazwa elementu" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 msgid "Unknown error" msgstr "Nieznany błąd" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "Nieprawidłowy Znacznik Kolejności Bajtów" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "Błąd podczas parsowania XML w linii %d: %s" @@ -6,7 +6,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy 0.11.5\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2002-11-11 14:28+0000\n" "Last-Translator: Michael Sobolev <neon@webdav.org>\n" "Language-Team: ru\n" @@ -31,98 +31,98 @@ msgstr "%s: : : %s\n" msgid "Could not authenticate to proxy server: %s" msgstr "%s: : : %s\n" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 msgid "GSSAPI authentication error: " msgstr "" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "%s: : : %s\n" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "%s: : : %s\n" @@ -162,31 +162,31 @@ msgstr "%s: : : %s\n" msgid "Could not initialize zlib" msgstr "%s: : : %s\n" -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "%s: : : %s\n" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "%s: : : %s\n" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -205,17 +205,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -319,30 +319,30 @@ msgstr "%s: : : %s.\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, fuzzy, c-format msgid "Could not write to file: %s" msgstr "%s: : : %s\n" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "%s: : : %s\n" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "" @@ -370,211 +370,84 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 msgid "Connection closed" msgstr "" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 msgid "Secure connection truncated" msgstr "" -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, c-format msgid "SSL error: %s" msgstr "" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, c-format msgid "SSL alert received: %s" msgstr "" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 msgid "Connection timed out" msgstr "" -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 msgid "Could not create SSL structure" msgstr "" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -msgid "connection not permitted" -msgstr "" - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "%s: : : %s\n" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -msgid "Could not read address in connect reply" -msgstr "" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -msgid "could not establish connection to identd" -msgstr "" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "%s: : : %s\n" - #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr " " -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "" @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: sitecopy-0.10.10\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2001-01-03 HO:MI+ZONE\n" "Last-Translator: A. Sinan Unur <sinan@unur.com>\n" "Language-Team: tr\n" @@ -34,98 +34,98 @@ msgstr "Sunucuyla balant kurulamad" msgid "Could not authenticate to proxy server: %s" msgstr "Ara sunucuyla balant kurulamad" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 msgid "GSSAPI authentication error: " msgstr "" -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 #, fuzzy msgid "could not parse domain in Digest challenge" msgstr "Para boyutu anlalamad" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 #, fuzzy msgid "could not parse challenge" msgstr "Para boyutu anlalamad" @@ -165,31 +165,31 @@ msgstr "Dosya alamad: " msgid "Could not initialize zlib" msgstr "Dosyaya yazm yaplamad: " -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 +#, fuzzy, c-format +msgid "SSL negotiation failed, client certificate was requested: %s" +msgstr "%s dosyasna yazm yaplamad" -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed: %s" msgstr "%s dosyasna yazm yaplamad" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "" @@ -208,17 +208,17 @@ msgstr "" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "" @@ -321,30 +321,30 @@ msgstr "%s: Hata: %s sunucusunun adresi bulunamad.\n" msgid "Unknown transfer-coding in response" msgstr "" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "%s dosyasna yazm yaplamad" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, fuzzy, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "Ara sunucu zerinden SSL balants kurulamad" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, fuzzy, c-format msgid "Could not create socket" msgstr "SSL balants kurulamad" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "Ara sunucuyla balant kurulamad" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "Sunucuyla balant kurulamad" @@ -372,203 +372,73 @@ msgstr "" msgid "Server certificate verification failed: " msgstr "" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 #, fuzzy msgid "Connection closed" msgstr "Balant sunucu tarafndan kesildi" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 #, fuzzy msgid "Secure connection truncated" msgstr "Balant sre snr ald." -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, fuzzy, c-format msgid "SSL error: %s" msgstr "%s: Hata: %s\n" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, fuzzy, c-format msgid "SSL alert received: %s" msgstr "%s: Hata: %s\n" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "Satr ok uzun" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "Sunucu bulunamad" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 #, fuzzy msgid "Connection timed out" msgstr "%s: balant bekleme snr ald." -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 #, fuzzy msgid "Could not create SSL structure" msgstr "SSL balants kurulamad" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -#, fuzzy -msgid "connection not permitted" -msgstr "%s: balant bekleme snr ald." - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "stek metni gnderilemedi" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "Yant metni okunamad" - -#: src/ne_socks.c:136 -msgid "Invalid version in proxy response" -msgstr "" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "stek gnderilemedi" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "Durum satr okunamad" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "%s dosyasna yazm yaplamad" - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "stek gnderilemedi" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "Sunucuyla balant kurulamad" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "Sunucuyla balant kurulamad" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "Yant metni okunamad" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "Sunucuyla balant kurulamad" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "Yant metni okunamad" - #: src/ne_xml.c:280 #, fuzzy, c-format msgid "XML parse error at line %d: invalid element name" @@ -576,16 +446,16 @@ msgstr "" "%s: kurulum dosyasnda bozukluk var. satr %d:\n" "%s\n" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 #, fuzzy msgid "Unknown error" msgstr "Bilinmeyen sistem hatas" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, fuzzy, c-format msgid "XML parse error at line %d: %s" msgstr "" diff --git a/po/zh_CN.po b/po/zh_CN.po index e3b028d..dbc6db9 100644 --- a/po/zh_CN.po +++ b/po/zh_CN.po @@ -7,9 +7,9 @@ # msgid "" msgstr "" -"Project-Id-Version: neon 0.29.x\n" +"Project-Id-Version: neon 0.28.0+\n" "Report-Msgid-Bugs-To: neon@lists.manyfish.co.uk\n" -"POT-Creation-Date: 2008-08-22 12:42+0100\n" +"POT-Creation-Date: 2009-08-18 15:52+0100\n" "PO-Revision-Date: 2008-03-03 11:20+0800\n" "Last-Translator: Dongsheng Song <dongsheng.song@gmail.com>\n" "Language-Team: neon@webdav.org\n" @@ -36,97 +36,97 @@ msgstr "不能认证到服务器: %s" msgid "Could not authenticate to proxy server: %s" msgstr "不能认证到代理服务器: %s" -#: src/ne_auth.c:358 +#: src/ne_auth.c:359 #, c-format msgid "rejected %s challenge" msgstr "被拒绝的 %s 挑战" -#: src/ne_auth.c:374 +#: src/ne_auth.c:375 msgid "missing realm in Basic challenge" msgstr "在基本挑战中丢失了领域" -#: src/ne_auth.c:469 +#: src/ne_auth.c:470 msgid "invalid Negotiate token" msgstr "非法磋商令牌" -#: src/ne_auth.c:492 +#: src/ne_auth.c:493 msgid "GSSAPI authentication error: " msgstr "GSSAPI 认证错误: " -#: src/ne_auth.c:505 +#: src/ne_auth.c:506 #, c-format msgid "GSSAPI failure (code %u)" msgstr "GSSAPI 失败(代码 %u)" -#: src/ne_auth.c:540 +#: src/ne_auth.c:541 msgid "ignoring empty Negotiate continuation" msgstr "忽略后续的空磋商" -#: src/ne_auth.c:555 +#: src/ne_auth.c:556 #, c-format msgid "Negotiate response verification failed: invalid response header token" msgstr "校验协商响应失败:非法响应头令牌" -#: src/ne_auth.c:577 +#: src/ne_auth.c:578 #, c-format msgid "Negotiate response verification failure: %s" msgstr "磋商响应校验失败: %s" -#: src/ne_auth.c:699 +#: src/ne_auth.c:700 msgid "unknown algorithm in Digest challenge" msgstr "在摘要挑战中的算法不可识别" -#: src/ne_auth.c:703 +#: src/ne_auth.c:704 msgid "incompatible algorithm in Digest challenge" msgstr "在摘要挑战中的算法不兼容" -#: src/ne_auth.c:707 +#: src/ne_auth.c:708 msgid "missing parameter in Digest challenge" msgstr "在摘要挑战中的参数丢失" -#: src/ne_auth.c:711 +#: src/ne_auth.c:712 msgid "initial Digest challenge was stale" msgstr "陈旧的初始化摘要挑战" -#: src/ne_auth.c:718 +#: src/ne_auth.c:719 msgid "stale Digest challenge with new algorithm or realm" msgstr "陈旧的摘要挑战用于新算法或新领域" -#: src/ne_auth.c:730 +#: src/ne_auth.c:731 msgid "could not parse domain in Digest challenge" msgstr "在摘要挑战中的不能解析域" -#: src/ne_auth.c:1039 +#: src/ne_auth.c:1040 #, c-format msgid "Digest mutual authentication failure: missing parameters" msgstr "摘要互相认证失败:参数遗漏" -#: src/ne_auth.c:1044 +#: src/ne_auth.c:1045 #, c-format msgid "Digest mutual authentication failure: client nonce mismatch" msgstr "摘要互相认证失败:客户现时不匹配" -#: src/ne_auth.c:1054 +#: src/ne_auth.c:1055 #, c-format msgid "Digest mutual authentication failure: could not parse nonce count" msgstr "摘要互相认证失败:不能解析现时计数" -#: src/ne_auth.c:1059 +#: src/ne_auth.c:1060 #, c-format msgid "Digest mutual authentication failure: nonce count mismatch (%u not %u)" msgstr "摘要互相认证失败:现时计算不匹配 (应该是 %u,不是 %u)" -#: src/ne_auth.c:1102 +#: src/ne_auth.c:1103 #, c-format msgid "Digest mutual authentication failure: request-digest mismatch" msgstr "摘要互相认证失败:请求摘要不匹配" -#: src/ne_auth.c:1228 +#: src/ne_auth.c:1229 #, c-format msgid "ignored %s challenge" msgstr "被忽略的 %s 挑战" -#: src/ne_auth.c:1307 +#: src/ne_auth.c:1308 msgid "could not parse challenge" msgstr "不能解析挑战" @@ -163,31 +163,31 @@ msgstr "解压数据失败" msgid "Could not initialize zlib" msgstr "初始化 zlib 失败" -#: src/ne_gnutls.c:172 +#: src/ne_gnutls.c:162 #, c-format msgid "[unprintable:#%lu]" msgstr "[非打印字符:#%lu]" -#: src/ne_gnutls.c:201 +#: src/ne_gnutls.c:188 msgid "[unprintable]" msgstr "[非打印字符]" -#: src/ne_gnutls.c:799 src/ne_openssl.c:396 +#: src/ne_gnutls.c:680 src/ne_openssl.c:407 #, c-format msgid "Server certificate was missing commonName attribute in subject name" msgstr "服务器证书在主题名称遗漏了属性 commonName" -#: src/ne_gnutls.c:840 src/ne_openssl.c:633 -#, c-format -msgid "SSL handshake failed, client certificate was requested: %s" -msgstr "" - -#: src/ne_gnutls.c:845 src/ne_openssl.c:638 +#: src/ne_gnutls.c:721 src/ne_openssl.c:630 #, fuzzy, c-format -msgid "SSL handshake failed: %s" +msgid "SSL negotiation failed, client certificate was requested: %s" msgstr "SSL 协商失败:%s" -#: src/ne_gnutls.c:855 +#: src/ne_gnutls.c:726 src/ne_openssl.c:635 +#, c-format +msgid "SSL negotiation failed: %s" +msgstr "SSL 协商失败:%s" + +#: src/ne_gnutls.c:736 #, c-format msgid "Server did not send certificate chain" msgstr "服务器不能发送证书链" @@ -206,17 +206,17 @@ msgstr "锁定 %s 的响应遗漏了主动锁" msgid "No activelock for <%s> returned in LOCK refresh response" msgstr "刷新锁定 %s 的响应没有返回主动锁" -#: src/ne_openssl.c:428 +#: src/ne_openssl.c:439 #, c-format msgid "Certificate verification error: %s" msgstr "证书校验失败:%s" -#: src/ne_openssl.c:658 +#: src/ne_openssl.c:655 #, c-format msgid "SSL server did not present certificate" msgstr "SSL 服务器不能呈现证书" -#: src/ne_openssl.c:667 +#: src/ne_openssl.c:664 #, c-format msgid "Server certificate changed: connection intercepted?" msgstr "服务器证书改变:是否被拦截攻击?" @@ -316,30 +316,30 @@ msgstr "不能解析主机名称 “%s”: %s" msgid "Unknown transfer-coding in response" msgstr "响应中的传输代码未知" -#: src/ne_request.c:1275 +#: src/ne_request.c:1277 msgid "Invalid Content-Length in response" msgstr "非法的 Content-Length 响应域" -#: src/ne_request.c:1348 +#: src/ne_request.c:1350 #, c-format msgid "Could not write to file: %s" msgstr "不能写入文件:%s" -#: src/ne_request.c:1421 +#: src/ne_request.c:1423 #, c-format msgid "Could not create SSL connection through proxy server: %s" msgstr "不能通过代理服务器 “%s” 创建 SSL 连接" -#: src/ne_request.c:1468 +#: src/ne_request.c:1470 #, c-format msgid "Could not create socket" msgstr "不能创建套接字" -#: src/ne_request.c:1530 +#: src/ne_request.c:1532 msgid "Could not connect to proxy server" msgstr "不能连接到代理服务器" -#: src/ne_request.c:1531 +#: src/ne_request.c:1533 msgid "Could not connect to server" msgstr "不能连接到服务器" @@ -367,214 +367,83 @@ msgstr "证书发行者不被信任" msgid "Server certificate verification failed: " msgstr "服务器证书校验失败" -#: src/ne_socket.c:516 src/ne_socket.c:612 src/ne_socket.c:716 +#: src/ne_socket.c:514 src/ne_socket.c:568 src/ne_socket.c:671 msgid "Connection closed" msgstr "连接关闭" -#: src/ne_socket.c:622 src/ne_socket.c:728 +#: src/ne_socket.c:578 src/ne_socket.c:683 msgid "Secure connection truncated" msgstr "安全连接切断" -#: src/ne_socket.c:634 src/ne_socket.c:740 +#: src/ne_socket.c:590 src/ne_socket.c:695 #, c-format msgid "SSL error: %s" msgstr "SSL 错误:%s" -#: src/ne_socket.c:637 +#: src/ne_socket.c:593 #, c-format msgid "SSL error code %d/%d/%lu" msgstr "SSL 错误代码 %d/%d/%lu" -#: src/ne_socket.c:721 +#: src/ne_socket.c:676 #, c-format msgid "SSL alert received: %s" msgstr "收到 SSL 警报: %s" -#: src/ne_socket.c:736 +#: src/ne_socket.c:691 msgid "SSL socket read failed" msgstr "SSL 套接字读取失败" -#: src/ne_socket.c:862 +#: src/ne_socket.c:795 msgid "Line too long" msgstr "行太长" -#: src/ne_socket.c:1007 src/ne_socket.c:1013 +#: src/ne_socket.c:940 src/ne_socket.c:946 msgid "Host not found" msgstr "没有发现主机" -#: src/ne_socket.c:1138 +#: src/ne_socket.c:1072 msgid "Connection timed out" msgstr "连接超时" -#: src/ne_socket.c:1300 +#: src/ne_socket.c:1263 msgid "Socket descriptor number exceeds FD_SETSIZE" msgstr "套接字数量超过 FD_SETSIZE" -#: src/ne_socket.c:1360 +#: src/ne_socket.c:1325 msgid "Socket family not supported" msgstr "" -#: src/ne_socket.c:1583 +#: src/ne_socket.c:1548 msgid "Client certificate verification failed" msgstr "客户证书校验失败" -#: src/ne_socket.c:1599 +#: src/ne_socket.c:1564 msgid "SSL disabled due to lack of entropy" msgstr "由于缺少熵,SSL 已经禁用" -#: src/ne_socket.c:1606 +#: src/ne_socket.c:1571 msgid "SSL disabled due to library version mismatch" msgstr "由于库版本不匹配,SSL 已经禁用" -#: src/ne_socket.c:1612 +#: src/ne_socket.c:1577 msgid "Could not create SSL structure" msgstr "不能创建 SSL 结构" -#: src/ne_socks.c:65 -msgid "failure" -msgstr "" - -#: src/ne_socks.c:68 -#, fuzzy -msgid "connection not permitted" -msgstr "连接超时" - -#: src/ne_socks.c:71 -msgid "network unreachable" -msgstr "" - -#: src/ne_socks.c:74 -msgid "host unreachable" -msgstr "" - -#: src/ne_socks.c:77 -msgid "TTL expired" -msgstr "" - -#: src/ne_socks.c:80 -msgid "command not supported" -msgstr "" - -#: src/ne_socks.c:83 -msgid "address type not supported" -msgstr "" - -#: src/ne_socks.c:86 -#, c-format -msgid "%s: unrecognized error (%u)" -msgstr "" - -#: src/ne_socks.c:128 src/ne_socks.c:328 -#, fuzzy -msgid "Could not send message to proxy" -msgstr "不能发送请求主体" - -#: src/ne_socks.c:133 -#, fuzzy -msgid "Could not read initial response from proxy" -msgstr "不能读取响应主体" - -#: src/ne_socks.c:136 -#, fuzzy -msgid "Invalid version in proxy response" -msgstr "非法的 Content-Length 响应域" - -#: src/ne_socks.c:157 -#, fuzzy -msgid "Could not send login message" -msgstr "不能发送请求" - -#: src/ne_socks.c:162 -#, fuzzy -msgid "Could not read login reply" -msgstr "不能读状态行" - -#: src/ne_socks.c:165 -msgid "Invalid version in login reply" -msgstr "" - -#: src/ne_socks.c:168 -#, fuzzy -msgid "Authentication failed" -msgstr "GSSAPI 认证错误: " - -#: src/ne_socks.c:172 -msgid "No acceptable authentication method" -msgstr "" - -#: src/ne_socks.c:174 -msgid "Unexpected authentication method chosen" -msgstr "" - -#: src/ne_socks.c:210 -#, fuzzy -msgid "Could not send connect request" -msgstr "不能发送请求" - -#: src/ne_socks.c:215 -#, fuzzy -msgid "Could not read connect reply" -msgstr "不能连接到服务器" - -#: src/ne_socks.c:218 -msgid "Invalid version in connect reply" -msgstr "" - -#: src/ne_socks.c:221 src/ne_socks.c:337 -#, fuzzy -msgid "Could not connect" -msgstr "不能连接到服务器" - -#: src/ne_socks.c:235 -msgid "Could not read FQDN length in connect reply" -msgstr "" - -#: src/ne_socks.c:240 -msgid "Unknown address type in connect reply" -msgstr "" - -#: src/ne_socks.c:245 -#, fuzzy -msgid "Could not read address in connect reply" -msgstr "不能读取响应主体" - -#: src/ne_socks.c:266 -msgid "request rejected or failed" -msgstr "" - -#: src/ne_socks.c:269 -#, fuzzy -msgid "could not establish connection to identd" -msgstr "不能连接到服务器" - -#: src/ne_socks.c:272 -msgid "rejected due to identd user mismatch" -msgstr "" - -#: src/ne_socks.c:275 -#, c-format -msgid "%s: unrecognized failure (%u)" -msgstr "" - -#: src/ne_socks.c:333 -#, fuzzy -msgid "Could not read response from proxy" -msgstr "不能读取响应主体" - #: src/ne_xml.c:280 #, c-format msgid "XML parse error at line %d: invalid element name" msgstr "在 %d 行解析 XML 错误:非法元素名称" -#: src/ne_xml.c:452 +#: src/ne_xml.c:474 msgid "Unknown error" msgstr "未知错误" -#: src/ne_xml.c:537 +#: src/ne_xml.c:579 msgid "Invalid Byte Order Mark" msgstr "非法字节顺序标记(BOM)" -#: src/ne_xml.c:625 +#: src/ne_xml.c:667 #, c-format msgid "XML parse error at line %d: %s" msgstr "在 %d 行解析 XML 错误: %s" diff --git a/src/ChangeLog b/src/ChangeLog deleted file mode 100644 index 7859493..0000000 --- a/src/ChangeLog +++ /dev/null @@ -1,5563 +0,0 @@ -Sun Sep 12 19:21:30 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (ne_lock_refresh): Fix to pass correct userdata to - callbacks, and do call lk_cdata. - -Sun Sep 12 18:53:15 2004 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (libneon.a): Remove the archive first, avoiding - strange problems when build $(OBJECTS) change. - -Sun Sep 12 18:40:50 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h: Add NE_FEATURE_SOCKS. - - * ne_utils.c (ne_has_support): Add NE_FEATURE_SOCKS. - (version_string): Use NE_HAVE_SOCKS, add NE_HAVE_IDNA. - - * ne_socket.c (ne_sock_init): Use NE_HAVE_SOCKS. - -Sun Sep 12 17:29:54 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (version_string): Declare as array rather than - pointer; include "IPv6" component as necessary - -Sun Sep 12 15:51:38 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_iaddr_typeof): New function. - -Sun Sep 12 12:00:10 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_defs.h (ne_attribute_malloc): New macro. - - * ne_alloc.h: Use it to avoid warnings with older GCCs. - -Wed Aug 25 21:03:40 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (split_string, split_string_c, pair_string, - split_string_free, pair_string_free): Remove obsolete interfaces. - -Wed Aug 25 21:01:03 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_cookies.c, ne_cookies.h: Drop cookies support: used old spec - revision and wasn't very complete anyway. - -Wed Aug 25 20:40:26 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Remove ne_read, ne_write macros and just use recv - and send; remove unused SOCK_ERR macro. - -Wed Aug 25 20:27:43 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (declare_nspaces): Drop rejection of names including a - colon to prevent breaking SVN deployments. - -Wed Aug 25 19:45:20 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (readable_raw): Use poll where available. - (ne_sock_connect): Fail if not using poll and fd returned by - socket() is greater than FD_SETSIZE. - -Wed Aug 25 18:40:28 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h (ne_xml_parse): Clarify that a len=0 call is required - to signify end-of-document. - -Wed Aug 25 18:37:13 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (resolve_first, resolve_next): New functions. - (lookup_host): Use them to allow user-forced addresses. - - * ne_session.c (ne_set_addrlist): New function. - - * ne_private.h (struct ne_session_s): Add addrlist, numaddrs, - curaddr fields. - -Wed Aug 25 18:25:31 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (struct ne_xml_parser_s): Add bom_pos field. - (ne_xml_parse): Skip over the UTF-8 Byte Order Mark since - the XML parsers do not support it yet. - -Wed Jul 7 16:07:44 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (do_connect): Fix ne_conn_connected status call - (Shameek Basu). - -Mon Jul 5 18:40:35 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_content_type_handler): Use us-ascii as default - charset for text/xml, as per RFC3280. - -Mon Jul 5 10:56:19 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (struct ne_decompress_s): Add acceptor field. - (gz_acceptor): New function. - (ne_decompress_reader): Fix to pass the user-supplied userdata - pointer to the user-supplied acceptor callback, via gz_acceptor. - -Mon Jul 5 10:52:40 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (do_inflate): Don't invoke the reader callback if - no bytes where produced by inflate(). - (process_footer): Call the reader callback with size=0 to indicate - end-of-response for a good checksum match. - -Sat Jul 3 14:33:56 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (auth_challenge): Fix to set got_qop in challenge - correctly (Hideaki Takahashi). - -Mon May 17 15:03:54 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h (ne_addr_resolve): Clarify that 'flags' must - be passed as zero for forwards-compat. - -Sun May 2 21:14:14 2004 Joe Orton <joe@manyfish.co.uk> - - Fix buffer overflow in RFC1036 date parser, CVE CAN-2004-0389. - - * ne_dates.c (RFC1036_FORMAT): Specify maximum field with for day - name. - (ne_rfc1123_parse, ne_rfc1036_parse, ne_asctime_parse): Make - thread-safe; remove static buffers. - -Sun May 2 16:59:39 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c [RFC1123_TEST] (main): Remove embedded test cases. - -Sun May 2 13:18:29 2004 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (LINK): Add -no-undefined. - -Fri Apr 16 22:53:59 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (declare_nspaces, expand_qname): Don't try to include - document context in error strings. - -Fri Apr 16 11:44:34 2004 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (LIBS): Include NEON_LTLIBS. - -Wed Apr 14 10:39:53 2004 Joe Orton <joe@manyfish.co.uk> - - Fix format string vulnerabilities, CVE CAN-2004-0179: - - * ne_207.c (ne_simple_request): Avoid format string - vulnerabilities. - - * ne_xml.c (ne_xml_set_error): Likewise. - - * ne_props.c (propfind): Likewise. - - * ne_locks.c (ne_lock, ne_lock_refresh): Likewise. - -Wed Apr 14 10:33:46 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (ah_post_send): Avoid false positives from gcc - -Wformat-security. - -Tue Apr 13 20:51:41 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c: Conditionally include gssapi_generic.h. - -Thu Apr 8 13:40:03 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_props.h: Don't use an anonymous enum for the proppatch - operation type, as some C++ compilers don't like it. - -Wed Apr 7 13:50:10 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (add_fixed_headers): Don't both sending Keep-Alive - header if persistent connections are disabled. - -Wed Apr 7 13:47:46 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (auth_challenge): Allow Negotiate challenges from - a proxy. - -Wed Apr 7 13:36:55 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (clean_session): Remove redundant assignment of - GSS_C_NO_CONTEXT; gss_delete_sec_context already does this. - -Wed Apr 7 13:33:10 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (get_gss_name): Handle failure case internally. - (auth_register): Updated accordingly. - -Wed Apr 7 13:15:57 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c: Use strtoq to print off_t's where necessary. - -Wed Apr 7 11:14:24 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (get_gss_name): Take a hostname string. - (auth_register): Pass proxy or server hostname to get_gss_name as - appropriate. - -Wed Apr 7 11:09:50 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (continue_negotiate): If given no input token, and the - gssctx is not in the initial state, reset it. - -Mon Mar 29 17:06:49 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c: Adjust to cope with GSSAPI continuation: - (struct auth_session_s): Store GSSAPI context, name and mechanism. - (get_gss_name): Take an ne_session. - (continue_negotiate): Renamed from gssapi_challenge; take input - token, handle GSS_S_CONTINUE_NEEDED return value. - (verify_digest_response): Renamed from verify_response. - (verify_negotiate_response): New function. - (auth_challenge): Cope with Negotiate responses which gratuitously - break the auth-param grammar. - (ah_post_send): Handle Negotiate responses. - (free_auth, clean_session): Free persisted GSSAPI objects. - (auth_register): Initialize GSSAPI objects. - -Sun Mar 28 03:03:17 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (get_gss_name): Don't leak token.value. - -Sun Mar 28 02:59:58 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (get_cnonce): Only use RAND_pseudo_bytes() if the PRNG - is seeded. - -Sun Mar 28 02:47:20 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (gssapi_challenge, get_gss_name): Simplify. - -Sun Mar 28 02:35:48 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (request_gssapi, get_gss_name, auth_challenge): - Implement the Negotiate protocol rather than the obsoleted - GSS-Negotiate. - (make_gss_error): New function. - (gssapi_challenge): Use it for better error handling (set session - error string); fix memory leaks. Don't delegate credentials. - -Sat Mar 27 20:49:24 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (ah_post_send): Clear auth header collector buffers - after each request. - -Fri Mar 26 12:16:15 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (init_ssl): Just initialize the SSL library; delay - seeding PRNG until really necessary (performance fix). - (seed_ssl_prng): Split from init_ssl. - (ne_sock_connect_ssl): Call seed_ssl_prng(). - (ne_sock_init): Adjust since init_ssl() can't fail. - -Fri Mar 26 12:01:38 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c: Include zlib.h before ne_*.h to fix issues - on platforms where zconf.h does "#define const". - -Thu Mar 11 23:38:01 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (provide_client_cert): Avoid malloc(0) when server - sends no CA names in CertificateRequest. - (ne_ssl_cert_write): Be paranoid and clear the OpenSSL error stack - on write failures. - -Sun Mar 7 11:17:04 2004 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (CFLAGS): Don't use NEON_CFLAGS. - -Mon Feb 23 23:03:08 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_vsnprintf, ne_snprintf): New functions. - -Sun Feb 22 23:34:47 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct ne_session_s): Remove expect100_works field. - - * ne_request.c (ne_set_request_expect100): New function. - (ne_begin_request): Remove req->use_expect100 manipulation. - (send_request): Handle enabling 100continue without a request - body. - - * ne_session.c (ne_set_expect100): Removed function. - -Sun Feb 22 20:17:04 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (error_ossl): Check for ERR_reason_error_string - returning NULL. - -Sun Feb 22 17:54:43 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Don't disable getaddrinfo support here. - -Sun Feb 22 17:40:07 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h (min): Remove definition to... - - * ne_uri.c (min): ...here. - -Sun Feb 22 17:31:35 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_props.h: Give the 'type' enum a tag name. - -Sun Feb 22 17:27:28 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c (end_element): Strip whitespace from cdata. - -Sun Feb 22 16:27:58 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (struct auth_request): Make auth_hdr, auth_info_hdr - fields into ne_buffer *'s. - (ah_collect_header): New function. - (ah_create): Create ne_buffers for auth_{,info_}hdr; use - ah_collect_header rather than ne_duplicate_header to fix handling - of multiple auth challenge headers. - (ah_post_send): Adjust for char * -> ne_buffer *. - (tokenize): Recognize a challenge scheme which is terminated with - a comma (i.e. with no challange parameters). - (auth_challenge): Fix handling of unrecognized challenges. - (ah_destroy): Destroy ne_buffers. - -Sun Feb 22 15:04:46 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_set_request_body_provider64): New function. - -Sun Feb 15 13:37:03 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_ssl.h: Define that ne_ssl_readable_dname returns UTF-8 - encoded strings. - - * ne_openssl.c (ne_ssl_readable_dname): Convert dname strings to - UTF-8, or use "???". - -Sat Feb 14 21:57:25 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (invalid_ncname_ch1): New macro. - (declare_nspaces): Use it, to reject some more invalid namespace - prefixes; also check for a colon anywhere in the NCName. - (expand_qname): Likewise for the element name. - -Mon Feb 9 21:38:03 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c [WIN32] (GMTOFF): Use gmt_to_local_win32; - (gmt_to_local_win32): New function, from Jiang Lei. - -Mon Jan 26 14:38:05 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_connect_ssl): Check that OpenSSL version - matches between library at run-time and headers at compile-time. - -Sat Jan 24 17:49:27 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c (HAVE_STRUCT_TM___TM_GMTOFF): Alternative GMTOFF() - macro. - -Sat Jan 24 16:49:30 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (basic_challenge): Cast first parameter to ne_base64 - to unsigned char * to fix warnings with some compilers. - -Sat Jan 3 13:17:36 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.h (ne_set_request_body_fd64): Define conditional on - NE_LFS. - - * ne_request.c (ne_set_request_body_fd64): Likewise. - -Thu Jan 1 18:01:45 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c: Use NE_HAVE_LFS not _LARGEFILE64_SOURCE in - conditional support for off64_t. - -Thu Jan 1 17:38:55 2004 Joe Orton <joe@manyfish.co.uk> - - * ne_request.h [_LARGEFILE64_SOURCE] (ne_set_request_body_fd64): - New function. - - * ne_request.c: Define ne_lseek, ne_off_t, ne_strtoff, - NE_OFFT_MAX, FMT_NE_OFF_T appropriately for _LARGEFILE64_SOURCE or - otherwise. - (struct ne_request_s): Use ne_off_t in place of off_t throughout. - (body_fd_send): Use ne_lseek; reset 'remain' after seeking. - (clength_hdr_handler): Use ne_off_t, ne_strtoff and NE_OFFT_MAX. - (set_body_length): Take an ne_off_t length parameter; use - FMT_NE_OFF_T to print it. - (ne_set_request_body_fd64): New function. - - * ne_utils.h (NE_FEATURE_LFS): New feature. - - * ne_utils.c (ne_has_support): Support NE_FEATURE_LFS. - -Mon Nov 24 20:13:14 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (struct ne_response): Split handling for chunked vs - clength-delimited responses into a union. Use off_t for storing - whole-length-of-response values. - (read_response_block, ne_read_response_block): Update accordingly. - (ne_begin_request): Remove unnecessary variable assignments. - -Sun Nov 23 16:03:22 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.h (ne_set_request_body_fd): Take offset and length - arguments, return void. - (ne_set_request_body_provider): Take off_t length argument. - - * ne_request.c (struct ne_request_s): Store current position - within buffer/file used as request body source. Store request - body lengths using off_t type. - (body_string_send): Adjust for renamed fields. - (body_fd_send): Seek to requested offset; don't read past - requested body length. - (set_body_length): Renamed from set_body_size. - - * ne_basic.c (ne_put): Determine file size here; adjust for new - ne_set_request_body_fd API. - -Sun Nov 23 15:05:12 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c, ne_basic.h: Remove two-functions-in-one, - ne_put_if_unmodified. - -Fri Nov 14 14:05:32 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_has_support): Add NE_FEATURE_IDNA. - -Fri Nov 14 13:11:49 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (set_hostinfo): [NE_HAVE_LIBIDN]: Use string from - IDNA ToAscii operation on provided hostname if successful. - -Fri Nov 14 11:23:16 2003 Joe Orton <joe@manyfish.co.uk> - - All files: replace use of NEON_NODAV with NE_HAVE_DAV, NEON_SSL - with NE_HAVE_SSL, NEON_ZLIB with NE_HAVE_ZLIB. Use NE_HAVE_DAV - not USE_DAV_LOCKS. - - * ne_utils.c (ne_has_support): New feature detection interface, - replaces ne_supports_ssl. - -Thu Nov 13 20:38:28 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_begin_request): Presume a 205 response has no - message-body too; RFC2616 compliance fix. - -Thu Nov 13 20:31:07 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (ah_post_send): Treat a 401 response to a CONNECT - request as a valid proxy auth challenge, to work around buggy - proxies. - -Tue Nov 11 21:13:18 2003 Joe Orton <joe@manyfish.co.uk> - - Place library-internal symbols in the "ne__" namespace. - - * ne_request.c (ne__pull_request_body): Renamed from - ne_pull_request_body; all callers updated. - - * ne_session.c (ne__negotiate_ssl): Renamed from - ne_negotiate_ssl; all callers updated. - -Tue Nov 11 21:08:54 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_alloc.h: Mark all allocation functions as having 'malloc' - attribute for GCC. - -Tue Nov 11 20:36:12 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h (ne_xml_failure): Replaces ne_xml_valid, - inverted and more useful return value. - - * ne_xml.c (struct ne_xml_parser_s): Replace 'valid' field with - 'failure', with inverted logic. - (start_element, end_element, char_data): Check failure flag - appropriately. Set failure flag to return value of callback. - Set failure flag to positive integer on a parse error. - (ne_xml_create): Don't initialize failure flag. - (ne_xml_parse): Check/set failure flag appropriately. - (sax_error): Only set an error string (and the error flag) - if failure is zero. - - * ne_207.c (ne_simple_request): Adjust to use ne_xml_failure. - - * ne_locks.c (ne_lock, ne_lock_refresh): Likewise. - - * ne_props.c (propfind): Likewise. - -Wed Oct 22 22:19:19 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Treat an EOF without clean - SSL closure as a valid request body delimiter in any case. - -Wed Oct 22 21:44:48 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_defs.h (ne_attribute): New macro. - - * ne_request.h, ne_session.h, ne_utils.h: Use ne_attribute instead - of littering #ifdef __GNUC__ and __attribute__ everywhere. - -Tue Oct 21 20:03:47 2003 Joe Orton <joe@manyfish.co.uk> - - Fix various strict signedness bugs: - - * ne_auth.c (auth_session): Make nonce_count argument unsigned. - (get_cnonce): Use unsigned data buffer. - (get_gss_name, gssapi_challenge): Use unsigned integers for status - variables. - (request_digest): Print nonce count as unsigned. - (verify_response): Make nonce_count unsigned. - -Tue Oct 7 20:52:06 2003 Joe Orton <joe@manyfish.co.uk> - - When using SSL via a proxy, don't leak server auth credentials to - the proxy, and vice versa. - - * ne_auth.c (auth_session): Add context field. - (ah_create): Ignore challenges in a bad context. - (ah_pre_send, ah_destroy): Check that the request-private cookie - is not NULL. - (auth_register): Take an isproxy flag; set context field - appropriately in session structure. - (ne_set_server_auth, ne_set_proxy_auth): Adjust accordingly. - -Tue Oct 7 19:58:52 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_negotiate_ssl): If the returned cert chain was - NULL, try and create one from the peer certificate alone (fix for - use of SSLv2 connections). - -Mon Sep 29 21:57:40 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c [WIN32]: Include windows.h to fix non-SSL build. - -Thu Sep 25 20:05:18 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (ne_xml_create): Specify an initial error string. - -Sun Sep 21 23:00:10 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_cookies.c (set_cookie_hdl): Strip whitespace around cookie - name and value. - -Sun Sep 14 10:50:01 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_addr_resolve): Use result of autoconf test for - working AI_ADDRCONFIG support. - -Sat Sep 6 12:05:00 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (check_identity): Take an optional server address - argument; check identity against IPaddress extension too if given. - (check_certificate): Optionally pass server address to - check_identity. - (populate_cert): Adjust accordingly. - -Thu Sep 4 21:41:38 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_init): Succeed even if PRNG was not seeded. - -Thu Sep 4 21:33:34 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_set_useragent): Build and store the entire - User-Agent header field in sess->user_agent. - - * ne_request.c (add_fixed_headers): Adjust accordingly; avoid - unnecessary calls to ne_buffer_*. - -Thu Sep 4 21:27:34 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Include netinet/tcp.h. - (ne_sock_connect): Disable the Nagle algorithm; thanks to Jim - Whitehead and Teng Xu for the analysis. - -Thu Sep 4 11:24:04 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_defs.h: Define ssize_t here for Win32. - - * ne_socket.h: Don't define ssize_t here. - -Tue Sep 2 20:20:16 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (auth_challenge): Update to use ne_token not - split_string, patch by Tom Lee <i_am_gnomey@hotmail.com>. - -Wed Jul 30 21:54:38 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_cookies.c (set_cookie_hdl): Fix NULL pointer dereference; - thanks to Markus Mueller <markus-m.mueller@ubs.com>. - -Fri Jul 25 11:05:52 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (do_connect): On failure to connect, set error - string and call ne_sock_close directly rather than using - aborted(); fix leak of socket structure. - -Wed Jul 23 23:20:42 2003 Joe Orton <joe@manyfish.co.uk> - - Fix SEGV if inflateInit2 fails with Z_MEM_ERROR etc. - - * ne_compress.c (set_zlib_error): New function. - (do_inflate, gz_reader): Use it. - -Wed Jul 23 22:50:50 2003 Joe Orton <joe@manyfish.co.uk> - - Add support for GSS-Negotiate; patch from Risko Gergely and Burjan - Gabor: - - * ne_auth.c [HAVE_GSSAPI]: Include gssapi.h. - (auth_scheme): Add auth_scheme_gssapi. - (auth_session): Add gssapi_token. - (clean_session): Free gssapi_token. - (request_gssapi, get_gss_name, gssapi_challenge): New functions. - (tokenize): Handle challenge with single token. - (auth_challenge): Accept and process a GSS-Negotiate challenge. - (ah_pre_send): Send GSS-Negotiate handshake. - -Wed Jul 23 22:46:28 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c (ne_207_set_response_handlers, - ne_207_set_propstat_handlers): Fix to match declarations (thanks - to Diego Trtara). - -Fri Jun 27 20:30:45 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c [OPENSSL_VERSION_NUMBER < 0x0090700fL]: - Fix build against OpenSSL < 0.9.7. - -Sun Jun 22 23:07:45 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_destroy): Replace unnecessary use of - NE_FREE with ne_free. - (set_hostinfo): Don't free hostport/hostinfo here. - (ne_session_proxy): Free existing proxy hostname here if - necessary. - -Sat Jun 21 12:58:25 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_begin_request): Set or clear is_http11 flag - for each request. - -Wed Jun 18 20:54:44 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Add AI_ADDRCONFIG support; - [USE_CHECK_IPV6]: Define only if __linux__. - (init_ipv6) [USE_CHECK_IPV6]: New conditional. - (ne_addr_resolve) [USE_ADDRCONFIG]: Use AI_ADDRCONFIG. - -Wed Jun 18 20:03:13 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_create): New function (renamed from - create_sock). - (ne_sock_connect): Take an ne_socket *, return int. - (ne_sock_accept): Likewise. - (ne_sock_close): Only call ne_close if fd is non-negative. - - * ne_request.c (aborted): Handle NE_SOCK_* errors specially. - (do_connect): Adapt for ne_sock_create/connect interface. Set - sess->connected here on success. - (open_connection): Don't set sess->connected here. - -Sun Jun 15 12:14:22 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_ssl.h (ne_ssl_cert_digest): Pass digest as a pointer rather - than an array. - -Sun Jun 15 11:00:09 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_cert_cmp): Add stub. - -Wed May 28 21:37:27 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_context_create): Enable workarounds in - OpenSSL for better interop with buggy SSL servers. - -Fri May 23 23:13:30 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_set_clicert): Add stub. - -Sat May 10 17:05:26 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: Rename struct ne_xml_handler to struct handler. - -Thu May 8 20:55:46 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_clicert_read): Pass "b" to fopen. - -Tue May 6 22:08:08 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (check_certificate): Re-order verify failure - handling to allow caller to set a custom session error string. - -Tue May 6 20:21:27 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_md5.c (md5_stream): Restore. - -Sat Apr 26 19:21:03 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (te_hdr_handler): Treat presence of any T-E - response header as implying the response is chunked, regardless of - value. - -Sat Apr 26 18:11:24 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: Rename struct ne_xml_nspace to struct namespace. - -Wed Apr 23 22:19:29 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_cert_export): Don't bother checking for - i2d_X509() failure; no OpenSSL code ever checks, so everyone's - doomed if it really can fail. - -Wed Apr 23 22:01:23 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_cert_import, ne_ssl_cert_export, - ne_ssl_cert_write): Clear OpenSSL error stack on errors. - -Wed Apr 23 18:23:53 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_cert_write, ne_ssl_cert_import, - ne_ssl_cert_export): Add stubs. - -Wed Apr 23 14:05:32 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_cert_write): New function. - -Tue Apr 22 23:21:22 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_unbase64): Optimise out some redundant branches. - -Tue Apr 22 20:24:44 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_cert_export, ne_ssl_cert_import, - ne_ssl_cert_cmp): New functions. - -Tue Apr 22 18:31:55 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_unbase64): New function. - -Tue Apr 22 15:53:41 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_base64): Fix encoding binary data; take unsigned - argument. - -Tue Apr 22 13:07:48 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_cert_validity): Add stub. - -Tue Apr 22 09:22:26 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_cert_validity): New function. - (asn1time_to_string): Format into a fixed-size buffer. - -Tue Apr 22 08:38:30 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (ne_lock_discover, ne_lock): Don't leak the cdata - buffer. - - * ne_props.c (ne_propfind_destroy): Don't leak the value buffer. - -Mon Apr 21 23:52:25 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (ne_xml_destroy): Free root element. - -Mon Apr 21 23:46:17 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (dup_client_cert): Set decrypted state; dup the - friendly name. - (ne_ssl_clicert_free): Free friendly name. - -Mon Apr 21 19:44:55 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_md5.h (ne_md5_buffer, ne_md5_stream): Remove unused - functions. - -Mon Apr 21 18:17:14 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c, ne_207.c: