1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

8156 Commits

Author SHA1 Message Date
Daniel Stenberg
ac2827ac09 openssl: do the OCSP work-around for libressl too
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
2015-03-24 23:39:52 +01:00
Daniel Stenberg
bd9ac3cff2 openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini
2015-03-24 23:06:37 +01:00
Daniel Stenberg
7e6ca87a72 openssl: adapt to ASN1/X509 things gone opaque in 1.1 2015-03-24 22:59:33 +01:00
Dan Fandrich
56ae66d518 vtls: fix compile with --disable-crypto-auth but with SSL
This is a strange combination of options, but is allowed.
2015-03-24 21:41:22 +01:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Yamada Yasuharu
ecc4940df2 curl_easy_recv/send: make them work with the multi interface
By making sure Curl_getconnectinfo() uses the correct connection cache
to find the last connection.
2015-03-23 22:46:58 +01:00
Daniel Stenberg
4b02b84897 http2: move the init too for when its actually needed
... it would otherwise lead to memory leakage if we never actually do
the switch.
2015-03-23 10:26:04 +01:00
Dan Fandrich
145c4692ff dict: rename byte to avoid compiler shadowed declaration warning
This conflicted with a WolfSSL typedef.
2015-03-23 10:16:10 +01:00
Dan Fandrich
430006c5e2 cyassl: include version.h to ensure the version macros are defined 2015-03-23 10:10:03 +01:00
Nick Zitzmann
7f5a170442 darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21 12:22:56 -05:00
Daniel Stenberg
ed429b72d7 gtls: add check of return code
Coverity CID 1291167 pointed out that 'rc' was received but never used when
gnutls_credentials_set() was used. Added return code check now.
2015-03-21 16:53:43 +01:00
Daniel Stenberg
fea13a17d8 gtls: dereferencing NULL pointer
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
NULL if gnutls_certificate_get_peers() had previously failed.
2015-03-21 16:53:23 +01:00
Daniel Stenberg
5f6f9e8b59 gtls: avoid uninitialized variable.
Coverity CID 1291166 pointed out that we could read this variable
uninitialized.
2015-03-21 16:53:09 +01:00
Daniel Stenberg
9cd4d6518f x509asn1: add /* fallthrough */ in switch() case 2015-03-21 16:29:58 +01:00
Daniel Stenberg
e6917d3b77 x509asn1: minor edit to unconfuse Coverity
CID 1202732 warns on the previous use, although I cannot fine any
problems with it. I'm doing this change only to make the code use a more
familiar approach to accomplish the same thing.
2015-03-21 16:21:01 +01:00
Daniel Stenberg
b734518371 nss: error: unused variable 'connssl' 2015-03-21 15:47:03 +01:00
Dan Fandrich
6779c50e26 cyassl: use new library version macro when available 2015-03-20 23:49:53 +01:00
Alessandro Ghedini
185914fd31 nss: add support for TLS False Start 2015-03-20 20:14:35 +01:00
Alessandro Ghedini
4dcd25e138 url: add CURLOPT_SSL_FALSESTART option
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
2015-03-20 20:14:33 +01:00
Alessandro Ghedini
a332922a52 gtls: implement CURLOPT_CERTINFO 2015-03-20 19:03:53 +01:00
Alessandro Ghedini
8854f8d45a openssl: try to avoid accessing OCSP structs when possible 2015-03-20 15:36:05 +01:00
Daniel Stenberg
abfab1786e HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
We prematurely changed protocol handler to HTTP/2 which made things very
slow (and wrong).

Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-19 13:44:18 +01:00
Dan Fandrich
9e66d3f4d3 axtls: version 1.5.2 now requires that config.h be manually included 2015-03-19 10:11:17 +01:00
Kamil Dudka
e3fbdc7c8a nss: explicitly tell NSS to disable NPN/ALPN
... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
2015-03-18 19:43:14 +01:00
Dan Fandrich
252e9acd50 checksrc: Fix whitelist on out-of-tree builds 2015-03-17 23:26:48 +01:00
Stefan Bühler
4d6e079dd2 Curl_sh_entry: remove unused 'timestamp' 2015-03-17 16:29:36 +01:00
Daniel Stenberg
ef1c3b4648 HTTP: don't use Expect: headers when on HTTP/2
Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-17 15:09:34 +01:00
Daniel Stenberg
2dc1a5ce93 checksrc: detect and remove space before trailing semicolons 2015-03-17 14:06:48 +01:00
Daniel Stenberg
0037eb5805 checksrc: introduce a whitelisting concept 2015-03-17 13:57:37 +01:00
Daniel Stenberg
9395999543 checksrc: use space after comma 2015-03-17 13:57:37 +01:00
Daniel Stenberg
a6b8fe2a5f checksrc: use space before paren in "return (expr);" 2015-03-17 13:05:01 +01:00
Daniel Stenberg
0f4a03cbb6 free: instead of Curl_safefree()
Since we just started make use of free(NULL) in order to simplify code,
this change takes it a step further and:

- converts lots of Curl_safefree() calls to good old free()
- makes Curl_safefree() not check the pointer before free()

The (new) rule of thumb is: if you really want a function call that
frees a pointer and then assigns it to NULL, then use Curl_safefree().
But we will prefer just using free() from now on.
2015-03-16 15:01:15 +01:00
Markus Elfring
9e661601fe Bug #149: Deletion of unnecessary checks before a few calls of cURL functions
The following functions return immediately if a null pointer was passed.
* Curl_cookie_cleanup
* curl_formfree

It is therefore not needed that a function caller repeats a corresponding check.

