1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 06:25:03 -05:00
Commit Graph

807 Commits

Author SHA1 Message Date
Jay Satiro
c1071283e8 configure: Allow disabling pthreads, fall back on Win32 threads
When the threaded resolver option is specified for configure the default
thread library is pthreads. This change makes it possible to
--disable-pthreads and then configure can fall back on Win32 threads for
native Windows builds.

Closes https://github.com/curl/curl/pull/1260
2017-02-14 02:36:20 -05:00
Marcus Hoffmann
7ba8020c46 gnutls: check for alpn and ocsp in configure
Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during
configure instead of relying on the version number.  GnuTLS has options
to turn these features off and we ca just work with with such builds
like we work with older versions.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>

Closes #1204
2017-01-13 09:54:55 +01:00
Daniel Stenberg
0bc24d6f9d configure: accept --with-libidn2 instead
... which the help text already implied since we switched to libidn2
from libidn in commit 9c91ec7781 back in October 2016.

Reported-by: Christian Weisgerber
Bug: https://curl.haxx.se/mail/lib-2016-12/0110.html
2016-12-25 01:14:55 +01:00
Daniel Stenberg
a8ab99766f cmdline-opts: include the man page split up files in the dist 2016-12-17 00:23:04 +01:00
Okhin Vasilij
a4b2f7aafd curl_version_info: add CURL_VERSION_HTTPS_PROXY
Closes #1142
2016-11-26 17:28:53 +01:00
Daniel Stenberg
f9de7c405f openssl: RAND_status always exists in OpenSSL >= 0.9.7
and remove RAND_screen from configure since nothing is using that
function
2016-11-11 13:44:09 +01:00
Daniel Stenberg
9c91ec7781 idn: switch to libidn2 use and IDNA2008 support
CVE-2016-8625

Bug: https://curl.haxx.se/docs/adv_20161102K.html
Reported-by: Christian Heimes
2016-10-31 08:46:35 +01:00
Daniel Stenberg
4f8d0b6f02 configure: set min version flags for builds on mac
This helps building binaries that can work on multiple macOS versions.

Help-by: Martin Storsjö

Fixes #1069
2016-10-20 10:17:04 +02:00
Daniel Stenberg
0f1996321f s/cURL/curl
The tool was never called cURL, only the project. But even so, we have
more and more over time switched to just use lower case.
2016-10-18 13:59:54 +02:00
Dan Fandrich
1e7b79731b configure: Fixed builds with libssh2 in a custom location
A libssh2 library in the standard system location was being used in
preference to the desired one while linking.
2016-09-24 08:52:01 +02:00
Daniel Stenberg
de71e68000 openssl: don’t call CRYTPO_cleanup_all_ex_data
The OpenSSL function CRYTPO_cleanup_all_ex_data() cannot be called
multiple times without crashing - and other libs might call it! We
basically cannot call it without risking a crash. The function is a
no-op since OpenSSL 1.1.0.

Not calling this function only risks a small memory leak with OpenSSL <
1.1.0.

Bug: https://curl.haxx.se/mail/lib-2016-09/0045.html
Reported-by: Todd Short
2016-09-19 11:33:14 +02:00
Nick Zitzmann
d086b2394c configure: change "iOS/Mac OS X native" to "Apple OS native"
Since I first wrote that text, Apple introduced tvOS and watchOS, and renamed "Mac OS X" to "macOS." Let's make the text a little more inclusive, since curl can be built for all four operating systems.
2016-09-18 14:50:17 -05:00
Daniel Stenberg
a71c9d4c40 configure: detect zlib with our pkg-config macros
... instead of relying on the pkg-config autoconf macros to be present.

Fixes #972 (again...)
2016-08-25 08:47:43 +02:00
Daniel Stenberg
95ded2c569 configure: make it work without PKG_CHECK_MODULES
With commit c2f9b78 we added a new dependency on pkg-config for
developers which may be unwanted. This change make the configure script
still work as before if pkg-config isn't installed, it'll just use the
old zlib detection logic without pkg-config.

