1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
Commit Graph

11119 Commits

Author SHA1 Message Date
Bjorn Stenberg
2522903b79
mqtt: add new experimental protocol
Closes #5173
2020-04-14 13:03:40 +02:00
Nathaniel R. Lewis
7fa1578471
cmake: add aliases so exported target names are available in tree
Reviewed-by: Brad King
Closes #5206
2020-04-13 23:27:35 +02:00
Daniel Stenberg
f62bd9db90
version: increase buffer space for ssl version output
To avoid it getting truncated, especially when several SSL backends are
built-in.

Reported-by: Gisle Vanem
Fixes #5222
Closes #5226
2020-04-13 22:26:53 +02:00
Andrew Kurushin
c35af29222 schannel: Fix blocking timeout logic
- Fix schannel_send for the case when no timeout was set.

Prior to this change schannel would error if the socket was not ready
to send data and no timeout was set.

This commit is similar to parent commit 89dc6e0 which recently made the
same change for SOCKS, for the same reason. Basically it was not well
understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms
but actually means no timeout.

Fixes https://github.com/curl/curl/issues/5177
Closes https://github.com/curl/curl/pull/5221
2020-04-12 18:32:17 -04:00
Jay Satiro
0510cce8c0 socks: Fix blocking timeout logic
- Document in Curl_timeleft's comment block that returning 0 signals no
  timeout (ie there's infinite time left).

- Fix SOCKS' Curl_blockread_all for the case when no timeout was set.

Prior to this change if the timeout had a value of 0 and that was passed
to SOCKET_READABLE it would return right away instead of blocking. That
was likely because it was not well understood that when Curl_timeleft
returns 0 it is not a timeout of 0 ms but actually means no timeout.

Ref: https://github.com/curl/curl/pull/5214#issuecomment-612512360

Closes https://github.com/curl/curl/pull/5220
2020-04-12 18:32:16 -04:00
Marc Hoersken
be28bc2241 gopher: check remaining time left during write busy loop
Prior to this change gopher's blocking code would block forever,
ignoring any set timeout value.

Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Similar to #5220 and #5221
Closes #5214
2020-04-12 18:32:14 -04:00
Dirkjan Bussink
d590908318
gnutls: ensure TLS 1.3 when SRP isn't requested
When SRP is requested in the priority string, GnuTLS will disable
support for TLS 1.3. Before this change, curl would always add +SRP to
the priority list, effectively always disabling TLS 1.3 support.

With this change, +SRP is only added to the priority list when SRP
authentication is also requested. This also allows updating the error
handling here to not have to retry without SRP. This is because SRP is
only added when requested and in that case a retry is not needed.

Closes #5223
2020-04-13 00:06:02 +02:00
Daniel Stenberg
5afa07fab5
Revert "file: on Windows, refuse paths that start with \\"
This reverts commit 1b71bc532b.

Reminded-by: Chris Roberts
Bug: https://curl.haxx.se/mail/archive-2020-04/0013.html

Closes #5215
2020-04-11 18:20:38 +02:00
Jay Satiro
53f4070827 lib: fix conversion warnings for SOCKET_WRITABLE/READABLE
- If loss of data may occur converting a timediff_t to time_t and
  the time value is > TIME_T_MAX then treat it as TIME_T_MAX.

This is a follow-up to 8843678 which removed the (time_t) typecast
from the macros so that conversion warnings could be identified.

Closes https://github.com/curl/curl/pull/5199
2020-04-11 02:52:25 -04:00
Daniel Stenberg
d4afa0fc20
url: allow non-HTTPS altsvc-matching for debug builds
This is already partly supported but this part was missing.
Reported-by: James Fuller

Closes #5205
2020-04-09 17:46:24 +02:00
Gilles Vollant
0fdf965126
schannel: support .P12 or .PFX client certificates
Used with curl command line option like this: --cert
<filename>:<password> --cert-type p12

Closes #5193
2020-04-08 14:13:12 +02:00
Daniel Stenberg
0ef54abf52
http: don't consider upload done if the request isn't completely sent off
Fixes #4919
Closes #5197
2020-04-08 08:14:23 +02:00
Daniel Stenberg
3e376059bb
http: allow Curl_add_buffer_send() to do a short first send by force
In a debug build, settting the environment variable "CURL_SMALLREQSEND"
will make the first HTTP request send not send more bytes than the set
amount, thus ending up verifying that the logic for handling a split
HTTP request send works correctly.
2020-04-08 08:12:59 +02:00
Daniel Stenberg
0bcf975c38
connect: store connection info for QUIC connections
Restores the --head functionality to the curl utility which extracts
'protocol' that is stored that way.

