1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Commit Graph

7394 Commits

Author SHA1 Message Date
Dan Fandrich
263ed02da6 url: only use if_nametoindex() if IFNAMSIZ is available 2014-04-14 08:02:06 +02:00
Steve Holme
b574e83079 sas: Added DIGEST-MD5 qop-option validation in native challange handling
Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.
2014-04-08 21:24:34 +01:00
Daniel Stenberg
73b7a03c3f strerror: fix comment about vxworks' strerror_r buffer size
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek
2014-04-06 23:13:08 +02:00
Steve Holme
64381f5091 sasl: Added forward declaration of structures following recent changes
To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.
2014-04-06 17:20:08 +01:00
Steve Holme
537b571c90 sasl: Fixed compilation warning
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc sasl: Added curl_memory.h include as per test 1132 2014-04-06 16:09:19 +01:00
Steve Holme
2af28a147b sasl: Fixed compilation warning in SSPI builds
warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06 16:01:55 +01:00
Steve Holme
f700eb7d9a sasl: Corrected missing free of decoded challenge message from 607883f13c 2014-04-06 14:18:31 +01:00
Steve Holme
175b605331 sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 2014-04-06 14:02:10 +01:00
Steve Holme
ee40136f6c sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c sasl: Added support for DIGEST-MD5 via Windows SSPI 2014-04-06 12:49:32 +01:00
Steve Holme
d4150c317c http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined 2014-04-06 01:46:53 +01:00
Steve Holme
0bc14c9faf Makefile.vc6: Added curl_sasl_sspi.c 2014-04-06 00:57:23 +01:00
Steve Holme
c469941293 ntlm: Moved the identity generation into shared SSPI code 2014-04-06 00:35:22 +01:00
Steve Holme
ff853960bd sasl: Renamed SSPI module following short name clash 2014-04-06 00:35:01 +01:00
Steve Holme
2c49e96092 sasl: Added initial stub functions for SSPI DIGEST-MD support 2014-04-05 23:16:51 +01:00
Steve Holme
3a92de5636 sasl: Combined DIGEST-MD5 message decoding and generation 2014-04-05 23:09:04 +01:00
Tatsuhiro Tsujikawa
9e86209d04 http2: Compile with current nghttp2, which supports h2-11 2014-04-05 19:30:12 +02:00
Daniel Stenberg
74851340bd PROXYHEADER: send these headers in "normal" proxy requests too
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ef6be35bae CURLOPT_HEADEROPT: added
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc CURLOPT_PROXYHEADER: set headers for proxy-only
Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
42937f87e6 HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
2014-04-04 15:46:35 +02:00
Daniel Stenberg
c81021f747 ftp: in passive data connect wait for happy eyeballs sockets
When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!

Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan
2014-04-03 20:38:19 +02:00
Daniel Stenberg
97f214d0c9 http2+openssl: fix compiler warnings in ALPN using code 2014-04-03 17:03:02 +02:00
Steve Holme
dd9ce1b86c smtp: Fixed login denied with a RFC-821 based server
In addition to commit fe260b75e7 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.
2014-04-01 07:20:19 +01:00
Daniel Stenberg
8a0385c1ad urldata: spellfix comment
Reported-by: Melissa
2014-04-01 08:00:34 +02:00
Daniel Stenberg
13682d1a24 ipv6: strip off zone identifiers in redirects too
Follow up to 9317eced98 makes test 1056 work again.
2014-03-31 09:35:32 +02:00
Daniel Stenberg
6448946ac3 http2: let openssl mention the exact protocol negotiated
Remove a superfluous "negotiated http2" info line
2014-03-31 09:00:58 +02:00
Daniel Stenberg
ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Till Maas
9317eced98 URL parser: IPv6 zone identifiers are now supported 2014-03-31 07:58:25 +02:00
Steve Holme
fe260b75e7 smtp: Fixed login denied when server doesn't support AUTH capability
Specifying user credentials when the SMTP server doesn't support
authentication would cause curl to display "No known authentication
mechanisms supported!" and return CURLE_LOGIN_DENIED.

Reported-by: Tom Sparrow
Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html
2014-03-28 18:21:27 +00:00
Dan Fandrich
a8c7cf6281 hostcheck: added a system include to define struct in_addr 2014-03-26 22:29:00 +01:00
Daniel Stenberg
965690f67e Curl_cert_hostcheck: strip trailing dots in host name and wildcard
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Daniel Stenberg
5019c78095 Curl_cert_hostcheck: reject IP address wildcard matches
There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.

Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Steve Holme
517b06d657 url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-25 23:01:37 +01:00
Gisle Vanem
196140dcaf polarssl: avoid extra newlines in debug messages
The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.
2014-03-22 16:55:39 +01:00
Daniel Stenberg
4ff71183b9 rtsp: parse "Session:" header properly
The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.

Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
2014-03-20 11:52:27 +01:00
Daniel Stenberg
930b81387b trynextip: don't store 'ai' on failed connects...
It leads to the "next family" tries starting from the wrong point and thus
fails!

Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker
2014-03-19 16:34:12 +01:00
Gaël PORTAY
47f8e99e78 polarssl: fix possible handshake timeout issue in multi.
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.

In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
2014-03-19 16:10:18 +01:00
Gaël PORTAY
ff25f437a5 polarssl: break compatibility with version older than 1.3.
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
2014-03-18 21:01:11 +01:00
Gaël PORTAY
31265376bc polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
 * x509 certificate structure has been renamed to from x509_cert to
   x509_crt
 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
   ssl_set_own_cert is for generic keys
 * ssl_default_ciphersuites has been replaced by function
   ssl_list_ciphersuites()

This patch drops the use of the compatibly header.
2014-03-18 21:01:11 +01:00
Daniel Stenberg
7a1fb8e816 polarssl: added missing end-of-comment from previous commit 2014-03-18 08:03:45 +01:00
Daniel Stenberg
5017d5ada8 polarssl: now require 1.3.0+
Also fixed a function name change in the version requirement bump
2014-03-17 20:48:06 +01:00
hasufell
4d6108315b polarssl: fix compilation
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
2014-03-17 20:08:45 +01:00
Kamil Dudka
67061e3f4e nss: allow to enable/disable new AES GCM cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
c864d81289 nss: allow to enable/disable new HMAC-SHA256 cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
b4f6cd46eb nss: do not enable AES cipher-suites by default
... but allow them to be enabled/disabled explicitly.  The default
policy should be maintained at the NSS level.
2014-03-15 13:07:55 +01:00
Dan Fandrich
9b5b6a2b1a ssh: prevent a logic error that could result in an infinite loop 2014-03-15 10:26:29 +01:00
Dan Fandrich
596800378d ssh: removed a redundant close state transition 2014-03-14 23:38:00 +01:00
Dan Fandrich
8c4d6ceec0 ssh: abort immediately on a header callback error 2014-03-14 23:37:59 +01:00
Daniel Stenberg
891ef341b3 chunked-encoding: provide a readable error string for chunked errors 2014-03-14 15:44:18 +01:00
Tatsuhiro Tsujikawa
9787b8e9d4 http2: free resources on disconnect
... and use Curl_safefree() instead of free()
2014-03-10 18:35:59 +01:00
Daniel Stenberg
dcdbac2568 openssl: info massage with SSL version used
Patch-by: byte_bucket
2014-03-10 17:13:11 +01:00
Daniel Stenberg
8ddda0e999 README.http2: clarify the build prerequisites 2014-03-09 16:39:46 +00:00
Daniel Stenberg
6da4085e48 ssh: fix compiler warning converting ssize_t to int 2014-03-06 13:25:59 +00:00
Dan Fandrich
e591165f94 ssh: Fixed a style warning
Also, combined a couple of #ifdef sections
2014-03-06 13:39:22 +01:00
Dan Fandrich
e84d0b41f6 ssh: Pass errors from libssh2_sftp_read up the stack 2014-03-06 12:48:33 +01:00
Daniel Stenberg
539412851c parse_remote_port: error out on illegal port numbers better 2014-03-06 00:06:45 +00:00
Daniel Stenberg
219a0fbe76 remote_port: allow connect to port 0
Port number zero is perfectly allowed to connect to. I moved to storing
the remote port number in an int so that -1 means undefined and 0-65535
can be used for legitimate port numbers.
2014-03-05 17:38:05 +00:00
Daniel Stenberg
0b3750b5c2 multi_runsingle: move timestamp into INIT
Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the
drawback that for actions that go back to the CONNECT state, the time
stamp is reset and for the multi_socket API there's no corresponding
Curl_expire() then so the timeout logic gets wrong!

