1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Commit Graph

5564 Commits

Author SHA1 Message Date
Daniel Stenberg
93290f69d0 connection setup: if HTTP is disabled asking for HTTP proxy is bad 2011-03-17 11:45:58 +01:00
Daniel Stenberg
e114648991 scan-build warning
Value stored to 'len' is never read
2011-03-16 00:19:26 +01:00
Daniel Stenberg
b8118dd495 ldap_recv: check return code from ldap_get_dn_ber 2011-03-16 00:16:34 +01:00
Daniel Stenberg
025b9368f8 compiler warnings fixed
Use (void)[variable] to inhibit unused argument/variables warnings.
2011-03-16 00:08:32 +01:00
Ben Noordhuis
521e88e009 SMTP-multi: non-blocking connect
Use Curl_ssl_connect_nonblocking() when upgrading the connection to
TLS/SSL while using the multi interface.
2011-03-15 20:10:02 +01:00
Ben Noordhuis
88e825de86 SMTP in multi mode: use Curl_ssl_connect_nonblocking() when connecting. 2011-03-15 20:09:51 +01:00
Daniel Stenberg
36cb24ec19 buildfix: spell define correctly 2011-03-15 16:49:27 +01:00
Kamil Dudka
806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00
Daniel Stenberg
cc228ea6f6 protocol handler cleanup: SSL awareness
As a follow-up to commit 8831000bc0: don't assume that the SSL powered
protocol alternatives are available.
2011-03-15 10:02:05 +01:00
Daniel Stenberg
211504ba8a ldap: use the new protocol handler setup
Use the new flags field and stop using the old protocol defines.
2011-03-15 09:13:11 +01:00
Daniel Stenberg
13b64d7558 protocols: use CURLPROTO_ internally
The PROT_* set of internal defines for the protocols is no longer
used. We now use the same bits internally as we have defined in the
public header using the CURLPROTO_ prefix. This is for simplicity and
because the PROT_* prefix was already used duplicated internally for a
set of KRB4 values.

The PROTOPT_* defines were moved up to just below the struct definition
within which they are used.
2011-03-14 22:52:14 +01:00
Daniel Stenberg
8831000bc0 protocol handler: added flags field
The protocol handler struct got a 'flags' field for special information
and characteristics of the given protocol.

This now enables us to move away central protocol information such as
CLOSEACTION and DUALCHANNEL from single defines in a central place, out
to each protocol's definition. It also made us stop abusing the protocol
field for other info than the protocol, and we could start cleaning up
other protocol-specific things by adding flags bits to set in the
handler struct.

The "protocol" field connectdata struct was removed as well and the code
now refers directly to the conn->handler->protocol field instead. To
make things work properly, the code now always store a conn->given
pointer that points out the original handler struct so that the code can
learn details from the original protocol even if conn->handler is
modified along the way - for example when switching to go over a HTTP
proxy.
2011-03-14 22:22:22 +01:00
Daniel Stenberg
fdaa8da75d sslgen: define Curl_ssl_connect_nonblocking for non-SSL
The non-blocking connect improvement for IMAP showed that we didn't
properly define the Curl_ssl_connect_nonblocking function for non-SSL
builds.

Reported by: Tor Arntsen
2011-03-14 11:13:12 +01:00
Ask Bjørn Hansen
3e00af34c8 mk-ca-bundle.pl: Only download if modified
Only download and convert the certdata to the ca-bundle.crt if Mozilla
changed the data

The Perl LWP module (which in a bit of a circular reference is used by
mk-ca-bundle.pl) is now indirectly using this script. I made this small
tweak to make it easier to automatically maintain the generated
ca-bundle.crt file in version control.
2011-03-14 10:20:21 +01:00
Daniel Stenberg
3eac14b43c SSH: add protocol lock direction
Some protocols have to call the underlying functions without regard to
what exact state the socket signals. For example even if the socket says
"readable", the send function might need to be called while uploading,
or vice versa. This is the case for libssh2 based protocols: SCP and
SFTP and we now introduce a define to set those protocols and we make
the multi interface code aware of this concept.

This is another fix to make test 582 run properly.
2011-03-13 23:21:03 +01:00
Daniel Stenberg
60406ff7f8 state: add missing state to debug table
As a new state recently was added to the IMAP state machine it has to be
in the array of names as well as otherwise libcurl crashes when a debug
version runs...
2011-03-13 14:19:16 +01:00
Daniel Stenberg
ca37692bf4 ssh_statemach_act: set cselect for sftp upload
For uploads we want to use the _sending_ function even when the socket
turns out readable as the underlying libssh2 sftp send function will
deal with both accordingly. This is what the cselect_bits magic is for.

