1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-12 04:25:08 -05:00
Commit Graph

8988 Commits

Author SHA1 Message Date
Daniel Stenberg
b430cb2a58 rtsp_do: fix DEAD CODE
"At condition p_request, the value of p_request cannot be NULL."

Coverity CID 1306668.
2015-06-15 09:05:07 +02:00
Daniel Stenberg
99eafc49bb security:choose_mech fix DEAD CODE warning
... by removing the "do {} while (0)" block.

Coverity CID 1306669
2015-06-15 09:02:46 +02:00
Daniel Stenberg
ff7097f72c urldata: store POST size in state.infilesize too
... to simplify checking when PUT _or_ POST have completed.

Reported-by: Frank Meier
Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-06-14 23:31:01 +02:00
Joel Depooter
a3e5a4371b schannel: Add support for optional client certificates
Some servers will request a client certificate, but not require one.
This change allows libcurl to connect to such servers when using
schannel as its ssl/tls backend. When a server requests a client
certificate, libcurl will now continue the handshake without one,
rather than terminating the handshake. The server can then decide
if that is acceptable or not. Prior to this change, libcurl would
terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS
error.
2015-06-11 15:53:01 -04:00
Daniel Stenberg
8d0d688296 debug: remove http2 debug leftovers 2015-06-10 23:16:37 +02:00
Daniel Stenberg
55f3eb588d INTERNALS: cat lib/README* >> INTERNALS
and a conversion to markdown. Removed the lib/README.* files. The idea
being to move toward having INTERNALS as the one and only "book" of
internals documentation.

Added a TOC to top of the document.
2015-06-09 23:57:22 +02:00
Jay Satiro
cbf2920d02 openssl: LibreSSL and BoringSSL do not use TLS_client_method
Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of
TLS_client_method LibreSSL and BoringSSL didn't and still use
SSLv23_client_method.

Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009
Reported-by: asavah@users.noreply.github.com
2015-06-08 23:45:26 -04:00
Daniel Stenberg
20ac345806 CURLOPT_OPENSOCKETFUNCTION: return error at once
When CURL_SOCKET_BAD is returned in the callback, it should be treated
as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently
created when trying to connect to a server.

Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html
2015-06-09 00:22:02 +02:00
Jay Satiro
b8673bb9f0 openssl: Fix verification of server-sent legacy intermediates
- Try building a chain using issuers in the trusted store first to avoid
problems with server-sent legacy intermediates.

Prior to this change server-sent legacy intermediates with missing
legacy issuers would cause verification to fail even if the client's CA
bundle contained a valid replacement for the intermediate and an
alternate chain could be constructed that would verify successfully.

https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest
2015-06-07 23:33:32 -04:00
Daniel Stenberg
1ce14037c0 openssl: removed error string #ifdef
ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore
2015-06-05 00:12:56 +02:00
Daniel Stenberg
30bd59ba6e openssl: removed USERDATA_IN_PWD_CALLBACK kludge
Code for OpenSSL 0.9.4 serves no purpose anymore!
2015-06-05 00:11:32 +02:00
Daniel Stenberg
ccfdd5986c openssl: remove SSL_get_session()-using code
It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or
later.
2015-06-05 00:09:25 +02:00
Daniel Stenberg
fc16d9cec8 openssl: remove dummy callback use from SSL_CTX_set_verify()
The existing callback served no purpose.
2015-06-05 00:02:17 +02:00
Jay Satiro
3013bb6b1c cookie: Stop exporting any-domain cookies
Prior to this change any-domain cookies (cookies without a domain that
are sent to any domain) were exported with domain name "unknown".

Bug: https://github.com/bagder/curl/issues/292
2015-06-03 21:48:47 -04:00
Jay Satiro
59432503c0 curl_setup: Change fopen text macros to use 't' for MSDOS
Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198
Reported-by: Gisle Vanem
2015-06-02 14:04:00 -04:00
Daniel Stenberg
33ee411848 checksrc: detect fopen() for text without the FOPEN_* macros
Follow-up to e8423f9ce1 with discussionis in
https://github.com/bagder/curl/pull/258

This check scans for fopen() with a mode string without 'b' present, as
it may indicate that an FOPEN_* define should rather be used.
2015-06-02 08:28:10 +02:00
Jay Satiro
e8423f9ce1 curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT
- Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt"
- Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt"

This change is to explicitly specify when we need to read/write text.
Unfortunately 't' is not part of POSIX fopen so we can't specify it
directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT.

Prior to this change we had an issue on Windows if an application that
uses libcurl overrides the default file mode to binary. The default file
mode in Windows is normally text mode (translation mode) and that's what
libcurl expects.

Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055
Reported-by: Orgad Shaneh
2015-06-01 03:21:23 -04:00
Isaac Boukris
4bb815a32e HTTP-NTLM: fail auth on connection close instead of looping
Bug: https://github.com/bagder/curl/issues/256
2015-05-31 23:21:15 +02:00
Daniel Stenberg
9a0a16a61c README.pingpong: removed 2015-05-31 00:20:22 +02:00
Daniel Stenberg
a8904b39f3 HTTP2: moved docs into docs/ and make it markdown 2015-05-30 11:55:33 +02:00
Daniel Stenberg
8a7c1c76b3 README.http2: refreshed and added multiplexing info 2015-05-30 11:53:24 +02:00
Daniel Melani
c005790ff1 openssl: typo in comment 2015-05-27 11:31:48 +02:00
Jay Satiro
49a6642f01 openssl: Use TLS_client_method for OpenSSL 1.1.0+
SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The
equivalent is TLS_client_method.

https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557
2015-05-27 01:30:30 -04:00
Tatsuhiro Tsujikawa
02dfc930b5 http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer
Previously, after seeing upgrade to HTTP/2, we feed data followed by
upgrade response headers directly to nghttp2_session_mem_recv() in
Curl_http2_switched().  But it turns out that passed buffer, mem, is
part of stream->mem, and callbacks called by
nghttp2_session_mem_recv() will write stream specific data into
stream->mem, overwriting input data.  This will corrupt input, and
most likely frame length error is detected by nghttp2 library.  The
fix is first copy the passed data to HTTP/2 connection buffer,
httpc->inbuf, and call nghttp2_session_mem_recv().
2015-05-25 23:07:49 +02:00
Dan Fandrich
b6e3da5f08 conncache: fixed memory leak on OOM (torture tests) 2015-05-24 11:19:07 +02:00
Daniel Stenberg
e582cd16ff security: fix "Unchecked return value" from sscanf()
By (void) prefixing it and adding a comment. Did some minor related
cleanups.

Coverity CID 1299423.
2015-05-22 16:52:41 +02:00
Daniel Stenberg
1514977bcd security: simplify choose_mech
Coverity CID 1299424 identified dead code because of checks that could
never equal true (if the mechanism's name was NULL).

Simplified the function by removing a level of pointers and removing the
loop and array that weren't used.
2015-05-22 16:46:01 +02:00
Daniel Stenberg
fda0e74c22 RTSP: catch attempted unsupported requests better
Replace use of assert with code that properly catches bad input at
run-time even in non-debug builds.

This flaw was sort of detected by Coverity CID 1299425 which claimed the
"case RTSPREQ_NONE" was dead code.
2015-05-22 16:32:42 +02:00
Daniel Stenberg
03e2a9b023 share_init: fix OOM crash
A failed calloc() would lead to NULL pointer use.

Coverity CID 1299427.
2015-05-22 16:26:14 +02:00
Daniel Stenberg
817323ed82 parse_proxy: switch off tunneling if non-HTTP proxy
non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL

Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html
Reported-by: Sean Boudreau
2015-05-22 16:19:53 +02:00
Daniel Stenberg
84d811f6af http2: on_frame_recv: return early on stream 0
Coverity CID 1299426 warned about possible NULL dereference otherwise,
but that would only ever happen if we get invalid HTTP/2 data with
frames for stream 0. Avoid this risk by returning early when stream 0 is
used.
2015-05-22 15:17:16 +02:00
Daniel Stenberg
d04bab8873 http: removed self assignment
Follow-up fix from b0143a2a33

Detected by coverity. CID 1299429
2015-05-22 09:57:16 +02:00
Tatsuhiro Tsujikawa
640f283bbb http2: Make HTTP Upgrade work
This commit just add implicitly opened stream 1 to streams hash.
2015-05-22 09:31:19 +02:00
Jay Satiro
995c6006fe strerror: Change SEC_E_ILLEGAL_MESSAGE description
Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS
and language specific, and invariably translated to something not very
helpful like: "The message received was unexpected or badly formatted."

Bug: https://github.com/bagder/curl/issues/267
Reported-by: Michael Osipov
2015-05-22 02:30:38 -04:00
Jay Satiro
78ac944dc2 telnet: Fix read-callback change for Windows builds
Refer to b0143a2 for more information on the read-callback change.
2015-05-21 23:26:32 -04:00
Daniel Stenberg
b0143a2a33 read_callback: move to SessionHandle from connectdata
With many easy handles using the same connection for multiplexing, it is
important we store and keep the transfer-oriented stuff in the
SessionHandle so that callbacks and callback data work fine even when
many easy handles share the same physical connection.
2015-05-20 23:06:45 +02:00
Daniel Stenberg
6a688976f0 http2: show stream IDs in decimal
It makes them easier to match output from the nghttpd test server.
2015-05-20 23:06:29 +02:00
Tatsuhiro Tsujikawa
c175d184a2 http2: Faster http2 upload
Previously, when we send all given buffer in data_source_callback, we
return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream
temporarily for writing.  This itself is good.  If this is the sole
stream in the session, nghttp2_session_want_write() returns zero,
which means that libcurl does not check writeability of the underlying
socket.  This leads to very slow upload, because it seems curl only
upload 16k something per 1 second.  To fix this, if we still have data
to send, call nghttp2_session_resume_data after nghttp2_session_send.
This makes nghttp2_session_want_write() returns nonzero (if connection
window still opens), and as a result, socket writeability is checked,
and upload speed becomes normal.
2015-05-20 22:43:37 +02:00
Dmitry Eremin-Solenikov
d5aab55b33 gtls: don't fail on non-fatal alerts during handshake
Stop curl from failing when non-fatal alert is received during
handshake.  This e.g. fixes lots of problems when working with https
sites through proxies.
2015-05-20 22:41:30 +02:00
Brian Prodoehl
a393d64456 openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg
BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl
and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and
OpenSSL.

re #275
2015-05-19 22:54:42 +02:00
Daniel Stenberg
301ba7772c transfer: remove erroneous and misleading comment 2015-05-19 14:00:19 +02:00
Kamil Dudka
00a770b3f5 http: silence compile-time warnings without USE_NGHTTP2
Error: CLANG_WARNING:
lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read

Error: COMPILER_WARNING:
lib/http.c: scope_hint: In function ‘http_disconnect’
lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
2015-05-19 12:53:30 +02:00
Jay Satiro
dd23c49546 transfer: Replace __func__ instances with function name
.. also make __func__ replacement in multi.

Prior to this change debug builds would fail to build if the compiler
was building pre-c99 and didn't support __func__.
2015-05-19 02:23:55 -04:00
Viktor Szakats
3d38a38012 build: bump version in default nghttp2 paths 2015-05-19 07:42:16 +02:00
Jay Satiro
7da064fdd2 http: Add some include guards for the new HTTP/2 stuff 2015-05-18 20:53:58 -04:00
Daniel Stenberg
897a7b3a13 http2: store upload state per stream
Use a curl_off_t for upload left
2015-05-18 15:41:43 +02:00
Daniel Stenberg
155b1f5df9 http2: fix build when NOT h2-enabled 2015-05-18 14:09:32 +02:00
Daniel Stenberg
979670988a http2: switch to use Curl_hash_destroy()
as after 4883f7019d, the *_clean() function only flushes the hash.
2015-05-18 11:41:16 +02:00
Anthony Avina
4883f7019d hostip: fix unintended destruction of hash table
.. and added unit1602 for hash.c
2015-05-18 11:15:43 +02:00
Tatsuhiro Tsujikawa
7ff7e45405 http2: Ignore if we have stream ID not in hash in on_stream_close
We could get stream ID not in the hash in on_stream_close.  For
example, if we decided to reject stream (e.g., PUSH_PROMISE), then we
don't create stream and store it in hash with its stream ID.
2015-05-18 09:33:48 +02:00
Tatsuhiro Tsujikawa
4ac6cc3ebd Require nghttp2 v1.0.0
This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
and utilize recent version of nghttp2 to simplify the code,

First we use nghttp2_option_set_no_recv_client_magic function to
detect nghttp2 v1.0.0.  That function only exists since v1.0.0.

Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
validates received header field.  If it found error, RST_STREAM with
PROTOCOL_ERROR is issued.  Since we require v1.0.0, we can utilize
this feature to simplify libcurl code.  This commit does this.

Migration from 0.7 series are done based on nghttp2 migration
document.  For libcurl, we removed the code sending first 24 bytes
client magic.  It is now done by nghttp2 library.
on_invalid_frame_recv callback signature changed, and is updated
accordingly.
2015-05-18 09:33:48 +02:00
Daniel Stenberg
077f12b0ae http2: infof length in on_frame_send() 2015-05-18 09:33:48 +02:00
Daniel Stenberg
d6f1c74330 pipeline: switch some code over to functions
... to "compartmentalize" a bit and make it easier to change behavior
when multiplexing is used instead of good old pipelining.
2015-05-18 09:33:47 +02:00
Daniel Stenberg
811443754a CURLOPT_PIPEWAIT: added
By setting this option to 1 libcurl will wait for a connection to reveal
if it is possible to pipeline/multiplex on before it continues.
2015-05-18 09:33:47 +02:00
Daniel Stenberg
df3a970cb4 Curl_http_readwrite_headers: minor code simplification 2015-05-18 09:33:47 +02:00
Daniel Stenberg
193251794a IsPipeliningPossible: fixed for http2 2015-05-18 09:33:47 +02:00
Daniel Stenberg
8b38fcf2f6 http2: bump the h2 buffer size to 32K for speed 2015-05-18 09:33:47 +02:00
Daniel Stenberg
5871affc7a http2: remove the stream from the hash in stream_close callback
... and suddenly things work much better!
2015-05-18 09:33:47 +02:00
Daniel Stenberg
3e8a5d88a5 http2: if there is paused data, do not clear the drain field 2015-05-18 09:33:47 +02:00
Daniel Stenberg
522ca8c035 http2: rename s/data/pausedata 2015-05-18 09:33:47 +02:00
Daniel Stenberg
a66ed407d2 http2: "stream %x" in all outputs to make it easier to search for 2015-05-18 09:33:47 +02:00
Daniel Stenberg
61a94d6f77 http2: Curl_expire() all handles with incoming traffic
... so that they'll get handled next in the multi loop.
2015-05-18 09:33:47 +02:00
Daniel Stenberg
56c362b1a7 http2: don't signal settings change for same values 2015-05-18 09:33:47 +02:00
Daniel Stenberg
72105ebf05 http2: set default concurrency, fix ConnectionExists for multiplex 2015-05-18 09:33:47 +02:00
Daniel Stenberg
38bd6bf0bb bundles: store no/default/pipeline/multiplex
to allow code to act differently on the situation.

