1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 05:25:06 -05:00
Commit Graph

8380 Commits

Author SHA1 Message Date
Stefan Bühler
0db831976e fix refreshing of obsolete dns cache entries
- cache entries must be also refreshed when they are in use
- have the cache count as inuse reference too, freeing timestamp == 0 special
  value
- use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed
- remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh)
- fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special
  reference anymore, and it would also release non CURLOPT_RESOLVE references
- fix locking in Curl_hostcache_clean
- fix unit1305.c: hash now keeps a reference, need to set inuse = 1
2015-04-03 16:46:14 +02:00
Jay Satiro
f203edc544 cyassl: Set minimum protocol version before CTX callback
This change is to allow the user's CTX callback to change the minimum
protocol version in the CTX without us later overriding it, as we did
prior to this change.
2015-04-03 10:51:58 +02:00
Jay Satiro
0b5efa57ad cyassl: Fix certificate load check
SSL_CTX_load_verify_locations can return negative values on fail,
therefore to check for failure we check if load is != 1 (success)
instead of if load is == 0 (failure), the latter being incorrect given
that behavior.
2015-04-02 17:18:42 +02:00
Tatsuhiro Tsujikawa
21e82bd635 http2: Fix missing nghttp2_session_send call in Curl_http2_switched
Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to
parse incoming data which were already received while curl was handling
upgrade.  But we didn't call nghttp2_session_send, and it led to make
curl not send any response to the received frames.  Most likely, we
received SETTINGS from server at this point, so we missed opportunity to
send SETTINGS + ACK.  This commit adds missing nghttp2_session_send call
in Curl_http2_switched to fix this issue.

Bug: https://github.com/bagder/curl/issues/192
Reported-by: Stefan Eissing
2015-04-02 15:19:29 +02:00
Daniel Stenberg
2685041a5c cookie: handle spaces after the name in Set-Cookie
"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts
2015-04-01 23:25:29 +02:00
Jay Satiro
b121633402 cyassl: Fix library initialization return value
(Curl_cyassl_init)
- Return 1 on success, 0 in failure.

Prior to this change the fail path returned an incorrect value and the
evaluation to determine whether CyaSSL_Init had succeeded was incorrect.
Ironically that combined with the way curl_global_init tests SSL library
initialization (!Curl_ssl_init()) meant that CyaSSL having been
successfully initialized would be seen as that even though the code path
and return value in Curl_cyassl_init were wrong.
2015-04-01 08:10:58 +02:00
Dan Fandrich
049fe7fb53 axtls: add timeout within Curl_axtls_connect
This allows test 405 to pass on axTLS.
2015-03-31 02:04:22 +02:00
Jay Satiro
6419aee248 checksrc: Windows-specific input fixes
lib/config-win32ce.h
- Fix whitespace for checksrc compliance.

lib/checksrc.pl
- Remove trailing carriage returns from input.

projects/checksrc.bat
- Ignore tool_hugehelp.c.
2015-03-30 22:39:13 +02:00
Daniel Stenberg
787c2ae91b multi: remove_handle: move pending connections
If the handle removed from the multi handle happens to be the one
"owning" the pipeline other transfers will be waiting indefinitely. Now
we move such handles back to connect to have them race (again) for
getting the connection and thus avoid hanging.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
2015-03-29 23:49:12 +02:00
Jay Satiro
fcdc597b1a cyassl: CTX callback cosmetic changes and doc fix
- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
2015-03-28 16:41:51 +01:00
Kyle L. Huff
d2feb71752 cyassl: add SSL context callback support for CyaSSL
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
2015-03-27 23:32:14 +01:00
Kyle L. Huff
211f1e3c6b cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.
2015-03-27 23:31:12 +01:00
Jay Satiro
e7a289ebb9 vtls: Don't accept unknown CURLOPT_SSLVERSION values 2015-03-27 09:32:23 +01:00
Jay Satiro
488102fc17 url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined 2015-03-27 09:31:30 +01:00
Daniel Stenberg
318ad8d767 multi: on a request completion, check all CONNECT_PEND transfers
... even if they don't have an associated connection anymore. It could
leave the waiting transfers pending with no active one on the
connection.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
2015-03-26 08:14:22 +01:00
Daniel Stenberg
eb2a6180fb README.http2: refreshed and added TODO items 2015-03-25 12:13:16 +01:00
Daniel Stenberg
5b58bface3 polarssl: called mbedTLS in 1.3.10 and later 2015-03-25 09:19:57 +01:00
Daniel Stenberg
83b29e43cd polarssl: remove dead code
and simplify code by changing if-elses to a switch()

CID 1291706: Logically dead code. Execution cannot reach this statement
2015-03-25 09:01:11 +01:00
Daniel Stenberg
24908c12d7 polarssl: remove superfluous for(;;) loop
"unreachable: Since the loop increment is unreachable, the loop body
will never execute more than once."

Coverity CID 1291707
2015-03-25 08:49:34 +01:00
Daniel Stenberg
4e299192ed Curl_ssl_md5sum: return CURLcode
... since the funciton can fail on OOM. Check this return code.

Coverity CID 1291705.
2015-03-25 08:32:12 +01:00
Jay Satiro
e35f2e61ec cyassl: default to highest possible TLS version
(cyassl_connect_step1)
- Use TLS 1.0-1.2 by default when available.

CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
version.

cyassl/cyassl@322f79f
2015-03-25 08:10:24 +01:00
Jay Satiro
d29f8b460c cyassl: Check for invalid length parameter in Curl_cyassl_random 2015-03-25 08:08:12 +01:00
Jay Satiro
ec31962640 cyassl: If wolfSSL then identify as such in version string 2015-03-25 08:08:12 +01:00
Dan Fandrich
35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
2015-03-24 23:47:01 +01:00
Daniel Stenberg
ac2827ac09 openssl: do the OCSP work-around for libressl too
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
2015-03-24 23:39:52 +01:00
Daniel Stenberg
bd9ac3cff2 openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini
2015-03-24 23:06:37 +01:00
Daniel Stenberg
7e6ca87a72 openssl: adapt to ASN1/X509 things gone opaque in 1.1 2015-03-24 22:59:33 +01:00
Dan Fandrich
56ae66d518 vtls: fix compile with --disable-crypto-auth but with SSL
This is a strange combination of options, but is allowed.
2015-03-24 21:41:22 +01:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Yamada Yasuharu
ecc4940df2 curl_easy_recv/send: make them work with the multi interface
By making sure Curl_getconnectinfo() uses the correct connection cache
to find the last connection.
2015-03-23 22:46:58 +01:00
Daniel Stenberg
4b02b84897 http2: move the init too for when its actually needed
... it would otherwise lead to memory leakage if we never actually do
the switch.
2015-03-23 10:26:04 +01:00
Dan Fandrich
145c4692ff dict: rename byte to avoid compiler shadowed declaration warning
This conflicted with a WolfSSL typedef.
2015-03-23 10:16:10 +01:00
Dan Fandrich
430006c5e2 cyassl: include version.h to ensure the version macros are defined 2015-03-23 10:10:03 +01:00
Nick Zitzmann
7f5a170442 darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21 12:22:56 -05:00
Daniel Stenberg
ed429b72d7 gtls: add check of return code
Coverity CID 1291167 pointed out that 'rc' was received but never used when
gnutls_credentials_set() was used. Added return code check now.
2015-03-21 16:53:43 +01:00
Daniel Stenberg
fea13a17d8 gtls: dereferencing NULL pointer
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
NULL if gnutls_certificate_get_peers() had previously failed.
2015-03-21 16:53:23 +01:00
Daniel Stenberg
5f6f9e8b59 gtls: avoid uninitialized variable.
Coverity CID 1291166 pointed out that we could read this variable
uninitialized.
2015-03-21 16:53:09 +01:00
Daniel Stenberg
9cd4d6518f x509asn1: add /* fallthrough */ in switch() case 2015-03-21 16:29:58 +01:00
Daniel Stenberg
e6917d3b77 x509asn1: minor edit to unconfuse Coverity
CID 1202732 warns on the previous use, although I cannot fine any
problems with it. I'm doing this change only to make the code use a more
familiar approach to accomplish the same thing.
2015-03-21 16:21:01 +01:00
Daniel Stenberg
b734518371 nss: error: unused variable 'connssl' 2015-03-21 15:47:03 +01:00
Dan Fandrich
6779c50e26 cyassl: use new library version macro when available 2015-03-20 23:49:53 +01:00
Alessandro Ghedini
185914fd31 nss: add support for TLS False Start 2015-03-20 20:14:35 +01:00
Alessandro Ghedini
4dcd25e138 url: add CURLOPT_SSL_FALSESTART option
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
2015-03-20 20:14:33 +01:00
Alessandro Ghedini
a332922a52 gtls: implement CURLOPT_CERTINFO 2015-03-20 19:03:53 +01:00
Alessandro Ghedini
8854f8d45a openssl: try to avoid accessing OCSP structs when possible 2015-03-20 15:36:05 +01:00
Daniel Stenberg
abfab1786e HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
We prematurely changed protocol handler to HTTP/2 which made things very
slow (and wrong).

Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-19 13:44:18 +01:00
Dan Fandrich
9e66d3f4d3 axtls: version 1.5.2 now requires that config.h be manually included 2015-03-19 10:11:17 +01:00
Kamil Dudka
e3fbdc7c8a nss: explicitly tell NSS to disable NPN/ALPN
... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
2015-03-18 19:43:14 +01:00
Dan Fandrich
252e9acd50 checksrc: Fix whitelist on out-of-tree builds 2015-03-17 23:26:48 +01:00
Stefan Bühler
4d6e079dd2 Curl_sh_entry: remove unused 'timestamp' 2015-03-17 16:29:36 +01:00
Daniel Stenberg
ef1c3b4648 HTTP: don't use Expect: headers when on HTTP/2
Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-17 15:09:34 +01:00
Daniel Stenberg
2dc1a5ce93 checksrc: detect and remove space before trailing semicolons 2015-03-17 14:06:48 +01:00
Daniel Stenberg
0037eb5805 checksrc: introduce a whitelisting concept 2015-03-17 13:57:37 +01:00
Daniel Stenberg
9395999543 checksrc: use space after comma 2015-03-17 13:57:37 +01:00
Daniel Stenberg
a6b8fe2a5f checksrc: use space before paren in "return (expr);" 2015-03-17 13:05:01 +01:00
Daniel Stenberg
0f4a03cbb6 free: instead of Curl_safefree()
Since we just started make use of free(NULL) in order to simplify code,
this change takes it a step further and:

- converts lots of Curl_safefree() calls to good old free()
- makes Curl_safefree() not check the pointer before free()

The (new) rule of thumb is: if you really want a function call that
frees a pointer and then assigns it to NULL, then use Curl_safefree().
But we will prefer just using free() from now on.
2015-03-16 15:01:15 +01:00
Markus Elfring
9e661601fe Bug #149: Deletion of unnecessary checks before a few calls of cURL functions
The following functions return immediately if a null pointer was passed.
* Curl_cookie_cleanup
* curl_formfree

It is therefore not needed that a function caller repeats a corresponding check.

