1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 22:45:03 -05:00
Commit Graph

671 Commits

Author SHA1 Message Date
Jay Satiro
72d99f2e7b build: Fix mingw ssl gdi32 order
- If mingw ssl make sure -lgdi32 comes after ssl libs

- Allow PKG_CONFIG to set pkg-config location and options

Bug: https://github.com/bagder/curl/pull/501
Reported-by: Kang Lin
2015-10-23 17:17:54 -04:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Daniel Stenberg
5cf0166636 configure: add PSL to the list of features
... to make test 1014 work again after e77b5b7453.
2015-10-18 00:11:13 +02:00
Tim Rühsen
e77b5b7453 cookies: Add support for Mozilla's Publix Suffix List
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.

The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.

Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
2015-10-17 16:37:49 +02:00
Daniel Stenberg
3771da335b configure: build silently by default
'make V=1' will make the build verbose like before
2015-10-07 14:56:07 +02:00
Mike Crowe
6b56901b56 gnutls: Support CURLOPT_KEYPASSWD
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22 17:30:33 +02:00
Daniel Stenberg
eb8283bb1a configure: check for HMAC_Update in openssl
Turns out HMAC_Init is now deprecated in openssl master (and I spelled
HMAC_Init_ex wrong in previous commit)
2015-08-30 23:21:30 +02:00
Daniel Stenberg
2c12ac8de2 configure: detect latest boringssl
Since boringssl brought back DES_set_odd_parity again, it cannot be used
to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
seems better anyway.

URL: f551028d5c%5E!/
Original-patch-by: Bertrand Simonnet

Closes #393
2015-08-22 00:08:03 +02:00
Daniel Stenberg
30aa38c818 configure: change functions to detect openssl (clones)
... since boringssl moved the former ones and the check started to fail.

URL: f551028d5c%5E!/
Original-patch-by: Bertrand Simonnet
2015-08-22 00:03:56 +02:00
Daniel Stenberg
0b8e9c8522 Revert "configure: disable libidn by default"
This reverts commit e6749055d6.

... since libidn has since been fixed.
2015-08-10 14:54:41 +02:00
Daniel Stenberg
a284b0ebc4 configure: check if OpenSSL linking wants -ldl
To make it easier to link with static versions of OpenSSL, the configure
script now checks if -ldl is needed for linking.

Help-by: TJ Saunders
2015-07-25 10:52:49 +02:00
Michał Fita
cee21eb6a7 configure: add --disable-rt option
This option disables any attempts in configure to create dependency on
stuff requiring linking to librt.so and libpthread.so, in this case this
means clock_gettime(CLOCK_MONOTONIC, &mt).

We were in need to build curl which doesn't link libpthread.so to avoid
the following bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16628.
2015-07-24 00:09:29 +02:00
Daniel Stenberg
e6749055d6 configure: disable libidn by default
For security reasons, until there is a fix.

Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
Reported-by: Gustavo Grieco, Feist Josselin
2015-06-29 23:17:30 +02:00
Tatsuhiro Tsujikawa
4ac6cc3ebd Require nghttp2 v1.0.0
This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
and utilize recent version of nghttp2 to simplify the code,

First we use nghttp2_option_set_no_recv_client_magic function to
detect nghttp2 v1.0.0.  That function only exists since v1.0.0.

Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
validates received header field.  If it found error, RST_STREAM with
PROTOCOL_ERROR is issued.  Since we require v1.0.0, we can utilize
this feature to simplify libcurl code.  This commit does this.

Migration from 0.7 series are done based on nghttp2 migration
document.  For libcurl, we removed the code sending first 24 bytes
client magic.  It is now done by nghttp2 library.
on_invalid_frame_recv callback signature changed, and is updated
accordingly.
2015-05-18 09:33:48 +02:00
Daniel Stenberg
aa8f613e98 configure: follow-up fix for krb5-config
commit 5b66860652 was incomplete so here's a follow-up fix

Reported-by: Dagobert Michelsen
Bug: 5b66860652 (commitcomment-10473445)
2015-04-26 17:04:18 +02:00
Mostyn Bramley-Moore
875a6d9324 configure --with-nss: remove unneeded libs from the fallback 2015-04-20 10:25:07 +02:00
Kamil Dudka
8dc3bbf0f8 configure --with-nss: drop redundant if statement 2015-04-17 16:43:20 +02:00
Kamil Dudka
67a8bbb51a configure --with-nss=PATH: query pkg-config if available
Bug: https://github.com/bagder/curl/pull/171
2015-04-17 16:43:20 +02:00
Jay Satiro
72bea7cc65 cyassl: Include the CyaSSL build config
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
2015-04-11 23:58:42 -04:00
Dagobert Michelsen
5b66860652 configure: Use KRB5CONFIG for krb5-config
Allows the user to easier override its path.

Bug: http://curl.haxx.se/bug/view.cgi?id=1486
2015-03-30 14:19:23 +02:00
Paul Howarth
559e2cc921 build: link curl to openssl libraries when openssl support is enabled
This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.

