1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 08:38:49 -05:00
Commit Graph

870 Commits

Author SHA1 Message Date
Daniel Stenberg
e06fa7462a
gnutls: assume nettle crypto support
nettle has been the default crypto library with GnuTLS since 2010. By
dropping support for the previous libcrypto, we simplify code.

Closes #6625
2021-02-18 23:06:47 +01:00
Jacob Hoffman-Andrews
246399a874
vtls: initial implementation of rustls backend
This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
from https://github.com/abetterinternet/crustls.

Rustls is at https://github.com/ctz/rustls/.

There is still a fair bit to be done, like sending CloseNotify on
connection shutdown, respecting CAPATH, and properly indicating features
like "supports TLS 1.3 ciphersuites." But it works well enough to make
requests and receive responses.

Blog post for context:
https://www.abetterinternet.org/post/memory-safe-curl/

Closes #6350
2021-02-09 11:06:18 +01:00
Simon Josefsson
3eebbfe8f3
sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
Closes #6372
2021-02-09 10:53:25 +01:00
Daniel Stenberg
275c28e650
COPYING/configure: bump copyright year range 2021-01-01 00:52:28 +01:00
Daniel Stenberg
c263e583c2
configure: add --with-hyper
As the first (optional) HTTP backend alternative instead of native

Close #6110
2020-12-18 09:57:51 +01:00
parazyd
a1f06f32b8
gopher: Implement secure gopher protocol.
This commit introduces a "gophers" handler inside the gopher protocol if
USE_SSL is defined. This protocol is no different than the usual gopher
prococol, with the added TLS encapsulation upon connecting. The protocol
has been adopted in the gopher community, and many people have enabled
TLS in their gopher daemons like geomyidae(8), and clients, like clic(1)
and hurl(1).

I have not implemented test units for this protocol because my knowledge
of Perl is sub-par. However, for someone more knowledgeable it might be
fairly trivial, because the same test that tests the plain gopher
protocol can be used for "gophers" just by adding a TLS listener.

Signed-off-by: parazyd <parazyd@dyne.org>

Closes #6208
2020-12-15 12:58:12 +01:00
Oliver Urbann
0d16a49c16
curl: add compatibility for Amiga and GCC 6.5
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.

Closes #6220
2020-11-20 23:36:51 +01:00
Daniel Stenberg
259c70a930
Revert "libcurl.pc: make it relocatable"
This reverts commit 3862c37b63.

That fix should either be done differently or with an option.

Reported-by: asavah on github
Fixes #6157
Closes #6183
2020-11-09 09:13:06 +01:00
Daniel Stenberg
374329d773
configure: pass -pthread to Libs.private for pkg-config
Reported-by: Cristian Morales Vega
Fixes #6168
Closes #6181
2020-11-07 18:25:21 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg
7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Cristian Morales Vega
6f3369bbcf
configure: use pkgconfig to find openSSL when cross-compiling
This reverts 736a40fec (November 2004), which doesn't explain why it was
done.

Closes #6145
2020-10-29 23:18:29 +01:00
Daniel Stenberg
96450a1a33
alt-svc: enable by default
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.

alt-svc support in curl is no longer considered experimental

Closes #5868
2020-10-25 23:08:54 +01:00
Daniel Stenberg
4bfca0a807
libssh2: require version 1.0 or later
... and simplify the code accordingly. libssh2 version 1.0 was released
in April 2009.

Closes #6116
2020-10-22 16:45:40 +02:00
Cristian Morales Vega
3862c37b63
libcurl.pc: make it relocatable
It supposes when people specify the libdir/includedir they do it to
change where under prefix/exec_prefix it should be, not to make it
independent of prefix/exec_prefix.

Closes #6061
2020-10-15 16:04:21 +02:00
Daniel Stenberg
c8204ed6a2
configure: don't say HTTPS-proxy is enabled when disabled!
Reported-by: Kamil Dudka
Reviewed-by: Kamil Dudka
Bug: https://github.com/curl/curl/pull/5735#issuecomment-701376388
Closes #6029
2020-09-30 22:43:43 +02:00
Daniel Stenberg
cbe7fad20d
ECH: renamed from ESNI in docs and configure
Encrypted Client Hello (ECH) is the current name.

Closes #6022
2020-09-29 11:23:23 +02:00
Daniel Stenberg
83c6493296
configure: use "no" instead of "disabled" for the end summary
... for consistency but also to make them more distinctly stand out next
to the "enabled" lines.
2020-09-29 11:01:45 +02:00
Daniel Stenberg
e37e446868
mqtt: enable by default
No longer considered experimental.