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Jay Satiro
059b3a5770 connect: Fix happy eyeballs logic for IPv4-only builds
Bug: https://github.com/bagder/curl/pull/168

(trynextip)
- Don't try the "other" protocol family unless IPv6 is available. In an
IPv4-only build the other family can only be IPv6 which is unavailable.

This change essentially stops IPv4-only builds from attempting the
"happy eyeballs" secondary parallel connection that is supposed to be
used by the "other" address family.

Prior to this change in IPv4-only builds that secondary parallel
connection attempt could be erroneously used by the same family (IPv4)
which caused a bug where every address after the first for a host could
be tried twice, often in parallel. This change fixes that bug. An
example of the bug is shown below.

Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4:

* STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000)
* Rebuilt URL to: http://MTEST/
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083
(connection #0)
*   Trying 127.0.0.2...
* STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163
(connection #0)
*   Trying 127.0.0.3...
* connect to 127.0.0.2 port 80 failed: Connection refused
*   Trying 127.0.0.3...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.4 port 80 failed: Connection refused
* connect to 127.0.0.4 port 80 failed: Connection refused
* Failed to connect to MTEST port 80: Connection refused
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (7) Failed to connect to MTEST port 80: Connection refused

The bug was born in commit bagder/curl@2d435c7.
2015-03-16 12:07:59 +01:00
Frank Meier
9063a7f853 closesocket: call multi socket cb on close even with custom close
In function Curl_closesocket() in connect.c the call to
Curl_multi_closed() was wrongly omitted if a socket close function
(CURLOPT_CLOSESOCKETFUNCTION) is registered.

That would lead to not removing the socket from the internal hash table
and not calling the multi socket callback appropriately.

Bug: http://curl.haxx.se/bug/view.cgi?id=1493
2015-03-15 13:26:03 +01:00
Tobias Stoeckmann
851c29269b hostip: Fix signal race in Curl_resolv_timeout.
A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is
configured to interrupt system calls and uses siglongjmp to return into
the function if alarm() goes off.

The signal handler is installed before curl_jmpenv is initialized.
This means that an already installed alarm timer could trigger the
newly installed signal handler, leading to undefined behavior when it
accesses the uninitialized curl_jmpenv.

Even if there is no previously installed alarm available, the code in
Curl_resolv_timeout itself installs an alarm before the environment is
fully set up. If the process is sent into suspend right after that, the
signal handler could be called too early as in previous scenario.

To fix this, the signal handler should only be installed and the alarm
timer only be set after sigsetjmp has been called.
2015-03-14 18:24:11 +01:00
Daniel Stenberg
0cf649d9cc http2: detect prematures close without data transfered
... by using the regular Curl_http_done() method which checks for
that. This makes test 1801 fail consistently with error 56 (which seems
fine) to that test is also updated here.

Reported-by: Ben Darnell
Bug: https://github.com/bagder/curl/issues/166
2015-03-14 18:19:51 +01:00
Daniel Stenberg
186e46d88d openssl: use colons properly in the ciphers list
While the previous string worked, this is the documented format.

Reported-by: Richard Moore
2015-03-12 23:29:46 +01:00
Daniel Stenberg
0d1060f21e openssl: sort the ciphers on strength
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12 23:16:28 +01:00
Daniel Stenberg
1d3f1a80d0 openssl: show the cipher selection to use 2015-03-12 15:53:45 +01:00
Daniel Stenberg
a5d994941c http: always send Host: header as first header
...after the method line:

 "Since the Host field-value is critical information for handling a
 request, a user agent SHOULD generate Host as the first header field
 following the request-line." / RFC 7230 section 5.4

Additionally, this will also make libcurl ignore multiple specified
custom Host: headers and only use the first one. Test 1121 has been
updated accordingly

Bug: http://curl.haxx.se/bug/view.cgi?id=1491
Reported-by: Rainer Canavan
2015-03-12 12:15:24 +01:00
Alexander Pepper
143acd6222 mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q".
Also unified printing to STDERR by creating the helper method "report".
2015-03-11 14:47:41 +01:00
Daniel Stenberg
852d35b6ea proxy: re-use proxy connections (regression)
When checking for a connection to re-use, a proxy-using request must
check for and use a proxy connection and not one based on the host
name!

Added test 1421 to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1492
2015-03-11 11:54:22 +01:00
Alessandro Ghedini
fa895f2aa2 gtls: correctly align certificate status verification messages 2015-03-10 15:48:34 +01:00
Alessandro Ghedini
a6a264ef2c gtls: don't print double newline after certificate dates 2015-03-10 15:20:03 +01:00
Alessandro Ghedini
3a757fddbb gtls: print negotiated TLS version and full cipher suite name
Instead of priting cipher and MAC algorithms names separately, print the
whole cipher suite string which also includes the key exchange algorithm,
along with the negotiated TLS version.
2015-03-10 15:18:14 +01:00
Daniel Stenberg
d9973eaeb8 gtls: fix compiler warnings 2015-03-10 15:16:59 +01:00
Alessandro Ghedini
5a1614cecd gtls: add support for CURLOPT_CAPATH 2015-03-10 15:03:54 +01:00
Daniel Stenberg
c19349951d multi: fix *getsock() with CONNECT
The code used some happy eyeballs logic even _after_ CONNECT has been
sent to a proxy, while the happy eyeball phase is already (should be)
over by then.