Fixes test 582.
2011-03-13 14:10:27 +01:00
Daniel Stenberg
c8fba59731 Merge branch 'imap' of https://github.com/bnoordhuis/curl into bnoordhuis-imap 2011-03-13 00:36:38 +01:00
Karl M
05ebc6f0cc VC: add missing file
http_negotiate_sspi.c was added to the source tree recently
2011-03-13 00:23:04 +01:00
Marcus Sundberg
6f0ee717c3 GSS: handle reuse fix
Make GSS authentication work when a curl handle is reused for multiple
authenticated requests, by always setting negdata->state in
output_auth_headers().

Signed-off-by: Marcus Sundberg <marcus.sundberg@aptilo.com>
2011-03-13 00:21:07 +01:00
Daniel Stenberg
60172a0446 SFTP: gracefully handle shutdown early
When using the multi interface and a handle using SFTP was removed very
early on, we would get a segfault due to the code assumed data was there
that hadn't yet been setup.

Bug: http://curl.haxx.se/mail/lib-2011-03/0066.html
Reported by: Saqib Ali
2011-03-13 00:15:59 +01:00
Daniel Stenberg
bec9692a77 PROT_CLOSEACTION: added SFTP and SCP
Both SFTP and SCP are protocols that need to shut down stuff properly
when the connection is about to get torned down. The primary effect of
not doing this shows up as memory leaks (when using SCP or SFTP with the
multi interface).

This is one of the problems detected by test 582.
2011-03-12 23:08:10 +01:00
Daniel Stenberg
a07a865d5d readwrite_upload: stop upload at file size
As we know how much to send, we can and should stop once we've sent that
much data as it avoids having to rely on other mechanisms to detect the
end.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:05:11 +01:00
Daniel Stenberg
cccba72920 sftp upload: expire to advance state machine
When using the multi_socket API to do SFTP upload, it is important that
we set a quick expire when leaving the SSH_SFTP_UPLOAD_INIT state as
there's nothing happening on the socket so there's no read or write to
wait for, but the next libssh2 API function needs to be called to get
the ball rolling.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:02:04 +01:00
Daniel Stenberg
1aeb635cdd sources: update source headers
All C and H files now (should) feature the proper project curl source
code header, which includes basic info, a copyright statement and some
basic disclaimers.
2011-03-10 12:04:33 +01:00
Daniel Stenberg
d6b9f76943 cyassl: fix compiler warnings 2011-03-08 14:09:20 +01:00
Todd A Ouska
9e60d8fd9e SSL: (part 2) Added CyaSSL to SSL abstraction layer
This is the modified existing files commit.
2011-03-08 13:54:58 +01:00
Todd A Ouska
a8f30fa555 SSL: Added CyaSSL to SSL abstraction layer
CyaSSL (available from git@github.com:cyassl/cyassl.git) has been
added to the SSL abstraction layer.

To test:
1) git CyaSSL sources
2) autoreconf -i
3) ./configure --disable-static
4) make
5) sudo make install
6) autoreconf -i
7) git curl sources (and this patch)
8) ./configure --disable-shared --with-cyassl --without-ssl --enable-debug
9) make
10) normal testing

Please send questions or comments to todd@yassl.com .
2011-03-08 13:06:38 +01:00
Dan Fandrich
29f0898525 Fixed libcurl to honour the --disable-ldaps configure option 2011-03-07 17:45:33 -08:00
Daniel Stenberg
c9ee341bfb cpp: correct #endif placement
The end-of-file #endif in rawstr.h was not correcly positioned after all
prototypes.

Reported by: Boris
Bug: http://curl.haxx.se/bug/view.cgi?id=3195205
2011-03-06 23:00:28 +01:00
Stefan Krause
8511b6436c transfer: avoid insane conversion of time_t 2011-03-04 21:17:08 +01:00
Daniel Stenberg
17de1cc382 ssh_connect: treat libssh2 return code better
libssh2_knownhost_readfile() returns a negative value on error or
otherwise number of parsed known hosts - this was previously not
documented correctly in the libssh2 man page for the function.

