1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 14:35:03 -05:00
Commit Graph

7559 Commits

Author SHA1 Message Date
Marc Hoersken
c48b996cf2 url.c: fix possible use of non-null-terminated string with strlen
Follow up on b0e742544b
2014-04-19 14:25:32 +02:00
Marc Hoersken
b0e742544b url.c: fix possible use of non-null-terminated string with strlen 2014-04-19 00:17:21 +02:00
Marc Hoersken
7296fc9e7e connect.c: fix multiple possible dereferences of null pointers
In case the first address in the tempaddr array is NULL,
the code would previously dereference an unchecked null pointer.
2014-04-18 23:56:54 +02:00
Marc Hoersken
3f74e149f8 tftp.c: fix possible dereference of null pointer 2014-04-18 23:53:48 +02:00
Marc Hoersken
e81bdab13e socks_sspi.c: added pointer guards to FreeContextBuffer calls
The FreeContextBuffer SAL declaration does not declare the pointer
as optional, therefore it must not be NULL.
2014-04-18 23:24:41 +02:00
Marc Hoersken
54df616729 md5.c: fix use of uninitialized variable 2014-04-18 22:59:25 +02:00
Marc Hoersken
6f72c2fe31 curl_schannel.c: added explicit cast of structure pointers 2014-04-18 22:38:42 +02:00
Marc Hoersken
a703914e60 curl_schannel.c: fix possible dereference of null pointer 2014-04-18 22:36:12 +02:00
Steve Holme
d7ed8da43e imap: Extended FETCH support to include PARTIAL URL specifier 2014-04-18 20:14:09 +01:00
Steve Holme
e2c14bde22 url.c: Fixed typo in comment 2014-04-18 17:51:26 +01:00
Steve Holme
84c0aabe65 imap: Expanded mailbox SEARCH support to use URL query strings 2014-04-18 16:51:48 +01:00
Steve Holme
ca63d4feba imap: Added support for parsing URL query strings
Added support for parsing query strings from the URL as defined by
RFC-5092.
2014-04-18 16:43:57 +01:00
Steve Holme
f804378d16 imap: Introduced the SEARCH state 2014-04-18 15:32:13 +01:00
Steve Holme
2c6b41e98a imap: Fixed untagged response detection when no data after command
Should a command return untagged responses that contained no data then
the imap_matchresp() function would not detect them as valid responses,
as it wasn't taking the CRLF characters into account at the end of each
line.
2014-04-18 15:01:57 +01:00
Daniel Stenberg
b166117c60 README.http2: mention some alt-svc thoughts 2014-04-17 19:23:39 +02:00
Dan Fandrich
263ed02da6 url: only use if_nametoindex() if IFNAMSIZ is available 2014-04-14 08:02:06 +02:00
Steve Holme
b574e83079 sas: Added DIGEST-MD5 qop-option validation in native challange handling
Given that we presently support "auth" and not "auth-int" or "auth-conf"
for native challenge-response messages, added client side validation of
the quality-of-protection options from the server's challenge message.
2014-04-08 21:24:34 +01:00
Daniel Stenberg
73b7a03c3f strerror: fix comment about vxworks' strerror_r buffer size
Bug: http://curl.haxx.se/mail/lib-2014-04/0063.html
Reported-by: Jeroen Koekkoek
2014-04-06 23:13:08 +02:00
Steve Holme
64381f5091 sasl: Added forward declaration of structures following recent changes
To avoid urldata.h being included from the header file or that the
source file has the correct include order as highlighted by one of
the auto builds recently.
2014-04-06 17:20:08 +01:00
Steve Holme
537b571c90 sasl: Fixed compilation warning
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc sasl: Added curl_memory.h include as per test 1132 2014-04-06 16:09:19 +01:00
Steve Holme
2af28a147b sasl: Fixed compilation warning in SSPI builds
warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06 16:01:55 +01:00
Steve Holme
f700eb7d9a sasl: Corrected missing free of decoded challenge message from 607883f13c 2014-04-06 14:18:31 +01:00
Steve Holme
175b605331 sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 2014-04-06 14:02:10 +01:00
Steve Holme
ee40136f6c sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c sasl: Added support for DIGEST-MD5 via Windows SSPI 2014-04-06 12:49:32 +01:00
Steve Holme
d4150c317c http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined 2014-04-06 01:46:53 +01:00
Steve Holme
0bc14c9faf Makefile.vc6: Added curl_sasl_sspi.c 2014-04-06 00:57:23 +01:00
Steve Holme
c469941293 ntlm: Moved the identity generation into shared SSPI code 2014-04-06 00:35:22 +01:00
Steve Holme
ff853960bd sasl: Renamed SSPI module following short name clash 2014-04-06 00:35:01 +01:00
Steve Holme
2c49e96092 sasl: Added initial stub functions for SSPI DIGEST-MD support 2014-04-05 23:16:51 +01:00
Steve Holme
3a92de5636 sasl: Combined DIGEST-MD5 message decoding and generation 2014-04-05 23:09:04 +01:00
Tatsuhiro Tsujikawa
9e86209d04 http2: Compile with current nghttp2, which supports h2-11 2014-04-05 19:30:12 +02:00
Daniel Stenberg
74851340bd PROXYHEADER: send these headers in "normal" proxy requests too
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ef6be35bae CURLOPT_HEADEROPT: added
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc CURLOPT_PROXYHEADER: set headers for proxy-only
Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
42937f87e6 HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
2014-04-04 15:46:35 +02:00
Daniel Stenberg
c81021f747 ftp: in passive data connect wait for happy eyeballs sockets
When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!

Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan
2014-04-03 20:38:19 +02:00
Daniel Stenberg
97f214d0c9 http2+openssl: fix compiler warnings in ALPN using code 2014-04-03 17:03:02 +02:00
Steve Holme
dd9ce1b86c smtp: Fixed login denied with a RFC-821 based server
In addition to commit fe260b75e7 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.
2014-04-01 07:20:19 +01:00
Daniel Stenberg
8a0385c1ad urldata: spellfix comment
Reported-by: Melissa
2014-04-01 08:00:34 +02:00
Daniel Stenberg
13682d1a24 ipv6: strip off zone identifiers in redirects too
Follow up to 9317eced98 makes test 1056 work again.
2014-03-31 09:35:32 +02:00
Daniel Stenberg
6448946ac3 http2: let openssl mention the exact protocol negotiated
Remove a superfluous "negotiated http2" info line
2014-03-31 09:00:58 +02:00
Daniel Stenberg
ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Till Maas
9317eced98 URL parser: IPv6 zone identifiers are now supported 2014-03-31 07:58:25 +02:00
Steve Holme
fe260b75e7 smtp: Fixed login denied when server doesn't support AUTH capability
Specifying user credentials when the SMTP server doesn't support
authentication would cause curl to display "No known authentication
mechanisms supported!" and return CURLE_LOGIN_DENIED.

