1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-15 14:05:03 -05:00
Commit Graph

8669 Commits

Author SHA1 Message Date
Ludwig Nussel
7b55279d1d configure: --with-ca-fallback: use built-in TLS CA fallback
When trying to verify a peer without having any root CA certificates
set, this makes libcurl use the TLS library's built in default as
fallback.

Closes #569
2016-02-08 14:45:58 +01:00
Daniel Stenberg
113f04e664 Proxy-Connection: stop sending this header by default
RFC 7230 says we should stop. Firefox already stopped.

Bug: https://github.com/curl/curl/issues/633
Reported-By: Brad Fitzpatrick

Closes #633
2016-02-08 11:09:40 +01:00
Jay Satiro
d6a8869ea3 openssl: Fix signed/unsigned mismatch warning in X509V3_ext
sk_X509_EXTENSION_num may return an unsigned integer, however the value
will fit in an int.

Bug: https://github.com/curl/curl/commit/dd1b44c#commitcomment-15913896
Reported-by: Gisle Vanem
2016-02-06 19:10:49 -05:00
Michael Kaufmann
9e7fcd4291 idn_win32: Better error checking
.. also fix a conversion bug in the unused function
curl_win32_ascii_to_idn().

And remove wprintfs on error (Jay).

Bug: https://github.com/curl/curl/pull/637
2016-02-06 17:51:51 -05:00
Viktor Szakats
d49881cb19 URLs: change more http to https 2016-02-04 18:46:54 -05:00
Jay Satiro
742deff4dd sasl_sspi: Fix memory leak in domain populate
Free an existing domain before replacing it.

Bug: https://github.com/curl/curl/issues/635
Reported-by: silveja1@users.noreply.github.com
2016-02-04 18:11:07 -05:00
Viktor Szakats
20dcd19501 URLs: follow GitHub project rename (also Travis CI)
Closes #632
2016-02-04 23:01:38 +01:00
Dan Fandrich
093f9cd38d URLs: Change more haxx.se URLs from http: to https: 2016-02-03 01:45:21 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
41ae9f717a dotdot: allow an empty input string too
It isn't used by the code in current conditions but for safety it seems
sensible to at least not crash on such input.

Extended unit test 1395 to verify this too as well as a plain "/" input.
2016-02-02 22:43:54 +01:00
Gisle Vanem
bdb465274f urldata: Error on missing SSL backend-specific connect info 2016-01-29 00:11:43 -05:00
Sergei Nikulov
91460b2b8a urldata: moved common variable out of ifdef
Closes https://github.com/bagder/curl/pull/618
2016-01-28 03:01:51 -05:00
Isaac Boukris
d41dcba4e9 NTLM: Fix ConnectionExists to compare Proxy credentials
Proxy NTLM authentication should compare credentials when
re-using a connection similar to host authentication, as it
authenticate the connection.

Example:
curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
  --proxy-ntlm --next -x http://proxy:port http://host/
    [-U fake_user:fake_pwd --proxy-ntlm]

CVE-2016-0755

Bug: http://curl.haxx.se/docs/adv_20160127A.html
2016-01-26 23:42:55 +01:00
Jay Satiro
d58ba66eec mbedtls: Fix pinned key return value on fail
- Switch from verifying a pinned public key in a callback during the
certificate verification to inline after the certificate verification.

The callback method had three problems:

1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
was not returned.

2. If peer certificate verification was disabled the pinned key
verification did not take place as it should.

3. (related to #2) If there was no certificate of depth 0 the callback
would not have checked the pinned public key.

Though all those problems could have been fixed it would have made the
code more complex. Instead we now verify inline after the certificate
verification in mbedtls_connect_step2.

Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
Ref: https://github.com/bagder/curl/pull/601
2016-01-18 03:48:10 -05:00
Kamil Dudka
be538e0766 ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL
The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
empty strings specially since curl-7_25_0-31-g05a443a but the behavior
was unintentionally removed in curl-7_38_0-47-gfa7d04f.

This commit restores the original behavior and clarifies it in the
documentation that NULL and "" have both the same meaning when passed
to CURLOPT_SSH_PUBLIC_KEYFILE.

Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
2016-01-15 10:34:34 +01:00
Daniel Stenberg
35083ca60e openssl: improved error detection/reporting
... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
1.1.0+ returned a new func number of another cerfificate fail so this
required a fix and this is the better way to catch this error anyway.
2016-01-14 21:25:30 +01:00
Daniel Stenberg
fdcc4d6daa openssl: for 1.1.0+ they now provide a SSLeay() macro of their own 2016-01-14 16:38:14 +01:00
Daniel Stenberg
13b6d3b7dd ConnectionExists: only do pipelining/multiplexing when asked
When an HTTP/2 upgrade request fails (no protocol switch), it would
previously detect that as still possible to pipeline on (which is
acorrect) and do that when PIPEWAIT was enabled even if pipelining was
not explictily enabled.

It should only pipelined if explicitly asked to.

Closes #584
2016-01-11 23:55:13 +01:00
Mohammad AlSaleh
3d209b5fb0 lib: Prefix URLs with lower-case protocol names/schemes
Before this patch, if a URL does not start with the protocol
name/scheme, effective URLs would be prefixed with upper-case protocol
names/schemes. This behavior might not be expected by library users or
end users.

For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
URL is "hostname/path". The effective URL would be
"HTTPS://hostname/path" instead of "https://hostname/path".

After this patch, effective URLs would be prefixed with a lower-case
protocol name/scheme.

Closes #597

Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
2016-01-11 23:38:42 +01:00
Michael Kaufmann
5d7c9379ef IDN host names: Remove the port number before converting to ACE
Closes #596
2016-01-11 00:11:28 +01:00
Thomas Glanzmann
bf93a1217c mbedtls: implement CURLOPT_PINNEDPUBLICKEY 2016-01-10 00:17:26 +01:00
Tatsuhiro Tsujikawa
5da7461a55 url: Fix compile error with --enable-werror 2016-01-09 02:26:23 -05:00
Tatsuhiro Tsujikawa
b019af41e7 http2: Ensure that http2_handle_stream_close is called
Previously, when HTTP/2 is enabled and used, and stream has content
length known, Curl_read was not called when there was no bytes left to
read. Because of this, we could not make sure that
http2_handle_stream_close was called for every stream. Since we use
http2_handle_stream_close to emit trailer fields, they were
effectively ignored. This commit changes the code so that Curl_read is
called even if no bytes left to read, to ensure that
http2_handle_stream_close is called for every stream.

Discussed in https://github.com/bagder/curl/pull/564
2016-01-08 17:16:47 -05:00
Daniel Stenberg
325686ef9e http2: handle the received SETTINGS frame
This regression landed in 5778e6f5 and made libcurl not act on received
settings and instead stayed with its internal defaults.

Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
Reported-by: Bankde
2016-01-08 23:06:59 +01:00
Daniel Stenberg
c338d8cf9c Revert "multiplex: allow only once HTTP/2 is actually used"
This reverts commit 46cb70e9fa.

Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
2016-01-08 14:39:54 +01:00
Tatsuhiro Tsujikawa
984d1e9e23 http2: Fix PUSH_PROMISE headers being treated as trailers
Discussed in https://github.com/bagder/curl/pull/564
2016-01-08 03:06:25 -05:00
Michael Kaufmann
d9b4d1ce20 connection reuse: IDN host names fixed
Use the ACE form of IDN hostnames as key in the connection cache.  Add
new tests.

Closes #592
2016-01-08 00:19:46 +01:00
Jay Satiro
89a1eb7b1c mbedtls: Fix ALPN support
- Fix ALPN reply detection.

- Wrap nghttp2 code in ifdef USE_NGHTTP2.


Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
2016-01-07 01:49:31 -05:00
Jay Satiro
973ee6bdd3 http2: Fix client write for trailers on stream close
Check that the trailer buffer exists before attempting a client write
for trailers on stream close.

Refer to comments in https://github.com/bagder/curl/pull/564
2016-01-06 22:10:49 -05:00
Daniel Stenberg
a2cae9aafd ConnectionExists: add missing newline in infof() call
Mistake from commit a464f33843
2016-01-06 00:54:49 +01:00
Daniel Stenberg
46cb70e9fa multiplex: allow only once HTTP/2 is actually used
To make sure curl doesn't allow multiplexing before a connection is
upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
connection uses HTTP/2 as well and not only check what's wanted.

Closes #584

Patch-by: c0ff
2016-01-06 00:54:49 +01:00
Marc Hoersken
7cbe4d8d79 ftplistparser.c: fix handling of file LISTings using Windows EOL
Previously file.txt[CR][LF] would have been returned as file.tx
(without the last t) if filetype is symlink. Now the t is
included and the internal item_length includes the zero byte.

