1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Commit Graph

25725 Commits

Author SHA1 Message Date
Jay Satiro
689443bf42 lib: fix some loose ends for recently added CURLSSLOPT_NO_PARTIALCHAIN
Add support for CURLSSLOPT_NO_PARTIALCHAIN in CURLOPT_PROXY_SSL_OPTIONS
and OS400 package spec.

Also I added the option to the NameValue list in the tool even though it
isn't exposed as a command-line option (...yet?). (NameValue stringizes
the option name for the curl cmd -> libcurl source generator)

Follow-up to 564d88a which added CURLSSLOPT_NO_PARTIALCHAIN.

Ref: https://github.com/curl/curl/pull/4655
2019-12-05 19:17:31 -05:00
Jay Satiro
0edf75865a setopt: Fix ALPN / NPN user option when built without HTTP2
- Stop treating lack of HTTP2 as an unknown option error result for
  CURLOPT_SSL_ENABLE_ALPN and CURLOPT_SSL_ENABLE_NPN.

Prior to this change it was impossible to disable ALPN / NPN if libcurl
was built without HTTP2. Setting either option would result in
CURLE_UNKNOWN_OPTION and the respective internal option would not be
set. That was incorrect since ALPN and NPN are used independent of
HTTP2.

Reported-by: Shailesh Kapse

Fixes https://github.com/curl/curl/issues/4668
Closes https://github.com/curl/curl/pull/4672
2019-12-05 18:38:40 -05:00
Daniel Stenberg
9ea769e15f
etag: allow both --etag-compare and --etag-save in same cmdline
Fixes #4669
Closes #4678
2019-12-05 22:57:24 +01:00
Marcel Raad
bf24e0f928
curl_setup: fix CURLRES_IPV6 condition
Move the definition of `CURLRES_IPV6` to before undefining
`HAVE_GETADDRINFO`. Regression from commit 67a08dca27 which caused
some tests to fail and others to be skipped with c-ares.

Fixes https://github.com/curl/curl/issues/4673
Closes https://github.com/curl/curl/pull/4677
2019-12-05 20:17:47 +01:00
Daniel Stenberg
914975fe6e
test342: make it return a 304 as the tag matches 2019-12-05 16:58:50 +01:00
Peter Wu
87b9337c8f CMake: add support for building with the NSS vtls backend
Options are cross-checked with configure.ac and acinclude.m4.
Tested on Arch Linux, untested on other platforms like Windows or macOS.

Closes #4663
Reviewed-by: Kamil Dudka
2019-12-04 21:34:02 +00:00
Daniel Stenberg
3b8bbbbd16
azure: add more builds
... removed two from travis (that now runs on azure instead)

Closes #4671
2019-12-04 09:32:54 +01:00
Daniel Stenberg
2ebce6b060
CURLOPT_VERBOSE.3: see also ERRORBUFFER 2019-12-04 09:30:57 +01:00
Daniel Stenberg
854343fc4e
hostip4.c: bump copyright year range 2019-12-03 23:13:25 +01:00
Marcel Raad
226bf21702
configure: enable IPv6 support without getaddrinfo
This makes it possible to recognize and connect to literal IPv6
addresses when `getaddrinfo` is not available, which is already the
case for the CMake build. This affects e.g. classic MinGW because it
still targets Windows 2000 by default, where `getaddrinfo` is not
available, but general IPv6 support is.

Instead of checking for `getaddrinfo`, check for `sockaddr_in6` as the
CMake build does.

Closes https://github.com/curl/curl/pull/4662
2019-12-03 21:37:41 +01:00
Marcel Raad
67a08dca27
curl_setup: disable IPv6 resolver without getaddrinfo
Also, use `CURLRES_IPV6` only for actual DNS resolution, not for IPv6
address support. This makes it possible to connect to IPv6 literals by
setting `ENABLE_IPV6` even without `getaddrinfo` support. It also fixes
the CMake build when using the synchronous resolver without
`getaddrinfo` support.

Closes https://github.com/curl/curl/pull/4662
2019-12-03 21:37:33 +01:00
Daniel Stenberg
ab712afa8f
github action/azure pipeline: run 'make test-nonflaky' for tests
To match travis and give more info on failures.
2019-12-03 19:30:34 +01:00
Daniel Stenberg
564d88a8bd
openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chains
Closes #4655
2019-12-03 16:28:50 +01:00
Daniel Stenberg
94f1f77158
openssl: set X509_V_FLAG_PARTIAL_CHAIN
Have intermediate certificates in the trust store be treated as
trust-anchors, in the same way as self-signed root CA certificates
are. This allows users to verify servers using the intermediate cert
only, instead of needing the whole chain.

