1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

6531 Commits

Author SHA1 Message Date
Marc Hoersken
ba41ecfa17 http_negotiate.c: Fxied warning: unused variable 'rc' 2012-09-14 15:50:24 +02:00
Marc Hoersken
1ab6c35363 ssh.c: Fixed warning: implicit conversion from enumeration type 2012-09-14 14:48:55 +02:00
Marc Hoersken
5162cb8ad6 socks.c: Check that IPv6 is enabled before using it's features 2012-09-14 08:12:07 +02:00
Marc Hoersken
8a2be299f4 checksrc: Fixed line length and comment indentation 2012-09-14 00:44:16 +02:00
Marc Hoersken
f73a27cadc socks.c: Updated error messages to handle hostname and IPv6 2012-09-14 00:14:46 +02:00
Marc Hoersken
f332f14102 socks.c: Added support for IPv6 connections through SOCKSv5 proxy 2012-09-14 00:14:38 +02:00
Daniel Stenberg
775cc1be66 parse_proxy: treat "socks://x" as a socks4 proxy
Selected socks proxy in Google's Chrome browser. Resulting in the
following environment variables:

NO_PROXY=localhost,127.0.0.0/8
ALL_PROXY=socks://localhost:1080/
all_proxy=socks://localhost:1080/
no_proxy=localhost,127.0.0.0/8

... and libcurl didn't treat 'socks://' as socks but instead picked HTTP
proxy.

Reported by: Scott Bailey

Bug: http://curl.haxx.se/bug/view.cgi?id=3566860
2012-09-13 22:57:38 +02:00
Kamil Dudka
f05e51362f ssh: do not crash if MD5 fingerprint is not provided by libssh2
The MD5 fingerprint cannot be computed when running in FIPS mode.
2012-09-12 16:49:10 +02:00
Kamil Dudka
ce515e993f ssh: move the fingerprint checking code to a separate fnc 2012-09-12 16:49:09 +02:00
Marc Hoersken
7f7e2ea72f wincrypt: Fixed cross-compilation issues caused by include name
For some reason WinCrypt.h is named wincrypt.h under MinGW.
2012-09-11 14:35:18 +02:00
Marc Hoersken
4d384a8714 md5.c: Added support for Microsoft Windows CryptoAPI 2012-09-11 14:12:41 +02:00
Marc Hoersken
e6ba048701 nss.c: Fixed warning: 'err' may be used uninitialized in this function 2012-09-11 09:49:23 +02:00
Marc Hoersken
160312d945 curl_schannel.c: Reference count the credential/session handle
Reference counting the credential handle should avoid that such a
handle is freed while it is still required for connection shutdown
2012-09-09 12:36:54 +02:00
Nick Zitzmann
badb81769a darwinssl: fixed for older Mac OS X versions
SSL didn't work on older cats if built on a newer cat with weak-linking
turned on to support the older cat
2012-09-08 22:35:14 +02:00
Daniel Stenberg
2e7d2c8f74 SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
Bug: http://curl.haxx.se/bug/view.cgi?id=3561305

Patch by: Marcel Raad
2012-09-06 20:51:30 +02:00
Daniel Stenberg
3a0b64489f mk-ca-bundle: detect start of trust section better
Each certificate section of the input certdata.txt file has a trust
section following it with details.

This script failed to detect the start of the trust for at least one
cert[*], which made the script continue pass that section into the next
one where it found an 'untrusted' marker and as a result that certficate
was not included in the output.

[*] = "Hellenic Academic and Research Institutions RootCA 2011"

Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
2012-09-04 23:21:15 +02:00
Alessandro Ghedini
ee3551e45e gnutls: do not fail on non-fatal handshake errors
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402
2012-09-04 22:11:58 +02:00
František Kučera
0a0f3c63a6 SMTP: only send SIZE if supported
SMTP client will send SIZE parameter in MAIL FROM command only if server
supports it. Without this patch server might say "504 Command parameter
not implemented" and reject the message.

Bug: http://curl.haxx.se/bug/view.cgi?id=3564114
2012-09-04 16:54:41 +02:00
Sara Golemon
de24d7bd4c multi: add curl_multi_wait()
/*
 * Name:     curl_multi_wait()
 *
 * Desc:     Poll on all fds within a CURLM set as well as any
 *           additional fds passed to the function.
 *
 * Returns:  CURLMcode type, general multi error code.
 */
CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
                                      struct curl_waitfd extra_fds[],
                                      unsigned int extra_nfds,
                                      int timeout_ms);
2012-09-01 23:10:53 +02:00
Nick Zitzmann
2f6e1a8cc3 darwinssl: Bugfix for previous commit for older cats
I accidentally broke functionality for versions of OS X prior to Mountain
Lion in the previous commit. This commit fixes the problems.
2012-09-01 20:24:05 +02:00
Joe Mason
5ede86ae51 NTLM: re-use existing connection better
If we need an NTLM connection and one already exists, always choose that
one.
2012-08-31 22:54:23 +02:00
Nick Zitzmann
d792e75f2c darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number
of SecureTransport functions, some of which we were using. We now check
to see if the replacement functions are present, and if so, we use them
instead.  The old functions are still present for users of older
cats. Also fixed a build warning that started to appear under Mountain
Lion
2012-08-18 20:36:45 +02:00
Gokhan Sengun
82b0aebef3 ftp: active conn, place calling sockopt callback at the end of function
Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket
2012-08-16 23:20:12 +02:00
Gokhan Sengun
23ef5e4ba2 ftp: active conn, allow application to set sockopt after accept() call
For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types.
2012-08-16 23:20:08 +02:00
Daniel Stenberg
99f0e45b61 ssh: use the libssh2 agent API conditionally
Commit e351972bc8 brought in the ssh agent support but some uses of
the libssh2 agent API was done unconditionally which wasn't good enough
since that API hasn't always been present.
2012-08-10 08:59:36 +02:00
Daniel Stenberg
7520f9f1c3 white space fix: shorten long line
... to please checksrc.pl
2012-08-10 08:59:36 +02:00
Kamil Dudka
f208bf5a2d docs: update the links to cipher-suites supported by NSS
... and make the list of cipher-suites in nss.c readable by humans.

Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html
2012-08-09 16:24:53 +02:00
Kamil Dudka
52b6eda4f2 nss: do not print misleading NSS error codes 2012-08-09 13:33:49 +02:00
Armel Asselin
e351972bc8 SSH: added agent based authentication
CURLSSH_AUTH_AGENT is a new auth type for SSH
2012-08-08 23:03:10 +02:00
Daniel Stenberg
31f39120b7 curl_version: fixed Value stored to 'len' is never read
Fixed this (harmless) clang-analyzer warning. Also fixed the source
indentation level.
2012-08-08 14:58:09 +02:00
Daniel Stenberg
14afbf361a add_next_timeout: minor restructure of code
By reading the ->head pointer and using that instead of the ->size
number to figure out if there's a list remaining we avoid the (false
positive) clang-analyzer warning that we might dereference of a null
pointer.
2012-08-08 14:50:32 +02:00
Daniel Stenberg
bf6dc61967 verbose messages: fixed output of hostnames in re-used connections
I suspect this is a regression introduced in commit 207cf150, included
since 7.24.0.

Avoid showing '(nil)' as hostname in verbose output by making sure the
hostname fixup function is called early enough to set the pointers that
are used for this. The name data is set again for each request even for
re-used connections to handle multiple hostnames over the same
connection (like with proxy) or that the casing etc of the host name is
changed between requests (which has proven to be important at least once
in the past).

Test1011 was modified to use a redirect with a re-used a connection
since it then showed the bug and now lo longer does. There's currently
no easy way to have the test suite detect 'nil' texts in verbose ouputs
so no tests will detect if this problem gets reintroduced.

Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html
Reported by: Gisle Vanem
2012-08-08 13:57:56 +02:00
Mike Crowe
15108d6308 Avoid leak of local device string when reusing connection
Ensure that the copy of the CURLOPT_INTERFACE string is freed if we
decide we can reuse an existing connection.
2012-08-07 23:35:35 +02:00
Daniel Stenberg
c771968ab6 Curl_socket_check: fix timeout return value for select users
This is the same fix applied for the conditional code that uses select()
that was already done for the poll specific code in commit
b61e8b81f5.
2012-08-07 23:30:05 +02:00
Maxime Larocque
b61e8b81f5 Curl_socket_check: fix return code for timeout
We found a problem with ftp transfer using libcurl (7.23 and 7.25)
inside an application which is receiving unix signals (SIGUSR1,
SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE
defined).