Spotted using test 576 on Windows.
2015-12-23 14:19:36 +01:00
Anders Bakken
a464f33843 ConnectionExists: with *PIPEWAIT, wait for connections
Try harder to prevent libcurl from opening up an additional socket when
CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS
handshakes complete first before the decision is made.

Closes #575
2015-12-23 10:20:37 +01:00
Daniel Stenberg
151da51404 cyassl: deal with lack of *get_peer_certificate
The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.

Also fix the mistake in configure that checks for the wrong lib name.

Closes #566
2015-12-16 10:27:18 +01:00
Daniel Stenberg
1ff3a07be9 wolfssl: handle builds without SSLv3 support 2015-12-16 10:06:09 +01:00
Tatsuhiro Tsujikawa
15cb03ad84 http2: Support trailer fields
This commit adds trailer support in HTTP/2.  In HTTP/1.1, chunked
encoding must be used to send trialer fields.  HTTP/2 deprecated any
trandfer-encoding, including chunked.  But trailer fields are now
always available.

Since trailer fields are relatively rare these days (gRPC uses them
extensively though), allocating buffer for trailer fields is done when
we detect that HEADERS frame containing trailer fields is started.  We
use Curl_add_buffer_* functions to buffer all trailers, just like we
do for regular header fields.  And then deliver them when stream is
closed.  We have to be careful here so that all data are delivered to
upper layer before sending trailers to the application.

We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
mechanism, but current method is far more simple.

Another possibility is use chunked encoding internally for HTTP/2
traffic.  I have not tested it, but it could add another overhead.

Closes #564
2015-12-15 23:47:46 +01:00
Jay Satiro
6c2c019654 x509asn1: Fix host altname verification
- In Curl_verifyhost check all altnames in the certificate.

Prior to this change only the first altname was checked. Only the GSKit
SSL backend was affected by this bug.

Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html
Reported-by: John Kohl
2015-12-15 14:07:28 -05:00
Daniel Stenberg
afcab2c2b6 cyassl: fix compiler warning on type conversion 2015-12-15 00:36:08 +01:00
Anders Bakken
8fbaf6749a setstropt: const-correctness
Closes #565
2015-12-14 23:14:39 +01:00
Daniel Stenberg
727f775e59 libressl: the latest openssl x509 funcs are not in libressl 2015-12-14 09:49:54 +01:00
Daniel Stenberg
4bcc532de5 http: add libcurl option to allow HTTP/2 for HTTPS only
... and stick to 1.1 for HTTP. This is in line with what browsers do and
should have very little risk.
2015-12-13 09:24:51 +01:00
Daniel Stenberg
7f683b0ea8 openssl: adapt to openssl >= 1.1.0 X509 opaque structs
Closes #491
2015-12-10 22:45:38 +01:00
Daniel Stenberg
dd1b44c612 openssl: avoid BIO_reset() warnings since it returns a value 2015-12-10 17:31:37 +01:00
Daniel Stenberg
fa9332d3ca openssl: adapt to 1.1.0+ name changes 2015-12-10 17:31:37 +01:00
Daniel Stenberg
034317d2af fix b6d5cb40d7 2015-12-09 00:27:04 +01:00
Tatsuhiro Tsujikawa
12f6bf5e58 http2: Fix hanging paused stream
When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we
might not process DATA frame fully.  Calling nghttp2_session_mem_recv()
again will continue to process DATA frame, but if there is no incoming
frames, then we have to call it again with 0-length data.  Without this,
on_stream_close callback will not be called, and stream could be hanged.

Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html
Reported-by: Francisco Moraes
2015-12-08 18:40:32 +01:00
Christian Stewart
b6d5cb40d7 build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
With curl disable verbose strings in http.c the compilation fails due to
the data variable being undefined later on in the function.

Closes #558
2015-12-08 18:12:16 +01:00
Gisle Vanem
6c2a10e963 config-win32: Fix warning HAVE_WINSOCK2_H undefined 2015-12-07 19:07:51 -05:00
Gisle Vanem
df40b20e44 openssl: BoringSSL doesn't have CONF_modules_free 2015-12-07 18:47:26 -05:00
Gisle Vanem
e1b6b2219d lwip: Fix compatibility issues with later versions
The name of the header guard in lwIP's <lwip/opt.h> has changed from
'__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015).

Other fixes:

- In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is
used.

- In memdebug.h, the 'socket' should be undefined first due to lwIP's
lwip_socket() macro.

- In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need
special handling because they were undef'ed in memdebug.h.