Other TLS backends already accept partial chains.

Reported-by: Jeffrey Walton
Bug: https://curl.haxx.se/mail/lib-2019-11/0094.html
2019-12-03 16:28:50 +01:00
Daniel Stenberg
7dffc2b46f
curl: show better error message when no homedir is found
Reported-by: Vlastimil Ovčáčík
Fixes #4644
Closes #4665
2019-12-03 16:26:02 +01:00
Daniel Stenberg
0092b6bf8a
OPENSOCKETFUNCTION.3: correct the purpose description
Reported-by: Jeff Mears
Bug: https://curl.haxx.se/mail/lib-2019-12/0007.html

Closes #4667
2019-12-03 16:24:40 +01:00
Peter Wu
48da3ac67b
travis: do not use OVERRIDE_CC or OVERRIDE_CXX if empty
Fixes the macOS builds where OVERRIDE_CC and OVERRIDE_CXX are not set.

Reported-by: Jay Satiro
Fixes #4659
Closes #4661
Closes #4664
2019-12-03 11:48:45 +01:00
Daniel Stenberg
5d576afc5e
azure-pipelines: fix the test script 2019-12-02 15:40:19 +01:00
Daniel Stenberg
6983898b21 Azure Pipelines: initial CI setup
[skip ci]
2019-12-02 15:37:09 +01:00
Daniel Stenberg
d4a1862719
docs: add "added: 7.68.0" to the --etag-* docs 2019-12-02 11:22:32 +01:00
Daniel Stenberg
d9118e8d71
copyright: fix the year ranges for two files
Follow-up to 9c1806ae
2019-12-02 08:02:39 +01:00
Jay Satiro
9c1806ae46 build: Disable Visual Studio warning "conditional expression is constant"
- Disable warning C4127 "conditional expression is constant" globally
  in curl_setup.h for when building with Microsoft's compiler.

This mainly affects building with the Visual Studio project files found
in the projects dir.

Prior to this change the cmake and winbuild build systems already
disabled 4127 globally for when building with Microsoft's compiler.
Also, 4127 was already disabled for all build systems in the limited
circumstance of the WHILE_FALSE macro which disabled the warning
specifically for while(0). This commit removes the WHILE_FALSE macro and
all other cruft in favor of disabling globally in curl_setup.

Background:

We have various macros that cause 0 or 1 to be evaluated, which would
cause warning C4127 in Visual Studio. For example this causes it:

    #define Curl_resolver_asynch() 1

Full behavior is not clearly defined and inconsistent across versions.
However it is documented that since VS 2015 Update 3 Microsoft has
addressed this somewhat but not entirely, not warning on while(true) for
example.

Prior to this change some C4127 warnings occurred when I built with
Visual Studio using the generated projects in the projects dir.

Closes https://github.com/curl/curl/pull/4658
2019-12-01 19:01:02 -05:00
Jay Satiro
0436d4438a openssl: retrieve reported LibreSSL version at runtime
- Retrieve LibreSSL runtime version when supported (>= 2.7.1).

For earlier versions we continue to use the compile-time version.

Ref: https://man.openbsd.org/OPENSSL_VERSION_NUMBER.3

Closes https://github.com/curl/curl/pull/2425
2019-12-01 18:56:24 -05:00
Jay Satiro
5b22e1a5a9 strerror: Add Curl_winapi_strerror for Win API specific errors
- In all code call Curl_winapi_strerror instead of Curl_strerror when
  the error code is known to be from Windows GetLastError.

Curl_strerror prefers CRT error codes (errno) over Windows API error
codes (GetLastError) when the two overlap. When we know the error code
is from GetLastError it is more accurate to prefer the Windows API error
messages.

Reported-by: Richard Alcock

Fixes https://github.com/curl/curl/issues/4550
Closes https://github.com/curl/curl/pull/4581
2019-12-01 18:12:36 -05:00
Daniel Stenberg
bc5d22c3de
global_init: undo the "intialized" bump in case of failure
... so that failures in the global init function don't count as a
working init and it can then be called again.