Closes #5858
2020-08-31 09:45:09 +02:00
Marcel Raad
f504f18641 ntlm: fix condition for curl_ntlm_core usage
`USE_WINDOWS_SSPI` without `USE_WIN32_CRYPTO` but with any other DES
backend is fine, but was excluded before.

This also fixes test 1013 as the condition for SMB support in
configure.ac didn't match the condition in the source code. Now it
does.

Fixes https://github.com/curl/curl/issues/1262
Closes https://github.com/curl/curl/pull/5771
2020-08-29 10:08:32 +02:00
Daniel Stenberg
ad691b191a
configure: added --disable-get-easy-options
To allow disabling of the curl_easy_option APIs in a build.

Closes #5365
2020-08-27 14:17:42 +02:00
Daniel Stenberg
d854572ccc
socketpair: allow CURL_DISABLE_SOCKETPAIR
... to completely disable the use of socketpair

Closes #5850
2020-08-26 22:58:21 +02:00
Daniel Stenberg
510d98157f
configure: fix pkg-config detecting wolfssl
When amending the include path with "/wolfssl", this now properly strips
off all whitespace from the path variable! Previously this would lead to
pkg-config builds creating bad command lines.

Closes #5848
2020-08-24 19:21:20 +02:00
Daniel Stenberg
2429f45a97
TLS naming: fix more Winssl and Darwinssl leftovers
The CMake option is now called CMAKE_USE_SCHANNEL

The winbuild flag is USE_SCHANNEL

The CI jobs and build scripts only use the new names and the new name
options

Tests now require 'Schannel' (when necessary)

Closes #5795
2020-08-08 00:19:21 +02:00
Ehren Bendler
14e63c19a0
configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
Also choose a different wolfSSL function to test for NTLM support.

Fixes #5605
Closes #5682
2020-07-27 15:18:13 +02:00
Daniel Stenberg
ba390221ef
configure: show zstd "no" in summary when built without it
Reported-by: Marc Hörsken
Fixes #5720
Closes #5730
2020-07-27 14:33:17 +02:00
Gilles Vollant
e13357b14b
content_encoding: add zstd decoding support
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu

Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
2020-07-12 18:11:37 +02:00
Nicolas Sterchele
3f6288e1e5
configure.ac: Sort features name in summary
- Same as protocols

Closes #5656
2020-07-12 18:04:11 +02:00
Daniel Stenberg
774eff9fcd
configure: for wolfSSL, check for the DES func needed for NTLM
Also adds pkg-config support for the wolfSSL detection.
2020-06-16 09:06:53 +02:00
Daniel Stenberg
4190f49688
configure: only strip first -L from LDFLAGS
In the logic that works out if a given OpenSSL path works, it stripped
off a possibly leading -L flag using an incorrect sed pattern which
would remove all instances of -L in the string, including if the path
itself contained that two-letter sequence!

The same pattern was used and is now updated in multiple places. Now it
only removes -L if it starts the strings.

Reported-by: Mohamed Osama
Fixes #5519
Closes #5521
2020-06-04 23:15:28 +02:00
Marc Hoersken
fc55c723c4
select: add overflow checks for timeval conversions
Using time_t and suseconds_t if suseconds_t is available,
long on Windows (maybe others in the future) and int elsewhere.

Also handle case of ULONG_MAX being greater or equal to INFINITE.

Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Part of #5343
2020-05-30 10:21:23 +02:00
Daniel Stenberg
2110b996a6
configure: repair the check if argv can be written to
Due to bad escaping of the test code, the test wouldn't build and thus
result in a negative test result, which would lead to the unconditional
assumption that overwriting the arguments doesn't work and thus curl
would never hide credentials given in the command line, even when it
would otherwise be possible.

Regression from commit 2d4c2152c (7.60.0)

Reported-by: huzunhao on github
Fixes #5470
Closes #5471
2020-05-28 23:33:56 +02:00
Peter Wu
06e266e0a5 configure: fix pthread check with static boringssl
A shared boringssl/OpenSSL library requires -lcrypto only for linking.
A static build additionally requires `-ldl -lpthread`. In the latter
case `-lpthread` is added to LIBS which prevented `-pthread` from being
added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
2020-05-22 21:10:07 +02:00
Daniel Stenberg
32aade5c91
configure: the wolfssh backend does not provide SCP
Closes #5387
2020-05-13 16:35:33 +02:00
James Le Cuirot
98e5904165
libcurl.pc: Merge Libs.private into Libs for static-only builds
A project being built entirely statically will call pkg-config with
--static, which utilises the Libs.private field. Conversely it will
not use --static when not being built entirely statically, even if
there is only a static build of libcurl available. This will most
likely cause the build to fail due to underlinking unless we merge the
Libs fields.

Consider that this is what the Meson build system does when it
generates pkg-config files.