s/NE_ELM_/ELM_/ since no element ids are - exported. - -Mon Apr 21 16:38:14 2003 Joe Orton <joe@manyfish.co.uk> - - Redesign the XML interface: have startelm callback map {nspace, - name} onto a state integer or decline. Remove "valid"/"invalid"; - don't abort the parse if no handler accepts an element. Push - cdata accumulation down into the caller; drop collect mode, - stripws mode. - - * ne_xml.h (ne_xml_elmid, struct ne_xml_elm): Removed. - (ne_xml_startelm_cb): Return a state/acceptance integer, take a - state integer, nspace, name and atts. - (ne_xml_endelm_cb, ne_xml_cdata_cb): Take a state integer. - (ne_xml_push_mixed_handler): Removed. - (ne_xml_push_handler): Removed element list argument. - (struct ne_xml_idmap, ne_xml_mapid): New interface. - - * ne_xml.c (struct element): Replaces ne_xml_state. Add name, - nspace, state fields. - (friendly_name, find_handler, parse_element, - ne_xml_push_mixed_handler, push_handler): Removed functions. - (declare_nspaces, expand_qname): Factored out from find_handler - and parse_element. - (start_element): Use expand_qname, declare_nspaces. Find - appropriate handler here. Guarantee not to pass a NULL atts array - to the start-element callback. Drop collect mode. - (end_element): Drop collect mode - (ne_xml_push_handler): Fold push_handler back in. - (ne_xml_mapid): New function. - - * ne_207.h (NE_ELM_*): Don't export element id. - (NE_207_STATE_PROP, NE_207_STATE_TOP): Export state integers. - - * ne_207.c (struct ne_207_parser_s): Add cdata field. - (map207): Replace element list with idmap array. - (can_handle): New function, replacing check_context logic. - (start_element): Determine new state integer; only accept the - element in valid states. Clear cdata. - (end_element): Use state rather than element id. Do nothing for - end of 'response' element if element is incomplete. - (ne_207_create): Create cdata buffer. - (ne_207_destroy): Destroy cdata buffer. - (ne_207_ignore_unknown): Removed function. - (ne_simple_request): Don't call ne_207_ignore_unknown. - - * ne_props.h (NE_PROPS_STATE_TOP): Define state. - - * ne_props.c (struct ne_propfind_handler_s): Add value and depth - fields. - (ELM_flatprop): Define state. - (flat_elms): Removed array. - (chardata): Append to value field when in ELM_flatprop state. - (startelm): Decline everything other than elements within the - 'prop' state. Collect flatprop contents. - (endelm): Collect flatprop contents. - - * ne_locks.c (struct discover_ctx, struct lock_ctx): Store cdata. - (element_map): Replace element list with idmap array. - (can_accept): Replaces check_context callback. - (ld_startelm, lk_cdata, ld_cdata): New functions. - -Mon Apr 14 00:04:20 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_207.h (ne_207_start_response, ne_207_end_response, - ne_207_start_propstat, ne_207_end_propstat): Use ANSI-style - function pointers in typedefs. - - * ne_207.c (struct ne_207_parser_s): Updated accordingly. - -Mon Apr 14 00:02:10 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Better error messages for - invalid chunks, don't use strncmp for a two-character comparison. - -Mon Apr 7 22:26:50 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_cert_identity): New function. - -Mon Apr 7 22:16:16 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (struct ne_ssl_certificate_s): Add identity field. - (check_identity): Add optional identity argument. - (populate_cert): Retrieve cert identity using check_identity. - (check_certificate): Pass extra NULL to check_identity. - (ne_ssl_cert_identity): New function. - (ne_ssl_cert_free): Free the identity field. - -Mon Apr 7 21:29:54 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (check_identity): Take a string hostname rather - than a session object. - (check_certificate): Adjust accordingly. - -Sun Apr 6 21:26:05 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (NE_HEX2ASC): Cast result to char to avoid warnings - with some compilers. - -Sun Apr 6 20:11:42 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_readable_dname): Include commonName or - emailAddress in returned string if either is the only attribute. - -Sun Mar 30 10:54:20 2003 Joe Orton <joe@manyfish.co.uk> - - Split decryption of client certs into two steps - - * ne_openssl.c (ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt): - New functions. - (ne_ssl_client_cert_s): Add p12 and decrypted fields. - (find_friendly_name): New function. - (get_friendly_name): Removed function. - (ne_ssl_clicert_read): Drop password callback; on decrypt failure, - extract friendly name and set decrypted state of clicert. - -Sun Mar 30 10:54:01 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_clicert_encrypted, ne_ssl_clicert_decrypt): - New stubs. - (ne_ssl_clicert_read): Adjusted for API change. - -Sat Mar 29 14:23:37 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_dname_cmp): New function. - - * ne_stubssl.c (ne_ssl_dname_cmp): New function. - -Sat Mar 29 13:52:47 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (struct ne_ssl_client_cert_s): Add 'friendly_name' - field. - (get_friendly_name, ne_ssl_clicert_name): New functions. - (ne_ssl_clicert_read): Store the cert's friendly name. - - * ne_stubssl.c (ne_ssl_clicert_name): New function. - -Sat Mar 29 13:16:14 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_openssl.c (ne_ssl_clicert_owner): New function. - -Fri Mar 28 22:12:57 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_stubssl.c (ne_ssl_cert_digest): New function. - - * ne_openssl.c (ne_ssl_cert_digest): New function. - -Wed Mar 26 20:41:57 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_ssl_trust_cert) [NEON_SSL]: Only build when SSL - support is present. - -Wed Mar 26 20:01:00 2003 Joe Orton <joe@manyfish.co.uk> - - Begin abstraction of SSL layer to better isolate - SSL-library-specific code, and to improve certificate handling - interface. - - Drop support for PEM-encoded client certificates. - - * ne_session.h (ne_ssl_trust_cert): Replaces ne_ssl_load_ca, in - conjunction with ne_ssl_load_cert. - (ne_ssl_trust_default_ca): Replaces ne_ssl_load_default_ca. - (ne_ssl_keypw_prompt): Removed function, no longer needed. - (ne_ssl_set_clicert): Replaces ne_ssl_load_pkcs12, in conjunction - with ne_ssl_clicert_read. - (ne_ssl_provide_clicert): Replaces ne_ssl_provide_ccert, callback - type changed. - - * ne_openssl.c: New file; much code moved from ne_session.c. - - * ne_privssl.h: New file, private interface between ne_socket.c - and ne_openssl.c. - - * ne_ssl.h: New file. - - * ne_private.h (struct ne_session_s): Store pointers to - ne_ssl_client_cert etc opaque objects, not OpenSSL structures. - - * ne_session.c: Most of ne_ssl_* moved to ne_openssl.c. - (ne_session_create, ne_session_destroy): Use ne_ssl_cert_* etc to - manage cert objects. - - * ne_socket.c (struct ne_socket_s): Replace SSL *, SSL_CTX * - pointers with an ne_ssl_socket * pointer. - (readable_ossl, error_ossl, read_ossl, write_ossl, ne_sock_close): - Compensate for above change. - (ne_sock_use_ssl): Removed function. - (ne_sock_switch_ssl): Pass in SSL * as void for time being. - (ne_sock_connect_ssl): Renamed and cleaned up version of - ne_sock_use_ssl_os. - (ne_sock_sslsock): New function. - - * Makefile.in: Add deps for ne_openssl.c. - -Sun Mar 23 13:02:58 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_set_useragent): Use ne_malloc. - -Sat Mar 22 21:06:45 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (raw_connect): Fill in sin6_family or sin_family - since AIX 4.3 fails to do so. - -Wed Mar 19 20:44:11 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c [NEON_SSL] (free_client_cert): Build conditional on - NEON_SSL. - -Mon Mar 17 20:33:32 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Include netdb.h conditional on HAVE_NETDB_H. (fix - build for older versions of CygWin). - -Sun Mar 16 23:30:20 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_identity): Fix leak of subject alt. name - structures. - -Sun Mar 16 19:21:22 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (free_client_cert): New function. - (ne_session_destroy, ne_ssl_load_pem, ne_ssl_load_pkcs12): Call - it; prevent memory leak if ne_ssl_load_{pem,pkcs12} are called >1 - per session. - -Sun Mar 16 18:00:34 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (provide_client_cert): Free peer certificate after - use. - (ne_session_destroy): Free client cert and key if present. - -Sun Mar 16 14:23:05 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c [HAVE_EXPAT]: Include xmlparse.h for bundled expat - build. - - * ne_utils.c: Only include expat.h if HAVE_XMLPARSE_H is not - defined. - -Wed Mar 12 15:04:13 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (struct redirect): Add 'valid' field. - (post_send): Set and clear 'valid' to keep track of whether stored - URI is valid. - (ne_redirect_location): Return NULL if stored URI is not valid. - -Wed Mar 12 14:52:49 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_free): Zero-initialize structure after - free'ing. - -Tue Mar 11 22:01:11 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (ne_redirect_location): Return NULL if no redirect - session is registered, rather than SEGV; Ralf Mattes - <rm@fabula.de>. - -Sun Mar 9 16:33:24 2003 Joe Orton <joe@manyfish.co.uk> - - Fix a memory leak if an XML parse error occurs during a PROPFIND - response: - - * ne_props.c (ne_propfind_current_private): Return NULL if no - propset is being processed. - (free_propset): Free propset href here. - (end_response): Don't free propset href here. Set current field - of handler to NULL after free'ing propset. - (ne_propfind_destroy): Free current propset if one was being - processed. - -Sun Mar 9 11:53:58 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c (ne_207_destroy): Fix possible leak of reason_phrase - string. - -Sun Mar 9 11:01:15 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_parse_statusline): Use ne_strclean. - - * ne_session.c (ne_get_error): Use ne_strclean. - -Sun Mar 9 10:53:52 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: Remove broken "UTF-8 decoding" support used for libxml - 1.x. - -Sun Mar 9 09:55:26 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: Drop support for expat < 1.95.0 and libxml 1.x. - - * ne_utils.c (version_string): Include expat version string. - -Sun Mar 9 09:54:00 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Don't declare h_errno on Win32 either. - -Sun Mar 9 08:49:40 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (do_concat) [HAVE_STPCPY]: Use stpcpy rather than - strlen/memcpy, when available. - -Mon Mar 3 22:17:04 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c [!USE_GETADDRINFO && !HAVE_DECL_H_ERRNO): Declare - h_errno (fix build on SCO OpenServer 5.0). - -Sat Mar 1 21:22:19 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (free_redirect): Fix once-per-session memory leak. - -Sat Mar 1 20:23:47 2003 Joe Orton <joe@manyfish.co.uk> - - Add implemention of simple memory leak tracking, for testing - purposes. - - * ne_alloc.c [NEON_MEMLEAK] (tracking_malloc, ne_free_ml, - ne_malloc_ml, ne_calloc_ml, ne_realloc_ml, ne_strdup_ml, - ne_strndup_ml, ne_memleak_dump): New functions. - - * memleak.h: New header. - -Sat Mar 1 13:44:26 2003 Joe Orton <joe@manyfish.co.uk> - - First step towards automated memory leak tests. - - * ne_alloc.c (ne_free): New function. - - * All files: replace use of free() with ne_free(). - -Sat Mar 1 09:48:39 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_path_unescape): Fix memory leak on invalid URI. - -Sat Mar 1 08:03:18 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_strclean): New function. - -Wed Feb 26 21:45:12 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_begin_request, proxy_tunnel, open_connection) - [NEON_SSL] Don't build CONNECT tunnel support code if SSL is not - supported. - -Wed Feb 26 21:44:18 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_debug_init): Allow ne_debug_init(NULL, 0) to turn - off debugging. Fix to produce debug output if the any of the - specified "channels" are active, not all. (also fixing - NE_DBG_FLUSH support). - -Tue Feb 25 23:12:31 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (process_footer): Mention number of extra bytes in - error message for oversized footer. - -Sun Feb 23 21:19:20 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (verify_response): Fix to parse nonce count as hex - string rather than decimal; fix verification of >9 responses. - -Thu Feb 13 20:35:45 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_set_useragent): Fix to append "neon/x.y.z" to - application-supplied token rather prepend. - -Thu Feb 13 09:06:22 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (open_connection): Fix for CONNECT tunnelling - (regression since 0.23.x), thanks to Nathan Hand - <Nathan.Hand@defence.gov.au>. - -Mon Feb 3 22:10:54 2003 Joe Orton <joe@manyfish.co.uk> - - Implement Daniel Stenberg's trick to avoid the slow AF_UNSPEC - lookups on Linux: - - * ne_socket.c (init_ipv6, ipv6_disabled): New function and global. - (ne_sock_init): Call init_ipv6. - (ne_addr_resolve) [USE_GETADDRINFO]: Pass AF_INET in hints if - ipv6_disabled is set. - -Mon Feb 3 20:55:47 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c [__hpux && USE_GETADDRINFO]: Undefine - USE_GETADDRINFO to work around broken implementation in HP-UX - 11.11. - -Mon Jan 27 21:39:31 2003 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (write_raw): Fix for handling EINTR during write(), - from Sergey N Ushakov. - -Thu Jan 16 21:59:03 2003 Joe Orton <joe@manyfish.co.uk> - - Allow _init after _finish to succeed: Sergey N Ushakov. - * ne_socket.c (init_result): New global variable. - (ne_sock_init): Use init_result global rather than result. - (ne_sock_finish): Clear init_result. - -Fri Dec 27 17:03:17 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (build_request): Remove redundant call to - ne_buffer_clear. - -Fri Dec 27 14:38:08 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_request_create): strdup the method string. - (ne_request_destroy): free the method. - -Mon Dec 23 17:04:32 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_write, ne_read, ne_close, ne_errno): Renamed - macros from NEON_WRITE, NEON_READ, NEON_CLOSE, NEON_ERRNO. - All callers changed. - -Mon Dec 23 16:58:43 2002 Joe Orton <joe@manyfish.co.uk> - - Add proper Win32 socket error handling, merged efforts of Johan - Lindh and Sergey N Ushakov <ushakov@int.com.ru>: - - * ne_socket.c (ne_errno, NE_ISINTR, NE_ISRESET, NE_ISCLOSED): New - macros. - [WIN32] (print_error): New function. - (set_strerror) [WIN32]: Use print_error. - (readable_raw, read_raw, write_raw): Use new error handling - macros. - (ne_addr_resolve) [WIN32]: Use WSAGetLastError() rather than - h_errno. - (ne_addr_error) [WIN32]: Use print_error. - -Tue Dec 10 21:41:26 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_iaddr_print): Renamed from ne_addr_print for - consistency with other ne_iaddr_ functions. - -Sun Dec 8 20:08:31 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (get_cnonce): Use GetCurrentThreadId() on Win32. - -Sun Nov 24 18:45:32 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c: Remove qop_values and algorithm_names arrays. - (request_digest): Inlined qop, algorithm name lookups accordingly. - -Sun Nov 24 16:45:39 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.h: Renamed ne_request_auth typedef to ne_auth_creds. - - * ne_auth.c (auth_session): Renamed reqcreds, recreds_ud fields to - creds, userdata. - (auth_register, ne_set_proxy_auth, ne_set_server_auth): Update for - ne_request_auth rename. - -Fri Nov 22 17:39:35 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (auth_challenge): Fix support for RFC2617-style digest - auth; notice the qop= parameter in challenge. Fix leak of parsed - qop array. - -Fri Nov 22 17:08:01 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (get_cnonce): Rewrite to use either pseudo-random data - from the SSL library (if available), or really-not-random data - from gettimeofday/getpid otherwise. - -Sun Nov 17 22:13:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_addr_print) [USE_GETADDRINFO]: Use the SACAST() - macro. - -Sun Nov 17 19:29:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_connect): Make address argument const. - (raw_connect): Make address argument const; adjust to use a copy - of the sockaddr structure, which is correct anyway. - (ne_addr_first, ne_addr_next): Make return pointer const. - - * ne_private.h (struct host_info): Store current address as const. - -Sun Nov 17 19:03:01 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_register_progress): Removed function. - - * ne_socket.h (ne_block_reader, ne_progress, - ne_register_progress): Removed. - - * ne_request.c (do_connect): Don't call ne_register_progress. - - * ne_request.h: Add ne_block_reader typedef. - - * ne_session.h: Include sys/types.h; add ne_progress typedef. - -Sun Nov 17 18:59:29 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_iaddr_make, ne_iaddr_cmp, ne_iaddr_free): - New functions. - -Mon Nov 11 19:51:24 2002 Joe Orton <joe@manyfish.co.uk> - - Allow discovery of document encoding. - - * ne_xml.c [HAVE_EXPAT]: (struct ne_xml_parser_s): Add encoding - field. (decl_handler): New function. - (ne_xml_doc_encoding): New function. - -Mon Nov 11 19:48:43 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (sax_handler): Use sax_error for fatal error callback. - -Fri Oct 11 23:50:01 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct ne_session_s): Change 'connected' to be a - simple boolean flag. - - * ne_session.c (ne_close_connection): Treat 'connected' as a - boolean. - - * ne_request.c (open_connection): Greatly simplified. - -Fri Oct 11 00:46:52 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (end_propstat): Fix NULL pointer dereference - if no status object is given. - -Tue Oct 8 20:10:24 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (ne_xml_create) [!HAVE_EXPAT]: Set 'replaceEntities' - flag in created parser so that entities are dereferenced in - attribute values. - -Mon Oct 7 22:08:46 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (init_ssl): Attempt to seed PRNG using EGD socket at - path EGD_PATH or a set of predetermined locations if EGD_PATH is - not defined. No longer try $EGDSOCKET or $HOME/.entropy. - -Mon Oct 7 21:32:33 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (register_hooks): Removed function. - (auth_register): Fold in register_hooks. - -Tue Sep 24 21:24:44 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_request_create): Pass Request-URI to - create_request hooks. - -Tue Sep 24 20:42:45 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c [__hpux]: Define _XOPEN_SOURCE_EXTENDED to 1, to - pick up h_errno definition on HP-UX 10.20. - -Wed Sep 18 21:46:28 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (struct ne_decompress_s): Add zstrinit field. - (gz_reader): Set zstrinit after inflateInit2 succeeds. - (ne_decompress_destroy): Only call inflateEnd if zstrinit is set. - -Wed Sep 18 19:56:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c: Remove incomplete domain support. - -Tue Sep 17 21:05:11 2002 Joe Orton <joe@manyfish.co.uk> - - Fix rejection of server certificates which have commonName as the - least specific attribute. - - * ne_session.c (check_identity): Don't ignore commonName if it is - the least specific attribute. - -Tue Sep 10 21:08:18 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (lookup_host): Destroy cached address if resolve - fails; fix segfault if a second request in the session is - dispatched after the DNS lookup fails on the first. - -Mon Sep 9 22:26:03 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (RETRY_RET): Treat SSL truncation as a legitimate - persistent connection timeout. - -Fri Aug 30 21:58:45 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Clear can_persist flag if an - EOF was read (fix for read-till-EOF response terminated by an - unclean SSL shutdown). - -Mon Aug 26 18:05:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Fix HAVE_LIMITS check (Blair Zajac). - -Sun Aug 25 23:29:06 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (do_connect): Add debug message for connection - attempt. - -Sun Aug 25 22:54:04 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h (ne_addr_print): Make address argument const. - -Sun Aug 25 11:52:32 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_addr_print): New function. - -Sun Aug 25 10:09:10 2002 Joe Orton <joe@manyfish.co.uk> - - Fix interop with Tomcat/3.2 SSL server, which performs an unclean - shutdown on an HTTP/1.0 response without a C-L header. - - * ne_request.c (read_response_block): Ignore SSL connection - truncation for a read-till-EOF response, where no reseponse - content has been read yet. - (ne_read_response_block): Always increase 'total' counter. - -Sun Aug 25 08:47:41 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (aborted): Handle code=0 case specifically, and - NE_SOCK_* as default. - -Sun Aug 25 08:24:48 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h: Add `NE_SOCK_TRUNC' return value. - - * ne_socket.c (error_ossl): Return NE_SOCK_TRUNC when an EOF is - received without a close_notify. - -Sat Aug 24 17:37:14 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h (ne_inet_addr): New type. - (ne_addr_first, ne_addr_next): New public interface. - (ne_sock_connect): Change first parameter to ne_inet_addr. - - * ne_socket.c: Predefine ne_inet_addr for ne_socket.h, replacing - ne_raw_addr. - (ne_addr_first, ne_addr_first): Renamed from addr_first, - addr_next; return type now ne_inet_addr; made public. - (ne_sock_connect): Fold in make_socket() macro; just connect to - single IP address passed in. - - * ne_private.h (struct host_info): Renamed 'addr' to 'address', - dded 'current' field, removed 'resolved' field. - - * ne_request.c (lookup_host): Adjust for addr->address rename. - (ne_begin_request): Call lookup_host if 'address' is NULL in - host_info structure, don't use 'resolved' flag. - (do_connect): Replaces init_socket; factor more code out from - open_connection. Loop over available addresses until an - ne_sock_connect call succeeds. - (open_connection): Moved code into do_connect. - - * ne_session.c (ne_session_destroy): Adjust for addr->address - rename. - -Sat Aug 24 13:45:26 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (count_concat, do_concat): Compact into while() - loops. - -Sat Aug 24 13:36:04 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (VERSION_PRE11): Removed macro. - (struct ne_session_s): Add is_http11 field; removed version_major, - version_minor fields. - - * ne_request.c (add_fixed_headers): Use is_http11 flag rather than - VERSION_PRE11 macro. - (ne_begin_request): Set and use is_http11 flag. - - * ne_session.c (ne_version_pre_http11): Use is_http11 flag. - (ne_session_create): Don't set version_major, version_minor fields. - -Sat Aug 24 09:00:13 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (struct ne_request_s): Removed abs_path field. - (ne_set_request_uri): Removed function. - (ne_request_create): Set req->uri to be the actual Request-URI. - Don't use an absoluteURI in Request-URI if using SSL via a proxy - tunnel, or if passed-in path does not begin with a '/'. - (build_request): Use pre-determined Request-URI. - (proxy_tunnel): Pass true Request-URI to ne_request_create. - (ne_request_destroy): Don't free abs_path. - -Sat Aug 24 00:37:25 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (aborted): Fix handling of _CLOSED and _TIMEOUT - socket errors, and of non-socket errors. Presume ne_sock_error - cannot return NULL. - -Sat Aug 24 00:07:33 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_cookies.c (set_cookie_hdl): Ensure that each cookie field is - safe to free(). - -Fri Aug 23 23:46:58 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (aborted): Close the connection after setting the - session error, otherwise the socket error is lost. - -Fri Aug 23 22:50:30 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_init): Set SIGPIPE disposition before SSL - library initalization, so it happens even if SSL library - initialization fails. - -Fri Aug 23 22:03:26 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c [USE_GETADDRINFO] (make_socket): Pass SOCK_STREAM to - socket() rather than ai_socktype: on RHL6.2, ai_socktype is - returned as zero. - -Wed Aug 21 18:06:36 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Reinstate stdlib.h include. - - * ne_socket.h: Reinstate sys/socket.h include. - -Wed Aug 21 12:58:47 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_addr_resolve): Accept IPv6 addresses enclosed in - square brackets. - -Wed Aug 21 09:37:24 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_parse): Parse literal IPv6 address using the - RFC2732 `[address]' syntax. - -Mon Aug 19 17:18:45 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_addr_error): Override a horribly generic error - message from gai_strerror(). - -Mon Aug 19 16:24:37 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h: Remove netinet/in.h etc includes. - (ne_sock_addr): Add new opaque type. - (ne_addr_resolve, ne_addr_result, ne_addr_error, ne_addr_destroy): - New functions. - (ne_sock_connect): Changes address argument to `ne_sock_addr *'. - (ne_name_lookup): Removed function. - - * ne_socket.c: Added netinet/in.h etc includes. - (ne_sock_addr, ne_raw_addr): Define types. - (make_socket): New macro. - (ne_addr_resolve): Replace ne_name_lookup; store results (multiple - addresses if returned) in returned ne_sock_addr object. Use - getaddrinfo() if available. - (raw_connect, addr_first, addr_next, ne_addr_result, - ne_addr_error, ne_addr_destroy): New functions. - (ne_sock_connect): Re-implement to loop through available - addresses until a connect() succeeds; use make_socket, raw_connect - auxiliaries. - - * ne_private.h (struct host_info): Store an ne_sock_addr pointer. - - * ne_request.c (lookup_host): Use new ne_addr_* interface. - - * ne_session.c (ne_session_destroy): Destroy address objects. - -Mon Aug 19 00:19:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Move prng_seeded inside ifdef NEON_SSL region to - prevent unused variable warning for non-SSL build. - -Sun Aug 18 23:21:21 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (ne_strerror): Return buffer. - -Sun Aug 18 23:17:56 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (set_error): Use ne_strnzcpy. - -Sun Aug 18 23:14:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_strerror): Use ne_strnzcpy. - -Sun Aug 18 23:11:45 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (ne_strnzcpy): New macro. - -Sun Aug 18 22:48:27 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_init): Check directly for SIGPIPE - definition rather than HAVE_SIGPIPE. - -Sun Aug 18 13:49:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (set_hostport): Use %u for printing unsigned int. - -Sun Aug 18 13:47:43 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h (NE_DBG_SSL): New constant. - - * ne_session.c [NEON_SSL] (everywhere): Use NE_DBG_SSL channel for - debugging messages. - -Sun Aug 18 08:17:19 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (match_hostname): Fix to use case-insensitive - string comparison. - -Sun Aug 18 08:10:12 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_identity): Check the commonName if no - alt. names of DNS type were found. - -Sun Aug 18 07:39:35 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_identity): Use the most specific commonName - attribute found, not the first. (for RFC2818 compliance) - -Sun Aug 18 01:54:53 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (match_hostname): Invert return value. - (check_identity): New function; split out commonName check from - check_certificate, check subjectAltName extension instead if - present. - (check_certificate): Use check_identity. - -Sat Aug 17 19:59:21 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_certificate): Extend debugging code to dump - the whole certificate chain, but #if 0 it by default. - -Mon Aug 12 12:04:51 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (aborted): Use NE_FMT_SSIZE_T to print ssize_t - value. - -Mon Aug 12 11:08:35 2002 Joe Orton <joe@manyfish.co.uk> - - Support PRNG seeding via EGD to make SSL work on platforms which - lack /dev/random: - - * ne_socket.c (init_ssl): New function. - (ne_sock_init): Call init_ssl, set prng_seeded global on success. - (ne_sock_use_ssl_os): Fail early if prng_seeded is not set, and - RAND_status returns false. - -Tue Aug 6 07:18:30 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_use_ssl_os): Remove goto-based error - handling. Don't call SSL_shutdown after SSL_connect fails. - -Mon Aug 5 23:18:55 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_ssl_keypw_prompt): Don't set SSL_CTX default - password callbacks, since these are never invoked. Implement - once, stub for !NEON_SSL is no longer needed. - -Mon Aug 5 21:01:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_ssl_load_pem): Pass private key prompt callback - to PEM_read_X509, PEM_read_PrivateKey (patch by Daniel Berlin). - Also handle errors properly; call ERR_get_error() to pop the - errors of the error stack. - -Mon Aug 5 20:15:10 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (provide_client_cert): Increase reference count on - key and certificate, to prevent them being free'd too early. - -Sun Aug 4 22:35:27 2002 Joe Orton <joe@manyfish.co.uk> - - Fix `retry_after_abort' test in request.c: - - * ne_request.c (send_request): Don't use the 'persisted' flag - until after a new connection has been opened, when it may have - been reset. - -Sun Aug 4 17:26:37 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (struct ne_request_s): Remove reqbuf field. - (ne_request_create, ne_request_destroy): Don't (de)allocate reqbuf. - (build_request): Allocate the returned buffer internally. - (ne_begin_request): Destroy the buffer after use. - -Sun Aug 4 15:36:01 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_ssl_load_pem): Close file after use. - -Sun Aug 4 12:55:49 2002 Joe Orton <joe@manyfish.co.uk> - - Factor out EPIPE, ECONNRESET handling from write_raw: - - * ne_socket.c (MAP_ERR): New macro. - (write_raw, error_ossl): Use MAP_ERR. - -Sun Aug 4 12:25:34 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_switch_ssl): New function. - -Sun Aug 4 12:24:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_switch_ssl): New function, really just for - test suite. - -Sat Aug 3 22:11:33 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (ne_forget_auth): Fix segfault if either server or - proxy auth is not in use. - -Sat Aug 3 22:06:32 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (create, post_send, ne_redirect_register, - ne_redirect_location): Updated for new hook interface. - -Sat Aug 3 19:02:33 2002 Joe Orton <joe@manyfish.co.uk> - - Adjustment of hook interface and use: fixing a design flaw causing - a segfault in the auth hooks when two requests are used - concurrently for a single session during a CONNECT tunnel. - - * ne_request.h, ne_session.h: - (ne_get_request_private, ne_get_session_private): Replace - ne_request_hook_private, ne_session_hook_private. - (ne_set_session_private, ne_set_request_private): Replace - ne_hook_session_accessor, ne_hook_request_accessor. - - * ne_request.h (ne_create_request_fn, ne_pre_send_fn, - ne_post_send_fn): Add ne_request pointer as first argument. - (ne_hook_destroy_request): Take ne_destroy_req_fn function. - (ne_hook_destroy_session): Take ne_destroy_sess_fn function. - - * ne_request.c (struct ne_request_s): Renamed `accessor_hooks' - field to `private'. - (get_private): Renamed from call_access; don't invoke function. - (ne_null_accessor): Removed function. - - * ne_auth.c (struct auth_class): Store hook id. - (auth_session): Remove auth_request pointer. - (ah_create): Store auth_request pointer as request-private data. - (ah_pre_send, ah_post_send, ah_destroy): Retrieve auth_request - pointer from request-private data. - (register_hooks, ne_forget_auth): Use - ne_{get,set}_session_private. - - * ne_locks.c (struct lh_req_cookie): New structure. - (struct ne_lock_store_s): Remove submit_locks field. - (lk_create, lk_pre_send, submit_lock, ne_lock_using_resource, - ne_lock_using_parent, lk_destroy): Adjust to use lh_req_cookie - pointer as request-private data. - - * ne_cookies.c (create, pre_send): Adjust for hook prototype - changes. - -Wed Jul 31 23:46:17 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c [NEON_SSL]: Include limits.h for INT_MAX definition. - -Mon Jul 29 20:55:57 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (struct auth_class): New structure; abstracts out - proxy/server generic auth handling more cleanly. - (ah_server_class, ah_proxy_class): Declare variables. - (auth_session): Reference an auth_class structure. - (auth_register): Replaces auth_create. - (ne_set_server_auth, ne_set_proxy_auth): Simplify, use - auth_register. - (everywhere): Reference req_hdr etc via ->spec-> reference. - -Sun Jul 28 12:29:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (proxy_tunnel): Reset 'persisted' flag, so that a - newly tunnelled connection is not treated as persistent. - -Sun Jul 28 12:26:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (CONCAT2, CONCAT3, CONCAT4): Removed macros. - -Thu Jul 25 23:16:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (send_request): Don't clear retry until a - status-line has been read. - -Thu Jul 25 00:03:17 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (basic_challenge, request_basic): Use ne_concat not - the CONCAT? macros. - - * ne_basic.c (ne_mkcol): Use ne_concat not the CONCAT2 macro. - -Wed Jul 24 00:16:39 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (count_concat, do_concat): Factored out from - ne_buffer_concat. - (ne_buffer_concat): Rewrite to use count_concat, do_concat. - (ne_concat): New (resurrected) function. - -Thu Jul 18 21:52:12 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (proxy_tunnel): Don't use server.hostport in - Request-URI; always include `:port' even if default port is used; - fix CONNECT through Inktomi Traffic-Server. - -Thu Jul 18 21:33:43 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (aborted, ne_set_request_body_fd): Use ne_strerror. - - * ne_session.c (ne_ssl_load_pem, ne_ssl_load_pkcs12): Use ne_strerror. - - * ne_basic.c (get_to_fd): Use ne_strerror. - -Thu Jul 18 20:19:30 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_strerror): New function. - - * ne_socket.c (set_strerror): Move portability logic to - ne_strerror; just use that here. - -Thu Jul 18 20:00:46 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (read_raw, write_raw): Don't re-evaluate 'errno', - per Ulrich Drepper's advice. - -Wed Jul 17 23:47:01 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (struct ne_socket_s): Store buffer for error string. - (set_error, set_strerror): New macros. - (everywhere): Use set_error, set_strerror or ne_snprintf to set - the socket error string. - -Wed Jul 17 23:19:18 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_version_match): Fix inverted minor version test. - -Sun Jul 14 20:13:59 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.h (ne_uri): Store port as unsigned. - - * ne_uri.c (ne_uri_defaultport): Return unsigned int, and zero for - undefined port. - -Sun Jul 14 20:07:35 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_proxy): Take port parameter as unsigned - int, as per ne_session_create. - -Sun Jul 14 20:03:21 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (strip_eol): Take ssize_t 'len' parameter. - (read_message_header): Use ssize_t for 'n'. - -Sun Jul 14 12:45:40 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_use_ssl_os): Unconditionally enable - SSL_MODE_AUTO_RETRY now OpenSSL 0.9.6 is required. - -Sun Jul 14 12:15:40 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h (NE_XML_MEDIA_TYPE): New definition. - - * ne_acl.c (ne_acl_set), - * ne_props.c (ne_proppatch, propfind): Use NE_XML_MEDIA_TYPE, - rather than hard-coding the incorrect "text/xml" media type. - -Sun Jul 14 10:53:33 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_version_match): Replace ne_version_minimum. - -Sat Jul 13 11:40:37 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_negotiate_ssl): Include socket error string in - session error if SSL negotiation fails. - -Sat Jul 13 11:27:50 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (error_ossl): New function. - (ERROR_SSL_STRING): Removed macro. - (CAST2INT): New macro; safety harness for OpenSSL compatibility. - (read_ossl, write_ossl): Use error_ossl, CAST2INT. - (ne_sock_use_ssl_os): Use error_ssl. - -Sat Jul 13 11:16:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Define ECONNRESET as WSAECONNRESET on Win32. - -Sat Jul 13 10:10:03 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct ne_session_s): Replace 'reqcount' with - 'persisted' flag. - - * ne_request.c (ne_end_request): Set 'persisted' flag if - connection is left open. - (send_request): Adjust to allow retry if 'persisted' flag is set. - (init_socket): Clear 'persisted' flag here... - (open_connection): ... rather than here. - -Wed Jul 10 22:51:39 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (RETRY_RET): Retry on an NE_SOCK_RESET too. - (send_request): Fix to only retry if not on the first request on a - connection (close_not_retried test). - -Sun Jul 7 20:49:09 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h: Add NE_SOCK_RESET return value; improve comments. - - * ne_socket.c (read_raw, write_raw): Return NE_SOCK_RESET if an - ECONNRESET error is received when reading or writing. - -Sat Jul 6 13:30:15 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_status_line, discard_headers): New functions, - split out from send_request. - (send_request_body): Move debugging here from send_request. - (RETRY_RET): Renamed from CAN_RETRY. - (send_request): Simplify: remove complex 100-continue graceful - failure logic; use read_status_line, discard_headers, RETRY_RET. - Fix to only send request body once (expect_100_once test case). - Fix to not return NE_RETRY if reading status-line other than the - first fails (fail_eof_continued test case). - -Fri Jul 5 21:47:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (build_request): Fix from previous commit: clear - the buffer before building the request. - -Fri Jul 5 21:00:20 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (build_request): Fold Host header and Request-Line - into single ne_buffer_concat call. Don't set req->use_expect100 - here. Fold an if/else into an ?:. Optimise to use - ne_buffer_append to add 100-continue, user-supplied headers, and - trailing EOL, since they all have known lengths. - (send_request): Take request data as argument. - (ne_begin_request): Call build_request here; pass to send_request. - Move Expect100 logic here. - -Fri Jul 5 17:12:56 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_read_file): Removed function. - -Fri Jul 5 17:10:11 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (process_footer): Take unsigned char buffer. - Store calculated CRC in a uLong. - (do_inflate, gz_reader): Cast buffers to unsigned char for - strict compatibility with zlib interface. - -Wed Jul 3 19:21:17 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (struct ne_request_s): Use a fixed char array for - respbuf field. - (ne_request_create, ne_request_destroy): Don't allocate respbuf - dynamically. - (send_request): Move 'buffer' to appropriate scope. - (ne_request_dispatch): Remove 'buffer'; read into respbuf. - -Tue Jul 2 08:35:05 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (proxy_tunnel): Remove redundant sess->connected - assignment. - -Sun Jun 30 21:04:50 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_begin_request): Only set host->resolved if - lookup is successful. - -Sun Jun 30 18:25:51 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (SOCK_ERR): New macro. - (struct ne_request_s): Remove 'forced_close' field. - (aborted): Renamed from set_sockerr; also closes connection and - prints message in debug log. - (send_request_body): Don't use set_sockerr or set forced_close. - (read_response_block, read_message_header): Use SOCK_ERR; adjust - to use aborted(). - (ne_read_response_block, read_response_headers): Don't set - forced_close. - (CAN_RETRY): New macro. - (send_request): Adjust to use CAN_RETRY(); use aborted() to make - sure connection is closed in error cases. - (ne_begin_request): Don't close connection here in error cases; - don't use forced_close. - (open_connection): Adjust to use aborted() not set_sockerr(). - -Sun Jun 30 17:26:41 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_close_connection): Clarify debug messages. - -Sun Jun 30 14:36:11 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Fail on chunk size lines - which contain no valid chunk size digits. - -Sun Jun 30 12:35:35 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_negotiate_ssl): Use ne_get_session rather - than req->session. - - * ne_request.c (struct header_handler, struct body_reader, - struct ne_request_s): Moved from ne_private.h. - -Sun Jun 30 12:13:58 2002 Joe Orton <joe@manyfish.co.uk> - - Cleanup of response handling: - - * ne_private.h (struct ne_response): Replace 'is_chunked' field with - 'mode' enum. - - * ne_request.c (te_hdr_handler): Set mode. - (connection_hdr_handler): Reset can_persist for 'close'. - (clength_hdr_handler): New function. - (ne_request_create): Use clength_hdr_handler to parse Content-Length - header. - (read_response_block, ne_read_response_block): Adapt for 'mode' enum; - simplify. - (normalize_response_length): Removed function. - (ne_begin_request): Fold in normalize_response_length logic. - (ne_end_request): Simplify logic. - -Sun Jun 30 11:08:26 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c: Remove X509_NAME workaround in favour of a - neon.mak change. - -Tue Jun 25 23:14:34 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c: Undefine X509_NAME if it is defined (by a Windows - header). - -Tue Jun 25 22:51:15 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c: Rename READ_BUFFER to RDBUFSIZ. - -Tue Jun 25 21:07:13 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct host_info): Store port as unsigned int. - - * ne_session.c (set_hostport, set_hostinfo, ne_session_create): - Take port argument as unsigned int. - - * ne_socket.c (ne_sock_connect): Take port argument as unsigned - int. - -Tue Jun 25 20:59:14 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h [__GNUCC__] (NE_DEBUG): Remove implementation using - GNU C extensions. - -Sun Jun 23 22:47:52 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (set_request_uri): Renamed from ne_set_request_uri; - made static. - (ne_request_create): Update accordingly. - - * ne_private.h (ne_set_request_uri): Removed prototype. - -Sun Jun 23 15:40:57 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (send_request, ne_request_destroy): Free - reason_phrase now it is malloc-allocated. - -Sun Jun 23 14:59:04 2002 Joe Orton <joe@manyfish.co.uk> - - Simplify given loss of const qualifier on ne_status.reason_phrase: - - * ne_props.c (struct propstat): Remove r_phrase field. - (end_propstat, free_propset): Use status.reason_phrase not - r_phrase field. - -Sun Jun 23 14:42:22 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_207.h (ne_207_end_response, ne_207_end_propstat): Remove - status_line parameter from callbacks. - - * ne_207.c (struct ne_207_parser_s): Remove status_line field. - (end_element): Don't store status_line. - (handle_error): Drop status_line argument, recreate dummy status - line from status object. - (end_response, end_propstat): Drop status_line arguments. - - * ne_props.c (end_propstat, end_response): Drop status_line - arguments. - -Sun Jun 23 14:39:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h (ne_status): Remove const qualifier from - 'reason_phrase' field. - - * ne_utils.c (ne_parse_statusline): strdup the reason_phrase on - successful return. - -Sun Jun 23 11:39:24 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (struct ne_decompress_s): Replace footer union - with buffer. - (BUF2UINT): New macro. - (process_footer): Convert footer to integer in a portable manner, - using BUF2UINT. - -Sun Jun 23 09:05:25 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (ne_decompress_s): Use unsigned int for 32-bit - integers, not uLong (fix for 64-bit platforms). - -Wed Jun 19 18:46:40 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_destroy): Don't leak the proxy - hostname. - -Sun Jun 16 14:09:31 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Use NE_FMT_SSIZE_T rather - than %d, cast field precision argument to int. - (ne_pull_request_body): Use ssize_t for store callback return - value, use NE_FMT_SSIZE_T rather than %d, cast field precision - argument to int. - -Sun Jun 16 12:15:19 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_negotiate_ssl): Don't leak peer certificate in - error cases. Fix spelling mistake in error message. - -Sun Jun 16 11:23:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (open_connection): When SSL negotation fails after - doing CONNECT request, use ne_close_connection so that - sess->connection is reset to 0, and ne_sock_close isn't called - twice for the socket. - -Wed Jun 12 23:22:20 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (ne_proppatch): Add missing call to - ne_lock_using_resource. - -Mon Jun 10 20:45:27 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (verify_response): Remove redundant prototype, fix - sscanf format string to use signed integer. - -Mon Jun 10 20:13:57 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (do_inflate): Continue calling inflate() whilst - unconsumed input remains: fix from Justin Erenkrantz - <jerenkrantz@apache.org>. - -Mon Jun 10 19:53:59 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_readline): If a complete line is found in - the buffer, avoid the memmove() and simply copy the line directly - out of the buffer. - -Sun Jun 9 11:39:20 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (post_send): Perform simple relative URI - resolution. - -Tue Jun 4 16:51:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_path_parent): Simplify. - -Mon Jun 3 17:50:27 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_cookies.c (set_cookie_hdl): Avoid free'ing cookie name/value, - thanks to Dan Mullen. - -Mon Jun 3 17:45:33 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_base64): Use size_t for outlen. - -Mon Jun 3 17:42:34 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h, ne_socket.h [WIN32]: Move ssize_t definition to - ne_socket.h. - -Mon Jun 3 17:27:21 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Use correct types for - passing to/from ne_sock_*. - -Mon Jun 3 11:32:20 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (ne_decompress_destroy): Don't fail if response - reader callback is never invoked. - -Sun Jun 2 12:51:35 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (read_ossl, read_raw): Call readable_{ossl,raw} - function here. - (ne_sock_read, ne_sock_peek, ne_sock_readline): Remove explicit - calls to ops->readable before ops->read. - -Thu May 30 22:00:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (ne_sock_readline): Optimise to use socket read - buffer directly, and use ->read (and ->readable) functions. - -Tue May 28 17:00:34 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_destroy): Don't free proxy.hostport, - since it's no longer set. - -Sun May 26 19:11:46 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: #error if no expat header is configured; flatten - nested #if's, include libxml/xmlversion.h if present. - -Sun May 26 19:09:04 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c: Include libxml/xmlversion.h if present. - -Sun May 26 11:55:30 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (set_hostport): Renamed from get_hostport: set - host_info field directly; take defaultport argument. - (set_hostinfo): Don't use get_hostport. - (ne_session_create): Use set_hostinfo and set_hostport; pass - in default port correctly for http:/https:. - -Thu May 23 19:44:44 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (resolve_nspace): Split out from parse_element. - (ne_xml_get_attr): Take parser object, and optional - namespace; resolve the namespace if necessary. - (parse_element): Use resolve_nspace. - - * ne_props.c (startelm): Use new ne_xml_get_attr interface. - -Wed May 22 22:29:05 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c: Renamed HAVE_TM_GMTOFF to HAVE_STRUCT_TM_TM_GMTOFF - from use of AC_CHECK_MEMBERS. - -Tue May 21 21:21:31 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (ne_redirect_register): Drop confirm, notify, - userdata arguments. - (struct redirect): Drop most fields; add a uri structure. - (auto_redirect): Removed function. - (post_send): Remove functionality which retries a request with a - different URI to automatically follow redirects. Qualify the URI - if non-absolute. - (create): Remove now redundant code. - (ne_redirect_location): Return an ne_uri object. - -Sun May 19 18:53:22 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_set_useragent): Use strcat/malloc/strcpy - directly, rather than CONCAT2; allow compiler optimisations. - (AGENT): Renamed from NEON_USERAGENT, append space. - -Sun May 19 17:31:43 2002 Joe Orton <joe@manyfish.co.uk> - - Move everything exported by ne_socket.h into ne_*/NE_* namespace; - purge inappropriate and unused interfaces. Renaming done by Olof - Oberg. - - * ne_socket.h: - - (SOCK_FULL): Removed constant. - (sock_call_progress, sock_transfer, sock_sendline, - sock_send_string, sock_readfile_blocked): Removed functions. - - (NE_SOCK_ERROR, NE_SOCK_TIMEOUT, NE_SOCK_CLOSED): - Renamed constants. - - (ne_progress, ne_block_reader): Renamed types. - - (ne_register_progress, ne_sock_init, ne_sock_exit, ne_sock_read, - ne_sock_peek, ne_sock_block, ne_sock_fullwrite, ne_sock_readline, - ne_sock_connect, ne_sock_accept, ne_sock_fd, ne_sock_error, - ne_sock_read_timeout, ne_name_lookup, ne_service_lookup, - ne_sock_use_ssl, ne_sock_use_ssl_os): Renamed functions. - - * ne_private.h, ne_request.c, ne_session.c: Update accordingly. - - * ne_request.c (build_request): Return the ne_buffer pointer. - (send_request): Remove redundant strlen(), use known buffer - length. - - * ne_request.h: Drop ne_block_reader definition. - -Sun May 19 13:32:12 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_get_session, ne_get_request): Take const - request pointer. - -Sun May 19 13:21:17 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_buffer_ncreate): Renamed from - ne_buffer_create_sized. - - * ne_session.c (check_certificate, provide_client_cert): Update - accordingly. - - * ne_request.c (ne_request_create): Update accordingly. - -Sun May 19 13:12:14 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_token): Drop quotes parameter. - (ne_qtoken): Split out from ne_token. - - * ne_basic.c (dav_hdr_handler, ne_content_type_handler): Use - ne_qtoken. - - * ne_compress.c (find_token): Removed function. - (gz_reader): Compare header value directly against "gzip", - remove a stale comment. - -Sun May 19 09:45:28 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h (sock_fullread): Return ssize_t; takes buflen as - size_t. - (sock_read, sock_peek): Fix prototypes to match actual definition. - - * ne_socket.c (write_raw): Return ssize_t. - -Sat May 18 14:53:45 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (ne_buffer): Remove separate struct ne_buffer_s - definition. - - * ne_string.c (ne_buffer_create_sized): Don't use struct - ne_buffer_s. - -Sun May 12 11:33:02 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_base64): Moved from base64.c. - - * base64.c, base64.h: Removed files. - - * Makefile.in: Updated accordingly. - - * ne_auth.c: Don't include base64.h. - -Sun May 12 11:26:05 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (ne_utf8_decode, ne_utf8_encode): Removed functions. - -Sat May 11 15:42:24 2002 Joe Orton <joe@manyfish.co.uk> - - As part of patch from Olof Oberg <mill@pedgr571.sn.umu.se>: - - * ne_request.h (ne_destroy_fn): Renamed from typo'ed - ne_destory_fn. - - * ne_request.c (ne_request_destroy, ne_hook_destroy_request, - ne_hook_destroy_session): Update accordingly. - - * ne_session.c (ne_session_destroy): Update accordingly. - -Thu May 9 21:44:15 2002 Joe Orton <joe@manyfish.co.uk> - - Major improvements to socket layer to incorporate socket read - buffering and rewrite sock_readline, and add an abstraction layer - to simplify SSL support. Grunt work by Jeff Johnson - <jbj@redhat.com> - - * ne_socket.c (struct iofns): New type. - (struct nsocket_s): Store 'ops' pointer to I/O functions in use - for the socket. Add buffer, bufpos, bufavail fields for read - buffering. - (sock_block, sock_read, sock_peek): Reimplement to add read - buffer, simplify to use I/O functions abstraction. - (readable_raw, read_raw, write_raw, readable_ossl, read_ossl, - write_ossl): Factored out from sock_read/fullwrite, avoiding - in-lined ifdefs. - (sock_fullwrite): Just use ops->write. - (sock_readline): Simplify greatly to exploit read-buffering, return - ssize_t. - (sock_fullread): Simplify, removing unnecessary local variables, - return ssize_t. - (create_sock, sock_enable_ssl_os): Set ops pointer. - -Wed May 8 11:54:48 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_name_lookup): Avoid casts; use INADDR_NONE. - [!INADDR_NONE]: Define to (unsigned long) -1. - -Wed May 1 22:19:18 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.h (ne_lock): Document that ->token and ->owner fields - must be malloc-allocated if non-NULL. - -Wed May 1 22:15:41 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (get_ltoken_hdr): New function. - (ne_lock): Correctly parse Coded-URL from Lock-Token response - header. - -Wed May 1 22:03:08 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c (post_send): Adjust for ne_uri_parse handling of - unspecified port. - -Wed May 1 22:00:50 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (provide_client_cert): Fail if peer certificate not - known when client cert requested. - -Wed May 1 21:58:35 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.h (ne_ssl_provide_fn): Adjust callback typedef to - return void. - -Wed May 1 21:52:40 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.h: Remove NE_SERVERAUTH and NE_AUTHPROXY; fix - NE_PROXYAUTH description. - -Wed May 1 21:32:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_parse): For consistency, port field is 0 if - unspecified. - -Tue Apr 30 10:05:48 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (shave_string): Removed function. - -Tue Apr 23 21:19:53 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (start_propstat, startelm): Use ne_realloc not - realloc (thanks to Jeff Johnson). - -Tue Apr 23 20:55:56 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: Include parser.h or libxml/parser.h, depending on - which is found. - -Mon Apr 15 00:37:43 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (build_request, send_request): Simplify logic. - -Sun Apr 14 16:59:50 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c: Remove unused accidental 'propstat' global. - (struct propstat): Add r_phrase field. - (end_propstat): Dup the reason_phrase string. - (free_propset): Free the reason_phrase. Avoid another possible - free(NULL) call. - -Sun Apr 14 12:00:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_content_type_handler): For text/* media types, - use default charset of ISO-8859-1. - -Sat Apr 13 23:11:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h: Include trio.h if NEON_TRIO is defined. - -Sun Apr 7 17:38:14 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_headers): Don't zero-initialize hdr. - -Sun Apr 7 17:15:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_headers): Ignore whitespace between - header name and colon, simplify logic a little. - -Sun Apr 7 14:09:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_ssl_readable_dname): New function. - -Sun Apr 7 12:32:25 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_buffer_destroy): Remove redundant check for data - pointer being NULL. - -Wed Apr 3 19:44:59 2002 Joe Orton <joe@manyfish.co.uk> - - Optimisation/simplification of header name hashing. - - * ne_request.c (hash_and_lower): Renamed from hdr_hash; convert - string to lower-case in-place too. - (lower_string): Removed function. - (ne_add_response_header_handler): Use hash_and_lower rather than - lower_string. - (HH_ITERATE): Change parameter name to 'ch'. - -Fri Mar 29 23:00:57 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_parse): Minor optimisation. - -Mon Mar 25 21:45:36 2002 Joe Orton <joe@manyfish.co.uk> - - Pass a lock context around during LOCK processing; search for the - correct <activelock> element in the response body. - - * ne_locks.c (ne_lock_create): Don't take a path argument. - (ne_unlock): Constify lock parameter. - (discover_results): Don't parse out href here... - (ld_create): do it here instead; renamed from create_private. - (lk_startelm): New function. - (lk_endelm): Renamed from end_element_lock. - (ne_lock): Require a Lock-Token response header; pass lock context - to callbacks. Copy lock back out. - -Mon Mar 25 21:35:42 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.h (NE_SSL_FAILMASK): New constant. - (NE_SSL_*): Shift right one bit. - -Mon Mar 25 21:21:18 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_close_connection): Return void. - -Mon Mar 25 20:09:33 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (free_propset): Avoid free(NULL). - -Mon Mar 11 19:59:04 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (ne_lock_using_parent): Iterate over the lock list by - hand: check for infinite depth locks with cover the parent too - (fixing if_covered_child test). - -Mon Mar 11 19:25:44 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_request_dispatch): Move variable to scope in - which is is used. - -Sun Mar 10 22:04:58 2002 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (NEON_BASEOBJS): Always build ne_compress.o. - -Sun Mar 10 22:01:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c [!NEON_ZLIB] (ne_decompress_reader, - ne_decompress_destroy): Add stubs. - -Sun Mar 10 21:42:11 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (struct discover_ctx): Store an ne_session pointer. - (discover_results): If lock URI is not an absoluteURI, qualify it - using the server host/port/scheme from the session. Don't leak - the lock object. - (create_private): Simplify, use ne_lock_create. - -Thu Mar 7 20:08:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_defaultport): Fix default port number for https - scheme. - -Wed Mar 6 21:22:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (lk_pre_send): Use an absoluteURI in the If: header. - -Wed Mar 6 21:15:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_unparse): New function. - -Tue Mar 5 22:57:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_cmp): Compare hostnames and schemes - case-insensitively, and compare empty abspath and "/" as - equivalent, as per RFC 2616. - -Tue Mar 5 20:53:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (ne_uri_defaultport): New function. - -Mon Mar 4 21:10:29 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.h (ne_uri): Renamed from struct uri. - - * ne_uri.c (ne_path_parent): Renamed from uri_parent. - (ne_path_has_trailing_slash): Renamed from uri_has_trailing_slash. - (uri_abspath, uri_absolute): Removed. - (ne_uri_parse): Renamed from uri_parse, don't take a 'defaults' - parameter. - (ne_uri_free): Renamed from uri_free. - (ne_path_unescape): Renamed from uri_unescape. - (ne_path_escape): Renamed from uri_abspath_escape. - (ne_uri_cmp): Renamed from uri_cmp. - (ne_path_compare): Renamed from uri_compare. - (ne_path_childof): Renamed from uri_childof. - - * ne_basic.c, ne_locks.c, ne_uri.c, ne_redirect.c, ne_session.c, - ne_session.h: all callers changed. - -Mon Mar 4 01:03:23 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (strip_eol): Fix potential segfault. - -Mon Mar 4 00:38:10 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (insert_lock): New function. - (ne_lockstore_add, submit_lock): use insert_lock. - -Mon Mar 4 00:33:39 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (ne_lockstore_remove): Free list item. - -Mon Mar 4 00:31:08 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (free_list): Really destroy the lock. - (ne_lock_free): Don't free the lock object itself. - -Mon Mar 4 00:17:18 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_request_destroy): Free accessor hook list. - -Sun Mar 3 20:35:09 2002 Joe Orton <joe@manyfish.co.uk> - - Changes to lock interface; replacing "lock session" with a lock - store, which can be registered with an ne_session. Lock objects - now store URI as complete URI structure. - - * ne_locks.h (struct ne_lock): Store URI as complete URI - structure. Remove next/prev fields. - (ne_lock_store): New type. - - * ne_locks.c (struct lock_list): New type. - (struct ne_lock_store_s): Replaces ne_lock_session_s; store - lock_list pointers for stored locks, cursor, and locks to - submit. - (ne_lock_create): New function. - (lk_create): Renamed from create. - (lk_pre_send): Renamed from pre_send; adjust for lock list - type and to use URI path. - (free_list): New function; split out from old 'destroy'. - (lk_destroy): Renamed from destroy; use free_list. - (ne_lockstore_create, ne_lockstore_destroy, - ne_lockstore_first, ne_lockstore_next): New functions. - (ne_lockstore_register): Most of old ne_lock_register. - (submit_lock): Adjusted for lock_list type. - (ne_lockstore_findbyuri): Renamed from ne_lock_find; use - full URI structure. - (ne_lock_using_resource, ne_lock_using_parent): Adjusted - for lock_list/full URI changes. - (ne_lock_iterate): Removed function. - (ne_lockstore_add, ne_lockstore_remove): Renamed from - ne_lock_add, ne_lock_copy; adjusted for lock_list/full URI. - (ne_lock_copy): Adjusted for full URI. - (ne_lock_create, ne_lock_destroy): New function. - (ne_lock, ne_lock_refresh, ne_unlock): Adjusted for full URI. - -Sun Mar 3 15:23:40 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c (uri_cmp): New function. - -Sun Mar 3 11:01:30 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_fill_server_uri): New function. - -Mon Feb 25 21:25:27 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (version_string): Add zlib version. - -Mon Feb 25 20:49:07 2002 Joe Orton <joe@manyfish.co.uk> - - * (everywhere): Replace use of snprintf, vsnprintf with - ne_snprintf, ne_vsnprintf so that trio replacements are used when - appropriate. - - * ne_dates.h: Pick up ne_utils.h for ne_{v,}snprintf defines. - -Sun Feb 24 11:23:05 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h: Define ne_snprintf, ne_vsnprintf for trio or - non-trio builds. - -Sun Feb 24 11:20:42 2002 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (check-incl): Add target to check that each header - file can be included standalone. - -Sun Feb 24 11:17:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h: Add missing sys/types.h include. - -Sun Feb 24 11:12:22 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h: Remove HTTP_QUOTES, HTTP_WHITESPACE globals. - - * ne_cookies.c (set_cookie_hdl): Don't use HTTP_QUOTES, - HTTP_WHITESPACE globals. - -Wed Feb 20 19:32:48 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (set_sockerr, ne_set_request_body_fd, - send_request): Use ne_set_error rather than accessing session - error directly. - -Tue Feb 19 21:34:59 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (version_string) [NEON_SOCKS]: Mention SOCKSv5 - support. - - * ne_socket.c (sock_init) [NEON_SOCKS]: Call SOCKSinit. - -Tue Feb 19 19:21:07 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (open_connection): Remove notify_status call - duplicated with ne_negotiate_ssl. - -Tue Feb 19 19:16:44 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_get_version): Removed function. - -Tue Feb 19 19:12:52 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_ssl_provide_ccert): Moved outside ifdef - NEON_SSL. - [!NEON_SSL] (ne_ssl_load_pem, ne_ssl_load_pkcs12, - ne_ssl_keypw_prompt): Added stubs. - -Sun Feb 17 21:15:34 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_create, ne_session_destroy): Only use - the SSL context is SSL is being used for the session. - -Sun Feb 17 20:19:05 2002 Joe Orton <joe@manyfish.co.uk> - - Add back client certificate support, much improved. - - * ne_private.h (struct ne_session_s): Add client cert/key fields, - provider, privkey password callbacks. - - * ne_socket.c (sock_init): Call PKCS12_PBE_add. - (sock_enable_ssl_os): Add optional 'appdata' argument. - (sock_enable_ssl): Adjust accordingly. - - * ne_session.c (provide_client_cert, privkey_prompt, - ne_ssl_keypw_prompt, ne_ssl_load_pkcs12, ne_ssl_load_pem, - ne_ssl_provide_ccert): New functions. - (ne_negotiate_ssl): Pass session as appdata to sock_enable_ssl_os. - -Sun Feb 17 12:32:34 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (make_dname): New function. - (check_certificate): Use make_dname. - -Sun Feb 17 11:29:10 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (struct get_context): Remove unused 'progress' field, - add 'session' field. - (get_to_fd, content_range_hdr_handler, clength_hdr_handler): Set - session error directly. - (clength_hdr_handler): Also fix check for expected range. - (everywhere): Initialize session field, don't set session error; - use NE_FMT_OFF_T to print off_t's rather than casting to long int. - -Sat Feb 16 23:24:10 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h (NE_XML_STRIPWS): New element flag. - - * ne_xml.c (start_element): Clear cdata buffer if not in mixed - mode. (char_data): Only strip leading whitespace if - NE_XML_STRIPWS is set for the element. - -Sat Feb 16 14:52:59 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (enum state): New state NE_Z_AFTER_DATA. - (struct ne_decompress_s): Add fields for storing and parsing - stream footer; add checksum field for storing current crc. - (process_footer): New function. - (do_inflate): Compute checksum. Switch to AFTER_DATA state and - process footer after reading DEFLATE data. - (gz_reader): Fail on trailing content. Handle AFTER_DATA state. - (ne_decompress_destroy): Return error if final state was not - PASSTHROUGH, or FINISHED. - (ne_decompress_reader): Initialize crc. - -Sat Feb 16 14:26:54 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (ne_decompress_destroy): Fix potential segfault - with use-after-free. - -Thu Feb 14 16:50:40 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_headers): Ignore header lines - without a ':', rather than failing the request. - -Tue Feb 12 20:17:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_response_block): Read chunk size as unsigned - using strtoul; check that it fits within an unsigned int (and - hence, probably a size_t). - -Tue Feb 12 20:15:13 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (STRIP_EOL): Removed macro. - -Mon Feb 11 22:11:03 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (match_hostname): Match fully-qualified hostnames - against commonName with leading "*." wildcard. - -Mon Feb 11 20:47:28 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (match_hostname): New function. - (check_certificate): Use it. - -Sun Feb 10 00:50:49 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (lookup_host): Set error string on lookup failure. - -Sun Feb 10 00:34:42 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (strip_eol): New function; more efficient - STRIP_EOL. - (send_request): Use strip_eol. - (read_message_header): Use strip_eol, simplify, remove redundant - variables. - -Sat Feb 9 21:02:31 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_set_error): Drop STRIP_EOL call. - -Sat Feb 9 21:01:01 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_set_error): Take printf-style format string + - varargs list. - -Sat Feb 9 16:15:09 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h (SOCKET_READ_TIMEOUT): Moved to ne_socket.c. - - * ne_socket.c (struct nsocket_s): Add rdtimeout field. - (create_sock): Initialize rdtimeout to SOCKET_READ_TIMEOUT. - (sock_read, sock_recv): Use ->rdtimeout field for read timeout. - (sock_set_read_timeout): New function. - - * ne_private.h (struct ne_session_s): Add rdtimeout field. - - * ne_session.c (ne_set_read_timeout): New function. - - * ne_request.c (init_socket): New function. - (open_connection): Use init_socket. - -Sat Feb 9 15:11:59 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_destroy): Don't leak the server cert. - -Sat Feb 9 09:59:11 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_certificate): Only call verification - callback once per certificate; watch for the server cert - changing and fail if it does. - -Wed Feb 6 20:28:27 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_certificate): Only call verification - callback if failures is non-zero. - (ne_ssl_load_ca): Renamed from ne_ssl_add_ca. - (ne_ssl_load_default_ca): New function. - -Wed Feb 6 20:21:29 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_init): Cache and return result of - initialization. - -Wed Feb 6 01:12:20 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_certificate): Ignore cert validity errors - from OpenSSL since these are duplicated. - -Wed Feb 6 01:08:57 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_negotiate_ssl): Fix for invalidating cached - SSL_SESSION. - -Wed Feb 6 01:03:37 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c [!NEON_SSL] (STUB): New function. - (ne_negotiate_ssl, ne_ssl_add_ca): Implement using STUB. - -Tue Feb 5 19:56:43 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.h (ne_ssl_certificate): New type. - - * ne_session.c (ne_session_create) [NEON_SSL]: Create the SSL_CTX - structure. - (ne_ssl_get_context): Return the SSL_CTX rather than setting it. - (ne_session_destroy): Free the SSL_CTX. - - (asn1time_to_string): Function moved in from sslcerts.c. - (check_certificate): Use OpenSSL's internal validity result. - Pass back an ne_ssl_certificate to the verification function; - including validity dates. - (ne_ssl_add_ca): New function, registers CA certs. - -Sat Feb 2 14:05:26 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_enable_ssl_os): Take an optional SSL_SESSION - argument. - - * ne_private.h (struct ne_session_s): Add an SSL_SESSION field. - - * ne_session.c (ne_negotiate_ssl): Pass stored SSL session to - sock_enable_ssl_os, cache session after successful negotiation. - (ne_session_destroy): Free cached session. - -Sat Feb 2 10:45:46 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c, ne_utils.c: Globally replace ENABLE_SSL cpp symbol - with NEON_SSL. - -Sat Feb 2 09:43:27 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (check_certificate): Use 1K on-stack buffer. - -Sat Feb 2 08:27:08 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct host_info): Add 'resolved' flag. - (struct ne_session_s): Add scheme field, rename have_proxy to - use_proxy, remove proxy_decider. - (struct ne_request_s): Remove use_proxy field. - - * ne_request.c (set_sockerr, ne_set_request_uri, build_request, - open_connection): Use session->use_proxy field to determine - whether proxy is used. - (ne_request_create): Drop use of proxy_decider callback. - (lookup_host): Moved here from ne_session.c. - (ne_begin_request): Lookup server/proxy hostname if not already - resolved. - - * ne_session.c (ne_session_create): Moved within file; takes - scheme, and server hostname, port as arguments. - (ne_ssl_enable, ne_session_decide_proxy, ne_session_server): - Removed functions. - (ne_get_scheme): Simply return scheme field. - -Fri Feb 1 23:12:38 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (add_fixed_headers): Remove last traces of TLS - upgrade support. - -Thu Jan 31 20:50:12 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct ne_session_s): Rename use_secure to - use_ssl; removed nssl_context, added SSL_CTX, server cert, verify - callback pointers. - - * ne_request.c (send_request): Remove support for TLS upgrade. - (open_connection): Use ne_negotiate_ssl; close socket properly if - negotiation fails. - - * ne_session.c (ne_session_destroy): Free SSL_CTX stored in - session. - (ne_ssl_set_context, ne_ssl_set_verify, verify_err, getx509field, - check_context, ne_negotiate_ssl, ne_ssl_server_cert): New - functions. - (ne_set_secure_context, ne_set_request_secure_upgrade, - ne_set_accept_secure_upgrade): Removed functions. - (ne_ssl_enable): Renamed from ne_set_secure. - - * ne_socket.c (struct nssl_context_s): Removed type. - (sock_create_ssl_context, sock_destroy_ssl_context, - sock_disable_*, key_prompt_cb, sock_set_key_prompt, - sock_set_client_cert): Removed functions. - (sock_enable_ssl_os): Renamed from sock_make_secure; take an - SSL_CTX pointer, and optionally pass out the SSL structure. - (sock_enable_ssl): New function. - -Wed Jan 30 19:47:42 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_buffer_concat, ne_buffer_zappend, - ne_buffer_append, ne_buffer_grow): Don't return success value, - presume universe ends at OOM. - -Sat Jan 26 10:57:42 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c: Renamed enum state constants to have prefix - NE_Z_, to avoid conflict with Windows headers (Branko ibej). - -Mon Jan 14 20:26:31 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_concat): Removed function - it didn't work, and - it wasn't used. - -Mon Jan 14 02:09:38 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_content_type_handler): Parse charset parameter. - -Sun Jan 13 14:29:00 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_content_type_handler): Remove trailing '/' from - parsed type, fix search for parms separator (Greg Stein). - -Sun Jan 13 12:07:51 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c (ne_simple_request): Drop unused Content-Type handling. - -Thu Jan 10 00:39:17 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (hdr_hash): Mark as inline. - -Tue Jan 8 22:03:42 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (add_timeout_header): New function. (ne_lock, - ne_lock_refresh): Send a Timeout header if lock->timeout is set. - -Mon Jan 7 21:48:38 2002 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (parse_timeout): Fix parsing lock timeout (Arun - Garg). - -Mon Dec 17 22:46:36 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (struct ne_session_s): Make expect100_works a plain - integer (rather than a bitfield). - -Sun Dec 9 14:04:27 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_buffer_grow, ne_buffer_create_sized): Don't - zero-fill new memory. (ne_buffer_concat): Zero terminate the - string as _grow doesn't do it. - -Sun Dec 9 13:31:55 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_buffer_zappend): Minor optimisation; implement - using ne_buffer_append. - -Sun Dec 9 13:18:35 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_buffer_concat): Optimise to use time O(n) [n == - total string length). - -Sun Dec 9 11:57:56 2001 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (NEON_DAVOBJS): Remove ne_acl.o. - -Sat Dec 8 01:11:30 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_pull_request_body): Use NE_FMT_SIZE_T in - debugging message; cast size_t to int to avoid GCC warning for - field size parameter. (set_body_size): Use NE_FMT_SIZE_T. - - * ne_xml.c (ne_xml_parse): Similarly. - -Mon Dec 3 19:56:07 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c (ne_session_destroy): Return void. - -Sat Dec 1 18:37:43 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (ah_create): Reset attempt counter - here... (ah_post_send): ...rather than here. - -Tue Nov 27 21:26:01 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (send_with_progress): Actually call the callback; - fix for correct sock_fullwrite return codes. - -Tue Nov 27 20:20:40 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h (VERSION_PRE11): Define macro; as - ne_version_pre_http11. - - * ne_session.c (ne_version_pre_http11): Use VERSION_PRE11. - - * ne_request.c (add_fixed_headers, build_request, ne_end_request): - Use VERSION_PRE11. - -Sun Nov 18 19:32:56 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (discover_results): Check status is 2xx before - invoking callback; pass NULL lock and non-NULL status pointer in - failure cases. (create_private): Initialize lock to some "value - unspecified" defaults. - -Sun Nov 18 19:25:10 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (auth_session): Rename 'tries' field to 'attempt'. - (get_credentials, ah_pre_send, ah_post_send): Increment attempt - counter only when requesting credentials; reset it to zero when no - auth failure is signaled. - -Sun Nov 18 15:49:00 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.h (ne_request_auth): Pass username and password as - buffers of size NE_ABUFSIZ to callback. Add 'attempt' argument. - - * ne_auth.c (auth_session): Store username in buffer. - (get_credentials, basic_challenge, digest_challenge): Updated for - callback prototype changes. (ah_post_send): Request credentials, - and retry authentication until callback returns non-zero. - -Mon Nov 12 20:57:56 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (get_to_fd): Really cope with short writes (thanks to - rado <dzusto@yahoo.com>). - -Sun Nov 4 15:09:03 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_props.h: Define NE_ELM_PROPS_UNUSED for picking element ids - for use with the propfind XML parser. - -Sat Nov 3 19:06:04 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (NSPACE): New macro. (set_body, pnamecmp, startelm, - free_propset): Handle property having NULL nspace element in - propfind code. - -Sun Oct 28 22:04:49 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (parse_element): Prevent false matches of found prefix - "abcde" against stored prefix "abcdeFGH". Compare - case-sensitively. - -Fri Oct 26 20:28:03 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (send_request): Fix case where persistent - connection times out, and improve error handling. - -Thu Oct 25 20:42:24 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (ne_proppatch): Really handle properties with a NULL - namespace correctly; use the "D:" prefix for elements in the - "DAV:" namespace; allow properties to have no namespace. - -Tue Oct 16 08:54:46 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c (parse_element): Fail the parse if a namespace prefix - definition is given with an empty value. - -Tue Oct 16 08:52:40 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_props.h, ne_207.h: Move ne_propname definition into - ne_props.h. - -Tue Oct 16 08:49:42 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c (ne_proppatch): Handle properties with a NULL nspace - field correctly. - -Sun Oct 7 19:31:06 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_acl.c (ne_acl_set) [USE_DAV_LOCKS]: Notify use of resource to - locking code. - -Sun Oct 7 17:45:01 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_acl.c, ne_acl.h: New files, contributed by Arun Garg - <arung@pspl.co.in>. - - * Makefile.in: Add ne_acl.* to build. - -Sun Oct 7 16:10:05 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_private (struct ne_session_s): Add 'reqcount' field. - - * ne_request.c (send_request): Refactor slightly; don't loop, but - return NE_RETRY when appropriate. Increment reqcount. - (ne_begin_request): Loop if send_request returns NE_RETRY. - (open_connection): Reset reqcount field. - -Tue Oct 2 21:11:39 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c (GMTOFF): New macro. (ne_iso8601_parse, - ne_rfc1123_parse, ne_rfc1036_parse, ne_asctime_parse): Use new - macro, fix up date handling on some platforms. - -Sat Sep 29 14:20:47 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (gz_reader): Fix tests 4 and 7: don't try to - inflate after reading header if no bytes are left in the buffer. - -Sat Sep 29 14:04:11 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c: Fix API; return an opaque object which must - be destroyed later. - - (ne_decompress_reader): Renamed from ne_gzip_response_body_reader. - Doesn't need the session object passed in any more. - (ne_decompress_destroy): Merge of co_destroy, co_post_end. - -Sat Sep 29 13:50:43 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_get_session): New function. - -Sat Sep 29 12:52:31 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c (parse_header): Bail if flags are set to something - unexpected. - -Sat Sep 29 11:15:30 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_compress.c, ne_compress.h: New files. - - * Makefile.in: Add deps for ne_compress. - -Thu Sep 27 09:05:24 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c: Adapted for new hooks interface. - - * ne_cookies.c: Adapted for new hooks interface. - (ne_cookie_register): New function. - -Thu Sep 27 09:01:03 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c, ne_locks.c: Adapted for new hooks interface. Store - pointer to per-request object in the per-session object. - -Thu Sep 27 08:48:16 2001 Joe Orton <joe@manyfish.co.uk> - - Re-write hooks interface to register callbacks individually rather - than as a block. Inspired by the Apache 2.0/APR hooks interface. - - * ne_private.h (struct hook): Store a callback, userdata, id. - (struct hook_request): Removed. (struct ne_session_s): Store - hooks lists for create_req, pre_send, post_send, destroy_req, - destroy_sess, accessor. (struct ne_request_s): Store accessor - hooks list. - - * ne_request.c (ne_add_hooks): Removed. - (ne_hook_create_request, ne_hook_pre_send, ne_hook_post_send, - ne_hook_destroy_request, ne_hook_destroy_session, - ne_hook_session_accessor, ne_hook_request_accessor, - ne_null_accessor, call_access, add_hook): New functions. - (ne_request_create, ne_request_destroy, build_request, - ne_end_request): Adapt for new interface. - - * ne_session.c (destroy_hooks): New function. - (ne_session_destroy): Use it to destroy hooks lists appropriately. - -Tue Sep 25 07:46:32 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.c: Only decode UTF-8 for parsers other than libxml 1.x. - -Tue Sep 25 07:33:09 2001 Mo DeJong <supermo@bayarea.net> - - * src/ne_socket.c: Include <signal.h> instead of <sys/signal.h>. - (sock_init): Only use signal() to ignore SIGPIPE if both - HAVE_SIGNAL and HAVE_SIGPIPE are defined. - -Tue Sep 25 07:09:53 2001 Mo DeJong <supermo@bayarea.net> - - * ne_socket.c (sock_init): Declare local variables before invoking - any instructions since that is not valid C code. - -Sun Sep 23 10:30:54 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c (struct auth_challenge): Make members const. - (clean_session): Free the realm string. (basic_challenge, - digest_challenge): strdup the realm string. (request_digest): - opaque is no longer stored quoted. (tokenize): New function. - (verify_response, auth_challenge): Rejig to use tokenize(). - -Sat Sep 22 20:17:00 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_shave): Fix possible memory corruption when - result should be the empty string. - -Thu Sep 20 21:27:57 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_pull_request_body): Add debugging dump of body - blocks. - -Thu Sep 20 21:23:43 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h: Remove obsolete 'if_locks' member from struct - ne_request_s. - -Tue Sep 18 23:35:30 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_get_range): Handle write errors too. - -Tue Sep 18 22:14:49 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h (ne_xml_validate_cb): Take userdata parameter. - - * ne_xml.c (find_handler): Pass validate callback the handler's - userdata. - - * ne_207.c, ne_props.c, ne_locks.c: All users changed. - -Tue Sep 18 21:49:14 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c (ne_lock_refresh): New function. - -Tue Sep 18 21:17:29 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (copy_or_move): Take a depth parameter, add depth - header, for COPY requests. (ne_copy): Take depth parameter, pass - through. (ne_move): Adjusted accordingly. - -Mon Sep 17 23:29:58 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_debug_init): Set debug stream to be unbuffered if - setvbuf() is available. - -Mon Aug 27 00:36:37 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c (start_element, end_element): Remember when context is - valid for a <propstat>, and only invoke callback then. - -Sun Aug 26 22:30:39 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_get_range): Better error handling. Cope with - Apache's 416 problem. - -Sun Aug 26 18:58:47 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c: Store unquoted challenge parameters in session - object, prevent having to unquote/free them >1 times. - -Sun Aug 26 18:57:51 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_init): Do nothing on any calls after first. - -Sun Aug 26 12:45:04 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (server_hdr_handler): Remove function. (ne_options): - Don't add server_hdr_handler. - -Tue Jul 17 11:25:06 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_init): Set signal dispostion for SIGPIPE to - ignore. - -Sat Jun 30 12:11:44 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c (ne_supports_ssl): New function. - -Tue Jun 19 21:57:49 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c (ne_iso8601_parse): Fix month off-by-one bug, use - separate vars for offsets. (ne_rfc1036_parse): Fix Y2K bug, - parsing problem. - -Tue Jun 19 21:57:42 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c (ne_iso8601_parse): New function. - -Sun Jun 10 15:39:40 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (send_with_progress): New function. - (send_request_body): Use send_with_progress to trigger progress - callbacks if necessary. - -Sat Jun 9 15:42:33 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h: Bring back NE_ASC2HEX/HEX2ASC. - - * ne_md5.c: Use them. - -Sat Jun 9 15:42:08 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_xml.h: Include ne_defs.h. - -Fri Jun 8 23:02:49 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.h, ne_socket.c: Update for includes (Mo DeJong). - -Fri Jun 8 21:34:00 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (dav_hdr_handler): Use ne_token. - -Sat Jun 2 14:37:07 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_private.h: Renamed from http_private.h. - -Sat Jun 2 14:35:23 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_auth.c, ne_auth.h: Renamed from http_auth.c, ne_auth.h. - -Sat Jun 2 14:35:02 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_cookies.c, ne_cookies.h: Renamed from http_cookies.c, - http_cookies.h. - -Sat Jun 2 14:34:51 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_dates.c, ne_dates.h: Renamed from dates.c, dates.h - -Sat Jun 2 14:22:49 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_redirect.c, ne_redirect.h: Renamed from http_redirect.c, - http_redirec.h. Big rename... s/http_/ne_g/ - -Sat Jun 2 12:54:51 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_md5.c (md5_process_block): Fix for word alignment issue on - Sparc from Kai Sommerfeld. - -Wed May 30 23:15:31 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_put, ne_get, ne_put_if_unmodified, ne_get_range, - ne_post): Take an integer fd rather than FILE * stream. - (get_to_fd): Write to fd rather than stream. - -Wed May 30 23:08:55 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_i18n.h, ne_i18n.c: Renamed from neon_i18n.h, neon_i18n.c. - - * *.c: All changed accordingly. - -Wed May 30 23:02:47 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_defs.h: Renamed from neon_defs.h. - - * *.h: All changed accordingly. - -Wed May 30 22:58:57 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_md5.c, ne_md5.h: Renamed from md5.c, neon_md5.h - -Wed May 30 22:55:19 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.h: In-line ne_debug for GCC which can cope with varargs - preprocessor macros. - -Wed May 30 00:43:05 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (ah_use_body): Removed function. (digest_body): New - function. (request_digest): Use ne_pull_request_body to find the - MD5 digest of the request body, when necessary. - -Wed May 30 00:30:52 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.c: Store Request-URI, session pointer, and method - string in redirect object. Avoid looking inside - ne_request/ne_session internals. - -Wed May 30 00:04:30 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c: Re-implement request body handling in terms of a - callback which provides the request body blocks on demand. Remove - 'use_body' hook, in favour of the hooks calling - ne_pull_request_body when necessary. (ne_pull_request_body, - body_fd_send, body_string_send): New functions. - (send_request_body): Re-implemented using ne_pull_request_body. - (run_set_body_hooks): Removed function. (ne_set_request_body_fd): - Replacement for ne_set_request_body_stream, using a raw fd rather - than a FILE *. - -Tue May 29 22:39:39 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_basic.h, dav_basic.h: Removed. - -Tue May 29 22:38:54 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c (ne_simple_request, etc): Copied in from dav_basic.c. - -Tue May 29 22:12:23 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c, ne_locks.h, ne_props.c, ne_props.h, ne_207.c, - ne_207.h: Big rename. dav_* -> ne_*, and so on. - -Tue May 29 22:06:24 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_add_depth_header): Moved from dav_basic.c. - -Tue May 29 21:55:30 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_props.c, ne_props.h: Renamed from dav_props.c, dav_props.h. - -Tue May 29 21:43:15 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_207.c, ne_207.h: Renamed from dav_207.c, dav_207.h. - -Tue May 29 21:22:25 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_locks.c, ne_locks.h: Renamed from dav_locks.c, dav_locks.h. - -Tue May 29 21:21:44 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c (sock_fullwrite): Cast return value of SSL_write to - size_t to prevent comparison of signed with unsigned. - -Tue May 29 21:05:27 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c [!NEON_NODAV]: Move ne_copy, ne_mkcol, ne_move, - ne_delete in here. - -Tue May 29 20:12:50 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_uri.c, ne_uri.h: Renamed from uri.c, uri.h. - -Tue May 29 19:17:09 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_socket.c, ne_socket.h: Renamed from socket.c, nsocket.h. - -Tue May 29 18:58:51 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (ne_mkcol, ne_copy, ne_move, ne_delete): Renamed from - dav_*. - -Tue May 29 17:58:09 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c (copy_or_move, dav_copy, dav_move, dav_delete, - dav_mkcol): Copied in from dav_basic.c. - -Tue May 29 17:55:33 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_basic.c, ne_basic.h: Renamed from http_basic.c, http_basic.h. - -Tue May 29 17:47:50 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (ah_create, ah_pre_send): Add the response body - handler in pre_send, and only if qop=auth-int. - -Wed May 16 20:54:51 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (ne_get_request_headers): Removed function. - -Sat May 12 18:48:46 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c (read_message_header, read_response_headers): Use a - fixed-size char * buffer argument rather than an ne_buffer. - Append directly to it when header-folding. - -Mon May 7 10:42:38 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c (ne_token): Use an optimized search (strchr) if - quotes is NULL. - -Mon May 7 01:33:48 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (basic_challenge, get_cnonce): Updated for ne_base64 - change. - -Mon May 7 01:32:22 2001 Joe Orton <joe@manyfish.co.uk> - - * base64.c (ne_base64): Take length parameter. [BASE64_TEST] - (main): Remove function, obsoleted by test code. - -Wed May 2 12:06:59 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c, ne_string.h (ne_token, ne_shave): New functions, - destined to replace split_string, shave_string, etc. - - * ne_string.c [SPLIT_STRING_TEST, PAIR_STRING_TEST] (main): Remove - tests, functions are obsolete. - -Tue May 1 22:14:14 2001 Joe Orton <joe@manyfish.co.uk> - - * dates.c (ne_httpdate_parse): Moved from ne_utils.c. - -Tue May 1 21:55:45 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_utils.c, ne_utils.h: Renamed from http_utils.c, http_utils.h. - Big rename. http_* -> ne_*. neon_* -> ne_*. DEBUG() -> - NE_DEBUG(). DEBUG_* -> NE_DBG_*. - -Tue May 1 21:35:10 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_request.c: Updated for ne_buffer changes. - -Tue May 1 21:28:58 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.h (ne_buffer_size): Implement as macro. - - * ne_string.c (ne_buffer_size): Remove function. - -Tue May 1 21:23:47 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c, ne_string.h: Make ne_buffer a transparent type, and - no longer be an implicit pointer type. (ne_buffer_*): All - changed. (ne_buffer_data, NE_BUFFER_CAST): Removed. - -Tue May 1 21:17:40 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c, ne_string.h: Renamed sbuffer -> ne_buffer. - Implicit pointer removed ne_buffer type. - -Tue May 1 21:12:15 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_string.c, ne_string.h: Renamed from string_utils.c, - string_utils.h (CVS copy'n'delete). - -Tue May 1 20:49:46 2001 Joe Orton <joe@manyfish.co.uk> - - * md5.c (ASC2HEX, HEX2ASC): Moved here from string_utils.h. - - * string_utils.h: As above. - -Tue May 1 20:47:20 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c, http_request.h: Removed files. - - * ne_request.c, ne_request.h: Copied from old http_request.