1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-23 00:28:48 -05:00
Commit Graph

9103 Commits

Author SHA1 Message Date
Daniel Stenberg
7d6e3f8cfa IDN: Use TR46 non-transitional
Assisted-by: Tim Rühsen
2017-01-13 14:53:50 +01:00
Daniel Stenberg
ee357664df IDN: revert use of the transitional option
It made the german ß get converted to ss, IDNA2003 style, and we can't
have that for the .de TLD - a primary reason for our switch to IDNA2008.

Test 165 verifies.
2017-01-13 14:31:40 +01:00
Tim Rühsen
ba315745f7 IDN: Fix compile time detection of linidn2 TR46
Follow-up to f30cbcac1

Closes #1207
2017-01-13 13:38:12 +01:00
ERAMOTO Masaya
2ac1942c72 url: --noproxy option overrides NO_PROXY environment variable
Under condition using http_proxy env var, noproxy list was the
combination of --noproxy option and NO_PROXY env var previously. Since
this commit, --noproxy option overrides NO_PROXY environment variable
even if use http_proxy env var.

Closes #1140
2017-01-13 11:18:29 +01:00
ERAMOTO Masaya
efdbfde7ca url: Refactor detect_proxy()
If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not
defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list.

Thus refactor to set proxy to NULL instead of calling detect_proxy() if
define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not
define CURL_DISABLE_HTTP and the host is not in the noproxy list.
2017-01-13 11:18:11 +01:00
ERAMOTO Masaya
1b57557882 url: Fix NO_PROXY env var to work properly with --proxy option.
The combination of --noproxy option and http_proxy env var works well
both for proxied hosts and non-proxied hosts.

However, when combining NO_PROXY env var with --proxy option,
non-proxied hosts are not reachable while proxied host is OK.

This patch allows us to access non-proxied hosts even if using NO_PROXY
env var with --proxy option.
2017-01-13 11:18:11 +01:00
Tim Rühsen
f30cbcac11 IDN: Use TR46 'transitional' for toASCII translations
References: http://unicode.org/faq/idn.html
            http://unicode.org/reports/tr46

Closes #1206
2017-01-13 10:21:25 +01:00
Marcus Hoffmann
7ba8020c46 gnutls: check for alpn and ocsp in configure
Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during
configure instead of relying on the version number.  GnuTLS has options
to turn these features off and we ca just work with with such builds
like we work with older versions.

Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com>

Closes #1204
2017-01-13 09:54:55 +01:00
Jay Satiro
1d4202ade6 url: Fix parsing for when 'file' is the default protocol
Follow-up to 3463408.

Prior to 3463408 file:// hostnames were silently stripped.

Prior to this commit it did not work when a schemeless url was used with
file as the default protocol.

Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html
Closes https://github.com/curl/curl/pull/1124

Also fix for drive letters:

- Support --proto-default file c:/foo/bar.txt

- Support file://c:/foo/bar.txt

- Fail when a file:// drive letter is detected and not MSDOS/Windows.

Bug: https://github.com/curl/curl/issues/1187
Reported-by: Anatol Belski
Assisted-by: Anatol Belski
2017-01-12 15:37:11 -05:00
Daniel Stenberg
807698db02 rand: make it work without TLS backing
Regression introduced in commit f682156a4f

Reported-by: John Kohl
Bug: https://curl.haxx.se/mail/lib-2017-01/0055.html
2017-01-12 17:44:21 +01:00
Jay Satiro
a18db79262 STARTTLS: Don't print response character in denied messages
Both IMAP and POP3 response characters are used internally, but when
appended to the STARTTLS denial message likely could confuse the user.

