1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-17 15:05:02 -05:00
Commit Graph

6843 Commits

Author SHA1 Message Date
Yang Tse
b8edf5bbe9 strerror.c: make Curl_sspi_strerror() always return code for errors 2012-06-12 03:57:15 +02:00
Yang Tse
5e7a0fe73b curl_sspi.h: provide sspi status definitions missing in old headers 2012-06-12 03:56:24 +02:00
Yang Tse
746b80a210 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:11:10 +02:00
Yang Tse
764a5e4a50 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:06:48 +02:00
Daniel Stenberg
af0888aaf6 Revert: 634f7cfee4 partially
Make sure CURL_VERSION_SSPI is present and works as in previous releases
for ABI and API compatibility reasons.
2012-06-11 22:58:39 +02:00
Daniel Stenberg
9c18bb3702 checksrc: shorten a few lines to comply 2012-06-11 19:08:46 +02:00
Daniel Stenberg
c7cc914961 cleanup: remove trailing whitespace 2012-06-11 19:06:43 +02:00
Steve Holme
9a51c11074 Makefile.vc6: Added version.lib if built with SSPI 2012-06-11 19:04:16 +02:00
Marc Hoersken
cb142cf217 winbuild: Updated winbuild scripts to add schannel 2012-06-11 19:03:14 +02:00
Marc Hoersken
7da6a9128b mingw32: Fixed warning of USE_SSL being redefined 2012-06-11 19:00:37 +02:00
Marc Hoersken
61d152384e sspi: Fixed incompatible parameter pointer type in Curl_sspi_version 2012-06-11 19:00:37 +02:00
Marc Hoersken
a92df2e007 setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined 2012-06-11 19:00:36 +02:00
Marc Hoersken
634f7cfee4 version: Replaced SSPI feature information with version string details
Added Windows SSPI version information to the curl version string when
SCHANNEL SSL is not enabled, as the version of the library should also
be included when SSPI is used to generate security contexts.

Removed SSPI from the feature list as the features are GSS-Negotiate,
NTLM and SSL depending on the usage of the SSPI library.
2012-06-11 19:00:36 +02:00
Steve Holme
70d56bfe3c sspi.c: Post Curl_sspi_version() rework code tidy up
Removed duplicate blank lines.
Removed spaces between the not and test in various if statements.
Removed explicit test of NULL in an if statement.
Placed function returns on same line as function declarations.
Replaced the use of curl_maprintf() with aprintf() as it is the
preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
is set.
2012-06-11 19:00:36 +02:00
Steve Holme
bd38ebc697 sspi: Reworked Curl_sspi_version() to return version components
Reworked the version function to return four version components rather
than a string that has to be freed by the caller.
2012-06-11 19:00:36 +02:00
Marc Hoersken
7047e2ed72 schannel: Code cleanup and bug fixes
curl_sspi.c: Fixed mingw32-gcc compiler warnings
curl_sspi.c: Fixed length of error code hex output

The hex value was printed as signed 64-bit value on 64-bit systems:
SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)

It is now correctly printed as the following:
SEC_E_WRONG_PRINCIPAL (0x80090322)

curl_sspi.c: Fallback to security function table version number
Instead of reporting an unknown version, the interface version is used.

curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
curl_schannel: Replaced static buffer sizes with defined names
curl_schannel.c: First brace when declaring functions on column 0
curl_schannel.c: Put the pointer sign directly at variable name
curl_schannel.c: Use structs directly instead of typedef'ed structs
curl_schannel.c: Removed space before opening brace
curl_schannel.c: Fixed lines being longer than 80 chars
2012-06-11 19:00:35 +02:00
Marc Hoersken
c1311c2b8f curl_sspi: Added Curl_sspi_version function
Added new function to get SSPI version as string.
Added required library version.lib to makefiles.
Changed curl_schannel.c to use Curl_sspi_version.
2012-06-11 19:00:35 +02:00
Guenter Knauf
0bb5ff5d1a schannel: Updated mingw32 makefiles 2012-06-11 19:00:35 +02:00
Marc Hoersken
64dc957a41 schannel: Replace ASCII specific code with general defines 2012-06-11 19:00:35 +02:00
Marc Hoersken
3d3a3f9e7c schannel: Added definitions which are missing in mingw32 2012-06-11 19:00:34 +02:00
Marc Hoersken
8d78848a39 schannel: Moved interal struct types to urldata.h
Moved type definitions in order to avoid inclusion loop
2012-06-11 19:00:34 +02:00
Marc Hoersken
90412c8613 schannel: Fixed compiler warnings about pointer type assignments 2012-06-11 19:00:34 +02:00
Marc Hoersken
78729e76da schannel: Fixed critical typo in conditions and added buffer length checks 2012-06-11 19:00:34 +02:00
Marc Hoersken
f858bb0d1f sspi: Refactored socks_sspi and schannel to use same error message functions
Moved the error constant switch to curl_sspi.c and added two new helper
functions to curl_sspi.[ch] which either return the constant or a fully
translated message representing the SSPI security status.
Updated socks_sspi.c and curl_schannel.c to use the new functions.
2012-06-11 19:00:34 +02:00
Marc Hoersken
15ca80c831 schannel: Added special shutdown check for Windows 2000 Professional
Windows 2000 Professional:  Schannel returns SEC_E_OK instead
of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
is zero and the first byte of the encrypted packet is 0x15,
the application can safely assume that the message was a
close_notify message and change the return value to
SEC_I_CONTEXT_EXPIRED.

Connection shutdown does not mean that there is no data to read
Correctly handle incomplete message and ask curl to re-read
Fixed buffer for decrypted being to small
Re-structured read condition to be more effective
Removed obsolete verbose messages
Changed memory reduction method to keep a minimum buffer of size 4096
2012-06-11 19:00:34 +02:00
Marc Hoersken
ec9e9f38b1 schannel: Implemented SSL/TLS renegotiation
Updated TODO information and added related MSDN articles
2012-06-11 19:00:34 +02:00
Marc Hoersken
46792af733 schannel: Save session credential handles in session cache 2012-06-11 19:00:34 +02:00
Marc Hoersken
445245ca85 schannel: Code cleanup 2012-06-11 19:00:34 +02:00
Marc Hoersken
f96f1f3165 schannel: Check for required context attributes 2012-06-11 19:00:34 +02:00
Marc Hoersken
bead90a837 schannel: Allow certificate and revocation checks being deactivated 2012-06-11 19:00:34 +02:00
Marc Hoersken
aaa42aa0d5 schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI 2012-06-11 19:00:29 +02:00
Marc Hoersken
1f635608bb http: Replaced specific SSL libraries list in https_getsock fallback 2012-06-11 19:00:29 +02:00
Marc Hoersken
9c94236e6c connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union instead of separate pointer variables.
Internal union sockaddr_u could probably be moved to generic header.
Thanks to Paul Howarth for the hint about using unions for this.

Important for winbuild: Separate declaration of sockaddr_u pointer.
The pointer variable *sock cannot be declared and initialized right
after the union declaration. Therefore it has to be a separate statement.
2012-06-11 15:26:30 +02:00
Marc Hoersken
3f9ab7cf5d curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated 2012-06-11 14:47:23 +02:00
Daniel Stenberg
6cd084a3b5 Curl_pgrsDone: return int and acknowledge return code
Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
abort instruction or similar we need to return that info back and
subsequently properly handle return codes from Curl_pgrsDone() where
used.

(Spotted by a Coverity scan)
2012-06-10 23:40:35 +02:00
Steve Holme
1aaf86a596 smtp.c: Removed unused variable 2012-06-09 19:49:59 +01:00
Steve Holme
6188855b67 smtp: Post apop feature code tidy up 2012-06-09 19:22:29 +01:00
Steve Holme
a3660127a4 pop3: Post apop feature code tidy up 2012-06-09 19:21:44 +01:00
Steve Holme
c09c621af7 pop3: Added support for apop authentication 2012-06-09 13:49:37 +01:00
Steve Holme
4e430a8a16 pop3: Enhanced the extended authentication mechanism detection
Enhanced the authentication type / mechanism detection in preparation
for the introduction of APOP support.
2012-06-09 11:48:44 +01:00
Steve Holme
6478e1d7e5 pop3.c: Fixed length of SASL check 2012-06-09 11:08:08 +01:00
Daniel Stenberg
674e53f40e OpenSSL: support longer certificate subject names
Previously it would use a 256 byte buffer and thus cut off very long
subject names. The limit is now upped to the receive buffer size, 16K.

Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
Reported by: Anthony G. Basile
2012-06-09 00:06:54 +02:00
Kamil Dudka
68857e40d6 ssl: fix duplicated SSL handshake with multi interface and proxy
Bug: https://bugzilla.redhat.com/788526
Reported by: Enrico Scholz
2012-06-08 23:27:11 +02:00
Daniel Stenberg
e3f5e04cf0 openldap: OOM fixes
when calloc fails, return error! (Detected by Fortify)

Reported by: Robert B. Harris
2012-06-08 20:57:11 +02:00
Steve Holme
0cd8c287a4 sasl: Re-factored mechanism constants in preparation for APOP work 2012-06-08 19:52:28 +01:00
Steve Holme
0636af6131 smtp.c: Re-factored the smtp_state_*_resp() functions
Re-factored the smtp_state_*_resp() functions to 1) Match the constants
that were refactored in commit 00fddba672, 2) To be more readable and
3) To match their counterparties in pop3.c.
2012-06-07 22:06:01 +01:00
Steve Holme
00fddba672 smtp: Re-factored the SMTP_AUTH* state machine constants
Re-factored the SMTP_AUTH* constants, that are used by the state
machine, to be clearer to read.
2012-06-06 20:14:52 +01:00
Steve Holme
89b5680d81 smtp.c: Removed whitespace 2012-06-05 14:34:17 +01:00
Steve Holme
0f3c330ad8 pop3: Another small code tidy up
Missed some comments that we identified during the SMTP tidy up earlier.
2012-06-05 13:49:50 +01:00
Steve Holme
7157363ab4 smtp: Post authentication code tidy up
Corrected lines longer than 78 characters.

Removed unnecessary braces in smtp_state_helo_resp().

Introduced some comments in data sending functions.

Tidied up comments to match changes made in pop3.c.
2012-06-05 12:23:01 +01:00
Steve Holme
57e6336794 email: Removed duplicated header file 2012-06-05 11:18:07 +01:00
Steve Holme
64510fe917 sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
For consistency with other SASL based functions renamed this function
to Curl_sasl_create_ntlm_type3_message() which better describes its
usage.
2012-06-04 22:25:45 +01:00
Steve Holme
38dfe52559 pop3: Post authentication code tidy up
Corrected lines longer than 78 characters.

Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
AUTH command is no longer sent on its own.

Introduced some comments in data sending functions.

Another attempt at trying to rational code and comment style.
2012-06-04 22:15:51 +01:00
Steve Holme
7759d10f36 pop3: Added support for sasl digest-md5 authentication 2012-06-04 21:50:16 +01:00
Yang Tse
32ab3276ee sasl: add reference for curl_sasl 2012-06-04 22:51:00 +02:00
Yang Tse
74a7ee9973 Makefile.inc: tab adjustment 2012-06-04 22:50:59 +02:00
Steve Holme
bf51b8c07a sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
Added a service type parameter to Curl_sasl_create_digest_md5_message()
to allow the function to be used by different services rather than being
hard coded to "smtp".
2012-06-04 20:22:06 +01:00
Steve Holme
e336bc7c42 pop3: Changed the sasl mechanism detection from auth to capa
Not all SASL enabled POP3 servers support the AUTH command on its own
when trying to detect the supported mechanisms. As such changed the
mechanism detection to use the CAPA command instead.
2012-06-04 19:09:45 +01:00
Steve Holme
f087211566 sasl: Small code tidy up
Reworked variable names in Curl_sasl_create_cram_md5_message() to match
those in Curl_sasl_create_digest_md5_message() as they are more
appropriate.
2012-06-04 11:02:03 +01:00
Steve Holme
665e16899c sasl: Moved digest-md5 authentication message creation from smtp.c
Moved the digest-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-04 10:53:18 +01:00
Steve Holme
58987556d5 sasl: Small code tidy up before moving digest-md5 over
Correction of comments and variable names.
2012-06-04 10:49:55 +01:00
Steve Holme
8c0bfd3e0c pop3: Added support for sasl cram-md5 authentication 2012-06-03 19:13:16 +01:00
Daniel Stenberg
24f127027b Curl_sasl_create_plain_message: remove TAB 2012-06-03 19:42:47 +02:00
Steve Holme
2b9ca12edf sasl: Small code tidy up
Added some comments and removed an unreferenced variable.
2012-06-03 18:24:35 +01:00
Steve Holme
3b8cf5bd14 pop3.c: Added conditional compilation for NTLM function calls
Added USE_NTLM condition compilation around the NTLM functions called
from pop3_statemach_act() introduced in commit 69f7156ad9.
2012-06-03 17:40:05 +01:00
Steve Holme
c12a414b21 sasl: Moved cram-md5 authentication message creation from smtp.c
Moved the cram-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-03 17:21:49 +01:00
Steve Holme
b5bb61ee69 pop3: Fixed an issue with changes introduced in commit c267c53017
Because pop3_endofresp() is called for each line of data yet is not
passed the line and line length, so we have to use the data pointed to
by pp->linestart_resp which contains the whole packet, the mechanisms
were being detected in one call yet the function would be called for
each line of data.

Using curl with verbose mode enabled would show that one line of data
would be received in response to the AUTH command, before the AUTH
<mechanism> command was sent to the server and then the next few lines
of the original AUTH command would be displayed before the response from
the AUTH <mechanism> command. This would then cause problems when
parsing the CRAM-MD5 challenge data as extra data was contained in the
buffer.

Changed the parsing so that each line is checked for the mechanisms
and the function returns FALSE until the whole of the AUTH response has
been processed.
2012-06-03 17:06:48 +01:00
Steve Holme
273e9afcc8 sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869
Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
is just a nop.
2012-06-03 00:00:34 +01:00
Steve Holme
9c7016f560 pop3.c:Corrected typo in commit 69ba0da827 2012-06-02 23:12:07 +01:00
Steve Holme
69ba0da827 pop3: Fixed the issue of having to supply the user name for all requests
Previously it wasn't possible to connect to POP3 and not specify the
user name as a CURLE_ACCESS_DENIED error would be returned. This error
occurred because USER would be sent to the server with a blank user name
if no mailbox user was specified as the server would reply with -ERR.

This wasn't a problem prior to the 7.26.0 release but with the
introduction of custom commands the user and/or application developer
might want to issue a CAPA command without having to log in as a
specific mailbox user.

Additionally this fix won't send the newly introduced AUTH command if no
user name is specified.
2012-06-02 22:11:37 +01:00
Steve Holme
1fa2af5136 pop3.c: Small code tidy up
Corrected lines exceeding 78 characters.

Repositioned some comments and added extra clarity.
2012-06-02 21:38:55 +01:00
Steve Holme
cfa81b8fb0 sasl: Corrected variable names in comments and parameters 2012-06-02 14:03:55 +01:00
Steve Holme
69f7156ad9 pop3: Added support for sasl ntlm authentication 2012-06-02 11:55:58 +01:00
Steve Holme
6f964e4f06 sasl: Small comment style tidy up following ntlm commit 2012-06-02 11:09:59 +01:00
Steve Holme
d9ca9e9869 sasl: Moved ntlm authentication message handling from smtp.c
Moved the ntlm message creation and decoding from smtp.c into the sasl
module to allow for use by other modules such as pop3.
2012-06-02 11:07:58 +01:00
Steve Holme
2df6e6d9f8 pop3: Added support for sasl login authentication 2012-06-01 15:59:29 +01:00
Steve Holme
54d484e136 sasl: Moved login authentication message creation from smtp.c
Moved the login message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-31 23:11:54 +01:00
Steve Holme
cb3d0ce2cb smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
Rather than encoding the password message itself the
smtp_state_authpasswd_resp() function now delegates the work to the same
function that smtp_state_authlogin_resp() and smtp_authenticate() use
when constructing the encoded user name.
2012-05-31 22:58:07 +01:00
Steve Holme
f86432b119 smtp.c: Re-factored smtp_auth_login_user() for use with passwords
In preparation for moving to the SASL module re-factored the
smtp_auth_login_user() function to smtp_auth_login() so that it can be
used for both user names and passwords as sending both of these under
the login authentication mechanism is the same.
2012-05-31 22:49:14 +01:00
Steve Holme
2c6d32b864 pop3: Added support for sasl plain text authentication 2012-05-31 20:45:53 +01:00
Steve Holme
3c14c524c5 curl_ntlm_msgs.c: Corrected small spelling mistake in comments 2012-05-30 20:56:37 +01:00
Steve Holme
8e860c1662 sasl: Moved plain text authentication message creation from smtp.c
Moved the plain text message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-30 20:52:52 +01:00
Steve Holme
7291c1f565 pop3: Introduced the continue response in pop3_endofresp() 2012-05-28 21:29:01 +01:00
Steve Holme
3fa0fbb816 pop3: Changed response code from O and E to + and -
The POP3 protocol doesn't really have the concept of error codes and
uses +, +OK and -ERR in response to commands to indicate continue,
success and error.

The AUTH command is one of those commands that requires multiple pieces
of data to be sent to the server where the server will respond with + as
part of the handshaking. This meant changing the values before
continuing with the next stage of adding authentication support.
2012-05-28 20:59:10 +01:00
Steve Holme
a9d798c4d5 pop3: Small code tidy up following authentication work so far
Changed the order of the state machine to match the order of actual
events.

Reworked some comments and function parameter positioning that I missed
the other day.
2012-05-28 20:21:52 +01:00
Kamil Dudka
72f4b534c4 nss: use human-readable error messages provided by NSS
Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
2012-05-28 11:24:24 +02:00
Daniel Stenberg
a7731673d0 pop3: remove variable-not-used warnings 2012-05-27 23:29:15 +02:00
Steve Holme
c267c53017 pop3: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the AUTH command. There are two ways of detecting them, either by
using the AUTH command, that will return -ERR if not supported or by
using the CAPA command which will return SASL and the list of mechanisms
if supported, not include SASL if SASL authentication is not supported
or -ERR if the CAPA command is not supported. As such it seems simpler
to use the AUTH command and fallback to normal clear text authentication
if the the command is not supported.

Additionally updated the test cases to return -ERR when the AUTH command
is encountered. Additional test cases will be added when support for the
individual authentication mechanisms is added.
2012-05-27 19:09:38 +01:00
Daniel Stenberg
dc454bd16b pop3: remove trailing whitespace 2012-05-27 14:08:46 +02:00
Steve Holme
c6495bccbf pop3: Code tidy up before the introduction of authentication code
Moved EOB definition into header file.

Switched the logic around in pop3_endofresp() to allow for the
introduction of auth-mechanism detection.

Repositioned second and third function variables where they will fit
within the 78 character line limit.

Tidied up some comments.
2012-05-27 10:54:13 +01:00
Guenter Knauf
cd4cf989bb Try to detect OpenSSL build type automatically. 2012-05-27 03:28:43 +02:00
Steve Holme
9c480490f7 sasl: Re-factored auth-mechanism constants to be more generic 2012-05-25 21:58:17 +01:00
Steve Holme
978b808f7d smtp: Moved auth-mechanism constants into a separate header file
Move the SMTP_AUTH constants into a separate header file in
preparation for adding SASL based authentication to POP3 as the two
protocols will need to share them.
2012-05-25 21:49:25 +01:00
Kamil Dudka
74be993576 nss: avoid using explicit casts of code pointers 2012-05-25 13:35:23 +02:00
Steve Holme
ef60fdbd73 smtp: Fixed an issue with the multi-interface always sending postdata
Due to the result code being reset to CURLE_OK when smtp_dophase_done()
was called, postdata would incorrectly be sent to the server when the
MAIL FROM or RCPT command was rejected.

As such, libcurl would return the wrong result code from performing the
operation and additionally set CURLINFO_RESPONSE_CODE to be that
returned by the postdata command.

Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
Reported by: Gokhan Sengun
2012-05-22 22:08:25 +01:00
Tatsuhiro Tsujikawa
6cc066a2c5 Fixed compile error with GNUTLS+NETTLE
In nettle/md5.h, md5_init and md5_update are defined as macros to
nettle_md5_init and nettle_md5_update respectively.  This causes
error when using MD5_params.md5_init and md5_update.  This patch
renames these members as md5_init_func and md5_update_func to
avoid name conflict. For completeness, MD5_params.md5_final was
also renamed as md5_final_func.

The changes in curl_ntlm_core.c is conversion error and fixed by
casting to proper type.
2012-05-22 16:40:09 +02:00
Guenter Knauf
1c58f291cc Updated dependency libary versions. 2012-05-22 04:15:37 +02:00
Steve Holme
7ba07c80a1 smtp: Fixed non-escaping of dot character at beginning of line
A dot character at the beginning of a line would not be escaped to a
double dot as required by RFC-2821, instead it would be deleted by the
mail server. Please see section 4.5.2 of the RFC for more information.

Note: This fix also simplifies the detection of repeated CRLF.CRLF
combinations, such as CRLF.CRLF.CRLF, a little rather than having to
advance the eob counter to 2.
2012-05-17 11:31:06 +01:00
Gokhan Sengun
d6773834f2 MD5: OOM fix
check whether md5 initialization succeeded before updating digest of
buffers onto it
2012-05-02 22:58:15 +02:00
Guenter Knauf
1beda0cbb7 Updated dependency lib versions. 2012-04-26 14:40:50 +02:00
Daniel Stenberg
72b72fe8ed URL parse: reject numerical IPv6 addresses outside brackets
Roman Mamedov spotted (in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
not complain when given a URL with an IPv6 numerical address without
brackets. It would simply cut off the last ":[hex]" part and thus not
work correctly.

That's a URL using an illegal syntax and now libcurl will instead return
a clear error code and error message detailing the error.

