1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Commit Graph

326 Commits

Author SHA1 Message Date
Daniel Stenberg
7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Daniel Stenberg
6da7a7e5ce
tool_operate: --retry for HTTP 408 responses too
This was inadvertently dropped from the code when the parallel support
was added.

Regression since b88940850 (7.66.0)

Reviewed-by: Jay Satiro
Closes #6155
2020-11-02 08:14:22 +01:00
Daniel Stenberg
ce8ac2db2b
tool_operate: bail out proper on errors for parallel setup
... otherwise for example trying to upload a missing file just causes a
loop.

Reported-by: BrumBrum on hackerone
Closes #6141
2020-10-29 17:26:31 +01:00
Daniel Stenberg
c5ff3fb2cd
tool_operate: fix compiler warning when --libcurl is disabled
Closes #6095
2020-10-16 08:13:42 +02:00
Daniel Stenberg
ec1cb755bf
curl: make sure setopt CURLOPT_IPRESOLVE passes on a long
Previously, it would pass on a define (int) which could make libcurl
read junk as a value - which prevented the CURLOPT_IPRESOLVE option to
"take". This could then make test 2100 do two DoH requests instead of
one!

Fixes #6042
Closes #6043
2020-10-05 10:06:58 +02:00
Daniel Stenberg
3997b3e2a4
curl: make --libcurl show binary posts correctly
Reported-by: Stephan Mühlstrasser
Fixes #6031
Closes #6032
2020-10-02 09:35:37 +02:00
anio
0c1e767e83
tool_writeout: add new writeout variable, %{num_headers}
This variable gives the number of headers.

Closes #5947
2020-09-15 00:37:08 +02:00
Daniel Stenberg
363a88ac9d
curl: retry delays in parallel mode no longer sleeps blocking
The previous sleep for retries would block all other concurrent
transfers. Starting now, the retry will instead be properly marked to
not get restarted until after the delay time but other transfers can
still continue in the mean time.

Closes #5917
2020-09-06 00:00:10 +02:00
Daniel Stenberg
e4e725f835
curl:parallel_transfers: make sure retry readds the transfer
Reported-by: htasta on github
Fixes #5905
Closes #5917
2020-09-05 23:59:48 +02:00
Daniel Stenberg
6ecb63e493
curl: in retry output don't call all problems "transient"
... because when --retry-all-errors is used, the error isn't necessarily
transient at all.

Closes #5916
2020-09-05 18:14:48 +02:00
Emil Engler
aa8777f63f
tool: update --help with categories
This commit is a part of "--help me if you can"

Closes #5680
2020-09-04 15:38:20 +02:00
Michael Baentsch
ede125b7b7
tls: add CURLOPT_SSL_EC_CURVES and --curves
Closes #5892
2020-08-30 17:24:04 +02:00
Daniel Stenberg
5620d2cc78
curl: add --output-dir
Works with --create-dirs and with -J

Add test 3008, 3009, 3011, 3012 and 3013 to verify.

Closes #5637
2020-08-24 22:41:37 +02:00
Daniel Stenberg
4be1f8dc01
curl: support XDG_CONFIG_HOME to find .curlrc
Added test433 to verify. Updated documentation.

Reviewed-by: Jay Satiro
Suggested-by: Eli Schwartz
Fixes #5829
Closes #5837
2020-08-24 16:37:09 +02:00
Daniel Stenberg
98c94596f5
etag: save and use the full received contents
... which makes it support weak tags and non-standard etags too!

Added test case 347 to verify blank incoming ETag:

Fixes #5610
Closes #5833
2020-08-24 10:02:41 +02:00
Marcel Raad
0c6112a139
WIN32: stop forcing narrow-character API
Except where the results are only used for character output.
getenv is not touched because it's part of the public API, and having
it return UTF-8 instead of ANSI would be a breaking change.

Fixes https://github.com/curl/curl/issues/5658
Fixes https://github.com/curl/curl/issues/5712
Closes https://github.com/curl/curl/pull/5718
2020-07-27 10:42:38 +02:00
Jay Satiro
bc052cc878 tool_operate: Don't use Windows CA store as a fallback
Background:

148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.

Problem:

libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.

Solution:

A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.

Ref: https://github.com/curl/curl/issues/5585
2020-06-22 15:26:07 -04:00
Viktor Szakats
308c243db5
all: fix codespell errors
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes https://github.com/curl/curl/pull/5452
2020-05-25 19:44:04 +00:00
Daniel Stenberg
006d2991bd
curl: remove -J "informational" written on stdout
curl would previously show "curl: Saved to filename 'name from header'"
if -J was used and a name was picked from the Content-Disposition
header. That output could interfer with other stdout output, such as -w.

