1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-10 11:35:07 -05:00
Commit Graph

1383 Commits

Author SHA1 Message Date
Patrick Monnerat
ed9a4b9fc4 test: add test cases for sasl external authentication (imap/pop3/smtp). 2015-01-27 18:03:56 +01:00
Daniel Stenberg
3df8e78860 tests: make sure CRLFs can't be used in URLs passed to proxy
Bug: http://curl.haxx.se/docs/adv_20150108B.html
2015-01-07 22:55:56 +01:00
Steve Holme
0d037cfdce test1520: Fixed initial teething problems
* Missing initialisation of upload status caused a seg fault
* Missing data termination caused corrupt data to be uploaded
* Data verification should be performed in <upload> element
* Added missing recipient list cleanup
2014-12-28 13:04:15 +00:00
Steve Holme
29726951b0 tests: Added test for bug #1456 2014-12-28 12:17:32 +00:00
Steve Holme
1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Peter Wu
479abdd32e tests: add two HTTP over UNIX socket tests
test1435: a simple test that checks whether a HTTP request can be
performed over the UNIX socket. The hostname/port are interpreted
by sws and should be ignored by cURL.

test1436: test for the ability to do two requests to the same host,
interleaved with one to a different hostname.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Bill Nagel
b359badd49 curl tool: Enable support for the SMB protocol
This patch enables SMB/CIFS support in the curl command-line tool.
2014-11-30 21:32:44 +00:00
Steve Holme
733686e430 tests: Disable test 1013 until SMB is fully added 2014-11-29 21:36:20 +00:00
Steve Holme
c5399c827d tests: Added SMTP with --crlf test case 2014-11-26 23:58:42 +00:00
be1a505189 SSL: Add PEM format support for public key pinning 2014-11-24 19:30:09 +01:00
Daniel Stenberg
4c3cfc7558 test1801: first real http2 test case 2014-11-20 23:33:34 +01:00
Daniel Stenberg
07e0957e1f test1800: first plain-text http2 test case
Verifies the upgrade request, but gets a plain 1.1 response
2014-11-20 23:33:34 +01:00
Peter Wu
8bdecd3617 test22: expand a backtick command
This is the only user of the backtick operator in the command. As the
commands will soon not be executed by a shell anymore (but by perl),
replace the command with its output.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-11-13 23:06:44 +01:00
Dan Fandrich
e2828af607 test552: Don't run HTTP digest tests for SSPI based builds
Technical difficulties prevented this from going into the
previous commit.
2014-11-06 22:31:07 +01:00
Steve Holme
b5c496f109 tests: Don't run HTTP digest tests for SSPI based builds
Added !SSPI to the features list of the HTTP digest tests, as SSPI
based builds now use the Windows SSPI messaging API rather than the
internal functions, and we can't control the random numbers that get
used as part of the digest.
2014-11-06 20:36:08 +00:00
Daniel Stenberg
445aab4b73 tests: add new feature 'SSLpinning'
... and make test 2034 and 2035 require it, and have it set when built
with OpenSSL or GnuTLS.
2014-11-04 23:02:09 +01:00
Daniel Stenberg
9bc2582c31 resume: consider a resume from [content-length] to be OK
Basically since servers often then don't respond well to this and
instead send the full contents and then libcurl would instead error out
with the assumption that the server doesn't support resume. As the data
is then already transfered, this is now considered fine.

Test case 1434 added to verify this. Test case 1042 slightly modified.

Reported-by: hugo
Bug: http://curl.haxx.se/bug/view.cgi?id=1443
2014-11-01 23:09:24 +01:00
Daniel Stenberg
95765567d0 HTTP: return larger than 3 digit response codes too
HTTP 1.1 is clearly specified to only allow three digit response codes,
and libcurl used sscanf("%3d") for that purpose. This made libcurl
support smaller numbers but not larger. It does now, but we will not
make any specific promises nor document this further since it is going
outside of what HTTP is.

Bug: http://curl.haxx.se/bug/view.cgi?id=1441
Reported-by: Balaji
2014-10-27 16:28:10 +01:00
Dan Fandrich
382cee0a77 Added the "flaky" keyword to a number of tests
Each shows evidence of flakiness on at least one platform on
the autobuilds. Users can use this keyword to skip these tests
if desired.
2014-10-26 13:50:38 +01:00
Daniel Stenberg
d938d5e6f8 test545: make it not use a trailing zero
CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not
require a trailing zero of the data and by making sure this test doesn't
use one we know it works (combined with valgrind).
2014-10-16 23:40:49 +02:00
Peter Wu
476499c75c tests: move TESTCASES to Makefile.inc, add show for cmake
This change allows runtests.pl to be run from the CMake builddir:

    export srcdir=/tmp/curl/tests;
    perl -I$srcdir $srcdir/runtests.pl -l

In order to make this possible, all test cases have been moved from
Makefile.am to Makefile.inc.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-13 11:50:21 +02:00
Daniel Stenberg
bf7023d165 test2036: verify -O with no slash at all in the URL
Similar to test 76 but that test's URL has a slash just no file name
part.
2014-10-09 16:50:26 +02:00
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Yousuke Kimoto
b10a838a7a CURLOPT_COOKIELIST: Added "RELOAD" command 2014-09-25 16:28:17 +02:00
Daniel Stenberg
a76825a5ef cookies: reject incoming cookies set for TLDs
Test 61 was modified to verify this.

CVE-2014-3620

Reported-by: Tim Ruehsen
URL: http://curl.haxx.se/docs/adv_20140910B.html
2014-09-10 07:32:36 +02:00
Tim Ruehsen
8a75dbeb23 cookies: only use full host matches for hosts used as IP address
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can be
fooled to both send cookies to wrong sites and to allow arbitrary sites
to set cookies for others.

