------------------------------------------------------------------------
r1843 | joe | 2011-05-03 13:15:08 +0100 (Tue, 03 May 2011) | 1 line

Tag release 0.29.6.
------------------------------------------------------------------------
r1842 | joe | 2011-05-03 13:14:56 +0100 (Tue, 03 May 2011) | 2 lines

* macros/neon.m4: Bump to .6.

------------------------------------------------------------------------
r1841 | joe | 2011-05-03 13:09:46 +0100 (Tue, 03 May 2011) | 2 lines

* NEWS: Tweak ordering.

------------------------------------------------------------------------
r1840 | joe | 2011-05-03 13:09:18 +0100 (Tue, 03 May 2011) | 2 lines

* More news.

------------------------------------------------------------------------
r1839 | joe | 2011-05-03 13:07:08 +0100 (Tue, 03 May 2011) | 22 lines

Merge r1836, r1837, r1838 from trunk:

* src/ne_gnutls.c (ne__ssl_init): Fix for GnuTLS with Nettle.

* src/ne_auth.c (get_cnonce): Likewise.

Submitted by: Arfrever Frehtes Taifersar Arahesis <arfrever.fta gmail.com>

* src/ne_auth.c
  (ah_post_send): Clear SSPI context only after successful authentication.

Submitted by: Ivan Zhakov <ivan visualsvn.com>

Fix some errors flagged by a Coverity scan:

* src/ne_auth.c (verify_negotiate_response): Check for NULL pointer.

* src/ne_gnutls.c (check_certificate): Initiatialize 'failures'.
  (pkcs12_parse): Check for _crt_init failure.

* src/ne_session.c (ne__ssl_set_verify_err): Pass size-1 to strncat.

------------------------------------------------------------------------
r1835 | joe | 2011-03-01 13:28:28 +0000 (Tue, 01 Mar 2011) | 2 lines

* NEWS: Update.

------------------------------------------------------------------------
r1834 | joe | 2011-03-01 13:26:04 +0000 (Tue, 01 Mar 2011) | 6 lines

Merge r1833 from trunk:

* src/ne_request.c (ne_request_create): Pass copied method to
  pre_send hooks to avoid lifetime issues (Patrick Ohly).


------------------------------------------------------------------------
r1832 | joe | 2010-11-11 12:32:11 +0000 (Thu, 11 Nov 2010) | 2 lines

* macros/neon.m4: Really bump to -dev.

------------------------------------------------------------------------
r1831 | joe | 2010-11-11 12:31:39 +0000 (Thu, 11 Nov 2010) | 2 lines

* macros/neon.m4, NEWS: Bump to .6-dev.

------------------------------------------------------------------------
r1830 | joe | 2010-11-11 12:29:51 +0000 (Thu, 11 Nov 2010) | 5 lines

Merge r1827 from trunk:

* doc/ref/iaddr.xml: Update ne_iaddr_* docs.


------------------------------------------------------------------------
r1829 | joe | 2010-11-11 12:26:45 +0000 (Thu, 11 Nov 2010) | 7 lines

Merge r1828 from trunk:

* src/ne_gnutls.c (provide_client_cert): Return success with no cert
  if no cert is available; match behaviour with OpenSSL.  Thanks to
  Patrick Ohly.


------------------------------------------------------------------------
r1825 | joe | 2010-10-14 16:04:44 +0100 (Thu, 14 Oct 2010) | 2 lines

* NEWS: Tweak.

------------------------------------------------------------------------
r1824 | joe | 2010-10-14 16:03:02 +0100 (Thu, 14 Oct 2010) | 2 lines

* NEWS: Update with GnuTLS fix.

------------------------------------------------------------------------
r1823 | joe | 2010-10-14 16:02:41 +0100 (Thu, 14 Oct 2010) | 10 lines

Merge r1818 from trunk:

* test/socket.c (addr_reverse) [HAVE_GETHOSTNAME]: Accept system
  hostname as reverse of 127.0.0.1.

* macros/neon-test.m4 (NEON_TEST): Check for gethostname().

Submitted by: joe
Reviewed by: jorton

------------------------------------------------------------------------
r1822 | joe | 2010-10-14 16:01:53 +0100 (Thu, 14 Oct 2010) | 2 lines

* NEWS, macros/neon.m4: Prepare for 0.29.5.

------------------------------------------------------------------------
r1821 | joe | 2010-10-14 16:00:53 +0100 (Thu, 14 Oct 2010) | 6 lines

Merge r1797 from trunk:

* src/ne_auth.c: Add handling of 2xx responses in SSPI code.
(Danil Shopyrin <danil visualsvn.com>)


------------------------------------------------------------------------
r1820 | joe | 2010-10-09 17:07:17 +0100 (Sat, 09 Oct 2010) | 6 lines

Merge r1819 from trunk:

* src/ne_socket.c (ne_sock_connect_ssl): Ignore TLS warnings
  during handshake (Bryan Cain).


------------------------------------------------------------------------
r1816 | joe | 2010-10-01 13:00:02 +0100 (Fri, 01 Oct 2010) | 2 lines

* po/: make update-po.

