1
0
mirror of https://github.com/moparisthebest/curl synced 2024-11-14 21:45:13 -05:00
Commit Graph

6978 Commits

Author SHA1 Message Date
Jiri Hruska
cd65ecb2e8 pingpong: Introduce Curl_pp_moredata()
A simple function to test whether the PP is not sending and there are
still more data in its receiver cache. This will be later utilized to:

1) Change Curl_pp_multi_statemach() and Curl_pp_easy_statemach() to
   not test socket state and just call user's statemach_act() function
   when there are more data to process, because otherwise the task would
   just hang, waiting for more data from the socket.

2) Allow PP users to read multiple responses by looping as long as there
   are more data available and current phase is not finished.
   (Currently needed for correct processing of IMAP SELECT responses.)
2013-02-22 18:35:15 +00:00
Yang Tse
52605e006c smtp.c: fix enumerated type mixed with another type 2013-02-19 16:53:13 +01:00
Yang Tse
6a87ac8c88 polarssl threadlock cleanup 2013-02-19 13:11:55 +01:00
Daniel Stenberg
a995ea05b3 resolver_error: remove wrong error message output
The attempt to use gai_strerror() or alternative function didn't work as
the 'sock_error' field didn't contain the proper error code. But since
this hasn't been reported and thus isn't really a big deal I decided to
just scrap the whole attempt to output the detailed resolver error and
instead remain with just stating that the resolving of the name failed.
2013-02-18 22:52:58 +01:00
Kim Vandry
25e577b33d Curl_resolver_is_resolved: show proper host name on failed resolve 2013-02-18 22:45:52 +01:00
Daniel Stenberg
52b5eadf3c Curl_resolver_is_resolved: fix compiler warning
conversion to 'int' from 'long int' may alter its value
2013-02-18 13:40:13 +01:00
Daniel Stenberg
06e6fd1aa7 compiler warning fix
follow-up to commit ed7174c6f6, rename 'wait' to 'block'
2013-02-18 12:56:03 +01:00
Daniel Stenberg
ed7174c6f6 compiler warning fix: declaration of 'wait' shadows a global declaration
It seems older gcc installations (at least) will cause warnings if we
name a variable 'wait'. Now changed to 'block' instead.

Reported by: Jiří Hruška
Bug: http://curl.haxx.se/mail/lib-2013-02/0247.html
2013-02-18 00:14:35 +01:00
Nick Zitzmann
072b1ad15a MacOSX-Framework: Make script work in Xcode 4.0 and later
Apple made a number of changes to Xcode 4. The SDKs were moved, the entire
Developer folder was moved, and PowerPC support was removed. The script
will now adapt to those changes and should be future-proofed against
additional changes in case Apple moves the Developer folder ever again.
Also, the minimum OS X version compiler option was removed, so that the
framework can be built against the latest SDK but still run in older cats.
2013-02-17 14:30:38 -07:00
Steve Holme
e52fc1e297 email: Tidied up result code variables
Tidied up result variables to be consistent in name, declaration order
and default values.
2013-02-16 23:37:50 +00:00
Nick Zitzmann
12ea5beffc ntlm_core: fix compiler warning when building with clang
Fixed a 64-to-32 compiler warning raised when building with
clang and the --with-darwinssl option.
2013-02-16 14:21:09 -07:00
Daniel Stenberg
5e2e3cb54e polarsslthreadlock: #include the proper memory and debug includes
Pointed out by Steve Holme
2013-02-16 13:56:08 +01:00
Steve Holme
39b79c6b75 email: Removed unnecessary forward declaration
Due to the reordering of functions in commit 586f5d3614 the forward
declaration to state_upgrade_tls() are no longer required.
2013-02-16 10:28:32 +00:00
Steve Holme
b0e0f44934 pop3.c: Added reference to RFC-5034 2013-02-16 10:18:01 +00:00
Willem Sparreboom
6d7033b48a PolarSSL: Change to cURL coding style
Repaired all curl/lib/checksrc.pl warnings in the previous four patches
2013-02-15 23:31:25 +01:00
Willem Sparreboom
f10006ee5f PolarSSL: WIN32 threading support for entropy
Added WIN32 threading support for PolarSSL entropy if
--enable-threaded-resolver config flag is set and process.h can be found.
2013-02-15 23:31:25 +01:00
Willem Sparreboom
c35a10483d PolarSSL: pthread support for entropy
Added pthread support for polarssl entropy if --enable-threaded-resolver
config flag is set and pthread.h can be found.
2013-02-15 23:30:20 +01:00
Willem Sparreboom
db3f3c14f2 PolarSSL: changes to entropy/ctr_drbg/HAVEGE_RANDOM
Add non-threaded entropy and ctr_drbg and removed HAVEGE_RANDOM define
2013-02-15 23:15:10 +01:00
Willem Sparreboom
1346cb19f2 PolarSSL: added human readable error strings
Print out human readable error strings for PolarSSL related errors
2013-02-15 23:15:10 +01:00
Steve Holme
2dbeaf7dad pop3: Removed unnecessary state changes on failure 2013-02-15 18:33:28 +00:00
Steve Holme
673b7ba80a imap: Removed unnecessary state change on failure 2013-02-15 18:33:10 +00:00
Daniel Stenberg
c25383ae13 rename "easy" statemachines: call them block instead
... since they're not used by the easy interface really, I wanted to
remove the association. Also, I unified the pingpong statemachine driver
into a single function with a 'wait' argument: Curl_pp_statemach.
2013-02-15 11:10:18 +01:00
Gisle Vanem
6106eeba16 curl_setup_once.h: definition of HAVE_CLOSE_S defines sclose() to close_s() 2013-02-15 02:35:23 +01:00
Gisle Vanem
8481386513 config-dos.h: define HAVE_CLOSE_S for MSDOS/Watt-32 2013-02-15 02:35:22 +01:00
Gisle Vanem
2683927756 config-dos.h: define strerror() to strerror_s_() for High-C 2013-02-15 02:35:09 +01:00
Gisle Vanem
5d8ec4a634 config-dos.h: define HAVE_TERMIOS_H only for djgpp 2013-02-15 01:38:39 +01:00
Steve Holme
4f328b85c3 smtp.c: Fixed a trailing whitespace
Remove tailing whitespace introduced in commit 7ed689d24a.
2013-02-14 20:06:03 +00:00
Steve Holme
92a537a2bb pop3: Fixed blocking SSL connect when connecting via POP3S
A call to Curl_ssl_connect() was accidentally left in when the SSL/TLS
connection layer was reworked in 7.29. Not only would this cause the
connection to block but had the additional overhead of calling the
non-blocking connect a little bit later.
2013-02-14 18:20:52 +00:00
Steve Holme
7ed689d24a smtp: Refactored the smtp_state_auth_resp() function
Renamed smtp_state_auth_resp() function to match the implementations in
IMAP and POP3.
2013-02-14 18:15:07 +00:00
Daniel Stenberg
358c5c0745 strlcat: remove function
This function was only used twice, both in places where performance
isn't crucial (socks + if2ip). Removing the use of this function removes
the need to have our private version for systems without it == reduced
amount of code.

Also, in the SOCKS case it is clearly better to fail gracefully rather
than to truncate the results.

This work was triggered by a bug report on the strcal prototype in
strequal.h.

strlcat was added in commit db70cd28 in February 2001!

Bug: http://curl.haxx.se/bug/view.cgi?id=1192
Reported by: Jeremy Huddleston
2013-02-14 10:41:45 +01:00
Daniel Stenberg
d821525cee Curl_FormBoundary: made static
As Curl_FormBoundary() is no longer used outside of this file (since
commit ad7291c1a9), it is now renamed to formboundary() and is made
static.
2013-02-14 10:32:04 +01:00
Daniel Stenberg
ad7291c1a9 ossl_seed: fix the last resort PRNG seeding
Instead of just abusing the pseudo-randomizer from Curl_FormBoundary(),
this now uses Curl_ossl_random() to get entropy.
2013-02-14 00:06:19 +01:00
Steve Holme
d09d08dc1f email: Tidy up before additional IMAP work
Replaced two explicit comparisons of CURLE_OK with boolean alternatives.

General tidy up of comments.
2013-02-13 20:12:21 +00:00
Steve Holme
0c6fa0dd64 smtp: Removed duplicate pingpong structure initialisation
The smtp_connect() function was setting the member variables of the
pingpong structure twice, once before calling Curl_pp_init() and once
after!
2013-02-13 18:22:20 +00:00
Yang Tse
beae838ed5 move msvc IDE related files to 'vc' directory tree 2013-02-13 13:28:13 +01:00
Steve Holme
d713e9a207 imap: Corrected a whitespace issue from previous commit
Fixed a small whitespace issue that crept in there in commit
508cdf4da4.
2013-02-12 23:05:14 +00:00
Steve Holme
508cdf4da4 email: Another post optimisation of endofresp() tidy up 2013-02-12 23:00:34 +00:00
Steve Holme
e6c1e773d9 sasl: Fixed null pointer reference when decoding empty digest challenge
Fixed a null pointer reference when an empty challenge is passed to the
Curl_sasl_create_digest_md5_message() function.

Bug: http://sourceforge.net/p/curl/bugs/1193/
Reported by: Saran Neti
2013-02-12 22:20:44 +00:00
Steve Holme
52281a10aa email: Post optimisation of endofresp() tidy up
Removed unnecessary end of line check and return.
2013-02-12 21:01:50 +00:00
Nick Zitzmann
66aa9bf52d darwinssl: Fix send glitchiness with data > 32 or so KB
An ambiguity in the SSLWrite() documentation lead to a bad inference in the
code where we assumed SSLWrite() returned the amount of bytes written to
the socket, when that is not actually true; it returns the amount of data
that is buffered for writing to the socket if it returns errSSLWouldBlock.
Now darwinssl_send() returns CURLE_AGAIN if data is buffered but not written.

Reference URL: http://curl.haxx.se/mail/lib-2013-02/0145.html
2013-02-12 13:02:36 -07:00
Steve Holme
bd93062ee5 pingpong.h: Fixed line length over 78 characters from b56c9eb48e 2013-02-12 19:28:23 +00:00
Steve Holme
b56c9eb48e pingpong: Optimised the endofresp() function
Reworked the pp->endofresp() function so that the conndata, line and
line length are passed down to it just as with Curl_client_write()
rather than each implementation of the function having to query
these values.

Additionally changed the int return type to bool as this is more
representative of the function's usage.
2013-02-12 18:08:48 +00:00
Steve Holme
586f5d3614 email: Post STARTLS capability code tidy up (Part Three)
Corrected the order of the upgrade_tls() functions and moved the handler
upgrade and getsock() functions out from the middle of the state related
functions.
2013-02-11 23:13:50 +00:00
Steve Holme
de492b31c5 email: Post STARTLS capability code tidy up (Part Two)
Corrected the order of the pop3_state_capa() / imap_state_capability()
and the pop3_state_capa_resp() / imap_state_capability_resp() functions
to match the execution order.
2013-02-11 22:41:08 +00:00
ulion
5cd85db9fa SOCKS: fix socks proxy when noproxy matched
Test 1212 added to verify

Bug: http://curl.haxx.se/bug/view.cgi?id=1190
2013-02-11 20:10:52 +01:00
Steve Holme
9a6e580e3a ntlm: Updated comments for the addition of SASL support to IMAP in v7.29 2013-02-11 14:26:18 +00:00
Linus Nielsen Feltzing
da3fc1ee91 Fix NULL pointer reference when closing an unused multi handle. 2013-02-10 22:57:58 +01:00
Steve Holme
85a2e9ec82 email: Post STARTLS capability code tidy up (Part One)
Corrected the order of the CAPA / CAPABILITY state machine constants to
match the execution order.
2013-02-10 21:18:30 +00:00
Steve Holme
18d1ea4528 imap: Fixed memory leak following commit f6010d9a03 2013-02-10 20:32:36 +00:00
Steve Holme
566a3638fa smtp: Added support for the STARTTLS capability (Part Two)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:59:42 +00:00
Steve Holme
e0f4af4032 pop3: Added support for the STLS capability (Part Three)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:56:54 +00:00
Steve Holme
b50ce1e5ba imap: Added support for the STARTTLS capability (Part Three)
Added honoring of the tls_supported flag when starting a TLS upgrade
rather than unconditionally attempting it. If the use_ssl flag is set
to CURLUSESSL_TRY and the server doesn't support TLS upgrades then the
connection will continue to authenticate. If this flag is set to
CURLUSESSL_ALL then the connection will complete with a failure as it
did previously.
2013-02-10 19:53:49 +00:00
Steve Holme
2e0a295e3b pop3: Added support for the STLS capability (Part Two)
Added sending of initial CAPA command before STLS is sent. This allows
for the detection of the capability before trying to upgrade the
connection.
2013-02-10 15:45:01 +00:00
Steve Holme
f6010d9a03 imap: Added support for the STARTTLS capability (Part Two)
Added sending of initial CAPABILITY command before STARTTLS is sent.
This allows for the detection of the capability before trying to
upgrade the connection.
2013-02-10 15:41:56 +00:00
Steve Holme
c76cb3da04 smtp: Added support for the STLS capability (Part One)
Introduced detection of the STARTTLS capability, in order to add support
for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-10 12:19:10 +00:00
Steve Holme
2f66ca11c1 pop3: Added support for the STLS capability (Part One)
Introduced detection of the STLS capability, in order to add support
for TLS upgrades without unconditionally sending the STLS command.
2013-02-10 12:16:27 +00:00
Steve Holme
a1701eea28 imap: Added support for the STARTTLS capability (Part One)
Introduced detection of the STARTTLS capability, in order to add support
for TLS upgrades without unconditionally sending the STARTTLS command.
2013-02-10 12:13:55 +00:00
Steve Holme
92f7606f29 smtp: Fixed an issue when processing EHLO failure responses (Part 3)
Follow up fix to commit 62bd217464 to cater for servers that don't
respond with a 250 in their EHLO responses. Additionally updated the
SMTP tests to respond with a 250 response code as per RFC5321.
2013-02-09 19:01:15 +00:00
Steve Holme
fd52530b50 pop3: Fixed SASL authentication capability detection
Fixed the SASL capability detection to include the space character
before the authentication mechanism list. Otherwise a capability such
as SASLSOMETHING would be interpreted as enabling SASL and potentially
trying to identify SOMETHING as a mechanism.
2013-02-09 17:17:02 +00:00
Steve Holme
572f7864b2 pop3: Fixed incorrect return value from pop3_endofresp()
Corrected an incorrect return value when -ERR is received from the
server - introduced in commit b5bb61ee69 (June 2012).
2013-02-09 15:23:30 +00:00
Steve Holme
62bd217464 smtp: Fixed an issue when processing EHLO failure responses (Part 2)
Follow up fix to commit 23d17190ee as EHLO capabilities can exist
within a positive response line.
2013-02-09 14:32:20 +00:00
Steve Holme
f0bfc0fbd7 smtp: Fixed an issue with missing capabilities after the AUTH line
Follow up to commit 40f9bb787f to fix missing capabilities after an
AUTH line.
2013-02-09 14:26:22 +00:00
Nick Zitzmann
7f266f1c99 darwinssl: Make certificate errors less techy
Previously if a problem was found with one of the server's certificates,
we'd log an OSStatus for the end user to look up. Now we explain what
was wrong with the site's certificate chain. Also un-did part of the
previous commit where the code wouldn't catch errSSLServerAuthCompleted
if built under Leopard.
2013-02-08 18:34:11 -07:00
Guenter Knauf
5be2499e16 Updated dependency libs. 2013-02-09 01:35:11 +01:00
Steve Holme
f44d0aedc1 imap: Corrected some comments 2013-02-09 00:26:40 +00:00
Steve Holme
23d17190ee smtp: Fixed an issue when processing EHLO failure responses
Fixed a small issue where smtp_endofresp() would look for capabilities
in the description part of a failure response. In theory a server
shouldn't respond with SIZE or AUTH in an EHLO command's failure
response but if it did then capabilities would be unnecessarily set
before eventually failing.
2013-02-09 00:22:25 +00:00
Steve Holme
21657823ea pop3: Reworked pop3_endofresp() to simplify it little
Reworked pop3_endofresp() to simplify it and provide consistency between
imap and smtp.
2013-02-08 23:07:20 +00:00
Steve Holme
3bb45aa7f5 imap: Renamed state variables in imap_authenticate()
Renamed the authstate1 and authstate2 variables in imap_authenticate()
as the old name was a left over from when there was only one state
variable which was named due to a clash with the state() function.

