1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 13:35:03 -05:00
Commit Graph

275 Commits

Author SHA1 Message Date
Daniel Stenberg
352177090f - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
2009-06-10 21:26:11 +00:00
Daniel Stenberg
eecb713616 - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check
for a failure properly.
2009-05-27 21:15:38 +00:00
Daniel Stenberg
bf085e2c4b - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile
fine with Nokia 5th edition 1.0 SDK for Symbian.
2009-05-27 21:11:11 +00:00
Daniel Stenberg
a16cca7680 - Michael Smith posted bug report #2786255
(http://curl.haxx.se/bug/view.cgi?id=2786255) with a patch, identifying how
  libcurl did not deal with SSL session ids properly if the server rejected a
  re-use of one. Starting now, it will forget the rejected one and remember
  the new. This change was for OpenSSL only, it is likely that other SSL lib
  code needs similar fixes.
2009-05-04 21:57:14 +00:00
Yang Tse
33a3753c3f libcurl's memory.h renamed to curl_memory.h 2009-04-21 11:46:16 +00:00
Yang Tse
9cc6ab3922 use HAVE_LIMITS_H symbol to protect limits.h inclusion 2009-04-14 13:50:32 +00:00
Yang Tse
2c27e24bb4 include <limits.h> for INT_MAX definition 2009-04-14 13:26:06 +00:00
Yang Tse
c382c550e7 fix compiler warning: implicit conversion shortens 64-bit value into a 32-bit value 2009-04-14 12:53:53 +00:00
Yang Tse
c621546bd6 fix compiler warning: implicit conversion shortens 64-bit value into a 32-bit value 2009-04-13 07:18:39 +00:00
Yang Tse
0211e420ed fix compiler warning: passing arg 1 of `sk_num' from incompatible pointer type 2009-04-03 12:08:32 +00:00
Daniel Stenberg
f4e8c406bb - Andre Guibert de Bruet found and fixed a code segment in ssluse.c where the
allocation of the memory BIO was not being properly checked.
2009-03-08 22:56:55 +00:00
Daniel Stenberg
8fa8df95fb - The "-no_ticket" option was introduced in Openssl0.9.8j. It's a flag to
disable "rfc4507bis session ticket support".  rfc4507bis was later turned
  into the proper RFC5077 it seems: http://tools.ietf.org/html/rfc5077

  The enabled extension concerns the session management. I wonder how often
  libcurl stops a connection and then resumes a TLS session. also, sending the
  session data is some overhead. .I suggest that you just use your proposed
  patch (which explicitly disables TICKET).

  If someone writes an application with libcurl and openssl who wants to
  enable the feature, one can do this in the SSL callback.

  Sharad Gupta brought this to my attention. Peter Sylvester helped me decide
  on the proper action.
2009-01-26 14:36:18 +00:00
Dan Fandrich
5591550167 Fixed a couple more locale-dependent toupper conversions, mainly for
clarity.  This does fix one problem that causes ;type=i FTP URLs
to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is
used (test case 561)

Added tests 561 and 1092 through 1094 to test various combinations
of ;type= and ;mode= URLs that could potentially fail in the Turkish
locale.
2009-01-21 04:42:47 +00:00
Daniel Stenberg
59227bf075 - Peter Korsgaard fixed building libcurl with "configure --with-ssl
--disable-verbose".
2008-12-28 22:00:36 +00:00
Daniel Stenberg
b701ea36a7 moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23 11:49:19 +00:00
Daniel Stenberg
9d16b4081e Renamed Curl_ascii_equal to Curl_raw_equal and bugfixed the my_toupper function
used in strequal.c so now all test cases run fine for me again.
2008-10-16 08:23:48 +00:00
Daniel Stenberg
a579d67064 - Pascal Terjan filed bug #2154627
(http://curl.haxx.se/bug/view.cgi?id=2154627) which pointed out that libcurl
  uses strcasecmp() in multiple places where it causes failures when the
  Turkish locale is used. This is because 'i' and 'I' isn't the same letter so
  strcasecmp() on those letters are different in Turkish than in English (or
  just about all other languages). I thus introduced a totally new internal
  function in libcurl (called Curl_ascii_equal) for doing case insentive
  comparisons for english-(ascii?) style strings that thus will make "file"
  and "FILE" match even if the Turkish locale is selected.
2008-10-15 21:43:48 +00:00
Yang Tse
ad61b58036 fix compiler warning 2008-10-14 02:35:39 +00:00
Yang Tse
21b523fcd3 Official OpenSSL released versions up to and including 0.9.8i as well as
2008-09-24 stable snapshot have a buf_mem_st.length structure member with
'int' data type.