Reported-by: Tom Sparrow
Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html
2014-03-28 18:21:27 +00:00
Dan Fandrich
a8c7cf6281 hostcheck: added a system include to define struct in_addr 2014-03-26 22:29:00 +01:00
Daniel Stenberg
965690f67e Curl_cert_hostcheck: strip trailing dots in host name and wildcard
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Daniel Stenberg
5019c78095 Curl_cert_hostcheck: reject IP address wildcard matches
There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.

Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Steve Holme
517b06d657 url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-25 23:01:37 +01:00
Gisle Vanem
196140dcaf polarssl: avoid extra newlines in debug messages
The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.
2014-03-22 16:55:39 +01:00
Daniel Stenberg
4ff71183b9 rtsp: parse "Session:" header properly
The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.

Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
2014-03-20 11:52:27 +01:00
Daniel Stenberg
930b81387b trynextip: don't store 'ai' on failed connects...
It leads to the "next family" tries starting from the wrong point and thus
fails!

Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker
2014-03-19 16:34:12 +01:00
Gaël PORTAY
47f8e99e78 polarssl: fix possible handshake timeout issue in multi.
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.

In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
2014-03-19 16:10:18 +01:00
Gaël PORTAY
ff25f437a5 polarssl: break compatibility with version older than 1.3.
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
2014-03-18 21:01:11 +01:00
Gaël PORTAY
31265376bc polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
 * x509 certificate structure has been renamed to from x509_cert to
   x509_crt
 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
   ssl_set_own_cert is for generic keys
 * ssl_default_ciphersuites has been replaced by function
   ssl_list_ciphersuites()

This patch drops the use of the compatibly header.
2014-03-18 21:01:11 +01:00
Daniel Stenberg
7a1fb8e816 polarssl: added missing end-of-comment from previous commit 2014-03-18 08:03:45 +01:00
Daniel Stenberg
5017d5ada8 polarssl: now require 1.3.0+
Also fixed a function name change in the version requirement bump
2014-03-17 20:48:06 +01:00
hasufell
4d6108315b polarssl: fix compilation
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
2014-03-17 20:08:45 +01:00
Kamil Dudka
67061e3f4e nss: allow to enable/disable new AES GCM cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
c864d81289 nss: allow to enable/disable new HMAC-SHA256 cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
b4f6cd46eb nss: do not enable AES cipher-suites by default
... but allow them to be enabled/disabled explicitly.  The default
policy should be maintained at the NSS level.
2014-03-15 13:07:55 +01:00
Dan Fandrich
9b5b6a2b1a ssh: prevent a logic error that could result in an infinite loop 2014-03-15 10:26:29 +01:00
Dan Fandrich
596800378d ssh: removed a redundant close state transition 2014-03-14 23:38:00 +01:00
Dan Fandrich
8c4d6ceec0 ssh: abort immediately on a header callback error 2014-03-14 23:37:59 +01:00
Daniel Stenberg
891ef341b3 chunked-encoding: provide a readable error string for chunked errors 2014-03-14 15:44:18 +01:00
Tatsuhiro Tsujikawa
9787b8e9d4 http2: free resources on disconnect
... and use Curl_safefree() instead of free()
2014-03-10 18:35:59 +01:00
Daniel Stenberg
dcdbac2568 openssl: info massage with SSL version used
Patch-by: byte_bucket
2014-03-10 17:13:11 +01:00
Daniel Stenberg
8ddda0e999 README.http2: clarify the build prerequisites 2014-03-09 16:39:46 +00:00
Daniel Stenberg
6da4085e48 ssh: fix compiler warning converting ssize_t to int 2014-03-06 13:25:59 +00:00
Dan Fandrich
e591165f94 ssh: Fixed a style warning
Also, combined a couple of #ifdef sections
2014-03-06 13:39:22 +01:00
Dan Fandrich
e84d0b41f6 ssh: Pass errors from libssh2_sftp_read up the stack 2014-03-06 12:48:33 +01:00
Daniel Stenberg
539412851c parse_remote_port: error out on illegal port numbers better 2014-03-06 00:06:45 +00:00
Daniel Stenberg
219a0fbe76 remote_port: allow connect to port 0
Port number zero is perfectly allowed to connect to. I moved to storing
the remote port number in an int so that -1 means undefined and 0-65535
can be used for legitimate port numbers.
2014-03-05 17:38:05 +00:00
Daniel Stenberg
0b3750b5c2 multi_runsingle: move timestamp into INIT
Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the
drawback that for actions that go back to the CONNECT state, the time
stamp is reset and for the multi_socket API there's no corresponding
Curl_expire() then so the timeout logic gets wrong!

Reported-by: Brad Spencer
Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html
2014-03-03 16:35:04 +01:00
Daniel Stenberg
a21c04f391 hostcheck: update comment after previous change 2014-03-03 13:41:48 +01:00
Daniel Stenberg
c01467b753 hostcheck: Curl_cert_hostcheck is not used by NSS builds 2014-03-03 13:39:06 +01:00
Daniel Stenberg
9cb7802cfd x509asn: moved out Curl_verifyhost from NSS builds
... as it isn't used then!
2014-03-03 08:44:25 +01:00
Daniel Stenberg
6f416fa462 NSS: avoid compiler warnings when built without http2 support 2014-03-03 08:39:25 +01:00
Jiri Malak
420d9ff3eb Rework Open Watcom make files to use standard Wmake features
Remove slash/backslash problem, now only slashes are used,
Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it.
Enable spaces in path.
Use internal rm command for all host platforms
Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported
2014-03-03 08:19:05 +01:00
Jiri Malak
85484355b3 parsedate: Fixed compilation warning
Remove compilation message for platforms where size of long type
is equal size of int type.
2014-03-02 16:36:05 +01:00
Steve Holme
1f07718123 transfer.c: Fixed non-HTTP2 builds from commit cde0cf7c5e 2014-02-28 23:21:36 +00:00
Tatsuhiro Tsujikawa
cde0cf7c5e Fix bug that HTTP/2 hangs if whole response body is read with headers
For HTTP/2, we may read up everything including responde body with
header fields in Curl_http_readwrite_headers. If no content-length is
provided, curl waits for the connection close, which we emulate it
using conn->proto.httpc.closed = TRUE. The thing is if we read
everything, then http2_recv won't be called and we cannot signal the
HTTP/2 stream has closed. As a workaround, we return nonzero from
data_pending to call http2_recv.
2014-02-28 23:28:39 +01:00
Daniel Stenberg
53f1f4a18e http2: build with current nghttp2 version
nghttp2 has yet again extended its callback struct and this is an
attempt to make curl compile with nghttp2 from current git
2014-02-28 23:26:43 +01:00
nickzman
e9665e9658 Merge pull request #93 from d235j/darwinssl_ip_address_fix
darwinssl: don't omit CN verification when an IP address is used
2014-02-25 17:36:44 -06:00
Marc Hoersken
e904b15f21 curl_schannel.c: Updated copyright years 2014-02-24 22:12:55 +01:00
David Ryskalczyk
63fc8ee7be winssl: Enable hostname verification of IP address using SAN or CN
Original commit message was:
 Don't omit CN verification in SChannel when an IP address is used.

