1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-24 00:58:48 -05:00
Commit Graph

99 Commits

Author SHA1 Message Date
Dan McNulty
8996300211 schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325
2018-04-18 03:59:47 -04:00
kdekker
7921659450 winbuild: Support custom devel paths for each dependency
- Support custom devel paths for c-ares, mbedTLS, nghttp2, libSSH2,
  OpenSSL and zlib. Respectively: CARES_PATH, MBEDTLS_PATH,
  NGHTTP2_PATH, SSH2_PATH, SSL_PATH and ZLIB_PATH.

- Use lib.exe for making the static library instead of link.exe /lib.
  The latter is undocumented and could cause problems as noted in the
  comments.

- Remove a dangling URL that no longer worked. (I was not able to find
  the IDN download at MSDN/microsoft.com, so it seems to be removed.)

- Remove custom override for release-ssh2-ssl-dll-zlib configuration.
  Nobody knows why it was there and as far as we can see is unnecessary.

Closes https://github.com/curl/curl/pull/2474
2018-04-17 03:13:50 -04:00
kdekker
75f517f968
winbuild: fix URL
Follow up on https://github.com/curl/curl/pull/2472.
Now using en-us instead of nl-nl as language code in the URL.

Closes https://github.com/curl/curl/pull/2475
2018-04-09 15:19:00 +02:00
kdekker
73070e8242
winbuild: updated the documentation
The setenv command no longer exists and visual studio build prompts got
changed. Used Visual Studio 2015/2017 as reference.

Closes #2472
2018-04-09 10:42:14 +02:00
kdekker
8585026524
winbuild: make the clean target work without build-type
Due to the check in Makefile.vc and MakefileBuild.vc, no make call can
be invoked unless a build-type was specified. However, a clean target
only existed when a build type was specified. As a result, the clean
target was unreachable. Made clean target unconditional.

Closes #2455
2018-04-06 14:43:33 +02:00
richardthe3rd
cc1d4c505e
winbuild: prefer documented zlib library names
Check for existence of import and static libraries with documented names
and use them if they do. Fallback to previous names.

According to
https://github.com/madler/zlib/blob/master/win32/README-WIN32.txt on
Windows, the names of the import library is "zdll.lib" and static
library is "zlib.lib".

closes #2354
2018-03-04 23:02:51 +01:00
Rod Widdowson
5fb70ea170 winbuild: Use macros for the names of some build utilities
- Add macros to the top of the makefile for rc and mt utilities so that
  it is easier to change their locations.

Bug: https://curl.haxx.se/mail/lib-2018-02/0075.html
Reported-by: Stefan Kanthak

Closes https://github.com/curl/curl/issues/2329
2018-02-23 15:20:58 -05:00
Rod Widdowson
4fff37b91f winbuild: Use CALL to run batch scripts
Co-authored-by: Stefan Kanthak

Closes https://github.com/curl/curl/issues/2330
Closes https://github.com/curl/curl/pull/2331
2018-02-22 14:56:00 -05:00
Jay Satiro
2b50e56343 build: fix windows build methods for curl_ctype.c
- Fix winbuild and the VS project generator to treat curl_ctype.{c,h} as
  curlx files since they are required by both src and lib.

Follow-up to 4272a0b which added curl_ctype.
2018-01-30 19:14:00 -05:00
Adam Marcionek
a406e86ecb
winbuild: make linker generate proper PDB
Link.exe requires /DEBUG to properly generate a full pdb file on release
builds.

Closes #2274
2018-01-30 08:12:18 +01:00
Steve Holme
a9b774a773 Makefile.vc: Added our standard copyright header 2017-12-22 18:49:37 +00:00
Steve Holme
22fddb85ac winbuild: Added support for VC15 2017-12-22 18:44:35 +00:00
Daniel Stenberg
f64c05278e
winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2 2017-10-12 13:54:00 +02:00
theantigod
09fc61e436 winbuild: fix embedded manifest option
Embedded manifest option didn't work due to incorrect path.