------------------------------------------------------------------------
r1814 | joe | 2010-09-28 13:02:37 +0100 (Tue, 28 Sep 2010) | 2 lines

* NEWS: Update.

------------------------------------------------------------------------
r1813 | joe | 2010-09-28 13:00:48 +0100 (Tue, 28 Sep 2010) | 10 lines

Merge r1811 from trunk:

* src/ne_session.c (ne__ssl_match_hostname): Deny a wildcard match
  against anything which parses as an IP address.

* test/ssl.c (fail_wildcard_ip): Add test case.

* test/makekeys.sh: Generate test wildcard IP cert.


------------------------------------------------------------------------
r1812 | joe | 2010-09-28 12:57:26 +0100 (Tue, 28 Sep 2010) | 8 lines

Merge r1809 from trunk:

* src/ne_request.c (open_connection): If SOCKS proxy fails, set return
  value to NE_ERROR.

* test/request.c (socks_fail): Add test case.


------------------------------------------------------------------------
r1808 | joe | 2010-09-22 21:42:08 +0100 (Wed, 22 Sep 2010) | 2 lines

* NEWS: Update for 0.29.4.

------------------------------------------------------------------------
r1807 | joe | 2010-09-22 20:33:36 +0100 (Wed, 22 Sep 2010) | 9 lines

Merge r1801 from trunk:

* src/ne_request.c (body_fd_send): Handle read() errors; thanks to Lou
  Montulli.

* test/request.c (serve_mirror, send_length): Add test case.

* test/Makefile.in (foobar.txt): Create test file.

------------------------------------------------------------------------
r1806 | joe | 2010-09-22 20:25:52 +0100 (Wed, 22 Sep 2010) | 8 lines

Merge r1802, r1805 from trunk:

* macros/neon.m4 (NE_CHECK_FUNCS): Fix AI_ADDRCONFIG detection.

* src/ne_auth.c (ah_post_send): Always clear the SSPI context.
(Danil Shopyrin)


------------------------------------------------------------------------
r1800 | joe | 2010-05-05 09:13:00 +0100 (Wed, 05 May 2010) | 5 lines

Merge r1794 from trunk:

* src/ne_session.c (ne_session_create): Fix to enable SNI by default again.
  (Tobias Gruetzmacher)

------------------------------------------------------------------------
r1796 | joe | 2010-03-29 10:19:04 +0100 (Mon, 29 Mar 2010) | 9 lines

Merge r1792, r1793, r1795 from trunk:

* src/ne_request.c (do_connect): Tweak debugging.

* doc/ref/: Fix some refpurposes.

* doc/ref/reqflags.xml: Doc tweak.


------------------------------------------------------------------------
r1790 | joe | 2010-02-08 09:52:54 +0000 (Mon, 08 Feb 2010) | 2 lines

* macros/neon-test.m4: Test for signal.h

------------------------------------------------------------------------
r1787 | joe | 2010-01-11 22:59:31 +0000 (Mon, 11 Jan 2010) | 2 lines

* macros/neon.m4, NEWS: Missed a backport :(

------------------------------------------------------------------------
r1786 | joe | 2010-01-11 22:57:34 +0000 (Mon, 11 Jan 2010) | 6 lines

Merge r1777 from trunk:

* src/ne_defs.h: Only define NE_PRIVATE if undefined.

* configure.in: Define NE_PRIVATE to 'extern' for a static build.

------------------------------------------------------------------------
r1784 | joe | 2010-01-11 20:21:21 +0000 (Mon, 11 Jan 2010) | 2 lines

* macros/neon.m4: Bump to 0.29.3.

------------------------------------------------------------------------
r1783 | joe | 2010-01-11 20:21:06 +0000 (Mon, 11 Jan 2010) | 2 lines

* NEWS: Tweaks.

------------------------------------------------------------------------
r1782 | joe | 2010-01-11 10:40:42 +0000 (Mon, 11 Jan 2010) | 2 lines

* NEWS: Document ne_sock_close() changes.

------------------------------------------------------------------------
r1781 | joe | 2010-01-11 10:36:14 +0000 (Mon, 11 Jan 2010) | 8 lines

Merge r1780 from trunk:

* src/ne_socket.c (ne_sock_close): Do not wait for the peer's
  close_notify alert with either GnuTLS or OpenSSL.
  [HAVE_GNUTLS]: Fix memory leak: free the session object.

* src/ne_socket.h (ne_sock_close): Clarify close_notify handling.

------------------------------------------------------------------------
r1775 | joe | 2009-12-30 21:31:55 +0000 (Wed, 30 Dec 2009) | 2 lines

* po/: make update-po.

------------------------------------------------------------------------
r1774 | joe | 2009-12-30 21:31:30 +0000 (Wed, 30 Dec 2009) | 2 lines

* macros/neon.m4: Bump version.

------------------------------------------------------------------------
r1773 | joe | 2009-12-30 21:30:55 +0000 (Wed, 30 Dec 2009) | 2 lines

* NEWS: 0.29.2 news.