Reported-by: James Fuller
Fixes #5196
Closes #5198
2020-04-08 08:10:08 +02:00
Daniel Stenberg
88436786c8
select: remove typecast from SOCKET_WRITABLE/READABLE macros
So that they don't hide conversions-by-mistake

Reviewed-by: Jay Satiro
Closes #5190
2020-04-07 00:09:34 +02:00
Daniel Stenberg
fef4334091
cleanup: correct copyright year range on a few files 2020-04-06 23:21:52 +02:00
Daniel Stenberg
ae57e27b3e
warnless: remove code block for icc that didn't work
Reported-by: Alain Miniussi
Fixes #5096
2020-04-06 23:18:56 +02:00
Marc Hoersken
298a8235fd
dist: add missing setup-win32.h
Follow up to d820224b8b
2020-04-06 18:05:13 +02:00
Daniel Stenberg
66828f4fd3
lib: never define CURL_CA_BUNDLE with a getenv
- it breaks the build (since 6de756c9b1)
- it's not documented and not consistent across platforms
- the curl tool does that getenv magic

Bug: https://github.com/curl/curl/commit/6de756c#r38127030
Reported-by: Gisle Vanem

Closes #5187
2020-04-05 23:59:20 +02:00
Kwon-Young Choi
54ecc11cc4
CURLINFO_CONDITION_UNMET: return true for 304 http status code
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
output file if the server did not transfered a file based on time
condition. In the same manner, getting a 304 HTTP response back from the
server, for example after passing a custom If-Match-* header, also
fulfill this condition.

Fixes #5181
Closes #5183
2020-04-05 11:13:49 +02:00
Viktor Szakats
23a870f2fd
windows: enable UnixSockets with all build toolchains
Extend existing unix socket support in Windows builds to be
enabled for all toolchain vendors or versions. (Previously
it was only supported with certain MSVC versions + more recent
Windows 10 SDKs)

Ref: https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
Ref: https://github.com/curl/curl/issues/5162
Closes: https://github.com/curl/curl/pull/5170
2020-04-04 17:53:15 +00:00
Daniel Stenberg
75fac50889
vquic/ngtcp2.h: update copyright year range
Follow-up to 0736ee73d3
2020-03-31 14:42:20 +02:00
Daiki Ueno
0736ee73d3
vquic: add support for GnuTLS backend of ngtcp2
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile
time. Therefore OpenSSL support needs to be explicitly disabled.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
Closes #5148
2020-03-31 14:39:00 +02:00
Daniel Stenberg
d1369fe216
misc: copyright year updates
Follow-up to 7a71965e9
2020-03-31 11:02:18 +02:00
Harry Sintonen
7a71965e97
build: fixed build for systems with select() in unistd.h
Closes #5169
2020-03-31 10:59:06 +02:00
Daniel Stenberg
14dd0c0200
memdebug: don't log free(NULL)
... it serves no purpose and fills up the log.
2020-03-31 09:44:23 +02:00
Daniel Stenberg
0e607542dc
cleanup: insert newline after if() conditions
Our code style mandates we put the conditional block on a separate
line. These mistakes are now detected by the updated checksrc.
2020-03-30 16:05:30 +02:00
Daniel Stenberg
529add48bc
checksrc: warn on obvious conditional blocks on the same line as if()
Closes #5164
2020-03-30 16:05:05 +02:00
Daiki Ueno
8efd26afbf
ngtcp2: update to git master for the key installation API change
This updates the ngtcp2 OpenSSL backend to follow the API change in
commit 32e703164 of ngtcp2.

Notable changes are:
- ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace
  ngtcp2_crypto_derive_and_install_key
- the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key
  has been removed

Fixes #5166
Closes #5168
2020-03-30 16:00:48 +02:00
Daniel Stenberg
93fafb93db
curl.h: remnove CURL_VERSION_ESNI. Never supported nor documented
Considered experimental and therefore we can do this.

Closes #5157
2020-03-29 23:28:49 +02:00
Daniel Stenberg
6de756c9b1
version: add 'cainfo' and 'capath' to version info struct
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro

Closes #5150
2020-03-27 09:04:27 +01:00
Daniel Stenberg
02174e41f5
openssl: adapt to functions marked as deprecated since version 3
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
functions we use.

Fix the MD4 and SSL_CTX_load_verify_locations warnings.

In configure, detect OpenSSL v3 and if so, inhibit the deprecation
warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
until we rewrite the code to use non-deprecated functions we better
ignore these warnings as they don't help us.

Closes #5139
2020-03-26 00:40:32 +01:00
Daniel Stenberg
2edeb10457
config: remove all defines of HAVE_DES_H
As there's no code using it.

Closes #5144
2020-03-24 17:54:26 +01:00
Daniel Stenberg
9a8b3b3e13
copyright: fix out-of-date copyright ranges and missing headers
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.

Removed three (mostly usesless) README files from docs/

Closes #5141
2020-03-24 15:05:59 +01:00
Daniel Stenberg
c448c4840e
getinfo: provide CURLINFO_HEADER_SIZE and CURLINFO_REQUEST_SIZE override
To let debug-builds return fake values, like in test 970.

Ref: #5131
Closes #5136
2020-03-22 23:32:57 +01:00
Daniel Stenberg
4852661426
CURLINFO_NUM_CONNECTS: improve accuracy
The counter was not bumped in all cases correctly.

