1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Commit Graph

8536 Commits

Author SHA1 Message Date
Stefan Bühler
077fd8f1fa sasl_sspi: fix identity memory leak in digest authentication 2015-11-12 19:11:40 +00:00
Stefan Bühler
b6baa108fa sasl_sspi: fixed unicode build for digest authentication
Closes #525
2015-11-12 19:11:40 +00:00
Steve Holme
88702ebb31 oauth2: Re-factored OAuth 2.0 state variable 2015-11-12 18:25:33 +00:00
Steve Holme
d6d58dd558 sasl: Don't choose OAuth 2.0 if mechanism not advertised
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.
2015-11-12 18:25:33 +00:00
Steve Holme
dcf5b614ca oauth2: Introduced support for host and port details
Added support to the OAuth 2.0 message function for host and port, in
order to accommodate the official OAUTHBEARER SASL mechanism which is
to be added shortly.
2015-11-11 22:26:21 +00:00
Steve Holme
6479f5a076 curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined 2015-11-11 22:19:39 +00:00
Steve Holme
d64add3c71 cmake: Add missing feature macros in config header (Part 2)
In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
2015-11-11 22:18:24 +00:00
Douglas Creager
a215381c94 cmake: Add missing feature macros in config header
The curl_config.h file can be generated either from curl_config.h.cmake
or curl_config.h.in, depending on whether you're building using CMake or
the autotools.  The CMake template header doesn't include entries for
all of the protocols that you can disable, which (I think) means that
you can't actually disable those protocols when building via CMake.

Closes #523
2015-11-10 22:38:52 +01:00
Douglas Creager
3e0d64d075 BoringSSL: Work with stricter BIO_get_mem_data()
BoringSSL implements `BIO_get_mem_data` as a function, instead of a
macro, and expects the output pointer to be a `char **`.  We have to add
an explicit cast to grab the pointer as a `const char **`.

Closes #524
2015-11-10 22:34:07 +01:00
Daniel Stenberg
01b7d8274c http2: rectify the http2 version #if check
We need 1.0.0 or later. Also verified by configure.
2015-11-10 09:10:46 +01:00
Steve Holme
7023d8aa37 oauth2: Don't use XAUTH2 in OAuth 2.0 function name 2015-11-09 22:25:09 +00:00
Steve Holme
eaa98cef8d oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
Steve Holme
4e3d396900 oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
When referring to OAuth 2.0 we should use the official name rather the
SASL mechanism name.
2015-11-09 22:25:08 +00:00
Daniel Stenberg
f54a4aa9a3 imap: avoid freeing constant string
The fix in 1a614c6c3 was wrong and would leed to free() of a fixed
string.

Pointed-out-by: Kamil Dudka
2015-11-09 10:54:55 +01:00
Justin Ehlert
23b8fc15c8 imap: Don't check for continuation when executing a CUSTOMREQUEST
Bug: https://github.com/bagder/curl/issues/486
Closes https://github.com/bagder/curl/pull/487
2015-11-08 12:12:33 +00:00
Daniel Stenberg
e3c85405d0 imap: checksrc: remove space after while before paren 2015-11-07 23:21:29 +01:00
Daniel Stenberg
2581585961 checksrc.whitelist: "missing space after close paren"
... when it was within a string!
2015-11-07 23:20:50 +01:00
Steve Holme
23c4090fd3 imap: Quote other 'atom-specials' and not just the space character
Closes #517
2015-11-07 11:59:32 +00:00
Steve Holme
50bff12ac8 imap: Fixed double quote in LIST command when mailbox contains spaces 2015-11-07 11:20:34 +00:00
Daniel Stenberg
1a614c6c37 imap: fix compiler warning
imap.c:657:13: error: assignment discards 'const' qualifier from pointer
target type [-Werror=discarded-qualifiers]
2015-11-06 23:44:27 +01:00
Steve Holme
505d966850 imap: Don't call imap_atom() when no mailbox specified in LIST command 2015-11-06 21:49:26 +00:00
Jay Satiro
cd3aba1a5c getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
- Set user info param to the socket returned by Curl_getconnectinfo,
regardless of if the socket is bad. Effectively this means the user info
param now will receive CURL_SOCKET_BAD instead of -1 on bad socket.

- Remove incorrect comments.

CURLINFO_ACTIVESOCKET is documented to write CURL_SOCKET_BAD to user
info param but prior to this change it wrote -1.