- In select.c we can't use preprocessor conditionals inside select if
MSVC and select is a macro, as it is with lwIP.

http://curl.haxx.se/mail/lib-2015-12/0023.html
http://curl.haxx.se/mail/lib-2015-12/0024.html
2015-12-07 14:27:55 -05:00
Gisle Vanem
b1f9424fa7 version: Add flag CURL_VERSION_PSL for libpsl 2015-12-07 02:59:54 -05:00
Jay Satiro
738b0ba09e formdata: Check if length is too large for memory
- If the size of the length type (curl_off_t) is greater than the size
of the size_t type then check before allocating memory to make sure the
value of length will fit in a size_t without overflow. If it doesn't
then return CURLE_BAD_FUNCTION_ARGUMENT.

Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679
Reported-by: Steve Holme
2015-12-07 02:43:24 -05:00
Flavio Medeiros
e55f15454e Curl_read_plain: clean up ifdefs that break statements
Closes #546
2015-11-30 00:28:28 +01:00
Daniel Stenberg
fe7c39d353 http2: convert some verbose output into debug-only output 2015-11-30 00:12:46 +01:00
Daniel Stenberg
8f281fb76d http2 push: add missing inits of new stream
- set the correct stream_id for pushed streams
- init maxdownload and size properly
2015-11-30 00:11:42 +01:00
Daniel Stenberg
8cbd80686e http2 push: set weight for new stream
give the new stream the old one's stream_weight internally to avoid
sending a PRIORITY frame unless asked for it
2015-11-30 00:10:35 +01:00
Daniel Stenberg
a14fa8f8ff curl_setup.h: undef freeaddrinfo in c-ares block to fix build
Fixes warnings 78c25c854a added.
2015-11-28 17:26:38 +01:00
Daniel Stenberg
81ae6d01fa nonblock: fix setting non-blocking mode for Amiga
IoctlSocket() apparently wants a pointer to a long, passed as a char *
in its third parameter. This bug was introduced already back in commit
c5fdeef41d from October 1 2001!

Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html
Reported-by: Norbert Kett
2015-11-27 23:29:30 +01:00
Dan Fandrich
78c25c854a lib: Only define curl_dofreeaddrinfo if struct addrinfo is available 2015-11-27 10:51:22 +01:00
Daniel Stenberg
cd2b73b3ed timecond: do not add if-modified-since without timecondition
The RTSP code path didn't skip adding the if-modified-since for certain
RTSP code paths, even if CURLOPT_TIMECONDITION was set to
CURL_TIMECOND_NONE.

Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals
CURL_TIMECOND_IFMODSINCE.

Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
2015-11-25 11:38:10 +01:00
Daniel Stenberg
40c349ada9 done: make sure the final progress update is made
It would previously be skipped if an existing error was returned, but
would lead to a previous value being left there and later used.
CURLINFO_TOTAL_TIME for example.

Still it avoids that final progress update if we reached DONE as the
result of a callback abort to avoid another callback to be called after
an abort-by-callback.

Reported-by: Lukas Ruzicka

Closes #538
2015-11-24 20:49:04 +01:00
Daniel Stenberg
c341311a0e Revert "cleanup: general removal of TODO (and similar) comments"
This reverts commit 64e959ffe3.

Feedback-by: Dan Fandrich
URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-24 09:36:45 +01:00
Steve Holme
b7f3f1b68f smb.c: Fixed compilation warnings
smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may
             alter its value
smb.c:146:42: warning: conversion to 'unsigned int' from 'long long
              unsigned int' may alter its value
smb.c:146:65: warning: conversion to 'unsigned int' from 'long long
              unsigned int' may alter its value
2015-11-21 11:41:20 +00:00
Steve Holme
c2f1730e17 schannel: Corrected copy/paste error in commit 8d17117683 2015-11-21 02:54:44 +00:00
Steve Holme
8d17117683 schannel: Use GetVersionEx() when VerifyVersionInfo() isn't available
Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
2015-11-21 02:43:17 +00:00
Steve Holme
41efdadf09 pop3: Differentiate between success and continuation responses 2015-11-20 07:01:01 +00:00
Steve Holme
6af80afe49 pop3: Added clarity on some server response codes 2015-11-20 06:41:53 +00:00
Daniel Stenberg
b4c39010b5 http2: http_done: don't free already-freed push headers
The push headers are freed after the push callback has been invoked,
meaning this code should only free the headers if the callback was never
invoked and thus the headers weren't freed at that time.

