1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-22 08:08:50 -05:00
Commit Graph

27190 Commits

Author SHA1 Message Date
Michael Kolechkin
dd2bb48552
sectransp: allow cipher name to be specified
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize the array of specs with
cipher number, name, alias, and 'weak' flag.

Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.

Closes #6464
2021-04-21 12:00:22 +02:00
Michael Kolechkin
df44138b1f
NSS: add ciphers to map
Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c

Closes #6670
2021-04-21 11:50:20 +02:00
Daniel Stenberg
d8c4cdecb7
http2: remove DEBUG_HTTP2
Accidentally committed in 605e84235
2021-04-21 11:34:10 +02:00
Ralph Langendam
1cba36d216
cmake: make libcurl library output name configurable
Closes #6899
2021-04-21 10:03:07 +02:00
Daniel Stenberg
415d6fa7da
sws: #ifdef S_IFSOCK use
SCO OpenServer 5.0.7 does not define S_IFSOCK.

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0074.html
Closes #6926
2021-04-21 09:35:31 +02:00
Daniel Stenberg
0594c00621
curl_setup: provide the shutdown flags wider
By using #ifdef on the symbol names to work on anything that don't
provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either
SHUT_RDWR, SHUT_RD, and SHUT_WR.

Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0073.html
Closes #6925
2021-04-21 09:24:46 +02:00
Daniel Stenberg
355aae5b7f
connect: use CURL_SA_FAMILY_T for portability
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0071.html

Closes #6918
2021-04-21 09:22:37 +02:00
Daniel Stenberg
04488851e2
urlapi: make sure no +/- signs are accepted in IPv4 numericals
Follow-up to 56a037cc0a. Extends test 1560 to verify.

Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917
2021-04-21 09:17:55 +02:00
Daniel Stenberg
9cb48457c6
ConnectionExists: respect requests for h1 connections better
... for situations when multiplexing isn't enabled on the h2 connection
and h1 is explicitly requested for the transfer.

Assisted-by: Gergely Nagy
2021-04-21 08:20:24 +02:00
Daniel Stenberg
9c18c0b4dd
multi: don't close connection HTTP_1_1_REQUIRED
The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open a
new connection instead.
2021-04-21 08:20:24 +02:00
Daniel Stenberg
605e842355
http2: move the stream error field to the per-transfer storage
Storing a stream error in the per-connection struct was an error that lead to
race conditions as subsequent stream handling could overwrite the error code
before it was used for the stream with the actual problem.

Closes #6910
2021-04-21 08:20:24 +02:00
Daniel Stenberg
252790c533
http2: call the handle-closed function correctly on closed stream
This was this one condition where the stream could be closed due to an
error and the function would still wrongly just return 0 for it.

Reported-by: Gergely Nagy
Fixes #6862
Closes #6910
2021-04-21 08:20:24 +02:00
Daniel Stenberg
6b97f1311a
test1660: check the created HSTS file as text mode
Closes #6922
2021-04-21 08:18:52 +02:00
Daniel Stenberg
6bdc96fee9
RELEASE-NOTES: synced 2021-04-20 11:51:53 +02:00
Daniel Stenberg
7569518e92
test 493: require https in curl to run
Closes #6927
2021-04-20 10:01:19 +02:00
Jay Satiro
711879ca7c tool_operate: don't discard failed parallel transfer result
- Save a parallel transfer's result code only when it fails and the
  transfer is not being retried.

Prior to this change the result code was always set which meant that a
failed result could be erroneously discarded if a different transfer
later had a successful result (CURLE_OK).

Before:

> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
0

After:

> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
22

Closes #xxxx
2021-04-20 01:51:56 -04:00
Georeth Zhou
6e3f2febcb openssl: fix build error with OpenSSL < 1.0.2
Closes https://github.com/curl/curl/pull/6920
2021-04-20 00:08:36 -04:00
Viktor Szakats
b97718ab19
README.md: delete Codacy UTM parameters & follow permanent redirect [ci skip]
UTM parameters leak referrer and various marketing/tracking information
even if these would normally be stripped by website or client policy.
This link also works fine without them. Also took the opportunity to
update the URL to the one pointed to by the previous one via permanent
redirect.

Reviewed-by: Daniel Stenberg
Closes #6919
2021-04-19 22:26:48 +00:00
Daniel Stenberg
56a037cc0a
urlapi: "normalize" numerical IPv4 host names
When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different ways:
a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).

