1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-26 01:58:49 -05:00
Commit Graph

760 Commits

Author SHA1 Message Date
Olivier Brunel
4b86113f5e speed caps: not based on average speeds anymore
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE &
CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits
with the cumulative average speed of the entire transfer; While this
might work at times with good/constant connections, in other cases it
can result to the limits simply being "ignored" for more than "short
bursts" (as told in man page).

Consider a download that goes on much slower than the limit for some
time (because bandwidth is used elsewhere, server is slow, whatever the
reason), then once things get better, curl would simply ignore the limit
up until the average speed (since the beginning of the transfer) reached
the limit.  This could prove the limit useless to effectively avoid
using the entire bandwidth (at least for quite some time).

So instead, we now use a "moving starting point" as reference, and every
time at least as much as the limit as been transferred, we can reset
this starting point to the current position. This gets a good limiting
effect that applies to the "current speed" with instant reactivity (in
case of sudden speed burst).

Closes #971
2016-09-04 13:11:23 +02:00
Daniel Stenberg
3533def3d5 http2: make sure stream errors don't needlessly close the connection
With HTTP/2 each transfer is made in an indivial logical stream over the
connection, making most previous errors that caused the connection to get
forced-closed now instead just kill the stream and not the connection.

Fixes #941
2016-08-28 16:44:49 +02:00
Jay Satiro
895168bfd3 schannel: Disable ALPN for Wine since it is causing problems
- Disable ALPN on Wine.

- Don't pass input secbuffer when ALPN is disabled.

When ALPN support was added a change was made to pass an input secbuffer
to initialize the context. When ALPN is enabled the buffer contains the
ALPN information, and when it's disabled the buffer is empty. In either
case this input buffer caused problems with Wine and connections would
not complete.

Bug: https://github.com/curl/curl/issues/983
Reported-by: Christian Fillion
2016-08-26 15:35:16 -04:00
Steve Holme
670802bd0b urldata.h: Corrected comment for httpcode which is also populated by SMTP
As of 7.25.0 and commit 5430007222.
2016-08-20 20:20:32 +01:00
Daniel Stenberg
247d890da8 TLS: switch off SSL session id when client cert is used
CVE-2016-5419
Bug: https://curl.haxx.se/docs/adv_20160803A.html
Reported-by: Bru Rom
Contributions-by: Eric Rescorla and Ray Satiro
2016-08-03 00:34:27 +02:00
Daniel Stenberg
434f8d0389 internals: rename the SessionHandle struct to Curl_easy 2016-06-22 10:28:41 +02:00
Michael Kaufmann
0bdec5e01d cleanup: fix method names in code comments
Closes #887
2016-06-21 13:11:40 +02:00
Ivan Avdeev
31c521b047 vtls: fix ssl session cache race condition
Sessionid cache management is inseparable from managing individual
session lifetimes. E.g. for reference-counted sessions (like those in
SChannel and OpenSSL engines) every session addition and removal
should be accompanied with refcount increment and decrement
respectively. Failing to do so synchronously leads to a race condition
that causes symptoms like use-after-free and memory corruption.
This commit:
 - makes existing session cache locking explicit, thus allowing
   individual engines to manage lock's scope.
 - fixes OpenSSL and SChannel engines by putting refcount management
   inside this lock's scope in relevant places.
 - adds these explicit locking calls to other engines that use
   sessionid cache to accommodate for this change. Note, however,
   that it is unknown whether any of these engines could also have
   this race.

Bug: https://github.com/curl/curl/issues/815
Fixes #815
Closes #847
2016-06-01 09:40:55 +02:00
Daniel Stenberg
f6767f5435 TLS: move the ALPN/NPN enable bits to the connection
Only protocols that actually have a protocol registered for ALPN and NPN
should try to get that negotiated in the TLS handshake. That is only
HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN
would wrongly be used in all handshakes if libcurl was built with it
enabled.

Reported-by: Jay Satiro

Fixes #789
2016-05-09 15:30:25 -04:00
Jay Satiro
9f498de9a2 mbedtls: Fix session resume
This also fixes PolarSSL session resume.

Prior to this change the TLS session information wasn't properly
saved and restored for PolarSSL and mbedTLS.

Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
Reported-by: Thomas Glanzmann

Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
Reported-by: Moti Avrahami
2016-04-28 02:57:38 -04:00
Karlson2k
72d5e144fb sendf.c: added ability to call recv() before send() as workaround
WinSock destroys recv() buffer if send() is failed. As result - server
response may be lost if server sent it while curl is still sending
request. This behavior noticeable on HTTP server short replies if
libcurl use several send() for request (usually for POST request).
To workaround this problem, libcurl use recv() before every send() and
keeps received data in intermediate buffer for further processing.

Fixes: #657
Closes: #668
2016-04-20 09:22:48 +02:00
Alessandro Ghedini
dc68f2dab9 url: add CURLOPT_TCP_FASTOPEN option 2016-04-18 23:17:19 +02:00
Michael Kaufmann
cd8d236245 news: CURLOPT_CONNECT_TO and --connect-to
Makes curl connect to the given host+port instead of the host+port found
in the URL.
2016-04-17 23:50:59 +02:00
Jay Satiro
3f57880ad1 http2: Use size_t type for data drain count
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
2016-04-12 00:37:44 -04:00
Steve Holme
ccf7a82605 CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAME
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.

As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
2016-04-09 20:47:05 +01:00
Steve Holme
830a4e55a2 urldata: Use bool for socks5_gssapi_nec as it is a flag
This value is set to TRUE or FALSE so should be a bool and not a long.
2016-04-09 17:19:21 +01:00
Steve Holme
f044cbe6fc sasl: Fixed compilation errors from commit 9d89a0387
...when GSS-API or Windows SSPI are not used.
2016-04-09 05:57:10 +01:00
Steve Holme
2aaa63b555 spnego: Renamed the context's SPN variable
To be consistent with the Kerberos 5 context and other authentication
code.
2016-04-02 06:41:29 +01:00
Steve Holme
a5aec58726 imap/pop3/smtp: Fixed connections upgraded with TLS are not reused
Regression since commit 710f14edba.