Curl_socket_check() uses poll() to wait for the socket, and retries it
when a signal is received (EINTR). However, if a signal is received and
it also happens that the timeout has been reached, Curl_socket_check()
returns -1 instead of 0 (indicating an error instead of a timeout).

In our case, the result is an aborted connection even before the ftp
banner is received from the server, and a return value of
CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(),
in pingpong.c, actually returns OOM if Curl_socket_check() fails :-)
Funny to debug on a system on which OOM is a possible cause).

Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html
2012-08-07 23:24:13 +02:00
Daniel Stenberg
8bad5f2a61 WSAPoll: disabled on all windows builds
Due to WSAPoll bugs, libcurl does not work as intended. When the cURL
library is used to setup a connection to an incorrect port, normally the
result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll,
the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was
reached */.

On August 1, Jan Koen Annot opened a case for this to Microsoft Premier
Online (https://premier.microsoft.com/).  The support engineer handling
the case wrote that the case description is quite clear.  He will try to
reproduce the issue and then proceed with troubleshooting it.

Reported by: Jan Koen Annot
Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html
2012-08-07 20:47:31 +02:00
Daniel Stenberg
f0d611df9e retry request: only access the HTTP data if in fact HTTP
When figuring out if the data stream needs to be rewound when the
request is to be resent, we must not access the HTTP struct unless the
protocol used is indeed HTTP...

Bug: http://curl.haxx.se/bug/view.cgi?id=3544688
2012-08-07 14:55:19 +02:00
Daniel Stenberg
0b08491f83 VC build: add define for openssl
This fixes a build failure of lib/ssluse.c.

Bug: http://curl.haxx.se/bug/view.cgi?id=3552997
2012-08-07 13:57:13 +02:00
Daniel Stenberg
986c7949c0 gtls: fix build failure by including nettle-specific headers
Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
Reported by: Anthony G. Basile
2012-08-06 15:04:25 +02:00
Joe Mason
50b87c4e68 Cleanup handshake after clean NTLM failure 2012-08-03 17:01:54 -04:00
Joe Mason
ce8311c7e4 Zero out auth structs before transfer 2012-08-03 17:01:02 -04:00
Kamil Dudka
1f8518c5d9 file: use fdopen() for uploaded files if available
It eliminates noisy events when using inotify and fixes a TOCTOU issue.

Bug: https://bugzilla.redhat.com/844385
2012-07-30 15:04:38 +02:00
Guenter Knauf
11a7ac0d6a Fixed compiler warning 'unused parameter'. 2012-07-27 03:54:58 +02:00
Guenter Knauf
b13106339e Added prototypes to kill compiler warning. 2012-07-27 03:27:51 +02:00
Guenter Knauf
33b815e894 Changed Windows IDN text to 'WinIDN'.
Synced the output to the same short form as we now use for
Windows SSL (WinSSL).
2012-07-26 02:49:39 +02:00
Nick Zitzmann
f92779198d darwinssl: fixed freeze involving the multi interface
Previously the curl_multi interface would freeze if darwinssl was
enabled and at least one of the handles tried to connect to a Web site
using HTTPS. Removed the "wouldblock" state darwinssl was using because
I figured out a solution for our "would block but in which direction?"
dilemma.
2012-07-25 23:22:11 +02:00
Guenter Knauf
9ac5cdfc2f Added support for tls-srp to MinGW builds. 2012-07-25 13:16:22 +02:00
Daniel Stenberg
c0f8340c7c keepalive: multiply value for OS-specific units
DragonFly uses milliseconds, while our API and Linux use full seconds.

Reported by: John Marino
Bug: http://curl.haxx.se/bug/view.cgi?id=3546257
2012-07-22 22:42:42 +02:00
Kamil Dudka
d317ca50ae http: print reason phrase from HTTP status line on error
Bug: https://bugzilla.redhat.com/676596
2012-07-22 02:12:43 +02:00
Anton Yabchinskiy
2c7cfd2926 Client's "qop" value should not be quoted (RFC2617, section 3.2.2). 2012-07-21 22:21:17 +02:00
Daniel Stenberg
9d11716933 multi_runsingle: added precaution against easy_conn NULL pointer
In many states the easy_conn pointer is referenced and just assumed to
be working. This is an added extra check since analyzing indicates
there's a risk we can end up in these states with a NULL pointer there.
2012-07-15 20:33:11 +02:00
Daniel Stenberg
9ca3137987 parse_proxy: remove dead assignment
Spotted by clang-analyzer
2012-07-13 14:28:12 +02:00
Daniel Stenberg
20ff8a0988 ftp_do_more: add missing check of return code
Spotted by clang-analyzer. The return code was never checked, just
stored.
2012-07-13 14:12:39 +02:00
Daniel Stenberg
771e91374b getinfo: use va_end and cut off Curl_ from static funcs
va_end() needs to be used after va_start() and we don't normally use
Curl_ prefixes for purely static functions.
2012-07-13 13:47:34 +02:00
Philip Craig
1a74e54e8b Split up Curl_getinfo
This avoids false positives from clang's scan-build.
2012-07-13 13:20:32 +02:00
Guenter Knauf
a39789c85c Minor fixes to MinGW makefiles. 2012-07-12 14:15:58 +02:00
Daniel Stenberg
85ce195f75 HEAD: don't force-close after response-headers
A HEAD response has no body length and gets the headers like the
corresponding GET would so it should not get closed after the response
based on the same rules. This mistake caused connections that did HEAD
to get closed too often without a valid reason.

Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
Reported by: Eelco Dolstra
2012-07-12 00:08:37 +02:00
Guenter Knauf
dfe405076e Removed libcurl.imp from Makefile.am.
Updated .gitignore for NetWare created files.
2012-07-11 17:40:09 +02:00
Guenter Knauf
dce2e1aa0f Added missing dependency to export list. 2012-07-11 16:52:48 +02:00
Guenter Knauf
d8ce83e73a Fixed export list path. 2012-07-11 16:01:48 +02:00
Guenter Knauf
33eac5f7fd Changed NetWare build to generate export list. 2012-07-11 15:48:02 +02:00
Guenter Knauf
d4bade7a4e Small NetWare makefile tweak. 2012-07-11 11:54:49 +02:00
Guenter Knauf
f9dfd7e4b7 Changed MinGW makefiles to use WINSSL now. 2012-07-11 11:33:08 +02:00
Yang Tse
4ab2d26cb8 Make Curl_schannel_version() return "WinSSL"
Modification based on voting result:

http://curl.haxx.se/mail/lib-2012-07/0104.html
2012-07-09 15:28:16 +02:00
Daniel Stenberg
904346bf88 cookie: fixed typo in comment 2012-07-09 15:25:34 +02:00
Christian Hägele
c42ca3e73a https_getsock: provided for schannel backend as well
The function https_getsock was only implemented properly when USE_SSLEAY
or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.

The problem occurs when Curl_read_plain or Curl_write_plain returns
CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
the used socket is set to state CURL_POLL_REMOVE and the easy-state is
set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
where https_getsock is called and doesn't return any sockets.
2012-07-09 13:55:23 +02:00
Nick Zitzmann
59c88da74d darwinssl: don't use arc4random_buf
Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
function is not available prior to iOS 4.3 and OS X 10.7.
2012-07-08 15:42:36 +02:00
Nick Zitzmann
825fff880e darwinssl: output cipher with text, remove SNI warning
The code was printing a warning when SNI was set up successfully. Oops.

Printing the cipher number in verbose mode was something only TLS/SSL
programmers might understand, so I had it print the name of the cipher,
just like in the OpenSSL code. That'll be at least a little bit easier
to understand. The SecureTransport API doesn't have a method of getting
a string from a cipher like OpenSSL does, so I had to generate the
strings manually.
2012-07-07 22:37:52 +02:00
Daniel Stenberg
4ac56b9d9f code police: narrow source to < 80 columns 2012-07-06 00:19:41 +02:00
Yang Tse
b1f64d3a2a unicode NTLM SSPI: cleanup follow-up 2012-07-05 23:41:47 +02:00
Yang Tse
e77d867068 unicode NTLM SSPI: cleanup
Reduce the number of #ifdef UNICODE directives used in source files.
2012-07-05 22:18:11 +02:00
Daniel Stenberg
ed7bfeee7a http-proxy: keep CONNECT connections alive (for NTLM)
When doing CONNECT requests, libcurl must make sure the connection is
alive as much as possible. NTLM requires it and it is generally good for
other cases as well.