Additionally this provides consistency with the smtp module.
2013-02-08 21:40:54 +00:00
Steve Holme
40f9bb787f smtp: Reworked smtp_endofresp() to allow for extra capability detection 2013-02-08 21:19:34 +00:00
Steve Holme
dda53476ca smtp: Renamed smtp_state_auth_passwd_resp() function
Renamed the login password response function to better describe it's
purpose as well as for consistency with the imap and pop3 modules.
2013-02-08 20:54:03 +00:00
Gisle Vanem
463082bea4 ntlm: fix memory leak
Running tests\libtest\libntlmconnect.exe reveals a 1 byte (!) leak in
./lib/curl_ntlm_msgs.c:

perl ..\memanalyze.pl c:memdebug.curl
Leak detected: memory still allocated: 1 bytes
At 9771e8, there's 1 bytes.
allocated by curl_ntlm_msgs.c:399

Snippet from curl_ntlm_msgs.c:
   /* setup ntlm identity's domain and length */
   dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));

(my domlen == 0).

'dup_domain.tbyte_ptr' looks to be freed in Curl_ntlm_sspi_cleanup() via
'ntlm->identity.Domain'. But I see no freeing of 'dup_domain.tchar_ptr'.
2013-02-08 15:51:27 +01:00
Daniel Stenberg
72688317ad DONE: consider callback-aborted transfers premature
This bug report properly identified that when doing SMTP and aborting
the transfer with a callback, it must be considered aborted prematurely
by the code to avoid QUIT etc to be attempted as that would cause a
hang.

The new test case 1507 verifies this behavior.

Reported by: Patricia Muscalu
Bug: http://curl.haxx.se/bug/view.cgi?id=1184
2013-02-08 13:57:01 +01:00
Nick Zitzmann
9613cf7211 darwinssl: Fix build under Leopard
It turns out that Leopard (OS X 10.5) doesn't have constants for the ECDH
ciphers in its headers, so the cases for them have been taken out of the
build when building under Leopard. Also added a standard function for
getting a string description of a SecCertificateRef.
2013-02-07 18:57:53 -07:00
Steve Holme
6da7dc026c imap: Added support for SASL-IR extension (Part 2)
Modified imap_authenticate() to add support for sending the initial
response with the AUTHENTICATE command, as per RFC4959.
2013-02-07 21:06:53 +00:00
Steve Holme
e07385f853 smtp: Updated SMTP_AUTH_PASSWD state constant
Changed the SMTP_AUTH_PASSWD state constant to SMTP_AUTH_LOGIN_PASSWD to
better describe the state as the second part of an AUTH LOGIN command,
as well as for consistency with the imap and pop3 modules.
2013-02-07 20:37:11 +00:00
Steve Holme
86dfcf737d imap: Added support for SASL-IR extension (Part 1)
Introduced detection of the SASL-IR capability, in order to add support
for sending the initial response with the AUTHENTICATE command, as per
RFC4959.
2013-02-07 20:02:06 +00:00
Steve Holme
7704621f4c imap: Changed response tag generation to be completely unique
Updated the automatic response tag generation to follow the examples
given in RC3501, which list a 4 character string such as A001, A002,
etc.

As a unique identifier should be generated for each command the string
generation is based on the connection id and the incrementing command
id.
2013-02-07 00:18:23 +00:00
Steve Holme
cecb9c0f71 imap: Small variable rename in preparation for upcoming change
Renamed a couple of variables and updated some comments in
preparation for upcoming command id / response tag change.
2013-02-06 22:22:57 +00:00
Daniel Stenberg
632e50ca8d msvc: move Makefile.msvc.names into winbuild/
In an attempt to clear up misc files from the root dir
2013-02-06 23:14:11 +01:00
Steve Holme
de0410fe9a email: Moved starttls code in separate functions
To help maintain the readability of the code in imap.c, pop3.c and
smtp.c moved the starttls code into state_starttls() functions.
2013-02-06 20:02:36 +00:00
Daniel Stenberg
bf633a584d vms: config-vms.h is removed, no use trying to distribute it 2013-02-06 11:11:55 +01:00
Eldar Zaitov
f206d6c055 Curl_sasl_create_digest_md5_message: fix buffer overflow
When negotiating SASL DIGEST-MD5 authentication, the function
Curl_sasl_create_digest_md5_message() uses the data provided from the
server without doing the proper length checks and that data is then
appended to a local fixed-size buffer on the stack.

This vulnerability can be exploited by someone who is in control of a
server that a libcurl based program is accessing with POP3, SMTP or
IMAP. For applications that accept user provided URLs, it is also
thinkable that a malicious user would feed an application with a URL to
a server hosting code targetting this flaw.

Bug: http://curl.haxx.se/docs/adv_20130206.html
2013-02-06 11:06:33 +01:00
Yang Tse
85625c5e28 setup-vms.h: post VMS patch cleanup - III
- rename post-config-vms.h to setup-vms.h
- move its inclusion into proper location in curl_setup.h
2013-02-06 04:53:34 +01:00
Steve Holme
33a182e6c2 imap.h: Corrected incorrect comment clarification
Corrected comment clarification made in commit 167717b806.
2013-02-05 23:59:47 +00:00
John E. Malmberg
25f351424b VMS: fix and generate the VMS build config
config_h.com is a new file that generates a config.h file based on the
curl_config.h.in file and a quick scan of the configure script.  This is
actually a generic procedure that is shared with other VMS packages.

The existing pre-built config-vms.h had over 100 entries that were not
correct and in some cases conflicted with the build options available in
the build_vms.com.

generate_config_vms_h_curl.com is a helper procedure to the
config_h.com.  It covers the cases that the generic config_h.com is not
able to figure out, and accepts input from the build_vms.com procedure.

build_curlbuild_h.com is a new file to generate the curlbuild.h file
that Curl is now using when it is using a curl_config.h file.

post-config-vms.h is a new file that is needed to provide VMS specific
definitions, and most of them need to be set before the system header
files are included.

The VMS build procedure is fixed:

   1. Fixed to link in the correct HP ssl library.
   2. Fixed to detect if HP Kerberos is installed.
   3. Fixed to detect if HP LDAP is installed.
   4. Fixed to detect if gnv$libzshr is installed.
   5. Simplified the input parameter parsing to not use a loop.
   6. Warn that 64 bit pointer option support is not complete
      in comments.
   7. Default to IEEE floating if platform supports it so
      resulting libcurl will be compatible with other
      open source projects on VMS.
   8. Default to LARGEFILE if platform supports it.
   9. Default to enable SSL, LDAP, Kerberos, libz
      if the libraries are present.
   10. Build with exact case global symbols for libcurl.
   11. Generate linker option file needed.
   12. Compiler list option only commonly needed items.
   13. fulllist option for those who really want it.
   14. Create debug symbol file on Alpha, IA64.
2013-02-05 23:08:57 +01:00
Daniel Stenberg
cb3e6dfa35 Curl_proxyCONNECT: return once CONNECT is sent
By doing this unconditionally, we infer a simpler and more defined
behavior. This also has the upside that test 1021 no longer fails for me
even if I run with valgrind.

Also fixed some wrong comments.
2013-02-05 23:06:00 +01:00
Steve Holme
1d22407863 email: Reworked comments in the endofresp() functions
Tidied up the comments in the endofresp() functions to be more
meaningful prior to release.
2013-02-05 21:09:34 +00:00
Marc Hoersken
bb7c2ee37c schannel: Removed extended error connection setup flag
According KB975858 this flag may cause problems on Windows 7 and
Windows Server 2008 R2 systems. Extended error information is not
currently used by libcurl and therefore not a requirement.

The flag may improve the SSL-connection shutdown in case of an
error. This means it might be a good improvement in the future.

Fixes bug/issue #1187 - thanks for the report
2013-02-05 22:02:45 +01:00
Tor Arntsen
278ab75e9f singleipconnect: Update *sockp for all CURLE_OK
The 56b7c87c7 change left a case where a good sockfd was not copied to
*sockp before returning with CURLE_OK
2013-02-05 17:58:28 +01:00
Daniel Stenberg
0d1b754376 curl_easy_perform: Value stored to 'mcode' is never read
pointed out by clang-analyzer
2013-02-05 14:09:18 +01:00
Daniel Stenberg
4cd027f17e singleipconnect: remove dead assignment
pointed out by clang-analyzer
2013-02-05 14:07:39 +01:00
Linus Nielsen Feltzing
bd1f170a5a CURLMOPT_MAXCONNECTS: restore functionality
When a connection is no longer used, it is kept in the cache. If the
cache is full, the oldest idle connection is closed. If no connection is
idle, the current one is closed instead.
2013-02-05 09:17:52 +01:00
Steve Holme
022e67294e email: Provided extra comments following recent pop3/imap fixes
Provided additional clarification about the logic of the authenticate()
functions following commit 6b6bdc83bd and b4270a9af1.
2013-02-04 23:51:36 +00:00
Steve Holme
e1cd753e4d pop3.c: Updated variable names to use shorter / more readable variant
Tidied up code from commit 6b6bdc83bdUpdated where a few instances of
the pop3c struct variable used the longer conndata struct rather than
matching what other code in pop3_authenticate() used.
2013-02-04 20:33:30 +00:00
Steve Holme
b4270a9af1 imap: Fixed no known authentication mechanism when fallback is required
Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.
imap: Fixed no known authentication mechanism when fallback is required

Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to Clear Text authentication.

Note: In order to fallback to Clear Text authentication properly this
fix adds support for the LOGINDISABLED server capability.

Related bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
2013-02-03 23:58:03 +00:00
Steve Holme
6b6bdc83bd pop3: Fixed no known authentication mechanism when fallback is required
Fixed an issue where (lib)curl is compiled without support for a
supported challenge-response based SASL authentication mechanism, such
as CRAM-MD5 or NTLM, the server doesn't support the LOGIN or PLAIN
mechanisms and (lib)curl doesn't fallback to APOP or Clear Text
authentication.

Bug: http://curl.haxx.se/mail/lib-2013-02/0004.html
Reported by: Stanislav Ivochkin
2013-02-03 21:43:08 +00:00
Daniel Stenberg
56b7c87c74 singleipconnect: simplify and clean up
Remove timeout argument that's never used.

Make the actual connection get detected on a single spot to reduce code
duplication.

Store the IPv6 state already when the connection is attempted.
2013-02-01 08:16:08 +01:00
Daniel Stenberg
32e8467a66 Curl_perfom: removed
Curl_perfom is no longer used anywhere since the always-multi commit
c43127414d, and some related functions were used only from within
Curl_perfom.
2013-02-01 08:14:46 +01:00
Nick Zitzmann
163a1dca5f darwinssl: Fix bug where packets were sometimes transmitted twice
There was a bug where, if SSLWrite() returned errSSLWouldBlock but did
succeed in transmitting at least something, then we'd incorrectly
resend the packet. Now we never take errSSLWouldBlock as a sign that
nothing was transferred to/from the server.

Bug: http://curl.haxx.se/mail/lib-2013-01/0295.html
Reported by: Bruno de Carvalho
2013-01-29 09:05:59 +01:00
Guenter Knauf
0494da830b Updated dependency libs. 2013-01-28 01:25:39 +01:00
Steve Holme
0e5e720c19 smtp.c: Fixed unnecessary state change if starttls fails
The state machine should only be changed to SMTP_STARTTLS when the
STARTTLS command has been successfully sent to the server.
2013-01-27 10:44:21 +00:00
Steve Holme
3dbf11d0a1 pop3.c: Fixed unnecessary state change if starttls fails
The state machine should only be changed to POP3_STARTTLS when the
STLS command has been successfully sent to the server.
2013-01-27 10:42:32 +00:00
Steve Holme
499e30c4bb imap.c: Fixed unnecessary state change if starttls fails
The state machine should only be changed to IMAP_STARTTLS when the
STARTTLS command has been successfully sent to the server.
2013-01-27 10:41:10 +00:00
Steve Holme
73fae58132 email: Updated comment regarding ssldone usage
Updated the ssldone comment as multi mode is always used internally now.
2013-01-26 15:06:44 +00:00
Steve Holme
d9c3505e83 smtp.c: Added comments to smtp_endofresp()
Minor code tidy up to add comments similar to those used in the pop3
and imap end of resp functions, in order to assist anyone reading the
code and highlight the similarities between each of these protocols.
2013-01-25 22:14:21 +00:00
Steve Holme
fda0f14f73 smtp.c: Corrected RFC references
The most recent version of the SMTP RFC is RFC5321 and not RFC2821 as
previously documented.

Added RFC1870 and re-ordered list numerically.
2013-01-24 23:41:57 +00:00
Steve Holme
f8ba1273af smtp.c: Fixed failure detection during TLS upgrade
smtp_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to smtps and start the EHLO command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
2013-01-24 20:27:43 +00:00
Steve Holme
8b275718e2 pop3.c: Fixed failure detection during TLS upgrade
pop3_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to pop3s and start the CAPA command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
2013-01-24 20:24:39 +00:00
Steve Holme
379d63ecc7 imap.c: Fixed failure detection during TLS upgrade
imap_state_upgrade_tls() would attempt to incorrectly complete the
upgrade to imaps and start the CAPABILITY command if
Curl_ssl_connect_nonblocking() returned a failure code and if ssldone
was set to TRUE. This would only happen when a non-blocking API hadn't
been provided by the SSL implementation and curlssl_connect() was
called underneath.
2013-01-24 20:22:20 +00:00
Steve Holme
6a55f25f67 email: Removed unnecessary return statements
Small tidy up to remove unnecessary return statements prior to the next
fix.
2013-01-23 21:59:56 +00:00
Steve Holme
de991037e4 curl_sasl.c: Corrected references to RFC
The most recent version of the RFC is RFC4422 and not RFC2222 as
previously documented.
2013-01-22 22:02:30 +00:00
Steve Holme
56d4de468c email: Corrected references to SASL RFC
The most recent version of the SASL RFC is RFC4422 and not RFC2222 as
previously documented.
2013-01-22 18:37:12 +00:00
Ulion
2698520aef formpost: support quotes, commas and semicolon in file names
- document the double-quote and backslash need be escaped if quoting.
- libcurl formdata escape double-quote in filename by backslash.
- curl formparse can parse filename both contains '"' and ',' or ';'.
- curl now can uploading file with ',' or ';' in filename.

Bug: http://curl.haxx.se/bug/view.cgi?id=1171
2013-01-22 15:43:29 +01:00
Steve Holme
e5ea45ec2e pop3.c: Fixed conditional compilation of the apop response function
Extended the fix from commit 8b15c84ea9 to additionally exclude
pop3_state_apop_resp() if the CURL_DISABLE_CRYPTO_AUTH flag is
defined.
2013-01-20 11:09:53 +00:00
Daniel Stenberg
f4cc54cb47 formadd: reject trying to read a directory where a file is expected
Bug: http://curl.haxx.se/mail/archive-2013-01/0017.html
Reported by: Ulrich Doehner
2013-01-19 23:08:12 +01:00
Steve Holme
ece8681a60 email: General code tidy up
Corrected some function argument definitions to maximize the 80
character line length limit and be in keeping with the curl
coding style.
2013-01-19 09:49:17 +00:00
Steve Holme
7b5be79908 pop3.c: Fixed a problem with pop3s connections not connecting properly
Fixed an issue where Curl_ssl_connect_nonblocking() wouldn't complete
correctly and the ssldone flag wouldn't be set to true for pop3s based
connections.

Bug introduced in commit: 4ffb8a6398.
2013-01-18 21:55:19 +00:00
Daniel Stenberg
c43127414d always-multi: always use non-blocking internals
Remove internal separated behavior of the easy vs multi intercace.
curl_easy_perform() is now using the multi interface itself.

Several minor multi interface quirks and bugs have been fixed in the
process.

Much help with debugging this has been provided by: Yang Tse
2013-01-17 19:40:35 +01:00
Yang Tse
9fd88abb70 url.c: fix HTTP CONNECT tunnel establishment upon delayed response
Fixes initial proxy response being processed by the tunneled protocol
handler instead of the HTTP wrapper handler. This issue would trigger
upon delayed CONNECT response from the proxy.

Additionally fixes a multi interface code-path in which connections
would not time out properly.

This does not fix known bug #39.

URL: http://curl.haxx.se/mail/lib-2013-01/0191.html
2013-01-17 17:07:19 +01:00
Daniel Stenberg
533c31b785 FTP: reject illegal port numbers in EPSV 229 responses 2013-01-15 22:35:48 +01:00
Kamil Dudka
26613d7817 nss: fix error messages for CURLE_SSL_{CACERT,CRL}_BADFILE
Do not use the error messages from NSS for errors not occurring in NSS.
2013-01-15 13:20:56 +01:00
Daniel Stenberg
600cbaca6f Curl_resolver_getsock: fix the function description comment
It referred to it by the wrong name and said it returned the wrong value.

Reported by: Gisle Vanem
2013-01-12 22:33:38 +01:00
Kamil Dudka
b36f1d26f8 nss: clear session cache if a client cert from file is used
This commit fixes a regression introduced in 052a08ff.

NSS caches certs/keys returned by the SSL_GetClientAuthDataHook callback
and if we connect second time to the same server, the cached cert/key
pair is used.  If we use multiple client certificates for different
paths on the same server, we need to clear the session cache to force
NSS to call the hook again.  The commit 052a08ff prevented the session
cache from being cleared if a client certificate from file was used.

The condition is now fixed to cover both cases: consssl->client_nickname
is not NULL if a client certificate from the NSS database is used and
connssl->obj_clicert is not NULL if a client certificate from file is
used.