Side-effect of this change:
 SChannel and CryptoAPI do not support the iPAddress subjectAltName
 according to RFC 2818. If present, SChannel will first compare the
 IP address to the dNSName subjectAltNames and then fallback to the
 most specific Common Name in the Subject field of the certificate.

 This means that after this change curl will not connect to SSL/TLS
 hosts as long as the IP address is not specified in the SAN or CN
 of the server certificate or the verifyhost option is disabled.
2014-02-24 22:12:55 +01:00
David Ryskalczyk
afc6e5004f Don't omit CN verification in DarwinSSL when an IP address is used. 2014-02-23 12:37:27 -05:00
Dan Fandrich
a660c0dbe6 easy: Fixed a memory leak on OOM condition 2014-02-22 15:41:59 +01:00
Daniel Stenberg
0d6225ad0d SFTP: skip reading the dir when NOBODY=1
When asking for an SFTP directory with NOBODY set, no directory contents
should be retrieved.

Bug: http://curl.haxx.se/mail/lib-2014-02/0155.html
2014-02-19 10:40:28 +01:00
Dan Fandrich
8749bbe7fd axtls: comment the call ssl_read repeatedly loop 2014-02-18 21:14:09 +01:00
Tatsuhiro Tsujikawa
035b91a26c http2: Support HTTP POST/PUT
This patch enables HTTP POST/PUT in HTTP2.
We disabled Expect header field and  chunked transfer encoding
since HTTP2 forbids them.
In HTTP1, Curl sends small upload data with request headers, but
HTTP2 requires upload data must be in DATA frame separately.
So we added some conditionals to achieve this.
2014-02-17 23:45:58 +01:00
Daniel Stenberg
854aca5420 multi: ignore sigpipe internally
When the multi API is used we must also ignore SIGPIPE signals when
caused by things we do, like they can easily be generated by OpenSSL.
2014-02-17 10:35:21 +01:00
Dan Fandrich
184c3e2d37 configure: Fix the --disable-crypto-auth option
It now disables NTLM and GSS authentication methods, and produces
compilable code when SSL is enabled.
2014-02-17 09:50:46 +01:00
Shao Shuchao
2111c2ed07 ConnectionDone: default maxconnects to 4 x number of easy handles
... as documented!
2014-02-17 09:29:25 +01:00
Daniel Stenberg
575a2b684b axtls: bump copyright year 2014-02-16 23:31:47 +01:00
Fabian Frank
86f266b004 axtls: call ssl_read repeatedly
Perform more work in between sleeps. This is work around the
fact that axtls does not expose any knowledge about when work needs
to be performed. Depending on connection and how often perform is
being called this can save ~25% of time on SSL handshakes (measured
on 20ms latency connection calling perform roughly every 10ms).
2014-02-16 23:30:21 +01:00
Daniel Stenberg
d765099813 ConnectionExists: re-use connections better
When allowing NTLM, the re-use connection logic was too focused on
finding an existing NTLM connection to use and didn't properly allow
re-use of other ones. This made the logic not re-use perfectly re-usable
connections.

Added test case 1418 and 1419 to verify.

Regression brought in 8ae35102c (curl 7.35.0)

Reported-by: Jeff King
Bug: http://thread.gmane.org/gmane.comp.version-control.git/242213
2014-02-16 14:30:02 +01:00
Steve Holme
77a51364a4 warnless: Updated copyright year for recent changes 2014-02-16 10:39:46 +00:00
Marc Hoersken
6239146e93 warnless: add wrapper function for read and write on Windows 2014-02-16 11:03:22 +01:00
Arvid Norberg
1813a77b02 dict: fix memory leak in OOM exit path
Bug: https://github.com/bagder/curl/pull/90
2014-02-14 08:21:41 +01:00
Daniel Stenberg
d3d871cb4f Curl_urldecode: don't allow NULL as receiver
For a function that returns a decoded version of a string, it seems
really strange to allow a NULL pointer to get passed in which then
prevents the decoded data from being returned!

This functionality was not documented anywhere either.

If anyone would use it that way, that memory would've been leaked.

Bug: https://github.com/bagder/curl/pull/90
Reported-by: Arvid Norberg
2014-02-13 23:57:40 +01:00
Daniel Stenberg
378af08c99 ConnectionExists: reusing possible HTTP+NTLM connections better
Make sure that the special NTLM magic we do is for HTTP+NTLM only since
that's where the authenticated connection is a weird non-standard
paradigm.

Regression brought in 8ae35102c (curl 7.35.0)

Bug: http://curl.haxx.se/mail/lib-2014-02/0100.html
Reported-by: Dan Fandrich
2014-02-13 23:25:38 +01:00
Tiit Pikma
c021a60bcc transfer: make Expect: 100-continue timeout configurable.
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the
CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-13 16:05:17 +01:00
Thomas Braun
bcb32e915e Fix compilation with make mingw32
The source files from lib/vtls where generated in lib instead of lib/vtls.

Verified-by: Thomas Braun <thomas.braun@virtuell-zuhause.de>
2014-02-12 14:39:08 +01:00
Daniel Stenberg
0ab97ba009 chunked decoder: track overflows correctly
The code didn't properly check the return codes to detect overflows so
it could trigger incorrectly. Like on mingw32.

Regression introduced in 345891edba (curl 7.35.0)

Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html
Reported-by: LM
2014-02-12 14:35:46 +01:00
Fabian Frank
ec9476052d openssl: honor --[no-]alpn|npn command line switch
Disable ALPN or NPN if requested by the user.
2014-02-11 22:55:23 +01:00
Fabian Frank
8f5a9147be gtls: honor --[no-]alpn command line switch
Disable ALPN if requested by the user.
2014-02-11 22:54:37 +01:00
Fabian Frank
909a68c121 NPN/ALPN: allow disabling via command line
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.

TODO: honor this option with GnuTLS and OpenSSL
2014-02-10 13:06:17 +01:00
Fabian Frank
70bd9784de nss: use correct preprocessor macro
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection,
but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a
preprocessor macro.
2014-02-10 08:09:02 +01:00
Dan Fandrich
6374ab2a36 formdata: Must use Curl_safefree instead of free 2014-02-09 10:10:22 +01:00
Dan Fandrich
85a4df8b79 formdata: Fixed memory leak on OOM condition 2014-02-08 11:33:43 +01:00
Daniel Stenberg
fa8d7ce4fe http2: updated README after NSS addition
Changed the support to a little matrix and added brief explanation of
what ALPN and NPN are for.
2014-02-07 15:50:31 +01:00
Daniel Stenberg
09d907ee68 nss: support pre-ALPN versions 2014-02-07 15:38:45 +01:00
Fabian Frank
f3a12460ad nss: ALPN and NPN support
Add ALPN and NPN support for NSS. This allows cURL to negotiate
HTTP/2.0 connections when built with NSS.
2014-02-07 15:35:23 +01:00
Daniel Stenberg
9597f7dfbc formpost: use semicolon in multipart/mixed
Not comma, which is an inconsistency and a mistake probably inherited
from the examples section of RFC1867.

