1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 05:55:04 -05:00
Commit Graph

2167 Commits

Author SHA1 Message Date
Dan Fandrich
b1dc45a822 build: fixed making man page in out-of-tree tarball builds
The man page taken from the release package is found in a different
location than if it's built from source. It must be referenced as $< in
the rule to get its correct location in the VPATH.
2017-03-09 22:55:28 +01:00
Dan Fandrich
9f3bc40f7f mkhelp: simplified the gzip code
This eliminates the need for an external gzip program, which wasn't
working with Busybox's gzip, anyway. It now compresses using perl's
IO::Compress::Gzip
2017-03-09 22:52:51 +01:00
Jozef Kralik
6448f98c18 vtls: add options to specify range of enabled TLS versions
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as
the --tls-max option of the curl tool.

Closes https://github.com/curl/curl/pull/1166
2017-03-08 15:54:07 +01:00
Alexis La Goutte
cbff751e95 build: fix gcc7 implicit fallthrough warnings
Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know
it's expected and won't warn on [-Wimplicit-fallthrough=].

Closes https://github.com/curl/curl/pull/1297
2017-03-03 03:09:46 -05:00
Jay Satiro
b259646ea1 url: Improve CURLOPT_PROXY_CAPATH error handling
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option
  is not supported, which is the same as what we already do for
  CURLOPT_CAPATH.

- Change the curl tool to handle CURLOPT_PROXY_CAPATH error
  CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the
  same as what we already do for CURLOPT_CAPATH.

- Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the
  respective CAPATH option is not supported by the SSL library.

Ref: https://github.com/curl/curl/pull/1257
2017-02-21 22:24:40 -05:00
Michael Kaufmann
ddedc1b3f3 string formatting: fix 4 printf-style format strings 2017-02-19 14:13:42 +01:00
Jay Satiro
7a9f5748bc tool_urlglob: Allow a glob range with the same start and stop
For example allow ranges like [1-1] and [a-a] etc.

Regression since 5ca96cb.

Bug: https://github.com/curl/curl/issues/1238
Reported-by: R. Dennis Steed
2017-02-15 02:31:09 -05:00
Nick Draffen
690935390c curl: fix typo in time condition warning message
The warning message had a typo. The argument long form is --time-cond
not --timecond

Closes #1263
2017-02-14 22:50:15 +01:00
Jay Satiro
e1187c42a4 tool_operate: Show HTTPS-Proxy options on CURLE_SSL_CACERT
When CURLE_SSL_CACERT occurs the tool shows a lengthy error message to
the user explaining possible solutions such as --cacert and --insecure.

This change appends to that message similar options --proxy-cacert and
--proxy-insecure when there's a specified HTTPS proxy.

Closes https://github.com/curl/curl/issues/1258
2017-02-11 16:35:47 -05:00
Dan Fandrich
edb2d02855 cmdline-opts: Fixed build and test in out of source tree builds 2017-02-06 23:37:05 +01:00
Jay Satiro
a49d2d0e25 OS400: Fix symbols
- s/CURLOPT_SOCKS_PROXY/CURLOPT_PRE_PROXY
  Follow-up to 7907a2b and 845522c.

- Fix incorrect id for CURLOPT_PROXY_PINNEDPUBLICKEY.

- Add id for CURLOPT_ABSTRACT_UNIX_SOCKET.

Bug: https://github.com/curl/curl/issues/1237
Reported-by: jonrumsey@users.noreply.github.com
2017-02-01 18:28:29 -05:00
Daniel Stenberg
8611d985ee VC: remove the makefile.vc6 build infra
The winbuild/ build files is now the single MSVC makefile build choice.

Closes #1215
2017-01-23 14:27:32 +01:00
Daniel Stenberg
4c49b83597 docs/curl.1: generate from the cmdline-opts script 2017-01-23 13:57:54 +01:00
Viktor Szakats
df86db7dee *.rc: escape non-ASCII/non-UTF-8 character for clarity
Closes https://github.com/curl/curl/pull/1217
2017-01-19 11:35:48 +00:00
Isaac Boukris
1d786faee1 unix_socket: add support for abstract unix domain socket
In addition to unix domain sockets, Linux also supports an
abstract namespace which is independent of the filesystem.

In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET
option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH
internally, along with a flag to specify abstract socket.

On non-supporting platforms, the abstract address will be
interpreted as an empty string and fail gracefully.

Also add new --abstract-unix-socket tool parameter.

Signed-off-by: Isaac Boukris <iboukris@gmail.com>
Reported-by: Chungtsun Li (typeless)
Reviewed-by: Daniel Stenberg
Reviewed-by: Peter Wu
Closes #1197
Fixes #1061
2017-01-13 16:25:20 +01:00
Isaac Boukris
a301cbb655 curl: reset the easy handle at --next
So that only "global" options (verbose mostly) survive into the next
transfer, and the others have to be set again unless default is fine.
2017-01-13 15:33:24 +01:00
Jay Satiro
ee3c83f39c tool_operate: Fix --remote-time incorrect times on Windows
- Use Windows API SetFileTime to set the file time instead of utime.

Avoid utime on Windows if possible because it may apply a daylight
saving time offset to our UTC file time.

Bug: https://curl.haxx.se/mail/archive-2016-11/0033.html
Reported-by: Tim

Closes https://github.com/curl/curl/pull/1121
2016-12-28 21:19:40 -05:00
Daniel Stenberg
aa6db9642e curl: remove superfluous include file
The <netinet/tcp.h> is a leftover from the past when TCP socket options
were set in this file. This include causes build issues on AIX 4.3.

Reported-by: Kim Minjoong

Closes #1178
2016-12-27 22:02:14 +01:00
Jay Satiro
c2402b6e02 tests: checksrc compliance 2016-12-19 02:31:59 -05:00
Daniel Stenberg
de0cd5e55a tool_getparam.c: make comments use the up-to-date option names 2016-12-17 23:49:11 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
642398c651 curl: normal socks proxies still use CURLOPT_PROXY
... the newly introduced CURLOPT_SOCKS_PROXY is special and should be
asked for specially. (Needs new code.)

