1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-05 00:55:04 -05:00
Commit Graph

26956 Commits

Author SHA1 Message Date
Jean-Philippe Menil
5930cb1c46
openssl: ensure to check SSL_CTX_set_alpn_protos return values
SSL_CTX_set_alpn_protos() return 0 on success, and non-0 on failure

Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>

Closes #6794
2021-03-25 22:57:20 +01:00
Daniel Stenberg
7b6bfd2d78
multi: close the connection when h2=>h1 downgrading
Otherwise libcurl is likely to reuse the connection again in the next
attempt since the connection reuse logic doesn't take downgrades into
account.

Reported-by: Anthony Ramine
Fixes #6788
Closes #6793
2021-03-25 16:18:13 +01:00
Daniel Stenberg
db4e0bd85f
openssl: set the transfer pointer for logging early
Otherwise, the transfer will be NULL in the trace function when the
early handshake details arrive and then curl won't show them.

Regresssion in 7.75.0

Reported-by: David Hu
Fixes #6783
Closes #6792
2021-03-25 16:16:55 +01:00
Daniel Stenberg
cd7aec95d6
RELEASE-NOTES: synced 2021-03-25 09:32:02 +01:00
Daniel Stenberg
8494abfb1b
TODO: Custom progress meter update interval
Ref: https://stackoverflow.com/q/66789977/93747
2021-03-25 09:22:52 +01:00
Daniel Stenberg
8593b15c77
docs/ABI: tighten up the language
Make the promises more firm

Closes #6786
2021-03-24 23:45:29 +01:00
Daniel Stenberg
a5eee22e59
openldap: disconnect better
Instead of clearing the callback argument in disconnect, set it to the
(new) transfer to make sure the correct data is passed to the callbacks.

Follow-up to e467ea3bd9
Assisted-by: Patrick Monnerat
Closes #6787
2021-03-24 23:02:33 +01:00
Daniel Stenberg
1803be5746
libssh2: kdb_callback: get the right struct pointer
After the recent conn/data refactor in this source file, this function
was mistakenly still getting the old struct pointer which would lead to
crash on servers with keyboard-interactive auth enabled.

Follow-up to a304051620 (shipped in 7.75.0)

Reported-by: Christian Schmitz
Fixes #6691
Closes #6782
2021-03-23 13:42:22 +01:00
Daniel Stenberg
2258899e97
tftp: remove unused struct fields
Follow-up to d3d90ad9c0

Closes #6781
2021-03-23 13:37:10 +01:00
Daniel Stenberg
e467ea3bd9
openldap: avoid NULL pointer dereferences
Follow-up to a59c33ceff
Reported-by: Patrick Monnerat
Fixes #6676
Closes #6780
2021-03-23 13:34:50 +01:00
Daniel Stenberg
3bbf62b5a4
http: strip default port from URL sent to proxy
To make sure the Host: header and the URL provide the same authority
portion when sent to the proxy, strip the default port number from the
URL if one was provided.

Reported-by: Michael Brown
Fixes #6769
Closes #6778
2021-03-23 13:33:49 +01:00
Daniel Stenberg
45d1e24b74
azure: disable test 433 on azure-ubuntu
Something in that environment sets XDG_CONFIG_HOME for us in a way that
breaks the test.

Reported-by: Marc Hörsken
Fixes #6739
Closes #6777
2021-03-23 10:13:20 +01:00
Daniel Stenberg
d3d90ad9c0
tftp: remove the 3600 second default timeout
... it was never meant to be there.

Reported-by: Tomas Berger
Fixes #6774
Closes #6776
2021-03-22 23:00:23 +01:00
Daniel Stenberg
d7f737dd13
docs: make gen.pl support *italic* and **bold**
Remove some nroffisms from the cmdline doc files to simplify editing,
and instead support this markdown style.

Closes #6771
2021-03-22 16:50:58 +01:00
Daniel Stenberg
c915662485
ngtcp2: sync with recent API updates
Closes #6770
2021-03-22 10:45:00 +01:00
Daniel Stenberg
03c8cef1c3
RELEASE-NOTES: synced 2021-03-21 11:27:12 +01:00
Daniel Stenberg
012c19c33a
libssh2:ssh_connect: clear session pointer after free
If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
ssh session was freed but the pointer wasn't cleared which made libcurl
later call libssh2 to cleanup using the stale pointer.

