1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 13:35:03 -05:00
Commit Graph

855 Commits

Author SHA1 Message Date
Daniel Stenberg
20acb58a38
code style: use space after semicolon 2017-09-12 09:50:24 +02:00
Daniel Stenberg
e5743f08e7
code style: use spaces around pluses 2017-09-11 09:29:50 +02:00
Daniel Stenberg
6b84438d9a
code style: use spaces around equals signs 2017-09-11 09:29:50 +02:00
Daniel Stenberg
02eb6184ad
Curl_checkheaders: make it available for IMAP and SMTP too
... not only HTTP uses this now.

Closes #1875
2017-09-11 00:26:17 +02:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Patrick Monnerat
3b51fa6285 http: fix a memory leakage in checkrtspprefix(). 2017-09-02 12:40:19 +01:00
Jan Alexander Steffens (heftig)
74dac344b2
http: Don't wait on CONNECT when there is no proxy
Since curl 7.55.0, NetworkManager almost always failed its connectivity
check by timeout. I bisected this to 5113ad04 (http-proxy: do the HTTP
CONNECT process entirely non-blocking).

This patch replaces !Curl_connect_complete with Curl_connect_ongoing,
which returns false if the CONNECT state was left uninitialized and lets
the connection continue.

Closes #1803
Fixes #1804

Also-fixed-by: Gergely Nagy
2017-08-18 15:25:22 +02:00
Daniel Stenberg
ff50fe0348
strtoofft: reduce integer overflow risks globally
... make sure we bail out on overflows.

Reported-by: Brian Carpenter
Closes #1758
2017-08-14 23:33:41 +02:00
Daniel Stenberg
909283ae5a http: fix response code parser to avoid integer overflow
test 1429 and 1433 were updated to work with the stricter HTTP status line
parser.

Closes #1714
Reported-by: Brian Carpenter
2017-07-31 18:37:43 +02:00
Daniel Stenberg
b22f93dbb8 http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD
Make the name reflect its use better, and add a short comment describing
what it's for.
2017-07-06 11:20:57 +02:00
Max Dymond
c75f63d7c4 handler: refactor connection checking
Add a new type of callback to Curl_handler which performs checks on
the connection. Alter RTSP so that it uses this callback to do its
own check on connection health.
2017-06-30 10:17:27 +02:00
Daniel Stenberg
9b167fd090 --request-target: instead of --strip-path-slash
... and CURLOPT_REQUEST_TARGET instead of CURLOPT_STRIP_PATH_SLASH.

This option instead provides the full "alternative" target to use in the
request, instead of extracting the path from the URL.

Test 1298 and 1299 updated accordingly.

Idea-by: Evert Pot
Suggestion: https://daniel.haxx.se/blog/2017/06/19/options-with-curl/comment-page-1/#comment-18373

Closes #1593
2017-06-21 23:39:10 +02:00
Daniel Stenberg
b778ae4c5e http: add --strip-path-slash and CURLOPT_STRIP_PATH_SLASH
... to enable sending "OPTIONS *" which wasn't possible previously.

This option currently only works for HTTP.

Added test cases 1298 + 1299 to verify

Fixes #1280
Closes #1462
2017-06-19 16:39:22 +02:00
Daniel Stenberg
5113ad0424 http-proxy: do the HTTP CONNECT process entirely non-blocking
Mentioned as a problem since 2007 (8f87c15bda) and of course it
existed even before that.

Closes #1547
2017-06-14 23:43:52 +02:00
Daniel Stenberg
e54db1b053 transfer: init the infilesize from the postfields...
... with a strlen() if no size was set, and do this in the pretransfer
function so that the info is set early. Otherwise, the default strlen()
done on the POSTFIELDS data never sets state.infilesize.

Reported-by: Vincas Razma
Bug: #1294
2017-05-30 11:39:42 +02:00
Daniel Stenberg
31b39c40cf multi: use a fixed array of timers instead of malloc
... since the total amount is low this is faster, easier and reduces
memory overhead.

Also, Curl_expire_done() can now mark an expire timeout as done so that
it never times out.

Closes #1472
2017-05-10 12:55:36 +02:00
Daniel Stenberg
e40e9d7f0d buffer: use data->set.buffer_size instead of BUFSIZE
... to properly use the dynamically set buffer size!
2017-05-01 22:55:29 +02:00
Daniel Stenberg
87eb8d5b30 http: don't clobber the receive buffer for timecond 2017-05-01 22:55:29 +02:00
Daniel Stenberg
94460878cc http: use private user:password output buffer
Don't clobber the receive buffer.
2017-05-01 22:55:29 +02:00
Kamil Dudka
2549831daa http: do not treat FTPS over CONNECT as HTTPS
If we use FTPS over CONNECT, the TLS handshake for the FTPS control
connection needs to be initiated in the SENDPROTOCONNECT state, not
the WAITPROXYCONNECT state.  Otherwise, if the TLS handshake completed
without blocking, the information about the completed TLS handshake
would be saved to a wrong flag.  Consequently, the TLS handshake would
be initiated in the SENDPROTOCONNECT state once again on the same
connection, resulting in a failure of the TLS handshake.  I was able to
observe the failure with the NSS backend if curl ran through valgrind.

Note that this commit partially reverts curl-7_21_6-52-ge34131d.
2017-03-28 17:04:16 +02:00
Isaac Boukris
7975d10cf8 http: Fix proxy connection reuse with basic-auth
When using basic-auth, connections and proxy connections
can be re-used with different Authorization headers since
it does not authenticate the connection (like NTLM does).

For instance, the below command should re-use the proxy
connection, but it currently doesn't:
curl -v -U alice:a -x http://localhost:8181 http://localhost/
  --next -U bob:b -x http://localhost:8181 http://localhost/

This is a regression since refactoring of ConnectionExists()
as part of: cb4e2be7c6

Fix the above by removing the username and password compare
when re-using proxy connection at proxy_info_matches().

However, this fix brings back another bug would make curl
to re-print the old proxy-authorization header of previous
proxy basic-auth connection because it wasn't cleared.

For instance, in the below command the second request should
fail if the proxy requires authentication, but would succeed
after the above fix (and before aforementioned commit):
curl -v -U alice:a -x http://localhost:8181 http://localhost/
  --next -x http://localhost:8181 http://localhost/

Fix this by clearing conn->allocptr.proxyuserpwd after use
unconditionally, same as we do for conn->allocptr.userpwd.

Also fix test 540 to not expect digest auth header to be
resent when connection is reused.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>

Closes https://github.com/curl/curl/pull/1350
2017-03-28 03:54:43 -04:00
klemens
f7df67cff0 spelling fixes
Closes #1356
2017-03-26 23:56:23 +02:00
Sylvestre Ledru
66de563482 Improve code readbility
... by removing the else branch after a return, break or continue.

Closes #1310
2017-03-13 23:11:45 +01:00
Michael Kaufmann
e84a863dc3 proxy: skip SSL initialization for closed connections
This prevents a "Descriptor is not a socket" error for WinSSL.

Reported-by: Antony74@users.noreply.github.com
Reviewed-by: Jay Satiro

Fixes https://github.com/curl/curl/issues/1239
2017-03-11 18:59:01 +01:00
Isaac Boukris
5278462c32 authneg: clear auth.multi flag at http_done
This flag is meant for the current request based on authentication
state, once the request is done we can clear the flag.