Unified proxy type to a single variable in the config struct.
2016-12-16 15:34:14 +01:00
Daniel Stenberg
7907a2bec9 CURLOPT_SOCKS_PROXYTYPE: removed
This was added as part of the SOCKS+HTTPS proxy merge but there's no
need to support this as we prefer to have the protocol specified as a
prefix instead.
2016-12-16 15:10:19 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Daniel Stenberg
cee0fb3247 curl: support zero-length argument strings in config files
... like 'user-agent = ""'

Adjusted test 71 to verify.
2016-12-02 11:25:35 +01:00
Daniel Stenberg
720ea577dc curl: remove --proxy-ssl* options
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
proxy. Those protocols are insecure by design and deprecated.
2016-11-28 00:07:45 +01:00
Okhin Vasilij
a4b2f7aafd curl_version_info: add CURL_VERSION_HTTPS_PROXY
Closes #1142
2016-11-26 17:28:53 +01:00
Jay Satiro
a6618b5250 tool_urlglob: Improve sanity check in glob_range
Prior to this change we depended on errno if strtol could not perform a
conversion. POSIX says EINVAL *may* be set. Some implementations like
Microsoft's will not set it if there's no conversion.

Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24 22:25:46 -05:00
Jay Satiro
4bda3e04b2 tool_help: Change description for --retry-connrefused
Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
2016-11-24 22:15:14 -05:00
Frank Gevaerts
ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Daniel Stenberg
8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg
dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Alex Rousskov
cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Jay Satiro
03d707fc5f tool_help: Clarify --dump-header only writes received headers 2016-11-16 01:52:01 -05:00
Daniel Stenberg
0744506cd2 curl: add --fail-early to help output
Fixes test 1139 failures

Follow-up to f82bbe01c8
2016-11-15 08:32:53 +01:00
Daniel Stenberg
8c630ef059 glob: fix [a-c] globbing regression
Brought in ee4f76606c

Added test case 1280 to verify

Reported-by: Dave Reisner

Bug: ee4f76606c (commitcomment-19823146)
2016-11-15 08:22:54 +01:00
Daniel Stenberg
f82bbe01c8 curl: add --fail-early
Exit with an error on the first transfer error instead of continuing to
do the rest of the URLs.

Discussion: https://curl.haxx.se/mail/archive-2016-11/0038.html
2016-11-14 08:35:40 +01:00
Daniel Hwang
cdfda3ee82 curl: Add --retry-connrefused
to consider ECONNREFUSED as a transient error.

Closes #1064
2016-11-11 10:00:54 +01:00
Kamil Dudka
a110a03b43 curl: introduce the --tlsv1.3 option to force TLS 1.3
Fully implemented with the NSS backend only for now.

Reviewed-by: Ray Satiro
2016-11-07 12:07:11 +01:00
Daniel Stenberg
27302abb94 s/cURL/curl
We're mostly saying just "curl" in lower case these days so here's a big
cleanup to adapt to this reality. A few instances are left as the
project could still formally be considered called cURL.
2016-11-07 10:36:23 +01:00
Mauro Rappa
ebeffe81d8 curl -w: added more decimal digits to timing counters
Now showing microsecond resolution.

Closes #1106
2016-11-05 12:50:15 +01:00
Daniel Stenberg
6b52b7eb2b metalink: simplify the hex parsing function
... and now it avoids using the libcurl toupper() function
2016-11-02 00:31:49 +01:00
Daniel Stenberg
95bd2b3e7f strcase: make the tool use curl_str[n]equal instead
As they are after all part of the public API. Saves space and reduces
complexity. Remove the strcase defines from the curlx_ family.

Suggested-by: Dan Fandrich
Idea: https://curl.haxx.se/mail/lib-2016-10/0136.html
2016-10-31 21:51:19 +01:00
Daniel Stenberg
309d6e80d0 msvc builds: s/rawstr/strcase
Follow-up to 811a693b
2016-10-31 13:35:26 +01:00
Daniel Stenberg
8fe4bd0844 curl_strequal: part of public API/ABI, needs to be kept
These two public functions have been mentioned as deprecated since a
very long time but since they are still part of the API and ABI we need
to keep them around.
2016-10-31 09:45:17 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
Daniel Stenberg
ee4f76606c range: reject char globs with missing end like '[L-]'
... which previously would lead to out of boundary reads.

Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
Daniel Stenberg
269a889104 glob_next_url: make sure to stay within the given output buffer 2016-10-31 08:46:35 +01:00
Daniel Stenberg
fbb5f1aa03 range: prevent negative end number in a glob range
CVE-2016-8620

Bug: https://curl.haxx.se/docs/adv_20161102F.html
Reported-by: Luật Nguyễn
2016-10-31 08:46:35 +01:00
Daniel Stenberg
0f1996321f s/cURL/curl
The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.
2016-10-18 13:59:54 +02:00
Daniel Stenberg
8e8afa82cb curl: set INTERLEAVEDATA too
As otherwise the callback could be called with a NULL pointer when RTSP
data is provided.
2016-10-18 12:09:56 +02:00
David Woodhouse
a1a5cd0487 curl: do not set CURLOPT_SSLENGINEDEFAULT automatically
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in
OpenSSL. Just don't get involved; there's no need to be making the
engine methods the default anyway.

https://github.com/OpenSC/libp11/pull/108
https://github.com/openssl/openssl/pull/1639

Merges #1042
2016-10-16 13:18:07 +02:00
Daniel Stenberg
ffa0709a88 curl: make --create-dirs on windows grok both forward and backward slashes
Reported-by: Ryan Scott

Fixes #1007
2016-09-14 07:48:43 +02:00
Daniel Stenberg
b965090963 curl: whitelist use of strtok() in non-threaded context 2016-09-07 10:43:40 +02:00
Mark Hamilton
9a84dc31de tool_helpers.c: fix comment typo (#989) 2016-09-03 23:14:07 +02:00
David Woodhouse
01f69232b0 curl: allow "pkcs11:" prefix for client certificates
RFC7512 provides a standard method to reference certificates in PKCS#11
tokens, by means of a URI starting 'pkcs11:'.

We're working on fixing various applications so that whenever they would
have been able to use certificates from a file, users can simply insert
a PKCS#11 URI instead and expect it to work. This expectation is now a
part of the Fedora packaging guidelines, for example.

This doesn't work with cURL because of the way that the colon is used
to separate the certificate argument from the passphrase. So instead of

   curl -E 'pkcs11:manufacturer=piv_II;id=%01' …

I instead need to invoke cURL with the colon escaped, like this:

   curl -E 'pkcs11\:manufacturer=piv_II;id=%01' …

This is suboptimal because we want *consistency* — the URI should be
usable in place of a filename anywhere, without having strange
differences for different applications.