Reported-by: Marc Hörsken

Fixes #972
2016-08-21 23:34:48 +02:00
Marc Hoersken
8f7f5a8b06 configure.ac: add missing quotes to PKG_CHECK_MODULES 2016-08-20 19:49:51 +02:00
Dambaev Alexander
c2f9b78afe configure.ac: add zlib search with pkg-config
Closes #956
2016-08-12 08:22:58 +02:00
Bill Nagel
497e7c9d34 mbedtls: Added support for NTLM 2016-08-03 19:33:59 +01:00
Daniel Stenberg
91697d22a8 configure: don't specify .lib for libs on windows
Another follow up for crypt32.lib linking with winssl
2016-06-22 14:23:46 +02:00
Daniel Stenberg
5c24fc7768 configure: fix winssl LIBS change typo
follow-up from 120bf29e
2016-06-22 13:50:56 +02:00
Daniel Stenberg
120bf29ef2 configure: add crypt32.lib for winssl builds
Necessary since 6cabd78531
2016-06-22 11:57:25 +02:00
Irfan Adilovic
4b639dbc74 configure: ac_cv_ -> curl_cv_ for r/w vars
These configure vars are modified in a curl-specific way and modified by
the configure process, but are never loaded from cache, even though they
are designated as _cv_. We should implement proper AC_CACHE_CHECKs for
them eventually.
2016-04-21 23:08:28 +02:00
Irfan Adilovic
14c8b45528 configure: ac_cv_ -> curl_cv_ for all cached vars
This was automated by:

sed -b -i -f <(ack -A1 AC_CACHE_CHECK | \
               ack -o 'ac_cv_.*?\b' | \
               sort -u | xargs -n1 bash -c \
                    'echo "s/$0/curl_cv_${0#ac_cv_}/g"') \
    $(git ls-files)

This only changed the prefix for 16 variables actually checked with
AC_CACHE_CHECK.
2016-04-21 23:08:28 +02:00
Daniel Stenberg
fb823d24f1 configure: remove check for libresolve
'strncasecmp' was once provided by libresolv (no trailing e) for SunOS,
but this check is broken and most likely adds nothing useful. Removing
now.

Reported-by: Irfan Adilovic

Discussed in #770
2016-04-18 15:53:24 +02:00
Jay Satiro
7921628714 wolfssl: Use ECC supported curves extension
https://github.com/wolfSSL/wolfssl/issues/366
2016-03-29 19:06:55 -04:00
Jay Satiro
a43b22e05b wolfssl: Add ALPN support 2016-03-28 18:18:09 -04:00
Jay Satiro
3ae77f079a configure: warn on invalid ca bundle or path
- Warn if --with-ca-bundle file does not exist.

- Warn if --with-ca-path directory does not contain certificates.

- Improve help messages for both.

Example configure output:

  ca cert bundle:   /some/file   (warning: certs not found)
  ca cert path:     /some/dir   (warning: certs not found)

Bug: https://github.com/curl/curl/issues/404
Reported-by: Jeffrey Walton
2016-02-25 01:55:38 -05:00
Daniel Stenberg
6b64d735cd configure: state "BoringSSL" in summary when that was detected 2016-02-09 08:46:36 +01:00
David Benjamin
39c803cba2 openssl: remove most BoringSSL #ifdefs.
As of https://boringssl-review.googlesource.com/#/c/6980/, almost all of
BoringSSL #ifdefs in cURL should be unnecessary:

- BoringSSL provides no-op stubs for compatibility which replaces most
  #ifdefs.

- DES_set_odd_parity has been in BoringSSL for nearly a year now. Remove
  the compatibility codepath.

- With a small tweak to an extend_key_56_to_64 call, the NTLM code
  builds fine.

- Switch OCSP-related #ifdefs to the more generally useful
  OPENSSL_NO_OCSP.

The only #ifdefs which remain are Curl_ossl_version and the #undefs to
work around OpenSSL and wincrypt.h name conflicts. (BoringSSL leaves
that to the consumer. The in-header workaround makes things sensitive to
include order.)

This change errs on the side of removing conditionals despite many of
the restored codepaths being no-ops. (BoringSSL generally adds no-op
compatibility stubs when possible. OPENSSL_VERSION_NUMBER #ifdefs are
bad enough!)

Closes #640
2016-02-09 08:46:36 +01:00
Ludwig Nussel
7b55279d1d configure: --with-ca-fallback: use built-in TLS CA fallback
When trying to verify a peer without having any root CA certificates
set, this makes libcurl use the TLS library's built in default as
fallback.

