1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 05:25:06 -05:00
Commit Graph

27291 Commits

Author SHA1 Message Date
theawless
0e7638dbea
configure: add --disable-ntlm option
Closes #7028
2021-06-02 08:55:00 +02:00
theawless
ee8c4f766c
define: re-add CURL_DISABLE_NTLM and corresponding ifdefs
This flag will be further exposed by adding build options.

Reverts #6809
Closes #7028
2021-06-02 08:55:00 +02:00
Daniel Stenberg
68c71126f8
RELEASE-NOTES: synced 2021-06-02 08:18:08 +02:00
Viktor Szakats
f48aee35ad
travis: delete --enable-hsts option (it is the default now) [ci skip]
Reviewed-by: Daniel Stenberg
Closes #7167
2021-06-01 22:30:11 +00:00
Daniel Stenberg
e1fcaf571f
hostip: fix 3 coverity complaints
Follow-up to 1a0ebf6632

- Check the return code to Curl_inet_pton() in two instances, even
  though we know the input is valid so the functions won't fail.

- Clear the 'struct sockaddr_in' struct before use so that the
  'sin_zero' field isn't left uninitialized.

Detected by Coverity.
Assisted-by: Harry Sintonen
Closes #7163
2021-06-01 23:24:07 +02:00
Daniel Stenberg
83036d86af
c-hyper: fix NTLM on closed connection tested with test159
Closes #7154
2021-06-01 18:03:37 +02:00
Daniel Stenberg
dddad339e8
conncache: lowercase the hash key for better match
As host names are case insensitive, the use of case sensitive hashing
caused unnecesary cache misses and therefore lost performance. This
lowercases the hash key.

Reported-by: Harry Sintonen
Fixes #7159
Closes #7161
2021-06-01 17:55:35 +02:00
Daniel Stenberg
a2b1bbeef0
mbedtls: make mbedtls_strerror always work
If the function doesn't exist, provide a macro that just clears the
error message. Removes #ifdef uses from the code.

Closes #7162
2021-06-01 17:53:44 +02:00
Daniel Stenberg
c7b93a76ea
vtls: exit addsessionid if no cache is inited
Follow-up to b249592d29

Avoids NULL pointer derefs.

Closes #7165
2021-06-01 13:40:30 +02:00
Harry Sintonen
f1cd5004b0
Curl_ntlm_core_mk_nt_hash: fix OOM in error path
Closes #7164
2021-06-01 13:38:01 +02:00
Michael Kaufmann
b249592d29 ssl: read pending close notify alert before closing the connection
This avoids a TCP reset (RST) if the server initiates a connection
shutdown by sending an SSL close notify alert and then closes the TCP
connection.

For SSL connections, usually the server announces that it will close the
connection with an SSL close notify alert. curl should read this alert.
If curl does not read this alert and just closes the connection, some
operating systems close the TCP connection with an RST flag.

See RFC 1122, section 4.2.2.13

If curl reads the close notify alert, the TCP connection is closed
normally with a FIN flag.

The new code is similar to existing code in the "SSL shutdown" function:
try to read an alert (non-blocking), and ignore any read errors.

Closes #7095
2021-06-01 09:40:40 +02:00
Laurent Dufresne
8cc1fee5b9
setopt: fix incorrect comments
Closes #7157
2021-06-01 09:35:34 +02:00
Laurent Dufresne
05e0453050
mbedtls: add support for cert and key blob options
CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB weren't usable with
mbedtls backend, so the support was added.

Closes #7157
2021-06-01 09:35:17 +02:00
Gregor Jasny
e5dfc88eb8
cmake: try well-known send/recv signature for Apple
The CMake `try_compile` command is especially slow for
the Xcode generator. With this patch applied it first tests
for the currently used (and Open Group specified) send/recv
signature. In case this fails testing falls-back to the
permutations.

speed-up:

```
time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
before: 11.64s user 11.09s system 55% cpu 40.754 total
after:   7.84s user 6.57s  system 51% cpu 28.074 total
```

```
time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -DCMAKE_USE_LIBSSH2=OFF
before: 217.07s user 104.15s system 60% cpu 8:51.79 total
after:  108.76s user  51.80s system 58% cpu 4:32.58 total
```

Closes #7158
2021-06-01 08:44:07 +02:00
Daniel Stenberg
ef1a917a11
http2: init recvbuf struct for pushed streams
Debug builds would warn that these structs were not initialized properly
for pushed streams.