This patch therefore disables the processing in parse_cert_parameter()
when the string starts with 'pkcs11:'. It means you can't pass a
passphrase with an unescaped PKCS#11 URI, but there's no need to do so
because RFC7512 allows a PIN to be given as a 'pin-value' attribute in
the URI itself.

Also, if users are already using RFC7512 URIs with the colon escaped as
in the above example — even providing a passphrase for cURL to handling
instead of using a pin-value attribute, that will continue to work
because their string will start 'pkcs11\:' and won't match the check.

What *does* break with this patch is the extremely unlikely case that a
user has a file which is in the local directory and literally named
just "pkcs11", and they have a passphrase on it. If that ever happened,
the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-17 11:35:16 +02:00
Daniel Stenberg
4732ca5724 CURLOPT_TCP_NODELAY: now enabled by default
After a few wasted hours hunting down the reason for slowness during a
TLS handshake that turned out to be because of TCP_NODELAY not being
set, I think we have enough motivation to toggle the default for this
option. We now enable TCP_NODELAY by default and allow applications to
switch it off.

This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be
used to disable it.

Thanks-to: Tim Rühsen
Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-08-05 00:12:57 +02:00
Kamil Dudka
584d0121c3 tool_urlglob: fix off-by-one error in glob_parse()
... causing SIGSEGV while parsing URL with too many globs.
Minimal example:

$ curl $(for i in $(seq 101); do printf '{a}'; done)

Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
2016-06-03 13:07:22 +02:00
Viktor Szakats
55ab64ed1a makefile.m32: add crypt32 for winssl builds
Dependency added by 6cabd78

Closes #849
2016-06-01 10:39:13 +02:00
Daniel Stenberg
6dbc23cfd8 curl: fix -q [regression]
This broke in 7.49.0 with commit e200034425

Fixes #842
2016-05-31 14:25:40 +02:00
Frank Gevaerts
071c561394 http: add CURLINFO_HTTP_VERSION and %{http_version}
Adds access to the effectively used http version to both libcurl and
curl.

Closes #799
2016-05-30 22:58:51 +02:00
Jay Satiro
b9728bca54 tool_cb_hdr: Fix --remote-header-name with schemeless URL
- Move the existing scheme check from tool_operate.

In the case of --remote-header-name we want to parse Content-disposition
for a filename, but only if the scheme is http or https. A recent
adjustment 0dc4d8e was made to account for schemeless URLs however it's
not 100% accurate. To remedy that I've moved the scheme check to the
header callback, since at that point the library has already determined
the scheme.

Bug: https://github.com/curl/curl/issues/760
Reported-by: Kai Noda
2016-05-01 16:07:04 -04:00
Jay Satiro
0dc4d8e42e curl -J: make it work even without http:// scheme on URL
It does open up a miniscule risk that one of the other protocols that
libcurl could use would send back a Content-Disposition header and then
curl would act on it even if not HTTP.

A future mitigation for this risk would be to allow the callback to ask
libcurl which protocol is being used.

Verified with test 1312

Closes #760
2016-04-29 15:24:10 +02:00
Daniel Stenberg
a744591d60 curl: show the long option version of -q in the -h list 2016-04-29 00:31:37 +02:00
Daniel Stenberg
ce7826f613 curl: remove "--socks" as "--socks5" turned 8
In commit 2e42b0a252 (Jan 2008) we made the option "--socks" deprecated
and it has not been documented since. The more explicit socks options
(like --socks4 or --socks5) should be used.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d0f42e5273 curl: remove --http-request
It was mentioned as deprecated already in commit ae1912cb0d from
1999. It has not been documented in this millennium.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
9b1ed2ea8e curl: mention --ntlm-wb in -h list 2016-04-29 00:31:37 +02:00
Daniel Stenberg
c6eb7b6301 curl: -h output lacked --proxy-header 2016-04-29 00:31:37 +02:00
Daniel Stenberg
10ea631390 curl: use --telnet-option as documented
The code said "telnet-options" but no documentation ever said so. It
worked fine since the code is fine with a unique match of the first
part.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
d6fa190503 getparam: remove support for --ftpport
It has been deprecated and undocumented since commit ad5ead8bed (Dec
2003). --ftp-port is the proper long option name.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
e200034425 curl: make --disable work as long form of -q
To make the aliases list reflect reality.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
b499973c7b aliases: remove trailing space from capath string 2016-04-29 00:31:37 +02:00
Daniel Stenberg
388c6b5e75 cmdline parse: only single letter options have single-letter strings
... moved around options so that parsing the code to find all
single-letter options easier.
2016-04-29 00:31:37 +02:00
Daniel Stenberg
3c1e84f569 curl: make --ftp-create-dirs retry on failure
The underlying libcurl option used for this feature is
CURLOPT_FTP_CREATE_MISSING_DIRS which has the ability to retry the dir
creation, but it was never set to do that by the command line tool.

Now it does.

Bug: https://curl.haxx.se/mail/archive-2016-04/0021.html
Reported-by: John Wanghui
Help-by: Leif W
2016-04-22 15:25:13 +02:00
Daniel Stenberg
5470c86845 src/checksrc.whitelist: removed 2016-04-19 08:56:06 +02:00
Daniel Stenberg
2dd018f450 tool_operate: switch to inline checksrc ignore 2016-04-19 08:56:06 +02:00
Alessandro Ghedini
d49087f6bc tool: add --tcp-fastopen option 2016-04-18 23:17:19 +02:00
Daniel Stenberg
a542536cf6 checksrc: pass on -D so the whitelists are found correctly 2016-04-18 20:10:52 +02:00
Daniel Stenberg
ab493af731 checksrc/makefile.am: use $top_srcdir to find source files
... to properly support out of source tree builds.
2016-04-18 14:58:11 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Daniel Stenberg
f86f50f05a makefile.vc6: use d suffix on debug object
To allow both release and debug builds in parallel.

Reported-by: Rod Widdowson

Fixes #769
2016-04-17 17:16:21 +02:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Steve Holme
43116218c0 url: Corrected comments following 9d89a0387 2016-04-09 05:33:03 +01:00
Steve Holme
d6b4de083f checksrc: Fix issue with the autobuilds not picking up the whitelist 2016-04-08 20:32:40 +01:00
Daniel Stenberg
a8b51a179a lib/src: fix the checksrc invoke
... now works correctly when invoke from the root makefile
2016-04-03 23:07:30 +02:00
Daniel Stenberg
a71012c03e code: style updates 2016-04-03 22:38:36 +02:00
Diego Bes
324a97ecf8 http2: support "prior knowledge", no upgrade from HTTP/1.1
Supports HTTP/2 over clear TCP

- Optimize switching to HTTP/2 by removing calls to init and setup
before switching. Switching will eventually call setup and setup calls
init.