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Jay Satiro
059b3a5770 connect: Fix happy eyeballs logic for IPv4-only builds
Bug: https://github.com/bagder/curl/pull/168

(trynextip)
- Don't try the "other" protocol family unless IPv6 is available. In an
IPv4-only build the other family can only be IPv6 which is unavailable.

This change essentially stops IPv4-only builds from attempting the
"happy eyeballs" secondary parallel connection that is supposed to be
used by the "other" address family.

Prior to this change in IPv4-only builds that secondary parallel
connection attempt could be erroneously used by the same family (IPv4)
which caused a bug where every address after the first for a host could
be tried twice, often in parallel. This change fixes that bug. An
example of the bug is shown below.

Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4:

* STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000)
* Rebuilt URL to: http://MTEST/
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083
(connection #0)
*   Trying 127.0.0.2...
* STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163
(connection #0)
*   Trying 127.0.0.3...
* connect to 127.0.0.2 port 80 failed: Connection refused
*   Trying 127.0.0.3...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.4 port 80 failed: Connection refused
* connect to 127.0.0.4 port 80 failed: Connection refused
* Failed to connect to MTEST port 80: Connection refused
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (7) Failed to connect to MTEST port 80: Connection refused

The bug was born in commit bagder/curl@2d435c7.
2015-03-16 12:07:59 +01:00
Frank Meier
9063a7f853 closesocket: call multi socket cb on close even with custom close
In function Curl_closesocket() in connect.c the call to
Curl_multi_closed() was wrongly omitted if a socket close function
(CURLOPT_CLOSESOCKETFUNCTION) is registered.

That would lead to not removing the socket from the internal hash table
and not calling the multi socket callback appropriately.

Bug: http://curl.haxx.se/bug/view.cgi?id=1493
2015-03-15 13:26:03 +01:00
Tobias Stoeckmann
851c29269b hostip: Fix signal race in Curl_resolv_timeout.
A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is
configured to interrupt system calls and uses siglongjmp to return into
the function if alarm() goes off.

The signal handler is installed before curl_jmpenv is initialized.
This means that an already installed alarm timer could trigger the
newly installed signal handler, leading to undefined behavior when it
accesses the uninitialized curl_jmpenv.

Even if there is no previously installed alarm available, the code in
Curl_resolv_timeout itself installs an alarm before the environment is
fully set up. If the process is sent into suspend right after that, the
signal handler could be called too early as in previous scenario.

To fix this, the signal handler should only be installed and the alarm
timer only be set after sigsetjmp has been called.
2015-03-14 18:24:11 +01:00
Daniel Stenberg
0cf649d9cc http2: detect prematures close without data transfered
... by using the regular Curl_http_done() method which checks for
that. This makes test 1801 fail consistently with error 56 (which seems
fine) to that test is also updated here.

Reported-by: Ben Darnell
Bug: https://github.com/bagder/curl/issues/166
2015-03-14 18:19:51 +01:00
Daniel Stenberg
186e46d88d openssl: use colons properly in the ciphers list
While the previous string worked, this is the documented format.

Reported-by: Richard Moore
2015-03-12 23:29:46 +01:00
Daniel Stenberg
0d1060f21e openssl: sort the ciphers on strength
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12 23:16:28 +01:00
Daniel Stenberg
1d3f1a80d0 openssl: show the cipher selection to use 2015-03-12 15:53:45 +01:00
Daniel Stenberg
a5d994941c http: always send Host: header as first header
...after the method line:

 "Since the Host field-value is critical information for handling a
 request, a user agent SHOULD generate Host as the first header field
 following the request-line." / RFC 7230 section 5.4

Additionally, this will also make libcurl ignore multiple specified
custom Host: headers and only use the first one. Test 1121 has been
updated accordingly

Bug: http://curl.haxx.se/bug/view.cgi?id=1491
Reported-by: Rainer Canavan
2015-03-12 12:15:24 +01:00
Alexander Pepper
143acd6222 mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q".
Also unified printing to STDERR by creating the helper method "report".
2015-03-11 14:47:41 +01:00
Daniel Stenberg
852d35b6ea proxy: re-use proxy connections (regression)
When checking for a connection to re-use, a proxy-using request must
check for and use a proxy connection and not one based on the host
name!

Added test 1421 to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1492
2015-03-11 11:54:22 +01:00
Alessandro Ghedini
fa895f2aa2 gtls: correctly align certificate status verification messages 2015-03-10 15:48:34 +01:00
Alessandro Ghedini
a6a264ef2c gtls: don't print double newline after certificate dates 2015-03-10 15:20:03 +01:00
Alessandro Ghedini
3a757fddbb gtls: print negotiated TLS version and full cipher suite name
Instead of priting cipher and MAC algorithms names separately, print the
whole cipher suite string which also includes the key exchange algorithm,
along with the negotiated TLS version.
2015-03-10 15:18:14 +01:00
Daniel Stenberg
d9973eaeb8 gtls: fix compiler warnings 2015-03-10 15:16:59 +01:00
Alessandro Ghedini
5a1614cecd gtls: add support for CURLOPT_CAPATH 2015-03-10 15:03:54 +01:00
Daniel Stenberg
c19349951d multi: fix *getsock() with CONNECT
The code used some happy eyeballs logic even _after_ CONNECT has been
sent to a proxy, while the happy eyeball phase is already (should be)
over by then.

This is solved by splitting the multi state into two separate states
introducing the new SENDPROTOCONNECT state.

Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html
Reported-by: Peter Laser
2015-03-07 19:19:22 +01:00