Also added some more info message for the connection re-use function to
make it clearer when connections are not re-used.
2015-05-18 09:33:36 +02:00
Daniel Stenberg
be4c8fd1ef http2: lazy init header_recvbuf
It makes us use less memory when not doing HTTP/2 and subsequently also
makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
2015-05-18 08:57:18 +02:00
Daniel Stenberg
783b3c7b42 http2: separate multiplex/pipelining + cleanup memory leaks 2015-05-18 08:57:18 +02:00
Daniel Stenberg
02ec1ced9b CURLMOPT_PIPELINE: bit 1 is for multiplexing 2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
2ce2f03007 http2: Fix bug that data to be drained are overwritten by pending "paused" data 2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
d722138f29 http2: Don't call nghttp2_session_mem_recv while it is paused by a stream 2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
0dc0de0351 http2: Read data left in connection buffer after pause
Previously when we do pause because of out of buffer, we just throw
away unread data in connection buffer.  This just broke protocol
framing, and I saw occasional FRAME_SIZE_ERROR.  This commit fix this
issue by remembering how much data read, and in the next iteration, we
process remaining data.
2015-05-18 08:57:18 +02:00
Tatsuhiro Tsujikawa
d261652d42 http2: Fix streams get stuck
This commit fixes the bug that streams get stuck if stream gets some
DATA, and stream->closed becomes true at the same time.  Previously,
in this condition, after we processed DATA, we are going to try to
read data from underlying transport, but there is no data, and gets
EAGAIN.  There was no code path to evaludate stream->closed.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
74a4bd5ecd http2: store incoming h2 SETTINGS 2015-05-18 08:57:18 +02:00
Daniel Stenberg
591a6933da pipeline: move function to pipeline.c and make static
... as it was only used from there.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
e91aedd840 IsPipeliningPossible: http2 can always "pipeline" (multiplex) 2015-05-18 08:57:18 +02:00
Daniel Stenberg
ee3ad233a2 http2: remove debug logging from on_frame_recv 2015-05-18 08:57:18 +02:00
Daniel Stenberg
70b5b698b0 http2: remove the closed check in http2_recv
With the "drained" functionality we can get here slightly asynchronously
so the stream have have been closed but there is pending data left to
read.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
a28734be09 http2: bump the h2 buffer to 8K 2015-05-18 08:57:18 +02:00
Daniel Stenberg
5252f13dfa http2: Curl_read should not use the single buffer
... as it does for pipelining when we're multiplexing, as we need the
different buffers to store incoming data correctly for all streams.
2015-05-18 08:57:18 +02:00
Daniel Stenberg
153f940198 http2: more debug outputs 2015-05-18 08:57:18 +02:00
Daniel Stenberg
f4b8b39881 http2: leave WAITPERFORM when conn is multiplexed
No need to wait for our "spot" like for pipelining
2015-05-18 08:57:18 +02:00
Daniel Stenberg
01e1bdb10c http2: force "drainage" of streams
... which is necessary since the socket won't be readable but there is
data waiting in the buffer.
2015-05-18 08:57:17 +02:00
Daniel Stenberg
7bbac214f5 http2: move the mem+len pair to the stream struct 2015-05-18 08:57:17 +02:00
Daniel Stenberg
84c6b6561f http2: more stream-oriented data, stream ID 0 is for connections 2015-05-18 08:57:17 +02:00
Daniel Stenberg
2c238ea1fc http2: move lots of state data to the 'stream' struct
... from the connection struct. The stream one being the 'struct HTTP'
which is kept in the SessionHandle struct (easy handle).

lookup streams for incoming frames in the stream hash, hashing is based
on the stream id and we get the SessionHandle for the incoming stream
that way.
2015-05-18 08:57:17 +02:00
Daniel Stenberg
5fe71975e4 HTTP: partial start at fixing up hash-lookups on http2 frame receival 2015-05-18 08:57:17 +02:00
Daniel Stenberg
77f1029ecd http: a stream hash for h2 multiplexing 2015-05-18 08:57:17 +02:00
Daniel Stenberg
7957d2eb92 http: a stream hash for h2 multiplexing 2015-05-18 08:57:17 +02:00
Daniel Stenberg
47caff7bdf http2: debug log when receiving unexpected stream_id 2015-05-18 08:54:54 +02:00
Daniel Stenberg
d6440d7366 http2: move stream_id to the HTTP struct (per-stream) 2015-05-18 08:54:54 +02:00
Daniel Stenberg
f858624052 Curl_http2_setup: only do it once and enable multiplex on the server
Once we know we are HTTP/2 enabled we know the server can multiplex.
2015-05-18 08:54:54 +02:00
Daniel Stenberg
6e6b02f398 http: switch on "pipelining" (multiplexing) for HTTP/2 servers
... and do not blacklist any.
2015-05-18 08:54:54 +02:00
Daniel Stenberg
5fa82ca56f README.pipelining: removed
All the details mentioned here are better documented in man pages
2015-05-15 22:34:12 +02:00
Dan Fandrich
1c01cee601 build: removed bundles.c from make files
This file was removed in commit fd137786
2015-05-14 14:55:48 +02:00
Daniel Stenberg
750d678c0e Curl_conncache_add_conn: fix memory leak on OOM 2015-05-14 14:06:44 +02:00
Daniel Stenberg
2a746f6c28 conncache: keep bundles on host+port bases, not only host names
Previously we counted all connections to a specific host name and that
would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example,
while servers on different port numbers are normally considered
different "origins" on the web and should thus be considered different
hosts.
2015-05-12 23:40:10 +02:00
Daniel Stenberg
fd137786e5 bundles: merged into conncache.c
All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed the Curl_ prefix).
2015-05-12 23:21:33 +02:00
Daniel Stenberg
b419e7ae0c hostcache: made all host caches use structs, not pointers
This avoids unnecessary dynamic allocs and as this also removed the last
users of *hash_alloc() and *hash_destroy(), those two functions are now
removed.
2015-05-12 09:46:53 +02:00
Daniel Stenberg
d37e0160c2 multi: converted socket hash into non-allocated struct
avoids extra dynamic allocation
2015-05-12 09:28:37 +02:00
Daniel Stenberg
640296c95d connection cache: avoid Curl_hash_alloc()
... by using plain structs instead of pointers for the connection cache,
we can avoid several dynamic allocations that weren't necessary.
2015-05-12 09:15:02 +02:00
Daniel Stenberg
c4d6f9163a proxy: add newline to info message 2015-05-08 15:56:25 +02:00
Patrick Monnerat
c720cd6356 FTP: fix dangling conn->ip_addr dereference on verbose EPSV. 2015-05-08 15:28:48 +02:00
Patrick Monnerat
3377e692ee FTP: Make EPSV use the control IP address rather than the original host.
This ensures an alternate address is not used.
Does not apply to proxy tunnel.
2015-05-08 15:28:48 +02:00
Orgad Shaneh
33058a1dc3 netrc: Read in text mode when cygwin
Use text mode when cygwin to eliminate trailing carriage returns.

Bug: https://github.com/bagder/curl/pull/258
2015-05-06 02:34:31 -04:00
Alessandro Ghedini
a5e09e9eea gtls: properly retrieve certificate status
Also print the revocation reason if appropriate.
2015-05-04 13:42:45 +02:00
Daniel Stenberg
86bc654532 OpenSSL: conditional check for SSL3_RT_HEADER
The symbol is fairly new.

Reported-by: Kamil Dudka
2015-05-04 13:29:34 +02:00
Daniel Stenberg
690317aae2 openssl: skip trace outputs for ssl_ver == 0
The OpenSSL trace callback is wonderfully undocumented but given a
journey in the source code, it seems the cases were ssl_ver is zero
doesn't follow the same pattern and thus turned out confusing and
misleading. For now, we skip doing any CURLINFO_TEXT logging on those
but keep sending them as CURLINFO_SSL_DATA_OUT/IN.

Also, I added direction to the text info and I edited some functions
slightly.

Bug: https://github.com/bagder/curl/issues/219
Reported-by: Jay Satiro, Ashish Shukla
2015-05-04 12:27:59 +02:00
Marc Hoersken
3c104448d6 schannel.c: Small changes 2015-05-02 22:21:25 +02:00
Marc Hoersken
ae8387b91c schannel.c: Improve code path and readability 2015-05-02 20:14:53 +02:00
Marc Hoersken
d93619ca5d schannel.c: Improve error and return code handling upon aa99a63f03 2015-05-02 20:05:22 +02:00
Chris Araman
aa99a63f03 schannel: fix regression in schannel_recv
https://github.com/bagder/curl/issues/244

Commit 145c263 changed the behavior when Curl_read_plain returns
CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED
correctly.
2015-05-02 18:54:13 +02:00
Marc Hoersken
4bb8bad964 Bug born in changes made several days ago 9a91e80.
Commit: https://github.com/bagder/curl/commit/926cb9f
Reported-by: Ray Satiro
2015-05-01 09:39:34 +02:00
Dan Fandrich
32606e4f0b http_negotiate_sspi: added missing data variable 2015-04-30 12:13:49 +02:00
Viktor Szakats
6a61285909 build: update depedency versions, urls, example makefiles
- update default versions of dependencies (except for rare/old platforms)
- update urls
- sync examples makefiles with main ones
- remove line ending space
2015-04-30 08:29:00 +02:00
Anders Bakken
b23fda76c1 curl_multi_add_handle: next is already NULL 2015-04-30 08:21:34 +02:00
Jay Satiro
926cb9ff65 schannel: Fix out of bounds array
Bug born in changes made several days ago 9a91e80.

Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
Reported-by: Brian Chrisman
2015-04-30 01:44:45 -04:00
Viktor Szakats
790d1a4816 lib/makefile.m32: add arch -m32/-m64 to LDFLAGS
This fixes using a multi-target mingw distro to build curl .dll for the
non-default target.
(mirroring the same patch present in src/makefile.m32)
2015-04-29 13:18:17 -04:00
Daniel Stenberg
6ba2e88a64 CURLOPT_HEADEROPT: default to separate
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.

Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28 21:02:37 +02:00
Daniel Stenberg
b2ea1bfcd6 hash: simplify Curl_str_key_compare() 2015-04-28 13:10:53 +02:00
Linus Nielsen
97c272e5d1 Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Daniel Stenberg
54c394699d http2: unify http_conn variable names to 'c' 2015-04-27 22:54:34 +02:00
Daniel Stenberg
09a31fabe4 ConnectionExists: call it multi-use instead of pipelining
So that it fits HTTP/2 as well
2015-04-27 22:54:34 +02:00
Paul Howarth
d4f62f6c5d nss: fix compilation failure with old versions of NSS
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
2015-04-27 15:37:16 +02:00
Marc Hoersken
92e754de78 schannel.c: Fix typo introduced with 3447c973d0 2015-04-26 19:57:05 +02:00
Marc Hoersken
9a91e8059b schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
Reported-by: Brian Chrisman
2015-04-26 17:59:01 +02:00
Daniel Stenberg
3447c973d0 schannel: re-indented file to follow curl style better
white space changes only
2015-04-26 17:40:40 +02:00
Daniel Stenberg
cae43a10cb Curl_ossl_init: load builtin modules
To have engine modules work, we must tell openssl to load builtin
modules first.

Bug: https://github.com/bagder/curl/pull/206
2015-04-26 17:26:31 +02:00
Daniel Stenberg
aff153f83a openssl: fix serial number output
The code extracting the cert serial number was broken and didn't display
it properly.

Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
2015-04-26 16:36:19 +02:00
Grant Pannell
59f3f92ba6 sasl_sspi: Populate domain from the realm in the challenge
Without this, SSPI based digest auth was broken.

Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-26 16:12:23 +02:00
Viktor Szakats
48be87e5f0 netrc: support 'default' token
The 'default' token has no argument and means to match _any_ domain.
It must be placed last if there are 'machine <name>' tokens in the same file.

See full description here:
https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24 23:57:37 +02:00
Jay Satiro
0675abbc75 cyassl: Implement public key pinning
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22 17:07:19 -04:00
Daniel Stenberg
85c45d153b connectionexists: follow-up to fd9d3a1ef1
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.

Mistake-caught-by: Kamil Dudka
2015-04-22 13:59:04 +02:00
Daniel Stenberg
fd9d3a1ef1 connectionexists: fix build without NTLM
Do not access NTLM-specific struct fields when built without NTLM
enabled!

bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
2015-04-22 13:32:45 +02:00
Kamil Dudka
b47c17d67c nss: implement public key pinning for NSS backend
Bug: https://bugzilla.redhat.com/1195771
2015-04-22 13:21:31 +02:00
Daniel Stenberg
1fd33e3ec8 dist: include {src,lib}/checksrc.whitelist 2015-04-22 13:16:04 +02:00
Daniel Stenberg
79b9d5f1a4 http_done: close Negotiate connections when done
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.

CVE-2015-3148

Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
2015-04-21 23:20:37 +02:00
Daniel Stenberg
0583e87ada fix_hostname: zero length host name caused -1 index offset
If a URL is given with a zero-length host name, like in "http://:80" or
just ":80", `fix_hostname()` will index the host name pointer with a -1
offset (as it blindly assumes a non-zero length) and both read and
assign that address.

CVE-2015-3144

Bug: http://curl.haxx.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
b5f947b8ac cookie: cookie parser out of boundary memory access
The internal libcurl function called sanitize_cookie_path() that cleans
up the path element as given to it from a remote site or when read from
a file, did not properly validate the input. If given a path that
consisted of a single double-quote, libcurl would index a newly
allocated memory area with index -1 and assign a zero to it, thus
destroying heap memory it wasn't supposed to.

CVE-2015-3145

Bug: http://curl.haxx.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
31be461c6b ConnectionExists: for NTLM re-use, require credentials to match
CVE-2015-3143

Bug: http://curl.haxx.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
2015-04-21 23:20:36 +02:00
byronhe
6088fbce06 openssl: add OPENSSL_NO_SSL3_METHOD check 2015-04-21 15:25:21 -04:00
Viktor Szakáts
3a87bdebd1 vtls/openssl: use https in URLs and a comment typo fixed 2015-04-19 19:52:37 +02:00
Daniel Stenberg
2eb02480ef Revert "HTTP: don't abort connections with pending Negotiate authentication"
This reverts commit 5dc68dd609.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
2015-04-17 23:23:42 +02:00
Jay Satiro
f70112522f cyassl: Fix include order
Prior to this change CyaSSL's build options could redefine some generic
build symbols.

http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-17 15:24:04 -04:00
Jay Satiro
9430dd583e cyassl: Add support for TLS extension SNI 2015-04-14 02:05:25 -04:00
Matthew Hall
a471a9f3b6 vtls_openssl: improve PKCS#12 load failure error message 2015-04-13 22:25:04 +02:00
Matthew Hall
27ac643455 vtls_openssl: fix minor typo in PKCS#12 load routine 2015-04-13 22:25:04 +02:00
Matthew Hall
b3175a767d vtls_openssl: improve client certificate load failure error messages 2015-04-13 22:25:04 +02:00
Matthew Hall
58b0a8b059 vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant 2015-04-13 22:25:04 +02:00
Daniel Stenberg
7fe172d3b2 firefox-db2pem: fix wildcard to find Firefox default profile
At some point, Firefox has changed and generates different directory
names for the default profile that made this script fail to find them.

Bug: https://github.com/bagder/curl/issues/207
Reported-by: sneakyimp
2015-04-13 15:31:26 +02:00
Jay Satiro
72bea7cc65 cyassl: Include the CyaSSL build config
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
2015-04-11 23:58:42 -04:00
Viktor Szakats
e44155156a lib/makefile.m32: add missing libs to build libcurl.dll
Add 'gdi32' and 'crypt32' Windows implibs to avoid failure
while building libcurl.dll using the mingw compiler.
The same logic is used in 'src/makefile.m32' when
building curl.exe.
2015-04-09 21:34:14 +02:00
Da-Yoon Chung
a9e46749b2 lib/transfer.c: Remove factor of 8 from sleep time calculation
The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and
rate_bps are both in bytes. When using the rate limiting option, curl
waits 8 times too long, and then transfers very quickly until the
average rate reaches the limit. The average rate follows the limit over
time, but the actual traffic is bursty.

Thanks-to: Benjamin Gilbert
2015-04-07 21:55:23 +02:00
Jay Satiro
c3101ae287 x509asn1: Silence x64 loss-of-data warning on RSA key length assignment
The key length in bits will always fit in an unsigned long so the
loss-of-data warning assigning the result of x64 pointer arithmetic to
an unsigned long is unnecessary.
2015-04-06 17:55:48 +02:00
Jay Satiro
d363c07912 cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
Also fix it so that all ERR_error_string calls use an error buffer.
CyaSSL's implementation of ERR_error_string only writes the error when
an error buffer is passed.

http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html
2015-04-06 17:54:14 +02:00
Jay Satiro
a30be951d6 cyassl: Remove 'Connecting to' message from cyassl_connect_step2
Prior to this change libcurl could show multiple 'CyaSSL: Connecting to'
messages since cyassl_connect_step2 is called multiple times, typically.
The message is superfluous even once since libcurl already informs the
user elsewhere in code that it is connecting.
2015-04-05 18:18:11 +02:00
Daniel Stenberg
81ee1e69fe hostip: fix compiler warnings
introduced in the previous mini-series of 3 commits
2015-04-03 23:41:58 +02:00
Stefan Bühler
846f492053 actually implement CURLOPT_RESOLVE removals
- also log when a CURLOPT_RESOLVE entry couldn't get parsed
2015-04-03 16:46:14 +02:00
Stefan Bühler
b4be97fb67 move Curl_share_lock and ref counting into Curl_fetch_addr 2015-04-03 16:46:14 +02:00
Stefan Bühler
0db831976e fix refreshing of obsolete dns cache entries
- cache entries must be also refreshed when they are in use
- have the cache count as inuse reference too, freeing timestamp == 0 special
  value
- use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed
- remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh)
- fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special
  reference anymore, and it would also release non CURLOPT_RESOLVE references
- fix locking in Curl_hostcache_clean
- fix unit1305.c: hash now keeps a reference, need to set inuse = 1
2015-04-03 16:46:14 +02:00
Jay Satiro
f203edc544 cyassl: Set minimum protocol version before CTX callback
This change is to allow the user's CTX callback to change the minimum
protocol version in the CTX without us later overriding it, as we did
prior to this change.
2015-04-03 10:51:58 +02:00
Jay Satiro
0b5efa57ad cyassl: Fix certificate load check
SSL_CTX_load_verify_locations can return negative values on fail,
therefore to check for failure we check if load is != 1 (success)
instead of if load is == 0 (failure), the latter being incorrect given
that behavior.
2015-04-02 17:18:42 +02:00
Tatsuhiro Tsujikawa
21e82bd635 http2: Fix missing nghttp2_session_send call in Curl_http2_switched
Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to
parse incoming data which were already received while curl was handling
upgrade.  But we didn't call nghttp2_session_send, and it led to make
curl not send any response to the received frames.  Most likely, we
received SETTINGS from server at this point, so we missed opportunity to
send SETTINGS + ACK.  This commit adds missing nghttp2_session_send call
in Curl_http2_switched to fix this issue.

Bug: https://github.com/bagder/curl/issues/192
Reported-by: Stefan Eissing
2015-04-02 15:19:29 +02:00
Daniel Stenberg
2685041a5c cookie: handle spaces after the name in Set-Cookie
"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts
2015-04-01 23:25:29 +02:00
Jay Satiro
b121633402 cyassl: Fix library initialization return value
(Curl_cyassl_init)
- Return 1 on success, 0 in failure.