- Supports new version to “force” the use of HTTP/2 over clean TCP

- Add common line parameter “--http2-prior-knowledge” to the Curl
  command line tool.
2016-03-31 22:23:11 +02:00
Jay Satiro
67a762928e tool_operate: remove mixed declaration
This is a follow up to the previous commit.
2016-03-28 16:46:26 -04:00
Daniel Stenberg
ab86007df4 curl: warn for --capath use if not supported by libcurl
Closes #492
2016-03-28 20:28:23 +02:00
Daniel Stenberg
4ef6d6b1bc curl: glob_range: no need to check unsigned variable for negative
cppcheck warned:

[src/tool_urlglob.c:283]: (style) Checking if unsigned variable 'step_n'
is less than zero.
2016-03-14 10:51:25 +01:00
Viktor Szakats
6c7a5b9603 makefile.m32: add missing libs for static -winssl-ssh2 builds
Bug: https://github.com/curl/curl/pull/693
2016-03-05 21:50:12 -05:00
Viktor Szakats
05401b9a3b makefile.m32: fix to allow -ssh2-winssl combination
In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
(OpenSSL) option, with no way to override it with -winssl. Since both
libssh2 and curl support using Windows's built-in SSL backend, modify
the logic to allow that combination.
2016-03-05 13:40:34 -05:00
Viktor Szakats
d678bd6f60 makefile.m32: allow to pass .dll/.exe-specific LDFLAGS
using envvars `CURL_LDFLAG_EXTRAS_DLL` and
`CURL_LDFLAG_EXTRAS_EXE` respectively. This
is useful f.e. to pass ASLR-related extra
options, that are required to make this
feature work when using the mingw toolchain.

Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985

Closes https://github.com/curl/curl/pull/689
2016-03-01 17:46:16 -05:00
Jay Satiro
186546f1c5 TFTP: add option to suppress TFTP option requests (Part 2)
- Add tests.

- Add an example to CURLOPT_TFTP_NO_OPTIONS.3.

- Add --tftp-no-options to expose CURLOPT_TFTP_NO_OPTIONS.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:01:07 -05:00
Viktor Szakats
91cfcc5d6f src/Makefile.m32: add CURL_{LD,C}FLAGS_EXTRAS support
Sync with lib/Makefile.m32 which already uses those variables.

Bug: https://github.com/curl/curl/pull/670
2016-02-20 15:45:39 -05:00
Jay Satiro
4fc80f3e75 tool_doswin: Support for literal path prefix \\?\
For example something like --output \\?\C:\foo
2016-02-09 03:28:58 -05:00
Jay Satiro
c3aac48919 tool_urlglob: Allow reserved dos device names (Windows)
Allow --output to reserved dos device names without the device prefix
for backwards compatibility.

Example: --output NUL can be used instead of --output \\.\NUL

Bug: https://github.com/curl/curl/commit/4520534#commitcomment-15954863
Reported-by: Gisle Vanem
2016-02-08 15:09:42 -05:00
Jay Satiro
d572d2664d tool_operhlp: Check for backslashes in get_url_file_name
Extract the filename from the last slash or backslash. Prior to this
change backslashes could be part of the filename.

This change needed for the curl tool built for Cygwin. Refer to the
CYGWIN addendum in advisory 20160127B.

Bug: https://curl.haxx.se/docs/adv_20160127B.html
2016-02-08 03:14:04 -05:00
Jay Satiro
9b6598ed08 tool_doswin: Use type SANITIZEcode in sanitize_file_name 2016-02-05 02:22:24 -05:00
Jay Satiro
4520534e6d tool_doswin: Improve sanitization processing
- Add unit test 1604 to test the sanitize_file_name function.

- Use -DCURL_STATICLIB when building libcurltool for unit testing.

- Better detection of reserved DOS device names.

- New flags to modify sanitize behavior:

SANITIZE_ALLOW_COLONS: Allow colons
SANITIZE_ALLOW_PATH: Allow path separators and colons
SANITIZE_ALLOW_RESERVED: Allow reserved device names
SANITIZE_ALLOW_TRUNCATE: Allow truncating a long filename

- Restore sanitization of banned characters from user-specified outfile.

Prior to this commit sanitization of a user-specified outfile was
temporarily disabled in 2b6dadc because there was no way to allow path
separators and colons through while replacing other banned characters.
Now in such a case we call the sanitize function with
SANITIZE_ALLOW_PATH which allows path separators and colons to pass
through.


Closes https://github.com/curl/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-05 01:44:27 -05:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Jay Satiro
2b6dadc52d tool_operate: Don't sanitize --output path (Windows)
Due to path separators being incorrectly sanitized in --output
pathnames, eg -o c:\foo => c__foo

This is a partial revert of 3017d8a until I write a proper fix. The
remote-name will continue to be sanitized, but if the user specified an
--output with string replacement (#1, #2, etc) that data is unsanitized
until I finish a fix.

Bug: https://github.com/bagder/curl/issues/624
Reported-by: Octavio Schroeder
2016-02-01 04:11:46 -05:00
Viktor Szakats
1597af51b1 tool_doswin: silence unused function warning
tool_doswin.c:185:14: warning: 'msdosify' defined but not used
[-Wunused-function]

Closes https://github.com/bagder/curl/pull/616
2016-01-28 02:45:36 -05:00
Ray Satiro
3017d8a8d8 curl: avoid local drive traversal when saving file (Windows)
curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html
2016-01-26 23:42:55 +01:00
Daniel Stenberg
bfe6f1f788 Makefile.inc: s/curl_SOURCES/CURL_FILES
This allows the root Makefile.am to include the Makefile.inc without
causing automake to warn on it (variables named *_SOURCES are
magic). curl_SOURCES is then instead assigned properly in
src/Makefile.am only.

Closes #577
2015-12-23 12:07:50 +01:00
Daniel Stenberg
b4a39491ca curl --expect100-timeout: added
This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS
2015-12-15 13:59:56 +01:00
Daniel Stenberg
536f5f442e curl: use 2TLS by default
Make this the default for the curl tool (if built with HTTP/2 powers
enabled) unless a specific HTTP version is requested on the command
line.