Bug: https://github.com/curl/curl/issues/422
Reported-by: Justin Ehlert
2016-03-08 19:36:46 +00:00
Michael Koenig
9dc3eaee29 TFTP: add option to suppress TFTP option requests (Part 1)
Some TFTP server implementations ignore the "TFTP Option extension"
(RFC 1782-1784, 2347-2349), or implement it in a flawed way, causing
problems with libcurl. Another switch for curl_easy_setopt
"CURLOPT_TFTP_NO_OPTIONS" is introduced which prevents libcurl from
sending TFTP option requests to a server, avoiding many problems caused
by faulty implementations.

Bug: https://github.com/curl/curl/issues/481
2016-02-23 03:00:58 -05:00
Daniel Stenberg
716302c2cd mbedtls: fix ALPN usage segfault
Since we didn't keep the input argument around after having called
mbedtls, it could end up accessing the wrong memory when figuring out
the ALPN protocols.

Closes #642
2016-02-09 23:37:14 +01:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Gisle Vanem
bdb465274f urldata: Error on missing SSL backend-specific connect info 2016-01-29 00:11:43 -05:00
Sergei Nikulov
91460b2b8a urldata: moved common variable out of ifdef
Closes https://github.com/bagder/curl/pull/618
2016-01-28 03:01:51 -05:00
Steve Holme
eaa98cef8d oauth2: Don't use XOAUTH2 in OAuth 2.0 variables 2015-11-09 22:25:08 +00:00
Steve Holme
4e3d396900 oauth2: Use OAuth 2.0 rather than XOAUTH2 in comments
When referring to OAuth 2.0 we should use the official name rather the
SASL mechanism name.
2015-11-09 22:25:08 +00:00
Daniel Stenberg
d31ed6ac71 http2: s/priority/weight 2015-10-23 08:22:38 +02:00
Daniel Stenberg
3042cb5043 http2: added three stream prio/deps options
CURLOPT_STREAM_DEPENDS

CURLOPT_STREAM_DEPENDS_E

CURLOPT_STREAM_PRIORITY
2015-10-23 08:22:38 +02:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Daniel Stenberg
c6aedf680f fread_func: move callback pointer from set to state struct
... and assign it from the set.fread_func_set pointer in the
Curl_init_CONNECT function. This A) avoids that we have code that
assigns fields in the 'set' struct (which we always knew was bad) and
more importantly B) it makes it impossibly to accidentally leave the
wrong value for when the handle is re-used etc.

Introducing a state-init functionality in multi.c, so that we can set a
specific function to get called when we enter a state. The
Curl_init_CONNECT is thus called when switching to the CONNECT state.

Bug: https://github.com/bagder/curl/issues/346

Closes #346
2015-10-15 23:32:19 +02:00
Nathaniel Waisbrot
9756d1da76 CURLOPT_DEFAULT_PROTOCOL: added
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.

- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.

In the case of schemeless URLs libcurl will behave in this way:

When the option is used libcurl will use the supplied default.

When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
2015-08-22 21:57:14 -04:00
Michael Kaufmann
c5d060cab4 HTTP: ignore "Content-Encoding: compress"
Currently, libcurl rejects responses with "Content-Encoding: compress"
when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should
treat the Content-Encoding "compress" the same as other
Content-Encodings that it does not support, e.g. "bzip2". That means
just ignoring it.
2015-07-25 00:46:01 +02:00
Jay Satiro
172b2beba6 SSL: Add an option to disable certificate revocation checks
New tool option --ssl-no-revoke.
New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS.

Currently this option applies only to WinSSL where we have automatic
certificate revocation checking by default. According to the
ssl-compared chart there are other backends that have automatic checking
(NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at
some later point.

Bug: https://github.com/bagder/curl/issues/264
Reported-by: zenden2k <zenden2k@gmail.com>
2015-07-17 02:40:16 -04:00
Daniel Stenberg
ea7134ac87 http2: initial implementation of the push callback 2015-06-24 23:44:42 +02:00
Jay Satiro
3e7ec1e849 schannel: schannel_recv overhaul
This commit is several drafts squashed together. The changes from each
draft are noted below. If any changes are similar and possibly
contradictory the change in the latest draft takes precedence.

Bug: https://github.com/bagder/curl/issues/244
Reported-by: Chris Araman

%%
%% Draft 1
%%
- return 0 if len == 0. that will have to be documented.
- continue on and process the caches regardless of raw recv
- if decrypted data will be returned then set the error code to CURLE_OK
and return its count
- if decrypted data will not be returned and the connection has closed
(eg nread == 0) then return 0 and CURLE_OK
- if decrypted data will not be returned and the connection *hasn't*
closed then set the error code to CURLE_AGAIN --only if an error code
isn't already set-- and return -1
- narrow the Win2k workaround to only Win2k

%%
%% Draft 2
%%
- Trying out a change in flow to handle corner cases.

%%
%% Draft 3
%%
- Back out the lazier decryption change made in draft2.

%%
%% Draft 4
%%
- Some formatting and branching changes
- Decrypt all encrypted cached data when len == 0
- Save connection closed state
- Change special Win2k check to use connection closed state

%%
%% Draft 5
%%
- Default to CURLE_AGAIN in cleanup if an error code wasn't set and the
connection isn't closed.

%%
%% Draft 6
%%
- Save the last error only if it is an unrecoverable error.

Prior to this I saved the last error state in all cases; unfortunately
the logic to cover that in all cases would lead to some muddle and I'm
concerned that could then lead to a bug in the future so I've replaced
it by only recording an unrecoverable error and that state will persist.