This commit removes that output line.
Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html
Reported-by: Коваленко Анатолий Викторович
Closes #5435
2020-05-23 23:12:53 +02:00
Siva Sivaraman
c4df1f75ad
tool_operate: fixed potentially uninitialized variables
... in curl_easy_getinfo() calls. They're harmless but clearing the
variables makes the code safer and comforts the reader.

Closes #5416
2020-05-19 08:53:41 +02:00
Gilles Vollant
cac5374298
setopt: support certificate options in memory with struct curl_blob
This change introduces a generic way to provide binary data in setopt
options, called BLOBs.

This change introduces these new setopts:

CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB,
CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB.

Reviewed-by: Daniel Stenberg
Closes #5357
2020-05-15 13:03:59 +02:00
Daniel Stenberg
8df455479f
source cleanup: remove all custom typedef structs
- Stick to a single unified way to use structs
 - Make checksrc complain on 'typedef struct {'
 - Allow them in tests, public headers and examples

 - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually
   typedef different types/structs depending on build conditions.

Closes #5338
2020-05-15 08:54:42 +02:00
Marcel Raad
9e5669f388
tool: support UTF-16 command line on Windows
- use `wmain` instead of `main` when `_UNICODE` is defined [0]
- define `argv_item_t` as `wchar_t *` in this case
- use the curl_multibyte gear to convert the command-line arguments to
  UTF-8

This makes it possible to pass parameters with characters outside of
the current locale on Windows, which is required for some tests, e.g.
the IDN tests. Out of the box, this currently only works with the
Visual Studio project files, which default to Unicode, and winbuild
with the `ENABLE_UNICODE` option.

[0] https://devblogs.microsoft.com/oldnewthing/?p=40643

Ref: https://github.com/curl/curl/issues/3747
Closes https://github.com/curl/curl/pull/3784
2020-05-14 18:13:36 +02:00
Jay Satiro
b995bb58cb tool: Add option --retry-all-errors to retry on any error
The "sledgehammer" of retrying.

Closes https://github.com/curl/curl/pull/5185
2020-05-12 03:00:15 -04:00
Daniel Stenberg
6f63ab41b2
tool_operate: only set CURLOPT_SSL_OPTIONS if SSL support is present
Reported-by: Marcel Raad
Follow-up to 148534db5
Fixes #5367
Closes #5369
2020-05-10 15:33:51 +02:00
Gilles Vollant
148534db57
CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)
Closes #4346
2020-05-08 15:55:04 +02:00
Kwon-Young Choi
a448a4ce26
curl: allow both --etag-compare and --etag-save with same file name
This change inverse the order of processing for the --etag-compare and
--etag-save option to process first --etag-compare. This in turn allows
to use the same file name to compare and save an etag.

The original behavior of not failing if the etag file does not exists is
conserved.

Fixes #5179
Closes #5180
2020-04-05 01:07:52 +02:00
Harry Sintonen
7a71965e97
build: fixed build for systems with select() in unistd.h
Closes #5169
2020-03-31 10:59:06 +02:00
Johannes Schindelin
5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Daniel Stenberg
95c36fff75
tool_operate: fix add_parallel_transfers when more are in queue
Trying to return early from the function if no new transfers were added
would break the "morep" argument and cause issues. This could lead to
zero content "transfers" (within quotes since they would never be
started) when parallel-max was reduced.

Reported-by: Gavin Wong
Analyzed-by: Jay Satiro
Fixes #4937
Closes #5112
2020-03-16 09:51:34 +01:00
Daniel Stenberg
1cc97ba6e4
curl: error on --alt-svc use w/o support
Make the tool check for alt-svc support at run-time and return error
accordingly if not present when the option is used.

Reported-by: Harry Sintonen
Closes #4878
2020-02-05 07:57:38 +01:00
Pavel Volgarev
4a4609bf3c
smtp: Allow RCPT TO command to fail for some recipients
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.

Verified with the new tests 3002-3007

Closes #4816
2020-01-21 10:40:19 +01:00
Emil Engler
1774dbd74c
curl: Let -D merge headers in one file again
Closes #4762
Fixes #4753
2020-01-21 09:23:30 +01:00
Daniel Stenberg
ad0aa27a9d
curl: remove 'config' field from OutStruct
As it was just unnecessary duplicated information already stored in the
'per_transfer' struct and that's around mostly anyway.

The duplicated pointer caused problems when the code flow was aborted
before the dupe was filled in and could cause a NULL pointer access.

Reported-by: Brian Carpenter
Fixes #4807
Closes #4810
2020-01-12 17:17:44 +01:00
Daniel Stenberg
392bff4abf
curl: properly free mimepost data
... as it could otherwise leak memory when a transfer failed.