This should allow more users to get HTTP/2 powers without having to
change anything.
2015-12-13 09:26:43 +01:00
Daniel Stenberg
f606435419 curl: remove keepalive #ifdef checks done on libcurl's behalf
They didn't match the ifdef logic used within libcurl anyway so they
could indeed warn for the wrong case - plus the tool cannot know how the
lib actually performs at that level.
2015-12-03 09:55:00 +01:00
Steve Holme
db05d7a731 tool_paramhlp: Fixed display of URL index in password prompt for --next
Commit f3bae6ed73 added the URL index to the password prompt when using
--next. Unfortunately, because the size_t specifier (%zu) is not
supported by all sprintf() implementations we use the curl_off_t format
specifier instead. The display of an incorrect value arises on platforms
where size_t and curl_off_t are of a different size.
2015-11-27 06:59:02 +00:00
Daniel Stenberg
bb9ec5ebb2 curl: expanded the -XHEAD warning text
... to also mention the specific options used.
2015-11-24 10:11:06 +01:00
Daniel Stenberg
c341311a0e Revert "cleanup: general removal of TODO (and similar) comments"
This reverts commit 64e959ffe3.

Feedback-by: Dan Fandrich
URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-24 09:36:45 +01:00
Daniel Stenberg
f322ca7765 curl: mark two more options strings for --libcurl output 2015-11-13 16:59:09 +01:00
Daniel Stenberg
64e959ffe3 cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
2015-11-13 16:15:26 +01:00
Steve Holme
eaa98cef8d oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
Steve Holme
4e3d396900 oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
When referring to OAuth 2.0 we should use the official name rather the
SASL mechanism name.
2015-11-09 22:25:08 +00:00
Dan Fandrich
729b92afbe tool: Fixed a memory leak on OOM introduced in 19cb0c4a 2015-11-08 16:50:25 +01:00
Daniel Stenberg
49a991346e curl.h: s/HTTPPOST_/CURL_HTTPOST_
Fixes a name space pollution at the cost of programs using one of these
defines will no longer compile. However, the vast majority of libcurl
programs that do multipart formposts use curl_formadd() to build this
list.

Closes #506
2015-10-31 22:51:20 +01:00
Daniel Stenberg
5fecdc26f7 copyrights: update Gisle Vanem's email 2015-10-20 13:33:01 +02:00
Daniel Stenberg
06b5fd8fde curl: slist_wc: remove curl_memory.h inclusion
... that's for the library only.
2015-10-18 00:43:37 +02:00
Daniel Hwang
19cb0c4a88 tool: Generate easysrc with last cache linked-list
Using a last cache linked-list improves the performance of easysrc
generation.

Bug: https://github.com/bagder/curl/issues/444
Ref: https://github.com/bagder/curl/issues/429

Closes #452
2015-10-18 00:00:50 +02:00
Tim Rühsen
e77b5b7453 cookies: Add support for Mozilla's Publix Suffix List
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.

The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.

Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
2015-10-17 16:37:49 +02:00
Maksim Stsepanenka
2eb4f5efe9 tool_setopt: fix c_escape truncated octal
Closes https://github.com/bagder/curl/pull/469
2015-10-02 02:45:28 -04:00
Daniel Hwang
1467dec147 tool: remove redundant libcurl check
The easysrc generation is run only when --libcurl is initialized.

Ref: https://github.com/bagder/curl/issues/429

Closes #448
2015-09-22 17:06:28 +02:00
Jay Satiro
3f8d4e264d tool_operate: Don't call easysrc cleanup unless --libcurl
- Review of 4d95491.

The author changed it so easysrc only initializes when --libcurl but did
not do the same for the call to easysrc cleanup.

Ref: https://github.com/bagder/curl/issues/429
2015-09-21 02:21:38 -04:00
Daniel Lee Hwang
4d95491636 tool: generate easysrc only on --libcurl
Code should only be generated when --libcurl is used.

Bug: https://github.com/bagder/curl/issues/429
Reported-by: @greafhe, Jay Satiro

Closes #429
Closes #442
2015-09-20 12:54:18 +02:00
Daniel Stenberg
fad9604613 curl: customrequest_helper: deal with NULL custom method 2015-09-11 18:49:28 +02:00
Daniel Stenberg
481e0de00a curl: point out unnecessary uses of -X in verbose mode
It uses 'Note:' as a prefix as opposed to the common 'Warning:' to take
down the tone a bit.

It adds a warning for using -XHEAD on other methods becasue that may
lead to a hanging connection.
2015-09-11 08:53:53 +02:00
Daniel Stenberg
82db076d9f gitignore: ignore more generated VC Makefiles 2015-09-03 23:35:41 +02:00
Steve Holme
b604b7f040 tool_sdecls.h: Fixed compilation warning from commit 4a889441d3
tool_sdecls.h:139 warning: comma at end of enumerator list
2015-09-02 06:52:12 +01:00
Steve Holme
fb0825cb0a makefiles: Added our standard copyright header
But kept the original author, when they were specified in a comment, as
the initial copyright holder.
2015-08-30 14:51:13 +01:00
Daniel Stenberg
4a889441d3 curl: point out the conflicting HTTP methods if used
It isn't always clear to the user which options that cause the HTTP
methods to conflict so by spelling them out it should hopefully be
easier to understand why curl complains.
2015-08-25 09:20:56 +02:00
Daniel Stenberg
ce034356d2 curl: clarify that users can only specify one _METHOD_ 2015-08-25 00:04:03 +02:00
Dan Fandrich
2acaf3c804 tool: fix memory leak with --proto-default option 2015-08-23 20:57:17 +02:00
Nathaniel Waisbrot
9756d1da76 CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
2015-08-22 21:57:14 -04:00
Jay Satiro
9518139c73 gitignore: Sort for readability
find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
2015-08-18 01:03:05 -04:00
Viktor Szakats
9ee40ce2ab build: refer to fixed libidn versions
closes #371
2015-08-10 23:20:18 +02:00
Daniel Stenberg
373b77bca2 comment: fix comment about adding new option support 2015-07-26 14:15:07 +02:00
Jay Satiro
b46a7744bc tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS
- Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option.

Broken by me several days ago in 172b2be.
https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b

Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html
Reported-by: Dan Fandrich
2015-07-25 16:32:15 -04:00
Jay Satiro
172b2beba6 SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.

Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.

Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
2015-07-17 02:40:16 -04:00
55b78c5ae9 SSL: Pinned public key hash support 2015-07-01 19:43:47 +02:00
Daniel Stenberg
1f70cdef98 tool_header_cb: fflush the header stream
Flush the header stream when -D is used so that they are sent off
earlier.

Bug: https://github.com/bagder/curl/issues/324
Reported-by: Cédric Connes
2015-06-25 11:53:56 -07:00
Lior Kaplan
f44b803f16 tool_help: fix --tlsv1 help text to use >= for TLSv1 2015-06-21 13:33:11 -04:00
Daniel Stenberg
afbee791d5 tool: always provide negotiate/kerberos options
libcurl can still be built with it, even if the tool is not. Maintain
independence!
2015-06-18 16:57:38 +02:00
Linus Nielsen
1a8926d12f help: Add --proxy-service-name and --service-name to the --help output 2015-06-08 10:00:11 +02:00
Daniel Stenberg
33ee411848 checksrc: detect fopen() for text without the FOPEN_* macros
Follow-up to e8423f9ce1 with discussionis in
https://github.com/bagder/curl/pull/258

This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.
2015-06-02 08:28:10 +02:00
Jay Satiro
e8423f9ce1 curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"

This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.

Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.

Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh
2015-06-01 03:21:23 -04:00
Daniel Stenberg
42ed88e70a curl: fix potential NULL dereference
Coverity CID 1299428: Dereference after null check (FORWARD_NULL)
2015-05-22 16:19:30 +02:00
Viktor Szakats
3d38a38012 build: bump version in default nghttp2 paths 2015-05-19 07:42:16 +02:00
Alessandro Ghedini
5bf472fd39 tool_help: fix formatting for --next option 2015-05-08 14:44:15 +02:00
Viktor Szakats
6a61285909 build: update depedency versions, urls, example makefiles
- update default versions of dependencies (except for rare/old platforms)
- update urls
- sync examples makefiles with main ones
- remove line ending space
2015-04-30 08:29:00 +02:00
Linus Nielsen
97c272e5d1 Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Anthony Avina
6a7261359b tool: New option --data-raw to HTTP POST data, '@' allowed.
Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.

Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.

Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
2015-04-25 14:51:14 -04:00
Kamil Dudka
710a2e99b5 curl -z: do not write empty file on unmet condition
This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.

Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237
2015-04-23 14:42:07 +02:00
Dan Fandrich
79478fdb68 tool: fixed a comment typo 2015-04-23 00:09:49 +02:00
Jay Satiro
0675abbc75 cyassl: Implement public key pinning
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22 17:07:19 -04:00
Kamil Dudka
b47c17d67c nss: implement public key pinning for NSS backend
Bug: https://bugzilla.redhat.com/1195771
2015-04-22 13:21:31 +02:00
Daniel Stenberg
1fd33e3ec8 dist: include {src,lib}/checksrc.whitelist 2015-04-22 13:16:04 +02:00
Daniel Stenberg
691a07dac6 parsecfg: do not continue past a zero termination
When a config file line ends without newline, the parsing function could
continue reading beyond that point in memory.

Reported-by: Hanno Böck
2015-04-17 11:44:57 +02:00
Kamil Dudka
261a0fedcf src/tool_operate: create output file on successful download
... of an empty file

Bug: https://github.com/bagder/curl/issues/183
2015-04-08 09:43:08 +02:00
Kamil Dudka
f251417d85 src/tool_cb_wrt: separate fnc for output file creation 2015-04-08 09:36:56 +02:00
Dan Fandrich
ae3c985060 tool_operate: only set SSL options if SSL is enabled 2015-03-28 11:57:16 +01:00
Paul Howarth
559e2cc921 build: link curl to openssl libraries when openssl support is enabled
This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.

This is similar to commit c6e7cbb94e,
which fixes the same sort of problem for NSS builds.
2015-03-26 13:23:37 +01:00
Emil Lerner
83835f7185 globbing: fix url number calculation when using range with step
In function glob_range, the number of urls was multiplied by (max - min
+ 1), regardless of step. The correct formula is (max - min) / step + 1
2015-03-25 12:48:15 +01:00
Emil Lerner
7b223a3a21 globbing: fix step parsing for character globbing ranges
The glob_range function used wrong offset (3 instead of 4) for parsing
integer step inside character range specification, which led to 'bad
range' error when using character ranges with explicitly specified step
(such as '[a-z:2]')
2015-03-25 11:29:46 +01:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Alessandro Ghedini
1f651d1d4d curl: add --false-start option 2015-03-20 20:14:35 +01:00
Daniel Stenberg
1977ff811d metalink: fix resource leak in OOM
Coverity CID 1288826
2015-03-19 09:08:08 +01:00
Jay Satiro
28de58504e mkhelp: Remove trailing carriage return from every line of input
- Get rid of this flood of warnings in Windows mingw build:
warning: missing terminating " character

The warning is due to the carriage return. When msysgit checks out files
from the repo by default it converts the line endings to CRLF. Prior to
this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF
format the trailing carriage returns caused unnecessary CR in the
output.
2015-03-18 13:48:36 +01:00
Daniel Stenberg
2dc1a5ce93 checksrc: detect and remove space before trailing semicolons 2015-03-17 14:06:48 +01:00
Daniel Stenberg
0037eb5805 checksrc: introduce a whitelisting concept 2015-03-17 13:57:37 +01:00
Daniel Stenberg
9395999543 checksrc: use space after comma 2015-03-17 13:57:37 +01:00
Daniel Stenberg
3ac3331e14 metalink: add some error checks
malloc() and strdup() calls without checking return codes.

Reported-by: Markus Elfring
Bug: https://github.com/bagder/curl/issues/150
2015-03-06 23:14:25 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
dcf23b0cfe tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE 2015-03-03 23:08:02 +01:00
Daniel Stenberg
af838b7d7b tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used 2015-03-03 23:00:54 +01:00
Daniel Stenberg
f2108ec34c tool_getpass: remove unused curl/mprintf.h include 2015-03-03 12:09:25 +01:00
Kamil Dudka
921d195187 tool: wrap lines longer than 79 columns
... to avoid a build failure when configured with --enable-debug
2015-02-28 10:54:59 +01:00
Steve Holme
c715fa0b60 tool: Updated the warnf() function to use the GlobalConfig structure
As the 'error' and 'mute' options are now part of the GlobalConfig,
rather than per Operation, updated the warnf() function to use this
structure rather than the OperationConfig.
2015-02-27 21:05:52 +00:00
Sergei Nikulov
b723ec9905 CMake: Fix generation of tool_hugehelp.c on windows
Use "cmake -E echo" instead of "echo".

