1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 13:35:03 -05:00
Commit Graph

27351 Commits

Author SHA1 Message Date
Daniel Stenberg
8593b15c77
docs/ABI: tighten up the language
Make the promises more firm

Closes #6786
2021-03-24 23:45:29 +01:00
Daniel Stenberg
a5eee22e59
openldap: disconnect better
Instead of clearing the callback argument in disconnect, set it to the
(new) transfer to make sure the correct data is passed to the callbacks.

Follow-up to e467ea3bd9
Assisted-by: Patrick Monnerat
Closes #6787
2021-03-24 23:02:33 +01:00
Daniel Stenberg
1803be5746
libssh2: kdb_callback: get the right struct pointer
After the recent conn/data refactor in this source file, this function
was mistakenly still getting the old struct pointer which would lead to
crash on servers with keyboard-interactive auth enabled.

Follow-up to a304051620 (shipped in 7.75.0)

Reported-by: Christian Schmitz
Fixes #6691
Closes #6782
2021-03-23 13:42:22 +01:00
Daniel Stenberg
2258899e97
tftp: remove unused struct fields
Follow-up to d3d90ad9c0

Closes #6781
2021-03-23 13:37:10 +01:00
Daniel Stenberg
e467ea3bd9
openldap: avoid NULL pointer dereferences
Follow-up to a59c33ceff
Reported-by: Patrick Monnerat
Fixes #6676
Closes #6780
2021-03-23 13:34:50 +01:00
Daniel Stenberg
3bbf62b5a4
http: strip default port from URL sent to proxy
To make sure the Host: header and the URL provide the same authority
portion when sent to the proxy, strip the default port number from the
URL if one was provided.

Reported-by: Michael Brown
Fixes #6769
Closes #6778
2021-03-23 13:33:49 +01:00
Daniel Stenberg
45d1e24b74
azure: disable test 433 on azure-ubuntu
Something in that environment sets XDG_CONFIG_HOME for us in a way that
breaks the test.

Reported-by: Marc Hörsken
Fixes #6739
Closes #6777
2021-03-23 10:13:20 +01:00
Daniel Stenberg
d3d90ad9c0
tftp: remove the 3600 second default timeout
... it was never meant to be there.

Reported-by: Tomas Berger
Fixes #6774
Closes #6776
2021-03-22 23:00:23 +01:00
Daniel Stenberg
d7f737dd13
docs: make gen.pl support *italic* and **bold**
Remove some nroffisms from the cmdline doc files to simplify editing,
and instead support this markdown style.

Closes #6771
2021-03-22 16:50:58 +01:00
Daniel Stenberg
c915662485
ngtcp2: sync with recent API updates
Closes #6770
2021-03-22 10:45:00 +01:00
Daniel Stenberg
03c8cef1c3
RELEASE-NOTES: synced 2021-03-21 11:27:12 +01:00
Daniel Stenberg
012c19c33a
libssh2:ssh_connect: clear session pointer after free
If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
ssh session was freed but the pointer wasn't cleared which made libcurl
later call libssh2 to cleanup using the stale pointer.

Fixes #6764
Closes #6766
2021-03-21 11:22:08 +01:00
Jacob Hoffman-Andrews
2e444a17d4
docs: document version of crustls dependency
This also pins a specific release in the Travis test so future
API-breaking changins in crustls won't break curl builds.

Add RUSTLS documentation to release tarball.

Enable running tests for rustls, minus FTP tests (require
connect_blocking, which rustls doesn't implement) and 313 (requires CRL
handling).

Closes #6763
2021-03-21 00:16:32 +01:00
Jacob Hoffman-Andrews
7488ef2960
rustls: Handle close_notify.
If we get a close_notify, treat that as EOF. If we get an EOF from the
TCP stream, treat that as an error (because we should have ended the
connection earlier, when we got a close_notify).