Closes #569
2016-02-08 14:45:58 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Daniel Stenberg
d33dd0b195 configure: update the copyright year range in output 2016-02-02 22:49:05 +01:00
Daniel Stenberg
4bed87f8fa configure: assume IPv6 works when cross-compiled
The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
works, and testing like that doesn't work for cross-compiles. These days
IPv6 support is widespread so a blind guess is probably more likely to
be 'yes' than 'no' now.

Further: anyone who cross-compiles can use configure's --disable-ipv6 to
explicitly disable IPv6 and that also works for cross-compiles.

Made happen after discussions in issue #594
2016-01-12 10:30:54 +01:00
Johannes Schindelin
c208c783f5 configure: detect IPv6 support on Windows
This patch was "nicked" from the MINGW-packages project by Daniel.

9253d0bf58
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
2015-12-20 23:48:25 +01:00
Daniel Stenberg
151da51404 cyassl: deal with lack of *get_peer_certificate
The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.

Also fix the mistake in configure that checks for the wrong lib name.

Closes #566
2015-12-16 10:27:18 +01:00
Daniel Stenberg
1ff3a07be9 wolfssl: handle builds without SSLv3 support 2015-12-16 10:06:09 +01:00
Daniel Shahaf
be0d4141af build: Install zsh completion
Fixes #534
Closes #537
2015-11-24 22:22:01 +01:00
Jay Satiro
72d99f2e7b build: Fix mingw ssl gdi32 order
- If mingw ssl make sure -lgdi32 comes after ssl libs

- Allow PKG_CONFIG to set pkg-config location and options

Bug: https://github.com/bagder/curl/pull/501
Reported-by: Kang Lin
2015-10-23 17:17:54 -04:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Daniel Stenberg
5cf0166636 configure: add PSL to the list of features
... to make test 1014 work again after e77b5b7453.
2015-10-18 00:11:13 +02:00
Tim Rühsen
e77b5b7453 cookies: Add support for Mozilla's Publix Suffix List
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.

The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.

Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
2015-10-17 16:37:49 +02:00
Daniel Stenberg
3771da335b configure: build silently by default
'make V=1' will make the build verbose like before
2015-10-07 14:56:07 +02:00
Mike Crowe
6b56901b56 gnutls: Support CURLOPT_KEYPASSWD
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22 17:30:33 +02:00
Daniel Stenberg
eb8283bb1a configure: check for HMAC_Update in openssl
Turns out HMAC_Init is now deprecated in openssl master (and I spelled
HMAC_Init_ex wrong in previous commit)
2015-08-30 23:21:30 +02:00
Daniel Stenberg
2c12ac8de2 configure: detect latest boringssl
Since boringssl brought back DES_set_odd_parity again, it cannot be used
to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
seems better anyway.

URL: f551028d5c%5E!/
Original-patch-by: Bertrand Simonnet

Closes #393
2015-08-22 00:08:03 +02:00
Daniel Stenberg
30aa38c818 configure: change functions to detect openssl (clones)
... since boringssl moved the former ones and the check started to fail.

URL: f551028d5c%5E!/
Original-patch-by: Bertrand Simonnet
2015-08-22 00:03:56 +02:00
Daniel Stenberg
0b8e9c8522 Revert "configure: disable libidn by default"
This reverts commit e6749055d6.

... since libidn has since been fixed.
2015-08-10 14:54:41 +02:00
Daniel Stenberg
a284b0ebc4 configure: check if OpenSSL linking wants -ldl
To make it easier to link with static versions of OpenSSL, the configure
script now checks if -ldl is needed for linking.

Help-by: TJ Saunders
2015-07-25 10:52:49 +02:00
Michał Fita
cee21eb6a7 configure: add --disable-rt option
This option disables any attempts in configure to create dependency on
stuff requiring linking to librt.so and libpthread.so, in this case this
means clock_gettime(CLOCK_MONOTONIC, &mt).

We were in need to build curl which doesn't link libpthread.so to avoid
the following bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16628.
2015-07-24 00:09:29 +02:00
Daniel Stenberg
e6749055d6 configure: disable libidn by default
For security reasons, until there is a fix.

Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
Reported-by: Gustavo Grieco, Feist Josselin
2015-06-29 23:17:30 +02:00
Tatsuhiro Tsujikawa
4ac6cc3ebd Require nghttp2 v1.0.0
This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
and utilize recent version of nghttp2 to simplify the code,

First we use nghttp2_option_set_no_recv_client_magic function to
detect nghttp2 v1.0.0.  That function only exists since v1.0.0.

Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
validates received header field.  If it found error, RST_STREAM with
PROTOCOL_ERROR is issued.  Since we require v1.0.0, we can utilize
this feature to simplify libcurl code.  This commit does this.

Migration from 0.7 series are done based on nghttp2 migration
document.  For libcurl, we removed the code sending first 24 bytes
client magic.  It is now done by nghttp2 library.
on_invalid_frame_recv callback signature changed, and is updated
accordingly.
2015-05-18 09:33:48 +02:00
Daniel Stenberg
aa8f613e98 configure: follow-up fix for krb5-config
commit 5b66860652 was incomplete so here's a follow-up fix

Reported-by: Dagobert Michelsen
Bug: 5b66860652 (commitcomment-10473445)
2015-04-26 17:04:18 +02:00
Mostyn Bramley-Moore
875a6d9324 configure --with-nss: remove unneeded libs from the fallback 2015-04-20 10:25:07 +02:00
Kamil Dudka
8dc3bbf0f8 configure --with-nss: drop redundant if statement 2015-04-17 16:43:20 +02:00
Kamil Dudka
67a8bbb51a configure --with-nss=PATH: query pkg-config if available
Bug: https://github.com/bagder/curl/pull/171
2015-04-17 16:43:20 +02:00
Jay Satiro
72bea7cc65 cyassl: Include the CyaSSL build config
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
2015-04-11 23:58:42 -04:00
Dagobert Michelsen
5b66860652 configure: Use KRB5CONFIG for krb5-config
Allows the user to easier override its path.

Bug: http://curl.haxx.se/bug/view.cgi?id=1486
2015-03-30 14:19:23 +02:00
Paul Howarth
559e2cc921 build: link curl to openssl libraries when openssl support is enabled
This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.

This is similar to commit c6e7cbb94e,
which fixes the same sort of problem for NSS builds.
2015-03-26 13:23:37 +01:00
Dan Fandrich
7868dc7103 cyassl: detect the library as renamed wolfssl
This change was made in CyaSSL/WolfSSL ver. 3.4.0
2015-03-19 23:51:40 +01:00
Daniel Stenberg
64736dd1be configure: follow-up fix from 709cf76f6
OpenSSL handling was a little broken.
2015-03-05 15:43:38 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
37824498a3 configure: remove detection of the old yassl emulation API
... as that is ancient history and not used.
2015-01-22 23:53:52 +01:00
Daniel Stenberg
e888e30476 BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Daniel Stenberg
3d5648f9ee configure: fix BoringSSL detection and detect libresssl 2015-01-22 22:52:53 +01:00
Daniel Stenberg
eb748f159a BoringSSL: detected by configure, switches off NTLM 2015-01-22 16:39:01 +01:00
Steve Holme
2cc571f9e3 ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
151ae59436 code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
2014-12-27 11:31:55 +00:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Steve Holme
1ac4db23f7 configure: Use camel case for UNIX sockets feature output
To match the curl --version output.
2014-12-26 12:13:44 +00:00
Bill Nagel
526603ff05 smb: Build with SSPI enabled
Build SMB/CIFS protocol support when SSPI is enabled.
2014-12-07 18:36:23 +00:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Steve Holme
2ad1df7327 configure: Fixed inclusion of SMB when no crypto engines available 2014-12-02 18:36:40 +00:00
Bill Nagel
3529903afb smb: Added configuration options for SMB
Added --enable-smb and --disable-smb configuration options for the
upcoming SMB/CIFS protocol support.
2014-11-29 18:10:38 +00:00
Michael Osipov
a4b7f716d3 tool: Use Kerberos for supported features 2014-11-15 14:43:35 +00:00
Steve Holme
676d62fa0e configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
Commit fe0f8967bf fixed a problem with krb5 not being defined as a
supported feature when HAVE_GSSAPI is defined, however, it should
only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
SPNEGO is listed as a feature.
2014-11-11 00:14:33 +00:00
Daniel Stenberg
fe0f8967bf configure: assume krb5 when gss-api works
To please test 1014 while we work out if this is truly the a correct
assumption.
2014-11-10 09:05:56 +01:00
Daniel Stenberg
9dbbba9976 libssh2: detect features based on version, not configure checks
... so that non-configure builds get the correct functions too based on
the libssh2 version used.
2014-11-09 15:43:27 +01:00
Steve Holme
f0d860d35f configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined 2014-11-09 13:11:00 +00:00
Steve Holme
eda919f4dc configure: Added krb5 to the supported features 2014-11-07 10:56:57 +00:00
Daniel Stenberg
e62e77426f configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
... since the conditional in the code are now based on OpenSSL versions
instead to better support non-configure builds.
2014-10-29 22:38:39 +01:00
Tatsuhiro Tsujikawa
da933ee29d Compile with latest nghttp2 2014-08-26 23:02:50 +02:00
Michael Osipov
ee40b6882d configure.ac: Add support for recent GSS-API implementations for HP-UX
By default, configure script assumes that libcurl will use the
HP-supplied GSS-API implementation which does not have krb5-config.
If a dev needs a more recent version which has that config script,
the change will allow to pass an appropriate GSSAPI_ROOT.
2014-08-25 15:09:26 +02:00
Michael Osipov
46750c39bd configure/features: Add feature and version info for GSS-API and SPNEGO 2014-07-23 00:01:39 +02:00
Alessandro Ghedini
c6e7cbb94e build: link curl to NSS libraries when NSS support is enabled
This fixes a build failure on Debian caused by commit
24c3cdce88.

Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
2014-07-18 14:20:42 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Michał Górny
08b27e0892 configure: respect host tool prefix for krb5-config
Use ${host_alias}-krb5-config if available. This improves cross-
compilation support and fixes multilib on Gentoo (at least).
2014-07-14 20:49:28 +02:00
Dan Fandrich
763c51780c netrc: fixed thread safety problem by using getpwuid_r if available
The old way using getpwuid could cause problems in programs that enable
reading from netrc files simultaneously in multiple threads.

Reported-by: David Woodhouse
2014-07-13 00:27:22 +02:00
Daniel Stenberg
b56dff79ad opts: initial makefile
with a bonus first rough 'mancheck' target to see which man pages that
are still missing
2014-06-17 00:29:02 +02:00
Daniel Stenberg
1b89456509 url-parser: only use if_nametoindex if detected by configure
The previous #ifdef detection wasn't good enough.

Bug: http://curl.haxx.se/mail/lib-2014-05/0260.html
Reported-by: Chris Young
2014-05-26 22:10:15 +02:00
Daniel Stenberg
b3d0e4e243 configure: fix the nghttp2 detection when not found 2014-05-24 13:54:28 +02:00
Daniel Stenberg
2ddd69ef9a configure: detect nghttp2 by default 2014-05-23 17:01:14 +02:00
Daniel Stenberg
121bcfee5d configure: add GSS-API to supported features
Bug: http://curl.haxx.se/bug/view.cgi?id=1344
Reported-by: Michael Osipov
2014-05-17 10:24:47 +02:00
Daniel Stenberg
21aae1ec86 configure: add SPNEGO to supported features
Bug: http://curl.haxx.se/bug/view.cgi?id=1343
Reported-by: Michael Osipov
2014-05-17 10:24:47 +02:00
Aaro Koskinen
e48a821ed5 configure: Don't set LD_LIBRARY_PATH when cross-compiling
Most of LD_LIBRARY_PATH adjustments are already guarded, but not all.

The patch fixes cross-compilation failure when libidn is present.
2014-05-07 22:37:26 +02:00
Dan Fandrich
0204e17bc6 cyassl: Use error-ssl.h when available
Versions since at least 2.9.4 renamed error.h to error-ssl.h, so use
whichever one is available.
2014-04-23 11:01:30 +02:00
Daniel Stenberg
a5d7ec1848 configure: use the nghttp2 path correctly with pkg-config
When --with-nghttp2 was used (without a given path), the
PKG_CONFIG_LIBDIR varialbe could get clobbered and ruin a proper
detection of the library.

