1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-26 10:08:48 -05:00
Commit Graph

27273 Commits

Author SHA1 Message Date
Daniel Stenberg
1a0ebf6632
hostip: make 'localhost' return fixed values
Resolving the case insensitive host name 'localhost' now returns the
addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
resolver.

This removes the risk that users accidentally resolves 'localhost' to
something else. By making sure 'localhost' is always local, we can
assume a "secure context" for such transfers (for cookies etc).

Closes #7039
2021-05-31 15:37:37 +02:00
Daniel Gustafsson
772eacb2e3 docs: fix typos 2021-05-31 12:47:15 +02:00
Daniel Stenberg
1c1d9f1aff
hsts: ignore numberical IP address hosts
Also, use a single function library-wide for detecting if a given hostname is
a numerical IP address.

Reported-by: Harry Sintonen
Fixes #7146
Closes #7149
2021-05-30 19:49:40 +02:00
Daniel Stenberg
9097843e8f
test178: adjust for hyper
Hyper returns the same error for wrong HTTP version as for negative
content-length. Test 178 verifies that negative content-length is
rejected but the hyper backend will return a different error for it (and
without any helpful message telling why the message was bad). It will
also not return any headers at all for the response, not even the ones
that arrived before the error.

Closes #7147
2021-05-29 23:16:04 +02:00
Daniel Stenberg
a43e1da1e2
HYPER: remove mentions of deprecated development branch 2021-05-28 23:06:19 +02:00
Daniel Stenberg
f2619b1767
c-hyper: handle NULL from hyper_buf_copy()
Closes #7143
2021-05-28 15:08:11 +02:00
Daniel Stenberg
68975fba02
HSTS: not experimental anymore 2021-05-28 12:34:07 +02:00
Douglas R. Reno
ed38ac86ea
INSTALL: use correct extension for CURL-DISABLE.md
In INSTALL.MD, it's currently set to CURL-DISABLE-md instead of
CURL-DISABLE.md. This generates a 404 on the cURL website as well as
when viewing the docs through Github.

Closes #7142
2021-05-27 22:59:48 +02:00
Daniel Stenberg
629463f692
travis: run tests 1 - 153 with hyper 2021-05-27 18:14:12 +02:00
Daniel Stenberg
11796231af
c-hyper: convert HYPERE_INVALID_PEER_MESSAGE to CURLE_UNSUPPORTED_PROTOCOL
Makes test 129 work (HTTP/1.2 response).

Closes #7141
2021-05-27 18:14:00 +02:00
Daniel Stenberg
d3e0f20fea
http_proxy: deal with non-200 CONNECT response with Hyper
Makes test 94 and 95 work

Closes #7141
2021-05-27 18:13:45 +02:00
Daniel Stenberg
23b99fc94c
c-hyper: clear NTLM auth buffer when request is issued
To prevent previous ones to get reused on subsequent requests. Matches
how the built-in HTTP code works. Makes test 90 to 93 work.

Add test 90 to 93 in travis.

Closes #7139
2021-05-27 16:50:59 +02:00
Joel Depooter
ee97f17697
schannel: set ALPN length correctly for HTTP/2
In a3268eca79 this code was changed to use the ALPN_H2 constant
instead of the NGHTTP2_PROTO_ALPN constant. However, these constants are
not the same. The nghttp2 constant included the length of the string,
like this: "\x2h2". The ALPN_H2 constant is just "h2". Therefore we need
to re-add the length of the string to the ALPN buffer.

Closes #7138
2021-05-27 08:27:35 +02:00
Daniel Stenberg
5f7fef70a9
travis: run tests 1-89 in the hyper build
Closes #7137
2021-05-27 07:55:30 +02:00
Daniel Stenberg
2ee761c19b
Revert "c-hyper: handle body on HYPER_TASK_EMPTY"
This reverts commit c3eefa95c3.

Reported-by: Kevin Burke
Fixes #7122
Closes #7136
2021-05-27 07:54:32 +02:00
jonrumsey
9655474548
ccsidcurl: fix the compile errors
Looks like the declaration of cpp shoule be const char ** and return
null if convert_version_info_string fails.