The above mentioned bug report claims this to be a regression but
libcurl does not guarantee functionality when given URLs that aren't
following the URL spec (RFC3986 mostly). I consider the fact that it
used to handle this differently a mere coincidence.
2012-04-23 23:18:42 +02:00
Daniel Stenberg
bd9eb30ffd Curl_MD5_init: fix OOM memory leak
Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
Reported by: Michael Mueller
2012-04-23 23:07:40 +02:00
Gokhan Sengun
dd18e714ff OpenSSL cert: provide more details when cert check fails
curl needs to be more chatty regarding certificate verification failure
during SSL handshake
2012-04-23 20:24:15 +02:00
Yang Tse
d6c449e3b4 Revert "sspi: Added version information"
This reverts commit 2976de4808.
2012-04-23 16:28:01 +02:00
Yang Tse
071f8d4182 Revert "sspi - Small code tidy up"
This reverts commit 46cd5f1dad.
2012-04-23 16:27:47 +02:00
Yang Tse
d83233501f Revert "Fixed 'extra tokens at end of #endif directive'."
This reverts commit 77172a242f.
2012-04-23 16:27:33 +02:00
Yang Tse
419a50f817 Revert "Fixed 'Trailing whitespace' found by checksrc."
This reverts commit 683bfa60ad.
2012-04-23 16:27:20 +02:00
Yang Tse
975d23480c Revert "sspi: Code tidy up to remove unused variable."
This reverts commit 412510f974.
2012-04-23 16:27:04 +02:00
Steve Holme
412510f974 sspi: Code tidy up to remove unused variable. 2012-04-22 21:00:32 +01:00
Guenter Knauf
683bfa60ad Fixed 'Trailing whitespace' found by checksrc. 2012-04-22 21:19:36 +02:00
Guenter Knauf
77172a242f Fixed 'extra tokens at end of #endif directive'. 2012-04-22 21:10:17 +02:00
Steve Holme
46cd5f1dad sspi - Small code tidy up 2012-04-22 18:59:07 +01:00
Steve Holme
2976de4808 sspi: Added version information
Added version information for Windows SSPI to curl's main version
string and removed SSPI from the features string.
2012-04-22 18:49:27 +01:00
Daniel Stenberg
560cd62272 HTTP: empty chunked POST ended up in two zero size chunks
When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
size of the POST was zero length, it made libcurl first send a zero
chunk and then the terminating one. This could confuse a receiver and it
should rather just send the terminating chunk as it does with this fix.

Test case 1333 is added to verify.

Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
Reported by: Arnaud Compan
2012-04-20 22:25:31 +02:00
Guenter Knauf
0f54880277 Updated dependency lib versions. 2012-04-20 13:33:54 +02:00
Daniel Stenberg
5cd524df18 singleipconnect: return OK even when Curl_socket() fails
Commit 9109cdec11 brought this regression (shipped since 7.24.0).

The singleipconnect() function must not return an error if Curl_socket()
returns an error. It should then simply return OK and pass a SOCKET_BAD
back simply because that is how the user of this function expects it to
work and something else is not fine.

Reported by: Blaise Potard
Bug: http://curl.haxx.se/bug/view.cgi?id=3516508
2012-04-19 23:31:50 +02:00
Yang Tse
94111bbbd4 Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up
MIPSPro compiler detected curl_easy_getinfo() related missing adjustments.
SunPro compiler detected curl tool --libcurl option related missing adjustments.
2012-04-19 16:31:11 +02:00
Yang Tse
df4205c10a url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes
Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported.

Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.
2012-04-19 00:35:44 +02:00
Yang Tse
9421b06397 Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
'unsigned long' for proper handling and operating.
2012-04-18 23:04:35 +02:00
Yang Tse
3833765ba5 build adjustments: commit 9e24b9c7 follow-up 2012-04-17 13:29:12 +02:00
Yang Tse
a498daa0e0 nss.c: fix compiler warning 2012-04-16 22:37:12 +02:00
Yang Tse
7d4ed0b10e setup_once.h: tighten requirements for stdbool.h header inclusion
Include stdbool.h only when it is available and configure is capable of
detecting a proper 'bool' data type when the header is included.

Compilation fix for old or unpatched versions of XL C compiler.

Report: http://curl.haxx.se/mail/archive-2012-04/0022.html
2012-04-14 15:41:38 +02:00
Yang Tse
48d13b44c6 headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage
Usage in other code paths already protected and requiring even newer versions.
2012-04-14 15:12:30 +02:00
Jonathan Nieder
8b63b48627 headers: surround GCC attribute names with double underscores
This protects from attribute names being defined by third party's code.

Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html
2012-04-14 15:06:57 +02:00
Yang Tse
c156b916a4 nss.c: fix compiler warning 2012-04-13 18:26:42 +02:00
Kamil Dudka
a60edcc6d4 nss: provide human-readable names for NSS errors 2012-04-13 12:19:36 +02:00
Kamil Dudka
20cb12db8d nss: use NSS_InitContext() to initialize NSS if available
NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
collisions on NSS initialization/shutdown with other libraries.

Bug: https://bugzilla.redhat.com/738456
2012-04-13 12:19:36 +02:00
Kamil Dudka
42aa796150 nss: unconditionally require PK11_CreateGenericObject()
This bumps the minimal supported version of NSS to 3.12.x.
2012-04-13 12:19:36 +02:00
Guenter Knauf
930781e168 Added NetWare export. 2012-04-13 01:24:34 +02:00
Yang Tse
8c29bf5640 url.c: fix compiler warning 2012-04-12 21:21:08 +02:00
Guenter Knauf
82306ebfba Updated dependency lib versions (2nd try). 2012-04-12 20:51:29 +02:00
Guenter Knauf
03d4b9f078 Updated dependency lib versions. 2012-04-12 20:44:50 +02:00
Yang Tse
38ae6ec1a2 configure: NATIVE_WINDOWS no longer defined in config files 2012-04-12 13:08:48 +02:00
Yang Tse
9e24b9c7af build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files
configure script now provides conditional definitions for Makefile.am
that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles
when appropriate.

Additionally, configure script option for symbol hiding control is now
named --enable-symbol-hiding --disable-symbol-hiding. While still valid,
old option name --enable-hidden-symbols --disable-hidden-symbols will
be deprecated in some future release.
2012-04-11 19:33:54 +02:00
Yang Tse
21423497ef configure: Windows cross-compilation fixes
BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h,
configure will generate appropriate conditionals so that mentioned symbols
get defined and used in Makefiles at compilation time
2012-04-09 21:24:16 +02:00
Yang Tse
3d8c093145 curl tool: use configuration files from lib directory - follow-up I
amigaos.[ch] now integrates nicely with any libcurl build
2012-04-07 00:31:24 +02:00
Yang Tse
919c97fa65 curl tool: use configuration files from lib directory
Configuration files such as curl_config.h and all config-*.h no longer exist
nor are generated/copied into 'src' directory, now these only exist in 'lib'
directory from where curl tool sources uses them.

Additionally old src/setup.h has been refactored into src/tool_setup.h which
now pulls lib/setup.h

The possibility of a makefile needing an include path adjustment exists.
2012-04-06 23:37:05 +02:00
Daniel Stenberg
376b4d48fe PolarSSL: correct return code for CRL matches
When a server certificate matches one in the given CRL file, the code
now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
2012-04-06 15:10:59 +02:00
Daniel Stenberg
118e73306d PolarSSL: include version number in version string
Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the
same style other libs and components do.
2012-04-06 14:44:36 +02:00
Andrei Cipu
0b516b7162 CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
As it turns out, some people do want that after all.
2012-04-05 23:29:21 +02:00
Dag Ekengren
5e852ab9d1 PolarSSL: add support for asynchronous connect 2012-04-05 00:18:34 +02:00
Tim Heckman
f9bb5d2984 Revert "access the CA source file using HTTPS"
This reverts commit f7e2ab6.

This change caused fetching of the certificates to become unreliable.

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-04-04 23:54:02 +02:00
Andrei Cipu
ad595c3ba9 IPv6 cookie domain: get rid of the first bracket before the second.
Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
character.
2012-04-04 23:51:41 +02:00
Yang Tse
9753c6bec5 ftp.c: ftplistparser related OOM handling fix 2012-04-04 17:31:11 +02:00
Yang Tse
b16e3da12a smtp.c: fix compiler warnings 2012-04-04 17:24:30 +02:00
Lijo Antony
950b0b770e connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
conveys incorrect information to the user.
2012-04-03 22:56:29 +02:00
Steve Holme
15e1227ed4 pop3: Reworked the command sending and handling
Reworked the command sending from two specific LIST and RETR command
functions into a single command based function as well as the two
associated response handlers into a generic command handler.
2012-04-02 23:24:00 +01:00
Steve Holme
54866b68cd smtp.c: Code policing and tidy up 2012-04-01 21:09:38 +01:00
Armel Asselin
05a443adf2 SSH: public key can now be an empty string
If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
pass no public key to libssh2 which then tries to compute it from the
private key. This is known to work when libssh2 1.4.0+ is linked against
OpenSSL.
2012-04-01 20:22:37 +02:00
Tatsuhiro Tsujikawa
ebf315e6f3 OpenSSL: Made cert hostname check conform to RFC 6125
This change replaces RFC 2818 based hostname check in OpenSSL build with
RFC 6125 [1] based one.

The hostname check in RFC 2818 is ambiguous and each project implements
it in the their own way and they are slightly different. I check curl,
gnutls, Firefox and Chrome and they are all different.

I don't think there is a bug in current implementation of hostname
check. But it is not as strict as the modern browsers do. Currently,
curl allows multiple wildcard character '*' and it matches '.'. (as
described in the comment in ssluse.c).

Firefox implementation is also based on RFC 2818 but it only allows at
most one wildcard character and it must be in the left-most label in the
pattern and the wildcard must not be followed by any character in the
label.[2] Chromium implementation is based on RFC 6125 as my patch does.
Firefox and Chromium both require wildcard in the left-most label in the
presented identifier.

This patch is more strict than the current implementation, so there may
be some cases where old curl works but new one does not. But at the same
time I think it is good practice to follow the modern browsers do and
follow the newer RFC.

[1] http://tools.ietf.org/html/rfc6125#section-6.4.3
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
2012-04-01 20:10:37 +02:00
Daniel Stenberg
c44d45db86 HTTP: reset expected DL/UL sizes on redirects
With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
download size was known (like with a Content-Length header), but the
subsequent URL (transfered after the 3xx page) was chunked encoded, then
the previous "known download size" would linger and cause the progress
meter to get incorrect information, ie the former value would remain
being sent in. This could easily result in downloads that were WAY
larger than "expected" and would cause >100% outputs with the curl
command line tool.

Test case 599 was created and it was used to repeat the bug and then
verify the fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
Reported by: Michael Wallner
2012-04-01 00:07:24 +02:00
Gökhan Şengün
7a2647e162 smtp: Add support for DIGEST-MD5 authentication 2012-03-31 22:31:19 +01:00
Gökhan Şengün
9bae9ddad9 smtp: Cody tidy up of md5 digest length
Replaced the hard coded md5 digest length (16) with a preprocessor
constant
2012-03-31 22:31:18 +01:00
Gökhan Şengün
004d7251ab md5: Add support for calculating the md5 sum of buffers incrementally
It is now possible to calculate the md5 sum as the stream of buffers
becomes known where as previously it was only possible to calculate the
md5 sum of a pre-prepared buffer.
2012-03-31 22:31:16 +01:00
Daniel Stenberg
33d044a862 Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
This reverts commit 9f0e1689f1.

It turned out that "improvement" instead made the fetching of the
certificates unreliable

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-03-31 19:51:36 +02:00
Steve Holme
761c3c5446 pop3: Added support for additional pop3 commands
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
2012-03-31 18:46:22 +01:00
Yang Tse
97ff646fc1 ssh.c: code cleanup, Curl_safefree() already nullifies pointer 2012-03-25 18:30:17 +02:00
Yang Tse
9801596fb3 fix some compiler warnings 2012-03-25 18:30:16 +02:00
Steve Holme
982315573c pop3.c: Corrected problem with state() introduced in 01690ed2bc 2012-03-25 12:47:39 +01:00
Steve Holme
9f96e6da28 pop.c: Small code tidy up 2012-03-25 11:28:59 +01:00
Steve Holme
01690ed2bc pop3: Removed the need for the single message LIST command handler
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
2012-03-25 11:21:59 +01:00
Steve Holme
2da89708ec pop3.c: Code policing and tidy up
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
2012-03-24 12:28:11 +00:00
Steve Holme
5c62a551c4 email: Moved server greeting responses into separate functions
Moved the server greeting response handling code from the statemach_act
functions to separate response functions. This makes the code simpler
to follow and provides consistency with the other responses that are
handled here.
2012-03-24 11:55:34 +00:00
Steve Holme
602a8a565c pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified
Body data would be forwarded to the client application in both the RETR
and LIST commands even if CURLOPT_NOBODY was specified.
2012-03-24 00:09:38 +00:00
Yang Tse
fe93b0a874 http_proxy.h: fix builds with proxy or http disabled 2012-03-22 17:27:14 +01:00
Yang Tse
e8a32438c2 parsedate.c: fix a numeric overflow 2012-03-22 15:54:34 +01:00
Andrei Cipu
97b66ebefe cookies: strip the numerical ipv6 host properly
The commit e650dbde86 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.
2012-03-22 08:56:33 +01:00
Yang Tse
3c80309c27 fix several compiler warnings 2012-03-22 04:54:04 +01:00
Daniel Stenberg
c83de6d076 CONNECT: fix multi interface regression
The refactoring of HTTP CONNECT handling in commit 41b0237834 that
made it protocol independent broke it for the multi interface. This fix
now introduce a better state handling and moved some logic to the
http_proxy.c source file.

Reported by: Yang Tse
Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-22 00:12:37 +01:00
Yang Tse
c6825b7a6b fix several compiler warnings 2012-03-20 18:28:24 +01:00
Daniel Stenberg
ad77420ac7 lwip: basic checks and macros for compatiblity 2012-03-17 23:02:21 +01:00
Yang Tse
0c8e36c18a http_proxy.c: fix OOM handling 2012-03-16 20:11:22 +01:00
Yang Tse
8af4b657d0 fix some compiler warnings 2012-03-16 19:06:34 +01:00
Maxim Prohorov
97386c3c84 resolve with c-ares: don't resolve IPv6 when not working
If the Curl_ipv6works() function says no, there is no reason to try AAAA
names even if libcurl was built with IPv6 support enabled.

Bug: http://curl.haxx.se/mail/lib-2012-03/0045.html
2012-03-13 22:52:39 +01:00
Steve Holme
e25590a2b3 smtp.c: Changed the curl error code for EHLO and HELO responses
Changed the returned curl error codes for EHLO and HELO responses from
CURLE_LOGIN_DENIED to CURLE_REMOTE_ACCESS_DENIED as a negative response
from these commands represents no service as opposed to a login error.
2012-03-10 22:03:42 +00:00
Andrei Cipu
e650dbde86 Curl_http: strip off [brackets] from ipv6-only host headers
Since the host name is passed in to the cookie engine it will not work
correctly if the brackets are left in the name.

Bug:http://curl.haxx.se/mail/lib-2012-03/0036.html
2012-03-10 16:48:59 +01:00
John Joseph Bachir
9f0e1689f1 mk-ca-bundle.pl: use LWP::UserAgent with proper https verify behavior.
An alternative would be:

1. specify HTTPS_CA_DIR and/or HTTPS_CA_FILE
2. ensure that Net::SSL is being used, and IO::Socket::SSL is NOT being
   used

This question and answer explain:
http://stackoverflow.com/questions/74358/
2012-03-10 15:51:24 +01:00
John Joseph Bachir
f7e2ab629e access the CA source file using HTTPS 2012-03-10 15:50:27 +01:00
Daniel Stenberg
2764bf2c5b includes: remove inclusion of unused file http_proxy.h 2012-03-09 00:05:24 +01:00
Daniel Stenberg
41b0237834 CONNECT: made generically not per-protocol
Curl_protocol_connect() now does the tunneling through the HTTP proxy if
requested instead of letting each protocol specific connection function
do it.
2012-03-08 23:31:38 +01:00
Daniel Stenberg
cabd010dd4 ssh_connect: tunnel through HTTP proxy if requested 2012-03-08 21:47:54 +01:00
Daniel Stenberg
c55a0809bb LWIP: don't consider HAVE_ERRNO_H to be winsock
The check for Winsock definition was a bit too broad

Bug: http://curl.haxx.se/mail/lib-2012-03/0046.html
2012-03-08 21:25:35 +01:00
Daniel Stenberg
79b6f4a2d3 CONNECT: fix ipv6 address in the Request-Line
Commit 466150bc64 fixed the Host: header with CONNECT, but I then
forgot the preceeding request-line. Now this too uses [brackets]
properly if a ipv6 numerical address was given.

Bug: http://curl.haxx.se/bug/view.cgi?id=3493129
Reported by: "Blacat"
2012-02-24 23:33:14 +01:00
Steve Holme
5430007222 SMTP: Added support for returning SMTP response codes
Set the conn->data->info.httpcode variable in smtp_statemach_act() to
allow Curl_getinfo() to return the SMTP response code via the
CURLINFO_RESPONSE_CODE action.
2012-02-23 23:29:03 +01:00
Steve Holme
2f1ad7d6e2 smtp.c: Fixed an issue with writing postdata
Fixed a problem in smtp_done() when writing out the postdata as
Curl_write() would periodically return zero bytes written.
2012-02-21 22:50:46 +01:00
Steve Holme
035ef06bda pop3.c: Fixed drop of final CRLF in EOB checking
Curl_pop3_write() would drop the final CRLF of a message as it was
considered part of the EOB as opposed to part of the message. Whilst
the EOB sequence needs to be searched for by the function only the
final 3 characters should be removed as per RFC-1939 section 3.

Reported by: Rich Gray
Bug: http://curl.haxx.se/mail/lib-2012-02/0051.html
2012-02-19 23:48:14 +01:00
Steve Holme
3d98aed5b3 smtp.c: Fixed an issue with the EOB checking
Curl_smtp_escape_eob() would leave off final CRLFs from emails ending
in multiple blank lines additionally leaving the smtpc->eob variable
with the character count in, which would cause problems for additional
emails when sent through multiple calls to curl_easy_perform() after a
CURLOPT_CONNECT_ONLY.
2012-02-17 22:47:19 +01:00
Steve Holme
5c409d03ec SMTP: Code policing and tidy up 2012-02-16 13:20:34 +01:00
Steve Holme
b685481d52 smtp.c: Fixed use of angled brackets in AUTH parameter.
Fixed the use of angled brackets "<>" in the optional AUTH parameter as
per RFC-2554 section 5. The address should not include them but an
empty address should be replaced by them.
2012-02-15 21:51:45 +01:00
Steve Holme
0cf0ab6f30 smtp_mail: Added support to MAIL FROM for the optional AUTH parameter
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to
set the optional AUTH parameter in the MAIL FROM command.

When this option is specified and an authentication mechanism is used
to communicate with the mail server then the AUTH parameter will be
included in the MAIL FROM command. This is particularly useful when the
calling program is acting as a relay in a trusted environment and
performing server to server communication, as it allows the relaying
server to specify the address of the mailbox that was used to
authenticate and send the original email.
2012-02-14 22:50:49 +01:00
toddouska
ee7e4fc1d1 cyassl: update to CyaSSL 2.0.x API
Modify configure.ac to test for new CyaSSL Init function and remove
default install path to system.  Change to CyaSSL OpenSSL header and
proper Init in code as well.

Note that this no longer detects or works with CyaSSL before v2
2012-02-14 19:49:54 +01:00
Steve Holme
69406f0be7 SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
Fixed incorrect behavior in smtp_done() which would cause the end of
block data to be sent to the SMTP server if libcurl was operating in
connect only mode. This would cause the server to return an error as
data would not be expected which in turn caused libcurl to return
CURLE_RECV_ERROR.
2012-02-14 19:12:28 +01:00
Daniel Stenberg
7ed25fcc5c parse_proxy: simply memory handling
... by making sure that the string is always freed after the invoke as
parse_proxy will always copy the data and this way there's a single
free() instead of multiple ones.
2012-02-10 17:00:55 +01:00
Daniel Stenberg
ecc93caaeb parse_proxy: bail out on zero-length proxy names!
The proxy parser function strips off trailing slashes off the proxy name
which could lead to a mistaken zero length proxy name which would be
treated as no proxy at all by subsequent functions!

This is now detected and an error is returned. Verified by the new test
1329.

Reported by: Chandrakant Bagul
Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html
2012-02-10 16:26:20 +01:00
Kamil Dudka
ebf3138992 nss: add support for the CURLSSLOPT_ALLOW_BEAST option
... and fix some typos from the 62d15f1 commit.
2012-02-09 23:25:55 +01:00
Daniel Stenberg
2a699bc6e9 CURLOPT_SSL_OPTIONS: added
Allow an appliction to set libcurl specific SSL options. The first and
only options supported right now is CURLSSLOPT_ALLOW_BEAST.

It will make libcurl to disable any work-arounds the underlying SSL
library may have to address a known security flaw in the SSL3 and TLS1.0
protocol versions.

This is a reaction to us unconditionally removing that behavior after
this security advisory:

http://curl.haxx.se/docs/adv_20120124B.html

... it did however cause a lot of programs to fail because of old
servers not liking this work-around. Now programs can opt to decrease
the security in order to interoperate with old servers better.
2012-02-09 22:22:54 +01:00
Dave Reisner
705f0f7a5b add library support for tuning TCP_KEEPALIVE
This adds three new options to control the behavior of TCP keepalives:

- CURLOPT_TCP_KEEPALIVE: enable/disable probes
- CURLOPT_TCP_KEEPIDLE: idle time before sending first probe
- CURLOPT_TCP_KEEPINTVL: delay between successive probes

While not all operating systems support the TCP_KEEPIDLE and
TCP_KEEPINTVL knobs, the library will still allow these options to be
set by clients, silently ignoring the values.
2012-02-09 18:53:51 +01:00
Daniel Stenberg
ea055407fa curl_easy_reset: reset the referer string
When CURLOPT_REFERER has been used, curl_easy_reset() did not properly
clear it.