Closes #6763
2021-03-21 00:16:27 +01:00
Daniel Stenberg
472b537215
docs: clarify timeouts for queued transfers in multi API
Closes #6758
2021-03-19 23:28:21 +01:00
Daniel Stenberg
bd738bef12
ftpserver: only load the preprocessed test file
We always preprocess and tests are no longer sensible to load "raw"

Closes #6738
2021-03-19 15:57:27 +01:00
Daniel Stenberg
e2b4df7b5e
tests: use %TESTNUMBER instead of fixed number
This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738
2021-03-19 15:57:21 +01:00
Daniel Stenberg
453ad35d15
KNOWN_BUGS: CURLOPT_OPENSOCKETPAIRFUNCTION is missing
Closes #5747
2021-03-18 12:53:28 +01:00
Daniel Stenberg
74ec0e5ec0
TODO: provide timing info for each redirect
Closes #6743
2021-03-18 08:39:59 +01:00
Jay Satiro
2d04286793 docs: Add SSL backend names to CURL_SSL_BACKEND
- Document the names that can be used with CURL_SSL_BACKEND:
  bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls,
  schannel, secure-transport, wolfssl

Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201

Closes https://github.com/curl/curl/pull/6755
2021-03-17 18:15:10 -04:00
Jay Satiro
8a4ef73c8f docs: Explain DOH transfers inherit some SSL settings
- Document in DOH that some SSL settings are inherited but DOH hostname
  and peer verification are not and are controlled separately.

- Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
  we're considering changing behavior to no longer inherit it. Request
  feedback.

Closes https://github.com/curl/curl/pull/6688
2021-03-17 18:12:45 -04:00
Daniel Stenberg
6d176bee59
http: make 416 not fail with resume + CURLOPT_FAILONERRROR
When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.

Updated test 1156, added test 1273

Reported-by: Jonathan Watt
Fixes #6740
Closes #6753
2021-03-17 08:26:46 +01:00
Daniel Stenberg
e8e7ef3612
Curl_timeleft: check both timeouts during connect
The duration of a connect and the total transfer are calculated from two
different time-stamps. It can end up with the total timeout triggering
before the connect timeout expires and we should make sure to
acknowledge whichever timeout that is reached first.

This is especially notable when a transfer first sits in PENDING, as
that time is counted in the total time but the connect timeout is based
on the time since the handle changed to the CONNECT state.

The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
operation.

Fixes #6744
Closes #6745
Reported-by: Andrei Bica
Assisted-by: Jay Satiro
2021-03-17 00:28:44 +01:00
Daniel Stenberg
2682e5f502
configure: remove use of deprecated macros
AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL
2021-03-16 23:02:02 +01:00
Daniel Stenberg
d2ea5d166e
configure: make AC_TRY_* into AC_*_IFELSE
... as the former versions are deprecated.
2021-03-16 23:02:02 +01:00
Daniel Stenberg
a59f046116
configure: s/AC_HELP_STRING/AS_HELP_STRING
AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
already since 2.59 so bump the minimum required version to that.

Reported-by: Emil Engler
Fixes #6647
Closes #6748
2021-03-16 23:01:53 +01:00
Daniel Stenberg
55ae13dcc1
RELEASE-NOTES: synced 2021-03-16 17:27:22 +01:00
Daniel Stenberg
c44cf858f2
travis: use ubuntu nghttp2 package instead of build our own
Closes #6751
2021-03-16 11:00:29 +01:00
Daniel Stenberg
0785a77767
travis: bump wolfssl to 4.7.0 2021-03-16 11:00:29 +01:00
Daniel Stenberg
e4a41c1042
travis: only build wolfssl when needed
Closes #6751
2021-03-16 11:00:19 +01:00
Jacob Hoffman-Andrews
3780717db0
rustls: allocate a buffer for TLS data.
Previously, rustls was using an on-stack array for TLS data. However,
crustls has an (unusual) requirement that buffers it deals with are
initialized before writing to them. By using calloc, we can ensure the
buffer is initialized once and then reuse it across calls.

Closes #6742
2021-03-16 10:11:04 +01:00
Daniel Stenberg
7dbb0a87e6
travis: add a rustls build
... that doesn't run any tests (yet)

Closes #6750
2021-03-16 10:08:15 +01:00
Daniel Stenberg
aab3a77e8c
HTTP2: remove the outdated remark about multiplexing for the tool 2021-03-16 00:35:38 +01:00
Robert Ronto
068661bb02
http2: don't set KEEP_SEND when there's no more data to be sent
this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received over http2

Closes #6747
2021-03-15 23:29:35 +01:00
Marc Hoersken
cc615f48e7
config: fix building SMB with configure using Win32 Crypto
Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
just like curl_setup.h does internally to detect support of:

- USE_NTLM: required for NTLM crypto authentication feature
- USE_CURL_NTLM_CORE: required for SMB protocol

Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
in wincrypt.h which are not available in the Windows App environment.

Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.