Fixes #7134
Closes #7135
2021-05-26 23:36:22 +02:00
Viktor Szakats
3976dd67a2
docs: use --max-redirs instead of --max-redir
For consistency.

Closes #7130
2021-05-26 14:49:52 +02:00
Daniel Stenberg
6043edf3dc
RELEASE-NOTES: synced
... and bump to 7.77.1
2021-05-26 14:47:35 +02:00
Michael Forney
a2fe2f04cd
travis: add bearssl build
Closes #7133
2021-05-26 14:43:56 +02:00
Michael Forney
7f9c5af8b3
bearssl: explicitly initialize all fields of Curl_ssl
Also, add comments like the other vtls backends.

Closes #7133
2021-05-26 14:43:45 +02:00
Michael Forney
a03ea62239
bearssl: remove incorrect const on variable that is modified
hostname may be set to NULL later on in this function if it is an
IP address.

Closes #7133
2021-05-26 14:43:40 +02:00
Daniel Stenberg
6b951a6928
RELEASE-NOTES: synced 2021-05-26 08:18:11 +02:00
Daniel Stenberg
83a31635a4
THANKS: added contributors from 7.77.0 cycle 2021-05-26 08:18:11 +02:00
Daniel Stenberg
82d334001f
copyright: update copyright year ranges to 2021 2021-05-26 08:18:11 +02:00
Radek Zajic
1a5e41d97c
hostip: fix broken macOS/CMake/GCC builds
Follow-up to 31f631a142

Fixes #7128
Closes #7129
2021-05-26 00:24:09 +02:00
Daniel Stenberg
54e5c24565
TODO: netrc caching and sharing
URL: https://curl.se/mail/archive-2021-05/0018.html
2021-05-25 17:45:26 +02:00
Orgad Shaneh
2864b00b01
setopt: streamline ssl option code
Make it use the same style as the code next to it

Closes #7123
2021-05-25 12:48:04 +02:00
Radek Zajic
31f631a142
lib/hostip6.c: make NAT64 address synthesis on macOS work
Closes #7121
2021-05-25 12:45:56 +02:00
ejanchivdorj
a63dae5d07
sectransp: fix EXC_BAD_ACCESS caused by uninitialized buffer
When the SecCertificateCopyCommonName function fails, it leaves
common_name in a invalid state so CFStringCompare uses the invalid
result, causing EXC_BAD_ACCESS.

The fix is to check the return value of the function before using the
name.

Closes #7126
2021-05-25 11:22:09 +02:00
Paweł Wegner
643ec29645
CMake: add CURL_ENABLE_EXPORT_TARGET option
install(EXPORT ...) causes trouble when embedding curl dependencies
which don't provide install(EXPORT ...) targets (e.g libressl and
nghttp2) with cmake's add_subdirectory.

Reviewed-by: Jakub Zakrzewski
Closes #7060
2021-05-25 08:06:19 +02:00
Alessandro Ghedini
424aa64d54
quiche: update for network path aware API
Latest version of quiche requires the application to pass the peer
address of received packets, and it provides the address for outgoing
packets back.

Closes #7120
2021-05-24 17:26:46 +02:00
Jacob Hoffman-Andrews
a62e6435f4
rustls: switch read_tls and write_tls to callbacks
And update to 0.6.0, including a rename from session to connection for
many fields.