Verified with the new test 598

Bug: http://curl.haxx.se/bug/view.cgi?id=3481551
Reported by: Michael Day
2012-02-07 23:07:43 +01:00
Daniel Stenberg
466150bc64 CONNECT: send correct Host: with IPv6 numerical address
When the target host was given as a IPv6 numerical address, it was not
properly put within square brackets for the Host: header in the CONNECT
request. The "normal" request did fine.

Reported by: "zooloo"
Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
2012-01-31 22:52:10 +01:00
Pierre Ynard
f4d3c0cbfb more resilient connection times among IP addresses
When connecting to a domain with multiple IP addresses, allow different,
decreasing connection timeout values. This should guarantee some
connections attempts with sufficiently long timeouts, while still
providing fallback.
2012-01-28 14:00:52 +01:00
Pierre Ynard
4d2737bcb2 remove write-only variable 2012-01-28 13:58:49 +01:00
Daniel Stenberg
70f71bb99f gnutls: enforced use of SSLv3
With advice from Nikos Mavrogiannopoulos, changed the priority string to
add "actual priorities" and favour ARCFOUR. This makes libcurl work
better when enforcing SSLv3 with GnuTLS. Both in the sense that the
libmicrohttpd test is now working again but also that it mitigates a
weakness in the older SSL/TLS protocols.

Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html
Reported by: Christian Grothoff
2012-01-24 08:54:26 +01:00
Daniel Stenberg
75ca568fa1 URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
2012-01-24 08:54:26 +01:00
Daniel Stenberg
db1a856b4f OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds.

The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix.

In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this.

Reported by: product-security at Apple
2012-01-24 08:54:26 +01:00
Daniel Stenberg
7883cd5af3 URL parse: user name with ipv6 numerical address
Using a URL with embedded user name and password didn't work if the host
was given as a numerical IPv6 string, like ftp://user:password@[::1]/

Reported by: Brandon Wang
Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html
2012-01-20 23:32:43 +01:00
Yang Tse
d7af7de5b2 telnet.c: fix OOM triggered segfault 2012-01-20 00:11:15 +01:00
Yang Tse
e64d332e79 OpenSSL: follow-up for commit a20daf90e3
avoid checking preprocessor definition official value
2012-01-19 22:29:00 +01:00
Yang Tse
d56b4c3f89 ssl session caching: fix compiler warnings 2012-01-18 23:42:39 +01:00
Daniel Stenberg
d1becc3231 polarssl: show cipher suite name correctly with 1.1.0
Apparently ssl_get_ciphersuite() is needed to get the name of the used
cipher suite.
2012-01-18 23:19:37 +01:00
Daniel Stenberg
f55f95d49c polarssl: show error code correctly
The value was turned negative when it shouldn't have been
2012-01-18 23:19:01 +01:00
Daniel Stenberg
61d31a3caf polarssl: havege_rand is not present in version 1.1.0
... it is now named havege_random!

Reported by: Robert Schumann
Bug: http://curl.haxx.se/mail/lib-2012-01/0178.html
2012-01-18 23:17:54 +01:00
Colin Hogben
4563eeb9f4 Use correct file descriptor for telnet upload.
Fix a bug where input was read from stdin even when a different FILE *
had been configured via CURLOPT_READDATA
2012-01-18 22:17:10 +01:00
Yang Tse
2cafb0e97c OpenLDAP: fix LDAP connection phase memory leak
bug: http://curl.haxx.se/bug/view.cgi?id=3474308
2012-01-18 16:06:29 +01:00
Johannes Bauer
6ea7acf5a9 OpenSSL: fix PKCS#12 certificate parsing related memory leak
Leak triggered when CURLOPT_SSLCERTTYPE and CURLOPT_SSLKEYTYPE set to P12
and both CURLOPT_SSLCERT and CURLOPT_SSLKEY point to the same PKCS#12 file.
2012-01-18 13:39:12 +01:00
Yang Tse
a20daf90e3 OpenSSL: SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option is no longer enabled
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG option enabling allowed successfull
interoperability with web server Netscape Enterprise Server 2.0.1 released
back in 1996 more than 15 years ago.

Due to CVE-2010-4180, option SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG has
become ineffective as of OpenSSL 0.9.8q and 1.0.0c. In order to mitigate
CVE-2010-4180 when using previous OpenSSL versions we no longer enable
this option regardless of OpenSSL version and SSL_OP_ALL definition.
2012-01-18 11:59:20 +01:00
Yang Tse
0ce2bca741 add LF termination to infof() trace string 2012-01-16 21:14:05 +01:00
Yang Tse
6d62c5a6fc Curl_proxyCONNECT() trace known bug #39 2012-01-15 19:21:55 +01:00
Yang Tse
8e82ef9c32 http_negotiate_sspi.c: fix compiler warning 2012-01-13 13:34:43 +01:00
Yang Tse
d016f5f5f5 ssh.c: fix compiler warning 2012-01-13 12:57:09 +01:00
Daniel Stenberg
9f20379fe4 hostip: avoid getaddrinfo when c-ares is used
Some functions using getaddrinfo and gethostbyname were still
mistakingly being used/linked even if c-ares was selected as resolver
backend.

Reported by: Arthur Murray
Bug: http://curl.haxx.se/mail/lib-2012-01/0160.html
2012-01-12 23:13:19 +01:00
gsengun
d28411c3cc FTP: CURLE_PARTIAL_FILE should not cause control connection to be closed
Test 161 updated accordingly
2012-01-09 22:50:20 +01:00
Yang Tse
f34ddb90e6 lib/setup.h: portable symbolic names for Winsock shutdown() mode flags 2012-01-08 02:32:51 +01:00
Daniel Stenberg
4897f4e517 win32-threaded-resolver: stop using a dummy socket
Previously the code would create a dummy socket while resolving just to
have curl_multi_fdset() return something but the non-win32 version
doesn't do it this way and the creation and use of a socket that isn't
made with the common create-socket callback can be confusing to apps
using the multi_socket API etc.

This change removes the dummy socket and thus will cause
curl_multi_fdset() to return with maxfd == -1 more often.
2012-01-04 23:16:30 +01:00
Peter Sylvester
81524cbfa0 OpenSSL: remove reference to openssl internal struct
With this change, curl compiles with the new OPENSSL_NO_SSL_INTERN
cflag. This flag might become the default in some distant future.
2012-01-04 23:02:36 +01:00
Yang Tse
7bd2add06f krb5.c: fix compiler warning: variable set but not used 2012-01-04 19:11:54 +01:00
Steve Holme
db4f69ef06 Fixed use of CURLUSESSL_TRY for POP3 and IMAP based connections.
Fixed a problem in POP3 and IMAP where a connection would fail when
CURLUSESSL_TRY was specified for a server that didn't support
SSL/TLS connections rather than continuing.
2012-01-04 00:48:20 +01:00
Steve Holme
277022b2e4 Fixed incorrect error code being returned in STARTTLS
The STARTTLS response code in SMTP, POP3 and IMAP would return
CURLE_LOGIN_DENIED rather than CURLE_USE_SSL_FAILED when SSL/TLS
was not available on the server.

Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2012-01/0018.html
2012-01-04 00:47:58 +01:00
Yang Tse
cc69e56ce3 hostip.c: fix potential write past the end of string buffer 2012-01-02 13:44:56 +01:00
Yang Tse
8e25d1b93b hostip.c: fix Curl_loadhostpairs() OOM handling 2012-01-02 13:41:09 +01:00
Daniel Stenberg
7f472618de Curl_input_negotiate: use the correct buffer for input
Unfortunately we have no test cases for this and I have no SSPI build or
server to verify this with. The change seems simple enough though.

Bug: http://curl.haxx.se/bug/view.cgi?id=3466497
Reported by: Patrice Guerin
2012-01-01 22:36:32 +01:00
Daniel Stenberg
a3403db02f just a stupid typo 2011-12-31 23:53:52 +01:00
Daniel Stenberg
c9a3cab6c4 SFTP dir: increase buffer size counter
When the buffer gets realloced to hold the file name in the
SSH_SFTP_READDIR_LINK state, the counter was not bumped accordingly.

Reported by: Armel Asselin
Patch by: Armel Asselin
Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html
2011-12-31 23:52:15 +01:00
Daniel Stenberg
81ebdd9e28 create_hostcache_id: use the key lower cased
... to make sure the DNS cache is properly case insensitive
2011-12-31 10:58:05 +01:00
Daniel Stenberg
207cf15032 changed case: use new host name for subsequent HTTP requests
When a HTTP connection is re-used for a subsequent request without
proxy, it would always re-use the Host: header of the first request. As
host names are case insensitive it would make curl send another host
name case that what the particular request used.

Now it will instead always use the most recent host name to always use
the desired casing.

Added test case 1318 to verify.

Bug: http://curl.haxx.se/mail/lib-2011-12/0314.html
Reported by: Alex Vinnik
2011-12-31 10:45:28 +01:00
Daniel Stenberg
5e0a44e4d5 CURLOPT_RESOLVE: avoid adding already present host names
The load host names to DNS cache function was moved to hostip.c and it
now makes sure to not add host names that already are present in the
cache. It would previously lead to memory leaks when for example using
the --resolve and multiple URLs on the command line.
2011-12-31 10:45:27 +01:00
Yang Tse
ed0364343d removed trailing whitespace 2011-12-30 03:36:18 +01:00
Kamil Dudka
9f7f6a62ff transfer: avoid unnecessary timeout event when waiting for 100-continue
The commit 9dd85bc unintentionally changed the way we compute the time
spent waiting for 100-continue.  In particular, when using a SSL client
certificate, the time spent by SSL handshake was included and could
cause the CURL_TIMEOUT_EXPECT_100 timeout to be mistakenly fired up.

Bug: https://bugzilla.redhat.com/767490
Reported by: Mamoru Tasaka
2011-12-25 22:37:24 +01:00
Yang Tse
98292bcdd0 transfer.c: move a logging statement placement 2011-12-25 12:11:51 +01:00
Yang Tse
996f2454ba hash.c: fix OOM triggered segfault 2011-12-25 11:35:45 +01:00
Daniel Stenberg
99a12baa34 ftp_do_more: don't return success until all is done
ftp_do_more() returns after accepting the server connect however it
needs to fall through and set "*complete" to TRUE before exit from the
function.

Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
Reported by: Gokhan Sengun
2011-12-24 00:12:00 +01:00
Daniel Stenberg
4f8db8bf95 Curl_do_more: fix typo logic
In the recent do_more fix the new logic was mistakenly checking the
pointer instead of what it points to.

Reported by: Gokhan Sengun
Bug: http://curl.haxx.se/mail/lib-2011-12/0250.html
2011-12-24 00:09:41 +01:00
Daniel Stenberg
5ac9ec7205 SFTP mkdir: use correct permission
When sending quote command to a SFTP server and 'mkdir' was used, it
would send fixed permissions and not use the CURLOPT_NEW_DIRECTORY_PERMS
as it should.

Reported by: Armel
Patch by: Armel
Bug: http://curl.haxx.se/mail/lib-2011-12/0249.html
2011-12-24 00:04:04 +01:00
Daniel Stenberg
2caa454dc1 resolve: don't leak pre-populated dns entries
CURLOPT_RESOLVE populates the DNS cache with entries that are marked as
eternally in use. Those entries need to be taken care of when the cache
is killed off.

Bug: http://curl.haxx.se/bug/view.cgi?id=3463121
Reported by: "tw84452852"
2011-12-23 14:46:20 +01:00
Yang Tse
1afbccc676 formdata.c: OOM handling fixes 2011-12-21 15:39:44 +01:00
Daniel Stenberg
926916e28e Curl_socket_check: enlarge poll struct array to 3
This function was introduced in commit 5527417afa and as pointed out
by Gokhan Sengun, the array with poll structs must large enough to hold
3 sockets since that is what the function can accept. It could be noted
that he had this fixed in his patch as posted in
http://curl.haxx.se/mail/lib-2011-12/0179.html

Bug: http://curl.haxx.se/mail/lib-2011-12/0228.html
Reported by: Gokhan Sengun
2011-12-20 23:33:54 +01:00
Daniel Stenberg
130fac6c16 timeleft_accept: ack global timeout, moved to ftp.c
First off the timeout for accepting a server connect back must of course
respect a global timeout. Then the timeleft function is only used by ftp
code so it was moved to ftp.c and made static.
2011-12-20 20:55:54 +01:00
Daniel Stenberg
377471f387 FTP: move FTP-specific struct field to ftpc_conn
"wait_data_conn" was added to the connectionbits in commit c834213ad5 for
handling active FTP connections but as it is purely FTP specific and now
only ever accessed by ftp.c I moved it into the FTP connection struct.
2011-12-20 20:30:38 +01:00
Daniel Stenberg
dfdac61522 non-blocking active FTP: cleanup multi state usage
Backpedaled out the funny double-change of state in the multi state
machine by adding a new argument to the do_more() function to signal
completion. This way it can remain in the DO_MORE state properly until
done. Long term, the entire DO_MORE logic should be moved into the FTP
code and be hidden from the multi code as the logic is only used for
FTP.
2011-12-20 20:30:02 +01:00
Gokhan Sengun
c834213ad5 FTP: perform active connections non-blocking
1- Two new error codes are introduced.

CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of
FTP server connected.

CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts.

Neither of these errors are considered fatal and control connection
remains OK because it could just be a firewall blocking server to
connect to the client.

2- One new setopt option was introduced.

CURLOPT_ACCEPTTIMEOUT_MS

It sets the maximum amount of time FTP client is going to wait for a
server to connect. Internal default accept timeout is 60 seconds.
2011-12-20 20:30:02 +01:00
Daniel Stenberg
5527417afa sockets: new Curl_socket_check() can wait for 3 sockets
This offers an alternative to the existing Curl_socket_ready() API which
only checks one socket for read and one for write.
2011-12-20 20:30:02 +01:00
Daniel Stenberg
51d4885ca0 Curl_pgrsTime: store now in an auto variable
It makes it easier to introduce debug outputs in this function, and
everything in the function is using the value anyway so it might even be
more efficient.
2011-12-20 15:05:50 +01:00
Daniel Stenberg
ce896875f8 timer: restore PRETRANSFER timing
Regression introduced in 7.23.0 with commit 9dd85bce. The function in
which the PRETRANSFER time stamp was recorded was moved in time causing
it be stored very quickly after the start timestamp. On most systems
shorter than 1 millisecond and thus it wouldn't even show with -w
"%{time_pretransfer}" using the command line tool.

Bug: http://curl.haxx.se/mail/archive-2011-12/0022.html
Reported by: Toni Moreno
2011-12-20 14:59:46 +01:00
Daniel Stenberg
5c71544fc6 gitignore: ignore the symbol versioning file 2011-12-20 11:07:23 +01:00
Alessandro Ghedini
7cc2e8b349 configure: add symbols versioning option
Allow, at configure time, the production of versioned symbols. The
symbols will look like "CURL_<FLAVOUR>_<VERSION> <SYMBOL>", where
<FLAVOUR> represents the SSL flavour (e.g. OPENSSL, GNUTLS, NSS, ...),
<VERSION> is the major SONAME version and <SYMBOL> is the actual symbol
name. If no SSL library is enabled the symbols will be just
"CURL_<VERSION> <SYMBOL>".
2011-12-19 23:25:36 +01:00
Sven Wegener
3c18b38dcc Use Curl_ssl_connect for non-blocking connect fallback
This gets the appconnect time right for ssl backends, which don't
support non-blocking connects.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
2011-12-19 22:37:37 +01:00
Daniel Stenberg
583a902789 Curl_proxyCONNECT: use newlines in debug output 2011-12-19 09:32:54 +01:00
Yang Tse
4c4e8ba1f0 if2ip.[ch]: fix compilation with MinGW
Avoid 'interface' literal that some MinGW versions define as a macro
2011-12-13 18:37:33 +01:00
Yang Tse
de6f4f356e connect.c: fix compiler warning 'enumerated type is mixed with another type' 2011-12-13 16:18:08 +01:00
Yang Tse
66c5076252 if2ip.c: fix compiler warning 'unused parameter' 2011-12-13 16:08:42 +01:00
Yang Tse
b9b772fefe pop3.c: fix compiler warning variable may be used uninitialized 2011-12-13 15:58:02 +01:00
Yang Tse
07efe110cc if2ip.c: fix compiler warning 'enumerated type is mixed with another type' 2011-12-13 15:47:26 +01:00
Jason Glasgow
6e4835c795 CURLOPT_INTERFACE: avoid resolving interfaces names
Do not try to resolve interfaces names via DNS by recognizing interface
names in a few ways.  If the interface option argument has a prefix of
"if!" then treat the argument as only an interface.  Similarly, if the
interface argument is the name of an interface (even if it does not have
an IP address assigned), treat it as an interface name.  Finally, if the
interface argument is prefixed by "host!" treat it as a hostname that
must be resolved by /etc/hosts or DNS.

These changes allow a client using the multi interfaces to avoid
blocking on name resolution if the interface loses its IP address or
disappears.
2011-12-12 23:12:37 +01:00
Steve Holme
1259ccf747 ConnectionExists: Fix reuse for TLS upgraded connections
Fixed the connection reuse detection in ConnectionExists() when
comparing a new connection that is non-SSL based against that of a SSL
based connection that has become so by being upgraded via TLS.
2011-12-12 00:32:47 +01:00
Daniel Stenberg
07e3b7512c create_conn: don't switch to HTTP protocol if tunneling is enabled
This is a regression since who knows when. When spotting that a HTTP
proxy is used we must not uncondititionally enable the HTTP protocol
since if we do tunneling through the proxy we're still using the target
protocol.

Reported by: Naveen Chandran
2011-12-09 22:51:08 +01:00
Gokhan Sengun
1cacf853da Curl_closesocket: clear sock_accepted on close
As a follow-up from commit d5b5f64bce, clear the sock_accepted status
when such a socket is closed to avoid a re-used connection to retain the
state wrongly.

Bug: http://curl.haxx.se/mail/lib-2011-12/0079.html
2011-12-07 16:03:00 +01:00
Gokhan Sengun
2b24dd870e multi interface: fix block when CONNECT_ONLY option is used 2011-12-07 15:37:05 +01:00
Daniel Stenberg
2b0e09b0f9 OpenSSL: check for the SSLv2 function in configure
If no SSLv2 was detected in OpenSSL by configure, then we enforce the
OPENSSL_NO_SSL2 define as it seems some people report it not being
defined properly in the OpenSSL headers.
2011-12-06 14:22:45 +01:00
Daniel Stenberg
347f951c39 SSH: fix CURLOPT_SSH_HOST_PUBLIC_KEY_MD5
When a 32 digit hex key is given as a hostkey md5 checksum, the code
would still run it against the knownhost check and not properly
acknowledge that the md5 should then be the sole guide for.

The verbose output now includes the evaluated MD5 hostkey checksum.

Some related source code comments were also updated.

Bug: http://curl.haxx.se/bug/view.cgi?id=3451592
Reported by: Reza Arbab
2011-12-05 22:24:28 +01:00
Daniel Stenberg
c50dbf670f Curl_resolver_is_resolved: differentiate between host/proxy errors
As there are different return codes for host vs proxy errors, this function
now properly returns the code properly depending on what was attempted to get
resolved.

Bug: http://curl.haxx.se/mail/archive-2011-12/0010.html
Reported by: Jason Liu
2011-12-05 12:44:55 +01:00
Daniel Stenberg
0cf05af744 c-ares: return proxy failure for all proxy types
When making a distinction which return code to return, the code previously
only regarded HTTP proxies to be proxies and thus return host-related errors
for failures on other proxy types than HTTP. Now all proxy types will be
considered proxies...
2011-12-05 12:41:38 +01:00
Daniel Stenberg
d5b5f64bce FTP: close callback fix
Keep track of which sockets that are the result of accept() calls and
refuse to call the closesocket callback for those sockets. Test case 596
now verifies that the open socket callback is called the same number of
times as the closed socket callback for active FTP connections.

Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html
Reported by: Gokhan Sengun
2011-12-05 12:34:27 +01:00
Daniel Stenberg
088ba97a24 FTP: call opensocket callback properly
When the new socket is created for an active connection, it is now done
using the open socket callback.

Test case 596 was modified to run fine, although it hides the fact that
the close callback is still called too many times, as it also gets
called for closing sockets that were created with accept().
2011-12-05 11:42:10 +01:00
Daniel Stenberg
9109cdec11 Curl_socket: internal replacement for socket()
Moved out into a separate function to work as a "generic" socket()
replacement.
2011-12-05 10:58:38 +01:00
Jason Glasgow
62d3652b43 CURLOPT_DNS_SERVERS: set name servers if possible (fix)
Ensure that CURLE_OK is returned if setting the name servers is successfull.
2011-12-02 21:54:15 +01:00
Daniel Stenberg
d81f5ea3e0 multi interface: only use non-NULL function pointer!
If the socket callback function pointer hasn't been set, we must not
attempt to use it. Commit adc88ca20 made it more likely to occur.
2011-12-02 21:10:28 +01:00
Jason Glasgow
adc88ca203 multi: handle timeouts on DNS servers by checking for new sockets
If the first name server is not available, the multi interface does
not invoke the socket_cb when the DNS request to the first name server
timesout.  Ensure that the list of sockets are always updated after
calling Curl_resolver_is_resolved.

This bug can be reproduced if Curl is complied with --enable_ares and
your code uses the multi socket interfaces and the
CURLMOPT_SOCKETFUNCTION option.  To test try:
  iptables -I INPUT \
           -s $(sed -n -e '/name/{s/.* //p;q}' /etc/resolv.conf)/32 \
           -j REJECT
and then run a program which uses the multi-interface.
2011-12-02 10:18:52 +01:00
Steve Holme
bdb647814e POP3: fixed escaped dot not being striped out
Changed the eob detection to work across the whole of the buffer so that
lines that begin with a dot (which the server will have escaped) are
passed to the client application correctly.
2011-12-01 00:06:47 +01:00
Yang Tse
1038d0aa16 pop3.c: fix compiler warning 2011-11-29 20:28:49 +01:00
Daniel Stenberg
af64666434 POP3: detect when LIST returns no mails
By making sure the function can detect an "end of body" sequence
immediately on the first line, test 811 is now enabled.
2011-11-29 13:43:46 +01:00
Daniel Stenberg
dda815b776 POP3: fix end of body detection
Curl_pop3_write() now has a state machine that scans for the end of a
POP3 body so that the CR LF '.' CR LF sequence can come in everything
from one up to five subsequent packets.