Fixes https://github.com/curl/curl/issues/1832
2017-08-26 02:33:01 -04:00
Daniel Stenberg
6f6cfc90be
BUILD.WINDOWS: mention buildconf.bat for builds off git 2017-08-03 13:50:44 +02:00
Marcel Raad
a4bef6a91b
winbuild: re-enable warning C4127 for curl tool
Disabled in cda19a345f. It only needs to
be disabled for libcurl.
2017-07-14 08:52:14 +02:00
Marcel Raad
cda19a345f
winbuild: build with warning level 4
This is consistent with 7bc64561a2, which
changed the warning level from 3 to 4 for the Visual Studio project
files. But disable the level 4 warning C4127 "conditional expression is
constant", as that one is issued by older versions of the Windows SDK
as well as curl itself under some circumstances.

Closes https://github.com/curl/curl/pull/1667
2017-07-13 22:30:33 +02:00
Marcel Raad
beb08481d0
curl_setup: always define WIN32_LEAN_AND_MEAN on Windows
Make sure to always define WIN32_LEAN_AND_MEAN before including any
Windows headers to avoid pulling in unnecessary headers. This avoids
unnecessary macro clashes and compiler warnings.

Ref: https://github.com/curl/curl/issues/1562
Closes https://github.com/curl/curl/pull/1672
2017-07-11 11:57:00 +02:00
Henrik S. Gaßmann
cd34ffa614 winbuild: fix boringssl build
Compile with `WIN32_LEAN_AND_MEAN` which prevents `windows.h` from
including too much clutter including `wincrypt.h` which in turn contains
some preprocessor macros that clash with boringssl symbols.

Detect boringssl by checking the existance of `is_boringssl.h` and set
the corresponding `HAVE_BORINGSSL` for compilation which is used in
`ldap.c` to undefine the evil macros.

Closes #1610
2017-06-24 22:13:21 +02:00
Daniel Stenberg
73a2fcea0b includes: remove curl/curlbuild.h and curl/curlrules.h
Rely entirely on curl/system.h now.

Introduced in Aug 2008 with commit 14240e9e10. Now gone.

Fixes #1456
2017-06-14 11:07:33 +02:00
Anatol Belski
df45f2c33e winbuild: fix the nghttp2 build
Closes #1321
2017-05-24 08:27:12 +02:00
Anatol Belski
db87bcfcf2 winbuild: add basic support for OpenSSL 1.1.x
- Auto-detect OpenSSL 1.1 libs

Closes https://github.com/curl/curl/pull/1322
2017-03-13 16:05:33 -04:00
Simon Warta
3cc30e8207 winbuild: add note on auto-detection of MACHINE in Makefile.vc
Closes #1265
2017-02-16 17:56:33 +01:00
Daniel Stenberg
8611d985ee VC: remove the makefile.vc6 build infra
The winbuild/ build files is now the single MSVC makefile build choice.

Closes #1215
2017-01-23 14:27:32 +01:00
Jan-E
65894c9846 winbuild: add config option ENABLE_NGHTTP2
Closes #1141
2016-11-25 09:00:54 +01:00
Daniel Stenberg
d7e5f18279 winbuild: remove strcase.obj from curl build
Reported-by: Bruce Stephens

Fixes #1098
2016-11-02 14:45:24 +01:00
Daniel Stenberg
309d6e80d0 msvc builds: s/rawstr/strcase
Follow-up to 811a693b
2016-10-31 13:35:26 +01:00
Simon Warta
dec9346460 winbuild: Allow changing C compiler via environment variable CC (#952)
This makes it possible to use specific compilers or a cache.

Sample use for clcache:
set CC=clcache.bat
nmake /f Makefile.vc DEBUG=no MODE=static VC=14 GEN_PDB=no
2016-08-09 21:27:36 +02:00
Simon Warta
b2ac016510 winbuild: Free name $(CC) in Makefile (#950)
In the old line number 290, CC and CURL_CC had the same value. After
that, /DCURL_STATICLIB was added to CC but not CURL_CC (intended?).

This gets rid of the CC variable entirely. It is a first step to make it
possible to manualyl set a CC variable in order to be able to change the
compiler.
2016-08-09 08:29:59 +02:00
Simon Warta
26424ba07f winbuild: Avoid setting redundant CFLAGS to compile commands (#949)
$(CURL_CC) is always used with $(CURL_CFLAGS) appended, so before this,
all arguments in CURL_CFLAGS have been added twice.
2016-08-08 21:26:57 +02:00
Jay Satiro
af8eb69cb2 winbuild: fix embedded manifest option
Embedded manifest option didn't work due to typo.