Reported-by: Paul Groke
Fixes #4636
Closes #4653
2019-12-02 00:04:56 +01:00
Daniel Stenberg
0044443a02
parsedate: offer a getdate_capped() alternative
... and use internally. This function will return TIME_T_MAX instead of
failure if the parsed data is found to be larger than what can be
represented. TIME_T_MAX being the largest value curl can represent.

Reviewed-by: Daniel Gustafsson
Reported-by: JanB on github
Fixes #4152
Closes #4651
2019-11-29 11:01:24 +01:00
Daniel Stenberg
bc64377ff8
docs: add more references to curl_multi_poll
Fixes #4643
Closes #4652
2019-11-28 22:29:18 +01:00
Daniel Stenberg
cc4cf93e52
sha256: bump the copyright year range
Follow-up from 66e21520f
2019-11-28 22:28:06 +01:00
Daniel Gustafsson
66e21520f3 curl_setup_once: consistently use WHILE_FALSE in macros
The WHILE_FALSE construction is used to avoid compiler warnings in
macro constructions. This fixes a few instances where it was not
used in order to keep the code consistent.

Closes #4649
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-11-28 16:02:13 +01:00
Steve Holme
bb8cf05169
http_ntlm: Remove duplicate NSS initialisation
Given that this is performed by the NTLM code there is no need to
perform the initialisation in the HTTP layer. This also keeps the
initialisation the same as the SASL based protocols and also fixes a
possible compilation issue if both NSS and SSPI were to be used as
multiple SSL backends.

Reviewed-by: Kamil Dudka
Closes #3935
2019-11-28 14:41:55 +01:00
Daniel Gustafsson
ba82673dac checksrc: fix regexp for ASSIGNWITHINCONDITION
The regexp looking for assignments within conditions was too greedy
and matched a too long string in the case of multiple conditionals
on the same line. This is basically only a problem in single line
macros, and the code which exemplified this was essentially:

  do { if((x) != NULL) { x = NULL; } } while(0)

..where the final parenthesis of while(0) matched the regexp, and
the legal assignment in the block triggered the warning. Fix by
making the regexp less greedy by matching for the tell-tale signs
of the if statement ending.

Also remove the one occurrence where the warning was disabled due
to a construction like the above, where the warning didn't apply
when fixed.

Closes #4647
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-11-28 14:18:16 +01:00
Daniel Stenberg
a956a8c5b4
RELEASE-NOTES: synced 2019-11-28 13:28:14 +01:00
Maros Priputen
18e5cb77e9
curl: two new command line options for etags
--etag-compare and --etag-save

Suggested-by: Paul Hoffman
Fixes #4277
Closes #4543
2019-11-28 13:05:20 +01:00
Daniel Gustafsson
1ff63fa69b docs: fix typos 2019-11-28 12:58:47 +01:00
Daniel Stenberg
763decc528
mailmap: Niall O'Reilly's name 2019-11-28 12:52:00 +01:00
Niall
8acfad38ca
doh: use dedicated probe slots
... to easier allow additional DNS transactions.

Closes #4629
2019-11-28 12:49:44 +01:00
Daniel Stenberg
c393b66df9
travis: build ngtcp2 with --enable-lib-only
... makes it skip the examples and other stuff we don't neeed.

Closes #4646
2019-11-28 08:11:13 +01:00
David Benjamin
d94aa39410
ngtcp2: fix thread-safety bug in error-handling
ERR_error_string(NULL) should never be called. It places the error in a
global buffer, which is not thread-safe. Use ERR_error_string_n with a
local buffer instead.

Closes #4645
2019-11-28 00:48:19 +01:00
Daniel Stenberg
113db127ee
travis: export the CC/CXX variables when set
Suggested-by: Peter Wu
Fixes #4637
Closes #4640
2019-11-27 08:24:02 +01:00
Marcel Raad
793e377675
dist: add error-codes.pl
Follow-up to commit 74f441c6d3.
This should fix test 1175 when run via the daily source tarballs.

Closes https://github.com/curl/curl/pull/4638
2019-11-26 14:22:35 +01:00
John Schroeder
9a2cbf30b8
curl: fix --upload-file . hangs if delay in STDIN
Attempt to unpause a busy read in the CURLOPT_XFERINFOFUNCTION.

