1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-16 22:45:03 -05:00
Commit Graph

17522 Commits

Author SHA1 Message Date
Daniel Stenberg
3b5c75ef3d OpenSSL: deselect weak ciphers by default
By default even recent versions of OpenSSL support and accept both
"export strength" ciphers, small-bitsize ciphers as well as downright
deprecated ones.

This change sets a default cipher set that avoids the worst ciphers, and
subsequently makes https://www.howsmyssl.com/a/check no longer grade
curl/OpenSSL connects as 'Bad'.

Bug: http://curl.haxx.se/bug/view.cgi?id=1323
Reported-by: Jeff Hodges
2014-01-12 00:14:01 +01:00
Daniel Stenberg
3b183df9cc multi: remove MULTI_TIMEOUT_INACCURACY
With the recently added timeout "reminder" functionality, there's no
reason left for us to execute timeout code before the time is
ripe. Simplifies the handling too.

This will make the *TIMEOUT and *CONNECTTIMEOUT options more accurate
again, which probably is most important when the *_MS versions are used.

In multi_socket, make sure to update 'now' after having handled activity
on a socket.
2014-01-12 00:11:53 +01:00
Steve Holme
7cd45b297e Makefile.dist: Added support for VC7
Currently VC7 and VC7.1 builds have to be ran with the VC variable set
to vc6 which is not only inconsistent with the nmake winbuild system
but also with newer versions of Visual Studio supported by this file.

Note: This doesn't break the build for anyone still running with the
VC variable set to vc6 or not set (which defaults to vc6).
2014-01-11 14:33:42 +00:00
Steve Holme
9362603f05 RELEASE-NOTES: Synced with 980659a2ca 2014-01-10 20:04:27 +00:00
Daniel Stenberg
980659a2ca multi_socket: remind app if timeout didn't run
BACKGROUND:

We have learned that on some systems timeout timers are inaccurate and
might occasionally fire off too early. To make the multi_socket API work
with this, we made libcurl execute timeout actions a bit early too if
they are within our MULTI_TIMEOUT_INACCURACY. (added in commit
2c72732ebf, present since 7.21.0)

Switching everything to the multi API made this inaccuracy problem
slightly more notable as now everyone can be affected.

Recently (commit 21091549c0) we tweaked that inaccuracy value to make
timeouts more accurate and made it platform specific. We also figured
out that we have code at places that check for fixed timeout values so
they MUST NOT run too early as then they will not trigger at all (see
commit be28223f35 and a691e04470) - so there are definitately problems
with running timeouts before they're supposed to run. (We've handled
that so far by adding the inaccuracy margin to those specific timeouts.)

The libcurl multi_socket API tells the application with a callback that
a timeout expires in N milliseconds (and it explicitly will not tell it
again for the same timeout), and the application is then supposed to
call libcurl when that timeout expires. When libcurl subsequently gets
called with curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...), it
knows that the application thinks the timeout expired - and alas, if it
is within the inaccuracy level libcurl will run code handling that
handle.

If the application says CURL_SOCKET_TIMEOUT to libcurl and _isn't_
within the inaccuracy level, libcurl will not consider the timeout
expired and it will not tell the application again since the timeout
value is still the same.

NOW:

This change introduces a modified behavior here. If the application says
CURL_SOCKET_TIMEOUT and libcurl finds no timeout code to run, it will
inform the application about the timeout value - *again* even if it is
the same timeout that it already told about before (although libcurl
will of course tell it the updated time so that it'll still get the
correct remaining time). This way, we will not risk that the application
believes it has done its job and libcurl thinks the time hasn't come yet
to run any code and both just sit waiting. This also allows us to
decrease the MULTI_TIMEOUT_INACCURACY margin, but that will be handled
in a separate commit.

A repeated timeout update to the application risk that the timeout will
then fire again immediately and we have what basically is a busy-loop
until the time is fine even for libcurl. If that becomes a problem, we
need to address it.
2014-01-10 13:57:25 +01:00
Daniel Stenberg
041d1e14d6 threaded-resolver: never use NULL hints with getaddrinfo
The net effect of this bug as it appeared to users, would be that
libcurl would timeout in the connect phase.