NTLM over CONNECT requests has been broken since this regression I
introduced in my CONNECT cleanup commits that started with 41b0237834,
included since 7.25.0.

Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
Reported by: Marcel Raad
2012-07-05 11:24:23 +02:00
Guenter Knauf
6fb0ed88d6 Moved some patterns to subfolder's .gitignore. 2012-07-03 14:31:50 +02:00
Guenter Knauf
98ca62c2d6 Merge branch 'master' of ssh://github.com/bagder/curl 2012-07-03 13:01:17 +02:00
Guenter Knauf
1ba5712f88 MinGW makefile tweaks for running from sh.
Added function macros to make path converting easier.
Added CROSSPREFIX to all compile tools.
2012-07-03 12:56:41 +02:00
Marc Hoersken
1a97fd7b63 curl_ntlm_msgs.c: Removed unused variable passwd 2012-07-03 11:41:00 +02:00
Daniel Stenberg
c75ece4442 cookies: change the URL in the cookie jar file header 2012-07-03 11:27:45 +02:00
Yang Tse
e0b9d3b2c9 curl_ntlm_msgs.c: include <tchar.h> for prototypes 2012-07-03 00:14:14 +02:00
Christian Hägele
dd302206ad unicode NTLM SSPI: heap corruption fixed
When compiling libcurl with UNICODE defined and using unicode characters
in username.
2012-07-02 22:59:54 +02:00
Yang Tse
ac6111aeb0 nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes 2012-06-28 16:58:07 +02:00
Marc Hoersken
c0f2bfb2c7 nss.c: Fixed size_t conversion warnings 2012-06-28 16:52:17 +02:00
Yang Tse
74552acaea sslgen.c: cleanup temporary compile-time SSL-backend check 2012-06-28 12:49:12 +02:00
Daniel Stenberg
5600879a1d schannel: provide two additional (dummy) API defines 2012-06-28 08:40:17 +02:00
Daniel Stenberg
5439849246 sslgen: avoid compiler error in SSPI builds 2012-06-27 23:16:14 +02:00
Yang Tse
3bda1cef92 ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
Reported by Tatsuhiro Tsujikawa

http://curl.haxx.se/mail/lib-2012-06/0371.html
2012-06-27 19:06:43 +02:00
Yang Tse
e3014dcc01 sslgen.c: add compile-time check for SSL-backend completeness 2012-06-27 17:14:59 +02:00
Yang Tse
57d2732ccb build: add our standard includes to curl_darwinssl.c and curl_multibyte.c 2012-06-27 17:13:16 +02:00
Yang Tse
e6b2eb78a2 build: add curl_schannel and curl_darwinssl files to other build systems 2012-06-27 14:05:32 +02:00
Nick Zitzmann
7aa95afadd DarwinSSL: allow using NTLM authentication
Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.

This uses CommonCrypto, a cryptography library that ships with all versions of
iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
less-common cyphers and doesn't have a big number data structure.
2012-06-27 11:57:31 +02:00
Yang Tse
dc7dc9786f curl_darwinssl.h: add newline at end of file 2012-06-27 10:55:54 +02:00
Daniel Stenberg
aed6db2cb9 ossl_seed: remove leftover RAND_screen check
Before commit 2dded8fedb (dec 2010) there was logic that used
RAND_screen() at times and now I remove the leftover #ifdef check for
it.

The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
to keep since it hardly increases randomness but I fear I'll break
something if I remove it now...
2012-06-26 22:18:53 +02:00
Nick Zitzmann
3a4b28d473 DarwinSSL: several adjustments
- Renamed st_ function prefix to darwinssl_
- Renamed Curl_st_ function prefix to Curl_darwinssl_
- Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
- Fixed a teensy little bug that made non-blocking connection attempts block
- Made it so that it builds cleanly against the iOS 5.1 SDK
2012-06-26 21:39:48 +02:00
Marc Hoersken
a8478fc8d3 sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union inside the struct Curl_sockaddr_storage declaration.
2012-06-26 21:24:29 +02:00
Daniel Stenberg
849179ba27 SSL cleanup: use crypto functions through the sslgen layer
curl_ntlm_msgs.c would previously use an #ifdef maze and direct
SSL-library calls instead of using the SSL layer we have for this
purpose.
2012-06-26 19:40:36 +02:00
Nick Zitzmann
6d1ea388cb darwinssl: add support for native Mac OS X/iOS SSL 2012-06-26 14:04:15 +02:00
Yang Tse
d025af9bb5 curl_schannel.c: Remove redundant NULL assignments following Curl_safefree() 2012-06-25 21:48:20 +02:00
Marc Hoersken
f99f02bb05 curl_schannel.c: Replace free() with Curl_safefree() 2012-06-25 21:34:31 +02:00
Steve Holme
a28cda3653 smtp: Corrected result code for MAIL, RCPT and DATA commands
Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
Reported by: Dan
2012-06-24 22:40:17 +01:00
Yang Tse
2ebb87f047 build: fix RESOURCE bug in lib/Makefile.vc*
Removed two, not intended to exist, RESOURCE declarations.

Bug: http://curl.haxx.se/bug/view.cgi?id=3535977

And sorted configuration hunks to reflect same internal order
as the one shown in the usage message.
2012-06-20 23:32:24 +02:00
Marc Hoersken
006b83798e schannel: Implement new buffer size strategy
Increase decrypted and encrypted cache buffers using limitted
doubling strategy. More information on the mailinglist:
http://curl.haxx.se/mail/lib-2012-06/0255.html

It updates the two remaining reallocations that have already been there
and fixes the other one to use the same "do we need to increase the
buffer"-condition as the other two.  CURL_SCHANNEL_BUFFER_STEP_SIZE was
renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
is now.  Since we don't know how much more data we are going to read
during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
minimum free space required in the buffer for the next operation.
CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
we don't have a step size now, the define was renamed.
2012-06-20 22:59:03 +02:00
Yang Tse
293c9288b3 schannel SSL: fix compiler warning 2012-06-20 22:26:51 +02:00
Mark Salisbury
8f92e8be12 schannel SSL: fix for renegotiate problem
In schannel_connect_step2() doread should be initialized based
on connssl->connecting_state.
2012-06-20 20:32:14 +02:00
Daniel Stenberg
066811592d schannel_connect_step2: checksrc whitespace fix 2012-06-20 00:51:03 +02:00
Mark Salisbury
72a5813192 schannel SSL: changes in schannel_connect_step2
Process extra data buffer before returning from schannel_connect_step2.
Without this change I've seen WinCE hang when schannel_connect_step2
returns and calls Curl_socket_ready.

If the encrypted handshake does not fit in the intial buffer (seen with
large certificate chain), increasing the encrypted data buffer is necessary.

Fixed warning in curl_schannel.c line 1215.
2012-06-20 00:51:03 +02:00
Mark Salisbury
99b13f2741 config-win32ce.h: WinCE config adjustment
process.h is not present on WinCE
2012-06-20 00:49:49 +02:00
Mark Salisbury
a15378e073 schannel SSL: Made send method handle unexpected cases better
Implemented timeout loop in schannel_send while sending data.  This
is as close as I think we can get to write buffering; I put a big
comment in to explain my thinking.

With some committer adjustments
2012-06-20 00:16:40 +02:00
Marc Hoersken
7d2abe27dd curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size 2012-06-19 22:54:58 +02:00
Mark Salisbury
64962b0218 schannel SSL: Use standard Curl read/write methods
Replaced calls to swrite with Curl_write_plain and calls to sread
with Curl_read_plain.