When uploading from stdin in non-blocking mode, a delay in reading
the stream (EAGAIN) causes curl to pause sending data
(CURL_READFUNC_PAUSE).  Prior to this change, a busy read was
detected and unpaused only in the CURLOPT_WRITEFUNCTION handler.
This change performs the same busy read handling in a
CURLOPT_XFERINFOFUNCTION handler.

Fixes #2051
Closes #4599
Reported-by: bdry on github
2019-11-26 09:17:52 +01:00
John Schroeder
7cf18b05e0
XFERINFOFUNCTION: support CURL_PROGRESSFUNC_CONTINUE
(also for PROGRESSFUNCTION)

By returning this value from the callback, the internal progress
function call is still called afterward.

Closes #4599
2019-11-26 09:16:01 +01:00
Michael Forney
9b879160df
TLS: add BearSSL vtls implementation
Closes #4597
2019-11-26 08:32:23 +01:00
Daniel Stenberg
95e94c64fb
curl_multi_wakeup.3: add example and AVAILABILITY
Reviewed-by: Gergely Nagy
Closes #4635
2019-11-26 08:11:32 +01:00
Gergely Nagy
f3c35e371c
multi: add curl_multi_wakeup()
This commit adds curl_multi_wakeup() which was previously in the TODO
list under the curl_multi_unblock name.

On some platforms and with some configurations this feature might not be
available or can fail, in these cases a new error code
(CURLM_WAKEUP_FAILURE) is returned from curl_multi_wakeup().

Fixes #4418
Closes #4608
2019-11-25 15:45:56 +01:00
Xiaoyin Liu
0a65febccf schannel: fix --tls-max for when min is --tlsv1 or default
Prior to this change schannel ignored --tls-max (CURL_SSLVERSION_MAX_
macros) when --tlsv1 (CURL_SSLVERSION_TLSv1) or default TLS
(CURL_SSLVERSION_DEFAULT), using a max of TLS 1.2 always.

Closes https://github.com/curl/curl/pull/4633
2019-11-24 03:16:26 -05:00
Jay Satiro
8d2dac7dec checksrc.bat: Add a check for vquic and vssh directories
Ref: https://github.com/curl/curl/pull/4607
2019-11-24 03:16:25 -05:00
Jay Satiro
ee5c68a963 projects: Fix Visual Studio projects SSH builds
- Generate VQUIC and VSSH filenames in Visual Studio project files.

Prior to this change generated Visual Studio project configurations that
enabled SSH did not build properly. Broken since SSH files were moved to
lib/vssh 3 months ago in 5b2d703.

Fixes https://github.com/curl/curl/issues/4492
Fixes https://github.com/curl/curl/issues/4630
Closes https://github.com/curl/curl/pull/4607
2019-11-24 03:15:32 -05:00
Daniel Stenberg
036ebac013
RELEASE-NOTES: synced 2019-11-23 20:45:52 +01:00
Jay Satiro
78cef06847 openssl: Revert to less sensitivity for SYSCALL errors
- Disable the extra sensitivity except in debug builds (--enable-debug).

- Improve SYSCALL error message logic in ossl_send and ossl_recv so that
  "No error" / "Success" socket error text isn't shown on SYSCALL error.

Prior to this change 0ab38f5 (precedes 7.67.0) increased the sensitivity
of OpenSSL's SSL_ERROR_SYSCALL error so that abrupt server closures were
also considered errors. For example, a server that does not send a known
protocol termination point (eg HTTP content length or chunked encoding)
_and_ does not send a TLS termination point (close_notify alert) would
cause an error if it closed the connection.

To be clear that behavior made it into release build 7.67.0
unintentionally. Several users have reported it as an issue.

Ultimately the idea is a good one, since it can help prevent against a
truncation attack. Other SSL backends may already behave similarly (such
as Windows native OS SSL Schannel). However much more of our user base
is using OpenSSL and there is a mass of legacy users in that space, so I
think that behavior should be partially reverted and then rolled out
slowly.

This commit changes the behavior so that the increased sensitivity is
disabled in all curl builds except curl debug builds (DEBUGBUILD). If
after a period of time there are no major issues then it can be enabled
in dev and release builds with the newest OpenSSL (1.1.1+), since users
using the newest OpenSSL are the least likely to have legacy problems.

Bug: https://github.com/curl/curl/issues/4409#issuecomment-555955794
Reported-by: Bjoern Franke

Fixes https://github.com/curl/curl/issues/4624
Closes https://github.com/curl/curl/pull/4623
2019-11-22 22:29:39 -05:00