Prior to this change the fail path returned an incorrect value and the
evaluation to determine whether CyaSSL_Init had succeeded was incorrect.
Ironically that combined with the way curl_global_init tests SSL library
initialization (!Curl_ssl_init()) meant that CyaSSL having been
successfully initialized would be seen as that even though the code path
and return value in Curl_cyassl_init were wrong.
2015-04-01 08:10:58 +02:00
Dan Fandrich
049fe7fb53 axtls: add timeout within Curl_axtls_connect
This allows test 405 to pass on axTLS.
2015-03-31 02:04:22 +02:00
Jay Satiro
6419aee248 checksrc: Windows-specific input fixes
lib/config-win32ce.h
- Fix whitespace for checksrc compliance.

lib/checksrc.pl
- Remove trailing carriage returns from input.

projects/checksrc.bat
- Ignore tool_hugehelp.c.
2015-03-30 22:39:13 +02:00
Daniel Stenberg
787c2ae91b multi: remove_handle: move pending connections
If the handle removed from the multi handle happens to be the one
"owning" the pipeline other transfers will be waiting indefinitely. Now
we move such handles back to connect to have them race (again) for
getting the connection and thus avoid hanging.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
2015-03-29 23:49:12 +02:00
Jay Satiro
fcdc597b1a cyassl: CTX callback cosmetic changes and doc fix
- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
2015-03-28 16:41:51 +01:00
Kyle L. Huff
d2feb71752 cyassl: add SSL context callback support for CyaSSL
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
2015-03-27 23:32:14 +01:00
Kyle L. Huff
211f1e3c6b cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.
2015-03-27 23:31:12 +01:00
Jay Satiro
e7a289ebb9 vtls: Don't accept unknown CURLOPT_SSLVERSION values 2015-03-27 09:32:23 +01:00
Jay Satiro
488102fc17 url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined 2015-03-27 09:31:30 +01:00
Daniel Stenberg
318ad8d767 multi: on a request completion, check all CONNECT_PEND transfers
... even if they don't have an associated connection anymore. It could
leave the waiting transfers pending with no active one on the
connection.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
2015-03-26 08:14:22 +01:00
Daniel Stenberg
eb2a6180fb README.http2: refreshed and added TODO items 2015-03-25 12:13:16 +01:00
Daniel Stenberg
5b58bface3 polarssl: called mbedTLS in 1.3.10 and later 2015-03-25 09:19:57 +01:00
Daniel Stenberg
83b29e43cd polarssl: remove dead code
and simplify code by changing if-elses to a switch()

CID 1291706: Logically dead code. Execution cannot reach this statement
2015-03-25 09:01:11 +01:00
Daniel Stenberg
24908c12d7 polarssl: remove superfluous for(;;) loop
"unreachable: Since the loop increment is unreachable, the loop body
will never execute more than once."

Coverity CID 1291707
2015-03-25 08:49:34 +01:00
Daniel Stenberg
4e299192ed Curl_ssl_md5sum: return CURLcode
... since the funciton can fail on OOM. Check this return code.

Coverity CID 1291705.
2015-03-25 08:32:12 +01:00
Jay Satiro
e35f2e61ec cyassl: default to highest possible TLS version
(cyassl_connect_step1)
- Use TLS 1.0-1.2 by default when available.

CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
version.

cyassl/cyassl@322f79f
2015-03-25 08:10:24 +01:00
Jay Satiro
d29f8b460c cyassl: Check for invalid length parameter in Curl_cyassl_random 2015-03-25 08:08:12 +01:00
Jay Satiro
ec31962640 cyassl: If wolfSSL then identify as such in version string 2015-03-25 08:08:12 +01:00
Dan Fandrich
35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
2015-03-24 23:47:01 +01:00
Daniel Stenberg
ac2827ac09 openssl: do the OCSP work-around for libressl too
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
2015-03-24 23:39:52 +01:00
Daniel Stenberg
bd9ac3cff2 openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini
2015-03-24 23:06:37 +01:00
Daniel Stenberg
7e6ca87a72 openssl: adapt to ASN1/X509 things gone opaque in 1.1 2015-03-24 22:59:33 +01:00
Dan Fandrich
56ae66d518 vtls: fix compile with --disable-crypto-auth but with SSL
This is a strange combination of options, but is allowed.
2015-03-24 21:41:22 +01:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Yamada Yasuharu
ecc4940df2 curl_easy_recv/send: make them work with the multi interface
By making sure Curl_getconnectinfo() uses the correct connection cache
to find the last connection.
2015-03-23 22:46:58 +01:00
Daniel Stenberg
4b02b84897 http2: move the init too for when its actually needed
... it would otherwise lead to memory leakage if we never actually do
the switch.
2015-03-23 10:26:04 +01:00
Dan Fandrich
145c4692ff dict: rename byte to avoid compiler shadowed declaration warning
This conflicted with a WolfSSL typedef.
2015-03-23 10:16:10 +01:00
Dan Fandrich
430006c5e2 cyassl: include version.h to ensure the version macros are defined 2015-03-23 10:10:03 +01:00
Nick Zitzmann
7f5a170442 darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21 12:22:56 -05:00
Daniel Stenberg
ed429b72d7 gtls: add check of return code
Coverity CID 1291167 pointed out that 'rc' was received but never used when
gnutls_credentials_set() was used. Added return code check now.
2015-03-21 16:53:43 +01:00
Daniel Stenberg
fea13a17d8 gtls: dereferencing NULL pointer
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
NULL if gnutls_certificate_get_peers() had previously failed.
2015-03-21 16:53:23 +01:00
Daniel Stenberg
5f6f9e8b59 gtls: avoid uninitialized variable.
Coverity CID 1291166 pointed out that we could read this variable
uninitialized.
2015-03-21 16:53:09 +01:00
Daniel Stenberg
9cd4d6518f x509asn1: add /* fallthrough */ in switch() case 2015-03-21 16:29:58 +01:00
Daniel Stenberg
e6917d3b77 x509asn1: minor edit to unconfuse Coverity
CID 1202732 warns on the previous use, although I cannot fine any
problems with it. I'm doing this change only to make the code use a more
familiar approach to accomplish the same thing.
2015-03-21 16:21:01 +01:00
Daniel Stenberg
b734518371 nss: error: unused variable 'connssl' 2015-03-21 15:47:03 +01:00
Dan Fandrich
6779c50e26 cyassl: use new library version macro when available 2015-03-20 23:49:53 +01:00
Alessandro Ghedini
185914fd31 nss: add support for TLS False Start 2015-03-20 20:14:35 +01:00
Alessandro Ghedini
4dcd25e138 url: add CURLOPT_SSL_FALSESTART option
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
2015-03-20 20:14:33 +01:00
Alessandro Ghedini
a332922a52 gtls: implement CURLOPT_CERTINFO 2015-03-20 19:03:53 +01:00
Alessandro Ghedini
8854f8d45a openssl: try to avoid accessing OCSP structs when possible 2015-03-20 15:36:05 +01:00
Daniel Stenberg
abfab1786e HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
We prematurely changed protocol handler to HTTP/2 which made things very
slow (and wrong).

Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-19 13:44:18 +01:00
Dan Fandrich
9e66d3f4d3 axtls: version 1.5.2 now requires that config.h be manually included 2015-03-19 10:11:17 +01:00
Kamil Dudka
e3fbdc7c8a nss: explicitly tell NSS to disable NPN/ALPN
... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
2015-03-18 19:43:14 +01:00
Dan Fandrich
252e9acd50 checksrc: Fix whitelist on out-of-tree builds 2015-03-17 23:26:48 +01:00
Stefan Bühler
4d6e079dd2 Curl_sh_entry: remove unused 'timestamp' 2015-03-17 16:29:36 +01:00
Daniel Stenberg
ef1c3b4648 HTTP: don't use Expect: headers when on HTTP/2
Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-17 15:09:34 +01:00
Daniel Stenberg
2dc1a5ce93 checksrc: detect and remove space before trailing semicolons 2015-03-17 14:06:48 +01:00
Daniel Stenberg
0037eb5805 checksrc: introduce a whitelisting concept 2015-03-17 13:57:37 +01:00
Daniel Stenberg
9395999543 checksrc: use space after comma 2015-03-17 13:57:37 +01:00
Daniel Stenberg
a6b8fe2a5f checksrc: use space before paren in "return (expr);" 2015-03-17 13:05:01 +01:00
Daniel Stenberg
0f4a03cbb6 free: instead of Curl_safefree()
Since we just started make use of free(NULL) in order to simplify code,
this change takes it a step further and:

- converts lots of Curl_safefree() calls to good old free()
- makes Curl_safefree() not check the pointer before free()

The (new) rule of thumb is: if you really want a function call that
frees a pointer and then assigns it to NULL, then use Curl_safefree().
But we will prefer just using free() from now on.
2015-03-16 15:01:15 +01:00
Markus Elfring
9e661601fe Bug #149: Deletion of unnecessary checks before a few calls of cURL functions
The following functions return immediately if a null pointer was passed.
* Curl_cookie_cleanup
* curl_formfree

It is therefore not needed that a function caller repeats a corresponding check.

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Markus Elfring
29c655c0a6 Bug #149: Deletion of unnecessary checks before calls of the function "free"
The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc24.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-16 12:13:56 +01:00
Jay Satiro
059b3a5770 connect: Fix happy eyeballs logic for IPv4-only builds
Bug: https://github.com/bagder/curl/pull/168

(trynextip)
- Don't try the "other" protocol family unless IPv6 is available. In an
IPv4-only build the other family can only be IPv6 which is unavailable.

This change essentially stops IPv4-only builds from attempting the
"happy eyeballs" secondary parallel connection that is supposed to be
used by the "other" address family.

Prior to this change in IPv4-only builds that secondary parallel
connection attempt could be erroneously used by the same family (IPv4)
which caused a bug where every address after the first for a host could
be tried twice, often in parallel. This change fixes that bug. An
example of the bug is shown below.

Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4:

* STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000)
* Rebuilt URL to: http://MTEST/
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083
(connection #0)
*   Trying 127.0.0.2...
* STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163
(connection #0)
*   Trying 127.0.0.3...
* connect to 127.0.0.2 port 80 failed: Connection refused
*   Trying 127.0.0.3...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.3 port 80 failed: Connection refused
*   Trying 127.0.0.4...
* connect to 127.0.0.4 port 80 failed: Connection refused
* connect to 127.0.0.4 port 80 failed: Connection refused
* Failed to connect to MTEST port 80: Connection refused
* Closing connection 0
* The cache now contains 0 members
* Expire cleared
curl: (7) Failed to connect to MTEST port 80: Connection refused

The bug was born in commit bagder/curl@2d435c7.
2015-03-16 12:07:59 +01:00
Frank Meier
9063a7f853 closesocket: call multi socket cb on close even with custom close
In function Curl_closesocket() in connect.c the call to
Curl_multi_closed() was wrongly omitted if a socket close function
(CURLOPT_CLOSESOCKETFUNCTION) is registered.

That would lead to not removing the socket from the internal hash table
and not calling the multi socket callback appropriately.

Bug: http://curl.haxx.se/bug/view.cgi?id=1493
2015-03-15 13:26:03 +01:00
Tobias Stoeckmann
851c29269b hostip: Fix signal race in Curl_resolv_timeout.
A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is
configured to interrupt system calls and uses siglongjmp to return into
the function if alarm() goes off.

The signal handler is installed before curl_jmpenv is initialized.
This means that an already installed alarm timer could trigger the
newly installed signal handler, leading to undefined behavior when it
accesses the uninitialized curl_jmpenv.

Even if there is no previously installed alarm available, the code in
Curl_resolv_timeout itself installs an alarm before the environment is
fully set up. If the process is sent into suspend right after that, the
signal handler could be called too early as in previous scenario.

To fix this, the signal handler should only be installed and the alarm
timer only be set after sigsetjmp has been called.
2015-03-14 18:24:11 +01:00
Daniel Stenberg
0cf649d9cc http2: detect prematures close without data transfered
... by using the regular Curl_http_done() method which checks for
that. This makes test 1801 fail consistently with error 56 (which seems
fine) to that test is also updated here.

Reported-by: Ben Darnell
Bug: https://github.com/bagder/curl/issues/166
2015-03-14 18:19:51 +01:00
Daniel Stenberg
186e46d88d openssl: use colons properly in the ciphers list
While the previous string worked, this is the documented format.

Reported-by: Richard Moore
2015-03-12 23:29:46 +01:00
Daniel Stenberg
0d1060f21e openssl: sort the ciphers on strength
This makes curl pick better (stronger) ciphers by default. The strongest
available ciphers are fine according to the HTTP/2 spec so an OpenSSL
built curl is no longer rejected by string HTTP/2 servers.

Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12 23:16:28 +01:00
Daniel Stenberg
1d3f1a80d0 openssl: show the cipher selection to use 2015-03-12 15:53:45 +01:00
Daniel Stenberg
a5d994941c http: always send Host: header as first header
...after the method line:

 "Since the Host field-value is critical information for handling a
 request, a user agent SHOULD generate Host as the first header field
 following the request-line." / RFC 7230 section 5.4

Additionally, this will also make libcurl ignore multiple specified
custom Host: headers and only use the first one. Test 1121 has been
updated accordingly

Bug: http://curl.haxx.se/bug/view.cgi?id=1491
Reported-by: Rainer Canavan
2015-03-12 12:15:24 +01:00
Alexander Pepper
143acd6222 mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q".
Also unified printing to STDERR by creating the helper method "report".
2015-03-11 14:47:41 +01:00
Daniel Stenberg
852d35b6ea proxy: re-use proxy connections (regression)
When checking for a connection to re-use, a proxy-using request must
check for and use a proxy connection and not one based on the host
name!

Added test 1421 to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1492
2015-03-11 11:54:22 +01:00
Alessandro Ghedini
fa895f2aa2 gtls: correctly align certificate status verification messages 2015-03-10 15:48:34 +01:00
Alessandro Ghedini
a6a264ef2c gtls: don't print double newline after certificate dates 2015-03-10 15:20:03 +01:00
Alessandro Ghedini
3a757fddbb gtls: print negotiated TLS version and full cipher suite name
Instead of priting cipher and MAC algorithms names separately, print the
whole cipher suite string which also includes the key exchange algorithm,
along with the negotiated TLS version.
2015-03-10 15:18:14 +01:00
Daniel Stenberg
d9973eaeb8 gtls: fix compiler warnings 2015-03-10 15:16:59 +01:00
Alessandro Ghedini
5a1614cecd gtls: add support for CURLOPT_CAPATH 2015-03-10 15:03:54 +01:00
Daniel Stenberg
c19349951d multi: fix *getsock() with CONNECT
The code used some happy eyeballs logic even _after_ CONNECT has been
sent to a proxy, while the happy eyeball phase is already (should be)
over by then.

This is solved by splitting the multi state into two separate states
introducing the new SENDPROTOCONNECT state.

Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html
Reported-by: Peter Laser
2015-03-07 19:19:22 +01:00
Daniel Stenberg
9da14a96ab conncontrol: only log changes to the connection bit 2015-03-07 19:18:49 +01:00
Daniel Stenberg
00ea0e7db0 http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
Since they already exist and will make comparing easier
2015-03-07 11:10:30 +01:00
Daniel Stenberg
df28af8f39 http2: make the info-message about receiving HTTP2 headers debug-only 2015-03-07 10:55:37 +01:00
Alessandro Ghedini
44ffe27056 urldata: remove unused asked_for_h2 field 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
adb4e41a1a polarssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
42bc45be8e nss: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
870a67e01f gtls: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Alessandro Ghedini
2e9494b15d openssl: make it possible to enable ALPN/NPN without HTTP2 2015-03-07 10:36:10 +01:00
Daniel Stenberg
042526c19f urldata: fix gnutls build 2015-03-06 10:13:40 +01:00
Daniel Stenberg
492dfca65d multi: fix memory-leak on timeout (regression)
Since 1342a96ecf, a timeout detected in the multi state machine didn't
necesarily clear everything up, like formpost data.

Bug: https://github.com/bagder/curl/issues/147
Reported-by: Michel Promonet
Patched-by: Michel Promonet
2015-03-05 15:43:38 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg
8aabbf5f8c vtls: use curl_printf.h all over
No need to use _MPRINTF_REPLACE internally.
2015-03-03 23:17:43 +01:00
Daniel Stenberg
df5578a7a3 mprintf.h: remove #ifdef CURLDEBUG
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
2015-03-03 12:36:18 +01:00
Tatsuhiro Tsujikawa
48b5374e65 http2: Return error if stream was closed with other than NO_ERROR
Previously, we just ignored error code passed to
on_stream_close_callback and just return 0 (success) after stream
closure even if stream was reset with error.  This patch records error
code in on_stream_close_callback, and return -1 and use CURLE_HTTP2
error code on abnormal stream closure.
2015-02-27 21:17:27 +00:00
Daniel Stenberg
bc3a44aebc http2: return recv error on unexpected EOF
Pointed-out-by: Tatsuhiro Tsujikawa
Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-02-25 13:51:21 +01:00
Daniel Stenberg
b9c190ba77 http2: move lots of verbose output to be debug-only 2015-02-25 11:45:46 +01:00
Kamil Dudka
4909f7c795 nss: do not skip Curl_nss_seed() if data is NULL
In that case, we only skip writing the error message for failed NSS
initialization (while still returning the correct error code).
2015-02-25 10:23:07 +01:00
Kamil Dudka
7a1538d9cc nss: improve error handling in Curl_nss_random()
The vtls layer now checks the return value, so it is no longer necessary
to abort if a random number cannot be provided by NSS.  This also fixes
the following Coverity report:

Error: FORWARD_NULL (CWE-476):
lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null.
lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it.
lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data".
2015-02-25 10:23:06 +01:00
Marc Hoersken
ffc2aeec6e Revert "telnet.c: fix handling of 0 being returned from custom read function"
This reverts commit 03fa576833.
2015-02-25 00:16:10 +01:00
Marc Hoersken
b3bcdaf01a telnet.c: fix invalid use of custom read function if not being set
obj_count can be 1 if the custom read function is set or the stdin
handle is a reference to a pipe. Since the pipe should be handled
using the PeekNamedPipe-check below, the custom read function should
only be used if it is actually enabled.
2015-02-25 00:01:14 +01:00
Marc Hoersken
03fa576833 telnet.c: fix handling of 0 being returned from custom read function
According to [1]: "Returning 0 will signal end-of-file to the library
and cause it to stop the current transfer."
This change makes the Windows telnet code handle this case accordingly.

