1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 03:55:03 -05:00
Commit Graph

887 Commits

Author SHA1 Message Date
Daniel Stenberg
47e169e7a4
configure: fix typo in TLS error message
Reported-by: Pontus Lundkvist
2021-04-23 09:21:02 +02:00
Daniel Stenberg
ee36e86ce8
configure: split out each TLS library detector into its own function
... and put those functions in separate m4 files per TLS library.
2021-04-22 23:19:47 +02:00
Daniel Stenberg
68d89f242c
configure: make the TLS library choice(s) explicit
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.

If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).

Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.

Closes #6897
2021-04-22 23:19:47 +02:00
Daniel Stenberg
d71ff2b9db
hsts: enable by default
No longer considered experimental.

Closes #6700
2021-04-19 08:22:16 +02:00
Daniel Stenberg
7bdec2a08b
configure: provide --with-openssl, deprecate --with-ssl
Makes the option more explicit.

Closes #6887
2021-04-15 09:08:34 +02:00
Daniel Stenberg
d0c196618e
configure: fix CURL_DARWIN_CFLAGS use
The macro name change was not completely done.

Follow-up to 5d2c384452
Bug: 5d2c384452 (commitcomment-49315187)
Reported-by: Marcel Raad
Closes #6878
2021-04-09 17:09:08 +02:00
Michael Forney
eaa1d73229
configure: include <time.h> unconditionally
In 2682e5f5, several instances of AC_HEADER_TIME were removed since
it is a deprecated autoconf macro. However, this was the macro that
defined TIME_WITH_SYS_TIME, which was used to indicate that <time.h>
can be included alongside <sys/time.h>. TIME_WITH_SYS_TIME is still
used in the configure test body and since it is no longer defined,
<time.h> is *not* included on systems that have <sys/time.h>.

In particular, at least on musl libc and glibc, <sys/time.h> does
not implicitly include <time.h> and does not declare clock_gettime,
gmtime_r, or localtime_r. This causes configure to fail to detect
those functions.

The AC_HEADER_TIME macro deprecation text says

> All current systems provide time.h; it need not be checked for.
> Not all systems provide sys/time.h, but those that do, all allow
> you to include it and time.h simultaneously.

So, to fix this issue, simply include <time.h> unconditionally when
testing for time-related functions and in libcurl, and don't bother
checking for it.

Closes #6859
2021-04-07 16:08:01 +02:00
Marc Hoersken
d6fba0ca06
config: fix SSPI enabling NTLM if crypto auth is disabled
Avoid enabling NTLM feature based upon Windows SSPI
being enabled in case that crypto auth is disabled.

Reported-by: Marcel Raad

Follow-up to #6277
Fixes #6803
Closes #6808
2021-03-29 09:08:48 +02:00
Daniel Stenberg
2682e5f502
configure: remove use of deprecated macros
AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL
2021-03-16 23:02:02 +01:00
Daniel Stenberg
d2ea5d166e
configure: make AC_TRY_* into AC_*_IFELSE
... as the former versions are deprecated.
2021-03-16 23:02:02 +01:00
Daniel Stenberg
a59f046116
configure: s/AC_HELP_STRING/AS_HELP_STRING
AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
already since 2.59 so bump the minimum required version to that.

Reported-by: Emil Engler
Fixes #6647
Closes #6748
2021-03-16 23:01:53 +01:00
Marc Hoersken
cc615f48e7
config: fix building SMB with configure using Win32 Crypto
Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
just like curl_setup.h does internally to detect support of:

- USE_NTLM: required for NTLM crypto authentication feature
- USE_CURL_NTLM_CORE: required for SMB protocol

Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
in wincrypt.h which are not available in the Windows App environment.

Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.

Reviewed-by: Marcel Raad

Closes #6277
2021-03-15 17:01:30 +01:00
Michael Hordijk
b3ace84642
configure: only add OpenSSL paths if they are defined
Add paths for OpenSSL compiling and linking only if they have been
defined.  If they haven't been defined, we'll assume that the paths are
already available to the toolchain.

Closes #6730
2021-03-12 09:45:10 +01:00
Daniel Stenberg
dcccd8dd25
configure: provide Largefile feature for curl-config
... as cmake now does it correctly, and make test1014 check for it

Closes #6702
2021-03-11 10:12:30 +01:00
Daniel Stenberg
c7c1e5851f
configure: fail if --with-quiche is used and quiche isn't found
Closes #6652
2021-02-24 14:05:29 +01:00
Viktor Szakats
95014b0a4d
build: delete unused feature guards
- `HAVE_STRNCASECMP`
- `HAVE_TCGETATTR`
- `HAVE_TCSETATTR`

Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Closes #6645
2021-02-23 12:04:29 +00:00
Jacob Hoffman-Andrews
aab3c6c4c8
configure: make hyper opt-in, and fail if missing
Previously, configure would look for hyper by default, and use it if
found; otherwise it would not use hyper, and not error.

Now, configure will not look for hyper unless --with-hyper is passed. If
configure looks for hyper and fails, it will error.