Instead of passing on the name as-is and leaving the handling to the
underlying name functions, which made them not work with c-ares but work
with getaddrinfo, this change now makes the curl URL API itself detect
and "normalize" host names specified as IPv4 numericals.

The WHATWG URL Spec says this is an okay way to specify a host name in a
URL. RFC 3896 does not allow them, but curl didn't prevent them before
and it seems other RFC 3896-using tools have not either. Host names used
like this are widely supported by other tools as well due to the
handling being done by getaddrinfo and friends.

I decided to add the functionality into the URL API itself so that all
users of these functions get the benefits, when for example wanting to
compare two URLs. Also, it makes curl built to use c-ares now support
them as well and make curl builds more consistent.

The normalization makes HTTPS and virtual hosted HTTP work fine even
when curl gets the address specified using one of the "obscure" formats.

Test 1560 is extended to verify.

Fixes #6863
Closes #6871
2021-04-19 08:34:55 +02:00
Daniel Stenberg
2426fa49ea
libssh: fix "empty expression statement has no effect" warnings
... by fixing macros to do-while constructs and moving out the calls to
"break" outside of the actual macro. It also fixes the problem where the
macro was used witin a loop and the break didn't do right.

Reported-by: Emil Engler
Fixes #6847
Closes #6909
2021-04-19 08:30:04 +02:00
Daniel Stenberg
d71ff2b9db
hsts: enable by default
No longer considered experimental.

Closes #6700
2021-04-19 08:22:16 +02:00
Daniel Stenberg
eff614fb02
vtls: refuse setting any SSL version
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.

Closes #6773
2021-04-19 08:16:02 +02:00
Daniel Stenberg
cf65d4237e
curl: ignore options asking for SSLv2 or SSLv3
Instead output a warning about it and continue with the defaults.

These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.

In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.

Closes #6772
2021-04-19 08:14:05 +02:00
Daniel Stenberg
6fc805d0c1
test972: verify the json output with jsonlint
Make sure one of the azure jobs has jsonlint installed so that the test
runs there.

Ref: #6905
2021-04-17 11:03:40 +02:00
Jay Satiro
2f78be51eb
tool_writeout: fix the HTTP_CODE json output
Update test 970 accordingly.

Reported-by: Michal Rus
Fixes #6905
Closes #6906
2021-04-17 11:03:30 +02:00
Daniel Stenberg
2cd2686129
openldap: protect SSL-specific code with proper #ifdef
Closes #6901
2021-04-15 23:31:41 +02:00
Daniel Stenberg
b532d35b5c
libssh2: fix Value stored to 'sshp' is never read
Pointed out by scan-build

Closes #6900
2021-04-15 22:43:35 +02:00
Victor Vieux
0d7c55bd57
tool_getparam: replace (in-place) '%20' by '+' according to RFC1866
Signed-off-by: Victor Vieux <victorvieux@gmail.com>

Closes #6895
2021-04-15 13:45:12 +02:00
Daniel Stenberg
7bdec2a08b
configure: provide --with-openssl, deprecate --with-ssl
Makes the option more explicit.

Closes #6887
2021-04-15 09:08:34 +02:00
Daniel Stenberg
ccaaa534d0
RELEASE-NOTES: synced
and bumped curlver to 7.77.0
2021-04-15 08:24:19 +02:00
Javier Blazquez
40d2d39f86
rustls: only return CURLE_AGAIN when TLS session is fully drained
The code in cr_recv was returning prematurely as soon as the socket
reported no more data to read. However, this could be leaving some
unread plaintext data in the rustls session from a previous call,
causing causing the transfer to hang if the socket never receives
further data.

We need to ensure that the session is fully drained of plaintext data
before returning CURLE_AGAIN to the caller.

Reviewed-by: Jacob Hoffman-Andrews
Closes #6894
2021-04-15 08:19:49 +02:00
Daniel Stenberg
520bd5225c
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.

Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
2021-04-14 23:09:36 +02:00
Daniel Stenberg
566b74a0e1
RELEASE-NOTES: synced
curl 7.76.1 release
2021-04-14 07:56:23 +02:00
Daniel Stenberg
aba89ca236
THANKS: add names from 7.76.1 2021-04-13 14:32:30 +02:00
Daniel Stenberg
95d525a9e1
misc: update copyright year ranges to match latest updates 2021-04-13 14:32:30 +02:00
Tatsuhiro Tsujikawa
f141b0bbf7
ngtcp2: Use ALPN h3-29 for now
Fixes #6864
Cloes #6886
2021-04-13 14:22:32 +02:00
Jay Satiro
0409c12ae7 TODO: remove 18.22 --fail-with-body
--fail-with-body was added in 8a964cb (precedes curl-7_76_0).
2021-04-11 00:36:13 -04:00
Jürgen Gmach
c6e213e584
src/tool_vms.c: remove duplicated word in comment
Closes #6881
2021-04-10 11:43:18 +02:00
Daniel Stenberg
d0c196618e
configure: fix CURL_DARWIN_CFLAGS use
The macro name change was not completely done.

