moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 22:15:13 -05:00
Code Issues Releases Wiki Activity
19,218 Commits 10 Branches 144 Tags 113 MiB
29c655c0a6
Commit Graph

8123 Commits

Author SHA1 Message Date
Steve Holme
d771b44e53 openssl: Disable OCSP in old versions of OpenSSL 
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
 2015-02-09 21:01:39 +00:00
Tatsuhiro Tsujikawa
7eebf9a3fb http2: Fix bug that associated stream canceled on PUSH_PROMISE 
Previously we don't ignore PUSH_PROMISE header fields in on_header
callback.  It makes header values mixed with following HEADERS,
resulting protocol error.
 2015-02-09 15:52:56 +01:00
Jay Satiro
20c727ec4c polarssl: Fix exclusive SSL protocol version options 
Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.

http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich
 2015-02-09 10:39:17 +01:00
Jay Satiro
9956ef2d33 gskit: Fix exclusive SSLv3 option 2015-02-09 10:38:46 +01:00
Steve Holme
761d5166af schannel: Removed curl_ prefix from source files 
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
 2015-02-07 21:34:33 +00:00
Daniel Stenberg
05792d6936 md5: use axTLS's own MD5 functions when available 2015-02-06 14:36:25 +01:00
Daniel Stenberg
2a15e594ef MD(4|5): make the MD4_* and MD5_* functions static 2015-02-06 14:26:32 +01:00
Daniel Stenberg
d557da5d79 axtls: fix conversion from size_t to int warning 2015-02-06 14:26:32 +01:00
Steve Holme
600ccb2237 ftp: Use 'CURLcode result' for curl result codes 2015-02-05 20:31:12 +00:00
Daniel Stenberg
45b9b62de4 openssl: SSL_SESSION->ssl_version no longer exist 
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!

Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
 2015-02-05 11:57:33 +01:00
Daniel Stenberg
0d41c3e46b MD5: fix compiler warnings and code style nits 2015-02-04 08:09:06 +01:00
Daniel Stenberg
57d6d253a1 MD5: replace implementation 
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5

Code-by: Alexander Peslyak
 2015-02-04 08:09:06 +01:00
Daniel Stenberg
7f1d76f7ee MD4: fix compiler warnings and code style nits 2015-02-04 08:09:06 +01:00
Daniel Stenberg
211d5329f4 MD4: replace implementation 
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4

Code-by: Alexander Peslyak
 2015-02-04 08:09:05 +01:00
Steve Holme
cfc6d460cb telnet: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:09:31 +00:00
Steve Holme
0ebe2c15d1 hostasyn: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:07:39 +00:00
Steve Holme
28c9e1edf4 schannel: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:07:16 +00:00
Daniel Stenberg
b3cbf4500d unit1601: MD5 unit tests 2015-02-03 23:05:55 +01:00
Daniel Stenberg
83bb07027d unit1600: unit test for Curl_ntlm_core_mk_nt_hash 2015-02-03 21:03:11 +01:00
Steve Holme
0a7182f6ad curl_sasl.c: More code policing 
Better use of 80 character line limit, comment corrections and line
spacing preferences.
 2015-02-02 16:50:39 +00:00
Marc Hoersken
4161624e94 TODO: moved WinSSL/SChannel todo items into docs 2015-01-31 12:30:11 +01:00
Steve Holme
8ca3b05624 curl_sasl.c: Fixed compilation warning when cryptography is disabled 
curl_sasl.c:1506: warning: unused variable 'chlg'
 2015-01-29 11:48:11 +00:00
Steve Holme
6fdc8651bd curl_sasl.c: Fixed compilation warning when verbose debug output disabled 
curl_sasl.c:1317: warning: unused parameter 'conn'
 2015-01-28 22:48:01 +00:00
Steve Holme
8cc70db2db ntlm_core: Use own odd parity function when crypto engine doesn't have one 2015-01-28 22:34:53 +00:00
Steve Holme
c469369b86 ntlm_core: Prefer sizeof(key) rather than hard coded sizes 2015-01-28 22:34:52 +00:00
Steve Holme
58e39b4da5 ntlm_core: Added consistent comments to DES functions 2015-01-28 22:34:51 +00:00
Steve Holme
300876a7a6 des: Added Curl_des_set_odd_parity() 
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
 2015-01-28 22:34:49 +00:00
Steve Holme
595a66ce0f sasl: Minor code policing and grammar corrections 2015-01-28 19:23:37 +00:00
Gisle Vanem
3cc9e9383b ldap: build with BoringSSL 2015-01-28 14:22:11 +01:00
Daniel Stenberg
9d964e5477 security: avoid compiler warning 
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.

Reported-by: Rich Burridge
 2015-01-28 10:10:59 +01:00
Patrick Monnerat
7b2012f262 sasl: remove XOAUTH2 from default enabled authentication mechanism. 2015-01-27 18:08:18 +01:00
Patrick Monnerat
fe79f20957 imap: remove automatic password setting: it breaks external sasl authentication 2015-01-27 17:34:40 +01:00
Patrick Monnerat
0d24f64473 sasl: implement EXTERNAL authentication mechanism. 
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
 2015-01-27 17:24:55 +01:00
Steve Holme
e1bb13c09f openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE 
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
 2015-01-27 12:53:41 +00:00
Steve Holme
a268a804b7 openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' 
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.