- Do not recurse on renegotiation.

Instead we'll continue on to process any trailing encrypted data
received during the renegotiation only.

- Move the err checks in cleanup after the check for decrypted data.

In either case decrypted data is always returned but I think it's easier
to understand when those err checks come after the decrypted data check.

%%
%% Draft 7
%%
- Regardless of len value go directly to cleanup if there is an
unrecoverable error or a close_notify was already received. Prior to
this change we only acknowledged those two states if len != 0.

- Fix a bug in connection closed behavior: Set the error state in the
cleanup, because we don't know for sure it's an error until that time.

- (Related to above) In the case the connection is closed go "greedy"
with the decryption to make sure all remaining encrypted data has been
decrypted even if it is not needed at that time by the caller. This is
necessary because we can only tell if the connection closed gracefully
(close_notify) once all encrypted data has been decrypted.

- Do not renegotiate when an unrecoverable error is pending.

%%
%% Draft 8
%%
- Don't show 'server closed the connection' info message twice.

- Show an info message if server closed abruptly (missing close_notify).
2015-06-17 00:17:03 -04:00
Daniel Stenberg
b0143a2a33 read_callback: move to SessionHandle from connectdata
With many easy handles using the same connection for multiplexing, it is
important we store and keep the transfer-oriented stuff in the
SessionHandle so that callbacks and callback data work fine even when
many easy handles share the same physical connection.
2015-05-20 23:06:45 +02:00
Daniel Stenberg
811443754a CURLOPT_PIPEWAIT: added
By setting this option to 1 libcurl will wait for a connection to reveal
if it is possible to pipeline/multiplex on before it continues.
2015-05-18 09:33:47 +02:00
Daniel Stenberg
783b3c7b42 http2: separate multiplex/pipelining + cleanup memory leaks 2015-05-18 08:57:18 +02:00
Daniel Stenberg
f4b8b39881 http2: leave WAITPERFORM when conn is multiplexed
No need to wait for our "spot" like for pipelining
2015-05-18 08:57:18 +02:00
Daniel Stenberg
01e1bdb10c http2: force "drainage" of streams
... which is necessary since the socket won't be readable but there is
data waiting in the buffer.
2015-05-18 08:57:17 +02:00
Linus Nielsen
97c272e5d1 Negotiate: custom service names for SPNEGO.
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Alessandro Ghedini
4dcd25e138 url: add CURLOPT_SSL_FALSESTART option
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
2015-03-20 20:14:33 +01:00
Dan Fandrich
9e66d3f4d3 axtls: version 1.5.2 now requires that config.h be manually included 2015-03-19 10:11:17 +01:00
Daniel Stenberg
00ea0e7db0 http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*
Since they already exist and will make comparing easier
2015-03-07 11:10:30 +01:00
Alessandro Ghedini
44ffe27056 urldata: remove unused asked_for_h2 field 2015-03-07 10:36:10 +01:00
Daniel Stenberg
042526c19f urldata: fix gnutls build 2015-03-06 10:13:40 +01:00
Daniel Stenberg
709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Alessandro Ghedini
3af90a6e19 url: add CURLOPT_SSL_VERIFYSTATUS option
This option can be used to enable/disable certificate status verification using
the "Certificate Status Request" TLS extension defined in RFC6066 section 8.

This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the
certificate status verification fails, and the Curl_ssl_cert_status_request()
function, used to check whether the SSL backend supports the status_request
extension.
2015-01-16 23:23:29 +01:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Patrick Monnerat
9081014c2c IPV6: address scope != scope id
There was a confusion between these: this commit tries to disambiguate them.
- Scope can be computed from the address itself.
- Scope id is scope dependent: it is currently defined as 1-based local
  interface index for link-local scoped addresses, and as a site index(?) for
  (obsolete) site-local addresses. Linux only supports it for link-local
  addresses.
The URL parser properly parses a scope id as an interface index, but stores it
in a field named "scope": confusion. The field has been renamed into "scope_id".
Curl_if2ip() used the scope id as it was a scope. This caused failures
to bind to an interface.
Scope is now computed from the addresses and Curl_if2ip() matches them.
If redundantly specified in the URL, scope id is check for mismatch with
the interface index.

This commit should fix SF bug #1451.
2014-12-16 13:52:06 +01:00
Daniel Stenberg
680d5fd041 http2: avoid logging neg "failure" if h2 was not requested 2014-12-09 00:09:24 +01:00
Anthon Pang
1b3a398ec1 docs: Fix FAILONERROR typos
It returns error for >= 400 HTTP responses.

Bug: https://github.com/bagder/curl/pull/129
2014-12-04 12:14:59 -08:00
Peter Wu
970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Steve Holme
86b889485d sasl_gssapi: Added GSS-API based Kerberos V5 variables 2014-12-03 07:47:05 +00:00
Bill Nagel
02d2c0a08d smb: Added initial SMB functionality
Initial implementation of the SMB/CIFS protocol.
2014-11-30 18:01:15 +00:00
Bill Nagel
557658776f smb: Added SMB protocol and port definitions
Added the necessary protocol and port definitions in order to support
SMB/CIFS.
2014-11-29 21:26:40 +00:00
Michael Osipov
9f10e45e42 kerberos: Use symbol qualified with _KERBEROS5
For consistency renamed USE_KRB5 to USE_KERBEROS5.
2014-11-16 13:29:04 +00:00
Steve Holme
2e16100609 urldata: Don't define sec_complete when no GSS-API support present
This variable is only used with HAVE_GSSAPI is defined by the FTP code
so let's place the definition with the other GSS-API based variables.
2014-11-15 13:15:02 +00:00
Michael Osipov
d54b551f6c docs: Use consistent naming for Kerberos 2014-11-15 13:10:45 +00:00
Steve Holme
500d2db302 http_digest: Reworked the SSPI based input token storage
Reworked the input token (challenge message) storage as what is passed
to the buf and desc in the response generation are typically blobs of
data rather than strings, so this is more in keeping with other areas
of the SSPI code, such as the NTLM message functions.
2014-11-06 14:59:53 +00:00
Steve Holme
1033acd92d http_digest: Added required SSPI based variables to digest structure 2014-11-06 11:10:08 +00:00
Daniel Stenberg
b387560692 curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds
When duplicating a handle, the data to post was duplicated using
strdup() when it could be binary and contain zeroes and it was not even
zero terminated! This caused read out of bounds crashes/segfaults.