Review by: Kai Engert
2013-01-11 10:59:11 +01:00
Yang Tse
a9ca5e61e5 sockfilt.c: fix some W64 compiler warnings 2013-01-09 22:23:49 +01:00
Yang Tse
5a053ffe80 build: fix circular header inclusion with other packages
This commit renames lib/setup.h to lib/curl_setup.h and
renames lib/setup_once.h to lib/curl_setup_once.h.

Removes the need and usage of a header inclusion guard foreign
to libcurl. [1]

Removes the need and presence of an alarming notice we carried
in old setup_once.h [2]

----------------------------------------

1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard
    up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H,
    this single inclusion guard is enough to ensure that inclusion of
    lib/setup_once.h done from lib/setup.h is only done once.

    Additionally lib/setup.h has always used __SETUP_ONCE_H macro to
    protect inclusion of setup_once.h even after commit ec691ca3, this
    was to avoid a circular header inclusion triggered when building a
    c-ares enabled version with c-ares sources available which also has
    a setup_once.h header. Commit ec691ca3 exposes the real nature of
    __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard
    foreign to libcurl belonging to c-ares's setup_once.h

    The renaming this commit does, fixes the circular header inclusion,
    and as such removes the need and usage of a header inclusion guard
    foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl.

2 - Due to the circular interdependency of old lib/setup_once.h and the
    c-ares setup_once.h header, old file lib/setup_once.h has carried
    back from 2006 up to now days an alarming and prominent notice about
    the need of keeping libcurl's and c-ares's setup_once.h in sync.

    Given that this commit fixes the circular interdependency, the need
    and presence of mentioned notice is removed.

    All mentioned interdependencies come back from now old days when
    the c-ares project lived inside a curl subdirectory. This commit
    removes last traces of such fact.
2013-01-09 00:49:50 +01:00
Steve Holme
4ffb8a6398 pop3: Added support for non-blocking SSL upgrade
Added support for asynchronous SSL upgrade when using the
multi-interface.
2013-01-08 11:31:48 +00:00
Steve Holme
905d0be509 imap.c: Small tidy up to add missing comment 2013-01-07 18:07:04 +00:00
Steve Holme
fd3efca164 imap: Added support for sasl digest-md5 authentication 2013-01-07 11:01:05 +00:00
Steve Holme
825677ad09 imap: Added support for sasl cram-md5 authentication 2013-01-07 07:35:49 +00:00
Steve Holme
f6e33cf669 imap: Added support for sasl ntlm authentication 2013-01-07 02:47:12 +00:00
Steve Holme
4e6265ea5a imap: Added support for sasl login authentication 2013-01-06 23:14:18 +00:00
Steve Holme
494b8664da pop3.c: Fixed default authentication detection
Fixed an issue where a server may positively respond to the CAPA command
but not list clear text as a valid authentication type.
2013-01-06 23:06:29 +00:00
Steve Holme
d6bebd56f7 curl_sasl.c: Small code tidy up following imap changes 2013-01-06 22:32:33 +00:00
Steve Holme
70dcde78d0 smtp.c: Small code tidy up following imap changes 2013-01-06 22:32:05 +00:00
Steve Holme
89a3086231 pop3.c: Small code tidy up following imap changes 2013-01-06 22:31:21 +00:00
Steve Holme
cfb6f03224 imap: Added support for sasl plain text authentication 2013-01-06 22:25:14 +00:00
Steve Holme
dd561c3834 imap: Introduced the continue response in imap_endofresp() 2013-01-06 20:29:19 +00:00
Steve Holme
db20517796 imap: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the CAPABILITY command.
2013-01-06 19:13:58 +00:00
Yang Tse
4a5aa6682d Revert changes relative to lib/*.[ch] recent renaming
This reverts renaming and usage of lib/*.h header files done
28-12-2012, reverting 2 commits:

  f871de0... build: make use of 76 lib/*.h renamed files
  ffd8e12... build: rename 76 lib/*.h files

This also reverts removal of redundant include guard (redundant thanks
to changes in above commits) done 2-12-2013, reverting 1 commit:

  c087374... curl_setup.h: remove redundant include guard

This also reverts renaming and usage of lib/*.c source files done
3-12-2013, reverting 3 commits:

  13606bb... build: make use of 93 lib/*.c renamed files
  5b6e792... build: rename 93 lib/*.c files
  7d83dff... build: commit 13606bbfde follow-up 1

Start of related discussion thread:

  http://curl.haxx.se/mail/lib-2013-01/0012.html

Asking for confirmation on pushing this revertion commit:

  http://curl.haxx.se/mail/lib-2013-01/0048.html

Confirmation summary:

  http://curl.haxx.se/mail/lib-2013-01/0079.html

NOTICE: The list of 2 files that have been modified by other
intermixed commits, while renamed, and also by at least one
of the 6 commits this one reverts follows below. These 2 files
will exhibit a hole in history unless git's '--follow' option
is used when viewing logs.

  lib/curl_imap.h
  lib/curl_smtp.h
2013-01-06 18:20:27 +01:00
Daniel Stenberg
cc4ac82bb6 mk-ca-bundle: add -f, support passing to stdout and more
1. When the downloaded data file from Mozilla is current, but the output
bundle does not exist: continue processing to create the bundle.  The
goal is to have the output file - not just download the latest input.

2. added -f option to force re-processing the file.  Useful for
debugging/testing the process.

3. added support for output to '-' (stdout), allowing the output to be
piped.

4. All progress and error messages go to STDERR rather than STDOUT (3)

5. The script opened and closed the output file many times
unnecessarily.  It now opens it once, does the output and closes it.

6. Backup of the input files happens after successful processing, not
before.

7. The output is written to a temporary file, and renamed to the
requested name after backup - this greatly reduces the window where the
file can be seen partially written.

8. all die calls have a \n at the end to suppress perl's traceback - the
traceback isn't useful to end users.

Patch: http://curl.haxx.se/mail/lib-2013-01/0045.html
2013-01-05 23:51:12 +01:00
Yang Tse
0b3180b4f5 test 1222: 8 chars object name generation && test 1221: adjustments 2013-01-03 19:24:00 +01:00
Yang Tse
7d83dfff9c build: commit 13606bbfde follow-up 1 2013-01-03 10:54:18 +01:00
Yang Tse
5b6e7927c6 build: rename 93 lib/*.c files
93 lib/*.c source files renamed to use our standard naming scheme.

This commit only does the file renaming.

----------------------------------------

  renamed:    lib/amigaos.c -> lib/curl_amigaos.c
  renamed:    lib/asyn-ares.c -> lib/curl_asyn_ares.c
  renamed:    lib/asyn-thread.c -> lib/curl_asyn_thread.c
  renamed:    lib/axtls.c -> lib/curl_axtls.c
  renamed:    lib/base64.c -> lib/curl_base64.c
  renamed:    lib/bundles.c -> lib/curl_bundles.c
  renamed:    lib/conncache.c -> lib/curl_conncache.c
  renamed:    lib/connect.c -> lib/curl_connect.c
  renamed:    lib/content_encoding.c -> lib/curl_content_encoding.c
  renamed:    lib/cookie.c -> lib/curl_cookie.c
  renamed:    lib/cyassl.c -> lib/curl_cyassl.c
  renamed:    lib/dict.c -> lib/curl_dict.c
  renamed:    lib/easy.c -> lib/curl_easy.c
  renamed:    lib/escape.c -> lib/curl_escape.c
  renamed:    lib/file.c -> lib/curl_file.c
  renamed:    lib/fileinfo.c -> lib/curl_fileinfo.c
  renamed:    lib/formdata.c -> lib/curl_formdata.c
  renamed:    lib/ftp.c -> lib/curl_ftp.c
  renamed:    lib/ftplistparser.c -> lib/curl_ftplistparser.c
  renamed:    lib/getenv.c -> lib/curl_getenv.c
  renamed:    lib/getinfo.c -> lib/curl_getinfo.c
  renamed:    lib/gopher.c -> lib/curl_gopher.c
  renamed:    lib/gtls.c -> lib/curl_gtls.c
  renamed:    lib/hash.c -> lib/curl_hash.c
  renamed:    lib/hmac.c -> lib/curl_hmac.c
  renamed:    lib/hostasyn.c -> lib/curl_hostasyn.c
  renamed:    lib/hostcheck.c -> lib/curl_hostcheck.c
  renamed:    lib/hostip.c -> lib/curl_hostip.c
  renamed:    lib/hostip4.c -> lib/curl_hostip4.c
  renamed:    lib/hostip6.c -> lib/curl_hostip6.c
  renamed:    lib/hostsyn.c -> lib/curl_hostsyn.c
  renamed:    lib/http.c -> lib/curl_http.c
  renamed:    lib/http_chunks.c -> lib/curl_http_chunks.c
  renamed:    lib/http_digest.c -> lib/curl_http_digest.c
  renamed:    lib/http_negotiate.c -> lib/curl_http_negotiate.c
  renamed:    lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c
  renamed:    lib/http_proxy.c -> lib/curl_http_proxy.c
  renamed:    lib/idn_win32.c -> lib/curl_idn_win32.c
  renamed:    lib/if2ip.c -> lib/curl_if2ip.c
  renamed:    lib/imap.c -> lib/curl_imap.c
  renamed:    lib/inet_ntop.c -> lib/curl_inet_ntop.c
  renamed:    lib/inet_pton.c -> lib/curl_inet_pton.c
  renamed:    lib/krb4.c -> lib/curl_krb4.c
  renamed:    lib/krb5.c -> lib/curl_krb5.c
  renamed:    lib/ldap.c -> lib/curl_ldap.c
  renamed:    lib/llist.c -> lib/curl_llist.c
  renamed:    lib/md4.c -> lib/curl_md4.c
  renamed:    lib/md5.c -> lib/curl_md5.c
  renamed:    lib/memdebug.c -> lib/curl_memdebug.c
  renamed:    lib/mprintf.c -> lib/curl_mprintf.c
  renamed:    lib/multi.c -> lib/curl_multi.c
  renamed:    lib/netrc.c -> lib/curl_netrc.c
  renamed:    lib/non-ascii.c -> lib/curl_non_ascii.c
  renamed:    lib/curl_non-ascii.h -> lib/curl_non_ascii.h
  renamed:    lib/nonblock.c -> lib/curl_nonblock.c
  renamed:    lib/nss.c -> lib/curl_nss.c
  renamed:    lib/nwlib.c -> lib/curl_nwlib.c
  renamed:    lib/nwos.c -> lib/curl_nwos.c
  renamed:    lib/openldap.c -> lib/curl_openldap.c
  renamed:    lib/parsedate.c -> lib/curl_parsedate.c
  renamed:    lib/pingpong.c -> lib/curl_pingpong.c
  renamed:    lib/polarssl.c -> lib/curl_polarssl.c
  renamed:    lib/pop3.c -> lib/curl_pop3.c
  renamed:    lib/progress.c -> lib/curl_progress.c
  renamed:    lib/qssl.c -> lib/curl_qssl.c
  renamed:    lib/rawstr.c -> lib/curl_rawstr.c
  renamed:    lib/rtsp.c -> lib/curl_rtsp.c
  renamed:    lib/security.c -> lib/curl_security.c
  renamed:    lib/select.c -> lib/curl_select.c
  renamed:    lib/sendf.c -> lib/curl_sendf.c
  renamed:    lib/share.c -> lib/curl_share.c
  renamed:    lib/slist.c -> lib/curl_slist.c
  renamed:    lib/smtp.c -> lib/curl_smtp.c
  renamed:    lib/socks.c -> lib/curl_socks.c
  renamed:    lib/socks_gssapi.c -> lib/curl_socks_gssapi.c
  renamed:    lib/socks_sspi.c -> lib/curl_socks_sspi.c
  renamed:    lib/speedcheck.c -> lib/curl_speedcheck.c
  renamed:    lib/splay.c -> lib/curl_splay.c
  renamed:    lib/ssh.c -> lib/curl_ssh.c
  renamed:    lib/sslgen.c -> lib/curl_sslgen.c
  renamed:    lib/ssluse.c -> lib/curl_ssluse.c
  renamed:    lib/strdup.c -> lib/curl_strdup.c
  renamed:    lib/strequal.c -> lib/curl_strequal.c
  renamed:    lib/strerror.c -> lib/curl_strerror.c
  renamed:    lib/strtok.c -> lib/curl_strtok.c
  renamed:    lib/strtoofft.c -> lib/curl_strtoofft.c
  renamed:    lib/telnet.c -> lib/curl_telnet.c
  renamed:    lib/tftp.c -> lib/curl_tftp.c
  renamed:    lib/timeval.c -> lib/curl_timeval.c
  renamed:    lib/transfer.c -> lib/curl_transfer.c
  renamed:    lib/url.c -> lib/curl_url.c
  renamed:    lib/version.c -> lib/curl_version.c
  renamed:    lib/warnless.c -> lib/curl_warnless.c
  renamed:    lib/wildcard.c -> lib/curl_wildcard.c

----------------------------------------
2013-01-03 06:13:18 +01:00
Yang Tse
13606bbfde build: make use of 93 lib/*.c renamed files
93 *.c source files renamed to use our standard naming scheme.

This change affects 77 files in libcurl's source tree.
2013-01-03 05:50:26 +01:00
Yang Tse
c087374c64 curl_setup.h: remove redundant include guard 2013-01-02 22:27:36 +01:00
Yang Tse
dfe4769157 build and tests: curl_10char_object_name() shell function
lib/objnames.inc provides definition of curl_10char_object_name() shell
function. The intended purpose of this function is to transliterate a
(*.c) source file name that may be longer than 10 characters, or not,
into a string with at most 10 characters which may be used as an OS/400
object name.

Test case 1221 does unit testng of this function and also verifies
that it is possible to generate distinct short object names for all
curl and libcurl *.c source file names.

lib/objnames-test.sh is the shell script used for test case 1221.

tests/runtests.pl modified to accept shell script test cases.

More details inside lib/objnames.inc and lib/objnames-test.sh
2013-01-02 20:15:50 +01:00
Steve Holme
d86503ea82 imap.c: Minor follow up tidy up 2012-12-30 12:46:45 +00:00
Steve Holme
bd8ae68006 imap: Code tidy up prior to adding support for the CAPABILITY command
* Changing the order of the state machine to represent the order in
  which commands are sent to the server.

* Reworking the imap_endofresp() function as the FETCH response doesn't
  include the command id and shouldn't be part of the length comparison
  that takes into account the id string.
2012-12-30 12:44:09 +00:00
Steve Holme
c02449ca53 pop3_doing: Applied debug info message when function fails
Applied the same debug message as used in smtp_doing() and imap_doing()
when pop3_multi_statemach() fails.
2012-12-29 23:26:17 +00:00
Steve Holme
1576548428 imap_doing: don't call imap_dophase_done() if already failed
Applied the POP3 fix from commit 2897ce7dc2 so imap_dophase_done()
isn't called if imap_multi_statemach() fails.
2012-12-29 23:15:05 +00:00
Steve Holme
36837c10b2 smtp_doing: don't call smtp_dophase_done() if already failed
Applied the POP3 fix from commit 2897ce7dc2 so smtp_dophase_done()
isn't called if smtp_multi_statemach() fails.
2012-12-29 23:06:25 +00:00
Steve Holme
2424b7ab1b pop3.c: Removed unnecessary POP3_STOP state changes
Removed unnecessary state changes in pop3_state_starttls_resp()
following previous fix in IMAP module.
2012-12-29 19:39:06 +00:00
Steve Holme
c43af566fa smtp.c: Added extra comments around SMTP_STOP state change
Provided extra comments in the SMTP module following previous IMAP fix.
2012-12-29 19:28:32 +00:00
Steve Holme
488245f99c imap.c: Fixed bad state error when logging in with invalid credentials
Fixed a problem with the state machine when attempting to log in with
invalid credentials. The server would report login failure but libcurl
would not read the response due to inappropriate IMAP_STOP states being
set after the login was sent.
2012-12-29 19:23:10 +00:00
Yang Tse
27f90c0962 imap.c: remove trailing whitespace 2012-12-29 00:59:11 +01:00
Steve Holme
ffa62e5bab imap.c: Code tidy up - Part 2 2012-12-28 21:41:28 +00:00
Steve Holme
2255ac52f7 imap.c: Code tidy up - Part 1
Applied some of the comment and layout changes that had already been
applied to the pop3 and smtp code over the last 6 to 9 months.

This is in preparation of adding SASL based authentication.
2012-12-28 21:24:36 +00:00
Steve Holme
b3204e6d60 pop3.c: Minor code tidy up
Minor tidy up of comments and layout prior to next part of imap work.
2012-12-28 20:30:04 +00:00
Steve Holme
f6f6f278e2 smtp: Minor code tidy up
Minor tidy up of comments and layout prior to next part of imap work.
2012-12-28 20:22:33 +00:00
Steve Holme
167717b806 curl_imap.h: Tidy up of comments to be more readable 2012-12-28 19:59:14 +00:00
Steve Holme
8177bc262f imap.c: Code tidy up renaming imapsendf() to imap_sendf()
Renamed imapsendf() to imap_sendf() to be more in keeping with the
other imap functions as well as Curl_pp_sendf() that it replaces.
2012-12-28 19:48:00 +00:00
Yang Tse
ffd8e127e7 build: rename 76 lib/*.h files
76 private header files renamed to use our standard naming scheme.