Reported-by: John E. Malmberg
 2015-01-27 12:47:48 +00:00
Brad Spencer
5691325440 curl_setup: Disable SMB/CIFS support when HTTP only 2015-01-26 18:48:44 +00:00
Daniel Stenberg
23c6f0a344 OCSP stapling: disabled when build with BoringSSL 2015-01-22 23:34:43 +01:00
Alessandro Ghedini
d1cf5d5706 openssl: add support for the Certificate Status Request TLS extension 
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
 2015-01-22 23:25:23 +01:00
Daniel Stenberg
e888e30476 BoringSSL: fix build for non-configure builds 
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
 2015-01-22 23:04:10 +01:00
Steve Holme
12e45b8462 curl_sasl: Reinstate the sasl_ prefix for locally scoped functions 
Commit 7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
 2015-01-22 21:32:41 +00:00
Steve Holme
c260c9fad3 curl_sasl: Minor code policing following recent commits 2015-01-22 21:08:18 +00:00
Daniel Stenberg
eb748f159a BoringSSL: detected by configure, switches off NTLM 2015-01-22 16:39:01 +01:00
Daniel Stenberg
d6c4695dcd BoringSSL: no PKCS12 support nor ERR_remove_state 2015-01-22 16:39:01 +01:00
Leith Bade
261208d432 BoringSSL: fix build 2015-01-22 16:39:01 +01:00
Steve Holme
795f013006 curl_sasl.c: chlglen is not used when cryptography is disabled 2015-01-20 19:28:54 +00:00
Steve Holme
71f8fdee81 curl_sasl.c: Fixed compilation warning when cyptography is disabled 
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
                  variable
 2015-01-20 19:25:43 +00:00
Steve Holme
6005b0d99c curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined 
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
 2015-01-20 19:24:47 +00:00
Patrick Monnerat
7a8b2885e2 SASL: make some procedures local-scoped 2015-01-20 18:17:55 +01:00
Patrick Monnerat
79543caf90 SASL: common state engine for imap/pop3/smtp 2015-01-20 17:33:05 +01:00
Patrick Monnerat
e1ea18f90e SASL: common URL option and auth capabilities decoders for all protocols 2015-01-20 15:27:25 +01:00
Patrick Monnerat
5f09cbcdbd IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. 2015-01-20 14:14:26 +01:00
Daniel Stenberg
960b04e137 ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 
Reported-by: Chris Young
 2015-01-20 09:03:55 +01:00
Chris Young
089783c838 timeval: typecast for better type (on Amiga) 
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when.  It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements.  If the OS one ends up
getting defined, this causes a timing calculation error in curl.

It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
 2015-01-20 08:53:14 +01:00
Daniel Stenberg
be57f689b0 openssl: do public key pinning check independently 
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.

Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
 2015-01-19 23:20:13 +01:00
Steve Holme
2cc571f9e3 ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP 
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
 2015-01-18 20:52:43 +00:00
Steve Holme
1cbc8fd3d1 http_negotiate: Use dynamic buffer for SPN generation 
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
 2015-01-18 15:45:12 +00:00
Steve Holme
9c4fa400cf sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public 2015-01-18 15:42:26 +00:00
Steve Holme
b9fd757d03 sasl_gssapi: Fixed memory leak with local SPN variable 2015-01-18 15:40:07 +00:00
Daniel Stenberg
3a9419f65a http_negotiate.c: unused variable 'ret' 2015-01-17 23:14:40 +01:00
Steve Holme
1d25acb038 gskit.h: Code policing of function pointer arguments 2015-01-17 17:02:01 +00:00
Steve Holme
5d5c78b47f vtls: Removed unimplemented overrides of curlssl_close_all() 
Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
 2015-01-17 16:41:03 +00:00
Steve Holme
8bb3443a21 vtls: Separate the SSL backend definition from the API setup 
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
 2015-01-17 15:38:22 +00:00
Steve Holme
30ef1a0779 vtls: Fixed compilation errors when SSL not used 
Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
            assuming extern returning int