Reported-by: Marcel Raad
Ref: #5131
Closes #5135
2020-03-22 23:31:36 +01:00
Daniel Stenberg
21b3893a11
lib/curl_setup: adjust the copyright year range
Follow-up from d820224b8
2020-03-21 23:19:39 +01:00
Jay Satiro
d820224b8b curl_setup: define _WIN32_WINNT_[OS] symbols
.. because not all Windows build systems have those symbols, and even
those that do may be missing newer symbols (eg the Windows 7 SDK does
not define _WIN32_WINNT_WIN10).

Those symbols are used in build-time logic to decide which API to use
and prior to this change if the symbols were missing it would have
resulted in deprecated API being used when more recent functions were
available (eg GetVersionEx used instead of VerifyVersionInfo).

Reported-by: FuccDucc@users.noreply.github.com

Probably fixes https://github.com/curl/curl/issues/4995
Closes https://github.com/curl/curl/pull/5057
2020-03-21 17:42:44 -04:00
Daniel Stenberg
cb2f57c0cd
secure transport: remove the BACKEND define kludge
Closes #5122
2020-03-19 13:22:46 +01:00
Daniel Stenberg
2efc3a424a
mbedtls: remove the BACKEND define kludge 2020-03-19 13:22:35 +01:00
Daniel Stenberg
52182e4b8f
bearssl: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
5076b8668f
wolfssl: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
259d62c7c0
nss: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
89865c149d
gnutls: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
aec0b49df3
openssl: remove the BACKEND define kludge
Use a proper variable instead to make it easier to use a debugger and
read the code.
2020-03-19 13:22:34 +01:00
Jay Satiro
347a374c56 http2: Fix erroneous debug message that h2 connection closed
Prior to this change in libcurl debug builds http2 stream closure was
erroneously referred to as connection closure.

Before:
* nread <= 0, server closed connection, bailing

After:
* nread == 0, stream closed, bailing

Closes https://github.com/curl/curl/pull/5118
2020-03-18 03:39:27 -04:00
Johannes Schindelin
5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Jay Satiro
a268ad5d7e multi: Improve parameter check for curl_multi_remove_handle
- If an easy handle is owned by a multi different from the one specified
  then return CURLM_BAD_EASY_HANDLE.

Prior to this change I assume user error could cause corruption.

Closes https://github.com/curl/curl/pull/5116
2020-03-18 02:58:42 -04:00
Viktor Szakats
7284061361 windows: suppress UI in all CryptAcquireContext() calls
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
Reviewed-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/5088
2020-03-17 23:08:02 +00:00
Daniel Stenberg
7631f2b752
test 970: verify --write-out '%{json}'
Makes curl_easy_getinfo() of "variable" numerical content instead return
the number set in the env variable `CURL_TIME`.

Makes curl_version() of "variable" textual content. This guarantees a
stable version string which can be tested against. Environment variable
`CURL_VERSION` defines the content.

Assisted-by: Mathias Gumz
2020-03-17 15:04:24 +01:00
Mathias Gumz
04c03416e6
writeout: support to generate JSON output
This commit adds support to generate JSON via the writeout feature:

    -w "%{json}"

It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:

    -w "%{stderr}%{json}"

This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.

Closes #4870
2020-03-17 15:01:28 +01:00
Daniel Stenberg
37a0541882
cmake: add support for building with wolfSSL
My working build cmdline:

$ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON .

Assisted-by: Brad King
Closes #5095
2020-03-16 22:56:50 +01:00
Daniel Stenberg
2eba5e4c7b
vtls: free ssl_config leftovers on out-of-memory
Torture testing 2034 and 2037 found this.

Reported-by: Marc Hörsken
Fixes #5108
Closes #5109
2020-03-16 08:10:30 +01:00
Daniel Stenberg
92c152c2ef
gskit: update the copyright year range
Follow-up from 083603c63a
2020-03-15 23:43:50 +01:00
Marc Hoersken
083603c63a
gskit: use our internal select wrapper for portability
Follow up to c52b342
Closes #5106
2020-03-15 23:39:40 +01:00
Daniel Stenberg
f38c7290b1
transfer: cap retries of "dead connections" to 5
When libcurl retries a connection due to it being "seemingly dead" or by
REFUSED_STREAM, it will now only do it up five times before giving up,
to avoid never-ending loops.

Reported-by: Dima Tisnek
Bug: https://curl.haxx.se/mail/lib-2020-03/0044.html
Closes #5074
2020-03-15 11:43:47 +01:00
Marc Hoersken
696cfc0f6c
select: add 'timeout_ms' wrap-around precaution to Curl_select 2020-03-15 11:08:27 +01:00
Marc Hoersken
041e778f1e
select: fix 'pending_ms' is assigned a value that is never used
Detected by Codacy
2020-03-15 11:08:27 +01:00
Marc Hoersken
c52b342051
select: move duplicate select preparation code into Curl_select
Reviewed by Daniel Stenberg
Reviewed by Marcel Raad
Closes #5078
2020-03-15 11:08:27 +01:00
Daniel Stenberg
dbd16c3e25
connect: happy eyeballs cleanup
Make sure each separate index in connn->tempaddr[] is used for a fixed
family (and only that family) during the connection process.

If family one takes a long time and family two fails immediately, the
previous logic could misbehave and retry the same family two address
repeatedly.