This commit only does the file renaming.

----------------------------------------

  renamed:    amigaos.h -> curl_amigaos.h
  renamed:    arpa_telnet.h -> curl_arpa_telnet.h
  renamed:    asyn.h -> curl_asyn.h
  renamed:    axtls.h -> curl_axtls.h
  renamed:    bundles.h -> curl_bundles.h
  renamed:    conncache.h -> curl_conncache.h
  renamed:    connect.h -> curl_connect.h
  renamed:    content_encoding.h -> curl_content_encoding.h
  renamed:    cookie.h -> curl_cookie.h
  renamed:    cyassl.h -> curl_cyassl.h
  renamed:    dict.h -> curl_dict.h
  renamed:    easyif.h -> curl_easyif.h
  renamed:    escape.h -> curl_escape.h
  renamed:    file.h -> curl_file.h
  renamed:    fileinfo.h -> curl_fileinfo.h
  renamed:    formdata.h -> curl_formdata.h
  renamed:    ftp.h -> curl_ftp.h
  renamed:    ftplistparser.h -> curl_ftplistparser.h
  renamed:    getinfo.h -> curl_getinfo.h
  renamed:    gopher.h -> curl_gopher.h
  renamed:    gtls.h -> curl_gtls.h
  renamed:    hash.h -> curl_hash.h
  renamed:    hostcheck.h -> curl_hostcheck.h
  renamed:    hostip.h -> curl_hostip.h
  renamed:    http.h -> curl_http.h
  renamed:    http_chunks.h -> curl_http_chunks.h
  renamed:    http_digest.h -> curl_http_digest.h
  renamed:    http_negotiate.h -> curl_http_negotiate.h
  renamed:    http_proxy.h -> curl_http_proxy.h
  renamed:    if2ip.h -> curl_if2ip.h
  renamed:    imap.h -> curl_imap.h
  renamed:    inet_ntop.h -> curl_inet_ntop.h
  renamed:    inet_pton.h -> curl_inet_pton.h
  renamed:    krb4.h -> curl_krb4.h
  renamed:    llist.h -> curl_llist.h
  renamed:    memdebug.h -> curl_memdebug.h
  renamed:    multiif.h -> curl_multiif.h
  renamed:    netrc.h -> curl_netrc.h
  renamed:    non-ascii.h -> curl_non-ascii.h
  renamed:    nonblock.h -> curl_nonblock.h
  renamed:    nssg.h -> curl_nssg.h
  renamed:    parsedate.h -> curl_parsedate.h
  renamed:    pingpong.h -> curl_pingpong.h
  renamed:    polarssl.h -> curl_polarssl.h
  renamed:    pop3.h -> curl_pop3.h
  renamed:    progress.h -> curl_progress.h
  renamed:    qssl.h -> curl_qssl.h
  renamed:    rawstr.h -> curl_rawstr.h
  renamed:    rtsp.h -> curl_rtsp.h
  renamed:    select.h -> curl_select.h
  renamed:    sendf.h -> curl_sendf.h
  renamed:    setup.h -> curl_setup.h
  renamed:    setup_once.h -> curl_setup_once.h
  renamed:    share.h -> curl_share.h
  renamed:    slist.h -> curl_slist.h
  renamed:    smtp.h -> curl_smtp.h
  renamed:    sockaddr.h -> curl_sockaddr.h
  renamed:    socks.h -> curl_socks.h
  renamed:    speedcheck.h -> curl_speedcheck.h
  renamed:    splay.h -> curl_splay.h
  renamed:    ssh.h -> curl_ssh.h
  renamed:    sslgen.h -> curl_sslgen.h
  renamed:    ssluse.h -> curl_ssluse.h
  renamed:    strdup.h -> curl_strdup.h
  renamed:    strequal.h -> curl_strequal.h
  renamed:    strerror.h -> curl_strerror.h
  renamed:    strtok.h -> curl_strtok.h
  renamed:    strtoofft.h -> curl_strtoofft.h
  renamed:    telnet.h -> curl_telnet.h
  renamed:    tftp.h -> curl_tftp.h
  renamed:    timeval.h -> curl_timeval.h
  renamed:    transfer.h -> curl_transfer.h
  renamed:    url.h -> curl_url.h
  renamed:    urldata.h -> curl_urldata.h
  renamed:    warnless.h -> curl_warnless.h
  renamed:    wildcard.h -> curl_wildcard.h

----------------------------------------
2012-12-28 20:21:56 +01:00
Yang Tse
f871de0064 build: make use of 76 lib/*.h renamed files
76 private header files renamed to use our standard naming scheme.

This change affects 322 files in libcurl's source tree.
2012-12-28 19:37:11 +01:00
Yang Tse
ec691ca34b lib/*.h: use our standard naming scheme for header inclusion guards 2012-12-28 18:21:40 +01:00
Steve Holme
709b3506cd imsp.c: Fixed usernames and passwords that contain escape characters
Fixed a problem with sending usernames and passwords that contain
backslash, quotation mark and space characters.
2012-12-28 14:49:30 +00:00
Nick Zitzmann
e3ed2b82e6 darwinssl: Fixed inability to disable peer verification
... on Snow Leopard and Lion

Snow Leopard introduced the SSLSetSessionOption() function, but it
doesn't disable peer verification as expected on Snow Leopard or
Lion (it works as expected in Mountain Lion). So we now use sysctl()
to detect whether or not the user is using Snow Leopard or Lion,
and if that's the case, then we now use the deprecated
SSLSetEnableCertVerify() function instead to disable peer verification.
2012-12-27 19:09:25 +01:00
Yang Tse
219fe7b29c curl_multi_remove_handle: commit 0aabfd9963 follow-up 2012-12-26 06:01:54 +01:00
Yang Tse
0aabfd9963 curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVE 2012-12-25 13:34:45 +01:00
Yang Tse
14b77db1b9 Curl_hash_clean: OOM handling fix 2012-12-25 13:34:44 +01:00
Daniel Stenberg
1649e680f6 Curl_conncache_foreach: allow callback to break loop
... and have it take a proper 'struct connectdata *' as first argument
2012-12-24 23:51:02 +01:00
Daniel Stenberg
2897ce7dc2 pop3_doing: don't call pop3_dophase_done() if already failed
... it also clobbered the 'result' return value so that it wouldn't
return the error back to the parent function properly, which broke test
809 when run with 'multi-always'.
2012-12-24 23:43:42 +01:00
Yang Tse
7a09907146 curl_multi_wait: OOM handling fix 2012-12-23 21:50:39 +01:00
Daniel Stenberg
a1fc9b80c8 curl_multi_wait: avoid an unnecessary memory allocation 2012-12-23 21:50:14 +01:00
Yang Tse
b3d91a147f multi.c: OOM handling fix 2012-12-21 19:48:07 +01:00
Daniel Stenberg
c30c557e4d SCP: relative path didn't work
When prefixing a path with /~/ it is supposed to be used relative to the
user's home directory but it didn't work. Now we cut off the entire
three byte sequenct "/~/" which seems to be how OpenSSH does it.

Bug: http://curl.haxx.se/bug/view.cgi?id=1173
Reported by: Balaji Parasuram
2012-12-21 14:41:54 +01:00
Yang Tse
eafccdb315 bundles connection caching: some out of memory handling fixes 2012-12-19 19:53:17 +01:00
Yang Tse
7d49d774fd VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c) 2012-12-18 13:29:45 +01:00
Yang Tse
b8dde1cf19 setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions.
Also reverts commit f254c59dc7
2012-12-17 02:07:10 +01:00
Yang Tse
f6af9d9886 warnless.c: fix compiler warnings 2012-12-15 20:31:42 +01:00
Nick Zitzmann
bbb4bbc0f1 darwinssl: Fix implicit conversion compiler warnings
The Clang compiler found a few implicit conversion problems that have
now been fixed.
2012-12-14 23:33:10 +01:00
Yang Tse
0e8e340cba setup_once.h: HP-UX <sys/socket.h> issue workaround
Issue: When building a 32bit target with large file support HP-UX
<sys/socket.h> header file may simultaneously provide two different
sets of declarations for sendfile and sendpath functions, one with
static and another with external linkage. Given that we do not use
mentioned functions we really don't care which linkage is the
appropriate one, but on the other hand, the double declaration emmits
warnings when using the HP-UX compiler and errors when using modern
gcc versions resulting in fatal compilation errors.

Mentioned issue is now fixed as long as we don't use sendfile nor
sendpath functions.
2012-12-14 19:39:22 +01:00
Yang Tse
a0b207164c setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>
Inclusion of top two most included header files now done in setup_once.h
2012-12-14 17:38:18 +01:00
Yang Tse
f254c59dc7 setup_once.h: HP-UX specific TRUE and FALSE definitions
Some HP-UX system headers require TRUE defined to 1 and FALSE to 0.
2012-12-12 16:14:24 +01:00
Daniel Stenberg
568befb6aa gopher: #include cleanup
Remove all system file includes from this file as they're not needed

Reported by: Dan Fandrich
2012-12-12 11:08:01 +01:00
Yang Tse
aee540b831 build: add bundles and conncache files to other build systems 2012-12-10 17:32:35 +01:00
Yang Tse
4710d3d969 conncache: fix enumerated type mixed with another type 2012-12-10 17:04:13 +01:00
Linus Nielsen Feltzing
d021f2e8a0 Introducing a new persistent connection caching system using "bundles".
A bundle is a list of all persistent connections to the same host.
The connection cache consists of a hash of bundles, with the
hostname as the key.
The benefits may not be obvious, but they are two:

1) Faster search for connections to reuse, since the hash
   lookup only finds connections to the host in question.
2) It lays out the groundworks for an upcoming patch,
   which will introduce multiple HTTP pipelines.

This patch also removes the awkward list of "closure handles",
which were needed to send QUIT commands to the FTP server
when closing a connection.
Now we allocate a separate closure handle and use that
one to close all connections.

This has been tested in a live system for a few weeks, and of
course passes the test suite.
2012-12-07 10:08:33 +01:00
Stanislav Ivochkin
8b15c84ea9 build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flag 2012-12-05 22:32:49 +04:00
Yang Tse
b908376bef build: explain current role of LIBS in our Makefile.am files
BLANK_AT_MAKETIME may be used in our Makefile.am files to blank
LIBS variable used in generated makefile at makefile processing
time. Doing this functionally prevents LIBS from being used for
all link targets in given makefile.
2012-12-04 23:32:05 +01:00
Daniel Stenberg
8b02afd9a9 multi: fix re-sending request on early connection close
This handling already works with the easy-interface code. When a request
is sent on a re-used connection that gets closed by the server at the
same time as the request is sent, the situation may occur so that we can
send the request and we discover the broken connection as a RECV_ERROR
in the PERFORM state and then the request needs to be retried on a fresh
connection. Test 64 broke with 'multi-always-internally'.
2012-12-04 22:14:23 +01:00
Yang Tse
068f7ae264 build: prevent global LIBS from influencing src and lib build targets
Currently, LIBS is already used through other macros.
2012-12-03 22:41:18 +01:00
Kamil Dudka
68d2830ee9 nss: prevent NSS from crashing on client auth hook failure
Although it is not explicitly stated in the documentation, NSS uses
*pRetCert and *pRetKey even if the client authentication hook returns
a failure.  Namely, if we destroy *pRetCert without clearing *pRetCert
afterwards, NSS destroys the certificate once again, which causes a
double free.

Reported by: Bob Relyea
2012-12-03 13:34:36 +01:00
Yang Tse
79954a1b07 avoid mixing of enumerated type with another type 2012-11-26 16:23:48 +01:00
Yang Tse
b33074d893 multi.c: disambiguate precedence of bitwise and relational operation 2012-11-26 16:23:47 +01:00
Fabian Keil
0683adbf50 Remove stray CRLF in chunk-encoded content-free request bodies
.. that are sent when auth-negotiating before a chunked
upload or when setting the 'Transfer-Encoding: chunked'
header and intentionally sending no content.

Adjust test565 and test1333 accordingly.
2012-11-26 15:28:53 +01:00
Daniel Stenberg
67f053b672 VC Makefiles: add missing hostcheck
the newly introduced hostcheck.h/c is missing in the Visual Studio
Makefiles as obj file.

Bug: http://curl.haxx.se/mail/lib-2012-11/0176.html
2012-11-21 16:18:57 +01:00
Daniel Stenberg
cfb67752fe compiler warning fixes
The conversions from ssize_t to int need to be typecasted.
2012-11-20 20:57:18 +01:00
Daniel Stenberg
409f2a041f fixed memory leak: CURLOPT_RESOLVE with multi interface
DNS cache entries populated with CURLOPT_RESOLVE were not properly freed
again when done using the multi interface.

Test case 1502 added to verify.

Bug: http://curl.haxx.se/bug/view.cgi?id=3575448
Reported by: Alex Gruz
2012-11-18 16:39:31 +01:00
Daniel Stenberg
ee588fe088 mem-include-scan: verify memory #includes
If we use memory functions (malloc, free, strdup etc) in C sources in
libcurl and we fail to include curl_memory.h or memdebug.h we either
fail to properly support user-provided memory callbacks or the memory
leak system of the test suite fails.

After Ajit's report of a failure in the first category in http_proxy.c,
I spotted a few in the second category as well. These problems are now
tested for by test 1132 which runs a perl program that scans for and
attempts to check that we use the correct include files if a memory
related function is used in the source code.

Reported by: Ajit Dhumale
Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html
2012-11-17 13:56:38 +01:00
Daniel Stenberg
db4215f14a tftp_rx: code style cleanup
Fixed checksrc warnings
2012-11-16 22:00:17 +01:00
Christian Vogt
0ac827848d tftp_rx: handle resends
Re-send ACK for block X in case we receive block X data again while
waiting for block X+1.

Based on an earlier patch by Marcin Adamski.
2012-11-16 15:30:52 +01:00
Cristian Rodríguez
fa1ae0abcd OpenSSL: Disable SSL/TLS compression
It either causes increased memory usage or exposes users
to the "CRIME attack" (CVE-2012-4929)
2012-11-13 23:01:28 +01:00
Sebastian Rasmussen
38ed72cd37 FILE: Make upload-writes unbuffered by not using FILE streams 2012-11-13 22:02:18 +01:00
Anton Malov
076e1fa348 ftp: EPSV-disable fix over SOCKS
Bug: http://curl.haxx.se/bug/view.cgi?id=3586338
2012-11-12 23:00:27 +01:00
Gabriel Sjoberg
e237402c47 Digst: Add microseconds into nounce calculation
When using only 1 second precision, curl doesn't create new cnonce
values quickly enough for all uses.

For example, issuing the following command multiple times to a recent
Tomcat causes authentication failures:

curl --digest -utest:test http://tomcat.test.com:8080/manager/list

This is because curl uses the same cnonce for several seconds, but
doesn't increment the nonce counter.  Tomcat correctly interprets
this as a replay attack and rejects the request.

When microsecond-precision is available, this commit causes curl to
change cnonce values much more frequently.

With microsecond resolution, increasing the nounce length used in the
headers to 32 was made to further reduce the risk of duplication.
2012-11-12 11:46:27 +01:00
Daniel Stenberg
1c23d2b392 SCP/SFTP: improve error code used for send failures
Instead of relying on the generic CURLE error for SCP or SFTP send
failures, try passing back a more suitable error if possible.
2012-11-12 10:04:44 +01:00
Daniel Stenberg
7ecd874bce Curl_write: remove unneeded typecast 2012-11-12 10:04:31 +01:00
Daniel Stenberg
0af1a9d270 hostcheck: only build for the actual users
and make local function static
2012-11-08 22:37:53 +01:00
Oscar Koeroo
1394cad30f SSL: Several SSL-backend related fixes
axTLS:

This will make the axTLS backend perform the RFC2818 checks, honoring
the VERIFYHOST setting similar to the OpenSSL backend.

Generic for OpenSSL and axTLS:

Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c
files to make them genericly available for both the OpenSSL, axTLS and
other SSL backends. They are now in the new lib/hostcheck.c file.

CyaSSL:

CyaSSL now also has the RFC2818 checks enabled by default. There is a
limitation that the verifyhost can not be enabled exclusively on the
Subject CN field comparison. This SSL backend will thus behave like the
NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words:
setting verifyhost to 0 or 1 will disable the Subject Alt Names checks
too.

Schannel:

Updated the schannel information messages: Split the IP address usage
message from the verifyhost setting and changed the message about
disabling SNI (Server Name Indication, used in HTTP virtual hosting)
into a message stating that the Subject Alternative Names checks are
being disabled when verifyhost is set to 0 or 1. As a side effect of
switching off the RFC2818 related servername checks with
SCH_CRED_NO_SERVERNAME_CHECK
(http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature
is being disabled. This effect is not documented in MSDN, but Wireshark
output clearly shows the effect (details on the libcurl maillist).