Fixes #6764
Closes #6766
2021-03-21 11:22:08 +01:00
Jacob Hoffman-Andrews
2e444a17d4
docs: document version of crustls dependency
This also pins a specific release in the Travis test so future
API-breaking changins in crustls won't break curl builds.

Add RUSTLS documentation to release tarball.

Enable running tests for rustls, minus FTP tests (require
connect_blocking, which rustls doesn't implement) and 313 (requires CRL
handling).

Closes #6763
2021-03-21 00:16:32 +01:00
Jacob Hoffman-Andrews
7488ef2960
rustls: Handle close_notify.
If we get a close_notify, treat that as EOF. If we get an EOF from the
TCP stream, treat that as an error (because we should have ended the
connection earlier, when we got a close_notify).

Closes #6763
2021-03-21 00:16:27 +01:00
Daniel Stenberg
472b537215
docs: clarify timeouts for queued transfers in multi API
Closes #6758
2021-03-19 23:28:21 +01:00
Daniel Stenberg
bd738bef12
ftpserver: only load the preprocessed test file
We always preprocess and tests are no longer sensible to load "raw"

Closes #6738
2021-03-19 15:57:27 +01:00
Daniel Stenberg
e2b4df7b5e
tests: use %TESTNUMBER instead of fixed number
This makes the tests easier to copy and relocate to other test numbers
without having to update content.

Closes #6738
2021-03-19 15:57:21 +01:00
Daniel Stenberg
453ad35d15
KNOWN_BUGS: CURLOPT_OPENSOCKETPAIRFUNCTION is missing
Closes #5747
2021-03-18 12:53:28 +01:00
Daniel Stenberg
74ec0e5ec0
TODO: provide timing info for each redirect
Closes #6743
2021-03-18 08:39:59 +01:00
Jay Satiro
2d04286793 docs: Add SSL backend names to CURL_SSL_BACKEND
- Document the names that can be used with CURL_SSL_BACKEND:
  bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls,
  schannel, secure-transport, wolfssl

Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201

Closes https://github.com/curl/curl/pull/6755
2021-03-17 18:15:10 -04:00
Jay Satiro
8a4ef73c8f docs: Explain DOH transfers inherit some SSL settings
- Document in DOH that some SSL settings are inherited but DOH hostname
  and peer verification are not and are controlled separately.

- Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
  we're considering changing behavior to no longer inherit it. Request
  feedback.

Closes https://github.com/curl/curl/pull/6688
2021-03-17 18:12:45 -04:00
Daniel Stenberg
6d176bee59
http: make 416 not fail with resume + CURLOPT_FAILONERRROR
When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.

Updated test 1156, added test 1273

Reported-by: Jonathan Watt
Fixes #6740
Closes #6753
2021-03-17 08:26:46 +01:00
Daniel Stenberg
e8e7ef3612
Curl_timeleft: check both timeouts during connect
The duration of a connect and the total transfer are calculated from two
different time-stamps. It can end up with the total timeout triggering
before the connect timeout expires and we should make sure to
acknowledge whichever timeout that is reached first.

This is especially notable when a transfer first sits in PENDING, as
that time is counted in the total time but the connect timeout is based
on the time since the handle changed to the CONNECT state.

The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
operation.

Fixes #6744
Closes #6745
Reported-by: Andrei Bica
Assisted-by: Jay Satiro
2021-03-17 00:28:44 +01:00
Daniel Stenberg
2682e5f502
configure: remove use of deprecated macros
AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL
2021-03-16 23:02:02 +01:00
Daniel Stenberg
d2ea5d166e
configure: make AC_TRY_* into AC_*_IFELSE
... as the former versions are deprecated.
2021-03-16 23:02:02 +01:00
Daniel Stenberg
a59f046116
configure: s/AC_HELP_STRING/AS_HELP_STRING
AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
already since 2.59 so bump the minimum required version to that.