Since the lib/strdup.c file no longer is easily shared with the curl
tool with this change, it now uses its own version instead.

Bug: http://curl.haxx.se/docs/adv_20141105.html
CVE: CVE-2014-3707
Reported-By: Symeon Paraschoudis
2014-11-05 08:05:14 +01:00
Steve Holme
b6821dbb91 sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used
Typically the USE_WINDOWS_SSPI definition would not be used when the
CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build
configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication
data structures and functions would incorrectly be used when they
shouldn't be.

Introduced a new USE_KRB5 definition that takes into account the use of
CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do.
2014-11-02 00:35:16 +00:00
Kamil Dudka
276741af4d transfer: drop the code handling the ssl_connect_retry flag
Its last use has been removed by the previous commit.
2014-10-29 14:34:46 +01:00
Steve Holme
d91d21f05b sspi: Renamed max token length variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-26 14:43:02 +00:00
Steve Holme
3fe5b462f7 ntlm: Only define ntlm data structure when USE_NTLM is defined 2014-10-25 22:36:49 +01:00
Steve Holme
28ff8babad ntlm: Changed handles to be dynamic like other SSPI handles
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:16:06 +01:00
Steve Holme
f9f212fb93 ntlm: Renamed handle variables to match other SSPI structures
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:15:57 +01:00
Steve Holme
df97ab3e5f ntlm: Renamed SSPI based input token variables
Code cleanup to try and synchronise code between the different SSPI
based authentication mechanisms.
2014-10-25 14:15:48 +01:00
Steve Holme
7a91296f1d ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token 2014-10-16 20:19:33 +01:00
Patrick Monnerat
265b9a2e49 vtls: remove QsoSSL 2014-10-13 16:33:47 +02:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Steve Holme
b5c56190b2 urldata.h: Fixed compilation warnings from commit 3ec253532e
warning: extra tokens at end of #endif directive
2014-08-14 12:07:28 +01:00
Steve Holme
3ec253532e urldata: Introduced a GSSAPI (Kerberos V5) data structure
Added a kerberos5data structure which is similar in nature to the
ntlmdata and negotiatedata structures.
2014-08-14 01:29:12 +01:00
Steve Holme
72945b856e http_negotiate_sspi: Use a dynamic buffer for SPN generation
Updated to use a dynamic buffer for the SPN generation via the recently
introduced Curl_sasl_build_spn() function rather than a fixed buffer of
1024 characters, which should have been more than enough, but by using
the new function removes the need for another variable sname to do the
wide character conversion in Unicode builds.
2014-08-09 20:25:08 +01:00
Steve Holme
df739784e5 ntlm: Fixed hard coded buffer for SSPI based auth packet generation
Given the SSPI package info query indicates a token size of 2888 bytes,
and as with the Winbind code and commit 9008f3d56, use a dynamic buffer
for the Type-1 and Type-3 message generation rather than a fixed buffer
of 1024 bytes.
2014-08-08 07:31:03 +01:00
Steve Holme
f8a8ed73fe http_negotiate_sspi: Fixed specific username and password not working
Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html
Reported-by: Leonardo Rosati
2014-08-06 20:31:19 +01:00
Michael Osipov
eed1c63c70 docs: Improve inline GSS-API naming in code documentation 2014-07-23 00:01:39 +02:00
Michael Osipov
e38ba43014 curl.h/features: Deprecate GSS-Negotiate macros due to bad naming
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE
- CURL_VERSION_GSSNEGOTIATE is deprecated which
  is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and
  CURUL_VERSION_SPNEGO now.
- Remove display of feature 'GSS-Negotiate'
2014-07-23 00:01:39 +02:00
Michael Osipov
5128672731 HTTP: Remove checkprefix("GSS-Negotiate")
That auth mech has never existed neither on MS nor on Unix side.
There is only Negotiate over SPNEGO.
2014-07-23 00:01:39 +02:00
Kamil Dudka
ca2aa61b66 nss: make the list of CRL items global
Otherwise NSS could use an already freed item for another connection.
2014-07-04 13:15:03 +02:00
Kamil Dudka
52cd5ac21c nss: fix a memory leak when CURLOPT_CRLFILE is used 2014-07-04 08:25:05 +02:00
Alessandro Ghedini
345bfab518 gnutls: don't use deprecated type names anymore 2014-05-28 00:27:33 +02:00
Daniel Stenberg
df13f8e8c2 bits.close: introduce connection close tracking
Make all code use connclose() and connkeep() when changing the "close
state" for a connection. These two macros take a string argument with an
explanation, and debug builds of curl will include that in the debug
output. Helps tracking connection re-use/close issues.
2014-05-22 00:34:10 +02:00
Daniel Stenberg
84bd19ffd4 timers: fix timer regression involving redirects / reconnects
In commit 0b3750b5c2 (released in 7.36.0) we fixed a timeout issue
but instead broke the timings.

To fix this, I introduce a new timestamp to use for the timeouts and
restored the previous timestamp and timestamp position so that the old
timer functionality is restored.