This is solved by splitting the multi state into two separate states
introducing the new SENDPROTOCONNECT state.

Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html
Reported-by: Peter Laser
2015-03-07 19:19:22 +01:00
Daniel Stenberg
9da14a96ab conncontrol: only log changes to the connection bit 2015-03-07 19:18:49 +01:00
Daniel Stenberg
00ea0e7db0 http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
Since they already exist and will make comparing easier
2015-03-07 11:10:30 +01:00
Daniel Stenberg
df28af8f39 http2: make the info-message about receiving HTTP2 headers debug-only 2015-03-07 10:55:37 +01:00
Alessandro Ghedini
44ffe27056 urldata: remove unused asked_for_h2 field 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
adb4e41a1a polarssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
42bc45be8e nss: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
870a67e01f gtls: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
2e9494b15d openssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Daniel Stenberg
042526c19f urldata: fix gnutls build 2015-03-06 10:13:40 +01:00
Daniel Stenberg
492dfca65d multi: fix memory-leak on timeout (regression)
Since 1342a96ecf, a timeout detected in the multi state machine didn't
necesarily clear everything up, like formpost data.

Bug: https://github.com/bagder/curl/issues/147
Reported-by: Michel Promonet
Patched-by: Michel Promonet
2015-03-05 15:43:38 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
8aabbf5f8c vtls: use curl_printf.h all over
No need to use _MPRINTF_REPLACE internally.
2015-03-03 23:17:43 +01:00
Daniel Stenberg
df5578a7a3 mprintf.h: remove #ifdef CURLDEBUG
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
2015-03-03 12:36:18 +01:00
Tatsuhiro Tsujikawa
48b5374e65 http2: Return error if stream was closed with other than NO_ERROR
Previously, we just ignored error code passed to
on_stream_close_callback and just return 0 (success) after stream
closure even if stream was reset with error.  This patch records error
code in on_stream_close_callback, and return -1 and use CURLE_HTTP2
error code on abnormal stream closure.
2015-02-27 21:17:27 +00:00
Daniel Stenberg
bc3a44aebc http2: return recv error on unexpected EOF
Pointed-out-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-02-25 13:51:21 +01:00
Daniel Stenberg
b9c190ba77 http2: move lots of verbose output to be debug-only 2015-02-25 11:45:46 +01:00
Kamil Dudka
4909f7c795 nss: do not skip Curl_nss_seed() if data is NULL
In that case, we only skip writing the error message for failed NSS
initialization (while still returning the correct error code).
2015-02-25 10:23:07 +01:00
Kamil Dudka
7a1538d9cc nss: improve error handling in Curl_nss_random()
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
2015-02-25 10:23:06 +01:00
Marc Hoersken
ffc2aeec6e Revert "telnet.c: fix handling of 0 being returned from custom read function"
This reverts commit 03fa576833.
2015-02-25 00:16:10 +01:00
Marc Hoersken
b3bcdaf01a telnet.c: fix invalid use of custom read function if not being set
obj_count can be 1 if the custom read function is set or the stdin
handle is a reference to a pipe. Since the pipe should be handled
using the PeekNamedPipe-check below, the custom read function should
only be used if it is actually enabled.
2015-02-25 00:01:14 +01:00
Marc Hoersken
03fa576833 telnet.c: fix handling of 0 being returned from custom read function
According to [1]: "Returning 0 will signal end-of-file to the library
and cause it to stop the current transfer."
This change makes the Windows telnet code handle this case accordingly.

 [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html
2015-02-24 23:59:06 +01:00
Kamil Dudka
e08a12dab1 connect: wait for IPv4 connection attempts
... even if the last IPv6 connection attempt has failed.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
2015-02-23 13:32:28 +01:00
Kamil Dudka
92835ca5d8 connect: avoid skipping an IPv4 address
... in case the protocol versions are mixed in a DNS response
(IPv6 -> IPv4 -> IPv6).

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
2015-02-23 13:31:01 +01:00
Julian Ospald
90314100e0 configure: allow both --with-ca-bundle and --with-ca-path
SSL_CTX_load_verify_locations by default (and if given non-Null
parameters) searches the CAfile first and falls back to CApath.  This
allows for CAfile to be a basis (e.g. installed by the package manager)
and CApath to be a user configured directory.

This wasn't reflected by the previous configure constraint which this
patch fixes.

Bug: https://github.com/bagder/curl/pull/139
2015-02-20 16:30:04 +01:00
Ben Boeckel
20112ed846 cmake: install the dll file to the correct directory 2015-02-20 14:17:32 +01:00
Alessandro Ghedini
63b4b8c7bd nss: fix NPN/ALPN protocol negotiation
Correctly check for memcmp() return value (it returns 0 if the strings match).