Reported-by: Dilyan Palauzov
Bug: http://curl.haxx.se/mail/lib-2014-04/0159.html
2014-04-22 00:24:44 +02:00
Dilyan Palauzov
11ce2f2182 configure: fix wrong comment
copy and paste error
2014-04-21 20:12:20 +02:00
Michael Osipov
778e4bb276 configure: call it GSS-API
... since that’s how the RFC calls it.
2014-03-03 11:06:38 +01:00
naota
4548e0fe71 configure: Tiny fix to honor POSIX
Change "==" to "=" to honor POSIX test construction.
2014-02-25 23:29:13 +01:00
Dan Fandrich
184c3e2d37 configure: Fix the --disable-crypto-auth option
It now disables NTLM and GSS authentication methods, and produces
compilable code when SSL is enabled.
2014-02-17 09:50:46 +01:00
Fabian Frank
8b6654224b openssl: add ALPN support
Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the
server, who can respond with either one or none of the two. OpenSSL >=
1.0.2 is required, which means as of today obtaining a snapshot from
ftp://ftp.openssl.org/snapshot/.

See:
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
ba168244a1/ssl/ssl_lib.c (L1787)
2014-02-03 23:46:06 +01:00
Daniel Stenberg
99b4ff8b6f http2-openssl: verify that NPN functionality is present 2014-01-30 11:24:15 +01:00
Michael Osipov
7e0c2c47ab configure: fix gssapi linking on HP-UX
The issue is with HP-UX that is comes with HP flavor of MIT
Kerberos. This means that there is no krb5-config and the lib is called
libgss.so

Bug: http://curl.haxx.se/bug/view.cgi?id=1321
2014-01-16 17:19:54 +01:00
Steve Holme
d237828ebc Bumped copyright year to 2014 2014-01-02 23:53:49 +00:00
Kamil Dudka
865666afca nss: unconditionally require NSS_InitContext()
... since we depend on NSS 3.14+ because of SSL_VersionRangeSet() anyway
2013-12-02 15:00:13 +01:00
Kamil Dudka
30e7e7552b nss: use a better API for controlling SSL version
This change introduces a dependency on NSS 3.14+.
2013-12-02 15:00:13 +01:00
Daniel Stenberg
1f0616ea1a configure: Fix test with -Werror=implicit-function-declaration
The ipv6 auto-detect test in configure returns a false negative when
CFLAGS contains -Werror=implicit-function-declaration. (I have been
using this flag to detect code issues that would result in SEGVs on
x86_64-cygwin.)

Patch-by: Yaakov Selkowitz
Bug: http://curl.haxx.se/bug/view.cgi?id=1304
2013-11-13 19:00:22 -08:00
Daniel Stenberg
a3da0a96e3 configure: check for long long when building with cyassl
cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG

Reported-by: Chris Conlon
2013-10-22 22:55:48 +02:00
Daniel Stenberg
812d49db90 configure: add HTTP2 as a curl-config --feature output
Fixes the test 1014 failure
2013-09-05 12:03:24 +02:00
Daniel Stenberg
9011fb3f0c configure: added --with-nghttp2 2013-09-04 10:04:48 +02:00
Daniel Stenberg
bb55293313 FTP: remove krb4 support
We've announced this pending removal for a long time and we've
repeatedly asked if anyone would care or if anyone objects. Nobody has
objected. It has probably not even been working for a good while since
nobody has tested/used this code recently.

The stuff in krb4.h that was generic enough to be used by other sources
is now present in security.h
2013-08-25 19:16:36 +02:00
Yang Tse
26b0cb6ae2 configure: fix 'subdir-objects' distclean related issue
See XC_AMEND_DISTCLEAN comments for details.
2013-07-18 04:48:33 +02:00
Yang Tse
fe7e3229f8 configure: automake 1.14 compatibility tweak (use XC_AUTOMAKE) 2013-07-09 00:10:38 +02:00
Wouter Van Rooy
68e7fb499d curl-config: don't output static libs when they are disabled
Curl-config outputs static libraries even when they are disabled in
configure.

This causes problems with the build of pycurl.
2013-04-16 16:07:41 +02:00
Daniel Stenberg
edddf394b8 configure: try pthread_create without -lpthread
For libc variants without a spearate pthread lib (like bionic), try
using pthreads without the pthreads lib first and only if that fails try
the -lpthread linker flag.

Bug: http://curl.haxx.se/bug/view.cgi?id=1216
Reported by: Duncan
2013-04-12 22:58:28 +02:00
Daniel Stenberg
32144ca241 configure: remove CURL_CHECK_FUNC_RECVFROM
1 - We don't use the results from the test and we never did. recvfrom()
is only used by the TFTP code and it has not caused any problems.