Reported-by: Paul Vixie
Reported-by: Jay Satiro
Fixes #5083
Fixes #4954
Closes #5089
2020-03-15 11:03:11 +01:00
Jay Satiro
67f3f6cff1 Makefile.m32: Improve windres parameter compatibility
- s/COFF/coff/

Some versions of windres do not recognize uppercase COFF as a valid
way to specify the COFF output format.

Reported-by: Steven Penny

Fixes https://github.com/curl/curl/issues/5099
Closes https://github.com/curl/curl/pull/5101
2020-03-14 19:08:17 -04:00
Jay Satiro
3bfda07004 easy: Fix curl_easy_duphandle for builds missing IPv6 that use c-ares
- Ignore CURLE_NOT_BUILT_IN errors returned by c-ares functions in
  curl_easy_duphandle.

Prior to this change if c-ares was used as the resolver backend and
either it was too old or libcurl was built without IPv6 support then
some of our resolver functions could return CURLE_NOT_BUILT_IN to
curl_easy_duphandle causing it to fail.

Caused by c8f086b which shipped in 7.69.1.

Reported-by: Karl Chen

Fixes https://github.com/curl/curl/issues/5097
Closes https://github.com/curl/curl/pull/5100
2020-03-14 19:07:05 -04:00
Jim Fuller
e96fe70cab
sftp: fix segfault regression introduced by #4747
This fix adds a defensive check for the case where the char *name in
struct libssh2_knownhost is NULL

Fixes #5041
Closes #5062
2020-03-09 15:01:40 +01:00
Daniel Stenberg
f0e8160545
socks4: fix host resolve regression
1. The socks4 state machine was broken in the host resolving phase

2. The code now insists on IPv4-only when using SOCKS4 as the protocol
only supports that.

Regression from #4907 and 4a4b63d, shipped in 7.69.0

Reported-by: amishmm on github
Bug: https://github.com/curl/curl/issues/5053#issuecomment-596191594
Closes #5061
2020-03-08 22:51:47 +01:00
Patrick Monnerat
06a1b82140
cookie: get_top_domain() sets zero length for null domains
This silents a compilation warning with gcc -O3.
2020-03-08 17:30:55 +01:00
Steve Holme
1369b8ad31
sha256: Added WinCrypt implementation
Closed #5030
2020-03-08 11:45:28 +00:00
Steve Holme
92d63a10aa
sha256: Added SecureTransport implementation 2020-03-08 11:45:24 +00:00
Patrick Monnerat
e5b366c0b5
mime: fix the binary encoder to handle large data properly
New test 666 checks this is effective.
As upload buffer size is significant in this kind of tests, shorten it
in similar test 652.

Fixes #4860
Closes #4833
Reported-by: RuurdBeerstra on github
2020-03-07 23:26:15 +01:00
Patrick Monnerat
1e4cb333ef
mime: do not perform more than one read in a row
Input buffer filling may delay the data sending if data reads are slow.
To overcome this problem, file and callback data reads do not accumulate
in buffer anymore. All other data (memory data and mime framing) are
considered as fast and still concatenated in buffer.
As this may highly impact performance in terms of data overhead, an early
end of part data check is added to spare a read call.
When encoding a part's data, an encoder may require more bytes than made
available by a single read. In this case, the above rule does not apply
and reads are performed until the encoder is able to deliver some data.

Tests 643, 644, 645, 650 and 654 have been adapted to the output data
changes, with test data size reduced to avoid the boredom of long lists of
1-byte chunks in verification data.
New test 667 checks mimepost using single-byte read callback with encoder.
New test 668 checks the end of part data early detection.

Fixes #4826
Reported-by: MrdUkk on github
2020-03-07 23:26:00 +01:00
Patrick Monnerat
96972ec1c0
mime: latch last read callback status.
In case a read callback returns a status (pause, abort, eof,
error) instead of a byte count, drain the bytes read so far but
remember this status for further processing.
Takes care of not losing data when pausing, and properly resume a
paused mime structure when requested.
New tests 670-673 check unpausing cases, with easy or multi
interface and mime or form api.

Fixes #4813
Reported-by: MrdUkk on github
2020-03-07 23:26:00 +01:00
Ernst Sjöstrand
c8f086bcc3
ares: store dns parameters for duphandle
With c-ares the dns parameters lives in ares_channel. Store them in the
curl handle and set them again in easy_duphandle.

Regression introduced in #3228 (6765e6d), shipped in curl 7.63.0.

Fixes #4893
Closes #5020
Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>
2020-03-07 13:50:23 +01:00
Daniel Stenberg
e364546fb3
version: make curl_version* thread-safe without using global context
Closes #5010
2020-03-07 12:10:11 +01:00
Marc Hoersken
99c688ba21
perl: align order and completeness of Windows OS checks 2020-03-07 11:02:43 +01:00
Marc Hoersken
2f4c36357b
config-win32: Windows does not have ftruncate 2020-03-07 10:58:42 +01:00
Daniel Stenberg
e040146f22
pause: force a connection (re-)check after unpausing
There might be data available that was already read off the socket, for
example in the TLS layer.