This is similar to commit c6e7cbb94e,
which fixes the same sort of problem for NSS builds.
2015-03-26 13:23:37 +01:00
Dan Fandrich
7868dc7103 cyassl: detect the library as renamed wolfssl
This change was made in CyaSSL/WolfSSL ver. 3.4.0
2015-03-19 23:51:40 +01:00
Daniel Stenberg
64736dd1be configure: follow-up fix from 709cf76f6
OpenSSL handling was a little broken.
2015-03-05 15:43:38 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
37824498a3 configure: remove detection of the old yassl emulation API
... as that is ancient history and not used.
2015-01-22 23:53:52 +01:00
Daniel Stenberg
e888e30476 BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Daniel Stenberg
3d5648f9ee configure: fix BoringSSL detection and detect libresssl 2015-01-22 22:52:53 +01:00
Daniel Stenberg
eb748f159a BoringSSL: detected by configure, switches off NTLM 2015-01-22 16:39:01 +01:00
Steve Holme
2cc571f9e3 ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
151ae59436 code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
2014-12-27 11:31:55 +00:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Steve Holme
1ac4db23f7 configure: Use camel case for UNIX sockets feature output
To match the curl --version output.
2014-12-26 12:13:44 +00:00
Bill Nagel
526603ff05 smb: Build with SSPI enabled
Build SMB/CIFS protocol support when SSPI is enabled.
2014-12-07 18:36:23 +00:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Steve Holme
2ad1df7327 configure: Fixed inclusion of SMB when no crypto engines available 2014-12-02 18:36:40 +00:00
Bill Nagel
3529903afb smb: Added configuration options for SMB
Added --enable-smb and --disable-smb configuration options for the
upcoming SMB/CIFS protocol support.
2014-11-29 18:10:38 +00:00
Michael Osipov
a4b7f716d3 tool: Use Kerberos for supported features 2014-11-15 14:43:35 +00:00
Steve Holme
676d62fa0e configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
Commit fe0f8967bf fixed a problem with krb5 not being defined as a
supported feature when HAVE_GSSAPI is defined, however, it should
only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
SPNEGO is listed as a feature.
2014-11-11 00:14:33 +00:00
Daniel Stenberg
fe0f8967bf configure: assume krb5 when gss-api works
To please test 1014 while we work out if this is truly the a correct
assumption.
2014-11-10 09:05:56 +01:00
Daniel Stenberg
9dbbba9976 libssh2: detect features based on version, not configure checks
... so that non-configure builds get the correct functions too based on
the libssh2 version used.
2014-11-09 15:43:27 +01:00
Steve Holme
f0d860d35f configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined 2014-11-09 13:11:00 +00:00
Steve Holme
eda919f4dc configure: Added krb5 to the supported features 2014-11-07 10:56:57 +00:00
Daniel Stenberg
e62e77426f configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
... since the conditional in the code are now based on OpenSSL versions
instead to better support non-configure builds.
2014-10-29 22:38:39 +01:00
Tatsuhiro Tsujikawa
da933ee29d Compile with latest nghttp2 2014-08-26 23:02:50 +02:00
Michael Osipov
ee40b6882d configure.ac: Add support for recent GSS-API implementations for HP-UX
By default, configure script assumes that libcurl will use the
HP-supplied GSS-API implementation which does not have krb5-config.
If a dev needs a more recent version which has that config script,
the change will allow to pass an appropriate GSSAPI_ROOT.
2014-08-25 15:09:26 +02:00
Michael Osipov
46750c39bd configure/features: Add feature and version info for GSS-API and SPNEGO 2014-07-23 00:01:39 +02:00
Alessandro Ghedini
c6e7cbb94e build: link curl to NSS libraries when NSS support is enabled
This fixes a build failure on Debian caused by commit
24c3cdce88.

Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
2014-07-18 14:20:42 +02:00
David Woodhouse
9ad282b1ae Remove all traces of FBOpenSSL SPNEGO support
This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which
allows client and server to negotiate the underlying mechanism which will
actually be used to authenticate. This is *often* Kerberos, and can also
be NTLM and other things. And to complicate matters, there are various
different OIDs which can be used to specify the Kerberos mechanism too.

A SPNEGO exchange will identify *which* GSSAPI mechanism is being used,
and will exchange GSSAPI tokens which are appropriate for that mechanism.

But this SPNEGO implementation just strips the incoming SPNEGO packet
and extracts the token, if any. And completely discards the information
about *which* mechanism is being used. Then we *assume* it was Kerberos,
and feed the token into gss_init_sec_context() with the default
mechanism (GSS_S_NO_OID for the mech_type argument).

Furthermore... broken as this code is, it was never even *used* for input
tokens anyway, because higher layers of curl would just bail out if the
server actually said anything *back* to us in the negotiation. We assume
that we send a single token to the server, and it accepts it. If the server
wants to continue the exchange (as is required for NTLM and for SPNEGO
to do anything useful), then curl was broken anyway.

So the only bit which actually did anything was the bit in
Curl_output_negotiate(), which always generates an *initial* SPNEGO
token saying "Hey, I support only the Kerberos mechanism and this is its
token".

You could have done that by manually just prefixing the Kerberos token
with the appropriate bytes, if you weren't going to do any proper SPNEGO
handling. There's no need for the FBOpenSSL library at all.

The sane way to do SPNEGO is just to *ask* the GSSAPI library to do
SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context()
is for. And then it should all Just Work™.

That 'sane way' will be added in a subsequent patch, as will bug fixes
for our failure to handle any exchange other than a single outbound
token to the server which results in immediate success.
2014-07-16 17:26:08 +02:00
Michał Górny
08b27e0892 configure: respect host tool prefix for krb5-config
Use ${host_alias}-krb5-config if available. This improves cross-
compilation support and fixes multilib on Gentoo (at least).
2014-07-14 20:49:28 +02:00
Dan Fandrich
763c51780c netrc: fixed thread safety problem by using getpwuid_r if available
The old way using getpwuid could cause problems in programs that enable
reading from netrc files simultaneously in multiple threads.

Reported-by: David Woodhouse
2014-07-13 00:27:22 +02:00