This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.
2015-02-19 23:09:12 +01:00
Alessandro Ghedini
633b3895d7 polarssl: fix ALPN protocol negotiation
Correctly check for strncmp() return value (it returns 0 if the strings
match).
2015-02-19 23:07:40 +01:00
Alessandro Ghedini
676ac46ff5 gtls: fix build with HTTP2 2015-02-19 19:00:51 +01:00
Steve Holme
31c8f8ac11 Makefile.vc6: Corrected typos in rename of darwinssl.obj 2015-02-16 00:35:16 +00:00
Nick Zitzmann
b1c7fc050b By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" 2015-02-15 17:11:01 -06:00
Kamil Dudka
aba2c4dca2 openssl: fix a compile-time warning
lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
2015-02-12 08:39:19 +01:00
Steve Holme
c1878e8f52 openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection
For consistency with other conditionally compiled code in openssl.c,
use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
not included.
2015-02-11 21:03:23 +00:00
Patrick Monnerat
ab85ac5eda ftp: accept all 2xx responses to the PORT command 2015-02-11 19:51:57 +01:00
Steve Holme
d771b44e53 openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
2015-02-09 21:01:39 +00:00
Tatsuhiro Tsujikawa
7eebf9a3fb http2: Fix bug that associated stream canceled on PUSH_PROMISE
Previously we don't ignore PUSH_PROMISE header fields in on_header
callback.  It makes header values mixed with following HEADERS,
resulting protocol error.
2015-02-09 15:52:56 +01:00
Jay Satiro
20c727ec4c polarssl: Fix exclusive SSL protocol version options
Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.

http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich
2015-02-09 10:39:17 +01:00
Jay Satiro
9956ef2d33 gskit: Fix exclusive SSLv3 option 2015-02-09 10:38:46 +01:00
Steve Holme
761d5166af schannel: Removed curl_ prefix from source files
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
2015-02-07 21:34:33 +00:00
Daniel Stenberg
05792d6936 md5: use axTLS's own MD5 functions when available 2015-02-06 14:36:25 +01:00
Daniel Stenberg
2a15e594ef MD(4|5): make the MD4_* and MD5_* functions static 2015-02-06 14:26:32 +01:00
Daniel Stenberg
d557da5d79 axtls: fix conversion from size_t to int warning 2015-02-06 14:26:32 +01:00
Steve Holme
600ccb2237 ftp: Use 'CURLcode result' for curl result codes 2015-02-05 20:31:12 +00:00
Daniel Stenberg
45b9b62de4 openssl: SSL_SESSION->ssl_version no longer exist
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!

Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
2015-02-05 11:57:33 +01:00
Daniel Stenberg
0d41c3e46b MD5: fix compiler warnings and code style nits 2015-02-04 08:09:06 +01:00
Daniel Stenberg
57d6d253a1 MD5: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5

Code-by: Alexander Peslyak
2015-02-04 08:09:06 +01:00
Daniel Stenberg
7f1d76f7ee MD4: fix compiler warnings and code style nits 2015-02-04 08:09:06 +01:00
Daniel Stenberg
211d5329f4 MD4: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4

Code-by: Alexander Peslyak
2015-02-04 08:09:05 +01:00
Steve Holme
cfc6d460cb telnet: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:09:31 +00:00
Steve Holme
0ebe2c15d1 hostasyn: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:07:39 +00:00
Steve Holme
28c9e1edf4 schannel: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:07:16 +00:00
Daniel Stenberg
b3cbf4500d unit1601: MD5 unit tests 2015-02-03 23:05:55 +01:00
Daniel Stenberg
83bb07027d unit1600: unit test for Curl_ntlm_core_mk_nt_hash 2015-02-03 21:03:11 +01:00
Steve Holme
0a7182f6ad curl_sasl.c: More code policing
Better use of 80 character line limit, comment corrections and line
spacing preferences.
2015-02-02 16:50:39 +00:00
Marc Hoersken
4161624e94 TODO: moved WinSSL/SChannel todo items into docs 2015-01-31 12:30:11 +01:00
Steve Holme
8ca3b05624 curl_sasl.c: Fixed compilation warning when cryptography is disabled
curl_sasl.c:1506: warning: unused variable 'chlg'
2015-01-29 11:48:11 +00:00
Steve Holme
6fdc8651bd curl_sasl.c: Fixed compilation warning when verbose debug output disabled
curl_sasl.c:1317: warning: unused parameter 'conn'
2015-01-28 22:48:01 +00:00
Steve Holme
8cc70db2db ntlm_core: Use own odd parity function when crypto engine doesn't have one 2015-01-28 22:34:53 +00:00
Steve Holme
c469369b86 ntlm_core: Prefer sizeof(key) rather than hard coded sizes 2015-01-28 22:34:52 +00:00
Steve Holme
58e39b4da5 ntlm_core: Added consistent comments to DES functions 2015-01-28 22:34:51 +00:00
Steve Holme
300876a7a6 des: Added Curl_des_set_odd_parity()
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
2015-01-28 22:34:49 +00:00
Steve Holme
595a66ce0f sasl: Minor code policing and grammar corrections 2015-01-28 19:23:37 +00:00
Gisle Vanem
3cc9e9383b ldap: build with BoringSSL 2015-01-28 14:22:11 +01:00
Daniel Stenberg
9d964e5477 security: avoid compiler warning
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.

Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
Patrick Monnerat
7b2012f262 sasl: remove XOAUTH2 from default enabled authentication mechanism. 2015-01-27 18:08:18 +01:00
Patrick Monnerat
fe79f20957 imap: remove automatic password setting: it breaks external sasl authentication 2015-01-27 17:34:40 +01:00
Patrick Monnerat
0d24f64473 sasl: implement EXTERNAL authentication mechanism.
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
2015-01-27 17:24:55 +01:00
Steve Holme
e1bb13c09f openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
2015-01-27 12:53:41 +00:00
Steve Holme
a268a804b7 openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.