Also change auth.multi to auth.multipass for better readability.

Fixes https://github.com/curl/curl/issues/1095
Closes https://github.com/curl/curl/pull/1326

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Michael Kaufmann
2017-03-11 18:12:08 +01:00
Tatsuhiro Tsujikawa
475c2583d5 http2: Fix assertion error on redirect with CL=0
This fixes assertion error which occurs when redirect is done with 0
length body via HTTP/2, and the easy handle is reused, but new
connection is established due to hostname change:

    curl: http2.c:1572: ssize_t http2_recv(struct connectdata *,
      int, char *, size_t, CURLcode *):
    Assertion `httpc->drain_total >= data->state.drain' failed.

To fix this bug, ensure that http2_handle_stream is called.

Fixes #1286
Closes #1302
2017-03-07 23:12:41 +01:00
Isaac Boukris
13e3a18b34 http: fix missing 'Content-Length: 0' while negotiating auth
- While negotiating auth during PUT/POST if a user-specified
  Content-Length header is set send 'Content-Length: 0'.

This is what we do already in HTTPREQ_POST_FORM and what we did in the
HTTPREQ_POST case (regression since afd288b).

Prior to this change no Content-Length header would be sent in such a
case.

Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html
Reported-by: Dominik Hölzl

Closes https://github.com/curl/curl/pull/1242
2017-02-17 02:32:16 -05:00
Richy Kim
6b7616690e CURLOPT_BUFFERSIZE: support enlarging receive buffer
Replace use of fixed macro BUFSIZE to define the size of the receive
buffer.  Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive
buffer size.  Upon setting, resize buffer if larger than the current
default size up to a MAX_BUFSIZE (512KB). This can benefit protocols
like SFTP.

Closes #1222
2017-01-19 23:38:04 +01:00
Alessandro Ghedini
1ad1a0d186 http: print correct HTTP string in verbose output when using HTTP/2
Before:
```
 % src/curl https://sigsegv.ninja/ -v --http2
...
> GET / HTTP/1.1
> Host: sigsegv.ninja
> User-Agent: curl/7.52.2-DEV
> Accept: */*
>
...
```

After:
```
 % src/curl https://sigsegv.ninja/ -v --http2
...
> GET / HTTP/2
> Host: sigsegv.ninja
> User-Agent: curl/7.52.2-DEV
> Accept: */*
>
```
2017-01-14 12:50:51 +00:00
Daniel Stenberg
9aa259a139 http: remove "Curl_http_done: called premature" message
... it only confuses people.
2016-12-23 23:32:43 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Daniel Stenberg
0649433da5 realloc: use Curl_saferealloc to avoid common mistakes
Discussed: https://curl.haxx.se/mail/lib-2016-11/0087.html
2016-11-11 10:03:48 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
Daniel Stenberg
c5be3d7267 cookies: getlist() now holds deep copies of all cookies
Previously it only held references to them, which was reckless as the
thread lock was released so the cookies could get modified by other
handles that share the same cookie jar over the share interface.

CVE-2016-8623

Bug: https://curl.haxx.se/docs/adv_20161102I.html
Reported-by: Cure53
2016-10-31 08:46:35 +01:00
Michael Kaufmann
e9e5366193 New libcurl option to keep sending on error
Add the new option CURLOPT_KEEP_SENDING_ON_ERROR to control whether
sending the request body shall be completed when the server responds
early with an error status code.

This is suitable for manual NTLM authentication.

Reviewed-by: Jay Satiro

Closes https://github.com/curl/curl/pull/904
2016-09-22 22:22:31 +02:00
Daniel Stenberg
d4c5a91722 http: accept "Transfer-Encoding: chunked" for HTTP/2 as well
... but don't send the actual header over the wire as it isn't accepted.
Chunked uploading is still triggered using this method.

Fixes #1013
Fixes #662
2016-09-16 09:00:20 +02:00
Daniel Stenberg
3533def3d5 http2: make sure stream errors don't needlessly close the connection
With HTTP/2 each transfer is made in an indivial logical stream over the
connection, making most previous errors that caused the connection to get
forced-closed now instead just kill the stream and not the connection.

Fixes #941
2016-08-28 16:44:49 +02:00
Michael Kaufmann
7bda07b046 HTTP: stop parsing headers when switching to unknown protocols
- unknown protocols probably won't send more headers (e.g. WebSocket)
- improved comments and moved them to the correct case statements

Closes #899
2016-08-25 14:49:39 +02:00
Steve Holme
317795d1bf http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) check
From commit 2708d4259b.
2016-08-21 10:25:45 +01:00
Steve Holme
c6b869ec79 http.c: Corrected indentation change from commit 2708d4259b
Made by Visual Studio's auto-correct feature and missed by me in my own
code reviews!
2016-08-20 19:34:54 +01:00
Steve Holme
2708d4259b http: Added calls to Curl_auth_is_<mechansism>_supported()
Hooked up the HTTP authentication layer to query the new 'is mechanism
supported' functions when deciding what mechanism to use.

As per commit 00417fd66c existing functionality is maintained for now.
2016-08-20 19:15:13 +01:00
Daniel Stenberg
93b0d907d5 Revert "Proxy-Connection: stop sending this header by default"
This reverts commit 113f04e664.
2016-08-16 08:36:04 +02:00
Michael Kaufmann
38685f86c8 cleanup: minor code cleanup in Curl_http_readwrite_headers()
- the expression of an 'if' was always true
- a 'while' contained a condition that was always true
- use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)'
- fixed a typo

Closes #889
2016-06-28 20:48:44 +02:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Michael Kaufmann
0bdec5e01d cleanup: fix method names in code comments
Closes #887
2016-06-21 13:11:40 +02:00
Jay Satiro
1aa899ff38 http: Fix HTTP/2 connection reuse
- Change the parser to not require a minor version for HTTP/2.

HTTP/2 connection reuse broke when we changed from HTTP/2.0 to HTTP/2
in 8243a95 because the parser still expected a minor version.

Bug: https://github.com/curl/curl/issues/855
Reported-by: Andrew Robbins, Frank Gevaerts
2016-06-05 03:13:32 -04:00
Daniel Stenberg
f6767f5435 TLS: move the ALPN/NPN enable bits to the connection
Only protocols that actually have a protocol registered for ALPN and NPN
should try to get that negotiated in the TLS handshake. That is only
HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
would wrongly be used in all handshakes if libcurl was built with it
enabled.

Reported-by: Jay Satiro

Fixes #789
2016-05-09 15:30:25 -04:00
Daniel Stenberg
96eb9a862b http: make sure a blank header overrides accept_decoding
Reported-by: rcanavan
Assisted-by: Isaac Boukris
Closes #785
2016-05-02 11:24:11 +02:00
Daniel Stenberg
4f45240bc8 lib: include curl_printf.h as one of the last headers
curl_printf.h defines printf to curl_mprintf, etc. This can cause
problems with external headers which may use
__attribute__((format(printf, ...))) markers etc.

To avoid that they cause problems with system includes, we include
curl_printf.h after any system headers. That makes the three last
headers to always be, and we keep them in this order:

 curl_printf.h
 curl_memory.h
 memdebug.h

None of them include system headers, they all do funny #defines.