Also, add -ld -lpthread -lm to Hyper's libs. I think they are required.

Closes #6598
2021-02-23 07:39:05 +01:00
Daniel Stenberg
e06fa7462a
gnutls: assume nettle crypto support
nettle has been the default crypto library with GnuTLS since 2010. By
dropping support for the previous libcrypto, we simplify code.

Closes #6625
2021-02-18 23:06:47 +01:00
Jacob Hoffman-Andrews
246399a874
vtls: initial implementation of rustls backend
This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
from https://github.com/abetterinternet/crustls.

Rustls is at https://github.com/ctz/rustls/.

There is still a fair bit to be done, like sending CloseNotify on
connection shutdown, respecting CAPATH, and properly indicating features
like "supports TLS 1.3 ciphersuites." But it works well enough to make
requests and receive responses.

Blog post for context:
https://www.abetterinternet.org/post/memory-safe-curl/

Closes #6350
2021-02-09 11:06:18 +01:00
Simon Josefsson
3eebbfe8f3
sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
Closes #6372
2021-02-09 10:53:25 +01:00
Daniel Stenberg
275c28e650
COPYING/configure: bump copyright year range 2021-01-01 00:52:28 +01:00
Daniel Stenberg
c263e583c2
configure: add --with-hyper
As the first (optional) HTTP backend alternative instead of native

Close #6110
2020-12-18 09:57:51 +01:00
parazyd
a1f06f32b8
gopher: Implement secure gopher protocol.
This commit introduces a "gophers" handler inside the gopher protocol if
USE_SSL is defined. This protocol is no different than the usual gopher
prococol, with the added TLS encapsulation upon connecting. The protocol
has been adopted in the gopher community, and many people have enabled
TLS in their gopher daemons like geomyidae(8), and clients, like clic(1)
and hurl(1).

I have not implemented test units for this protocol because my knowledge
of Perl is sub-par. However, for someone more knowledgeable it might be
fairly trivial, because the same test that tests the plain gopher
protocol can be used for "gophers" just by adding a TLS listener.

Signed-off-by: parazyd <parazyd@dyne.org>

Closes #6208
2020-12-15 12:58:12 +01:00
Oliver Urbann
0d16a49c16
curl: add compatibility for Amiga and GCC 6.5
Changes are mainly reordering and adding of includes required
to compile with a more recent version of GCC.

Closes #6220
2020-11-20 23:36:51 +01:00
Daniel Stenberg
259c70a930
Revert "libcurl.pc: make it relocatable"
This reverts commit 3862c37b63.

That fix should either be done differently or with an option.

Reported-by: asavah on github
Fixes #6157
Closes #6183
2020-11-09 09:13:06 +01:00
Daniel Stenberg
374329d773
configure: pass -pthread to Libs.private for pkg-config
Reported-by: Cristian Morales Vega
Fixes #6168
Closes #6181
2020-11-07 18:25:21 +01:00
Daniel Stenberg
4d2f800677
curl.se: new home
Closes #6172
2020-11-04 23:59:47 +01:00
Daniel Stenberg
7385610d0c
hsts: add support for Strict-Transport-Security
- enable in the build (configure)
- header parsing
- host name lookup
- unit tests for the above
- CI build
- CURL_VERSION_HSTS bit
- curl_version_info support
- curl -V output
- curl-config --features
- CURLOPT_HSTS_CTRL
- man page for CURLOPT_HSTS_CTRL
- curl --hsts (sets CURLOPT_HSTS_CTRL and works with --libcurl)
- man page for --hsts
- save cache to disk
- load cache from disk
- CURLOPT_HSTS
- man page for CURLOPT_HSTS
- added docs/HSTS.md
- fixed --version docs
- adjusted curl_easy_duphandle

Closes #5896
2020-11-03 16:08:42 +01:00
Cristian Morales Vega
6f3369bbcf
configure: use pkgconfig to find openSSL when cross-compiling
This reverts 736a40fec (November 2004), which doesn't explain why it was
done.

Closes #6145
2020-10-29 23:18:29 +01:00
Daniel Stenberg
96450a1a33
alt-svc: enable by default
Remove CURLALTSVC_IMMEDIATELY, which was never implemented/supported.

alt-svc support in curl is no longer considered experimental

Closes #5868
2020-10-25 23:08:54 +01:00
Daniel Stenberg
4bfca0a807
libssh2: require version 1.0 or later
... and simplify the code accordingly. libssh2 version 1.0 was released
in April 2009.

Closes #6116
2020-10-22 16:45:40 +02:00
Cristian Morales Vega
3862c37b63
libcurl.pc: make it relocatable
It supposes when people specify the libdir/includedir they do it to
change where under prefix/exec_prefix it should be, not to make it
independent of prefix/exec_prefix.

Closes #6061
2020-10-15 16:04:21 +02:00
Daniel Stenberg
c8204ed6a2
configure: don't say HTTPS-proxy is enabled when disabled!
Reported-by: Kamil Dudka
Reviewed-by: Kamil Dudka
Bug: https://github.com/curl/curl/pull/5735#issuecomment-701376388
Closes #6029
2020-09-30 22:43:43 +02:00
Daniel Stenberg
cbe7fad20d
ECH: renamed from ESNI in docs and configure
Encrypted Client Hello (ECH) is the current name.