Reported-by: Brad Spencer
Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html
2014-03-03 16:35:04 +01:00
Daniel Stenberg
a21c04f391 hostcheck: update comment after previous change 2014-03-03 13:41:48 +01:00
Daniel Stenberg
c01467b753 hostcheck: Curl_cert_hostcheck is not used by NSS builds 2014-03-03 13:39:06 +01:00
Daniel Stenberg
9cb7802cfd x509asn: moved out Curl_verifyhost from NSS builds
... as it isn't used then!
2014-03-03 08:44:25 +01:00
Daniel Stenberg
6f416fa462 NSS: avoid compiler warnings when built without http2 support 2014-03-03 08:39:25 +01:00
Jiri Malak
420d9ff3eb Rework Open Watcom make files to use standard Wmake features
Remove slash/backslash problem, now only slashes are used,
Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it.
Enable spaces in path.
Use internal rm command for all host platforms
Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported
2014-03-03 08:19:05 +01:00
Jiri Malak
85484355b3 parsedate: Fixed compilation warning
Remove compilation message for platforms where size of long type
is equal size of int type.
2014-03-02 16:36:05 +01:00
Steve Holme
1f07718123 transfer.c: Fixed non-HTTP2 builds from commit cde0cf7c5e 2014-02-28 23:21:36 +00:00
Tatsuhiro Tsujikawa
cde0cf7c5e Fix bug that HTTP/2 hangs if whole response body is read with headers
For HTTP/2, we may read up everything including responde body with
header fields in Curl_http_readwrite_headers. If no content-length is
provided, curl waits for the connection close, which we emulate it
using conn->proto.httpc.closed = TRUE. The thing is if we read
everything, then http2_recv won't be called and we cannot signal the
HTTP/2 stream has closed. As a workaround, we return nonzero from
data_pending to call http2_recv.
2014-02-28 23:28:39 +01:00
Daniel Stenberg
53f1f4a18e http2: build with current nghttp2 version
nghttp2 has yet again extended its callback struct and this is an
attempt to make curl compile with nghttp2 from current git
2014-02-28 23:26:43 +01:00
nickzman
e9665e9658 Merge pull request #93 from d235j/darwinssl_ip_address_fix
darwinssl: don't omit CN verification when an IP address is used
2014-02-25 17:36:44 -06:00
Marc Hoersken
e904b15f21 curl_schannel.c: Updated copyright years 2014-02-24 22:12:55 +01:00
David Ryskalczyk
63fc8ee7be winssl: Enable hostname verification of IP address using SAN or CN
Original commit message was:
 Don't omit CN verification in SChannel when an IP address is used.

Side-effect of this change:
 SChannel and CryptoAPI do not support the iPAddress subjectAltName
 according to RFC 2818. If present, SChannel will first compare the
 IP address to the dNSName subjectAltNames and then fallback to the
 most specific Common Name in the Subject field of the certificate.

 This means that after this change curl will not connect to SSL/TLS
 hosts as long as the IP address is not specified in the SAN or CN
 of the server certificate or the verifyhost option is disabled.
2014-02-24 22:12:55 +01:00
David Ryskalczyk
afc6e5004f Don't omit CN verification in DarwinSSL when an IP address is used. 2014-02-23 12:37:27 -05:00
Dan Fandrich
a660c0dbe6 easy: Fixed a memory leak on OOM condition 2014-02-22 15:41:59 +01:00
Daniel Stenberg
0d6225ad0d SFTP: skip reading the dir when NOBODY=1
When asking for an SFTP directory with NOBODY set, no directory contents
should be retrieved.

Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html
2014-02-19 10:40:28 +01:00
Dan Fandrich
8749bbe7fd axtls: comment the call ssl_read repeatedly loop 2014-02-18 21:14:09 +01:00
Tatsuhiro Tsujikawa
035b91a26c http2: Support HTTP POST/PUT
This patch enables HTTP POST/PUT in HTTP2.
We disabled Expect header field and  chunked transfer encoding
since HTTP2 forbids them.
In HTTP1, Curl sends small upload data with request headers, but
HTTP2 requires upload data must be in DATA frame separately.
So we added some conditionals to achieve this.
2014-02-17 23:45:58 +01:00
Daniel Stenberg
854aca5420 multi: ignore sigpipe internally
When the multi API is used we must also ignore SIGPIPE signals when
caused by things we do, like they can easily be generated by OpenSSL.
2014-02-17 10:35:21 +01:00
Dan Fandrich
184c3e2d37 configure: Fix the --disable-crypto-auth option
It now disables NTLM and GSS authentication methods, and produces
compilable code when SSL is enabled.
2014-02-17 09:50:46 +01:00
Shao Shuchao
2111c2ed07 ConnectionDone: default maxconnects to 4 x number of easy handles
... as documented!
2014-02-17 09:29:25 +01:00
Daniel Stenberg
575a2b684b axtls: bump copyright year 2014-02-16 23:31:47 +01:00
Fabian Frank
86f266b004 axtls: call ssl_read repeatedly
Perform more work in between sleeps. This is work around the
fact that axtls does not expose any knowledge about when work needs
to be performed. Depending on connection and how often perform is
being called this can save ~25% of time on SSL handshakes (measured
on 20ms latency connection calling perform roughly every 10ms).
2014-02-16 23:30:21 +01:00
Daniel Stenberg
d765099813 ConnectionExists: re-use connections better
When allowing NTLM, the re-use connection logic was too focused on
finding an existing NTLM connection to use and didn't properly allow
re-use of other ones. This made the logic not re-use perfectly re-usable
connections.