[ch]. - Renamed http_* -> ne_*. - -Tue May 1 20:43:11 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c renamed to ne_xml.c, hip_xml.h renamed to ne_xml.h: - CVS repository copy'n'delete. - -Tue May 1 20:41:03 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c, hip_xml.h: Big rename. hip_xml_* -> ne_xml_*. - -Tue May 1 20:37:13 2001 Joe Orton <joe@manyfish.co.uk> - - * http_basic.c, http_basic.h: Big rename. http_* -> ne_*. - -Tue May 1 19:59:01 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_session.c: Renamed http_* to ne_*. - -Tue May 1 19:55:47 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_alloc.h (NE_FREE): Renamed from HTTP_FREE() in http_utils.h - -Tue May 1 19:54:42 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_make_secure): Set SSL_MODE_AUTO_RETRY when - available. - -Mon Apr 30 00:36:34 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_session.[ch]: New files, split down from http_request.[ch]. - -Sun Apr 29 15:02:23 2001 Joe Orton <joe@manyfish.co.uk> - - * uri.c [URITEST] (main): Remove, obsoleted by new test suite. - -Sun Apr 29 15:01:30 2001 Joe Orton <joe@manyfish.co.uk> - - * uri.c (uri_has_trailing_slash): Return false if uri is "". - -Sun Apr 29 13:53:41 2001 Joe Orton <joe@manyfish.co.uk> - - * dates.c (ne_asctime_parse, ne_rfc1123_date, ne_rfc1036_parse): - Set tm_isdst to -1 in struct tm. - -Sun Apr 29 13:28:26 2001 Joe Orton <joe@manyfish.co.uk> - - * http_utils.c (http_parse_statusline): Skip leading whitespace. - (Johan Lindh). (http_parse_statusline): Ensure status-code is not - more than three digits. - -Sun Apr 29 13:26:47 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (build_request): Don't add "Content-Length: 0" - header if no body: Squid 2.3-STABLE1 doesn't like this. - -Sun Apr 29 13:25:16 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (everywhere): Renamed md5_* -> ne_md5_*. - -Sun Apr 29 13:24:12 2001 Joe Orton <joe@manyfish.co.uk> - - * md5.c: Renamed md5_* -> ne_md5_*. (ne_ascii_to_md5, - ne_md5_to_ascii): Moved from string_utils.c. - -Thu Apr 26 22:39:05 2001 Joe Orton <joe@manyfish.co.uk> - - * uri.c (uri_parse): A zero-length URI is invalid. - -Wed Apr 25 23:11:51 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (startelm): Check for xml:lang attribute and store - as prop->lang. (dav_propset_lang): New function. (free_propset): - Free lang. - -Wed Apr 25 23:08:52 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c (hip_xml_get_attr): New function. - -Sun Apr 22 21:48:06 2001 Joe Orton <joe@manyfish.co.uk> - - * uri.c (uri_parse): Skip a userinfo@ segment if present (Johan - Lindh <johan@link-Data.com>). - -Wed Apr 18 13:29:46 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_locks.c (dav_lock_copy): Allow owner to be NULL. - -Tue Apr 17 22:57:50 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_alloc.h, dav_locks.h: Add C++ inclusion safety. - -Tue Apr 17 22:56:50 2001 Joe Orton <joe@manyfish.co.uk> - - * uri.c (uri_parse): Correctly handle URIs with no scheme or - hostport segments (i.e. just a path). - -Tue Apr 10 00:29:25 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c [HAVE_SOCKS_H]: Include socks.h for SOCKSv5 support. - -Wed Apr 4 21:41:47 2001 Joe Orton <joe@manyfish.co.uk> - - * http_utils.h [WIN32]: Define ssize_t (Kai). - -Tue Apr 3 21:03:28 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_locks.c (dav_lock_discover): Cope with below API change. - -Tue Apr 3 20:43:50 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (propfind): Register the flat element handler here, - to pick up *any* properties and store them as 'flat' if they are - not handled by a handler further down the stack. (make_elms, - free_elms, dav_propfind_set_flat, dav_propfind_set_complex): - Removed functions. (dav_propfind_named): Take the list of - property names, and call set_body here. - (dav_propfind_set_private): New function. - -Tue Apr 3 09:33:09 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.h: Added C++ inclusion safety. (Kai Sommerfeld) - -Mon Apr 2 02:39:18 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c (sax_error): Add parse error callback for libxml. - -Mon Apr 2 02:23:06 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.c (post_send): Clean up and fix logic. Only check - for confirmation for same-server redirects. - -Mon Apr 2 02:13:48 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.c (http_redirect_location): New function. - (destroy): Removed function. (create): Free location. - (post_send): Only call notify callback for followed redirects. - -Mon Apr 2 01:55:27 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_set_request_uri): Allow using the '*' URI - even when using a proxy server. - -Mon Apr 2 01:32:06 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.c (post_send): Give up on trying to follow a - redirect to another server. Return HTTP_REDIRECT on such a - redirect. - - * http_redirect.c (post_send): Fix leaks of URI object (Kai - Sommerfeld). - -Mon Apr 2 01:08:33 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (read_response_headers): Don't read more than 100 - response headers. - -Mon Apr 2 00:54:43 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_request_dispatch): Remove mapping of auth - status codes to return values, the hook does it now. - -Mon Apr 2 00:53:20 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_set_request_uri): New function, split out - from http_request_create. (http_request_create): Use it. - -Mon Apr 2 00:51:23 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (http_set_proxy_auth, http_set_server_auth): Add - failure codes. (ah_post_send): Return failure code if - authentication fails. - -Mon Apr 2 00:19:17 2001 Joe Orton <joe@manyfish.co.uk> - - * http_utils.c: Pick up xmlversion.h from libxml2. - (neon_version_string): Include libxml2 version string if defined. - -Sun Apr 1 21:40:00 2001 Joe Orton <joe@manyfish.co.uk> - - * http_basic.c (http_get_range): Fix total length - calculation. (Johan Lindh <johan@linkdata.se>). - (clength_hdr_handler): Use range->total. - -Sun Apr 1 21:26:09 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c: Add expat2 support (Sam TH <sam@uchicago.edu>). - -Sun Apr 1 21:07:19 2001 Joe Orton <joe@manyfish.co.uk> - - * string_utils.h (CONCAT2, CONCAT3, CONCAT4): Use ne_malloc. - -Sun Apr 1 20:59:09 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (propfind, dav_proppatch): As below. - -Sun Apr 1 20:32:29 2001 Joe Orton <joe@manyfish.co.uk> - - * http_basic.c (http_post): Changed as per - http_set_request_body_buffer change. - - * dav_locks.c (dav_lock): Likewise. - -Sun Apr 1 20:31:06 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_set_request_body_buffer): Pass in size - parameter too. (send_request_body): Use sized rather than - NUL-terminated buffer. - -Sun Apr 1 20:12:51 2001 Joe Orton <joe@manyfish.co.uk> - - * http_private.h: Added 'body_callback' request body type, and - body_cb, body_ud fields to http_req. - - * http_request.c (http_set_request_body_provider): New function. - (set_body_size): New function, factored out from old - http_set_request_body_*. (http_set_request_body_stream, - http_set_request_body_buffer): Use it. - -Sun Apr 1 19:56:17 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c: Replaced 'uri' and 'depth' fields in propfind - handler object with an 'http_req' pointer. (dav_propfind_create): - Create the request object here, and set the depth header. - (propfind): Changed accordingly. (dav_propfind_destroy): Destroy - request object too. - - * dav_props.c (dav_propfind_get_request): New function. - -Fri Mar 30 16:50:51 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c (start_element): Quote attributes in collect (Kai - Sommerfeld). - -Fri Mar 30 16:36:08 2001 Joe Orton <joe@manyfish.co.uk> - - * http_basic.c (http_put_if_unmodified): Changed as below. - -Thu Mar 22 14:05:52 2001 Joe Orton <joe@manyfish.co.uk> - - * http_utils.c (http_dateparse): Changed as below. - - * http_auth.c (get_conce, basic_challenge): Likewise. - -Thu Mar 22 14:04:54 2001 Joe Orton <joe@manyfish.co.uk> - - * dates.c (ne_rfc1123_date, ne_rfc1123_date, ne_asctime_parse, - ne_rfc1036_parse): Added ne_ prefix. - -Thu Mar 22 14:03:12 2001 Joe Orton <joe@manyfish.co.uk> - - * base64.c (ne_base64): Renamed from base64. - -Tue Mar 20 20:34:44 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (make_elms): Don't request UTF-8 decoding of - property values. - -Tue Mar 20 20:33:39 2001 Joe Orton <joe@manyfish.co.uk> - - * string_utils.c (ne_utf8_decode): New function. - -Mon Mar 19 22:08:45 2001 Joe Orton <joe@manyfish.co.uk> - - * http_basic.c (get_callback): Removed function. (http_get, - http_read_file, http_post): Use callbacks directly rather than - indirectly through get_callback. - -Mon Mar 19 21:55:19 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (notify_status, http_set_status, - http_set_progress): New functions: request status and progress - callbacks. (open_connection, lookup_host): Use notify_status to - trigger status callbacks, and register socket progress callbacks. - -Mon Mar 19 21:53:07 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_register_notify): Removed function. - (sock_connect_u): Renamed to sock_connect. - (sock_register_progress): Per-socket progress callbacks rather - than global ones. (sock_call_progress): Take socket argument. - (all callers changed). - -Mon Mar 19 21:52:50 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_get_version): New function. - -Mon Mar 19 13:59:21 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (propfind): Destroy the handler. - -Mon Mar 19 13:36:55 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (dav_propnames): New function. - -Wed Mar 14 22:42:12 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.h (http_begin_request, http_end_request, - http_read_response_block): New functions. - (http_request_dispatch): Reimplemented using new caller-pulls - interface. - -Wed Mar 14 22:20:38 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (ah_post_send): If authentication fails (i.e. bad - credentials), clean the session details. - -Wed Mar 14 20:46:55 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c: Retry the request simply if it has not been tried - before with authentication details, otherwise, fail on 40[17]. - -Wed Mar 14 20:12:52 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (open_connection): Make sure to close the - connection, and return HTTP_CONNECT if the SSL negotiation fails. - -Tue Mar 6 18:37:43 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_alloc.c (ne_strndup): Allocate n+1 bytes not 'n' (Kai - Sommerfeld). - -Mon Mar 5 01:05:31 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c: Moved local sbuffer variables of - http_request_dispatch into http_req members 'reqbuf' and - 'respbuf'. (build_request): Return a const char * of the request. - (send_request): Call build_request directly, use req->respbuf. - (http_request_dispatch): Don't call build_request. Removed 'goto' - exception handling (hoorah). (http_request_create, - http_request_destroy): Create and destroy reqbuf and respbuf here. - -Mon Mar 5 00:43:40 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_set_request_body_stream): Set - req->body_size and Content-Length header here: return success - value. (http_set_request_body_buffer): Likewise (but no return - value). (get_request_bodysize): Removed function. - (build_request): Add Content-Length: 0 header if no request body. - -Mon Mar 5 00:27:24 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (http_forget_auth): New function. - -Mon Mar 5 00:25:15 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_request_hook_private): Renamed from - http_get_hook_private. (http_session_hook_private): New function. - - * dav_locks.c (dav_lock_using_resource, dav_lock_using_parent): - Renamed simiarly. - -Sun Mar 4 23:12:12 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c: Moved per-request state into struct auth_request. - (request_digest): Take struct auth_request argument. (free_auth): - New function. (http_add_hooks): Pass free_auth as cleanup - function for auth session. - -Sun Mar 4 23:08:46 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.c (auto_redirect): Auto-redirect OPTIONS requests. - (free_redirect): New function. (http_redirect_register): Pass - cleanup function. - -Sun Mar 4 23:07:01 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_locks.c (dav_lock_unregister): Removed function. - (free_locks): New function. (dav_lock_register): Pass free_locks - as cleanup function for hooks. - -Sun Mar 4 22:54:57 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.h (http_add_hooks): Added fourth argument to - register a cleanup function for the cookie. - -Sun Mar 4 19:53:03 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (request_digest): Use an sbuffer to create the - header value. - -Sun Mar 4 19:44:18 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c: Remove namespace protection for private - functions. s/http_auth/auth/g. - -Sun Mar 4 19:39:13 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (ah_pre_send): Increase attempt counter here, ... - (ah_post_send): instead of here. - -Sun Mar 4 18:40:03 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_request_dispatch): Simplify post_send hook - invocation: run them until one doesn't return HTTP_OK. Don't run - pre_send hooks here. Loop while a hook returns HTTP_RETRY. - (build_request): Run pre_send hooks here. - - * http_request.c (read_response_body): Call - normalize_response_length here. - -Sun Mar 4 18:12:26 2001 Joe Orton <joe@manyfish.co.uk> - - Re-implemented HTTP authentication using generic hooks interface. - - * http_auth.c: Added http_auth.h. (http_auth_init, - http_auth_set_creds_cb, http_auth_new_request, - http_auth_request_header): Removed functions, merged into new - hooks code. (ah_create, ah_post_send, ah_pre_send, ah_use_body, - ah_destroy): New functions. (auth_body_reader, - http_set_server_auth, http_set_proxy_auth): Moved over from - http_request.c and redone for hooks interface. - - * http_request.c (http_set_server_auth, http_set_proxy_auth, - give_creds, auth_body_reader): Moved to http_auth.c. - (http_accept_always): Renamed from always_accept_response and made - public. (http_request_create, build_request, - http_request_dispatch): Removed authentication code. - -Tue Feb 27 19:49:42 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (set_body): Remove UTF-8 encoding again. - -Mon Feb 26 22:38:41 2001 Joe Orton <joe@manyfish.co.uk> - - Patch from Kai Sommerfeld to remove URI escaping from inside neon. - - * dav_207.c (end_element): Don't unescape href elements. - - * http_request.c (http_request_create): Don't escape Request-URI. - - * dav_basic.c (copy_or_move): Don't escape destination URI. - -Mon Feb 26 21:44:56 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (set_body): UTF-8 encode the property name and - value. (make_elms): Request UTF-8 decoding of property values. - -Mon Feb 26 21:40:14 2001 Joe Orton <joe@manyfish.co.uk> - - * hip_xml.c: Do perform UTF-8 decoding when using libxml. - (char_data): Fix UTF-8 decoding bug where the byte after a - multi-byte encoded sequence would be skipped. - -Sun Feb 25 20:04:05 2001 Joe Orton <joe@manyfish.co.uk> - - * string_utils.c (ne_utf8_encode): New function. - -Sun Feb 25 19:52:01 2001 Joe Orton <joe@manyfish.co.uk> - - * ne_alloc.c (ne_realloc): New function. - -Sun Feb 25 17:00:32 2001 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (all): Rename NEON_IS_BUNDLED to NEON_BUILD_BUNDLED. - -Sun Feb 25 16:52:43 2001 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in (all): Build according to NEON_IS_BUNDLED. - -Fri Feb 23 23:38:10 2001 Joe Orton <joe@manyfish.co.uk> - - * Makefile.in: Fix deps: neon_config.h has gone. - -Fri Feb 23 22:57:47 2001 Joe Orton <joe@manyfish.co.uk> - - * dav_props.c (dav_simple_propfind): Support a NULL 'props' - argument to do an allprop request, as per the advertising - literature. Register a catch-all handler in this case. - -Fri Feb 23 22:16:42 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (http_session_destroy): Free up hooks list. - -Thu Feb 22 21:54:36 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.h (http_add_hooks): Make request_hooks 'const'. - -Thu Feb 15 08:36:56 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (read_response_body): Accept SOCK_CLOSED as - end-of-response if we don't have a Content-Length (and not - chunked). (Kai Sommerfeld). - -Thu Feb 15 08:36:23 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (add_fixed_headers): Don't add the Host header - here. (http_request_dispatch): Add it here instead. - - * http_request.c (set_hostinfo): Dup the hostname. - (http_session_destroy): Free the hostname. (Kai Sommerfeld). - -Thu Feb 15 08:35:49 2001 Joe Orton <joe@manyfish.co.uk> - - * http_private.h: Make hostname in struct host_info char *. (Kai - Sommerfeld). - -Thu Feb 15 08:08:50 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.h: Add C++ header-inclusion safety macros (Kai - Sommerfeld <kai.sommerfeld@germany.sun.com>). - -Wed Feb 14 23:37:57 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (read_response_body): Use a size_t for readlen, - as read_response_block requires. - -Wed Feb 14 23:25:44 2001 Joe Orton <joe@manyfish.co.uk> - - * http_auth.c (request_digest): Fix incorrect signed-ness of - buffer. - -Wed Feb 14 23:22:13 2001 Joe Orton <joe@manyfish.co.uk> - - * uri.h, string_utils.h: Comment-out tokens after #endif. - -Sun Feb 4 14:36:11 2001 Joe Orton <joe@manyfish.co.uk> - - * http_redirect.c (post_send): Prototype change. - -Sun Feb 4 14:31:42 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c: Added key_prompt, key_userdata, key_file to - nssl_context. (sock_set_key_prompt, key_prompt_cb): New - functions. (sock_make_secure): Set ctx->key_file to private key - filename. - -Sun Feb 4 13:31:44 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.h: Make http_status argument of post_send a const - pointer. - -Sun Feb 4 10:38:12 2001 Joe Orton <joe@manyfish.co.uk> - - * http_request.c (set_sockerr): Only use the socket error if it is - NULL, else print generic "something went wrong"-type error - message. - -Sun Feb 4 10:29:37 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_set_client_cert): Call SSL_CTX_check_private_key - to ensure that the cert and private key match. - -Sun Feb 4 10:28:02 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_make_secure): In error cases after SSL_connect - succeeds, call SSL_shutdown and assign sock->ssl = NULL before - returning. - -Sat Feb 3 18:33:56 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_close): Call SSL_shutdown before close()'ing the - fd. - -Sat Feb 3 18:30:48 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c: Store an default SSL_CTX in nsocket, to be used when - no nssl_context is supplied. (create_socket): Create default - SSL_CTX (sock_close): Free it here. (sock_make_secure): Use it - here. - -Sat Feb 3 15:52:15 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c (sock_set_client_cert): New function. - -Sat Feb 3 15:48:51 2001 Joe Orton <joe@manyfish.co.uk> - - * socket.c: Rejig of nssl_context handling. An nssl_context is - now really a wrapper for an SSL_CTX. (sock_create_ssl_context): - Create the SSL_CTX here. (sock_disable_tlsv1, sock_disable_sslv2, - sock_disable_sslv3): Set the SSL_CTX option directly. - (sock_make_secure): Create an SSL_CTX if no nssl_context is - supplied, otherwise use SSL_CTX from nssl_context. - -Sun Jan 28 13:52:03 2001 Joe Orton <joe@manyfish.co.uk> - - * http_utils.c (neon_version_minimum): New function. - -Sun Jan 28 10:37:28 2001 Joe Orton <joe@manyfish.co.uk> - - * neon_config.h.in: Removed file. - - * http_request.c, http_utils.c: Don't include neon_config.h. - -Sat Jan 27 22:52:37 2001 Joe Orton <joe@light.plus.com> - - * socket.c: Use closesocket() as NEON_CLOSE (Markus Fleck - <fleck@isoc.de>). - -Sat Jan 27 22:35:16 2001 Joe Orton <joe@light.plus.com> - - * hip_xml.c: Add 'char_data' as libxml cdataBlock handler. - -Tue Jan 23 23:17:00 2001 Joe Orton <joe@light.plus.com> - - * neon_config.h.in: Renamed from neon_config.h. Define - NEON_VERSION_MAJOR and NEON_VERSION_MINOR too: all picked up from - the NEON_VERSIONS macro. - -Sun Jan 21 22:07:34 2001 Joe Orton <joe@light.plus.com> - - * string_utils.c (ne_concat): New function. - -Thu Jan 18 22:25:34 2001 Joe Orton <joe@light.plus.com> - - * ne_alloc.h: Added ne_oom_callback. - - * ne_alloc.c: Added DO_MALLOC macro to do the malloc and oom - callback test. (ne_malloc): Use DO_MALLOC. (ne_strdup, - ne_calloc, ne_strndup): Reimplement using DO_MALLOC rather than - calling ne_malloc(). - -Tue Jan 16 20:16:35 2001 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.10.1. - -Tue Jan 16 20:14:40 2001 Joe Orton <joe@light.plus.com> - - * http_request.c (http_session_create): Default expect-100 support - to OFF. - -Mon Jan 15 22:59:33 2001 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.10.0. - -Mon Jan 15 22:58:04 2001 Joe Orton <joe@light.plus.com> - - * dav_basic.c (dav_simple_request): Use dav_207_ignore_unknown. - -Sun Jan 14 22:52:31 2001 Joe Orton <joe@light.plus.com> - - * dav_props.c (propfind): Call dav_207_ignore_unknown. - -Sun Jan 14 22:49:06 2001 Joe Orton <joe@light.plus.com> - - * dav_207.c: Don't handle unknown elements in normal handler. - (ignore_cc, dav_207_ignore_unknown): New functions, for ignoring - any unknown elements in the parse. - -Sun Jan 14 21:53:00 2001 Joe Orton <joe@light.plus.com> - - * hip_xml.c: Renamed 'handlers' back to top_handlers. - (push_handler): Now, p->root->handlers points to BASE of stack, - p->top_handlers points to TOP of stack. (hip_xml_destroy): - Changed to start from new BASE of stack. - -Sun Jan 14 10:50:09 2001 Joe Orton <joe@light.plus.com> - - * http_request.c (http_session_server): Do perform the DNS lookup - if we have a proxy_decider function, since that means we MIGHT - need to know the IP address of the origin server. - (http_request_create): Pass the real scheme back to the proxy - decider callback. - -Wed Jan 10 22:43:16 2001 Joe Orton <joe@light.plus.com> - - * Makefile.in: Rename OBJ_EXT to NEON_OBJEXT. Remove - NEON_INTERFACE_VERSION, use NEON_LINK_FLAGS instead. - -Wed Jan 10 22:02:02 2001 Joe Orton <joe@light.plus.com> - - * dav_locks.c (create_private): New function. - (dav_lock_discover): Switch to using new dav_propfind_set_complex - API. - -Wed Jan 10 21:59:36 2001 Joe Orton <joe@light.plus.com> - - * dav_props.h (dav_propfind_set_complex): Switch the - 'sizeof_private' argument for a callback 'creator': the return - value of this callback is used as the 'private' field for the - current resource. - -Mon Jan 8 22:09:55 2001 Joe Orton <joe@light.plus.com> - - * dav_locks.h (dav_lock_result): Re-order arguments. Make lock - object const. - - * dav_locks.c (dav_lock_copy): New function. (discover_results): - Set lock->uri given href for current results. Free lock object - after passing to results. - -Sun Jan 7 21:55:14 2001 Joe Orton <joe@light.plus.com> - - * dav_locks.c (dav_lock): Destroy XML parser after use. Remove - handling of Lock-Token header: it wasn't used and it leaked. - -Sun Jan 7 19:58:29 2001 Joe Orton <joe@light.plus.com> - - * dav_props.c (free_propset): Free the property values, and the - result set URI too. - -Sun Jan 7 16:58:19 2001 Joe Orton <joe@light.plus.com> - - * http_request.c (read_response_block): Fix handling of - SOCK_CLOSED from sock_read as end-of-connection. - -Sat Jan 6 15:02:57 2001 Joe Orton <joe@light.plus.com> - - * hip_xml.c (struct hip_xml_parser): Renamed 'top_handlers' to - 'handlers' in hip_xml_parser. (push_handler): New function. - (hip_xml_push_handler, hip_xml_push_mixed_handler): Use - push_handler. - - * hip_xml.c (find_handler): Begin the search for a new handler - from the handler of the current (parent) element, and work up the - stack. - -Sat Jan 6 11:15:17 2001 Joe Orton <joe@light.plus.com> - - * hip_xml.c (find_handler): Display error message for unknown XML - element as 'elmname (in nspace)' rather than 'nspace:elmname' - since the latter produces confusing errors like - 'DAV::displayname'. - -Wed Jan 3 21:34:44 2001 Joe Orton <joe@light.plus.com> - - * Makefile.in: Hard-code top_builddir as '..' (possibly wrong, but - true for all neon apps so far). Remove INCLUDES, now unused. Add - top_srcdir. - -Fri Dec 22 22:51:27 2000 Joe Orton <joe@light.plus.com> - - * dav_props.c: Added 'has_props' field to propfind_handler struct. - (set_body): Only add leading 'prop' element if has_props is not - set. Set has_props. Don't add trailing </prop> element here. - (dav_propfind_named): ... add it here instead. - (dav_propfind_set_complex, dav_propfind_set_flat): New set_body - interface. - -Fri Dec 22 21:10:39 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_transfer): Don't use NEON_READ here, this is - for reading from a non-socket fd. - -Wed Dec 20 00:19:34 2000 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.9.1. - -Wed Dec 20 00:19:09 2000 Joe Orton <joe@light.plus.com> - - * dav_props.c (free_propset): Don't free the private structure, - make this the caller's responsibility. - -Wed Dec 20 00:12:36 2000 Joe Orton <joe@light.plus.com> - - * dav_props.c (end_propstat): Rename propstat argument to - 'pstat_v' to kill warnings. - -Tue Dec 19 23:42:39 2000 Joe Orton <joe@light.plus.com> - - * dav_props.c (start_response): Zero-out the private structure on - creation. - -Tue Dec 19 22:54:06 2000 Joe Orton <joe@light.plus.com> - - * http_request.c (read_response_block): Rename local variable - 'socket' to 'sock'. - -Tue Dec 19 22:52:56 2000 Joe Orton <joe@light.plus.com> - - * http_request.h: Rename argument from 'stat' in post_send - definition. - -Tue Dec 19 22:52:32 2000 Joe Orton <joe@light.plus.com> - - * http_utils.h: Add 'const' to char * argument. - -Tue Dec 19 22:19:28 2000 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.9.0. - -Tue Dec 19 22:12:19 2000 Joe Orton <joe@light.plus.com> - - * Makefile.in: New file. - -Tue Dec 19 22:07:50 2000 Joe Orton <joe@light.plus.com> - - * Makefile.incl: Removed file. - -Tue Dec 19 22:06:06 2000 Joe Orton <joe@light.plus.com> - - * dav_locks.c (dav_lock_discover): New callback-based lock - discovery interface. Re-implemented using new propfind interface. - -Tue Dec 19 21:22:43 2000 Joe Orton <joe@light.plus.com> - - * dav_props.h: Replace old dav_propfind_* interface with better - one. (dav_simple_propfind): Renamed from dav_get_props. - (dav_propfind_current_private, dav_propfind_set_complex, - dav_propfind_set_flat): New functions. - (dav_propfind_get_current_resource): Removed function. - (dav_propfind_named, dav_propfind_allprop): Change second argument - to be the results callback. - - * dav_props.c: Replace implementatino of old interface with new - one. (dav_simple_propfind): Re-implemented on top of new - all-singing all-dancing dav_propfind_* interface. - -Sun Dec 17 18:24:50 2000 Joe Orton <joe@light.plus.com> - - * dav_props.c: Add dav_get_props, and all its auxiliaries. - -Sun Dec 17 15:43:55 2000 Joe Orton <joe@light.plus.com> - - * dav_props.c (propfind): Destroy the request after calling - http_get_status. - -Sun Dec 17 18:04:58 2000 Joe Orton <joe@light.plus.com> - - * hip_xml.c (find_handler): Allow using NULL as name and nspace in - HIP_ELM_unknown elements. - -Sun Dec 17 18:03:03 2000 Joe Orton <joe@light.plus.com> - - * dav_207.c (check_context): Don't handle the unknown element when - it is a child of the prop element, this prevents handling allprop - responses. - -Thu Dec 14 21:48:06 2000 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.8.0. - -Thu Dec 14 21:43:31 2000 Joe Orton <joe@light.plus.com> - - * dav_basic.c, dav_locks.c, dav_props.c (everywhere): Changed to - new response-status interface, and _class->klass change. - -Thu Dec 14 21:37:38 2000 Joe Orton <joe@light.plus.com> - - * http_request.c (http_get_status): Add new response-status - interface. - -Thu Dec 14 21:30:25 2000 Joe Orton <joe@light.plus.com> - - * http_basic.c (everywhere): Use new status interface. - -Thu Dec 14 21:25:03 2000 Joe Orton <joe@light.plus.com> - - * http_private.h: Made http_status pointer in http_req a declared - object. - - * http_request.h: Removed passing status pointer to - http_request_dispatch. - - * http_request.c (everywhere): Removed passing extra http_status * - to auxiliaries, use req->status instead. Renamed '_class' to - 'klass' everywhere. - -Thu Dec 14 21:15:54 2000 Joe Orton <joe@light.plus.com> - - * http_utils.h: Renamed '_class' member of http_status to 'klass'. - (http_parse_statusline): Change accordingly. - -Wed Dec 13 23:00:23 2000 Joe Orton <joe@light.plus.com> - - * socket.c: Changes for pre-BONE BeOS (David Reid - <dreid@jetnet.co.uk>). - -Wed Dec 13 21:29:36 2000 Joe Orton <joe@light.plus.com> - - * uri.c (ESCAPE): Explicitly cast the character to const unsigned - int. (uri_abspath_escape): Make 'pnt' a normal const char *. - -Wed Dec 13 21:17:31 2000 Joe Orton <joe@light.plus.com> - - * http_request.c: Remove netinet/in.h include, add limits.h - include. (Peter Boos) (read_response_block): Make readlen a size_t - (David Reid). - -Wed Dec 13 21:08:08 2000 Joe Orton <joe@light.plus.com> - - * ne_alloc.h [WIN32]: Include stdlib.h. (Peter Boos) - -Wed Dec 13 20:54:27 2000 Joe Orton <joe@light.plus.com> - - Patches from Peter Boos and David Reid for Win32 and - BeOS changes respectively: - - * socket.c: Add NEON_READ, NEON_WRITE, NEON_CLOSE macros to use - send/recv/closesocket for BeOS, send/recv/close for Win32, - write/read/close otherwise. Include WinSock2.h in Windows. Add - arpa/inet.h check. (sock_read, sock_write): Use the NEON_ macros. - (sock_connect, sock_close): Use NEON_CLOSE. (sock_init): Winsock - initialization. (sock_exit) Winsock cleanup. (sock_fullwrite): - Use size_t rather than ssize_t for 'sent'. (sock_connect, - sock_connect_u): Make 'port' parameter an unsigned short int. - -Wed Dec 13 20:42:18 2000 Joe Orton <joe@light.plus.com> - - * http_basic.c (clength_hdr_handler): Use an off_t for len, to - avoid comparison with size_t. - -Wed Dec 13 20:38:59 2000 Joe Orton <joe@light.plus.com> - - * hip_xml.c (char_data): Use an 'int' for wslen, avoid comparison - between size_t (which is signed) and int (which [is|might be?] - unsigned). - -Wed Dec 13 20:29:12 2000 Joe Orton <joe@light.plus.com> - - * nsocket.h [WIN32]: Use Windows headers rather than Unixy ones. - (sock_exit): New function. - -Wed Dec 13 20:21:22 2000 Joe Orton <joe@light.plus.com> - - * string_utils.c, string_utils.h, uri.h: Includes change (Peter - Boos). - -Wed Dec 13 20:20:09 2000 Joe Orton <joe@light.plus.com> - - * http_auth.c (http_auth_response_body): Don't make - inline. Includes change. (both by Peter Boos). - -Wed Dec 13 20:18:38 2000 Joe Orton <joe@light.plus.com> - - * uri.c (uri_unescape): Cast strtol return to (char). Includes - change as below (both by Peter Boos). - -Wed Dec 13 20:07:38 2000 Joe Orton <joe@light.plus.com> - - * base64.c, dates.c, dates.h, dav_207.c, dav_207.h, dav_basic.h, - dav_locks.h, hip_xml.h, http_auth.h, http_basic.h, http_cookies.c, - http_redirect.c, http_redirect.h, http_request.h, http_utils.c, - md5.c, ne_alloc.c: Use #include "..." rather than #include <...> - for neon headers. (Peter Boos <PediB@colorfullife.com>). - -Thu Dec 7 21:45:02 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_read): Return zero immediately if a zero count - parameter is passed, following SUSv2 semantics. - -Thu Dec 7 21:41:36 2000 Joe Orton <joe@light.plus.com> - - * nsocket.h (sock_readfile_blocked): Define an interface, allow - taking -1 as the length parameter. Only return SOCK_CLOSED if - length == -1 is NOT passed. - -Sun Nov 26 09:46:53 2000 Joe Orton <joe@light.plus.com> - - * nsocket.h: Fix use of 'socket' in function prototypes. - -Sun Nov 19 00:29:48 2000 Joe Orton <joe@light.plus.com> - - * nsocket.h: Increase read timeout to 120 seconds. - -Sun Nov 5 14:42:46 2000 Joe Orton <joe@light.plus.com> - - * dav_locks.c: Fix element id's (fixes segfault when using locks). - -Thu Oct 26 22:28:17 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_peek): Return SOCK_CLOSED if recv() returns zero. - -Thu Oct 26 22:24:14 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_block): Return "got data" if SSL_pending - indicates data pending. Otherwise select on socket as normal. - -Thu Oct 26 22:15:14 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_readline, sock_peek): Check whether SSL - connection has been closed if SSL_peek returns 0 (thanks to Jeff - Costlow <j.costlow@f5.com>). - -Thu Oct 14 19:57:31 2000 Joe Orton <joe@light.plus.com> - - * Makefile.incl: Fix spurius backslash at line 69 (thanks to - Dirk Bergstrom <dirk@juniper.net>). - -Sat Oct 14 19:51:44 2000 Joe Orton <joe@light.plus.com> - - * dav_basic.c (copy_or_move): Use http_get_scheme rather than - hard-coding "http". - -2000-10-02 Joe Orton <joe@light.plus.com> - - * http_request.c (http_get_scheme): New function. - -Tue Oct 10 19:56:42 2000 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.7.5. - -Sat Oct 7 19:26:58 2000 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.7.4. - -Sat Oct 7 19:19:37 2000 Joe Orton <joe@light.plus.com> - - * http_auth.c (request_digest): Quote algorithm and qop parameters - in digest header. - -Sat Oct 7 19:15:29 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_connect_u): Don't leak the fd if connect fails - (David Sloat). - -Sat Sep 16 16:49:57 2000 Joe Orton <joe@light.plus.com> - - * hip_xml.h: Add 'HIP_ELM_UNUSED', defining lowest element ID - which should be used. - - * hip_xml.c, hip_xml.h (hip_xml_push_handler, - hip_xml_push_mixed_handler): Renamed from hip_xml_add_handler / - hip_xml_add_mixed_handler to reflect stack-like usage of handlers. - 'handlers' field of hip_xml_parser renamed to top_handler for same - reason (globally search'n'replaced). - - * hip_xml.h: Documentation update. - -Thu Sep 14 22:37:33 2000 Joe Orton <joe@light.plus.com> - - * http_auth.c (request_digest): Quote qop= value, fixes - IIS5 interop. - -Thu Sep 14 00:40:04 2000 Joe Orton <joe@light.plus.com> - - * socket.c (sock_connect_u): If connect() fails, close the socket - before returning: thanks to David Sloat <d.sloat@f5.com>. - -Tue Sep 12 20:08:40 2000 Joe Orton <joe@light.plus.com> - - * http_request.c (read_response_headers): Remove redundant - tolower(). - -Tue Sep 12 00:41:39 2000 Joe Orton <joe@light.plus.com> - - * neon_config.h: Bumped version to 0.7.3. - -Mon Sep 11 15:31:13 2000 Joe Orton <joe@light.plus.com> - - * http_request.c, http_auth.c: Include snprintf.h if - HAVE_SNPRINTF_H is defined. - -Fri Sep 8 10:46:53 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.7.2. - -Fri Sep 8 10:44:42 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_block): Return immediately if this is an SSL - socket. - -Thu Sep 7 00:31:12 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.h: Correct order of hip_xml_validate_cb arguments in - prototype (thanks to Greg Stein). - -Thu Sep 7 00:27:29 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (propfind): Don't destroy the handler after use. - (dav_propfind_destroy): New function. - -Thu Sep 7 00:08:45 2000 Joe Orton <joe@orton.demon.co.uk> - - * Makefile.incl: Added targets for ne_alloc.o, string_utils.o, - uri.o, base64.o. - -Tue Aug 15 21:53:53 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.7.1. - -Tue Aug 15 21:16:34 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_request_create): Only add authentication - response body callbacks if a supply-credentials callback has been - set for the session. (http_request_dispatch): Similarly for - response header callbacks. - -Mon Aug 14 09:28:38 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.7.0. - -Mon Aug 14 09:23:54 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.h (SBUFFER_CAST): New macro. - -Mon Aug 14 09:13:05 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_private.h: Use a hash table for storing response header - handlers. Added response header 'catchers', which are passed ALL - response headers. - - * http_request.c (http_add_response_header_handler): Place the - handler in the correct hash bucket. (hdr_hash): New function. - (http_add_response_header_catcher): New function. - (http_request_destroy): Destroy the header catchers, and iterate - over the hash table to destroy the handlers. - (read_response_headers): Optimisation: hash and search for ':' in - a single loop. Remove another local variable. Iterate through - catchers too. - -Sun Aug 13 15:57:35 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.6.1. - -Sun Aug 13 15:50:42 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (send_request): Only go through the loop at most - twice. - -Sun Aug 13 15:49:52 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_redirect.c (destroy): Don't free the redirect structure. - -Sat Aug 12 17:10:32 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.6.0. - -Sat Aug 12 16:48:47 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_session_decide_proxy): New function. - (http_request_create): Call proxy "decider callback" to determine - whether to use the proxy server for a given request or not. - -Sat Aug 12 16:39:10 2000 Joe Orton <joe@orton.demon.co.uk> - - * Makefile.incl: Updated for http_private.h and - http_redirect.