In addition to that, that change also broke connection timeouts for when
more than one connect was used (as it would then count the total time
from the first connect and not for the most recent one). Now
Curl_timeleft() has been modified so that it checks against different
start times depending on which timeout it checks.

Test 1303 is updated accordingly.

Bug: http://curl.haxx.se/mail/lib-2014-05/0147.html
Reported-by: Ryan Braud
2014-05-15 21:28:19 +02:00
Daniel Stenberg
d5ec44ca4c INFILESIZE: fields in UserDefined must not be changed run-time
set.infilesize in this case was modified in several places, which could
lead to repeated requests using the same handle to get unintendent/wrong
consequences based on what the previous request did!
2014-04-26 18:17:10 +02:00
Daniel Stenberg
710f14edba handler: make 'protocol' always specified as a single bit
This makes the findprotocol() function work as intended so that libcurl
can properly be restricted to not support HTTP while still supporting
HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS
bits in the protocol field.

This fixes --proto and --proto-redir for most SSL protocols.

This is done by adding a few new convenience defines that groups HTTP
and HTTPS, FTP and FTPS etc that should then be used when the code wants
to check for both protocols at once. PROTO_FAMILY_[protocol] style.

Bug: https://github.com/bagder/curl/pull/97
Reported-by: drizzt
2014-04-23 22:36:01 +02:00
Kamil Dudka
8868a226cd nss: implement non-blocking SSL handshake 2014-04-22 22:56:14 +02:00
Daniel Stenberg
ef6be35bae CURLOPT_HEADEROPT: added
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc CURLOPT_PROXYHEADER: set headers for proxy-only
Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
8a0385c1ad urldata: spellfix comment
Reported-by: Melissa
2014-04-01 08:00:34 +02:00
Daniel Stenberg
ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Steve Holme
517b06d657 url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-25 23:01:37 +01:00
Gaël PORTAY
ff25f437a5 polarssl: break compatibility with version older than 1.3.
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
2014-03-18 21:01:11 +01:00
hasufell
4d6108315b polarssl: fix compilation
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
2014-03-17 20:08:45 +01:00
Daniel Stenberg
219a0fbe76 remote_port: allow connect to port 0
Port number zero is perfectly allowed to connect to. I moved to storing
the remote port number in an int so that -1 means undefined and 0-65535
can be used for legitimate port numbers.
2014-03-05 17:38:05 +00:00
Tiit Pikma
c021a60bcc transfer: make Expect: 100-continue timeout configurable.
Replaced the #define CURL_TIMEOUT_EXPECT_100 in transfer.c with the
CURLOPT_EXPECT_100_TIMEOUT_MS option to make the timeout configurable.
2014-02-13 16:05:17 +01:00
Fabian Frank
909a68c121 NPN/ALPN: allow disabling via command line
when using --http2 one can now selectively disable NPN or ALPN with
--no-alpn and --no-npn. for now honored with NSS only.

TODO: honor this option with GnuTLS and OpenSSL
2014-02-10 13:06:17 +01:00
Fabian Frank
22c198fa89 openssl: set up hooks with to perform NPN
NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0
connections. It is expected to be replaced by ALPN in the future. If
HTTP/2.0 is negotiated, this is indicated for the entire connection and
http.c is expected to initialize itself for HTTP/2.0 instead of
HTTP/1.1.

see:
http://technotes.googlecode.com/git/nextprotoneg.html
http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-01-30 11:13:28 +01:00
Prash Dush
86724581b6 ntlm: Added support for NTLMv2 2014-01-29 20:17:11 +00:00
Daniel Stenberg
8d3608f2ad http2: handle 101 responses and switch to HTTP2 2014-01-29 10:24:05 +01:00
Steve Holme
dc68120e63 curl_easy_getinfo: Post CURLINFO_TLS_SESSION tidy up
1) Renamed curl_tlsinfo to curl_tlssessioninfo as discussed on the
mailing list.
2) Renamed curl_ssl_backend to curl_sslbackend so it doesn't follow our
function naming convention.
3) Updated sessioninfo.c example accordingly.
2013-11-30 11:08:56 +00:00
Christian Grothoff
2c04e8d80c curl_easy_getinfo: Added CURLINFO_TLS_SESSION for accessing TLS internals
Added new API for returning a SSL backend type and pointer, in order to
allow access to the TLS internals, that may then be used to obtain X509
certificate information for example.
2013-11-21 20:40:04 +00:00
Björn Stenberg
7d7df83198 Add "Happy Eyeballs" for IPv4/IPv6.
This patch invokes two socket connect()s nearly simultaneously, and
the socket that is first connected "wins" and is subsequently used for
the connection. The other is terminated.

There is a very slight IPv4 preference, in that if both sockets connect
simultaneously IPv4 is checked first and thus will win.
2013-10-27 11:19:53 +01:00
Daniel Stenberg
4344fa926a http2: actually init nghttp2 and send HTTP2-Settings properly 2013-09-07 13:01:43 +02:00
Kyle L. Huff
06c1bea72f options: added basic SASL XOAUTH2 support
Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the
option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth
2.0 Authorization Framework".
2013-08-25 22:03:57 +01:00
Daniel Stenberg
bb55293313 FTP: remove krb4 support
We've announced this pending removal for a long time and we've
repeatedly asked if anyone would care or if anyone objects. Nobody has
objected. It has probably not even been working for a good while since
nobody has tested/used this code recently.

The stuff in krb4.h that was generic enough to be used by other sources
is now present in security.h
2013-08-25 19:16:36 +02:00
Jonathan Nieder
2f1a0bc0bf url: handle arbitrary-length username and password before '@'
libcurl quietly truncates usernames, passwords, and options from
before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1)
characters to fit in fixed-size buffers on the stack.  Allocate a
buffer large enough to fit the parsed fields on the fly instead to
support longer passwords.