------------------------------------------------------------------------
r1772 | joe | 2009-12-30 21:29:30 +0000 (Wed, 30 Dec 2009) | 10 lines

Merge r1748 from trunk:

Clear sspi_token buffer after each request.

* src/ne_auth.c (request_sspi): Return NULL if sspi_token is not present.

* src/ne_auth.c (ah_post_send): Clear the buffered sspi_token.

Submitted by: Danil Shopyrin <danil visualsvn.com>

------------------------------------------------------------------------
r1771 | joe | 2009-12-30 21:28:48 +0000 (Wed, 30 Dec 2009) | 7 lines

Merge r1770 from trunk:

* src/ne_openssl.c (verify_callback): Handle OpenSSL error code
  X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT as an untrusted cert.

Submitted by: Tom C <tomc.neon pnl.gov>

------------------------------------------------------------------------
r1767 | joe | 2009-12-15 22:24:26 +0000 (Tue, 15 Dec 2009) | 2 lines

* po/: make update-po.

------------------------------------------------------------------------
r1753 | joe | 2009-12-14 20:45:16 +0000 (Mon, 14 Dec 2009) | 2 lines

* macros/neon.m4, NEWS: Prepare for 0.29.1.

------------------------------------------------------------------------
r1751 | joe | 2009-12-02 21:40:41 +0000 (Wed, 02 Dec 2009) | 4 lines

Merge r1750 from trunk:

* src/ne_gnutls.c (map_verify_failures): Fix build for GnuTLS < 2.8.

------------------------------------------------------------------------
r1749 | joe | 2009-12-02 21:27:34 +0000 (Wed, 02 Dec 2009) | 13 lines

Merge r1739, r1744, r1746, r1747 from trunk:

* config.hw.in: Fix socklen_t with recent SDKs, thanks to Stefan Kung.

* src/ne_socket.c: Fixed 'missing symbol' win2k runtime problem.

* src/ne_ntlm.c (ne__ntlm_authenticate)
* src/ne_auth.c (ntlm_challenge):
  In case of session timeout, do not call auth callback; use
  existing credentials.

* src/ne_ntlm.c (mkhash): Fix buffer overflow (basic@mozdev.org).

------------------------------------------------------------------------
r1743 | joe | 2009-10-25 11:25:24 +0000 (Sun, 25 Oct 2009) | 5 lines

Merge r1742 from trunk:

* src/ne_session.c (ne_session_create): Only enable SNI by default if
  the server hostname does not parse as a numeric IP address.

------------------------------------------------------------------------
r1740 | joe | 2009-09-26 20:58:08 +0100 (Sat, 26 Sep 2009) | 9 lines

Merge r1738, r1739 from trunk:

* src/ne_socket.c (ne_iaddr_parse): Fix Win32 build for both
  USE_GETADDRINFO and !USE_GETADDRINFO cases.

* config.hw.in: Fix socklen_t with recent SDKs, thanks to Stefan Kung.

Reviewed by: jorton

------------------------------------------------------------------------
r1735 | joe | 2009-09-13 13:12:27 +0100 (Sun, 13 Sep 2009) | 2 lines

* macros/neon.m4: Don't ABI-tag LFS builds.

------------------------------------------------------------------------
r1733 | joe | 2009-09-13 12:57:58 +0100 (Sun, 13 Sep 2009) | 2 lines

* po/: make update-po.

------------------------------------------------------------------------
r1732 | joe | 2009-09-13 12:57:18 +0100 (Sun, 13 Sep 2009) | 2 lines

* test/ssl.c (simple_sslv2): Skip better.

------------------------------------------------------------------------
r1731 | joe | 2009-09-13 12:56:25 +0100 (Sun, 13 Sep 2009) | 2 lines

* test/ssl.c (simple_sslv2): Skip for OpenSSL.

------------------------------------------------------------------------
r1730 | joe | 2009-09-13 12:56:10 +0100 (Sun, 13 Sep 2009) | 2 lines

* macros/neon.m4: Prep for 0.29.0.

------------------------------------------------------------------------
r1729 | joe | 2009-09-13 12:43:01 +0100 (Sun, 13 Sep 2009) | 2 lines

* NEWS: Tweak wording.

------------------------------------------------------------------------
r1728 | joe | 2009-09-13 12:41:22 +0100 (Sun, 13 Sep 2009) | 2 lines

* NEWS: Note OpenSSL 1.0 beta build fix.

------------------------------------------------------------------------
r1727 | joe | 2009-09-13 12:40:59 +0100 (Sun, 13 Sep 2009) | 5 lines

Merge r1726 from trunk:

* src/ne_socket.c (ne_sock_close) [HAVE_OPENSSL]: Ensure SSL
  connection is shut down cleanly.

------------------------------------------------------------------------
r1725 | joe | 2009-09-13 12:26:52 +0100 (Sun, 13 Sep 2009) | 10 lines

Merge r1724 from trunk:

* src/ne_openssl.c: Include opensslv.h.
  (SSL_SESSION_cmp): Define if not available, for OpenSSL >= 1.0.

* src/ne_socket.c (ne_sock_accept_ssl): Add debug log output if
  session is resumed.

