curl/tests/data/test277, branch master cURL mirror with patches applied mime: tests and examples. 2017-09-02T18:08:45+00:00 Patrick Monnerat patrick@monnerat.net 2017-09-02T18:08:45+00:00 3baf36edf6ed1d7c74d68846d79f87334b573aea Additional mime-specific tests. Existing tests updated to reflect small differences (Expect: 100-continue, data size change due to empty lines, etc). Option -F headers= keyword added to tests. test1135 disabled until the entry point order change is resolved. New example smtp-mime. Examples postit2 and multi-post converted from form API to mime API. 
Additional mime-specific tests.
Existing tests updated to reflect small differences (Expect: 100-continue,
data size change due to empty lines, etc).
Option -F headers= keyword added to tests.
test1135 disabled until the entry point order change is resolved.
New example smtp-mime.
Examples postit2 and multi-post converted from form API to mime API.
formpost: better random boundaries 2013-06-25T07:55:49+00:00 Daniel Stenberg daniel@haxx.se 2013-06-24T20:24:35+00:00 365c5ba39591fab2e60bf4f0e67d9dcf79ecc506 When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris" 
When doing multi-part formposts, libcurl used a pseudo-random value that
was seeded with time(). This turns out to be bad for users who formpost
data that is provided with users who then can guess how the boundary
string will look like and then they can forge a different formpost part
and trick the receiver.

My advice to such implementors is (still even after this change) to not
rely on the boundary strings being cryptographically strong. Fix your
code and logic to not depend on them that much!

I moved the Curl_rand() function into the sslgen.c source file now to be
able to take advantage of the SSL library's random function if it
provides one. If not, try to use the RANDOM_FILE for seeding and as a
last resort keep the old logic, just modified to also add microseconds
which makes it harder to properly guess the exact seed.

The formboundary() function in formdata.c is now using 64 bit entropy
for the boundary and therefore the string of dashes was reduced by 4
letters and there are 16 hex digits following it. The total length is
thus still the same.

Bug: http://curl.haxx.se/bug/view.cgi?id=1251
Reported-by: "Floris"
Replaced 127.0.0.1 with %HOSTIP where possible 2007-09-14T19:32:31+00:00 Dan Fandrich dan@coneharvesters.com 2007-09-14T19:32:31+00:00 05e4a3026da7c2dfbd3ed340a01d4a221a721168 






Convert (most of) the test data files into genuine XML.  A handful still
2007-01-23T02:25:56+00:00

Dan Fandrich
dan@coneharvesters.com

2007-01-23T02:25:56+00:00

33bea767ebd0bbf11867fe1af31dc345e9f816af

are not, due mainly to the lack of support for XML character entities
(e.g. & => & ).  This will make it easier to validate test files using
tools like xmllint, as well as edit and view them using XML tools.





are not, due mainly to the lack of support for XML character entities
(e.g. & => & ).  This will make it easier to validate test files using
tools like xmllint, as well as edit and view them using XML tools.







Venkat Akella found out that libcurl did not like HTTP responses that simply
2006-11-25T13:32:04+00:00

Daniel Stenberg
daniel@haxx.se

2006-11-25T13:32:04+00:00

da58d03ff7be9fc5e0219d95ce2f9932e2272473

responded with a single status line and no headers nor body. Starting now, a
HTTP response on a persistent connection (i.e not set to be closed after the
response has been taken care of) must have Content-Length or chunked
encoding set, or libcurl will simply assume that there is no body.

To my horror I learned that we had no less than 57(!) test cases that did bad
HTTP responses like this, and even the test http server (sws) responded badly
when queried by the test system if it is the test system. So although the
actual fix for the problem was tiny, going through all the newly failing test
cases got really painful and boring.





responded with a single status line and no headers nor body. Starting now, a
HTTP response on a persistent connection (i.e not set to be closed after the
response has been taken care of) must have Content-Length or chunked
encoding set, or libcurl will simply assume that there is no body.

To my horror I learned that we had no less than 57(!) test cases that did bad
HTTP responses like this, and even the test http server (sws) responded badly
when queried by the test system if it is the test system. So although the
actual fix for the problem was tiny, going through all the newly failing test
cases got really painful and boring.







test case 277 - HTTP RFC1867-type formposting with custom Content-Type
2006-07-27T22:44:56+00:00

Daniel Stenberg
daniel@haxx.se

2006-07-27T22:44:56+00:00

c10d15aa0fe332f98fb4eac34328034a0de03095