Reported-by: David Benjamin

Fixes #743
2016-04-29 22:32:49 +02:00
Marcel Raad
c2b3f264cb CONNECT_ONLY: don't close connection on GSS 401/407 reponses
Previously, connections were closed immediately before the user had a
chance to extract the socket when the proxy required Negotiate
authentication.

This regression was brought in with the security fix in commit
79b9d5f1a4

Closes #655
2016-04-26 23:01:56 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Diego Bes
324a97ecf8 http2: support "prior knowledge", no upgrade from HTTP/1.1
Supports HTTP/2 over clear TCP

- Optimize switching to HTTP/2 by removing calls to init and setup
before switching. Switching will eventually call setup and setup calls
init.

- Supports new version to “force” the use of HTTP/2 over clean TCP

- Add common line parameter “--http2-prior-knowledge” to the Curl
  command line tool.
2016-03-31 22:23:11 +02:00
Daniel Stenberg
541027876d http: remove ((expression)) double parentheses 2016-03-31 10:10:58 +02:00
Daniel Stenberg
b22a954736 Curl_add_buffer_send: avoid possible NULL dereference
... as we check for a NULL pointer below, we move the derefence to after
the check. Detected by PVS Studio.

Reported-by: Alexis La Goutte
2016-03-31 10:10:58 +02:00
Daniel Stenberg
575e885db0 multi: turn Curl_done into file local multi_done
... as it now is used by multi.c only.
2016-03-30 07:52:28 +02:00
Steve Holme
f0bdd72c10 http_ntlm: Renamed from curl_ntlm.[c|h]
Renamed the header and source files for this module as they are HTTP
specific and as such, they should use the naming convention as other
HTTP authentication source files do - this revert commit 260ee6b7bf.

Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind
code needs separating from the HTTP protocol and migrating into the
vauth directory, thus adding support for Winbind to the SASL based
protocols such as IMAP, POP3 and SMTP.
2016-03-27 17:58:50 +01:00
Steve Holme
ad5e9bfd5d vauth: Moved the Negotiate authentication code to the new vauth directory
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
2016-03-26 17:21:22 +00:00
Steve Holme
96fff9f6b5 http: Minor update based on CODE_STYLE guidelines 2016-03-24 06:35:23 +00:00
Steve Holme
9351383745 connect/ntlm/http: Fixed compilation warnings when verbose strings disabled
warning C4189: 'data': local variable is initialized but not referenced
2016-03-20 17:51:06 +00:00
Daniel Stenberg
eb083e0d39 http2: don't decompress gzip decoding automatically
At one point during the development of HTTP/2, the commit 133cdd29ea
introduced automatic decompression of Content-Encoding as that was what
the spec said then. Now however, HTTP/2 should work the same way as
HTTP/1 in this regard.

Reported-by: Kazuho Oku

Closes #661
2016-02-17 08:25:40 +01:00
Tatsuhiro Tsujikawa
b080a7cd06 http: Don't break the header into chunks if HTTP/2
nghttp2 callback deals with TLS layer and therefore the header does not
need to be broken into chunks.

Bug: https://github.com/curl/curl/issues/659
Reported-by: Kazuho Oku
2016-02-16 14:49:12 -05:00
Daniel Stenberg
113f04e664 Proxy-Connection: stop sending this header by default
RFC 7230 says we should stop. Firefox already stopped.

Bug: https://github.com/curl/curl/issues/633
Reported-By: Brad Fitzpatrick

Closes #633
2016-02-08 11:09:40 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Tatsuhiro Tsujikawa
15cb03ad84 http2: Support trailer fields
This commit adds trailer support in HTTP/2.  In HTTP/1.1, chunked
encoding must be used to send trialer fields.  HTTP/2 deprecated any
trandfer-encoding, including chunked.  But trailer fields are now
always available.

Since trailer fields are relatively rare these days (gRPC uses them
extensively though), allocating buffer for trailer fields is done when
we detect that HEADERS frame containing trailer fields is started.  We
use Curl_add_buffer_* functions to buffer all trailers, just like we
do for regular header fields.  And then deliver them when stream is
closed.  We have to be careful here so that all data are delivered to
upper layer before sending trailers to the application.

We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
mechanism, but current method is far more simple.

Another possibility is use chunked encoding internally for HTTP/2
traffic.  I have not tested it, but it could add another overhead.

Closes #564
2015-12-15 23:47:46 +01:00
Daniel Stenberg
4bcc532de5 http: add libcurl option to allow HTTP/2 for HTTPS only
... and stick to 1.1 for HTTP. This is in line with what browsers do and
should have very little risk.
2015-12-13 09:24:51 +01:00
Daniel Stenberg
034317d2af fix b6d5cb40d7 2015-12-09 00:27:04 +01:00
Christian Stewart
b6d5cb40d7 build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
With curl disable verbose strings in http.c the compilation fails due to
the data variable being undefined later on in the function.

Closes #558
2015-12-08 18:12:16 +01:00
Daniel Stenberg
cd2b73b3ed timecond: do not add if-modified-since without timecondition
The RTSP code path didn't skip adding the if-modified-since for certain
RTSP code paths, even if CURLOPT_TIMECONDITION was set to
CURL_TIMECOND_NONE.

Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
CURL_TIMECOND_IFMODSINCE.

Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
2015-11-25 11:38:10 +01:00
Daniel Stenberg
c341311a0e Revert "cleanup: general removal of TODO (and similar) comments"
This reverts commit 64e959ffe3.

Feedback-by: Dan Fandrich
URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-24 09:36:45 +01:00
Daniel Stenberg
b4c39010b5 http2: http_done: don't free already-freed push headers
The push headers are freed after the push callback has been invoked,
meaning this code should only free the headers if the callback was never
invoked and thus the headers weren't freed at that time.

Reported-by: Davey Shafik
2015-11-17 09:47:58 +01:00
Daniel Stenberg
64e959ffe3 cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
2015-11-13 16:15:26 +01:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Daniel Stenberg
c6aedf680f fread_func: move callback pointer from set to state struct
... and assign it from the set.fread_func_set pointer in the
Curl_init_CONNECT function. This A) avoids that we have code that
assigns fields in the 'set' struct (which we always knew was bad) and
more importantly B) it makes it impossibly to accidentally leave the
wrong value for when the handle is re-used etc.

Introducing a state-init functionality in multi.c, so that we can set a
specific function to get called when we enter a state. The
Curl_init_CONNECT is thus called when switching to the CONNECT state.

Bug: https://github.com/bagder/curl/issues/346

Closes #346
2015-10-15 23:32:19 +02:00
Erik Janssen
14ff86256b rtsp: stop reading empty DESCRIBE responses
Based-on-patch-by: Jim Hollinger
2015-08-20 23:07:03 +02:00
Anders Bakken
5778e6f526 http2: discard frames with no SessionHandle
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the
SessionHandle. Apparently mod_h2 will sometimes send a frame for a
stream_id we're finished with.

Use nghttp2_session_get_stream_user_data and
nghttp2_session_set_stream_user_data to identify SessionHandles instead
of a hash.

Closes #372
2015-08-11 08:16:33 +02:00
Kamil Dudka
f7dcc7c118 http: move HTTP/2 cleanup code off http_disconnect()
Otherwise it would never be called for an HTTP/2 connection, which has
its own disconnect handler.