With some committer adjustments
2012-06-19 20:32:35 +02:00
Yang Tse
75dd191bdf schannel SSL: make wording of some trace messages better reflect reality 2012-06-19 20:32:19 +02:00
Marc Hoersken
e93e3bcb82 curl_schannel.h: Use BUFSIZE as the initial buffer size if available
Make the Schannel implementation use libcurl's default buffer size
for the initial received encrypted and decrypted data cache buffers.
The implementation still needs to handle more data since more data
might have already been received or decrypted during the handshake
or a read operation which needs to be cached for the next read.
2012-06-19 14:41:43 +02:00
Mark Salisbury
8a8829499d schannel SSL: Implemented SSL shutdown
curl_schannel.c - implemented graceful SSL shutdown.  If we fail to
shutdown the connection gracefully, I've seen schannel try to use a
session ID for future connects and the server aborts the connection
during the handshake.
2012-06-19 04:39:46 +02:00
Mark Salisbury
1e4c57fa64 schannel SSL: certificate validation on WinCE
curl_schannel.c - auto certificate validation doesn't seem to work
right on CE.  I added a method to perform the certificate validation
which uses CertGetCertificateChain and manually handles the result.
2012-06-19 04:39:45 +02:00
Mark Salisbury
29dd7192e6 schannel SSL: Added helper methods to simplify code
Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
easier to set up SecBuffer & SecBufferDesc structs.
2012-06-19 04:39:44 +02:00
Mark Salisbury
5a8649863c setup.h: WinCE build adjustment 2012-06-18 18:52:28 +02:00
Mark Salisbury
05f6f2497a ftplistparser.c: do not compile if FTP protocol is not enabled 2012-06-18 18:51:30 +02:00
Yang Tse
d56e8bcc8a Win32: downplay MS bazillion type synonyms game
Avoid usage of some MS type synonyms to allow compilation with
compiler headers that don't define these, using simpler synonyms.
2012-06-16 19:20:50 +02:00
Daniel Stenberg
220776de6b Curl_rtsp_parseheader: avoid useless malloc/free
Coverity actually pointed out flawed logic in the previous call to
Curl_strntoupper() where the code used sizeof() of a pointer to pass in
a size argument. That code still worked since it only needed to
uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
was pointless since the code has already matched the string once in the
condition that starts the block of code.
2012-06-15 22:51:45 +02:00
Daniel Stenberg
3da2c0f6d2 curl_share_setopt: use va_end()
As spotted by Coverity, va_end() was not used previously. To make it
used I took away a bunch of return statements and made them into
assignments instead.
2012-06-15 22:37:19 +02:00
Yang Tse
ac3e356c95 SSPI related code: Unicode support for WinCE - kill compiler warnings 2012-06-15 21:50:57 +02:00
Mark Salisbury
a96fa00f38 SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up 2012-06-15 19:39:18 +02:00
Yang Tse
a5e0583cd3 build: add curl_multibyte files to build systems 2012-06-15 18:41:50 +02:00
Mark Salisbury
46480bb9a1 SSPI related code: Unicode support for WinCE
SSPI related code now compiles with ANSI and WCHAR versions of security
methods (WinCE requires WCHAR versions of methods).

Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.

curl_sasl.c - include curl_memory.h to use correct memory functions.

getenv.c and telnet.c - WinCE compatibility fix

With some committer adjustments
2012-06-15 18:41:49 +02:00
Yang Tse
42f0588ea8 schannel: fix printf-style format strings 2012-06-14 16:55:26 +02:00
Yang Tse
6085ca2aed Fix bad failf() and info() usage
Calls to failf() are not supposed to provide trailing newline.
Calls to infof() must provide trailing newline.

Fixed 30 or so strings.
2012-06-14 13:32:05 +02:00
Yang Tse
a8259945c4 schannel: fix unused parameter warnings 2012-06-14 12:12:54 +02:00
Yang Tse
3af5023a20 schannel: fix comparisons between signed and unsigned 2012-06-14 12:10:51 +02:00
Yang Tse
2bac074f08 schannel: fix discarding qualifier from pointer type 2012-06-14 12:05:48 +02:00
Yang Tse
d098cfd8c0 schannel: fix shadowing of global declarations 2012-06-14 11:53:46 +02:00
Yang Tse
b4b7f6828c schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations 2012-06-14 11:34:12 +02:00
Gisle Vanem
0d0893f2b9 urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
via <winldap.h> in ldap.c.

http://curl.haxx.se/mail/lib-2012-06/0196.html
2012-06-14 01:51:51 +02:00
Guenter Knauf
32ce7f19b2 Changed Schannel string to SSL-Windows-native.
This is more descriptive for the user who might
not even know what schannnel is at all.
2012-06-13 19:29:45 +02:00
Yang Tse
819afe46ee schannel: remove version number and identify its use with 'schannel' literal
Version number is removed in order to make this info consistent with
how we do it with other MS and Linux system libraries for which we don't
provide this info.

Identifier changed from 'WinSSPI' to 'schannel' given that this is the
actual provider of the SSL/TLS support. libcurl can still be built with
SSPI and without SCHANNEL support.
2012-06-13 16:42:48 +02:00
Daniel Stenberg
c13af84372 singlesocket: remove dead code
No need to check if 'entry' is non-NULL in a spot where it is already checked
and guaranteed to be non-NULL.

(Spotted by a Coverity scan)
2012-06-12 23:04:04 +02:00
Daniel Stenberg
47c1bf9e43 netrc: remove dead code
Remove two states from the enum and the corresponding code for them as
these states were never reached or used.

(Spotted by a Coverity scan)
2012-06-12 22:46:14 +02:00
Yang Tse
d95b8e0627 Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
This reverts commit 9c94236e6c.

It didn't server its purpose, so lets go back to long-time working code.
2012-06-12 13:12:09 +02:00
Yang Tse
1e8e6057ea socks_sspi.c: further cleanup 2012-06-12 12:34:52 +02:00
Marc Hoersken
38f05cea46 socks_sspi.c: Clean up and removal of obsolete minor status
Removed obsolete minor status variable and parameter of status function
which was never used or set at all. Also Curl_sspi_strerror does support
only one status and there is no need for a second sub status.
2012-06-12 11:52:42 +02:00
Guenter Knauf
7bf910482e Removed trailing whitespaces. 2012-06-12 05:36:08 +02:00
Yang Tse
b8edf5bbe9 strerror.c: make Curl_sspi_strerror() always return code for errors 2012-06-12 03:57:15 +02:00
Yang Tse
5e7a0fe73b curl_sspi.h: provide sspi status definitions missing in old headers 2012-06-12 03:56:24 +02:00
Yang Tse
746b80a210 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:11:10 +02:00
Yang Tse
764a5e4a50 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:06:48 +02:00
Daniel Stenberg
af0888aaf6 Revert: 634f7cfee4 partially
Make sure CURL_VERSION_SSPI is present and works as in previous releases
for ABI and API compatibility reasons.
2012-06-11 22:58:39 +02:00
Daniel Stenberg
9c18bb3702 checksrc: shorten a few lines to comply 2012-06-11 19:08:46 +02:00
Daniel Stenberg
c7cc914961 cleanup: remove trailing whitespace 2012-06-11 19:06:43 +02:00
Steve Holme
9a51c11074 Makefile.vc6: Added version.lib if built with SSPI 2012-06-11 19:04:16 +02:00
Marc Hoersken
cb142cf217 winbuild: Updated winbuild scripts to add schannel 2012-06-11 19:03:14 +02:00
Marc Hoersken
7da6a9128b mingw32: Fixed warning of USE_SSL being redefined 2012-06-11 19:00:37 +02:00
Marc Hoersken
61d152384e sspi: Fixed incompatible parameter pointer type in Curl_sspi_version 2012-06-11 19:00:37 +02:00
Marc Hoersken
a92df2e007 setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined 2012-06-11 19:00:36 +02:00
Marc Hoersken
634f7cfee4 version: Replaced SSPI feature information with version string details
Added Windows SSPI version information to the curl version string when
SCHANNEL SSL is not enabled, as the version of the library should also
be included when SSPI is used to generate security contexts.