Reported-by: Davey Shafik
2015-11-17 09:47:58 +01:00
Anders Bakken
a72207ecf0 getconnectinfo: Don't call recv(2) if socket == -1
Closes #528
2015-11-16 22:42:13 +01:00
Daniel Stenberg
39904d6f7d http2: minor comment typo 2015-11-16 08:22:08 +01:00
Daniel Stenberg
88f585c3a1 sasl; fix checksrc warnings 2015-11-15 23:15:00 +01:00
Steve Holme
ee04bee82b oauth2: Support OAUTHBEARER failures sent as continuation responses
According to RFC7628 a failure message may be sent by the server in a
base64 encoded JSON string as a continuation response.

Currently only implemented for OAUTHBEARER and not XAUTH2.
2015-11-15 20:11:53 +00:00
Steve Holme
febda2f305 oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
OAUTHBEARER is now the official "registered" SASL mechanism name for
OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some
servers won't support the new mechanism yet.
2015-11-14 10:28:05 +00:00
Sebastian Pohlschmidt
ad2d517545 openssl: Free modules on cleanup
Curl_ossl_init calls OPENSSL_load_builtin_modules() but
Curl_ossl_cleanup doesn't make a call to free these modules.

Bug: https://github.com/bagder/curl/issues/526
2015-11-13 16:11:41 -05:00
Daniel Stenberg
64e959ffe3 cleanup: general removal of TODO (and similar) comments
They tend to never get updated anyway so they're frequently inaccurate
and we never go back to revisit them anyway. We document issues to work
on properly in KNOWN_BUGS and TODO instead.
2015-11-13 16:15:26 +01:00
Daniel Stenberg
86e2197337 ftplistparser: remove empty function 2015-11-13 16:12:18 +01:00
Daniel Stenberg
6c20a87105 openssl: remove #if check for 0.9.7 for ENGINE_load_private_key 2015-11-13 15:55:52 +01:00
Daniel Stenberg
b430d94fb2 openssl: all supported versions have X509_STORE_set_flags
Simplify by removing #ifdefs and macros
2015-11-13 15:52:39 +01:00
Daniel Stenberg
0755308a6a openssl: remove 0.9.3 check 2015-11-13 15:51:46 +01:00
Daniel Stenberg
53b13d0c71 openssl: remove #ifdefs for < 0.9.5 support
We only support >= 0.9.7
2015-11-13 15:49:49 +01:00
Daniel Stenberg
431ba85829 lib/vtls/openssl: remove unused traces of yassl ifdefs 2015-11-13 15:48:04 +01:00
dfandrich
d7e352402c unit1603: Added unit tests for hash functions 2015-11-12 22:49:32 +01:00
Steve Holme
1f82df9146 sasl: Re-introduced XOAUTH2 in the default enabled authentication mechanism
Following the fix in commit d6d58dd558 it is necessary to re-introduce
XOAUTH2 in the default enabled authentication mechanism, which was
removed in commit 7b2012f262, otherwise users will have to specify
AUTH=XOAUTH2 in the URL.

Note: OAuth 2.0 will only be used when the bearer is specified.
2015-11-12 19:45:24 +00:00
Stefan Bühler
077fd8f1fa sasl_sspi: fix identity memory leak in digest authentication 2015-11-12 19:11:40 +00:00
Stefan Bühler
b6baa108fa sasl_sspi: fixed unicode build for digest authentication
Closes #525
2015-11-12 19:11:40 +00:00
Steve Holme
88702ebb31 oauth2: Re-factored OAuth 2.0 state variable 2015-11-12 18:25:33 +00:00
Steve Holme
d6d58dd558 sasl: Don't choose OAuth 2.0 if mechanism not advertised
Regression from commit 9e8ced9890 which meant if --oauth2-bearer was
specified but the SASL mechanism wasn't supported by the server then
the mechanism would be chosen.
2015-11-12 18:25:33 +00:00
Steve Holme
dcf5b614ca oauth2: Introduced support for host and port details
Added support to the OAuth 2.0 message function for host and port, in
order to accommodate the official OAUTHBEARER SASL mechanism which is
to be added shortly.
2015-11-11 22:26:21 +00:00
Steve Holme
6479f5a076 curl_setup.h: Removed duplicate CURL_DISABLE_RTSP when HTTP_ONLY defined 2015-11-11 22:19:39 +00:00
Steve Holme
d64add3c71 cmake: Add missing feature macros in config header (Part 2)
In addition to commit a215381c94 added the RTSP, RTMP and SMB protocols.
2015-11-11 22:18:24 +00:00
Douglas Creager
a215381c94 cmake: Add missing feature macros in config header
The curl_config.h file can be generated either from curl_config.h.cmake
or curl_config.h.in, depending on whether you're building using CMake or
the autotools.  The CMake template header doesn't include entries for
all of the protocols that you can disable, which (I think) means that
you can't actually disable those protocols when building via CMake.

