1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Commit Graph

25377 Commits

Author SHA1 Message Date
Daniel Stenberg
036ebac013
RELEASE-NOTES: synced 2019-11-23 20:45:52 +01:00
Jay Satiro
78cef06847 openssl: Revert to less sensitivity for SYSCALL errors
- Disable the extra sensitivity except in debug builds (--enable-debug).

- Improve SYSCALL error message logic in ossl_send and ossl_recv so that
  "No error" / "Success" socket error text isn't shown on SYSCALL error.

Prior to this change 0ab38f5 (precedes 7.67.0) increased the sensitivity
of OpenSSL's SSL_ERROR_SYSCALL error so that abrupt server closures were
also considered errors. For example, a server that does not send a known
protocol termination point (eg HTTP content length or chunked encoding)
_and_ does not send a TLS termination point (close_notify alert) would
cause an error if it closed the connection.

To be clear that behavior made it into release build 7.67.0
unintentionally. Several users have reported it as an issue.

Ultimately the idea is a good one, since it can help prevent against a
truncation attack. Other SSL backends may already behave similarly (such
as Windows native OS SSL Schannel). However much more of our user base
is using OpenSSL and there is a mass of legacy users in that space, so I
think that behavior should be partially reverted and then rolled out
slowly.

This commit changes the behavior so that the increased sensitivity is
disabled in all curl builds except curl debug builds (DEBUGBUILD). If
after a period of time there are no major issues then it can be enabled
in dev and release builds with the newest OpenSSL (1.1.1+), since users
using the newest OpenSSL are the least likely to have legacy problems.

Bug: https://github.com/curl/curl/issues/4409#issuecomment-555955794
Reported-by: Bjoern Franke

Fixes https://github.com/curl/curl/issues/4624
Closes https://github.com/curl/curl/pull/4623
2019-11-22 22:29:39 -05:00
Daniel Stenberg
1f4e7dc661 openssl: improve error message for SYSCALL during connect
Reported-by: Paulo Roberto Tomasi
Bug: https://curl.haxx.se/mail/archive-2019-11/0005.html

Closes https://github.com/curl/curl/pull/4593
2019-11-22 22:29:37 -05:00
Daniel Stenberg
74f441c6d3
test1175: verify symbols-in-versions and libcurl-errors.3 in sync
Closes #4628
2019-11-22 09:11:53 +01:00
Daniel Stenberg
f70da9c17e
include: make CURLE_HTTP3 use a new error code
To avoid potential issues with error code reuse.

Reported-by: Christoph M. Becker
Assisted-by: Dan Fandrich
Fixes #4601
Closes #4627
2019-11-21 23:16:29 +01:00
Daniel Stenberg
e1f66ee3bf
bump: next release will be 7.68.0 2019-11-21 16:36:19 +01:00
Daniel Stenberg
215baa74f7
curl: add --parallel-immediate
Starting with this change when doing parallel transfers, without this
option set, curl will prefer to create new transfers multiplexed on an
existing connection rather than creating a brand new one.

--parallel-immediate can be set to tell curl to prefer to use new
connections rather than to wait and try to multiplex.

libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default
on parallel transfers.

Suggested-by: Tom van der Woerdt
Closes #4500
2019-11-21 16:36:10 +01:00
Victor Magierski
8487734e8b docs: fix typos
Change 'experiemental' to 'experimental'.

Closes #4618
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
2019-11-20 09:59:05 +01:00
Jay Satiro
821171dbfd projects: Fix Visual Studio wolfSSL configurations
- s/USE_CYASSL/USE_WOLFSSL/

- Remove old compatibility macros.

Follow-up to 1c6c59a from several months ago when CyaSSL named symbols
were renamed to wolfSSL. The wolfSSL library was formerly named CyaSSL
and we kept using their old name for compatibility reasons, until
earlier this year.
2019-11-18 18:42:34 -05:00
Daniel Stenberg
58bdf056ae
RELEASE-NOTES: synced 2019-11-18 17:39:16 +01:00
Javier Blazquez
e0363a47de
ngtcp2: use overflow buffer for extra HTTP/3 data
Fixes #4525
Closes #4603
2019-11-18 16:40:08 +01:00
Daniel Stenberg
425c572a19
altsvc: bump to h3-24
... as both ngtcp2 and quiche now support that in their master branches

Closes #4604
2019-11-18 14:49:34 +01:00
Daniel Stenberg
82e4d029c5
ngtcp2: free used resources on disconnect
Fixes #4614
Closes #4615
2019-11-18 14:46:12 +01:00
Daniel Stenberg
a72b6b9606
ngtcp2: handle key updates as ngtcp2 master branch tells us
Reviewed-by: Tatsuhiro Tsujikawa

Fixes #4612
Closes #4613
2019-11-18 14:42:51 +01:00
Gergely Nagy
d1476aa11e multi: Fix curl_multi_poll wait when extra_fds && !extra_nfds
Prior to this change:

The check if an extra wait is necessary was based not on the
number of extra fds but on the pointer.