* macros/neon.m4 (NEON_SSL): Check for SSL_SESSION_cmp.

------------------------------------------------------------------------
r1723 | joe | 2009-09-04 08:36:26 +0100 (Fri, 04 Sep 2009) | 6 lines

Merge r1722 from trunk:

* Makefile.in, README: Collect copyright notices from po/*.

* po/: Update copyright notices.

------------------------------------------------------------------------
r1721 | joe | 2009-09-04 08:29:23 +0100 (Fri, 04 Sep 2009) | 2 lines

* po/pl.po, NEWS: Update Polish translation (Arfrever Frehtes Taifersar Arahesis).

------------------------------------------------------------------------
r1720 | joe | 2009-09-04 08:27:49 +0100 (Fri, 04 Sep 2009) | 2 lines

* NEWS: Update.

------------------------------------------------------------------------
r1717 | joe | 2009-09-02 21:44:08 +0100 (Wed, 02 Sep 2009) | 2 lines

* po/: make update-po.

------------------------------------------------------------------------
r1716 | joe | 2009-09-02 21:43:09 +0100 (Wed, 02 Sep 2009) | 2 lines

* NEWS: Update.

------------------------------------------------------------------------
r1715 | joe | 2009-09-02 21:29:42 +0100 (Wed, 02 Sep 2009) | 10 lines

Merge r1713, r1714 from trunk:

* src/ne_request.c (socks_origin_lookup): New function.
  (open_connection): Use it to fix support for SOCKSv4 servers.

* test/request.c (socks_v4_proxy): Add test case.

* macros/neon.m4 (LIBNEON_SOURCE_CHECKS): Require inet_pton for
  getaddrinfo support.

------------------------------------------------------------------------
r1712 | joe | 2009-09-02 20:43:05 +0100 (Wed, 02 Sep 2009) | 22 lines

Merge r1709, r1710, r1711 from trunk:

* test/util-socks.c (read_socks_0string): Pass through context string.
  (socks_server): Fail for v4 server without expected address.
  Don't write "ok" message for v4 server without say_hello flag.

* src/ne_socket.c (ne_iaddr_parse): New function.
  
* test/socket.c (check_is_raw127): Factored out from addr_make_v4.
  (parse_v4): New function.
  (addr_make_v6): Test ne_iaddr_parse for IPv6 addresses.
  (socks_proxy): Fix for non-v6-enabled builds.

* src/ne_socket.c (ne_iaddr_parse) [!USE_GETADDRINFO]: Fail for IPv6
  addresses.

* test/socket.c (addr_make_v6) [!TEST_IPV6]: Test for failure.

Also:

* src/neon.vers: Add ne_iaddr_parse.

------------------------------------------------------------------------
r1708 | joe | 2009-09-02 15:51:26 +0100 (Wed, 02 Sep 2009) | 2 lines

* macros/neon.m4: Set libtool versions as backwards-compat to 0.27.x.

------------------------------------------------------------------------
r1707 | joe | 2009-09-02 15:50:59 +0100 (Wed, 02 Sep 2009) | 2 lines

* po/: make update-po.

------------------------------------------------------------------------
r1706 | joe | 2009-09-02 15:40:47 +0100 (Wed, 02 Sep 2009) | 2 lines

Branch for 0.29.x.

------------------------------------------------------------------------
r1705 | joe | 2009-09-02 15:40:13 +0100 (Wed, 02 Sep 2009) | 2 lines

* macros/neon.m4: Import from gnulib.

------------------------------------------------------------------------
r1704 | joe | 2009-09-02 15:39:40 +0100 (Wed, 02 Sep 2009) | 5 lines

* configure.in: Use a GNU linker script if supported, to enable
  symbol versioning.

* src/neon.vers: Add linker script.

------------------------------------------------------------------------
r1703 | joe | 2009-09-02 15:04:43 +0100 (Wed, 02 Sep 2009) | 5 lines

* src/ne_defs.h: Define NE_PRIVATE.

* src/ne_privssl.h, src/ne_ntlm.h, src/ne_private.h: Mark all
  functions with NE_PRIVATE.

------------------------------------------------------------------------
r1702 | joe | 2009-09-02 14:51:05 +0100 (Wed, 02 Sep 2009) | 2 lines

* NEWS: Update.

------------------------------------------------------------------------
r1701 | joe | 2009-09-01 21:49:56 +0100 (Tue, 01 Sep 2009) | 12 lines

Minor cleanups to NTLM code:

* src/ne_ntlm.c:  Rename ne_ntlm_* to ne__ntlm_*.
  (mkhash): Use ne_malloc/ne_free.  Avoid shadowing MD4 global.
  (ne_output_ntlm): Use ne_snprintf; cast size to size_t.
  (ne__ntlm_create_context): Return context pointer, don't fail.
  (ne__ntlm_destroy_context): Remove error path.
  (ne__ntlm_getRequestToken): Reflow.
  (ne_ntlm_clear_context): Remove noop function.

* src/ne_ntlm.h, src/ne_auth.c: Adjust accordingly.