error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
               referenced in function Curl_setopt
 2015-01-17 15:16:07 +00:00
Steve Holme
81b98dafa1 http_negotiate: Added empty decoded challenge message info text 2015-01-17 14:58:36 +00:00
Steve Holme
47438daa60 http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int 2015-01-17 14:57:17 +00:00
Steve Holme
36e6404228 http_negotiate_sspi: Prefer use of 'attrs' for context attributes 
Use the same variable name as other areas of SSPI code.
 2015-01-17 13:28:44 +00:00
Steve Holme
930be07067 http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() 
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
 2015-01-17 13:28:03 +00:00
Steve Holme
30eb6bbdc9 http_negotiate_sspi: Use 'CURLcode result' for CURL result code 2015-01-17 13:15:09 +00:00
Steve Holme
a2f8887b79 curl_endian: Fixed build when 64-bit integers are not supported (Part 2) 
Missed Curl_read64_be() in commit bb12d44471 :(
 2015-01-16 23:01:27 +00:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f46c6fbee0 nss: add support for the Certificate Status Request TLS extension 
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires NSS 3.15 or higher.
 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f13669a375 gtls: add support for the Certificate Status Request TLS extension 
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
3af90a6e19 url: add CURLOPT_SSL_VERIFYSTATUS option 
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
 2015-01-16 23:23:29 +01:00
Steve Holme
bb12d44471 curl_endian: Fixed build when 64-bit integers are not supported 
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
 2015-01-16 12:31:24 +00:00
Daniel Stenberg
cc28bc472e Curl_pretransfer: reset expected transfer sizes 
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
 2015-01-14 23:31:57 +01:00
Marc Hoersken
e9834808e9 curl_schannel.c: mark session as removed from cache if not freed 
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.

Reported-by: Jean-Francois Durand
 2015-01-12 21:56:05 +01:00
Guenter Knauf
d21b66835f Merge pull request #134 from vszakats/mingw-m64 
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
 2015-01-09 22:03:12 +01:00
Guenter Knauf
4e58589b0e Merge pull request #136 from vszakats/mingw-allow-custom-cflags 
mingw build: allow to pass custom CFLAGS
 2015-01-09 22:02:23 +01:00
Daniel Stenberg
e6b4b4b66d NSS: fix compiler error when built http2-enabled 2015-01-09 21:55:52 +01:00
Steve Holme
355bf01c82 gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions 
Better code reuse and consistency in calls to gss_import_name().
 2015-01-09 20:37:47 +00:00
Viktor Szakats
b4f13a4952 mingw build: allow to pass custom CFLAGS 2015-01-09 21:03:54 +01:00
Daniel Stenberg
99e71e6a84 FTP: if EPSV fails on IPV6 connections, bail out 
... instead of trying PASV, since PASV can't work with IPv6.

Reported-by: Vojtěch Král
 2015-01-08 22:32:37 +01:00
Daniel Stenberg
9a452ba3a1 FTP: fix IPv6 host using link-local address 
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.

Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.

Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
 2015-01-08 22:32:37 +01:00
Guenter Knauf
c712fe01a9 NetWare build: added TLS-SRP enabled build. 2015-01-08 21:40:35 +01:00
Steve Holme
5c0e66d632 sasl_gssapi: Fixed build on NetBSD with built-in GSS-API 
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
 2015-01-08 19:36:58 +00:00
Viktor Szakats
acc8089bc2 add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS 2015-01-08 18:19:03 +01:00
Daniel Stenberg
4ce22c607b darwinssl: fix session ID keys to only reuse identical sessions 
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.

Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
 2015-01-07 22:55:56 +01:00
Daniel Stenberg
178bd7db34 url-parsing: reject CRLFs within URLs 
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
 2015-01-07 22:55:56 +01:00
Steve Holme
f7d5ecec9c ldap: Convert attribute output to UTF-8 when Unicode 2015-01-07 20:01:29 +00:00
Steve Holme
4e420600c1 ldap: Convert DN output to UTF-8 when Unicode 2015-01-07 20:01:27 +00:00
Daniel Stenberg
9547954978 hostip: remove 'stale' argument from Curl_fetch_addr proto 
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
 2015-01-07 14:06:12 +00:00
Steve Holme
4626f31d0e ldap/imap: Fixed spelling mistake in comments and variable names 
Reported-by: Michael Osipov
 2015-01-07 13:50:56 +00:00
Dan Fandrich
39217edb12 curl_multibyte.h: Eliminated some trailing whitespace 2015-01-05 10:08:08 +01:00
Steve Holme
ea93252ef1 ldap: Fixed Unicode usage for all Win32 builds 
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
 2015-01-04 22:19:30 +00:00
Steve Holme
f6b168de4c ldap: Fixed memory leak from commit efb64fdf80 2015-01-04 20:33:58 +00:00
Steve Holme
4113ad50e4 ldap: Fix memory leak from commit 3a805c5cc1 2015-01-04 20:06:04 +00:00
Steve Holme
c37dcf0edb ldap: Fixed attribute variable warnings when Unicode is enabled 
Use 'TCHAR *' for local attribute variable rather than 'char *'.
 2015-01-04 16:25:17 +00:00
Steve Holme
5359936d07 ldap: Fixed DN variable warnings when Unicode is enabled 
Use 'TCHAR *' for local DN variable rather than 'char *'.
 2015-01-04 16:21:13 +00:00
Steve Holme
ea4f98dca6 ldap: Remove the unescape_elements() function 
Due to the recent modifications this function is no longer used.
 2015-01-04 16:11:36 +00:00
Steve Holme
f9b50910e0 ldap.c: Fixed compilation warning 
ldap.c:98: warning: extra tokens at end of #endif directive
 2015-01-04 16:11:08 +00:00