Closes https://github.com/curl/curl/pull/1203
2017-01-12 02:36:03 -05:00
Jay Satiro
4e6f483d08 smtp: Fix STARTTLS denied error message
- Format the numeric denial code as an integer instead of a character.
2017-01-12 02:06:03 -05:00
Daniel Stenberg
c6778aa46a http2_send: avoid unsigned integer wrap around
... when checking for a too large request.
2017-01-11 12:15:37 +01:00
Dan Fandrich
ba19feba94 wolfssl: display negotiated SSL version and cipher 2017-01-07 00:09:10 +01:00
Dan Fandrich
bbee0d4eee wolfssl: support setting cipher list 2017-01-06 23:02:09 +01:00
Nick Zitzmann
ffbb0f0d37 darwinssl: --insecure overrides --cacert if both settings are in use
Fixes #1184
2017-01-03 17:44:57 -06:00
Daniel Stenberg
ad10eb5fed content_encoding: change return code on a failure
Failure to decompress is now a write error instead of the weird
"function not found".
2016-12-29 11:31:01 +01:00
Max Khon
89b7898846 digest_sspi: copy terminating NUL as well
Curl_auth_decode_digest_http_message(): copy terminating NUL as later
Curl_override_sspi_http_realm() expects a NUL-terminated string.

Fixes #1180
2016-12-29 00:21:14 +01:00
Chris Araman
e53f0736c4 darwinssl: fix CFArrayRef leak
Reviewed-by: Nick Zitzmann
Closes #1173
2016-12-27 22:07:59 +01:00
Chris Araman
8db3afe16c darwinssl: fix iOS build
Reviewed-by: Nick Zitzmann
Fixes #1172
2016-12-27 22:07:28 +01:00
Daniel Stenberg
a7b38c9dc9 vtls: s/SSLEAY/OPENSSL
Fixed an old leftover use of the USE_SSLEAY define which would make a
socket get removed from the applications sockets to monitor when the
multi_socket API was used, leading to timeouts.

Bug: #1174
2016-12-26 00:10:04 +01:00
Daniel Stenberg
e50abe6478 formdata: use NULL, not 0, when returning pointers 2016-12-25 10:36:29 +01:00
Daniel Stenberg
9314bf8405 ftp: failure to resolve proxy should return that error code 2016-12-25 10:35:34 +01:00
Daniel Stenberg
5fe164a258 ftp-gss: check for init before use
To avoid dereferencing a NULL pointer.

Reported-by: Daniel Romero
2016-12-24 23:35:43 +01:00
Jay Satiro
cdbdef6f9f cyassl: use time_t instead of long for timeout 2016-12-24 13:25:03 -05:00
Daniel Stenberg
9aa259a139 http: remove "Curl_http_done: called premature" message
... it only confuses people.
2016-12-23 23:32:43 +01:00
Daniel Stenberg
00c817068e openssl-random: check return code when asking for random
and fail appropriately if it returns error
2016-12-23 15:29:01 +01:00
Daniel Stenberg
c7834ecd45 gnutls-random: check return code for failed random 2016-12-23 15:01:53 +01:00
Kamil Dudka
f81b2277a8 randit: store the value in the buffer 2016-12-21 23:42:43 +01:00
Marcel Raad
773cef4fae
lib: fix MSVC compiler warnings
Visual C++ complained:
warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data
warning C4701: potentially uninitialized local variable 'path' used
2016-12-21 11:07:26 +01:00
Daniel Stenberg
f44cf7914f ssh: inhibit coverity warning with (void)
CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN)
2016-12-20 14:46:47 +01:00
Daniel Stenberg
21a7a96c90 Curl_recv_has_postponed_data: silence compiler warnings
Follow-up to d00f2a8f2
2016-12-19 09:20:54 +01:00
Jay Satiro
c2402b6e02 tests: checksrc compliance 2016-12-19 02:31:59 -05:00
Jay Satiro
d00f2a8f2e http_proxy: Fix proxy CONNECT hang on pending data
- Check for pending data before waiting on the socket.