Test case 810 is modified to use SLOWDOWN which makes the server pause
between each single byte and thus makes the POP3 body get sent to curl
basically one byte at a time.
2011-11-29 00:25:21 +01:00
Yang Tse
2d833852f6 CyaSSL 2.0+ library initialization adjustment 2011-11-25 17:23:36 +01:00
Jonas Schnelli
0604b2fb90 rectify comment 2011-11-25 15:02:43 +01:00
Daniel Stenberg
8f50a5c7e5 SSLSESSION_SHARED: new macro to check if session is shared
Added convenience macro to use to check if a handle is using a shared
SSL session, and fixed so that Curl_ssl_close_all() doesn't lock when
the session isn't shared.
2011-11-25 15:00:37 +01:00
Yang Tse
703fa0a6a8 telnet.c: fix MSVC compiler warning 2011-11-25 14:30:53 +01:00
Yang Tse
97d7a9260e tvdiff_secs(): sub-zero time difference adjustment
Skip a floating point addition operation when integral part of time difference
is zero. This avoids potential floating point addition rounding problems while
preserving decimal part value.
2011-11-25 13:51:55 +01:00
Daniel Stenberg
4a4d04446d telnet: fix macros to allow proper semicolon use
Macros that look like function calls need to be made so that we can use
semicolons properly for indentation and for reducing the risk for
mistakes when using them.
2011-11-25 10:56:18 +01:00
Laurent Rabret
b9223a17b8 TELNET: improved treatment of options
1) enables the Window Size option
2) allows the server to enable the echo mode
3) allows an app using libcurl to disable the default binary mode

Signed-off-by: Laurent Rabret
2011-11-25 10:46:49 +01:00
Jonas Schnelli
2c905fd1f8 query-part: ignore the URI part for given protocols
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the
protocol will get the "query part" of the URL cut off before the data is
handled by the protocol-specific code. This makes libcurl adhere to
RFC3986 section 2.2.

Test 1220 is added to verify a file:// URL with query-part.
2011-11-24 23:31:19 +01:00
Yang Tse
46bd8b330a getinfo.c: reset app connect time when clearing session-info time variables 2011-11-24 18:13:09 +01:00
Yang Tse
78feaff9d8 Fix unreleased regression when using windows gnutls versions older than 2.8 2011-11-24 12:11:52 +01:00
Mark Brand
28bac99674 gnutls: only translate winsock errors for old versions
Bugfix: https handshake fails using gnutls 3 on windows
http://sourceforge.net/tracker/index.php?func=detail&aid=3441084&group_id=976&atid=100976

New gnutls versions have an error handler that knows about Winsock
errors, which is why gnutls_transport_set_global_errno() was deprecated
and then removed.

This is a correction of commit f5bb370 (blame me) which meant to
reimplement gnutls_transport_set_global_errno(), which is not necessary.
2011-11-23 22:38:11 +01:00
Daniel Stenberg
7248439fec protocol_connect: show verbose connect and set connect time
Regression: commit b998d95b (shipped first in release 7.22.0) made the
condition always equal false that should reset the TIMER_CONNECT timer
and call the Curl_verboseconnect() function.

Reported by: "Captain Basil"
Bug: http://curl.haxx.se/mail/archive-2011-11/0035.html
2011-11-21 23:36:21 +01:00
Martin Storsjo
64f328c787 Add support for using nettle instead of gcrypt as gnutls backend 2011-11-19 22:23:14 +01:00
Jonas Schnelli
f64812ca63 SFTP: support '*' prefix for quote operations
prefixing a command with '*' means it is allowed to fail without
aborting the chain actions
2011-11-18 16:04:52 +01:00
Daniel Stenberg
10ecdf5078 getsessionid: don't ever return while locked
Also, check for the session sharing bit instead of comparing pointers
2011-11-17 23:57:21 +01:00
Daniel Stenberg
bb4eb58996 Curl_ssl_getsessionid: increase the value, not the pointer 2011-11-17 23:46:29 +01:00
Alejandro Alvarez Ayllon
35f61c404d SSL session share: move the age counter to the share object
Previously the age counter would be counted individually in each easy
handle that shared SSL sessions!
2011-11-17 23:34:38 +01:00
Jason Glasgow
8d0a504f0d CURLOPT_DNS_SERVERS: set name servers if possible 2011-11-17 22:52:33 +01:00
Guenter Knauf
fd765c627f Fix to skip untrusted certs. 2011-11-08 05:46:46 +01:00
Daniel Stenberg
e3166df1bb ftp PORT: don't hang if bind() fails
When the user requests PORT with a specific port or port range, the code
could lock up in an endless loop. There's now an extra conditional that
makes sure to special treat the error and try the local address only
once so a second failure will abort the loop correctly.

Bug: http://curl.haxx.se/bug/view.cgi?id=3433968
Reported by: Gokhan Sengun
2011-11-06 23:02:27 +01:00
Daniel Stenberg
06a83e8050 pingpong: change two comments wrongly referring "FTP"
Just a sign of where the code originally was ripped out from. Now it is
generic "pingpong".
2011-11-06 17:38:36 +01:00
Rene Bernhardt
4851dafcf1 HTTP auth: fix proxy Negotiate bug
If a proxy offers several Authentication schemes where NTLM and
Negotiate are offered by the proxy and you tell libcurl not to use the
Negotiate scheme then the request never returns when the proxy answers
with its HTTP 407 reply.

It is reproducible by the following steps:

- Use a proxy that offers NTLM and Negotiate ( CURLOPT_PROXY and
CURLOPT_PROXYPORT )

- Tell libcurl NOT to use Negotiate CURL_EASY_SETOPT(CURLOPT_PROXYAUTH,
CURLAUTH_BASIC | CURLAUTH_DIGEST | CURLAUTH_NTLM )

- Start the request

The call to CURL_EASY_PERFORM never returns. If you switch on debug
logging you can see that libcurl issues a new request As soon as it
received the 407 reply. Instead it should return and set the response
code to 407.

Bug: http://curl.haxx.se/mail/lib-2011-10/0323.html
2011-11-06 17:19:37 +01:00
Yang Tse
73029dca5a ssluse.c: fix calling of OpenSSL's ERR_remove_state(0)
Move calling of ERR_remove_state(0) a.k.a ERR_remove_thread_state(NULL)
from Curl_ossl_close_all() to Curl_ossl_cleanup().

In this way ERR_remove_state(0) is now only called in libcurl by
curl_global_cleanup(). Previously it would get called by functions
curl_easy_cleanup(), curl_multi_cleanup and potentially each time a
connection was removed from a connection cache leading to premature
destruction of OpenSSL's thread local state hash.

Multi-threaded apps using OpenSSL enabled libcurl should still call
function ERR_remove_state(0) or ERR_remove_thread_state(NULL) at the
very end end of threads that do not call curl_global_cleanup().
2011-11-04 13:08:37 +01:00
Yang Tse
6fa6567b92 url.c and file.c: fix OOM triggered segfault 2011-11-03 21:56:51 +01:00
Daniel Stenberg
93e57d0628 rename ftp_ssl: the struct field is used for many protocols
Now called 'use_ssl' instead, which better matches the current CURLOPT
name and since the option is used for all pingpong protocols (at least)
it makes sense to not use 'ftp' in the name.
2011-11-03 09:54:12 +01:00
Daniel Stenberg
a873b95c21 gtls_connect_step1: remove use of deprecated functions
Use gnutls_priority_set_direct() instead of gnutls_protocol_set_priority().

Remove the gnutls_certificate_type_set_priority() use since x509 is the
default certificate type anyway.

Reported by: Vincent Torri
2011-11-02 22:44:22 +01:00
Yang Tse
6bdeca967d url.c and transfer.c: nullify connection pointer when free()'ed 2011-11-02 22:34:41 +01:00
Yang Tse
f7dfe2b87a multi.c: OOM handling fix 2011-11-01 14:38:21 +01:00
Yang Tse
49e3b2e03a setup.h: fix compiler warning 2011-10-31 22:42:43 +01:00
Yang Tse
f5bb370186 gtls.c: gnutls_transport_set_global_errno() deprecated in version 2.12.3 2011-10-29 14:58:50 +02:00
Yang Tse
ddeab48245 multi.c: OOM handling fix
Fix curl_multi_cleanup() segfault when using weird cleanup sequence.
2011-10-27 17:08:02 +02:00
Daniel Stenberg
b0d42da26b multi: start ftp state machine when switching to DO_MORE
This extends the fix from commit d7934b8bd4

When the multi state is changed within the multi_runsingle from DOING to
DO_MORE, we didn't immediately start the FTP state machine again. That
then left the FTP state in FTP_STOP. When curl_multi_fdset() was
subsequently called, the ftp_domore_getsock() function would return the
wrong fd info.

Reported by: Gokhan Sengun
2011-10-27 12:46:29 +02:00
Yang Tse
e8d8843a02 ftp.c: some OOM handling fixes 2011-10-24 20:45:13 +02:00
Daniel Stenberg
d7934b8bd4 curl_multi_fdset: correct fdset with FTP PORT use
After a PORT has been issued, and the multi handle would switch to the
CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would
return the wrong fdset to wait for when curl_multi_fdset() is
called. The code would blindly assume that it was waiting for a connect
of the second connection, while that isn't true immediately after the
PORT command.

Also, the function multi.c:domore_getsock() was highly FTP-centric and
therefore ugly to keep in protocol-agnostic code. I solved this problem
by introducing a new function pointer in the Curl_handler struct called
domore_getsock() which is only called during the DOMORE state for
protocols that set that pointer.

The new ftp.c:ftp_domore_getsock() function now returns fdset info about
the control connection's command/response handling while such a state is
in use, and goes over to waiting for a writable second connection first
once the commands are done.

The original problem could be seen by running test 525 and checking the
time stamps in the FTP server log. I can verify that this fix at least
fixes this problem.

Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html
Reported by: Gokhan Sengun
2011-10-21 23:36:54 +02:00
Yang Tse
95d23d1ceb file.c: OOM handling fix
file_disconnect() free's resources for multi API
2011-10-21 16:52:17 +02:00
Yang Tse
a4758c3276 multi.c: fix segfault 2011-10-21 16:52:16 +02:00
Dan Fandrich
90fcad63cb Fixed compilation when HTTP or cookies are disabled 2011-10-20 17:54:18 -07:00
Daniel Stenberg
ff0a295cdb Curl_http_input_auth: handle multiple auths in WWW-Authenticate
The fix is pretty much the one Nick Zitzmann provided, just edited to do
the right indent levels and with test case 1204 added to verify the fix.

Bug: http://curl.haxx.se/mail/lib-2011-10/0190.html
Reported by: Nick Zitzmann
2011-10-20 13:12:02 +02:00
Daniel Stenberg
4fa0166173 Curl_smtp_escape_eob: first byte is index 0...
Fix a bug with with commit 2621dd42a4 that happened due to my last
second pre-commit cleanup of the change without proper testing
afterwards!
2011-10-20 13:12:02 +02:00
Tim Harder
8036da870c gtls: only call gnutls_transport_set_lowat with <gnutls-2.12.0
The default lowat level for gnutls-2.12* is set to zero to avoid
unnecessary system calls and the gnutls_transport_set_lowat function has
been totally removed in >=gnutls-3 which causes build failures.

Therefore, the function shouldn't be used except for versions that
require it, <gnutls-2.12.0.
2011-10-20 00:28:29 +02:00
Daniel Stenberg
2621dd42a4 Curl_smtp_escape_eob: fix EOB escaping
As the EOB string can come byte by byte over a series of writes we must
match byte-wise.

Bug: http://curl.haxx.se/mail/lib-2011-10/0172.html
2011-10-20 00:13:09 +02:00
Daniel Stenberg
ecbb08cea3 singleipconnect: unstick the ipv6-connection boolean
Previously the bit was set before the connection was found working so if
it would first fail to an ipv6 address and then connect fine to a IPv4
address the variable would still be TRUE.

Reported by: Thomas L. Shinnick
Bug: http://curl.haxx.se/bug/view.cgi?id=3421912
2011-10-17 23:12:58 +02:00
Kamil Dudka
491c5a497c nss: avoid a SIGSEGV with immature version of NSS
Bug: https://bugzilla.redhat.com/733685
2011-10-17 12:13:44 +02:00
Kamil Dudka
06e6755e87 nss: big cleanup in nss_load_cert() and cert_stuff() 2011-10-17 12:13:42 +02:00
Kamil Dudka
052a08ff59 nss: refactor fmt_nickname() -> dup_nickname()
Do not use artificial nicknames for certificates from files.
2011-10-17 12:11:40 +02:00
Kamil Dudka
f6980bbf24 nss: select client certificates by DER
... instead of nicknames, which are not unique.
2011-10-17 12:11:38 +02:00
Daniel Stenberg
840eff44f2 formdata: ack read callback abort
When doing a multipart formpost with a read callback, and that callback
returns CURL_READFUNC_ABORT, that return code must be properly
propagated back and handled accordingly. Previously it would be handled
as a zero byte read which would cause a hang!

Added test case 587 to verify. It uses the lib554.c source code with a
small ifdef.

Reported by: Anton Bychkov
Bug: http://curl.haxx.se/mail/lib-2011-10/0097.html
2011-10-16 01:09:56 +02:00
Daniel Stenberg
1a416cd27a singleipconnect: don't clobber errno
Save the errno value immediately after a connect() failure so that it
won't get reset to something else before we read it.

Bug: http://curl.haxx.se/mail/lib-2011-10/0066.html
Reported by: Frank Van Uffelen and Fabian Hiernaux
2011-10-15 23:44:28 +02:00
Yang Tse
8af94de50a file.c: fix compiler warning 2011-10-14 18:23:16 +02:00
Yang Tse
1bab38780b url.c: fix endless loop upon transport connection timeout
Jerry Wu detected and provided detailed info about this issue.
2011-10-14 17:34:42 +02:00
Yang Tse
ea12c72d12 curl_gethostname.c: fix signed/unsigned comparison and avoid a double copy
both introduced in 42be24af
2011-10-13 23:00:24 +02:00
Yang Tse
47e4537ac6 curl_ntlm_msgs.c: fix variable shadowing declaration introduced in 185ed340 2011-10-13 22:59:36 +02:00
Marcin Adamski
03adff1eba tftp.c: TFTP timeout and unexpected block adjustments
Set ACK timeout to 5 seconds.

If we are waiting for block X and receive block Y that is the expected one, we
should send ACK and increase X (which is already implemented). Otherwise drop
the packet and don't increase retry counter.
2011-10-13 19:45:36 +02:00
Yang Tse
34770b8ab0 multi.c: OOM handling fixes
Prevent modification of easy handle being added with curl_multi_add_handle()
unless this function actually suceeds.

Run Curl_posttransfer() to allow restoring of SIGPIPE handler when
Curl_connect() fails early in multi_runsingle().
2011-10-13 18:04:56 +02:00
Yang Tse
880cf0bedc url.c: make line shorter than 80 chars 2011-10-13 01:52:56 +02:00
Yang Tse
bff78cc18e OOM handling/cleanup slight adjustments 2011-10-12 21:32:10 +02:00
Yang Tse
584dc8b8af OOM handling/cleanup slight adjustments 2011-10-11 19:41:30 +02:00
Yang Tse
71c9453393 telnet.c: fix compiler warning 2011-10-08 01:27:03 +02:00
Yang Tse
17f48fe879 libcurl: some OOM handling fixes 2011-10-07 20:50:57 +02:00
Yang Tse
b82bd05354 multi.c: OOM handling fixes making torture tests 560 580 581 pass 2011-10-06 20:30:34 +02:00
Daniel Stenberg
ca2c326361 curl_share_cleanup: avoid compiler warning
Move the variable declaration to within the #ifdef
2011-10-04 16:34:45 +02:00
Daniel Stenberg
5c809178c2 struct Curl_share: provide sslsession unconditionally
It makes much nicer and less convuluted code everywhere if this struct
member is always present even when libcurl is built without SSL support.

This reverts parts of commit 15e3e45170
2011-10-04 16:33:07 +02:00
Daniel Stenberg
fa77f54a03 ftp: improved the failed PORT host name resolved error message 2011-10-04 16:24:50 +02:00
Daniel Stenberg
bc007d8ef5 codepolicing 2011-10-03 23:28:17 +02:00
Daniel Stenberg
d0dbd1e98e sspi build fix
define away Curl_ntlm_sspi_cleanup() when no windows SSPI build
2011-10-03 23:28:17 +02:00
Steve Holme
4d327d20c6 smtp: Added support for NTLM authentication
Modified smtp_endofresp() to detect NTLM from the server specified list
of supported authentication mechanisms.

Modified smtp_authenticate() to start the sending of the NTLM data.

Added smtp_auth_ntlm_type1_message() which creates a NTLM type-1
message. This function is used by authenticate() to start the sending
of data and by smtp_state_auth_ntlm_resp() when the AUTH command
doesn't contain the type-1 message as part of the initial response.
This lack of initial response can happen if an OOM error occurs or the
type-1 message is longer than 504 characters. As the main AUTH command
is limited to 512 character the data has to be transmitted in two
parts; one containing the AUTH NTLM and the second containing the
type-1 message.

Added smtp_state_auth_ntlm_type2msg_resp() which handles the incoming
type-2 message and sends an outgoing type-3 message. This type-2
message is sent by the server in response to our type-1 message.

Modified smtp_state_auth_resp() to handle the response to: the AUTH
NTLM without the initial response and the type-2 response.

Modified smtp_disconnect() to cleanup the NTLM SSPI stack.
2011-10-03 23:28:17 +02:00
Steve Holme
185ed3409a Curl_ntlm_create_typeX_message: Added the outlen parameter
Added the output message length as a parameter to both
Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message()
for use by future functions that require it.

Updated curl_ntlm.c to cater for the extra parameter on these two
functions.
2011-10-03 23:28:17 +02:00
Steve Holme
d54bcebad4 smtp: General tidy up ready for adding NTLM support
Changed the name of variable l, in several functions, which represents
the length of strings being sent to the server, to len which is more
meaningful and consistent with other code in smtp.c and elsewhere.

Reworked smtp_authenticate() to be simpler and easier to follow.
Variables and now initialised in their definitions and if no username
and password are specified the function sets the state to SMTP_STOP and
returns immediately, rather than being part of a huge if statement.
2011-10-03 23:28:17 +02:00
Steve Holme
56ed07f7df smtp_mail: fixed another memory leak
... introduced in 7f304ab84f
2011-10-03 22:55:25 +02:00
Daniel Stenberg
15e3e45170 share: don't use SSL unless enabled
Don't even declare the struct members for disabled features

Introducing the CURLSHE_NOT_BUILT_IN return code for the share interface
when trying to set a sharing option that has been disabled (or not
enabled) in the library.
2011-10-03 22:35:04 +02:00
Daniel Stenberg
9dd85bced5 multi: progress function abort must close connection
When the progress function returns to cancel the request, we must mark
the connection to get closed and it must do to the DONE state.

do_init() must be called as early as possible so that state variables
for new connections are reset early. We could otherwise see that the old
values were still there when a connection was to be disconnected very
early and it would make it behave wrongly.

Bug: http://curl.haxx.se/mail/lib-2011-10/0006.html
Reported by: Vladimir Grishchenko
2011-10-02 19:28:39 +02:00
Daniel Stenberg
3d19e1eedf multi_runsingle: change state on callback abort
Reported by: Marcin Adamski
Bug: http://curl.haxx.se/mail/lib-2011-09/0329.html
2011-09-30 22:59:50 +02:00
Yang Tse
0c903ea189 Fix SSL disabled builds broken with 'SSL session sharing' commit 5793bc37 2011-09-30 21:09:59 +02:00
Daniel Stenberg
affed6725e smtp_mail: fix memory leak
... introduced in 7f304ab84f
2011-09-29 23:45:36 +02:00
Steve Holme
7f304ab84f smtp_mail: Added support to MAIL FROM for the optional SIZE parameter
The size of the email can now be set via CURLOPT_INFILESIZE. This
allows the email to be rejected by the server, if supported, and the
maximum size has been configured on the server.
2011-09-29 23:15:46 +02:00
Alejandro Alvarez
5793bc370c SSL session sharing support added
With locking, plus test, plus documentation
2011-09-28 23:06:34 +02:00
Guenter Knauf
b4fccc1d8e Added SPNEGO to NetWare build. 2011-09-27 16:02:07 +02:00
Yang Tse
d9f686db88 remove short-lived CURL_WRITEFUNC_OUT_OF_MEMORY 2011-09-26 13:05:42 +02:00
Steve Holme
400055bfaa smtp_connect: use defined buffer length for hostname 2011-09-26 00:01:09 +02:00
Steve Holme
5801ddb85c Curl_ntlm_create_type3_message: Tidied up the use of Curl_gethostname.
Removed the code that striped off the domain name when Curl_gethostname
returned the fully qualified domain name as the function has been
updated to return the un-qualified host name.

Replaced the use of HOSTNAME_MAX as the size of the buffer in the call
to Curl_gethostname with sizeof(host) as this is safer should the buffer
size ever be changed.
2011-09-25 23:59:53 +02:00
Steve Holme
38b5744266 HOSTNAME_MAX: Moved to curl_gethostname.h
Moved HOSTNAME_MAX #define into curl_gethostname.h rather than being
locally defined in curl_gethostname.c, curl_ntlm_msgs.c and smtp.c.
2011-09-25 23:58:47 +02:00
Yang Tse
d2a47021c0 Q&D fix header inclusion order 2011-09-25 19:08:12 +02:00
Yang Tse
119f43360b allow write callbacks to indicate OOM to libcurl
Allow (*curl_write_callback) write callbacks to return
CURL_WRITEFUNC_OUT_OF_MEMORY to properly indicate libcurl of OOM conditions
inside the callback itself.
2011-09-25 19:05:46 +02:00
Daniel Stenberg
2d6796aac5 curl_multi_fdset: avoid FD_SET out of bounds
If a socket is larger than FD_SETSIZE, avoid using FD_SET() on the
platforms where this is possible.