OpenSSL un-released 0.9.9 CVS version has a buf_mem_st.length structure member
with 'size_t' data type since 2007-Oct-09.

These 4 typecasts should silence compiler warnings in all cases.
2008-09-24 13:55:23 +00:00
Gisle Vanem
2a09ffc648 Avoid 'warning: comparison between signed and unsigned'. 2008-09-23 13:16:36 +00:00
Daniel Stenberg
4c9768565e - Introducing CURLOPT_CERTINFO and the corresponding CURLINFO_CERTINFO. By
enabling this feature with CURLOPT_CERTINFO for a request using SSL (HTTPS
  or FTPS), libcurl will gather lots of server certificate info and that info
  can then get extracted by a client after the request has completed with
  curl_easy_getinfo()'s CURLINFO_CERTINFO option. Linus Nielsen Feltzing
  helped me test and smoothen out this feature.

  Unfortunately, this feature currently only works with libcurl built to use
  OpenSSL.

  This feature was sponsored by networking4all.com - thanks!
2008-09-05 14:29:21 +00:00
Daniel Stenberg
ae654266df - PHP's bug report #43158 (http://bugs.php.net/bug.php?id=43158) identifies a
true bug in libcurl built with OpenSSL. It made curl_easy_getinfo() more or
  less always return 0 for CURLINFO_SSL_VERIFYRESULT because the function that
  would set it to something non-zero would return before the assign in almost
  all error cases. The internal variable is now set to non-zero from the start
  of the function only to get cleared later on if things work out fine.
2008-07-30 21:24:59 +00:00
Daniel Stenberg
04d5c8fb77 - I did a cleanup of the internal generic SSL layer and how the various SSL
libraries are supported. Starting now, each underlying SSL library support
  code does a set of defines for the 16 functions the generic layer (sslgen.c)
  uses (all these new function defines use the prefix "curlssl_"). This
  greatly simplified the generic layer in readability by involving much less
  #ifdefs and other preprocessor stuff and should make it easier for people to
  make libcurl work with new SSL libraries.

  Hopefully I can later on document these 16 functions somewhat as well.