Bug: https://github.com/bagder/curl/pull/518
Reported-by: Marcel Raad
2015-11-06 00:30:16 -05:00
Patrick Monnerat
f6fbbd6dc3 curl_ntlm_core: fix 2 curl_off_t constant overflows. 2015-11-05 15:20:43 +01:00
Lauri Kasanen
3bd7f28000 rawstr: Speed up Curl_raw_toupper by 40%
Rationale: when starting up a curl-using app, all cookies from the jar
are checked against each other. This was causing a startup delay in the
Fifth browser.

All tests pass.

Signed-off-by: Lauri Kasanen <cand@gmx.com>
2015-11-02 22:57:13 +01:00
Daniel Stenberg
3f7b1bb89f http redirects: %-encode bytes outside of ascii range
Apparently there are sites out there that do redirects to URLs they
provide in plain UTF-8 or similar. Browsers and wget %-encode such
headers when doing a subsequent request. Now libcurl does too.

Added test 1138 to verify.

Closes #473
2015-11-02 12:48:03 +01:00
Daniel Stenberg
ca5f9341ef formadd: support >2GB files on windows
Closes #425
2015-11-02 08:41:46 +01:00
Daniel Stenberg
49a991346e curl.h: s/HTTPPOST_/CURL_HTTPOST_
Fixes a name space pollution at the cost of programs using one of these
defines will no longer compile. However, the vast majority of libcurl
programs that do multipart formposts use curl_formadd() to build this
list.

Closes #506
2015-10-31 22:51:20 +01:00
Daniel Stenberg
fbf09b7775 mbedtls: fix "Structurally dead code"
CID 1332129
2015-10-29 22:59:27 +01:00
Daniel Stenberg
f6ce8c9abb mbedtls: fix "Logically dead code"
CID 1332128
2015-10-29 22:57:09 +01:00
Daniel Stenberg
4c62066cec Revert "openssl: engine: remove double-free"
This reverts commit 370ee919b3.

Issue #509 has all the details but it was confirmed that the crash was
not due to this, so the previous commit was wrong.
2015-10-29 14:59:11 +01:00
Daniel Stenberg
370ee919b3 openssl: engine: remove double-free
After a successful call to SSL_CTX_use_PrivateKey(), we must not call
EVP_PKEY_free() on the key.

Reported-by: nased0
Closes #509
2015-10-27 13:45:25 +01:00
Jay Satiro
e2f430c74a socks: Fix incorrect port numbers in failed connect messages 2015-10-27 02:39:00 -04:00
Daniel Stenberg
03b6e07816 polarssl/mbedtls: fix name space pollution
Global private symbols MUST start with Curl_!
2015-10-23 16:14:29 +02:00
Dmitry S. Baikov
6288cb9304 mbedTLS: THREADING_SUPPORT compilation fix
Closes #505
2015-10-23 16:05:25 +02:00
Kurt Fankhauser
529f9310b1 ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
This allows FTP transfers with growing (or shrinking) files without
causing a transfer error.

Closes #480
2015-10-23 14:57:30 +02:00
Daniel Stenberg
d31ed6ac71 http2: s/priority/weight 2015-10-23 08:22:38 +02:00
Daniel Stenberg
419d410ca0 http2: on_frame_recv: trust the conn/data input
Removed wrong assert()s

The 'conn' passed in as userdata can be used and there can be other
sessionhandles ('data') than the single one this checked for.
2015-10-23 08:22:38 +02:00
Daniel Stenberg
3042cb5043 http2: added three stream prio/deps options
CURLOPT_STREAM_DEPENDS

CURLOPT_STREAM_DEPENDS_E

CURLOPT_STREAM_PRIORITY
2015-10-23 08:22:38 +02:00
m-gardet
ace68fdc0c mbedtls:new profile with RSA min key len = 1024.
Closes #502
2015-10-22 15:28:57 +02:00
Daniel Stenberg
9744ef2289 checksrc: add crude // detection 2015-10-21 23:18:04 +02:00
Gisle Vanem
c238d4da1b build: fix for MSDOS/djgpp
- Add a VPATH-statement for the vtls/*.c files.