[ch]. - -Sat Aug 12 16:36:49 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c: Removed data structure definitions. - - * http_private.h: New file, contains data structure definitions. - Interface NOT exported. - -Sat Aug 12 16:31:32 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_redirect.c (destroy): No return value. - -Sat Aug 12 16:04:02 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_redirect.[ch]: First cut at HTTP redirect handling. - -Sat Aug 12 11:05:13 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.5.1. - -Sat Aug 12 02:04:15 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_locks.c (dav_lock_using_resource, dav_lock_using_parent): - Prevent segfault if locking is not in use. - -Fri Aug 11 17:19:06 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.5.0. - -Fri Aug 11 16:31:23 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (read_message_header): Take a buffer for storing - continuation lines. (read_response_headers): No need to strip EOL - since read_message_header does this already. Use one less - variable. - -Fri Aug 4 22:12:04 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (send_request): Don't retry sending the request - more than once. - -Wed Aug 2 11:08:31 2000 Joe Orton <joe@orton.demon.co.uk> - - * ne_alloc.[ch]: Renamed from xalloc.[ch]. - -Wed Aug 2 02:15:32 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_transfer): Return SOCK_CLOSED, or set sock->error - appropriately on read failure. - -Tue Aug 1 13:04:27 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c, nsocket.h (sock_progress, sock_call_progress, - sock_transfer, sock_readfile_blocked): Use 'off_t' not 'size_t' as - file size type. - -Fri Jul 28 13:32:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.4.2. - -Fri Jul 28 13:31:38 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (send_request): Fix sending request body after - getting 100-continue response. - -Fri Jul 28 11:26:47 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.4.1. - -Fri Jul 28 10:32:34 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.4.0. - -Fri Jul 28 10:28:21 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.[ch] (http_post): New function, from Sander Alberink - <sander.alberink@cmg.nl>. - -Thu Jul 27 18:55:49 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c (neon_debug): No conditional compilation for - function body: compile it all regardless of whether debugging is - enabled or not, to allow applications to be debugged regardless of - whether debugging is compiled into the library or not. - -Thu Jul 27 16:59:26 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (clength_hdr_handler): Cast off_t to long int for - printing. - -Tue Jul 25 18:14:15 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (read_message_header): Iterate over header - handler list before placing zero-terminator at ':': if a handler - has a NULL name field, pass it the entire header value. - -Tue Jul 25 18:00:49 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_get_request_headers): New function. - -Mon Jul 24 16:55:29 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.3.9. - -Mon Jul 24 16:54:33 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.h: Use 'off_t' in http_content_range. - - * http_basic.c (http_get_range): Cast range values to (long int) - to prevent compiler warnings. - -Thu Jul 20 20:03:30 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.[ch], socket.c, http_basic.c: Include nsocket.h not - socket.h. - -Thu Jul 20 20:02:20 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c (version_string): Indicate which XML parser is - supported. - -Thu Jul 20 20:01:12 2000 Joe Orton <joe@orton.demon.co.uk> - - * nsocket.h: Renamed from socket.h. - -Thu Jul 20 15:02:35 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c, socket.c, http_request.c: SSL_ENABLE renamaed to - ENABLE_SSL. - -Thu Jul 20 12:20:13 2000 Joe Orton <joe@orton.demon.co.uk> - - * md5.c, http_auth.h: Include neon_md5.h. - -Thu Jul 20 12:19:23 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_md5.h: Renamed from md5.h. - -Wed Jul 19 22:33:46 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (dav_simple_request): Don't leak ctype.value. - -Wed Jul 19 22:32:03 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (check_context): Accept unknown elements. - -Wed Jul 19 22:31:10 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_locks.c (dav_lock_iterate): Allow passing func as NULL. - -Wed Jul 19 22:26:13 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.h (SOCKET_READ_TIMEOUT): Increase to 60. - -Wed Jul 19 22:25:51 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_locks.h: Include http_request.h. - -Mon Jul 17 11:41:16 2000 Joe Orton <joe@orton.demon.co.uk> - - * dates.c (asctime_parse, rfc1036_parse): Actually pass the string - to sscanf (thanks to lclint). (rfc1123_date): Check for gmtime() - returning NULL. - -Mon Jul 17 09:16:43 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.3.1. - -Mon Jul 17 09:07:58 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_locks.c: Include limits.h: thanks to Paul D'Anna. - -Sun Jul 16 18:47:15 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: Bumped version to 0.3.0. - -Sun Jul 16 16:44:25 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_i18n.c (neon_i18n_init) [ENABLE_NLS && NEON_IS_LIBRARY]: - New compilation conditions. - -Sun Jul 16 16:41:12 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_i18n.c: New file. - -Sun Jul 16 16:15:02 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.c (sbuffer_*): Change to assert postcondition - (buf->used == strlen(buf->data) + 1). (sbuffer_append): Fix - brokenness. - -Sun Jul 16 16:11:05 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_transfer): Increase sum length written correctly. - -Sun Jul 16 16:10:23 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_get_hook_private): New function. - -Sun Jul 16 16:07:11 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (find_handler): Call validate_cb for any handler which - recognizes the element. Allow return codes - HIP_XML_{VALID,INVALID,DECLINE} from validate_cb. If DECLINE is - returned, continue searching handlers until one returns - (IN)VALID. (start_element): Don't call validate_cb. - - * hip_xml.c (start_element, end_element): In collect mode, don't - print namespace prefix if present. - -Sun Jul 16 15:30:19 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_locks.[ch]: New file, code mainly taken from cadaver and - adapted for neon HTTP request/response handling. - -Sun Jul 16 15:28:25 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (copy_or_move, dav_move, dav_copy): Pass overwrite - as parameter. - -Sun Jul 16 15:26:24 2000 Joe Orton <joe@orton.demon.co.uk> - - * uri.c (uri_compare): Fixed to only return equal if *shorter* - string has no trailing slash. - -Sat Jul 15 20:14:07 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (dav_207_get_current_response, - dav_207_get_current_propstat): New functions. - - * dav_props.c (dav_propfind_get_current_resource): Implement using - dav_207_get_current_response. - -Sat Jul 15 17:36:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * xalloc.c (xcalloc): New function. - -Sat Jul 15 14:11:14 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.[ch] and elsewhere: Replace 'class' field of - http_status with '_class' to be C++-safe. (patch from Tom - Bednarz). - -Thu Jul 6 18:48:52 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (copy_or_move): Escape the destination URI. - -Thu Jul 6 18:45:51 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (end_response): Added description parameter. - -Thu Jul 6 18:43:14 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.[ch] (end_element): Fix handling of responsedescription. - Add "description" parameter to dav_207_end_response callback, and - pass the contents of responsedescription. - - * dav_basic.c (handle_error, end_response, end_propstat): Pass - description and add to error string when present. - -Tue Jul 4 11:43:03 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c, dav_props.c, http_basic.c: Use - http_{add,print}_request_header rather than - http_get_request_header. - -Tue Jul 4 11:41:00 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.[ch] (http_add_request_header, - http_print_request_header): New functions. - (http_get_request_header): Removed function. - -Mon Jul 3 21:50:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c: Add basic support for TLS upgrade (RFC2817). - (http_set_request_secure_upgrade, http_set_accept_secure_upgrade): - New functions. (send_request): If upgrade is requested, and a 101 - response is received, negotiate the TLS connection. - (add_fixed_headers): Add Upgrade header if necessary. - -Mon Jul 3 21:46:00 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (send_request): Don't go into an infinite loop. - (read_message_header): Simplyify checking for end-of-line. - -Tue Jun 13 00:29:42 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_session_proxy, http_session_server): Allow - calling >1 time per session, to switch servers. (send_request): - Only retry sending request once. - -Mon Jun 12 21:50:41 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_add_hooks): New function. - -Mon Jun 12 21:37:24 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_cookies.[ch]: Added basic cookies support. - -Mon Jun 12 21:33:33 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_create_ssl_context, sock_destroy_ssl_context, - sock_disable_tlsv1, sock_disable_sslv2, sock_disable_sslv3, - sock_make_secure): Added nssl_context handling. - -Mon Jun 12 21:29:52 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_request_dispatch, http_request_create, - http_request_destroy, http_set_request_body_buffer, - http_set_request_body_stream): Added hook support. - -Mon Jun 12 21:04:00 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_set_secure): Store an nssl_context. - (open_connection): Give the nssl_context. - -Sun Jun 11 16:37:52 2000 Joe Orton <joe@orton.demon.co.uk> - - * sslcerts.c: Import of SSL support from mutt, relicensed under - the LGPL for use in neon by the author, Tommi Komulainen - <Tommi.Komulainen@iki.fi>. - -Sun Jun 11 11:30:16 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (set_sockerr): Updated to use sock_get_error. - -Sun Jun 11 11:29:29 2000 Joe Orton <joe@orton.demon.co.uk> - - * uri.c (uri_parse): Allow scheme to be omitted. - -Fri Jun 9 20:39:24 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_get_error): New function. (sock_*): Set - sock->error and SOCK_ERROR on error. - -Mon May 29 16:32:46 2000 Joe Orton <joe@orton.demon.co.uk> - - * uri.c (uri_abspath_escape): Allocate the exact amount of memory - needed. - -Mon May 29 15:53:33 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (dav_simple_request): Correct invalid XML logic. - -Mon May 29 15:52:08 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (create_sock, sock_accept, sock_get_fd): New - functions. (sock_connect_u): Use create_sock. - -Sun May 28 21:00:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c (neon_version_string): New function. - -Sun May 28 19:36:45 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_connect_u): Zero out allocated nsocket object. - -Thu May 25 01:27:04 2000 Joe Orton <joe@orton.demon.co.uk> - - * *.h: Include other neon headers with <braces>. - -Thu May 25 01:02:12 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c: Include stdlib.h for 'free'. - -Wed May 24 20:15:08 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (read_message_header): Return HTTP_RETRY if more - headers to read, HTTP_OK on end-of-headers. - (read_response_headers): Changed accordingly. - -Wed May 24 19:56:29 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (send_request_body): Return a SOCK_* code. - (send_request): Re-send request if socket has been closed (due to - persistent connection timeout). - -Wed May 24 19:00:01 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (find_element): Fix unknown element handling. - -Tue May 23 19:12:26 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (propfind): Destroy the request body sbuffer after - use. - -Tue May 23 15:43:42 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_make_secure) [SSL_ENABLE]: Conditionally compile - SSL code. [!SSL_ENABLE]: Return failure. (sock_close) - [SSL_ENABLE]: Conditionally compile SSL code. - -Tue May 23 15:37:53 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_session_create): Renamed from - http_session_init. (http_session_destroy): Renamed frmo - http_session_finish. - -Sun May 21 23:50:58 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (lookup_host): Use sock_name_lookup. - -Sun May 21 23:40:39 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_request_create): Allow passing NULL uri - (internal use only). (http_set_secure): New function. - (read_response_block, read_message_headers): Redone for new socket - API. (build_request): Moved http_auth_new_request calls here - (from http_request_dispatch). (send_request): Always call - open_connection before sending the request. - (read_message_header, read_response_headers): Looser check for - empty line. (normalize_response_length): Set response body length - to zero on 2xx class response whilst in CONNECT, if no other - response body length is given. (http_request_dispatch): Don't - close the connection on a HTTP/1.0 2xx class response after a - CONNECT request. (proxy_tunnel): New function. - (open_connection): Use an SSL connection where appropriate. Use - proxy_tunnel for tunnelling through a proxy. - -Sun May 21 01:35:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * src/socket.c: Added 'nsocket' ADT for handling sockets. - (sock_*): All changed to take 'nsocket *' argument rather than - integer file descriptor. Added 'sock_secure_details' to - sock_status enum. (sock_make_secure, sock_init): New function. - (sock_peek): Renamed from sock_recv. (send_file_*, recv_file_*): - Removed functions. (sock_name_lookup): Renamed from host_lookup. - (sock_service_lookup): Renamed from get_tcp_port. (sock_block, - sock_read, sock_fullwrite, sock_peek, sock_readline): Added SSL - support. (sock_transfer): Use sock_fullwrite and sock_read. - -Sun May 21 01:25:03 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_request_destroy): Free header handlers and - body readers. - -Sun May 21 01:24:30 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.h: Removed obsolte got_property callback type. - -Sun May 21 01:23:59 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (propfind): Free handler object after use. - -Sun May 21 01:23:12 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (dav_207_destroy): Don't try to free the 'response' - field. - -Sat May 20 21:45:32 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c: Changed 'te' enum of struct http_response to - 'is_chunked' boolean. - -Sun May 14 01:00:42 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (propfind): Return error on parse error. - -Sun May 14 00:40:50 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h (NEON_VERSION): Bumped to 0.2.0. - -Sat May 13 23:31:28 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_defs.h (BEGIN_NEON_DECLS, END_NEON_DECLS): Added C++ safety - macros. - - * *.h: Surround with C++ safety macros. - -Sat May 13 22:36:06 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (hip_xml_destroy): Free handlers. - -Sat May 13 21:12:14 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (hip_xml_valid): Reversed return value. - -Sat May 13 21:11:17 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c: Renamed http_debug_mask to neon_debug_mask, - similarly neon_debug_stream. (neon_debug_init): Renamed from - http_debug_init. - -Sat May 13 19:24:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c: Initialize http_debug_mask to zero. - (http_debug_init): New function. - - * http_utils.h: Fixed #ifdef DEBUGGING. Only define relevant - DEBUG_* constants. - -Sat May 13 19:23:34 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_config.h: New file. - - * http_request.c: Include neon_config.h for NEON_VERSION. - -Sat May 13 18:28:05 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (dav_propfind_create): Create a hip_xml_parser, a - 207 parser, register start+end response handlers with 207 layer. - (propfind): Fix allprop (Michael Sobolev). - - * dav_basic.c (dav_simple_request): Create and destroy - hip_xml_parser and 207 parser appropriately. - -Sat May 13 18:24:49 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c: Now takes an externally-declared hip_xml parser - pointer. (dav_207_create, dav_207_destroy): New functions. - (dav_207_init, dav_207_init_with_handler, dav_207_parse, - dav_207_error, dav_207_finish): Removed functions. - -Sat May 13 17:32:45 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.[ch]: Rewritten to use opaque hip_xml_parser pointer. - struct hip_xml_handler and struct hip_xml_state removed from - external interface. struct hip_xml_elm * passed to startelm_cb and - endelm_cb. (hip_xml_add_handler, hip_xml_valid, hip_xml_create, - hip_xml_destroy, hip_xml_set_error, hip_xml_get_error): New - functions. (hip_xml_init, hip_xml_destroy): Removed functions. - -Sat May 13 13:43:56 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon.h: Removed. - -Sat May 13 13:42:20 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.h: Don't include config.h. (CONCAT*): Don't use - xmalloc, use malloc and abort manually. - -Sat May 13 13:32:46 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.h, dates.h, http_basic.h: Don't include config.h - -Sat May 13 13:31:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.[ch], dav_207.c: Use HIP_ERR_SIZE for size of parser - error string. - -Sat May 13 13:30:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * Makefile.incl: Use obj_ext for object file extension. - -Thu May 11 18:21:53 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon.h: Bumped version to 0.1.1. - -Thu May 11 18:16:08 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (get_to_fd): Fix short writes. - -Wed May 10 19:22:01 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon.h: Bumped version to 0.1.0. - -Wed May 10 17:46:48 2000 Joe Orton <joe@orton.demon.co.uk> - - * uri.c (uri_parse, uri_free): New functions. - -Wed May 10 17:43:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (get_to_fd, http_get): Set error appropriately if - fwrite() fails. - -Wed May 10 14:25:38 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c (http_debug): New function. - -Wed May 10 14:25:08 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (get_callback): Call sock_call_progress. - -Wed May 10 14:24:20 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_call_progress): New function. (many places): Use - it. - -Wed May 10 14:22:48 2000 Joe Orton <joe@orton.demon.co.uk> - - * uri.c (uri_has_trailing_slash): Moved from being inline. - -Tue May 9 23:34:25 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c: Use handler as userdata for 207 callbacks, unified - handler and context structures. (start_prop, end_prop, - start_propelm, end_propelm): Removed functions. - (dav_propfind_get_current_resource): New function. - -Tue May 9 23:29:44 2000 Joe Orton <joe@orton.demon.co.uk> - - * xalloc.[ch]: New files. - -Tue May 9 23:05:47 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.[ch]: Removed property and property element callbacks. - -Tue May 9 23:01:00 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c: Use separate name/namespace for element names. - (dav_207_init_with_handler): New function. (end_element): - Unescape URI in href element. - -Tue May 9 19:54:07 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (dav_propfind_allprop, dav_propfind_named, propfind, - start_response, end_response, start_prop, end_prop, start_propelm, - end_propelm): New functions; PROPFIND support. - -Tue May 9 19:45:17 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (build_request): Renamed from make_request. - -Tue May 9 19:36:01 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.[ch]: Added sock_block_reader. - -Tue May 9 15:52:56 2000 Joe Orton <joe@orton.demon.co.uk> - - * uri.c (uri_childof): Return false when parent is the same length - as child. - -Sun May 7 15:07:49 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c: Separated element namespace/names. - -Tue May 2 16:40:59 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.[ch]: Added HIP_XML_UTF8DECODE flag. - -Tue May 2 16:16:57 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.[ch]: Separate element name and namespace. - -Mon May 1 00:21:24 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (dav_accept_207): Moved function from dav_basic.c. - - * dav_basic.c (dav_accept_207, dav_parse_xml_block): Removed - functions. - -Sun Apr 30 22:47:47 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.[ch]: Renamed dav_proppatch_item to - dav_proppatch_operation. - -Sun Apr 30 22:45:04 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (start_element): Clearer error message. - -Sun Apr 30 19:12:07 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (http_content_type_handler, dav_hdr_handler): New - functions. (http_options): Handle DAV header. - -Sun Apr 30 18:08:53 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_props.c (dav_proppatch): New function. - -Sun Apr 30 18:05:55 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (handle_error): New function. (end_response, - end_propstat): Use it. (dav_simple_request): Don't return the 207 - error string if we get all 2xx class status elements. - -Sun Apr 30 16:56:41 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (dav_add_depth_header): New function. - -Sun Apr 30 14:49:06 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (start_element): Unknown element is only a property if - the parent is DAV:propstat. - -Sun Apr 30 14:43:28 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (end_response, end_propstat): Only write error line - if we have status information and the status is not a 424. - -Sun Apr 30 14:28:23 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.h: Added DAV_DEPTH_*. - -Sun Apr 30 12:47:50 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (check_context): Allow (and ignore) unknown elements - anywhere other than as the root. - -Sun Apr 30 12:35:39 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.h (ASC2HEX, HEX2ASC): New macros. - -Sun Apr 30 12:34:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_auth.c [STANDALONE]: Removed. (everywhere): Switch to using - md5_to_ascii rather than md5_hexify. - -Sun Apr 30 12:32:35 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (read_response_block): Fixed to return errors - properly and block length to parameter. (read_response_body): - Changed accordingly. - -Sun Apr 30 12:29:45 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (friendly_name): New function, was PRETTY_NAME macro. - (start_element, end_element): Fix COLLECT handling. - (hip_xml_parse): Only write parse error if the document has not - already been marked invalid. - -Sun Apr 30 12:28:36 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_basic.c (dav_simple_request): Rewritten for new 207 - interface. (start_response, end_response, end_propstat): New - functions. - -Sun Apr 30 12:27:52 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c (dav_207_error): Return the parser error. - -Sat Apr 29 14:46:48 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c (sock_register_progress, sock_register_notify): New - functions. (everywhere): Use progress + notify callbacks rather - than fe_*. - -Sat Apr 29 14:15:23 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.c (md5_to_ascii, ascii_to_md5): New functions. - -Sat Apr 29 13:55:39 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c (hip_xml_init): abort() on out-of-memory. - -Sat Apr 29 12:56:11 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon_i18n.h: New file. - -Sat Apr 29 12:55:24 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.[ch]: Re-implemented with sensible interface. - -Fri Apr 28 14:56:01 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_auth.c (http_auth_request_header): Renamed from - http_auth_request. - - * http_request.c (make_request): As above. - -Thu Apr 13 11:52:14 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (http_put): Switched URI and stream arguments. - -Thu Apr 13 09:51:21 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c: Added user_agent field to session structure. - (http_set_useragent): New function. (add_fixed_headers): Only set - user-agent if sess->user_agent is set. - -Thu Apr 13 09:49:32 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (lookup_host): New function, split from - set_hostinfo. (set_hostinfo): Doesn't perform DNS lookup. - (http_session_server): Don't do a DNS lookup if we have a proxy. - -Wed Apr 12 22:32:21 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_request_dispatch, http_request_create): - Store auth header values in local variables rather than request - structure. (http_request_create): Don't leak everything on error. - Handle http_auth_challenge return value. - -Wed Apr 12 22:30:06 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (http_options): Pass server capabilites object, - parse Server header to detect Apache/1.3.6 and before, indicating - broken 100-continue support. (server_hdr_handler): New function. - -Mon Apr 10 17:42:07 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.c: Use 'int' for return values. - -Mon Apr 10 17:41:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_auth.c (is_in_domain): Dummy implementation. - -Mon Apr 10 17:40:21 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c: Handle read() returning 0 when it shouldn't. - i18n'ized error messages. - -Mon Apr 10 14:45:09 2000 Joe Orton <joe@orton.demon.co.uk> - - * dates.[ch], md5.[ch], base64.[ch]: Imported date handling - utilities, MD5 checksum functions, and text->base64 converter. - -Mon Apr 10 14:44:08 2000 Joe Orton <joe@orton.demon.co.uk> - - * Makefile.incl: Dependancies updated for socket.[ch]. - -Mon Apr 10 14:43:36 2000 Joe Orton <joe@orton.demon.co.uk> - - * dav_207.c: Replaced malloc() calls with xmalloc() calls. - -Mon Apr 10 14:42:35 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_auth.c, uri.c, string_utils.h: Replaced malloc() calls with - xmalloc() calls. - -Mon Apr 10 14:41:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * socket.[ch]: Imported socket handling utilities. - -Mon Apr 10 14:36:03 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.h (CONCAT*): Use xmalloc. - -Mon Apr 10 13:52:17 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (set_sockerr): Added handling for socket errors. - -Sat Apr 8 13:49:07 2000 Joe Orton <joe@orton.demon.co.uk> - - * string_utils.[ch]: Imported string utilites. - -Sat Apr 8 00:26:06 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_set_persist, http_set_expect100): New - functions. - -Sat Apr 8 00:25:37 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_basic.c (http_options): New function. - -Fri Apr 7 13:01:35 2000 Joe Orton <joe@orton.demon.co.uk> - - * neon.h: New file. - -Fri Apr 7 12:59:40 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (normalize_response_length, read_response_body): - New functions. (http_add_response_body_reader): Take a callback - to determine whether the body reader wants to read the response - body. - -Fri Apr 7 11:46:41 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (http_set_server_auth, http_set_proxy_auth): New - functions. (give_creds): Use supplied callbacks for - authentication. (get_request_bodysize): Send Content-Length: 0 if - no entity-body is being sent with a request. (te_hdr_handler, - connection_hdr_handler): New functions. (make_request): Don't use - Expect: 100-continue if server is not HTTP/1.1 compliant. - (read_message_header): Only read until HTTP_MAXIMUM_HEADER_LENGTH - bytes of header have been read. (read_response_headers): No - hard-coded header handling. (http_request_create): Set - req->method_is_head here. - -Thu Apr 6 14:39:28 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.c [HIP_XML_DECODE_UTF8] (decode_utf8_double): New - function. (char_data) [HIP_XML_DECODE_UTF8]: Decode UTF-8. - -Tue Mar 28 13:54:51 2000 Joe Orton <joe@orton.demon.co.uk> - - * Makefile.incl: Imported makefile fragment. - -Tue Mar 28 13:54:09 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.[ch] (http_get_error): New function. - -Thu Mar 23 18:48:42 2000 Joe Orton <joe@orton.demon.co.uk> - - * hip_xml.[ch]: Imported generic XML parsing layer. - - * dav_207.[ch]: Imported generic WebDAV 207 response handling. - - * dav_basic.[ch]: Imported/implemented DAV response handling and - basic Class 1 namespace methods. - -Thu Mar 23 18:46:14 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.c (add_hooks, run_hooks, http_add_destroy_hook): - Adding hooks support. (add_fixed_headers): Send TE token in - Connection header. Only send Keep-Alive header & token to pre-1.1 - origin servers (i.e., not proxies). - -Thu Mar 23 12:49:01 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_auth.[ch], uri.[ch]: Imported HTTP authentication and URI - handling modules. - -Thu Mar 23 12:47:05 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_utils.c: Imported HTTP utility functions. - -Thu Mar 23 12:44:38 2000 Joe Orton <joe@orton.demon.co.uk> - - * http_request.[ch]: Implemented modular HTTP request handling. - - * http_basic.[ch]: Implemented basic HTTP methods GET, PUT, and - PUT with If-Unmodified. - diff --git a/src/Makefile.in b/src/Makefile.in index af0456f..35ceafe 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -33,17 +33,15 @@ NEON_LINK_FLAGS = @NEON_LINK_FLAGS@ LIBS = @NEON_LIBS@ @NEON_LTLIBS@ COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) -LT_COMPILE = $(LIBTOOL) --quiet --mode=compile $(COMPILE) LINK = $(LIBTOOL) --quiet --mode=link $(CC) -no-undefined $(LDFLAGS) -NEON_BASEOBJS = ne_request.@NEON_OBJEXT@ ne_session.@NEON_OBJEXT@ \ - ne_basic.@NEON_OBJEXT@ ne_string.@NEON_OBJEXT@ \ - ne_uri.@NEON_OBJEXT@ ne_dates.@NEON_OBJEXT@ \ - ne_alloc.@NEON_OBJEXT@ ne_md5.@NEON_OBJEXT@ \ - ne_utils.@NEON_OBJEXT@ ne_socket.@NEON_OBJEXT@ \ - ne_auth.@NEON_OBJEXT@ ne_redirect.@NEON_OBJEXT@ \ - ne_compress.@NEON_OBJEXT@ ne_i18n.@NEON_OBJEXT@ \ - ne_pkcs11.@NEON_OBJEXT@ ne_socks.@NEON_OBJEXT@ +NEON_BASEOBJS = ne_request.@NEON_OBJEXT@ ne_session.@NEON_OBJEXT@ \ + ne_basic.@NEON_OBJEXT@ ne_string.@NEON_OBJEXT@ \ + ne_uri.@NEON_OBJEXT@ ne_dates.@NEON_OBJEXT@ ne_alloc.@NEON_OBJEXT@ \ + ne_md5.@NEON_OBJEXT@ ne_utils.@NEON_OBJEXT@ \ + ne_socket.@NEON_OBJEXT@ ne_auth.@NEON_OBJEXT@ \ + ne_redirect.@NEON_OBJEXT@ ne_compress.@NEON_OBJEXT@ \ + ne_i18n.@NEON_OBJEXT@ ne_pkcs11.@NEON_OBJEXT@ NEON_DAVOBJS = $(NEON_BASEOBJS) \ ne_207.@NEON_OBJEXT@ ne_xml.@NEON_OBJEXT@ \ @@ -65,7 +63,7 @@ all-no: @echo "Bundled neon build not being used." .c.lo: - $(LT_COMPILE) -c $< -o $@ + $(LIBTOOL) --quiet --mode=compile $(COMPILE) -c $< -o $@ .c.o: $(COMPILE) -c $< -o $@ @@ -96,31 +94,20 @@ check-incl: # Update generated dependencies below; requires cc -MM as in gcc. update-deps: - for f in `echo $(OBJECTS) | sed 's/\\.@NEON_OBJEXT@/.c/g;s/ne_openssl.c//;s/ne_gnutls.c//;s/ne_pkcs11.c//;s/ne_stubssl.c//'`; do \ + for f in `echo $(OBJECTS) | sed 's/\\.@NEON_OBJEXT@/.c/g'`; do \ $(CC) $(CPPFLAGS) -MM -c $$f; \ done | sed 's, \.\./, $$(top_builddir)/,g;s, /[^ ]*.h,,g;/^ .$$/d;s/\.o: /.@NEON''_OBJEXT@: /' > new-deps sed '/[-]--CUT---/q' Makefile.in > Makefile.new cat Makefile.new new-deps > Makefile.in rm new-deps Makefile.new -ne_openssl.@NEON_OBJEXT@: ne_openssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ - ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ - ne_request.h ne_utils.h ne_pkcs11.h ne_privssl.h -ne_stubssl.@NEON_OBJEXT@: ne_stubssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_session.h \ - ne_uri.h ne_socket.h -ne_pkcs11.@NEON_OBJEXT@: ne_pkcs11.c $(top_builddir)/config.h ne_pkcs11.h ne_defs.h ne_session.h \ - ne_ssl.h ne_uri.h ne_socket.h ne_internal.h ne_privssl.h \ - ne_alloc.h ne_private.h ne_request.h ne_utils.h ne_string.h -ne_gnutls.@NEON_OBJEXT@: ne_gnutls.c $(top_builddir)/config.h ne_ssl.h ne_defs.h \ - ne_string.h ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h \ - ne_private.h ne_request.h ne_utils.h ne_privssl.h #### ---CUT--- DO NOT REMOVE THIS LINE. Generated dependencies follow. #### ne_request.@NEON_OBJEXT@: ne_request.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_alloc.h \ ne_request.h ne_utils.h ne_string.h ne_session.h ne_ssl.h ne_uri.h \ - ne_socket.h ne_private.h + ne_socket.h ne_private.h ne_pkcs11.h ne_session.@NEON_OBJEXT@: ne_session.c $(top_builddir)/config.h ne_session.h ne_ssl.h ne_defs.h \ ne_uri.h ne_socket.h ne_alloc.h ne_utils.h ne_internal.h ne_string.h \ - ne_dates.h ne_private.h ne_request.h + ne_dates.h ne_private.h ne_request.h ne_pkcs11.h ne_basic.@NEON_OBJEXT@: ne_basic.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_basic.h ne_207.h ne_xml.h ne_locks.h ne_dates.h ne_internal.h @@ -144,8 +131,8 @@ ne_compress.@NEON_OBJEXT@: ne_compress.c $(top_builddir)/config.h ne_request.h n ne_defs.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h \ ne_socket.h ne_compress.h ne_internal.h ne_i18n.@NEON_OBJEXT@: ne_i18n.c $(top_builddir)/config.h ne_i18n.h ne_defs.h -ne_socks.@NEON_OBJEXT@: ne_socks.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_string.h \ - ne_alloc.h ne_socket.h ne_ssl.h ne_utils.h +ne_pkcs11.@NEON_OBJEXT@: ne_pkcs11.c $(top_builddir)/config.h ne_pkcs11.h ne_defs.h ne_session.h \ + ne_ssl.h ne_uri.h ne_socket.h ne_207.@NEON_OBJEXT@: ne_207.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_utils.h ne_xml.h \ ne_207.h ne_request.h ne_string.h ne_session.h ne_ssl.h ne_uri.h \ ne_socket.h ne_basic.h ne_internal.h @@ -161,9 +148,9 @@ ne_locks.@NEON_OBJEXT@: ne_locks.c $(top_builddir)/config.h ne_alloc.h ne_defs.h ne_xmlreq.@NEON_OBJEXT@: ne_xmlreq.c $(top_builddir)/config.h ne_internal.h ne_defs.h ne_xmlreq.h \ ne_request.h ne_utils.h ne_string.h ne_alloc.h ne_session.h ne_ssl.h \ ne_uri.h ne_socket.h ne_xml.h ne_basic.h -ne_oldacl.@NEON_OBJEXT@: ne_oldacl.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ - ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ - ne_locks.h ne_acl.h ne_xml.h -ne_acl3744.@NEON_OBJEXT@: ne_acl3744.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ +ne_acl.@NEON_OBJEXT@: ne_acl.c $(top_builddir)/config.h ne_request.h ne_utils.h ne_defs.h \ ne_string.h ne_alloc.h ne_session.h ne_ssl.h ne_uri.h ne_socket.h \ ne_locks.h ne_acl.h ne_xml.h +ne_openssl.@NEON_OBJEXT@: ne_openssl.c $(top_builddir)/config.h ne_ssl.h ne_defs.h ne_string.h \ + ne_alloc.h ne_session.h ne_uri.h ne_socket.h ne_internal.h ne_private.h \ + ne_request.h ne_utils.h ne_pkcs11.h ne_privssl.h diff --git a/src/ne_oldacl.c b/src/ne_acl.c index 80a6838..80a6838 100644 --- a/src/ne_oldacl.c +++ b/src/ne_acl.c diff --git a/src/ne_acl.h b/src/ne_acl.h index a473981..7bcc80a 100644 --- a/src/ne_acl.h +++ b/src/ne_acl.h @@ -19,10 +19,6 @@ */ -/* - * DEPRECATED ACL Interface. See ne_acl3744.h for replacement API. - */ - #ifndef NE_ACL_H #define NE_ACL_H diff --git a/src/ne_acl3744.c b/src/ne_acl3744.c deleted file mode 100644 index 3ad7e1d..0000000 --- a/src/ne_acl3744.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - Access control - Copyright (C) 2001-2006, 2008, Joe Orton <joe@manyfish.co.uk> - Copyright (C) 2001, Arun Garg <arung@pspl.co.in> - Copyright (C) 2007 Henrik Holst <henrik.holst2@gmail.com> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA - -*/ - -/* Contributed by Arun Garg <arung@pspl.co.in> */ - -#include "config.h" - -#include <sys/types.h> - -#ifdef HAVE_STRING_H -#include <string.h> -#endif -#ifdef HAVE_UNISTD_H -#include <unistd.h> -#endif -#ifdef HAVE_STDLIB_H -#include <stdlib.h> -#endif - -#include "ne_request.h" -#include "ne_locks.h" -#include "ne_alloc.h" -#include "ne_string.h" -#include "ne_acl3744.h" -#include "ne_uri.h" -#include "ne_xml.h" /* for NE_XML_MEDIA_TYPE */ - -#define EOL "\r\n" - -static ne_buffer *acl_body(const ne_acl_entry *right, int count) -{ - ne_buffer *body = ne_buffer_create(); - int m; - - ne_buffer_zappend(body, - "<?xml version=\"1.0\" encoding=\"utf-8\"?>" EOL - "<acl xmlns='DAV:'>" EOL); - - for (m = 0; m < count; m++) { - const char *type; - - type = (right[m].type == ne_acl_grant ? "grant" : "deny"); - - ne_buffer_concat(body, "<ace>" EOL "<principal>", NULL); - - switch (right[m].target) { - case ne_acl_all: - ne_buffer_czappend(body, "<all/>" EOL); - break; - case ne_acl_authenticated: - ne_buffer_czappend(body, "<authenticated/>" EOL); - break; - case ne_acl_unauthenticated: - ne_buffer_czappend(body, "<unauthenticated/>" EOL); - break; - case ne_acl_self: - ne_buffer_czappend(body, "<self/>" EOL); - break; - case ne_acl_property: - ne_buffer_concat(body, "<property><", right[m].tname, - "/></property>" EOL, NULL); - break; - case ne_acl_href: - ne_buffer_concat(body, "<href>", right[m].tname, - "</href>" EOL, NULL); - break; - } - - ne_buffer_concat(body, "</principal>" EOL - "<", type, ">" EOL, NULL); - - if ((right[m].privileges & NE_ACL_READ) == NE_ACL_READ) - ne_buffer_concat(body, - "<privilege>" "<read/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_WRITE) == NE_ACL_WRITE) - ne_buffer_concat(body, - "<privilege>" "<write/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_WRITE_PROPERTIES) == NE_ACL_WRITE_PROPERTIES) - ne_buffer_concat(body, - "<privilege>" "<write-properties/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_WRITE_CONTENT) == NE_ACL_WRITE_CONTENT) - ne_buffer_concat(body, - "<privilege>" "<write-content/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_UNLOCK) == NE_ACL_UNLOCK) - ne_buffer_concat(body, - "<privilege>" "<unlock/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_READ_ACL) == NE_ACL_READ_ACL) - ne_buffer_concat(body, - "<privilege>" "<read-acl/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_READ_CUPRIVSET) == NE_ACL_READ_CUPRIVSET) - ne_buffer_concat(body, - "<privilege>" "<read-current-user-privileges-set/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_WRITE_ACL) == NE_ACL_WRITE_ACL) - ne_buffer_concat(body, - "<privilege>" "<write-acl/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_BIND) == NE_ACL_BIND) - ne_buffer_concat(body, - "<privilege>" "<bind/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_UNBIND) == NE_ACL_UNBIND) - ne_buffer_concat(body, - "<privilege>" "<unbind/>" "</privilege>" EOL, - NULL); - - if ((right[m].privileges & NE_ACL_ALL) == NE_ACL_ALL) - ne_buffer_concat(body, - "<privilege>" "<all/>" "</privilege>" EOL, - NULL); - - ne_buffer_concat(body, "</", type, ">" EOL, NULL); - ne_buffer_czappend(body, "</ace>" EOL); - } - - ne_buffer_czappend(body, "</acl>" EOL); - - return body; -} - -int ne_acl3744_set(ne_session *sess, const char *uri, - const ne_acl_entry *entries, int numentries) -{ - int ret; - ne_request *req = ne_request_create(sess, "ACL", uri); - ne_buffer *body = acl_body(entries, numentries); - -#ifdef NE_HAVE_DAV - ne_lock_using_resource(req, uri, 0); -#endif - - ne_set_request_body_buffer(req, body->data, ne_buffer_size(body)); - ne_add_request_header(req, "Content-Type", NE_XML_MEDIA_TYPE); - ret = ne_request_dispatch(req); - - ne_buffer_destroy(body); - - if (ret == NE_OK && ne_get_status(req)->code == 207) { - ret = NE_ERROR; - } - - ne_request_destroy(req); - return ret; -} diff --git a/src/ne_acl3744.h b/src/ne_acl3744.h deleted file mode 100644 index dc8835c..0000000 --- a/src/ne_acl3744.h +++ /dev/null @@ -1,85 +0,0 @@ -/* - Access control - Copyright (C) 2001-2007, Joe Orton <joe@manyfish.co.uk> - Copyright (C) 2001, Arun Garg <arung@pspl.co.in> - Copyright (C) 2007 Henrik Holst <henrik.holst2@gmail.com> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA - -*/ - -#ifndef NE_ACL3744_H -#define NE_ACL3744_H - -#include "ne_session.h" - -NE_BEGIN_DECLS - -#define NE_ACL_READ (0x0001) -#define NE_ACL_WRITE (0x0002) -#define NE_ACL_WRITE_PROPERTIES (0x0004) -#define NE_ACL_WRITE_CONTENT (0x0008) -#define NE_ACL_UNLOCK (0x0010) -#define NE_ACL_READ_ACL (0x0020) -#define NE_ACL_READ_CUPRIVSET (0x0040) -#define NE_ACL_WRITE_ACL (0x0080) -#define NE_ACL_BIND (0x0100) -#define NE_ACL_UNBIND (0x0200) -#define NE_ACL_ALL (0x0400) - -enum ne_acl_target { - ne_acl_href, - ne_acl_property, - ne_acl_all, - ne_acl_authenticated, - ne_acl_unauthenticated, - ne_acl_self -}; - -enum ne_acl_optype { - ne_acl_grant, - ne_acl_deny -}; - -/* A simplified representation of an Access Control Element (ACE): */ -typedef struct { - /* Identify the principal(s) to which this ACE applies: */ - enum ne_acl_target target; - - /* Whether to grant or deny access: */ - enum ne_acl_optype type; - - /* If target == ne_acl_href, tname must be non-NULL and give the - * principal URL. If target == ne_acl_property, tname must be - * non-NULL and be a property name, including an XML namespace - * definition, if appropriate (the default namespace being - * "DAV:"). This restricts access as described at: - * http://tools.ietf.org/html/rfc3744#section-5.5.1 */ - char *tname; - - /* The set of privileges to be restricted; a bit mask of one or - * more of the NE_ACL_* constants defined above: */ - unsigned int privileges; - -} ne_acl_entry; - -/* Set the ACL for the given resource to the list of ACL entries. */ -int ne_acl3744_set(ne_session *sess, const char *path, - const ne_acl_entry entries[], int numentries); - -NE_END_DECLS - -#endif /* NE_ACL3744_H */ diff --git a/src/ne_alloc.c b/src/ne_alloc.c index 7d98bf2..d7eca98 100644 --- a/src/ne_alloc.c +++ b/src/ne_alloc.c @@ -76,14 +76,6 @@ void *ne_realloc(void *ptr, size_t len) return ret; } -#ifdef WIN32 -/* Implemented only to ensure free is bound to the correct DLL. */ -void ne_free(void *ptr) -{ - free(ptr); -} -#endif - char *ne_strdup(const char *s) { char *ret; diff --git a/src/ne_alloc.h b/src/ne_alloc.h index 0322fa7..58ecbe1 100644 --- a/src/ne_alloc.h +++ b/src/ne_alloc.h @@ -48,12 +48,8 @@ void *ne_calloc(size_t size) ne_attribute_malloc; void *ne_realloc(void *ptr, size_t s); char *ne_strdup(const char *s) ne_attribute_malloc; char *ne_strndup(const char *s, size_t n) ne_attribute_malloc; -#ifdef WIN32 -void ne_free(void *ptr); -#else #define ne_free free #endif -#endif NE_END_DECLS diff --git a/src/ne_auth.c b/src/ne_auth.c index 7443c05..8011c1c 100644 --- a/src/ne_auth.c +++ b/src/ne_auth.c @@ -77,10 +77,6 @@ #include "ne_sspi.h" #endif -#ifdef HAVE_NTLM -#include "ne_ntlm.h" -#endif - #define HOOK_SERVER_ID "http://webdav.org/neon/hooks/server-auth" #define HOOK_PROXY_ID "http://webdav.org/neon/hooks/proxy-auth" @@ -177,10 +173,6 @@ typedef struct { char *sspi_token; void *sspi_context; #endif -#ifdef HAVE_NTLM - /* This is used for NTLM auth */ - ne_ntlm_context *ntlm_context; -#endif /* These all used for Digest auth */ char *realm; char *nonce; @@ -295,11 +287,6 @@ static void clean_session(auth_session *sess) ne_sspi_destroy_context(sess->sspi_context); sess->sspi_context = NULL; #endif -#ifdef HAVE_NTLM - ne_ntlm_destroy_context(sess->ntlm_context); - sess->ntlm_context = NULL; -#endif - sess->protocol = NULL; } @@ -701,61 +688,6 @@ static int parse_domain(auth_session *sess, const char *domain) return invalid; } -#ifdef HAVE_NTLM - -static char *request_ntlm(auth_session *sess, struct auth_request *request) -{ - char *token = ne_ntlm_getRequestToken(sess->ntlm_context); - if (token) { - char * req = ne_concat(sess->protocol->name, " ", token, "\r\n", NULL); - ne_free(token); - return req; - } else { - return NULL; - } -} - -static int ntlm_challenge(auth_session *sess, int attempt, - struct auth_challenge *parms, - ne_buffer **errmsg) -{ - int status; - - NE_DEBUG(NE_DBG_HTTPAUTH, "auth: NTLM challenge.