Reviewed-by: Brad King <brad.king@kitware.com>
2015-02-19 20:11:20 +01:00
Daniel Stenberg
f91a7bc992 getpass: protect include with proper #ifdef
Reported-by: Tamir
2015-02-03 07:57:54 +01:00
Daniel Stenberg
859a82a85c getpass_r: read from stdin, not stdout!
The file number used was wrong. This bug was introduced over 10 years
ago, proving this function isn't used much...

Bug: http://curl.haxx.se/bug/view.cgi?id=1476
Reported-by: Tamir
2015-02-03 00:30:45 +01:00
Daniel Stenberg
0b1f37e77c help: add --cert-status to --help output 2015-01-16 23:23:29 +01:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
bd0c3b3c66 curl: add --cert-status option
This enables the CURLOPT_SSL_VERIFYSTATUS functionality.
2015-01-16 23:23:29 +01:00
Viktor Szakats
acc8089bc2 add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS 2015-01-08 18:19:03 +01:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Steve Holme
6dd9c3909c tool_help: Use camel case for UNIX sockets feature output
In line with the other features listed in the --version output,
capitalise the UNIX socket feature.
2014-12-25 17:35:03 +00:00
Steve Holme
4ff5d32a6b tool_xattr: Use 'CURLcode result' for curl result codes 2014-12-25 13:01:34 +00:00
Daniel Stenberg
d9166028e5 curl: show size of inhibited data when using -v
To offer some more info and yet it doesn't use more lines.
2014-12-22 14:21:17 +01:00
John E. Malmberg
f9cf3de70b VMS: Updates for 0740-0D1220
lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
                  More defines to set symbols to uppercase.

src/tool_main.c : Fix parameter to vms_special_exit() call.

packages/vms/ :
  backup_gnv_curl_src.com : Fix the error message to have the correct package.

  build_curl-config_script.com : Rewrite to be more accurate.

  build_libcurl_pc.com : Use tool_version.h now.

  build_vms.com : Fix to handle lib/vtls directory.

  curl_gnv_build_steps.txt : Updated build procedure documentation.

  generate_config_vms_h_curl.com :
       * VAX does not support 64 bit ints, so no NTLM support for now.
       * VAX HP SSL port is ancient, needs some help.
       * Disable NGHTTP2 for now, not ported to VMS.
       * Disable UNIX_SOCKETS, not available on VMS yet.
       * HP GSSAPI port does not have gss_nt_service_name.

  gnv_link_curl.com : Update for new curl structure.

  pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
2014-12-21 16:55:28 +01:00
Daniel Stenberg
ae56df82c1 glob_next_url: make the loop count upwards
As the former contruct apparently caused a compiler warning, mentioned
in d8efde07e5.
2014-12-16 09:01:56 +01:00
Daniel Stenberg
088b9b2a97 tool_operate: we prefer 'CURLcode result' 2014-12-16 08:35:47 +01:00
Daniel Stenberg
b0670ff12b tool_urlglob: unify return codes to use CURLcode
There was a mix of GlobCode, CURLcode and ints and they were mostly
passing around CURLcode errors. This change makes the functions use only
CURLcode and removes the GlobCode type completely.
2014-12-16 01:00:23 +01:00
Daniel Stenberg
9b61060ffc tool_urlglob.c: partly reverse dc19789444
The loop in glob_next_url() needs to be done backwards to maintain the
logic. dc19789444 caused test 1235 to fail.
2014-12-16 00:51:39 +01:00
Steve Holme
cedf996073 copyright: Updated the copyright year following recent updates 2014-12-14 22:39:27 +00:00
Daniel Stenberg
dc19789444 tool_urlglob.c: reverse two loops
By counting from 0 and up instead of backwards like before, we remove
the need for the "funny" check of the unsigned variable when decreased
passed zero. Easier to read and less risk for compiler warnings.
2014-12-14 23:34:07 +01:00
Marc Hoersken
64854c0364 tool_urlglob.c: Added braces to clarify the conditions 2014-12-14 22:50:01 +01:00
Marc Hoersken
d8efde07e5 tool_urlglob.c: Silence warning C6293: Ill-defined for-loop
The >= 0 is actually not required, since i underflows and
the for-loop is stopped using the < condition, but this
makes the VS2012 compiler and code analysis happy.
2014-12-14 22:45:06 +01:00
Marc Hoersken
2ffbd7afac tool_binmode.c: Explicitly ignore the return code of setmode
Fixes code analysis warning C6031:
return value ignored: <function> could return unexpected value
2014-12-14 22:31:10 +01:00
Marc Hoersken
7fc1cbb640 tool_util.c: Use GetTickCount64 if it is available 2014-12-14 18:35:17 +01:00
Dan Fandrich
e05de4f46d get_url_file_name: Fixed crash on OOM on debug build
This caused a null-pointer dereference which caused a few dozen
torture tests to fail.
2014-12-07 11:09:14 +01:00
Guenter Knauf
ccfa139c71 build: updated dependencies in makefiles. 2014-12-05 14:54:25 +01:00
Peter Wu
2e557de094 tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output
Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as
option in the file generated by --libcurl.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 06:52:09 -08:00
Peter Wu
c8644d1f63 tool: add --unix-socket option
Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Guenter Knauf
228f1ee9f2 build: in Makefile.m32 simplified autodetection. 2014-12-01 16:39:56 +01:00
Steve Holme
c8996bab1c curl tool: Exclude SMB from the protocol redirect
As local files could be accessed through \\localhost\c$.
2014-11-30 21:39:04 +00:00
Bill Nagel
b359badd49 curl tool: Enable support for the SMB protocol
This patch enables SMB/CIFS support in the curl command-line tool.
2014-11-30 21:32:44 +00:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
Guenter Knauf
cf510ad781 build: in Makefile.m32 moved target autodetection.
Moved target autodetection block after defining CC macro.
2014-11-19 12:39:20 +01:00
Guenter Knauf
140ca2dcc2 build: in Makefile.m32 simplify platform flags. 2014-11-19 11:46:02 +01:00
Guenter Knauf
a08decdfed build: in Makefile.m32 try to detect 64bit target. 2014-11-19 11:40:04 +01:00
Guenter Knauf
4bc47bec57 build: in Makefile.m32 add -m32 flag for 32bit. 2014-11-18 14:25:41 +01:00
Guenter Knauf
46ae340f24 build: in Makefile.m32 pass -F flag to windres. 2014-11-18 13:44:03 +01:00
Steve Holme
532efa9ce9 tool: Removed krb4 from the supported features
Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33,
so would not be output with --version, removed krb4 from the supported
features output.
2014-11-15 15:27:53 +00:00
Michael Osipov
a4b7f716d3 tool: Use Kerberos for supported features 2014-11-15 14:43:35 +00:00
Steve Holme
dc867bbf3a Makefile.vc6: Added support for WinIDN 2014-11-08 18:31:29 +00:00
Steve Holme
e7bcfb368c curl_tool: Added krb5 to the supported features 2014-11-07 10:57:23 +00:00
Daniel Stenberg
8a2dda312c tool_strdup.c: include the tool strdup.h
... not the lib/ one that the tool no longer uses!
2014-11-05 23:33:22 +01:00
Daniel Stenberg
b387560692 curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
2014-11-05 08:05:14 +01:00
Guenter Knauf
b5ed5843a4 Added NetWare support to build with nghttp2. 2014-10-29 03:31:34 +01:00
Daniel Stenberg
ad88a4bbba src/: remove version.h.dist from gitignore
It has not been used since commit f7bfdbab in 2011
2014-10-26 23:17:47 +01:00
Guenter Knauf
ede9884c59 Added MinGW support to build with nghttp2. 2014-10-24 04:22:04 +02:00
Peter Wu
b55502cdae cmake: build tool_hugehelp (ENABLE_MANUAL)
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-12 14:11:42 +02:00
Daniel Stenberg
b546c7c926 get_url_file_name: make no slash equal empty string 2014-10-09 16:42:17 +02:00
Daniel Stenberg
199b3e46f9 get_url_file_name: never return a NULL string *and* OK
Change 987a4a73 assumes that as it simplifies life in the calling
function.