Reported-by: Anders Berg
Fixes #4966
Closes #5049
2020-03-07 10:49:51 +01:00
Daniel Stenberg
4b786abc43
socks5: switch state properly when the resolve is done
Regression from 4a4b63d (and #4907)
Reported-by: vitaha85 on github
Fixes #5053
Closes #5056
2020-03-07 10:47:44 +01:00
Jay Satiro
09aa807240 libssh: Fix matching user-specified MD5 hex key
Prior to this change a match would never be successful because it
was mistakenly coded to compare binary data from libssh to a
user-specified hex string (ie CURLOPT_SSH_HOST_PUBLIC_KEY_MD5).

Reported-by: fds242@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/4971
Closes https://github.com/curl/curl/pull/4974
2020-03-07 03:06:11 -05:00
Daniel Stenberg
e54b1885d1
pause: bail out on bad input
A NULL easy handle or an easy handle without an associated connection
cannot be paused or unpaused.

Closes #5050
2020-03-06 17:31:01 +01:00
Daniel Stenberg
64258bd0aa
pause: return early for calls that don't change pause state
Reviewed-by: Patrick Monnerat
Ref: #4833
Closes #5026
2020-03-06 10:25:40 +01:00
Jay Satiro
2258b7bcc2 multi: skip EINTR check on wakeup socket if it was closed
- Don't check errno on wakeup socket if sread returned 0 since sread
  doesn't set errno in that case.

This is a follow-up to cf7760a from several days ago which fixed
Curl_multi_wait to stop busy looping sread on the non-blocking wakeup
socket if it was closed (ie sread returns 0). Due to a logic error it
was still possible to busy loop in that case if errno == EINTR.

Closes https://github.com/curl/curl/pull/5047
2020-03-06 02:56:21 -05:00
Daniel Stenberg
0b7735c45b
transfer: set correct copyright year range 2020-03-06 08:16:38 +01:00
Daniel Stenberg
6f17df7a6a
urldata: remove the 'stream_was_rewound' connectdata struct member
... as it is never set anywhere.

Follow-up to 2f44e94ef
Closes #5046
2020-03-06 08:15:35 +01:00
Daniel Stenberg
8aa04e9a24
Revert "pause: force-drain the transfer on unpause"
This reverts commit fa0216b294 (from #5000)

Clearly that didn't solve the problem correctly.

Reported-by: Christopher Reid
Reopens #4966
Fixes #5044
2020-03-05 23:45:41 +01:00
Daniel Stenberg
52d302ed64
polarssl: remove more references and mentions
Assisted-by: Jay Satiro
Follow-up to 6357a19ff2
Closes #5036
2020-03-05 07:57:45 +01:00
Daniel Stenberg
b572e0be59
Revert "sha256: Added SecureTransport implementation"
This reverts commit 4feb38deed (from #4956)

That commit broke test 1610 on macos builds without TLS.

Closes #5027
2020-03-03 09:36:40 +01:00
Steve Holme
e6322feb3a
sha256: Tidy up following recent changes
Reviewed-by: Daniel Stenberg
Closes #4956
2020-03-03 00:37:23 +00:00
Steve Holme
f22a5c35e0
sha256: Added WinCrypt implementation 2020-03-03 00:37:23 +00:00
Steve Holme
4feb38deed
sha256: Added SecureTransport implementation 2020-03-03 00:37:22 +00:00
Steve Holme
425ceb0150
sha256: Added mbedtls implementation 2020-03-03 00:37:22 +00:00
Steve Holme
8fbd937248
sha256: Added GNU TLS gcrypt implementation 2020-03-03 00:37:21 +00:00
Steve Holme
365f4ea53d
sha256: Added GNU TLS Nettle implementation 2020-03-03 00:37:17 +00:00
Nick Zitzmann
0b337ecc91
md4: use init/update/final functions in Secure Transport
We can use CC_MD4_Init/Update/Final without having to allocate memory
directly.

Closes #4979
2020-03-02 23:02:35 +01:00
Daniel Stenberg
cf7760ab52
multi_wait: stop loop when sread() returns zero
It's unclear why it would ever return zero here, but this change fixes
Robert's problem and it shouldn't loop forever...

Reported-by: Robert Dunaj
Bug: https://curl.haxx.se/mail/archive-2020-02/0011.html
Closes #5019
2020-03-02 15:45:05 +01:00
Daniel Stenberg
0caae3c4be
http: mark POSTs with no body as "upload done" from the start
As we have logic that checks if we get a >= 400 reponse code back before
the upload is done, which then got confused since it wasn't "done" but
yet there was no data to send!

Reported-by: IvanoG on github
Fixes #4996
Closes #5002
2020-03-02 15:43:04 +01:00
Daniel Stenberg
0b3e3644e0
formdata/mime: copyright year range update
Due to the merge/revert cycle
2020-03-02 08:11:35 +01:00
Daniel Stenberg
8cd4e6d81f
Revert "mime: latch last read callback status."
This reverts commit 87869e38d7.