This bug has been present since the day curl started to support
multipart formposts, back in the 90s.

Reported-by: Rob Davies
Bug: http://curl.haxx.se/bug/view.cgi?id=1333
2014-02-07 09:43:36 +01:00
Dan Fandrich
4a8c877273 ssh: Fixed a NULL pointer dereference on OOM condition 2014-02-06 23:56:47 +01:00
Steve Holme
265f2e9ed7 nss: Updated copyright year for recent edits 2014-02-06 22:32:56 +00:00
Remi Gacogne
1ebf22cc0e 100-continue: fix timeout condition
When using the multi socket interface, libcurl calls the
curl_multi_timer_callback asking to be woken up after
CURL_TIMEOUT_EXPECT_100 milliseconds.

After the timeout has expired, calling curl_multi_socket_action with
CURL_SOCKET_TIMEOUT as sockfd leads libcurl to check expired
timeouts. When handling the 100-continue one, the following check in
Curl_readwrite() fails if exactly CURL_TIMEOUT_EXPECT_100 milliseconds
passed since the timeout has been set!

It seems logical to consider that having waited for exactly
CURL_TIMEOUT_EXPECT_100 ms is enough.

Bug: http://curl.haxx.se/bug/view.cgi?id=1334
2014-02-06 23:21:42 +01:00
Fabian Frank
ff92fcfb90 nss: prefer highest available TLS version
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3
if --tlsv1[.N] was not specified on the command line.
2014-02-06 23:09:56 +01:00
Daniel Stenberg
b93755df37 http2: spell fixed README and added version requirement 2014-02-06 22:27:04 +01:00
Daniel Stenberg
06b4275c0d http2: minor update of the README 2014-02-05 15:31:29 +01:00
Fabian Frank
133cdd29ea http2: rely on content-encoding header
A server might respond with a content-encoding header and a response
that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the
client did not send an accept-encoding header earlier. The server might
not send a content-encoding header if the identity encoding was used to
encode the response.

See:
http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3
2014-02-05 10:26:12 +01:00
Daniel Stenberg
e5524b7b25 http2: enforce gzip auto-decompress
As this is mandated by the http2 spec draft-09
2014-02-04 15:07:08 +01:00
Tatsuhiro Tsujikawa
0ea9f70049 http2: handle incoming data larger than remaining buffer 2014-02-04 14:57:29 +01:00
Tatsuhiro Tsujikawa
4082dc9de6 http2: Check stream ID we are interested in 2014-02-04 14:55:29 +01:00
Tatsuhiro Tsujikawa
dbccf497da http2: store response header in temporary buffer 2014-02-04 14:54:42 +01:00
Tatsuhiro Tsujikawa
63b26d889f HTTP2: add layer between existing http and socket(TLS) layer
This patch chooses different approach to integrate HTTP2 into HTTP curl
stack. The idea is that we insert HTTP2 layer between HTTP code and
socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade),
we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the
original callbacks in http_conn struct. When sending serialized data by
nghttp2, we use original Curl_send callback. Likewise, when reading data
from network, we use original Curl_recv callback. In this way we can
treat both TLS and non-TLS connections.

With this patch, one can transfer contents from https://twitter.com and
from nghttp2 test server in plain HTTP as well.

The code still has rough edges. The notable one is I could not figure
out how to call nghttp2_session_send() when underlying socket is
writable.
2014-02-04 14:49:49 +01:00
Fabian Frank
4d8db595ca gtls: add ALPN support
Add ALPN support when using GnuTLS >= 3.2.0. This allows
libcurl to negotiate HTTP/2.0 for https connections when
built with GnuTLS.

See:
http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-02-04 09:48:27 +01:00
Fabian Frank
8b6654224b openssl: add ALPN support
Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the
server, who can respond with either one or none of the two. OpenSSL >=
1.0.2 is required, which means as of today obtaining a snapshot from
ftp://ftp.openssl.org/snapshot/.

See:
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
ba168244a1/ssl/ssl_lib.c (L1787)
2014-02-03 23:46:06 +01:00
Marc Hoersken
82f558366f winssl: improved default SSL/TLS protocol selection
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2
if it is not explicitly enabled within grbitEnabledProtocols.

More information can be found on MSDN:
http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
2014-01-31 20:01:25 +01:00
Dan Fandrich
0f213fdca1 pipeline: Fixed a NULL pointer dereference on OOM 2014-01-31 00:05:36 +01:00
Dan Fandrich
c631a54bb6 ftp: fixed a memory leak on wildcard error path 2014-01-30 22:15:03 +01:00
Dan Fandrich
768151449b netrc: Fixed a memory leak in an OOM condition 2014-01-30 22:15:03 +01:00
Steve Holme
97857de80e ntlm: Fixed a memory leak when using NTLM with a proxy server 2014-01-30 20:59:26 +00:00
Daniel Stenberg
b58b87e76e http2: fix size check in on_data_chunk_recv 2014-01-30 20:24:15 +01:00
Daniel Stenberg
48c3bed43b http2: add CRLF when first data arrives 2014-01-30 20:24:15 +01:00
Tatsuhiro Tsujikawa
c5165b8458 http2_recv: Return written length on CURLE_AGAIN 2014-01-30 17:49:35 +01:00
Tatsuhiro Tsujikawa
88705ef80e http2: Use nghttp2_session_mem_recv and nghttp2_session_upgrade 2014-01-30 17:45:53 +01:00
Daniel Stenberg
83f52a455f http2: basic version of receiving DATA 2014-01-30 16:09:36 +01:00
Daniel Stenberg
a7affd637f http2: convert HEADER frames to HTTP1-like headers
... and then go through the "normal" HTTP engine.
2014-01-30 15:58:07 +01:00
Daniel Stenberg
93f473c78a http2: fix EWOULDBLOCK in recv_callback() 2014-01-30 14:31:05 +01:00
Daniel Stenberg
a878cb3056 http2: do the POST Upgrade dance properly 2014-01-30 14:26:00 +01:00
Steve Holme
0e11307057 ntlm: Use static client nonce for the test suite 2014-01-30 11:39:08 +00:00
Daniel Stenberg
0f23662af7 http2.h: provide empty macros for non-http2 builds 2014-01-30 11:46:59 +01:00
Fabian Frank
dd011df9e1 http2: switch into http2 mode if NPN indicates
Check the NPN result before preparing an HTTP request and switch into
HTTP/2.0 mode if necessary. This is a work in progress, the actual code
to prepare and send the request using nghttp2 is still missing from
Curl_http2_send_request().
2014-01-30 11:34:37 +01:00
Daniel Stenberg
8e778887b5 http2: s/Curl_http2_request/Curl_http2_request_upgrade
To better reflect its purpose
2014-01-30 11:33:37 +01:00
Daniel Stenberg
99b4ff8b6f http2-openssl: verify that NPN functionality is present 2014-01-30 11:24:15 +01:00
Fabian Frank
22c198fa89 openssl: set up hooks with to perform NPN
NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0
connections. It is expected to be replaced by ALPN in the future. If
HTTP/2.0 is negotiated, this is indicated for the entire connection and
http.c is expected to initialize itself for HTTP/2.0 instead of
HTTP/1.1.