Bug: http://curl.haxx.se/mail/lib-2011-02/0327.html
Reported by: murat
2011-02-26 11:00:44 +01:00
Julien Chaffraix
5719e56168 http: removed wrong unused comment.
|premature| is used in Curl_http_done.
2011-02-25 20:54:39 -08:00
Julien Chaffraix
d7846237a4 http: removed code duplication for stubbed https_getsock function. 2011-02-25 20:50:26 -08:00
Kamil Dudka
7aa2d10e0d nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
2011-02-22 13:19:57 +01:00
Julien Chaffraix
0b8cdc0635 netrc: Removed _NETRC_DEBUG code.
This is not needed anymore as we have unit testing running on it.
2011-02-20 21:11:53 -08:00
Julien Chaffraix
9f8e960a1a tests: Cleaned up netrc testing.
Removed the "netrc_debug" keyword replaced with --netrc-file additions.
Removed the debug code from Curl_parsenetrc as it is superseeded by
--netrc-file.
2011-02-20 21:11:52 -08:00
Ben Noordhuis
dd3760f2eb IMAP in multi mode: use Curl_ssl_connect_nonblocking() when upgrading the connection to TLS/SSL. 2011-02-20 21:11:12 +01:00
Ben Noordhuis
45ca048f44 IMAP in multi mode: use Curl_ssl_connect_nonblocking() when connecting. 2011-02-20 21:11:12 +01:00
Mike Crowe
c4369f34b9 multi: close connection on timeout
After a request times out, the connection wasn't properly closed and
prevented to get re-used, so subsequent transfers could still mistakenly
get to use the previously aborted connection.
2011-02-18 23:19:14 +01:00
Daniel Stenberg
d85cae9225 multi: better failed connect treatment
When failing to connect the protocol during the CURLM_STATE_PROTOCONNECT
state, Curl_done() has to be called with the premature flag set TRUE as
for the pingpong protocols this can be important.

When Curl_done() is called with premature == TRUE, it needs to call
Curl_disconnect() with its 'dead_connection' argument set to TRUE as
well so that any protocol handler's disconnect function won't attempt to
use the (control) connection for anything.

This problem caused the pingpong protocols to fail to disconnect when
STARTTLS failed.

Reported by: Alona Rossen
Bug: http://curl.haxx.se/mail/lib-2011-02/0195.html
2011-02-18 23:01:55 +01:00
Hoi-Ho Chan
05895927f5 PolarSSL: Return 0 on receiving TLS CLOSE_NOTIFY alert
Signed-off-by: Hoi-Ho Chan <hoiho.chan@gmail.com>
2011-02-18 09:17:32 +01:00
Daniel Stenberg
1c3c0162c6 SOCKOPTFUNCTION: callback can say already-connected
Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
be treated as already connected and thus it will skip the connect()
call.
2011-02-17 22:32:01 +01:00
Kamil Dudka
a40f58d2ef nss: avoid memory leak on SSL connection failure 2011-02-17 17:57:16 +01:00
Guenter Knauf
827f0a318c Set -fpcc-struct-return only for gcc compiler. 2011-02-17 11:46:41 +01:00
Daniel Stenberg
c3a6116dc9 nss_load_key: fix unused variable warning 2011-02-16 19:34:04 +01:00
Daniel Stenberg
f19ace8d33 gmtime: remove define
It turns out some systems rely on the gmtime or gmtime_r to be defined
already in the system headers and thus my "precaution" redefining of
them only caused trouble. They are now removed.
2011-02-14 13:42:01 +01:00
Guenter Knauf
c2dff28c41 Added -m32 to CFLAGS to compile with x86_64 gcc. 2011-02-13 14:31:22 +01:00
Guenter Knauf
e36c039a07 Updated OpenSSL version, added links to docu. 2011-02-13 12:13:21 +01:00
Dan Fandrich
61fc9044c7 Call ERR_peek_error instead of ERR_peek_last_error
The latter isn't available in older OpenSSL versions, and is
less useful since it returns the most recent error instead of
the first one encountered.
2011-02-10 12:29:34 -08:00
Julien Chaffraix
39d0d787d2 test1304: Added some unit tests for Curl_parsenetrc.
Moved some definitons into the header file so that we can reuse them.
2011-02-10 07:38:48 -08:00
Quinn Slack
3cffcba3d0 CURLE_TLSAUTH_FAILED: removed
On second thought, I think CURLE_TLSAUTH_FAILED should be eliminated. It
was only being raised when an internal error occurred while allocating
or setting the GnuTLS SRP client credentials struct. For TLS
authentication failures, the general CURLE_SSL_CONNECT_ERROR seems
appropriate; its error string already includes "passwords" as a possible
cause. Having a separate TLS auth error code might also cause people to
think that a TLS auth failure means the wrong username or password was
entered, when it could also be a sign of a man-in-the-middle attack.
2011-02-09 23:34:30 +01:00
Daniel Stenberg
b370fcd300 CURLOPT_SOCKOPTFUNCTION: return proper error code
When the callback returns an error, this function must make sure to return
CURLE_ABORTED_BY_CALLBACK properly and not CURLE_OK as before to allow the
callback to properly abort the operation.
2011-02-09 15:36:36 +01:00
Julien Chaffraix
266bcb06d7 netrc: Removed dead code.
The main has not been updated from some time and is out of sync with
the code. The code is now tested by several test cases so no need for
a seperate code path.
2011-02-07 20:15:35 -08:00
Julien Chaffraix
fe165c69de netrc: Tightened up the type checks.
The state should not be anonymous so that we can check if the values
are fine. Added 2 unreachables states to the switch as a result of this
change.
2011-02-07 20:15:35 -08:00
Julien Chaffraix
4e2ac742c9 imap: Fixed typo in a comment. 2011-02-07 20:15:35 -08:00
Daniel Stenberg
0696260122 Curl_gmtime: avoid future mistakes
Document Curl_gmtime() and define away the old functions so that they
won't be used internally again by mistake.
2011-02-07 15:09:24 +01:00
Daniel Stenberg
54d9f060b4 Curl_gmtime: added a portable gmtime
Instead of polluting many places with #ifdefs, we create a single place
for this function, and also check return code properly so that a NULL
pointer returned won't cause problems.
2011-02-07 15:00:48 +01:00
Guenter Knauf
2cacd82661 mk-ca-bundle.vbs: use new cacert url
The official Mozilla page at http://www.mozilla.org/projects/security/certs/
points out a new place as the "proper" place to get Mozilla's CA certs from
so this script is now updated to use that instead.