 [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html
2015-02-24 23:59:06 +01:00
Kamil Dudka
e08a12dab1 connect: wait for IPv4 connection attempts
... even if the last IPv6 connection attempt has failed.

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4
2015-02-23 13:32:28 +01:00
Kamil Dudka
92835ca5d8 connect: avoid skipping an IPv4 address
... in case the protocol versions are mixed in a DNS response
(IPv6 -> IPv4 -> IPv6).

Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3
2015-02-23 13:31:01 +01:00
Julian Ospald
90314100e0 configure: allow both --with-ca-bundle and --with-ca-path
SSL_CTX_load_verify_locations by default (and if given non-Null
parameters) searches the CAfile first and falls back to CApath.  This
allows for CAfile to be a basis (e.g. installed by the package manager)
and CApath to be a user configured directory.

This wasn't reflected by the previous configure constraint which this
patch fixes.

Bug: https://github.com/bagder/curl/pull/139
2015-02-20 16:30:04 +01:00
Ben Boeckel
20112ed846 cmake: install the dll file to the correct directory 2015-02-20 14:17:32 +01:00
Alessandro Ghedini
63b4b8c7bd nss: fix NPN/ALPN protocol negotiation
Correctly check for memcmp() return value (it returns 0 if the strings match).

This is not really important, since curl is going to use http/1.1 anyway, but
it's still a bug I guess.
2015-02-19 23:09:12 +01:00
Alessandro Ghedini
633b3895d7 polarssl: fix ALPN protocol negotiation
Correctly check for strncmp() return value (it returns 0 if the strings
match).
2015-02-19 23:07:40 +01:00
Alessandro Ghedini
676ac46ff5 gtls: fix build with HTTP2 2015-02-19 19:00:51 +01:00
Steve Holme
31c8f8ac11 Makefile.vc6: Corrected typos in rename of darwinssl.obj 2015-02-16 00:35:16 +00:00
Nick Zitzmann
b1c7fc050b By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" 2015-02-15 17:11:01 -06:00
Kamil Dudka
aba2c4dca2 openssl: fix a compile-time warning
lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive
2015-02-12 08:39:19 +01:00
Steve Holme
c1878e8f52 openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection
For consistency with other conditionally compiled code in openssl.c,
use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use
HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are
not included.
2015-02-11 21:03:23 +00:00
Patrick Monnerat
ab85ac5eda ftp: accept all 2xx responses to the PORT command 2015-02-11 19:51:57 +01:00
Steve Holme
d771b44e53 openssl: Disable OCSP in old versions of OpenSSL
Versions of OpenSSL prior to v0.9.8h do not support the necessary
functions for OCSP stapling.
2015-02-09 21:01:39 +00:00
Tatsuhiro Tsujikawa
7eebf9a3fb http2: Fix bug that associated stream canceled on PUSH_PROMISE
Previously we don't ignore PUSH_PROMISE header fields in on_header
callback.  It makes header values mixed with following HEADERS,
resulting protocol error.
2015-02-09 15:52:56 +01:00
Jay Satiro
20c727ec4c polarssl: Fix exclusive SSL protocol version options
Prior to this change the options for exclusive SSL protocol versions did
not actually set the protocol exclusive.

http://curl.haxx.se/mail/lib-2015-01/0002.html
Reported-by: Dan Fandrich
2015-02-09 10:39:17 +01:00
Jay Satiro
9956ef2d33 gskit: Fix exclusive SSLv3 option 2015-02-09 10:38:46 +01:00
Steve Holme
761d5166af schannel: Removed curl_ prefix from source files
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
2015-02-07 21:34:33 +00:00
Daniel Stenberg
05792d6936 md5: use axTLS's own MD5 functions when available 2015-02-06 14:36:25 +01:00
Daniel Stenberg
2a15e594ef MD(4|5): make the MD4_* and MD5_* functions static 2015-02-06 14:26:32 +01:00
Daniel Stenberg
d557da5d79 axtls: fix conversion from size_t to int warning 2015-02-06 14:26:32 +01:00
Steve Holme
600ccb2237 ftp: Use 'CURLcode result' for curl result codes 2015-02-05 20:31:12 +00:00
Daniel Stenberg
45b9b62de4 openssl: SSL_SESSION->ssl_version no longer exist
The struct went private in 1.0.2 so we cannot read the version number
from there anymore. Use SSL_version() instead!

Reported-by: Gisle Vanem
Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html
2015-02-05 11:57:33 +01:00
Daniel Stenberg
0d41c3e46b MD5: fix compiler warnings and code style nits 2015-02-04 08:09:06 +01:00
Daniel Stenberg
57d6d253a1 MD5: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md5.c and md5.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5

Code-by: Alexander Peslyak
2015-02-04 08:09:06 +01:00
Daniel Stenberg
7f1d76f7ee MD4: fix compiler warnings and code style nits 2015-02-04 08:09:06 +01:00
Daniel Stenberg
211d5329f4 MD4: replace implementation
The previous one was "encumbered" by RSA Inc - to avoid the licensing
restrictions it has being replaced. This is the initial import,
inserting the md4.c and md4.h files from
http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4

Code-by: Alexander Peslyak
2015-02-04 08:09:05 +01:00
Steve Holme
cfc6d460cb telnet: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:09:31 +00:00
Steve Holme
0ebe2c15d1 hostasyn: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:07:39 +00:00
Steve Holme
28c9e1edf4 schannel: Prefer 'CURLcode result' for curl result codes 2015-02-04 00:07:16 +00:00
Daniel Stenberg
b3cbf4500d unit1601: MD5 unit tests 2015-02-03 23:05:55 +01:00
Daniel Stenberg
83bb07027d unit1600: unit test for Curl_ntlm_core_mk_nt_hash 2015-02-03 21:03:11 +01:00
Steve Holme
0a7182f6ad curl_sasl.c: More code policing
Better use of 80 character line limit, comment corrections and line
spacing preferences.
2015-02-02 16:50:39 +00:00
Marc Hoersken
4161624e94 TODO: moved WinSSL/SChannel todo items into docs 2015-01-31 12:30:11 +01:00
Steve Holme
8ca3b05624 curl_sasl.c: Fixed compilation warning when cryptography is disabled
curl_sasl.c:1506: warning: unused variable 'chlg'
2015-01-29 11:48:11 +00:00
Steve Holme
6fdc8651bd curl_sasl.c: Fixed compilation warning when verbose debug output disabled
curl_sasl.c:1317: warning: unused parameter 'conn'
2015-01-28 22:48:01 +00:00
Steve Holme
8cc70db2db ntlm_core: Use own odd parity function when crypto engine doesn't have one 2015-01-28 22:34:53 +00:00
Steve Holme
c469369b86 ntlm_core: Prefer sizeof(key) rather than hard coded sizes 2015-01-28 22:34:52 +00:00
Steve Holme
58e39b4da5 ntlm_core: Added consistent comments to DES functions 2015-01-28 22:34:51 +00:00
Steve Holme
300876a7a6 des: Added Curl_des_set_odd_parity()
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
2015-01-28 22:34:49 +00:00
Steve Holme
595a66ce0f sasl: Minor code policing and grammar corrections 2015-01-28 19:23:37 +00:00
Gisle Vanem
3cc9e9383b ldap: build with BoringSSL 2015-01-28 14:22:11 +01:00
Daniel Stenberg
9d964e5477 security: avoid compiler warning
Possible access to uninitialised memory '&nread' at line 140 of
lib/security.c in function 'ftp_send_command'.

Reported-by: Rich Burridge
2015-01-28 10:10:59 +01:00
Patrick Monnerat
7b2012f262 sasl: remove XOAUTH2 from default enabled authentication mechanism. 2015-01-27 18:08:18 +01:00
Patrick Monnerat
fe79f20957 imap: remove automatic password setting: it breaks external sasl authentication 2015-01-27 17:34:40 +01:00
Patrick Monnerat
0d24f64473 sasl: implement EXTERNAL authentication mechanism.
Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and
by not setting the password.
2015-01-27 17:24:55 +01:00
Steve Holme
e1bb13c09f openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE
Modified the Curl_ossl_cert_status_request() function to return FALSE
when built with BoringSSL or when OpenSSL is missing the necessary TLS
extensions.
2015-01-27 12:53:41 +00:00
Steve Holme
a268a804b7 openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext'
Fixed the build of openssl.c when OpenSSL is built without the necessary
TLS extensions for OCSP stapling.

Reported-by: John E. Malmberg
2015-01-27 12:47:48 +00:00
Brad Spencer
5691325440 curl_setup: Disable SMB/CIFS support when HTTP only 2015-01-26 18:48:44 +00:00
Daniel Stenberg
23c6f0a344 OCSP stapling: disabled when build with BoringSSL 2015-01-22 23:34:43 +01:00
Alessandro Ghedini
d1cf5d5706 openssl: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066
section 8.

Thanks-to: Joe Mason
- for the work-around for the OpenSSL bug.
2015-01-22 23:25:23 +01:00
Daniel Stenberg
e888e30476 BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Steve Holme
12e45b8462 curl_sasl: Reinstate the sasl_ prefix for locally scoped functions
Commit 7a8b2885e2 made some functions static and removed the public
Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which
is the naming convention we use in this source file.
2015-01-22 21:32:41 +00:00
Steve Holme
c260c9fad3 curl_sasl: Minor code policing following recent commits 2015-01-22 21:08:18 +00:00
Daniel Stenberg
eb748f159a BoringSSL: detected by configure, switches off NTLM 2015-01-22 16:39:01 +01:00
Daniel Stenberg
d6c4695dcd BoringSSL: no PKCS12 support nor ERR_remove_state 2015-01-22 16:39:01 +01:00
Leith Bade
261208d432 BoringSSL: fix build 2015-01-22 16:39:01 +01:00
Steve Holme
795f013006 curl_sasl.c: chlglen is not used when cryptography is disabled 2015-01-20 19:28:54 +00:00
Steve Holme
71f8fdee81 curl_sasl.c: Fixed compilation warning when cyptography is disabled
curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local
                  variable
2015-01-20 19:25:43 +00:00
Steve Holme
6005b0d99c curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined
curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier

This error could also happen for non-SSPI builds when cryptography is
disabled (CURL_DISABLE_CRYPTO_AUTH is defined).
2015-01-20 19:24:47 +00:00
Patrick Monnerat
7a8b2885e2 SASL: make some procedures local-scoped 2015-01-20 18:17:55 +01:00
Patrick Monnerat
79543caf90 SASL: common state engine for imap/pop3/smtp 2015-01-20 17:33:05 +01:00
Patrick Monnerat
e1ea18f90e SASL: common URL option and auth capabilities decoders for all protocols 2015-01-20 15:27:25 +01:00
Patrick Monnerat
5f09cbcdbd IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. 2015-01-20 14:14:26 +01:00
Daniel Stenberg
960b04e137 ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6
Reported-by: Chris Young
2015-01-20 09:03:55 +01:00
Chris Young
089783c838 timeval: typecast for better type (on Amiga)
There is an issue with conflicting "struct timeval" definitions with
certain AmigaOS releases and C libraries, depending on what gets
included when.  It's a minor difference - the OS one is unsigned,
whereas the common structure has signed elements.  If the OS one ends up
getting defined, this causes a timing calculation error in curl.

It's easy enough to resolve this at the curl end, by casting the
potentially errorneous calculation to a signed long.
2015-01-20 08:53:14 +01:00
Daniel Stenberg
be57f689b0 openssl: do public key pinning check independently
... of the other cert verification checks so that you can set verifyhost
and verifypeer to FALSE and still check the public key.

Bug: http://curl.haxx.se/bug/view.cgi?id=1471
Reported-by: Kyle J. McKay
2015-01-19 23:20:13 +01:00
Steve Holme
2cc571f9e3 ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme
1cbc8fd3d1 http_negotiate: Use dynamic buffer for SPN generation
Use a dynamicly allocated buffer for the temporary SPN variable similar
to how the SASL GSS-API code does, rather than using a fixed buffer of
2048 characters.
2015-01-18 15:45:12 +00:00
Steve Holme
9c4fa400cf sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public 2015-01-18 15:42:26 +00:00
Steve Holme
b9fd757d03 sasl_gssapi: Fixed memory leak with local SPN variable 2015-01-18 15:40:07 +00:00
Daniel Stenberg
3a9419f65a http_negotiate.c: unused variable 'ret' 2015-01-17 23:14:40 +01:00
Steve Holme
1d25acb038 gskit.h: Code policing of function pointer arguments 2015-01-17 17:02:01 +00:00
Steve Holme
5d5c78b47f vtls: Removed unimplemented overrides of curlssl_close_all()
Carrying on from commit 037cd0d991, removed the following unimplemented
instances of curlssl_close_all():

Curl_axtls_close_all()
Curl_darwinssl_close_all()
Curl_cyassl_close_all()
Curl_gskit_close_all()
Curl_gtls_close_all()
Curl_nss_close_all()
Curl_polarssl_close_all()
2015-01-17 16:41:03 +00:00
Steve Holme
8bb3443a21 vtls: Separate the SSL backend definition from the API setup
Slight code cleanup as the SSL backend #define is mixed up with the API
function setup.
2015-01-17 15:38:22 +00:00
Steve Holme
30ef1a0779 vtls: Fixed compilation errors when SSL not used
Fixed the following warning and error from commit 3af90a6e19 when SSL
is not being used:

url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined;
            assuming extern returning int

error LNK2019: unresolved external symbol Curl_ssl_cert_status_request
               referenced in function Curl_setopt
2015-01-17 15:16:07 +00:00
Steve Holme
81b98dafa1 http_negotiate: Added empty decoded challenge message info text 2015-01-17 14:58:36 +00:00
Steve Holme
47438daa60 http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int 2015-01-17 14:57:17 +00:00
Steve Holme
36e6404228 http_negotiate_sspi: Prefer use of 'attrs' for context attributes
Use the same variable name as other areas of SSPI code.
2015-01-17 13:28:44 +00:00
Steve Holme
930be07067 http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo()
Use the SECURITY_STATUS typedef rather than a unsigned long for the
QuerySecurityPackageInfo() return and rename the variable as per other
areas of SSPI code.
2015-01-17 13:28:03 +00:00
Steve Holme
30eb6bbdc9 http_negotiate_sspi: Use 'CURLcode result' for CURL result code 2015-01-17 13:15:09 +00:00
Steve Holme
a2f8887b79 curl_endian: Fixed build when 64-bit integers are not supported (Part 2)
Missed Curl_read64_be() in commit bb12d44471 :(
2015-01-16 23:01:27 +00:00
Daniel Stenberg
a4065ebf1c copyright years: after OCSP stapling changes 2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f46c6fbee0 nss: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires NSS 3.15 or higher.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
f13669a375 gtls: add support for the Certificate Status Request TLS extension
Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8.

This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use
at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP
response verfication to fail even on valid responses.
2015-01-16 23:23:29 +01:00
Alessandro Ghedini
3af90a6e19 url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
Steve Holme
bb12d44471 curl_endian: Fixed build when 64-bit integers are not supported
Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html
Reported-by: John E. Malmberg
2015-01-16 12:31:24 +00:00
Daniel Stenberg
cc28bc472e Curl_pretransfer: reset expected transfer sizes
Reported-by: Mohammad AlSaleh
Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html
2015-01-14 23:31:57 +01:00
Marc Hoersken
e9834808e9 curl_schannel.c: mark session as removed from cache if not freed
If the session is still used by active SSL/TLS connections, it
cannot be closed yet. Thus we mark the session as not being cached
any longer so that the reference counting mechanism in
Curl_schannel_shutdown is used to close and free the session.

Reported-by: Jean-Francois Durand
2015-01-12 21:56:05 +01:00
Guenter Knauf
d21b66835f Merge pull request #134 from vszakats/mingw-m64
add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS
2015-01-09 22:03:12 +01:00
Guenter Knauf
4e58589b0e Merge pull request #136 from vszakats/mingw-allow-custom-cflags
mingw build: allow to pass custom CFLAGS
2015-01-09 22:02:23 +01:00
Daniel Stenberg
e6b4b4b66d NSS: fix compiler error when built http2-enabled 2015-01-09 21:55:52 +01:00
Steve Holme
355bf01c82 gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions
Better code reuse and consistency in calls to gss_import_name().
2015-01-09 20:37:47 +00:00
Viktor Szakats
b4f13a4952 mingw build: allow to pass custom CFLAGS 2015-01-09 21:03:54 +01:00
Daniel Stenberg
99e71e6a84 FTP: if EPSV fails on IPV6 connections, bail out
... instead of trying PASV, since PASV can't work with IPv6.

Reported-by: Vojtěch Král
2015-01-08 22:32:37 +01:00
Daniel Stenberg
9a452ba3a1 FTP: fix IPv6 host using link-local address
... and make sure we can connect the data connection to a host name that
is longer than 48 bytes.