  I also made most of the internal SSL-dependent functions (using Curl_ssl_
  prefix) #defined to nothing when no SSL support is requested - previously
  they would unnecessarily call mostly empty functions.
2008-06-11 17:01:58 +00:00
Yang Tse
5980b3cbb0 fix compiler warning: conversion from pointer to void' to pointer to int
function(pointer to char,int,int,pointer to void)' is compiler dependent
2008-06-11 15:26:04 +00:00
Daniel Stenberg
0ace5f6553 - I made the OpenSSL code build again with OpenSSL 0.9.6. The CRLFILE
functionality killed it due to its unconditional use of
  X509_STORE_set_flags...
2008-06-10 20:49:17 +00:00
Daniel Stenberg
621c2b9015 - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_ISSUERCERT, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 20:52:32 +00:00
Daniel Stenberg
3fe8251dfb - Axel Tillequin and Arnaud Ebalard added support for CURLOPT_CRLFILE, for
OpenSSL, NSS and GnuTLS-built libcurls.
2008-06-06 18:40:21 +00:00
Yang Tse
d6f8f16068 fix: preprocessor complaining about macro redefinition 2008-05-26 01:59:00 +00:00
Michal Marek
e2b82b4325 - Make Curl_write and it's callees accept a const pointer, in preparation
of tetetest's patch for curl_easy_send()
2008-05-09 11:27:54 +00:00
Daniel Stenberg
6a33a4456e - Stefan Krause reported a case where the OpenSSL handshake phase wasn't
properly acknowledging the timeout values, like if you pulled the network
  plug in the midst of it.
2008-04-14 15:26:34 +00:00
Gunter Knauf
9682c2037e Added support for server name indication (RFC 4366).
Patch submitted by Kaspar Brand.
2008-02-26 10:30:13 +00:00
Daniel Stenberg
6982ed4db7 - Sam Listopad provided a patch in feature-request #1900014
http://curl.haxx.se/bug/feature.cgi?id=1900014 that makes libcurl (built to
  use OpenSSL) support a full chain of certificates in a given PKCS12
  certificate.
2008-02-23 12:27:45 +00:00
Daniel Stenberg
53a549000c - Based on initial work done by Gautam Kachroo to address a bug, we now keep
better control at the exact state of the connection's SSL status so that we
  know exactly when it has completed the SSL negotiation or not so that there
  won't be accidental re-uses of connections that are wrongly believed to be
  in SSL-completed-negotiate state.
2008-02-20 09:56:26 +00:00
Gunter Knauf
f9a6062081 applied patch to disable SSLv2 by default; discussion:
http://sourceforge.net/tracker/index.php?func=detail&aid=1767276&group_id=976&atid=350976
Submitted by Kaspar Brand.
2008-02-19 23:10:07 +00:00
Daniel Stenberg
1b701c746f - Refactored a lot of timeout code into a few functions in an attempt to make
them all use the same (hopefully correct) logic to make it less error-prone
  and easier to introduce library-wide where it should be used.
2008-02-07 22:25:04 +00:00
Daniel Stenberg
ed6466d176 Calls to Curl_failf() are not supposed to provide a trailing newline as the
function itself adds that. Fixed on 50 or something strings!
2008-01-15 23:19:02 +00:00
Daniel Stenberg
662bee7193 All static functions that were previously name Curl_* something no longer
use that prefix as we use that prefix only for library-wide internal global
symbols.
2007-12-08 22:50:55 +00:00
Yang Tse
8fa599215b Fix compiler warning: variable may be used uninitialized 2007-12-04 00:15:03 +00:00
Daniel Stenberg
2be50baf97 Now libcurl (built with OpenSSL) doesn't return error anymore if the remote
SSL-based server doesn't present a certificate when the request is told to
ignore certificate verification anyway.
2007-12-03 11:39:27 +00:00
Daniel Stenberg
ad6e28073c removed space after if and while before the parenthesis for better source code
consistency
2007-11-05 09:45:09 +00:00
Daniel Stenberg
ce81cd21d3 I renamed the CURLE_SSL_PEER_CERTIFICATE error code to
CURLE_PEER_FAILED_VERIFICATION (standard CURL_NO_OLDIES style), and made this
return code get used by the previous SSH MD5 fingerprint check in case it
fails.
2007-10-03 08:07:50 +00:00
Dan Fandrich
bdfeaa0f95 #ifdef out a few more functions when SSL is disabled. 2007-09-25 06:45:05 +00:00
Dan Fandrich
9f44a95522 Renamed several libcurl error codes and options to make them more general
and allow reuse by multiple protocols. Several unused error codes were
removed.  In all cases, macros were added to preserve source (and binary)
compatibility with the old names.  These macros are subject to removal at
a future date, but probably not before 2009.  An application can be
tested to see if it is using any obsolete code by compiling it with the
CURL_NO_OLDIES macro defined.