------------------------------------------------------------------------
r1700 | joe | 2009-09-01 21:13:12 +0100 (Tue, 01 Sep 2009) | 7 lines

Split NE_AUTH_NEGOTIATE into NE_AUTH_GSSAPI and NE_AUTH_NTLM:

* src/ne_auth.h (NE_AUTH_GSSAPI, NE_AUTH_NTLM): New constants.

* src/ne_auth.c (auth_register): Map NE_AUTH_NEGOTIATE into
  NE_AUTH_GSSAPI | NE_AUTH_NTLM.

------------------------------------------------------------------------
r1699 | joe | 2009-09-01 16:09:13 +0100 (Tue, 01 Sep 2009) | 3 lines

* src/ne_auth.c (digest_challenge): Simpler check for initial 
  challenge.

------------------------------------------------------------------------
r1698 | joe | 2009-09-01 15:56:59 +0100 (Tue, 01 Sep 2009) | 2 lines

* macros/neon.m4 (NEON_SSL): Define NTLM for OpenSSL builds.

------------------------------------------------------------------------
r1697 | joe | 2009-09-01 15:56:18 +0100 (Tue, 01 Sep 2009) | 2 lines

* src/Makefile.in: Build ne_ntlm.c.

------------------------------------------------------------------------
r1696 | joe | 2009-09-01 15:44:59 +0100 (Tue, 01 Sep 2009) | 2 lines

* src/ne_auth.c: Whitespace changes.

------------------------------------------------------------------------
r1695 | joe | 2009-09-01 15:27:20 +0100 (Tue, 01 Sep 2009) | 2 lines

* NEWS: Update.

------------------------------------------------------------------------
r1694 | joe | 2009-09-01 15:27:02 +0100 (Tue, 01 Sep 2009) | 2 lines

* README: Remove dupe.

------------------------------------------------------------------------
r1693 | joe | 2009-09-01 15:26:32 +0100 (Tue, 01 Sep 2009) | 9 lines

Fix handling of stale=true in a RFC2069-style Digest challenge:

* src/ne_auth.c (digest_challenge): Relax check for stale=true to cover
  2069-style Digest auth.

* test/auth.c (make_digest_header, digest_failure): Check for
  handling of stale=true with 2069 Digest.


------------------------------------------------------------------------
r1692 | joe | 2009-08-19 14:19:41 +0100 (Wed, 19 Aug 2009) | 2 lines

* doc/security.xml: Wording fix.

------------------------------------------------------------------------
r1687 | joe | 2009-08-18 15:18:53 +0100 (Tue, 18 Aug 2009) | 12 lines

Security fix for CVE-2009-2473: prevent the "billion laughs" attack
against expat:

* src/ne_xml.c (ne_xml_create) [HAVE_EXPAT]: Register entity
  decl handler.
  [HAVE_LIBXML]: Use xmlCtxtUseOptions interface.
  (entity_declaration): New function.

* test/xml.c (fail_parse): Add billion laughs test case.

* test/run.sh: Limit run-time CPU use to 120 seconds.

------------------------------------------------------------------------
r1686 | joe | 2009-08-18 14:50:29 +0100 (Tue, 18 Aug 2009) | 2 lines

* test/ssl.c (fail_nul_*): Fix for VPATH builds.

------------------------------------------------------------------------
r1681 | joe | 2009-08-18 14:12:29 +0100 (Tue, 18 Aug 2009) | 27 lines

Security fix for CVE-2009-2474, handling of "NUL" bytes in certificate
names:

* src/ne_private.h (ne__ssl_match_hostname): Take cn len, make cn
  const.

* src/ne_session.c (ne__ssl_match_hostname): Drop handling of
  unqualified hostnames; check CN length matches.

* src/ne_gnutls.c (check_identity): Adjust accordingly.

* src/ne_openssl.c (append_dirstring): Use a quoted append for ASCII
  data.  Check for embedded NUL bytes in UTF-8 data.
  (dup_ia5string): Use quoted append.  

* test/ssl.c (struct ssl_server_args): Add key field.
  (ssl_server): Use key field from args.
  (fail_ssl_request_with_error2): Rename from
  fail_ssl_request_with_error, add host, fakehost 
  parameters.
  (fail_ssl_request_with_error): Reimplement using
  fail_ssl_request_with_error2.
  (fail_nul_cn, fail_nul_san, nulcn_identity): New tests.

* test/nulca.pem, test/nulcn.pem, test/nulsan.pem, test/nulsrv.key:
  Add test cases, thanks to Tomas Hoger <thoger redhat.com>.

------------------------------------------------------------------------
r1680 | joe | 2009-08-11 16:50:33 +0100 (Tue, 11 Aug 2009) | 8 lines

* src/ne_string.c (qappend_count, quoted_append): Factor out from
  ne_buffer_qappend.
  (ne_strnqdup): New function.

* src/ne_string.h (ne_strnqdup): New prototype.

* test/string-tests.c (qappend): Test for it.

------------------------------------------------------------------------
r1679 | joe | 2009-08-11 15:15:33 +0100 (Tue, 11 Aug 2009) | 6 lines

* src/ne_string.c (ne_buffer_qappend): New function.