I spotted this while debugging <https://bugzilla.redhat.com/1248389>
where the http_disconnect() handler was called on an FTP session handle
causing 'dnf' to crash.  conn->data->req.protop of type (struct FTP *)
was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in
Curl_add_buffer_free() after printing the "Connection cache is full,
closing the oldest one." message.

A previously working version of libcurl started to crash after it was
recompiled with the HTTP/2 support despite the HTTP/2 protocol was not
actually used.  This commit makes it work again although I suspect the
root cause (reinterpreting session handle data of incompatible protocol)
still has to be fixed.  Otherwise the same will happen when mixing FTP
and HTTP/2 connections and exceeding the connection cache limit.

Reported-by: Tomas Tomecek
Bug: https://bugzilla.redhat.com/1248389
2015-07-30 15:16:43 +02:00
Michael Kaufmann
c5d060cab4 HTTP: ignore "Content-Encoding: compress"
Currently, libcurl rejects responses with "Content-Encoding: compress"
when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should
treat the Content-Encoding "compress" the same as other
Content-Encodings that it does not support, e.g. "bzip2". That means
just ignoring it.
2015-07-25 00:46:01 +02:00
Tatsuhiro Tsujikawa
845b011614 http2: Fix memory leak in push header array 2015-07-07 12:33:41 +02:00
Daniel Stenberg
f65ab8864e http2: fixed the header accessor functions for the push callback 2015-06-24 23:44:42 +02:00
Daniel Stenberg
feea9263e9 http2: setup the new pushed stream properly 2015-06-24 23:44:42 +02:00
Kamil Dudka
24a8359b25 http: do not leak basic auth credentials on re-used connections
CVE-2015-3236

This partially reverts commit curl-7_39_0-237-g87c4abb

Reported-by: Tomas Tomecek, Kamil Dudka
Bug: http://curl.haxx.se/docs/adv_20150617A.html
2015-06-17 07:43:13 +02:00
Daniel Stenberg
ff7097f72c urldata: store POST size in state.infilesize too
... to simplify checking when PUT _or_ POST have completed.

Reported-by: Frank Meier
Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-06-14 23:31:01 +02:00
Isaac Boukris
4bb815a32e HTTP-NTLM: fail auth on connection close instead of looping
Bug: https://github.com/bagder/curl/issues/256
2015-05-31 23:21:15 +02:00
Daniel Stenberg
d04bab8873 http: removed self assignment
Follow-up fix from b0143a2a33

Detected by coverity. CID 1299429
2015-05-22 09:57:16 +02:00
Daniel Stenberg
b0143a2a33 read_callback: move to SessionHandle from connectdata
With many easy handles using the same connection for multiplexing, it is
important we store and keep the transfer-oriented stuff in the
SessionHandle so that callbacks and callback data work fine even when
many easy handles share the same physical connection.
2015-05-20 23:06:45 +02:00
Kamil Dudka
00a770b3f5 http: silence compile-time warnings without USE_NGHTTP2
Error: CLANG_WARNING:
lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read

Error: COMPILER_WARNING:
lib/http.c: scope_hint: In function ‘http_disconnect’
lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
2015-05-19 12:53:30 +02:00
Jay Satiro
7da064fdd2 http: Add some include guards for the new HTTP/2 stuff 2015-05-18 20:53:58 -04:00
Daniel Stenberg
155b1f5df9 http2: fix build when NOT h2-enabled 2015-05-18 14:09:32 +02:00
Daniel Stenberg
d6f1c74330 pipeline: switch some code over to functions
... to "compartmentalize" a bit and make it easier to change behavior
when multiplexing is used instead of good old pipelining.
2015-05-18 09:33:47 +02:00
Daniel Stenberg
df3a970cb4 Curl_http_readwrite_headers: minor code simplification 2015-05-18 09:33:47 +02:00
Daniel Stenberg
522ca8c035 http2: rename s/data/pausedata 2015-05-18 09:33:47 +02:00
Daniel Stenberg
72105ebf05 http2: set default concurrency, fix ConnectionExists for multiplex 2015-05-18 09:33:47 +02:00
Daniel Stenberg
38bd6bf0bb bundles: store no/default/pipeline/multiplex
to allow code to act differently on the situation.

Also added some more info message for the connection re-use function to
make it clearer when connections are not re-used.
2015-05-18 09:33:36 +02:00
Daniel Stenberg
be4c8fd1ef http2: lazy init header_recvbuf
It makes us use less memory when not doing HTTP/2 and subsequently also
makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
2015-05-18 08:57:18 +02:00
Daniel Stenberg
783b3c7b42 http2: separate multiplex/pipelining + cleanup memory leaks 2015-05-18 08:57:18 +02:00
Daniel Stenberg
01e1bdb10c http2: force "drainage" of streams
... which is necessary since the socket won't be readable but there is
data waiting in the buffer.
2015-05-18 08:57:17 +02:00
Daniel Stenberg
7bbac214f5 http2: move the mem+len pair to the stream struct 2015-05-18 08:57:17 +02:00
Daniel Stenberg
84c6b6561f http2: more stream-oriented data, stream ID 0 is for connections 2015-05-18 08:57:17 +02:00
Daniel Stenberg
2c238ea1fc http2: move lots of state data to the 'stream' struct
... from the connection struct. The stream one being the 'struct HTTP'
which is kept in the SessionHandle struct (easy handle).

lookup streams for incoming frames in the stream hash, hashing is based
on the stream id and we get the SessionHandle for the incoming stream
that way.
2015-05-18 08:57:17 +02:00
Daniel Stenberg
6e6b02f398 http: switch on "pipelining" (multiplexing) for HTTP/2 servers
... and do not blacklist any.
2015-05-18 08:54:54 +02:00
Daniel Stenberg
fd137786e5 bundles: merged into conncache.c
All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed the Curl_ prefix).
2015-05-12 23:21:33 +02:00
Daniel Stenberg
79b9d5f1a4 http_done: close Negotiate connections when done
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.

CVE-2015-3148

Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
2015-04-21 23:20:37 +02:00
Daniel Stenberg
2eb02480ef Revert "HTTP: don't abort connections with pending Negotiate authentication"
This reverts commit 5dc68dd609.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
2015-04-17 23:23:42 +02:00
Dan Fandrich
35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
2015-03-24 23:47:01 +01:00
Daniel Stenberg
ef1c3b4648 HTTP: don't use Expect: headers when on HTTP/2
Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-17 15:09:34 +01:00
Daniel Stenberg
2dc1a5ce93 checksrc: detect and remove space before trailing semicolons 2015-03-17 14:06:48 +01:00
Daniel Stenberg
0f4a03cbb6 free: instead of Curl_safefree()
Since we just started make use of free(NULL) in order to simplify code,
this change takes it a step further and:

- converts lots of Curl_safefree() calls to good old free()
- makes Curl_safefree() not check the pointer before free()

The (new) rule of thumb is: if you really want a function call that
frees a pointer and then assigns it to NULL, then use Curl_safefree().
But we will prefer just using free() from now on.
2015-03-16 15:01:15 +01:00
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Daniel Stenberg
a5d994941c http: always send Host: header as first header
...after the method line:

 "Since the Host field-value is critical information for handling a
 request, a user agent SHOULD generate Host as the first header field
 following the request-line." / RFC 7230 section 5.4

Additionally, this will also make libcurl ignore multiple specified
custom Host: headers and only use the first one. Test 1121 has been
updated accordingly

Bug: http://curl.haxx.se/bug/view.cgi?id=1491
Reported-by: Rainer Canavan
2015-03-12 12:15:24 +01:00
Daniel Stenberg
00ea0e7db0 http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
Since they already exist and will make comparing easier
2015-03-07 11:10:30 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
df5578a7a3 mprintf.h: remove #ifdef CURLDEBUG
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
2015-03-03 12:36:18 +01:00
Steve Holme
47438daa60 http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int 2015-01-17 14:57:17 +00:00
Stefan Bühler
576ac00eb3 http_perhapsrewind: don't abort CONNECT requests
...they never have a body
2014-12-04 14:46:31 -08:00
Stefan Bühler
87c4abb611 HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
Sending NTLM/Negotiate header again after successful authentication
breaks the connection with certain Proxies and request types (POST to MS
Forefront).
2014-12-04 14:46:13 -08:00
Stefan Bühler
5dc68dd609 HTTP: don't abort connections with pending Negotiate authentication
... similarly to how NTLM works as Negotiate is in fact often NTLM with
another name.
2014-12-04 14:41:48 -08:00
Steve Holme
93e080cbaa http.c: Fixed compilation warnings from features being disabled
warning: unused variable 'data'
warning: variable 'addcookies' set but not used

...and some very minor coding style policing.
2014-11-27 22:29:31 +00:00
Daniel Stenberg
d62706ec6d http.c: log if it notices HTTP 1.1 after a upgrade to http2 2014-11-20 23:33:34 +01:00
Tatsuhiro Tsujikawa
7d1f2ac769 http: Disable pipelining for HTTP/2 and upgraded connections
This commit disables pipelining for HTTP/2 or upgraded connections.  For
HTTP/2, we do not support multiplexing.  In general, requests cannot be
pipelined in an upgraded connection, since it is now different protocol.
2014-11-20 14:41:17 +01:00
Tatsuhiro Tsujikawa
ed77fdf389 http2: Don't send Upgrade headers when we already do HTTP/2 2014-11-15 21:00:23 +01:00
Tatsuhiro Tsujikawa
7b7f0da4a7 http2: Deal with HTTP/2 data inside response header buffer
Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
(thus they are in the same buffer), the trailing HTTP/2 traffic is not
processed and lost.  The appended data is most likely SETTINGS frame.
If it is lost, nghttp2 library complains server does not obey the HTTP/2
protocol and issues GOAWAY frame and curl eventually drops connection.
This commit fixes this problem and now trailing data is processed.
2014-11-13 15:38:12 +01:00
Steve Holme
efe4bab29b http_digest: Use CURLcode instead of CURLdigest
To provide consistent behaviour between the various HTTP authentication
functions use CURLcode based error codes for Curl_input_digest()
especially as the calling code doesn't use the specific error code just
that it failed.
2014-11-05 12:13:47 +00:00
Daniel Stenberg
95765567d0 HTTP: return larger than 3 digit response codes too
HTTP 1.1 is clearly specified to only allow three digit response codes,
and libcurl used sscanf("%3d") for that purpose. This made libcurl
support smaller numbers but not larger. It does now, but we will not
make any specific promises nor document this further since it is going
outside of what HTTP is.

Bug: http://curl.haxx.se/bug/view.cgi?id=1441
Reported-by: Balaji
2014-10-27 16:28:10 +01:00
Steve Holme
3fe5b462f7 ntlm: Only define ntlm data structure when USE_NTLM is defined 2014-10-25 22:36:49 +01:00
Daniel Stenberg
0eb3d15ccb code cleanup: we prefer 'CURLcode result'
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

 if(result) or if(!result)

instead of

 if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24 08:23:19 +02:00
Daniel Stenberg
1752e9c088 Curl_add_timecondition: skip superfluous varible assignment
Detected by cppcheck.
2014-10-24 08:23:19 +02:00
Brandon Casey
6beb0eeea1 Ensure progress.size_dl/progress.size_ul are always >= 0
Historically the default "unknown" value for progress.size_dl and
progress.size_ul has been zero, since these values are initialized
implicitly by the calloc that allocates the curl handle that these
variables are a part of.  Users of curl that install progress
callbacks may expect these values to always be >= 0.

Currently it is possible for progress.size_dl and progress.size_ul
to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
places currently do, and a following patch will add more).  So
lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
so they make sure that these variables always contain a value that
is >= 0.

Updates test579 and test599.

Signed-off-by: Brandon Casey <drafnel@gmail.com>
2014-09-07 23:23:12 +02:00
Daniel Stenberg
0187c9e11d http: fix the Content-Range: parser
... to handle "*/[total]". Also, removed the strange hack that made
CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
CURLE_OK.

Reported-by: Dimitrios Siganos
Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
2014-08-15 10:02:47 +02:00
Tatsuhiro Tsujikawa
595f5f0e43 HTTP2: Support expect: 100-continue
"Expect: 100-continue", which was once deprecated in HTTP/2, is now
resurrected in HTTP/2 draft 14.  This change adds its support to
HTTP/2 code.  This change also includes stricter header field
checking.
2014-08-02 23:15:46 +02:00
Daniel Stenberg
81cd24adb8 http2: more and better error checking
1 - fixes the warnings when built without http2 support

2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2
basically when they are about http2 specific things.
2014-07-23 09:23:56 +02:00
Michael Osipov
eed1c63c70 docs: Improve inline GSS-API naming in code documentation 2014-07-23 00:01:39 +02:00
Michael Osipov
e38ba43014 curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
- CURL_VERSION_GSSNEGOTIATE is deprecated which
  is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
  CURUL_VERSION_SPNEGO now.
- Remove display of feature 'GSS-Negotiate'
2014-07-23 00:01:39 +02:00
Michael Osipov
5128672731 HTTP: Remove checkprefix("GSS-Negotiate")
That auth mech has never existed neither on MS nor on Unix side.
There is only Negotiate over SPNEGO.
2014-07-23 00:01:39 +02:00
David Woodhouse
3de576efda Fix negotiate auth to proxies to track correct state 2014-07-16 17:26:08 +02:00
David Woodhouse
6bc76194e8 Don't abort Negotiate auth when the server has a response for us
It's wrong to assume that we can send a single SPNEGO packet which will
complete the authentication. It's a *negotiation* — the clue is in the
name. So make sure we handle responses from the server.

Curl_input_negotiate() will already handle bailing out if it thinks the
state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps
talking to us, so we should avoid endless loops that way.
2014-07-16 17:26:08 +02:00
David Woodhouse
f78ae415d2 Don't clear GSSAPI state between each exchange in the negotiation
GSSAPI doesn't work very well if we forget everything ever time.