Documented some newer error codes in libcurl-error(3)
2007-08-30 20:34:57 +00:00
Dan Fandrich
8cf0814a14 Fixed some minor type mismatches and missing consts mainly found by splint. 2007-08-27 06:31:28 +00:00
Patrick Monnerat
d994fcf2b1 Remove leading space in curl_version_info ss_version field. 2007-08-24 09:06:17 +00:00
Patrick Monnerat
ad9cb40b6f Some #if --> #ifdef
undef standard *printf before (re)defining them
2007-08-07 12:44:38 +00:00
Daniel Stenberg
50c10aa5bf Patrick Monnerat and I modified libcurl so that now it *copies* all strings
passed to it with curl_easy_setopt()! Previously it has always just refered
to the data, forcing the user to keep the data around until libcurl is done
with it. That is now history and libcurl will instead clone the given
strings and keep private copies.
2007-08-01 21:20:01 +00:00
Daniel Stenberg
f1fa7b8ba4 Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use
of a socket after it has been closed, when the FTP-SSL data connection is taken
down.
2007-07-29 12:54:05 +00:00
Daniel Stenberg
d12759c73e Made CURLOPT_SSL_VERIFYHOST set to 1 acts as described in the documentation:
fail to connect if there is no Common Name field found in the remote cert.
We should deprecate the support for this set to 1 anyway soon, since the
feature is pointless and most likely never really used by anyone.
2007-07-11 22:20:46 +00:00
Daniel Stenberg
96c093f27c Andre Guibert de Bruet fixed a memory leak when PKCS #12 parsing failed 2007-05-22 20:46:51 +00:00
Daniel Stenberg
a9d49769ff Andre Guibert de Bruet fixed a memory leak in the function that verifies the
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
2007-05-22 19:51:44 +00:00
Yang Tse
d9e89e170f fix out of memory handling issue 2007-04-07 04:51:35 +00:00
Daniel Stenberg
c1f117700a Pointless to check for non-NULL pointers that already have been dereferenced
and they have to be non-NULL long before this check.
CID 22 in the coverity.com scan
2007-03-31 21:10:05 +00:00
Yang Tse
d58c7a8bdd Update message 2007-03-27 18:16:35 +00:00
Yang Tse
fba4cd0e62 Internal function Curl_select() renamed to Curl_socket_ready() 2007-03-26 23:23:46 +00:00
Yang Tse
f08ac86834 fix compiler warning 2007-03-25 02:30:58 +00:00
Daniel Stenberg
d314453037 yassl doesn't have SSL_get_shutdown() in its OpenSSL() layer so we check for
it and avoid it, even if this cripples the CCC command
2007-03-14 23:40:46 +00:00
Gisle Vanem
c514a2a89a Removed inclusion of <sys/types.h> and <sys/stat.h> in .c-files
since they're already included through "setup.h".
2007-02-26 04:24:26 +00:00
Yang Tse
3a634a273a curlassert macro replaced with DEBUGASSERT macro defined in setup_once.h 2007-02-21 19:03:20 +00:00
Linus Nielsen Feltzing
2f5e99ca02 New FTP CCC functionality - adds passive and active mode to accomodate for different server behaviour 2007-02-20 22:02:11 +00:00
Yang Tse
a1d5983991 use macros ERRNO, SET_ERRNO(), SOCKERRNO and SET_SOCKERRNO() for errno handling 2007-02-16 18:19:35 +00:00
Daniel Stenberg
91386937ff - Michael Wallner provided a patch that adds support for CURLOPT_TIMEOUT_MS
and CURLOPT_CONNECTTIMEOUT_MS that, as their names should hint, do the
  timeouts with millisecond resolution instead. The only restriction to that
  is the alarm() (sometimes) used to abort name resolves as that uses full
  seconds. I fixed the FTP response timeout part of the patch.