Closes #7071
2021-05-24 16:40:59 +02:00
Koichi Shiraishi
98770344b2
sectransp: fix 7f4a9a9b2a commit about missing comma
Follow-up to 7f4a9a9b2a

Closes #7119
2021-05-24 14:50:11 +02:00
Harry Sintonen
7f4a9a9b2a
openssl: associate/detach the transfer from connection
CVE-2021-22901

Bug: https://curl.se/docs/CVE-2021-22901.html
2021-05-24 13:15:10 +02:00
Harry Sintonen
39ce47f219
telnet: check sscanf() for correct number of matches
CVE-2021-22898

Bug: https://curl.se/docs/CVE-2021-22898.html
2021-05-24 07:56:05 +02:00
Daniel Stenberg
bbb71507b7
schannel: don't use static to store selected ciphers
CVE-2021-22897

Bug: https://curl.se/docs/CVE-2021-22897.html
2021-05-24 07:56:05 +02:00
Daniel Stenberg
b03b82a85f
docs/tests: remove freenode references 2021-05-24 00:21:00 +02:00
Daniel Stenberg
9df4053f5d
RELEASE-NOTES: synced 2021-05-23 00:15:53 +02:00
Sergey Markelov
96adbf5cdb
NSS: make colons, commas and spaces valid separators in cipher list
Fixes #7110
Closes #7115
2021-05-23 00:11:30 +02:00
Daniel Stenberg
e61d8e36d2
curl: include libmetalink version in --version output
Closes #7112
2021-05-22 11:29:41 +02:00
Matias N. Goldberg
b4bed24459 cmake: Use multithreaded compilation on VS 2008+
Multithreaded compilation has been supported since at least VS 2005 and
been robustly stable since at least VS 2008

Closes https://github.com/curl/curl/pull/7109
2021-05-21 03:37:37 -04:00
Matias N. Goldberg
458a2d85f3
cmake: fix two invokes result in different curl_config.h
Fixes #7100
Closes #7101

Reviewed-by: Jakub Zakrzewski
Signed-off-by: Matias N. Goldberg <dark_sylinc@yahoo.com.ar>
2021-05-21 08:59:58 +02:00
Peng-Yu Chen
07d20f5dfa
cmake: detect CURL_SA_FAMILY_T
Fixes #7049
Closes #7065
2021-05-21 08:39:39 +02:00
Lucas Clemente Vella
84d2839740
CURLOPT_IPRESOLVE: preventing wrong IP version from being used
In some situations, it was possible that a transfer was setup to
use an specific IP version, but due do DNS caching or connection
reuse, it ended up using a different IP version from requested.

This commit changes the effect of CURLOPT_IPRESOLVE from simply
restricting address resolution to preventing the wrong connection
type being used, when choosing a connection from the pool, and
to restricting what addresses could be used when establishing
a new connection.

It is important that all addresses versions are resolved, even if
not used in that transfer in particular, because the result is
cached, and could be useful for a different transfer with a
different CURLOPT_IPRESOLVE setting.

Closes #6853
2021-05-20 16:58:31 +02:00
Oliver Urbann
ac54b10933
AmigaOS: add functions definitions for SHA256
AmiSSL replaces many functions with macros. Curl requires pointer
to some of these functions. Thus, we have to encapsulate these macros:
SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free.

Bug: https://github.com/jens-maus/amissl/issues/15
Co-authored-by: Daniel Stenberg <daniel@haxx.se>

Closes #7099
2021-05-20 16:47:42 +02:00
Daniel Stenberg
d9eb3e316f
test2100: make it run with and require IPv6
Closes #7083
2021-05-20 08:32:43 +02:00
Daniel Stenberg
1f90d08371
tests/getpart: generate output URL encoded for better diffs
Closes #7083
2021-05-20 08:32:38 +02:00
Ryan Beck-Buysse
d845d392b5
docs/TheArtOfHttpScripting: fix markdown links
extra parens cause the links to be incorrectly formatted
and inconsistent with the rest of the document.

Signed-off-by: Ryan Beck-Buysse <rbuysse@gmail.com>
Closes #7097
2021-05-19 09:10:11 +02:00
Daniel Stenberg
3b3459eed8
RELEASE-NOTES: synced 2021-05-19 00:50:14 +02:00
Emil Engler
3d3f4efbc8
docs: replace dots with dashes in markdown enums
We use dashes instead of dots nearly everywhere except for those few
cases. This commit addresses this issues and brings more coherency into
it.

Closes #7093
2021-05-19 00:40:12 +02:00