Ref: #7148
Closes #7153
2021-05-31 20:41:51 +02:00
Daniel Stenberg
894c74738f
Curl_ssl_getsessionid: fail if no session cache exists
This function might get called for an easy handle for which the session
cache hasn't been setup. It now just returns a "miss" in that case.

Reported-by: Christoph M. Becker
Fixes #7148
Closes #7153
2021-05-31 20:41:40 +02:00
Daniel Stenberg
5e1e4dbf1e
GOVERNANCE: add 'user', 'committer' and 'contributor'
As those are commonly used terms in the project.

Closes #7151
2021-05-31 15:42:39 +02:00
Daniel Stenberg
c61ca43340
URL-SYNTAX.md: document the new 'localhost' treatment 2021-05-31 15:37:37 +02:00
Daniel Stenberg
1a0ebf6632
hostip: make 'localhost' return fixed values
Resolving the case insensitive host name 'localhost' now returns the
addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
resolver.

This removes the risk that users accidentally resolves 'localhost' to
something else. By making sure 'localhost' is always local, we can
assume a "secure context" for such transfers (for cookies etc).

Closes #7039
2021-05-31 15:37:37 +02:00
Daniel Gustafsson
772eacb2e3 docs: fix typos 2021-05-31 12:47:15 +02:00
Daniel Stenberg
1c1d9f1aff
hsts: ignore numberical IP address hosts
Also, use a single function library-wide for detecting if a given hostname is
a numerical IP address.

Reported-by: Harry Sintonen
Fixes #7146
Closes #7149
2021-05-30 19:49:40 +02:00
Daniel Stenberg
9097843e8f
test178: adjust for hyper
Hyper returns the same error for wrong HTTP version as for negative
content-length. Test 178 verifies that negative content-length is
rejected but the hyper backend will return a different error for it (and
without any helpful message telling why the message was bad). It will
also not return any headers at all for the response, not even the ones
that arrived before the error.

Closes #7147
2021-05-29 23:16:04 +02:00
Daniel Stenberg
a43e1da1e2
HYPER: remove mentions of deprecated development branch 2021-05-28 23:06:19 +02:00
Daniel Stenberg
f2619b1767
c-hyper: handle NULL from hyper_buf_copy()
Closes #7143
2021-05-28 15:08:11 +02:00
Daniel Stenberg
68975fba02
HSTS: not experimental anymore 2021-05-28 12:34:07 +02:00
Douglas R. Reno
ed38ac86ea
INSTALL: use correct extension for CURL-DISABLE.md
In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of
CURL-DISABLE.md. This generates a 404 on the cURL website as well as
when viewing the docs through Github.

Closes #7142
2021-05-27 22:59:48 +02:00
Daniel Stenberg
629463f692
travis: run tests 1 - 153 with hyper 2021-05-27 18:14:12 +02:00
Daniel Stenberg
11796231af
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
Makes test 129 work (HTTP/1.2 response).

Closes #7141
2021-05-27 18:14:00 +02:00
Daniel Stenberg
d3e0f20fea
http_proxy: deal with non-200 CONNECT response with Hyper
Makes test 94 and 95 work

Closes #7141
2021-05-27 18:13:45 +02:00
Daniel Stenberg
23b99fc94c
c-hyper: clear NTLM auth buffer when request is issued
To prevent previous ones to get reused on subsequent requests. Matches
how the built-in HTTP code works. Makes test 90 to 93 work.

Add test 90 to 93 in travis.