\n"); - - if (!parms->opaque) { - char password[NE_ABUFSIZ]; - - if (get_credentials(sess, errmsg, attempt, parms, password)) { - /* Failed to get credentials */ - return -1; - } - - if (sess->ntlm_context) { - status = ne_ntlm_destroy_context(sess->ntlm_context); - sess->ntlm_context = NULL; - if (status) { - return status; - } - } - - status = ne_ntlm_create_context(&sess->ntlm_context, - sess->username, - password); - if (status) { - return status; - } - } - - status = ne_ntlm_authenticate(sess->ntlm_context, parms->opaque); - if (status) { - return status; - } - - return 0; -} -#endif /* HAVE_NTLM */ - /* Examine a digest challenge: return 0 if it is a valid Digest challenge, * else non-zero. */ static int digest_challenge(auth_session *sess, int attempt, @@ -1206,11 +1138,6 @@ static const struct auth_protocol protocols[] = { sspi_challenge, request_sspi, NULL, AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, #endif -#ifdef HAVE_NTLM - { NE_AUTH_NEGOTIATE, 30, "NTLM", - ntlm_challenge, request_ntlm, NULL, - AUTH_FLAG_OPAQUE_PARAM|AUTH_FLAG_VERIFY_NON40x|AUTH_FLAG_CONN_AUTH }, -#endif { 0 } }; @@ -1508,11 +1435,6 @@ static int ah_post_send(ne_request *req, void *cookie, const ne_status *status) ne_sspi_clear_context(sess->sspi_context); } #endif -#ifdef HAVE_NTLM - if (sess->ntlm_context) { - ne_ntlm_clear_context(sess->ntlm_context); - } -#endif return ret; } diff --git a/src/ne_gnutls.c b/src/ne_gnutls.c index e202b98..b456d1a 100644 --- a/src/ne_gnutls.c +++ b/src/ne_gnutls.c @@ -1,6 +1,6 @@ /* neon SSL/TLS support using GNU TLS - Copyright (C) 2002-2009, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2002-2008, Joe Orton <joe@manyfish.co.uk> Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org> This library is free software; you can redistribute it and/or @@ -56,19 +56,9 @@ GCRY_THREAD_OPTION_PTHREAD_IMPL; #include "ne_private.h" #include "ne_privssl.h" -#if LIBGNUTLS_VERSION_NUMBER >= 0x020302 -/* The GnuTLS DN functions in 2.3.2 and later allow a simpler DN - * abstraction to be used. */ -#define HAVE_NEW_DN_API -#endif - struct ne_ssl_dname_s { -#ifdef HAVE_NEW_DN_API - gnutls_x509_dn_t dn; -#else int subject; /* non-zero if this is the subject DN object */ gnutls_x509_crt cert; -#endif }; struct ne_ssl_certificate_s { @@ -189,9 +179,6 @@ char *ne_ssl_readable_dname(const ne_ssl_dname *name) ne_buffer *buf; gnutls_x509_ava_st val; -#ifdef HAVE_NEW_DN_API - dn = name->dn; -#else if (name->subject) ret = gnutls_x509_crt_get_subject(name->cert, &dn); else @@ -199,7 +186,6 @@ char *ne_ssl_readable_dname(const ne_ssl_dname *name) if (ret) return ne_strdup(_("[unprintable]")); -#endif /* HAVE_NEW_DN_API */ buf = ne_buffer_create(); @@ -293,14 +279,6 @@ int ne_ssl_dname_cmp(const ne_ssl_dname *dn1, const ne_ssl_dname *dn2) { char c1[1024], c2[1024]; size_t s1 = sizeof c1, s2 = sizeof c2; - -#ifdef HAVE_NEW_DN_API - if (gnutls_x509_dn_export(dn1->dn, GNUTLS_X509_FMT_DER, c1, &s1)) - return 1; - - if (gnutls_x509_dn_export(dn2->dn, GNUTLS_X509_FMT_DER, c2, &s2)) - return -1; -#else int ret; if (dn1->subject) @@ -316,7 +294,6 @@ int ne_ssl_dname_cmp(const ne_ssl_dname *dn1, const ne_ssl_dname *dn2) ret = gnutls_x509_crt_get_issuer_dn(dn2->cert, c2, &s2); if (ret) return -1; -#endif /* HAVE_NEW_DN_API */ if (s1 != s2) return s2 - s1; @@ -456,21 +433,14 @@ static int check_identity(const ne_uri *server, gnutls_x509_crt cert, return match ? 0 : 1; } -/* Populate an ne_ssl_certificate structure from an X509 object. Note - * that x5 is owned by returned cert object and must not be otherwise - * freed by the caller. */ +/* Populate an ne_ssl_certificate structure from an X509 object. */ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, gnutls_x509_crt x5) { -#ifdef HAVE_NEW_DN_API - gnutls_x509_crt_get_subject(x5, &cert->subj_dn.dn); - gnutls_x509_crt_get_issuer(x5, &cert->issuer_dn.dn); -#else cert->subj_dn.cert = x5; cert->subj_dn.subject = 1; cert->issuer_dn.cert = x5; cert->issuer_dn.subject = 0; -#endif cert->issuer = NULL; cert->subject = x5; cert->identity = NULL; @@ -558,53 +528,15 @@ static int provide_client_cert(gnutls_session session, return GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER; } - NE_DEBUG(NE_DBG_SSL, "ssl: Client cert provider callback; %d CA names.\n", - nreqs); - if (!sess->client_cert && sess->ssl_provide_fn) { -#ifdef HAVE_NEW_DN_API - const ne_ssl_dname **dns; - ne_ssl_dname *dnarray; - unsigned dncount = 0; - int n; - - dns = ne_malloc(nreqs * sizeof(ne_ssl_dname *)); - dnarray = ne_calloc(nreqs * sizeof(ne_ssl_dname)); - - for (n = 0; n < nreqs; n++) { - gnutls_x509_dn_t dn; - - if (gnutls_x509_dn_init(&dn) == 0) { - dnarray[n].dn = dn; - if (gnutls_x509_dn_import(dn, &req_ca_rdn[n]) == 0) { - dns[dncount++] = &dnarray[n]; - } - else { - gnutls_x509_dn_deinit(dn); - } - } - } - - NE_DEBUG(NE_DBG_SSL, "ssl: Mapped %d CA names to %u DN objects.\n", - nreqs, dncount); - - sess->ssl_provide_fn(sess->ssl_provide_ud, sess, dns, dncount); - - for (n = 0; n < nreqs; n++) { - if (dnarray[n].dn) { - gnutls_x509_dn_deinit(dnarray[n].dn); - } - } - - ne_free(dns); - ne_free(dnarray); -#else /* HAVE_NEW_DN_API */ - /* Nothing to do here other than pretend no CA names were - * given, and hope the caller can cope. */ - sess->ssl_provide_fn(sess->ssl_provide_ud, sess, NULL, 0); -#endif + /* The dname array cannot be converted without better dname + * support from GNUTLS. */ + sess->ssl_provide_fn(sess->ssl_provide_ud, sess, + NULL, 0); } + NE_DEBUG(NE_DBG_SSL, "In client cert provider callback.\n"); + if (sess->client_cert) { gnutls_certificate_type type = gnutls_certificate_type_get(session); if (type == GNUTLS_CRT_X509) { @@ -686,41 +618,20 @@ void ne_ssl_context_destroy(ne_ssl_context *ctx) ne_free(ctx); } -#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS -/* Return the issuer of the given certificate, or NULL if none can be - * found. */ -static gnutls_x509_crt find_issuer(gnutls_x509_crt *ca_list, - unsigned int num_cas, - gnutls_x509_crt cert) -{ - unsigned int n; - - for (n = 0; n < num_cas; n++) { - if (gnutls_x509_crt_check_issuer(cert, ca_list[n]) == 1) - return ca_list[n]; - } - - return NULL; -} -#endif - /* Return the certificate chain sent by the peer, or NULL on error. */ -static ne_ssl_certificate *make_peers_chain(gnutls_session sock, - gnutls_certificate_credentials crd) +static ne_ssl_certificate *make_peers_chain(gnutls_session sock) { ne_ssl_certificate *current = NULL, *top = NULL; const gnutls_datum *certs; unsigned int n, count; - ne_ssl_certificate *cert; certs = gnutls_certificate_get_peers(sock, &count); if (!certs) { return NULL; } - - NE_DEBUG(NE_DBG_SSL, "ssl: Got %u certs in peer chain.\n", count); for (n = 0; n < count; n++) { + ne_ssl_certificate *cert; gnutls_x509_crt x5; if (gnutls_x509_crt_init(&x5) || @@ -731,7 +642,7 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock, return NULL; } - cert = populate_cert(ne_calloc(sizeof *cert), x5); + cert = populate_cert(ne_malloc(sizeof *cert), x5); if (top == NULL) { current = top = cert; @@ -740,119 +651,25 @@ static ne_ssl_certificate *make_peers_chain(gnutls_session sock, current = cert; } } - -#ifdef HAVE_GNUTLS_CERTIFICATE_GET_X509_CAS - /* GnuTLS only returns the peers which were *sent* by the server - * in the Certificate list during the handshake. Fill in the - * complete chain manually against the certs we trust: */ - if (current->issuer == NULL) { - gnutls_x509_crt issuer; - gnutls_x509_crt *ca_list; - unsigned int num_cas; - - gnutls_certificate_get_x509_cas(crd, &ca_list, &num_cas); - - do { - /* Look up the issuer. */ - issuer = find_issuer(ca_list, num_cas, current->subject); - if (issuer) { - issuer = x509_crt_copy(issuer); - cert = populate_cert(ne_calloc(sizeof *cert), issuer); - /* Check that the issuer does not match the current - * cert. */ - if (ne_ssl_cert_cmp(current, cert)) { - current = current->issuer = cert; - } - else { - ne_ssl_cert_free(cert); - issuer = NULL; - } - } - } while (issuer); - } -#endif return top; } -/* Map from GnuTLS verify failure mask *status to NE_SSL_* failure - * bitmask, which is returned. *status is modified, removing all - * mapped bits. */ -static int map_verify_failures(unsigned int *status) -{ - static const struct { - gnutls_certificate_status_t from; - int to; - } map[] = { - { GNUTLS_CERT_REVOKED, NE_SSL_REVOKED }, - { GNUTLS_CERT_NOT_ACTIVATED, NE_SSL_NOTYETVALID }, - { GNUTLS_CERT_EXPIRED, NE_SSL_EXPIRED }, - { GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_FOUND, NE_SSL_UNTRUSTED }, - { GNUTLS_CERT_INVALID|GNUTLS_CERT_SIGNER_NOT_CA, NE_SSL_UNTRUSTED } - }; - size_t n; - int ret = 0; - - for (n = 0; n < sizeof(map)/sizeof(map[0]); n++) { - if ((*status & map[n].from) == map[n].from) { - *status &= ~map[n].from; - ret |= map[n].to; - } - } - - return ret; -} - -/* Return a malloc-allocated human-readable error string describing - * GnuTLS verification error bitmask 'status'; return value must be - * freed by the caller. */ -static char *verify_error_string(unsigned int status) -{ - ne_buffer *buf = ne_buffer_create(); - - /* sorry, i18n-ers */ - if (status & GNUTLS_CERT_INSECURE_ALGORITHM) { - ne_buffer_zappend(buf, _("signed using insecure algorithm")); - } - else { - ne_buffer_snprintf(buf, 64, _("unrecognized errors (%u)"), - status); - } - - return ne_buffer_finish(buf); -} - -/* Return NE_SSL_* failure bits after checking chain expiry. */ -static int check_chain_expiry(ne_ssl_certificate *chain) -{ - time_t before, after, now = time(NULL); - ne_ssl_certificate *cert; - int failures = 0; - - /* Check that all certs within the chain are inside their defined - * validity period. Note that the errors flagged for the server - * cert are different from the generic error for issues higher up - * the chain. */ - for (cert = chain; cert; cert = cert->issuer) { - before = gnutls_x509_crt_get_activation_time(cert->subject); - after = gnutls_x509_crt_get_expiration_time(cert->subject); - - if (now < before) - failures |= (cert == chain) ? NE_SSL_NOTYETVALID : NE_SSL_BADCHAIN; - else if (now > after) - failures |= (cert == chain) ? NE_SSL_EXPIRED : NE_SSL_BADCHAIN; - } - - return failures; -} - /* Verifies an SSL server certificate. */ static int check_certificate(ne_session *sess, gnutls_session sock, ne_ssl_certificate *chain) { - int ret, failures; + time_t before, after, now = time(NULL); + int ret, failures = 0; ne_uri server; - unsigned int status; + + before = gnutls_x509_crt_get_activation_time(chain->subject); + after = gnutls_x509_crt_get_expiration_time(chain->subject); + + if (now < before) + failures |= NE_SSL_NOTYETVALID; + else if (now > after) + failures |= NE_SSL_EXPIRED; memset(&server, 0, sizeof server); ne_fill_server_uri(sess, &server); @@ -863,34 +680,16 @@ static int check_certificate(ne_session *sess, gnutls_session sock, ne_set_error(sess, _("Server certificate was missing commonName " "attribute in subject name")); return NE_ERROR; - } - else if (ret > 0) { + } else if (ret > 0) { failures |= NE_SSL_IDMISMATCH; } - - failures |= check_chain_expiry(chain); - - ret = gnutls_certificate_verify_peers2(sock, &status); - NE_DEBUG(NE_DBG_SSL, "ssl: Verify peers returned %d, status=%u\n", - ret, status); - if (ret != GNUTLS_E_SUCCESS) { - ne_set_error(sess, _("Could not verify server certificate: %s"), - gnutls_strerror(ret)); - return NE_ERROR; - } - failures |= map_verify_failures(&status); - - NE_DEBUG(NE_DBG_SSL, "ssl: Verification failures = %d (status = %u).\n", - failures, status); - - if (status && status != GNUTLS_CERT_INVALID) { - char *errstr = verify_error_string(status); - ne_set_error(sess, _("Certificate verification error: %s"), errstr); - ne_free(errstr); - return NE_ERROR; + if (gnutls_certificate_verify_peers(sock)) { + failures |= NE_SSL_UNTRUSTED; } + NE_DEBUG(NE_DBG_SSL, "Failures = %d\n", failures); + if (failures == 0) { ret = NE_OK; } else { @@ -919,12 +718,12 @@ int ne__negotiate_ssl(ne_session *sess) if (ne_sock_connect_ssl(sess->socket, ctx, sess)) { if (sess->ssl_cc_requested) { - ne_set_error(sess, _("SSL handshake failed, " + ne_set_error(sess, _("SSL negotiation failed, " "client certificate was requested: %s"), ne_sock_error(sess->socket)); } else { - ne_set_error(sess, _("SSL handshake failed: %s"), + ne_set_error(sess, _("SSL negotiation failed: %s"), ne_sock_error(sess->socket)); } return NE_ERROR; @@ -932,7 +731,7 @@ int ne__negotiate_ssl(ne_session *sess) sock = ne__sock_sslsock(sess->socket); - chain = make_peers_chain(sock, ctx->cred); + chain = make_peers_chain(sock); if (chain == NULL) { ne_set_error(sess, _("Server did not send certificate chain")); return NE_ERROR; diff --git a/src/ne_ntlm.c b/src/ne_ntlm.c deleted file mode 100644 index 01eeb47..0000000 --- a/src/ne_ntlm.c +++ /dev/null @@ -1,700 +0,0 @@ -/* - Handling of NTLM Authentication - Copyright (C) 2003, Daniel Stenberg <daniel@haxx.se> - Copyright (C) 2009, Kai Sommerfeld <kso@openoffice.org> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA - -*/ - -/* NTLM details: - - http://davenport.sourceforge.net/ntlm.html - http://www.innovation.ch/java/ntlm.html - -*/ - -#include "ne_ntlm.h" - -#ifdef HAVE_NTLM - -#include "ne_string.h" - -typedef enum { - NTLMSTATE_NONE, - NTLMSTATE_TYPE1, - NTLMSTATE_TYPE2, - NTLMSTATE_TYPE3, - NTLMSTATE_LAST -} NTLMState; - -struct ne_ntlm_context_s { - NTLMState state; - unsigned char nonce[8]; - char *user; - char *passwd; - char *requestToken; -}; - -typedef enum { - NTLM_NONE, /* not a ntlm */ - NTLM_BAD, /* an ntlm, but one we don't like */ - NTLM_FIRST, /* the first 401-reply we got with NTLM */ - NTLM_FINE, /* an ntlm we act on */ - - NTLM_LAST /* last entry in this enum, don't use */ -} ntlm; - -/* Flag bits definitions based on http://davenport.sourceforge.net/ntlm.html */ - -#define NTLMFLAG_NEGOTIATE_UNICODE (1<<0) -/* Indicates that Unicode strings are supported for use in security buffer - data. */ - -#define NTLMFLAG_NEGOTIATE_OEM (1<<1) -/* Indicates that OEM strings are supported for use in security buffer data. */ - -#define NTLMFLAG_REQUEST_TARGET (1<<2) -/* Requests that the server's authentication realm be included in the Type 2 - message. */ - -/* unknown (1<<3) */ -#define NTLMFLAG_NEGOTIATE_SIGN (1<<4) -/* Specifies that authenticated communication between the client and server - should carry a digital signature (message integrity). */ - -#define NTLMFLAG_NEGOTIATE_SEAL (1<<5) -/* Specifies that authenticated communication between the client and server - should be encrypted (message confidentiality). */ - -#define NTLMFLAG_NEGOTIATE_DATAGRAM_STYLE (1<<6) -/* unknown purpose */ - -#define NTLMFLAG_NEGOTIATE_LM_KEY (1<<7) -/* Indicates that the LAN Manager session key should be used for signing and - sealing authenticated communications. */ - -#define NTLMFLAG_NEGOTIATE_NETWARE (1<<8) -/* unknown purpose */ - -#define NTLMFLAG_NEGOTIATE_NTLM_KEY (1<<9) -/* Indicates that NTLM authentication is being used. */ - -/* unknown (1<<10) */ -/* unknown (1<<11) */ - -#define NTLMFLAG_NEGOTIATE_DOMAIN_SUPPLIED (1<<12) -/* Sent by the client in the Type 1 message to indicate that a desired - authentication realm is included in the message. */ - -#define NTLMFLAG_NEGOTIATE_WORKSTATION_SUPPLIED (1<<13) -/* Sent by the client in the Type 1 message to indicate that the client - workstation's name is included in the message. */ - -#define NTLMFLAG_NEGOTIATE_LOCAL_CALL (1<<14) -/* Sent by the server to indicate that the server and client are on the same - machine. Implies that the client may use a pre-established local security - context rather than responding to the challenge. */ - -#define NTLMFLAG_NEGOTIATE_ALWAYS_SIGN (1<<15) -/* Indicates that authenticated communication between the client and server - should be signed with a "dummy" signature. */ - -#define NTLMFLAG_TARGET_TYPE_DOMAIN (1<<16) -/* Sent by the server in the Type 2 message to indicate that the target - authentication realm is a domain. */ - -#define NTLMFLAG_TARGET_TYPE_SERVER (1<<17) -/* Sent by the server in the Type 2 message to indicate that the target - authentication realm is a server. */ - -#define NTLMFLAG_TARGET_TYPE_SHARE (1<<18) -/* Sent by the server in the Type 2 message to indicate that the target - authentication realm is a share. Presumably, this is for share-level - authentication. Usage is unclear. */ - -#define NTLMFLAG_NEGOTIATE_NTLM2_KEY (1<<19) -/* Indicates that the NTLM2 signing and sealing scheme should be used for - protecting authenticated communications. */ - -#define NTLMFLAG_REQUEST_INIT_RESPONSE (1<<20) -/* unknown purpose */ - -#define NTLMFLAG_REQUEST_ACCEPT_RESPONSE (1<<21) -/* unknown purpose */ - -#define NTLMFLAG_REQUEST_NONNT_SESSION_KEY (1<<22) -/* unknown purpose */ - -#define NTLMFLAG_NEGOTIATE_TARGET_INFO (1<<23) -/* Sent by the server in the Type 2 message to indicate that it is including a - Target Information block in the message. */ - -/* unknown (1<24) */ -/* unknown (1<25) */ -/* unknown (1<26) */ -/* unknown (1<27) */ -/* unknown (1<28) */ - -#define NTLMFLAG_NEGOTIATE_128 (1<<29) -/* Indicates that 128-bit encryption is supported. */ - -#define NTLMFLAG_NEGOTIATE_KEY_EXCHANGE (1<<30) -/* unknown purpose */ - -#define NTLMFLAG_NEGOTIATE_56 (1<<31) -/* Indicates that 56-bit encryption is supported. */ - -#ifdef HAVE_OPENSSL -/* We need OpenSSL for the crypto lib to provide us with MD4 and DES */ - -/* -- WIN32 approved -- */ -#include <stdio.h> -#include <string.h> -#include <stdarg.h> -#include <stdlib.h> -#include <ctype.h> - -#include <openssl/des.h> -#include <openssl/md4.h> -#include <openssl/ssl.h> - -#if OPENSSL_VERSION_NUMBER < 0x00907001L -#define DES_key_schedule des_key_schedule -#define DES_cblock des_cblock -#define DES_set_odd_parity des_set_odd_parity -#define DES_set_key des_set_key -#define DES_ecb_encrypt des_ecb_encrypt - -/* This is how things were done in the old days */ -#define DESKEY(x) x -#define DESKEYARG(x) x -#else -/* Modern version */ -#define DESKEYARG(x) *x -#define DESKEY(x) &x -#endif - -/* Define this to make the type-3 message include the NT response message */ -#define USE_NTRESPONSES 1 - -/* - (*) = A "security buffer" is a triplet consisting of two shorts and one - long: - - 1. a 'short' containing the length of the buffer in bytes - 2. a 'short' containing the allocated space for the buffer in bytes - 3. a 'long' containing the offset to the start of the buffer from the - beginning of the NTLM message, in bytes. -*/ - -static ntlm ne_input_ntlm(ne_ntlm_context *ctx, - const char *responseToken) -{ - if(responseToken) { - /* We got a type-2 message here: - - Index Description Content - 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" - (0x4e544c4d53535000) - 8 NTLM Message Type long (0x02000000) - 12 Target Name security buffer(*) - 20 Flags long - 24 Challenge 8 bytes - (32) Context (optional) 8 bytes (two consecutive longs) - (40) Target Information (optional) security buffer(*) - 32 (48) start of data block - */ - unsigned char * buffer = NULL; - - int size = ne_unbase64(responseToken, &buffer); - - ctx->state = NTLMSTATE_TYPE2; /* we got a type-2 */ - - if(size >= 48) - /* the nonce of interest is index [24 .. 31], 8 bytes */ - memcpy(ctx->nonce, &buffer[24], 8); - - /* at index decimal 20, there's a 32bit NTLM flag field */ - - if (buffer) ne_free(buffer); - } - else { - if(ctx->state >= NTLMSTATE_TYPE1) - return NTLM_BAD; - - ctx->state = NTLMSTATE_TYPE1; /* we should sent away a type-1 */ - } - return NTLM_FINE; -} - -/* - * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The - * key schedule ks is also set. - */ -static void setup_des_key(unsigned char *key_56, - DES_key_schedule DESKEYARG(ks)) -{ - DES_cblock key; - - key[0] = key_56[0]; - key[1] = ((key_56[0] << 7) & 0xFF) | (key_56[1] >> 1); - key[2] = ((key_56[1] << 6) & 0xFF) | (key_56[2] >> 2); - key[3] = ((key_56[2] << 5) & 0xFF) | (key_56[3] >> 3); - key[4] = ((key_56[3] << 4) & 0xFF) | (key_56[4] >> 4); - key[5] = ((key_56[4] << 3) & 0xFF) | (key_56[5] >> 5); - key[6] = ((key_56[5] << 2) & 0xFF) | (key_56[6] >> 6); - key[7] = (key_56[6] << 1) & 0xFF; - - DES_set_odd_parity(&key); - DES_set_key(&key, ks); -} - - /* - * takes a 21 byte array and treats it as 3 56-bit DES keys. The - * 8 byte plaintext is encrypted with each key and the resulting 24 - * bytes are stored in the results array. - */ -static void calc_resp(unsigned char *keys, - unsigned char *plaintext, - unsigned char *results) -{ - DES_key_schedule ks; - - setup_des_key(keys, DESKEY(ks)); - DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) results, - DESKEY(ks), DES_ENCRYPT); - - setup_des_key(keys+7, DESKEY(ks)); - DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+8), - DESKEY(ks), DES_ENCRYPT); - - setup_des_key(keys+14, DESKEY(ks)); - DES_ecb_encrypt((DES_cblock*) plaintext, (DES_cblock*) (results+16), - DESKEY(ks), DES_ENCRYPT); -} - -/* - * Set up lanmanager and nt hashed passwords - */ -static void mkhash(char *password, - unsigned char *nonce, /* 8 bytes */ - unsigned char *lmresp /* must fit 0x18 bytes */ -#ifdef USE_NTRESPONSES - , unsigned char *ntresp /* must fit 0x18 bytes */ -#endif - ) -{ - unsigned char lmbuffer[21]; -#ifdef USE_NTRESPONSES - unsigned char ntbuffer[21]; -#endif - unsigned char *pw; - static const unsigned char magic[] = { - 0x4B, 0x47, 0x53, 0x21, 0x40, 0x23, 0x24, 0x25 - }; - int i; - int len = strlen(password); - - /* make it fit at least 14 bytes */ - pw = malloc(len<7?14:len*2); - if(!pw) - return; /* this will lead to a badly generated package */ - - if (len > 14) - len = 14; - - for (i=0; i<len; i++) - pw[i] = toupper(password[i]); - - for (; i<14; i++) - pw[i] = 0; - - { - /* create LanManager hashed password */ - DES_key_schedule ks; - - setup_des_key(pw, DESKEY(ks)); - DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)lmbuffer, - DESKEY(ks), DES_ENCRYPT); - - setup_des_key(pw+7, DESKEY(ks)); - DES_ecb_encrypt((DES_cblock *)magic, (DES_cblock *)(lmbuffer+8), - DESKEY(ks), DES_ENCRYPT); - - memset(lmbuffer+16, 0, 5); - } - /* create LM responses */ - calc_resp(lmbuffer, nonce, lmresp); - -#ifdef USE_NTRESPONSES - { - /* create NT hashed password */ - MD4_CTX MD4; - - len = strlen(password); - - for (i=0; i<len; i++) { - pw[2*i] = password[i]; - pw[2*i+1] = 0; - } - - MD4_Init(&MD4); - MD4_Update(&MD4, pw, 2*len); - MD4_Final(ntbuffer, &MD4); - - memset(ntbuffer+16, 0, 8); - } - - calc_resp(ntbuffer, nonce, ntresp); -#endif - - free(pw); -} - -#define SHORTPAIR(x) ((x) & 0xff), ((x) >> 8) -#define LONGQUARTET(x) ((x) & 0xff), (((x) >> 8)&0xff), \ - (((x) >>16)&0xff), ((x)>>24) - -/* this is for creating ntlm header output */ -static int ne_output_ntlm(ne_ntlm_context *ctx) -{ - const char *domain=""; /* empty */ - const char *host=""; /* empty */ - int domlen=strlen(domain); - int hostlen = strlen(host); - int hostoff; /* host name offset */ - int domoff; /* domain name offset */ - int size; - unsigned char ntlmbuf[256]; /* enough, unless the host/domain is very long */ - - if(!ctx->user || !ctx->passwd) - /* no user, no auth */ - return 0; /* OK */ - - switch(ctx->state) { - case NTLMSTATE_TYPE1: - default: /* for the weird cases we (re)start here */ - hostoff = 32; - domoff = hostoff + hostlen; - - /* Create and send a type-1 message: - - Index Description Content - 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" - (0x4e544c4d53535000) - 8 NTLM Message Type long (0x01000000) - 12 Flags long - 16 Supplied Domain security buffer(*) - 24 Supplied Workstation security buffer(*) - 32 start of data block - - */ - - snprintf((char *)ntlmbuf, sizeof(ntlmbuf), "NTLMSSP%c" - "\x01%c%c%c" /* 32-bit type = 1 */ - "%c%c%c%c" /* 32-bit NTLM flag field */ - "%c%c" /* domain length */ - "%c%c" /* domain allocated space */ - "%c%c" /* domain name offset */ - "%c%c" /* 2 zeroes */ - "%c%c" /* host length */ - "%c%c" /* host allocated space */ - "%c%c" /* host name offset */ - "%c%c" /* 2 zeroes */ - "%s" /* host name */ - "%s", /* domain string */ - 0, /* trailing zero */ - 0,0,0, /* part of type-1 long */ - - LONGQUARTET( - NTLMFLAG_NEGOTIATE_OEM| /* 2 */ - NTLMFLAG_NEGOTIATE_NTLM_KEY /* 200 */ - /* equals 0x0202 */ - ), - SHORTPAIR(domlen), - SHORTPAIR(domlen), - SHORTPAIR(domoff), - 0,0, - SHORTPAIR(hostlen), - SHORTPAIR(hostlen), - SHORTPAIR(hostoff), - 0,0, - host, domain); - - /* initial packet length */ - size = 32 + hostlen + domlen; - - /* now keeper of the base64 encoded package size */ - if (ctx->requestToken) ne_free(ctx->requestToken); - ctx->requestToken = ne_base64(ntlmbuf, size); - - break; - - case NTLMSTATE_TYPE2: - /* We received the type-2 already, create a type-3 message: - - Index Description Content - 0 NTLMSSP Signature Null-terminated ASCII "NTLMSSP" - (0x4e544c4d53535000) - 8 NTLM Message Type long (0x03000000) - 12 LM/LMv2 Response security buffer(*) - 20 NTLM/NTLMv2 Response security buffer(*) - 28 Domain Name security buffer(*) - 36 User Name security buffer(*) - 44 Workstation Name security buffer(*) - (52) Session Key (optional) security buffer(*) - (60) Flags (optional) long - 52 (64) start of data block - - */ - - { - int lmrespoff; - int ntrespoff; - int useroff; - unsigned char lmresp[0x18]; /* fixed-size */ -#ifdef USE_NTRESPONSES - unsigned char ntresp[0x18]; /* fixed-size */ -#endif - const char *user; - int userlen; - - user = strchr(ctx->user, '\\'); - if(!user) - user = strchr(ctx->user, '/'); - - if (user) { - domain = ctx->user; - domlen = user - domain; - user++; - } - else - user = ctx->user; - userlen = strlen(user); - - mkhash(ctx->passwd, &ctx->nonce[0], lmresp -#ifdef USE_NTRESPONSES - , ntresp -#endif - ); - - domoff = 64; /* always */ - useroff = domoff + domlen; - hostoff = useroff + userlen; - lmrespoff = hostoff + hostlen; - ntrespoff = lmrespoff + 0x18; - - /* Create the big type-3 message binary blob */ - size = snprintf((char *)ntlmbuf, sizeof(ntlmbuf), - "NTLMSSP%c" - "\x03%c%c%c" /* type-3, 32 bits */ - - "%c%c%c%c" /* LanManager length + allocated space */ - "%c%c" /* LanManager offset */ - "%c%c" /* 2 zeroes */ - - "%c%c" /* NT-response length */ - "%c%c" /* NT-response allocated space */ - "%c%c" /* NT-response offset */ - "%c%c" /* 2 zeroes */ - - "%c%c" /* domain length */ - "%c%c" /* domain allocated space */ - "%c%c" /* domain name offset */ - "%c%c" /* 2 zeroes */ - - "%c%c" /* user length */ - "%c%c" /* user allocated space */ - "%c%c" /* user offset */ - "%c%c" /* 2 zeroes */ - - "%c%c" /* host length */ - "%c%c" /* host allocated space */ - "%c%c" /* host offset */ - "%c%c%c%c%c%c" /* 6 zeroes */ - - "\xff\xff" /* message length */ - "%c%c" /* 2 zeroes */ - - "\x01\x82" /* flags */ - "%c%c" /* 2 zeroes */ - - /* domain string */ - /* user string */ - /* host string */ - /* LanManager response */ - /* NT response */ - , - 0, /* zero termination */ - 0,0,0, /* type-3 long, the 24 upper bits */ - - SHORTPAIR(0x18), /* LanManager response length, twice */ - SHORTPAIR(0x18), - SHORTPAIR(lmrespoff), - 0x0, 0x0, - -#ifdef USE_NTRESPONSES - SHORTPAIR(0x18), /* NT-response length, twice */ - SHORTPAIR(0x18), -#else - 0x0, 0x0, - 0x0, 0x0, -#endif - SHORTPAIR(ntrespoff), - 0x0, 0x0, - - SHORTPAIR(domlen), - SHORTPAIR(domlen), - SHORTPAIR(domoff), - 0x0, 0x0, - - SHORTPAIR(userlen), - SHORTPAIR(userlen), - SHORTPAIR(useroff), - 0x0, 0x0, - - SHORTPAIR(hostlen), - SHORTPAIR(hostlen), - SHORTPAIR(hostoff), - 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, - - 0x0, 0x0, - - 0x0, 0x0); - - /* size is now 64 */ - size=64; - ntlmbuf[62]=ntlmbuf[63]=0; - - /* Make sure that the user and domain strings fit in the target buffer - before we copy them there. */ - if(size + userlen + domlen >= sizeof(ntlmbuf)) { - return -1; - } - - memcpy(&ntlmbuf[size], domain, domlen); - size += domlen; - - memcpy(&ntlmbuf[size], user, userlen); - size += userlen; - - /* we append the binary hashes to the end of the blob */ - if(size < ((int)sizeof(ntlmbuf) - 0x18)) { - memcpy(&ntlmbuf[size], lmresp, 0x18); - size += 0x18; - } - -#ifdef USE_NTRESPONSES - if(size < ((int)sizeof(ntlmbuf) - 0x18)) { - memcpy(&ntlmbuf[size], ntresp, 0x18); - size += 0x18; - } -#endif - - ntlmbuf[56] = size & 0xff; - ntlmbuf[57] = size >> 8; - - /* convert the binary blob into base64 */ - ctx->requestToken = ne_base64(ntlmbuf, size); - - ctx->state = NTLMSTATE_TYPE3; /* we sent a type-3 */ - } - break; - - case NTLMSTATE_TYPE3: - /* connection is already authenticated, - * don't send a header in future requests */ - if (ctx->requestToken) ne_free(ctx->requestToken); - ctx->requestToken = NULL; - break; - } - - return 0; /* OK */ -} - -int ne_ntlm_create_context(ne_ntlm_context **context, const char *userName, const char *password) -{ - if (context == NULL) { - return -1; - } else { - ne_ntlm_context *ctx = ne_calloc(sizeof(ne_ntlm_context)); - - ctx->state = NTLMSTATE_NONE; - ctx->user = ne_strdup(userName); - ctx->passwd = ne_strdup(password); - - *context = ctx; - return 0; - } -} - -int ne_ntlm_destroy_context(ne_ntlm_context *context) -{ - if (context != NULL) { - if (context->user) - ne_free(context->user); - - if (context->passwd) - ne_free(context->passwd); - - if (context->requestToken) - ne_free(context->requestToken); - - ne_free(context); - } - return 0; -} - -int ne_ntlm_clear_context(ne_ntlm_context *context) -{ - return 0; -} - -int ne_ntlm_authenticate(ne_ntlm_context *context, const char *responseToken) -{ - if (context == NULL) { - return -1; - } else { - if (context->state <= NTLMSTATE_TYPE3) { - ntlm ntlmstatus = ne_input_ntlm(context, responseToken); - - if (ntlmstatus != NTLM_FINE) { - return -1; - } - } - } - return ne_output_ntlm(context); -} - -char *ne_ntlm_getRequestToken(ne_ntlm_context *context) -{ - if (context == NULL) { - return NULL; - } else { - if (context->requestToken) { - char *ret = ne_strdup(context->requestToken); - ne_free(context->requestToken); - context->requestToken = NULL; - return ret; - } else { - return NULL; - } - } -} - -#endif /* HAVE_OPENSSL */ -#endif /* HAVE_NTLM */ diff --git a/src/ne_ntlm.h b/src/ne_ntlm.h deleted file mode 100644 index 69f541f..0000000 --- a/src/ne_ntlm.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - Handling of NTLM Authentication - Copyright (C) 2009, Kai Sommerfeld <kso@openoffice.org> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA - -*/ -#ifndef NE_NTLM_H -#define NE_NTLM_H - -#include "config.h" - -/* PRIVATE TO NEON -- NOT PART OF THE EXTERNAL API. */ - -#ifdef HAVE_NTLM - -typedef struct ne_ntlm_context_s ne_ntlm_context; - -int ne_ntlm_create_context(ne_ntlm_context **context, const char *userName, const char *password); - -int ne_ntlm_destroy_context(ne_ntlm_context *context); - -int ne_ntlm_clear_context(ne_ntlm_context *context); - -int ne_ntlm_authenticate(ne_ntlm_context *context, const char *responseToken); - -char *ne_ntlm_getRequestToken(ne_ntlm_context *context); - -#endif /* HAVE_NTLM */ - -#endif /* NE_NTLM_H */ diff --git a/src/ne_openssl.c b/src/ne_openssl.c index 5c5e3a9..0d21c31 100644 --- a/src/ne_openssl.c +++ b/src/ne_openssl.c @@ -1,6 +1,8 @@ /* neon SSL/TLS support using OpenSSL Copyright (C) 2002-2009, Joe Orton <joe@manyfish.co.uk> + Portions are: + Copyright (C) 1999-2000 Tommi Komulainen <Tommi.Komulainen@iki.fi> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -82,8 +84,6 @@ struct ne_ssl_client_cert_s { char *friendly_name; }; -#define NE_SSL_UNHANDLED (0x20) /* failure bit for unhandled case. */ - /* Append an ASN.1 DirectoryString STR to buffer BUF as UTF-8. * Returns zero on success or non-zero on error. */ static int append_dirstring(ne_buffer *buf, ASN1_STRING *str) @@ -95,7 +95,7 @@ static int append_dirstring(ne_buffer *buf, ASN1_STRING *str) case V_ASN1_IA5STRING: /* definitely ASCII */ case V_ASN1_VISIBLESTRING: /* probably ASCII */ case V_ASN1_PRINTABLESTRING: /* subset of ASCII */ - ne_buffer_qappend(buf, str->data, str->length); + ne__buffer_qappend(buf, str->data, str->length); break; case V_ASN1_UTF8STRING: /* Fail for embedded NUL bytes. */ @@ -136,7 +136,7 @@ static int append_dirstring(ne_buffer *buf, ASN1_STRING *str) * safety. */ static char *dup_ia5string(const ASN1_IA5STRING *as) { - return ne_strnqdup(as->data, as->length); + return ne__strnqdup(as->data, as->length); } char *ne_ssl_readable_dname(const ne_ssl_dname *name) @@ -353,61 +353,6 @@ static ne_ssl_certificate *populate_cert(ne_ssl_certificate *cert, X509 *x5) return cert; } -/* OpenSSL cert verification callback. This is invoked for *each* - * error which is encoutered whilst verifying the cert chain; multiple - * invocations for any particular cert in the chain are possible. */ -static int verify_callback(int ok, X509_STORE_CTX *ctx) -{ - /* OpenSSL, living in its own little happy world of global state, - * where userdata was just a twinkle in the eye of an API designer - * yet to be born. Or... "Seriously, wtf?" */ - SSL *ssl = X509_STORE_CTX_get_ex_data(ctx, - SSL_get_ex_data_X509_STORE_CTX_idx()); - ne_session *sess = SSL_get_app_data(ssl); - int depth = X509_STORE_CTX_get_error_depth(ctx); - int err = X509_STORE_CTX_get_error(ctx); - int failures = 0; - - /* If there's no error, nothing to do here. */ - if (ok) return ok; - - NE_DEBUG(NE_DBG_SSL, "ssl: Verify callback @ %d => %d\n", depth, err); - - /* Map the error code onto any of the exported cert validation - * errors, if possible. */ - switch (err) { - case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: - case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - case X509_V_ERR_CERT_UNTRUSTED: - case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: - failures |= NE_SSL_UNTRUSTED; - break; - case X509_V_ERR_CERT_NOT_YET_VALID: - failures |= depth > 0 ? NE_SSL_BADCHAIN : NE_SSL_NOTYETVALID; - break; - case X509_V_ERR_CERT_HAS_EXPIRED: - failures |= depth > 0 ? NE_SSL_BADCHAIN : NE_SSL_EXPIRED; - break; - case X509_V_OK: - break; - default: - /* Clear the failures bitmask so check_certificate knows this - * is a bailout. */ - sess->ssl_context->failures |= NE_SSL_UNHANDLED; - NE_DEBUG(NE_DBG_SSL, "ssl: Unhandled verification error %d -> %s\n", - err, X509_verify_cert_error_string(err)); - return 0; - } - - sess->ssl_context->failures |= failures; - - NE_DEBUG(NE_DBG_SSL, "ssl: Verify failures |= %d => %d\n", failures, - sess->ssl_context->failures); - - return 1; -} - /* Return a linked list of certificate objects from an OpenSSL chain. */ static ne_ssl_certificate *make_chain(STACK_OF(X509) *chain) { @@ -440,21 +385,17 @@ static ne_ssl_certificate *make_chain(STACK_OF(X509) *chain) static int check_certificate(ne_session *sess, SSL *ssl, ne_ssl_certificate *chain) { X509 *cert = chain->subject; - int ret, failures = sess->ssl_context->failures; + ASN1_TIME *notBefore = X509_get_notBefore(cert); + ASN1_TIME *notAfter = X509_get_notAfter(cert); + int ret, failures = 0; + long result; ne_uri server; - /* If the verification callback hit a case which can't be mapped - * to one of the exported error bits, it's treated as a hard - * failure rather than invoking the callback, which can't present - * a useful error to the user. "Um, something is wrong. OK?" */ - if (failures & NE_SSL_UNHANDLED) { - long result = SSL_get_verify_result(ssl); - - ne_set_error(sess, _("Certificate verification error: %s"), - X509_verify_cert_error_string(result)); - - return NE_ERROR; - } + /* check expiry dates */ + if (X509_cmp_current_time(notBefore) >= 0) + failures |= NE_SSL_NOTYETVALID; + else if (X509_cmp_current_time(notAfter) <= 0) + failures |= NE_SSL_EXPIRED; /* Check certificate was issued to this server; pass URI of * server. */ @@ -468,6 +409,38 @@ static int check_certificate(ne_session *sess, SSL *ssl, ne_ssl_certificate *cha return NE_ERROR; } else if (ret > 0) failures |= NE_SSL_IDMISMATCH; + /* get the result of the cert verification out of OpenSSL */ + result = SSL_get_verify_result(ssl); + + NE_DEBUG(NE_DBG_SSL, "Verify result: %ld = %s\n", result, + X509_verify_cert_error_string(result)); + + switch (result) { + case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: + case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + /* TODO: and probably more result codes here... */ + failures |= NE_SSL_UNTRUSTED; + break; + /* ignore these, since we've already noticed them: */ + case X509_V_ERR_CERT_NOT_YET_VALID: + case X509_V_ERR_CERT_HAS_EXPIRED: + /* cert was trusted: */ + case X509_V_OK: + break; + default: + /* TODO: tricky to handle the 30-odd failure cases OpenSSL + * presents here (see x509_vfy.h), and present a useful API to + * the application so it in turn can then present a meaningful + * UI to the user. The only thing to do really would be to + * pass back the error string, but that's not localisable. So + * just fail the verification here - better safe than + * sorry. */ + ne_set_error(sess, _("Certificate verification error: %s"), + X509_verify_cert_error_string(result)); + return NE_ERROR; + } + if (failures == 0) { /* verified OK! */ ret = NE_OK; @@ -507,7 +480,7 @@ static int provide_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) ne_session *const sess = SSL_get_app_data(ssl); if (!sess->client_cert && sess->ssl_provide_fn) { - ne_ssl_dname **dnames = NULL, *dnarray = NULL; + ne_ssl_dname **dnames = NULL; int n, count = 0; STACK_OF(X509_NAME) *ca_list = SSL_get_client_CA_list(ssl); @@ -515,10 +488,9 @@ static int provide_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) if (count > 0) { dnames = ne_malloc(count * sizeof(ne_ssl_dname *)); - dnarray = ne_malloc(count * sizeof(ne_ssl_dname)); for (n = 0; n < count; n++) { - dnames[n] = &dnarray[n]; + dnames[n] = ne_malloc(sizeof(ne_ssl_dname)); dnames[n]->dn = sk_X509_NAME_value(ca_list, n); } } @@ -527,7 +499,8 @@ static int provide_client_cert(SSL *ssl, X509 **cert, EVP_PKEY **pkey) sess->ssl_provide_fn(sess->ssl_provide_ud, sess, (const ne_ssl_dname *const *)dnames, count); if (count) { - ne_free(dnarray); + for (n = 0; n < count; n++) + ne_free(dnames[n]); ne_free(dnames); } } @@ -562,7 +535,6 @@ ne_ssl_context *ne_ssl_context_create(int mode) SSL_CTX_set_client_cert_cb(ctx->ctx, provide_client_cert); /* enable workarounds for buggy SSL server implementations */ SSL_CTX_set_options(ctx->ctx, SSL_OP_ALL); - SSL_CTX_set_verify(ctx->ctx, SSL_VERIFY_PEER, verify_callback); } else if (mode == NE_SSL_CTX_SERVER) { ctx->ctx = SSL_CTX_new(SSLv23_server_method()); SSL_CTX_set_session_cache_mode(ctx->ctx, SSL_SESS_CACHE_CLIENT); @@ -599,7 +571,7 @@ int ne_ssl_context_keypair(ne_ssl_context *ctx, const char *cert, ret = SSL_CTX_use_PrivateKey_file(ctx->ctx, key, SSL_FILETYPE_PEM); if (ret == 1) { - ret = SSL_CTX_use_certificate_chain_file(ctx->ctx, cert); + ret = SSL_CTX_use_certificate_file(ctx->ctx, cert, SSL_FILETYPE_PEM); } return ret == 1 ? 0 : -1; @@ -647,7 +619,6 @@ int ne__negotiate_ssl(ne_session *sess) sess->flags[NE_SESSFLAG_TLS_SNI] ? sess->server.hostname : NULL; sess->ssl_cc_requested = 0; - ctx->failures = 0; if (ne_sock_connect_ssl(sess->socket, ctx, sess)) { if (ctx->sess) { @@ -656,12 +627,12 @@ int ne__negotiate_ssl(ne_session *sess) ctx->sess = NULL; } if (sess->ssl_cc_requested) { - ne_set_error(sess, _("SSL handshake failed, " + ne_set_error(sess, _("SSL negotiation failed, " "client certificate was requested: %s"), ne_sock_error(sess->socket)); } else { - ne_set_error(sess, _("SSL handshake failed: %s"), + ne_set_error(sess, _("SSL negotiation failed: %s"), ne_sock_error(sess->socket)); } return NE_ERROR; diff --git a/src/ne_private.h b/src/ne_private.h index 06100e9..ed4a612 100644 --- a/src/ne_private.h +++ b/src/ne_private.h @@ -30,23 +30,12 @@ #include "ne_ssl.h" struct host_info { - /* Type of host represented: */ - enum proxy_type { - PROXY_NONE = 0, - PROXY_HTTP, /* an HTTP proxy */ - PROXY_SOCKS /* a SOCKS proxy */ - } proxy; + char *hostname; unsigned int port; - /* If hostname is non-NULL, host is identified by this hostname. */ - char *hostname, *hostport; - /* If address is non-NULL, the result of resolving ->hostname. */ - ne_sock_addr *address; - /* If current non-NULL, current network address used in ->address. */ + ne_sock_addr *address; /* if non-NULL, result of resolving 'hostname'. */ + /* current network address obtained from 'address' being used. */ const ne_inet_addr *current; - /* If override is non-NULL, the host is identified by this network - * address. */ - const ne_inet_addr *network; - struct host_info *next; + char *hostport; /* URI hostport segment */ }; /* Store every registered callback in a generic container, and cast @@ -76,27 +65,19 @@ struct ne_session_s { * HTTP/1.1 compliant. */ char *scheme; + struct host_info server, proxy; - /* Server host details. */ - struct host_info server; - /* Proxy host details, or NULL if not using a proxy. */ - struct host_info *proxies; - /* Most recently used proxy server. */ - struct host_info *prev_proxy; - - /* Pointer to the active .server or .proxies as appropriate: */ - struct host_info *nexthop; + /* application-provided address list */ + const ne_inet_addr **addrlist; + size_t numaddrs, curaddr; /* Local address to which sockets should be bound. */ const ne_inet_addr *local_addr; /* Settings */ + int use_proxy; /* do we have a proxy server? */ int use_ssl; /* whether a secure connection is required */ int in_connect; /* doing a proxy CONNECT */ - int any_proxy_http; /* whether any configured proxy is an HTTP proxy */ - - enum ne_sock_sversion socks_ver; - char *socks_user, *socks_password; int flags[NE_SESSFLAG_LAST]; @@ -150,4 +131,14 @@ void ne__ssl_set_verify_err(ne_session *sess, int failures); * used for session (hostname); follows RFC2818 logic. */ int ne__ssl_match_hostname(const char *cn, size_t cnlen, const char *hostname); +/* Return a malloc-allocated copy of 'data', of length 'len', with all + * non-ASCII bytes, and ASCII control characters escaped. (Note that + * the escaping includes the NUL byte). */ +char *ne__strnqdup(const unsigned char *data, size_t len); + +/* Append 'len' bytes of 'data' to buf. All non-ASCII bytes, and + * ASCII control characters, are escaped. (Note that this includes + * the NUL byte). */ +void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len); + #endif /* HTTP_PRIVATE_H */ diff --git a/src/ne_privssl.h b/src/ne_privssl.h index f70201c..97565c2 100644 --- a/src/ne_privssl.h +++ b/src/ne_privssl.h @@ -1,6 +1,6 @@ /* SSL interface definitions internal to neon. - Copyright (C) 2003-2005, 2008, 2009, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2003-2005, 2008, Joe Orton <joe@manyfish.co.uk> Copyright (C) 2004, Aleix Conchillo Flaque <aleix@member.fsf.org> This library is free software; you can redistribute it and/or @@ -40,7 +40,6 @@ struct ne_ssl_context_s { SSL_CTX *ctx; SSL_SESSION *sess; const char *hostname; /* for SNI */ - int failures; /* bitmask of exposed failure bits. */ }; typedef SSL *ne_ssl_socket; @@ -91,7 +90,6 @@ ne_ssl_client_cert *ne__ssl_clicert_exkey_import(const unsigned char *der, #endif /* HAVE_GNUTLS */ -#ifdef NE_HAVE_SSL ne_ssl_socket ne__sock_sslsock(ne_socket *sock); /* Process-global initialization of the SSL library; returns non-zero @@ -100,6 +98,5 @@ int ne__ssl_init(void); /* Process-global de-initialization of the SSL library. */ void ne__ssl_exit(void); -#endif #endif /* NE_PRIVSSL_H */ diff --git a/src/ne_request.c b/src/ne_request.c index 72ce448..8ad2da9 100644 --- a/src/ne_request.c +++ b/src/ne_request.c @@ -190,7 +190,7 @@ static int aborted(ne_request *req, const char *doing, ssize_t code) switch(code) { case NE_SOCK_CLOSED: - if (sess->nexthop->proxy != PROXY_NONE) { + if (sess->use_proxy) { ne_set_error(sess, _("%s: connection was closed by proxy server"), doing); } else { @@ -388,36 +388,34 @@ static int send_request_body(ne_request *req, int retry) * headers */ static void add_fixed_headers(ne_request *req) { - ne_session *const sess = req->session; - - if (sess->user_agent) { - ne_buffer_zappend(req->headers, sess->user_agent); + if (req->session->user_agent) { + ne_buffer_zappend(req->headers, req->session->user_agent); } /* If persistent connections are disabled, just send Connection: * close; otherwise, send Connection: Keep-Alive to pre-1.1 origin * servers to try harder to get a persistent connection, except if * using a proxy as per 2068§19.7.1. Always add TE: trailers. */ - if (!sess->flags[NE_SESSFLAG_PERSIST]) { - ne_buffer_czappend(req->headers, "Connection: TE, close" EOL); - } - else if (!sess->is_http11 && !sess->any_proxy_http) { + if (!req->session->flags[NE_SESSFLAG_PERSIST]) { + ne_buffer_czappend(req->headers, + "Connection: TE, close" EOL + "TE: trailers" EOL); + } else if (!req->session->is_http11 && !req->session->use_proxy) { ne_buffer_czappend(req->headers, - "Keep-Alive: " EOL - "Connection: TE, Keep-Alive" EOL); - } - else if (!req->session->is_http11 && !sess->any_proxy_http) { + "Keep-Alive: " EOL + "Connection: TE, Keep-Alive" EOL + "TE: trailers" EOL); + } else if (!req->session->is_http11 && req->session->use_proxy) { ne_buffer_czappend(req->headers, "Keep-Alive: " EOL "Proxy-Connection: Keep-Alive" EOL - "Connection: TE" EOL); - } - else { - ne_buffer_czappend(req->headers, "Connection: TE" EOL); + "Connection: TE" EOL + "TE: trailers" EOL); + } else { + ne_buffer_czappend(req->headers, + "Connection: TE" EOL + "TE: trailers" EOL); } - - ne_buffer_concat(req->headers, "TE: trailers" EOL "Host: ", - req->session->server.hostport, EOL, NULL); } int ne_accept_always(void *userdata, ne_request *req, const ne_status *st) @@ -440,8 +438,6 @@ ne_request *ne_request_create(ne_session *sess, /* Presume the method is idempotent by default. */ req->flags[NE_REQFLAG_IDEMPOTENT] = 1; - /* Expect-100 default follows the corresponding session flag. */ - req->flags[NE_REQFLAG_EXPECT100] = sess->flags[NE_SESSFLAG_EXPECT100]; /* Add in the fixed headers */ add_fixed_headers(req); @@ -450,11 +446,11 @@ ne_request *ne_request_create(ne_session *sess, req->method = ne_strdup(method); req->method_is_head = (strcmp(method, "HEAD") == 0); - /* Only use an absoluteURI here when we might be using an HTTP - * proxy, and SSL is in use: some servers can't parse them. */ - if (sess->any_proxy_http && !req->session->use_ssl && path[0] == '/') + /* Only use an absoluteURI here when absolutely necessary: some + * servers can't parse them. */ + if (req->session->use_proxy && !req->session->use_ssl && path[0] == '/') req->uri = ne_concat(req->session->scheme, "://", - req->session->server.hostport, path, NULL); + req->session->server.hostport, path, NULL); else req->uri = ne_strdup(path); @@ -806,13 +802,14 @@ static ne_buffer *build_request(ne_request *req) struct hook *hk; ne_buffer *buf = ne_buffer_create(); - /* Add Request-Line and headers: */ - ne_buffer_concat(buf, req->method, " ", req->uri, " HTTP/1.1" EOL, NULL); - + /* Add Request-Line and Host header: */ + ne_buffer_concat(buf, req->method, " ", req->uri, " HTTP/1.1" EOL, + "Host: ", req->session->server.hostport, EOL, NULL); + /* Add custom headers: */ ne_buffer_append(buf, req->headers->data, ne_buffer_size(req->headers)); - if (req->body_length && req->flags[NE_REQFLAG_EXPECT100]) { + if (req->flags[NE_REQFLAG_EXPECT100]) { ne_buffer_czappend(buf, "Expect: 100-continue\r\n"); } @@ -1125,6 +1122,8 @@ static int read_response_headers(ne_request *req) * return NE_ code. */ static int lookup_host(ne_session *sess, struct host_info *info) { + if (sess->addrlist) return NE_OK; + NE_DEBUG(NE_DBG_HTTP, "Doing DNS lookup on %s...