After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH
left, so stop defining that constant while at it.  The hardcoded max
username and password length constants, on the other hand, are still
used in HTTP proxy credential handling (which this patch doesn't
touch).

Reported-by: Colby Ranger
2013-08-20 11:16:38 +02:00
Daniel Stenberg
e79535bc5e SessionHandle: the protocol specific pointer is now a void *
All protocol handler structs are now opaque (void *) in the
SessionHandle struct and moved in the request-specific sub-struct
'SingleRequest'. The intension is to keep the protocol specific
knowledge in their own dedicated source files [protocol].c etc.

There's some "leakage" where this policy is violated, to be addressed at
a later point in time.
2013-08-12 13:17:57 +02:00
Daniel Stenberg
4ad8e142da urldata: clean up the use of the protocol specific structs
1 - always allocate the struct in protocol->setup_connection. Some
protocol handlers had to get this function added.

2 - always free at the end of a request. This is also an attempt to keep
less memory in the handle after it is completed.
2013-08-12 13:17:57 +02:00
Daniel Stenberg
7cc00d9a83 FTP: when EPSV gets a 229 but fails to connect, retry with PASV
This is a regression as this logic used to work. It isn't clear when it
broke, but I'm assuming in 7.28.0 when we went all-multi internally.

This likely never worked with the multi interface. As the failed
connection is detected once the multi state has reached DO_MORE, the
Curl_do_more() function was now expanded somewhat so that the
ftp_do_more() function can request to go "back" to the previous state
when it makes another attempt - using PASV.

Added test case 1233 to verify this fix. It has the little issue that it
assumes no service is listening/accepting connections on port 1...

Reported-by: byte_bucket in the #curl IRC channel
2013-08-06 09:57:59 +02:00
Daniel Stenberg
784336deec multi: remove data->state.current_conn struct field
Not needed
2013-08-03 22:51:35 +02:00
Daniel Stenberg
eb41e8eebe multi: remove the one_easy struct field
Since the merge of SessionHandle with Curl_one_easy, this indirection
isn't used anymore.
2013-08-03 22:51:35 +02:00
Daniel Stenberg
3cd43bbfec multi: rename all Curl_one_easy to SessionHandle 2013-08-03 22:51:35 +02:00
Daniel Stenberg
204e340bcd multi: remove the multi_pos struct field
Since Curl_one_easy is really a SessionHandle now, this indirection
doesn't exist anymore.
2013-08-03 22:51:35 +02:00
Daniel Stenberg
37f2ba7e57 multi: remove easy_handle struct field
It isn't needed anymore
2013-08-03 22:51:35 +02:00
Daniel Stenberg
09b9fc9009 multi: remove 'Curl_one_easy' struct, phase 1
The motivation for having a separate struct that keep track of an easy
handle when using the multi handle was removed when we switched to
always using the multi interface internally. Now they were just two
separate struct that was always allocated for each easy handle.

This first step just moves the Curl_one_easy struct members into the
SessionHandle struct and hides this somehow (== keeps the source code
changes to a minimum) by defining Curl_one_easy to SessionHandle

The biggest changes in this commit are:

 1 - the linked list of easy handles had to be changed somewhat due
     to the new struct layout. This made the main linked list pointer
     get renamed to 'easyp' and there's also a new pointer to the last
     node, called easylp. It is no longer circular but ends with ->next
     pointing to NULL. New nodes are still added last.

 2 - easy->state is now called easy->mstate to avoid name collision
2013-08-03 22:51:35 +02:00
Daniel Stenberg
12d01cb6fa CURLOPT_XFERINFOFUNCTION: introducing a new progress callback
CURLOPT_XFERINFOFUNCTION is now the preferred progress callback function
and CURLOPT_PROGRESSFUNCTION is considered deprecated.

This new callback uses pure 'curl_off_t' arguments to pass on full
resolution sizes. It otherwise retains the same characteristics: the
same call rate, the same meanings for the arguments and the return code
is used the same way.

The progressfunc.c example is updated to show how to use the new
callback for newer libcurls while supporting the older one if built with
an older libcurl or even built with a newer libcurl while running with
an older.
2013-07-18 23:44:06 +02:00
Patrick Monnerat
0eba02fd41 OS400: new SSL backend GSKit 2013-07-15 19:00:36 +02:00
Eric Hu
10b6d81c64 axtls: now done non-blocking 2013-06-12 10:37:32 +02:00
Marc Hoersken
35874298e4 curl_schannel.c: Fixed invalid memory access during SSL shutdown 2013-05-05 17:57:37 +02:00
Steve Holme
a846fbbe2a sasl-ir: Added CURLOPT_SASL_IR to enable/disable the SASL initial response 2013-04-27 09:58:20 +01:00
Steve Holme
455ba691a7 url: Removed unused text length constants 2013-04-21 12:16:12 +01:00
Steve Holme
fddb7b44a7 url: Added support for parsing login options from the CURLOPT_USERPWD
In addition to parsing the optional login options from the URL, added
support for parsing them from CURLOPT_USERPWD, to allow the following
supported command line:

--user username:password;options
2013-04-20 09:08:28 +01:00
Steve Holme
73aa95592f url: Added support for parsing login options from the URL
As well as parsing the username and password from the URL, added support
for parsing the optional options part from the login details, to allow
the following supported URL format:

schema://username:password;options@example.com/path?q=foobar

This will only be used by IMAP, POP3 and SMTP at present but any
protocol that may be given login options in the URL will be able to
add support for them.
2013-04-13 10:49:42 +01:00
Daniel Stenberg
e7c56a8406 Curl_open: restore default MAXCONNECTS to 5
At some point recently we lost the default value for the easy handle's
connection cache, and this change puts it back to 5 - which is the
former default value and it is documented in the curl_easy_setopt.3 man
page.
2013-04-05 09:20:04 +02:00
Linus Nielsen Feltzing
0f147887b0 Multiple pipelines and limiting the number of connections.
Introducing a number of options to the multi interface that
allows for multiple pipelines to the same host, in order to
optimize the balance between the penalty for opening new
connections and the potential pipelining latency.