If a non-null pointer was given in extra_fds, but extra_nfds
was zero, then the wait was skipped even though poll was not
called.

Closes https://github.com/curl/curl/pull/4610
2019-11-17 23:35:48 -05:00
Jay Satiro
1f6a18685e lib: Move lib/ssh.h -> lib/vssh/ssh.h
Follow-up to 5b2d703 which moved ssh source files to vssh.

Closes https://github.com/curl/curl/pull/4609
2019-11-17 23:27:39 -05:00
Andreas Falkenhahn
0a906a45af
INSTALL.md: provide Android build instructions
Closes #4606
2019-11-16 23:37:20 +01:00
Niall
b6a53fff6c
doh: improced both encoding and decoding
Improved estimation of expected_len and updated related comments;
increased strictness of QNAME-encoding, adding error detection for empty
labels and names longer than the overall limit; avoided treating DNAME
as unexpected;

updated unit test 1655 with more thorough set of proofs and tests

Closes #4598
2019-11-16 16:15:03 +01:00
Daniel Stenberg
7627a2dd9d
ngtcp2: increase QUIC window size when data is consumed
Assisted-by: Javier Blazquez
Ref #4525 (partial fix)
Closes #4600
2019-11-16 00:12:53 +01:00
Melissa Mears
c6b70de246
config-win32: cpu-machine-OS for Windows on ARM
Define the OS macro properly for Windows on ARM builds.  Also, we might
as well add the GCC-style IA-64 macro.

Closes #4590
2019-11-14 23:27:06 +01:00
Daniel Stenberg
ea19dbe662
examples: add multi-poll.c
Show how curl_multi_poll() makes it even easier to use the multi
interface.

Closes #4596
2019-11-14 23:24:00 +01:00
Daniel Stenberg
4e1eee1500
multi_poll: avoid busy-loop when called without easy handles attached
Fixes #4594
Closes #4595
Reported-by: 3dyd on github
2019-11-14 23:22:22 +01:00
Daniel Stenberg
7a46aeb0be
curl: fix -T globbing
Regression from e59371a493 (7.67.0)

Added test 490, 491 and 492 to verify the functionality.

Reported-by: Kamil Dudka
Reported-by: Anderson Sasaki

Fixes #4588
Closes #4591
2019-11-14 13:44:50 +01:00
Daniel Stenberg
674298d191
HISTORY: added cmake, HTTP/3 and parallel downloads with curl 2019-11-13 10:21:12 +01:00
Daniel Stenberg
b3eb7d172a
quiche: reject headers in the wrong order
Pseudo header MUST come before regular headers or cause an error.

Reported-by: Cynthia Coan
Fixes #4571
Closes #4584
2019-11-12 09:44:24 +01:00
Daniel Stenberg
8686aab694
openssl: prevent recursive function calls from ctx callbacks
Follow the pattern of many other callbacks.

Ref: #4546
Closes #4585
2019-11-12 09:40:00 +01:00
Daniel Stenberg
cbaaae44fe
CURL-DISABLE: initial docs for the CURL_DISABLE_* defines
The disable-scan script used in test 1165 is extended to also verify
that the docs cover all used defines and all defines offered by
configure.

Reported-by: SLDiggie on github
Fixes #4545
Closes #4587
2019-11-12 09:35:39 +01:00
Daniel Stenberg
13182b33f7
remove_handle: clear expire timers after multi_done()
Since 59041f0, a new timer might be set in multi_done() so the clearing
of the timers need to happen afterwards!

Reported-by: Max Kellermann
Fixes #4575
Closes #4583
2019-11-11 14:49:17 +01:00
Marcel Raad
86e26996c7
test1558: use double slash after file:
Classic MinGW / MSYS 1 doesn't support `MSYS2_ARG_CONV_EXCL`, so this
test unnecessarily failed when using `file:/` instead of `file:///`.

Closes https://github.com/curl/curl/pull/4554
2019-11-10 20:34:40 +01:00
Daniel Stenberg
32747aafa0
pause: avoid updating socket if done was already called
... avoids unnecesary recursive risk when the transfer is already done.

Reported-by: Richard Bowker
Fixes #4563
Closes #4574
2019-11-10 16:48:47 +01:00
Jay Satiro
07cf042ece strerror: Fix an error looking up some Windows error strings
- Use FORMAT_MESSAGE_IGNORE_INSERTS to ignore format specifiers in
  Windows error strings.

Since we are not in control of the error code we don't know what
information may be needed by the error string's format specifiers.