Also simplifies the code somewhat by re-using the original host name
more, as it is likely still in the DNS cache.

Original-Patch-by: Vojtěch Král
Bug: http://curl.haxx.se/bug/view.cgi?id=1468
2015-01-08 22:32:37 +01:00
Guenter Knauf
c712fe01a9 NetWare build: added TLS-SRP enabled build. 2015-01-08 21:40:35 +01:00
Steve Holme
5c0e66d632 sasl_gssapi: Fixed build on NetBSD with built-in GSS-API
Bug: http://curl.haxx.se/bug/view.cgi?id=1469
Reported-by: Thomas Klausner
2015-01-08 19:36:58 +00:00
Viktor Szakats
acc8089bc2 add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS 2015-01-08 18:19:03 +01:00
Daniel Stenberg
4ce22c607b darwinssl: fix session ID keys to only reuse identical sessions
...to avoid a session ID getting cached without certificate checking and
then after a subsequent _enabling_ of the check libcurl could still
re-use the session done without cert checks.

Bug: http://curl.haxx.se/docs/adv_20150108A.html
Reported-by: Marc Hesse
2015-01-07 22:55:56 +01:00
Daniel Stenberg
178bd7db34 url-parsing: reject CRLFs within URLs
Bug: http://curl.haxx.se/docs/adv_20150108B.html
Reported-by: Andrey Labunets
2015-01-07 22:55:56 +01:00
Steve Holme
f7d5ecec9c ldap: Convert attribute output to UTF-8 when Unicode 2015-01-07 20:01:29 +00:00
Steve Holme
4e420600c1 ldap: Convert DN output to UTF-8 when Unicode 2015-01-07 20:01:27 +00:00
Daniel Stenberg
9547954978 hostip: remove 'stale' argument from Curl_fetch_addr proto
Also, remove the log output of the resolved name is NOT in the cache in
the spirit of only telling when something is actually happening.
2015-01-07 14:06:12 +00:00
Steve Holme
4626f31d0e ldap/imap: Fixed spelling mistake in comments and variable names
Reported-by: Michael Osipov
2015-01-07 13:50:56 +00:00
Dan Fandrich
39217edb12 curl_multibyte.h: Eliminated some trailing whitespace 2015-01-05 10:08:08 +01:00
Steve Holme
ea93252ef1 ldap: Fixed Unicode usage for all Win32 builds
Otherwise, the fixes in the previous commits would only be applicable
to IDN and SSPI based builds and not others such as OpenSSL with LDAP
enabled.
2015-01-04 22:19:30 +00:00
Steve Holme
f6b168de4c ldap: Fixed memory leak from commit efb64fdf80 2015-01-04 20:33:58 +00:00
Steve Holme
4113ad50e4 ldap: Fix memory leak from commit 3a805c5cc1 2015-01-04 20:06:04 +00:00
Steve Holme
c37dcf0edb ldap: Fixed attribute variable warnings when Unicode is enabled
Use 'TCHAR *' for local attribute variable rather than 'char *'.
2015-01-04 16:25:17 +00:00
Steve Holme
5359936d07 ldap: Fixed DN variable warnings when Unicode is enabled
Use 'TCHAR *' for local DN variable rather than 'char *'.
2015-01-04 16:21:13 +00:00
Steve Holme
ea4f98dca6 ldap: Remove the unescape_elements() function
Due to the recent modifications this function is no longer used.
2015-01-04 16:11:36 +00:00
Steve Holme
f9b50910e0 ldap.c: Fixed compilation warning
ldap.c:98: warning: extra tokens at end of #endif directive
2015-01-04 16:11:08 +00:00
Steve Holme
84143dc57d ldap: Fixed support for Unicode filter in Win32 search call 2015-01-04 15:16:22 +00:00
Steve Holme
747bad7c09 ldap.c: Fixed compilation warning
ldap.c:802: warning: comparison between signed and unsigned integer
            expressions
2015-01-04 15:16:21 +00:00
Steve Holme
3a805c5cc1 ldap: Fixed support for Unicode attributes in Win32 search call 2015-01-04 14:27:51 +00:00
Steve Holme
7241527956 ldap: Fixed memory leak from commit efb64fdf80
The unescapped DN was not freed after a successful character conversion.
2015-01-04 14:21:29 +00:00
Steve Holme
825b0c7968 ldap.c: Fixed compilation error
ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes
            just 1
2015-01-04 13:16:20 +00:00
Steve Holme
2948954535 ldap.c: Fixed compilation warning
ldap.c:89: warning: extra tokens at end of #endif directive
2015-01-04 13:04:06 +00:00
Steve Holme
efb64fdf80 ldap: Fixed support for Unicode DN in Win32 search call 2015-01-04 12:10:26 +00:00
Steve Holme
6416dc998b ldap: Fixed Unicode user and password in Win32 bind calls 2015-01-04 01:57:09 +00:00
Steve Holme
0f26148423 ldap: Fixed Unicode host name in Win32 initialisation calls 2015-01-04 01:56:08 +00:00
Steve Holme
f460f12c9d ldap: Use host.dispname for infof() connection failure messages
As host.name may be encoded use dispname for infof() failure messages.
2015-01-04 00:30:55 +00:00
Steve Holme
23bb054129 ldap: Prefer 'CURLcode result' for curl result codes 2015-01-03 18:46:32 +00:00
Steve Holme
d4b540f85a ldap: Pass write length in all Curl_client_write() calls
As we get the length for the DN and attribute variables, and we know
the length for the line terminator, pass the length values rather than
zero as this will save Curl_client_write() from having to perform an
additional strlen() call.
2015-01-03 18:46:31 +00:00
Steve Holme
4967109ffc ldap: Fixed attribute memory leaks on failed client write
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
2015-01-03 18:46:30 +00:00
Steve Holme
a68aa81320 ldap: Fixed DN memory leaks on failed client write
Fixed memory leaks from commit 086ad79970 as was noted in the commit
comments.
2015-01-03 18:46:28 +00:00
Steve Holme
0ea9381b7d curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d
curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char
                      [8]') to parameter of type 'char *' converts
                      between pointers to integer types with different
                      sign
2015-01-02 21:14:36 +00:00
Steve Holme
1cb17b2a5d ntlm: Use extend_key_56_to_64() for all cryptography engines
Rather than duplicate the code in setup_des_key() for OpenSSL and in
extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is
the same, use extend_key_56_to_64() for all engines.
2015-01-02 20:17:05 +00:00
Steve Holme
34f0bd110f curl_ntlm_core.c: Fixed compilation warning
curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined
                      but not used
2015-01-02 16:28:03 +00:00
Steve Holme
a75ede4b9b endian: Fixed bit-shift in 64-bit integer read functions
From commit 43792592ca and 4bb5a351b2.

Reported-by: Michael Osipov
2015-01-02 15:53:42 +00:00
Steve Holme
a3daf542ad smb: Use endian functions for reading NBT and message size values 2015-01-01 20:48:05 +00:00
Steve Holme
4bb5a351b2 endian: Added big endian read functions 2015-01-01 20:45:29 +00:00
Steve Holme
43792592ca endian: Added 64-bit integer read function 2015-01-01 20:45:00 +00:00
Steve Holme
7635577ad7 smb.c: Fixed compilation warnings
smb.c:780: warning: passing 'char *' to parameter of type 'unsigned
           char *' converts between pointers to integer types with
           different sign
smb.c:781: warning: passing 'char *' to parameter of type 'unsigned
           char *' converts between pointers to integer types with
           different sign
smb.c:804: warning: passing 'char *' to parameter of type 'unsigned
           char *' converts between pointers to integer types with
           different sign
2015-01-01 04:56:16 +00:00
Steve Holme
0df2ed85fd smb: Use endian functions for reading length and offset values 2014-12-31 16:52:12 +00:00
Steve Holme
5eae12fc80 endian: Added 16-bit integer write function 2014-12-31 16:03:01 +00:00
Steve Holme
b40e37f93d endian: Fixed Linux compilation issues
Having files named endian.[c|h] seemed to cause issues under Linux so
renamed them both to have the curl_ prefix in the filenames.
2014-12-31 14:02:25 +00:00
Steve Holme
e86a6151f4 endian: Added standard function descriptions 2014-12-31 12:17:01 +00:00
Steve Holme
f4413ca65a endian: Renamed functions for curl API naming convention 2014-12-31 12:17:00 +00:00
Steve Holme
7873f9bdbd endian: Moved write functions to new module 2014-12-31 12:16:58 +00:00
Steve Holme
920e684d40 endian: Moved read functions to new module 2014-12-31 12:05:36 +00:00
Steve Holme
81951d9874 endian: Introduced endian module
To allow the little endian functions, currently used in two of the NTLM
source files, to be used by other modules such as the SMB module.
2014-12-31 11:50:28 +00:00
Steve Holme
e9d0c7a6f3 vtls: Use '(void) arg' for unused parameters
Prefer void for unused parameters, rather than assigning an argument to
itself as a) unintelligent compilers won't optimize it out, b) it can't
be used for const parameters, c) it will cause compilation warnings for
clang with -Wself-assign and d) is inconsistent with other areas of the
curl source code.
2014-12-30 17:13:07 +00:00
Steve Holme
56603e2770 smb.c: Fixed compilation warning
smb.c:586: warning: conversion to 'short unsigned int' from 'int' may
           alter its value
2014-12-30 15:42:17 +00:00
Bill Nagel
89cce1e458 smb: Use the connection's upload buffer
Use the connection's upload buffer instead of allocating our own send
buffer.
2014-12-30 13:10:30 +00:00
Steve Holme
1933f9d33c schannel: Moved the ISC return flag definitions to the SSPI module
Moved our Initialize Security Context return attribute definitions to
the SSPI module, as a) these can be used by other SSPI based providers
and b) the ISC required attributes are defined there.
2014-12-30 00:14:58 +00:00
Bill Nagel
cfa0ac7aff smb: Close the connection after a failed client write 2014-12-29 23:46:33 +00:00
Steve Holme
cfc863869f darwinssl: Fixed compilation warning
vtls.c:683:43: warning: unused parameter 'data'
2014-12-28 23:32:07 +00:00
Steve Holme
6e7904f9aa sasl_gssapi: Fixed use of dummy username with real username 2014-12-28 19:28:30 +00:00
Steve Holme
037cd0d991 vtls: Fixed compilation warning and an ignored return code
curl_schannel.h:123: warning: right-hand operand of comma expression
                     has no effect

Some instances of the curlssl_close_all() function were declared with a
void return type whilst others as int. The schannel version returned
CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the
return code was ignored by the calling function Curl_ssl_close_all().

For the time being and to keep the internal API consistent, changed all
declarations to use a void return type.

To reduce code we might want to consider removing the unimplemented
versions and use a void #define like schannel does.
2014-12-28 17:33:01 +00:00
Steve Holme
325a64d8a2 openldap: Prefer use of 'CURLcode result' 2014-12-27 22:50:50 +00:00
Steve Holme
e9e48a6ff2 openldap: Use 'LDAPMessage *msg' for messages
This frees up the 'result' variable for CURLcode based result codes.
2014-12-27 22:50:47 +00:00
Steve Holme
2728caa613 nss: Don't ignore Curl_extract_certinfo() OOM failure 2014-12-27 22:18:08 +00:00
Steve Holme
0943045108 nss: Don't ignore Curl_ssl_init_certinfo() OOM failure 2014-12-27 21:25:41 +00:00
Steve Holme
b235c29366 nss: Use 'CURLcode result' for curl result codes
...and don't use CURLE_OK in failure/success comparisons.
2014-12-27 21:13:44 +00:00
Steve Holme
f0a9221897 getinfo: Code style policing 2014-12-27 17:49:33 +00:00
Steve Holme
fd281e9c4b getinfo: Use 'CURLcode result' for curl result codes 2014-12-27 17:46:25 +00:00
Steve Holme
e0d265d3eb darwinssl: Use 'CURLcode result' for curl result codes 2014-12-27 17:36:35 +00:00
Steve Holme
98d37c5a0c polarssl: Use 'CURLcode result' for curl result codes 2014-12-27 17:30:51 +00:00
Steve Holme
151ae59436 code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
2014-12-27 11:31:55 +00:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Steve Holme
b7f740f2fc ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported
if2ip.c:119: warning: unused parameter 'remote_scope_id'

...and some minor code style policing in the same function.
2014-12-26 13:28:29 +00:00
Steve Holme
cdc1cc22e7 vtls: Don't set cert info count until memory allocation is successful
Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs
member variable to the requested count, which could then be used
incorrectly as libcurl closes down.
2014-12-26 13:11:43 +00:00
Steve Holme
fe43a662a2 vtls: Use CURLcode for Curl_ssl_init_certinfo() return type
The return type for this function was 0 on success and 1 on error. This
was then examined by the calling functions and, in most cases, used to
return CURLE_OUT_OF_MEMORY.

Instead use CURLcode for the return type and return the out of memory
error directly, propagating it up the call stack.
2014-12-26 13:11:40 +00:00
Steve Holme
6cb7b0c0ac vtls: Use bool for Curl_ssl_getsessionid() return type
The return type of this function is a boolean value, and even uses a
bool internally, so use bool in the function declaration as well as
the variables that store the return value, to avoid any confusion.
2014-12-25 17:15:15 +00:00
Steve Holme
38aaf6c380 schannel: Minor code style policing for casts 2014-12-25 13:48:44 +00:00
Steve Holme
ed4c0b53cc schannel: Prefer 'CURLcode result' for curl result codes 2014-12-25 13:45:29 +00:00
Steve Holme
95f78b2b56 cyassl: Prefer 'CURLcode result' for curl result codes 2014-12-25 13:45:27 +00:00
Steve Holme
ed16a1695f curl_ntlm_core.c: Fixed compilation warnings
curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of
                      'CryptImportKey' differ in signedness
curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from
                      incompatible pointer type
curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam'
                      from incompatible pointer type
2014-12-24 22:22:07 +00:00
Steve Holme
8830df8b66 gtls: Use preferred 'CURLcode result' 2014-12-24 17:25:35 +00:00
Steve Holme
a89ec793d0 openldap: Use standard naming for setup connection function
Renamed ldap_setup() to ldap_setup_connection() to follow more widely
used function naming.
2014-12-24 17:13:37 +00:00
Steve Holme
ce2a80b482 rtmp: Use standard naming for setup connection function
Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely
used function naming.
2014-12-24 17:12:12 +00:00
Steve Holme
93e6273b68 smb: Use standard naming for setup connection function
Renamed smb_setup() to smb_setup_connection() to follow more widely
used function naming.
2014-12-24 17:10:28 +00:00
Steve Holme
68cc1e0c77 config-win32.h: Fixed line length > 79 columns 2014-12-24 16:33:28 +00:00
Steve Holme
2568928070 openssl: Prefer we don't use NULL in comparisons 2014-12-24 16:14:33 +00:00
Steve Holme
a4d9158509 openssl.c Fix for compilation errors with older versions of OpenSSL
openssl.c:1408: error: 'TLS1_1_VERSION' undeclared
openssl.c:1411: error: 'TLS1_2_VERSION' undeclared
2014-12-23 00:16:07 +00:00
Daniel Stenberg
6dae798824 openssl: fix SSL/TLS versions in verbose output 2014-12-22 14:21:17 +01:00
Daniel Stenberg
577286e0e2 openssl: make it compile against openssl 1.1.0-DEV master branch 2014-12-22 14:21:17 +01:00
Daniel Stenberg
03e206d18a openssl: warn for SRP set if SSLv3 is used, not for TLS version
... as it requires TLS and it was was left to warn on the default from
when default was SSL...
2014-12-21 23:25:49 +01:00
Daniel Stenberg
2c5f346d3a smb: use memcpy() instead of strncpy()
... as it never copies the trailing zero anyway and always just the four
bytes so let's not mislead anyone into thinking it is actually treated
as a string.

Coverity CID: 1260214
2014-12-21 23:21:16 +01:00
John E. Malmberg
f9cf3de70b VMS: Updates for 0740-0D1220
lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help.
                  More defines to set symbols to uppercase.

src/tool_main.c : Fix parameter to vms_special_exit() call.

packages/vms/ :
  backup_gnv_curl_src.com : Fix the error message to have the correct package.

  build_curl-config_script.com : Rewrite to be more accurate.

  build_libcurl_pc.com : Use tool_version.h now.

  build_vms.com : Fix to handle lib/vtls directory.

  curl_gnv_build_steps.txt : Updated build procedure documentation.

  generate_config_vms_h_curl.com :
       * VAX does not support 64 bit ints, so no NTLM support for now.
       * VAX HP SSL port is ancient, needs some help.
       * Disable NGHTTP2 for now, not ported to VMS.
       * Disable UNIX_SOCKETS, not available on VMS yet.
       * HP GSSAPI port does not have gss_nt_service_name.

  gnv_link_curl.com : Update for new curl structure.

  pcsi_product_gnv_curl.com : Set up to optionally do a complete build.
2014-12-21 16:55:28 +01:00
Steve Holme
2c7f099253 non-ascii: Reduce variable usage
Removed 'next' variable in Curl_convert_form(). Rather than setting it
from 'form->next' and using that to set 'form' after the conversion
just use 'form = form->next' instead.
2014-12-20 14:43:02 +00:00
Steve Holme
ee9de01665 non-ascii: Prefer while loop rather than a do loop
This also removes the need to check that the 'form' argument is valid.
2014-12-20 12:47:09 +00:00
Steve Holme
f2a5283cbc non-ascii: Reduce variable scope
As 'result' isn't used out side the conversion callback code and
previously caused variable shadowing in the libiconv based code.
2014-12-20 12:38:31 +00:00
Steve Holme
3e1625c787 non-ascii: We prefer 'CURLcode result'
This also fixes a variable shadowing issue when HAVE_ICONV is defined
as rc was declared for the result code of libiconv based functions.
2014-12-19 20:20:30 +00:00
Patrick Monnerat
a390329f60 if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. 2014-12-18 11:05:18 +01:00
Kyle J. McKay
14c3601583 parseurlandfillconn(): fix improper non-numeric scope_id stripping.
Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/
2014-12-17 15:52:07 +01:00
Patrick Monnerat
9081014c2c IPV6: address scope != scope id
There was a confusion between these: this commit tries to disambiguate them.
- Scope can be computed from the address itself.
- Scope id is scope dependent: it is currently defined as 1-based local
  interface index for link-local scoped addresses, and as a site index(?) for
  (obsolete) site-local addresses. Linux only supports it for link-local
  addresses.
The URL parser properly parses a scope id as an interface index, but stores it
in a field named "scope": confusion. The field has been renamed into "scope_id".
Curl_if2ip() used the scope id as it was a scope. This caused failures
to bind to an interface.
Scope is now computed from the addresses and Curl_if2ip() matches them.
If redundantly specified in the URL, scope id is check for mismatch with
the interface index.