Reported by: Daniel Mentz
2011-02-03 09:59:00 +01:00
Daniel Stenberg
ec7978c512 mk-ca-bundle.pl: use new cacert url
The official Mozilla page at
http://www.mozilla.org/projects/security/certs/ points out a new place
as the "proper" place to get Mozilla's CA certs from so this script is
now updated to use that instead.

Reported by: Daniel Mentz
2011-02-02 22:22:15 +01:00
Bjoern Sikora
0e9626ba39 ssluse: improved error message on SSL_CTX_new failures
"SSL: couldn't create a context" really isn't that helpful, now it'll
also extract an explanation from OpenSSL and append to the right.
2011-02-02 18:25:57 +01:00
Nicholas Maniscalco
73eb9965cf multi: fix CURLM_STATE_TOOFAST for multi_socket
The code in the toofast state needs to first recalculate the values
before it uses them again since it may have been a while since it last
did it when it reaches this point.
2011-02-02 13:41:22 +01:00
Dave Reisner
b89122a2bf file: add support for CURLOPT_TIMECONDITION 2011-01-31 14:49:51 +01:00
Dave Reisner
99dcb11ed8 transfer: add Curl_meets_timecondition()
This will be used by file_do() and Curl_readwrite() as a unified method
of checking to see if a remote document meets the supplied
CURLOPT_TIMEVAL and CURLOPT_TIMECONDITION.

Signed-off-by: Dave Reisner <d@falconindy.com>
2011-01-31 14:29:48 +01:00
Daniel Stenberg
ef19e30985 ares: memory leak fix
The double name resolve trick used with c-ares could leave allocated
memory in 'temp_ai' if the operation was aborted in the middle.
2011-01-27 14:41:07 +01:00
Daniel Stenberg
2d356ba168 ares_query_completed_cb: don't touch invalid data
When this callback is called due to the destruction of the ares handle,
the connection pointer passed in as an argument may no longer pointing
to valid data and this function doesn't need to do anything with it
anyway so we make sure it doesn't.

Bug: http://curl.haxx.se/mail/lib-2011-01/0333.html
Reported by: Vsevolod Novikov
2011-01-27 14:41:07 +01:00
Kamil Dudka
dc0a7161f8 nss: avoid memory leaks and failure of NSS shutdown
... in case more than one CA is loaded.

Bug: https://bugzilla.redhat.com/670802
2011-01-27 11:14:18 +01:00
Daniel Stenberg
dbcaa00657 HTTP: memory leak on multiple Location:
The HTTP parser allocated memory on each received Location: header
without properly freeing old data. Starting now, the code only considers
the first Location: header and will blissfully ignore subsequent ones.