Closes #7139
2021-05-27 16:50:59 +02:00
Joel Depooter
ee97f17697
schannel: set ALPN length correctly for HTTP/2
In a3268eca79 this code was changed to use the ALPN_H2 constant
instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
not the same. The nghttp2 constant included the length of the string,
like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
to re-add the length of the string to the ALPN buffer.

Closes #7138
2021-05-27 08:27:35 +02:00
Daniel Stenberg
5f7fef70a9
travis: run tests 1-89 in the hyper build
Closes #7137
2021-05-27 07:55:30 +02:00
Daniel Stenberg
2ee761c19b
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
This reverts commit c3eefa95c3.

Reported-by: Kevin Burke
Fixes #7122
Closes #7136
2021-05-27 07:54:32 +02:00
jonrumsey
9655474548
ccsidcurl: fix the compile errors
Looks like the declaration of cpp shoule be const char ** and return
null if convert_version_info_string fails.

Fixes #7134
Closes #7135
2021-05-26 23:36:22 +02:00
Viktor Szakats
3976dd67a2
docs: use --max-redirs instead of --max-redir
For consistency.

Closes #7130
2021-05-26 14:49:52 +02:00
Daniel Stenberg
6043edf3dc
RELEASE-NOTES: synced
... and bump to 7.77.1
2021-05-26 14:47:35 +02:00
Michael Forney
a2fe2f04cd
travis: add bearssl build
Closes #7133
2021-05-26 14:43:56 +02:00
Michael Forney
7f9c5af8b3
bearssl: explicitly initialize all fields of Curl_ssl
Also, add comments like the other vtls backends.

Closes #7133
2021-05-26 14:43:45 +02:00
Michael Forney
a03ea62239
bearssl: remove incorrect const on variable that is modified
hostname may be set to NULL later on in this function if it is an
IP address.

Closes #7133
2021-05-26 14:43:40 +02:00
Daniel Stenberg
6b951a6928
RELEASE-NOTES: synced 2021-05-26 08:18:11 +02:00
Daniel Stenberg
83a31635a4
THANKS: added contributors from 7.77.0 cycle 2021-05-26 08:18:11 +02:00
Daniel Stenberg
82d334001f
copyright: update copyright year ranges to 2021 2021-05-26 08:18:11 +02:00
Radek Zajic
1a5e41d97c
hostip: fix broken macOS/CMake/GCC builds
Follow-up to 31f631a142

Fixes #7128
Closes #7129
2021-05-26 00:24:09 +02:00
Daniel Stenberg
54e5c24565
TODO: netrc caching and sharing
URL: https://curl.se/mail/archive-2021-05/0018.html
2021-05-25 17:45:26 +02:00
Orgad Shaneh
2864b00b01
setopt: streamline ssl option code
Make it use the same style as the code next to it

Closes #7123
2021-05-25 12:48:04 +02:00
Radek Zajic
31f631a142
lib/hostip6.c: make NAT64 address synthesis on macOS work
Closes #7121
2021-05-25 12:45:56 +02:00
ejanchivdorj
a63dae5d07
sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
2021-05-25 11:22:09 +02:00
Paweł Wegner
643ec29645
CMake: add CURL_ENABLE_EXPORT_TARGET option
install(EXPORT ...) causes trouble when embedding curl dependencies
which don't provide install(EXPORT ...) targets (e.g libressl and
nghttp2) with cmake's add_subdirectory.

Reviewed-by: Jakub Zakrzewski
Closes #7060
2021-05-25 08:06:19 +02:00
Alessandro Ghedini
424aa64d54
quiche: update for network path aware API
Latest version of quiche requires the application to pass the peer
address of received packets, and it provides the address for outgoing
packets back.

Closes #7120
2021-05-24 17:26:46 +02:00
Jacob Hoffman-Andrews
a62e6435f4
rustls: switch read_tls and write_tls to callbacks
And update to 0.6.0, including a rename from session to connection for
many fields.

Closes #7071
2021-05-24 16:40:59 +02:00