Two new options for limiting the number of connections:

CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections
to the same host. When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished, so we can reuse the connection.

CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total.
When adding a handle that exceeds this limit,
that handle will be put in a pending state until another handle is
finished. The free connection will then be reused, if possible, or
closed if the pending handle can't reuse it.

Several new options for pipelining:

CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a
pipeline is "full" when a connection is to be reused, a new connection
will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it.
If not, the handle will be put in a pending state until a connection is
ready (either free or a pipe got shorter).

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a transfer with a content
length that is larger than this.

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not
be reused if it is currently processing a chunk larger than this.

CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow
pipelining.

CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow
pipelining.

See the curl_multi_setopt() man page for details.
2013-03-13 23:55:24 +01:00
Steve Holme
ed7d438a12 pop3: Introduced a custom SMTP structure for per-request data
Created a new SMTP structure and changed the type of the smtp proto
variable in connectdata from FTP* to SMTP*.
2013-02-23 19:31:59 +00:00
Steve Holme
e2201dc849 pop3: Introduced a custom POP3 structure for per-request data
Created a new POP3 structure and changed the type of the pop3 proto
variable in connectdata from FTP* to POP*.
2013-02-23 16:06:54 +00:00
Steve Holme
419bcf9d60 urldata.h: Fixed comment for opt_no_body variable
Corrected comment for opt_no_body variable to CURLOPT_NOBODY.
2013-02-23 12:31:12 +00:00
Jiri Hruska
2476b34b95 imap: Introduced a custom IMAP structure for per-request data
Created a new IMAP structure and changed the type of the imap proto
variable in connectdata from FTP* to the new IMAP*.

Moved the mailbox variable from the per-connection struct imap_conn to
the new per-request struct and fixed references accordingly.
2013-02-23 11:27:02 +00:00
Willem Sparreboom
db3f3c14f2 PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
2013-02-15 23:15:10 +01:00
Nick Zitzmann
66aa9bf52d darwinssl: Fix send glitchiness with data > 32 or so KB
An ambiguity in the SSLWrite() documentation lead to a bad inference in the
code where we assumed SSLWrite() returned the amount of bytes written to
the socket, when that is not actually true; it returns the amount of data
that is buffered for writing to the socket if it returns errSSLWouldBlock.
Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.

Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
2013-02-12 13:02:36 -07:00
Daniel Stenberg
c43127414d always-multi: always use non-blocking internals
Remove internal separated behavior of the easy vs multi intercace.
curl_easy_perform() is now using the multi interface itself.

Several minor multi interface quirks and bugs have been fixed in the
process.

Much help with debugging this has been provided by: Yang Tse
2013-01-17 19:40:35 +01:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Yang Tse
ffd8e127e7 build: rename 76 lib/*.h files
76 private header files renamed to use our standard naming scheme.

This commit only does the file renaming.

----------------------------------------

  renamed:    amigaos.h -> curl_amigaos.h
  renamed:    arpa_telnet.h -> curl_arpa_telnet.h
  renamed:    asyn.h -> curl_asyn.h
  renamed:    axtls.h -> curl_axtls.h
  renamed:    bundles.h -> curl_bundles.h
  renamed:    conncache.h -> curl_conncache.h
  renamed:    connect.h -> curl_connect.h
  renamed:    content_encoding.h -> curl_content_encoding.h
  renamed:    cookie.h -> curl_cookie.h
  renamed:    cyassl.h -> curl_cyassl.h
  renamed:    dict.h -> curl_dict.h
  renamed:    easyif.h -> curl_easyif.h
  renamed:    escape.h -> curl_escape.h
  renamed:    file.h -> curl_file.h
  renamed:    fileinfo.h -> curl_fileinfo.h
  renamed:    formdata.h -> curl_formdata.h
  renamed:    ftp.h -> curl_ftp.h
  renamed:    ftplistparser.h -> curl_ftplistparser.h
  renamed:    getinfo.h -> curl_getinfo.h
  renamed:    gopher.h -> curl_gopher.h
  renamed:    gtls.h -> curl_gtls.h
  renamed:    hash.h -> curl_hash.h
  renamed:    hostcheck.h -> curl_hostcheck.h
  renamed:    hostip.h -> curl_hostip.h
  renamed:    http.h -> curl_http.h
  renamed:    http_chunks.h -> curl_http_chunks.h
  renamed:    http_digest.h -> curl_http_digest.h
  renamed:    http_negotiate.h -> curl_http_negotiate.h
  renamed:    http_proxy.h -> curl_http_proxy.h
  renamed:    if2ip.h -> curl_if2ip.h
  renamed:    imap.h -> curl_imap.h
  renamed:    inet_ntop.h -> curl_inet_ntop.h
  renamed:    inet_pton.h -> curl_inet_pton.h
  renamed:    krb4.h -> curl_krb4.h
  renamed:    llist.h -> curl_llist.h
  renamed:    memdebug.h -> curl_memdebug.h
  renamed:    multiif.h -> curl_multiif.h
  renamed:    netrc.h -> curl_netrc.h
  renamed:    non-ascii.h -> curl_non-ascii.h
  renamed:    nonblock.h -> curl_nonblock.h
  renamed:    nssg.h -> curl_nssg.h
  renamed:    parsedate.h -> curl_parsedate.h
  renamed:    pingpong.h -> curl_pingpong.h
  renamed:    polarssl.h -> curl_polarssl.h
  renamed:    pop3.h -> curl_pop3.h
  renamed:    progress.h -> curl_progress.h
  renamed:    qssl.h -> curl_qssl.h
  renamed:    rawstr.h -> curl_rawstr.h
  renamed:    rtsp.h -> curl_rtsp.h
  renamed:    select.h -> curl_select.h
  renamed:    sendf.h -> curl_sendf.h
  renamed:    setup.h -> curl_setup.h
  renamed:    setup_once.h -> curl_setup_once.h
  renamed:    share.h -> curl_share.h
  renamed:    slist.h -> curl_slist.h
  renamed:    smtp.h -> curl_smtp.h
  renamed:    sockaddr.h -> curl_sockaddr.h
  renamed:    socks.h -> curl_socks.h
  renamed:    speedcheck.h -> curl_speedcheck.h
  renamed:    splay.h -> curl_splay.h
  renamed:    ssh.h -> curl_ssh.h
  renamed:    sslgen.h -> curl_sslgen.h
  renamed:    ssluse.h -> curl_ssluse.h
  renamed:    strdup.h -> curl_strdup.h
  renamed:    strequal.h -> curl_strequal.h
  renamed:    strerror.h -> curl_strerror.h
  renamed:    strtok.h -> curl_strtok.h
  renamed:    strtoofft.h -> curl_strtoofft.h
  renamed:    telnet.h -> curl_telnet.h
  renamed:    tftp.h -> curl_tftp.h
  renamed:    timeval.h -> curl_timeval.h
  renamed:    transfer.h -> curl_transfer.h
  renamed:    url.h -> curl_url.h
  renamed:    urldata.h -> curl_urldata.h
  renamed:    warnless.h -> curl_warnless.h
  renamed:    wildcard.h -> curl_wildcard.h