Bug: http://curl.haxx.se/bug/view.cgi?id=3165129
Reported by: Martin Lemke
2011-01-25 12:06:50 +01:00
Darshan Mody
03be2c99ba Fixed compile using OpenSSL versions < 0.9.4a 2011-01-20 12:11:22 -08:00
Quinn Slack
59cf93ccdb TLS-SRP: support added when using GnuTLS 2011-01-19 20:35:02 +01:00
Kamil Dudka
fc77790bcd nss: fix a bug in handling of CURLOPT_CAPATH
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702
2011-01-18 14:30:49 +01:00
Guenter Knauf
ef46fcdd90 Avoid redefines. 2011-01-17 01:27:57 +01:00
Guenter Knauf
8fa7b8cb9b Added casts to silent gcc warnings. 2011-01-14 12:39:54 +01:00
Yang Tse
fd6b4b3e9b build: BCC - makefile.b32 tweak
Get rid of stdout redirection to NUL and move stderr redirection
into RM and RMDIR macros.
2011-01-13 15:54:14 +01:00
Yang Tse
1da65c3d4d build: BCC - makefile.b32 tweak
Check for BCCDIR environment var done now as other checks.
2011-01-13 15:33:34 +01:00
Guenter Knauf
d541085407 Use env var for PSDK instead of hardcoded path. 2011-01-13 05:55:09 +01:00
Guenter Knauf
c73e5e839d Enabled SSPI support by default. 2011-01-13 02:55:26 +01:00
Yang Tse
61623b74e3 build: BCC - require Borlands's MAKE for Makefile.b32 processing. 2011-01-12 20:53:28 +01:00
Yang Tse
5f7d34811a build: BCC - recover lost functionality from commit 3d81320426
Borland's $(MAKEDIR) expands to the path where make.exe is located,
use this feature to define BCCDIR when user has not defined BCCDIR.
2011-01-12 18:07:04 +01:00
Yang Tse
42f5e8a0f1 build: use external preprocessor cpp32 when building with Borland C 2011-01-12 02:35:14 +01:00
Guenter Knauf
b5cc77bd25 Disable LDAP support since BCC headers are insufficient. 2011-01-11 18:32:38 +01:00
Guenter Knauf
3d81320426 Instead of exiting with error lets set BCCDIR self. 2011-01-11 18:22:42 +01:00
Guenter Knauf
308db9d780 Some Borland C++ makefile tweaks. 2011-01-11 17:51:14 +01:00
Guenter Knauf
03ea06b8e3 Borland C++ doesnt have struct sockaddr_storage. 2011-01-11 17:40:13 +01:00
Daniel Stenberg
08a65b10fb connect: use UDP correctly
The idea that the protocol and socktype is part of name resolving in the
libc functions is nuts. We keep the name resolver functions assume
TCP/STREAM and we make sure that when we want to connect to a UDP
service we use the correct UDP/DGRAM set instead. This bug was because
the ->protocol field was not always set correctly.

This bug was only affecting ipv6-disabled non-cares non-threaded builds.

Bug: http://curl.haxx.se/bug/view.cgi?id=3154436
Reported by: "dperham"
2011-01-11 00:14:36 +01:00
Quinn Slack
1238edaeaf SSL: fix memory leak
In OOM situation. Follow-up fix to commit a9cd4f4ed4.
2011-01-10 13:53:57 +01:00
Daniel Stenberg
a9cd4f4ed4 gtls: fix memory leak
Bug: http://curl.haxx.se/mail/lib-2011-01/0079.html
Reported by: Quinn Slack
2011-01-08 19:14:28 +01:00
Marcel Roelofs
1d28efb9d1 HTTP: HTTP Negotiate authentication using SSPI
Only under Windows
2011-01-07 23:48:40 +01:00
Daniel Stenberg
53014175e8 SSH: speedcheck clobbered existing error
The just added speedcheck must not ruin the error code if already set
due to a problem.
2011-01-06 00:19:17 +01:00
Daniel Stenberg
d45ed0ecf5 SSH: acknowledge speedcheck
Check for speedcheck limits during the state machine traversals
2011-01-05 14:09:53 +01:00
Daniel Stenberg
adb49ad8bb Curl_timeleft: s/conn/data in first argument
As the function doesn't really use the connectdata struct but only the
SessionHanadle struct I modified what argument it wants.
2011-01-04 23:13:10 +01:00
Kamil Dudka
d8f6d1c334 nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
Bug: https://bugzilla.redhat.com/623663
2011-01-04 17:20:43 +01:00
Daniel Stenberg
c0c89cd44e get_cert_chain: support larger data sets
512 bytes turned out too short for some data, so now we allocate a
larger buffer instead