PolarSSL:

Fix the prototype change in PolarSSL of ssl_set_session() and the move
of the peer_cert from the ssl_context to the ssl_session. Found this
change in the PolarSSL SVN between r1316 and r1317 where the
POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu
PolarSSL version 1.1.4 the check is to discriminate between lower then
PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN
trunk jumped from version 1.1.1 to 1.2.0.

Generic:

All the SSL backends are fixed and checked to work with the
ssl.verifyhost as a boolean, which is an internal API change.
2012-11-08 22:23:12 +01:00
Daniel Stenberg
18c0e9bd71 libcurl: VERSIONINFO update
Since we added the curl_multi_wait function, the VERSIONINFO needed
updating.

Reported by: Patrick Monnerat
2012-11-08 20:26:19 +01:00
Guenter Knauf
c70c1a22d2 Added .def file to output.
Requested by Johnny Luong on the libcurl list.
2012-11-08 18:50:48 +01:00
Daniel Stenberg
7840c4c70c Curl_readwrite: remove debug output
The text "additional stuff not fine" text was added for debug purposes a
while ago, but it isn't really helping anyone and for some reason some
Linux distributions provide their libcurls built with debug info still
present and thus (far too many) users get to read this info.
2012-11-08 10:47:11 +01:00
Daniel Stenberg
487538e87a http_perhapsrewind: consider NTLM over proxy too
The logic previously checked for a started NTLM negotiation only for
host and not also with proxy, leading to problems doing POSTs over a
proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the
check.

Bug: http://curl.haxx.se/bug/view.cgi?id=3582321
Reported by: John Suprock
2012-11-07 23:08:29 +01:00
Lars Buitinck
e1fa945e7e Curl_connecthost: friendlier "couldn't connect" message 2012-11-07 22:55:33 +01:00
Daniel Stenberg
473003fbdf URL parser: cut off '#' fragments from URLs (better)
The existing logic only cut off the fragment from the separate 'path'
buffer which is used when sending HTTP to hosts. The buffer that held
the full URL used for proxies were not dealt with. It is now.

Test case 5 was updated to use a fragment on a URL over a proxy.

Bug: http://curl.haxx.se/bug/view.cgi?id=3579813
2012-11-06 23:17:57 +01:00
Daniel Stenberg
3f20303702 OpenSSL/servercert: use correct buffer size, not size of pointer
Bug: http://curl.haxx.se/bug/view.cgi?id=3579286
2012-11-06 22:55:22 +01:00
Daniel Stenberg
13ce9031cc Curl_pretransfer: clear out unwanted auth methods
As a handle can be re-used after having done HTTP auth in a previous
request, it must make sure to clear out the HTTP types that aren't
wanted in this new request.
2012-11-06 22:23:56 +01:00
Daniel Stenberg
8e329bb759 Revert "Zero out auth structs before transfer"
This reverts commit ce8311c7e4.

The commit made test 2024 work but caused a regression with repeated
Digest authentication. We need to fix this differently.
2012-11-06 22:23:56 +01:00
Daniel Stenberg
da82f59b69 CURLOPT_SSL_VERIFYHOST: stop supporting the 1 value
After a research team wrote a document[1] that found several live source
codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST
option thinking it was a boolean, this change now bans 1 as a value and
will make libcurl return error for it.

1 was never a sensible value to use in production but was introduced
back in the days to help debugging. It was always documented clearly
this way.

1 was never supported by all SSL backends in libcurl, so this cleanup
makes the treatment of it unified.

The report's list of mistakes for this option were all PHP code and
while there's a binding layer between libcurl and PHP, the PHP team has
decided that they have an as thin layer as possible on top of libcurl so
they will not alter or specifically filter a 'TRUE' value for this
particular option. I sympathize with that position.

[1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-11-06 19:46:53 +01:00
Daniel Stenberg
ab1f80200a gnutls: fix compiler warnings 2012-11-06 19:46:17 +01:00
Alessandro Ghedini
41eec4efa2 gnutls: print alerts during handshake 2012-11-06 19:42:38 +01:00
Alessandro Ghedini
2045d83dd3 gnutls: fix the error_is_fatal logic 2012-11-06 19:42:37 +01:00
Dave Reisner
550e403f00 uniformly use AM_CPPFLAGS, avoid deprecated INCLUDES
Since automake 1.12.4, the warnings are issued on running automake:

  warning: 'INCLUDES' is the old name for 'AM_CPPFLAGS' (or '*_CPPFLAGS')

Avoid INCLUDES and roll these flags into AM_CPPFLAGS.

Compile tested on:
  Ubuntu 10.04 (automake 1:1.11.1-1)
  Ubuntu 12.04 (automake 1:1.11.3-1ubuntu2)
  Arch Linux (automake 1.12.4)
2012-11-06 00:32:21 +01:00
Daniel Stenberg
09a491378a ftp_readresp: fix build without krb4 support
Oops, my previous commit broke builds with krb support.
2012-11-05 13:01:48 +01:00
Daniel Stenberg
b2954e66e8 FTP: prevent the multi interface from blocking
As pointed out in Bug report #3579064, curl_multi_perform() would
wrongly use a blocking mechanism internally for some commands which
could lead to for example a very long block if the LIST response never
showed.

The solution was to make sure to properly continue to use the multi
interface non-blocking state machine.

The new test 1501 verifies the fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3579064
Reported by: Guido Berhoerster
2012-11-04 19:05:39 +01:00
Daniel Stenberg
74fe1b95fb tlsauthtype: deal with the string case insensitively
When given a string as 'srp' it didn't work, but required 'SRP'.
Starting now, the check disregards casing.

Bug: http://curl.haxx.se/bug/view.cgi?id=3578418
Reported by: Jeff Connelly
2012-10-23 23:12:58 +02:00
Daniel Stenberg
d1c769877a asyn-ares: restore working with c-ares < 1.6.1
Back in those days the public ares.h header didn't include the
ares_version.h header so it needs to be included here.

Bug: http://curl.haxx.se/bug/view.cgi?id=3577710
2012-10-23 23:06:38 +02:00
Nick Zitzmann
94891ff296 metalink/md5: Use CommonCrypto on Apple operating systems
Previously the Metalink code used Apple's CommonCrypto library only if
curl was built using the --with-darwinssl option. Now we use CommonCrypto
on all Apple operating systems including Tiger or later, or iOS 5 or
later, so you don't need to build --with-darwinssl anymore. Also rolled
out this change to libcurl's md5 code.
2012-10-22 23:32:59 +02:00
Nick Zitzmann
f1d2e18508 darwinssl: un-broke iOS build, fix error on server disconnect
The iOS build was broken by a reference to a function that only existed
under OS X; fixed. Also fixed a hard-to-reproduce problem where, if the
server disconnected before libcurl got the chance to hang up first and
SecureTransport was in use, then we'd raise an error instead of failing
gracefully.
2012-10-16 19:55:03 +02:00
Alessandro Ghedini
1a02e84589 gnutls: put reset code into else block
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690551
2012-10-16 00:18:44 +02:00
Daniel Stenberg
8373ca3641 curl_multi_wait: no wait if no descriptors to wait for
This is a minor change in behavior after having been pointed out by Mark
Tully and discussed on the list. Initially this case would internally
call poll() with no sockets and a timeout which would equal a sleep for
that specified time.

Bug: http://curl.haxx.se/mail/lib-2012-10/0076.html
Reported by: Mark Tully
2012-10-09 22:19:49 +02:00
Marc Hoersken
9547be37c2 ssluse.c: md5.h is required for Curl_ossl_md5sum 2012-10-08 18:48:54 +02:00
Marc Hoersken
a5b6f91e8d curl_schannel.c: Fixed caching more data than required
Do not fill the decrypted data buffer with more data unless
required in order to return the requested amount of data.
2012-10-06 15:47:14 +02:00
Marc Hoersken
fbf3560886 curl_schannel: Removed buffer limit and optimized buffer strategy
Since there are servers that seem to return very big encrypted
data packages, we need to be able to handle those without having
an internal size limit. To avoid the buffer growing to fast to
early the initial size was decreased and the minimum free space
in the buffer was decreased as well.
2012-10-06 13:59:28 +02:00
Marc Hoersken
07593b2422 lib/socks.c: Merged two size variables into one 2012-10-04 21:27:46 +02:00
Marc Hoersken
cd423348d9 lib/socks.c: Avoid type conversions where possible
Streamlined variable names and types to avoid type conversions that
may result in data being lost on non 32-bit systems.
2012-10-04 20:17:49 +02:00
Marc Hoersken
90821c6202 lib/curl_schannel.c: Hide size_t conversion warning 2012-10-04 19:55:17 +02:00
Marc Hoersken
dee2ef8083 krb5/curl_rtmp.c: Hide size_t to int type conversion warning 2012-10-04 19:17:00 +02:00
Marc Hoersken
50a7d32af0 security.c: Aligned internal type to return type
Use ssize_t instead of int to avoid conversion problems on 64-bit
systems. Also added curlx_sztosi where necessary.
2012-10-04 19:16:59 +02:00
Marc Hoersken
a5c6ecba8d lib/curl_schannel: Increased maximum buffer size to factor 128 2012-10-03 18:15:41 +02:00
Daniel Stenberg
971f5bcedd multi_runsingle: CURLOPT_LOW_SPEED_* fix for rate limitation
During the periods of rate limitation, the speedcheck function wasn't
called and thus the values weren't updated accordingly and it would then
easily trigger wrongly once data got transferred again.

Also, the progress callback's return code was not acknowledged in this
state so it could make an "abort" return code to get ignored and not
have the documented effect of aborting an ongoing transfer.

Bug: http://curl.haxx.se/mail/lib-2012-09/0081.html
Reported by: Jie He
2012-10-02 00:16:20 +02:00
Daniel Stenberg
628c4e7af1 Curl_reconnect_request: clear pointer on failure
The Curl_reconnect_request() function could end up returning a pointer
to a free()d struct when Curl_done() failed inside. Clearing the pointer
unconditionally after Curl_done() avoids this risk.

Reported by: Ho-chi Chen
Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
2012-09-28 13:57:41 +02:00
Marc Hoersken
0c8ccf7207 Makefile.vc6: Added missing default library advapi32.lib 2012-09-23 10:18:47 +02:00
Daniel Stenberg
39dff07a27 HTTP_ONLY: disable more protocols 2012-09-19 11:03:34 +02:00
Sergei Nikulov
889038f668 setup.h: fixed for MS VC10 build
Bug: http://curl.haxx.se/bug/view.cgi?id=3568327
2012-09-17 23:21:31 +02:00
Sara Golemon
b78944146a curl_multi_wait: Add parameter to return number of active sockets
Minor change to recently introduced function.  BC breaking, but since
curl_multi_wait() doesn't exist in any releases that should be fine.
2012-09-16 19:58:02 +02:00
Marc Hoersken
9b25b00fa3 socks.c: Fixed warning: conversion to 'int' from 'long unsigned int' 2012-09-14 16:01:19 +02:00
Marc Hoersken
ba41ecfa17 http_negotiate.c: Fxied warning: unused variable 'rc' 2012-09-14 15:50:24 +02:00
Marc Hoersken
1ab6c35363 ssh.c: Fixed warning: implicit conversion from enumeration type 2012-09-14 14:48:55 +02:00
Marc Hoersken
5162cb8ad6 socks.c: Check that IPv6 is enabled before using it's features 2012-09-14 08:12:07 +02:00
Marc Hoersken
8a2be299f4 checksrc: Fixed line length and comment indentation 2012-09-14 00:44:16 +02:00
Marc Hoersken
f73a27cadc socks.c: Updated error messages to handle hostname and IPv6 2012-09-14 00:14:46 +02:00
Marc Hoersken
f332f14102 socks.c: Added support for IPv6 connections through SOCKSv5 proxy 2012-09-14 00:14:38 +02:00
Daniel Stenberg
775cc1be66 parse_proxy: treat "socks://x" as a socks4 proxy
Selected socks proxy in Google's Chrome browser. Resulting in the
following environment variables:

NO_PROXY=localhost,127.0.0.0/8
ALL_PROXY=socks://localhost:1080/
all_proxy=socks://localhost:1080/
no_proxy=localhost,127.0.0.0/8

... and libcurl didn't treat 'socks://' as socks but instead picked HTTP
proxy.

Reported by: Scott Bailey

Bug: http://curl.haxx.se/bug/view.cgi?id=3566860
2012-09-13 22:57:38 +02:00
Kamil Dudka
f05e51362f ssh: do not crash if MD5 fingerprint is not provided by libssh2
The MD5 fingerprint cannot be computed when running in FIPS mode.
2012-09-12 16:49:10 +02:00
Kamil Dudka
ce515e993f ssh: move the fingerprint checking code to a separate fnc 2012-09-12 16:49:09 +02:00
Marc Hoersken
7f7e2ea72f wincrypt: Fixed cross-compilation issues caused by include name
For some reason WinCrypt.h is named wincrypt.h under MinGW.
2012-09-11 14:35:18 +02:00
Marc Hoersken
4d384a8714 md5.c: Added support for Microsoft Windows CryptoAPI 2012-09-11 14:12:41 +02:00
Marc Hoersken
e6ba048701 nss.c: Fixed warning: 'err' may be used uninitialized in this function 2012-09-11 09:49:23 +02:00
Marc Hoersken
160312d945 curl_schannel.c: Reference count the credential/session handle
Reference counting the credential handle should avoid that such a
handle is freed while it is still required for connection shutdown
2012-09-09 12:36:54 +02:00
Nick Zitzmann
badb81769a darwinssl: fixed for older Mac OS X versions
SSL didn't work on older cats if built on a newer cat with weak-linking
turned on to support the older cat
2012-09-08 22:35:14 +02:00
Daniel Stenberg
2e7d2c8f74 SOCKS: truly disable it if CURL_DISABLE_PROXY is defined
Bug: http://curl.haxx.se/bug/view.cgi?id=3561305

Patch by: Marcel Raad
2012-09-06 20:51:30 +02:00
Daniel Stenberg
3a0b64489f mk-ca-bundle: detect start of trust section better
Each certificate section of the input certdata.txt file has a trust
section following it with details.

This script failed to detect the start of the trust for at least one
cert[*], which made the script continue pass that section into the next
one where it found an 'untrusted' marker and as a result that certficate
was not included in the output.

[*] = "Hellenic Academic and Research Institutions RootCA 2011"

Bug: http://curl.haxx.se/mail/lib-2012-09/0019.html
2012-09-04 23:21:15 +02:00
Alessandro Ghedini
ee3551e45e gnutls: do not fail on non-fatal handshake errors
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=685402
2012-09-04 22:11:58 +02:00
František Kučera
0a0f3c63a6 SMTP: only send SIZE if supported
SMTP client will send SIZE parameter in MAIL FROM command only if server
supports it. Without this patch server might say "504 Command parameter
not implemented" and reject the message.

Bug: http://curl.haxx.se/bug/view.cgi?id=3564114
2012-09-04 16:54:41 +02:00
Sara Golemon
de24d7bd4c multi: add curl_multi_wait()
/*
 * Name:     curl_multi_wait()
 *
 * Desc:     Poll on all fds within a CURLM set as well as any
 *           additional fds passed to the function.
 *
 * Returns:  CURLMcode type, general multi error code.
 */
CURL_EXTERN CURLMcode curl_multi_wait(CURLM *multi_handle,
                                      struct curl_waitfd extra_fds[],
                                      unsigned int extra_nfds,
                                      int timeout_ms);
2012-09-01 23:10:53 +02:00
Nick Zitzmann
2f6e1a8cc3 darwinssl: Bugfix for previous commit for older cats
I accidentally broke functionality for versions of OS X prior to Mountain
Lion in the previous commit. This commit fixes the problems.
2012-09-01 20:24:05 +02:00
Joe Mason
5ede86ae51 NTLM: re-use existing connection better
If we need an NTLM connection and one already exists, always choose that
one.
2012-08-31 22:54:23 +02:00
Nick Zitzmann
d792e75f2c darwinssl: add TLS 1.1 and 1.2 support, replace deprecated functions
In Mountain Lion, Apple added TLS 1.1 and 1.2, and deprecated a number
of SecureTransport functions, some of which we were using. We now check
to see if the replacement functions are present, and if so, we use them
instead.  The old functions are still present for users of older
cats. Also fixed a build warning that started to appear under Mountain
Lion
2012-08-18 20:36:45 +02:00
Gokhan Sengun
82b0aebef3 ftp: active conn, place calling sockopt callback at the end of function
Commit b91d29a28e170c16d65d956db79f2cd3a82372d2 introduces a bug and breaks Curl_closesocket function. sock_accepted flag for the second socket should be tagged as TRUE before the sockopt callback is called because in case the callback returns an error, Curl_closesocket function is going to call the - fclosesocket - callback for the accept()ed socket
2012-08-16 23:20:12 +02:00
Gokhan Sengun
23ef5e4ba2 ftp: active conn, allow application to set sockopt after accept() call
For active FTP connections, applications may need setting the sockopt after accept() call returns successful. This fix gives a call to the callback registered with CURL_SOCKOPTFUNCTION option. Also a new sock type - CURLSOCKTYPE_ACCEPT - is added. This type is to be passed to application callbacks with - purpose - parameter. Applications may use this parameter to distinguish between socket types.
2012-08-16 23:20:08 +02:00
Daniel Stenberg
99f0e45b61 ssh: use the libssh2 agent API conditionally
Commit e351972bc8 brought in the ssh agent support but some uses of
the libssh2 agent API was done unconditionally which wasn't good enough
since that API hasn't always been present.
2012-08-10 08:59:36 +02:00
Daniel Stenberg
7520f9f1c3 white space fix: shorten long line
... to please checksrc.pl
2012-08-10 08:59:36 +02:00
Kamil Dudka
f208bf5a2d docs: update the links to cipher-suites supported by NSS
... and make the list of cipher-suites in nss.c readable by humans.