2 - the CURL_CHECK_FUNC_RECVFROM function is extremely slow
2013-04-08 22:22:43 +02:00
Yang Tse
83a42ee20e curl.h: stricter CURL_EXTERN linkage decorations logic
No API change involved.

Info: http://curl.haxx.se/mail/lib-2013-02/0234.html
2013-03-12 00:27:47 +01:00
Yang Tse
70b5173410 configure: use XC_LIBTOOL for portability across libtool versions 2013-03-08 13:27:45 +01:00
Nick Zitzmann
cc27aff7b3 darwinssl: fix undefined $ssllib warning in runtests.pl
I also added --with-darwinssl to the list of SSL options in configure.
2013-02-24 15:39:15 -07:00
Daniel Stenberg
429820b180 strcasestr: remove check for this unused function 2013-02-23 19:51:05 +01:00
Daniel Stenberg
358c5c0745 strlcat: remove function
This function was only used twice, both in places where performance
isn't crucial (socks + if2ip). Removing the use of this function removes
the need to have our private version for systems without it == reduced
amount of code.

Also, in the SOCKS case it is clearly better to fail gracefully rather
than to truncate the results.

This work was triggered by a bug report on the strcal prototype in
strequal.h.

strlcat was added in commit db70cd28 in February 2001!

Bug: http://curl.haxx.se/bug/view.cgi?id=1192
Reported by: Jeremy Huddleston
2013-02-14 10:41:45 +01:00
Guenter Knauf
c0c334b42a configure: update the copyright years for the output. 2013-02-04 04:47:26 +01:00
Yang Tse
d411402a65 zz40-xc-ovr.m4: 1.0 interface stabilization
- Stabilization results in 4 public interface m4 macros:
  XC_CONFIGURE_PREAMBLE
  XC_CONFIGURE_PREAMBLE_VER_MAJOR
  XC_CONFIGURE_PREAMBLE_VER_MINOR
  XC_CHECK_PATH_SEPARATOR
- Avoid one level of internal indirection
- Update comments
- Drop XC_OVR_ZZ40 macro
2013-01-28 21:29:36 +01:00
Yang Tse
5c28a64e57 configure: use XC_CONFIGURE_PREAMBLE early checks
Some basic checks we make were placed early enough in generated
configure script when using autoconf 2.5X versions. Newer autoconf
versions expand these checks much further into the configure script,
rendering them useless. Using XC_CONFIGURE_PREAMBLE fixes placement
of early intended checks across all our autoconf supported versions.
2013-01-23 14:29:00 +01:00
Yang Tse
9d1effad05 configure: autotools compatibility fixes - step I
Fix proper macro expansion order across autotools versions for
C compiler and preprocessor program checks.
2013-01-20 20:23:20 +01:00
Yang Tse
7ab3ae0bf0 commit bc682cbd follow-up 2013-01-15 19:54:47 +01:00
Yang Tse
16abdd4f39 configure: fix automake 1.13 compatibility
Tested with:

buildconf: autoconf version 2.69
buildconf: autom4te version 2.69
buildconf: autoheader version 2.69
buildconf: automake version 1.13.1
buildconf: aclocal version 1.13.1
buildconf: libtool version 2.4
buildconf: GNU m4 version 1.4.16
2013-01-14 04:29:43 +01:00
Nick Zitzmann
06558695d5 docs: the --with-darwinssl option is available on Apple OSes 2013-01-09 15:53:29 +01:00
Daniel Stenberg
75fa3542d0 Revert "configure: update req to 2.59"
This reverts commit 7a6d8b1b1a.

URL: http://curl.haxx.se/mail/lib-2013-01/0103.html
2013-01-08 19:02:13 +01:00
Daniel Stenberg
7a6d8b1b1a configure: update req to 2.59
I ran the 2.59 version of autoupdate that updates obsoleted configure.ac
constructs to the 2.59 standard. With a little hands-on fiddling I
prevented it from ruining the quoting in AS_HELP_STRING() uses.

I subsequently also bumped the required autoconf version to 2.59
(released in December 2003) as I don't have an older autoconf version
around to test with and I can't be bothered to install one either...