* src/ne_string.h (ne_buffer_qappend): New prototype.

* test/string-tests.c (qappend): New test case.

------------------------------------------------------------------------
r1678 | joe | 2009-08-11 15:08:20 +0100 (Tue, 11 Aug 2009) | 2 lines

* Makefile.in: Avoid dupes in copyright notices.

------------------------------------------------------------------------
r1677 | joe | 2009-08-07 10:54:36 +0100 (Fri, 07 Aug 2009) | 2 lines

* test/openssl.conf: Sign certs using SHA1 since GnuTLS fails MD5-signed certs.

------------------------------------------------------------------------
r1676 | joe | 2009-08-05 14:58:52 +0100 (Wed, 05 Aug 2009) | 6 lines

* src/ne_string.c (ne_buffer_qappend): New function.

* src/ne_string.h (ne_buffer_qappend): New prototype.

* test/string-tests.c (qappend): New test case.

------------------------------------------------------------------------
r1675 | joe | 2009-08-05 14:01:26 +0100 (Wed, 05 Aug 2009) | 2 lines

* src/ne_socket.c (ne_sock_peer): Fix strict-aliasing issue.

------------------------------------------------------------------------
r1671 | joe | 2009-07-02 22:15:24 +0100 (Thu, 02 Jul 2009) | 2 lines

* README: "make update-copyright"

------------------------------------------------------------------------
r1670 | joe | 2009-07-02 22:14:33 +0100 (Thu, 02 Jul 2009) | 3 lines

* src/ne_session.c: Updata copyright notices; Tommi's code
  was long-since replaced.

------------------------------------------------------------------------
r1669 | joe | 2009-07-02 22:12:36 +0100 (Thu, 02 Jul 2009) | 3 lines

* src/ne_openssl.c, src/ne_socket.c: Update copyright notices; 
  Tommi's code was long-since replaced.

------------------------------------------------------------------------
r1668 | joe | 2009-07-02 22:03:44 +0100 (Thu, 02 Jul 2009) | 2 lines

* macros/neon.m4 (NEON_LIBPROXY): Correctly handle --without-libproxy.

------------------------------------------------------------------------
r1667 | joe | 2009-07-02 22:01:16 +0100 (Thu, 02 Jul 2009) | 2 lines

* test/util-socks.c: Remove unnecessary #include.

------------------------------------------------------------------------
r1666 | joe | 2009-07-02 10:07:18 +0100 (Thu, 02 Jul 2009) | 3 lines

* macros/neon.m4 (LIBNEON_SOURCE_CHECKS): Silence warnings with autoconf
  2.6x; use AC_USE_SYSTEM_EXTENSIONS.

------------------------------------------------------------------------
r1665 | joe | 2009-07-02 10:05:48 +0100 (Thu, 02 Jul 2009) | 2 lines

* configure.in: Reorder to prevent autoconf 2.6x warnings.

------------------------------------------------------------------------
r1662 | joe | 2009-06-09 14:30:51 +0100 (Tue, 09 Jun 2009) | 6 lines

* src/ne_socket.c (timed_connect): Only enable O_NONBLOCK if it 
  is not already enabled.
  (ne_sock_connect): Use SOCK_NONBLOCK if available, and
  use of SOCK_CLOEXEC has not previously failed, and a
  connect timeout is configured.

------------------------------------------------------------------------
r1661 | joe | 2009-06-09 11:33:43 +0100 (Tue, 09 Jun 2009) | 2 lines

* README, Makefile.in: Update copyright-notice-collector.

------------------------------------------------------------------------
r1658 | joe | 2009-06-09 11:17:55 +0100 (Tue, 09 Jun 2009) | 3 lines

* src/ne_socket.c (raw_connect): New function.
  (timed_connect): Use it to correctly handle EINTR.

------------------------------------------------------------------------
r1657 | joe | 2009-06-09 11:01:42 +0100 (Tue, 09 Jun 2009) | 2 lines

* src/ne_socket.c (ne_sock_connect): Fix FD_CLOEXEC for !SOCK_CLOEXEC builds.

------------------------------------------------------------------------
r1656 | joe | 2009-06-09 10:54:54 +0100 (Tue, 09 Jun 2009) | 5 lines

* src/ne_socket.c (ne_sock_connect): Fix forward compat with
  new-glibc/ old kernel cases - use SOCK_CLOEXEC only if no previous
  socket() call has failed with EINVAL.  Retry such a failed socket()
  call.

------------------------------------------------------------------------
r1655 | joe | 2009-05-29 15:18:03 +0100 (Fri, 29 May 2009) | 9 lines

* src/ne_session.c (ne__ssl_set_verify_err): Add error strings for
  NE_SSL_BADCHAIN, NE_SSL_REVOKED.

* test/ssl.c (fail_ssl_request_with_error): Renamed from
  fail_ssl_request; take error string and test for it.
  (fail_ssl_request): Reimplment as wrapper for above.
  (fail_expired, fail_wrongCN, fail_untrusted_ca, 
  fail_ca_expired): Use _with_error to test error strings.