Added test case 1418 and 1419 to verify.

Regression brought in 8ae35102c (curl 7.35.0)

Reported-by: Jeff King
Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213
2014-02-16 14:30:02 +01:00
Steve Holme
77a51364a4 warnless: Updated copyright year for recent changes 2014-02-16 10:39:46 +00:00
Marc Hoersken
6239146e93 warnless: add wrapper function for read and write on Windows 2014-02-16 11:03:22 +01:00
Arvid Norberg
1813a77b02 dict: fix memory leak in OOM exit path
Bug: https://github.com/bagder/curl/pull/90
2014-02-14 08:21:41 +01:00
Daniel Stenberg
d3d871cb4f Curl_urldecode: don't allow NULL as receiver
For a function that returns a decoded version of a string, it seems
really strange to allow a NULL pointer to get passed in which then
prevents the decoded data from being returned!

This functionality was not documented anywhere either.

If anyone would use it that way, that memory would've been leaked.

Bug: https://github.com/bagder/curl/pull/90
Reported-by: Arvid Norberg
2014-02-13 23:57:40 +01:00
Daniel Stenberg
378af08c99 ConnectionExists: reusing possible HTTP+NTLM connections better
Make sure that the special NTLM magic we do is for HTTP+NTLM only since
that's where the authenticated connection is a weird non-standard
paradigm.

Regression brought in 8ae35102c (curl 7.35.0)

Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html
Reported-by: Dan Fandrich
2014-02-13 23:25:38 +01:00
Tiit Pikma
c021a60bcc transfer: make Expect: 100-continue timeout configurable.
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the
CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-13 16:05:17 +01:00
Thomas Braun
bcb32e915e Fix compilation with make mingw32
The source files from lib/vtls where generated in lib instead of lib/vtls.

Verified-by: Thomas Braun <thomas.braun@virtuell-zuhause.de>
2014-02-12 14:39:08 +01:00
Daniel Stenberg
0ab97ba009 chunked decoder: track overflows correctly
The code didn't properly check the return codes to detect overflows so
it could trigger incorrectly. Like on mingw32.

Regression introduced in 345891edba (curl 7.35.0)

Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html
Reported-by: LM
2014-02-12 14:35:46 +01:00
Fabian Frank
ec9476052d openssl: honor --[no-]alpn|npn command line switch
Disable ALPN or NPN if requested by the user.
2014-02-11 22:55:23 +01:00
Fabian Frank
8f5a9147be gtls: honor --[no-]alpn command line switch
Disable ALPN if requested by the user.
2014-02-11 22:54:37 +01:00
Fabian Frank
909a68c121 NPN/ALPN: allow disabling via command line
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.

TODO: honor this option with GnuTLS and OpenSSL
2014-02-10 13:06:17 +01:00
Fabian Frank
70bd9784de nss: use correct preprocessor macro
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection,
but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a
preprocessor macro.
2014-02-10 08:09:02 +01:00
Dan Fandrich
6374ab2a36 formdata: Must use Curl_safefree instead of free 2014-02-09 10:10:22 +01:00
Dan Fandrich
85a4df8b79 formdata: Fixed memory leak on OOM condition 2014-02-08 11:33:43 +01:00
Daniel Stenberg
fa8d7ce4fe http2: updated README after NSS addition
Changed the support to a little matrix and added brief explanation of
what ALPN and NPN are for.
2014-02-07 15:50:31 +01:00
Daniel Stenberg
09d907ee68 nss: support pre-ALPN versions 2014-02-07 15:38:45 +01:00