Fixes #5014
Closes #5015
Reopens #4833
2020-03-02 08:07:49 +01:00
Daniel Stenberg
d7242f4757
Revert "mime: do not perform more than one read in a row"
This reverts commit ed0f357f7d.
2020-03-02 07:42:54 +01:00
Daniel Stenberg
e002f6c0cb
Revert "mime: fix the binary encoder to handle large data properly"
This reverts commit b2caaa0681.
2020-03-02 07:42:48 +01:00
Daniel Stenberg
ff3b1f4860
altsvc: both h3 backends now speak h3-27
... also updated the HTTP3 build description for ngtcp2 accordingly.
2020-03-02 00:07:37 +01:00
Patrick Monnerat
b2caaa0681
mime: fix the binary encoder to handle large data properly
New test 666 checks this is effective.
As upload buffer size is significant in this kind of tests, shorten it
in similar test 652.

Fixes #4860
Reported-by: RuurdBeerstra on github
2020-03-02 00:00:59 +01:00
Patrick Monnerat
ed0f357f7d
mime: do not perform more than one read in a row
Input buffer filling may delay the data sending if data reads are slow.
To overcome this problem, file and callback data reads do not accumulate
in buffer anymore. All other data (memory data and mime framing) are
considered as fast and still concatenated in buffer.
As this may highly impact performance in terms of data overhead, an early
end of part data check is added to spare a read call.
When encoding a part's data, an encoder may require more bytes than made
available by a single read. In this case, the above rule does not apply
and reads are performed until the encoder is able to deliver some data.

Tests 643, 644, 645, 650 and 654 have been adapted to the output data
changes, with test data size reduced to avoid the boredom of long lists of
1-byte chunks in verification data.
New test 664 checks mimepost using single-byte read callback with encoder.
New test 665 checks the end of part data early detection.

Fixes #4826
Reported-by: MrdUkk on github
2020-03-02 00:00:58 +01:00
Patrick Monnerat
87869e38d7
mime: latch last read callback status.
In case a read callback returns a status (pause, abort, eof,
error) instead of a byte count, drain the bytes read so far but
remember this status for further processing.
Takes care of not losing data when pausing, and properly resume a
paused mime structure when requested.
New tests 670-673 check unpausing cases, with easy or multi
interface and mime or form api.

Fixes #4813
Reported-by: MrdUkk on github
Closes #4833
2020-03-02 00:00:50 +01:00
Daniel Stenberg
d6e3273bb0
build: remove all HAVE_OPENSSL_ENGINE_H defines
... as there's nothing in the code that actually uses the define! The
last reference was removed in 38203f158.

Closes #5007
2020-03-01 11:06:28 +01:00
Steve Holme
a2ad278756
polarssl: Additional removal
Follow up to 6357a19f.

Reviewed-by: Daniel Stenberg
Closes #5004
2020-03-01 00:28:46 +00:00
Steve Holme
1d421de9a1
md5: Added implementation for mbedTLS
Reviewed-by: Jay Satiro
Closes #4980
2020-02-29 20:53:04 +00:00
Steve Holme
5aea558dc8
md5: Use pointer notation for array parameters in GnuTLS implementation 2020-02-29 20:53:04 +00:00
Steve Holme
f0ec0e902a
md4: Use non-deprecated functions in mbedTLS >= 2.7.0
Closes #4983
2020-02-29 20:53:03 +00:00
Daniel Stenberg
fa0216b294
pause: force-drain the transfer on unpause
... since the socket might not actually be readable anymore when for
example the data is already buffered in the TLS layer.

Fixes #4966
Reported-by: Anders Berg
Closes #5000
2020-02-29 10:53:09 +01:00
Daniel Stenberg
aeb292301a
smtp: overwriting 'from' leaks memory
Detected by Coverity. CID 1418139.

Also, make sure to return error if the new 'from' allocation fails.

Closes #4997
2020-02-28 16:52:33 +01:00
Daniel Stenberg
81ade13c37
smtp: fix memory leak on exit path
Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from'
going out of scope leaks the storage it points to"

Closes #4990
2020-02-27 17:08:30 +01:00
Steve Holme
9d5893105d
gtls: Fixed compilation when using GnuTLS < 3.5.0
Reverts the functionality from 41fcb4f when compiling with GnuTLS older
than 3.5.0.

Reviewed-by: Daniel Stenberg
Closes #4984
2020-02-27 15:17:57 +00:00
Daniel Stenberg
1d1e9e8ad7
Curl_is_ASCII_name: handle a NULL argument
Make the function tolerate a NULL pointer input to avoid dereferencing
that pointer.

Follow-up to efce3ea5a8
Detected by OSS-Fuzz
Reviewed-By: Steve Holme
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907
Fixes #4985
Closes #4986
2020-02-27 13:55:29 +01:00
Daniel Stenberg
15f51474c8
http2: make pausing/unpausing set/clear local stream window
This reduces the HTTP/2 window size to 32 MB since libcurl might have to
buffer up to this amount of data in memory and yet we don't want it set
lower to potentially impact tranfer performance on high speed networks.

Requires nghttp2 commit b3f85e2daa629
(https://github.com/nghttp2/nghttp2/pull/1444) to work properly, to end
up in the next release after 1.40.0.