\n", info->hostname); sess->status.lu.hostname = info->hostname; notify_status(sess, ne_status_lookup); @@ -1224,7 +1223,7 @@ int ne_begin_request(ne_request *req) * a) it is *necessary* to do so due to the use of a connection-auth * scheme, and * b) connection closure was not forced via "Connection: close". */ - if (req->session->nexthop->proxy == PROXY_HTTP && !req->session->is_http11 + if (req->session->use_proxy && !req->session->is_http11 && !forced_closure && req->session->flags[NE_SESSFLAG_CONNAUTH]) { value = get_response_header_hv(req, HH_HV_PROXY_CONNECTION, "proxy-connection"); @@ -1433,32 +1432,40 @@ static int proxy_tunnel(ne_session *sess) #endif /* Return the first resolved address for the given host. */ -static const ne_inet_addr *resolve_first(struct host_info *host) +static const ne_inet_addr *resolve_first(ne_session *sess, + struct host_info *host) { - return host->network ? host->network : ne_addr_first(host->address); + if (sess->addrlist) { + sess->curaddr = 0; + return sess->addrlist[0]; + } else { + return ne_addr_first(host->address); + } } /* Return the next resolved address for the given host or NULL if * there are no more addresses. */ -static const ne_inet_addr *resolve_next(struct host_info *host) +static const ne_inet_addr *resolve_next(ne_session *sess, + struct host_info *host) { - return host->network ? NULL : ne_addr_next(host->address); + if (sess->addrlist) { + if (sess->curaddr++ < sess->numaddrs) + return sess->addrlist[sess->curaddr]; + else + return NULL; + } else { + return ne_addr_next(host->address); + } } /* Make new TCP connection to server at 'host' of type 'name'. Note * that once a connection to a particular network address has * succeeded, that address will be used first for the next attempt to * connect. */ -static int do_connect(ne_session *sess, struct host_info *host) +static int do_connect(ne_session *sess, struct host_info *host, const char *err) { int ret; - /* Resolve hostname if necessary. */ - if (host->address == NULL && host->network == NULL) { - ret = lookup_host(sess, host); - if (ret) return ret; - } - if ((sess->socket = ne_sock_create()) == NULL) { ne_set_error(sess, _("Could not create socket")); return NE_ERROR; @@ -1471,7 +1478,7 @@ static int do_connect(ne_session *sess, struct host_info *host) ne_sock_prebind(sess->socket, sess->local_addr, 0); if (host->current == NULL) - host->current = resolve_first(host); + host->current = resolve_first(sess, host); sess->status.ci.hostname = host->hostname; @@ -1487,27 +1494,19 @@ static int do_connect(ne_session *sess, struct host_info *host) #endif ret = ne_sock_connect(sess->socket, host->current, host->port); } while (ret && /* try the next address... */ - (host->current = resolve_next(host)) != NULL); + (host->current = resolve_next(sess, host)) != NULL); if (ret) { - const char *msg; - - if (host->proxy == PROXY_NONE) - msg = _("Could not connect to server"); - else - msg = _("Could not connect to proxy server"); - - ne_set_error(sess, "%s: %s", msg, ne_sock_error(sess->socket)); + ne_set_error(sess, "%s: %s", err, ne_sock_error(sess->socket)); ne_sock_close(sess->socket); return ret == NE_SOCK_TIMEOUT ? NE_TIMEOUT : NE_CONNECT; } + notify_status(sess, ne_status_connected); + if (sess->rdtimeout) ne_sock_read_timeout(sess->socket, sess->rdtimeout); - notify_status(sess, ne_status_connected); - sess->nexthop = host; - sess->connected = 1; /* clear persistent connection flag. */ sess->persisted = 0; @@ -1517,63 +1516,28 @@ static int do_connect(ne_session *sess, struct host_info *host) static int open_connection(ne_session *sess) { int ret; + struct host_info *host; if (sess->connected) return NE_OK; - if (!sess->proxies) { - ret = do_connect(sess, &sess->server); - if (ret) { - sess->nexthop = NULL; - return ret; - } - } - else { - struct host_info *hi; - - /* Attempt to re-use proxy to avoid iterating through - * unnecessarily. */ - if (sess->prev_proxy) - ret = do_connect(sess, sess->prev_proxy); - else - ret = NE_ERROR; - - /* Otherwise, try everything - but omitting prev_proxy if that - * has already been tried. */ - for (hi = sess->proxies; hi && ret; hi = hi->next) { - if (hi != sess->prev_proxy) - ret = do_connect(sess, hi); - } - - if (ret == NE_OK && sess->nexthop->proxy == PROXY_SOCKS) { - ret = ne_sock_proxy(sess->socket, sess->socks_ver, NULL, - sess->server.hostname, sess->server.port, - sess->socks_user, sess->socks_password); - if (ret) { - ne_set_error(sess, - _("Could not establish connection from " - "SOCKS proxy (%s:%u): %s"), - sess->nexthop->hostname, - sess->nexthop->port, - ne_sock_error(sess->socket)); - ne_close_connection(sess); - } - } - - if (ret != NE_OK) { - sess->nexthop = NULL; - sess->prev_proxy = NULL; - return ret; - } - - /* Success - make this proxy stick. */ - sess->prev_proxy = hi; - } + /* Resolve hostname if necessary. */ + host = sess->use_proxy ? &sess->proxy : &sess->server; + if (host->address == NULL) { + ret = lookup_host(sess, host); + if (ret) return ret; + } + + ret = do_connect(sess, host, + sess->use_proxy ? + _("Could not connect to proxy server") + : _("Could not connect to server")); + if (ret != NE_OK) return ret; #ifdef NE_HAVE_SSL /* Negotiate SSL layer if required. */ if (sess->use_ssl && !sess->in_connect) { - /* Set up CONNECT tunnel if using an HTTP proxy. */ - if (sess->nexthop->proxy == PROXY_HTTP) + /* CONNECT tunnel */ + if (sess->use_proxy) ret = proxy_tunnel(sess); if (ret == NE_OK) { diff --git a/src/ne_session.c b/src/ne_session.c index 900b83c..932d7da 100644 --- a/src/ne_session.c +++ b/src/ne_session.c @@ -1,6 +1,8 @@ /* HTTP session handling - Copyright (C) 1999-2009, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 1999-2008, Joe Orton <joe@manyfish.co.uk> + Portions are: + Copyright (C) 1999-2000 Tommi Komulainen <Tommi.Komulainen@iki.fi> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -31,10 +33,6 @@ #include <errno.h> #endif -#ifdef HAVE_LIBPROXY -#include <proxy.h> -#endif - #include "ne_session.h" #include "ne_alloc.h" #include "ne_utils.h" @@ -56,27 +54,6 @@ static void destroy_hooks(struct hook *hooks) } } -static void free_hostinfo(struct host_info *hi) -{ - if (hi->hostname) ne_free(hi->hostname); - if (hi->hostport) ne_free(hi->hostport); - if (hi->address) ne_addr_destroy(hi->address); -} - -/* Destroy the sess->proxies array. */ -static void free_proxies(ne_session *sess) -{ - struct host_info *hi, *nexthi; - - for (hi = sess->proxies; hi; hi = nexthi) { - nexthi = hi->next; - free_hostinfo(hi); - ne_free(hi); - } - - sess->any_proxy_http = 0; -} - void ne_session_destroy(ne_session *sess) { struct hook *hk; @@ -105,13 +82,12 @@ void ne_session_destroy(ne_session *sess) destroy_hooks(sess->private); ne_free(sess->scheme); - - free_hostinfo(&sess->server); - free_proxies(sess); - + ne_free(sess->server.hostname); + ne_free(sess->server.hostport); + if (sess->server.address) ne_addr_destroy(sess->server.address); + if (sess->proxy.address) ne_addr_destroy(sess->proxy.address); + if (sess->proxy.hostname) ne_free(sess->proxy.hostname); if (sess->user_agent) ne_free(sess->user_agent); - if (sess->socks_user) ne_free(sess->socks_user); - if (sess->socks_password) ne_free(sess->socks_password); #ifdef NE_HAVE_SSL if (sess->ssl_context) @@ -144,12 +120,11 @@ static void set_hostport(struct host_info *host, unsigned int defaultport) /* Stores the hostname/port in *info, setting up the "hostport" * segment correctly. */ -static void set_hostinfo(struct host_info *hi, enum proxy_type type, - const char *hostname, unsigned int port) +static void +set_hostinfo(struct host_info *info, const char *hostname, unsigned int port) { - hi->hostname = ne_strdup(hostname); - hi->port = port; - hi->proxy = type; + info->hostname = ne_strdup(hostname); + info->port = port; } ne_session *ne_session_create(const char *scheme, @@ -166,7 +141,7 @@ ne_session *ne_session_create(const char *scheme, sess->use_ssl = !strcmp(scheme, "https"); /* set the hostname/port */ - set_hostinfo(&sess->server, PROXY_NONE, hostname, port); + set_hostinfo(&sess->server, hostname, port); set_hostport(&sess->server, sess->use_ssl?443:80); #ifdef NE_HAVE_SSL @@ -188,139 +163,15 @@ ne_session *ne_session_create(const char *scheme, void ne_session_proxy(ne_session *sess, const char *hostname, unsigned int port) { - free_proxies(sess); - - sess->proxies = ne_calloc(sizeof *sess->proxies); - - sess->any_proxy_http = 1; - - set_hostinfo(sess->proxies, PROXY_HTTP, hostname, port); -} - -void ne_session_socks_proxy(ne_session *sess, enum ne_sock_sversion vers, - const char *hostname, unsigned int port, - const char *username, const char *password) -{ - free_proxies(sess); - - sess->proxies = ne_calloc(sizeof *sess->proxies); - - set_hostinfo(sess->proxies, PROXY_SOCKS, hostname, port); - - sess->socks_ver = vers; - - if (username) sess->socks_user = ne_strdup(username); - if (password) sess->socks_password = ne_strdup(password); -} - -void ne_session_system_proxy(ne_session *sess, unsigned int flags) -{ -#ifdef HAVE_LIBPROXY - pxProxyFactory *pxf = px_proxy_factory_new(); - struct host_info *hi, **lasthi; - char *url, **proxies; - ne_uri uri; - unsigned n; - - free_proxies(sess); - - /* Create URI for session to pass off to libproxy */ - memset(&uri, 0, sizeof uri); - ne_fill_server_uri(sess, &uri); - - uri.path = "/"; /* make valid URI structure. */ - url = ne_uri_unparse(&uri); - uri.path = NULL; - - /* Get list of pseudo-URIs from libproxy: */ - proxies = px_proxy_factory_get_proxies(pxf, url); - - for (n = 0, lasthi = &sess->proxies; proxies[n]; n++) { - enum proxy_type ptype; - - ne_uri_free(&uri); - - NE_DEBUG(NE_DBG_HTTP, "sess: libproxy #%u=%s\n", - n, proxies[n]); - - if (ne_uri_parse(proxies[n], &uri)) - continue; - - if (!uri.scheme) continue; - - if (ne_strcasecmp(uri.scheme, "http") == 0) - ptype = PROXY_HTTP; - else if (ne_strcasecmp(uri.scheme, "socks") == 0) - ptype = PROXY_SOCKS; - else if (ne_strcasecmp(uri.scheme, "direct") == 0) - ptype = PROXY_NONE; - else - continue; - - /* Hostname/port required for http/socks schemes. */ - if (ptype != PROXY_NONE && !(uri.host && uri.port)) - continue; - - /* Do nothing if libproxy returned only a single "direct://" - * entry -- a single "direct" (noop) proxy is equivalent to - * having none. */ - if (n == 0 && proxies[1] == NULL && ptype == PROXY_NONE) - break; - - NE_DEBUG(NE_DBG_HTTP, "sess: Got proxy %s://%s:%d\n", - uri.scheme, uri.host ? uri.host : "(none)", - uri.port); - - hi = *lasthi = ne_calloc(sizeof *hi); - - if (ptype == PROXY_NONE) { - /* A "direct" URI requires an attempt to connect directly to - * the origin server, so dup the server details. */ - set_hostinfo(hi, ptype, sess->server.hostname, - sess->server.port); - } - else { - /* SOCKS/HTTP proxy. */ - set_hostinfo(hi, ptype, uri.host, uri.port); - - if (ptype == PROXY_HTTP) - sess->any_proxy_http = 1; - else if (ptype == PROXY_SOCKS) - sess->socks_ver = NE_SOCK_SOCKSV5; - } - - lasthi = &hi->next; - } - - /* Free up the proxies array: */ - for (n = 0; proxies[n]; n++) - free(proxies[n]); - free(proxies[n]); - - ne_free(url); - ne_uri_free(&uri); - px_proxy_factory_free(pxf); -#endif + sess->use_proxy = 1; + if (sess->proxy.hostname) ne_free(sess->proxy.hostname); + set_hostinfo(&sess->proxy, hostname, port); } void ne_set_addrlist(ne_session *sess, const ne_inet_addr **addrs, size_t n) { - struct host_info *hi, **lasthi; - size_t i; - - free_proxies(sess); - - lasthi = &sess->proxies; - - for (i = 0; i < n; i++) { - *lasthi = hi = ne_calloc(sizeof *hi); - - hi->proxy = PROXY_NONE; - hi->network = addrs[i]; - hi->port = sess->server.port; - - lasthi = &hi->next; - } + sess->addrlist = addrs; + sess->numaddrs = n; } void ne_set_localaddr(ne_session *sess, const ne_inet_addr *addr) @@ -430,13 +281,9 @@ void ne_fill_server_uri(ne_session *sess, ne_uri *uri) void ne_fill_proxy_uri(ne_session *sess, ne_uri *uri) { - if (sess->proxies) { - struct host_info *hi = sess->nexthop ? sess->nexthop : sess->proxies; - - if (hi->proxy == PROXY_HTTP) { - uri->host = ne_strdup(hi->hostname); - uri->port = hi->port; - } + if (sess->use_proxy) { + uri->host = ne_strdup(sess->proxy.hostname); + uri->port = sess->proxy.port; } } @@ -453,7 +300,8 @@ void ne_close_connection(ne_session *sess) NE_DEBUG(NE_DBG_SOCKET, "sess: Closing connection.\n"); if (sess->notify_cb) { - sess->status.cd.hostname = sess->nexthop->hostname; + sess->status.cd.hostname = + sess->use_proxy ? sess->proxy.hostname : sess->server.hostname; sess->notify_cb(sess->notify_ud, ne_status_disconnected, &sess->status); } @@ -538,8 +386,6 @@ void ne__ssl_set_verify_err(ne_session *sess, int failures) { NE_SSL_EXPIRED, N_("certificate has expired") }, { NE_SSL_IDMISMATCH, N_("certificate issued for a different hostname") }, { NE_SSL_UNTRUSTED, N_("issuer is not trusted") }, - { NE_SSL_BADCHAIN, N_("bad certificate chain") }, - { NE_SSL_REVOKED, N_("certificate has been revoked") }, { 0, NULL } }; int n, flag = 0; diff --git a/src/ne_session.h b/src/ne_session.h index ea80089..e5a2069 100644 --- a/src/ne_session.h +++ b/src/ne_session.h @@ -1,6 +1,6 @@ /* HTTP session handling - Copyright (C) 1999-2009, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 1999-2008, Joe Orton <joe@manyfish.co.uk> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -47,34 +47,11 @@ void ne_session_destroy(ne_session *sess); void ne_close_connection(ne_session *sess); /* Set the proxy server to be used for the session. This function - * will override (remove) any proxy servers previously configured, and - * must be called before any requests are created using this + * must only be called before any requests are created for the * session. */ void ne_session_proxy(ne_session *sess, const char *hostname, unsigned int port); -/* Configure a SOCKS proxy server which will be used for the session. - * The SOCKS protocol version 'vers' will be used to contact the - * proxy at given 'hostname' and 'port'. - * - * If SOCKSv4 or v4a are used, username must be non-NULL. For v5, - * username may be NULL, in which case, password is ignored. If - * username is non-NULL, password must also be non-NULL. - * - * This function will override (remove) any proxy servers previously - * configured, and must be called before any requests are created - * using this session. */ -void ne_session_socks_proxy(ne_session *sess, enum ne_sock_sversion vers, - const char *hostname, unsigned int port, - const char *username, const char *password); - -/* Configure use of proxy servers from any system-wide default sources - * which are configured at build time. This function will override - * (remove) any proxy servers previously configured, and must be - * called before any requests are created using this session. The - * 'flags' parameter must be zero. */ -void ne_session_system_proxy(ne_session *sess, unsigned int flags); - /* Defined session flags: */ typedef enum ne_session_flag_e { NE_SESSFLAG_PERSIST = 0, /* disable this flag to prevent use of @@ -98,9 +75,6 @@ typedef enum ne_session_flag_e { NE_SESSFLAG_TLS_SNI, /* disable this flag to disable use of the * TLS Server Name Indication extension. */ - NE_SESSFLAG_EXPECT100, /* enable this flag to enable the flag - * NE_REQFLAG_EXPECT100 for new requests. */ - NE_SESSFLAG_LAST /* enum sentinel value */ } ne_session_flag; @@ -112,11 +86,8 @@ void ne_set_session_flag(ne_session *sess, ne_session_flag flag, int value); int ne_get_session_flag(ne_session *sess, ne_session_flag flag); /* Bypass the normal name resolution; force the use of specific set of - * addresses for this session, addrs[0]...addrs[n-1]. The 'addrs' - * array and pointed-to objects must remain valid until the session is - * destroyed. This function will override (remove) any proxy servers - * previously configured, and must be called before any requests are - * created using this session. */ + * addresses for this session, addrs[0]...addrs[n-1]. The addrs array + * must remain valid until the session is destroyed. */ void ne_set_addrlist(ne_session *sess, const ne_inet_addr **addrs, size_t n); /* Bind connections to the specified local address. If the address @@ -205,42 +176,24 @@ typedef void (*ne_notify_status)(void *userdata, ne_session_status status, * progress callback, and vice versa. */ void ne_set_notifier(ne_session *sess, ne_notify_status status, void *userdata); -/* Certificate verification failures. */ - -/* NE_SSL_NOTYETVALID: the certificate is not yet valid. */ +/* Certificate verification failures. + * The certificate is not yet valid: */ #define NE_SSL_NOTYETVALID (0x01) - -/* NE_SSL_EXPIRED: the certificate has expired. */ +/* The certificate has expired: */ #define NE_SSL_EXPIRED (0x02) - -/* NE_SSL_IDMISMATCH: the hostname for which the certificate was - * issued does not match the hostname of the server; this could mean - * that the connection is being intercepted. */ +/* The hostname for which the certificate was issued does not + * match the hostname of the server; this could mean that the + * connection is being intercepted: */ #define NE_SSL_IDMISMATCH (0x04) - -/* NE_SSL_UNTRUSTED: the certificate authority which signed the server - * certificate is not trusted: there is no indicatation the server is - * who they claim to be: */ +/* The certificate authority which signed the server certificate is + * not trusted: there is no indicatation the server is who they claim + * to be: */ #define NE_SSL_UNTRUSTED (0x08) -/* NE_SSL_BADCHAIN: the certificate chain contained a certificate - * other than the server cert which failed verification for a reason - * other than lack of trust; for example, due to a CA cert being - * outside its validity period. */ -#define NE_SSL_BADCHAIN (0x10) - -/* N.B.: 0x20 is reserved. */ - -/* NE_SSL_REVOKED: the server certificate has been revoked by the - * issuing authority. */ -#define NE_SSL_REVOKED (0x40) - -/* For purposes of forwards-compatibility, the bitmask of all - * currently exposed failure bits is given as NE_SSL_FAILMASK. If the - * expression (failures & ~NE_SSL_FAILMASK) is non-zero a failure type - * is present which the application does not recognize but must treat - * as a verification failure nonetheless. */ -#define NE_SSL_FAILMASK (0x5f) +/* The bitmask of known failure bits: if (failures & ~NE_SSL_FAILMASK) + * is non-zero, an unrecognized failure is given, and the verification + * should be failed. */ +#define NE_SSL_FAILMASK (0x0f) /* A callback which is used when server certificate verification is * needed. The reasons for verification failure are given in the @@ -321,11 +274,9 @@ const char *ne_get_scheme(ne_session *sess); void ne_fill_server_uri(ne_session *sess, ne_uri *uri); /* If a proxy is configured, sets the host and port fields in the - * given URI structure to that of the proxy. If multiple proxies are - * configured, the active is used if any, otherwise the first. The - * hostname is malloc-allocated. No other fields in the URI structure - * are changed; if no proxy is configured or a non-HTTP proxy is in - * use, no fields are changed. */ + * given URI structure to that of the proxy. The hostname is + * malloc-allocated. No other fields in the URI structure are + * changed; if a proxy is not configured, no fields are changed. */ void ne_fill_proxy_uri(ne_session *sess, ne_uri *uri); /* Set the error string for the session; takes printf-like format diff --git a/src/ne_socket.c b/src/ne_socket.c index 8ab4906..a322960 100644 --- a/src/ne_socket.c +++ b/src/ne_socket.c @@ -1,6 +1,7 @@ /* Socket handling routines Copyright (C) 1998-2009, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 1999-2000 Tommi Komulainen <Tommi.Komulainen@iki.fi> Copyright (C) 2004 Aleix Conchillo Flaque <aleix@member.fsf.org> This library is free software; you can redistribute it and/or @@ -115,7 +116,9 @@ typedef struct addrinfo ne_inet_addr; typedef struct in_addr ne_inet_addr; #endif +#ifdef NE_HAVE_SSL #include "ne_privssl.h" /* MUST come after ne_inet_addr is defined */ +#endif /* To avoid doing AAAA queries unless absolutely necessary, either use * AI_ADDRCONFIG where available, or a run-time check for working IPv6 @@ -187,10 +190,6 @@ struct iofns { /* Wait up to 'n' seconds for socket to become readable. Returns * 0 when readable, otherwise NE_SOCK_TIMEOUT or NE_SOCK_ERROR. */ int (*readable)(ne_socket *s, int n); - /* Write up to 'count' blocks described by 'vector' to socket. - * Return number of bytes written on success, or <0 on error. */ - ssize_t (*swritev)(ne_socket *s, const struct ne_iovec *vector, - int count); }; static const ne_inet_addr dummy_laddr; @@ -548,49 +547,7 @@ static ssize_t write_raw(ne_socket *sock, const char *data, size_t length) return ret; } -static ssize_t writev_raw(ne_socket *sock, const struct ne_iovec *vector, int count) -{ - ssize_t ret; -#ifdef WIN32 - LPWSABUF wasvector = (LPWSABUF)ne_malloc(count * sizeof(WSABUF)); - DWORD total; - int i; - - for (i = 0; i < count; i++){ - wasvector[i].buf = vector[i].base; - wasvector[i].len = vector[i].len; - } - - ret = WSASend(sock->fd, wasvector, count, &total, 0, NULL, NULL); - if (ret == 0) - ret = total; - - ne_free(wasvector); -#else - const struct iovec *vec = (const struct iovec *) vector; - - do { - ret = writev(sock->fd, vec, count); - } while (ret == -1 && NE_ISINTR(ne_errno)); -#endif - - if (ret < 0) { - int errnum = ne_errno; - set_strerror(sock, errnum); - return MAP_ERR(errnum); - } - - return ret; -} - -#ifdef NE_HAVE_SSL -static ssize_t writev_dummy(ne_socket *sock, const struct ne_iovec *vector, int count) -{ - return sock->ops->swrite(sock, vector[0].base, vector[0].len); -} -#endif - -static const struct iofns iofns_raw = { read_raw, write_raw, readable_raw, writev_raw }; +static const struct iofns iofns_raw = { read_raw, write_raw, readable_raw }; #ifdef HAVE_OPENSSL /* OpenSSL I/O function implementations. */ @@ -674,8 +631,7 @@ static ssize_t write_ossl(ne_socket *sock, const char *data, size_t len) static const struct iofns iofns_ssl = { read_ossl, write_ossl, - readable_ossl, - writev_dummy + readable_ossl }; #elif defined(HAVE_GNUTLS) @@ -785,8 +741,7 @@ static ssize_t write_gnutls(ne_socket *sock, const char *data, size_t len) static const struct iofns iofns_ssl = { read_gnutls, write_gnutls, - readable_gnutls, - writev_dummy + readable_gnutls }; #endif @@ -806,32 +761,6 @@ int ne_sock_fullwrite(ne_socket *sock, const char *data, size_t len) return ret < 0 ? ret : 0; } -int ne_sock_fullwritev(ne_socket *sock, const struct ne_iovec *vector, int count) -{ - ssize_t ret; - - do { - ret = sock->ops->swritev(sock, vector, count); - if (ret > 0) { - while (count && (size_t)ret >= vector[0].len) { - ret -= vector[0].len; - count--; - vector++; - } - - if (ret && count) { - /* Partial buffer sent; send the rest. */ - ret = ne_sock_fullwrite(sock, (char *)vector[0].base + ret, - vector[0].len - ret); - count--; - vector++; - } - } - } while (count && ret >= 0); - - return ret < 0 ? ret : 0; -} - ssize_t ne_sock_readline(ne_socket *sock, char *buf, size_t buflen) { char *lf; @@ -1049,24 +978,6 @@ char *ne_iaddr_print(const ne_inet_addr *ia, char *buf, size_t bufsiz) return buf; } -unsigned char *ne_iaddr_raw(const ne_inet_addr *ia, unsigned char *buf) -{ -#ifdef USE_GETADDRINFO -#ifdef AF_INET6 - if (ia->ai_family == AF_INET6) { - struct sockaddr_in6 *in6 = SACAST(in6, ia->ai_addr); - return memcpy(buf, in6->sin6_addr.s6_addr, sizeof in6->sin6_addr.s6_addr); - } else -#endif /* AF_INET6 */ - { - struct sockaddr_in *in = SACAST(in, ia->ai_addr); - return memcpy(buf, &in->sin_addr.s_addr, sizeof in->sin_addr.s_addr); - } -#else /* !USE_GETADDRINFO */ - return memcpy(buf, &ia->s_addr, sizeof ia->s_addr); -#endif -} - int ne_iaddr_reverse(const ne_inet_addr *ia, char *buf, size_t bufsiz) { #ifdef USE_GETADDRINFO @@ -1817,15 +1728,6 @@ const char *ne_sock_error(const ne_socket *sock) return sock->error; } -void ne_sock_set_error(ne_socket *sock, const char *format, ...) -{ - va_list params; - - va_start(params, format); - ne_vsnprintf(sock->error, sizeof sock->error, format, params); - va_end(params); -} - /* Closes given ne_socket */ int ne_sock_close(ne_socket *sock) { diff --git a/src/ne_socket.h b/src/ne_socket.h index 613f444..f7b6cd6 100644 --- a/src/ne_socket.h +++ b/src/ne_socket.h @@ -1,6 +1,6 @@ /* socket handling interface - Copyright (C) 1999-2008, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 1999-2007, Joe Orton <joe@manyfish.co.uk> This library is free software; you can redistribute it and/or modify it under the terms of the GNU Library General Public @@ -114,12 +114,6 @@ ne_iaddr_type ne_iaddr_typeof(const ne_inet_addr *ia); * buffer 'buffer', which is of length 'bufsiz'. Returns 'buffer'. */ char *ne_iaddr_print(const ne_inet_addr *ia, char *buffer, size_t bufsiz); -/* Dump the raw byte representation (in network byte order) of address - * 'ia' into the buffer 'buffer', which must be of a suitable length - * (4 bytes for an IPv4 address, 16 bytes for an IPv6 address). - * Returns 'buffer'. */ -unsigned char *ne_iaddr_raw(const ne_inet_addr *ia, unsigned char *buffer); - /* Perform the reverse name lookup on network address 'ia', placing * the returned name in the 'buf' buffer (of length 'bufsiz') if * successful. Returns zero on success, or non-zero on error. */ @@ -177,19 +171,6 @@ int ne_sock_block(ne_socket *sock, int n); * on error. */ int ne_sock_fullwrite(ne_socket *sock, const char *data, size_t count); -/* I/O vector. */ -struct ne_iovec { - void *base; - size_t len; -}; - -/* Writes 'count' blocks described by 'vector' to the socket. - * Guarantees to either write all the bytes or to fail. Count must be - * greater than zero and smaller than the system-defined maximum - * vector limit. Returns 0 on success, or NE_SOCK_* on error. */ -int ne_sock_fullwritev(ne_socket *sock, const struct ne_iovec *vector, - int count); - /* Read an LF-terminated line into 'buffer', and NUL-terminate it. * At most 'len' bytes are read (including the NUL terminator). * Returns: @@ -220,11 +201,6 @@ int ne_sock_close(ne_socket *sock); /* Return current error string for socket. */ const char *ne_sock_error(const ne_socket *sock); -/* Set the error string for the socket; takes printf-like format - * string. */ -void ne_sock_set_error(ne_socket *sock, const char *format, ...) - ne_attribute((format (printf, 2, 3))); - /* Set read timeout for socket, in seconds; must be a non-zero * positive integer. */ void ne_sock_read_timeout(ne_socket *sock, int timeout); @@ -260,37 +236,6 @@ int ne_sock_sessid(ne_socket *sock, unsigned char *buf, size_t *buflen); * freed by the caller. */ char *ne_sock_cipher(ne_socket *sock); -/* SOCKS proxy protocol version: */ -enum ne_sock_sversion { - NE_SOCK_SOCKSV4 = 0, - NE_SOCK_SOCKSV4A, - NE_SOCK_SOCKSV5 -}; - -/* Given a socket 'sock' which is connected to a SOCKS proxy, initiate - * a connection to a destination server using that proxy, specified - * either by network address or hostname, at given port 'port'. - * - * If 'vers' is NE_SOCKS_V4, addr must be an IPv4 address; hostname - * and password are ignored; username must be non-NULL. - * - * If 'vers' is NE_SOCKS_V4A, hostname must be non-NULL; addr is - * ignored; password is ignored; username must be non-NULL. - * - * If 'vers' is NE_SOCKS_V5, addr may be NULL, in which case hostname - * must be non-NULL. addr if non-NULL may be an IPv4 or IPv6 address; - * username may be NULL, in which case password is ignored. If - * username is non-NULL password must also be non-NULL. - * - * Returns 0 on success, or NE_SOCK_* on failure - in which case, the - * socket error string is set. On failure, the socket must be closed - * by the caller. - */ -int ne_sock_proxy(ne_socket *sock, enum ne_sock_sversion vers, - const ne_inet_addr *addr, const char *hostname, - unsigned int port, - const char *username, const char *password); - NE_END_DECLS #endif /* NE_SOCKET_H */ diff --git a/src/ne_socks.c b/src/ne_socks.c deleted file mode 100644 index 73d9f04..0000000 --- a/src/ne_socks.c +++ /dev/null @@ -1,354 +0,0 @@ -/* - SOCKS proxy support for neon - Copyright (C) 2008, Joe Orton <joe@manyfish.co.uk> - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the Free - Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, - MA 02111-1307, USA -*/ - -#include "config.h" - -#include "ne_internal.h" -#include "ne_string.h" -#include "ne_socket.h" -#include "ne_utils.h" - -#include <string.h> - -/* SOCKS protocol reference: - v4: http://www.ufasoft.com/doc/socks4_protocol.htm - v4a http://www.smartftp.com/Products/SmartFTP/RFC/socks4a.protocol - v5: http://tools.ietf.org/html/rfc1928 - ...v5 auth: http://tools.ietf.org/html/rfc1929 -*/ - -#define V5_REPLY_OK 0 -#define V5_REPLY_FAIL 1 -#define V5_REPLY_DISALLOW 2 -#define V5_REPLY_NET_UNREACH 3 -#define V5_REPLY_HOST_UNREACH 4 -#define V5_REPLY_CONN_REFUSED 5 -#define V5_REPLY_TTL_EXPIRED 6 -#define V5_REPLY_CMD_UNSUPPORTED 7 -#define V5_REPLY_TYPE_UNSUPPORTED 8 - -#define V5_VERSION 0x05 -#define V5_ADDR_IPV4 0x01 -#define V5_ADDR_FQDN 0x03 -#define V5_ADDR_IPV6 0x04 - -#define V5_CMD_CONNECT 0x01 - -#define V5_AUTH_NONE 0x00 -#define V5_AUTH_USER 0x02 -#define V5_AUTH_NOMETH 0xFF - -/* Fail with given V5 error code in given context. */ -static int v5fail(ne_socket *sock, unsigned int code, const char *context) -{ - const char *err; - - switch (code) { - case V5_REPLY_FAIL: - err = _("failure"); - break; - case V5_REPLY_DISALLOW: - err = _("connection not permitted"); - break; - case V5_REPLY_NET_UNREACH: - err = _("network unreachable"); - break; - case V5_REPLY_HOST_UNREACH: - err = _("host unreachable"); - break; - case V5_REPLY_TTL_EXPIRED: - err = _("TTL expired"); - break; - case V5_REPLY_CMD_UNSUPPORTED: - err = _("command not supported"); - break; - case V5_REPLY_TYPE_UNSUPPORTED: - err = _("address type not supported"); - break; - default: - ne_sock_set_error(sock, _("%s: unrecognized error (%u)"), context, code); - return NE_SOCK_ERROR; - } - - ne_sock_set_error(sock, "%s: %s", context, err); - return NE_SOCK_ERROR; -} - -/* Fail with given error string. */ -static int fail(ne_socket *sock, const char *error) -{ - ne_sock_set_error(sock, "%s", error); - return NE_SOCK_ERROR; -} - -/* Fail with given NE_SOCK_* error code and given context. */ -static int sofail(ne_socket *sock, ssize_t ret, const char *context) -{ - char *err = ne_strdup(ne_sock_error(sock)); - ne_sock_set_error(sock, "%s: %s", context, err); - ne_free(err); - return NE_SOCK_ERROR; -} - -/* SOCKSv5 proxy. */ -static int v5_proxy(ne_socket *sock, const ne_inet_addr *addr, - const char *hostname, unsigned int port, - const char *username, const char *password) -{ - unsigned char msg[1024], *p; - unsigned int len; - int ret; - ssize_t n; - - p = msg; - *p++ = V5_VERSION; - *p++ = 2; /* Two supported auth protocols; none and user. */ - *p++ = V5_AUTH_NONE; - *p++ = V5_AUTH_USER; - - ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); - if (ret) { - return sofail(sock, ret, _("Could not send message to proxy")); - } - - n = ne_sock_fullread(sock, (char *)msg, 2); - if (n) { - return sofail(sock, ret, _("Could not read initial response from proxy")); - } - else if (msg[0] != V5_VERSION) { - return fail(sock, _("Invalid version in proxy response")); - } - - /* Authenticate, if necessary. */ - switch (msg[1]) { - case V5_AUTH_NONE: - break; - case V5_AUTH_USER: - p = msg; - *p++ = 0x01; - len = strlen(username) & 0xff; - *p++ = len; - memcpy(p, username, len); - p += len; - len = strlen(password) & 0xff; - *p++ = len; - memcpy(p, password, len); - p += len; - - ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); - if (ret) { - return sofail(sock, ret, _("Could not send login message")); - } - - n = ne_sock_fullread(sock, (char *)msg, 2); - if (n) { - return sofail(sock, ret, _("Could not read login reply")); - } - else if (msg[0] != 1) { - return fail(sock, _("Invalid version in login reply")); - } - else if (msg[1] != 0) { - return fail(sock, _("Authentication failed")); - } - break; - case V5_AUTH_NOMETH: - return fail(sock, _("No acceptable authentication method")); - default: - return fail(sock, _("Unexpected authentication method chosen")); - } - - /* Send the CONNECT command. */ - p = msg; - *p++ = V5_VERSION; - *p++ = V5_CMD_CONNECT; - *p++ = 0; /* reserved */ - if (addr) { - unsigned char raw[16]; - - if (ne_iaddr_typeof(addr) == ne_iaddr_ipv4) { - len = 4; - *p++ = V5_ADDR_IPV4; - } - else { - len = 16; - *p++ = V5_ADDR_IPV6; - } - - memcpy(p, ne_iaddr_raw(addr, raw), len); - p += len; - } - else { - len = strlen(hostname) & 0xff; - *p++ = V5_ADDR_FQDN; - *p++ = len; - memcpy(p, hostname, len); - p += len; - } - - *p++ = (port >> 8) & 0xff; - *p++ = port & 0xff; - - ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); - if (ret) { - return sofail(sock, ret, _("Could not send connect request")); - } - - n = ne_sock_fullread(sock, (char *)msg, 4); - if (n) { - return sofail(sock, n, _("Could not read connect reply")); - } - if (msg[0] != V5_VERSION) { - return fail(sock, _("Invalid version in connect reply")); - } - if (msg[1] != V5_REPLY_OK) { - return v5fail(sock, msg[1], _("Could not connect")); - } - - switch (msg[3]) { - case V5_ADDR_IPV4: - len = 4; - break; - case V5_ADDR_IPV6: - len = 16; - break; - case V5_ADDR_FQDN: - n = ne_sock_read(sock, (char *)msg, 1); - if (n != 1) { - return sofail(sock, n, - _("Could not read FQDN length in connect reply")); - } - len = msg[0]; - break; - default: - return fail(sock, _("Unknown address type in connect reply")); - } - - n = ne_sock_fullread(sock, (char *)msg, len + 2); - if (n) { - return sofail(sock, n, _("Could not read address in connect reply")); - } - - return 0; -} - -#define V4_VERSION 0x04 -#define V4_CMD_STREAM 0x01 - -#define V4_REP_OK 0x5a /* request granted */ -#define V4_REP_FAIL 0x5b /* request rejected or failed */ -#define V4_REP_NOIDENT 0x5c /* request failed, could connect to identd */ -#define V4_REP_IDFAIL 0x5d /* request failed, identd denial */ - -/* Fail for given SOCKSv4 error code. */ -static int v4fail(ne_socket *sock, unsigned int code, const char *context) -{ - const char *err; - - switch (code) { - case V4_REP_FAIL: - err = _("request rejected or failed"); - break; - case V4_REP_NOIDENT: - err = _("could not establish connection to identd"); - break; - case V4_REP_IDFAIL: - err = _("rejected due to identd user mismatch"); - break; - default: - ne_sock_set_error(sock, _("%s: unrecognized failure (%u)"), - context, code); - return NE_SOCK_ERROR; - } - - ne_sock_set_error(sock, "%s: %s", context, err); - return NE_SOCK_ERROR; -} - -/* SOCKS v4 or v4A proxy. */ -static int v4_proxy(ne_socket *sock, enum ne_sock_sversion vers, - const ne_inet_addr *addr, const char *hostname, - unsigned int port, const char *username) -{ - unsigned char msg[1024], raw[16], *p; - ssize_t n; - int ret; - - p = msg; - *p++ = V4_VERSION; - *p++ = V4_CMD_STREAM; - *p++ = (port >> 8) & 0xff; - *p++ = port & 0xff; - - if (vers == NE_SOCK_SOCKSV4A) { - /* A bogus address is used to signify use of the hostname, - * 0.0.0.X where X != 0. */ - memcpy(p, "\x00\x00\x00\xff", 4); - } - else { - /* API precondition that addr is IPv4; if it's not this will - * just copy out the first four bytes of the v6 address; - * garbage in => garbage out. */ - memcpy(p, ne_iaddr_raw(addr, raw), 4); - } - p += 4; - - if (username) { - unsigned int len = strlen(username) & 0xff; - memcpy(p, username, len); - p += len; - } - *p++ = '\0'; - - if (vers == NE_SOCK_SOCKSV4A) { - unsigned int len = strlen(hostname) & 0xff; - memcpy(p, hostname, len); - p += len; - *p++ = '\0'; - } - - ret = ne_sock_fullwrite(sock, (char *)msg, p - msg); - if (ret) { - return sofail(sock, ret, _("Could not send message to proxy")); - } - - n = ne_sock_fullread(sock, (char *)msg, 8); - if (n) { - return sofail(sock, ret, _("Could not read response from proxy")); - } - - if (msg[1] != V4_REP_OK) { - return v4fail(sock, ret, _("Could not connect")); - } - - return 0; -} - -int ne_sock_proxy(ne_socket *sock, enum ne_sock_sversion vers, - const ne_inet_addr *addr, const char *hostname, - unsigned int port, - const char *username, const char *password) -{ - if (vers == NE_SOCK_SOCKSV5) { - return v5_proxy(sock, addr, hostname, port, username, password); - } - else { - return v4_proxy(sock, vers, addr, hostname, port, username); - } -} diff --git a/src/ne_string.c b/src/ne_string.c index 2d222f4..204b326 100644 --- a/src/ne_string.c +++ b/src/ne_string.c @@ -38,6 +38,8 @@ #include "ne_alloc.h" #include "ne_string.h" +/* hack for 0.28.x backport of ne_strnqdup, ne_buffer_qappend */ +#include "ne_private.h" char *ne_token(char **str, char separator) { @@ -317,7 +319,7 @@ static char *quoted_append(char *dest, const unsigned char *s, return q; } -void ne_buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len) +void ne__buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len) { const unsigned char *dend = data + len; char *q, *qs; @@ -334,7 +336,7 @@ void ne_buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len) buf->used += q - qs; } -char *ne_strnqdup(const unsigned char *data, size_t len) +char *ne__strnqdup(const unsigned char *data, size_t len) { const unsigned char *dend = data + len; char *dest = malloc(qappend_count(data, dend) + 1); diff --git a/src/ne_string.h b/src/ne_string.h index b48cf3e..63e53d0 100644 --- a/src/ne_string.h +++ b/src/ne_string.h @@ -90,11 +90,6 @@ void ne_buffer_zappend(ne_buffer *buf, const char *str); * a NUL terminator. (A NUL terminator is appended to buf) */ void ne_buffer_append(ne_buffer *buf, const char *data, size_t len); -/* Append 'len' bytes of 'data' to buf. All non-ASCII bytes, and - * ASCII control characters, are escaped. (Note that this includes - * the NUL byte). */ -void ne_buffer_qappend(ne_buffer *buf, const unsigned char *data, size_t len); - /* Print a string to the end of the buffer using printf-style format * string 'format' and subsqeuent arguments. At most 'max' characters * are appended; the number of characters appended (excluding the NUL @@ -139,11 +134,6 @@ char *ne_strerror(int errnum, char *buffer, size_t buflen); #define ne_strnzcpy(dest, src, n) do { size_t ne__nm1 = (n) - 1; \ strncpy(dest, src, ne__nm1); dest[ne__nm1] = '\0'; } while (0) -/* Return a malloc-allocated copy of 'data', of length 'len', with all - * non-ASCII bytes, and ASCII control characters escaped. (Note that - * the escaping includes the NUL byte). */ -char *ne_strnqdup(const unsigned char *data, size_t len); - /* Return malloc-allocated concatenation of all NUL-terminated string * arguments, up to a terminating NULL pointer. */ char *ne_concat(const char *str, ...) diff --git a/test/Makefile.in b/test/Makefile.in index 8617a3e..7a564d7 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -24,7 +24,7 @@ BASIC_TESTS = uri-tests util-tests string-tests socket \ ZLIB_TESTS = compress ZLIB_HELPERS = file1.gz file2.gz trailing.gz badcsum.gz truncated.gz \ corrupt1.gz corrupt2.gz empty.gz random.txt -DAV_TESTS = xml xmlreq oldacl acl3744 props lock +DAV_TESTS = xml xmlreq acl props lock SSL_TESTS = socket-ssl ssl SSL_HELPERS = ca-stamp TESTS = @TESTS@ @@ -66,7 +66,7 @@ all: $(TESTS) clean: rm -f $(TESTS) $(HELPERS) *.*o common/*.*o libtest.