Closes #523
2015-11-10 22:38:52 +01:00
Douglas Creager
3e0d64d075 BoringSSL: Work with stricter BIO_get_mem_data()
BoringSSL implements `BIO_get_mem_data` as a function, instead of a
macro, and expects the output pointer to be a `char **`.  We have to add
an explicit cast to grab the pointer as a `const char **`.

Closes #524
2015-11-10 22:34:07 +01:00
Daniel Stenberg
01b7d8274c http2: rectify the http2 version #if check
We need 1.0.0 or later. Also verified by configure.
2015-11-10 09:10:46 +01:00
Steve Holme
7023d8aa37 oauth2: Don't use XAUTH2 in OAuth 2.0 function name 2015-11-09 22:25:09 +00:00
Steve Holme
eaa98cef8d oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
Steve Holme
4e3d396900 oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
When referring to OAuth 2.0 we should use the official name rather the
SASL mechanism name.
2015-11-09 22:25:08 +00:00
Daniel Stenberg
f54a4aa9a3 imap: avoid freeing constant string
The fix in 1a614c6c3 was wrong and would leed to free() of a fixed
string.

Pointed-out-by: Kamil Dudka
2015-11-09 10:54:55 +01:00
Justin Ehlert
23b8fc15c8 imap: Don't check for continuation when executing a CUSTOMREQUEST
Bug: https://github.com/bagder/curl/issues/486
Closes https://github.com/bagder/curl/pull/487
2015-11-08 12:12:33 +00:00
Daniel Stenberg
e3c85405d0 imap: checksrc: remove space after while before paren 2015-11-07 23:21:29 +01:00
Daniel Stenberg
2581585961 checksrc.whitelist: "missing space after close paren"
... when it was within a string!
2015-11-07 23:20:50 +01:00
Steve Holme
23c4090fd3 imap: Quote other 'atom-specials' and not just the space character
Closes #517
2015-11-07 11:59:32 +00:00
Steve Holme
50bff12ac8 imap: Fixed double quote in LIST command when mailbox contains spaces 2015-11-07 11:20:34 +00:00
Daniel Stenberg
1a614c6c37 imap: fix compiler warning
imap.c:657:13: error: assignment discards 'const' qualifier from pointer
target type [-Werror=discarded-qualifiers]
2015-11-06 23:44:27 +01:00
Steve Holme
505d966850 imap: Don't call imap_atom() when no mailbox specified in LIST command 2015-11-06 21:49:26 +00:00
Jay Satiro
cd3aba1a5c getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
- Set user info param to the socket returned by Curl_getconnectinfo,
regardless of if the socket is bad. Effectively this means the user info
param now will receive CURL_SOCKET_BAD instead of -1 on bad socket.

- Remove incorrect comments.

CURLINFO_ACTIVESOCKET is documented to write CURL_SOCKET_BAD to user
info param but prior to this change it wrote -1.

Bug: https://github.com/bagder/curl/pull/518
Reported-by: Marcel Raad
2015-11-06 00:30:16 -05:00
Patrick Monnerat
f6fbbd6dc3 curl_ntlm_core: fix 2 curl_off_t constant overflows. 2015-11-05 15:20:43 +01:00
Lauri Kasanen
3bd7f28000 rawstr: Speed up Curl_raw_toupper by 40%
Rationale: when starting up a curl-using app, all cookies from the jar
are checked against each other. This was causing a startup delay in the
Fifth browser.

All tests pass.

Signed-off-by: Lauri Kasanen <cand@gmx.com>
2015-11-02 22:57:13 +01:00
Daniel Stenberg
3f7b1bb89f http redirects: %-encode bytes outside of ascii range
Apparently there are sites out there that do redirects to URLs they
provide in plain UTF-8 or similar. Browsers and wget %-encode such
headers when doing a subsequent request. Now libcurl does too.

Added test 1138 to verify.

Closes #473
2015-11-02 12:48:03 +01:00
Daniel Stenberg
ca5f9341ef formadd: support >2GB files on windows
Closes #425
2015-11-02 08:41:46 +01:00
Daniel Stenberg
49a991346e curl.h: s/HTTPPOST_/CURL_HTTPOST_
Fixes a name space pollution at the cost of programs using one of these
defines will no longer compile. However, the vast majority of libcurl
programs that do multipart formposts use curl_formadd() to build this
list.