Bug: http://curl.haxx.se/mail/archive-2011-01/0002.html
2011-01-04 10:20:28 +01:00
Daniel Stenberg
53640a3ce0 unittesting: build a separate static lib
When configure --enable-debug has been used, all files in lib/ are now
built twice and a separate static library crafted for unit-testing will
be linked. The unit tests in the tests/unit subdir will use that
library.
2011-01-03 22:16:16 +01:00
Daniel Stenberg
45cea71968 SSH: avoid PATH_MAX with alloc
We cannot assume that PATH_MAX will be enough for the remote path name
so allocating room for it is the only sensible approach.
2011-01-03 13:36:45 +01:00
Daniel Stenberg
2b3fbc8cdb Curl_nss_connect: avoid PATH_MAX
Since some systems don't have PATH_MAX and it isn't that clever to
assume a fixed maximum path length, the code now allocates buffer space
instead of using stack.

Reported by: Samuel Thibault
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608521
2011-01-02 23:43:03 +01:00
Daniel Stenberg
1ad5764feb SFTP: make pwd output result to header callback
Sending "pwd" as a QUOTE command only sent the reply to the
DEBUGFUNCTION. Now it also sends an FTP-like header to the header
callback to allow similar operations as with FTP, and apps can re-use
the same parser.
2011-01-01 15:35:53 +01:00
Daniel Stenberg
ae29142198 pubkey_show: allocate buffer to fit any-size result
The loop condition was wrong so keys larger than 340 bits would overflow
the local stack-based buffer.
2011-01-01 15:33:57 +01:00
Luke Amery
0dc8479b89 ssh: honour the CURLINFO_FTP_ENTRY_PATH curl_getinfo option 2010-12-30 23:42:44 +01:00
Pierre Joye
420eac5542 IDN: use win32 API if told to
The functionality is provided in a new source file: lib/idn_win32.c
2010-12-28 20:01:03 +01:00
Daniel Stenberg
b6a3e2be8e c-ares: fix cancelled resolves
When built IPv6-enabled, we could do Curl_done() with one of the two
resolves having returned already, so when ares_cancel() is called the
resolve callback ends up doing funny things (sometimes resulting in a
segfault) since it would try to actually store the previous resolve even
though we're shutting down the resolve.

This bug was introduced in commit 8ab137b2bc so it hasn't been
included in any public release.

Bug: http://curl.haxx.se/bug/view.cgi?id=3145445
Reported by: Pedro Larroy
2010-12-27 10:01:44 +01:00
Daniel Stenberg
49465fffdb cookies: tricked dotcounter fixed
Providing multiple dots in a series in the domain field (domain=..com) could
trick the cookie engine to wrongly accept the cookie believing it to be
fine. Since the tailmatching would then match all .com sites, the cookie would
then be sent to all of them.

The code now requires at least one letter between each dot for them to be
counted. Edited test case 61 to verify this.
2010-12-23 22:52:32 +01:00
Daniel Stenberg
5825aa149d multi: connect fail => use next IP address
When using the multi interface and connecting to a host name that
resolves to multiple IP addresses, there was no logic that made it
continue to the next IP if connecting to the first address times
out. This is now corrected.
2010-12-23 22:21:24 +01:00
Daniel Stenberg
2dded8fedb ossl_seed: no more RAND_screen
RAND_screen() is slow, not thread-safe and not needed anymore since OpenSSL
uses the thread-safe win32 CryptoAPI nowadays.
2010-12-23 14:36:07 +01:00
Daniel Stenberg
be16b227b7 multi: inhibit some verbose outputs
The info about pipe status and expire cleared are clearly debug-related
and not anything mere mortals will or should care about so they are now
ifdef'ed DEBUGBUILD
2010-12-22 15:29:21 +01:00
Brad Hards
375aa41ba1 SMTP: add brackets for MAIL FROM
Similar to what is done already for RCPT TO, the code now checks for and
adds angle brackets (<>) around the email address that is provided for
CURLOPT_MAIL_RCPT unless the app has done so itself.
2010-12-22 14:41:53 +01:00
Guenter Knauf
5f829456c1 Added support for axTLS to NetWare build. 2010-12-22 04:45:41 +01:00
Guenter Knauf
a834e00454 Fixed include: memory.h -> curl_memory.h. 2010-12-22 03:34:13 +01:00
Brad Hards
f37d681166 Typo fixes. 2010-12-21 22:39:56 +01:00
Yang Tse
71ab0ceaa0 build: sort configuration hunks in lib/Makefile.vc6
sorted to reflect same internal order as the one shown
in the usage message.
2010-12-21 00:14:55 +01:00
Daniel Stenberg
af54fbbcb5 loadhostpairs: return errorcode
Make sure that Curl_cache_addr() errors are propagated to callers of
loadhostpairs().