Prior to this change Windows API error strings which contain specifiers
(think specifiers like similar to printf specifiers) would not be shown.
The FormatMessage Windows API call which turns a Windows error code into
a string could fail and set error ERROR_INVALID_PARAMETER if that error
string contained a format specifier. FormatMessage expects a va_list for
the specifiers, unless inserts are ignored in which case no substitution
is attempted.

Ref: https://devblogs.microsoft.com/oldnewthing/20071128-00/?p=24353
2019-11-09 18:07:59 -05:00
r-a-sattarov
8063c32209 system.h: fix for MCST lcc compiler
Fixed build by MCST lcc compiler on MCST Elbrus 2000 architecture and do
some code cleanup.

e2k (Elbrus 2000) - this is VLIW/EPIC architecture, like Intel Itanium
architecture.

Ref: https://en.wikipedia.org/wiki/Elbrus_2000

Closes https://github.com/curl/curl/pull/4576
2019-11-09 14:42:13 -05:00
Daniel Stenberg
cba52e2c21
TODO: curl_multi_unblock
Closes #4418
2019-11-08 23:31:08 +01:00
Daniel Stenberg
d04ee4c82a
TODO: Run web-platform-tests url tests
Closes #4477
2019-11-08 23:27:37 +01:00
Daniel Stenberg
1464abf7e7
TODO: 1.4 alt-svc sharing
Closes #4476
2019-11-08 23:24:37 +01:00
Daniel Stenberg
5d5bd4460e
test1560: require IPv6 for IPv6 aware URL parsing
The URL parser function can't reject a bad IPv6 address properly when
curl was built without IPv6 support.

Reported-by: Marcel Raad
Fixes #4556
Closes #4572
2019-11-08 23:09:53 +01:00
Daniel Stenberg
1f73138ce1
checksrc: repair the copyrightyear check
- Consider a modified file to be committed this year.

- Make the travis CHECKSRC also do COPYRIGHTYEAR scan in examples and
  includes

- Ignore 0 parents when getting latest commit date of file.

since in the CI we're dealing with a truncated repo of last 50 commits,
the file's most recent commit may not be available. when this happens
git log and rev-list show the initial commit (ie first commit not to be
truncated) but that's incorrect so ignore it.

Ref: https://github.com/curl/curl/pull/4547

Closes https://github.com/curl/curl/pull/4549

Co-authored-by: Jay Satiro
2019-11-08 14:51:42 +01:00
Daniel Stenberg
0bc60d91de
copyrights: fix copyright year range
.. because checksrc's copyright year check stopped working.

Ref: https://github.com/curl/curl/pull/4547

Closes https://github.com/curl/curl/pull/4549
2019-11-08 14:51:42 +01:00
Daniel Stenberg
3820c8d81d
RELEASE-NOTES: synced 2019-11-08 09:47:38 +01:00
Daniel Stenberg
8220dab4da
curlver: bump to 7.67.1 2019-11-08 09:47:29 +01:00
Daniel Stenberg
7ef4e2e90a
mailmap: fixup Massimiliano Fantuzzi 2019-11-08 09:46:48 +01:00
Daniel Stenberg
58f7ec1639
scripts/contributors: make committers get included too
in addition to authors
2019-11-08 09:45:58 +01:00
Massimiliano Fantuzzi HB9GUS
feea3c27ce configure: fix typo in help text
Closes https://github.com/curl/curl/pull/4570
2019-11-08 01:35:33 -05:00
Christian Schmitz
93213b2421
ntlm: USE_WIN32_CRYPTO check removed to get USE_NTLM2SESSION set
Closes #3704
2019-11-07 23:14:02 +01:00
Wyatt O'Day
93738efe16 build: fix for CURL_DISABLE_DOH
Fixes https://github.com/curl/curl/issues/4565
Closes https://github.com/curl/curl/pull/4566
2019-11-06 23:48:10 -05:00
Leonardo Taccari
bc1cd39a1d configure: avoid unportable `==' test(1) operator
Closes https://github.com/curl/curl/pull/4567
2019-11-06 19:41:38 -05:00
Daniel Stenberg
2e9b725f67
RELEASE-NOTES: synced
The 7.67.0 release
2019-11-05 16:53:54 +01:00
Daniel Stenberg
9367428c73
THANKS: add new names from 7.67.0 2019-11-05 16:50:55 +01:00
Daniel Stenberg
07f8986051
configure: only say ipv6 enabled when the variable is set
Previously it could say "IPv6: enabled" at the end of the configure run
but the define wasn't set because of a missing getaddrinfo().

Reported-by: Marcel Raad
Fixes #4555
Closes #4560
2019-11-05 16:48:39 +01:00
Marcel Raad
2839cfdc53
certs/Server-localhost-lastSAN-sv: regenerate with sha256
All other certificates were regenerated in commit ba782baac3, but
this one was missed.
Fixes test3001 on modern systems.

Closes https://github.com/curl/curl/pull/4551
2019-11-02 23:53:38 +01:00