This commit should fix SF bug #1451.
2014-12-16 13:52:06 +01:00
Patrick Monnerat
759d049ae8 connect: singleipconnect(): properly try other address families after failure 2014-12-16 13:52:06 +01:00
Daniel Stenberg
1befebc950 SFTP: work-around servers that return zero size on STAT
Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html
Pathed-by: Marc Renault
2014-12-16 09:49:17 +01:00
Nick Zitzmann
93227ddca5 darwinssl: fix incorrect usage of aprintf()
Commit b13923f changed an snprintf() to use aprintf(), but the API usage
wasn't correct, and was causing a crash to occur. This fixes it.
2014-12-15 00:56:09 -06:00
Steve Holme
cedf996073 copyright: Updated the copyright year following recent updates 2014-12-14 22:39:27 +00:00
Marc Hoersken
8676ce68e3 lib: Fixed multiple code analysis warnings if SAL are available
warning C28252: Inconsistent annotation for function:
parameter has another annotation on this instance
2014-12-14 22:16:23 +01:00
Steve Holme
91669584cf smb.c: Fixed code analysis warning
smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted,
           then cast to 64-bit value. Result may not be an expected
           value
2014-12-14 21:01:09 +00:00
Steve Holme
b9950e3b33 smb: Use HAVE_PROCESS_H for process.h inclusion
Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H
pre-processor define when including process.h.
2014-12-14 16:42:08 +00:00
Daniel Stenberg
b13923f0f7 darwinssl: aprintf() to allocate the session key
... to avoid using a fixed memory size that risks being too large or too
small.
2014-12-14 17:34:02 +01:00
Marc Hoersken
212e3e26bc curl_schannel: Improvements to memory re-allocation strategy
- do not grow memory by doubling its size
- do not leak previously allocated memory if reallocation fails
- replace while-loop with a single check to make sure
  that the requested amount of data fits into the buffer

Bug: http://curl.haxx.se/bug/view.cgi?id=1450
Reported-by: Warren Menzer
2014-12-14 17:27:31 +01:00
Steve Holme
125f655131 asyn-ares: We prefer use of 'CURLcode result' 2014-12-14 16:21:01 +00:00
Marc Hoersken
c98b50753f curl_schannel.c: Data may be available before connection shutdown 2014-12-14 16:40:49 +01:00
Steve Holme
96d3c9363f http2: Use 'CURLcode result' for curl result codes 2014-12-14 13:11:35 +00:00
Steve Holme
4d2c539b6c asyn-thread: We prefer 'CURLcode result' 2014-12-14 12:55:22 +00:00
Steve Holme
35fae251dd smb: Fixed unnecessary initialisation of struct member variables
There is no need to set the 'state' and 'result' member variables to
SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc()
as calloc() initialises the contents to zero.
2014-12-14 12:27:57 +00:00
Steve Holme
52a4d6b8ae ntlm: Fixed return code for bad type-2 Target Info
Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security
buffers just like we do for bad decodes.
2014-12-14 12:11:04 +00:00
Steve Holme
18f58c437f ntlm: Remove unnecessary casts in readshort_le()
I don't think both of my fix ups from yesterday were needed to fix the
compilation warning, so remove the one that I think is unnecessary and
let the next Android autobuild prove/disprove it.
2014-12-14 11:45:14 +00:00
Steve Holme
2924dd6703 curl_ntlm_msgs.c: Another attempt to fix compilation warning
curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from
                      'int' may alter its value
2014-12-13 14:55:26 +00:00
Steve Holme
bd7d7f4523 smb.c: Fixed line longer than 79 columns 2014-12-13 13:10:05 +00:00
Steve Holme
172963005a curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11
curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from
                      'int' may alter its value
2014-12-13 12:51:11 +00:00
Guenter Knauf
834608c39d mk-ca-bundle.pl: restored forced run again. 2014-12-13 13:46:45 +01:00
Steve Holme
5f5814ca5e ftp.c: Fixed compilation warning when no verbose string support
ftp.c:819: warning: unused parameter 'lineno'
2014-12-13 12:32:32 +00:00
Steve Holme
2ecce667a6 smb: Added state change functions to assist with debugging
For debugging purposes, and as per other protocols within curl, added
state change functions rather than changing the states directly.
2014-12-13 12:16:36 +00:00
Steve Holme
783b5c3b11 ntlm: Use short integer when decoding 16-bit values 2014-12-13 11:18:00 +00:00
Steve Holme
6291a16b20 smtp.c: Fixed compilation warnings
smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string
            does not append to the string
smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string
            does not append to the string
smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string
            does not append to the string

Used array index notation instead.
2014-12-12 23:03:46 +00:00
Steve Holme
24b30d259c smb: Disable SMB when 64-bit integers are not supported
This fixes compilation issues with compilers that don't support 64-bit
integers through long long or __int64.
2014-12-12 22:34:18 +00:00
Steve Holme
82fdb87b27 ntlm: Disable NTLM v2 when 64-bit integers are not supported
This fixes compilation issues with compilers that don't support 64-bit
integers through long long or __int64 which was introduced in commit
07b66cbfa4.
2014-12-12 22:34:16 +00:00
Steve Holme
97e90d7b89 ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined
Previously USE_NTLM2SESSION would only be defined automatically when
USE_NTRESPONSES wasn't already defined. Separated the two definitions
so that the user can manually set USE_NTRESPONSES themselves but
USE_NTLM2SESSION is defined automatically if they don't define it.
2014-12-12 22:33:57 +00:00
Steve Holme
10be4ec2c3 smtp.c: Fixed line longer than 79 columns 2014-12-12 21:23:11 +00:00
Steve Holme
bd2231104b config-win32.h: Don't enable Windows Crypt API if using OpenSSL
As the OpenSSL and NSS Crypto engines are prefered by the core NTLM
routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT
automatically when either OpenSSL or NSS are in use - doing so would
disable NTLM2Session responses in NTLM type-3 messages.
2014-12-12 19:57:00 +00:00
Steve Holme
8a4ce7d0f5 smtp: Fixed inappropriate free of the scratch buffer
If the scratch buffer was allocated in a previous call to
Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent
call and no action taken by that call, then an attempt would be made to
try and free the buffer which, by now, would be part of the data->state
structure.

This bug was introduced in commit 4bd860a001.
2014-12-12 19:15:10 +00:00
Steve Holme
f0ecdd04d3 smtp: Fixed dot stuffing when EOL characters were at end of input buffers
Fixed a problem with the CRLF. detection when multiple buffers were
used to upload an email to libcurl and the line ending character(s)
appeared at the end of each buffer. This meant any lines which started
with . would not be escaped into .. and could be interpreted as the end
of transmission string instead.

This only affected libcurl based applications that used a read function
and wasn't reproducible with the curl command-line tool.

Bug: http://curl.haxx.se/bug/view.cgi?id=1456
Assisted-by: Patrick Monnerat
2014-12-12 19:15:08 +00:00
Daniel Stenberg
2f5c70b2b0 telnet: fix "cast increases required alignment of target type" 2014-12-11 09:15:04 +01:00
Daniel Stenberg
f4b5f8cdf0 ntlm_wb_response: fix "statement not reached"
... and I could use a break instead of a goto to end the loop.

Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html
Reported-by: Tor Arntsen
2014-12-10 22:45:19 +01:00
Daniel Stenberg
1cc5194337 Curl_unix2addr: avoid using the variable name 'sun'
I suspect this causes compile failures on Solaris:

Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html
2014-12-10 13:13:31 +01:00
Steve Holme
0da4524a22 url.c: Fixed compilation warning when USE_NTLM is not defined
url.c:3078: warning: variable 'credentialsMatch' set but not used
2014-12-10 11:57:11 +00:00
Steve Holme
664b9baf67 parsedate.c: Fixed compilation warning
parsedate.c:548: warning: 'parsed' may be used uninitialized in this
                 function

As curl_getdate() returns -1 when parsedate() fails we can initialise
parsed to -1.
2014-12-10 11:38:38 +00:00
Daniel Stenberg
086ad79970 ldap: check Curl_client_write() return codes
There might be one or two memory leaks left in the error paths.
2014-12-10 00:41:32 +01:00
Daniel Stenberg
0e8158eabc ldap: rename variables to comply to curl standards 2014-12-10 00:36:31 +01:00
Dan Fandrich
41f1f6e830 cookies: Improved OOM handling in cookies
This fixes the test 506 torture test. The internal cookie API really
ought to be improved to separate cookie parsing errors (which may be
ignored) with OOM errors (which should be fatal).
2014-12-09 23:58:30 +01:00
Daniel Stenberg
fc32b81382 smb: fix unused return code warning 2014-12-09 15:47:28 +01:00
Patrick Monnerat
6ea4ee94f9 Curl_client_write() & al.: chop long data, convert data only once. 2014-12-09 15:43:51 +01:00
Daniel Stenberg
145c263a4b schannel_recv: return the correct code
Bug: http://curl.haxx.se/bug/view.cgi?id=1462
Reported-by: Tae Hyoung Ahn
2014-12-09 11:46:11 +01:00
Daniel Stenberg
680d5fd041 http2: avoid logging neg "failure" if h2 was not requested 2014-12-09 00:09:24 +01:00
Daniel Stenberg
65d141e6da openldap: do not ignore Curl_client_write() return codes 2014-12-08 15:33:14 +01:00
Daniel Stenberg
0d99cdbeed compile: warn on unused return code from Curl_client_write() 2014-12-08 15:31:53 +01:00
Patrick Monnerat
dca257f27e SMB: Fix a data size mismatch that broke SMB on big-endian platforms 2014-12-08 15:30:11 +01:00
Steve Holme
dcd484a238 smb: Fixed Windows autoconf builds following commit eb88d778e7
As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO
either explicitly through --enable-win32-cypto or automatically on
_WIN32 based platforms, subsequent builds broke with the following
error message:

"Can't compile NTLM support without a crypto library."
2014-12-07 20:47:54 +00:00
Bill Nagel
526603ff05 smb: Build with SSPI enabled
Build SMB/CIFS protocol support when SSPI is enabled.
2014-12-07 18:36:23 +00:00
Bill Nagel
eb88d778e7 ntlm: Use Windows Crypt API
Allow the use of the Windows Crypt API for NTLMv1 functions.
2014-12-07 18:32:59 +00:00
Dan Fandrich
2adf294602 cookie.c: Refactored cleanup code to simplify
Also, fixed the outdated comments on the cookie API.
2014-12-07 12:22:52 +01:00
Steve Holme
ef91f04927 ftp.c: Fixed compilation warnings when proxy support disabled
ftp.c:1827 warning: unused parameter 'newhost'
ftp.c:1827 warning: unused parameter 'newport'
2014-12-06 22:14:50 +00:00
Steve Holme
befe9a10b9 smb: Fixed a problem with large file transfers
Fixed an issue with the message size calculation where the raw bytes
from the buffer were interpreted as signed values rather than unsigned
values.

Reported-by: Gisle Vanem
Assisted-by: Bill Nagel
2014-12-06 21:44:00 +00:00
Steve Holme
36d45eabc0 smb: Moved the URL decoding into a separate function 2014-12-06 21:02:06 +00:00
Steve Holme
864f17d894 smb: Fixed URL encoded URLs not working 2014-12-06 20:56:59 +00:00
Steve Holme
4bdb1ca8d6 Makefile.inc: Updated file formatting
Aligned continuation character and used space as the separator
character as per other makefile files.
2014-12-06 19:50:00 +00:00
Steve Holme
d89285e8d6 curl_md4.h: Updated copyright year following recent edit
...and minor layout adjustment.
2014-12-06 19:36:27 +00:00
Patrick Monnerat
e17220ffcb SMB: Fix big endian problems. Make it OS/400 aware. 2014-12-05 18:42:39 +01:00
Patrick Monnerat
9b0b9f209e OS400: enable NTLM authentication 2014-12-05 18:42:39 +01:00
Steve Holme
adbee7ecf5 multi.c: Fixed compilation warning
multi.c:2695: warning: declaration of `exp' shadows a global declaration
2014-12-05 14:13:09 +00:00
Guenter Knauf
ccfa139c71 build: updated dependencies in makefiles. 2014-12-05 14:54:25 +01:00
Steve Holme
aa0e2ac451 sasl: Corrected formatting of function descriptions 2014-12-05 07:57:29 +00:00
Steve Holme
f4ca16058e sasl_gssapi: Added missing function description 2014-12-05 00:58:58 +00:00
Steve Holme
45229fae8e sasl_sspi: Corrected some typos 2014-12-05 00:23:47 +00:00
Steve Holme
ef5b98742f sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data
Don't use a hard coded size of 4 for the security layer and buffer size
in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as
we have done in the sasl_gssapi module.
2014-12-05 00:22:34 +00:00
Steve Holme
697592b3dd sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it
Reduced the amount of free's required for the decoded challenge message
in Curl_sasl_create_gssapi_security_message() as a result of coding it
differently in the sasl_gssapi module.
2014-12-05 00:18:13 +00:00
Steve Holme
ee1d729ce0 gssapi: Corrected typo in comments 2014-12-05 00:10:11 +00:00
Steve Holme
7b29c2803f sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message() 2014-12-05 00:08:59 +00:00
Stefan Bühler
576ac00eb3 http_perhapsrewind: don't abort CONNECT requests
...they never have a body
2014-12-04 14:46:31 -08:00
Stefan Bühler
87c4abb611 HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request
Sending NTLM/Negotiate header again after successful authentication
breaks the connection with certain Proxies and request types (POST to MS
Forefront).
2014-12-04 14:46:13 -08:00
Stefan Bühler
5dc68dd609 HTTP: don't abort connections with pending Negotiate authentication
... similarly to how NTLM works as Negotiate is in fact often NTLM with
another name.
2014-12-04 14:41:48 -08:00
Steve Holme
0b311834eb sasl_gssapi: Fixed missing include from commit d3cca934ee 2014-12-04 22:32:49 +00:00
Steve Holme
d3cca934ee sasl_gssapi: Fixed missing decoding debug failure message 2014-12-04 22:24:24 +00:00
Steve Holme
750203bde4 sasl_gssapi: Fixed honouring of no mutual authentication 2014-12-04 22:05:14 +00:00
Steve Holme
0fcd74b836 sasl_sspi: Added more Kerberos V5 decoding debug failure messages 2014-12-04 21:09:06 +00:00
Anthon Pang
1b3a398ec1 docs: Fix FAILONERROR typos
It returns error for >= 400 HTTP responses.

Bug: https://github.com/bagder/curl/pull/129
2014-12-04 12:14:59 -08:00
Patrick Monnerat
4ce87e33ee OS400: enable Unix sockets. 2014-12-04 15:34:03 +01:00
Daniel Stenberg
9730c9fb70 updateconninfo: clear destination struct before getsockname()
Otherwise we may read uninitialized bytes later in the unix-domain
sockets case.
2014-12-04 02:52:19 +01:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Steve Holme
fa437e14a4 sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message() 2014-12-03 19:58:59 +00:00
Steve Holme
61e71a8bc8 sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup() 2014-12-03 18:59:08 +00:00
Steve Holme
71dd581127 sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function
Added helper function for returning a GSS-API compatible SPN.
2014-12-03 18:36:48 +00:00
Daniel Stenberg
26b57832fe NSS: enable the CAPATH option
Bug: http://curl.haxx.se/bug/view.cgi?id=1457
Patch-by: Tomasz Kojm
2014-12-03 06:21:29 -08:00
Steve Holme
884df3a51f sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds 2014-12-03 13:16:17 +00:00
Steve Holme
86b889485d sasl_gssapi: Added GSS-API based Kerberos V5 variables 2014-12-03 07:47:05 +00:00
Steve Holme
2b604eada5 sasl_gssapi: Made log_gss_error() a common GSS-API function
Made log_gss_error() a common function so that it can be used in both
the http_negotiate code as well as the curl_sasl_gssapi code.
2014-12-02 22:27:02 +00:00
Steve Holme
018b9d421a sasl_gssapi: Introduced GSS-API based SASL module
Added the initial version of curl_sasl_gssapi.c and updated the project
files in preparation for adding GSS-API based Kerberos V5 support.
2014-12-02 21:57:45 +00:00
Steve Holme
f9b7132175 smb: Don't try to connect with empty credentials
On some platforms curl would crash if no credentials were used. As such
added detection of such a use case to prevent this from happening.