see:
http://technotes.googlecode.com/git/nextprotoneg.html
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-01-30 11:13:28 +01:00
Daniel Stenberg
c3fe3d9926 http2: added stubs for all nghttp2 callbacks
This makes it easier to trace what's happening.
2014-01-30 00:11:56 +01:00
Daniel Stenberg
62e3d66cc6 http2: use FIRSTSOCKET instead of 0 to index the sockets array 2014-01-29 23:47:24 +01:00
Daniel Stenberg
b451c10d1e http2: receive and log the received header frames 2014-01-29 23:46:20 +01:00
Daniel Stenberg
be84524cc2 http2_recv: log nghttp2 return codes for debugging purposes 2014-01-29 23:20:46 +01:00
Daniel Stenberg
803581d3e0 HTTP2: reject nghttp2 versions before 0.3.0 2014-01-29 22:53:08 +01:00
Gisle Vanem
341d09bc2b http2: adjusted to newer nghttp2_session_callbacks struct
the number of elements in the 'nghttp2_session_callbacks' structure is
now reduced by 2 in version 0.3.0 (I'm not sure when the change
happened, but checking for ver 0.3.0 work for me).
2014-01-29 22:52:22 +01:00
Gisle Vanem
0070f7a09d HTTP2: Wrong NgHTTP2 user-data
Something is wrong in 'userp' for the HTTP2 recv_callback().  The
session is created using bogus user-data; '&conn' and not 'conn'.

I noticed this since the socket-value in Curl_read_plain() was set to a
impossible high value.
2014-01-29 22:50:25 +01:00
Daniel Stenberg
220bcba93d NTLM: error: conversion to 'int' from 'long int' may alter its value
Fixed two compiler nits
2014-01-29 22:42:34 +01:00
Steve Holme
eb91e1a58f ntlm: Coding style policing dating back to 2011 2014-01-29 20:51:04 +00:00
Steve Holme
2319221c83 ntlm: Use a timestamp of 01/01/1970 for the test suite 2014-01-29 20:24:32 +00:00
Steve Holme
914b60c827 ntlm: Updated Curl_ntlm_core_mk_ntlmv2_resp() to use local variables
...until the function is successful when it returns them in the out
parameters.
2014-01-29 20:24:16 +00:00
Steve Holme
07b66cbfa4 ntlm: Added cross platform support for writing NTLMv2 timestamp in buffer
Added conversion functions write32_le() and write64_le() to ensure the
NTLMv2 timestamp is always written in little-endian.
2014-01-29 20:22:10 +00:00
Prash Dush
86724581b6 ntlm: Added support for NTLMv2 2014-01-29 20:17:11 +00:00
Kamil Dudka
665c160f0a nss: do not use the NSS_ENABLE_ECC define
It is not provided by NSS public headers.

Bug: https://bugzilla.redhat.com/1058776
2014-01-29 13:57:21 +01:00
Kamil Dudka
e15e73b741 nss: do not fail if NSS does not implement a cipher
... that the user does not ask for
2014-01-29 13:46:17 +01:00
Daniel Stenberg
53940f8834 http2: switch recv/send functions to http2 ones after 101 2014-01-29 10:24:05 +01:00
Daniel Stenberg
8d3608f2ad http2: handle 101 responses and switch to HTTP2 2014-01-29 10:24:05 +01:00
Dan Fandrich
1a20f59237 oauth2: Fixed a memory leak in an OOM condition 2014-01-28 23:55:04 +01:00
Romulo A. Ceccon
31860ab8c8 hostip: don't remove DNS entries that are in use
hostcache_timestamp_remove() should remove old *unused* entries from the
host cache, but it never checked whether the entry was actually in
use. This complements commit 030a2b8cb.

Bug: http://curl.haxx.se/bug/view.cgi?id=1327
2014-01-28 22:25:48 +01:00
Daniel Stenberg
bcb19883a8 TFTP: fix crash on time-out
tftp_done() can get called with its TFTP state pointer still being NULL
on an early time-out, which caused a segfault when dereferenced.

Reported-by: Glenn Sheridan
Bug: http://curl.haxx.se/mail/lib-2014-01/0246.html
2014-01-28 22:17:16 +01:00
Dan Fandrich
b4b28c7001 netrc: Fixed a memory and file descriptor leak on OOM 2014-01-24 21:52:48 +01:00
Dan Fandrich
da9864fb72 multi: Fixed a memory leak on OOM condition 2014-01-24 00:22:08 +01:00
Fabian Frank
251305cd7f axtls: fix compiler warning on conversion ssize_t => int 2014-01-21 08:21:55 +01:00
Fabian Frank
852a018e78 SFTP: stat remote file also when CURLOPT_NOBODY is 1
Make it possible to call
curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize)
and related functions on remote sftp:// files, without downloading them.

Reported-by: Yingwei Liu
Bug: http://curl.haxx.se/mail/lib-2014-01/0139.html
2014-01-20 22:57:55 +01:00
Cédric Deltheil
afd288b28f HTTP POST: omit Content-Length if data size is unknown
This prevents sending a `Content-Length: -1` header, e.g this ocurred
with the following combination:

* standard HTTP POST (no chunked encoding),
* user-defined read function set,
* `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set.

With this fix it now behaves like HTTP PUT.
2014-01-20 12:50:51 +01:00
Fabian Frank
39f7e80a52 disable GnuTLS insecure ciphers
Make GnuTLS old and new consistent, specify the desired protocol, cipher
and certificate type in always in both modes. Disable insecure ciphers
as reported by howsmyssl.com. Honor not only --sslv3, but also the
--tlsv1[.N] switches.

Related Bug: http://curl.haxx.se/bug/view.cgi?id=1323
2014-01-20 11:32:55 +01:00
Daniel Stenberg
4f334ba017 gtls: fix compiler warnings on conversions size_t => unsigned int 2014-01-19 23:26:01 +01:00
Steve Holme
2cac75c4e4 http_chunks.c: Fixed compilation warnings under some 32-bit systems
conversion from 'curl_off_t' to 'size_t', possible loss of data

Where curl_off_t is a 64-bit word and size_t is 32-bit - for example
with 32-bit Windows builds.
2014-01-19 13:10:45 +00:00
Steve Holme
e35ffda0b3 win32: Added additional preprocessor check for Version Helper API
A follow up patch to commit d2671340a6 as _WIN32_WINNT_WIN2K and
_WIN32_WINNT_WIN2K may not be defined on all systems.
2014-01-18 11:42:48 +00:00
Steve Holme
d2671340a6 win32: Corrected the preprocessor check for Version Helper API
Following some auto build failures after commit c7a76bb056 changed
the preprocessor check to use _WIN32_WINNT.
2014-01-17 22:36:41 +00:00
Daniel Stenberg
ecaf2f02f1 cookie: max-age fixes
1 - allow >31 bit max-age values