Reported-by: Stefan Kanthak
2016-07-21 01:37:29 -04:00
Andrew Kurushin
6cabd78531 schannel: add CURLOPT_CERTINFO support
Closes #822
2016-06-01 08:50:01 +02:00
Jan-E
6bdc6092a0 winbuild/Makefile.vc: Fix check on SSL, MBEDTLS, WINSSL exclusivity
Closes #818
2016-05-20 16:41:59 +02:00
Henrik Gaßmann
5d8093e7d5 winbuild: add mbedtls support
Add WITH_MBEDTLS option. Make WITH_SSL, WITH_MBEDTLS and ENABLE_WINSSL
options mutual exclusive.

Closes #606
2016-04-21 23:23:49 +02:00
Daniel Stenberg
cd79e0329f Revert "winbuild: trying to set some files eol=crlf for git"
This reverts commit 9c08b4f1e7.

Didn't help. Caused problems.

Fixes #756
2016-04-07 08:06:56 +02:00
Viktor Szakats
a24f71aac4 URLs: change http to https in many places
Closes #754
2016-04-06 11:58:34 +02:00
Daniel Stenberg
9c08b4f1e7 winbuild: trying to set some files eol=crlf for git
Thinking it might help to apply patches etc with git.
2016-04-06 11:29:36 +02:00
Steve Holme
dc72f8df0c build: Updated all makefiles and project files for the new vauth directory
Updated the makefiles and Visual Studio project files to support moving
the authentication code to the new lib/vauth directory that was started
in commit 0d04e859e1.
2016-03-25 09:11:59 +00:00
Viktor Szakats
b4f595bde4 URLs: change more http to https 2016-02-02 22:29:47 -05:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Benjamin Kircher
6a0bd6ce8b winbuild: run buildconf.bat if necessary 2015-09-09 02:37:57 -04:00
Steve Holme
ad32457623 makefile: Added support for VC14 2015-07-21 18:52:43 +01:00
Jay Satiro
6842afbf44 INSTALL: Advise use of non-native SSL for Windows <= XP
Advise that WinSSL in versions <= XP will not be able to connect to
servers that no longer support the legacy handshakes and algorithms used
by those versions, and to use an alternate backend like OpenSSL instead.

Bug: https://github.com/bagder/curl/issues/253
Reported-by: zenden2k <zenden2k@gmail.com>
2015-06-20 18:45:25 -04:00
Jay Satiro
f010f3e3ca winbuild: Document the option used to statically link the CRT
- Document option RTLIBCFG (runtime library configuration).

Bug: https://github.com/bagder/curl/issues/254
Reported-by: Bert Huijben
2015-05-08 01:09:57 -04:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Sam Schanken
659d252b6f winbuild: Added option to build with c-ares
Added support for a WITH_CARES option to be used when invoking nmake
via Makefile.vc. This option enables linking against both the DLL and
static versions of the c-ares libraries, as well as the debug and
release varients, depending on the value of DEBUG. The USE_ARES
preprocessor symbol is also defined.
2015-01-08 21:12:43 +00:00
Ray Satiro
006b61eb0b newlines: fix mixed newlines to LF-only
I use the curl repo mainly on Windows with the typical Windows git
checkout which converts the LF line endings in the curl repo to CRLF
automatically on checkout. The automatic conversion is not done on files
in the repo with mixed line endings. I recently noticed some weird
output with projects/build-openssl.bat that I traced back to mixed line
endings, so I scanned the repo and there are files (excluding the
test data) that have mixed line endings.

I used this command below to do the scan. Unfortunately it's not as easy
as git grep, at least not on Windows. This gets the names of all the
files in the repo's HEAD, gets each of those files raw from HEAD, checks
for mixed line endings of both LF and CRLF, and prints the name if
mixed. I excluded path tests/data/test* because those can have mixed
line endings if I understand correctly.

for f in `git ls-tree --name-only --full-tree -r HEAD`;
do if [ -n "${f##tests/data/test*}" ];
    then git show "HEAD:$f" | \
        perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/';
    if [ $? -ne 0 ];
        then echo "$f";
    fi;
fi;
done
2014-09-12 10:22:34 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Steve Holme
8223972af2 winbuild: Don't USE_WINSSL when WITH_SSL is being used
Regression of commit d39bbcfa8d when compiling against OpenSSL.
2014-06-06 14:14:30 +01:00
Steve Holme
f997787d89 winbuild: Fixed static OpenSSL builds following commit c50ce85918 2014-06-05 23:19:00 +01:00