Reported-by: Gisle Vanem
2014-12-02 21:04:23 +00:00
Steve Holme
bbccbfe9d1 smb.c: Coding policing of pointer usage 2014-12-02 20:50:49 +00:00
Guenter Knauf
228f1ee9f2 build: in Makefile.m32 simplified autodetection. 2014-12-01 16:39:56 +01:00
Peter Wu
aba5888f6b lib/connect: restrict IP/TCP options to said sockets
This patch prepares for adding UNIX domain sockets support.

TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not
apply these to other socket types. bindlocal only works for IP sockets
(independent of TCP/UDP), so filter that out too for other types.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-30 23:21:14 +01:00
Daniel Stenberg
397a634ebd smb.c: use size_t as input argument types for msg sizes
This fixes warnings about conversions to int
2014-11-30 23:12:24 +01:00
Steve Holme
6b8e5c0e8a smb.c: Fixed compilation warnings
smb.c:398: warning: comparison of integers of different signs:
           'ssize_t' (aka 'long') and 'unsigned long'
smb.c:443: warning: comparison of integers of different signs:
           'ssize_t' (aka 'long') and 'unsigned long'
2014-11-30 21:20:19 +00:00
Steve Holme
ce2d84b3bb libcurl: Exclude SMB from the protocol redirect
As local files could be accessed through \\localhost\c$.
2014-11-30 20:42:05 +00:00
Bill Nagel
6f2419342f libcurl: Enable support for the SMB protocol
This patch enables SMB/CIFS support in libcurl.
2014-11-30 20:25:28 +00:00
Steve Holme
d95cb3edc8 smb.c: Fixed compilation warnings
smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned
           int' may alter its value
smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned
           int' may alter its value
smb.c:482: warning: conversion to 'short unsigned int' from 'int' may
           alter its value
smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may
           alter its value
smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may
           alter its value
smb.c:550: warning: conversion to 'short unsigned int' from 'int' may
           alter its value
2014-11-30 20:17:53 +00:00
Steve Holme
99c2bad222 smb.c: Renamed SMB command message variables to avoid compiler warnings
smb.c:489: warning: declaration of 'close' shadows a global declaration
smb.c:511: warning: declaration of 'read' shadows a global declaration
smb.c:528: warning: declaration of 'write' shadows a global declaration
2014-11-30 18:59:41 +00:00
Steve Holme
069f63c893 smb.c: Fixed compilation warnings
smb.c:212: warning: unused parameter 'done'
smb.c:380: warning: ISO C does not allow extra ';' outside of a function
smb.c:812: warning: unused parameter 'premature'
smb.c:822: warning: unused parameter 'dead'
2014-11-30 18:33:37 +00:00
Steve Holme
676f79f8d2 smb.c: Fixed compilation warnings
smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short',
           possible loss of data
smb.c:425: warning: conversion from '__int64' to 'unsigned short',
           possible loss of data
smb.c:452: warning: conversion from '__int64' to 'unsigned short',
           possible loss of data
2014-11-30 18:11:12 +00:00
Steve Holme
cef28131f7 smb.c: Fixed compilation warnings
smb.c:162: error: comma at end of enumerator list
smb.c:469: warning: conversion from 'size_t' to 'unsigned short',
           possible loss of data
smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int',
           possible loss of data
smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int',
           possible loss of data
2014-11-30 18:08:01 +00:00
Bill Nagel
02d2c0a08d smb: Added initial SMB functionality
Initial implementation of the SMB/CIFS protocol.
2014-11-30 18:01:15 +00:00
Bill Nagel
aec2e865f0 smb: Added SMB handler interfaces
Added the SMB and SMBS handler interface structures and associated
functions required for SMB/CIFS operation.
2014-11-30 15:56:30 +00:00
Steve Holme
56120ca04b transfer: Code style policing
Prefer ! rather than NULL in if statements, added comments and updated
function spacing, argument spacing and line spacing to be more readble.
2014-11-30 15:06:16 +00:00
Steve Holme
785d76d681 transfer: Fixed existing scratch buffer being checked for NULL twice
If the scratch buffer already existed when the CRLF conversion was
performed then the buffer pointer would be checked twice for NULL. This
second check is only necessary if the call to malloc() was performed by
the first check.
2014-11-30 15:06:13 +00:00
Steve Holme
9afd97022e smtp: Fixed dot stuffing being performed when no new data read
Whilst I had moved the dot stuffing code from being performed before
CRLF conversion takes place to after it, in commit 4bd860a001, I had
moved it outside the 'when something read' block of code when meant
it could perform the dot stuffing twice on partial send if nread
happened to contain the right values. It also meant the function could
potentially read past the end of buffer. This was highlighted by the
following warning:

warning: `nread' might be used uninitialized in this function
2014-11-30 14:24:35 +00:00
Daniel Stenberg
5409f32984 smb.h: fixed picky compiler warning
smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic]
2014-11-29 23:06:04 +01:00
Bill Nagel
557658776f smb: Added SMB protocol and port definitions
Added the necessary protocol and port definitions in order to support
SMB/CIFS.
2014-11-29 21:26:40 +00:00
Bill Nagel
0627c48dde smb: Added internal SMB definitions and structures
Added the internal definitions and structures necessary for SMB/CIFS
support.
2014-11-29 20:32:34 +00:00
Bill Nagel
7c00ba10da smb: Added SMB connection structure
Added the connection structure that will be required in urldata.h for
SMB/CIFS based connections.
2014-11-29 20:16:51 +00:00
Bill Nagel
e80d9d5902 smb: Added initial source files for SMB
Added the initial source files and updated the relevant project files in
order to support SMB/CIFS.
2014-11-29 18:10:41 +00:00
Steve Holme
93e080cbaa http.c: Fixed compilation warnings from features being disabled
warning: unused variable 'data'
warning: variable 'addcookies' set but not used

...and some very minor coding style policing.
2014-11-27 22:29:31 +00:00
Steve Holme
854049f962 smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob()
...and some comment typos!
2014-11-26 23:31:57 +00:00
Steve Holme
4bd860a001 smtp: Added support for the conversion of Unix newlines during mail send
Added support for the automatic conversion of Unix newlines to CRLF
during mail uploads.

Feature: http://curl.haxx.se/bug/view.cgi?id=1456
2014-11-26 23:31:54 +00:00
Daniel Stenberg
700843d69f select.c: fix compilation for VxWorks
Reported-by: Brian
Bug: http://curl.haxx.se/bug/view.cgi?id=1455
2014-11-25 08:55:17 +01:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
Steve Holme
53e2e4c721 multi.c: Fixed compilation warnings when no verbose string support
warning: variable 'connection_id' set but not used
warning: unused parameter 'lineno'
2014-11-23 19:51:24 +00:00
Steve Holme
1450712e76 sasl: Tidied up some parameter comments 2014-11-23 16:50:15 +00:00
Steve Holme
bfdef6301c sasl: Reduced the need for two sets of NTLM functions 2014-11-23 16:45:30 +00:00
Steve Holme
33be9e29be ntlm: Moved NSS initialisation to base decode function 2014-11-23 16:07:59 +00:00
Steve Holme
8ed2420dbb http_ntlm: Fixed additional NSS initialisation call when decoding type-2
After commit 48d19acb7c the HTTP code would call Curl_nss_force_init()
twice when decoding a NTLM type-2 message, once directly and the other
through the call to Curl_sasl_decode_ntlm_type2_message().
2014-11-23 16:05:08 +00:00
Steve Holme
409265a571 ntlm: Fixed static'ness of local decode function 2014-11-23 10:38:54 +00:00
Steve Holme
885119bf50 ntlm: Corrected some parameter names and comments 2014-11-23 10:38:35 +00:00
Daniel Stenberg
d62706ec6d http.c: log if it notices HTTP 1.1 after a upgrade to http2 2014-11-20 23:33:34 +01:00
Tatsuhiro Tsujikawa
7d1f2ac769 http: Disable pipelining for HTTP/2 and upgraded connections
This commit disables pipelining for HTTP/2 or upgraded connections.  For
HTTP/2, we do not support multiplexing.  In general, requests cannot be
pipelined in an upgraded connection, since it is now different protocol.
2014-11-20 14:41:17 +01:00
Steve Holme
34cb17b930 conncache: Fixed specifiers in infof() for long and size_t variables 2014-11-19 20:04:21 +00:00
Jon Spencer
2933698677 multi: inform about closed sockets before they are closed
When the connection code decides to close a socket it informs the multi
system via the Curl_multi_closed function. The multi system may, in
turn, invoke the CURLMOPT_SOCKETFUNCTION function with
CURL_POLL_REMOVE. This happens after the socket has already been
closed. Reorder the code so that CURL_POLL_REMOVE is called before the
socket is closed.
2014-11-19 13:22:07 +01:00
Guenter Knauf
cf510ad781 build: in Makefile.m32 moved target autodetection.
Moved target autodetection block after defining CC macro.
2014-11-19 12:39:20 +01:00
Guenter Knauf
140ca2dcc2 build: in Makefile.m32 simplify platform flags. 2014-11-19 11:46:02 +01:00
Guenter Knauf
a08decdfed build: in Makefile.m32 try to detect 64bit target. 2014-11-19 11:40:04 +01:00
Carlo Wood
013d5c18c3 debug: added new connection cache output, plus fixups
Debug output 'typo' fix.

Don't print an extra "0x" in
  * Pipe broke: handle 0x0x2546d88, url = /

Add debug output.
Print the number of connections in the connection cache when
  adding one, and not only when one is removed.

Fix typos in comments.
2014-11-18 23:02:40 +01:00
Daniel Stenberg
b77ff4d589 multi: move the ending condition into the loop as well
... as it was before I changed the loop in commit e04ccbd50. It caused
test 2030 and 2032 to fail.
2014-11-18 22:57:22 +01:00
Steve Holme
36f7b399de multi: Prefer we don't use CURLE_OK and NULL in comparisons 2014-11-18 20:25:05 +00:00
Daniel Stenberg
c068284882 multi_runsingle: use 'result' for local CURLcode storage
... and assign data->result only at the end. Makes the code more compact
(easier to read) and more similar to other code.
2014-11-18 15:18:21 +01:00
Daniel Stenberg
e05f801271 multi_runsingle: rename result to rc
save 'result' for CURLcode types
2014-11-18 14:47:15 +01:00
Daniel Stenberg
e04ccbd506 multi: make multi_runsingle loop internally
simplifies the use of this function at little cost.
2014-11-18 14:47:15 +01:00
Carlo Wood
1342a96ecf multi: when leaving for timeout, close accordingly
Fixes the problem when a transfer in a pipeline times out.
2014-11-18 14:47:15 +01:00
Guenter Knauf
4bc47bec57 build: in Makefile.m32 add -m32 flag for 32bit. 2014-11-18 14:25:41 +01:00
Guenter Knauf
e126ec4fc4 mk-ca-bundle.vbs: update copyright year. 2014-11-18 13:47:13 +01:00
Guenter Knauf
46ae340f24 build: in Makefile.m32 pass -F flag to windres. 2014-11-18 13:44:03 +01:00
Steve Holme
6cc79dc79d config-win32: Fixed build targets for the VS2012+ Windows XP toolset
Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had
forgotten to include the relevant pre-processor definitions.
2014-11-17 23:49:05 +00:00
Steve Holme
62a6230e1c sasl_sspi: Removed note about the NTLM functions being a wrapper 2014-11-16 22:49:30 +00:00
Steve Holme
43da5b2066 connect.c: Fixed compilation warning when no verbose string support
warning: unused parameter 'reason'
2014-11-16 18:21:12 +00:00
Steve Holme
591d5ca41b easy.c: Fixed compilation warning when no verbose string support
warning: unused parameter 'easy'
2014-11-16 18:21:03 +00:00
Steve Holme
4be80d5109 win32: Updated some legacy APIs to use the newer extended versions
Updated the usage of some legacy APIs, that are preventing curl from
compiling for Windows Store and Windows Phone build targets.

Suggested-by: Stefan Neis
Feature: http://sourceforge.net/p/curl/feature-requests/82/
2014-11-16 17:30:17 +00:00
Steve Holme
23e70e1cc6 config-win32: Introduce build targets for VS2012+
Visual Studio 2012 introduced support for Windows Store apps as well as
supporting Windows Phone 8. Introduced build targets that allow more
modern APIs to be used as certain legacy ones are not available on these
new platforms.
2014-11-16 17:24:48 +00:00
Steve Holme
800094802e sasl_sspi: Fixed compilation warnings when no verbose string support 2014-11-16 14:52:27 +00:00
Steve Holme
9669794e7a sasl_sspi: Added base64 decoding debug failure messages
Just like in the NTLM code, added infof() failure messages for
DIGEST-MD5 and GSSAPI authentication when base64 decoding fails.
2014-11-16 14:35:51 +00:00
Steve Holme
30892709d7 ntlm: Moved the SSPI based Type-3 message generation into the SASL module 2014-11-16 14:16:07 +00:00
Steve Holme
a3fead9706 ntlm: Moved the SSPI based Type-2 message decoding into the SASL module 2014-11-16 13:59:11 +00:00
Steve Holme
201d0df50b ntlm: Moved the SSPI based Type-1 message generation into the SASL module 2014-11-16 13:39:13 +00:00
Michael Osipov
9f10e45e42 kerberos: Use symbol qualified with _KERBEROS5
For consistency renamed USE_KRB5 to USE_KERBEROS5.
2014-11-16 13:29:04 +00:00
Tatsuhiro Tsujikawa
ed77fdf389 http2: Don't send Upgrade headers when we already do HTTP/2 2014-11-15 21:00:23 +01:00
Steve Holme
08f9c90981 sasl: Corrected Curl_sasl_build_spn() function description
There was a mismatch in function parameter names.
2014-11-15 18:35:40 +00:00
Steve Holme
2e16100609 urldata: Don't define sec_complete when no GSS-API support present
This variable is only used with HAVE_GSSAPI is defined by the FTP code
so let's place the definition with the other GSS-API based variables.
2014-11-15 13:15:02 +00:00
Michael Osipov
d54b551f6c docs: Use consistent naming for Kerberos 2014-11-15 13:10:45 +00:00
Steve Holme
cca12abf6e sasl_sspi: Corrected a couple of comment typos 2014-11-14 23:27:19 +00:00
Steve Holme
18e53fa91a sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file
Rather than define the function as extern in the source files that use
it, moved the function declaration into the SASL header file just like
the Digest and NTLM clean-up functions.

Additionally, added a function description comment block.
2014-11-14 22:11:48 +00:00
Steve Holme
8c58dea899 sasl_sspi: Added missing RFC reference for HTTP Digest authentication 2014-11-14 22:03:27 +00:00
Steve Holme
9dfbcef272 ntlm: Clean-up and standardisation of base64 decoding 2014-11-14 22:02:06 +00:00
Steve Holme
7faaca7118 ntlm: We prefer 'CURLcode result' 2014-11-14 22:00:04 +00:00
Daniel Stenberg
2ee3c63b13 http2: fix switched macro when http2 is not enabled 2014-11-13 15:39:15 +01:00
Tatsuhiro Tsujikawa
7b7f0da4a7 http2: Deal with HTTP/2 data inside response header buffer
Previously if HTTP/2 traffic is appended to HTTP Upgrade response header
(thus they are in the same buffer), the trailing HTTP/2 traffic is not
processed and lost.  The appended data is most likely SETTINGS frame.
If it is lost, nghttp2 library complains server does not obey the HTTP/2
protocol and issues GOAWAY frame and curl eventually drops connection.
This commit fixes this problem and now trailing data is processed.
2014-11-13 15:38:12 +01:00
Daniel Stenberg
f64dbb08c2 multi: removed Curl_multi_set_easy_connection
It isn't used anywhere!

Reported-by: Carlo Wood
2014-11-10 10:09:40 +01:00
Peter Wu
17d27805f9 cmake: add ENABLE_THREADED_RESOLVER, rename ARES
Fix detection of the AsynchDNS feature which not just depends on
pthreads support, but also on whether USE_POSIX_THREADS is set or not.
Caught by test 1014.

This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to
--enable-threaded-resolver of autotools) which also needs a check for
HAVE_PTHREAD_H.

For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES
(--enable-ares). Checks that test for the availability actually use
USE_ARES instead as that is the result of whether a-res is available or
not (in practice this does not matter as CARES is marked as required
package, but nevertheless it is better to write the intent).

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-10 09:09:25 +01:00
Steve Holme
bfc63bfb19 vtls.h: Fixed compiler warning when compiled without SSL
vtls.c:185:46: warning: unused parameter 'data'
2014-11-09 18:09:58 +00:00
Steve Holme
2fbf23875f ntlm: Added separate SSPI based functions
In preparation for moving the NTLM message code into the SASL module,
and separating the native code from the SSPI code, added functions that
simply call the functions in curl_ntlm_msg.c.
2014-11-09 15:12:35 +00:00
Steve Holme
48d19acb7c http_ntlm: Use the SASL functions instead
In preparation for moving the NTLM message code into the SASL module
use the SASL functions in the HTTP code instead.
2014-11-09 14:58:20 +00:00
Daniel Stenberg
9dbbba9976 libssh2: detect features based on version, not configure checks
... so that non-configure builds get the correct functions too based on
the libssh2 version used.
2014-11-09 15:43:27 +01:00
Nobuhiro Ban
18e1a3022d SSH: use the port number as well for known_known checks
... if the libssh2 version is new enough.