I have also reflected this in the --libs argument of curl-config even
though REQUIRE_LIB_DEPS always seems to be "yes" anyway.

Closes #5373
2020-05-12 08:53:12 +02:00
Daniel Stenberg
80b9db1283
quiche: enable qlog output
quiche has the potential to log qlog files. To enable this, you must
build quiche with the qlog feature enabled `cargo build --features
qlog`. curl then passes a file descriptor to quiche, which takes
ownership of the file. The FD transfer only works on UNIX.

The convention is to enable logging when the QLOGDIR environment is
set. This should be a path to a folder where files are written with the
naming template <SCID>.qlog.

Co-authored-by: Lucas Pardue
Replaces #5337
Closes #5341
2020-05-05 14:50:33 +02:00
Daniel Stenberg
0891fe7ade
gnutls: bump lowest supported version to 3.1.10
GnuTLS 3.1.10 added new functions we want to use. That version was
released on Mar 22, 2013. Removing support for older versions also
greatly simplifies the code.

Ref: #5271
Closes #5276
2020-04-21 08:09:41 +02:00
Bjorn Stenberg
2522903b79
mqtt: add new experimental protocol
Closes #5173
2020-04-14 13:03:40 +02:00
Dennis Felsing
2ebc1236ab
configure: don't check for Security.framework when cross-compiling
Since it checks for the local file, not the cross-compiled one.

Closes #5189
2020-04-06 15:23:08 +02:00
Daiki Ueno
0736ee73d3
vquic: add support for GnuTLS backend of ngtcp2
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile
time. Therefore OpenSSL support needs to be explicitly disabled.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Closes #5148
2020-03-31 14:39:00 +02:00
Harry Sintonen
7a71965e97
build: fixed build for systems with select() in unistd.h
Closes #5169
2020-03-31 10:59:06 +02:00
Daniel Stenberg
02174e41f5
openssl: adapt to functions marked as deprecated since version 3
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
functions we use.

Fix the MD4 and SSL_CTX_load_verify_locations warnings.

In configure, detect OpenSSL v3 and if so, inhibit the deprecation
warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
until we rewrite the code to use non-deprecated functions we better
ignore these warnings as they don't help us.

Closes #5139
2020-03-26 00:40:32 +01:00
Daniel Stenberg
27ea8fc2fa
configure: convert -I to -isystem as a last step
As all the -I uses in CFLAGS at that point are for system headers and
third party libraries this helps us remove/ignore warnings on those!

Closes #5060
2020-03-11 08:51:25 +01:00
Daniel Stenberg
77b62fe6e1
configure: fix -pedantic-errors for GCC 5 and later
If --enable-werror is used.

Follow-up to d5c0351055 which added it too early in the configure
script before $compiler_num was set correctly and thus this option was
never used.

Reported-by: Stepan Efremov
Fixes #5067
Closes #5068
2020-03-11 08:49:20 +01:00
Steve Holme
18901c7bb7
configure.ac: Disable metalink if mbedTLS is specified
Follow up to cdcc9df1 and #5006. Even though I mentioned mbedTLS as
being one of the backends that metalink needs to be disabled for, I
seem to have included it in the list of allowed SSL/TLS backends in
comnfigure.ac :(

Closes #5013
2020-03-03 00:37:24 +00:00
Daniel Stenberg
967bf4633a
configure: bump the AC_COPYRIGHT year range 2020-03-02 09:44:03 +01:00
Steve Holme
cdcc9df182
configure.ac: Disable metalink support if an incompatible SSL/TLS specified
tool_metalink only supports cryptography from OpenSSL, GnuTLS, NSS,
The Win32 Crypto library and Apple's Common Crypto library.

If an TLS backend such as mbedTLS or WolfSSL is specified then the
following error is given during compilation along, with a load of
unresolved extern errors:

Can't compile METALINK support without a crypto library.

Reviewed-by: Daniel Stenberg
Closes #5006
2020-03-01 15:10:25 +00:00
Daniel Stenberg
5808a0d0f5
http2: now require nghttp2 >= 1.12.0
To simplify our code and since earlier versions lack important function
calls libcurl needs to function correctly.

nghttp2 1.12.0 was relased on June 26, 2016.

Closes #4961
2020-02-21 16:54:47 +01:00
Cristian Greco
8f74bb361a
configure.ac: fix comments about --with-quiche
A simple s/nghttp3/quiche in some comments of --with-quiche.
Looks like a copy-paste error from --with-nghttp3.

Closes #4897
2020-02-08 18:12:28 +01:00
Daniel Stenberg
6773c7ca65
wolfSSH: new SSH backend
Adds support for SFTP (not SCP) using WolfSSH.

Closes #4231
2020-01-12 17:19:12 +01:00