Reported-by: Emil Engler
Fixes #6647
Closes #6748
2021-03-16 23:01:53 +01:00
Daniel Stenberg
55ae13dcc1
RELEASE-NOTES: synced 2021-03-16 17:27:22 +01:00
Daniel Stenberg
c44cf858f2
travis: use ubuntu nghttp2 package instead of build our own
Closes #6751
2021-03-16 11:00:29 +01:00
Daniel Stenberg
0785a77767
travis: bump wolfssl to 4.7.0 2021-03-16 11:00:29 +01:00
Daniel Stenberg
e4a41c1042
travis: only build wolfssl when needed
Closes #6751
2021-03-16 11:00:19 +01:00
Jacob Hoffman-Andrews
3780717db0
rustls: allocate a buffer for TLS data.
Previously, rustls was using an on-stack array for TLS data. However,
crustls has an (unusual) requirement that buffers it deals with are
initialized before writing to them. By using calloc, we can ensure the
buffer is initialized once and then reuse it across calls.

Closes #6742
2021-03-16 10:11:04 +01:00
Daniel Stenberg
7dbb0a87e6
travis: add a rustls build
... that doesn't run any tests (yet)

Closes #6750
2021-03-16 10:08:15 +01:00
Daniel Stenberg
aab3a77e8c
HTTP2: remove the outdated remark about multiplexing for the tool 2021-03-16 00:35:38 +01:00
Robert Ronto
068661bb02
http2: don't set KEEP_SEND when there's no more data to be sent
this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received over http2

Closes #6747
2021-03-15 23:29:35 +01:00
Marc Hoersken
cc615f48e7
config: fix building SMB with configure using Win32 Crypto
Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
just like curl_setup.h does internally to detect support of:

- USE_NTLM: required for NTLM crypto authentication feature
- USE_CURL_NTLM_CORE: required for SMB protocol

Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
in wincrypt.h which are not available in the Windows App environment.

Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.

Reviewed-by: Marcel Raad

Closes #6277
2021-03-15 17:01:30 +01:00
Marc Hoersken
7152957421
config: fix detection of restricted Windows App environment
Move the detection of the restricted Windows App environment
in curl_setup.h before the definition of USE_WIN32_CRYPTO
via included config-win32.h in case no build system is used.

Reviewed-by: Marcel Raad

Part of #6277
2021-03-15 17:01:18 +01:00
Daniel Stenberg
d4a932797a
HISTORY: curl 7.7.2 was the first version used in Mac OS X 10.1 2021-03-15 09:00:50 +01:00
Daniel Stenberg
f83d4ea56e
gen.pl: quote "bare" minuses in the nroff curl.1
Reported-by: Alejandro Colomar
Fixes #6698
Closes #6722
2021-03-14 23:44:43 +01:00
Daniel Gustafsson
419f0f5534 hsts: remove unused defines
MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
and mostly likely leftovers from early development.  Remove as they're not
used for anything.

Closes #6741
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2021-03-14 23:18:27 +01:00
Daniel Stenberg
6dc03053d1
github: add torture-ftp for FTP-only torture testing
and at 20% to try to keep the run-time reasonable

Closes #6728
2021-03-12 23:36:38 +01:00
Daniel Stenberg
743ab72bf1
travis: split "torture" into a separate "events" build as well
Run torture without FTP and reducing coverage to 20%

For some reason the torture tests now run a lot slower on travis and run
into the 50 minute limit all the time.

Closes #6728
2021-03-12 23:36:29 +01:00
Daniel Stenberg
8ed71fc4f7
ftp: fix memory leak in ftp_done
If after a transfer is complete Curl_GetFTPResponse() returns an error,
curl would not free the ftp->pathalloc block.

Found by torture-testing test 576

Closes #6737
2021-03-12 19:53:05 +01:00
oxalica
d1f40078c1
http2: fail if connection terminated without END_STREAM
Closes #6736
2021-03-12 17:54:39 +01:00
Daniel Stenberg
f8a5e9660e
RELEASE-NOTES: synced 2021-03-12 16:35:46 +01:00
Jacob Hoffman-Andrews
43a56e34e1
rustls: support CURLOPT_SSL_VERIFYPEER
This requires the latest main branch of crustls, which provides
rustls_client_config_builder_dangerous_set_certificate_verifier and
rustls_client_config_builder_set_enable_sni.

This refactors the session setup into its own function, and adds a new
function cr_hostname_is_ip. Because crustls doesn't support verification
of IP addresses, special handling is needed: We disable SNI and set a
placeholder hostname (which never actually gets sent on the wire).

Closes #6719
2021-03-12 13:15:00 +01:00