Bug: http://curl.haxx.se/bug/view.cgi?id=3413274
Reported by: Tim Starling
2011-09-25 17:34:12 +02:00
Guenter Knauf
230459dd00 NetWare makefile tweaks to select different builds. 2011-09-25 16:29:08 +02:00
Daniel Stenberg
5f0764870f http header: allow Content-Length to be replaced
In some cases Content-Length: couldn't be replaced by an application

Also, indented some code properly
2011-09-24 00:05:58 +02:00
Daniel Stenberg
40c27e299f Curl_pgrsStartNow: keep HEADERS_OUT set
To avoid that the progress meter headers get output between each
transfer, make sure the bits gets kept when (re-)inited.

Reported by: Christopher Stone
2011-09-22 22:41:06 +02:00
Guenter Knauf
3c3aa09c65 Added NetWare examples makefile. 2011-09-22 14:35:49 +02:00
Yang Tse
01c172f5e8 NTLM_WB: fix disabling of NTLM_WB when NTLM is disabled 2011-09-22 00:24:02 +02:00
Gisle Vanem
322f3d5af7 smtp: without a MAIL_FROM, send blank MAIL FROM
I think curl should ignore this case and smtp.c should test for this.
Since RFC-2821 seems to allow a "null reverse-path". Ref.  "MAIL
FROM:<>" in section 3.7, page 25.
2011-09-21 22:24:45 +02:00
Dave Reisner
c1057fc9aa lib/http: add missing whitespace in verbose output
Example:
* upload completely sent off: 35out of 35 bytes

Should be:
* upload completely sent off: 35 out of 35 bytes
2011-09-21 22:19:53 +02:00
Guenter Knauf
e4172d934d Changed suffix rules to pattern rules.
Suffix rules cannot have any prerequisites of their own.
2011-09-21 03:25:19 +02:00
Guenter Knauf
977825a68c Added dependency so that curlbuild.h is created. 2011-09-21 02:13:18 +02:00
Guenter Knauf
a6b69b64ad Some more MinGW build tweaks.
Added envvars to specify OpenSSL include, libpath and lib.
Added rule to create curlbuild.h from curlbuild.h.dist.
2011-09-21 02:06:05 +02:00
Guenter Knauf
a6c168b893 A bunch of MinGW build tweaks.
All paths to dependencies now quoted; synced examples makefile.
2011-09-20 15:05:28 +02:00
Guenter Knauf
dee7a08f64 Changed Windows 64bit OS define to x86_64.
Also added check for __x86_64__ define since MinGW64 seems to define
the _M_X64 macro through a header not available for config-win32.h.
2011-09-20 12:32:04 +02:00
Guenter Knauf
cd3cf55b47 Also skip certs masked as CKT_NSS_TRUST_UNKNOWN.
Fix posted by Tomas Hoger <thoger redhat com>.
2011-09-20 12:05:31 +02:00
Guenter Knauf
98a61d8e2e Added _WIN32_WINNT define for IPv6 builds. 2011-09-20 11:59:49 +02:00
Daniel Stenberg
81b41095ef Curl_follow: handle redirects to "//hostname/path" 2011-09-20 11:16:40 +02:00
Steve Holme
42be24af89 Curl_gethostname: return un-qualified machine name
Fixed Curl_gethostname() so that it always returns the un-qualified
machine name rather than being dependent on the socket provider.

Note: The return of getenv("CURL_GETHOSTNAME") is also parsed in case
the developer / test harness provided a fully qualified domain name as
it's value as well.
2011-09-18 13:24:58 +02:00
Yang Tse
ff9d858722 Make Curl_safefree() macro assign NULL to given pointer when free'd 2011-09-15 17:35:23 +02:00
Yang Tse
0216e517d0 ftp.c: add a couple of failure messages 2011-09-14 11:30:22 +02:00
warp kawada
aff70e2e95 Curl_add_custom_headers: support headers with no data
A custom HTTP header ending in a semicolon instead of a colon
will be treated as a header to be added without any data
portion.
2011-09-13 16:17:21 -07:00
Daniel Stenberg
73b18a9d24 codestyle: minor whitespace fix 2011-09-13 18:46:09 +02:00
Jeff Pohlmeyer
1bac153ea3 polarssl: build with PolarSSL-1.0.0
With this fix, it should work for PolarSSL-1.0.0 (and SVN-1091 trunk)
and retain compatibility with earlier versions. (Tested with 0.14.1)

PolarSSL still doesn't play nicely with curl's CA bundle (we discussed
this before) but I was at least able to retrieve the
https://www.gmail.com/ login page using a modified ca-certificates.crt
file with all 3 versions of PolarSSL.
2011-09-13 18:44:41 +02:00
Yang Tse
4e9a1c5bba ftp.c: fix socket leak torture tests detected 2011-08-30
Also fix inappropriate error handling when sending ftp EPRT or PORT commands.
2011-09-12 15:16:07 +02:00
Daniel Stenberg
94d64f8d4c spell-checked comments 2011-09-11 19:26:17 +02:00
Guenter Knauf
2a9fec16cc Updated makefiles to latest libssh2. 2011-09-11 16:50:30 +02:00
Yang Tse
72c14bd6f0 ftp.c: fix ftp active connects which got broken with commit fdf157abdf 2011-09-10 05:05:27 +02:00
Yang Tse
a7d8894291 ssh.c: revert needless commit 7b7c45879e 2011-09-10 00:52:13 +02:00
Daniel Stenberg
303c90074d tcpnodelay: rename variable
Renamed the variable from 'proto' to 'level' simply because it is not
protocol you set but level and that is the name of the argument used in
man pages and the POSIX documentation of the setsockopt function.
2011-09-09 15:31:11 +02:00
Yang Tse
7b7c45879e libssh2: use calloc as alloc function for libssh2 versions older than 1.3
This workarounds old libssh2 versions not properly initializing
some ssh session variables, which would trigger memory debuggers
warnings on memory being used without having been initialized.
2011-09-08 11:08:00 +02:00
Adriano Meirelles
81ead2c4e7 Curl_speedcheck: don't mistakenly clear Curl_expire()
The current version of speedcheck.c may disable timeout by setting zero
to Curl_expire. Which is fine using the curl_multi_perform, because it
recheck all timeout internals, but when using custom event poller (like
hiperfifo.c) it may keep stalle connection forever.
2011-09-08 08:39:53 +02:00
Daniel Stenberg
2147492050 ftp_state_use_port: minor code indent fix 2011-09-07 22:46:06 +02:00
Daniel Stenberg
58a7c51362 checksrc: detect "}else" uses as well 2011-09-07 22:45:43 +02:00
Yang Tse
5658aa9574 ssh.c: fix memory leaks triggered upon OOM or other failures 2011-09-07 01:26:43 +02:00
Yang Tse
e9e894905c pingpong.c: avoid a memmove call in function Curl_pp_vsendf 2011-09-05 23:45:04 +02:00
Yang Tse
a50210710a fix bool variables checking and assignment 2011-09-05 20:46:09 +02:00
Guenter Knauf
d52f3eb598 Fixed final message output. 2011-09-04 22:05:32 +02:00
Yang Tse
196e0d699f setup_once.h cleanup and sync 2011-09-04 17:10:51 +02:00
Guenter Knauf
809cde5416 Fix to skip untrusted certs. 2011-09-04 17:05:49 +02:00
Guenter Knauf
476f194d7f Added SPNEGO to MinGW makefiles. 2011-09-04 10:03:08 +02:00
Yang Tse
bdc311cf98 NTLM WB: fix file descriptor leak upon OOM condition 2011-09-04 01:56:30 +02:00
Yang Tse
a405a8976d revert changes not intended to be pushed with commit 6b75d2c2 2011-09-03 18:26:21 +02:00
Yang Tse
6b75d2c2df fix a bunch of MSVC compiler warnings 2011-09-03 16:07:09 +02:00
Guenter Knauf
2be65bb0c5 Updated dependecies versions. 2011-09-03 14:01:09 +02:00
Guenter Knauf
f02325ea65 Some MinGW makefile tweaks for MinGW64. 2011-09-03 13:55:16 +02:00
Guenter Knauf
b98594c8bf Changed MinGW to use own winidn prototypes. 2011-09-03 13:39:22 +02:00
Dan Fandrich
ded3638d97 Fix NTLM winbind support to pass the torture tests
Calling sclose() both in the child and the parent fools the
socket leak detector into thinking it's been closed twice.
Calling close() in the child instead overcomes this problem. It's
not as portable as the sclose() macro, but this code is highly
POSIX-specific, anyway.
2011-09-02 13:22:20 -07:00
Yang Tse
9194e17003 MemoryTracking: fix logging of free() calls done where Curl_safefree is called
Just internal stuff...

Curl_safefree is now a macro defined in memdebug.h instead of a function
prototyped in url.h and implemented in url.c, so inclusion of url.h is no
longer required in order to simply use Curl_safefree.

Provide definition of macro WHILE_FALSE in setup_once.h in order to allow
other macros such as DEBUGF and DEBUGASSERT, and code using it, to compile
without 'conditional expression is constant' warnings.

The WHILE_FALSE stuff fixes 150+ MSVC compiler warnings.
2011-09-02 19:40:53 +02:00
Yang Tse
749dbfbc87 transfer.c: fix parentheses/braces placement for vi/emacs delimiter matching 2011-09-02 17:41:39 +02:00
Yang Tse
6b59bc1805 transfer.c: fix loadhostpairs() OOM handling 2011-09-02 00:06:19 +02:00
Yang Tse
f2285a6d39 hostip.c: return immediately from Curl_resolv_timeout() upon expired timeout.
Ensure existing logic in Curl_resolv_timeout() is not subverted upon getting a
negative timeout from resolve_server(). The timeout in resolve_server() could
be checked to avoid calling Curl_resolv_timeout() with an expired timeout, but
fixing this in this way allows existing logic in resolve_server() to be kept
unchanged.
2011-09-01 17:09:46 +02:00
Yang Tse
fdf157abdf ftp.c: fix some leaks torture tests detected 2011-08-30 - follow-up
follow-up for commit d20408e8
2011-09-01 15:38:30 +02:00
Yang Tse
5ea65fbc79 ssh.c: fix realloc() OOM handling 2011-08-31 18:15:29 +02:00
Yang Tse
0b018a0a05 ftp.c: fix some leaks torture tests detected 2011-08-30 - follow-up
follow-up for commit c06de200
2011-08-31 18:14:38 +02:00
Yang Tse
d20408e816 fix some leaks torture tests detected 2011-08-30 2011-08-31 03:50:07 +02:00
Yang Tse
c06de20025 fix some leaks torture tests detected 2011-08-30 2011-08-31 01:58:06 +02:00
Yang Tse
5a45dc4a29 pingpong.c: fix Curl_pp_vsendf() arbitrary restrictions on command length
This removes command length restrictions on calling functions.
2011-08-29 14:27:06 +02:00
Yang Tse
78199b6030 NTLM: header inclusion cleanup follow-up 2011-08-28 11:29:09 +02:00
Yang Tse
05ef245170 NTLM: header inclusion cleanup 2011-08-28 07:15:46 +02:00
Yang Tse
662c1d87f3 NTLM: END of refactoring/splitting/moving
First:

File curl_ntlm.h renamed curl_ntlm_msgs.h
File curl_ntlm.c renamed curl_ntlm_msgs.c

Afterwards:

File http_ntlm.c renamed curl_ntlm.c
File http_ntlm.h renamed curl_ntlm.h
2011-08-28 02:00:02 +02:00
Yang Tse
135f694058 NTLM: move NTLM core specifics into curl_ntlm_core.[ch] 2011-08-28 01:19:08 +02:00
Yang Tse
260ee6b7bf NTLM_WB: move NTLM_WB specifics into curl_ntlm_wb.[ch] 2011-08-27 19:16:10 +02:00
Yang Tse
b976d108f1 NTLM_WB: final congruency naming adjustments
Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb
Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb

Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED
Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE

Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE

Static function wb_ntlm_close renamed to ntlm_wb_cleanup
Static function wb_ntlm_initiate renamed to ntlm_wb_init
Static function wb_ntlm_response renamed to ntlm_wb_response
2011-08-27 06:31:18 +02:00
Yang Tse
b4f6319cf7 NTLM single-sign on adjustments (XI)
Feature string literal NTLM_SSO renamed to NTLM_WB.
Preprocessor symbol USE_NTLM_SSO renamed to WINBIND_NTLM_AUTH_ENABLED.
curl's 'long' option 'ntlm-sso' renamed to 'ntlm-wb'.
Fix some comments to make clear that this is actually a NTLM delegation.
2011-08-27 01:33:35 +02:00
Daniel Stenberg
0fd2bf3726 Curl_read_plain: indent code 2011-08-26 23:20:27 +02:00
Yang Tse
407e08baad NTLM single-sign on adjustments (X)
Functions renamed:

Curl_output_ntlm_sso -> Curl_output_ntlm_wb
sso_ntlm_close -> wb_ntlm_close
sso_ntlm_response -> wb_ntlm_response
sso_ntlm_initiate -> wb_ntlm_initiate

Preprocessor symbols renamed:

CURLAUTH_NTLM_SSO -> CURLAUTH_NTLM_WB
CURL_VERSION_NTLM_SSO -> CURL_VERSION_NTLM_WB
2011-08-26 18:57:50 +02:00
Steve Holme
d535cff775 http NTLM: refactoring followup
Output of Curl_ntlm_create_type1_message() and Curl_ntlm_create_type3_message()
functions is now already base64 encoded.
2011-08-25 15:13:13 +02:00
Yang Tse
e83421baf4 include limits.h for INT_MAX 2011-08-24 14:00:42 +02:00
Yang Tse
aa5c72af15 add missing semicolons 2011-08-24 13:58:37 +02:00
Daniel Stenberg
b9c63b9a73 add missing semicolons 2011-08-24 11:56:23 +02:00
Daniel Stenberg
cb5e72bf62 safefree use: fix compiler warning
include the prototype header
2011-08-24 11:55:49 +02:00
Steve Holme
e882416e75 SMTP authentication: fix ordering of preferred authentication method
Fixed the order of the preferred SMTP authentication method to:
AUTH CRAM-MD5, AUTH LOGIN then AUTH PLAIN.

AUTH PLAIN should be the last as it slightly more insecure than AUTH LOGIN
as the username and password are sent together - there is no handshaking
between the client and server like there is with AUTH LOGIN.
2011-08-24 08:55:25 +02:00
Yang Tse
fd00b382b2 base64: fix Curl_base64_encode and Curl_base64_decode interfaces
Previous interfaces for these libcurl internal functions did not allow to tell
apart a legitimate zero size result from an error condition. These functions
now return a CURLcode indicating function success or otherwise specific error.
Output size is returned using a pointer argument.

All usage of these two functions, and others closely related, has been adapted
to the new interfaces. Relative error and OOM handling adapted or added where
missing. Unit test 1302 also adapted.
2011-08-24 08:10:30 +02:00
Steve Holme
006b011cdf http NTLM: remaining bits from 0001-Moved-ntlm-[...]-curl_ntlm-mod_3.patch
* Added function comments:
    - Curl_ntlm_decode_type2_message
    - Curl_ntlm_create_type1_message
    - Curl_ntlm_create_type3_message

* Modification of ntlm processing state to NTLMSTATE_TYPE2 is now done
  only when Curl_ntlm_decode_type2_message() has fully succeeded.
2011-08-22 16:42:59 +02:00
Yang Tse
1c400b4e5e zlib: ensure user provided memory functions are used by zlib, when given
As a bonus, this lets our MemoryTracking subsystem track zlib operations.
And also fixes a shortcut some zlib 1.2.x versions took using malloc()
instead of calloc(), which would trigger memory debuggers warnings on
memory being used without having been initialized.
2011-08-21 13:24:46 +02:00
Yang Tse
aaab5fa299 MemoryTracking: adjust initialization calling
Calling of curl_memdebug() was still done with a pending free()
2011-08-20 17:26:42 +02:00
Daniel Stenberg
2d7c79af76 tcpconnect: follow-up commit after b998d95b
As I modified conn->bits.tcpconnect to become an array that holds one
bool for each potential connection all uses of that struct field must
index it correctly.
2011-08-19 23:39:56 +02:00
Yang Tse
38c5e81a67 ssh.c: add PATH_MAX definition for WIN32 2011-08-19 21:25:39 +02:00
Daniel Stenberg
3af9ba166c connect: set TIMER_CONNECT
When connecting, make sure TIMER_CONNECT is set.
2011-08-19 00:16:01 +02:00
Daniel Stenberg
b998d95b4d FTP: fix proxy connect race condition
When using the multi interface, a SOCKS proxy, and a connection that
wouldn't immediately consider itself connected (which my Linux tests do
by default), libcurl would be tricked into doing _two_ connects to the
SOCKS proxy when it setup the data connection and then of course the
second attempt would fail miserably and cause error.

This problem is a regression that was introduced by commit
4a42e5cdaa that was introduced in the 7.21.7 release.

Bug: http://curl.haxx.se/mail/lib-2011-08/0199.html
Reported by: Fabian Keil
2011-08-18 23:35:15 +02:00
Daniel Stenberg
d44896508c Curl_SOCKS4: minor code compression 2011-08-18 23:28:50 +02:00
Yang Tse
9afb343368 zlib: enforce full initialization of our data space z_stream structs 2011-08-18 20:10:51 +02:00
Daniel Stenberg
1833984664 VC makefiles: fixed variable name mistake 2011-08-17 23:51:37 +02:00
Yang Tse
31a1af5ebb MemoryTracking: adjust curl_domalloc() and curl_dofree() memory filling
Until 2011-08-17 libcurl's Memory Tracking feature also performed
automatic malloc and free filling operations using 0xA5 and 0x13
values. Our own preinitialization of dynamically allocated memory
might be useful when not using third party memory debuggers, but
on the other hand this would fool memory debuggers into thinking
that all dynamically allocated memory is properly initialized.

As a default setting, libcurl's Memory Tracking feature no longer
performs preinitialization of dynamically allocated memory on its
own. If you know what you are doing, and really want to retain old
behavior, you can achieve this compiling with preprocessor symbols
CURL_MT_MALLOC_FILL and CURL_MT_FREE_FILL defined with appropriate
values.
2011-08-17 19:02:42 +02:00
Yang Tse
9710f387c4 MemoryTracking: make curl_docalloc() call calloc() avoiding our zero fill 2011-08-16 22:24:23 +02:00
Daniel Stenberg
4ed7abb537 MSVC makefiles: provide SSH build targets
"release-ssl-ssh2-zlib" and "debug-ssl-ssh2-zlib" are two new makefile
targets that build libcurl with MSVC and link with libssh2

Bug: http://curl.haxx.se/bug/view.cgi?id=3388920
Reported by: "kdekker"
2011-08-15 23:22:06 +02:00
Daniel Stenberg
93ba8b9560 Curl_pgrsStartNow: clear all flags but HIDE
As bug 3385258 pointed out but I missed up the fix for. This is another
take at a fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3392101
Reported by: Wu Yongzheng
2011-08-15 22:13:18 +02:00
Kamil Dudka
d6f319fb64 nss: start with no database if the selected database is broken
Bug: https://bugzilla.redhat.com/728562
2011-08-15 14:44:49 +02:00
Yang Tse
b9d5e72adc http NTLM: reinstate "nssg.h" "curl_sspi.h" header inclusions 2011-08-15 01:34:34 +02:00
Daniel Stenberg
44b44a751d telnet: allow programatic use on Windows
Summary of the issue can be found at:
http://curl.haxx.se/mail/lib-2010-04/0367.html

That patch only updated the unix sockets code - the winsock code was not
updated and no longer works the same was as the unix code. This change
updates the windows code accordingly.

Bug: http://curl.haxx.se/bug/view.cgi?id=3163118
2011-08-14 23:30:15 +02:00
Yang Tse
e575cbc815 http NTLM: reinstate "memdebug.h" header inclusion
Inclusion of header "memdebug.h" in http_ntlm.c got lost in commit 98fb0ef7.
2011-08-14 21:19:22 +02:00
Daniel Stenberg
f0c59c6c2c RTSP: GET_PARAMETER requests have a body
Bug: http://curl.haxx.se/bug/view.cgi?id=3383692
2011-08-14 19:07:54 +02:00
Daniel Stenberg
dfb18da5dc Curl_output_ntlm: remove unused variable 2011-08-14 18:54:21 +02:00
Yang Tse
dc4f9d185d http NTLM: fix 8 compiler warnings
Strict splitting of http_ntlm.[ch] may trigger 8 compiler warnings when
building with some compilers and strict compiler warnings enabled, depending
on other specific configuration options some could get triggered or not.

Seven are related with 'unused function parameters' and another one with
'var may be used before its value is set'.
2011-08-14 16:36:47 +02:00
Yang Tse
98fb0ef73e http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch]
For modularity purposes, huge chunks of NTLM existing code is transformed into
functions to allow future internal code reuse.

Resulting three new libcurl private functions:

 - Curl_ntlm_create_type1_message()
 - Curl_ntlm_create_type3_message()
 - Curl_ntlm_decode_type2_message()

Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup()

This 'refactoring' has been prepared by previous commits to allow that this
specific one does not introduce any change to existing code. All existing
goodness and badness previous to this commit should remain the same once it is
applied, the only difference should be that existing code is moved into
functions.

Given the quite big portions of code being moved around, and the importance of
change traceability, this commit has been done in such a way that it is
possible to perform a three-way diff from initial http_ntlm.[ch] to resulting
http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change
is introduced here.