----------------------------------------
2012-12-28 20:21:56 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Linus Nielsen Feltzing
d021f2e8a0 Introducing a new persistent connection caching system using "bundles".
A bundle is a list of all persistent connections to the same host.
The connection cache consists of a hash of bundles, with the
hostname as the key.
The benefits may not be obvious, but they are two:

1) Faster search for connections to reuse, since the hash
   lookup only finds connections to the host in question.
2) It lays out the groundworks for an upcoming patch,
   which will introduce multiple HTTP pipelines.

This patch also removes the awkward list of "closure handles",
which were needed to send QUIT commands to the FTP server
when closing a connection.
Now we allocate a separate closure handle and use that
one to close all connections.

This has been tested in a live system for a few weeks, and of
course passes the test suite.
2012-12-07 10:08:33 +01:00
Daniel Stenberg
da82f59b69 CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
After a research team wrote a document[1] that found several live source
codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
option thinking it was a boolean, this change now bans 1 as a value and
will make libcurl return error for it.

1 was never a sensible value to use in production but was introduced
back in the days to help debugging. It was always documented clearly
this way.

1 was never supported by all SSL backends in libcurl, so this cleanup
makes the treatment of it unified.

The report's list of mistakes for this option were all PHP code and
while there's a binding layer between libcurl and PHP, the PHP team has
decided that they have an as thin layer as possible on top of libcurl so
they will not alter or specifically filter a 'TRUE' value for this
particular option. I sympathize with that position.

[1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-11-06 19:46:53 +01:00
Marc Hoersken
160312d945 curl_schannel.c: Reference count the credential/session handle
Reference counting the credential handle should avoid that such a
handle is freed while it is still required for connection shutdown
2012-09-09 12:36:54 +02:00
Nick Zitzmann
f92779198d darwinssl: fixed freeze involving the multi interface
Previously the curl_multi interface would freeze if darwinssl was
enabled and at least one of the handles tried to connect to a Web site
using HTTPS. Removed the "wouldblock" state darwinssl was using because
I figured out a solution for our "would block but in which direction?"
dilemma.
2012-07-25 23:22:11 +02:00
Nick Zitzmann
3a4b28d473 DarwinSSL: several adjustments
- Renamed st_ function prefix to darwinssl_
- Renamed Curl_st_ function prefix to Curl_darwinssl_
- Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
- Fixed a teensy little bug that made non-blocking connection attempts block
- Made it so that it builds cleanly against the iOS 5.1 SDK
2012-06-26 21:39:48 +02:00
Nick Zitzmann
6d1ea388cb darwinssl: add support for native Mac OS X/iOS SSL 2012-06-26 14:04:15 +02:00
Gisle Vanem
0d0893f2b9 urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
via <winldap.h> in ldap.c.

http://curl.haxx.se/mail/lib-2012-06/0196.html
2012-06-14 01:51:51 +02:00
Marc Hoersken
7047e2ed72 schannel: Code cleanup and bug fixes
curl_sspi.c: Fixed mingw32-gcc compiler warnings
curl_sspi.c: Fixed length of error code hex output

The hex value was printed as signed 64-bit value on 64-bit systems:
SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)

It is now correctly printed as the following:
SEC_E_WRONG_PRINCIPAL (0x80090322)

curl_sspi.c: Fallback to security function table version number
Instead of reporting an unknown version, the interface version is used.

curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
curl_schannel: Replaced static buffer sizes with defined names
curl_schannel.c: First brace when declaring functions on column 0
curl_schannel.c: Put the pointer sign directly at variable name
curl_schannel.c: Use structs directly instead of typedef'ed structs
curl_schannel.c: Removed space before opening brace
curl_schannel.c: Fixed lines being longer than 80 chars
2012-06-11 19:00:35 +02:00
Marc Hoersken
8d78848a39 schannel: Moved interal struct types to urldata.h
Moved type definitions in order to avoid inclusion loop
2012-06-11 19:00:34 +02:00
Marc Hoersken
46792af733 schannel: Save session credential handles in session cache 2012-06-11 19:00:34 +02:00
Marc Hoersken
aaa42aa0d5 schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI 2012-06-11 19:00:29 +02:00