Fixes #4939
Closes #4940
2020-02-27 10:35:51 +01:00
Anderson Toshiyuki Sasaki
507cf6a13d
libssh: improve known hosts handling
Previously, it was not possible to get a known hosts file entry due to
the lack of an API.  ssh_session_get_known_hosts_entry(), introduced in
libssh-0.9.0, allows libcurl to obtain such information and behave the
same as when compiled with libssh2.

This also tries to avoid the usage of deprecated functions when the
replacements are available.  The behaviour will not change if versions
older than libssh-0.8.0 are used.

Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

Fixes #4953
Closes #4962
2020-02-27 10:03:07 +01:00
Daniel Stenberg
7730d11578
cookie: remove unnecessary check for 'out != 0'
... as it will always be non-NULL at this point.

Detected by Coverity: CID 1459009
2020-02-26 23:50:03 +01:00
Daniel Stenberg
6375b205a9
http: added 417 response treatment
When doing a request with a body + Expect: 100-continue and the server
responds with a 417, the same request will be retried immediately
without the Expect: header.

Added test 357 to verify.

Also added a control instruction to tell the sws test server to not read
the request body if Expect: is present, which the new test 357 uses.

Reported-by: bramus on github
Fixes #4949
Closes #4964
2020-02-26 22:48:14 +01:00
Steve Holme
8220ec8219
smtp: Tidy up, following recent changes, to maintain the coding style
Closes #4892
2020-02-26 14:54:51 +00:00
Steve Holme
34a1ffb05f
smtp: Support the SMTPUTF8 extension for the EXPN command
Simply notify the server we support the SMTPUTF8 extension if it does.
2020-02-26 14:54:51 +00:00
Steve Holme
efce3ea5a8
smtp: Support the SMTPUTF8 extension in the VRFY command 2020-02-26 14:54:51 +00:00
Steve Holme
483edeb8dd
smtp: Support the SMTPUTF8 extension in the RCPT TO command
Note: The RCPT TO command isn't required to advertise to the server that
it contains UTF-8 characters, instead the server is told that a mail may
contain UTF-8 in any envelope command via the MAIL command.
2020-02-26 14:54:51 +00:00
Steve Holme
aba1bf630f
smtp: Support the SMTPUTF8 extension in the MAIL command
Support the SMTPUTF8 extension when sending mailbox information in the
MAIL command (FROM and AUTH parameters). Non-ASCII domain names will
be ACE encoded, if IDN is supported, whilst non-ASCII characters in
the local address part are passed to the server.

Reported-by: ygthien on github
Fixes #4828
2020-02-26 14:49:40 +00:00
Steve Holme
4754c55cd7
smtp: Detect server support for the UTF-8 extension as defined in RFC-6531 2020-02-26 14:04:37 +00:00
Steve Holme
2aa6c1735a
smtp: Support UTF-8 based host names in the VRFY command 2020-02-26 11:02:38 +00:00
Steve Holme
e7959c280c
smtp: Support UTF-8 based host names in the RCPT TO command 2020-02-26 11:02:38 +00:00
Steve Holme
68fb25fa3f
smtp: Support UTF-8 based host names in the MAIL command
Non-ASCII host names will be ACE encoded if IDN is supported.
2020-02-26 11:02:38 +00:00
Steve Holme
9352a40779
url: Make the IDN conversion functions available to others 2020-02-26 11:01:47 +00:00
Steve Holme
7def168a4f
ntlm: Moved the HMAC MD5 function into the HMAC module as a generic function 2020-02-24 06:56:35 +00:00
Steve Holme
baf0b680f9
md4: Use const for the length input parameter
This keeps the interface the same as md5 and sha256.
2020-02-23 18:47:32 +00:00
Steve Holme
2d432f7e49
ntlm: Removed the dependency on the TLS libaries when using MD5
As we have our own MD5 implementation use the MD5 wrapper to remove the
TLS dependency.

Closes #4967
2020-02-23 07:52:19 +00:00
Steve Holme
37dc4df270
md5/sha256: Updated the functions to allow non-string data to be hashed 2020-02-23 07:50:33 +00:00
Steve Holme
4959be810b
digest: Corrected the name of the local HTTP digest function
Follow up to 2b5b37cb. Local static functions do not require the Curl
prefix.
2020-02-23 07:50:18 +00:00
Steve Holme
81c3712434 tests: Added a unit test for SHA256 digest generation
Follow up to 2b5b37c.

Closes #4968
2020-02-22 22:12:27 +00:00
Steve Holme
84762ff815 md4: Fixed compilation issues when using GNU TLS gcrypt
* Don't include 'struct' in the gcrypt MD4_CTX typedef
* The call to gcry_md_read() should use a dereferenced ctx
* The call to gcry_md_close() should use a dereferenced ctx

Additional minor whitespace issue in the USE_WIN32_CRYPTO code.

Closes #4959
2020-02-22 15:54:43 +00:00
Daniel Stenberg
5808a0d0f5
http2: now require nghttp2 >= 1.12.0
To simplify our code and since earlier versions lack important function
calls libcurl needs to function correctly.

nghttp2 1.12.0 was relased on June 26, 2016.