Bug: http://curl.haxx.se/bug/view.cgi?id=1448
2014-11-09 15:43:27 +01:00
Steve Holme
520dc64369 build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined
USE_NTLM would only be defined if: HTTP support was enabled, NTLM and
cryptography weren't disabled, and either a supporting cryptography
library or Windows SSPI was being compiled against.

This means it was not possible to build libcurl without HTTP support
and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather
than introduce a new SASL pre-processor definition, removed the HTTP
prerequisite just like USE_SPNEGO and USE_KRB5.

Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP
as it is only available to HTTP at present.

This bug dates back to August 2011 when I started to add support for
NTLM to SMTP.
2014-11-09 12:54:34 +00:00
Steve Holme
8145f92dcc ntlm: Removed an unnecessary free of native Target Info
Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is
longer required.
2014-11-09 11:54:50 +00:00
Steve Holme
40ee1ba0dc ntlm: Moved the native Target Info clean-up from HTTP specific function 2014-11-09 11:47:40 +00:00
Steve Holme
474442dd56 ntlm: Moved SSPI clean-up code into SASL module 2014-11-09 11:10:34 +00:00
Steve Holme
dc867bbf3a Makefile.vc6: Added support for WinIDN 2014-11-08 18:31:29 +00:00
Steve Holme
7599143dcc version info: Added Kerberos V5 to the supported features 2014-11-07 10:55:14 +00:00
Guenter Knauf
f28c856e33 mk-ca-bundle.vbs: switch to new certdata.txt url. 2014-11-07 10:27:26 +01:00
Steve Holme
dcad09e125 http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1
Fixed a couple of memory leaks as a result of moving code that used to
populate allocuserpwd and relied on it's clean up.
2014-11-07 00:11:20 +00:00
Steve Holme
0a925d7834 sasl_sspi: Tidy up of the existing digest code
Following the addition of SSPI support for HTTP digest, synchronised
elements of the email digest code with that of the new HTTP code.
2014-11-06 23:26:27 +00:00
Steve Holme
70100d5509 http_digest: Post SSPI support tidy up
Post tidy up to ensure commonality of code style and variable names.
2014-11-06 23:15:24 +00:00
Steve Holme
cfe4252744 http_digest: Fixed auth retry loop when SSPI based authentication fails 2014-11-06 15:27:27 +00:00
Steve Holme
500d2db302 http_digest: Reworked the SSPI based input token storage
Reworked the input token (challenge message) storage as what is passed
to the buf and desc in the response generation are typically blobs of
data rather than strings, so this is more in keeping with other areas
of the SSPI code, such as the NTLM message functions.
2014-11-06 14:59:53 +00:00
Steve Holme
6d45f952e6 sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9
Added void reference to unused 'data' parameter back to fix compilation
warning.
2014-11-06 13:32:04 +00:00
Steve Holme
3aa0e57ce6 sspi: Align definition values to even columns as we use 2 char spacing 2014-11-06 13:09:48 +00:00
Steve Holme
a10976b961 sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE
Some versions of Microsoft's sspi.h don't define this.
2014-11-06 13:04:24 +00:00
Steve Holme
93859e2c9a sasl: Removed non-SSPI Digest functions and defines from SSPI based builds
Introduced in commit 7e6d51a73c these functions and definitions are only
required by the internal challenge-response functions now.
2014-11-06 12:37:59 +00:00
Steve Holme
2d2a62e3d9 sasl_sspi: Added HTTP digest response generation code 2014-11-06 12:07:04 +00:00
Steve Holme
f0d3be29f2 http_digest: Added SSPI based challenge decoding code 2014-11-06 11:53:02 +00:00
Steve Holme
21fa0d86b1 http_digest: Added SSPI based clean-up code 2014-11-06 11:36:55 +00:00
Steve Holme
3d6b865654 http_digest: Added SSPI based authentication functions
This temporarily breaks HTTP digest authentication in SSPI based builds,
causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will
resume normal operation.
2014-11-06 11:10:10 +00:00
Steve Holme
1033acd92d http_digest: Added required SSPI based variables to digest structure 2014-11-06 11:10:08 +00:00
Steve Holme
783c7f97ba http_digest: Fixed memory leaks from commit 6f8d8131b1 2014-11-05 21:45:10 +00:00
Steve Holme
f4af38120a sasl: Fixed compilation warning from commit 25264131e2
Added forward declaration of digestdata to overcome the following
compilation warning:

warning: 'struct digestdata' declared inside parameter list

Additionally made the ntlmdata forward declaration dependent on
USE_NTLM similar to how digestdata and kerberosdata are.
2014-11-05 18:36:57 +00:00
Steve Holme
259f4f3d01 sasl: Fixed HTTP digest challenges with spaces between auth parameters
Broken as part of the rework, in commit 7e6d51a73c, to assist with the
addition of HTTP digest via Windows SSPI.
2014-11-05 17:58:07 +00:00
Steve Holme
f697d7fdd5 http_digest: Fixed compilation errors from commit 6f8d8131b1
error: invalid operands to binary
warning: pointer targets in assignment differ in signedness
2014-11-05 15:48:19 +00:00
Steve Holme
6f8d8131b1 http_digest: Moved response generation into SASL module 2014-11-05 15:33:21 +00:00
Steve Holme
7e6d51a73c http_digest: Moved challenge decoding into SASL module 2014-11-05 14:39:13 +00:00
Steve Holme
25264131e2 http_digest: Moved clean-up function into SASL module 2014-11-05 13:51:11 +00:00
Steve Holme
d7bfce3951 http_digest: Moved algorithm definitions to SASL module 2014-11-05 13:40:08 +00:00
Gisle Vanem
3cfe3bc001 ssh: Fixed build on platforms where R_OK is not defined
Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html
Reported-by: Jan Ehrhardt
2014-11-05 13:09:08 +00:00
Steve Holme
92e7e346f3 strdup: Removed irrelevant comment
...as Curl_memdup() duplicates an area of fix size memory, that may be
binary, and not a null terminated string.
2014-11-05 12:53:06 +00:00
Steve Holme
e8cea8d70f url.c: Fixed compilation warning
conversion from 'curl_off_t' to 'size_t', possible loss of data
2014-11-05 12:42:35 +00:00
Steve Holme
efe4bab29b http_digest: Use CURLcode instead of CURLdigest
To provide consistent behaviour between the various HTTP authentication
functions use CURLcode based error codes for Curl_input_digest()
especially as the calling code doesn't use the specific error code just
that it failed.
2014-11-05 12:13:47 +00:00
Steve Holme
d62cb0f5d0 sspi: Define authentication package name constants
These were previously hard coded, and whilst defined in security.h,
they may or may not be present in old header files given that these
defines were never used in the original code.

Not only that, but there appears to be some ambiguity between the ANSI
and UNICODE NTLM definition name in security.h.
2014-11-05 11:54:02 +00:00
Daniel Stenberg
b387560692 curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
2014-11-05 08:05:14 +01:00
Jay Satiro
e819c3a4ca SSL: PolarSSL default min SSL version TLS 1.0
- Prior to this change no SSL minimum version was set by default at
runtime for PolarSSL. Therefore in most cases PolarSSL would probably
have defaulted to a minimum version of SSLv3 which is no longer secure.
2014-11-04 11:40:51 +01:00
Carlo Wood
15c4d51d39 Curl_single_getsock: fix hold/pause sock handling
The previous condition that checked if the socket was marked as readable
when also adding a writable one, was incorrect and didn't take the pause
bits properly into account.
2014-11-03 09:40:13 +01:00
Peter Wu
b2bb51f339 cmake: drop _BSD_SOURCE macro usage
autotools does not use features.h nor _BSD_SOURCE. As this macro
triggers warnings since glibc 2.20, remove it. It should not have
functional differences.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-03 09:10:54 +01:00
Steve Holme
b6821dbb91 sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
Typically the USE_WINDOWS_SSPI definition would not be used when the
CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
data structures and functions would incorrectly be used when they
shouldn't be.

Introduced a new USE_KRB5 definition that takes into account the use of
CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2014-11-02 00:35:16 +00:00
Steve Holme
b04eef1318 openssl: Use 'CURLcode result'
More CURLcode fixes.
2014-11-02 00:14:07 +00:00
Daniel Stenberg
9bc2582c31 resume: consider a resume from [content-length] to be OK
Basically since servers often then don't respond well to this and
instead send the full contents and then libcurl would instead error out
with the assumption that the server doesn't support resume. As the data
is then already transfered, this is now considered fine.

Test case 1434 added to verify this. Test case 1042 slightly modified.

Reported-by: hugo
Bug: http://curl.haxx.se/bug/view.cgi?id=1443
2014-11-01 23:09:24 +01:00
Steve Holme
f0b4bc12f8 openssl: Use 'CURLcode result'
More standardisation of CURLcode usage and coding style.
2014-11-01 17:16:42 +00:00
Steve Holme
14b4707d9a openssl: Use 'CURLcode result'
...and some minor code style changes.
2014-11-01 16:14:05 +00:00
Steve Holme
beb478a24b ftplistparser: We prefer 'CURLcode result' 2014-11-01 12:12:09 +00:00
Steve Holme
befbc8f56b code cleanup: Use 'CURLcode result' 2014-10-30 23:14:45 +00:00
Guenter Knauf
f29b88c246 build: added Watcom support to build with WinSSL. 2014-10-30 16:43:29 +01:00
Daniel Stenberg
697aa67d18 openssl: enable NPN separately from ALPN
... and allow building with nghttp2 but completely without NPN and ALPN,
as nghttp2 can still be used for plain-text HTTP.

Reported-by: Lucas Pardue
2014-10-29 22:42:46 +01:00
Steve Holme
32913182dc vtls.c: Fixed compilation warning
conversion from 'size_t' to 'unsigned int', possible loss of data
2014-10-29 19:12:27 +00:00
Steve Holme
f3fc3d021d sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure
Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when
acquiring the credentials handle fails. This is then consistent with
the code prior to commit f7e24683c4 when log-in credentials were empty.
2014-10-29 14:26:48 +00:00
Steve Holme
f7e24683c4 sasl_sspi: Allow DIGEST-MD5 to use current windows credentials
Fixed the ability to use the current log-in credentials with DIGEST-MD5.
I had previously disabled this functionality in commit 607883f13c as I
couldn't get this to work under Windows 8, however, from testing HTTP
Digest authentication through Windows SSPI and then further testing of
this code I have found it works in Windows 7.

Some further investigation is required to see what the differences are
between Windows 7 and 8, but for now enable this functionality as the
code will return an error when AcquireCredentialsHandle() fails.
2014-10-29 14:24:38 +00:00
Kamil Dudka
276741af4d transfer: drop the code handling the ssl_connect_retry flag
Its last use has been removed by the previous commit.
2014-10-29 14:34:46 +01:00
Kamil Dudka
3f430c9c3a nss: drop the code for libcurl-level downgrade to SSLv3
This code was already deactivated by commit
ec783dc142.
2014-10-29 14:34:46 +01:00
Kamil Dudka
07048941a4 openssl: fix a line length warning 2014-10-29 14:34:46 +01:00
Guenter Knauf
b5ed5843a4 Added NetWare support to build with nghttp2. 2014-10-29 03:31:34 +01:00
Guenter Knauf
357a15a649 Fixed error message since we require ALPN support. 2014-10-29 01:37:18 +01:00
Guenter Knauf
e42e3a4fac Check for ALPN via OpenSSL version number.
This check works also with to non-configure platforms.
2014-10-29 00:59:38 +01:00
Steve Holme
2e121fda35 sasl_sspi: Fixed typo in comment 2014-10-28 23:57:46 +00:00
Steve Holme
085081fc6e code cleanup: We prefer 'CURLcode result' 2014-10-28 22:45:32 +00:00
Daniel Stenberg
76b2f53707 mk-ca-bundle: spell fix "version" 2014-10-28 15:21:11 +01:00
Daniel Stenberg
95765567d0 HTTP: return larger than 3 digit response codes too
HTTP 1.1 is clearly specified to only allow three digit response codes,
and libcurl used sscanf("%3d") for that purpose. This made libcurl
support smaller numbers but not larger. It does now, but we will not
make any specific promises nor document this further since it is going
outside of what HTTP is.

Bug: http://curl.haxx.se/bug/view.cgi?id=1441
Reported-by: Balaji
2014-10-27 16:28:10 +01:00
Steve Holme
0811742488 ntlm: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-26 21:15:20 +00:00
Guenter Knauf
7be56906d6 Cosmetics: lowercase non-special subroutine names. 2014-10-26 19:07:35 +01:00
Steve Holme
07ac29a058 http_negotiate: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-26 16:38:21 +00:00
Steve Holme
64814739d5 http_negotiate: Fixed missing check for USE_SPNEGO 2014-10-26 16:28:02 +00:00
Steve Holme
c1c16bea94 sspi: Synchronization of cleanup code between auth mechanisms 2014-10-26 14:51:58 +00:00
Steve Holme
d91d21f05b sspi: Renamed max token length variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-26 14:43:02 +00:00
Steve Holme
c2c6805797 sspi: Renamed expiry time stamp variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-26 14:34:06 +00:00
Steve Holme
9c613ade7a sspi: Only call CompleteAuthToken() when complete is needed
Don't call CompleteAuthToken() after InitializeSecurityContext() has
returned SEC_I_CONTINUE_NEEDED as this return code only indicates the
function should be called again after receiving a response back from
the server.

This only affected the Digest and NTLM authentication code.
2014-10-26 14:33:19 +00:00
Steve Holme
980f2b7078 ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash()
For consistency with other areas of the NTLM code propagate all errors
from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just
CURLE_OUT_OF_MEMORY.
2014-10-26 09:14:46 +00:00
Steve Holme
3b738a16eb ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash() 2014-10-26 09:14:34 +00:00
Steve Holme
9c5f851ec9 ntlm: Use 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-26 09:14:10 +00:00
Steve Holme
3fe5b462f7 ntlm: Only define ntlm data structure when USE_NTLM is defined 2014-10-25 22:36:49 +01:00
Steve Holme
28ff8babad ntlm: Changed handles to be dynamic like other SSPI handles
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:16:06 +01:00
Steve Holme
f9f212fb93 ntlm: Renamed handle variables to match other SSPI structures
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:15:57 +01:00
Steve Holme
df97ab3e5f ntlm: Renamed SSPI based input token variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:15:48 +01:00
Steve Holme
c18329cef6 ntlm: We prefer 'CURLcode result'
Continuing commit 0eb3d15ccb more return code variable name changes.
2014-10-25 14:06:21 +01:00
Nick Zitzmann
bd87aec5a7 darwinssl: detect possible future removal of SSLv3 from the framework
If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3.
2014-10-24 18:59:13 -05:00
Patrick Monnerat
3ca560439c gskit.c: remove SSLv3 from SSL default. 2014-10-24 16:08:21 +02:00
Patrick Monnerat
897ef500e5 gskit.c: use 'CURLcode result' 2014-10-24 15:16:05 +02:00
Jay Satiro
ec783dc142 SSL: Remove SSLv3 from SSL default due to POODLE attack
- Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss,
openssl effectively making the default TLS 1.x. axTLS is not affected
since it supports only TLS, and gnutls is not affected since it already
defaults to TLS 1.x.

- Update CURLOPT_SSLVERSION doc
2014-10-24 13:41:56 +02:00
Daniel Stenberg
2b04257491 pipelining: only output "is not blacklisted" in debug builds 2014-10-24 11:12:34 +02:00
Daniel Stenberg
fb6e8a5aa4 url.c: use 'CURLcode result' 2014-10-24 08:51:04 +02:00
Daniel Stenberg
0eb3d15ccb code cleanup: we prefer 'CURLcode result'
... for the local variable name in functions holding the return
code. Using the same name universally makes code easier to read and
follow.

Also, unify code for checking for CURLcode errors with:

 if(result) or if(!result)

instead of

 if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
2014-10-24 08:23:19 +02:00
Daniel Stenberg
1752e9c088 Curl_add_timecondition: skip superfluous varible assignment
Detected by cppcheck.
2014-10-24 08:23:19 +02:00
Daniel Stenberg
65db980106 Curl_pp_flushsend: skip superfluous assignment
Detected by cppcheck.
2014-10-24 08:23:19 +02:00
Daniel Stenberg
8e34d3f9ef Curl_pp_readresp: remove superfluous assignment
Variable already assigned a few lines up.

Detected by cppcheck.
2014-10-24 08:23:19 +02:00
Daniel Stenberg
5b73f35761 Curl_proxyCONNECT: remove superfluous statement
The variable is already assigned, skip the duplicate assignment.

Pointed out by cppcheck.
2014-10-24 08:23:19 +02:00
Guenter Knauf
ede9884c59 Added MinGW support to build with nghttp2. 2014-10-24 04:22:04 +02:00
Guenter Knauf
4b7d499e64 Some cosmetics and simplifies. 2014-10-23 16:27:40 +02:00
Guenter Knauf
2be6941f42 Remove dependency on openssl and cut.
Prefer usage of Perl modules for sha1 calculation since there
might be systems where openssl is not installed or not in path.
If openssl is used for sha1 calculation then dont rely on cut
since it is usually not available on other systems than Linux.
2014-10-23 15:22:56 +02:00
Daniel Stenberg
9f5744a72f gnutls: removed dead code
Bug: http://curl.haxx.se/bug/view.cgi?id=1437
Reported-by: Julien
2014-10-23 10:01:58 +02:00