Removed SSPI from the feature list as the features are GSS-Negotiate,
NTLM and SSL depending on the usage of the SSPI library.
2012-06-11 19:00:36 +02:00
Steve Holme
70d56bfe3c sspi.c: Post Curl_sspi_version() rework code tidy up
Removed duplicate blank lines.
Removed spaces between the not and test in various if statements.
Removed explicit test of NULL in an if statement.
Placed function returns on same line as function declarations.
Replaced the use of curl_maprintf() with aprintf() as it is the
preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
is set.
2012-06-11 19:00:36 +02:00
Steve Holme
bd38ebc697 sspi: Reworked Curl_sspi_version() to return version components
Reworked the version function to return four version components rather
than a string that has to be freed by the caller.
2012-06-11 19:00:36 +02:00
Marc Hoersken
7047e2ed72 schannel: Code cleanup and bug fixes
curl_sspi.c: Fixed mingw32-gcc compiler warnings
curl_sspi.c: Fixed length of error code hex output

The hex value was printed as signed 64-bit value on 64-bit systems:
SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)

It is now correctly printed as the following:
SEC_E_WRONG_PRINCIPAL (0x80090322)

curl_sspi.c: Fallback to security function table version number
Instead of reporting an unknown version, the interface version is used.

curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
curl_schannel: Replaced static buffer sizes with defined names
curl_schannel.c: First brace when declaring functions on column 0
curl_schannel.c: Put the pointer sign directly at variable name
curl_schannel.c: Use structs directly instead of typedef'ed structs
curl_schannel.c: Removed space before opening brace
curl_schannel.c: Fixed lines being longer than 80 chars
2012-06-11 19:00:35 +02:00
Marc Hoersken
c1311c2b8f curl_sspi: Added Curl_sspi_version function
Added new function to get SSPI version as string.
Added required library version.lib to makefiles.
Changed curl_schannel.c to use Curl_sspi_version.
2012-06-11 19:00:35 +02:00
Guenter Knauf
0bb5ff5d1a schannel: Updated mingw32 makefiles 2012-06-11 19:00:35 +02:00
Marc Hoersken
64dc957a41 schannel: Replace ASCII specific code with general defines 2012-06-11 19:00:35 +02:00
Marc Hoersken
3d3a3f9e7c schannel: Added definitions which are missing in mingw32 2012-06-11 19:00:34 +02:00
Marc Hoersken
8d78848a39 schannel: Moved interal struct types to urldata.h
Moved type definitions in order to avoid inclusion loop
2012-06-11 19:00:34 +02:00
Marc Hoersken
90412c8613 schannel: Fixed compiler warnings about pointer type assignments 2012-06-11 19:00:34 +02:00
Marc Hoersken
78729e76da schannel: Fixed critical typo in conditions and added buffer length checks 2012-06-11 19:00:34 +02:00
Marc Hoersken
f858bb0d1f sspi: Refactored socks_sspi and schannel to use same error message functions
Moved the error constant switch to curl_sspi.c and added two new helper
functions to curl_sspi.[ch] which either return the constant or a fully
translated message representing the SSPI security status.
Updated socks_sspi.c and curl_schannel.c to use the new functions.
2012-06-11 19:00:34 +02:00
Marc Hoersken
15ca80c831 schannel: Added special shutdown check for Windows 2000 Professional
Windows 2000 Professional:  Schannel returns SEC_E_OK instead
of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
is zero and the first byte of the encrypted packet is 0x15,
the application can safely assume that the message was a
close_notify message and change the return value to
SEC_I_CONTEXT_EXPIRED.

Connection shutdown does not mean that there is no data to read
Correctly handle incomplete message and ask curl to re-read
Fixed buffer for decrypted being to small
Re-structured read condition to be more effective
Removed obsolete verbose messages
Changed memory reduction method to keep a minimum buffer of size 4096
2012-06-11 19:00:34 +02:00
Marc Hoersken
ec9e9f38b1 schannel: Implemented SSL/TLS renegotiation
Updated TODO information and added related MSDN articles
2012-06-11 19:00:34 +02:00
Marc Hoersken
46792af733 schannel: Save session credential handles in session cache 2012-06-11 19:00:34 +02:00
Marc Hoersken
445245ca85 schannel: Code cleanup 2012-06-11 19:00:34 +02:00
Marc Hoersken
f96f1f3165 schannel: Check for required context attributes 2012-06-11 19:00:34 +02:00
Marc Hoersken
bead90a837 schannel: Allow certificate and revocation checks being deactivated 2012-06-11 19:00:34 +02:00
Marc Hoersken
aaa42aa0d5 schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI 2012-06-11 19:00:29 +02:00
Marc Hoersken
1f635608bb http: Replaced specific SSL libraries list in https_getsock fallback 2012-06-11 19:00:29 +02:00
Marc Hoersken
9c94236e6c connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union instead of separate pointer variables.
Internal union sockaddr_u could probably be moved to generic header.
Thanks to Paul Howarth for the hint about using unions for this.

Important for winbuild: Separate declaration of sockaddr_u pointer.
The pointer variable *sock cannot be declared and initialized right
after the union declaration. Therefore it has to be a separate statement.
2012-06-11 15:26:30 +02:00
Marc Hoersken
3f9ab7cf5d curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated 2012-06-11 14:47:23 +02:00
Daniel Stenberg
6cd084a3b5 Curl_pgrsDone: return int and acknowledge return code
Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
abort instruction or similar we need to return that info back and
subsequently properly handle return codes from Curl_pgrsDone() where
used.

(Spotted by a Coverity scan)
2012-06-10 23:40:35 +02:00
Steve Holme
1aaf86a596 smtp.c: Removed unused variable 2012-06-09 19:49:59 +01:00
Steve Holme
6188855b67 smtp: Post apop feature code tidy up 2012-06-09 19:22:29 +01:00
Steve Holme
a3660127a4 pop3: Post apop feature code tidy up 2012-06-09 19:21:44 +01:00
Steve Holme
c09c621af7 pop3: Added support for apop authentication 2012-06-09 13:49:37 +01:00
Steve Holme
4e430a8a16 pop3: Enhanced the extended authentication mechanism detection
Enhanced the authentication type / mechanism detection in preparation
for the introduction of APOP support.
2012-06-09 11:48:44 +01:00
Steve Holme
6478e1d7e5 pop3.c: Fixed length of SASL check 2012-06-09 11:08:08 +01:00
Daniel Stenberg
674e53f40e OpenSSL: support longer certificate subject names
Previously it would use a 256 byte buffer and thus cut off very long
subject names. The limit is now upped to the receive buffer size, 16K.

Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
Reported by: Anthony G. Basile
2012-06-09 00:06:54 +02:00
Kamil Dudka
68857e40d6 ssl: fix duplicated SSL handshake with multi interface and proxy
Bug: https://bugzilla.redhat.com/788526
Reported by: Enrico Scholz
2012-06-08 23:27:11 +02:00
Daniel Stenberg
e3f5e04cf0 openldap: OOM fixes
when calloc fails, return error! (Detected by Fortify)

Reported by: Robert B. Harris
2012-06-08 20:57:11 +02:00
Steve Holme
0cd8c287a4 sasl: Re-factored mechanism constants in preparation for APOP work 2012-06-08 19:52:28 +01:00
Steve Holme
0636af6131 smtp.c: Re-factored the smtp_state_*_resp() functions
Re-factored the smtp_state_*_resp() functions to 1) Match the constants
that were refactored in commit 00fddba672, 2) To be more readable and
3) To match their counterparties in pop3.c.
2012-06-07 22:06:01 +01:00
Steve Holme
00fddba672 smtp: Re-factored the SMTP_AUTH* state machine constants
Re-factored the SMTP_AUTH* constants, that are used by the state
machine, to be clearer to read.
2012-06-06 20:14:52 +01:00
Steve Holme
89b5680d81 smtp.c: Removed whitespace 2012-06-05 14:34:17 +01:00
Steve Holme
0f3c330ad8 pop3: Another small code tidy up
Missed some comments that we identified during the SMTP tidy up earlier.
2012-06-05 13:49:50 +01:00
Steve Holme
7157363ab4 smtp: Post authentication code tidy up
Corrected lines longer than 78 characters.

Removed unnecessary braces in smtp_state_helo_resp().

Introduced some comments in data sending functions.

Tidied up comments to match changes made in pop3.c.
2012-06-05 12:23:01 +01:00
Steve Holme
57e6336794 email: Removed duplicated header file 2012-06-05 11:18:07 +01:00
Steve Holme
64510fe917 sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
For consistency with other SASL based functions renamed this function
to Curl_sasl_create_ntlm_type3_message() which better describes its
usage.
2012-06-04 22:25:45 +01:00
Steve Holme
38dfe52559 pop3: Post authentication code tidy up
Corrected lines longer than 78 characters.

Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
AUTH command is no longer sent on its own.

Introduced some comments in data sending functions.

