Chapter 31. Networking
libcurl
successfully communicates with servers requiring HTTP host name to match the TLS session host name
Previously, in some cases, Network Security Services (NSS) incorrectly reused a TLS session for a server with a different host name. Consequently, HTTPS servers could respond with an HTTP error 400 (Bad Request). An upstream patch has been applied on the source code of the
libcurl
library to prevent NSS from reusing a TLS session in case the HTTP host name does not match the TLS session host name. As a result, libcurl
can now successfully communicate with servers that require HTTP host name to match the TLS session host name. (BZ#1269855)
curl
no longer requires a public key specified by the user
Prior to this update, the
curl
utility required both private and public SSH keys (paired with each other) for user authentication. Consequently, if a user provided only the private SSH key, which is a common practice with the scp
utility, curl
failed to authenticate the user. An upstream patch has been applied to improve the SSH user authentication, and curl
now authenticates the user successfully also in case only a private SSH key is provided. (BZ#1275769)
libcurl
no longer truncates long user names and passwords
The URL parser in the
libcurl
library previously did not support arbitrarily long user names and passwords. Consequently, user names and passwords longer than 255 characters were truncated. A series of upstream patches has been applied on the libcurl
source code, and long user names and passwords in the URLs are now processed correctly by libcurl
. (BZ#1260178)
The pycurl.POSTFIELDS
option of PycURL
now works correctly
Previously, the
PycURL
interface violated the libcurl
API, which requires a string passed by the CURLOPT_POSTFIELDS
option to remain valid until the transfer finishes. Consequently, if the pycurl.POSTFIELDS
option was used, libcurl
accessed a string beyond its lifetime, which resulted in an undefined behavior. An upstream patch has been applied on the PycURL
source code to make sure that the string passed to the CURLOPT_POSTFIELDS
option of libcurl
remains valid long enough, and the described problem no longer occurs. (BZ#1153321)
sctp_accept()
no longer causes a deadlock when called during a timeout event
Previously, when
sctp_accept()
was called by a user during a heartbeat timeout event after the 4-way handshake, a deadlock could occur. With this update, the bug has been fixed by giving the assoc->base.sk
pointer to make sure SCTP
correctly locks and unlocks the listening socket. (BZ#1270586)
Out of memory message no longer appears if the stack size is set to unlimited
Prior to this update, using the
ftp
command put
when the stack size was set to unlimited caused the sysconf(_SC_ARG_MAX) function to return -1
, which in turn resulted in the malloc() function being called with an argument of 0
and causing an Out of memory
message to be displayed. With this update, the underlying source code has been improved to allocate a reasonable minimum of memory. As a result, the Out of memory
message no longer appears if the stack size was previously set to unlimited. (BZ#1304064)
NetworkManager no longer provides complete FQDN (DHCP_HOSTNAME) to dhclient.
Previously, NetworkManager always sent only the host part of a machine host name in a DHCP request. As a consequence, it was not possible to force sending a Fully Qualified Domain Name (FQDN). After this update, the user can configure the FQDN to be sent in a DHCP request by using nmcli and setting ipv4.dhcp-fqdn to the desired FQDN and ensuring that ipv4.dhcp-send-hostname is enabled. In configuration files, the FQDN can be specified with the DHCP_FQDN variable. (BZ#1255507)