When disabling IPv6 use but still using getaddrinfo, libcurl would
wrongly not init the "hints" struct field in init_thread_sync() which
would subsequently lead to a getaddrinfo() invoke with a zeroed hints
with ai_socktype set to 0 instead of SOCK_STREAM. This would lead to
different behaviors on different platforms but basically incorrect
output.

This code was introduced in 483ff1ca75, released in curl 7.20.0.

This bug became a problem now due to the happy eyeballs code and how
libcurl now traverses the getaddrinfo() results differently.

Bug: http://curl.haxx.se/mail/lib-2014-01/0061.html
Reported-by: Fabian Frank
Debugged-by: Fabian Frank
2014-01-10 08:48:40 +01:00
Nick Zitzmann
21aa79f463 darwinssl: un-break Leopard build after PKCS#12 change
It turns out errSecDecode wasn't defined in Leopard's headers. So
we use the enum's value instead.

Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html
Reported by: Abram Pousada
2014-01-09 17:53:29 -06:00
Daniel Stenberg
28933f9d30 Curl_updateconninfo: don't do anything for UDP "connections"
getpeername() doesn't work for UDP sockets since they're not connected

Reported-by: Priyanka Shah
Bug: http://curl.haxx.se/mail/archive-2014-01/0016.html
2014-01-08 23:43:45 +01:00
Daniel Stenberg
5b2342d377 info: remove debug output
Removed some of the infof() calls that were added with the recent
pipeline improvements but they're not useful to the vast majority of
readers and the pipelining seems to fundamentaly work - the debugging
outputs can easily be added there if debugging these functions is needed
again.
2014-01-08 23:19:57 +01:00
Daniel Stenberg
31075a8897 runtests: disable memory tracking with threaded resolver
The built-in memory debug system doesn't work with multi-threaded use so
instead of causing annoying false positives, disable the memory tracking
if the threaded resolver is used.
2014-01-08 13:20:29 +01:00
Daniel Stenberg
2d435c7fb5 trynextip: fix build for non-IPV6 capable systems
AF_INET6 may not exist then

Patched-by: Iida Yosiaki
Bug: http://curl.haxx.se/bug/view.cgi?id=1322
2014-01-08 09:41:38 +01:00
Steve Holme
0151316183 makefile: Added support for VC12 2014-01-08 02:26:42 +00:00
Steve Holme
aa1ee9e7a2 makefile: Added support for VC11 2014-01-08 01:36:33 +00:00
Steve Holme
f61e0a34ea winbuild: Follow up fix for a47c142a88, 11e8066ef9 and 92b9ae5c5d 2014-01-08 01:22:04 +00:00
Daniel Stenberg
e35458bc08 mk-ca-bundle.1: document -d 2014-01-07 23:51:01 +01:00
Steve Holme
e96b67a70f RELEASE-NOTES: Synced with 8ae35102c4 2014-01-07 22:12:57 +00:00
Daniel Stenberg
8ae35102c4 ConnectionExists: fix NTLM check for new connection
When the requested authentication bitmask includes NTLM, we cannot
re-use a connection for another username/password as we then risk
re-using NTLM (connection-based auth).

This has the unfortunate downside that if you include NTLM as a possible
auth, you cannot re-use connections for other usernames/passwords even
if NTLM doesn't end up the auth type used.