Another attempt at trying to rational code and comment style.
2012-06-04 22:15:51 +01:00
Steve Holme
7759d10f36 pop3: Added support for sasl digest-md5 authentication 2012-06-04 21:50:16 +01:00
Yang Tse
32ab3276ee sasl: add reference for curl_sasl 2012-06-04 22:51:00 +02:00
Yang Tse
74a7ee9973 Makefile.inc: tab adjustment 2012-06-04 22:50:59 +02:00
Steve Holme
bf51b8c07a sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
Added a service type parameter to Curl_sasl_create_digest_md5_message()
to allow the function to be used by different services rather than being
hard coded to "smtp".
2012-06-04 20:22:06 +01:00
Steve Holme
e336bc7c42 pop3: Changed the sasl mechanism detection from auth to capa
Not all SASL enabled POP3 servers support the AUTH command on its own
when trying to detect the supported mechanisms. As such changed the
mechanism detection to use the CAPA command instead.
2012-06-04 19:09:45 +01:00
Steve Holme
f087211566 sasl: Small code tidy up
Reworked variable names in Curl_sasl_create_cram_md5_message() to match
those in Curl_sasl_create_digest_md5_message() as they are more
appropriate.
2012-06-04 11:02:03 +01:00
Steve Holme
665e16899c sasl: Moved digest-md5 authentication message creation from smtp.c
Moved the digest-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-04 10:53:18 +01:00
Steve Holme
58987556d5 sasl: Small code tidy up before moving digest-md5 over
Correction of comments and variable names.
2012-06-04 10:49:55 +01:00
Steve Holme
8c0bfd3e0c pop3: Added support for sasl cram-md5 authentication 2012-06-03 19:13:16 +01:00
Daniel Stenberg
24f127027b Curl_sasl_create_plain_message: remove TAB 2012-06-03 19:42:47 +02:00
Steve Holme
2b9ca12edf sasl: Small code tidy up
Added some comments and removed an unreferenced variable.
2012-06-03 18:24:35 +01:00
Steve Holme
3b8cf5bd14 pop3.c: Added conditional compilation for NTLM function calls
Added USE_NTLM condition compilation around the NTLM functions called
from pop3_statemach_act() introduced in commit 69f7156ad9.
2012-06-03 17:40:05 +01:00
Steve Holme
c12a414b21 sasl: Moved cram-md5 authentication message creation from smtp.c
Moved the cram-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-03 17:21:49 +01:00
Steve Holme
b5bb61ee69 pop3: Fixed an issue with changes introduced in commit c267c53017
Because pop3_endofresp() is called for each line of data yet is not
passed the line and line length, so we have to use the data pointed to
by pp->linestart_resp which contains the whole packet, the mechanisms
were being detected in one call yet the function would be called for
each line of data.

Using curl with verbose mode enabled would show that one line of data
would be received in response to the AUTH command, before the AUTH
<mechanism> command was sent to the server and then the next few lines
of the original AUTH command would be displayed before the response from
the AUTH <mechanism> command. This would then cause problems when
parsing the CRAM-MD5 challenge data as extra data was contained in the
buffer.

Changed the parsing so that each line is checked for the mechanisms
and the function returns FALSE until the whole of the AUTH response has
been processed.
2012-06-03 17:06:48 +01:00
Steve Holme
273e9afcc8 sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869
Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
is just a nop.
2012-06-03 00:00:34 +01:00
Steve Holme
9c7016f560 pop3.c:Corrected typo in commit 69ba0da827 2012-06-02 23:12:07 +01:00
Steve Holme
69ba0da827 pop3: Fixed the issue of having to supply the user name for all requests
Previously it wasn't possible to connect to POP3 and not specify the
user name as a CURLE_ACCESS_DENIED error would be returned. This error
occurred because USER would be sent to the server with a blank user name
if no mailbox user was specified as the server would reply with -ERR.

This wasn't a problem prior to the 7.26.0 release but with the
introduction of custom commands the user and/or application developer
might want to issue a CAPA command without having to log in as a
specific mailbox user.

Additionally this fix won't send the newly introduced AUTH command if no
user name is specified.
2012-06-02 22:11:37 +01:00
Steve Holme
1fa2af5136 pop3.c: Small code tidy up
Corrected lines exceeding 78 characters.

Repositioned some comments and added extra clarity.
2012-06-02 21:38:55 +01:00
Steve Holme
cfa81b8fb0 sasl: Corrected variable names in comments and parameters 2012-06-02 14:03:55 +01:00
Steve Holme
69f7156ad9 pop3: Added support for sasl ntlm authentication 2012-06-02 11:55:58 +01:00
Steve Holme
6f964e4f06 sasl: Small comment style tidy up following ntlm commit 2012-06-02 11:09:59 +01:00
Steve Holme
d9ca9e9869 sasl: Moved ntlm authentication message handling from smtp.c
Moved the ntlm message creation and decoding from smtp.c into the sasl
module to allow for use by other modules such as pop3.
2012-06-02 11:07:58 +01:00
Steve Holme
2df6e6d9f8 pop3: Added support for sasl login authentication 2012-06-01 15:59:29 +01:00
Steve Holme
54d484e136 sasl: Moved login authentication message creation from smtp.c
Moved the login message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-31 23:11:54 +01:00
Steve Holme
cb3d0ce2cb smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
Rather than encoding the password message itself the
smtp_state_authpasswd_resp() function now delegates the work to the same
function that smtp_state_authlogin_resp() and smtp_authenticate() use
when constructing the encoded user name.
2012-05-31 22:58:07 +01:00
Steve Holme
f86432b119 smtp.c: Re-factored smtp_auth_login_user() for use with passwords
In preparation for moving to the SASL module re-factored the
smtp_auth_login_user() function to smtp_auth_login() so that it can be
used for both user names and passwords as sending both of these under
the login authentication mechanism is the same.
2012-05-31 22:49:14 +01:00
Steve Holme
2c6d32b864 pop3: Added support for sasl plain text authentication 2012-05-31 20:45:53 +01:00
Steve Holme
3c14c524c5 curl_ntlm_msgs.c: Corrected small spelling mistake in comments 2012-05-30 20:56:37 +01:00
Steve Holme
8e860c1662 sasl: Moved plain text authentication message creation from smtp.c
Moved the plain text message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-30 20:52:52 +01:00
Steve Holme
7291c1f565 pop3: Introduced the continue response in pop3_endofresp() 2012-05-28 21:29:01 +01:00
Steve Holme
3fa0fbb816 pop3: Changed response code from O and E to + and -
The POP3 protocol doesn't really have the concept of error codes and
uses +, +OK and -ERR in response to commands to indicate continue,
success and error.

The AUTH command is one of those commands that requires multiple pieces
of data to be sent to the server where the server will respond with + as
part of the handshaking. This meant changing the values before
continuing with the next stage of adding authentication support.
2012-05-28 20:59:10 +01:00
Steve Holme
a9d798c4d5 pop3: Small code tidy up following authentication work so far
Changed the order of the state machine to match the order of actual
events.

Reworked some comments and function parameter positioning that I missed
the other day.
2012-05-28 20:21:52 +01:00
Kamil Dudka
72f4b534c4 nss: use human-readable error messages provided by NSS
Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
2012-05-28 11:24:24 +02:00
Daniel Stenberg
a7731673d0 pop3: remove variable-not-used warnings 2012-05-27 23:29:15 +02:00
Steve Holme
c267c53017 pop3: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the AUTH command. There are two ways of detecting them, either by
using the AUTH command, that will return -ERR if not supported or by
using the CAPA command which will return SASL and the list of mechanisms
if supported, not include SASL if SASL authentication is not supported
or -ERR if the CAPA command is not supported. As such it seems simpler
to use the AUTH command and fallback to normal clear text authentication
if the the command is not supported.

Additionally updated the test cases to return -ERR when the AUTH command
is encountered. Additional test cases will be added when support for the
individual authentication mechanisms is added.
2012-05-27 19:09:38 +01:00
Daniel Stenberg
dc454bd16b pop3: remove trailing whitespace 2012-05-27 14:08:46 +02:00
Steve Holme
c6495bccbf pop3: Code tidy up before the introduction of authentication code
Moved EOB definition into header file.

Switched the logic around in pop3_endofresp() to allow for the
introduction of auth-mechanism detection.

Repositioned second and third function variables where they will fit
within the 78 character line limit.