2 - don't overflow on extremely large max-age values when we add the
value to the current time

3 - make sure max-age takes precedence over expires as dictated by
RFC6265

Bug: http://curl.haxx.se/mail/lib-2014-01/0130.html
Reported-by: Chen Prog
2014-01-17 08:57:27 +01:00
Daniel Stenberg
eb02a99c61 chunked parsing: relax the CR strictness
Allow for chunked-encoding data to get parsed with only LF line endings.
This is allowed by browsers.
2014-01-17 08:37:44 +01:00
Daniel Stenberg
345891edba chunked-parser: abort on overflows, allow 64 bit chunks 2014-01-17 08:37:44 +01:00
Daniel Stenberg
7b774482e7 Curl_cookie_add: remove 'now' from curl_getdate() call
The now argument is unused by curl_getdate()
2014-01-16 09:02:24 +01:00
Daniel Stenberg
7f807f394f connect.c:942:84: warning: Longer than 79 columns 2014-01-16 00:27:16 +01:00
Steve Holme
9520c62049 connect.c: Corrected version compare in commit c7a76bb056 2014-01-15 23:22:53 +00:00
Steve Holme
c7a76bb056 win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12
Starting with Visual Studio 2013 (VC12) and Windows 8.1 the
GetVersionInfoEx() function has been marked as deprecated and it's
return value atered. Updated connect.c and curl_sspi.c to use
VerifyVersionInfo() where possible, which has been available since
Windows 2000.
2014-01-15 20:21:01 +00:00
Colin Hogben
bbc1705fa9 error message: Sensible message on timeout when transfer size unknown
A transfer timeout could result in an error message such as "Operation
timed out after 3000 milliseconds with 19 bytes of -1 received".  This
patch removes the non-sensical "of -1" when the size of the transfer
is unknown, mirroring the logic in lib/transfer.c
2014-01-13 16:54:10 +01:00
Daniel Stenberg
3b5c75ef3d OpenSSL: deselect weak ciphers by default
By default even recent versions of OpenSSL support and accept both
"export strength" ciphers, small-bitsize ciphers as well as downright
deprecated ones.

This change sets a default cipher set that avoids the worst ciphers, and
subsequently makes https://www.howsmyssl.com/a/check no longer grade
curl/OpenSSL connects as 'Bad'.

Bug: http://curl.haxx.se/bug/view.cgi?id=1323
Reported-by: Jeff Hodges
2014-01-12 00:14:01 +01:00
Daniel Stenberg
3b183df9cc multi: remove MULTI_TIMEOUT_INACCURACY
With the recently added timeout "reminder" functionality, there's no
reason left for us to execute timeout code before the time is
ripe. Simplifies the handling too.

This will make the *TIMEOUT and *CONNECTTIMEOUT options more accurate
again, which probably is most important when the *_MS versions are used.

In multi_socket, make sure to update 'now' after having handled activity
on a socket.
2014-01-12 00:11:53 +01:00
Daniel Stenberg
980659a2ca multi_socket: remind app if timeout didn't run
BACKGROUND:

We have learned that on some systems timeout timers are inaccurate and
might occasionally fire off too early. To make the multi_socket API work
with this, we made libcurl execute timeout actions a bit early too if
they are within our MULTI_TIMEOUT_INACCURACY. (added in commit
2c72732ebf, present since 7.21.0)

Switching everything to the multi API made this inaccuracy problem
slightly more notable as now everyone can be affected.

Recently (commit 21091549c0) we tweaked that inaccuracy value to make
timeouts more accurate and made it platform specific. We also figured
out that we have code at places that check for fixed timeout values so
they MUST NOT run too early as then they will not trigger at all (see
commit be28223f35 and a691e04470) - so there are definitately problems
with running timeouts before they're supposed to run. (We've handled
that so far by adding the inaccuracy margin to those specific timeouts.)

The libcurl multi_socket API tells the application with a callback that
a timeout expires in N milliseconds (and it explicitly will not tell it
again for the same timeout), and the application is then supposed to
call libcurl when that timeout expires. When libcurl subsequently gets
called with curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...), it
knows that the application thinks the timeout expired - and alas, if it
is within the inaccuracy level libcurl will run code handling that
handle.

If the application says CURL_SOCKET_TIMEOUT to libcurl and _isn't_
within the inaccuracy level, libcurl will not consider the timeout
expired and it will not tell the application again since the timeout
value is still the same.

NOW:

This change introduces a modified behavior here. If the application says
CURL_SOCKET_TIMEOUT and libcurl finds no timeout code to run, it will
inform the application about the timeout value - *again* even if it is
the same timeout that it already told about before (although libcurl
will of course tell it the updated time so that it'll still get the
correct remaining time). This way, we will not risk that the application
believes it has done its job and libcurl thinks the time hasn't come yet
to run any code and both just sit waiting. This also allows us to
decrease the MULTI_TIMEOUT_INACCURACY margin, but that will be handled
in a separate commit.

A repeated timeout update to the application risk that the timeout will
then fire again immediately and we have what basically is a busy-loop
until the time is fine even for libcurl. If that becomes a problem, we
need to address it.
2014-01-10 13:57:25 +01:00
Daniel Stenberg
041d1e14d6 threaded-resolver: never use NULL hints with getaddrinfo
The net effect of this bug as it appeared to users, would be that
libcurl would timeout in the connect phase.

When disabling IPv6 use but still using getaddrinfo, libcurl would
wrongly not init the "hints" struct field in init_thread_sync() which
would subsequently lead to a getaddrinfo() invoke with a zeroed hints
with ai_socktype set to 0 instead of SOCK_STREAM. This would lead to
different behaviors on different platforms but basically incorrect
output.

This code was introduced in 483ff1ca75, released in curl 7.20.0.

This bug became a problem now due to the happy eyeballs code and how
libcurl now traverses the getaddrinfo() results differently.

Bug: http://curl.haxx.se/mail/lib-2014-01/0061.html
Reported-by: Fabian Frank
Debugged-by: Fabian Frank
2014-01-10 08:48:40 +01:00
Nick Zitzmann
21aa79f463 darwinssl: un-break Leopard build after PKCS#12 change
It turns out errSecDecode wasn't defined in Leopard's headers. So
we use the enum's value instead.

Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html
Reported by: Abram Pousada
2014-01-09 17:53:29 -06:00
Daniel Stenberg
28933f9d30 Curl_updateconninfo: don't do anything for UDP "connections"
getpeername() doesn't work for UDP sockets since they're not connected

Reported-by: Priyanka Shah
Bug: http://curl.haxx.se/mail/archive-2014-01/0016.html
2014-01-08 23:43:45 +01:00
Daniel Stenberg
5b2342d377 info: remove debug output
Removed some of the infof() calls that were added with the recent
pipeline improvements but they're not useful to the vast majority of
readers and the pipelining seems to fundamentaly work - the debugging
outputs can easily be added there if debugging these functions is needed
again.
2014-01-08 23:19:57 +01:00
Daniel Stenberg
2d435c7fb5 trynextip: fix build for non-IPV6 capable systems
AF_INET6 may not exist then

Patched-by: Iida Yosiaki
Bug: http://curl.haxx.se/bug/view.cgi?id=1322
2014-01-08 09:41:38 +01:00
Daniel Stenberg
8ae35102c4 ConnectionExists: fix NTLM check for new connection
When the requested authentication bitmask includes NTLM, we cannot
re-use a connection for another username/password as we then risk
re-using NTLM (connection-based auth).