Bug: http://curl.haxx.se/mail/archive-2012-08/0016.html
2012-08-09 16:24:53 +02:00
Kamil Dudka
52b6eda4f2 nss: do not print misleading NSS error codes 2012-08-09 13:33:49 +02:00
Armel Asselin
e351972bc8 SSH: added agent based authentication
CURLSSH_AUTH_AGENT is a new auth type for SSH
2012-08-08 23:03:10 +02:00
Daniel Stenberg
31f39120b7 curl_version: fixed Value stored to 'len' is never read
Fixed this (harmless) clang-analyzer warning. Also fixed the source
indentation level.
2012-08-08 14:58:09 +02:00
Daniel Stenberg
14afbf361a add_next_timeout: minor restructure of code
By reading the ->head pointer and using that instead of the ->size
number to figure out if there's a list remaining we avoid the (false
positive) clang-analyzer warning that we might dereference of a null
pointer.
2012-08-08 14:50:32 +02:00
Daniel Stenberg
bf6dc61967 verbose messages: fixed output of hostnames in re-used connections
I suspect this is a regression introduced in commit 207cf150, included
since 7.24.0.

Avoid showing '(nil)' as hostname in verbose output by making sure the
hostname fixup function is called early enough to set the pointers that
are used for this. The name data is set again for each request even for
re-used connections to handle multiple hostnames over the same
connection (like with proxy) or that the casing etc of the host name is
changed between requests (which has proven to be important at least once
in the past).

Test1011 was modified to use a redirect with a re-used a connection
since it then showed the bug and now lo longer does. There's currently
no easy way to have the test suite detect 'nil' texts in verbose ouputs
so no tests will detect if this problem gets reintroduced.

Bug: http://curl.haxx.se/mail/lib-2012-07/0111.html
Reported by: Gisle Vanem
2012-08-08 13:57:56 +02:00
Mike Crowe
15108d6308 Avoid leak of local device string when reusing connection
Ensure that the copy of the CURLOPT_INTERFACE string is freed if we
decide we can reuse an existing connection.
2012-08-07 23:35:35 +02:00
Daniel Stenberg
c771968ab6 Curl_socket_check: fix timeout return value for select users
This is the same fix applied for the conditional code that uses select()
that was already done for the poll specific code in commit
b61e8b81f5.
2012-08-07 23:30:05 +02:00
Maxime Larocque
b61e8b81f5 Curl_socket_check: fix return code for timeout
We found a problem with ftp transfer using libcurl (7.23 and 7.25)
inside an application which is receiving unix signals (SIGUSR1,
SIGUSR2...) almost continuously. (Linux 2.4, PowerPC, HAVE_POLL_FINE
defined).

Curl_socket_check() uses poll() to wait for the socket, and retries it
when a signal is received (EINTR). However, if a signal is received and
it also happens that the timeout has been reached, Curl_socket_check()
returns -1 instead of 0 (indicating an error instead of a timeout).

In our case, the result is an aborted connection even before the ftp
banner is received from the server, and a return value of
CURLE_OUT_OF_MEMORY from curl_easy_perform() (Curl_pp_multi_statemach(),
in pingpong.c, actually returns OOM if Curl_socket_check() fails :-)
Funny to debug on a system on which OOM is a possible cause).

Bug: http://curl.haxx.se/mail/lib-2012-07/0122.html
2012-08-07 23:24:13 +02:00
Daniel Stenberg
8bad5f2a61 WSAPoll: disabled on all windows builds
Due to WSAPoll bugs, libcurl does not work as intended. When the cURL
library is used to setup a connection to an incorrect port, normally the
result is CURLE_COULDNT_CONNECT, /* 7 */, but due to the bug in WSAPoll,
the result now is CURLE_OPERATION_TIMEDOUT, /* 28 - the timeout time was
reached */.

On August 1, Jan Koen Annot opened a case for this to Microsoft Premier
Online (https://premier.microsoft.com/).  The support engineer handling
the case wrote that the case description is quite clear.  He will try to
reproduce the issue and then proceed with troubleshooting it.

Reported by: Jan Koen Annot
Bug: http://curl.haxx.se/mail/lib-2012-07/0310.html
2012-08-07 20:47:31 +02:00
Daniel Stenberg
f0d611df9e retry request: only access the HTTP data if in fact HTTP
When figuring out if the data stream needs to be rewound when the
request is to be resent, we must not access the HTTP struct unless the
protocol used is indeed HTTP...

Bug: http://curl.haxx.se/bug/view.cgi?id=3544688
2012-08-07 14:55:19 +02:00
Daniel Stenberg
0b08491f83 VC build: add define for openssl
This fixes a build failure of lib/ssluse.c.

Bug: http://curl.haxx.se/bug/view.cgi?id=3552997
2012-08-07 13:57:13 +02:00
Daniel Stenberg
986c7949c0 gtls: fix build failure by including nettle-specific headers
Bug: http://curl.haxx.se/bug/view.cgi?id=3554668
Reported by: Anthony G. Basile
2012-08-06 15:04:25 +02:00
Joe Mason
50b87c4e68 Cleanup handshake after clean NTLM failure 2012-08-03 17:01:54 -04:00
Joe Mason
ce8311c7e4 Zero out auth structs before transfer 2012-08-03 17:01:02 -04:00
Kamil Dudka
1f8518c5d9 file: use fdopen() for uploaded files if available
It eliminates noisy events when using inotify and fixes a TOCTOU issue.

Bug: https://bugzilla.redhat.com/844385
2012-07-30 15:04:38 +02:00
Guenter Knauf
11a7ac0d6a Fixed compiler warning 'unused parameter'. 2012-07-27 03:54:58 +02:00
Guenter Knauf
b13106339e Added prototypes to kill compiler warning. 2012-07-27 03:27:51 +02:00
Guenter Knauf
33b815e894 Changed Windows IDN text to 'WinIDN'.
Synced the output to the same short form as we now use for
Windows SSL (WinSSL).
2012-07-26 02:49:39 +02:00
Nick Zitzmann
f92779198d darwinssl: fixed freeze involving the multi interface
Previously the curl_multi interface would freeze if darwinssl was
enabled and at least one of the handles tried to connect to a Web site
using HTTPS. Removed the "wouldblock" state darwinssl was using because
I figured out a solution for our "would block but in which direction?"
dilemma.
2012-07-25 23:22:11 +02:00
Guenter Knauf
9ac5cdfc2f Added support for tls-srp to MinGW builds. 2012-07-25 13:16:22 +02:00
Daniel Stenberg
c0f8340c7c keepalive: multiply value for OS-specific units
DragonFly uses milliseconds, while our API and Linux use full seconds.

Reported by: John Marino
Bug: http://curl.haxx.se/bug/view.cgi?id=3546257
2012-07-22 22:42:42 +02:00
Kamil Dudka
d317ca50ae http: print reason phrase from HTTP status line on error
Bug: https://bugzilla.redhat.com/676596
2012-07-22 02:12:43 +02:00
Anton Yabchinskiy
2c7cfd2926 Client's "qop" value should not be quoted (RFC2617, section 3.2.2). 2012-07-21 22:21:17 +02:00
Daniel Stenberg
9d11716933 multi_runsingle: added precaution against easy_conn NULL pointer
In many states the easy_conn pointer is referenced and just assumed to
be working. This is an added extra check since analyzing indicates
there's a risk we can end up in these states with a NULL pointer there.
2012-07-15 20:33:11 +02:00
Daniel Stenberg
9ca3137987 parse_proxy: remove dead assignment
Spotted by clang-analyzer
2012-07-13 14:28:12 +02:00
Daniel Stenberg
20ff8a0988 ftp_do_more: add missing check of return code
Spotted by clang-analyzer. The return code was never checked, just
stored.
2012-07-13 14:12:39 +02:00
Daniel Stenberg
771e91374b getinfo: use va_end and cut off Curl_ from static funcs
va_end() needs to be used after va_start() and we don't normally use
Curl_ prefixes for purely static functions.
2012-07-13 13:47:34 +02:00
Philip Craig
1a74e54e8b Split up Curl_getinfo
This avoids false positives from clang's scan-build.
2012-07-13 13:20:32 +02:00
Guenter Knauf
a39789c85c Minor fixes to MinGW makefiles. 2012-07-12 14:15:58 +02:00
Daniel Stenberg
85ce195f75 HEAD: don't force-close after response-headers
A HEAD response has no body length and gets the headers like the
corresponding GET would so it should not get closed after the response
based on the same rules. This mistake caused connections that did HEAD
to get closed too often without a valid reason.

Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
Reported by: Eelco Dolstra
2012-07-12 00:08:37 +02:00
Guenter Knauf
dfe405076e Removed libcurl.imp from Makefile.am.
Updated .gitignore for NetWare created files.
2012-07-11 17:40:09 +02:00
Guenter Knauf
dce2e1aa0f Added missing dependency to export list. 2012-07-11 16:52:48 +02:00
Guenter Knauf
d8ce83e73a Fixed export list path. 2012-07-11 16:01:48 +02:00
Guenter Knauf
33eac5f7fd Changed NetWare build to generate export list. 2012-07-11 15:48:02 +02:00
Guenter Knauf
d4bade7a4e Small NetWare makefile tweak. 2012-07-11 11:54:49 +02:00
Guenter Knauf
f9dfd7e4b7 Changed MinGW makefiles to use WINSSL now. 2012-07-11 11:33:08 +02:00
Yang Tse
4ab2d26cb8 Make Curl_schannel_version() return "WinSSL"
Modification based on voting result:

http://curl.haxx.se/mail/lib-2012-07/0104.html
2012-07-09 15:28:16 +02:00
Daniel Stenberg
904346bf88 cookie: fixed typo in comment 2012-07-09 15:25:34 +02:00
Christian Hägele
c42ca3e73a https_getsock: provided for schannel backend as well
The function https_getsock was only implemented properly when USE_SSLEAY
or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.

The problem occurs when Curl_read_plain or Curl_write_plain returns
CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
the used socket is set to state CURL_POLL_REMOVE and the easy-state is
set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
where https_getsock is called and doesn't return any sockets.
2012-07-09 13:55:23 +02:00
Nick Zitzmann
59c88da74d darwinssl: don't use arc4random_buf
Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
function is not available prior to iOS 4.3 and OS X 10.7.
2012-07-08 15:42:36 +02:00
Nick Zitzmann
825fff880e darwinssl: output cipher with text, remove SNI warning
The code was printing a warning when SNI was set up successfully. Oops.

Printing the cipher number in verbose mode was something only TLS/SSL
programmers might understand, so I had it print the name of the cipher,
just like in the OpenSSL code. That'll be at least a little bit easier
to understand. The SecureTransport API doesn't have a method of getting
a string from a cipher like OpenSSL does, so I had to generate the
strings manually.
2012-07-07 22:37:52 +02:00
Daniel Stenberg
4ac56b9d9f code police: narrow source to < 80 columns 2012-07-06 00:19:41 +02:00
Yang Tse
b1f64d3a2a unicode NTLM SSPI: cleanup follow-up 2012-07-05 23:41:47 +02:00
Yang Tse
e77d867068 unicode NTLM SSPI: cleanup
Reduce the number of #ifdef UNICODE directives used in source files.
2012-07-05 22:18:11 +02:00
Daniel Stenberg
ed7bfeee7a http-proxy: keep CONNECT connections alive (for NTLM)
When doing CONNECT requests, libcurl must make sure the connection is
alive as much as possible. NTLM requires it and it is generally good for
other cases as well.

NTLM over CONNECT requests has been broken since this regression I
introduced in my CONNECT cleanup commits that started with 41b0237834,
included since 7.25.0.

Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
Reported by: Marcel Raad
2012-07-05 11:24:23 +02:00
Guenter Knauf
6fb0ed88d6 Moved some patterns to subfolder's .gitignore. 2012-07-03 14:31:50 +02:00
Guenter Knauf
98ca62c2d6 Merge branch 'master' of ssh://github.com/bagder/curl 2012-07-03 13:01:17 +02:00
Guenter Knauf
1ba5712f88 MinGW makefile tweaks for running from sh.
Added function macros to make path converting easier.
Added CROSSPREFIX to all compile tools.
2012-07-03 12:56:41 +02:00
Marc Hoersken
1a97fd7b63 curl_ntlm_msgs.c: Removed unused variable passwd 2012-07-03 11:41:00 +02:00
Daniel Stenberg
c75ece4442 cookies: change the URL in the cookie jar file header 2012-07-03 11:27:45 +02:00
Yang Tse
e0b9d3b2c9 curl_ntlm_msgs.c: include <tchar.h> for prototypes 2012-07-03 00:14:14 +02:00
Christian Hägele
dd302206ad unicode NTLM SSPI: heap corruption fixed
When compiling libcurl with UNICODE defined and using unicode characters
in username.
2012-07-02 22:59:54 +02:00
Yang Tse
ac6111aeb0 nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes 2012-06-28 16:58:07 +02:00
Marc Hoersken
c0f2bfb2c7 nss.c: Fixed size_t conversion warnings 2012-06-28 16:52:17 +02:00
Yang Tse
74552acaea sslgen.c: cleanup temporary compile-time SSL-backend check 2012-06-28 12:49:12 +02:00
Daniel Stenberg
5600879a1d schannel: provide two additional (dummy) API defines 2012-06-28 08:40:17 +02:00
Daniel Stenberg
5439849246 sslgen: avoid compiler error in SSPI builds 2012-06-27 23:16:14 +02:00
Yang Tse
3bda1cef92 ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
Reported by Tatsuhiro Tsujikawa

http://curl.haxx.se/mail/lib-2012-06/0371.html
2012-06-27 19:06:43 +02:00
Yang Tse
e3014dcc01 sslgen.c: add compile-time check for SSL-backend completeness 2012-06-27 17:14:59 +02:00
Yang Tse
57d2732ccb build: add our standard includes to curl_darwinssl.c and curl_multibyte.c 2012-06-27 17:13:16 +02:00
Yang Tse
e6b2eb78a2 build: add curl_schannel and curl_darwinssl files to other build systems 2012-06-27 14:05:32 +02:00
Nick Zitzmann
7aa95afadd DarwinSSL: allow using NTLM authentication
Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.

This uses CommonCrypto, a cryptography library that ships with all versions of
iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
less-common cyphers and doesn't have a big number data structure.
2012-06-27 11:57:31 +02:00
Yang Tse
dc7dc9786f curl_darwinssl.h: add newline at end of file 2012-06-27 10:55:54 +02:00
Daniel Stenberg
aed6db2cb9 ossl_seed: remove leftover RAND_screen check
Before commit 2dded8fedb (dec 2010) there was logic that used
RAND_screen() at times and now I remove the leftover #ifdef check for
it.

The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
to keep since it hardly increases randomness but I fear I'll break
something if I remove it now...
2012-06-26 22:18:53 +02:00
Nick Zitzmann
3a4b28d473 DarwinSSL: several adjustments
- Renamed st_ function prefix to darwinssl_
- Renamed Curl_st_ function prefix to Curl_darwinssl_
- Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
- Fixed a teensy little bug that made non-blocking connection attempts block
- Made it so that it builds cleanly against the iOS 5.1 SDK
2012-06-26 21:39:48 +02:00
Marc Hoersken
a8478fc8d3 sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union inside the struct Curl_sockaddr_storage declaration.
2012-06-26 21:24:29 +02:00
Daniel Stenberg
849179ba27 SSL cleanup: use crypto functions through the sslgen layer
curl_ntlm_msgs.c would previously use an #ifdef maze and direct
SSL-library calls instead of using the SSL layer we have for this
purpose.
2012-06-26 19:40:36 +02:00
Nick Zitzmann
6d1ea388cb darwinssl: add support for native Mac OS X/iOS SSL 2012-06-26 14:04:15 +02:00
Yang Tse
d025af9bb5 curl_schannel.c: Remove redundant NULL assignments following Curl_safefree() 2012-06-25 21:48:20 +02:00
Marc Hoersken
f99f02bb05 curl_schannel.c: Replace free() with Curl_safefree() 2012-06-25 21:34:31 +02:00
Steve Holme
a28cda3653 smtp: Corrected result code for MAIL, RCPT and DATA commands
Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
Reported by: Dan
2012-06-24 22:40:17 +01:00
Yang Tse
2ebb87f047 build: fix RESOURCE bug in lib/Makefile.vc*
Removed two, not intended to exist, RESOURCE declarations.