Reviewed-by: Marcel Raad

Closes #6277
2021-03-15 17:01:30 +01:00
Marc Hoersken
7152957421
config: fix detection of restricted Windows App environment
Move the detection of the restricted Windows App environment
in curl_setup.h before the definition of USE_WIN32_CRYPTO
via included config-win32.h in case no build system is used.

Reviewed-by: Marcel Raad

Part of #6277
2021-03-15 17:01:18 +01:00
Daniel Stenberg
d4a932797a
HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1 2021-03-15 09:00:50 +01:00
Daniel Stenberg
f83d4ea56e
gen.pl: quote "bare" minuses in the nroff curl.1
Reported-by: Alejandro Colomar
Fixes #6698
Closes #6722
2021-03-14 23:44:43 +01:00
Daniel Gustafsson
419f0f5534 hsts: remove unused defines
MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
and mostly likely leftovers from early development.  Remove as they're not
used for anything.

Closes #6741
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-03-14 23:18:27 +01:00
Daniel Stenberg
6dc03053d1
github: add torture-ftp for FTP-only torture testing
and at 20% to try to keep the run-time reasonable

Closes #6728
2021-03-12 23:36:38 +01:00
Daniel Stenberg
743ab72bf1
travis: split "torture" into a separate "events" build as well
Run torture without FTP and reducing coverage to 20%

For some reason the torture tests now run a lot slower on travis and run
into the 50 minute limit all the time.

Closes #6728
2021-03-12 23:36:29 +01:00
Daniel Stenberg
8ed71fc4f7
ftp: fix memory leak in ftp_done
If after a transfer is complete Curl_GetFTPResponse() returns an error,
curl would not free the ftp->pathalloc block.

Found by torture-testing test 576

Closes #6737
2021-03-12 19:53:05 +01:00
oxalica
d1f40078c1
http2: fail if connection terminated without END_STREAM
Closes #6736
2021-03-12 17:54:39 +01:00
Daniel Stenberg
f8a5e9660e
RELEASE-NOTES: synced 2021-03-12 16:35:46 +01:00
Jacob Hoffman-Andrews
43a56e34e1
rustls: support CURLOPT_SSL_VERIFYPEER
This requires the latest main branch of crustls, which provides
rustls_client_config_builder_dangerous_set_certificate_verifier and
rustls_client_config_builder_set_enable_sni.

This refactors the session setup into its own function, and adds a new
function cr_hostname_is_ip. Because crustls doesn't support verification
of IP addresses, special handling is needed: We disable SNI and set a
placeholder hostname (which never actually gets sent on the wire).

Closes #6719
2021-03-12 13:15:00 +01:00
Daniel Gustafsson
f7aeff58a3 cookies: Fix potential NULL pointer deref with PSL
Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions must be careful
to only use data where it's checked for being a NULL pointer.  The libpsl
support code does however dereference data without checking, so if we are
indeed having an unset data pointer we cannot PSL check the cookiedomain.

This is currently not a reachable dereference, as the only caller with a
NULL data isn't passing a file to initialize cookies from, but since the
API has this contract let's ensure we hold it.

Closes #6731
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-03-12 02:34:03 +01:00
Michael Hordijk
b3ace84642
configure: only add OpenSSL paths if they are defined
Add paths for OpenSSL compiling and linking only if they have been
defined.  If they haven't been defined, we'll assume that the paths are
already available to the toolchain.

Closes #6730
2021-03-12 09:45:10 +01:00
Jay Satiro
21445a76df retry.d: Clarify transient 5xx HTTP response codes
- Clarify the only 5xx response codes that are treated as transient are
  500, 502, 503 and 504.

Prior to this change it said it treated all 5xx as transient, but the
code says otherwise.

Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495

Closes https://github.com/curl/curl/pull/6724
2021-03-12 03:16:22 -05:00
Jay Satiro
cf9d16b98c retry-all-errors.d: Explain curl errors versus HTTP response errors
- Add a paragraph explaining that curl does not consider HTTP response
  errors as curl errors, and how that behavior can be modified by using
  --retry and --fail.

The --retry-all-errors doc says "Retry on any error" which some users
may find misleading without the added explanation.

Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT

Reported-by: Lawrence Gripper

Fixes https://github.com/curl/curl/issues/6712
Closes https://github.com/curl/curl/pull/6720
2021-03-12 03:15:48 -05:00
Daniel Stenberg
ed158f0ddf
travis: switch ngtcp2 build over to quictls
The ngtcp2 project switched over to using the quictls OpenSSL fork
instead of their own patched OpenSSL. We follow suit.

Closes #6729
2021-03-11 22:49:50 +01:00