(this loadhostpairs function caused a scan-build warning due to the
'dns' variable getting assigned but never used)
2010-12-20 22:22:02 +01:00
Yang Tse
8d569c7bb0 build: refactoring of msvc makefiles to allow overriding of library filenames.
Default libcurl's file names are kept equal to those used since Y2K.
2010-12-20 21:53:44 +01:00
Daniel Stenberg
7f3b87d878 ftp_parselist: fix compiler warning
Doing curlx_strtoofft() on the size just to figure out the end of it
causes a compiler warning since the result wasn't used, but is also a
bit of a waste.
2010-12-19 00:15:12 +01:00
Pasha Kuznetsov
6b5dc72575 Curl_do: avoid using stale conn pointer
Since the original `conn' pointer was used after the `connectdata' it
points to has been closed/cleaned up by Curl_reconnect_request it caused
a crash. We must make sure to use the newly created connection instead!

URL: http://curl.haxx.se/mail/lib-2010-12/0202.html
2010-12-18 22:35:37 +01:00
Tommie Gannert
8ab137b2bc ares: ask for both IPv4 and IPv6 addresses
Make the c-ares resolver code ask for both IPv4 and IPv6 addresses when
IPv6 is enabled.

This is a workaround for the missing ares_getaddrinfo() and is a lot
easier to implement.

Note that as long as c-ares returns IPv4 addresses when IPv6 addresses
were requested but missing, this will cause a host's IPv4 addresses to
occur twice in the DNS cache.

URL: http://curl.haxx.se/mail/lib-2010-12/0041.html
2010-12-18 22:33:27 +01:00
Brad Hards
f0aad0089e Trival comment fix. 2010-12-18 17:08:23 +01:00
Daniel Stenberg
c75a9fef59 axtls_connect: allow connect without peer verification
The SSL_SERVER_VERIFY_LATER bit in the ssl_ctx_new() call allows the
code to verify the peer certificate explicitly after the handshake and
then the "data->set.ssl.verifypeer" option works.
2010-12-15 16:05:17 +01:00
Daniel Stenberg
9035709e25 axTLS: allow "default" SSL version as well
When no explicit version is selected we should try to use whatever is
best for us, and in the axTLS case that means TLSv1.
2010-12-15 16:05:17 +01:00
Daniel Stenberg
b88ead62e7 axtls.c: cleanup
Removed trailing whitespace
Removed several compiler warnings
Removed odd backslashes at some line endings
2010-12-15 16:05:17 +01:00
Daniel Stenberg
b998b04c02 urldate: undef hideous memory defines
The public axTLS header (at least as of 1.2.7) redefines the memory
functions. We #undef those again immediately after the public header to
limit the damage. This should be fixed in axTLS.
2010-12-15 16:05:17 +01:00
Eric Hu
a7cf30f808 Minor fixes to pass tests 301 and 306 with a patched axTLS. 2010-12-15 16:05:17 +01:00
Eric Hu
be312336f6 Initial axTLS integration. Connections can be made and some tests pass.
Failed HTTPS tests: 301, 306, 311, 312, 313, 560
311, 312 need more detailed error reporting from axTLS.
313 relates to CRL, which hasn't been implemented yet.
2010-12-15 16:05:17 +01:00
Eric Hu
108d7693a4 Preparing for axTLS. Actual SSL API functions are only stubbed.
Added axTLS to autotool files and glue code to misc other files.
axtls.h maps SSL API functions, but may change.
axtls.c is just a stub file and will definitely change.
2010-12-15 16:05:17 +01:00
Daniel Stenberg
a865bd9fba IsPipeliningPossible: only for HTTP
The function that checks if pipelining is possible now requires the HTTP
bit to be set so that it doesn't mistakenly tries to do it for other
protocols.

Bug: http://curl.haxx.se/mail/lib-2010-12/0152.html
Reported by: Dmitri Shubin
2010-12-13 13:44:50 +01:00
Daniel Stenberg
0fd439ebac multi_runsingle: don't timeout completed handles
The generic timeout code must not check easy handles that are already
completed. Going to completed (again) within there risked decreasing the
number of alive handles again and thus it could go negative.