*a *.log rm -f *.gc* *.da *.bb* common/*.bb* common/*.gc* common/*.da - rm -rf ca ca2 .libs nssdb* + rm -rf ca .libs nssdb* rm -f ca-stamp client.key *.csr ssigned.pem wrongcn.pem \ server.cert client.cert *.p12 *.cert sparse.bin @@ -129,7 +129,7 @@ random.txt: $(NEWS) # since it changes for every invocation; not helpful for regression # testing. ca-stamp: makekeys $(srcdir)/openssl.conf - rm -rf ca ca2 + rm -rf ca OPENSSL=$(OPENSSL) \ $(SHELL) makekeys $(srcdir) 2>makekeys.out @echo timestamp > ca-stamp @@ -140,7 +140,7 @@ Makefile: $(srcdir)/Makefile.in makekeys: $(srcdir)/makekeys.sh cd .. && ./config.status test/makekeys -LIBOBJS = common/tests.lo common/child.lo utils.lo util-socks.lo +LIBOBJS = common/tests.lo common/child.lo utils.lo $(LIBTEST): $(LIBOBJS) $(LINK) -o $(LIBTEST) $(LIBOBJS) $(LIBNEON) @@ -161,7 +161,6 @@ resolve: resolve.lo $(LIBNEON) common/tests.lo: $(srcdir)/common/tests.c $(OBJDEPS) common/child.lo: $(srcdir)/common/child.c $(OBJDEPS) utils.lo: $(srcdir)/utils.c $(OBJDEPS) -util-socks.lo: $(srcdir)/util-socks.c $(OBJDEPS) auth.lo: $(srcdir)/auth.c $(OBJDEPS) uri-tests.lo: $(srcdir)/uri-tests.c $(OBJDEPS) util-tests.lo: $(srcdir)/util-tests.c $(OBJDEPS) @@ -171,8 +170,7 @@ server.lo: $(srcdir)/server.c $(OBJDEPS) request.lo: $(srcdir)/request.c $(OBJDEPS) regress.lo: $(srcdir)/regress.c $(OBJDEPS) compress.lo: $(srcdir)/compress.c $(OBJDEPS) -oldacl.lo: $(srcdir)/oldacl.c $(OBJDEPS) -acl3744.lo: $(srcdir)/acl3744.c $(OBJDEPS) +acl.lo: $(srcdir)/acl.c $(OBJDEPS) utils.lo: $(srcdir)/utils.c $(OBJDEPS) stubs.lo: $(srcdir)/stubs.c $(OBJDEPS) props.lo: $(srcdir)/props.c $(OBJDEPS) @@ -203,10 +201,8 @@ regress: regress.lo $(DEPS) $(LINK) -o $@ regress.lo $(DEPS) compress: compress.lo $(DEPS) $(LINK) -o $@ compress.lo $(DEPS) -oldacl: oldacl.lo $(DEPS) - $(LINK) -o $@ oldacl.lo $(DEPS) -acl3744: acl3744.lo $(DEPS) - $(LINK) -o $@ acl3744.lo $(DEPS) +acl: acl.lo $(DEPS) + $(LINK) -o $@ acl.lo $(DEPS) utils: utils.lo $(DEPS) $(LINK) -o $@ utils.lo $(DEPS) stubs: stubs.lo $(DEPS) diff --git a/test/oldacl.c b/test/acl.c index 2e72caa..2e72caa 100644 --- a/test/oldacl.c +++ b/test/acl.c diff --git a/test/acl3744.c b/test/acl3744.c deleted file mode 100644 index 5f0bf8b..0000000 --- a/test/acl3744.c +++ /dev/null @@ -1,105 +0,0 @@ -/* - Dummy ACL tests - Copyright (C) 2001-2007, Joe Orton <joe@manyfish.co.uk> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "ne_acl3744.h" - -#include "tests.h" -#include "child.h" -#include "utils.h" - -/**** DUMMY TESTS: just makes sure the stuff doesn't dump core. */ - -static int test_acl(const char *uri, ne_acl_entry *es, int nume) -{ - ne_session *sess; - - CALL(make_session(&sess, single_serve_string, - "HTTP/1.1 200 OK\r\n" - "Connection: close\r\n\r\n")); - - ON(ne_acl3744_set(sess, uri, es, nume)); - - CALL(await_server()); - ne_session_destroy(sess); - - return OK; -} - -static int grant_all(void) -{ - ne_acl_entry e = {0}; - - e.target = ne_acl_all; - e.type = ne_acl_grant; - e.privileges = NE_ACL_ALL; - - CALL(test_acl("/foo", &e, 1)); - - return OK; -} - -static int deny_all(void) -{ - ne_acl_entry e = {0}; - - e.target = ne_acl_all; - e.type = ne_acl_deny; - e.privileges = NE_ACL_ALL; - - CALL(test_acl("/foo", &e, 1)); - - return OK; -} - -static int deny_one(void) -{ - ne_acl_entry e = {0}; - - e.target = ne_acl_href; - e.tname = "http://webdav.org/users/joe"; - e.type = ne_acl_deny; - e.privileges = NE_ACL_ALL; - - CALL(test_acl("/foo", &e, 1)); - - return OK; -} - -static int deny_byprop(void) -{ - ne_acl_entry e = {0}; - - e.target = ne_acl_property; - e.type = ne_acl_deny; - e.tname = "owner"; - e.privileges = NE_ACL_ALL; - - CALL(test_acl("/foo", &e, 1)); - - return OK; -} - -ne_test tests[] = { - T(grant_all), - T(deny_all), - T(deny_one), - T(deny_byprop), - T(NULL) -}; diff --git a/test/common/child.c b/test/common/child.c index d8f5c2b..0e2cff7 100644 --- a/test/common/child.c +++ b/test/common/child.c @@ -1,6 +1,6 @@ /* Framework for testing with a server process - Copyright (C) 2001-2008, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2001-2004, Joe Orton <joe@manyfish.co.uk> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -225,7 +225,6 @@ int spawn_server_addr(int bind_local, int port, server_fn fn, void *ud) } /* and quit the child. */ - NE_DEBUG(NE_DBG_HTTP, "child exiting with %d\n", ret); exit(ret); } else { char ch; @@ -332,24 +331,14 @@ int dead_server(void) int await_server(void) { - int status, code; + int status; (void) wait(&status); /* so that we aren't reaped by mistake. */ child = 0; - if (WIFEXITED(status)) { - code = WEXITSTATUS(status); - - ONV(code, - ("server process terminated abnormally: %s (%d)", - code == FAIL ? "FAIL" : "error", code)); - } - else { - ONV(WIFSIGNALED(status), - ("server process terminated by signal %d", WTERMSIG(status))); - } + ONN("error from server process", WEXITSTATUS(status)); return OK; } diff --git a/test/common/tests.c b/test/common/tests.c index 1ef9981..0e9c71a 100644 --- a/test/common/tests.c +++ b/test/common/tests.c @@ -61,8 +61,6 @@ int test_argc; const char *test_suite; int test_num; -static int quiet, count; - /* statistics for all tests so far */ static int passes = 0, fails = 0, skipped = 0, warnings = 0; @@ -149,32 +147,10 @@ void in_child(void) flag_child = 1; } -static const char dots[] = "......................"; - -static void print_prefix(int n) -{ - if (quiet) { - printf("\r%s%.*s %2u/%2u ", test_suite, - (int) (strlen(dots) - strlen(test_suite)), dots, - n + 1, count); - } - else { - if (warned) { - printf(" %s ", dots); - } - else { - printf("\r%2d. %s%.*s ", n, test_name, - (int) (strlen(dots) - strlen(test_name)), dots); - } - } - fflush(stdout); -} - - int main(int argc, char *argv[]) { int n; - char *tmp; + static const char dots[] = "......................"; /* get basename(argv[0]) */ test_suite = strrchr(argv[0], '/'); @@ -239,16 +215,8 @@ int main(int argc, char *argv[]) printf(" Socket library initalization failed.\n"); } - if ((tmp = getenv("TEST_QUIET")) != NULL && strcmp(tmp, "1") == 0) { - quiet = 1; - } - - if (!quiet) - printf("-> running `%s':\n", test_suite); + printf("-> running `%s':\n", test_suite); - for (count = 0; tests[count].fn; count++) - /* nullop */; - for (n = 0; !aborted && tests[n].fn != NULL; n++) { int result, is_xfail = 0; #ifdef NEON_MEMLEAK @@ -257,9 +225,8 @@ int main(int argc, char *argv[]) #endif test_name = tests[n].name; - - print_prefix(n); - + printf("%2d. %s%.*s ", n, test_name, + (int) (strlen(dots) - strlen(test_name)), dots); have_context = 0; test_num = n; warned = 0; @@ -300,50 +267,38 @@ int main(int argc, char *argv[]) } } - print_prefix(n); + /* align the result column if we've had warnings. */ + if (warned) { + printf(" %s ", dots); + } switch (result) { case OK: - passes++; if (is_xfail) { COL("32;07"); - printf("XFAIL"); - } else if (!quiet) { + printf("xfail"); + } else { COL("32"); printf("pass"); } NOCOL; - if (quiet && is_xfail) { - printf(" - %s", test_name); - if (have_context) { - printf(" (%s)", test_context); - } - } - if (warned && !quiet) { + if (warned) { printf(" (with %d warning%s)", warned, (warned > 1)?"s":""); } #ifdef NEON_MEMLEAK if (is_xleaky) { - if (quiet) { - printf("expected leak - %s: %" NE_FMT_SIZE_T " bytes", - test_name, ne_alloc_used - allocated); - } - else { - printf(" (expected leak, %" NE_FMT_SIZE_T " bytes)", - ne_alloc_used - allocated); - } + printf(" (with expected leak, %" NE_FMT_SIZE_T " bytes)", + ne_alloc_used - allocated); } #endif - if (!quiet || is_xfail) putchar('\n'); + putchar('\n'); + passes++; break; case FAILHARD: aborted = 1; /* fall-through */ case FAIL: COL("41;37;01"); printf("FAIL"); NOCOL; - if (quiet) { - printf(" - %s", test_name); - } if (have_context) { printf(" (%s)", test_context); } @@ -355,9 +310,6 @@ int main(int argc, char *argv[]) /* fall-through */ case SKIP: COL("44;37;01"); printf("SKIPPED"); NOCOL; - if (quiet) { - printf(" - %s", test_name); - } if (have_context) { printf(" (%s)", test_context); } @@ -371,59 +323,30 @@ int main(int argc, char *argv[]) } reap_server(); - - if (quiet) { - print_prefix(n); - } } /* discount skipped tests */ if (skipped) { - if (!quiet) - printf("-> %d %s.\n", skipped, - skipped == 1 ? "test was skipped" : "tests were skipped"); + printf("-> %d %s.\n", skipped, + skipped==1?"test was skipped":"tests were skipped"); n -= skipped; + if (passes + fails != n) { + printf("-> ARGH! Number of test results does not match " + "number of tests.\n" + "-> ARGH! Test Results are INRELIABLE.\n"); + } } /* print the summary. */ if (skipped && n == 0) { - if (quiet) - puts("(all skipped)"); - else - printf("<- all tests skipped for `%s'.\n", test_suite); + printf("<- all tests skipped for `%s'.\n", test_suite); } else { - if (quiet) { - printf("\r%s%.*s %2u/%2u ", test_suite, - (int) (strlen(dots) - strlen(test_suite)), dots, - passes, count); - if (fails == 0) { - COL("32"); - printf("passed"); - NOCOL; - putchar(' '); - } - else { - printf("passed, %d failed ", fails); - } - if (skipped) - printf("(%d skipped) ", skipped); - } - else /* !quiet */ - printf("<- summary for `%s': " - "of %d tests run: %d passed, %d failed. %.1f%%\n", - test_suite, n, passes, fails, 100*(float)passes/n); + printf("<- summary for `%s': " + "of %d tests run: %d passed, %d failed. %.1f%%\n", + test_suite, n, passes, fails, 100*(float)passes/n); if (warnings) { - if (quiet) { - printf("(%d warning%s)\n", warnings, - warnings==1?"s":""); - } - else { - printf("-> %d warning%s issued.\n", warnings, - warnings==1?" was":"s were"); - } - } - else if (quiet) { - putchar('\n'); - } + printf("-> %d warning%s issued.\n", warnings, + warnings==1?" was":"s were"); + } } if (fclose(debug)) { diff --git a/test/makekeys.sh b/test/makekeys.sh index 4e9b39a..7fa7b01 100755 --- a/test/makekeys.sh +++ b/test/makekeys.sh @@ -12,30 +12,19 @@ MKCERT="${REQ} -x509 -new -days 900" REQDN=reqDN STRMASK=default -CADIR=./ca -export REQDN STRMASK CADIR - -asn1date() { - date -d "$1" "+%y%m%d%H%M%SZ" -} +export REQDN STRMASK openssl version 1>&2 set -ex -for i in ca ca1 ca2 ca3; do - rm -rf $i - mkdir $i - touch $i/index.txt - echo 01 > $i/serial - ${OPENSSL} genrsa -rand ${srcdir}/../configure > $i/key.pem -done +mkdir ca +touch ca/index.txt +echo 01 > ca/serial +${OPENSSL} genrsa -rand ${srcdir}/../configure > ca/key.pem ${OPENSSL} genrsa -rand ${srcdir}/../configure > client.key -${OPENSSL} dsaparam -genkey -rand ${srcdir}/../configure 1024 > client.dsap -${OPENSSL} gendsa client.dsap > clientdsa.key - ${MKCERT} -key ca/key.pem -out ca/cert.pem <<EOF US California @@ -66,25 +55,8 @@ neon@webdav.org EOF } -# Create intermediary CA -csr_fields IntermediaryCA | ${REQ} -new -key ca2/key.pem -out ca2.csr -${CA} -extensions caExt -days 3560 -in ca2.csr -out ca2/cert.pem - -csr_fields ExpiredCA | ${REQ} -new -key ca1/key.pem -out ca1/cert.csr - -csr_fields NotYetValidCA | ${REQ} -new -key ca3/key.pem -out ca3/cert.csr - -CADIR=./ca1 ${CA} -name neoncainit -extensions caExt -startdate `asn1date "2 days ago"` -enddate `asn1date "yesterday"` \ - -in ca1/cert.csr -keyfile ca1/key.pem -out ca1/cert.pem -selfsign - -CADIR=./ca3 ${CA} -name neoncainit -extensions caExt -startdate `asn1date "1 year"` -enddate `asn1date "2 years"` \ - -in ca3/cert.csr -keyfile ca3/key.pem -out ca3/cert.pem -selfsign - csr_fields | ${REQ} -new -key ${srcdir}/server.key -out server.csr -csr_fields | ${REQ} -new -key ${srcdir}/server.key -out expired.csr -csr_fields | ${REQ} -new -key ${srcdir}/server.key -out notyet.csr - csr_fields "Upper Case Dept" lOcALhost | \ ${REQ} -new -key ${srcdir}/server.key -out caseless.csr @@ -112,9 +84,6 @@ ${REQ} -new -key ${srcdir}/server.key -out altname7.csr csr_fields "Bad ipAddress altname 3 Dept" nowhere.example.com | \ ${REQ} -new -key ${srcdir}/server.key -out altname8.csr -csr_fields "Wildcard Altname Dept 1" | \ -${REQ} -new -key ${srcdir}/server.key -out altname9.csr - csr_fields "Bad Hostname Department" nohost.example.com | \ ${REQ} -new -key ${srcdir}/server.key -out wrongcn.csr @@ -123,15 +92,15 @@ ${MKCERT} -key ${srcdir}/server.key -out ssigned.pem # default => T61String csr_fields "`echo -e 'H\0350llo World'`" localhost | -${REQ} -new -key ${srcdir}/server.key -out t61subj.csr +${MKCERT} -key ${srcdir}/server.key -out t61subj.cert STRMASK=pkix # => BMPString csr_fields "`echo -e 'H\0350llo World'`" localhost | -${REQ} -new -key ${srcdir}/server.key -out bmpsubj.csr +${MKCERT} -key ${srcdir}/server.key -out bmpsubj.cert STRMASK=utf8only # => UTF8String csr_fields "`echo -e 'H\0350llo World'`" localhost | -${REQ} -new -key ${srcdir}/server.key -out utf8subj.csr +${MKCERT} -key ${srcdir}/server.key -out utf8subj.cert STRMASK=default @@ -157,9 +126,6 @@ ${REQ} -new -key ${srcdir}/server.key -out wildcard.csr csr_fields "Neon Client Cert" ignored.example.com | \ ${REQ} -new -key client.key -out client.csr -csr_fields "Neon Client Cert" ignored.example.com | \ -${REQ} -new -key clientdsa.key -out clientdsa.csr - ### requests using special DN. REQDN=reqDN.doubleCN @@ -182,33 +148,16 @@ First OU Dept" | ${REQ} -new -key ${srcdir}/server.key -out twoou.csr ### don't put ${REQ} invocations after here -for f in server client clientdsa twocn caseless cnfirst \ - t61subj bmpsubj utf8subj \ +for f in server client twocn caseless cnfirst \ missingcn justmail twoou wildcard wrongcn; do ${CA} -days 900 -in ${f}.csr -out ${f}.cert done -${CA} -startdate `asn1date "2 days ago"` -enddate `asn1date "yesterday"` -in expired.csr -out expired.cert - -${CA} -startdate `asn1date "tomorrow"` -enddate `asn1date "2 days"` -in notyet.csr -out notyet.cert - -for n in 1 2 3 4 5 6 7 8 9; do +for n in 1 2 3 4 5 6 7 8; do ${CA} -extensions altExt${n} -days 900 \ -in altname${n}.csr -out altname${n}.cert done -# Sign this CSR using the intermediary CA -CADIR=./ca2 ${CA} -days 900 -in server.csr -out ca2server.cert -# And create a file with the concatenation of both EE and intermediary -# cert. -cat ca2server.cert ca2/cert.pem > ca2server.pem - -# sign with expired CA -CADIR=./ca1 ${CA} -days 3 -in server.csr -out ca1server.cert - -# sign with not yet valid CA -CADIR=./ca3 ${CA} -days 3 -in server.csr -out ca3server.cert - MKPKCS12="${OPENSSL} pkcs12 -export -passout stdin -in client.cert -inkey client.key" # generate a PKCS12 cert from the client cert: -passOUT because it's the @@ -218,12 +167,6 @@ echo foobar | ${MKPKCS12} -name "Just A Neon Client Cert" -out client.p12 # generate a PKCS#12 cert with no password and a friendly name echo | ${MKPKCS12} -name "An Unencrypted Neon Client Cert" -out unclient.p12 -# PKCS#12 cert with DSA key -echo | ${OPENSSL} pkcs12 -name "An Unencrypted Neon DSA Client Cert" \ - -export -passout stdin \ - -in clientdsa.cert -inkey clientdsa.key \ - -out dsaclient.p12 - # generate a PKCS#12 cert with no friendly name echo | ${MKPKCS12} -out noclient.p12 @@ -248,16 +191,11 @@ CERTUTIL=@CERTUTIL@ PK12UTIL=@PK12UTIL@ if [ ${CERTUTIL} != "notfound" -a ${PK12UTIL} != "notfound" ]; then - rm -rf nssdb nssdb-dsa - mkdir nssdb nssdb-dsa - + rm -rf nssdb echo foobar > nssdb.pw - + mkdir nssdb ${CERTUTIL} -d nssdb -N -f nssdb.pw ${PK12UTIL} -d nssdb -K foobar -W '' -i unclient.p12 - - ${CERTUTIL} -d nssdb-dsa -N -f nssdb.pw - ${PK12UTIL} -d nssdb-dsa -K foobar -W '' -i dsaclient.p12 - + ${CERTUTIL} -d nssdb -f nssdb.pw -n 'The CA Cert' -t T -A < ca/cert.pem rm -f nssdb.pw fi diff --git a/test/openssl.conf b/test/openssl.conf index 959c945..83614ac 100644 --- a/test/openssl.conf +++ b/test/openssl.conf @@ -2,7 +2,7 @@ default_ca = neonca [neonca] -dir = ${ENV::CADIR} +dir = ./ca database = $dir/index.txt new_certs_dir = $dir certificate = $dir/cert.pem @@ -13,20 +13,6 @@ default_md = sha1 x509_extensions = issuedExt unique_subject = no -# same as neonca1 just +basicConstraints and without certificate to -# allow creation of the initial self signed certificate -[neoncainit] -dir = ${ENV::CADIR} -database = $dir/index.txt -new_certs_dir = $dir -serial = $dir/serial -private_key = $dir/key.pem -policy = policy_any -default_md = sha1 -x509_extensions = issuedExt -unique_subject = no -basicConstraints = CA:TRUE - [policy_any] countryName = optional stateOrProvinceName = optional @@ -79,10 +65,6 @@ subjectAltName = URI:https://localhost:7777/ [altExt8] subjectAltName = URI:http://nohost.example.com/ -# AltName with wildcard -[altExt9] -subjectAltName = DNS:*.example.com - [reqDN] countryName = Country Name stateOrProvinceName = State or Province Name diff --git a/test/request.c b/test/request.c index d95223a..7bbe295 100644 --- a/test/request.c +++ b/test/request.c @@ -1791,8 +1791,7 @@ static int send_bad_offset(void) ONN("request dispatched with bad offset!", ret == NE_OK); ONV(ret != NE_ERROR, - ("request failed with unexpected error code %d: %s", - ret, ne_get_error(sess))); + ("request failed with non-NE_ERROR: %s", ne_get_error(sess))); ONV(strstr(ne_get_error(sess), "Could not seek") == NULL, ("bad error message from seek failure: %s", ne_get_error(sess))); @@ -2155,63 +2154,6 @@ static int dereg_progress(void) return await_server(); } -static int addrlist(void) -{ - ne_session *sess; - ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); - const ne_inet_addr *ial[1]; - - sess = ne_session_create("http", "www.example.com", 7777); - - CALL(spawn_server(7777, single_serve_string, EMPTY_RESP)); - - ial[0] = ia; - - ne_set_addrlist(sess, ial, 1); - - CALL(any_2xx_request(sess, "/blah")); - - ne_session_destroy(sess); - ne_iaddr_free(ia); - - return await_server(); -} - -static int socks_session(ne_session **sess, struct socks_server *srv, - const char *hostname, unsigned int port, - server_fn server, void *userdata) -{ - srv->server = server; - srv->userdata = userdata; - CALL(spawn_server(7777, socks_server, srv)); - *sess = ne_session_create("http", hostname, port); - ne_session_socks_proxy(*sess, srv->version, "localhost", 7777, - srv->username, srv->password); - return OK; -} - -static int socks_proxy(void) -{ - ne_session *sess; - struct socks_server srv = {0}; - - srv.version = NE_SOCK_SOCKSV5; - srv.failure = fail_none; - srv.expect_port = 4242; - srv.expect_addr = NULL; - srv.expect_fqdn = "socks.example.com"; - srv.username = "bloggs"; - srv.password = "guessme"; - - CALL(socks_session(&sess, &srv, srv.expect_fqdn, srv.expect_port, - single_serve_string, EMPTY_RESP)); - - CALL(any_2xx_request(sess, "/blee")); - - ne_session_destroy(sess); - return await_server(); -} - /* TODO: test that ne_set_notifier(, NULL, NULL) DTRT too. */ ne_test tests[] = { @@ -2300,7 +2242,5 @@ ne_test tests[] = { T(status_chunked), T(local_addr), T(dereg_progress), - T(addrlist), - T(socks_proxy), T(NULL) }; diff --git a/test/run.sh b/test/run.sh index 194e0b3..71e75f5 100644 --- a/test/run.sh +++ b/test/run.sh @@ -13,8 +13,6 @@ MALLOC_CHECK_=2 MALLOC_PERTURB_=`expr $RANDOM % 255 2>/dev/null` export MALLOC_CHECK_ MALLOC_PERTURB_ -export TEST_QUIET=${TEST_QUIET:-1} - RETVAL=0 for f in $*; do diff --git a/test/socket.c b/test/socket.c index 54f969a..b2a681e 100644 --- a/test/socket.c +++ b/test/socket.c @@ -226,7 +226,6 @@ static int addr_make_v4(void) { ne_inet_addr *ia; char pr[50]; - unsigned char raw[5]; ia = ne_iaddr_make(ne_iaddr_ipv4, raw_127); ONN("ne_iaddr_make returned NULL", ia == NULL); @@ -236,11 +235,6 @@ static int addr_make_v4(void) ONN("bogus ne_iaddr_typeof return", ne_iaddr_typeof(ia) != ne_iaddr_ipv4); - raw[4] = 'Z'; - ONN("ne_iaddr_raw gave bad retval", ne_iaddr_raw(ia, raw) != raw); - ONN("raw address mismatch", memcmp(raw, raw_127, 4) != 0); - ONN("ne_iaddr_raw buffer overflow", raw[4] != 'Z'); - ne_iaddr_free(ia); return OK; } @@ -262,7 +256,6 @@ static int addr_make_v6(void) for (n = 0; as[n].rep != NULL; n++) { ne_inet_addr *ia = ne_iaddr_make(ne_iaddr_ipv6, as[n].addr); char pr[128]; - unsigned char raw[17]; ONV(ia == NULL, ("could not make address for '%s'", as[n].rep)); @@ -273,11 +266,6 @@ static int addr_make_v6(void) ONN("bogus ne_iaddr_typeof return", ne_iaddr_typeof(ia) != ne_iaddr_ipv6); - raw[16] = 'Z'; - ONN("ne_iaddr_raw gave bad retval", ne_iaddr_raw(ia, raw) != raw); - ONN("raw address mismatch", memcmp(raw, as[n].addr, 4) != 0); - ONN("ne_iaddr_raw buffer overflow", raw[16] != 'Z'); - ne_iaddr_free(ia); } @@ -843,6 +831,14 @@ static int serve_expect(ne_socket *sock, void *ud) return OK; } +static int full_write(ne_socket *sock, const char *data, size_t len) +{ + int ret = ne_sock_fullwrite(sock, data, len); + NE_DEBUG(NE_DBG_SOCKET, "wrote: [%.*s]\n", (int)len, data); + ONV(ret, ("write failed (%d): %s", ret, ne_sock_error(sock))); + return OK; +} + #define WRITEL(str) CALL(full_write(sock, str, strlen(str))); \ minisleep() @@ -878,43 +874,6 @@ static int large_writes(void) return finish(sock, 1); } -static int full_writev(ne_socket *sock, struct ne_iovec *vec, int count) -{ - int ret = ne_sock_fullwritev(sock, vec, count); - NE_DEBUG(NE_DBG_SOCKET, "wrote vector (%d)\n", count); - ONV(ret, ("writev failed (%d): %s", ret, ne_sock_error(sock))); - return OK; -} - -#undef LARGE_SIZE -#define LARGE_SIZE (123456 * 4) - -static int large_writev(void) -{ - struct string str; - ne_socket *sock; - ssize_t n; - struct ne_iovec vec[4]; - - str.data = ne_malloc(LARGE_SIZE); - str.len = LARGE_SIZE; - - for (n = 0; n < LARGE_SIZE; n++) - str.data[n] = 41 + n % 130; - - for (n = 0; n < 4; n++) { - vec[n].base = str.data + n * LARGE_SIZE / 4; - vec[n].len = LARGE_SIZE / 4; - } - - CALL(begin(&sock, serve_expect, &str)); - CALL(full_writev(sock, vec, 4)); - - ne_free(str.data); - return finish(sock, 1); -} - - /* echoes back lines. */ static int echo_server(ne_socket *sock, void *ud) { @@ -1243,147 +1202,6 @@ static int cipher(void) return finish(sock, 1); } -static int error(void) -{ - ne_socket *sock = ne_sock_create(); - - ne_sock_set_error(sock, "%s:%s", "fish", "42"); - - ONCMP("fish:42", ne_sock_error(sock), "socket error", "set"); - - ne_sock_close(sock); - return OK; -} - -static int begin_socks(ne_socket **sock, struct socks_server *srv, - server_fn server, void *userdata) -{ - srv->server = server; - srv->userdata = userdata; - srv->say_hello = 1; - CALL(spawn_server(7777, socks_server, srv)); - return do_connect(sock, localhost, 7777); -} - -static int socks_proxy(void) -{ - static const struct { - enum ne_sock_sversion version; - int addr; - const char *fqdn; - unsigned int port; - const char *username, *password; - } ts[] = { - { NE_SOCK_SOCKSV4, 4, NULL, 55555, NULL, NULL }, - { NE_SOCK_SOCKSV4, 4, NULL, 55555, "foobar", NULL }, - { NE_SOCK_SOCKSV4A, 0, "www.example.com", 55555, NULL, NULL }, - { NE_SOCK_SOCKSV5, 0, "www.example.com", 55555, NULL, NULL }, - { NE_SOCK_SOCKSV5, 4, NULL, 55555, NULL, NULL }, - { NE_SOCK_SOCKSV5, 6, NULL, 55555, NULL, NULL }, - { NE_SOCK_SOCKSV5, 0, "www.example.com", 55555, "norman", "foobar" } - }; - unsigned n; - - for (n = 0; n < sizeof(ts)/sizeof(ts[n]); n++) { - ne_socket *sock; - struct socks_server arg = {0}; - int ret; - - arg.version = ts[n].version; - arg.expect_port = ts[n].port; - if (ts[n].addr == 4) - arg.expect_addr = ne_iaddr_make(ne_iaddr_ipv4, raw_127); - else if (ts[n].addr == 6) - arg.expect_addr = ne_iaddr_make(ne_iaddr_ipv4, raw6_cafe); - else - arg.expect_fqdn = ts[n].fqdn; - arg.username = ts[n].username; - arg.password = ts[n].password; - - CALL(begin_socks(&sock, &arg, echo_server, NULL)); - - ret = ne_sock_proxy(sock, ts[n].version, arg.expect_addr, - ts[n].fqdn, ts[n].port, - ts[n].username, ts[n].password); - ONV(ret, ("proxy connect #%u gave %d", n, ret)); - FULLREAD("ok!\n"); - ECHO("hello,\n"); - ECHO("\n"); - ECHO("world\n"); - - if (ts[n].addr) - ne_iaddr_free(arg.expect_addr); - - CALL(finish(sock, 0)); - } - - return OK; -} - -static int fail_socks(void) -{ - static const struct { - enum ne_sock_sversion version; - enum socks_failure failure; - const char *expect; - const char *username, *password; - } ts[] = { - { NE_SOCK_SOCKSV5, fail_init_vers, - "Invalid version in proxy response", NULL, NULL }, - { NE_SOCK_SOCKSV5, fail_init_trunc, - "Could not read initial response from proxy: Connection closed", - NULL, NULL }, - { NE_SOCK_SOCKSV5, fail_init_close, - "Could not read initial response from proxy: Connection closed", - NULL, NULL }, - { NE_SOCK_SOCKSV5, fail_no_auth, - "No acceptable authentication method", - NULL, NULL }, - { NE_SOCK_SOCKSV5, fail_bogus_auth, - "Unexpected authentication method chosen", - NULL, NULL }, - { NE_SOCK_SOCKSV5, fail_auth_close, - "Could not read login reply: Connection closed", - "foo", "bar" }, - { NE_SOCK_SOCKSV5, fail_auth_denied, - "Authentication failed", "foo", "bar" } - }; - unsigned n; - - for (n = 0; n < sizeof(ts)/sizeof(ts[n]); n++) { - ne_socket *sock; - struct socks_server arg = {0}; - int ret; - - arg.version = ts[n].version; - arg.failure = ts[n].failure; - arg.expect_port = 5555; - arg.expect_addr = ne_iaddr_make(ne_iaddr_ipv4, raw_127); - arg.username = ts[n].username; - arg.password = ts[n].password; - - CALL(begin_socks(&sock, &arg, echo_server, NULL)); - - ret = ne_sock_proxy(sock, ts[n].version, arg.expect_addr, - NULL, arg.expect_port, - ts[n].username, ts[n].password); - ONV(ret == 0, - ("proxy connect #%u succeeded, expected failure '%s'", n, - ts[n].expect)); - - if (ret != 0 && strstr(ne_sock_error(sock), ts[n].expect) == NULL) { - t_warning("proxy connect #%u got unexpected failure '%s', wanted '%s'", - n, ne_sock_error(sock), ts[n].expect); - } - - ne_iaddr_free(arg.expect_addr); - - CALL(finish(sock, 0)); - } - - return OK; -} - ne_test tests[] = { T(multi_init), T_LEAKY(resolve), @@ -1417,11 +1235,9 @@ ne_test tests[] = { T(line_long_chunked), T(small_writes), T(large_writes), - T(large_writev), T(echo_lines), T(blocking), T(prebind), - T(error), #ifdef SOCKET_SSL T(ssl_closure), T(ssl_truncate), @@ -1437,7 +1253,5 @@ ne_test tests[] = { T(readline_timeout), T(fullread_timeout), T(block_timeout), - T(socks_proxy), - T(fail_socks), T(NULL) }; @@ -48,7 +48,6 @@ #include "ne_pkcs11.h" #define SERVER_CERT "server.cert" -#define CA2_SERVER_CERT "ca2server.pem" #define CA_CERT "ca/cert.pem" #define P12_PASSPHRASE "foobar" @@ -63,8 +62,6 @@ static char *server_key = NULL; static ne_ssl_certificate *def_ca_cert = NULL, *def_server_cert; static ne_ssl_client_cert *def_cli_cert; -static char *nul_cn_fn; - static int check_dname(const ne_ssl_dname *dn, const char *expected, const char *which); @@ -277,8 +274,6 @@ static int init(void) return FAIL; } - nul_cn_fn = ne_concat(srcdir, "/nulcn.pem", NULL); - return OK; } @@ -441,15 +436,6 @@ static int simple_eof(void) return OK; } -static int intermediary(void) -{ - ne_session *sess = DEFSESS; - struct ssl_server_args args = {CA2_SERVER_CERT, 0}; - CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL)); - ne_session_destroy(sess); - return OK; -} - static int empty_truncated_eof(void) { ne_session *sess = DEFSESS; @@ -514,20 +500,6 @@ static int wildcard_match(void) return OK; } -static int wildcard_match_altname(void) -{ - ne_session *sess; - struct ssl_server_args args = {"altname9.cert", 0}; - - sess = ne_session_create("https", "anything.example.com", 443); - ne_session_proxy(sess, "localhost", 7777); - - CALL(any_ssl_request(sess, tunnel_server, &args, CA_CERT, NULL, NULL)); - ne_session_destroy(sess); - - return OK; -} - /* Check that hostname comparisons are not cases-sensitive. */ static int caseless_match(void) { @@ -682,11 +654,11 @@ static int parse_chain(void) int ret = 0; struct ssl_server_args args = {"wrongcn.cert", 0}; - args.ca_list = CA_CERT; + args.ca_list = "ca/cert.pem"; /* The cert is signed by the CA but has a CN mismatch, so will * force the verification callback to be invoked. */ - CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, + CALL(any_ssl_request(sess, ssl_server, &args, "ca/cert.pem", check_chain, &ret)); ne_session_destroy(sess); @@ -798,10 +770,6 @@ static int fail_ssl_request_with_error2(char *cert, char *key, char *cacert, /* and check that the request was failed too. */ ONV(ret == NE_OK, ("%s", msg)); - ONV(errstr && strstr(ne_get_error(sess), errstr) == NULL, - ("unexpected failure message '%s', wanted '%s'", - ne_get_error(sess), errstr)); - ne_session_destroy(sess); return OK; @@ -810,23 +778,11 @@ static int fail_ssl_request_with_error2(char *cert, char *key, char *cacert, /* Helper function: run a request using the given self-signed server * certificate, and expect the request to fail with the given * verification failure flags. */ -static int fail_ssl_request_with_error(char *cert, char *cacert, const char *host, - const char *msg, int failures, - const char *errstr) -{ - return fail_ssl_request_with_error2(cert, NULL, cacert, host, NULL, - msg, failures, errstr); -} - - -/* Helper function: run a request using the given self-signed server - * certificate, and expect the request to fail with the given - * verification failure flags. */ static int fail_ssl_request(char *cert, char *cacert, const char *host, const char *msg, int failures) { - return fail_ssl_request_with_error(cert, cacert, host, msg, failures, - NULL); + return fail_ssl_request_with_error2(cert, NULL, cacert, host, NULL, + msg, failures, NULL); } /* Note that the certs used for fail_* are mostly self-signed, so the @@ -836,51 +792,35 @@ static int fail_ssl_request(char *cert, char *cacert, const char *host, * flagged as such. */ static int fail_wrongCN(void) { - return fail_ssl_request_with_error("wrongcn.cert", "ca/cert.pem", "localhost", - "certificate with incorrect CN was accepted", - NE_SSL_IDMISMATCH, - "certificate issued for a different hostname"); - + return fail_ssl_request("wrongcn.cert", "ca/cert.pem", "localhost", + "certificate with incorrect CN was accepted", + NE_SSL_IDMISMATCH); } -#define SRCDIR(s) ne_concat(srcdir, "/" s, NULL) - static int fail_nul_cn(void) { - char *key = SRCDIR("nulsrv.key"), *ca = SRCDIR("nulca.pem"); - CALL(fail_ssl_request_with_error2(nul_cn_fn, key, ca, - "www.bank.com", "localhost", - "certificate with incorrect CN was accepted", - NE_SSL_IDMISMATCH, - "certificate issued for a different hostname")); - ne_free(key); - ne_free(ca); - return OK; + return fail_ssl_request_with_error2("nulcn.pem", "nulsrv.key", "nulca.pem", + "www.bank.com", "localhost", + "certificate with incorrect CN was accepted", + NE_SSL_IDMISMATCH, + "certificate issued for a different hostname"); } static int fail_nul_san(void) { - char *cert = SRCDIR("nulsan.pem"), *key = SRCDIR("nulsrv.key"), - *ca = SRCDIR("nulca.pem"); - CALL(fail_ssl_request_with_error2(cert, key, ca, - "www.bank.com", "localhost", - "certificate with incorrect CN was accepted", - NE_SSL_IDMISMATCH, - "certificate issued for a different hostname")); - ne_free(cert); - ne_free(key); - ne_free(ca); - return OK; + return fail_ssl_request_with_error2("nulsan.pem", "nulsrv.key", "nulca.pem", + "www.bank.com", "localhost", + "certificate with incorrect CN was accepted", + NE_SSL_IDMISMATCH, + "certificate issued for a different hostname"); } /* Check that an expired certificate is flagged as such. */ static int fail_expired(void) { char *c = ne_concat(srcdir, "/expired.pem", NULL); - CALL(fail_ssl_request_with_error(c, c, "localhost", - "expired certificate was accepted", - NE_SSL_EXPIRED, - "certificate has expired")); + CALL(fail_ssl_request(c, c, "localhost", + "expired certificate was accepted", NE_SSL_EXPIRED)); ne_free(c); return OK; } @@ -888,10 +828,9 @@ static int fail_expired(void) static int fail_notvalid(void) { char *c = ne_concat(srcdir, "/notvalid.pem", NULL); - CALL(fail_ssl_request_with_error(c, c, "localhost", - "not yet valid certificate was accepted", - NE_SSL_NOTYETVALID, - "certificate is not yet valid")); + CALL(fail_ssl_request(c, c, "localhost", + "not yet valid certificate was accepted", + NE_SSL_NOTYETVALID)); ne_free(c); return OK; } @@ -900,9 +839,8 @@ static int fail_notvalid(void) * fail with UNTRUSTED. */ static int fail_untrusted_ca(void) { - return fail_ssl_request_with_error("server.cert", NULL, "localhost", - "untrusted CA.", NE_SSL_UNTRUSTED, - "issuer is not trusted"); + return fail_ssl_request("server.cert", NULL, "localhost", + "untrusted CA.", NE_SSL_UNTRUSTED); } static int fail_self_signed(void) @@ -949,26 +887,6 @@ static int fail_bad_urialtname(void) "bad URI altname cert", NE_SSL_IDMISMATCH); } -static int fail_wildcard(void) -{ - return fail_ssl_request("altname9.cert", CA_CERT, "localhost", - "subjaltname not honored", NE_SSL_IDMISMATCH); -} - -static int fail_ca_expired(void) -{ - return fail_ssl_request_with_error("ca1server.cert", "ca1/cert.pem", - "localhost", "issuer ca expired", - NE_SSL_BADCHAIN, - "bad certificate chain"); -} - -static int fail_ca_notyetvalid(void) -{ - return fail_ssl_request("ca3server.cert", "ca3/cert.pem", "localhost", - "issuer ca not yet valid", NE_SSL_BADCHAIN); -} - /* Test that the SSL session is cached across connections. */ static int session_cache(void) { @@ -1431,7 +1349,7 @@ static int cert_identities(void) static int nulcn_identity(void) { - ne_ssl_certificate *cert = ne_ssl_cert_read(nul_cn_fn); + ne_ssl_certificate *cert = ne_ssl_cert_read("nulcn.pem"); const char *id, *expected = "www.bank.com\\x00.badguy.com"; ONN("could not read nulcn.pem", cert == NULL); @@ -1766,7 +1684,8 @@ static int pkcs11_pin(void *userdata, int attempt, } } -static int nss_pkcs11_test(const char *dbname) +/* Test that the on-demand client cert provider callback is used. */ +static int pkcs11(void) { ne_session *sess = DEFSESS; struct ssl_server_args args = {SERVER_CERT, NULL}; @@ -1775,12 +1694,12 @@ static int nss_pkcs11_test(const char *dbname) args.require_cc = 1; - if (access(dbname, R_OK|X_OK)) { + if (access("nssdb", R_OK|X_OK)) { t_warning("NSS required for PKCS#11 testing"); return SKIP; } - ret = ne_ssl_pkcs11_nss_provider_init(&prov, "softokn3", dbname, NULL, + ret = ne_ssl_pkcs11_nss_provider_init(&prov, "softokn3", "nssdb/", NULL, NULL, NULL); if (ret) { if (ret == NE_PK11_NOTIMPL) @@ -1791,24 +1710,16 @@ static int nss_pkcs11_test(const char *dbname) } ne_ssl_pkcs11_provider_pin(prov, pkcs11_pin, "foobar"); + ne_ssl_set_pkcs11_provider(sess, prov); - ret = any_ssl_request(sess, ssl_server, &args, CA_CERT, NULL, NULL); + CALL(any_ssl_request(sess, ssl_server, &args, CA_CERT, + NULL, NULL)); ne_session_destroy(sess); ne_ssl_pkcs11_provider_destroy(prov); - return ret; -} - -static int pkcs11(void) -{ - return nss_pkcs11_test("nssdb"); -} - -static int pkcs11_dsa(void) -{ - return nss_pkcs11_test("nssdb-dsa"); + return OK; } /* TODO: code paths still to test in cert verification: @@ -1848,7 +1759,6 @@ ne_test tests[] = { T(empty_truncated_eof), T(fail_not_ssl), T(cache_cert), - T(intermediary), T(client_cert_pkcs12), T(ccert_unencrypted), @@ -1863,7 +1773,6 @@ ne_test tests[] = { T(no_verify), T(cache_verify), T(wildcard_match), - T(wildcard_match_altname), T(caseless_match), T(subject_altname), @@ -1885,9 +1794,6 @@ ne_test tests[] = { T(fail_host_ipaltname), T(fail_bad_ipaltname), T(fail_bad_urialtname), - T(fail_wildcard), - T(fail_ca_notyetvalid), - T(fail_ca_expired), T(nulcn_identity), T(fail_nul_cn), @@ -1904,7 +1810,6 @@ ne_test tests[] = { T(nonssl_trust), T(pkcs11), - T_XFAIL(pkcs11_dsa), /* unclear why this fails currently. */ T(NULL) }; diff --git a/test/string-tests.c b/test/string-tests.c index 75b22a5..5f178de 100644 --- a/test/string-tests.c +++ b/test/string-tests.c @@ -1,6 +1,6 @@ /* String handling tests - Copyright (C) 2001-2007, 2009, Joe Orton <joe@manyfish.co.uk> + Copyright (C) 2001-2007, Joe Orton <joe@manyfish.co.uk> This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -610,45 +610,6 @@ static int buf_print(void) return OK; } -static int qappend(void) -{ - static const struct { - const char *in; - size_t inlen; - const char *out; - } ts[] = { - { "", 0, "" }, - { "a", 1, "a" }, - { "b", 2, "b\\x00" }, - { "alpha\0alpha", 11, "alpha\\x00alpha" }, - { "a\tb", 3, "a\\x09b" }, - { NULL } - }; - unsigned n; - - for (n = 0; ts[n].in; n++) { - ne_buffer *buf = ne_buffer_create(); - char *s; - const unsigned char *in = (const unsigned char *)ts[n].in; - - ne_buffer_qappend(buf, in, ts[n].inlen); - - ONCMP(buf->data, ts[n].out); - - ONV(strlen(buf->data) + 1 != buf->used, - ("bad buffer length for '%s': %" NE_FMT_SIZE_T, - ts[n].out, buf->used)); - - s = ne_strnqdup(in, ts[n].inlen); - - ONCMP(s, ts[n].out); - - ne_free(s); - ne_buffer_destroy(buf); - } - - return OK; -} ne_test tests[] = { T(simple), @@ -677,7 +638,6 @@ ne_test tests[] = { T(casecmp), T(casencmp), T(buf_print), - T(qappend), T(NULL) }; diff --git a/test/util-socks.c b/test/util-socks.c deleted file mode 100644 index a055bf5..0000000 --- a/test/util-socks.c +++ /dev/null @@ -1,294 +0,0 @@ -/* - SOCKS server utils. - Copyright (C) 2008, 2009, Joe Orton <joe@manyfish.co.uk> - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "config.h" - -#include <sys/types.h> - -#ifdef HAVE_STDLIB_H -#include <stdlib.h> -#endif -#ifdef HAVE_STRING_H -#include <string.h> -#endif -#include <time.h> /* for time() */ - -#include "ne_socket.h" -#include "ne_utils.h" -#include "ne_alloc.h" - -#include "child.h" -#include "tests.h" -#include "utils.h" - -#define V5_METH_NONE 0x00 -#define V5_METH_AUTH 0x02 -#define V5_ADDR_IPV4 0x01 -#define V5_ADDR_FQDN 0x03 -#define V5_ADDR_IPV6 0x04 - -static int read_socks_string(ne_socket *sock, const char *ctx, - unsigned char *buf, unsigned int *olen) -{ - unsigned char len; - ssize_t ret; - - ret = ne_sock_read(sock, (char *)&len, 1); - ONV(ret != 1, ("%s length read failed: %s", ctx, ne_sock_error(sock))); - - ONV(len == 0, ("%s gave zero-length string", ctx)); - - ret = ne_sock_fullread(sock, (char *)buf, len); - ONV(ret != 0, ("%s string read failed, got %" NE_FMT_SSIZE_T - " bytes (%s)", ctx, ret, ne_sock_error(sock))); - - *olen = len; - - return OK; -} - -static int read_socks_byte(ne_socket *sock, const char *ctx, - unsigned char *buf) -{ - ONV(ne_sock_read(sock, (char *)buf, 1) != 1, - ("%s byte read failed: %s", ctx, ne_sock_error(sock))); - return OK; -} - -static int expect_socks_byte(ne_socket *sock, const char *ctx, - unsigned char c) -{ - unsigned char b; - - CALL(read_socks_byte(sock, ctx, &b)); - - ONV(b != c, ("%s got byte %hx not %hx", ctx, b, c)); - - return OK; -} - -static int read_socks_0string(ne_socket *sock, const char *ctx, - unsigned char *buf, unsigned *len) -{ - unsigned char *end = buf + *len, *p = buf; - - while (p < end) { - CALL(read_socks_byte(sock, "NUL-terminated string read", p)); - - if (*p == '\0') - break; - p++; - - } - - *len = p - buf; - - return OK; -} - -int socks_server(ne_socket *sock, void *userdata) -{ - struct socks_server *srv = userdata; - unsigned char buf[1024]; - unsigned int len, port, version; - unsigned char atype; - ssize_t ret; - - version = srv->version == NE_SOCK_SOCKSV5 ? 5 : 4; - - ne_sock_read_timeout(sock, 5); - - CALL(expect_socks_byte(sock, "client version", version)); - - if (version != 5) { - unsigned char raw[16]; - - CALL(expect_socks_byte(sock, "v4 command", 0x01)); - - ret = ne_sock_fullread(sock, (char *)buf, 6); - ONV(ret != 0, - ("v4 address read failed with %" NE_FMT_SSIZE_T - " (%s)", ret, ne_sock_error(sock))); - - ONN("bad v4A bogus address", - srv->version == NE_SOCK_SOCKSV4A && srv->expect_addr == NULL - && memcmp(buf + 2, "\0\0\0", 3) != 0 && buf[6] != 0); - - if (srv->expect_addr) { - ONN("v4 address mismatch", - memcmp(ne_iaddr_raw(srv->expect_addr, raw), buf + 2, 4) != 0); - } - - port = (buf[0] << 8) | buf[1]; - ONV(port != srv->expect_port, - ("got bad v4 port %u, expected %u", port, srv->expect_port)); - - len = sizeof buf; - CALL(read_socks_0string(sock, "v4 username read", buf, &len)); - - ONV(srv->username == NULL && len, ("unexpected v4 username %s", buf)); - ONV(srv->username && !len, - ("no v4 username given, expected %s", srv->username)); - ONV(srv->username && len && strcmp(srv->username, (char *)buf), - ("bad v4 username, expected %s got %s", srv->username, buf)); - - if (srv->expect_addr == NULL) { - len = sizeof buf; - CALL(read_socks_0string(sock, "v4A hostname read", buf, &len)); - ONV(strcmp(srv->expect_fqdn, (char *)buf) != 0, - ("bad v4A hostname: %s not %s", buf, srv->expect_fqdn)); - } - - CALL(full_write(sock, "\x00\x5A" - "\x00\x00" "\x00\x00\x00\x00" - "ok!\n", 12)); - - return srv->server(sock, srv->userdata); - } - - CALL(read_socks_string(sock, "client method list", buf, &len)); - - if (srv->failure == fail_init_vers) { - CALL(full_write(sock, "\x01\x02", 2)); - return OK; - } - else if (srv->failure == fail_init_close) { - return OK; - } - else if (srv->failure == fail_init_trunc) { - CALL(full_write(sock, "\x05", 1)); - return OK; - } - else if (srv->failure == fail_no_auth) { - CALL(full_write(sock, "\x05\xff", 2)); - return OK; - } - else if (srv->failure == fail_bogus_auth) { - CALL(full_write(sock, "\x05\xfe", 2)); - return OK; - } - - ONN("client did not advertise no-auth method", - memchr(buf, V5_METH_NONE, len) == NULL); - - if (srv->username) { - int match = 0; - - ONN("client did not advertise authn method", - memchr(buf, V5_METH_AUTH, len) == NULL); - - CALL(full_write(sock, "\x05\x02", 2)); - - CALL(expect_socks_byte(sock, "client auth version", 0x01)); - - CALL(read_socks_string(sock, "client username", buf, &len)); - - match = len == strlen(srv->username) - && memcmp(buf, srv->username, len) == 0; - - CALL(read_socks_string(sock, "client password", buf, &len)); - - match = match && len == strlen(srv->password) - && memcmp(buf, srv->password, len) == 0; - - if (srv->failure == fail_auth_close) { - return OK; - } - - if (match && srv->failure != fail_auth_denied) { - CALL(full_write(sock, "\x01\x00", 2)); - } - else { - CALL(full_write(sock, "\x01\x01", 2)); - } - - if (srv->failure == fail_auth_denied) { - return OK; - } - } - else { - CALL(full_write(sock, "\x05\x00", 2)); - } - - CALL(expect_socks_byte(sock, "command version", version)); - - CALL(expect_socks_byte(sock, "command number", 0x01)); - CALL(read_socks_byte(sock, "reserved byte", buf)); - - CALL(read_socks_byte(sock, "address type", &atype)); - - ONN("bad address type byte", - (atype != V5_ADDR_IPV4 && atype != V5_ADDR_IPV6 - && atype != V5_ADDR_FQDN)); - - if (atype == V5_ADDR_FQDN) { - ONN("unexpected FQDN from client", srv->expect_fqdn == NULL); - CALL(read_socks_string(sock, "read FQDN", buf, &len)); - ONV(len != strlen(srv->expect_fqdn) - || memcmp(srv->expect_fqdn, buf, len) != 0, - ("FQDN mismatch: %.*s not %s", len, buf, - srv->expect_fqdn)); - } - else { - unsigned char raw[16]; - - ONN("unexpected IP literal from client", srv->expect_addr == NULL); - - ONV((atype == V5_ADDR_IPV4 - && ne_iaddr_typeof(srv->expect_addr) != ne_iaddr_ipv4) - || (atype == V5_ADDR_IPV6 - && ne_iaddr_typeof(srv->expect_addr) != ne_iaddr_ipv6), - ("address type mismatch: %hx not %d", - atype, ne_iaddr_typeof(srv->expect_addr))); - - len = atype == V5_ADDR_IPV4 ? 4 : 16; - ret = ne_sock_fullread(sock, (char *)buf, len); - ONV(ret != 0, - ("address read failed with %" NE_FMT_SSIZE_T - " (%s)", ret, ne_sock_error(sock))); - - ne_iaddr_raw(srv->expect_addr, raw); - - ONN("address mismatch", memcmp(raw, buf, len) != 0); - } - - CALL(read_socks_byte(sock, "port high byte", buf)); - CALL(read_socks_byte(sock, "port low byte", buf + 1)); - - port = (buf[0] << 8) | buf[1]; - ONV(port != srv->expect_port, - ("got bad port %u, expected %u", port, srv->expect_port)); - - { - static const char msg[] = - "\x05\x00\x00" - "\x01" "\x00\x00\x00\x00" - "\x00\x00" - "ok!\n"; - - if (srv->say_hello) - CALL(full_write(sock, msg, 14)); - else - CALL(full_write(sock, msg, 10)); - } - - - return srv->server(sock, srv->userdata); -} diff --git a/test/utils.c b/test/utils.c index cda4cc9..74406bc 100644 --- a/test/utils.c +++ b/test/utils.c @@ -171,12 +171,3 @@ int serve_infinite(ne_socket *sock, void *ud) return OK; } - -int full_write(ne_socket *sock, const char *data, size_t len) -{ - int ret = ne_sock_fullwrite(sock, data, len); - NE_DEBUG(NE_DBG_SOCKET, "wrote: [%.*s]\n", (int)len, data); - ONV(ret, ("write failed (%d): %s", ret, ne_sock_error(sock))); - return OK; -} - diff --git a/test/utils.h b/test/utils.h index d384faf..7e2a6bc 100644 --- a/test/utils.h +++ b/test/utils.h @@ -83,31 +83,4 @@ struct infinite { * ->header and then loops sending ->repeat forever. */ int serve_infinite(ne_socket *sock, void *ud); -/* SOCKS server stuff. */ -struct socks_server { - enum ne_sock_sversion version; - enum socks_failure { - fail_none = 0, - fail_init_vers, - fail_init_close, - fail_init_trunc, - fail_no_auth, - fail_bogus_auth, - fail_auth_close, - fail_auth_denied - } failure; - unsigned int expect_port; - ne_inet_addr *expect_addr; - const char *expect_fqdn; - const char *username; - const char *password; - int say_hello; - server_fn server; - void *userdata; -}; - -int socks_server(ne_socket *sock, void *userdata); - -int full_write(ne_socket *sock, const char *data, size_t len); - #endif /* UTILS_H */ |