Bug: http://curl.haxx.se/bug/view.cgi?id=3535977

And sorted configuration hunks to reflect same internal order
as the one shown in the usage message.
2012-06-20 23:32:24 +02:00
Marc Hoersken
006b83798e schannel: Implement new buffer size strategy
Increase decrypted and encrypted cache buffers using limitted
doubling strategy. More information on the mailinglist:
http://curl.haxx.se/mail/lib-2012-06/0255.html

It updates the two remaining reallocations that have already been there
and fixes the other one to use the same "do we need to increase the
buffer"-condition as the other two.  CURL_SCHANNEL_BUFFER_STEP_SIZE was
renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
is now.  Since we don't know how much more data we are going to read
during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
minimum free space required in the buffer for the next operation.
CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
we don't have a step size now, the define was renamed.
2012-06-20 22:59:03 +02:00
Yang Tse
293c9288b3 schannel SSL: fix compiler warning 2012-06-20 22:26:51 +02:00
Mark Salisbury
8f92e8be12 schannel SSL: fix for renegotiate problem
In schannel_connect_step2() doread should be initialized based
on connssl->connecting_state.
2012-06-20 20:32:14 +02:00
Daniel Stenberg
066811592d schannel_connect_step2: checksrc whitespace fix 2012-06-20 00:51:03 +02:00
Mark Salisbury
72a5813192 schannel SSL: changes in schannel_connect_step2
Process extra data buffer before returning from schannel_connect_step2.
Without this change I've seen WinCE hang when schannel_connect_step2
returns and calls Curl_socket_ready.

If the encrypted handshake does not fit in the intial buffer (seen with
large certificate chain), increasing the encrypted data buffer is necessary.

Fixed warning in curl_schannel.c line 1215.
2012-06-20 00:51:03 +02:00
Mark Salisbury
99b13f2741 config-win32ce.h: WinCE config adjustment
process.h is not present on WinCE
2012-06-20 00:49:49 +02:00
Mark Salisbury
a15378e073 schannel SSL: Made send method handle unexpected cases better
Implemented timeout loop in schannel_send while sending data.  This
is as close as I think we can get to write buffering; I put a big
comment in to explain my thinking.

With some committer adjustments
2012-06-20 00:16:40 +02:00
Marc Hoersken
7d2abe27dd curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size 2012-06-19 22:54:58 +02:00
Mark Salisbury
64962b0218 schannel SSL: Use standard Curl read/write methods
Replaced calls to swrite with Curl_write_plain and calls to sread
with Curl_read_plain.

With some committer adjustments
2012-06-19 20:32:35 +02:00
Yang Tse
75dd191bdf schannel SSL: make wording of some trace messages better reflect reality 2012-06-19 20:32:19 +02:00
Marc Hoersken
e93e3bcb82 curl_schannel.h: Use BUFSIZE as the initial buffer size if available
Make the Schannel implementation use libcurl's default buffer size
for the initial received encrypted and decrypted data cache buffers.
The implementation still needs to handle more data since more data
might have already been received or decrypted during the handshake
or a read operation which needs to be cached for the next read.
2012-06-19 14:41:43 +02:00
Mark Salisbury
8a8829499d schannel SSL: Implemented SSL shutdown
curl_schannel.c - implemented graceful SSL shutdown.  If we fail to
shutdown the connection gracefully, I've seen schannel try to use a
session ID for future connects and the server aborts the connection
during the handshake.
2012-06-19 04:39:46 +02:00
Mark Salisbury
1e4c57fa64 schannel SSL: certificate validation on WinCE
curl_schannel.c - auto certificate validation doesn't seem to work
right on CE.  I added a method to perform the certificate validation
which uses CertGetCertificateChain and manually handles the result.
2012-06-19 04:39:45 +02:00
Mark Salisbury
29dd7192e6 schannel SSL: Added helper methods to simplify code
Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
easier to set up SecBuffer & SecBufferDesc structs.
2012-06-19 04:39:44 +02:00
Mark Salisbury
5a8649863c setup.h: WinCE build adjustment 2012-06-18 18:52:28 +02:00
Mark Salisbury
05f6f2497a ftplistparser.c: do not compile if FTP protocol is not enabled 2012-06-18 18:51:30 +02:00
Yang Tse
d56e8bcc8a Win32: downplay MS bazillion type synonyms game
Avoid usage of some MS type synonyms to allow compilation with
compiler headers that don't define these, using simpler synonyms.
2012-06-16 19:20:50 +02:00
Daniel Stenberg
220776de6b Curl_rtsp_parseheader: avoid useless malloc/free
Coverity actually pointed out flawed logic in the previous call to
Curl_strntoupper() where the code used sizeof() of a pointer to pass in
a size argument. That code still worked since it only needed to
uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
was pointless since the code has already matched the string once in the
condition that starts the block of code.
2012-06-15 22:51:45 +02:00
Daniel Stenberg
3da2c0f6d2 curl_share_setopt: use va_end()
As spotted by Coverity, va_end() was not used previously. To make it
used I took away a bunch of return statements and made them into
assignments instead.
2012-06-15 22:37:19 +02:00
Yang Tse
ac3e356c95 SSPI related code: Unicode support for WinCE - kill compiler warnings 2012-06-15 21:50:57 +02:00
Mark Salisbury
a96fa00f38 SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up 2012-06-15 19:39:18 +02:00
Yang Tse
a5e0583cd3 build: add curl_multibyte files to build systems 2012-06-15 18:41:50 +02:00
Mark Salisbury
46480bb9a1 SSPI related code: Unicode support for WinCE
SSPI related code now compiles with ANSI and WCHAR versions of security
methods (WinCE requires WCHAR versions of methods).

Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.

curl_sasl.c - include curl_memory.h to use correct memory functions.

getenv.c and telnet.c - WinCE compatibility fix

With some committer adjustments
2012-06-15 18:41:49 +02:00
Yang Tse
42f0588ea8 schannel: fix printf-style format strings 2012-06-14 16:55:26 +02:00
Yang Tse
6085ca2aed Fix bad failf() and info() usage
Calls to failf() are not supposed to provide trailing newline.
Calls to infof() must provide trailing newline.

Fixed 30 or so strings.
2012-06-14 13:32:05 +02:00
Yang Tse
a8259945c4 schannel: fix unused parameter warnings 2012-06-14 12:12:54 +02:00
Yang Tse
3af5023a20 schannel: fix comparisons between signed and unsigned 2012-06-14 12:10:51 +02:00
Yang Tse
2bac074f08 schannel: fix discarding qualifier from pointer type 2012-06-14 12:05:48 +02:00
Yang Tse
d098cfd8c0 schannel: fix shadowing of global declarations 2012-06-14 11:53:46 +02:00
Yang Tse
b4b7f6828c schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations 2012-06-14 11:34:12 +02:00
Gisle Vanem
0d0893f2b9 urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
via <winldap.h> in ldap.c.

http://curl.haxx.se/mail/lib-2012-06/0196.html
2012-06-14 01:51:51 +02:00
Guenter Knauf
32ce7f19b2 Changed Schannel string to SSL-Windows-native.
This is more descriptive for the user who might
not even know what schannnel is at all.
2012-06-13 19:29:45 +02:00
Yang Tse
819afe46ee schannel: remove version number and identify its use with 'schannel' literal
Version number is removed in order to make this info consistent with
how we do it with other MS and Linux system libraries for which we don't
provide this info.

Identifier changed from 'WinSSPI' to 'schannel' given that this is the
actual provider of the SSL/TLS support. libcurl can still be built with
SSPI and without SCHANNEL support.
2012-06-13 16:42:48 +02:00
Daniel Stenberg
c13af84372 singlesocket: remove dead code
No need to check if 'entry' is non-NULL in a spot where it is already checked
and guaranteed to be non-NULL.

(Spotted by a Coverity scan)
2012-06-12 23:04:04 +02:00
Daniel Stenberg
47c1bf9e43 netrc: remove dead code
Remove two states from the enum and the corresponding code for them as
these states were never reached or used.

(Spotted by a Coverity scan)
2012-06-12 22:46:14 +02:00
Yang Tse
d95b8e0627 Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
This reverts commit 9c94236e6c.

It didn't server its purpose, so lets go back to long-time working code.
2012-06-12 13:12:09 +02:00
Yang Tse
1e8e6057ea socks_sspi.c: further cleanup 2012-06-12 12:34:52 +02:00
Marc Hoersken
38f05cea46 socks_sspi.c: Clean up and removal of obsolete minor status
Removed obsolete minor status variable and parameter of status function
which was never used or set at all. Also Curl_sspi_strerror does support
only one status and there is no need for a second sub status.
2012-06-12 11:52:42 +02:00
Guenter Knauf
7bf910482e Removed trailing whitespaces. 2012-06-12 05:36:08 +02:00
Yang Tse
b8edf5bbe9 strerror.c: make Curl_sspi_strerror() always return code for errors 2012-06-12 03:57:15 +02:00
Yang Tse
5e7a0fe73b curl_sspi.h: provide sspi status definitions missing in old headers 2012-06-12 03:56:24 +02:00
Yang Tse
746b80a210 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:11:10 +02:00
Yang Tse
764a5e4a50 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:06:48 +02:00
Daniel Stenberg
af0888aaf6 Revert: 634f7cfee4 partially
Make sure CURL_VERSION_SSPI is present and works as in previous releases
for ABI and API compatibility reasons.
2012-06-11 22:58:39 +02:00
Daniel Stenberg
9c18bb3702 checksrc: shorten a few lines to comply 2012-06-11 19:08:46 +02:00
Daniel Stenberg
c7cc914961 cleanup: remove trailing whitespace 2012-06-11 19:06:43 +02:00
Steve Holme
9a51c11074 Makefile.vc6: Added version.lib if built with SSPI 2012-06-11 19:04:16 +02:00
Marc Hoersken
cb142cf217 winbuild: Updated winbuild scripts to add schannel 2012-06-11 19:03:14 +02:00
Marc Hoersken
7da6a9128b mingw32: Fixed warning of USE_SSL being redefined 2012-06-11 19:00:37 +02:00
Marc Hoersken
61d152384e sspi: Fixed incompatible parameter pointer type in Curl_sspi_version 2012-06-11 19:00:37 +02:00
Marc Hoersken
a92df2e007 setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined 2012-06-11 19:00:36 +02:00
Marc Hoersken
634f7cfee4 version: Replaced SSPI feature information with version string details
Added Windows SSPI version information to the curl version string when
SCHANNEL SSL is not enabled, as the version of the library should also
be included when SSPI is used to generate security contexts.

Removed SSPI from the feature list as the features are GSS-Negotiate,
NTLM and SSL depending on the usage of the SSPI library.
2012-06-11 19:00:36 +02:00
Steve Holme
70d56bfe3c sspi.c: Post Curl_sspi_version() rework code tidy up
Removed duplicate blank lines.
Removed spaces between the not and test in various if statements.
Removed explicit test of NULL in an if statement.
Placed function returns on same line as function declarations.
Replaced the use of curl_maprintf() with aprintf() as it is the
preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
is set.
2012-06-11 19:00:36 +02:00
Steve Holme
bd38ebc697 sspi: Reworked Curl_sspi_version() to return version components
Reworked the version function to return four version components rather
than a string that has to be freed by the caller.
2012-06-11 19:00:36 +02:00
Marc Hoersken
7047e2ed72 schannel: Code cleanup and bug fixes
curl_sspi.c: Fixed mingw32-gcc compiler warnings
curl_sspi.c: Fixed length of error code hex output

The hex value was printed as signed 64-bit value on 64-bit systems:
SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)

It is now correctly printed as the following:
SEC_E_WRONG_PRINCIPAL (0x80090322)

curl_sspi.c: Fallback to security function table version number
Instead of reporting an unknown version, the interface version is used.

curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
curl_schannel: Replaced static buffer sizes with defined names
curl_schannel.c: First brace when declaring functions on column 0
curl_schannel.c: Put the pointer sign directly at variable name
curl_schannel.c: Use structs directly instead of typedef'ed structs
curl_schannel.c: Removed space before opening brace
curl_schannel.c: Fixed lines being longer than 80 chars
2012-06-11 19:00:35 +02:00
Marc Hoersken
c1311c2b8f curl_sspi: Added Curl_sspi_version function
Added new function to get SSPI version as string.
Added required library version.lib to makefiles.
Changed curl_schannel.c to use Curl_sspi_version.
2012-06-11 19:00:35 +02:00
Guenter Knauf
0bb5ff5d1a schannel: Updated mingw32 makefiles 2012-06-11 19:00:35 +02:00
Marc Hoersken
64dc957a41 schannel: Replace ASCII specific code with general defines 2012-06-11 19:00:35 +02:00
Marc Hoersken
3d3a3f9e7c schannel: Added definitions which are missing in mingw32 2012-06-11 19:00:34 +02:00
Marc Hoersken
8d78848a39 schannel: Moved interal struct types to urldata.h
Moved type definitions in order to avoid inclusion loop
2012-06-11 19:00:34 +02:00
Marc Hoersken
90412c8613 schannel: Fixed compiler warnings about pointer type assignments 2012-06-11 19:00:34 +02:00
Marc Hoersken
78729e76da schannel: Fixed critical typo in conditions and added buffer length checks 2012-06-11 19:00:34 +02:00
Marc Hoersken
f858bb0d1f sspi: Refactored socks_sspi and schannel to use same error message functions
Moved the error constant switch to curl_sspi.c and added two new helper
functions to curl_sspi.[ch] which either return the constant or a fully
translated message representing the SSPI security status.
Updated socks_sspi.c and curl_schannel.c to use the new functions.
2012-06-11 19:00:34 +02:00
Marc Hoersken
15ca80c831 schannel: Added special shutdown check for Windows 2000 Professional
Windows 2000 Professional:  Schannel returns SEC_E_OK instead
of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
is zero and the first byte of the encrypted packet is 0x15,
the application can safely assume that the message was a
close_notify message and change the return value to
SEC_I_CONTEXT_EXPIRED.

Connection shutdown does not mean that there is no data to read
Correctly handle incomplete message and ask curl to re-read
Fixed buffer for decrypted being to small
Re-structured read condition to be more effective
Removed obsolete verbose messages
Changed memory reduction method to keep a minimum buffer of size 4096
2012-06-11 19:00:34 +02:00
Marc Hoersken
ec9e9f38b1 schannel: Implemented SSL/TLS renegotiation
Updated TODO information and added related MSDN articles
2012-06-11 19:00:34 +02:00
Marc Hoersken
46792af733 schannel: Save session credential handles in session cache 2012-06-11 19:00:34 +02:00
Marc Hoersken
445245ca85 schannel: Code cleanup 2012-06-11 19:00:34 +02:00
Marc Hoersken
f96f1f3165 schannel: Check for required context attributes 2012-06-11 19:00:34 +02:00
Marc Hoersken
bead90a837 schannel: Allow certificate and revocation checks being deactivated 2012-06-11 19:00:34 +02:00
Marc Hoersken
aaa42aa0d5 schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI 2012-06-11 19:00:29 +02:00
Marc Hoersken
1f635608bb http: Replaced specific SSL libraries list in https_getsock fallback 2012-06-11 19:00:29 +02:00
Marc Hoersken
9c94236e6c connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union instead of separate pointer variables.
Internal union sockaddr_u could probably be moved to generic header.
Thanks to Paul Howarth for the hint about using unions for this.

Important for winbuild: Separate declaration of sockaddr_u pointer.
The pointer variable *sock cannot be declared and initialized right
after the union declaration. Therefore it has to be a separate statement.
2012-06-11 15:26:30 +02:00
Marc Hoersken
3f9ab7cf5d curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated 2012-06-11 14:47:23 +02:00
Daniel Stenberg
6cd084a3b5 Curl_pgrsDone: return int and acknowledge return code
Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
abort instruction or similar we need to return that info back and
subsequently properly handle return codes from Curl_pgrsDone() where
used.

(Spotted by a Coverity scan)
2012-06-10 23:40:35 +02:00
Steve Holme
1aaf86a596 smtp.c: Removed unused variable 2012-06-09 19:49:59 +01:00
Steve Holme
6188855b67 smtp: Post apop feature code tidy up 2012-06-09 19:22:29 +01:00
Steve Holme
a3660127a4 pop3: Post apop feature code tidy up 2012-06-09 19:21:44 +01:00
Steve Holme
c09c621af7 pop3: Added support for apop authentication 2012-06-09 13:49:37 +01:00
Steve Holme
4e430a8a16 pop3: Enhanced the extended authentication mechanism detection
Enhanced the authentication type / mechanism detection in preparation
for the introduction of APOP support.
2012-06-09 11:48:44 +01:00
Steve Holme
6478e1d7e5 pop3.c: Fixed length of SASL check 2012-06-09 11:08:08 +01:00
Daniel Stenberg
674e53f40e OpenSSL: support longer certificate subject names
Previously it would use a 256 byte buffer and thus cut off very long
subject names. The limit is now upped to the receive buffer size, 16K.

Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
Reported by: Anthony G. Basile
2012-06-09 00:06:54 +02:00
Kamil Dudka
68857e40d6 ssl: fix duplicated SSL handshake with multi interface and proxy
Bug: https://bugzilla.redhat.com/788526
Reported by: Enrico Scholz
2012-06-08 23:27:11 +02:00
Daniel Stenberg
e3f5e04cf0 openldap: OOM fixes
when calloc fails, return error! (Detected by Fortify)

Reported by: Robert B. Harris
2012-06-08 20:57:11 +02:00
Steve Holme
0cd8c287a4 sasl: Re-factored mechanism constants in preparation for APOP work 2012-06-08 19:52:28 +01:00
Steve Holme
0636af6131 smtp.c: Re-factored the smtp_state_*_resp() functions
Re-factored the smtp_state_*_resp() functions to 1) Match the constants
that were refactored in commit 00fddba672, 2) To be more readable and
3) To match their counterparties in pop3.c.
2012-06-07 22:06:01 +01:00
Steve Holme
00fddba672 smtp: Re-factored the SMTP_AUTH* state machine constants
Re-factored the SMTP_AUTH* constants, that are used by the state
machine, to be clearer to read.
2012-06-06 20:14:52 +01:00
Steve Holme
89b5680d81 smtp.c: Removed whitespace 2012-06-05 14:34:17 +01:00
Steve Holme
0f3c330ad8 pop3: Another small code tidy up
Missed some comments that we identified during the SMTP tidy up earlier.
2012-06-05 13:49:50 +01:00
Steve Holme
7157363ab4 smtp: Post authentication code tidy up
Corrected lines longer than 78 characters.

Removed unnecessary braces in smtp_state_helo_resp().

Introduced some comments in data sending functions.

Tidied up comments to match changes made in pop3.c.
2012-06-05 12:23:01 +01:00
Steve Holme
57e6336794 email: Removed duplicated header file 2012-06-05 11:18:07 +01:00
Steve Holme
64510fe917 sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
For consistency with other SASL based functions renamed this function
to Curl_sasl_create_ntlm_type3_message() which better describes its
usage.
2012-06-04 22:25:45 +01:00
Steve Holme
38dfe52559 pop3: Post authentication code tidy up
Corrected lines longer than 78 characters.

Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
AUTH command is no longer sent on its own.

Introduced some comments in data sending functions.

Another attempt at trying to rational code and comment style.
2012-06-04 22:15:51 +01:00
Steve Holme
7759d10f36 pop3: Added support for sasl digest-md5 authentication 2012-06-04 21:50:16 +01:00
Yang Tse
32ab3276ee sasl: add reference for curl_sasl 2012-06-04 22:51:00 +02:00
Yang Tse
74a7ee9973 Makefile.inc: tab adjustment 2012-06-04 22:50:59 +02:00
Steve Holme
bf51b8c07a sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
Added a service type parameter to Curl_sasl_create_digest_md5_message()
to allow the function to be used by different services rather than being
hard coded to "smtp".
2012-06-04 20:22:06 +01:00
Steve Holme
e336bc7c42 pop3: Changed the sasl mechanism detection from auth to capa
Not all SASL enabled POP3 servers support the AUTH command on its own
when trying to detect the supported mechanisms. As such changed the
mechanism detection to use the CAPA command instead.
2012-06-04 19:09:45 +01:00
Steve Holme
f087211566 sasl: Small code tidy up
Reworked variable names in Curl_sasl_create_cram_md5_message() to match
those in Curl_sasl_create_digest_md5_message() as they are more
appropriate.
2012-06-04 11:02:03 +01:00
Steve Holme
665e16899c sasl: Moved digest-md5 authentication message creation from smtp.c
Moved the digest-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-04 10:53:18 +01:00
Steve Holme
58987556d5 sasl: Small code tidy up before moving digest-md5 over
Correction of comments and variable names.
2012-06-04 10:49:55 +01:00
Steve Holme
8c0bfd3e0c pop3: Added support for sasl cram-md5 authentication 2012-06-03 19:13:16 +01:00
Daniel Stenberg
24f127027b Curl_sasl_create_plain_message: remove TAB 2012-06-03 19:42:47 +02:00
Steve Holme
2b9ca12edf sasl: Small code tidy up
Added some comments and removed an unreferenced variable.
2012-06-03 18:24:35 +01:00
Steve Holme
3b8cf5bd14 pop3.c: Added conditional compilation for NTLM function calls
Added USE_NTLM condition compilation around the NTLM functions called
from pop3_statemach_act() introduced in commit 69f7156ad9.
2012-06-03 17:40:05 +01:00
Steve Holme
c12a414b21 sasl: Moved cram-md5 authentication message creation from smtp.c
Moved the cram-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-03 17:21:49 +01:00
Steve Holme
b5bb61ee69 pop3: Fixed an issue with changes introduced in commit c267c53017
Because pop3_endofresp() is called for each line of data yet is not
passed the line and line length, so we have to use the data pointed to
by pp->linestart_resp which contains the whole packet, the mechanisms
were being detected in one call yet the function would be called for
each line of data.

Using curl with verbose mode enabled would show that one line of data
would be received in response to the AUTH command, before the AUTH
<mechanism> command was sent to the server and then the next few lines
of the original AUTH command would be displayed before the response from
the AUTH <mechanism> command. This would then cause problems when
parsing the CRAM-MD5 challenge data as extra data was contained in the
buffer.

Changed the parsing so that each line is checked for the mechanisms
and the function returns FALSE until the whole of the AUTH response has
been processed.
2012-06-03 17:06:48 +01:00
Steve Holme
273e9afcc8 sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869
Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
is just a nop.
2012-06-03 00:00:34 +01:00
Steve Holme
9c7016f560 pop3.c:Corrected typo in commit 69ba0da827 2012-06-02 23:12:07 +01:00
Steve Holme
69ba0da827 pop3: Fixed the issue of having to supply the user name for all requests
Previously it wasn't possible to connect to POP3 and not specify the
user name as a CURLE_ACCESS_DENIED error would be returned. This error
occurred because USER would be sent to the server with a blank user name
if no mailbox user was specified as the server would reply with -ERR.

This wasn't a problem prior to the 7.26.0 release but with the
introduction of custom commands the user and/or application developer
might want to issue a CAPA command without having to log in as a
specific mailbox user.

Additionally this fix won't send the newly introduced AUTH command if no
user name is specified.
2012-06-02 22:11:37 +01:00
Steve Holme
1fa2af5136 pop3.c: Small code tidy up
Corrected lines exceeding 78 characters.

Repositioned some comments and added extra clarity.
2012-06-02 21:38:55 +01:00
Steve Holme
cfa81b8fb0 sasl: Corrected variable names in comments and parameters 2012-06-02 14:03:55 +01:00
Steve Holme
69f7156ad9 pop3: Added support for sasl ntlm authentication 2012-06-02 11:55:58 +01:00
Steve Holme
6f964e4f06 sasl: Small comment style tidy up following ntlm commit 2012-06-02 11:09:59 +01:00
Steve Holme
d9ca9e9869 sasl: Moved ntlm authentication message handling from smtp.c
Moved the ntlm message creation and decoding from smtp.c into the sasl
module to allow for use by other modules such as pop3.
2012-06-02 11:07:58 +01:00
Steve Holme
2df6e6d9f8 pop3: Added support for sasl login authentication 2012-06-01 15:59:29 +01:00
Steve Holme
54d484e136 sasl: Moved login authentication message creation from smtp.c
Moved the login message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-31 23:11:54 +01:00
Steve Holme
cb3d0ce2cb smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
Rather than encoding the password message itself the
smtp_state_authpasswd_resp() function now delegates the work to the same
function that smtp_state_authlogin_resp() and smtp_authenticate() use
when constructing the encoded user name.
2012-05-31 22:58:07 +01:00
Steve Holme
f86432b119 smtp.c: Re-factored smtp_auth_login_user() for use with passwords
In preparation for moving to the SASL module re-factored the
smtp_auth_login_user() function to smtp_auth_login() so that it can be
used for both user names and passwords as sending both of these under
the login authentication mechanism is the same.
2012-05-31 22:49:14 +01:00
Steve Holme
2c6d32b864 pop3: Added support for sasl plain text authentication 2012-05-31 20:45:53 +01:00
Steve Holme
3c14c524c5 curl_ntlm_msgs.c: Corrected small spelling mistake in comments 2012-05-30 20:56:37 +01:00
Steve Holme
8e860c1662 sasl: Moved plain text authentication message creation from smtp.c
Moved the plain text message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-30 20:52:52 +01:00
Steve Holme
7291c1f565 pop3: Introduced the continue response in pop3_endofresp() 2012-05-28 21:29:01 +01:00
Steve Holme
3fa0fbb816 pop3: Changed response code from O and E to + and -
The POP3 protocol doesn't really have the concept of error codes and
uses +, +OK and -ERR in response to commands to indicate continue,
success and error.

The AUTH command is one of those commands that requires multiple pieces
of data to be sent to the server where the server will respond with + as
part of the handshaking. This meant changing the values before
continuing with the next stage of adding authentication support.
2012-05-28 20:59:10 +01:00
Steve Holme
a9d798c4d5 pop3: Small code tidy up following authentication work so far
Changed the order of the state machine to match the order of actual
events.

Reworked some comments and function parameter positioning that I missed
the other day.
2012-05-28 20:21:52 +01:00
Kamil Dudka
72f4b534c4 nss: use human-readable error messages provided by NSS
Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
2012-05-28 11:24:24 +02:00
Daniel Stenberg
a7731673d0 pop3: remove variable-not-used warnings 2012-05-27 23:29:15 +02:00
Steve Holme
c267c53017 pop3: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the AUTH command. There are two ways of detecting them, either by
using the AUTH command, that will return -ERR if not supported or by
using the CAPA command which will return SASL and the list of mechanisms
if supported, not include SASL if SASL authentication is not supported
or -ERR if the CAPA command is not supported. As such it seems simpler
to use the AUTH command and fallback to normal clear text authentication
if the the command is not supported.

Additionally updated the test cases to return -ERR when the AUTH command
is encountered. Additional test cases will be added when support for the
individual authentication mechanisms is added.
2012-05-27 19:09:38 +01:00
Daniel Stenberg
dc454bd16b pop3: remove trailing whitespace 2012-05-27 14:08:46 +02:00
Steve Holme
c6495bccbf pop3: Code tidy up before the introduction of authentication code
Moved EOB definition into header file.

Switched the logic around in pop3_endofresp() to allow for the
introduction of auth-mechanism detection.

Repositioned second and third function variables where they will fit
within the 78 character line limit.

Tidied up some comments.
2012-05-27 10:54:13 +01:00
Guenter Knauf
cd4cf989bb Try to detect OpenSSL build type automatically. 2012-05-27 03:28:43 +02:00
Steve Holme
9c480490f7 sasl: Re-factored auth-mechanism constants to be more generic 2012-05-25 21:58:17 +01:00
Steve Holme
978b808f7d smtp: Moved auth-mechanism constants into a separate header file
Move the SMTP_AUTH constants into a separate header file in
preparation for adding SASL based authentication to POP3 as the two
protocols will need to share them.
2012-05-25 21:49:25 +01:00
Kamil Dudka
74be993576 nss: avoid using explicit casts of code pointers 2012-05-25 13:35:23 +02:00
Steve Holme
ef60fdbd73 smtp: Fixed an issue with the multi-interface always sending postdata
Due to the result code being reset to CURLE_OK when smtp_dophase_done()
was called, postdata would incorrectly be sent to the server when the
MAIL FROM or RCPT command was rejected.

As such, libcurl would return the wrong result code from performing the
operation and additionally set CURLINFO_RESPONSE_CODE to be that
returned by the postdata command.

Bug: http://curl.haxx.se/mail/lib-2012-05/0108.html
Reported by: Gokhan Sengun
2012-05-22 22:08:25 +01:00
Tatsuhiro Tsujikawa
6cc066a2c5 Fixed compile error with GNUTLS+NETTLE
In nettle/md5.h, md5_init and md5_update are defined as macros to
nettle_md5_init and nettle_md5_update respectively.  This causes
error when using MD5_params.md5_init and md5_update.  This patch
renames these members as md5_init_func and md5_update_func to
avoid name conflict. For completeness, MD5_params.md5_final was
also renamed as md5_final_func.

The changes in curl_ntlm_core.c is conversion error and fixed by
casting to proper type.
2012-05-22 16:40:09 +02:00
Guenter Knauf
1c58f291cc Updated dependency libary versions. 2012-05-22 04:15:37 +02:00
Steve Holme
7ba07c80a1 smtp: Fixed non-escaping of dot character at beginning of line
A dot character at the beginning of a line would not be escaped to a
double dot as required by RFC-2821, instead it would be deleted by the
mail server. Please see section 4.5.2 of the RFC for more information.

Note: This fix also simplifies the detection of repeated CRLF.CRLF
combinations, such as CRLF.CRLF.CRLF, a little rather than having to
advance the eob counter to 2.
2012-05-17 11:31:06 +01:00
Gokhan Sengun
d6773834f2 MD5: OOM fix
check whether md5 initialization succeeded before updating digest of
buffers onto it
2012-05-02 22:58:15 +02:00
Guenter Knauf
1beda0cbb7 Updated dependency lib versions. 2012-04-26 14:40:50 +02:00
Daniel Stenberg
72b72fe8ed URL parse: reject numerical IPv6 addresses outside brackets
Roman Mamedov spotted (in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126) that curl would
not complain when given a URL with an IPv6 numerical address without
brackets. It would simply cut off the last ":[hex]" part and thus not
work correctly.

That's a URL using an illegal syntax and now libcurl will instead return
a clear error code and error message detailing the error.

The above mentioned bug report claims this to be a regression but
libcurl does not guarantee functionality when given URLs that aren't
following the URL spec (RFC3986 mostly). I consider the fact that it
used to handle this differently a mere coincidence.
2012-04-23 23:18:42 +02:00
Daniel Stenberg
bd9eb30ffd Curl_MD5_init: fix OOM memory leak
Bug: http://curl.haxx.se/mail/lib-2012-04/0246.html
Reported by: Michael Mueller
2012-04-23 23:07:40 +02:00
Gokhan Sengun
dd18e714ff OpenSSL cert: provide more details when cert check fails
curl needs to be more chatty regarding certificate verification failure
during SSL handshake
2012-04-23 20:24:15 +02:00
Yang Tse
d6c449e3b4 Revert "sspi: Added version information"
This reverts commit 2976de4808.
2012-04-23 16:28:01 +02:00
Yang Tse
071f8d4182 Revert "sspi - Small code tidy up"
This reverts commit 46cd5f1dad.
2012-04-23 16:27:47 +02:00
Yang Tse
d83233501f Revert "Fixed 'extra tokens at end of #endif directive'."
This reverts commit 77172a242f.
2012-04-23 16:27:33 +02:00
Yang Tse
419a50f817 Revert "Fixed 'Trailing whitespace' found by checksrc."
This reverts commit 683bfa60ad.
2012-04-23 16:27:20 +02:00
Yang Tse
975d23480c Revert "sspi: Code tidy up to remove unused variable."
This reverts commit 412510f974.
2012-04-23 16:27:04 +02:00
Steve Holme
412510f974 sspi: Code tidy up to remove unused variable. 2012-04-22 21:00:32 +01:00
Guenter Knauf
683bfa60ad Fixed 'Trailing whitespace' found by checksrc. 2012-04-22 21:19:36 +02:00
Guenter Knauf
77172a242f Fixed 'extra tokens at end of #endif directive'. 2012-04-22 21:10:17 +02:00
Steve Holme
46cd5f1dad sspi - Small code tidy up 2012-04-22 18:59:07 +01:00
Steve Holme
2976de4808 sspi: Added version information
Added version information for Windows SSPI to curl's main version
string and removed SSPI from the features string.
2012-04-22 18:49:27 +01:00
Daniel Stenberg
560cd62272 HTTP: empty chunked POST ended up in two zero size chunks
When doing a chunked-encoded POST with -d (CURLOPT_POSTFIELDS) and the
size of the POST was zero length, it made libcurl first send a zero
chunk and then the terminating one. This could confuse a receiver and it
should rather just send the terminating chunk as it does with this fix.

Test case 1333 is added to verify.

Bug: http://curl.haxx.se/mail/archive-2012-04/0060.html
Reported by: Arnaud Compan
2012-04-20 22:25:31 +02:00
Guenter Knauf
0f54880277 Updated dependency lib versions. 2012-04-20 13:33:54 +02:00