Reported-by: John E. Malmberg
2015-01-27 12:47:48 +00:00
Brad Spencer
5691325440 curl_setup: Disable SMB/CIFS support when HTTP only 2015-01-26 18:48:44 +00:00
Daniel Stenberg
23c6f0a344 OCSP stapling: disabled when build with BoringSSL 2015-01-22 23:34:43 +01:00
Alessandro Ghedini
d1cf5d5706 openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
e888e30476 BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Steve Holme
12e45b8462 curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
Commit 7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
2015-01-22 21:32:41 +00:00
Steve Holme
c260c9fad3 curl_sasl: Minor code policing following recent commits 2015-01-22 21:08:18 +00:00
Daniel Stenberg
eb748f159a BoringSSL: detected by configure, switches off NTLM 2015-01-22 16:39:01 +01:00
Daniel Stenberg
d6c4695dcd BoringSSL: no PKCS12 support nor ERR_remove_state 2015-01-22 16:39:01 +01:00
Leith Bade
261208d432 BoringSSL: fix build 2015-01-22 16:39:01 +01:00
Steve Holme
795f013006 curl_sasl.c: chlglen is not used when cryptography is disabled 2015-01-20 19:28:54 +00:00
Steve Holme
71f8fdee81 curl_sasl.c: Fixed compilation warning when cyptography is disabled
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
                  variable
2015-01-20 19:25:43 +00:00
Steve Holme
6005b0d99c curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20 19:24:47 +00:00
Patrick Monnerat
7a8b2885e2 SASL: make some procedures local-scoped 2015-01-20 18:17:55 +01:00
Patrick Monnerat
79543caf90 SASL: common state engine for imap/pop3/smtp 2015-01-20 17:33:05 +01:00
Patrick Monnerat
e1ea18f90e SASL: common URL option and auth capabilities decoders for all protocols 2015-01-20 15:27:25 +01:00
Patrick Monnerat
5f09cbcdbd IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. 2015-01-20 14:14:26 +01:00
Daniel Stenberg
960b04e137 ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
Reported-by: Chris Young
2015-01-20 09:03:55 +01:00
Chris Young
089783c838 timeval: typecast for better type (on Amiga)
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when.  It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements.  If the OS one ends up
getting defined, this causes a timing calculation error in curl.

It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
2015-01-20 08:53:14 +01:00
Daniel Stenberg
be57f689b0 openssl: do public key pinning check independently
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.

Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
2015-01-19 23:20:13 +01:00
Steve Holme
2cc571f9e3 ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
1cbc8fd3d1 http_negotiate: Use dynamic buffer for SPN generation
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
2015-01-18 15:45:12 +00:00
Steve Holme
9c4fa400cf sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public 2015-01-18 15:42:26 +00:00
Steve Holme
b9fd757d03 sasl_gssapi: Fixed memory leak with local SPN variable 2015-01-18 15:40:07 +00:00
Daniel Stenberg
3a9419f65a http_negotiate.c: unused variable 'ret' 2015-01-17 23:14:40 +01:00
Steve Holme
1d25acb038 gskit.h: Code policing of function pointer arguments 2015-01-17 17:02:01 +00:00
Steve Holme
5d5c78b47f vtls: Removed unimplemented overrides of curlssl_close_all()
Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
2015-01-17 16:41:03 +00:00
Steve Holme
8bb3443a21 vtls: Separate the SSL backend definition from the API setup
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
2015-01-17 15:38:22 +00:00
Steve Holme
30ef1a0779 vtls: Fixed compilation errors when SSL not used
Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
            assuming extern returning int

error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
               referenced in function Curl_setopt
2015-01-17 15:16:07 +00:00
Steve Holme
81b98dafa1 http_negotiate: Added empty decoded challenge message info text 2015-01-17 14:58:36 +00:00
Steve Holme
47438daa60 http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int 2015-01-17 14:57:17 +00:00
Steve Holme
36e6404228 http_negotiate_sspi: Prefer use of 'attrs' for context attributes
Use the same variable name as other areas of SSPI code.
2015-01-17 13:28:44 +00:00
Steve Holme
930be07067 http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
2015-01-17 13:28:03 +00:00
Steve Holme
30eb6bbdc9 http_negotiate_sspi: Use 'CURLcode result' for CURL result code 2015-01-17 13:15:09 +00:00
Steve Holme
a2f8887b79 curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
Missed Curl_read64_be() in commit bb12d44471 :(
2015-01-16 23:01:27 +00:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f46c6fbee0 nss: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires NSS 3.15 or higher.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f13669a375 gtls: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
3af90a6e19 url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
Steve Holme
bb12d44471 curl_endian: Fixed build when 64-bit integers are not supported
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
2015-01-16 12:31:24 +00:00
Daniel Stenberg
cc28bc472e Curl_pretransfer: reset expected transfer sizes
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
2015-01-14 23:31:57 +01:00
Marc Hoersken
e9834808e9 curl_schannel.c: mark session as removed from cache if not freed
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.

Reported-by: Jean-Francois Durand
2015-01-12 21:56:05 +01:00
Guenter Knauf
d21b66835f Merge pull request #134 from vszakats/mingw-m64
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-09 22:03:12 +01:00
Guenter Knauf
4e58589b0e Merge pull request #136 from vszakats/mingw-allow-custom-cflags
mingw build: allow to pass custom CFLAGS
2015-01-09 22:02:23 +01:00
Daniel Stenberg
e6b4b4b66d NSS: fix compiler error when built http2-enabled 2015-01-09 21:55:52 +01:00
Steve Holme
355bf01c82 gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
Better code reuse and consistency in calls to gss_import_name().
2015-01-09 20:37:47 +00:00
Viktor Szakats
b4f13a4952 mingw build: allow to pass custom CFLAGS 2015-01-09 21:03:54 +01:00
Daniel Stenberg
99e71e6a84 FTP: if EPSV fails on IPV6 connections, bail out
... instead of trying PASV, since PASV can't work with IPv6.