Closes #6022
2020-09-29 11:23:23 +02:00
Daniel Stenberg
83c6493296
configure: use "no" instead of "disabled" for the end summary
... for consistency but also to make them more distinctly stand out next
to the "enabled" lines.
2020-09-29 11:01:45 +02:00
Daniel Stenberg
e37e446868
mqtt: enable by default
No longer considered experimental.

Closes #5858
2020-08-31 09:45:09 +02:00
Marcel Raad
f504f18641 ntlm: fix condition for curl_ntlm_core usage
`USE_WINDOWS_SSPI` without `USE_WIN32_CRYPTO` but with any other DES
backend is fine, but was excluded before.

This also fixes test 1013 as the condition for SMB support in
configure.ac didn't match the condition in the source code. Now it
does.

Fixes https://github.com/curl/curl/issues/1262
Closes https://github.com/curl/curl/pull/5771
2020-08-29 10:08:32 +02:00
Daniel Stenberg
ad691b191a
configure: added --disable-get-easy-options
To allow disabling of the curl_easy_option APIs in a build.

Closes #5365
2020-08-27 14:17:42 +02:00
Daniel Stenberg
d854572ccc
socketpair: allow CURL_DISABLE_SOCKETPAIR
... to completely disable the use of socketpair

Closes #5850
2020-08-26 22:58:21 +02:00
Daniel Stenberg
510d98157f
configure: fix pkg-config detecting wolfssl
When amending the include path with "/wolfssl", this now properly strips
off all whitespace from the path variable! Previously this would lead to
pkg-config builds creating bad command lines.

Closes #5848
2020-08-24 19:21:20 +02:00
Daniel Stenberg
2429f45a97
TLS naming: fix more Winssl and Darwinssl leftovers
The CMake option is now called CMAKE_USE_SCHANNEL

The winbuild flag is USE_SCHANNEL

The CI jobs and build scripts only use the new names and the new name
options

Tests now require 'Schannel' (when necessary)

Closes #5795
2020-08-08 00:19:21 +02:00
Ehren Bendler
14e63c19a0
configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
Also choose a different wolfSSL function to test for NTLM support.

Fixes #5605
Closes #5682
2020-07-27 15:18:13 +02:00
Daniel Stenberg
ba390221ef
configure: show zstd "no" in summary when built without it
Reported-by: Marc Hörsken
Fixes #5720
Closes #5730
2020-07-27 14:33:17 +02:00
Gilles Vollant
e13357b14b
content_encoding: add zstd decoding support
include zstd curl patch for Makefile.m32 from vszakats
and include Add CMake support for zstd from Peter Wu

Helped-by: Viktor Szakats
Helped-by: Peter Wu
Closes #5453
2020-07-12 18:11:37 +02:00
Nicolas Sterchele
3f6288e1e5
configure.ac: Sort features name in summary
- Same as protocols

Closes #5656
2020-07-12 18:04:11 +02:00
Daniel Stenberg
774eff9fcd
configure: for wolfSSL, check for the DES func needed for NTLM
Also adds pkg-config support for the wolfSSL detection.
2020-06-16 09:06:53 +02:00
Daniel Stenberg
4190f49688
configure: only strip first -L from LDFLAGS
In the logic that works out if a given OpenSSL path works, it stripped
off a possibly leading -L flag using an incorrect sed pattern which
would remove all instances of -L in the string, including if the path
itself contained that two-letter sequence!

The same pattern was used and is now updated in multiple places. Now it
only removes -L if it starts the strings.

Reported-by: Mohamed Osama
Fixes #5519
Closes #5521
2020-06-04 23:15:28 +02:00
Marc Hoersken
fc55c723c4
select: add overflow checks for timeval conversions
Using time_t and suseconds_t if suseconds_t is available,
long on Windows (maybe others in the future) and int elsewhere.

Also handle case of ULONG_MAX being greater or equal to INFINITE.

Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg

Part of #5343
2020-05-30 10:21:23 +02:00
Daniel Stenberg
2110b996a6
configure: repair the check if argv can be written to
Due to bad escaping of the test code, the test wouldn't build and thus
result in a negative test result, which would lead to the unconditional
assumption that overwriting the arguments doesn't work and thus curl
would never hide credentials given in the command line, even when it
would otherwise be possible.

Regression from commit 2d4c2152c (7.60.0)

Reported-by: huzunhao on github
Fixes #5470
Closes #5471
2020-05-28 23:33:56 +02:00
Peter Wu
06e266e0a5 configure: fix pthread check with static boringssl
A shared boringssl/OpenSSL library requires -lcrypto only for linking.
A static build additionally requires `-ldl -lpthread`. In the latter
case `-lpthread` is added to LIBS which prevented `-pthread` from being
added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
2020-05-22 21:10:07 +02:00