Closes #4961
2020-02-21 16:54:47 +01:00
Daniel Stenberg
3a34b930aa
gtls: fix the copyright year
Follow-up from 41fcb4f609
2020-02-21 15:43:45 +01:00
jethrogb
41fcb4f609
GnuTLS: Always send client cert
TLS servers may request a certificate from the client. This request
includes a list of 0 or more acceptable issuer DNs. The client may use
this list to determine which certificate to send. GnuTLS's default
behavior is to not send a client certificate if there is no
match. However, OpenSSL's default behavior is to send the configured
certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL
behavior.

Authored-by: jethrogb on github
Fixes #1411
Closes #4958
2020-02-21 15:33:36 +01:00
Daniel Stenberg
0c76795caf
cleanup: comment typos
Spotted by 'codespell'

Closes #4957
2020-02-21 08:38:00 +01:00
Steve Holme
150f45e8d1
win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functions
Whilst lib\md4.c used this pre-processor, lib\md5.c and
src\tool_metalink.c did not and simply relied on the WIN32
pre-processor directive.

Reviewed-by: Marcel Raad
Closes #4955
2020-02-20 15:27:32 +00:00
Daniel Stenberg
1b6cfb9d24
connect: remove some spurious infof() calls
As they were added primarily for debugging, they provide little use for
users.

Closes #4951
2020-02-19 22:32:45 +01:00
Daniel Stenberg
05b1b35085
nit: Copyright year out of date
Follow-up to 1fc0617dcc
2020-02-19 08:04:35 +01:00
Jay Satiro
1fc0617dcc tool_util: Improve Windows version of tvnow()
- Change tool_util.c tvnow() for Windows to match more closely to
  timeval.c Curl_now().

- Create a win32 init function for the tool, since some initialization
  is required for the tvnow() changes.

Prior to this change the monotonic time function used by curl in Windows
was determined at build-time and not runtime. That was a problem because
when curl was built targeted for compatibility with old versions of
Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps
every 49.7 days that Windows has been running.

This change makes curl behave similar to libcurl's tvnow function, which
determines at runtime whether the OS is Vista+ and if so calls
QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used
because it has higher resolution than the more obvious candidate
GetTickCount64). The changes to tvnow are basically a copy and paste but
the types in some cases are different.

Ref: https://github.com/curl/curl/issues/3309

Closes https://github.com/curl/curl/pull/4847
2020-02-18 15:52:13 -05:00
Daniel Stenberg
3735107d62
SOCKS: fix typo in printf formatting
Follow-up to 4a4b63daa

Reported-by: Peter Piekarski
Bug: 4a4b63daaa (r37351330)
2020-02-18 12:54:44 +01:00
Daniel Stenberg
14916a82e2
altsvc: make saving the cache an atomic operation
... by writing the file to temp name then rename to the final when done.

Assisted-by: Jay Satiro
Fixes #4936
Closes #4942
2020-02-18 07:49:21 +01:00
Daniel Stenberg
330f133224
rename: a new file for Curl_rename()
And make the cookie save function use it.
2020-02-18 07:49:15 +01:00
Daniel Stenberg
b834890a3f
cookies: make saving atomic with a rename
Saves the file as "[filename].[8 random hex digits].tmp" and renames
away the extension when done.

Co-authored-by: Jay Satiro
Reported-by: Mike Frysinger
Fixes #4914
Closes #4926
2020-02-17 22:45:42 +01:00
Daniel Stenberg
4a4b63daaa
socks: make the connect phase non-blocking
Removes two entries from KNOWN_BUGS.

Closes #4907
2020-02-17 00:08:48 +01:00
Daniel Stenberg
d60b1b37a1
multi: if Curl_readwrite sets 'comeback' use expire, not loop
Otherwise, a very fast single transfer ricks starving out other
concurrent transfers.

Closes #4927
2020-02-16 22:52:41 +01:00
Daniel Stenberg
c188391a9f
ftp: convert 'sock_accepted' to a plain boolean
This was an array indexed with sockindex but it was only ever used for
the secondary socket.

Closes #4929
2020-02-16 22:23:17 +01:00
Steve Holme
46af41dafc
tool_home: Fix the copyright year being out of date
Follow up to 9dc350b6.
2020-02-13 00:40:08 +00:00
Jay Satiro
9dc350b60c tool_homedir: Change GetEnv() to use libcurl's curl_getenv()
- Deduplicate GetEnv() code.

- On Windows change ultimate call to use Windows API
  GetEnvironmentVariable() instead of C runtime getenv().

Prior to this change both libcurl and the tool had their own GetEnv
which over time diverged. Now the tool's GetEnv is a wrapper around
curl_getenv (libcurl API function which is itself a wrapper around
libcurl's GetEnv).

Furthermore this change fixes a bug in that Windows API
GetEnvironmentVariable() is called instead of C runtime getenv() to get
the environment variable since some changes aren't always visible to the
latter.

Reported-by: Christoph M. Becker

Fixes https://github.com/curl/curl/issues/4774
Closes https://github.com/curl/curl/pull/4863
2020-02-12 18:37:31 -05:00