Changes in 7.38.0 - September 10 2014

Changes:

• supports HTTP/2 draft-14
• CURLE_HTTP2 is a new error code
• CURLAUTH_NEGOTIATE is a new auth define
• CURL_VERSION_GSSAPI is a new capability bit
• no longer use fbopenssl for anything
• schannel: use CryptGenRandom for random numbers
• axtls: define curlssl_random using axTLS's PRNG
• cyassl: use RNG_GenerateBlock to generate a good random number
• findprotocol: show unsupported protocol within quotes
• version: detect and show LibreSSL
• version: detect and show BoringSSL
• imap/pop3/smtp: Kerberos (SASL GSSAPI) authentication via Windows SSPI
• http2: requires nghttp2 0.6.0 or later

Bugfixes:

• SECURITY ADVISORY: cookie leak with IP address as domain
• SECURITY ADVISORY: cookie leak for TLDs
• fix a build failure on Debian when NSS support is enabled
• HTTP/2: fixed compiler warnings when built disabled
• cyassl: return the correct error code on no CA cert
• http: Deprecate GSS-Negotiate macros due to bad naming
• http: Fixed Negotiate: authentication
• multi: Improve proxy CONNECT performance (regression)
• ntlm_wb: Avoid invoking ntlm_auth helper with empty username
• ntlm_wb: Fix hard-coded limit on NTLM auth packet size
• url.c: use the preferred symbol name: *READDATA
• smtp: fixed a segfault during test 1320 torture test
• cyassl: made it compile with version 2.0.6 again
• nss: do not check the version of NSS at run time
• c-ares: fix build without IPv6 support
• HTTP/2: use base64url encoding
• SSPI Negotiate: Fix 3 memory leaks
• libtest: fixed duplicated line in Makefile
• conncache: fix compiler warning
• openssl: make ossl_send return CURLE_OK better
• HTTP/2: Support expect: 100-continue
• HTTP/2: Fix infinite loop in readwrite_data()
• parsedate: fix the return code for an overflow edge condition
• darwinssl: don't use strtok()
• http_negotiate_sspi: Fixed specific username and password not working
• openssl: replace call to OPENSSL_config
• http2: show the received header for better debugging
• HTTP/2: Move :authority before non-pseudo header fields
• HTTP/2: Reset promised stream, not its associated stream
• HTTP/2: added some more logging for debugging stream problems
• ntlm: Added support for SSPI package info query
• ntlm: Fixed hard coded buffer for SSPI based auth packet generation
• sasl_sspi: Fixed memory leak with not releasing Package Info struct
• sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds
• sasl: Use a dynamic buffer for DIGEST-MD5 SPN generation
• http_negotiate_sspi: Use a dynamic buffer for SPN generation
• sasl_sspi: Fixed missing free of challenge buffer on SPN failure
• sasl_sspi: Fixed hard coded buffer for response generation
• Curl_poll + Curl_wait_ms: fix timeout return value
• docs/SSLCERTS: update the section about NSS database
• create_conn: prune dead connections
• openssl: fix version report for the 0.9.8 branch
• mk-ca-bundle.pl: switched to using hg.mozilla.org
• http: fix the Content-Range: parser
• Curl_disconnect: don't free the URL
• win32: Fixed WinSock 2 #if
• NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth
• curl.1: clarify --limit-rate's effect on both directions
• disconnect: don't touch easy-related state on disconnects
• cmake: big cleanup and numerous fixes
• HTTP/2: supports draft-14 - moved :headers before the non-psuedo headers
• HTTP/2: Reset promised stream, not its associated stream
• configure.ac: Add support for recent GSS-API implementations for HP-UX
• CONNECT: close proxy connections that fail
• CURLOPT_NOBODY.3: clarify this option is for downloads
• darwinssl: fix CA certificate checking using PEM format
• resolve: cache lookup for async resolvers
• low-speed-limit: avoid timeout flood
• polarssl: implement CURLOPT_SSLVERSION
• multi: convert CURLM_STATE_CONNECT_PEND handling to a list
• curl_multi_cleanup: remove superfluous NULL assigns
• polarssl: support CURLOPT_CAPATH / --capath
• progress: size_dl/size_ul are always >= 0, and clear "KNOWN" properly

Further