Tidied up some comments.
2012-05-27 10:54:13 +01:00
Guenter Knauf
cd4cf989bb Try to detect OpenSSL build type automatically. 2012-05-27 03:28:43 +02:00
Steve Holme
9c480490f7 sasl: Re-factored auth-mechanism constants to be more generic 2012-05-25 21:58:17 +01:00
Steve Holme
978b808f7d smtp: Moved auth-mechanism constants into a separate header file
Move the SMTP_AUTH constants into a separate header file in
preparation for adding SASL based authentication to POP3 as the two
protocols will need to share them.
2012-05-25 21:49:25 +01:00
Kamil Dudka
74be993576 nss: avoid using explicit casts of code pointers 2012-05-25 13:35:23 +02:00
Steve Holme
ef60fdbd73 smtp: Fixed an issue with the multi-interface always sending postdata
Due to the result code being reset to CURLE_OK when smtp_dophase_done()
was called, postdata would incorrectly be sent to the server when the
MAIL FROM or RCPT command was rejected.

As such, libcurl would return the wrong result code from performing the
operation and additionally set CURLINFO_RESPONSE_CODE to be that
returned by the postdata command.

Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
Reported by: Gokhan Sengun
2012-05-22 22:08:25 +01:00
Tatsuhiro Tsujikawa
6cc066a2c5 Fixed compile error with GNUTLS+NETTLE
In nettle/md5.h, md5_init and md5_update are defined as macros to
nettle_md5_init and nettle_md5_update respectively.  This causes
error when using MD5_params.md5_init and md5_update.  This patch
renames these members as md5_init_func and md5_update_func to
avoid name conflict. For completeness, MD5_params.md5_final was
also renamed as md5_final_func.

The changes in curl_ntlm_core.c is conversion error and fixed by
casting to proper type.
2012-05-22 16:40:09 +02:00
Guenter Knauf
1c58f291cc Updated dependency libary versions. 2012-05-22 04:15:37 +02:00
Steve Holme
7ba07c80a1 smtp: Fixed non-escaping of dot character at beginning of line
A dot character at the beginning of a line would not be escaped to a
double dot as required by RFC-2821, instead it would be deleted by the
mail server. Please see section 4.5.2 of the RFC for more information.

Note: This fix also simplifies the detection of repeated CRLF.CRLF
combinations, such as CRLF.CRLF.CRLF, a little rather than having to
advance the eob counter to 2.
2012-05-17 11:31:06 +01:00
Gokhan Sengun
d6773834f2 MD5: OOM fix
check whether md5 initialization succeeded before updating digest of
buffers onto it
2012-05-02 22:58:15 +02:00
Guenter Knauf
1beda0cbb7 Updated dependency lib versions. 2012-04-26 14:40:50 +02:00
Daniel Stenberg
72b72fe8ed URL parse: reject numerical IPv6 addresses outside brackets
Roman Mamedov spotted (in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
not complain when given a URL with an IPv6 numerical address without
brackets. It would simply cut off the last ":[hex]" part and thus not
work correctly.

That's a URL using an illegal syntax and now libcurl will instead return
a clear error code and error message detailing the error.

The above mentioned bug report claims this to be a regression but
libcurl does not guarantee functionality when given URLs that aren't
following the URL spec (RFC3986 mostly). I consider the fact that it
used to handle this differently a mere coincidence.
2012-04-23 23:18:42 +02:00
Daniel Stenberg
bd9eb30ffd Curl_MD5_init: fix OOM memory leak
Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
Reported by: Michael Mueller
2012-04-23 23:07:40 +02:00
Gokhan Sengun
dd18e714ff OpenSSL cert: provide more details when cert check fails
curl needs to be more chatty regarding certificate verification failure
during SSL handshake
2012-04-23 20:24:15 +02:00
Yang Tse
d6c449e3b4 Revert "sspi: Added version information"
This reverts commit 2976de4808.
2012-04-23 16:28:01 +02:00
Yang Tse
071f8d4182 Revert "sspi - Small code tidy up"
This reverts commit 46cd5f1dad.
2012-04-23 16:27:47 +02:00
Yang Tse
d83233501f Revert "Fixed 'extra tokens at end of #endif directive'."
This reverts commit 77172a242f.
2012-04-23 16:27:33 +02:00
Yang Tse
419a50f817 Revert "Fixed 'Trailing whitespace' found by checksrc."
This reverts commit 683bfa60ad.
2012-04-23 16:27:20 +02:00
Yang Tse
975d23480c Revert "sspi: Code tidy up to remove unused variable."
This reverts commit 412510f974.
2012-04-23 16:27:04 +02:00
Steve Holme
412510f974 sspi: Code tidy up to remove unused variable. 2012-04-22 21:00:32 +01:00
Guenter Knauf
683bfa60ad Fixed 'Trailing whitespace' found by checksrc. 2012-04-22 21:19:36 +02:00
Guenter Knauf
77172a242f Fixed 'extra tokens at end of #endif directive'. 2012-04-22 21:10:17 +02:00
Steve Holme
46cd5f1dad sspi - Small code tidy up 2012-04-22 18:59:07 +01:00
Steve Holme
2976de4808 sspi: Added version information
Added version information for Windows SSPI to curl's main version
string and removed SSPI from the features string.
2012-04-22 18:49:27 +01:00
Daniel Stenberg
560cd62272 HTTP: empty chunked POST ended up in two zero size chunks
When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
size of the POST was zero length, it made libcurl first send a zero
chunk and then the terminating one. This could confuse a receiver and it
should rather just send the terminating chunk as it does with this fix.

Test case 1333 is added to verify.

Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
Reported by: Arnaud Compan
2012-04-20 22:25:31 +02:00
Guenter Knauf
0f54880277 Updated dependency lib versions. 2012-04-20 13:33:54 +02:00
Daniel Stenberg
5cd524df18 singleipconnect: return OK even when Curl_socket() fails
Commit 9109cdec11 brought this regression (shipped since 7.24.0).

The singleipconnect() function must not return an error if Curl_socket()
returns an error. It should then simply return OK and pass a SOCKET_BAD
back simply because that is how the user of this function expects it to
work and something else is not fine.

Reported by: Blaise Potard
Bug: http://curl.haxx.se/bug/view.cgi?id=3516508
2012-04-19 23:31:50 +02:00
Yang Tse
94111bbbd4 Take in account that CURLAUTH_* bitmasks are now 'unsigned long' - follow-up
MIPSPro compiler detected curl_easy_getinfo() related missing adjustments.
SunPro compiler detected curl tool --libcurl option related missing adjustments.
2012-04-19 16:31:11 +02:00
Yang Tse
df4205c10a url.c: CURLOPT_HTTPAUTH and CURLOPT_PROXYAUTH fixes
Fail with CURLE_NOT_BUILT_IN when none of requested auth methods is supported.

Reject CURLAUTH_ONLY bit when given alone or with CURLAUTH_NONE.
2012-04-19 00:35:44 +02:00
Yang Tse
9421b06397 Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
'unsigned long' for proper handling and operating.
2012-04-18 23:04:35 +02:00
Yang Tse
3833765ba5 build adjustments: commit 9e24b9c7 follow-up 2012-04-17 13:29:12 +02:00
Yang Tse
a498daa0e0 nss.c: fix compiler warning 2012-04-16 22:37:12 +02:00
Yang Tse
7d4ed0b10e setup_once.h: tighten requirements for stdbool.h header inclusion
Include stdbool.h only when it is available and configure is capable of
detecting a proper 'bool' data type when the header is included.

Compilation fix for old or unpatched versions of XL C compiler.

Report: http://curl.haxx.se/mail/archive-2012-04/0022.html
2012-04-14 15:41:38 +02:00
Yang Tse
48d13b44c6 headers: require GCC 2.7 or newer in order to allow attribute GCC'isms usage
Usage in other code paths already protected and requiring even newer versions.
2012-04-14 15:12:30 +02:00
Jonathan Nieder
8b63b48627 headers: surround GCC attribute names with double underscores
This protects from attribute names being defined by third party's code.

Improvement: http://curl.haxx.se/mail/lib-2012-04/0127.html
2012-04-14 15:06:57 +02:00
Yang Tse
c156b916a4 nss.c: fix compiler warning 2012-04-13 18:26:42 +02:00
Kamil Dudka
a60edcc6d4 nss: provide human-readable names for NSS errors 2012-04-13 12:19:36 +02:00
Kamil Dudka
20cb12db8d nss: use NSS_InitContext() to initialize NSS if available
NSS_InitContext() was introduced in NSS 3.12.5 and helps to prevent
collisions on NSS initialization/shutdown with other libraries.