- Due to 'vtls/*.c', remove that subdir part from $(OBJECTS).
2015-10-21 13:00:52 -04:00
Daniel Stenberg
5fecdc26f7 copyrights: update Gisle Vanem's email 2015-10-20 13:33:01 +02:00
Daniel Stenberg
257a1c0d14 vtls: fix compiler warning for TLS backends without sha256
... noticed with mbedTLS.
2015-10-20 08:12:44 +02:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Tim Rühsen
e77b5b7453 cookies: Add support for Mozilla's Publix Suffix List
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.

The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.

Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
2015-10-17 16:37:49 +02:00
Anders Bakken
2b98cb57c4 http2: Don't pass unitialized name+len pairs to nghttp2_submit_request
bug introduced by 1869164293.

Closes #493
2015-10-16 23:46:03 +02:00
Daniel Stenberg
443e81ea47 multi: fix off-by-one finit[] array size
introduced in c6aedf680f. It needs to be CURLM_STATE_LAST big since it
must hande the range 0 .. CURLM_STATE_MSGSENT (18) and CURLM_STATE_LAST
is 19 right now.

Reported-by: Dan Fandrich
Bug: http://curl.haxx.se/mail/lib-2015-10/0069.html
2015-10-16 22:42:56 +02:00
Daniel Stenberg
c6aedf680f fread_func: move callback pointer from set to state struct
... and assign it from the set.fread_func_set pointer in the
Curl_init_CONNECT function. This A) avoids that we have code that
assigns fields in the 'set' struct (which we always knew was bad) and
more importantly B) it makes it impossibly to accidentally leave the
wrong value for when the handle is re-used etc.

Introducing a state-init functionality in multi.c, so that we can set a
specific function to get called when we enter a state. The
Curl_init_CONNECT is thus called when switching to the CONNECT state.

Bug: https://github.com/bagder/curl/issues/346

Closes #346
2015-10-15 23:32:19 +02:00
Erik Johansson
3ad83bc3a6 openssl: Fix set up of pkcs12 certificate verification chain
sk_X509_pop will decrease the size of the stack which means that the loop would
end after having added only half of the certificates.

Also make sure that the X509 certificate is freed in case
SSL_CTX_add_extra_chain_cert fails.
2015-10-11 23:14:04 +02:00
Daniel Stenberg
13ddb9e54a ntlm: error out without 64bit support as the code needs it
It makes it a clearer message for developers reaching that point without
the necessary support.

Thanks-by: Jay Satiro

Closes #78
2015-10-09 23:51:54 +02:00
Daniel Stenberg
7715a70ba2 curl_global_init: set the memory function pointers correct
follow-up from 6f8ecea0
2015-10-09 16:13:54 +02:00
Daniel Stenberg
6f8ecea059 curl_global_init_mem: set function pointers before doing init
... as in the polarssl TLS backend for example it uses memory functions.
2015-10-09 16:04:11 +02:00
Jay Satiro
048f84637f http2: Fix http2_recv to return -1 if recv returned -1
If the underlying recv called by http2_recv returns -1 then that is the
value http2_recv returns to the caller.
2015-10-09 00:29:25 -04:00
Daniel Stenberg
8256b44e5a ntlm: get rid of unconditional use of long long
... since some compilers don't have it and instead use other types, such
as __int64.

Reported by: gkinseyhpw
Closes #478
2015-10-08 12:31:06 +02:00
Anders Bakken
da2d3b5805 des: Fix header conditional for Curl_des_set_odd_parity
Follow up to 613e502.
2015-10-08 02:07:12 -04:00
Jay Satiro
69ea579700 getinfo: Fix return code for unknown CURLINFO options
- If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION.

Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on
unknown. That return value is contradicted by the CURLINFO option
documentation which specifies a return of CURLE_UNKNOWN_OPTION on
unknown.
2015-10-04 17:29:43 -04:00
Orange Tsai
5bf36ea30d gopher: don't send NUL byte
Closes #466
2015-10-01 18:15:11 +02:00
Thorsten Schöning
8fd190c04f win32: make recent Borland compilers use long long 2015-09-30 00:03:35 +02:00
Michael Kalinin
69b89050d4 openssl: Fix algorithm init
- Change algorithm init to happen after OpenSSL config load.

Additional algorithms may be available due to the user's config so we
initialize the algorithms after the user's config is loaded.

Bug: https://github.com/bagder/curl/issues/447
Reported-by: Denis Feklushkin
2015-09-28 22:47:25 -04:00
Daniel Stenberg
af90becf4b http2: set TCP_NODELAY unconditionally
For a single-stream download from localhost, we managed to increase
transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of
this single fix.
2015-09-27 23:23:58 +02:00
Daniel Stenberg
46ad4f7f93 http2: avoid superfluous Curl_expire() calls
... only call it when there is data arriving for another handle than the
one that is currently driving it.