Reported-by: Paras S
Patched-by: Paras S
Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html
2014-01-07 09:48:40 +01:00
Steve Holme
fc0b4b0d31 examples: Added required libcurl version information to SMTP examples 2014-01-05 23:00:56 +00:00
Daniel Stenberg
619d1704ae mk-ca-bundle.pl: avoid warnings with -d without parameter 2014-01-05 23:53:26 +01:00
Leif W
d5f1590d5c mk-ca-bundle: introduces -d and warns about using this script 2014-01-05 23:38:32 +01:00
Steve Holme
fca7930dfa Makefile: Added missing WinSSL and x64 configurations 2014-01-05 21:13:12 +00:00
Marc Hoersken
e9c0f1f658 docs/INTERNALS: follow up fix for 11e8066 and 92b9ae5 2014-01-05 20:17:04 +01:00
Marc Hoersken
279c95b5b3 packages: follow up fix for a47c142, 11e8066 and 92b9ae5 2014-01-05 20:13:55 +01:00
Marc Hoersken
61312fe66f multi.c: fix possible dereference of null pointer 2014-01-05 20:01:33 +01:00
Steve Holme
149e0c8d10 Examples: Renamed SMTP MAIL example to match other email examples 2014-01-05 17:51:18 +00:00
Steve Holme
0f4bf77bd3 examples: Added POP3 TLS example 2014-01-05 14:26:51 +00:00
Steve Holme
ecb0dc4c90 examples: Added IMAP NOOP example 2014-01-05 14:22:35 +00:00
Steve Holme
a6742a1c12 examples: Added POP3 NOOP example 2014-01-05 13:59:21 +00:00
Steve Holme
e209d60713 pop3-stat.c: Corrected small typo from commit 91d62e9abd 2014-01-05 13:56:49 +00:00
Steve Holme
91d62e9abd examples: Added POP3 STAT example 2014-01-05 13:29:50 +00:00
Steve Holme
3e17db4882 examples: Added POP3 TOP example 2014-01-05 13:16:41 +00:00
Steve Holme
ef2d7cb44b examples: Added POP3 DELE example 2014-01-05 13:00:25 +00:00
Steve Holme
e948b9c6e3 examples: Added POP3 UIDL example 2014-01-05 12:31:28 +00:00
Steve Holme
afb65c6cf3 examples: Added POP3 RETR example 2014-01-05 12:17:15 +00:00
Steve Holme
5be92d03b0 examples: Added return of error code in POP3 examples 2014-01-05 12:05:02 +00:00
Steve Holme
3bc349b53b runtests.pl: Updated copyright year after edit from d718abd968 2014-01-05 11:32:48 +00:00
Steve Holme
ad39e7ec01 examples: Reworked POP3 examples for additional upcoming POP3 examples 2014-01-05 11:28:24 +00:00
Steve Holme
98b7fc0195 examples: Added SMTP SSL example 2014-01-05 11:27:29 +00:00
Steve Holme
f9797871aa examples: Added IMAP SSL and TLS examples 2014-01-05 11:26:41 +00:00
Marc Hoersken
d718abd968 runtests.pl: check for tstunnel command on Windows
The Windows console version of stunnel is called "tstunnel", while
running "stunnel" on Windows spawns a new console window which
cannot be handled by the testsuite.
2014-01-05 02:22:09 +01:00
Marc Hoersken
190bb785d8 testcurl.pl: always show the last 5 commits even with --nogitpull 2014-01-05 00:09:20 +01:00
Daniel Stenberg
5c0eae136b ftp tests: provide LIST responses in the test file itself
Previously LIST always returned a fixed hardcoded list that the ftp
server code knew about, mostly since the server didn't get any test case
number in the LIST scenario. Starting now, doing a CWD to a directory
named test-[number] will make the test server remember that number and
consider it a test case so that a subsequent LIST command will send the
<data> section of that test case back.

It allows LIST tests to be made more similar to how all other tests
work.

Test 100 was updated to provide its own directory listing.
2014-01-04 23:39:30 +01:00
Steve Holme
5220c1d692 examples: Standardised username and password settings for all email examples
Replaced the use of CURLOPT_USERPWD for the preferred CURLOPT_USERNAME
and CURLOPT_PASSWORD options and used the same username and password for
all email examples which is the same as that used in the test suite.
2014-01-04 18:12:02 +00:00
Steve Holme
84a9f092dc Updated copyright year for recent changes 2014-01-04 17:41:10 +00:00
Marc Hoersken
4fc8d83f5f secureserver.pl: support for stunnel-path with nun-alphanum chars
This is desired to support stunnel installations on Windows.
2014-01-04 17:49:54 +01:00
Marc Hoersken
8fc4abedf1 conncache.c: fix possible dereference of null pointer 2014-01-04 16:34:58 +01:00
Marc Hoersken
c216179af4 docs: primarily refer to schannel as WinSSL 2014-01-04 14:33:27 +01:00
Steve Holme
4c51f2b578 examples: Added IMAP COPY example 2014-01-04 01:11:26 +00:00
Steve Holme
2b026784a8 examples: Added IMAP DELETE example 2014-01-04 01:11:03 +00:00
Steve Holme
3c1519117a examples: Added IMAP CREATE example 2014-01-04 01:05:46 +00:00