Reported-by: Vojtěch Král
2015-01-08 22:32:37 +01:00
Daniel Stenberg
9a452ba3a1 FTP: fix IPv6 host using link-local address
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.

Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.

Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2015-01-08 22:32:37 +01:00
Guenter Knauf
c712fe01a9 NetWare build: added TLS-SRP enabled build. 2015-01-08 21:40:35 +01:00
Steve Holme
5c0e66d632 sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
2015-01-08 19:36:58 +00:00
Viktor Szakats
acc8089bc2 add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS 2015-01-08 18:19:03 +01:00
Daniel Stenberg
4ce22c607b darwinssl: fix session ID keys to only reuse identical sessions
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.

Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
2015-01-07 22:55:56 +01:00
Daniel Stenberg
178bd7db34 url-parsing: reject CRLFs within URLs
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
2015-01-07 22:55:56 +01:00
Steve Holme
f7d5ecec9c ldap: Convert attribute output to UTF-8 when Unicode 2015-01-07 20:01:29 +00:00
Steve Holme
4e420600c1 ldap: Convert DN output to UTF-8 when Unicode 2015-01-07 20:01:27 +00:00
Daniel Stenberg
9547954978 hostip: remove 'stale' argument from Curl_fetch_addr proto
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
2015-01-07 14:06:12 +00:00
Steve Holme
4626f31d0e ldap/imap: Fixed spelling mistake in comments and variable names
Reported-by: Michael Osipov
2015-01-07 13:50:56 +00:00
Dan Fandrich
39217edb12 curl_multibyte.h: Eliminated some trailing whitespace 2015-01-05 10:08:08 +01:00
Steve Holme
ea93252ef1 ldap: Fixed Unicode usage for all Win32 builds
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
2015-01-04 22:19:30 +00:00
Steve Holme
f6b168de4c ldap: Fixed memory leak from commit efb64fdf80 2015-01-04 20:33:58 +00:00
Steve Holme
4113ad50e4 ldap: Fix memory leak from commit 3a805c5cc1 2015-01-04 20:06:04 +00:00
Steve Holme
c37dcf0edb ldap: Fixed attribute variable warnings when Unicode is enabled
Use 'TCHAR *' for local attribute variable rather than 'char *'.
2015-01-04 16:25:17 +00:00
Steve Holme
5359936d07 ldap: Fixed DN variable warnings when Unicode is enabled
Use 'TCHAR *' for local DN variable rather than 'char *'.
2015-01-04 16:21:13 +00:00
Steve Holme
ea4f98dca6 ldap: Remove the unescape_elements() function
Due to the recent modifications this function is no longer used.
2015-01-04 16:11:36 +00:00
Steve Holme
f9b50910e0 ldap.c: Fixed compilation warning
ldap.c:98: warning: extra tokens at end of #endif directive
2015-01-04 16:11:08 +00:00
Steve Holme
84143dc57d ldap: Fixed support for Unicode filter in Win32 search call 2015-01-04 15:16:22 +00:00
Steve Holme
747bad7c09 ldap.c: Fixed compilation warning
ldap.c:802: warning: comparison between signed and unsigned integer
            expressions
2015-01-04 15:16:21 +00:00
Steve Holme
3a805c5cc1 ldap: Fixed support for Unicode attributes in Win32 search call 2015-01-04 14:27:51 +00:00
Steve Holme
7241527956 ldap: Fixed memory leak from commit efb64fdf80
The unescapped DN was not freed after a successful character conversion.
2015-01-04 14:21:29 +00:00
Steve Holme
825b0c7968 ldap.c: Fixed compilation error
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
            just 1
2015-01-04 13:16:20 +00:00
Steve Holme
2948954535 ldap.c: Fixed compilation warning
ldap.c:89: warning: extra tokens at end of #endif directive
2015-01-04 13:04:06 +00:00
Steve Holme
efb64fdf80 ldap: Fixed support for Unicode DN in Win32 search call 2015-01-04 12:10:26 +00:00
Steve Holme
6416dc998b ldap: Fixed Unicode user and password in Win32 bind calls 2015-01-04 01:57:09 +00:00
Steve Holme
0f26148423 ldap: Fixed Unicode host name in Win32 initialisation calls 2015-01-04 01:56:08 +00:00
Steve Holme
f460f12c9d ldap: Use host.dispname for infof() connection failure messages
As host.name may be encoded use dispname for infof() failure messages.
2015-01-04 00:30:55 +00:00
Steve Holme
23bb054129 ldap: Prefer 'CURLcode result' for curl result codes 2015-01-03 18:46:32 +00:00
Steve Holme
d4b540f85a ldap: Pass write length in all Curl_client_write() calls
As we get the length for the DN and attribute variables, and we know
the length for the line terminator, pass the length values rather than
zero as this will save Curl_client_write() from having to perform an
additional strlen() call.
2015-01-03 18:46:31 +00:00
Steve Holme
4967109ffc ldap: Fixed attribute memory leaks on failed client write
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
2015-01-03 18:46:30 +00:00
Steve Holme
a68aa81320 ldap: Fixed DN memory leaks on failed client write
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
2015-01-03 18:46:28 +00:00
Steve Holme
0ea9381b7d curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
                      [8]') to parameter of type 'char *' converts
                      between pointers to integer types with different
                      sign
2015-01-02 21:14:36 +00:00
Steve Holme
1cb17b2a5d ntlm: Use extend_key_56_to_64() for all cryptography engines
Rather than duplicate the code in setup_des_key() for OpenSSL and in
extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
the same, use extend_key_56_to_64() for all engines.
2015-01-02 20:17:05 +00:00
Steve Holme
34f0bd110f curl_ntlm_core.c: Fixed compilation warning
curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
                      but not used
2015-01-02 16:28:03 +00:00
Steve Holme
a75ede4b9b endian: Fixed bit-shift in 64-bit integer read functions
From commit 43792592ca and 4bb5a351b2.