Bug: https://bugzilla.redhat.com/738456
2012-04-13 12:19:36 +02:00
Kamil Dudka
42aa796150 nss: unconditionally require PK11_CreateGenericObject()
This bumps the minimal supported version of NSS to 3.12.x.
2012-04-13 12:19:36 +02:00
Guenter Knauf
930781e168 Added NetWare export. 2012-04-13 01:24:34 +02:00
Yang Tse
8c29bf5640 url.c: fix compiler warning 2012-04-12 21:21:08 +02:00
Guenter Knauf
82306ebfba Updated dependency lib versions (2nd try). 2012-04-12 20:51:29 +02:00
Guenter Knauf
03d4b9f078 Updated dependency lib versions. 2012-04-12 20:44:50 +02:00
Yang Tse
38ae6ec1a2 configure: NATIVE_WINDOWS no longer defined in config files 2012-04-12 13:08:48 +02:00
Yang Tse
9e24b9c7af build adjustments: CURL_HIDDEN_SYMBOLS no longer defined in config files
configure script now provides conditional definitions for Makefile.am
that result in CURL_HIDDEN_SYMBOLS being defined by resulting makefiles
when appropriate.

Additionally, configure script option for symbol hiding control is now
named --enable-symbol-hiding --disable-symbol-hiding. While still valid,
old option name --enable-hidden-symbols --disable-hidden-symbols will
be deprecated in some future release.
2012-04-11 19:33:54 +02:00
Yang Tse
21423497ef configure: Windows cross-compilation fixes
BUILDING_LIBCURL and CURL_STATICLIB are no longer defined in curl_config.h,
configure will generate appropriate conditionals so that mentioned symbols
get defined and used in Makefiles at compilation time
2012-04-09 21:24:16 +02:00
Yang Tse
3d8c093145 curl tool: use configuration files from lib directory - follow-up I
amigaos.[ch] now integrates nicely with any libcurl build
2012-04-07 00:31:24 +02:00
Yang Tse
919c97fa65 curl tool: use configuration files from lib directory
Configuration files such as curl_config.h and all config-*.h no longer exist
nor are generated/copied into 'src' directory, now these only exist in 'lib'
directory from where curl tool sources uses them.

Additionally old src/setup.h has been refactored into src/tool_setup.h which
now pulls lib/setup.h

The possibility of a makefile needing an include path adjustment exists.
2012-04-06 23:37:05 +02:00
Daniel Stenberg
376b4d48fe PolarSSL: correct return code for CRL matches
When a server certificate matches one in the given CRL file, the code
now returns CURLE_SSL_CACERT as test case 313 expects and verifies.
2012-04-06 15:10:59 +02:00
Daniel Stenberg
118e73306d PolarSSL: include version number in version string
Previously it would say PolarSSL only, now it says PolarSSL/1.1.0 in the
same style other libs and components do.
2012-04-06 14:44:36 +02:00
Andrei Cipu
0b516b7162 CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URL
As it turns out, some people do want that after all.
2012-04-05 23:29:21 +02:00
Dag Ekengren
5e852ab9d1 PolarSSL: add support for asynchronous connect 2012-04-05 00:18:34 +02:00
Tim Heckman
f9bb5d2984 Revert "access the CA source file using HTTPS"
This reverts commit f7e2ab6.

This change caused fetching of the certificates to become unreliable.

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-04-04 23:54:02 +02:00
Andrei Cipu
ad595c3ba9 IPv6 cookie domain: get rid of the first bracket before the second.
Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
character.
2012-04-04 23:51:41 +02:00
Yang Tse
9753c6bec5 ftp.c: ftplistparser related OOM handling fix 2012-04-04 17:31:11 +02:00
Yang Tse
b16e3da12a smtp.c: fix compiler warnings 2012-04-04 17:24:30 +02:00
Lijo Antony
950b0b770e connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails
Curl_socket returns CURLE_COULDNT_CONNECT when the opensocket callback
returns CURL_SOCKET_BAD. Previous return value CURLE_FAILED_INIT
conveys incorrect information to the user.
2012-04-03 22:56:29 +02:00
Steve Holme
15e1227ed4 pop3: Reworked the command sending and handling
Reworked the command sending from two specific LIST and RETR command
functions into a single command based function as well as the two
associated response handlers into a generic command handler.
2012-04-02 23:24:00 +01:00
Steve Holme
54866b68cd smtp.c: Code policing and tidy up 2012-04-01 21:09:38 +01:00
Armel Asselin
05a443adf2 SSH: public key can now be an empty string
If an empty string is passed to CURLOPT_SSH_PUBLIC_KEYFILE, libcurl will
pass no public key to libssh2 which then tries to compute it from the
private key. This is known to work when libssh2 1.4.0+ is linked against
OpenSSL.
2012-04-01 20:22:37 +02:00
Tatsuhiro Tsujikawa
ebf315e6f3 OpenSSL: Made cert hostname check conform to RFC 6125
This change replaces RFC 2818 based hostname check in OpenSSL build with
RFC 6125 [1] based one.

The hostname check in RFC 2818 is ambiguous and each project implements
it in the their own way and they are slightly different. I check curl,
gnutls, Firefox and Chrome and they are all different.

I don't think there is a bug in current implementation of hostname
check. But it is not as strict as the modern browsers do. Currently,
curl allows multiple wildcard character '*' and it matches '.'. (as
described in the comment in ssluse.c).

Firefox implementation is also based on RFC 2818 but it only allows at
most one wildcard character and it must be in the left-most label in the
pattern and the wildcard must not be followed by any character in the
label.[2] Chromium implementation is based on RFC 6125 as my patch does.
Firefox and Chromium both require wildcard in the left-most label in the
presented identifier.

This patch is more strict than the current implementation, so there may
be some cases where old curl works but new one does not. But at the same
time I think it is good practice to follow the modern browsers do and
follow the newer RFC.

[1] http://tools.ietf.org/html/rfc6125#section-6.4.3
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
2012-04-01 20:10:37 +02:00
Daniel Stenberg
c44d45db86 HTTP: reset expected DL/UL sizes on redirects
With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
download size was known (like with a Content-Length header), but the
subsequent URL (transfered after the 3xx page) was chunked encoded, then
the previous "known download size" would linger and cause the progress
meter to get incorrect information, ie the former value would remain
being sent in. This could easily result in downloads that were WAY
larger than "expected" and would cause >100% outputs with the curl
command line tool.

Test case 599 was created and it was used to repeat the bug and then
verify the fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
Reported by: Michael Wallner
2012-04-01 00:07:24 +02:00
Gökhan Şengün
7a2647e162 smtp: Add support for DIGEST-MD5 authentication 2012-03-31 22:31:19 +01:00
Gökhan Şengün
9bae9ddad9 smtp: Cody tidy up of md5 digest length
Replaced the hard coded md5 digest length (16) with a preprocessor
constant
2012-03-31 22:31:18 +01:00
Gökhan Şengün
004d7251ab md5: Add support for calculating the md5 sum of buffers incrementally
It is now possible to calculate the md5 sum as the stream of buffers
becomes known where as previously it was only possible to calculate the
md5 sum of a pre-prepared buffer.
2012-03-31 22:31:16 +01:00
Daniel Stenberg
33d044a862 Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
This reverts commit 9f0e1689f1.

It turned out that "improvement" instead made the fetching of the
certificates unreliable

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-03-31 19:51:36 +02:00
Steve Holme
761c3c5446 pop3: Added support for additional pop3 commands
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
2012-03-31 18:46:22 +01:00
Yang Tse
97ff646fc1 ssh.c: code cleanup, Curl_safefree() already nullifies pointer 2012-03-25 18:30:17 +02:00
Yang Tse
9801596fb3 fix some compiler warnings 2012-03-25 18:30:16 +02:00
Steve Holme
982315573c pop3.c: Corrected problem with state() introduced in 01690ed2bc 2012-03-25 12:47:39 +01:00
Steve Holme
9f96e6da28 pop.c: Small code tidy up 2012-03-25 11:28:59 +01:00
Steve Holme
01690ed2bc pop3: Removed the need for the single message LIST command handler
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
2012-03-25 11:21:59 +01:00
Steve Holme
2da89708ec pop3.c: Code policing and tidy up
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
2012-03-24 12:28:11 +00:00