Improves single-stream download performance quite a lot.

Thanks-to: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html
2015-09-27 23:23:33 +02:00
Daniel Stenberg
790d6de485 readwrite_data: set a max number of loops
... as otherwise a really fast pipe can "lock" one transfer for some
protocols, like with HTTP/2.
2015-09-27 20:48:35 +02:00
Daniel Stenberg
32fc638ddf FTP: fix uploading ASCII with unknown size
... don't try to increase the supposed file size on newlines if we don't
know what file size it is!

Patch-by: lzsiga
2015-09-26 23:36:25 +02:00
Tatsuhiro Tsujikawa
119037325d build: fix failures with -Wcast-align and -Werror
Closes #457
2015-09-26 23:10:20 +02:00
Mike Crowe
5f87906e0e gnutls: Report actual GnuTLS error message for certificate errors
If GnuTLS fails to read the certificate then include whatever reason it
provides in the failure message reported to the client.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-23 13:44:40 +02:00
Mike Crowe
6b56901b56 gnutls: Support CURLOPT_KEYPASSWD
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22 17:30:33 +02:00
Daniel Stenberg
7362008c1c CURLINFO_TLS_SESSION: always return backend info
... even for those that don't support providing anything in the
'internals' struct member since it offers a convenient way for
applications to figure this out.
2015-09-22 17:21:37 +02:00
Jay Satiro
47b7d658b4 vtls: Change designator name for server's pubkey hash
- Change the designator name we use to show the base64 encoded sha256
hash of the server's public key from 'pinnedpubkey' to
'public key hash'.

Though the server's public key hash is only shown when comparing pinned
public key hashes, the server's hash may not match one of the pinned.
2015-09-19 22:40:40 -04:00
Isaac Boukris
f65e07ca59 NTLM: Reset auth-done when using a fresh connection
With NTLM a new connection will always require authentication.
Fixes #435
2015-09-19 23:21:05 +02:00
Daniel Hwang
30c131f51f ssl: add server cert's "sha256//" hash to verbose
Add a "pinnedpubkey" section to the "Server Certificate" verbose

Bug: https://github.com/bagder/curl/issues/410
Reported-by: W. Mark Kubacki

Closes #430
Closes #410
2015-09-19 23:17:39 +02:00
Jakub Zakrzewski
c979a3d0c4 openldap: only part of LDAP query results received
Introduced with commit 65d141e6da

Closes #440
2015-09-19 23:06:03 +02:00
Alessandro Ghedini
c184a5c6bc openssl: don't output certinfo data 2015-09-19 22:53:31 +02:00
Alessandro Ghedini
c00cec9864 openssl: refactor certificate parsing to use OpenSSL memory BIO
Fixes #427
2015-09-19 22:53:31 +02:00
Kamil Dudka
958d2ffb19 nss: prevent NSS from incorrectly re-using a session
Without this workaround, NSS re-uses a session cache entry despite the
server name does not match.  This causes SNI host name to differ from
the actual host name.  Consequently, certain servers (e.g. github.com)
respond by 400 to such requests.

Bug: https://bugzilla.mozilla.org/1202264
2015-09-18 17:38:51 +02:00
Kamil Dudka
a9fd53887b nss: check return values of NSS functions 2015-09-18 17:07:22 +02:00
Daniel Stenberg
82e3e8e31f openssl: build with < 0.9.8
... without sha256 support and no define saying so.

Reported-by: Rajkumar Mandal
2015-09-17 08:54:04 +02:00
Daniel Stenberg
202162daeb http2: removed unused function 2015-09-13 16:33:51 +02:00
Jay Satiro
df6a4d3519 curl_sspi: fix possibly undefined CRYPT_E_REVOKED
Bug: https://github.com/bagder/curl/pull/411
Reported-by: Viktor Szakats
2015-09-10 02:17:33 -04:00
Daniel Stenberg
87e533ace0 parse_proxy: reject illegal port numbers
If the port number in the proxy string ended weirdly or the number is
too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
numerical address is used without enclosing brackets.

Also mention the bracket requirement for IPv6 numerical addresses to the
man page for CURLOPT_PROXY.