Notice that Steve Holme has provided several patches, but these included this
refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring
done first, in order to allow discussion or committing of 'extra' fixes on a
case by case basis, so, I had to bite the bullet ;-)

Comments, line adjustments, compiler warning fixes, whatever, may follow
afterwards.
2011-08-14 15:45:19 +02:00
Yang Tse
08b05efd20 http_negotiate_sspi.c: fix compiler warning
warning C4706: assignment within conditional expression
2011-08-14 00:05:05 +02:00
Yang Tse
b4d6db83de http NTLM: change return type of Curl_input_ntlm() to CURLcode
Remove CURLntlm enum, no longer required.
2011-08-13 23:59:29 +02:00
Daniel Stenberg
a30ede868a VC6 makefiles: added embedded documentation
Just a note about the fact that all VC[6/8/9/10] makefiles are generated
from the VC6 one as source.
2011-08-13 22:30:56 +02:00
Daniel Stenberg
e40c663d36 Curl_retry_request: check return code!
Curl_readrewind() was called without checking its return code, which
could lead to badness.

Bug: http://curl.haxx.se/bug/view.cgi?id=3349227
2011-08-13 00:51:16 +02:00
Yang Tse
1e4187f8bf http NTLM: update NTLM type-* message structure descriptions - followup 2011-08-13 00:20:51 +02:00
Yang Tse
a472ceb174 http NTLM: fix inclusion of curl_ntlm.h 2011-08-12 22:01:27 +02:00
Yang Tse
092189c664 http NTLM: update NTLM message structure notes 2011-08-12 21:13:01 +02:00
Steve Holme
301e907aed http NTLM: move portions of http_ntlm.h into new curl_ntlm.h 2011-08-12 20:02:01 +02:00
Yang Tse
3293150da2 http NTLM: more adjustments in preparation of code refactoring
Use preprocessor symbol NTLM_BUFSIZE to define private NTLM buffer fixed size.

Use a SessionHandle 'data' pointer variable to ease refactoring.

Update NTLM type-* message structure descriptions.

Fix some more spacing and typos (Steve Holme).
2011-08-12 19:51:50 +02:00
Yang Tse
448f982d54 http NTLM: fix compiler warning 2011-08-11 09:06:06 +02:00
Steve Holme
f396d94736 http NTLM: Tidied up more inconsistent spacing.
Moved NTLMSSP_SIGNATURE, HOSTNAME_MAX, SHORTPAIR and LONGQUARTET definitions in ready for move to curl_ntlm.c.

Used separate variables for Windows SSPI and native code to ease moving of code to curl_ntlm.c.

Fixed typographical erros where SPPI should be SSPI.

Fixed compilation warnings on 64-bit builds when calling Windows SSPI functions.
2011-08-11 02:18:16 +02:00
Yang Tse
c7fb556f26 http NTLM: Further tiding up to libcurl standards 2011-08-09 22:57:22 +02:00
Steve Holme
5ed17de326 http NTLM: Tidied up http_ntlm prior to splitting the ntlm specific code 2011-08-09 22:57:22 +02:00
Daniel Stenberg
7c21c1c4f9 cookie parser: handle 'secure='
There are two keywords in cookie headers that don't follow the regular
name=value style: secure and httponly. Still we must support that they
are written like 'secure=' and then treat them as if they were written
'secure'. Test case 31 was much extended by Rob Ward to test this.

Bug: http://curl.haxx.se/bug/view.cgi?id=3349227
Reported by: "gnombat"
2011-08-09 14:02:05 +02:00
Daniel Stenberg
45d883d88d CURLFORM_BUFFER: insert filename as documented
A regression where CURLFORM_BUFFER stopped to properly insert the file
name part in the formpart. Bug introduced in commit f851f76857.

Added CURLFORM_BUFFER use to test 554 to verify this.

Bug: http://curl.haxx.se/mail/lib-2011-07/0176.html
Reported by: Henry Ludemann
2011-08-08 18:45:03 +02:00
Daniel Stenberg
3dcc0df5cc SOCKS: fix the connect timeout
The connect timeout logic when using SOCKS was done wrong

Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html
Reported by: "Spoon Man"
2011-08-08 11:23:31 +02:00
Daniel Stenberg
da3ae20da5 ftp_doing: bail out on error properly
When a failure has been detected we must abort immdiately.

Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html
Reported by: "Spoon Man"
2011-08-08 10:43:09 +02:00
Cristian Rodríguez
3d919440c8 OpenSSL: Use SSL_MODE_RELEASE_BUFFERS if available, reduces memory use
See also :
http://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html
http://www.imperialviolet.org/2010/06/25/overclocking-ssl.html

Signed-off-by: Cristian Rodríguez <crrodriguez@opensuse.org>
2011-08-07 22:58:31 +02:00
Daniel Stenberg
15379f0614 Curl_pgrsStartNow: clear all bits except HIDE
Bug: http://curl.haxx.se/bug/view.cgi?id=3385258
Reported by: Ben Winslow
2011-08-07 22:26:57 +02:00
Daniel Stenberg
f2a6373629 readwrite_data: improved C-E decoding error message 2011-08-07 19:55:23 +02:00
Yang Tse
2ccffbb37e BSD-style lwIP TCP/IP stack support - followup
lwIP library initialization.
2011-08-07 08:45:57 +02:00
Yang Tse
1db023d3cb NTLM single-sign on adjustments (IX)
Use swrite/sread instead of write/read to avoid SIGPIPE
2011-08-07 03:05:04 +02:00
Yang Tse
91ad42412f config-win32.h: comments adjustments 2011-08-06 19:18:43 +02:00
Christian Hägele
704dc18440 asyn-thread: check for dotted addresses before thread starts 2011-08-06 15:21:42 +02:00
Yang Tse
40e1d03c5d checksrc.pl: add quotes to var 2011-08-05 21:24:59 +02:00
Yang Tse
c95fec5e5b keep a single copy of config-win32.h in version control repository - followup
Allow configure builds to generate src/config-win32.h

Skip checksrc on src/config-win32.h contents already checked at lib/config-win32.h

Allow multiple -W in checksrc.pl
2011-08-05 21:01:39 +02:00
Yang Tse
f6272dd9b8 BSD-style lwIP TCP/IP stack support - followup 2011-08-05 15:53:00 +02:00
Yang Tse
f0fae85acd keep a single copy of config-win32.h in version control repository.
maketgz and buildconf.bat updated to reflect this.
2011-08-05 13:20:22 +02:00
Daniel Stenberg
17f343290c create_conn: mark non-HTTP proxies accordingly
A proxy could be marked 'httpproxy' wrongly before if set with an
environment variable or with the CURLOPT_PROXY option with a socks*://
prefix or similar.

Added test 710 to verify

Bug: http://curl.haxx.se/mail/lib-2011-07/0194.html
2011-08-05 00:44:40 +02:00
Yang Tse
a6ed2b8426 BSD-style lwIP TCP/IP stack support:
Allow compilation of libcurl and curl using BSD-style lwIP on Win32.

In order to compile libcurl and curl with this support it is necessary
to edit files lib/config-win32.h and src/config-win32.h and uncomment
a line to make definition of preprocessor symbol USE_LWIPSOCK visible.

Afterwards you can compile as usual.

In order to use compiled library with BSD-style lwIP TCP/IP stack in
your program it is mandatory that you include lwIP header file <lwip/opt.h>
before including <curl/curl.h> or <curl/multi.h>

Compilation has been verified with lwIP 1.4.0 and contrib-1.4.0 from:

http://download.savannah.gnu.org/releases/lwip/lwip-1.4.0.zip
http://download.savannah.gnu.org/releases/lwip/contrib-1.4.0.zip

Have fun!
2011-08-04 21:27:29 +02:00
Kamil Dudka
ddf0b30ffd curl_gssapi: add a missing include of sendf.h
... to avoid build failure when GSS_C_DELEG_POLICY_FLAG is not defined.

Reported by: Paul Howarth
2011-08-03 18:07:07 +02:00
Kamil Dudka
a7864c41db curl_gssapi: refine the handling of CURLOPT_GSSAPI_DELEGATION
Suggested by Richard Silverman.
2011-08-03 10:56:41 +02:00
Adam Tkac
ebf42c4be7 Add new CURLOPT_GSSAPI_DELEGATION option.
Curl_gss_init_sec_context got new parameter - SessionHandle.

Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-08-03 10:23:34 +02:00
Yang Tse
10a0bed485 NTLM single-sign on adjustments (VIII)
Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE
for Samba's winbind daemon ntlm_auth helper code implementation and filename.

Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature
availability implementation independent.

For test harness, prefix NTLM_AUTH environment vars with CURL_

Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
2011-07-31 20:44:41 +02:00
Yang Tse
ad8193fbb9 NTLM single-sign on adjustments (VII)
Initialize variables when connectdata object is created.
2011-07-29 16:27:15 +02:00
Yang Tse
bcbac913d6 socketpair() usage tracking to allow fd leak detection 2011-07-29 13:27:10 +02:00
Dan Fandrich
c01c000b16 Avoid a "shadows global declaration" warning on old MIT Kerberos
Defining NCOMPAT eliminates the backwards-compatibility macros
that are the source of the problem and which we don't need,
anyway.
2011-07-28 14:04:13 -07:00
Dan Fandrich
9779553221 Give the NTLM SSO helper a moment to cleanly shut down if needed 2011-07-28 12:42:39 -07:00
Dan Fandrich
435e2bc757 Removed an extraneous \n that violated the SSO daemon protocol
This caused fake_ntlm to abort due to an invalid command
causing sporadic test 2005 failures.
2011-07-28 12:41:44 -07:00
Dan Fandrich
02e59579ef Fixed a couple of memory leaks in NTLM SSO support 2011-07-27 18:08:10 -07:00
Yang Tse
dddf9aa610 NTLM single-sign on adjustments (IV)
Fix compiler warning
2011-07-27 20:10:02 +02:00
Yang Tse
4eb08ac1c0 NTLM single-sign on adjustments (III)
Provide some error tracing and fix execl() calling.
2011-07-27 19:12:06 +02:00
Yang Tse
41c6c78a08 fix compiler warning 2011-07-26 21:36:35 +02:00
Yang Tse
78bbd0eecf fix compiler warning 2011-07-26 19:42:16 +02:00
Yang Tse
f1586cb477 stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.h 2011-07-26 17:23:27 +02:00
Yang Tse
983f3d70f9 WIN32 io.h and fcntl.h inclusion done in setup_once.h 2011-07-25 05:30:14 +02:00
Yang Tse
0337b87197 time.h and sys/time.h inclusion conditionally done in setup_once.h 2011-07-25 04:08:08 +02:00
Yang Tse
0a26b0e3e7 errno.h inclusion conditionally done in setup_once.h - followup 2011-07-25 03:10:24 +02:00
Yang Tse
ef2176109f errno.h inclusion conditionally done in setup_once.h 2011-07-24 04:39:43 +02:00
Ben Winslow
27b8814017 progress: reset flags at transfer start
When an easy handle is used to download an URI which has no
Content-Length header (or equivalent) after downloading an URI which
does, the value from the previous transfer is reused and returned by
CURLINFO_CONTENT_LENGTH_DOWNLOAD. This is because the progress flags
(used to determine whether such a header was received) are not reset
between transfers.

Bug: http://curl.haxx.se/bug/view.cgi?id=3370895
2011-07-22 22:50:58 +02:00
Daniel Stenberg
3f9b4afdfd http error response: stop sending when error is received
When libcurl has said to the server that there's a POST or PUT coming
(with a content-length and all) it has to either deliver that amount of
data or it needs to close the connection before trying a second request.

Adds test case 1129, 1130 and 1131

The bug report is about when used with 100-continue, but the change is
more generic.

Bug: http://curl.haxx.se/mail/lib-2011-06/0191.html
Reported by: Steven Parkes
2011-07-20 00:08:41 +02:00
Michael Mueller
d007c3ca76 sso_ntlm_initiate: unassigned variable
Bug: http://curl.haxx.se/mail/lib-2011-07/0109.html
2011-07-19 23:54:21 +02:00
Mandy Wu
a6d4807d02 NTLM single-sign on supported
With the use of the 'ntlm_auth' tool from the Samba project
2011-07-18 23:36:36 +02:00
Julien Chaffraix
6e3285d5b1 curl_gssapi: Guard files with HAVE_GSSAPI.
Bug: http://curl.haxx.se/mail/lib-2011-07/0074.html
Reported and fix suggested by: Ben Greear
2011-07-13 21:16:03 -07:00
Daniel Stenberg
44b5847237 gssapi: rename our files to avoid conflicts
gssapi.h is used as a header name by Heimdal-style GSSAPI so it would
conflict with a private header using that name, and while renaming the
header I figured we should name the .c file accordingly as well.

Bug: http://curl.haxx.se/mail/lib-2011-07/0071.html
Reported by: Ben Greear
2011-07-13 22:54:54 +02:00
Daniel Stenberg
ee4ed46128 silence picky compilers: mark unused parameters
Modern gcc versions (4.6.X) get more picky by default and have started
to warn for unused parameters, but luckily gcc also allows us to mark
them as unused so that we can avoid the warnings.
2011-07-12 23:24:52 +02:00
Julien Chaffraix
2af0287856 gssapi.c: Simplified the function.
Removed the parameters that were common to all our invocation.
2011-07-12 07:06:26 -07:00
Julien Chaffraix
20485a4885 Added Curl_gss_init_sec_context.
This function wraps our calls to gss_init_sec_context so that we
have a unified way to talk to GSSAPI.
2011-07-12 07:06:25 -07:00
Julien Chaffraix
6488e03f44 http_negociate: Be consistent in gss_init_sec_context attributes.
This change makes this callsite match the rest of the code.
2011-07-12 07:06:25 -07:00
Daniel Stenberg
b680fd180b code style: space between close paren and open brace 2011-07-04 22:10:32 +02:00
Daniel Stenberg
dc97475ded checksrc: detect open brace without space
We use "if(condition) {" with a space between the close paren and the
open brace.
2011-07-04 22:08:14 +02:00
Daniel Stenberg
c6e3081090 polarssl.h: remove CVS leftover 2011-07-04 22:04:04 +02:00
Daniel Stenberg
bcf50283fc Curl_http_readwrite_headers: minor indent fix 2011-07-01 22:57:28 +02:00
Daniel Stenberg
2e2e5f247a get_gss_name: proxy auth without proxy set equals error
Previously it would access a NULL pointer and die.

Bug: http://curl.haxx.se/mail/lib-2011-06/0170.html
Reported by: Christian Hagele
2011-06-29 12:27:37 +02:00
Daniel Stenberg
57d51be60c parsedate: detect more invalid dates better 2011-06-23 13:49:29 +02:00
Daniel Stenberg
5c314c6bb4 Curl_input_negotiate: do not delegate GSSAPI credentials
This is a security flaw. See curl advisory 20110623 for details.

Reported by: Richard Silverman
2011-06-22 23:04:26 +02:00
Josue Andrade Gomes
9016958aa8 windows build: use correct MS CRT 2011-06-21 20:05:06 +02:00
Ori Avtalion
af6dcc92d5 [pop3] remove extra space in LIST command
Some servers, e.g. mail.bezeqint.net:110, consider it a syntax error
2011-06-21 18:12:05 +03:00
Yang Tse
57064e4a0d http: fix compiler warning
compiler warning: conditional expression is constant
2011-06-21 16:28:15 +02:00
Yang Tse
d9e71809cb asyn-thread: fix compiler warning
compiler warning: variable is initialized but not referenced
2011-06-21 16:06:56 +02:00
Yang Tse
a7cc54a5a8 cmake: remove spurious definition 2011-06-21 15:28:03 +02:00
Amr Shahin
c9f16e67ef unitteset: Curl_llist_move
adding unit test for Curl_llist_move, documenting unit-tested functions
in llist.c, changing unit-test to unittest, replacing assert calls with
abort_unless calls
2011-06-19 22:22:49 +02:00
Daniel Stenberg
f851f76857 CURLFORM_STREAM: acknowledge CURLFORM_FILENAME
The CURLFORM_STREAM is documented to only insert a file name (and thus
look like a file upload) in the part if CURLFORM_FILENAME is set, but in
reality it always inserted a filename="" and if CURLFORM_FILENAME wasn't
set, it would insert insert rubbish (or possibly crash).

This is now fixed to work as documented, and test 554 has been extended
to verify this.

Reported by: Sascha Swiercy
Bug: http://curl.haxx.se/mail/lib-2011-06/0070.html
2011-06-17 22:23:42 +02:00
Daniel Stenberg
0aedccc18a curl_formget: fix FILE * leak
Properly deal with the fact that the last fread() call most probably is
a short read, and when using callbacks in fact all calls can be short
reads. No longer consider a file read done until it returns a 0 from the
read function.

Reported by: Aaron Orenstein
Bug: http://curl.haxx.se/mail/lib-2011-06/0048.html
2011-06-13 22:32:00 +02:00
Daniel Stenberg
85881f9f35 curl_formget: treat CURLFORM_STREAM better
If a piece is set to use a callback to get the data, it should not be
treated as data. It unfortunately also requires that curl_easy_perform()
or similar has been used as otherwise the callback function hasn't been
figured out and curl_formget won't know how to get the content.
2011-06-13 22:05:13 +02:00
Daniel Stenberg
ee015947d4 long/int mess
Typecast when converting to int from long to avoid some compiler warnings
2011-06-11 22:56:45 +02:00
Daniel Stenberg
c4dd8df081 splay: add unit tests
The test code that was #ifdef'ed in the code was converted into unit
tests in test case 1309. I also removed the #if 0'ed code from splay.c
2011-06-10 20:19:35 +02:00
Daniel Stenberg
0f7bea7c3a unittest: mark all unit tested functions
With "@unittest: [num]" in the header comment for each tested function.
Shows we have a log way to go still...
2011-06-10 14:40:46 +02:00
Kamil Dudka
f551aa5c16 disconnect: wipe out the keeps_speed time stamp
When closing a connection, the speedchecker's timestamp is now deleted
so that it cannot accidentally be used by a fresh connection on the same
handle when examining the transfer speed.

Bug: https://bugzilla.redhat.com/679709
2011-06-08 00:23:41 +02:00
Yang Tse
377f88364e urldata: use uniform inclusion style for OpenSSL headers 2011-06-07 18:35:42 +02:00
Daniel Stenberg
c0b9dd27b5 HTTP time condition: force closure for 200 OK
When a time condition isn't met, so that no body is delivered to the
application even though a 2xx response is being read from the server, we
must close the connection to avoid a re-use of the connection to be
completely tricked.

Added test 1128 to verify.
2011-06-07 13:40:11 +02:00
Daniel Stenberg
7559b77727 wait_ms: takes an int argument
Typecasts added since I changed more code to use long for timeouts
2011-06-05 12:06:50 +02:00
Daniel Stenberg
4f170ee8f9 Curl_socket_ready: make timeout a 'long'
It was mostly typecasted to int all over the code so switching to long
instead all over should be a net gain.
2011-06-04 21:19:14 +02:00
Daniel Stenberg
9776f3445d cookie_output: made private 2011-06-03 20:02:07 +02:00
Daniel Stenberg
adeac15d8e digest_cleanup_one: made private 2011-06-03 19:54:17 +02:00
Daniel Stenberg
5d4e5593d5 privatise: make private functions static 2011-06-03 19:51:08 +02:00
Daniel Stenberg
c2eb8c932d Curl_fileinfo_dup: removed, not used 2011-06-03 19:33:23 +02:00
Daniel Stenberg
a6f14e17b7 parsedate: turn private and static
I removed the prefix as well accordingly.
2011-06-03 19:31:32 +02:00
Yang Tse
65a9fa59dc Remove unnecessary typecast 2011-06-02 19:42:24 +02:00
Yang Tse
9eea43dce2 compiler warning: fix
Fix compiler warning: cast increases required alignment
2011-06-02 19:19:36 +02:00
Yang Tse
970117ef2d OpenSSL enabled: require OPENSSL_VERSION_NUMBER definition before usage. 2011-06-02 12:52:52 +02:00
Yang Tse
aa76dec33a unit tests: more build adjustments 2011-06-01 21:40:09 +02:00
Yang Tse
685359d4c3 makefile: avoid preprocessor definition usage when linking 2011-06-01 14:43:25 +02:00
Yang Tse
a689072f33 warnless: icc 9.1 workaround 2011-06-01 12:13:42 +02:00
Yang Tse
ecfe0b5b18 Makefile.am: fix spurious CFLAGS duplication 2011-05-30 22:34:06 +02:00
Yang Tse
7dd449d843 warnless: header inclusion fix 2011-05-27 06:56:56 +02:00
Yang Tse
f461c6e61d Make checksrc.pl work on more out-of-tree builds
Source files given with relative paths do not have the
-D directory specifier prepended.
2011-05-26 19:17:10 +02:00
Yang Tse
3c9ff41a1f compiler warning: fix
Fix compiler warning: conversion may lose significant bits
2011-05-26 15:44:53 +02:00
Yang Tse
c8c8816a97 socks: fix unaligned memory access 2011-05-26 14:53:13 +02:00
Daniel Stenberg
017ee34bba create_conn: only switch protocol handler if necessary
When switching to HTTP because a HTTP proxy is being used, the existing
handler is now checked if it already is "compatible". This allows the https
handler remain while other non-http handlers will be redirected.