------------------------------------------------------------------------
r1654 | joe | 2009-05-29 15:09:21 +0100 (Fri, 29 May 2009) | 3 lines

* src/ne_gnutls.c (ne_ssl_context_create): Enable support for
  X.509v1 CA certs.

------------------------------------------------------------------------
r1653 | joe | 2009-04-30 14:44:52 +0100 (Thu, 30 Apr 2009) | 3 lines

* test/makekeys.sh: Fix to ensure the "bad CAs" do assert the
  CA constraint as true.

------------------------------------------------------------------------
r1652 | joe | 2009-04-30 14:34:20 +0100 (Thu, 30 Apr 2009) | 3 lines

* src/ne_gnutls.c (check_certificate): Correctly check validity times of certs
  within chain.

------------------------------------------------------------------------
r1651 | joe | 2009-04-30 14:19:59 +0100 (Thu, 30 Apr 2009) | 2 lines

* test/ssl.c: Fix typos, no functional change.

------------------------------------------------------------------------
r1650 | kso | 2009-03-26 12:24:32 +0000 (Thu, 26 Mar 2009) | 1 line

initial support for platform-independent NTLM auth
------------------------------------------------------------------------
r1648 | joe | 2009-03-11 13:08:34 +0000 (Wed, 11 Mar 2009) | 3 lines

* macros/neon.m4 (NEON_LIBPROXY): Mark feature as disabled if
built with --without-libproxy.

------------------------------------------------------------------------
r1647 | joe | 2009-03-05 11:49:54 +0000 (Thu, 05 Mar 2009) | 2 lines

* test/uri-tests.c (resolve): Test API guarantee for resolved ->path.

------------------------------------------------------------------------
r1646 | joe | 2009-03-05 11:48:42 +0000 (Thu, 05 Mar 2009) | 2 lines

* src/ne_ssl.h: Improve ne_ssl_clicert_* docs, specify object state.

------------------------------------------------------------------------
r1645 | joe | 2009-03-05 11:48:02 +0000 (Thu, 05 Mar 2009) | 9 lines

Be strict in parsing C-L response header:

* src/ne_request.c (ne_begin_request): Fail for a C-L with trailing
  non-numeric chars, or is an empty string.

* test/request.c (no_body_empty_clength, no_body_bad_clength): Remove tests.
  (fail_on_invalid): Add tests for invalid C-L.


------------------------------------------------------------------------
r1644 | joe | 2009-03-04 14:31:40 +0000 (Wed, 04 Mar 2009) | 2 lines

* test/common/tests.c: Remove sys/signal.h include.

------------------------------------------------------------------------
r1643 | joe | 2009-03-03 21:50:21 +0000 (Tue, 03 Mar 2009) | 3 lines

* src/ne_session.h: Define NE_SSL_REVOKED; bump NE_SSL_FAILMASK, reflow
  NE_SSL_* text.

------------------------------------------------------------------------
r1642 | joe | 2009-03-03 21:45:19 +0000 (Tue, 03 Mar 2009) | 2 lines

* test/: Ignore more.

------------------------------------------------------------------------
r1641 | joe | 2009-03-03 21:44:05 +0000 (Tue, 03 Mar 2009) | 23 lines

Expose the cert verification failure case where a cert higher in the
validation chain is outside its validity-period; test cases and thanks
to Ludwig Nussel:

* src/ne_session.h (NE_SSL_BADCHAIN): New constant.
  (NE_SSL_FAILMASK): Bumped up.

* src/ne_gnutls.c (check_certificate): Check validity period of all
  certs in the chain; flag NE_SSL_BADCHAIN appropriately.
  
* src/ne_openssl.c (verify_cert): New function.
  (check_certificate): Rely on failure bits collected via 
  verify_cert invocations.
  (ne_ssl_context_create): Install verify_cert as OpenSSL 
  verify callback.
  (ne__negotiate_ssl): Clear ctx->failures.

* test/makekeys.sh, test/openssl.conf: Create ca[1-3] with ca1, ca3
  being expired and not-yet-valid respectively; create
  ca[13]server.cert signed by these CAs.

* test/ssl.c (fail_ca_notyetvalid, fail_ca_expired): New test cases.

------------------------------------------------------------------------
r1640 | joe | 2009-03-03 21:34:25 +0000 (Tue, 03 Mar 2009) | 2 lines

* NEWS: Sync with 0.28.x.

------------------------------------------------------------------------
r1639 | joe | 2009-03-03 21:33:34 +0000 (Tue, 03 Mar 2009) | 2 lines

* doc/feat.xml: Update for trunk.

------------------------------------------------------------------------
r1633 | joe | 2009-02-25 14:04:42 +0000 (Wed, 25 Feb 2009) | 3 lines

* doc/man.xsl, doc/manual.xml: Fix <author> and quieten
newer docbook-xsl man page generation.

------------------------------------------------------------------------
r1630 | joe | 2009-02-25 13:50:12 +0000 (Wed, 25 Feb 2009) | 2 lines

* install-sh: Remove; rely on provided version.