XX: Is Curl_http_done() the right place to do the final cleanup?
2014-07-16 17:26:08 +02:00
Dan Fandrich
740ebcd86e https: Fix build when http2 is disabled 2014-06-15 12:24:47 +02:00
Daniel Stenberg
c06e76f6fe http2: better return code error checking 2014-06-14 00:11:01 +02:00
Dan Fandrich
f634355868 http: Fix a compiler warning when http2 support is disabled 2014-05-22 08:38:26 +02:00
Daniel Stenberg
df13f8e8c2 bits.close: introduce connection close tracking
Make all code use connclose() and connkeep() when changing the "close
state" for a connection. These two macros take a string argument with an
explanation, and debug builds of curl will include that in the debug
output. Helps tracking connection re-use/close issues.
2014-05-22 00:34:10 +02:00
Daniel Stenberg
99114faf82 http2: make connection re-use work
Http2 connections would wrongly get closed after each individual
request.

Co-authored-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1374
2014-05-20 16:50:24 +02:00
Daniel Stenberg
68f0166a92 HTTP: CREDSPERREQUEST is for HTTP too
Commit 517b06d657 (in 7.36.0) that brought the CREDSPERREQUEST flag
only set it for HTTPS, making HTTP less good at doing connection re-use
than it should be. Now set it for HTTP as well.

Simple test case

"curl -v -u foo:bar localhost --next -u bar:foo localhos"

Bug: http://curl.haxx.se/mail/lib-2014-05/0127.html
Reported-by: Kamil Dudka
2014-05-15 23:28:31 +02:00
Kamil Dudka
ec5fde24de http: avoid auth failure on a duplicated header
... 'WWW-Authenticate: Negotiate' received from server

Reported by: David Woodhouse
Bug: https://bugzilla.redhat.com/1093348
2014-05-09 13:44:04 +02:00
Daniel Stenberg
d5ec44ca4c INFILESIZE: fields in UserDefined must not be changed run-time
set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!
2014-04-26 18:17:10 +02:00
Kamil Dudka
9c941e92c4 nss: propagate blocking direction from NSPR I/O
... during the non-blocking SSL handshake
2014-04-25 15:08:12 +02:00
Daniel Stenberg
710f14edba handler: make 'protocol' always specified as a single bit
This makes the findprotocol() function work as intended so that libcurl
can properly be restricted to not support HTTP while still supporting
HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS
bits in the protocol field.

This fixes --proto and --proto-redir for most SSL protocols.

This is done by adding a few new convenience defines that groups HTTP
and HTTPS, FTP and FTPS etc that should then be used when the code wants
to check for both protocols at once. PROTO_FAMILY_[protocol] style.

Bug: https://github.com/bagder/curl/pull/97
Reported-by: drizzt
2014-04-23 22:36:01 +02:00
Daniel Stenberg
74851340bd PROXYHEADER: send these headers in "normal" proxy requests too
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ef6be35bae CURLOPT_HEADEROPT: added
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc CURLOPT_PROXYHEADER: set headers for proxy-only
Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
42937f87e6 HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
2014-04-04 15:46:35 +02:00
Daniel Stenberg
6448946ac3 http2: let openssl mention the exact protocol negotiated
Remove a superfluous "negotiated http2" info line
2014-03-31 09:00:58 +02:00
Daniel Stenberg
ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Steve Holme
517b06d657 url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-25 23:01:37 +01:00
Gaël PORTAY
47f8e99e78 polarssl: fix possible handshake timeout issue in multi.
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.

In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
2014-03-19 16:10:18 +01:00
Tatsuhiro Tsujikawa
035b91a26c http2: Support HTTP POST/PUT
This patch enables HTTP POST/PUT in HTTP2.
We disabled Expect header field and  chunked transfer encoding
since HTTP2 forbids them.
In HTTP1, Curl sends small upload data with request headers, but
HTTP2 requires upload data must be in DATA frame separately.
So we added some conditionals to achieve this.
2014-02-17 23:45:58 +01:00
Fabian Frank
133cdd29ea http2: rely on content-encoding header
A server might respond with a content-encoding header and a response
that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the
client did not send an accept-encoding header earlier. The server might
not send a content-encoding header if the identity encoding was used to
encode the response.

See:
http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3
2014-02-05 10:26:12 +01:00
Tatsuhiro Tsujikawa
63b26d889f HTTP2: add layer between existing http and socket(TLS) layer
This patch chooses different approach to integrate HTTP2 into HTTP curl
stack. The idea is that we insert HTTP2 layer between HTTP code and
socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade),
we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the
original callbacks in http_conn struct. When sending serialized data by
nghttp2, we use original Curl_send callback. Likewise, when reading data
from network, we use original Curl_recv callback. In this way we can
treat both TLS and non-TLS connections.

With this patch, one can transfer contents from https://twitter.com and
from nghttp2 test server in plain HTTP as well.

The code still has rough edges. The notable one is I could not figure
out how to call nghttp2_session_send() when underlying socket is
writable.
2014-02-04 14:49:49 +01:00
Fabian Frank
dd011df9e1 http2: switch into http2 mode if NPN indicates
Check the NPN result before preparing an HTTP request and switch into
HTTP/2.0 mode if necessary. This is a work in progress, the actual code
to prepare and send the request using nghttp2 is still missing from
Curl_http2_send_request().
2014-01-30 11:34:37 +01:00
Daniel Stenberg
8e778887b5 http2: s/Curl_http2_request/Curl_http2_request_upgrade
To better reflect its purpose
2014-01-30 11:33:37 +01:00
Daniel Stenberg
8d3608f2ad http2: handle 101 responses and switch to HTTP2 2014-01-29 10:24:05 +01:00
Cédric Deltheil
afd288b28f HTTP POST: omit Content-Length if data size is unknown
This prevents sending a `Content-Length: -1` header, e.g this ocurred
with the following combination:

* standard HTTP POST (no chunked encoding),
* user-defined read function set,
* `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set.

With this fix it now behaves like HTTP PUT.
2014-01-20 12:50:51 +01:00
Steve Holme
60bd22620a mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TU
Following commit 0aafd77fa4, replaced the internal usage of
FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we
expect API programmers to use.

This negates the need for separate definitions which were subtly
different under different platforms/compilers.
2013-12-31 11:10:42 +00:00
Daniel Stenberg
11e8066ef9 vtls: renamed sslgen.[ch] to vtls.[ch] 2013-12-20 17:12:42 +01:00
Daniel Stenberg
eccf4fb7ee vtls: created subdir, moved sslgen.[ch] there, updated all include lines 2013-12-20 17:12:42 +01:00
Steve Holme
052f24c9b7 http: Post base64 decoding tidy up
Renamed copy_header_value() to Curl_copy_header_value() as this
function is now non static.

Simplified proxy flag in Curl_http_input_auth() when calling
sub-functions.

Removed unnecessary white space removal when using negotiate as it had
been missed in commit cdccb42267.
2013-11-03 10:17:26 +00:00
Steve Holme
3b59696a93 http: Added proxy tunnel authentication message header value extraction
...following recent changes to Curl_base64_decode() rather than trying
to parse a header line for the authentication mechanisms which is CRLF
terminated and inline zero terminate it.
2013-11-02 11:18:39 +00:00
Steve Holme
cdccb42267 http: Added authentication message header value extraction
...following recent changes to Curl_base64_decode() rather than trying
to parse a header line for the authentication mechanisms which is CRLF
terminated and inline zero terminate it.
2013-10-31 19:15:33 +00:00
Daniel Stenberg
13dbb41c49 http2: first embryo toward Upgrade: 2013-09-07 11:28:12 +02:00
Daniel Stenberg
e5c2354fd5 http: rename use_http_1_1 to use_http_1_1plus
Since it now actually says if 1.1 or a later version should be used.
2013-09-07 11:28:12 +02:00
Daniel Stenberg
e79535bc5e SessionHandle: the protocol specific pointer is now a void *
All protocol handler structs are now opaque (void *) in the
SessionHandle struct and moved in the request-specific sub-struct
'SingleRequest'. The intension is to keep the protocol specific
knowledge in their own dedicated source files [protocol].c etc.