Follow-up to 5d2c384452
Bug: 5d2c384452 (commitcomment-49315187)
Reported-by: Marcel Raad
Closes #6878
2021-04-09 17:09:08 +02:00
Anthony Shaw
2908a8232c
github/workflow: add "security-extended" to codeql-analysis.yml
Extends the CodeQL code scan.

Closes #6815
2021-04-09 15:46:31 +02:00
Jochem Broekhoff
255bdfe65c
examples/hiperfifo.c: check event_initialized before delete
If event_del is called with the event struct (still) zeroed out, a
segmentation fault may occur.  event_initialized checks whether the
event struct is nonzero.

Closes #6876
2021-04-09 11:44:21 +02:00
Patrick Monnerat
9c1e1a6105
ntlm: fix negotiated flags usage
According to Microsoft document MS-NLMP, current flags usage is not
accurate: flag NTLMFLAG_NEGOTIATE_NTLM2_KEY controls the use of
extended security in an NTLM authentication message and NTLM version 2
cannot be negotiated within the protocol.

The solution implemented here is: if the extended security flag is set,
prefer using NTLM version 2 (as a server featuring extended security
should also support version 2). If version 2 has been disabled at
compile time, use extended security.

Tests involving NTLM are adjusted to this new behavior.

Fixes #6813
Closes #6849
2021-04-09 09:40:56 +02:00
Patrick Monnerat
cca455a36b
ntlm: support version 2 on 32-bit platforms
Closes #6849
2021-04-09 09:40:49 +02:00
Patrick Monnerat
10514d0076
curl_ntlm_core.h: simplify conditionals for USE_NTLM2SESSION
... as !defined(CURL_DISABLE_CRYPTO_AUTH) is a prerequisite for the
whole NTLM.

Closes #6849
2021-04-09 09:40:36 +02:00
Daniel Stenberg
c502b47f1f
lib: remove unused HAVE_INET_NTOA_R* defines
Closes #6867
2021-04-08 16:33:29 +02:00
Michael Forney
eaa1d73229
configure: include <time.h> unconditionally
In 2682e5f5, several instances of AC_HEADER_TIME were removed since
it is a deprecated autoconf macro. However, this was the macro that
defined TIME_WITH_SYS_TIME, which was used to indicate that <time.h>
can be included alongside <sys/time.h>. TIME_WITH_SYS_TIME is still
used in the configure test body and since it is no longer defined,
<time.h> is *not* included on systems that have <sys/time.h>.

In particular, at least on musl libc and glibc, <sys/time.h> does
not implicitly include <time.h> and does not declare clock_gettime,
gmtime_r, or localtime_r. This causes configure to fail to detect
those functions.

The AC_HEADER_TIME macro deprecation text says

> All current systems provide time.h; it need not be checked for.
> Not all systems provide sys/time.h, but those that do, all allow
> you to include it and time.h simultaneously.

So, to fix this issue, simply include <time.h> unconditionally when
testing for time-related functions and in libcurl, and don't bother
checking for it.

Closes #6859
2021-04-07 16:08:01 +02:00
Michael Forney
812fce9dcf
configure: remove use of RETSIGTYPE
This was previously defined by the obsolete AC_TYPE_SIGNAL macro,
which was removed in 2682e5f5. The deprecation text says

> Your code may safely assume C89 semantics that RETSIGTYPE is void.

So, remove it and just use void instead.

Closes #6861
2021-04-07 16:01:05 +02:00
Muhammed Yavuz Nuzumlalı
694eab18bc
install: add instructions for Apple Darwin platforms
Closes #6860
2021-04-07 15:54:32 +02:00
Muhammed Yavuz Nuzumlalı
5d2c384452
configure: disable min version set for Darwin
Fixes #6838
Closes #6860
2021-04-07 15:54:02 +02:00
David Hu
3be5ebf303
docs/HTTP3.md: update the build instruction using gnutls
In ngtcp2 the `with-gnutls` option is disabled by default, which will
cause `curl` unable to be `make` because of lacking the libraries
needed.

Closes #6857
2021-04-07 09:02:33 +02:00