Closes #415

Reported-by: Marcel Raad
2015-09-08 15:17:00 +02:00
Daniel Stenberg
27620171ff FTP: do_more: add check for wait_data_conn in upload case
In some timing-dependnt cases when a 4xx response immediately followed
after a 150 when a STOR was issued, this function would wrongly return
'complete == true' while 'wait_data_conn' was still set.

Closes #405

Reported-by: Patricia Muscalu
2015-09-08 09:29:03 +02:00
Kamil Dudka
7380433d6a nss: do not directly access SSL_ImplementedCiphers[]
It causes dynamic linking issues at run-time after an update of NSS.

Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
2015-09-04 14:35:36 +02:00
Daniel Stenberg
82db076d9f gitignore: ignore more generated VC Makefiles 2015-09-03 23:35:41 +02:00
Daniel Stenberg
1869164293 http2: don't pass on Connection: headers
RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an
HTTP/2 message containing connection-specific header fields; any message
containing connection-specific header fields MUST be treated as
malformed"

Closes #401
2015-09-03 22:23:50 +02:00
Marcel Raad
668231c309 inet_pton.c: Fix MSVC run-time check failure (2)
This fixes another run-time check failure because of a narrowing cast on
Visual C++.

Closes #408
2015-09-03 11:37:50 +02:00
Steve Holme
4963948089 sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabled
Introduced in commit 59f3f92ba6 this function is only implemented when
CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define
the function in the header file either.
2015-08-31 12:44:01 +01:00
Steve Holme
b850437991 sasl: Updated SPN variables and comments for consistency
In places the "host name" and "realm" variable was referred to as
"instance" whilst in others it was referred to as "host".
2015-08-31 12:43:58 +01:00
Steve Holme
415f0370ea win32: Use DES_set_odd_parity() from OpenSSL/BoringSSL by default
Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native
Windows builds don't use the autoconf tools.
2015-08-30 22:06:10 +01:00
Steve Holme
347a6ee597 des: Fixed compilation warning from commit 613e5022fe
curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined;
                      assuming extern returning int
2015-08-30 21:45:30 +01:00
Steve Holme
fb0825cb0a makefiles: Added our standard copyright header
But kept the original author, when they were specified in a comment, as
the initial copyright holder.
2015-08-30 14:51:13 +01:00
Sergei Nikulov
2132708ac2 cmake: added Windows SSL support
Closes #399
2015-08-25 22:42:28 +02:00
Razvan Cojocaru
62f306ff34 getinfo: added CURLINFO_ACTIVESOCKET
This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64
bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable.

Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
2015-08-24 12:34:17 +02:00
Daniel Stenberg
36f6f6f4f2 http2: remove dead code
Leftovers from when we removed the private socket hash.

Coverity CID 1317365, "Logically dead code"
2015-08-24 11:31:45 +02:00
Daniel Stenberg
a78534794e ntlm: mark deliberate switch case fall-through
Coverity CID 1317367, "Missing break in switch"
2015-08-24 11:29:22 +02:00
Daniel Stenberg
110d99c661 http2: on_frame_recv: get a proper 'conn' for the debug logging
"Explicit null dereferenced (FORWARD_NULL)"

Coverity CID 1317366
2015-08-24 11:26:30 +02:00
Nathaniel Waisbrot
9756d1da76 CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
2015-08-22 21:57:14 -04:00
Daniel Stenberg
613e5022fe NTLM: recent boringssl brought DES_set_odd_parity back
... so improve the #ifdefs for using our local implementation.
2015-08-22 23:59:18 +02:00
Alessandro Ghedini
8363656cb4 openssl: handle lack of server cert when strict checking disabled
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.

Closes #392
2015-08-21 15:32:51 +02:00
Daniel Stenberg
38ef1b3e7f ftp: clear the do_more bit when the server has connected
The multi state machine would otherwise go into the DO_MORE state after
DO, even for the case when the FTP state machine had already performed
those duties, which caused libcurl to get stuck in that state and fail
miserably. This occured for for active ftp uploads.

Reported-by: Patricia Muscalu
2015-08-21 13:30:08 +02:00
Erik Janssen
14ff86256b rtsp: stop reading empty DESCRIBE responses
Based-on-patch-by: Jim Hollinger
2015-08-20 23:07:03 +02:00
Erik Janssen
e4fb5f2f61 rtsp: support basic/digest authentication 2015-08-20 23:02:28 +02:00