------------------------------------------------------------------------
r1628 | joe | 2009-02-25 13:45:09 +0000 (Wed, 25 Feb 2009) | 7 lines

Fix ne_forget_auth():

* src/ne_auth.c (clean_session): Clear ->protocol field; patch frm Kai
  Sommerfeld.

* test/auth.c (serve_forgotten, forget): New test case.

------------------------------------------------------------------------
r1626 | joe | 2009-01-29 01:18:00 +0000 (Thu, 29 Jan 2009) | 2 lines

* macros/neon.m4: Add the hash back into PKCS#11 in output messages.

------------------------------------------------------------------------
r1622 | joe | 2009-01-29 01:13:07 +0000 (Thu, 29 Jan 2009) | 2 lines

* doc/ref/neon.xml: Add pakchois and libproxy namespaces.

------------------------------------------------------------------------
r1621 | joe | 2009-01-29 01:06:30 +0000 (Thu, 29 Jan 2009) | 3 lines

* doc/ref/neon.xml: Add note on lack of async-signal-safety, and
fix a typo.

------------------------------------------------------------------------
r1620 | joe | 2009-01-21 14:01:22 +0000 (Wed, 21 Jan 2009) | 3 lines

* src/ne_socket.c (read_gnutls): Perform a new handshake if required
  and indicated by a gnutls_record_recv() failure.

------------------------------------------------------------------------
r1619 | joe | 2009-01-21 13:39:44 +0000 (Wed, 21 Jan 2009) | 2 lines

* src/ne_basic.h: Docs updates.

------------------------------------------------------------------------
r1618 | joe | 2009-01-14 15:17:11 +0000 (Wed, 14 Jan 2009) | 2 lines

* THANKS: Convert to UTF-8.

------------------------------------------------------------------------
r1617 | joe | 2008-12-10 08:22:49 +0000 (Wed, 10 Dec 2008) | 3 lines

* macros/neon.m4 (LIBNEON_SOURCE_CHECKS): Check for 
  socket functions in -lnetwork, for Haiku.

------------------------------------------------------------------------
r1616 | joe | 2008-11-21 20:45:48 +0000 (Fri, 21 Nov 2008) | 2 lines

* Makefile.in: Fix Makefile/neon-config generation in VPATH builds.

------------------------------------------------------------------------
r1614 | joe | 2008-11-20 21:42:44 +0000 (Thu, 20 Nov 2008) | 2 lines

* src/ne_pkcs11.c (pk11_provide): Fix memory leak.

------------------------------------------------------------------------
r1613 | joe | 2008-11-20 21:30:25 +0000 (Thu, 20 Nov 2008) | 2 lines

* NEWS: More news is good news.

------------------------------------------------------------------------
r1612 | joe | 2008-11-20 21:28:54 +0000 (Thu, 20 Nov 2008) | 2 lines

* configure.in: Add notice for forced PIC usage.

------------------------------------------------------------------------
r1611 | joe | 2008-11-20 21:27:24 +0000 (Thu, 20 Nov 2008) | 2 lines

* macros/neon.m4: Drop SOCKS tests.

------------------------------------------------------------------------
r1610 | joe | 2008-11-20 20:59:09 +0000 (Thu, 20 Nov 2008) | 2 lines

* NEWS: Synch with 0.28.x, update to trunk.

------------------------------------------------------------------------
r1609 | joe | 2008-11-20 20:56:15 +0000 (Thu, 20 Nov 2008) | 3 lines

* src/ne_alloc.c, src/ne_alloc.h (ne_free): Implement as function on Win32,
  thanks to Helge Hess.

------------------------------------------------------------------------
r1599 | joe | 2008-11-04 20:49:35 +0000 (Tue, 04 Nov 2008) | 3 lines

* src/ne_socket.c (ne_sock_connect): Use SOCK_CLOEXEC in place of
  setting the O_CLOEXEC flag, where available.

------------------------------------------------------------------------
r1597 | joe | 2008-11-04 18:24:19 +0000 (Tue, 04 Nov 2008) | 2 lines

* test/request.c (status, status_chunked): Fix memory leak.

------------------------------------------------------------------------
r1594 | joe | 2008-10-31 08:59:02 +0000 (Fri, 31 Oct 2008) | 3 lines

* macros/neon.m4 (NEON_SSL): Configure GnuTLS support via pkg-config
  data if possible.

------------------------------------------------------------------------
r1589 | joe | 2008-10-30 20:10:40 +0000 (Thu, 30 Oct 2008) | 6 lines

* src/ne_gnutls.c (pkcs12_parse): Ignore any but the first key or cert
  encountered.  Should fix issues with PKCS#12 files with embedded CA
  certs, see Debian bug 480041.

* test/ssl.c (client_cert_ca): Add test case.

------------------------------------------------------------------------
r1587 | joe | 2008-10-28 20:56:16 +0000 (Tue, 28 Oct 2008) | 3 lines

* src/ne_session.c (ne_session_sysproxy): Don't use ne_free for memory
  not allocated by neon.

------------------------------------------------------------------------
r1586 | joe | 2008-10-24 16:14:40 +0100 (Fri, 24 Oct 2008) | 5 lines
[--snip--]