This has the unfortunate downside that if you include NTLM as a possible
auth, you cannot re-use connections for other usernames/passwords even
if NTLM doesn't end up the auth type used.

Reported-by: Paras S
Patched-by: Paras S
Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html
2014-01-07 09:48:40 +01:00
Daniel Stenberg
619d1704ae mk-ca-bundle.pl: avoid warnings with -d without parameter 2014-01-05 23:53:26 +01:00
Leif W
d5f1590d5c mk-ca-bundle: introduces -d and warns about using this script 2014-01-05 23:38:32 +01:00
Steve Holme
fca7930dfa Makefile: Added missing WinSSL and x64 configurations 2014-01-05 21:13:12 +00:00
Marc Hoersken
61312fe66f multi.c: fix possible dereference of null pointer 2014-01-05 20:01:33 +01:00
Steve Holme
84a9f092dc Updated copyright year for recent changes 2014-01-04 17:41:10 +00:00
Marc Hoersken
8fc4abedf1 conncache.c: fix possible dereference of null pointer 2014-01-04 16:34:58 +01:00
Daniel Stenberg
602d28a210 FTP parselist: fix "total" parser
A regression introduced in 7f3b87d878 (present in the 7.21.4 release)
broke the total parser. Now skip the whitespace and the digits.

Reported-by: Justin Maggard
Bug: http://curl.haxx.se/mail/lib-2014-01/0019.html
2014-01-04 00:38:43 +01:00
Marc Hoersken
3b6420c0a5 Makefile.vc6: follow up fix for 11e8066 and 92b9ae5 2014-01-03 16:55:49 +01:00
Daniel Stenberg
bf24b64e83 progresscallback: make CURLE_ABORTED_BY_CALLBACK get returned better
When the progress callback returned 1 at a very early state, the code
would not make CURLE_ABORTED_BY_CALLBACK get returned but the process
would still be interrupted. In the HTTP case, this would then cause a
CURLE_GOT_NOTHING to erroneously get returned instead.

Reported-by: Petr Novak
Bug: http://curl.haxx.se/bug/view.cgi?id=1318
2014-01-03 14:09:59 +01:00
Daniel Stenberg
231b23acbb pipeline: remove print_pipeline()
This is a debug function only and serves no purpose in production code,
it only slows things down. I left the code #ifdef'ed for possible future
pipeline debugging.

Also, this was a global function without proper namespace usage.

Reported-by: He Qin
Bug: http://curl.haxx.se/bug/view.cgi?id=1320
2014-01-03 12:04:14 +01:00
Daniel Stenberg
3529162405 openssl: allow explicit sslv2 selection
If OpenSSL is built to support SSLv2 this brings back the ability to
explicitly select that as a protocol level.

Reported-by: Steve Holme
Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
2014-01-03 11:52:49 +01:00
Steve Holme
c50d3ed075 Updated copyright year for recent changes 2014-01-02 23:53:29 +00:00
Marc Hoersken
61288cbdef vtls/nssg.h: fixed include references to moved file 2014-01-03 00:32:05 +01:00
Barry Abrahamson
4bb7400529 OpenSSL: Fix forcing SSLv3 connections
Some feedback provided by byte_bucket on IRC pointed out that commit
db11750cfa wasn’t really correct because it allows for “upgrading” to a
newer protocol when it should be only allowing for SSLv3.

This change fixes that.

When SSLv3 connection is forced, don't allow SSL negotiations for newer
versions.  Feedback provided by byte_bucket in #curl.  This behavior is
also consistent with the other force flags like --tlsv1.1 which doesn't
allow for TLSv1.2 negotiation, etc

Feedback-by: byte_bucket
Bug: http://curl.haxx.se/bug/view.cgi?id=1319
2014-01-02 23:41:33 +01:00
Guenter Knauf
303172d220 Trial to fix the nmake Makefile for vtls files. 2014-01-02 22:16:21 +01:00
Guenter Knauf
e9b9e287c1 Fix NetWare build for vtls files. 2014-01-02 20:40:33 +01:00
Barry Abrahamson
db11750cfa OpenSSL: Fix forcing SSLv3 connections
Since ad34a2d5c8 (present in 7.34.0 release) forcing
SSLv3 will always return the error "curl: (35) Unsupported SSL protocol
version" Can be replicated with `curl -I -3 https://www.google.com/`.
This fix simply allows for v3 to be forced.
2014-01-01 21:36:47 +01:00
Steve Holme
34365e4b03 imap: Fixed line length warning 2013-12-31 12:16:33 +00:00
Steve Holme
60bd22620a mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TU
Following commit 0aafd77fa4, replaced the internal usage of
FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we
expect API programmers to use.

This negates the need for separate definitions which were subtly
different under different platforms/compilers.
2013-12-31 11:10:42 +00:00
Steve Holme
0aafd77fa4 mprintf: Added support for I, I32 and I64 size specifiers
Added support to the built-in printf() replacement functions, for these
non-ANSI extensions when compiling under Visual Studio, Borland, Watcom
and MinGW.

This fixes problems when generating libcurl source code that contains
curl_off_t variables.
2013-12-30 10:07:14 +00:00
Steve Holme
610a55388b connect.c: Fixed compilation warning
warning: 'res' may be used uninitialized in this function
2013-12-28 19:44:07 +00:00
Björn Stenberg
4e1ece2e44 connect: Try all addresses in first connection attempt
Fixes a bug when all addresses in the first family fail immediately, due
to "Network unreachable" for example, curl would hang and never try the
next address family.

Iterate through all address families when to trying establish the first
connection attempt.

Bug: http://curl.haxx.se/bug/view.cgi?id=1315
Reported-by: Michal Górny and Anthony G. Basile
2013-12-28 13:17:56 +00:00
Steve Holme
c9dd4022f4 sendf.c: Fixed compilation warning from f2d234a4dd
sendf.c:450:81: warning: Longer than 79 columns
2013-12-27 12:08:37 +00:00
Steve Holme
f2d234a4dd FILE: Fixed sending of data would always return CURLE_WRITE_ERROR
Introduced in commit 2a4ee0d221 sending of data via the FILE
protocol would always return CURLE_WRITE_ERROR regardless of whether
CURL_WRITEFUNC_PAUSE was returned from the callback function or not.
2013-12-27 10:58:31 +00:00
Daniel Stenberg
2a4ee0d221 FILE: we don't support paused transfers using this protocol
Make sure that we detect such attempts and return a proper error code
instead of silently handling this in problematic ways.

Updated the documentation to mention this limitation.