CVE-2014-3613

Bug: http://curl.haxx.se/docs/adv_20140910A.html
2014-09-10 07:32:36 +02:00
Brandon Casey
6beb0eeea1 Ensure progress.size_dl/progress.size_ul are always >= 0
Historically the default "unknown" value for progress.size_dl and
progress.size_ul has been zero, since these values are initialized
implicitly by the calloc that allocates the curl handle that these
variables are a part of.  Users of curl that install progress
callbacks may expect these values to always be >= 0.

Currently it is possible for progress.size_dl and progress.size_ul
to by set to a value of -1, if Curl_pgrsSetDownloadSize() or
Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few
places currently do, and a following patch will add more).  So
lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize()
so they make sure that these variables always contain a value that
is >= 0.

Updates test579 and test599.

Signed-off-by: Brandon Casey <drafnel@gmail.com>
2014-09-07 23:23:12 +02:00
Steve Holme
8acbb074f8 tests: Added test1420 to the makefile 2014-09-07 12:13:34 +01:00
Steve Holme
be83356e5e test1420: Removed unnecessary CURLOPT setting 2014-09-07 12:09:29 +01:00
Steve Holme
797d56cbd8 tests: Added more "Clear Text" authentication keywords 2014-09-07 11:37:10 +01:00
Steve Holme
9ee502ac6b tests: Updated "based on" text due to email test renumbering 2014-09-07 11:19:10 +01:00
Steve Holme
ed285ae5c9 tests: For consistency added --libcurl to test name 2014-09-07 11:19:08 +01:00
Steve Holme
436a841354 tests: Added --libcurl for IMAP test case 2014-09-07 11:19:05 +01:00
Daniel Stenberg
0187c9e11d http: fix the Content-Range: parser
... to handle "*/[total]". Also, removed the strange hack that made
CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return
CURLE_OK.

Reported-by: Dimitrios Siganos
Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
2014-08-15 10:02:47 +02:00
Fabian Keil
6543f6e36c tests: Fix a couple of incomplete response lines 2014-07-26 23:12:53 +02:00
Daniel Stenberg
4cb2521595 test506: verify aa68848451
After the fixed cookie lock deadlock, this test now passes and it
detects double-locking and double-unlocking of mutexes.
2014-07-16 00:09:58 +02:00
Dan Fandrich
4da6e0c966 test320: strip off the actual negotiated cipher width
It's irrelevant to the test, and will change depending on which SSL
library is being used by libcurl.
2014-07-15 01:01:39 +02:00
Dan Fandrich
816979e3b8 tests: added globbing keyword to URL globbing tests 2014-07-12 01:52:07 +02:00
Dan Fandrich
d582c272a6 tests: adjust for capitalization differences in newer gnutls-serv 2014-07-11 23:47:48 +02:00
Dan Fandrich
4dc3a57718 test320/1/2/4: fix the port number substitution variables
These tests have been broken since commit 1958fe57 in Oct. 2011
2014-07-11 23:47:33 +02:00
Dan Fandrich
34d02aff71 sasl: Added back qop argument mistakenly removed in e95ca7ce
This caused segfaults on tests 823 869 907.
2014-06-15 14:11:35 +02:00
Dan Fandrich
ce6c691da1 test1398: Added test to Makefile.am 2014-06-15 12:28:43 +02:00
Daniel Stenberg
e95ca7cec9 NTLM: set a fake entropy for debug builds with CURL_ENTROPY set
Curl_rand() will return a dummy and repatable random value for this
case. Makes it possible to write test cases that verify output.

Also, fake timestamp with CURL_FORCETIME set.

Only when built debug enabled of course.

Curl_ssl_random() was not used anymore so it has been
removed. Curl_rand() is enough.

create_digest_md5_message: generate base64 instead of hex string

curl_sasl: also fix memory leaks in some OOM situations
2014-06-11 23:15:48 +02:00
Steve Holme
ceacbacd14 tests: Disabled NTLM tests for non-debug builds
Added required "debug" feature, missed in commit 1c9aaa0bac, as NTLMv2
calls Curl_rand() which can only be fixed to a specific entropy in
debug builds.
2014-06-11 21:24:59 +01:00
Steve Holme
e8c1bf8840 tests: Fixed up DIGEST-MD5 tests following commit eefeb73af4 2014-06-01 12:18:05 +01:00
Daniel Stenberg
313b274b9d test1134: verify CREDSPERREQUEST for HTTP
Verifies that the change in 68f0166a92 works as intended and that
different HTTP auth credentials to the same host still re-uses the
connection properly.
2014-05-18 16:55:03 +02:00
Steve Holme
18e4cd1e20 tests: Fixed up DIGEST-MD5 tests following commit 8342b6e1dc 2014-05-11 16:20:52 +01:00
Dan Fandrich
f0b2d27f7d test87: Get rid of extraneous square brackets in tag 2014-05-09 11:04:30 +02:00
Daniel Stenberg
812da4190f mprintf: allow %.s with data not being zero terminated
If the precision is indeed shorter than the string, don't strlen() to
find the end because that's not how the precision operator works.

I also added a unit test for curl_msnprintf to make sure this works and
that the fix doesn't a few other basic use cases. I found a POSIX
compliance problem that I marked TODO in the unit test, and I figure we
need to add more tests in the future.

Reported-by: Török Edwin
2014-05-04 23:39:52 +02:00
Daniel Stenberg
2e57c7e0fc test325: verify --proto-redir https=>http 2014-04-23 22:36:01 +02:00