Reported-by: Fabian Keil
2014-10-09 16:37:11 +02:00
Jakub Zakrzewski
a3154295c5 Cmake: Got rid of setup_curl_dependencies
There is no need for such function. Include_directories propagate by
themselves and having a function with one simple link statement makes
little sense.
2014-10-09 13:48:30 +02:00
Daniel Stenberg
eb1e3a3985 operate: avoid NULL dereference
Coverity CID 1241948. dumpeasysrc() would get called with
config->current set to NULL which could be dereferenced by a warnf()
call.
2014-10-08 13:18:55 +02:00
Daniel Stenberg
987a4a7367 operate_do: skip superfluous check for NULL pointer
Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
file name pointer so skip the check for that - it tricks coverity into
believing it can happen and it then warns later on when we use 'outfile'
without checking for NULL.
2014-10-08 12:21:39 +02:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Daniel Stenberg
dddb2aab8d parseconfig: skip a NULL check
Coverity CID 1154198. This NULL check implies that the pointer _can_ be
NULL at this point, which it can't. Thus it is dead code. It tricks
static analyzers to warn about dereferencing the pointer since the code
seems to imply it can be NULL.
2014-10-07 10:29:06 +02:00
Daniel Stenberg
061cea1cf3 tool_go_sleep: use (void) to spell out we ignore the return value
Coverity CID 1222080.
2014-10-06 08:53:35 +02:00
Daniel Stenberg
8128db9ec1 getparameter: remove dead code
Coverity CID 1061126. 'parse' will always be non-NULL here.
2014-10-04 16:16:12 +02:00
Daniel Stenberg
55678c6951 getparameter: comment a switch FALLTHROUGH
Coverity CID 1061118. Point out that it is on purpose.
2014-10-04 16:15:47 +02:00
Daniel Stenberg
f854130b7b help output: minor whitespace edits
Should've been amended in the previous commit but wasn't due to a
mistake.
2014-08-19 23:45:34 +02:00
Zearin
2f2d84033b help output: use ≥2 spaces between option and description
... and some other cleanups
2014-08-19 23:38:02 +02:00
Steve Holme
2384c11ff1 tool_hugehelp.c.cvs: Added copyright
Added copyright due to warning from checksrc.pl.
2014-08-10 20:38:06 +01:00
Steve Holme
ea864fb24d tool_getparam.c: Fixed compilation warning
warning: `orig_opt' might be used uninitialized in this function
2014-08-08 11:24:43 +01:00
Michael Osipov
eed1c63c70 docs: Improve inline GSS-API naming in code documentation 2014-07-23 00:01:39 +02:00
Michael Osipov
e38ba43014 curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
- CURL_VERSION_GSSNEGOTIATE is deprecated which
  is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
  CURUL_VERSION_SPNEGO now.
- Remove display of feature 'GSS-Negotiate'
2014-07-23 00:01:39 +02:00
Michael Osipov
46750c39bd configure/features: Add feature and version info for GSS-API and SPNEGO 2014-07-23 00:01:39 +02:00
Alessandro Ghedini
c6e7cbb94e build: link curl to NSS libraries when NSS support is enabled
This fixes a build failure on Debian caused by commit
24c3cdce88.

Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
2014-07-18 14:20:42 +02:00
Dave Reisner
fb93fa9216 src/Makefile.am: add .DELETE_ON_ERROR
This prevents targets like tool_hugehelp.c from leaving around
half-constructed files if the rule fails with GNU make.

Reported-by: Rafaël Carré <funman@videolan.org>
2014-07-17 15:11:47 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Dan Fandrich
45c93dad1d Fixed some "statement not reached" warnings 2014-07-12 01:45:26 +02:00
Kamil Dudka
0cd368c2ef tool: oops, forgot to include <plarenas.h>
... that contains the declaration of PL_ArenaFinish()
2014-07-03 20:36:49 +02:00
Kamil Dudka
d343033f3d tool: call PL_ArenaFinish() on exit if NSPR is used
This prevents valgrind from reporting still reachable memory allocated
by NSPR arenas (mainly the freelist).

Reported-by: Hubert Kario
2014-07-03 20:27:20 +02:00
Kamil Dudka
24c3cdce88 tool: call PR_Cleanup() on exit if NSPR is used
This prevents valgrind from reporting possibly lost memory that NSPR
uses for file descriptor cache and other globally allocated internal
data structures.
2014-07-02 18:11:05 +02:00