Closes #506
2015-10-31 22:51:20 +01:00
Daniel Stenberg
fbf09b7775 mbedtls: fix "Structurally dead code"
CID 1332129
2015-10-29 22:59:27 +01:00
Daniel Stenberg
f6ce8c9abb mbedtls: fix "Logically dead code"
CID 1332128
2015-10-29 22:57:09 +01:00
Daniel Stenberg
4c62066cec Revert "openssl: engine: remove double-free"
This reverts commit 370ee919b3.

Issue #509 has all the details but it was confirmed that the crash was
not due to this, so the previous commit was wrong.
2015-10-29 14:59:11 +01:00
Daniel Stenberg
370ee919b3 openssl: engine: remove double-free
After a successful call to SSL_CTX_use_PrivateKey(), we must not call
EVP_PKEY_free() on the key.

Reported-by: nased0
Closes #509
2015-10-27 13:45:25 +01:00
Jay Satiro
e2f430c74a socks: Fix incorrect port numbers in failed connect messages 2015-10-27 02:39:00 -04:00
Daniel Stenberg
03b6e07816 polarssl/mbedtls: fix name space pollution
Global private symbols MUST start with Curl_!
2015-10-23 16:14:29 +02:00
Dmitry S. Baikov
6288cb9304 mbedTLS: THREADING_SUPPORT compilation fix
Closes #505
2015-10-23 16:05:25 +02:00
Kurt Fankhauser
529f9310b1 ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size
This allows FTP transfers with growing (or shrinking) files without
causing a transfer error.

Closes #480
2015-10-23 14:57:30 +02:00
Daniel Stenberg
d31ed6ac71 http2: s/priority/weight 2015-10-23 08:22:38 +02:00
Daniel Stenberg
419d410ca0 http2: on_frame_recv: trust the conn/data input
Removed wrong assert()s

The 'conn' passed in as userdata can be used and there can be other
sessionhandles ('data') than the single one this checked for.
2015-10-23 08:22:38 +02:00
Daniel Stenberg
3042cb5043 http2: added three stream prio/deps options
CURLOPT_STREAM_DEPENDS

CURLOPT_STREAM_DEPENDS_E

CURLOPT_STREAM_PRIORITY
2015-10-23 08:22:38 +02:00
m-gardet
ace68fdc0c mbedtls:new profile with RSA min key len = 1024.
Closes #502
2015-10-22 15:28:57 +02:00
Daniel Stenberg
9744ef2289 checksrc: add crude // detection 2015-10-21 23:18:04 +02:00
Gisle Vanem
c238d4da1b build: fix for MSDOS/djgpp
- Add a VPATH-statement for the vtls/*.c files.

- Due to 'vtls/*.c', remove that subdir part from $(OBJECTS).
2015-10-21 13:00:52 -04:00
Daniel Stenberg
5fecdc26f7 copyrights: update Gisle Vanem's email 2015-10-20 13:33:01 +02:00
Daniel Stenberg
257a1c0d14 vtls: fix compiler warning for TLS backends without sha256
... noticed with mbedTLS.
2015-10-20 08:12:44 +02:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Tim Rühsen
e77b5b7453 cookies: Add support for Mozilla's Publix Suffix List
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.

The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.

Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
2015-10-17 16:37:49 +02:00
Anders Bakken
2b98cb57c4 http2: Don't pass unitialized name+len pairs to nghttp2_submit_request
bug introduced by 1869164293.

Closes #493
2015-10-16 23:46:03 +02:00
Daniel Stenberg
443e81ea47 multi: fix off-by-one finit[] array size
introduced in c6aedf680f. It needs to be CURLM_STATE_LAST big since it
must hande the range 0 .. CURLM_STATE_MSGSENT (18) and CURLM_STATE_LAST
is 19 right now.

Reported-by: Dan Fandrich
Bug: http://curl.haxx.se/mail/lib-2015-10/0069.html
2015-10-16 22:42:56 +02:00
Daniel Stenberg
c6aedf680f fread_func: move callback pointer from set to state struct
... and assign it from the set.fread_func_set pointer in the
Curl_init_CONNECT function. This A) avoids that we have code that
assigns fields in the 'set' struct (which we always knew was bad) and
more importantly B) it makes it impossibly to accidentally leave the
wrong value for when the handle is re-used etc.

