Changes in 7.34.0 - December 17 2013

Changes:

• SSL: protocol version can be specified more precisely
• imap/pop3/smtp: Added graceful cancellation of SASL authentication
• Add "Happy Eyeballs" for IPv4/IPv6 dual connect attempts
• base64: Added validation of base64 input strings when decoding
• curl_easy_setopt: Added the ability to set the login options separately
• smtp: Added support for additional SMTP commands
• curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
• nss: allow to use TLS > 1.0 if built against recent NSS
• SECURITY-PROCESS: added this document to describe our security processes
• parseconfig: warn if unquoted white spaces are detected

Bugfixes:

• SECURITY VULNERABILITY: libcurl cert name check ignore with GnuTLS
• darwinssl: un-break iOS build after PKCS#12 feature added
• tool: use XFERFUNCTION to save some casts
• usercertinmem: fix memory leaks
• ssh: Handle successful SSH_USERAUTH_NONE
• NSS: acknowledge the --no-sessionid/CURLOPT_SSL_SESSIONID_CACHE option
• test906: Fixed failing test on some platforms
• sasl: initialize NSS before using NTLM crypto
• sasl: Fixed memory leak in OAUTH2 message creation
• imap/pop3/smtp: Fixed QUIT / LOGOUT being sent when SSL connect fails
• cmake: unbreak for non-Windows platforms
• ssh: initialize per-handle data in ssh_connect()
• glob: fix broken URLs
• configure: check for long long when building with cyassl
• CURLOPT_RESOLVE: mention they don't time-out
• docs/examples/httpput.c: fix build for MSVC
• FTP: make the data connection work when going through proxy
• NSS: support for CERTINFO feature
• curl_multi_wait: accept 0 from multi_timeout() as valid timeout
• glob_range: pass the closing bracket for a-z ranges
• tool_help: Updated --list-only description to include POP3
• Curl_ssl_push_certinfo_len: don't %.*s non-zero-terminated string
• cmake: fix Windows build with IPv6 support
• ares: Fixed compilation under Visual Studio 2012
• curl_easy_setopt.3: clarify CURLOPT_SSL_VERIFYHOST documentation
• curl.1: mention that -O does no URL decoding
• darwinssl: PKCS#12 import feature now requires Lion or later
• darwinssl: check for SSLSetSessionOption() presence when toggling BEAST
• configure: Fix test with -Werror=implicit-function-declaration
• sigpipe: factor out sigpipe_reset from easy.c
• curl_multi_cleanup: ignore SIGPIPE
• globbing: curl glob counter mismatch with {} list use
• parseconfig: dash options can't specified with colon or equals
• digest: fix CURLAUTH_DIGEST_IE
• curl.h: <sys/select.h> for OpenBSD
• darwinssl: Fix #if 10.6.0 for SecKeychainSearch
• TFTP: fix return codes for connect timeout
• login options: remove the ;[options] support from CURLOPT_USERPWD
• imap: Fixed incorrect fallback to clear text authentication
• parsedate: avoid integer overflow
• curl.1: document -J doesn't %-decode
• multi: add timer inaccuracy margin to timeout/connecttimeout

Further