Reported-by: Michael Osipov
2015-01-02 15:53:42 +00:00
Steve Holme
a3daf542ad smb: Use endian functions for reading NBT and message size values 2015-01-01 20:48:05 +00:00
Steve Holme
4bb5a351b2 endian: Added big endian read functions 2015-01-01 20:45:29 +00:00
Steve Holme
43792592ca endian: Added 64-bit integer read function 2015-01-01 20:45:00 +00:00
Steve Holme
7635577ad7 smb.c: Fixed compilation warnings
smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
           char *' converts between pointers to integer types with
           different sign
smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
           char *' converts between pointers to integer types with
           different sign
smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
           char *' converts between pointers to integer types with
           different sign
2015-01-01 04:56:16 +00:00
Steve Holme
0df2ed85fd smb: Use endian functions for reading length and offset values 2014-12-31 16:52:12 +00:00
Steve Holme
5eae12fc80 endian: Added 16-bit integer write function 2014-12-31 16:03:01 +00:00
Steve Holme
b40e37f93d endian: Fixed Linux compilation issues
Having files named endian.[c|h] seemed to cause issues under Linux so
renamed them both to have the curl_ prefix in the filenames.
2014-12-31 14:02:25 +00:00
Steve Holme
e86a6151f4 endian: Added standard function descriptions 2014-12-31 12:17:01 +00:00
Steve Holme
f4413ca65a endian: Renamed functions for curl API naming convention 2014-12-31 12:17:00 +00:00
Steve Holme
7873f9bdbd endian: Moved write functions to new module 2014-12-31 12:16:58 +00:00
Steve Holme
920e684d40 endian: Moved read functions to new module 2014-12-31 12:05:36 +00:00
Steve Holme
81951d9874 endian: Introduced endian module
To allow the little endian functions, currently used in two of the NTLM
source files, to be used by other modules such as the SMB module.
2014-12-31 11:50:28 +00:00
Steve Holme
e9d0c7a6f3 vtls: Use '(void) arg' for unused parameters
Prefer void for unused parameters, rather than assigning an argument to
itself as a) unintelligent compilers won't optimize it out, b) it can't
be used for const parameters, c) it will cause compilation warnings for
clang with -Wself-assign and d) is inconsistent with other areas of the
curl source code.
2014-12-30 17:13:07 +00:00
Steve Holme
56603e2770 smb.c: Fixed compilation warning
smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
           alter its value
2014-12-30 15:42:17 +00:00
Bill Nagel
89cce1e458 smb: Use the connection's upload buffer
Use the connection's upload buffer instead of allocating our own send
buffer.
2014-12-30 13:10:30 +00:00
Steve Holme
1933f9d33c schannel: Moved the ISC return flag definitions to the SSPI module
Moved our Initialize Security Context return attribute definitions to
the SSPI module, as a) these can be used by other SSPI based providers
and b) the ISC required attributes are defined there.
2014-12-30 00:14:58 +00:00
Bill Nagel
cfa0ac7aff smb: Close the connection after a failed client write 2014-12-29 23:46:33 +00:00
Steve Holme
cfc863869f darwinssl: Fixed compilation warning
vtls.c:683:43: warning: unused parameter 'data'
2014-12-28 23:32:07 +00:00
Steve Holme
6e7904f9aa sasl_gssapi: Fixed use of dummy username with real username 2014-12-28 19:28:30 +00:00
Steve Holme
037cd0d991 vtls: Fixed compilation warning and an ignored return code
curl_schannel.h:123: warning: right-hand operand of comma expression
                     has no effect

Some instances of the curlssl_close_all() function were declared with a
void return type whilst others as int. The schannel version returned
CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
return code was ignored by the calling function Curl_ssl_close_all().

For the time being and to keep the internal API consistent, changed all
declarations to use a void return type.

To reduce code we might want to consider removing the unimplemented
versions and use a void #define like schannel does.
2014-12-28 17:33:01 +00:00
Steve Holme
325a64d8a2 openldap: Prefer use of 'CURLcode result' 2014-12-27 22:50:50 +00:00
Steve Holme
e9e48a6ff2 openldap: Use 'LDAPMessage *msg' for messages
This frees up the 'result' variable for CURLcode based result codes.
2014-12-27 22:50:47 +00:00
Steve Holme
2728caa613 nss: Don't ignore Curl_extract_certinfo() OOM failure 2014-12-27 22:18:08 +00:00
Steve Holme
0943045108 nss: Don't ignore Curl_ssl_init_certinfo() OOM failure 2014-12-27 21:25:41 +00:00
Steve Holme
b235c29366 nss: Use 'CURLcode result' for curl result codes
...and don't use CURLE_OK in failure/success comparisons.
2014-12-27 21:13:44 +00:00