There's some "leakage" where this policy is violated, to be addressed at
a later point in time.
2013-08-12 13:17:57 +02:00
Daniel Stenberg
4ad8e142da urldata: clean up the use of the protocol specific structs
1 - always allocate the struct in protocol->setup_connection. Some
protocol handlers had to get this function added.

2 - always free at the end of a request. This is also an attempt to keep
less memory in the handle after it is completed.
2013-08-12 13:17:57 +02:00
Yang Tse
acafe9c160 NTLM: fix several NTLM code paths memory leaks 2013-03-25 03:32:47 +01:00
Linus Nielsen Feltzing
0f147887b0 Multiple pipelines and limiting the number of connections.
Introducing a number of options to the multi interface that
allows for multiple pipelines to the same host, in order to
optimize the balance between the penalty for opening new
connections and the potential pipelining latency.

Two new options for limiting the number of connections:

CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
to the same host. When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished, so we can reuse the connection.

CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished. The free connection will then be reused, if possible, or
closed if the pending handle can't reuse it.

Several new options for pipelining:

CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
pipeline is "full" when a connection is to be reused, a new connection
will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
If not, the handle will be put in a pending state until a connection is
ready (either free or a pipe got shorter).

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a transfer with a content
length that is larger than this.

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a chunk larger than this.

CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
pipelining.

CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
pipelining.

See the curl_multi_setopt() man page for details.
2013-03-13 23:55:24 +01:00
Daniel Stenberg
c43127414d always-multi: always use non-blocking internals
Remove internal separated behavior of the easy vs multi intercace.
curl_easy_perform() is now using the multi interface itself.

Several minor multi interface quirks and bugs have been fixed in the
process.

Much help with debugging this has been provided by: Yang Tse
2013-01-17 19:40:35 +01:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
5b6e7927c6 build: rename 93 lib/*.c files
93 lib/*.c source files renamed to use our standard naming scheme.

This commit only does the file renaming.

----------------------------------------

  renamed:    lib/amigaos.c -> lib/curl_amigaos.c
  renamed:    lib/asyn-ares.c -> lib/curl_asyn_ares.c
  renamed:    lib/asyn-thread.c -> lib/curl_asyn_thread.c
  renamed:    lib/axtls.c -> lib/curl_axtls.c
  renamed:    lib/base64.c -> lib/curl_base64.c
  renamed:    lib/bundles.c -> lib/curl_bundles.c
  renamed:    lib/conncache.c -> lib/curl_conncache.c
  renamed:    lib/connect.c -> lib/curl_connect.c
  renamed:    lib/content_encoding.c -> lib/curl_content_encoding.c
  renamed:    lib/cookie.c -> lib/curl_cookie.c
  renamed:    lib/cyassl.c -> lib/curl_cyassl.c
  renamed:    lib/dict.c -> lib/curl_dict.c
  renamed:    lib/easy.c -> lib/curl_easy.c
  renamed:    lib/escape.c -> lib/curl_escape.c
  renamed:    lib/file.c -> lib/curl_file.c
  renamed:    lib/fileinfo.c -> lib/curl_fileinfo.c
  renamed:    lib/formdata.c -> lib/curl_formdata.c
  renamed:    lib/ftp.c -> lib/curl_ftp.c
  renamed:    lib/ftplistparser.c -> lib/curl_ftplistparser.c
  renamed:    lib/getenv.c -> lib/curl_getenv.c
  renamed:    lib/getinfo.c -> lib/curl_getinfo.c
  renamed:    lib/gopher.c -> lib/curl_gopher.c
  renamed:    lib/gtls.c -> lib/curl_gtls.c
  renamed:    lib/hash.c -> lib/curl_hash.c
  renamed:    lib/hmac.c -> lib/curl_hmac.c
  renamed:    lib/hostasyn.c -> lib/curl_hostasyn.c
  renamed:    lib/hostcheck.c -> lib/curl_hostcheck.c
  renamed:    lib/hostip.c -> lib/curl_hostip.c
  renamed:    lib/hostip4.c -> lib/curl_hostip4.c
  renamed:    lib/hostip6.c -> lib/curl_hostip6.c
  renamed:    lib/hostsyn.c -> lib/curl_hostsyn.c
  renamed:    lib/http.c -> lib/curl_http.c
  renamed:    lib/http_chunks.c -> lib/curl_http_chunks.c
  renamed:    lib/http_digest.c -> lib/curl_http_digest.c
  renamed:    lib/http_negotiate.c -> lib/curl_http_negotiate.c
  renamed:    lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
  renamed:    lib/http_proxy.c -> lib/curl_http_proxy.c
  renamed:    lib/idn_win32.c -> lib/curl_idn_win32.c
  renamed:    lib/if2ip.c -> lib/curl_if2ip.c
  renamed:    lib/imap.c -> lib/curl_imap.c
  renamed:    lib/inet_ntop.c -> lib/curl_inet_ntop.c
  renamed:    lib/inet_pton.c -> lib/curl_inet_pton.c
  renamed:    lib/krb4.c -> lib/curl_krb4.c
  renamed:    lib/krb5.c -> lib/curl_krb5.c
  renamed:    lib/ldap.c -> lib/curl_ldap.c
  renamed:    lib/llist.c -> lib/curl_llist.c
  renamed:    lib/md4.c -> lib/curl_md4.c
  renamed:    lib/md5.c -> lib/curl_md5.c
  renamed:    lib/memdebug.c -> lib/curl_memdebug.c
  renamed:    lib/mprintf.c -> lib/curl_mprintf.c
  renamed:    lib/multi.c -> lib/curl_multi.c
  renamed:    lib/netrc.c -> lib/curl_netrc.c
  renamed:    lib/non-ascii.c -> lib/curl_non_ascii.c
  renamed:    lib/curl_non-ascii.h -> lib/curl_non_ascii.h
  renamed:    lib/nonblock.c -> lib/curl_nonblock.c
  renamed:    lib/nss.c -> lib/curl_nss.c
  renamed:    lib/nwlib.c -> lib/curl_nwlib.c
  renamed:    lib/nwos.c -> lib/curl_nwos.c
  renamed:    lib/openldap.c -> lib/curl_openldap.c
  renamed:    lib/parsedate.c -> lib/curl_parsedate.c
  renamed:    lib/pingpong.c -> lib/curl_pingpong.c
  renamed:    lib/polarssl.c -> lib/curl_polarssl.c
  renamed:    lib/pop3.c -> lib/curl_pop3.c
  renamed:    lib/progress.c -> lib/curl_progress.c
  renamed:    lib/qssl.c -> lib/curl_qssl.c
  renamed:    lib/rawstr.c -> lib/curl_rawstr.c
  renamed:    lib/rtsp.c -> lib/curl_rtsp.c
  renamed:    lib/security.c -> lib/curl_security.c
  renamed:    lib/select.c -> lib/curl_select.c
  renamed:    lib/sendf.c -> lib/curl_sendf.c
  renamed:    lib/share.c -> lib/curl_share.c
  renamed:    lib/slist.c -> lib/curl_slist.c
  renamed:    lib/smtp.c -> lib/curl_smtp.c
  renamed:    lib/socks.c -> lib/curl_socks.c
  renamed:    lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
  renamed:    lib/socks_sspi.c -> lib/curl_socks_sspi.c
  renamed:    lib/speedcheck.c -> lib/curl_speedcheck.c
  renamed:    lib/splay.c -> lib/curl_splay.c
  renamed:    lib/ssh.c -> lib/curl_ssh.c
  renamed:    lib/sslgen.c -> lib/curl_sslgen.c
  renamed:    lib/ssluse.c -> lib/curl_ssluse.c
  renamed:    lib/strdup.c -> lib/curl_strdup.c
  renamed:    lib/strequal.c -> lib/curl_strequal.c
  renamed:    lib/strerror.c -> lib/curl_strerror.c
  renamed:    lib/strtok.c -> lib/curl_strtok.c
  renamed:    lib/strtoofft.c -> lib/curl_strtoofft.c
  renamed:    lib/telnet.c -> lib/curl_telnet.c
  renamed:    lib/tftp.c -> lib/curl_tftp.c
  renamed:    lib/timeval.c -> lib/curl_timeval.c
  renamed:    lib/transfer.c -> lib/curl_transfer.c
  renamed:    lib/url.c -> lib/curl_url.c
  renamed:    lib/version.c -> lib/curl_version.c
  renamed:    lib/warnless.c -> lib/curl_warnless.c
  renamed:    lib/wildcard.c -> lib/curl_wildcard.c