  Internally we now count and keep the timeouts in milliseconds but it also
  means we multiply set timeouts with 1000. The effect of this is that no
  timeout can be set to more than 2^31 milliseconds (on 32 bit systems), which
  equals 24.86 days.  We probably couldn't before either since the code did
  *1000 on the timeout values on several places already.
2007-02-05 22:51:32 +00:00
Dan Fandrich
9e61c904ac Display crypto engine name correctly in debug message. 2007-01-10 21:21:53 +00:00
Linus Nielsen Feltzing
55123424c8 Removed unused variable in Curl_ossl_shutdown() 2007-01-08 10:03:19 +00:00
Daniel Stenberg
4750e6f3c5 - Linus Nielsen Feltzing introduced the --ftp-ssl-ccc command line option to
curl that uses the new CURLOPT_FTP_SSL_CCC option in libcurl. If enabled, it
  will make libcurl shutdown SSL/TLS after the authentication is done on a
  FTP-SSL operation.
2007-01-05 23:11:14 +00:00
Daniel Stenberg
be0d17e812 cleaned up Curl_write() and the sub functions it uses for various protocols.
They all now return ssize_t to Curl_write().

Unfortunately, Curl_read() is in a sorrier state but it too would benefit from
a similar cleanup.
2006-11-11 21:34:43 +00:00
Daniel Stenberg
f830d77307 Bradford Bruce reported that when setting CURLOPT_DEBUGFUNCTION without
CURLOPT_VERBOSE set to non-zero, you still got a few debug messages from the
SSL handshake. This is now stopped.
2006-11-08 21:49:14 +00:00
Daniel Stenberg
4e717cdb30 Armel Asselin separated CA cert verification problems from problems with
reading the (local) CA cert file to let users easier pinpoint the actual
problem. CURLE_SSL_CACERT_BADFILE (77) is the new libcurl error code.
2006-10-21 11:32:05 +00:00
Yang Tse
ec956b0334 Explicit typecast for Curl_debug() size argument 2006-10-17 10:04:13 +00:00
Yang Tse
c30e908034 Compiler warning fix 2006-09-10 23:37:42 +00:00
Yang Tse
d157c29269 Fix compiler warnings 2006-07-19 21:14:02 +00:00
Yang Tse
483a586d55 Avoid variable declaration shadowing previously declared one 2006-07-19 18:46:56 +00:00
Yang Tse
f3c508f6e8 Update error buffer size used for SSL_strerror() 2006-07-17 05:05:57 +00:00
Daniel Stenberg
a3949c7786 with a very recent yassl, we now can display 'yassl' when the OpenSSL API is
in fact provided by yassl instead
2006-06-29 07:35:02 +00:00
Daniel Stenberg
8df5dcb193 proper use of newlines 2006-06-09 12:07:34 +00:00
Daniel Stenberg
2bd3033f68 NTLM2 session response support 2006-06-07 14:14:04 +00:00
Daniel Stenberg
c9c5ce2365 David McCreedy provided a fix for CURLINFO_LASTSOCKET that does extended
checks on the to-be-returned socket to make sure it truly seems to be alive
and well. For SSL connection it (only) uses OpenSSL functions.
2006-05-10 22:17:42 +00:00
Daniel Stenberg
1946058e7b Robson Braga Araujo fixed two problems in the recently added non-blocking SSL
connects. The state machine was not reset properly so that subsequent
connects using the same handle would fail, and there were two memory leaks.
2006-05-09 12:43:49 +00:00
Daniel Stenberg
9bece2b313 additional renames of Curl_ourerrno => Curl_sockerrno 2006-05-05 10:24:27 +00:00
Daniel Stenberg
e85e30546c Roland Blom filed bug report #1481217
(http://curl.haxx.se/bug/view.cgi?id=1481217), with follow-ups by Michele Bini
and David Byron. libcurl previously wrongly used GetLastError() on windows to
get error details after socket-related function calls, when it really should
use WSAGetLastError() instead.