Bug: http://curl.haxx.se/mail/lib-2011-05/0214.html
Reported by: Jerome Robert
2011-05-25 15:57:38 +02:00
Yang Tse
a947a9ac62 compiler warning: fix followup
Fix compiler warning: variable was set but never used

Fix compiler warning: clobber ignored
2011-05-25 09:56:57 +02:00
Yang Tse
b735717606 compiler warning: fix
Fix compiler warning: variable was set but never used

Fix compiler warning: clobber ignored
2011-05-24 20:39:58 +02:00
Yang Tse
a41c7f9736 build: inclusion guard
Enclose header file in an inclusion guard
2011-05-24 15:42:02 +02:00
Yang Tse
512b2f7740 compiler warning: fix
Fix compiler warning: expression has no effect
2011-05-24 15:18:26 +02:00
Yang Tse
8bdc48eddb compiler warning: fix
Fix compiler warning: `keycheck' might be used uninitialized in this function.
Fix compiler warning: `keybit' might be used uninitialized in this function.
2011-05-23 19:37:41 +02:00
Yang Tse
328600e02b compiler warning: fix
Fix variable declaration placement
2011-05-23 19:04:49 +02:00
Yang Tse
e2747ebbc0 compiler warning: fix
Fix missing semicolon
2011-05-23 16:59:43 +02:00
Yang Tse
41ebda02b2 compiler warning: fix
Fix compiler warning: expression has no effect

Fix OOM handling
2011-05-23 16:55:49 +02:00
Yang Tse
30c9799f72 compiler warning: fix
Fix compiler warning: expression has no effect
2011-05-23 16:55:09 +02:00
Yang Tse
bed6b89a2f compiler warning: fix
Fix compiler warning: unused variable 'data'
2011-05-23 12:57:23 +02:00
Yang Tse
3e70c28ce5 compiler warning: fix
Fix compiler warning: enumerated type mixed with another type
2011-05-21 15:06:50 +02:00
Yang Tse
79cc6c244a compiler warning: fix
Fix compiler warning: enumerated type mixed with another type
2011-05-21 14:59:03 +02:00
Yang Tse
d30ddd9977 compiler warning: fix
Fix compiler warning: enumerated type mixed with another type
2011-05-21 14:55:10 +02:00
Yang Tse
fce7276f54 compiler warning: fix
Fix compiler warning: enumerated type mixed with another type
2011-05-21 14:10:17 +02:00
Yang Tse
004d84fcc1 compiler warning: fix
Fix compiler warning: empty body in an if-statement
2011-05-21 13:46:37 +02:00
Ola Mork
3912e7bde3 cyassl: build without filesystem
Get cyassl's NO_FILESYSTEM to work with libcurl. Otherwise I'd get linker
errors for the missing "SSL_CTX_load_verify_locations" functions.
2011-05-20 23:40:59 +02:00
Yang Tse
5db30a1d8c version: linkage fix
Fix linkage on c-ares enabled Windows static builds
2011-05-19 11:50:20 +02:00
Daniel Stenberg
60f0ebbdc9 CLOSESOCKETFUNCTION: use the callback
Fix the return type of the callback to match close() and make use of it.
2011-05-18 22:56:46 +02:00
Daniel Stenberg
b5d170b551 CLOSESOCKETFUNCTION: added
Introduced the initial setup to allow closesocket callbacks by making
sure sclose() is only ever called from one place in the libcurl source
and still run all test cases fine.
2011-05-18 22:56:46 +02:00
Daniel Stenberg
d4e000906a GnuTLS handshake: fix timeout
Commit cbf4961bf3 garbled the timeout handling while doing SSL
handshaking (in an attempt at fixing another bug). This puts sanity
back.

Bug: http://curl.haxx.se/mail/lib-2011-05/0167.html
Reported by: Ethan Glasser Camp
2011-05-18 20:48:42 +02:00
Daniel Stenberg
bb7ff942d3 checksrc: trailing whitespace detection fix 2011-05-16 15:21:32 +02:00
Marcel Roelofs
48a40f0402 negotiate sspi: fix sequential requests 2011-05-16 15:21:32 +02:00
Dan Fandrich
2a02c07a15 Fixed compilation when RTSP is disabled 2011-05-06 13:48:59 -07:00
Dan Fandrich
212d8c8f65 Fixed LDAP after RTSP readwrite change 2011-05-06 13:48:24 -07:00
Daniel Stenberg
32001ac414 set_userpass: convert from protocol-specific to generic
The protocol handler's flags field now can set that the protocol
requires a password, so that the set_userpass function doesn't have to
have the specific knowledge of which protocols that do.
2011-05-05 17:07:21 +02:00
Daniel Stenberg
9c629e5348 RTSP: cleanups
Made several functions static

Made one function defined to nothing when RTSP is disabled to avoid
the #ifdefs in code.

Removed explicit rtsp.h includes
2011-05-05 16:53:05 +02:00
Daniel Stenberg
f0612f166a RTSP: convert protocol-specific checks to generic
Add a 'readwrite' function to the protocol handler struct and use that
for the extra readwrite functionality RTSP needs.
2011-05-05 16:27:03 +02:00
Daniel Stenberg
e34131db78 SSL: check for SSL, not specific protocols
Code cleanup to check less for protocols and more for the specific
relevant feature. Like if SSL is required.
2011-05-05 15:49:43 +02:00
Daniel Stenberg
335dfa793c http_perhapsrewind: remove HTTP check
No need to check for HTTP as this is now a HTTP-specific function
2011-05-05 15:38:01 +02:00
Daniel Stenberg
574aecee20 http_perhapsrewind:
make it static, remove Curl_ prefix
2011-05-05 15:18:31 +02:00
Daniel Stenberg
51075a6777 remove FILE protocol-specific checks
Also, convert the BANPROXY flag into NONETWORK for the protocols
(file:// only atm) that don't work over networks.
2011-05-05 15:14:19 +02:00
Daniel Stenberg
558f997e99 socks proxy: allow socks5h:// prefix too
Using 'socks5h' as proxy protocol will make it a
CURLPROXY_SOCKS5_HOSTNAME proxy which is SOCKS5 and asking the proxy to
resolve host names. I found no "standard" protocol name for this.
2011-05-05 11:47:55 +02:00
Daniel Stenberg
61877b569f Corrected comments
closepolicy has been deprecated and unused for years
2011-05-05 00:02:39 +02:00
Daniel Stenberg
dc15a88076 ConnectionStore: remove unused return code 2011-05-04 23:56:18 +02:00
Daniel Stenberg
adae5926dd indent correctly 2011-05-04 23:45:30 +02:00
Daniel Stenberg
7d94af497d SSH: set non-blocking earlier
Introduce an INIT state for the SSH state machine and set libssh2
non-blocking in that so that it is set properly before
libssh2_session_startup() is called.

Bug: http://curl.haxx.se/mail/archive-2011-05/0001.html
2011-05-01 23:02:39 +02:00
Daniel Stenberg
821301de15 ConnectionExists: avoid NULL dereference
When checking for connections that are bound to a particular device we
must make sure we don't compare with a NULL pointer.
2011-04-29 16:46:49 +02:00
Daniel Stenberg
3440f4d374 resolver_error: remove bad semicolon 2011-04-29 16:33:45 +02:00
Daniel Stenberg
5b7e1f9efe gai_strerror: provide private implementation
There are systems (like NetWare) without its own gai_strerror()
function.
2011-04-28 15:25:03 +02:00
Daniel Stenberg
c33aee1667 treaded-resolver: better error messages
Now use gai_strerror() to get proper error messages when getaddrinfo()
has failed. Detect the function in configure.

Code based on work and suggestions by Jeff Pohlmeyer and Guenter Knauf
2011-04-28 15:25:03 +02:00
Daniel Stenberg
3b1b26578f proxy: allow socks:// prefix in proxy string
Inspired by a patch from OB.Conseil. Added test case 708 to verify.
2011-04-28 15:08:09 +02:00
Zmey Petroff
2cbe885c1a CMake: improve library search, implement install.
Improved library search by check_function_exists_concat() macro:
it does not revert the list of libraries any more.

Improved OpenSSL library search: first find zlib, then search for
openssl libraries that may depend on zlib.

For Unix: openssl libraries can now be detected in nonstandard
locations. Supply CMAKE_LIBRARY_PATH to CMake on command line.

Added installation capability (very basic one yet).
2011-04-28 10:12:33 +02:00
Daniel Stenberg
4a42e5cdaa multi-socks: fix connect to proxy
When connecting to a socks or similar proxy we do the proxy handshake at
once when we know the TCP connect is completed and we only consider the
"connection" complete after the proxy handshake. This fixes test 564
which is now no longer considered disabled.

Reported by: Dmitri Shubin
Bug: http://curl.haxx.se/mail/lib-2011-04/0127.html
2011-04-28 10:06:49 +02:00
Daniel Stenberg
53ef3493bf cleanup: remove old unused debug code 2011-04-28 09:21:20 +02:00
Dan Fandrich
cbd98b2c28 Make checksrc.pl work on out-of-tree builds
Source files given with absolute paths do not have the
-D directory specifier prepended.
2011-04-27 12:42:15 -07:00
Daniel Stenberg
4685db9462 make: add checksrc.pl to dist 2011-04-27 11:42:02 +02:00
Daniel Stenberg
45de057920 make: add 'checksrc' as target to check code style
The make target checksrc now works in the root makefile and in both the
src and lib directories.

It is also run automatically on "all" if configure --enable-debug was
used.
2011-04-27 10:23:27 +02:00
Daniel Stenberg
6a6981503e checksrc: add -W to allow a file to be whitelisted
Useful when a known file just doesn't comply and there's no intention to
make it do so.
2011-04-27 09:09:35 +02:00
Daniel Stenberg
889d1e973f whitespace cleanup: no space first in conditionals
"if(a)" is our style, not "if( a )"
2011-04-27 09:09:35 +02:00
Daniel Stenberg
1b758b01c1 lib/make: run checksrc.pl once for all files
Since it now supports multiple files this will be faster and will show
problems for more file than one at a time - more convenient.
2011-04-27 09:09:35 +02:00
Daniel Stenberg
7ddcc8fea4 checksrc: scan many files, more checks
It now scans multiple files and outputs an error+warning count summary
at the end in case at least one was detected.

-D can be used to specify in which dir the files are located

The script now scans for conditions that starts with a space for
if/while/for lines.
2011-04-27 09:09:35 +02:00
Daniel Stenberg
068d656c6d Makefile: run checksrc if debug enabled
And make the build fail if a warning or error was detected
2011-04-27 09:09:35 +02:00
Daniel Stenberg
92f722017c checksrc: exit error code if warnings or errors 2011-04-27 09:09:35 +02:00
Daniel Stenberg
9869668884 SSH: move knownhost logic to separate function 2011-04-27 09:09:35 +02:00
Daniel Stenberg
b903186fa0 source cleanup: unify look, style and indent levels
By the use of a the new lib/checksrc.pl script that checks that our
basic source style rules are followed.
2011-04-27 09:09:35 +02:00
Guenter Knauf
592eda8e3f Windows native IDN fixes.
For now provide prototypes instead of including the
non-standard normalisation.h which is only available in the
"Internationalized Domain Names Mitigation APIs" download.
2011-04-27 03:53:03 +02:00
Dan Fandrich
6d013b0aab Fixed compiler warning in Windows SSPI case 2011-04-25 21:58:37 -07:00
Dan Fandrich
bcc29cda8e Fixed compilation when the synchronous resolver is used 2011-04-25 19:01:40 -07:00
Dan Fandrich
4235457129 Added new resolver sources to Symbian and VC6 build files 2011-04-25 18:07:32 -07:00
Daniel Stenberg
e9542ccab6 hostip: comment fixed to state current situation 2011-04-25 19:50:56 +02:00
Daniel Stenberg
7de2f9271c async resolvers: further cleanups
asyn-ares.c and asyn-thread.c are two separate backends that implement
the same (internal) async resolver API for libcurl to use. Backend is
specified at build time.

The internal resolver API is defined in asyn.h for asynch resolvers.
2011-04-25 19:47:16 +02:00
Daniel Stenberg
24d84da073 asynch resolvers: cleanup
Fixed indents, coding conventions and white space edits.

Modified the c-ares completion callback function to again NOT read the
conn data when the ares handle is being taken down as then it may have
been freed already.
2011-04-25 19:47:16 +02:00
Vsevolod Novikov
ca015f1a45 asynch resolvers: unified
Introducing an internal API for handling of different async resolver
backends.
2011-04-25 19:47:16 +02:00
Guenter Knauf
722f286f80 Enabled OpenWatcom native Windows IDN build.
For now we directly import the Idn* symbols with the linker;
an upcoming release of OWC will have these added to the import
lib normaliz.lib, and prototypes are added to winnnls.h.
2011-04-24 18:58:07 +02:00
Daniel Stenberg
f20b4606de NTLM: work with unicode
Rewritten code from a patch brought by Matteo Rocco.
2011-04-22 22:04:10 +02:00
Dan Fandrich
17df5d8caa Include unistd.h to declare close() 2011-04-21 14:47:07 -07:00
Fabian Keil
210278d9a1 In lib/, change 'wanna' to 'want to'.
Found with codespell.
2011-04-21 07:55:53 -07:00
Fabian Keil
1702a2c08d Fix a couple of spelling errors in lib/
Found with codespell.
2011-04-21 07:55:53 -07:00
Julien Chaffraix
9230be0797 transfer.c: Fixed indentation in readwrite_data. 2011-04-21 07:55:53 -07:00
Daniel Stenberg
3242abd87a SFTP: close file before postquote
Make sure that files are closed before the post quote commands run as if
they operate on the just transferred file they could otherwise easily
fail.

Patch by: Rajesh Naganathan (edited)
2011-04-20 23:37:29 +02:00
Daniel Stenberg
c2c8948190 Curl_http_connect: detect HTTPS properly after CONNECT
libcurl failed to check the correct struct for HTTPS after CONNECT was
issued to the proxy, so it didn't do the TLS handshake and subsequently
failed the connection. A regression released in 7.21.5 (introduced
around commit 8831000bc0).

Bug: http://curl.haxx.se/mail/lib-2011-04/0134.html
Reported by: Josue Andrade Gomes
2011-04-20 22:50:04 +02:00
Gisle Vanem
9039d19f01 CURL_DOES_CONVERSIONS: fixes
Made it compile and work again after the code move.
2011-04-20 15:23:57 +02:00
Daniel Stenberg
c828646f60 CURL_DOES_CONVERSIONS: cleanup
Massively reduce #ifdefs all over (23 #ifdef lines less so far)
Moved conversion-specific code to non-ascii.c
2011-04-20 00:50:07 +02:00
Guenter Knauf
eb65a49bef Improve MinGW static makefile builds.
It is now possible to use any combination of features without
having to 1st add makefile targets to the main makefile. The
main makefile now passes the 'mingw32-feat1-feat2' as var CFG,
and the ./[lib|src]/Makefile.m32 parses the CFG var to determine
the features to be enabled.
2011-04-19 20:59:24 +02:00
Guenter Knauf
b2140a09f8 Enabled MinGW native Windows IDN build. 2011-04-19 17:28:28 +02:00
Guenter Knauf
519bec7c91 Windows native IDN fixes.
changed windows.h include to system header;
changed obsolete 2nd check for str_w to str_utf8 in order to catch
malloc() failure and avoid a free(NULL);
changed calls to GetLastError() to void to kill unsused var compiler
warnings;
moved one call to GetLastError() into else case so that its only
called when WideCharToMultiByte() really fails.
2011-04-19 17:13:09 +02:00
Guenter Knauf
24e5a40156 Windows native IDN fixes.
Provide prototype for curl_win32_idn_to_ascii();
remove wrong 3rd parameter from curl_win32_idn_to_ascii() call.
2011-04-19 16:48:32 +02:00
Guenter Knauf
24667466f0 Updated default (recommended) dependency versions. 2011-04-19 14:26:51 +02:00
Daniel Stenberg
5aae3c13e2 transfer-encoding: document the options
The new libcurl and command line options are now described.
2011-04-18 19:46:21 +02:00
Daniel Stenberg
8e4fb01e64 transfer-encoding: added new option and cmdline
Added CURLOPT_TRANSFER_ENCODING as the option to set to request Transfer
Encoding in HTTP requests (if built zlib enabled). I also renamed
CURLOPT_ENCODING to CURLOPT_ACCEPT_ENCODING (while keeping the old name
around) to reduce the confusion when we have to encoding options for
HTTP.

--tr-encoding is now the new command line option for curl to request
this, and thus I updated the test cases accordingly.
2011-04-18 19:46:21 +02:00
Daniel Stenberg
ebb37eac8b CURLE_BAD_CONTENT_ENCODING: now used for transfer encoding too 2011-04-18 19:46:21 +02:00
Daniel Stenberg
9d191a6a40 TE: do the Connection: header
When TE: is inserted in the request, we must add a "Connection: TE" as
well to be HTTP 1.1 compliant. If a custom Connection: header is passed
in, we must use that and only append TE to it. Test case 1125 verifies
TE: + custom Connection:.
2011-04-18 19:46:21 +02:00
Daniel Stenberg
2db6f7e703 TE: rename struct field content_encoding
Since this struct member is used in the code to determine what and how
to decode automatically and since it is now also used for compressed
Transfer-Encodings, I renamed it to the more suitable 'auto_decoding'
2011-04-18 19:46:21 +02:00
Daniel Stenberg
0790b27910 HTTP: add support for gzip and deflate Transfer-Encoding
Transfer-Encoding differs from Content-Encoding in a few subtle ways,
but primarily it concerns the transfer only and not the content so when
discovered to be compressed we know we have to uncompress it. There will
only arrive compressed transfers in a response after we have requested
them with the appropriate TE: header.

Test case 1122 and 1123 verify.
2011-04-18 19:46:21 +02:00
Daniel Stenberg
a5ee8d50c3 base64.c: removed wrong comment 2011-04-17 23:03:33 +02:00
Daniel Stenberg
6cfbf21acf Curl_ssl_shutdown: restore send/recv pointers
When going back from SSL, put the send/recv function pointers back to
the plain versions.

Bug: http://curl.haxx.se/mail/lib-2011-04/0070.html
Reported by: Mehmet Bozkurt
2011-04-16 00:16:25 +02:00
Guenter Knauf
72da921942 Changed email per Gisle's request. 2011-04-16 00:11:43 +02:00
Andrei Benea
fb80a0a082 Fix a buffer overflow in pubkey_show(). 2011-04-14 23:02:29 +02:00
Guenter Knauf
e84730948d Replaced var manipulations with perlish hacks. 2011-04-14 01:27:39 +02:00
Daniel Stenberg
f01df19798 checkconnection: don't call with NULL pointer
When checking if an existing RTSP connection is alive or not, the
checkconnection function might be called with a SessionHandle pointer
being NULL and then referenced causing a crash. This happened only using
the multi interface.

Reported by: Tinus van den Berg

Bug: http://curl.haxx.se/bug/view.cgi?id=3280739
2011-04-11 13:17:55 +02:00
Daniel Stenberg
c66b0b32fb OpenSSL: no-sslv2 aware
Allow openSSL without SSL2 to be used. This fix is inspired by the fix
provided by Cristian Rodrguez.

Reported by: Cristian Rodrguez
2011-04-10 19:14:22 +02:00
Kamil Dudka
1a6e7da13d nss: allow to use multiple client certificates for a single host
In case a client certificate is used, invalidate SSL session cache
at the end of a session.  This forces NSS to ask for a new client
certificate when connecting second time to the same host.

Bug: https://bugzilla.redhat.com/689031
2011-04-08 13:35:26 +02:00
Daniel Stenberg
23544f35fd mk-ca-bundle.pl: show full URL in output
When I decided to search for a potential error with the cacert bundle it
struck me I wanted to see the full source URL in the output...
2011-04-07 22:42:22 +02:00
Gisle Vanem
89fa3b3efb lib/Makefile.b32: updates
* Rename the object object directory from 'objs' to 'BCC_obj'. I feel
 it should be named properly. Ref. Makefile.Watcom where it's called
 'WC_Win32.obj'.

* Turn off these warnings to keep the build totally silent (with CBuilder-6
 that is).
  -w-inl    8026 Functions X are not expanded inline.
  -w-pia   8060 Possibly incorrect assignment
  -w-pin  8061 Initialization is only partially bracketed

I'm sure the warnings could be fixed the "proper" way or with some added
"#pragma" statements. But that just clutters the sources IMHO.

* $(MKDIR) and $(RMDIR) have been replaced with the shell-commands 'md'
 and 'rd'. When having MingW/Msys programs 'mkdir.exe' and 'rmdir.exe' in
$PATH, this confuses Borland's make and the result (the cleaning etc.) would
 not be as expected.

* Added a ".path.int = $(OBJDIR)" to tell make where the $(PREPROCESSED)
 files are. Why we need the preprocess step in the fist place is beyond me
(Yang?). But I'll leave that for now.
2011-04-07 15:17:58 +02:00
Chris Smowton
d54668eb00 HTTP pipelining: Fix handling of zero-length responses
Also add test case 584 for the same

Bug: http://curl.haxx.se/bug/view.cgi?id=3214223
2011-04-07 14:18:07 +02:00
Dan Fandrich
c22c258029 Changed some nonportable types 2011-04-05 22:31:45 -07:00
Dan Fandrich
6eb484942b Don't list NTLM in curl-config when HTTP is disabled
Also, fixed Curl_proxyCONNECT() stub with HTTP disabled.
2011-04-05 22:29:21 -07:00
Daniel Stenberg
01f05d0c75 return code cleanup: build, init and run-time errors
Stop the abuse of CURLE_FAILED_INIT as return code for things not being
init related by introducing two new return codes:

CURLE_NOT_BUILT_IN and CURLE_UNKNOWN_OPTION

CURLE_NOT_BUILT_IN replaces return code 4 that has been obsoleted for
several years. It is used for returning error when something is
attempted to be used but the feature/option was not enabled or
explictitly disabled at build-time. Getting this error mostly means that
libcurl needs to be rebuilt.

CURLE_FAILED_INIT is now saved and used strictly for init
failures. Getting this problem means something went seriously wrong,
like a resource shortage or similar.

CURLE_UNKNOWN_OPTION is the option formerly known as
CURLE_UNKNOWN_TELNET_OPTION (and the old name is still present,
separately defined to be removed in a very distant future). This error
code is meant to be used to return when an option is given to libcurl
that isn't known. This problem would mostly indicate a problem in the
program that uses libcurl.
2011-04-05 15:14:02 +02:00
Daniel Stenberg
8321a367ee FTP+proxy: macrofied functions when proxy disabled
In my attempts to reduce #ifdefs in code, the SOCKS functions are now
macros when libcurl is built without proxy support and therefore the FTP
code could avoid some #ifs.
2011-04-05 13:55:11 +02:00
Ben Noordhuis
db59b6202d [pop3 starttls] PASS command was not sent after upgrade to TLS. 2011-04-05 13:38:31 +02:00
Ben Noordhuis
e7837bfd03 [pop3 starttls] the command to send is STLS, not STARTTLS. 2011-04-05 13:38:31 +02:00
Daniel Stenberg
02dbfa2192 http-proxy: move proxy code to http_proxy.c
The new http_proxy.* files now host HTTP proxy specific code (500+ lines
moved out from http.c), and as a consequence there is a macro introduced
for the Curl_proxyCONNECT() function so that code can use it without
actually supporting proxy (or HTTP) in builds.
2011-04-04 19:38:00 +02:00
Daniel Stenberg
9d1e914a56 disable cookies: remove ifdefs, move code
1 - make sure to #define macros for cookie functions in the cookie
header when cookies are disabled to avoid having to use #ifdefs in code
using those functions.