Inspired by: Björn Stenberg
Related blog post: http://cazfi.livejournal.com/195108.html
2013-01-08 11:46:50 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
404a95b588 configure.ac: replace AM_CONFIG_HEADER with AC_CONFIG_HEADERS
automake 1.13 errors if AM_CONFIG_HEADER is used in configure script.
automake 1.13 no longer autoupdates AM_CONFIG_HEADER to
AC_CONFIG_HEADERS, thing which automake has been doing since automake
version 1.7

Given that our first automake supported version is automake 1.7,
simply replacing AM_CONFIG_HEADER usage with AC_CONFIG_HEADERS seems
enough to yet support same automake versions.

Dave Reisner reported issue with 1.13 and provided patch.

http://curl.haxx.se/mail/lib-2012-12/0246.html
2013-01-01 19:24:54 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Yang Tse
0969045b6e configure: add internal sanity check (warn only) on vars for makefiles 2012-12-21 17:29:31 +01:00
Yang Tse
d738adc1fb configure: LIBMETALINK_CFLAGS actually is LIBMETALINK_CPPFLAGS 2012-12-21 13:00:00 +01:00
Yang Tse
c691037517 configure: add minimal sanity check on user provided CFLAGS and CPPFLAGS 2012-12-20 17:13:21 +01:00
Yang Tse
c91a6cd78f configure.ac: clear local test intended variables before use 2012-12-19 16:08:07 +01:00
Yang Tse
57fa576a35 configure: check if compiler halts on function prototype mismatch 2012-12-16 18:51:51 +01:00
Yang Tse
b908376bef build: explain current role of LIBS in our Makefile.am files
BLANK_AT_MAKETIME may be used in our Makefile.am files to blank
LIBS variable used in generated makefile at makefile processing
time. Doing this functionally prevents LIBS from being used for
all link targets in given makefile.
2012-12-04 23:32:05 +01:00
Yang Tse
3202cc6162 configure: add minimal sanity check on user provided LIBS and LDFLAGS 2012-12-04 21:00:32 +01:00
Yang Tse
068f7ae264 build: prevent global LIBS from influencing src and lib build targets
Currently, LIBS is already used through other macros.
2012-12-03 22:41:18 +01:00
Yang Tse
91b57cd6e5 build: prevent global LIBS from influencing libtest build targets 2012-11-30 14:34:48 +01:00
Yang Tse
d27a46f09b build: prevent global LIBS from influencing test server build targets 2012-11-29 21:56:48 +01:00
Yang Tse
16a8281f71 build: avoid linkage of directly unused libraries 2012-11-28 18:31:23 +01:00
Yang Tse
665adcd4b7 build: fix AIX compilation and usage
AIX sys/poll.h header file defines 'events' and 'revents' as C
preprocessor macros. Usage of these literals in libcurl's external
API was introduced in commit de24d7bd4c causing AIX build failures.
Appropriate inclusion of sys/poll.h by libcurl's external interface
fixes AIX build and usage issues while avoiding a SONAME bump.
2012-11-23 17:57:00 +01:00
Daniel Stenberg
f4b4365c19 configure: update the copyright years for the output 2012-08-19 00:18:34 +02:00
Daniel Stenberg
44154e0733 configure: remove the --enable/disable-nonblocking options
Removing this option as it currently only functions to lure people into
wrongly using it and falsely believing that libcurl will work fine
without using nonblocking sockets internally - which leads to hard to
track or understand errors.
2012-08-16 19:24:33 +02:00
Guenter Knauf
1b1c43a9fe Added --with-winidn to configure.
This needs another look from the configure experts. I tested that
it works so far with MinGW64 cross-compiler; libcurl builds and
links fine, but curl not yet ...
2012-07-27 03:19:21 +02:00
Yang Tse
069b280f63 configure.ac: verify that libmetalink is new enough
Enabling test2017 to test2022.
2012-07-02 16:42:54 +02:00
Nick Zitzmann
7aa95afadd DarwinSSL: allow using NTLM authentication
Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.

This uses CommonCrypto, a cryptography library that ships with all versions of
iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
less-common cyphers and doesn't have a big number data structure.
2012-06-27 11:57:31 +02:00
Nick Zitzmann
6d1ea388cb darwinssl: add support for native Mac OS X/iOS SSL 2012-06-26 14:04:15 +02:00