----------------------------------------
2013-01-03 06:13:18 +01:00
Yang Tse
13606bbfde build: make use of 93 lib/*.c renamed files
93 *.c source files renamed to use our standard naming scheme.

This change affects 77 files in libcurl's source tree.
2013-01-03 05:50:26 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Yang Tse
a0b207164c setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
Inclusion of top two most included header files now done in setup_once.h
2012-12-14 17:38:18 +01:00
Linus Nielsen Feltzing
d021f2e8a0 Introducing a new persistent connection caching system using "bundles".
A bundle is a list of all persistent connections to the same host.
The connection cache consists of a hash of bundles, with the
hostname as the key.
The benefits may not be obvious, but they are two:

1) Faster search for connections to reuse, since the hash
   lookup only finds connections to the host in question.
2) It lays out the groundworks for an upcoming patch,
   which will introduce multiple HTTP pipelines.

This patch also removes the awkward list of "closure handles",
which were needed to send QUIT commands to the FTP server
when closing a connection.
Now we allocate a separate closure handle and use that
one to close all connections.

This has been tested in a live system for a few weeks, and of
course passes the test suite.
2012-12-07 10:08:33 +01:00
Fabian Keil
0683adbf50 Remove stray CRLF in chunk-encoded content-free request bodies
.. that are sent when auth-negotiating before a chunked
upload or when setting the 'Transfer-Encoding: chunked'
header and intentionally sending no content.

Adjust test565 and test1333 accordingly.
2012-11-26 15:28:53 +01:00
Daniel Stenberg
487538e87a http_perhapsrewind: consider NTLM over proxy too
The logic previously checked for a started NTLM negotiation only for
host and not also with proxy, leading to problems doing POSTs over a
proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the
check.

Bug: http://curl.haxx.se/bug/view.cgi?id=3582321
Reported by: John Suprock
2012-11-07 23:08:29 +01:00
Nick Zitzmann
f92779198d darwinssl: fixed freeze involving the multi interface
Previously the curl_multi interface would freeze if darwinssl was
enabled and at least one of the handles tried to connect to a Web site
using HTTPS. Removed the "wouldblock" state darwinssl was using because
I figured out a solution for our "would block but in which direction?"
dilemma.
2012-07-25 23:22:11 +02:00
Kamil Dudka
d317ca50ae http: print reason phrase from HTTP status line on error
Bug: https://bugzilla.redhat.com/676596
2012-07-22 02:12:43 +02:00
Daniel Stenberg
85ce195f75 HEAD: don't force-close after response-headers
A HEAD response has no body length and gets the headers like the
corresponding GET would so it should not get closed after the response
based on the same rules. This mistake caused connections that did HEAD
to get closed too often without a valid reason.

Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
Reported by: Eelco Dolstra
2012-07-12 00:08:37 +02:00
Christian Hägele
c42ca3e73a https_getsock: provided for schannel backend as well
The function https_getsock was only implemented properly when USE_SSLEAY
or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.

The problem occurs when Curl_read_plain or Curl_write_plain returns
CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
the used socket is set to state CURL_POLL_REMOVE and the easy-state is
set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
where https_getsock is called and doesn't return any sockets.
2012-07-09 13:55:23 +02:00
Yang Tse
6085ca2aed Fix bad failf() and info() usage
Calls to failf() are not supposed to provide trailing newline.
Calls to infof() must provide trailing newline.

Fixed 30 or so strings.
2012-06-14 13:32:05 +02:00
Marc Hoersken
1f635608bb http: Replaced specific SSL libraries list in https_getsock fallback 2012-06-11 19:00:29 +02:00
Daniel Stenberg
560cd62272 HTTP: empty chunked POST ended up in two zero size chunks
When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
size of the POST was zero length, it made libcurl first send a zero
chunk and then the terminating one. This could confuse a receiver and it
should rather just send the terminating chunk as it does with this fix.

Test case 1333 is added to verify.

Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
Reported by: Arnaud Compan
2012-04-20 22:25:31 +02:00
Yang Tse
9421b06397 Take in account that CURLAUTH_* bitmasks are now 'unsigned long'
Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to
'unsigned long' for proper handling and operating.
2012-04-18 23:04:35 +02:00
Andrei Cipu
ad595c3ba9 IPv6 cookie domain: get rid of the first bracket before the second.
Commit 97b66ebe was copying a smaller buffer, thus duplicating the last
character.
2012-04-04 23:51:41 +02:00
Andrei Cipu
97b66ebefe cookies: strip the numerical ipv6 host properly
The commit e650dbde86 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.
2012-03-22 08:56:33 +01:00
Daniel Stenberg
c83de6d076 CONNECT: fix multi interface regression
The refactoring of HTTP CONNECT handling in commit 41b0237834 that
made it protocol independent broke it for the multi interface. This fix
now introduce a better state handling and moved some logic to the
http_proxy.c source file.

Reported by: Yang Tse
Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-22 00:12:37 +01:00
Andrei Cipu
e650dbde86 Curl_http: strip off [brackets] from ipv6-only host headers
Since the host name is passed in to the cookie engine it will not work
correctly if the brackets are left in the name.

Bug:http://curl.haxx.se/mail/lib-2012-03/0036.html
2012-03-10 16:48:59 +01:00
Daniel Stenberg
41b0237834 CONNECT: made generically not per-protocol
Curl_protocol_connect() now does the tunneling through the HTTP proxy if
requested instead of letting each protocol specific connection function
do it.
2012-03-08 23:31:38 +01:00