Added test 1293 to verify.

Reported-by: Brian Carpenter
Fixes #4781
Closes #4782
2020-01-04 23:06:44 +01:00
Daniel Stenberg
271ec6b9b6
curl: cleanup multi handle on failure
... to fix memory leak in error path.

Fixes #4772
Closes #4780
Reported-by: Brian Carpenter
2020-01-04 23:05:21 +01:00
Jay Satiro
249f7b37e6 tool_operate: fix mem leak when failed config parse
Found by fuzzing the config file.

Reported-by: Geeknik Labs

Fixes https://github.com/curl/curl/issues/4767
2019-12-29 14:18:48 -05:00
Daniel Stenberg
70a6541515
curl: fix memory leak in OOM in etags logic
Detected by torture tests

Closes #4706
2019-12-12 11:03:55 +01:00
Daniel Stenberg
c6deecd7e9
curl: use errorf() better
Change series of error outputs to use errorf().

Only errors that are due to mistakes in command line option usage should
use helpf(), other types of errors in the tool should rather use
errorf().

Closes #4691
2019-12-10 10:03:33 +01:00
Daniel Stenberg
147fa06891
curl: make the etag load logic work without fseek
The fseek()s were unnecessary and caused Coverity warning CID 1456554

Closes #4681
2019-12-06 23:02:24 +01:00
Daniel Stenberg
9ea769e15f
etag: allow both --etag-compare and --etag-save in same cmdline
Fixes #4669
Closes #4678
2019-12-05 22:57:24 +01:00
Daniel Stenberg
7dffc2b46f
curl: show better error message when no homedir is found
Reported-by: Vlastimil Ovčáčík
Fixes #4644
Closes #4665
2019-12-03 16:26:02 +01:00
Maros Priputen
18e5cb77e9
curl: two new command line options for etags
--etag-compare and --etag-save

Suggested-by: Paul Hoffman
Fixes #4277
Closes #4543
2019-11-28 13:05:20 +01:00
John Schroeder
9a2cbf30b8
curl: fix --upload-file . hangs if delay in STDIN
Attempt to unpause a busy read in the CURLOPT_XFERINFOFUNCTION.

When uploading from stdin in non-blocking mode, a delay in reading
the stream (EAGAIN) causes curl to pause sending data
(CURL_READFUNC_PAUSE).  Prior to this change, a busy read was
detected and unpaused only in the CURLOPT_WRITEFUNCTION handler.
This change performs the same busy read handling in a
CURLOPT_XFERINFOFUNCTION handler.

Fixes #2051
Closes #4599
Reported-by: bdry on github
2019-11-26 09:17:52 +01:00
Daniel Stenberg
215baa74f7
curl: add --parallel-immediate
Starting with this change when doing parallel transfers, without this
option set, curl will prefer to create new transfers multiplexed on an
existing connection rather than creating a brand new one.

--parallel-immediate can be set to tell curl to prefer to use new
connections rather than to wait and try to multiplex.

libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default
on parallel transfers.

Suggested-by: Tom van der Woerdt
Closes #4500
2019-11-21 16:36:10 +01:00
Daniel Stenberg
7a46aeb0be
curl: fix -T globbing
Regression from e59371a493 (7.67.0)

Added test 490, 491 and 492 to verify the functionality.

Reported-by: Kamil Dudka
Reported-by: Anderson Sasaki

Fixes #4588
Closes #4591
2019-11-14 13:44:50 +01:00
Stian Soiland-Reyes
fe5c2464db tool_operate: Fix retry sleep time shown to user when Retry-After
- If server header Retry-After is being used for retry sleep time then
  show that value to the user instead of the normal retry sleep time.

This is a follow-up to 640b973 (7.66.0) which changed curl tool so that
the value from Retry-After header overrides other retry timing options.

Closes https://github.com/curl/curl/pull/4498
2019-10-16 13:56:38 -04:00
Stian Soiland-Reyes
f7f0b0012d
curl: ensure HTTP 429 triggers --retry
This completes #3794.

Also make sure the new tests from #4195 are enabled

Closes #4465
2019-10-05 11:41:06 +02:00
Daniel Stenberg
54c622aa8e
tool_operate: rename functions to make more sense 2019-10-02 07:50:38 +02:00
Daniel Stenberg
e59371a493
curl: create easy handles on-demand and not ahead of time
This should again enable crazy-large download ranges of the style
[1-10000000] that otherwise easily ran out of memory starting in 7.66.0
when this new handle allocating scheme was introduced.

Reported-by: Peter Sumatra
Fixes #4393
Closes #4438
2019-10-02 07:50:32 +02:00