Bug: http://curl.haxx.se/bug/view.cgi?id=1286
2013-12-26 23:50:34 +01:00
Steve Holme
f88f9bed00 vtls: Updated comments referencing sslgen.c and ssluse.c 2013-12-26 21:42:22 +00:00
Steve Holme
9aa6e4357a vtls: Fixed up include of vtls.h 2013-12-26 21:25:51 +00:00
Daniel Stenberg
7b057f53fd curl_dofree: allow free(NULL)
Previously this memdebug free() replacement didn't properly work with a
NULL argument which has made us write code that avoids calling
free(NULL) - which causes some extra nuisance and unnecessary code.
Starting now, we should allow free(NULL) even when built with the
memdebug system enabled.

free(NULL) is permitted by POSIX
2013-12-25 23:30:25 +01:00
Daniel Stenberg
0ff0a994ad Curl_thread_create: use Curl_safefree to allow NULL better
free() itself allows a NULL input but our memory debug system requires
Curl_safefree() to be used instead when a "legitimate" NULL may be freed. Like
in the code here.

Pointed-out-by: Steve Holme
2013-12-25 00:53:15 +01:00
Luke Dashjr
e8b57d1e84 threaded resolver: Use pthread_t * for curl_thread_t
... since pthread_t may be non-scalar and/or may represent a real thread
with scalar 0.

Bug: http://curl.haxx.se/bug/view.cgi?id=1314
2013-12-25 00:28:28 +01:00
Steve Holme
7fd490732a imap: Fixed auth preference not being honored when CAPABILITY not supported
If a user indicated they preferred to authenticate using a SASL
mechanism, but SASL authentication wasn't supported by the server, curl
would always fall back to clear text when CAPABILITY wasn't supported,
even though the user didn't want to use this.
2013-12-24 22:50:33 +00:00
Steve Holme
0c762f1c92 pop3: Fixed auth preference not being honored when CAPA not supported
If a user indicated they preferred to authenticate using APOP or a SASL
mechanism, but neither were supported by the server, curl would always
fall back to clear text when CAPA wasn't supported, even though the
user didn't want to use this.

This also fixes the auto build failure caused by commit 6f2d5f0562.
2013-12-24 22:49:36 +00:00
Daniel Stenberg
2618e4caae Curl_pp_readresp: use memmove not memcpy, possibly overlapping areas
Fixes commit 1deac31eba
2013-12-24 21:29:18 +01:00
Steve Holme
6f2d5f0562 pop3: Fixed APOP being determined by CAPA response rather than by timestamp
This commit replaces that of 9f260b5d66 because according to RFC-2449,
section 6, there is no APOP capability "...even though APOP is an
optional command in [POP3].  Clients discover server support of APOP by
the presence in the greeting banner of an initial challenge enclosed in
angle brackets."
2013-12-24 16:34:55 +00:00
Daniel Stenberg
2715d7f948 FILE: don't wait due to CURLOPT_MAX_RECV_SPEED_LARGE
The FILE:// code doesn't support this option - and it doesn't make sense
to support it as long as it works as it does since then it'd only block
even longer.

But: setting CURLOPT_MAX_RECV_SPEED_LARGE would make the transfer first
get done and then libcurl would wait until the average speed would get
low enough. This happened because the transfer happens completely in the
DO state for FILE:// but then it would still unconditionally continue in
to the PERFORM state where the speed check is made.

Starting now, the code will skip from DO_DONE to DONE immediately if no
socket is set to be recv()ed or send()ed to.

Bug: http://curl.haxx.se/bug/view.cgi?id=1312
Reported-by: Mohammad AlSaleh
2013-12-22 23:44:14 +01:00
Steve Holme
cf2051764c email: Fixed segfault introduced in commit 195b63f99c 2013-12-22 00:16:52 +00:00
Daniel Stenberg
3ce2a3991b code police: fix indent level to silence checksrc complaints 2013-12-22 01:01:19 +01:00
Steve Holme
195b63f99c email: Extended the login options to support multiple auth mechanisms 2013-12-21 23:49:37 +00:00
Daniel Stenberg
1deac31eba Curl_pp_readresp: replace stupid loop with memcpy 2013-12-22 00:29:43 +01:00
Daniel Stenberg
bf468fb589 Curl_pp_readresp: zero terminate line
The comment in the code mentions the zero terminating after having
copied data, but it mistakingly zero terminated the source data and not
the destination! This caused the test 864 problem discussed on the list:

http://curl.haxx.se/mail/lib-2013-12/0113.html
Signed-off-by: Daniel Stenberg <daniel@haxx.se>
2013-12-22 00:20:13 +01:00
Steve Holme
ca4506b46a Revert "pop3: Added debug information to assist with test864 failure"
This reverts commit 727d798d68.
2013-12-21 12:50:59 +00:00
Steve Holme
727d798d68 pop3: Added debug information to assist with test864 failure 2013-12-21 11:17:30 +00:00
Steve Holme
812c5ace75 pop3: Fixed APOP timestamp detection from commit 1cfb436a2f 2013-12-20 20:17:59 +00:00
Daniel Stenberg
c3a02c3e54 Makefile.inc: use standard source header 2013-12-20 17:12:42 +01:00
Daniel Stenberg
565c5b3dc3 Makefile.inc: specify the vtls sources+headers separately 2013-12-20 17:12:42 +01:00
Daniel Stenberg
11e8066ef9 vtls: renamed sslgen.[ch] to vtls.[ch] 2013-12-20 17:12:42 +01:00
Daniel Stenberg
92b9ae5c5d openssl: renamed backend files to openssl.[ch] 2013-12-20 17:12:42 +01:00
Daniel Stenberg
a47c142a88 vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
Daniel Stenberg
eccf4fb7ee vtls: created subdir, moved sslgen.[ch] there, updated all include lines 2013-12-20 17:12:42 +01:00
Steve Holme
9f260b5d66 pop3: Fixed selection of APOP when server replies with an invalid timestamp
Although highlighted by a bug in commit 1cfb436a2f, APOP
authentication could be chosen if the server was to reply with an empty
or missing timestamp in the server greeting and APOP was given in the
capability list by the server.
2013-12-20 14:51:45 +00:00
Steve Holme
0452976711 pop3: Fixed processing of more than one response when sent in same packet
Added a loop to pop3_statemach_act() in which Curl_pp_readresp() is
called until the cache is drained. Without this multiple responses
received in a single packet could result in a hang or delay.
2013-12-20 07:20:49 +00:00
Steve Holme
94d820b4cb pop3: Moved CAPA response handling to pop3_state_capa_resp()
Similar to the processing of untagged CAPABILITY responses in IMAP and
multi-line EHLO responses in SMTP, moved the processing of multi-line
CAPA responses to pop3_state_capa_resp().
2013-12-19 23:06:42 +00:00
Steve Holme
1cfb436a2f pop3: Moved APOP detection into pop3_state_servergreet_resp()
In an effort to reduce what pop3_endofresp() does and bring the POP3
source back inline with the IMAP and SMTP protocols, moved the APOP
detection into pop3_state_servergreet_resp().
2013-12-19 23:06:33 +00:00