Introducing a state-init functionality in multi.c, so that we can set a
specific function to get called when we enter a state. The
Curl_init_CONNECT is thus called when switching to the CONNECT state.

Bug: https://github.com/bagder/curl/issues/346

Closes #346
2015-10-15 23:32:19 +02:00
Erik Johansson
3ad83bc3a6 openssl: Fix set up of pkcs12 certificate verification chain
sk_X509_pop will decrease the size of the stack which means that the loop would
end after having added only half of the certificates.

Also make sure that the X509 certificate is freed in case
SSL_CTX_add_extra_chain_cert fails.
2015-10-11 23:14:04 +02:00
Daniel Stenberg
13ddb9e54a ntlm: error out without 64bit support as the code needs it
It makes it a clearer message for developers reaching that point without
the necessary support.

Thanks-by: Jay Satiro

Closes #78
2015-10-09 23:51:54 +02:00
Daniel Stenberg
7715a70ba2 curl_global_init: set the memory function pointers correct
follow-up from 6f8ecea0
2015-10-09 16:13:54 +02:00
Daniel Stenberg
6f8ecea059 curl_global_init_mem: set function pointers before doing init
... as in the polarssl TLS backend for example it uses memory functions.
2015-10-09 16:04:11 +02:00
Jay Satiro
048f84637f http2: Fix http2_recv to return -1 if recv returned -1
If the underlying recv called by http2_recv returns -1 then that is the
value http2_recv returns to the caller.
2015-10-09 00:29:25 -04:00
Daniel Stenberg
8256b44e5a ntlm: get rid of unconditional use of long long
... since some compilers don't have it and instead use other types, such
as __int64.

Reported by: gkinseyhpw
Closes #478
2015-10-08 12:31:06 +02:00
Anders Bakken
da2d3b5805 des: Fix header conditional for Curl_des_set_odd_parity
Follow up to 613e502.
2015-10-08 02:07:12 -04:00
Jay Satiro
69ea579700 getinfo: Fix return code for unknown CURLINFO options
- If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION.

Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on
unknown. That return value is contradicted by the CURLINFO option
documentation which specifies a return of CURLE_UNKNOWN_OPTION on
unknown.
2015-10-04 17:29:43 -04:00
Orange Tsai
5bf36ea30d gopher: don't send NUL byte
Closes #466
2015-10-01 18:15:11 +02:00
Thorsten Schöning
8fd190c04f win32: make recent Borland compilers use long long 2015-09-30 00:03:35 +02:00
Michael Kalinin
69b89050d4 openssl: Fix algorithm init
- Change algorithm init to happen after OpenSSL config load.

Additional algorithms may be available due to the user's config so we
initialize the algorithms after the user's config is loaded.

Bug: https://github.com/bagder/curl/issues/447
Reported-by: Denis Feklushkin
2015-09-28 22:47:25 -04:00
Daniel Stenberg
af90becf4b http2: set TCP_NODELAY unconditionally
For a single-stream download from localhost, we managed to increase
transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of
this single fix.
2015-09-27 23:23:58 +02:00
Daniel Stenberg
46ad4f7f93 http2: avoid superfluous Curl_expire() calls
... only call it when there is data arriving for another handle than the
one that is currently driving it.

Improves single-stream download performance quite a lot.

Thanks-to: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html
2015-09-27 23:23:33 +02:00
Daniel Stenberg
790d6de485 readwrite_data: set a max number of loops
... as otherwise a really fast pipe can "lock" one transfer for some
protocols, like with HTTP/2.
2015-09-27 20:48:35 +02:00
Daniel Stenberg
32fc638ddf FTP: fix uploading ASCII with unknown size
... don't try to increase the supposed file size on newlines if we don't
know what file size it is!

Patch-by: lzsiga
2015-09-26 23:36:25 +02:00
Tatsuhiro Tsujikawa
119037325d build: fix failures with -Wcast-align and -Werror
Closes #457
2015-09-26 23:10:20 +02:00
Mike Crowe
5f87906e0e gnutls: Report actual GnuTLS error message for certificate errors
If GnuTLS fails to read the certificate then include whatever reason it
provides in the failure message reported to the client.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-23 13:44:40 +02:00
Mike Crowe
6b56901b56 gnutls: Support CURLOPT_KEYPASSWD
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22 17:30:33 +02:00
Daniel Stenberg
7362008c1c CURLINFO_TLS_SESSION: always return backend info
... even for those that don't support providing anything in the
'internals' struct member since it offers a convenient way for
applications to figure this out.
2015-09-22 17:21:37 +02:00