Bug: https://github.com/curl/curl/issues/1156
Reported-by: Adam Langley
2016-12-19 02:26:52 -05:00
Dan McNulty
0354eed410 schannel: fix wildcard cert name validation on Win CE
Fixes a few issues in manual wildcard cert name validation in
schannel support code for Win32 CE:
- when comparing the wildcard name to the hostname, the wildcard
  character was removed from the cert name and the hostname
  was checked to see if it ended with the modified cert name.
  This allowed cert names like *.com to match the connection
  hostname. This violates recommendations from RFC 6125.
- when the wildcard name in the certificate is longer than the
  connection hostname, a buffer overread of the connection
  hostname buffer would occur during the comparison of the
  certificate name and the connection hostname.
2016-12-19 07:53:20 +01:00
Daniel Stenberg
3ab3c16db6 printf: fix floating point buffer overflow issues
... and add a bunch of floating point printf tests
2016-12-19 07:53:20 +01:00
Daniel Stenberg
60450d507f config-amigaos.h: (embarrassed) made the line shorter 2016-12-18 23:46:17 +01:00
Daniel Stenberg
c562329996 config-amigaos.h: fix bug report email reference 2016-12-18 23:45:22 +01:00
Michael Kaufmann
f9484d9fb1 openssl: simplify expression in Curl_ossl_version 2016-12-18 13:09:51 +01:00
Isaac Boukris
82245eaa56 Curl_getconnectinfo: avoid checking if the connection is closed
It doesn't benefit us much as the connection could get closed at
any time, and also by checking we lose the ability to determine
if the socket was closed by reading zero bytes.

Reported-by: Michael Kaufmann

Closes https://github.com/curl/curl/pull/1134
2016-12-18 12:47:10 +01:00
Daniel Stenberg
845522cadb preproxy: renamed what was added as SOCKS_PROXY
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY

Added the corresponding --preroxy command line option. Sets a SOCKS
proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16 16:04:23 +01:00
Daniel Stenberg
7907a2bec9 CURLOPT_SOCKS_PROXYTYPE: removed
This was added as part of the SOCKS+HTTPS proxy merge but there's no
need to support this as we prefer to have the protocol specified as a
prefix instead.
2016-12-16 15:10:19 +01:00
Daniel Stenberg
1c3e8bbfed checksrc: warn for assignments within if() expressions
... they're already frowned upon in our source code style guide, this
now enforces the rule harder.
2016-12-14 01:29:44 +01:00
Daniel Stenberg
b228d2952b checksrc: stricter no-space-before-paren enforcement
In order to make the code style more uniform everywhere
2016-12-13 23:39:11 +01:00
Adam Langley
71a55534fa openssl: don't use OpenSSL's ERR_PACK.
ERR_PACK is an internal detail of OpenSSL. Also, when using it, a
function name must be specified which is overly specific: the test will
break whenever OpenSSL internally change things so that a different
function creates the error.

Closes #1157
2016-12-07 23:53:03 +01:00
Daniel Stenberg
74595b223d http_proxy: simplify CONNECT response reading
Since it now reads responses one byte a time, a loop could be removed
and it is no longer limited to get the whole response within 16K, it is
now instead only limited to 16K maximum header line lengths.
2016-12-01 16:18:52 +01:00
Daniel Stenberg
3ea3518429 CONNECT: read responses one byte at a time
... so that it doesn't read data that is actually coming from the
remote. 2xx responses have no body from the proxy, that data is from the
peer.

Fixes #1132
2016-12-01 16:18:36 +01:00
Daniel Stenberg
c50b878c15 CONNECT: reject TE or CL in 2xx responses
A server MUST NOT send any Transfer-Encoding or Content-Length header
fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section
4.3.6)

Also fixes the three test cases that did this.
2016-12-01 16:18:36 +01:00
Daniel Stenberg
aab33215af URL parser: reject non-numerical port numbers
Test 1281 added to verify
2016-12-01 10:36:37 +01:00
Dan Fandrich
18b02f1964 cyassl: fixed typo introduced in 4f8b1774 2016-11-30 21:57:55 +01:00