This regression bug was added in 7.21.2 in commit ca10e28f06
2010-12-13 12:51:48 +01:00
Yang Tse
0b5901bec6 easy: fix compiler warning: end-of-loop code not reached 2010-12-07 03:27:59 +01:00
Daniel Stenberg
5965d4554d disconnect: pass on the dead_connection argument
Cleanup fix after Kamil's commit 5c7c9a768d
2010-12-06 15:33:38 +01:00
Heinrich Ko
315e5277dc ossl_connect_common: detect connection re-use
ossl_connect_common() now checks whether or not 'struct
connectdata->state' is equal 'ssl_connection_complete' and if so, will
return CURLE_OK with 'done' set to 'TRUE'. This check prevents
ossl_connect_common() from creating a new ssl connection on an existing
ssl session which causes openssl to fail when it tries to parse an
encrypted TLS packet since the cipher data was effectively thrown away
when the new ssl connection was created.

Bug: http://curl.haxx.se/mail/lib-2010-11/0169.html
2010-12-06 14:41:18 +01:00
Kamil Dudka
5c7c9a768d url: provide dead_connection flag in Curl_handler::disconnect
It helps to prevent a hangup with some FTP servers in case idle session
timeout has exceeded.  But it may be useful also for other protocols
that send any quit message on disconnect.  Currently used by FTP, POP3,
IMAP and SMTP.
2010-12-06 14:35:42 +01:00
Yang Tse
bf1c102b80 ssh: fix a download resume point calculation 2010-12-06 14:29:16 +01:00
Daniel Stenberg
2271b60b71 Curl_wait_for_resolv: correct timeout
When looping in this function and checking for the timeout being
expired, it was not updating the reference time when calculating the
timediff since previous round which made it think each subsequent loop
to have taken longer than it actually did.

I also modified the function to use the generic Curl_timeleft() function
instead of the custom logic.

Bug: http://curl.haxx.se/bug/view.cgi?id=3112579
2010-12-05 23:39:41 +01:00
Daniel Stenberg
c2bfe60086 Curl_send/recv_plain: return errno on failure
When send() and recv() fail, we now store the errno value to allow the
app to access it.

Bug: http://curl.haxx.se/bug/view.cgi?id=3128121
Reported by: Yuri
2010-12-05 23:04:11 +01:00
Guenter Knauf
63598059cd Updated OpenSSL version. 2010-12-05 10:59:58 +01:00
Yang Tse
c1901f7ed0 fix compiler warning: conversion may lose significant bits 2010-12-04 05:53:07 +01:00
Yang Tse
9c4ff4874e fix compiler warning: assignment within conditional expression 2010-12-03 16:53:11 +01:00
Yang Tse
46a0062dff fix getinfo CURLINFO_LOCAL* for reused connections (take 2) follow-up
- Show address string from proper buffer in case of connection failure.

- Try next address when inet_ntop() fails.
2010-12-03 14:30:00 +01:00
Yang Tse
d534cd0027 build: provide SIZEOF_SIZE_T DOS definition 2010-12-03 04:15:39 +01:00
Yang Tse
afd6e738f7 build: lib/config.dos renamed to lib/config-dos.h 2010-12-03 04:13:33 +01:00
Yang Tse
de670efeab build: provide SIZEOF_SIZE_T VMS definition 2010-12-03 03:40:16 +01:00
Yang Tse
421d918da3 build: move config-vms.h from subdir 'packages/vms' into 'lib' 2010-12-03 02:36:22 +01:00
Yang Tse
99a07a1fdf build: provide SIZEOF_SIZE_T definition for non-configure builds 2010-12-02 21:41:23 +01:00
Yang Tse
81c16c2e30 build: provide SIZEOF_SIZE_T netware definition 2010-12-02 20:53:42 +01:00
Yang Tse
07f60235b0 fix compiler warning: rounding, sign extension, or loss of accuracy may result 2010-12-02 18:46:13 +01:00
Yang Tse
5580fb2b9c fix compiler warning: statement is not reachable 2010-12-02 16:35:02 +01:00
Yang Tse
7e3f0bffe5 fix compiler warning: conversion may lose significant bits 2010-12-01 23:33:43 +01:00
Yang Tse
5d47bf3776 connect: fix compiler warning: unused variable 2010-12-01 17:30:52 +01:00
Yang Tse
11cddb68e0 fix getinfo CURLINFO_LOCAL* for reused connections (take 2) 2010-11-30 22:14:37 +01:00
Yang Tse
1b2b93e074 fix getinfo CURLINFO_LOCAL* for reused connections follow-up
Reinstate IPV6 build variable that got removed.
2010-11-30 13:42:02 +01:00
Yang Tse
c328214a2d fix getinfo CURLINFO_LOCAL* for reused connections
Failed to commit this file changes along with the others.
2010-11-30 13:31:25 +01:00
Yang Tse
f6f5d7874f fix getinfo CURLINFO_LOCAL* for reused connections 2010-11-30 06:20:54 +01:00