ERR_error_string with NULL parameter is not thread-safe. The library
writes the string into some static buffer. Two threads doing this at
once may clobber each other and run into problems. Switch to
ERR_error_string_n which avoids this problem and is explicitly
bounds-checked.
Also clean up some remnants of OpenSSL 0.9.5 around here. A number of
comments (fixed buffer size, explaining that ERR_error_string_n was
added in a particular version) date to when ossl_strerror tried to
support pre-ERR_error_string_n OpenSSLs.
Closes#1424
MinGW-w64 complains:
warning: conversion to 'long int' from 'time_t {aka long long int}' may
alter its value [-Wconversion]
Fix this by using the correct type.
ssl_session_init was only introduced in version 1.3.8, the penultimate
version. The function only contains a memset, so replace it with that.
Suggested-by: Jay Satiro
Fixes https://github.com/curl/curl/issues/1401
The POSIX standard location is <poll.h>. Using <sys/poll.h> results in
warning spam when using the musl standard library.
Closes https://github.com/curl/curl/pull/1406
... because they may include an intermediate certificate for a client
certificate and the intermediate certificate needs to be presented to
the server, no matter if we verify the peer or not.
Reported-by: thraidh
Closes#851
Issues and PRs with no activity for 180 days will get marked as stale,
and if no further activity happens within 14 more days, the issue gets
closed.
This follows our established policy of not letting stalled bugs "get in
the way": https://curl.haxx.se/docs/bugs.html#Closing_off_stalled_bugsCloses#1398
When UNICODE is not defined, the Curl_convert_UTF8_to_tchar macro maps
directly to its argument. As it is declared as a pointer to const and
InitializeSecurityContext expects a pointer to non-const, both MSVC and MinGW
issue a warning about implicitly casting away the const. Fix this by declaring
the variables as pointers to non-const.
Closes https://github.com/curl/curl/pull/1394
Previously, periods of fast speed between periods of slow speed would
not count and could still erroneously trigger a timeout.
Reported-by: Paul Harris
Fixes#1345Closes#1390
MinGW complains:
tool_operate.c:197:15: error: comparison is always true due to limited range
of data type [-Werror=type-limits]
Fix this by only doing the comparison if 'long' is large enough to hold the
constant it is compared with.
Closes https://github.com/curl/curl/pull/1378
This checks the new behavior of Curl_splaygetbest, so that the smallest
node not larger than the key is removed, and FIFO behavior is kept even
when there are multiple nodes with the same key.
Closes#1358
Multi handles repeatedly invert the queue of pending easy handles when
used with CURLMOPT_MAX_TOTAL_CONNECTIONS. This is caused by a multistep
process involving Curl_splaygetbest and violates the FIFO property of
the multi handle.
This patch fixes this issue by redefining the "best" node in the
context of timeouts as the "smallest not larger than now", and
implementing the necessary data structure modifications to do this
effectively, namely:
- splay nodes with the same key are now stored in a doubly-linked
circular list instead of a non-circular one to enable O(1)
insertion to the tail of the list
- Curl_splayinsert inserts nodes with the same key to the tail of
the same list
- in case of multiple nodes with the same key, the one on the head of
the list gets selected
- Don't free postponed data on a connection that will be reused since
doing so can cause data loss when pipelining.
Only Windows builds are affected by this.
Closes https://github.com/curl/curl/issues/1380
Safe to silence warning adding time delta of poll, which can trigger on
Windows since sizeof time_t > sizeof long.
warning C4244: '+=' : conversion from 'time_t' to 'long', possible loss
of data