2 - move cookie-specific code to cookie.c and use the functio
conditionally as mentioned in (1).

net result: 6 #if lines removed, and 9 lines of code less
2011-04-04 19:27:26 +02:00
Kamil Dudka
d3408d0593 nss: fix a crash within SSL_AuthCertificate()
The bug was introduced in 806dbb0 (a wrong value was passed in as the
first argument to the default callback in our wrapper).
2011-04-04 18:34:19 +02:00
Daniel Stenberg
318c5c802b multi: shorten lines
We keep them less than 80 columns
2011-04-03 00:07:32 +02:00
Daniel Stenberg
c2459c4328 multi: conn goes bad when data change
Within multi_socket when conn is used as a shorthand, data could be
changed and multi_runsingle could modify the connectdata struct to deal
with. This bug has not been included in a public release.

Using 'conn' like that turned out to be ugly. This change is a partial
revert of commit f1c6cd42f4.

Reported by: Miroslav Spousta
Bug: http://curl.haxx.se/bug/view.cgi?id=3265485
2011-04-02 23:44:11 +02:00
Guenter Knauf
c37ad9e909 Increased script version. 2011-04-01 15:04:53 +02:00
Guenter Knauf
5eda4bf726 Make use of proxy vars if set.
Posted to the list by Quanah Gibson-Mount [quanah zimbra.com].
2011-04-01 14:58:36 +02:00
Guenter Knauf
e02c90dc19 Use var again instead of hard-coded filename. 2011-04-01 14:38:01 +02:00
Gisle Vanem
f1c6cd42f4 typo fix 2011-03-29 13:08:01 +02:00
Peter Sylvester
2531cd94a5 TSL-SRP: enabled with OpenSSL
If a new enough OpenSSL version is used, configure detects the TLS-SRP
support and enables it.
2011-03-25 23:09:28 +01:00
Daniel Stenberg
11c2db2aa2 fix: re-use of bound connections
When asked to bind the local end of a connection when doing a request,
the code will now disqualify other existing connections from re-use even
if they are connected to the correct remote host.

This will also affect which connections that can be used for pipelining,
so that only connections that aren't bound or bound to the same
device/port you're asking for will be considered.
2011-03-25 16:03:37 +01:00
Daniel Stenberg
cc9e4321d3 rtsp: move protocol code to dedicated file
The RTSP-specific function for checking for "dead" connection is better
located in rtsp.c. The code using this is now written without #ifdefs as
the function call is instead turned into a macro (in rtsp.h) when RTSP
is disabled.
2011-03-23 17:27:58 +01:00
Daniel Stenberg
67eb679264 ipv6: only probe once
Move ipv6-functional-probe into a single function that is used from all
places that need to know.

Make the probe function store the result in a static variable so that
subsequent invokes just returns the previous result and won't have to
probe again.
2011-03-23 11:10:55 +01:00
Julien Chaffraix
34ef39015e progress: don't print the last update on a separate line.
Curl_posttransfer is called too soon to add the final new line.
Moved the new line logic to pgrsDone as there is no more call to
update the progress status after this call.

Reported by: Dmitri Shubin <sbn_at_tbricks.com>
http://curl.haxx.se/mail/lib-2010-12/0162.html
2011-03-21 21:00:56 -07:00
Daniel Stenberg
058fb33557 retry-request: rewind if data was sent
When libcurl sends a HTTP request on a re-used connection and detects it
being closed (ie no data at all was read from it), it is important to
rewind if any data in the request was sent using the read callback or
was read from file, as otherwise the retried request will be broken.

Reported by: Chris Smowton
Bug: http://curl.haxx.se/bug/view.cgi?id=3195205
2011-03-20 23:24:45 +01:00
Julien Chaffraix
0f07142509 url: 0 is PROTOPT_NONE.
Tiny tweak after Daniel's refactoring of the protocol handlers.
2011-03-19 22:42:12 -07:00
Daniel Stenberg
3a87dd8b20 pop3: add state name in debug array
We have an array with the state names only built and used when built
debug enabled and this need to list all the states from the .h
2011-03-19 11:05:45 +01:00
Dan Fandrich
663a52c2f8 pop3: use Curl_safefree() to allow torture tests to succeed 2011-03-18 11:20:24 -07:00
Daniel Stenberg
0c05ee3a33 pop3: remove unused variable 2011-03-18 09:18:22 +01:00
Dan Fandrich
ef1c18b952 Added support for LISTing a single POP3 message
Added tests for a number of POP3 LIST operations, including one
that shows a curl problem when listing no messages, so is
disabled.
2011-03-17 16:59:30 -07:00
Dan Fandrich
409867e62b pop3: fixed memory leak in an error retrieval case 2011-03-17 16:28:12 -07:00
Daniel Stenberg
93290f69d0 connection setup: if HTTP is disabled asking for HTTP proxy is bad 2011-03-17 11:45:58 +01:00
Daniel Stenberg
e114648991 scan-build warning
Value stored to 'len' is never read
2011-03-16 00:19:26 +01:00
Daniel Stenberg
b8118dd495 ldap_recv: check return code from ldap_get_dn_ber 2011-03-16 00:16:34 +01:00
Daniel Stenberg
025b9368f8 compiler warnings fixed
Use (void)[variable] to inhibit unused argument/variables warnings.
2011-03-16 00:08:32 +01:00
Ben Noordhuis
521e88e009 SMTP-multi: non-blocking connect
Use Curl_ssl_connect_nonblocking() when upgrading the connection to
TLS/SSL while using the multi interface.
2011-03-15 20:10:02 +01:00
Ben Noordhuis
88e825de86 SMTP in multi mode: use Curl_ssl_connect_nonblocking() when connecting. 2011-03-15 20:09:51 +01:00
Daniel Stenberg
36cb24ec19 buildfix: spell define correctly 2011-03-15 16:49:27 +01:00
Kamil Dudka
806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00
Daniel Stenberg
cc228ea6f6 protocol handler cleanup: SSL awareness
As a follow-up to commit 8831000bc0: don't assume that the SSL powered
protocol alternatives are available.
2011-03-15 10:02:05 +01:00
Daniel Stenberg
211504ba8a ldap: use the new protocol handler setup
Use the new flags field and stop using the old protocol defines.
2011-03-15 09:13:11 +01:00
Daniel Stenberg
13b64d7558 protocols: use CURLPROTO_ internally
The PROT_* set of internal defines for the protocols is no longer
used. We now use the same bits internally as we have defined in the
public header using the CURLPROTO_ prefix. This is for simplicity and
because the PROT_* prefix was already used duplicated internally for a
set of KRB4 values.

The PROTOPT_* defines were moved up to just below the struct definition
within which they are used.
2011-03-14 22:52:14 +01:00
Daniel Stenberg
8831000bc0 protocol handler: added flags field
The protocol handler struct got a 'flags' field for special information
and characteristics of the given protocol.

This now enables us to move away central protocol information such as
CLOSEACTION and DUALCHANNEL from single defines in a central place, out
to each protocol's definition. It also made us stop abusing the protocol
field for other info than the protocol, and we could start cleaning up
other protocol-specific things by adding flags bits to set in the
handler struct.

The "protocol" field connectdata struct was removed as well and the code
now refers directly to the conn->handler->protocol field instead. To
make things work properly, the code now always store a conn->given
pointer that points out the original handler struct so that the code can
learn details from the original protocol even if conn->handler is
modified along the way - for example when switching to go over a HTTP
proxy.
2011-03-14 22:22:22 +01:00
Daniel Stenberg
fdaa8da75d sslgen: define Curl_ssl_connect_nonblocking for non-SSL
The non-blocking connect improvement for IMAP showed that we didn't
properly define the Curl_ssl_connect_nonblocking function for non-SSL
builds.

Reported by: Tor Arntsen
2011-03-14 11:13:12 +01:00
Ask Bjørn Hansen
3e00af34c8 mk-ca-bundle.pl: Only download if modified
Only download and convert the certdata to the ca-bundle.crt if Mozilla
changed the data

The Perl LWP module (which in a bit of a circular reference is used by
mk-ca-bundle.pl) is now indirectly using this script. I made this small
tweak to make it easier to automatically maintain the generated
ca-bundle.crt file in version control.
2011-03-14 10:20:21 +01:00
Daniel Stenberg
3eac14b43c SSH: add protocol lock direction
Some protocols have to call the underlying functions without regard to
what exact state the socket signals. For example even if the socket says
"readable", the send function might need to be called while uploading,
or vice versa. This is the case for libssh2 based protocols: SCP and
SFTP and we now introduce a define to set those protocols and we make
the multi interface code aware of this concept.

This is another fix to make test 582 run properly.
2011-03-13 23:21:03 +01:00
Daniel Stenberg
60406ff7f8 state: add missing state to debug table
As a new state recently was added to the IMAP state machine it has to be
in the array of names as well as otherwise libcurl crashes when a debug
version runs...
2011-03-13 14:19:16 +01:00
Daniel Stenberg
ca37692bf4 ssh_statemach_act: set cselect for sftp upload
For uploads we want to use the _sending_ function even when the socket
turns out readable as the underlying libssh2 sftp send function will
deal with both accordingly. This is what the cselect_bits magic is for.

Fixes test 582.
2011-03-13 14:10:27 +01:00
Daniel Stenberg
c8fba59731 Merge branch 'imap' of https://github.com/bnoordhuis/curl into bnoordhuis-imap 2011-03-13 00:36:38 +01:00
Karl M
05ebc6f0cc VC: add missing file
http_negotiate_sspi.c was added to the source tree recently
2011-03-13 00:23:04 +01:00
Marcus Sundberg
6f0ee717c3 GSS: handle reuse fix
Make GSS authentication work when a curl handle is reused for multiple
authenticated requests, by always setting negdata->state in
output_auth_headers().

Signed-off-by: Marcus Sundberg <marcus.sundberg@aptilo.com>
2011-03-13 00:21:07 +01:00
Daniel Stenberg
60172a0446 SFTP: gracefully handle shutdown early
When using the multi interface and a handle using SFTP was removed very
early on, we would get a segfault due to the code assumed data was there
that hadn't yet been setup.

Bug: http://curl.haxx.se/mail/lib-2011-03/0066.html
Reported by: Saqib Ali
2011-03-13 00:15:59 +01:00
Daniel Stenberg
bec9692a77 PROT_CLOSEACTION: added SFTP and SCP
Both SFTP and SCP are protocols that need to shut down stuff properly
when the connection is about to get torned down. The primary effect of
not doing this shows up as memory leaks (when using SCP or SFTP with the
multi interface).

This is one of the problems detected by test 582.
2011-03-12 23:08:10 +01:00
Daniel Stenberg
a07a865d5d readwrite_upload: stop upload at file size
As we know how much to send, we can and should stop once we've sent that
much data as it avoids having to rely on other mechanisms to detect the
end.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:05:11 +01:00
Daniel Stenberg
cccba72920 sftp upload: expire to advance state machine
When using the multi_socket API to do SFTP upload, it is important that
we set a quick expire when leaving the SSH_SFTP_UPLOAD_INIT state as
there's nothing happening on the socket so there's no read or write to
wait for, but the next libssh2 API function needs to be called to get
the ball rolling.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:02:04 +01:00
Daniel Stenberg
1aeb635cdd sources: update source headers
All C and H files now (should) feature the proper project curl source
code header, which includes basic info, a copyright statement and some
basic disclaimers.
2011-03-10 12:04:33 +01:00
Daniel Stenberg
d6b9f76943 cyassl: fix compiler warnings 2011-03-08 14:09:20 +01:00
Todd A Ouska
9e60d8fd9e SSL: (part 2) Added CyaSSL to SSL abstraction layer
This is the modified existing files commit.
2011-03-08 13:54:58 +01:00
Todd A Ouska
a8f30fa555 SSL: Added CyaSSL to SSL abstraction layer
CyaSSL (available from git@github.com:cyassl/cyassl.git) has been
added to the SSL abstraction layer.

To test:
1) git CyaSSL sources
2) autoreconf -i
3) ./configure --disable-static
4) make
5) sudo make install
6) autoreconf -i
7) git curl sources (and this patch)
8) ./configure --disable-shared --with-cyassl --without-ssl --enable-debug
9) make
10) normal testing

Please send questions or comments to todd@yassl.com .
2011-03-08 13:06:38 +01:00
Dan Fandrich
29f0898525 Fixed libcurl to honour the --disable-ldaps configure option 2011-03-07 17:45:33 -08:00
Daniel Stenberg
c9ee341bfb cpp: correct #endif placement
The end-of-file #endif in rawstr.h was not correcly positioned after all
prototypes.

Reported by: Boris
Bug: http://curl.haxx.se/bug/view.cgi?id=3195205
2011-03-06 23:00:28 +01:00
Stefan Krause
8511b6436c transfer: avoid insane conversion of time_t 2011-03-04 21:17:08 +01:00
Daniel Stenberg
17de1cc382 ssh_connect: treat libssh2 return code better
libssh2_knownhost_readfile() returns a negative value on error or
otherwise number of parsed known hosts - this was previously not
documented correctly in the libssh2 man page for the function.

Bug: http://curl.haxx.se/mail/lib-2011-02/0327.html
Reported by: murat
2011-02-26 11:00:44 +01:00
Julien Chaffraix
5719e56168 http: removed wrong unused comment.
|premature| is used in Curl_http_done.
2011-02-25 20:54:39 -08:00
Julien Chaffraix
d7846237a4 http: removed code duplication for stubbed https_getsock function. 2011-02-25 20:50:26 -08:00
Kamil Dudka
7aa2d10e0d nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
2011-02-22 13:19:57 +01:00
Julien Chaffraix
0b8cdc0635 netrc: Removed _NETRC_DEBUG code.
This is not needed anymore as we have unit testing running on it.
2011-02-20 21:11:53 -08:00
Julien Chaffraix
9f8e960a1a tests: Cleaned up netrc testing.
Removed the "netrc_debug" keyword replaced with --netrc-file additions.
Removed the debug code from Curl_parsenetrc as it is superseeded by
--netrc-file.
2011-02-20 21:11:52 -08:00
Ben Noordhuis
dd3760f2eb IMAP in multi mode: use Curl_ssl_connect_nonblocking() when upgrading the connection to TLS/SSL. 2011-02-20 21:11:12 +01:00
Ben Noordhuis
45ca048f44 IMAP in multi mode: use Curl_ssl_connect_nonblocking() when connecting. 2011-02-20 21:11:12 +01:00
Mike Crowe
c4369f34b9 multi: close connection on timeout
After a request times out, the connection wasn't properly closed and
prevented to get re-used, so subsequent transfers could still mistakenly
get to use the previously aborted connection.
2011-02-18 23:19:14 +01:00
Daniel Stenberg
d85cae9225 multi: better failed connect treatment
When failing to connect the protocol during the CURLM_STATE_PROTOCONNECT
state, Curl_done() has to be called with the premature flag set TRUE as
for the pingpong protocols this can be important.

When Curl_done() is called with premature == TRUE, it needs to call
Curl_disconnect() with its 'dead_connection' argument set to TRUE as
well so that any protocol handler's disconnect function won't attempt to
use the (control) connection for anything.

This problem caused the pingpong protocols to fail to disconnect when
STARTTLS failed.

Reported by: Alona Rossen
Bug: http://curl.haxx.se/mail/lib-2011-02/0195.html
2011-02-18 23:01:55 +01:00
Hoi-Ho Chan
05895927f5 PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>
2011-02-18 09:17:32 +01:00
Daniel Stenberg
1c3c0162c6 SOCKOPTFUNCTION: callback can say already-connected
Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
be treated as already connected and thus it will skip the connect()
call.
2011-02-17 22:32:01 +01:00
Kamil Dudka
a40f58d2ef nss: avoid memory leak on SSL connection failure 2011-02-17 17:57:16 +01:00
Guenter Knauf
827f0a318c Set -fpcc-struct-return only for gcc compiler. 2011-02-17 11:46:41 +01:00
Daniel Stenberg
c3a6116dc9 nss_load_key: fix unused variable warning 2011-02-16 19:34:04 +01:00
Daniel Stenberg
f19ace8d33 gmtime: remove define
It turns out some systems rely on the gmtime or gmtime_r to be defined
already in the system headers and thus my "precaution" redefining of
them only caused trouble. They are now removed.
2011-02-14 13:42:01 +01:00
Guenter Knauf
c2dff28c41 Added -m32 to CFLAGS to compile with x86_64 gcc. 2011-02-13 14:31:22 +01:00
Guenter Knauf
e36c039a07 Updated OpenSSL version, added links to docu. 2011-02-13 12:13:21 +01:00
Dan Fandrich
61fc9044c7 Call ERR_peek_error instead of ERR_peek_last_error
The latter isn't available in older OpenSSL versions, and is
less useful since it returns the most recent error instead of
the first one encountered.
2011-02-10 12:29:34 -08:00
Julien Chaffraix
39d0d787d2 test1304: Added some unit tests for Curl_parsenetrc.
Moved some definitons into the header file so that we can reuse them.
2011-02-10 07:38:48 -08:00
Quinn Slack
3cffcba3d0 CURLE_TLSAUTH_FAILED: removed
On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.
2011-02-09 23:34:30 +01:00
Daniel Stenberg
b370fcd300 CURLOPT_SOCKOPTFUNCTION: return proper error code
When the callback returns an error, this function must make sure to return
CURLE_ABORTED_BY_CALLBACK properly and not CURLE_OK as before to allow the
callback to properly abort the operation.
2011-02-09 15:36:36 +01:00
Julien Chaffraix
266bcb06d7 netrc: Removed dead code.
The main has not been updated from some time and is out of sync with
the code. The code is now tested by several test cases so no need for
a seperate code path.
2011-02-07 20:15:35 -08:00
Julien Chaffraix
fe165c69de netrc: Tightened up the type checks.
The state should not be anonymous so that we can check if the values
are fine. Added 2 unreachables states to the switch as a result of this
change.
2011-02-07 20:15:35 -08:00
Julien Chaffraix
4e2ac742c9 imap: Fixed typo in a comment. 2011-02-07 20:15:35 -08:00
Daniel Stenberg
0696260122 Curl_gmtime: avoid future mistakes
Document Curl_gmtime() and define away the old functions so that they
won't be used internally again by mistake.
2011-02-07 15:09:24 +01:00
Daniel Stenberg
54d9f060b4 Curl_gmtime: added a portable gmtime
Instead of polluting many places with #ifdefs, we create a single place
for this function, and also check return code properly so that a NULL
pointer returned won't cause problems.
2011-02-07 15:00:48 +01:00
Guenter Knauf
2cacd82661 mk-ca-bundle.vbs: use new cacert url
The official Mozilla page at http://www.mozilla.org/projects/security/certs/
points out a new place as the "proper" place to get Mozilla's CA certs from
so this script is now updated to use that instead.

Reported by: Daniel Mentz
2011-02-03 09:59:00 +01:00
Daniel Stenberg
ec7978c512 mk-ca-bundle.pl: use new cacert url
The official Mozilla page at
http://www.mozilla.org/projects/security/certs/ points out a new place
as the "proper" place to get Mozilla's CA certs from so this script is
now updated to use that instead.

Reported by: Daniel Mentz
2011-02-02 22:22:15 +01:00
Bjoern Sikora
0e9626ba39 ssluse: improved error message on SSL_CTX_new failures
"SSL: couldn't create a context" really isn't that helpful, now it'll
also extract an explanation from OpenSSL and append to the right.
2011-02-02 18:25:57 +01:00
Nicholas Maniscalco
73eb9965cf multi: fix CURLM_STATE_TOOFAST for multi_socket
The code in the toofast state needs to first recalculate the values
before it uses them again since it may have been a while since it last
did it when it reaches this point.
2011-02-02 13:41:22 +01:00
Dave Reisner
b89122a2bf file: add support for CURLOPT_TIMECONDITION 2011-01-31 14:49:51 +01:00
Dave Reisner
99dcb11ed8 transfer: add Curl_meets_timecondition()
This will be used by file_do() and Curl_readwrite() as a unified method
of checking to see if a remote document meets the supplied
CURLOPT_TIMEVAL and CURLOPT_TIMECONDITION.

Signed-off-by: Dave Reisner <d@falconindy.com>
2011-01-31 14:29:48 +01:00
Daniel Stenberg
ef19e30985 ares: memory leak fix
The double name resolve trick used with c-ares could leave allocated
memory in 'temp_ai' if the operation was aborted in the middle.
2011-01-27 14:41:07 +01:00
Daniel Stenberg
2d356ba168 ares_query_completed_cb: don't touch invalid data
When this callback is called due to the destruction of the ares handle,
the connection pointer passed in as an argument may no longer pointing
to valid data and this function doesn't need to do anything with it
anyway so we make sure it doesn't.

Bug: http://curl.haxx.se/mail/lib-2011-01/0333.html
Reported by: Vsevolod Novikov
2011-01-27 14:41:07 +01:00
Kamil Dudka
dc0a7161f8 nss: avoid memory leaks and failure of NSS shutdown
... in case more than one CA is loaded.

Bug: https://bugzilla.redhat.com/670802
2011-01-27 11:14:18 +01:00
Daniel Stenberg
dbcaa00657 HTTP: memory leak on multiple Location:
The HTTP parser allocated memory on each received Location: header
without properly freeing old data. Starting now, the code only considers
the first Location: header and will blissfully ignore subsequent ones.

Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
Reported by: Martin Lemke
2011-01-25 12:06:50 +01:00
Darshan Mody
03be2c99ba Fixed compile using OpenSSL versions < 0.9.4a 2011-01-20 12:11:22 -08:00
Quinn Slack
59cf93ccdb TLS-SRP: support added when using GnuTLS 2011-01-19 20:35:02 +01:00
Kamil Dudka
fc77790bcd nss: fix a bug in handling of CURLOPT_CAPATH
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702
2011-01-18 14:30:49 +01:00