When changing to this, the former function Curl_ourerrno() is now instead
called Curl_sockerrno() as it is necessary to only use it to get errno from
socket-related functions as otherwise it won't work as intended on Windows.
2006-05-04 22:39:47 +00:00
Daniel Stenberg
38898ba4af corrected the SSL timeout, as Ates Goral's patch did it and that works (opposed
to my previous brain-damaged version)
2006-04-18 22:10:19 +00:00
Daniel Stenberg
676597e961 Ates Goral found out that if you specified both CURLOPT_CONNECTTIMEOUT and
CURLOPT_TIMEOUT, the _longer_ time would wrongly be used for the SSL
connection time-out!
2006-04-10 21:49:55 +00:00
Daniel Stenberg
5a4b43848a First commit of David McCreedy's EBCDIC and TPF changes. 2006-04-07 21:50:47 +00:00
Daniel Stenberg
83367f67de Xavier Bouchoux made the SSL connection non-blocking for the multi interface
(when using OpenSSL).
2006-03-21 21:54:44 +00:00
Daniel Stenberg
d494d62953 David McCreedy found a use of the wrong variable when display the error
text from OpenSSL.
2006-03-13 23:34:25 +00:00
Daniel Stenberg
8bba99ae56 Lots of users on Windows have reported getting the "SSL: couldn't set
callback" error message so I've now made the setting of that callback not be
as critical as before. The function is only used for additional loggging/
trace anyway so a failure just means slightly less data. It should still be
able to proceed and connect fine to the server.
2006-03-06 22:35:51 +00:00
Dan Fandrich
178afd81a9 Fixed lcc compiler warnings. 2005-12-19 19:47:14 +00:00
Dan Fandrich
e2df946eee Fixed some compiler warnings on lcc. 2005-12-13 18:54:31 +00:00
Daniel Stenberg
083c5e17e1 Yang Tse fixed: Openssl 0.9.9 makes 'const' the SSL_METHOD parameter in
SSL_CTX_new and others, and also makes functions SSLv23_client_method,
TLSv1_client_method, etc return a 'const' SSL_METHOD pointer. Previous
versions do not use the 'const' qualifier.
2005-12-05 15:14:04 +00:00
Gisle Vanem
67b4d9b232 Recent OpenSSL returns a 'const' in '*_client_method()'. So avoid
'assignment discards qualifiers from pointer target type' warning.
2005-12-04 18:47:36 +00:00
Daniel Stenberg
9ace303528 Yang Tse fixed compiler warnings 2005-11-13 23:53:14 +00:00
Daniel Stenberg
20b17d6b04 the debug callback was called with CURLINFO_TEXT with the data size one
too big
2005-08-10 22:57:14 +00:00
Daniel Stenberg
4e26b2a65b fix compiler warning 2005-04-13 06:52:03 +00:00
Daniel Stenberg
6e61939382 GnuTLS support added. There's now a "generic" SSL layer that we use all over
internally, with code provided by sslgen.c. All SSL-layer-specific code is
then written in ssluse.c (for OpenSSL) and gtls.c (for GnuTLS).

As far as possible, internals should not need to know what SSL layer that is
in use. Building with GnuTLS currently makes two test cases fail.

TODO.gnutls contains a few known outstanding issues for the GnuTLS support.

GnuTLS support is enabled with configure --with-gnutls
2005-04-07 15:27:13 +00:00
Daniel Stenberg
ab4086bc24 Updated the copyright year since changes have been this year. 2005-03-31 07:02:02 +00:00
Dan Fandrich
b01151e81c Reduced the length of data read from the random entropy file. 2005-03-04 22:36:56 +00:00
Dan Fandrich
67bd6f9ccd Don't try to read the whole of the random file because when /dev/urandom is
used, it slows initialization too much reading an infinitely long file!
2005-03-04 20:10:29 +00:00
Daniel Stenberg
446b9467da init fix for non-SSL builds 2005-02-10 07:45:08 +00:00
Daniel Stenberg
61a1e3cd01 better error checking and SSL init by David Byron 2005-02-09 23:04:51 +00:00
Daniel Stenberg
83bab78bda Hzhijun reported a memory leak in the SSL certificate code, that leaked the
remote certificate name when it didn't match the used host name.
2005-01-10 09:48:39 +00:00