diff options
| -rw-r--r-- | lib/Makefile.netware | 14 | ||||
| -rw-r--r-- | lib/curl_gssapi.h | 13 | ||||
| -rw-r--r-- | lib/curl_sasl_gssapi.c | 14 | ||||
| -rw-r--r-- | lib/ftp.c | 63 | ||||
| -rw-r--r-- | lib/ftp.h | 11 | ||||
| -rw-r--r-- | lib/http_negotiate.c | 15 | ||||
| -rw-r--r-- | lib/krb5.c | 13 | ||||
| -rw-r--r-- | lib/socks_gssapi.c | 18 | ||||
| -rw-r--r-- | lib/vtls/nss.c | 4 | ||||
| -rw-r--r-- | winbuild/BUILD.WINDOWS.txt | 3 | ||||
| -rw-r--r-- | winbuild/Makefile.vc | 13 | ||||
| -rw-r--r-- | winbuild/MakefileBuild.vc | 27 |
12 files changed, 119 insertions, 89 deletions
diff --git a/lib/Makefile.netware b/lib/Makefile.netware index 802959ce9..2cd754a70 100644 --- a/lib/Makefile.netware +++ b/lib/Makefile.netware @@ -214,6 +214,11 @@ WITH_SSL = else ifeq ($(findstring -ssl,$(CFG)),-ssl) WITH_SSL = 1 +ifeq ($(findstring -srp,$(CFG)),-srp) +ifeq "$(wildcard $(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h)" "$(OPENSSL_PATH)/outinc_nw_$(LIBARCH_L)/openssl/srp.h" +WITH_SRP = 1 +endif +endif endif endif ifeq ($(findstring -zlib,$(CFG)),-zlib) @@ -638,6 +643,10 @@ ifdef WITH_SSL @echo $(DL)#define HAVE_LIBSSL 1$(DL) >> $@ @echo $(DL)#define HAVE_LIBCRYPTO 1$(DL) >> $@ @echo $(DL)#define OPENSSL_NO_KRB5 1$(DL) >> $@ +ifdef WITH_SRP + @echo $(DL)#define HAVE_SSLEAY_SRP 1$(DL) >> $@ + @echo $(DL)#define USE_TLS_SRP 1$(DL) >> $@ +endif ifdef WITH_SPNEGO @echo $(DL)#define HAVE_SPNEGO 1$(DL) >> $@ endif @@ -690,6 +699,11 @@ ifdef WITH_SSL else @echo SSL support: no endif +ifdef WITH_SRP + @echo SRP support: enabled +else + @echo SRP support: no +endif ifdef WITH_SSH2 @echo SSH2 support: enabled (libssh2) else diff --git a/lib/curl_gssapi.h b/lib/curl_gssapi.h index 35e4b2484..19aab64e6 100644 --- a/lib/curl_gssapi.h +++ b/lib/curl_gssapi.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2011 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2011 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,6 +59,17 @@ OM_uint32 Curl_gss_init_sec_context( void Curl_gss_log_error(struct SessionHandle *data, OM_uint32 status, const char *prefix); +/* Provide some definitions missing in old headers */ +#ifdef HAVE_OLD_GSSMIT +#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name +#define NCOMPAT 1 +#endif + +/* Define our privacy and integrity protection values */ +#define GSSAUTH_P_NONE 1 +#define GSSAUTH_P_INTEGRITY 2 +#define GSSAUTH_P_PRIVACY 4 + #endif /* HAVE_GSSAPI */ #endif /* HEADER_CURL_GSSAPI_H */ diff --git a/lib/curl_sasl_gssapi.c b/lib/curl_sasl_gssapi.c index 6dda0e907..d8f811961 100644 --- a/lib/curl_sasl_gssapi.c +++ b/lib/curl_sasl_gssapi.c @@ -5,7 +5,8 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2014, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2014 - 2015, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,15 +27,6 @@ #if defined(HAVE_GSSAPI) && defined(USE_KERBEROS5) -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif - -#define GSSAUTH_P_NONE 1 -#define GSSAUTH_P_INTEGRITY 2 -#define GSSAUTH_P_PRIVACY 4 - #include <curl/curl.h> #include "curl_sasl.h" @@ -126,7 +118,7 @@ CURLcode Curl_sasl_create_gssapi_user_message(struct SessionHandle *data, /* Import the SPN */ gss_major_status = gss_import_name(&gss_minor_status, &spn_token, - gss_nt_service_name, &krb5->spn); + GSS_C_NT_HOSTBASED_SERVICE, &krb5->spn); if(GSS_ERROR(gss_major_status)) { Curl_gss_log_error(data, gss_minor_status, "gss_import_name() failed: "); @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -294,10 +294,10 @@ static void freedirs(struct ftp_conn *ftpc) ftpc->dirs = NULL; ftpc->dirdepth = 0; } - if(ftpc->file) { - free(ftpc->file); - ftpc->file = NULL; - } + Curl_safefree(ftpc->file); + + /* no longer of any use */ + Curl_safefree(ftpc->newhost); } /* Returns non-zero if the given string contains CR (\r) or LF (\n), @@ -1815,6 +1815,13 @@ static CURLcode ftp_state_quote(struct connectdata *conn, static CURLcode ftp_epsv_disable(struct connectdata *conn) { CURLcode result = CURLE_OK; + + if(conn->bits.ipv6) { + /* We can't disable EPSV when doing IPv6, so this is instead a fail */ + failf(conn->data, "Failed EPSV attempt, exiting\n"); + return CURLE_FTP_WEIRD_SERVER_REPLY; + } + infof(conn->data, "Failed EPSV attempt. Disabling EPSV\n"); /* disable it for next transfer */ conn->bits.ftp_use_epsv = FALSE; @@ -1917,6 +1924,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, unsigned short connectport; /* the local port connect() should use! */ char *str=&data->state.buffer[4]; /* start on the first letter */ + /* if we come here again, make sure the former name is cleared */ + Curl_safefree(ftpc->newhost); + if((ftpc->count1 == 0) && (ftpcode == 229)) { /* positive EPSV response */ @@ -1949,18 +1959,10 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, if(ptr) { ftpc->newport = (unsigned short)(num & 0xffff); - if(conn->bits.tunnel_proxy || - conn->proxytype == CURLPROXY_SOCKS5 || - conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME || - conn->proxytype == CURLPROXY_SOCKS4 || - conn->proxytype == CURLPROXY_SOCKS4A) - /* proxy tunnel -> use other host info because ip_addr_str is the - proxy address not the ftp host */ - snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", - conn->host.name); - else - /* use the same IP we are already connected to */ - snprintf(ftpc->newhost, NEWHOST_BUFSIZE, "%s", conn->ip_addr_str); + /* use the original host name again */ + ftpc->newhost = strdup(conn->host.name); + if(!ftpc->newhost) + return CURLE_OUT_OF_MEMORY; } } else @@ -2001,26 +2003,21 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, /* we got OK from server */ if(data->set.ftp_skip_ip) { - /* told to ignore the remotely given IP but instead use the one we used + /* told to ignore the remotely given IP but instead use the host we used for the control connection */ - infof(data, "Skips %d.%d.%d.%d for data connection, uses %s instead\n", + infof(data, "Skip %d.%d.%d.%d for data connection, re-use %s instead\n", ip[0], ip[1], ip[2], ip[3], - conn->ip_addr_str); - if(conn->bits.tunnel_proxy || - conn->proxytype == CURLPROXY_SOCKS5 || - conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME || - conn->proxytype == CURLPROXY_SOCKS4 || - conn->proxytype == CURLPROXY_SOCKS4A) - /* proxy tunnel -> use other host info because ip_addr_str is the - proxy address not the ftp host */ - snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", conn->host.name); - else - snprintf(ftpc->newhost, sizeof(ftpc->newhost), "%s", - conn->ip_addr_str); + conn->host.name); + + /* use the original host name again */ + ftpc->newhost = strdup(conn->host.name); } else - snprintf(ftpc->newhost, sizeof(ftpc->newhost), - "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + ftpc->newhost = aprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + + if(!ftpc->newhost) + return CURLE_OUT_OF_MEMORY; + ftpc->newport = (unsigned short)(((port[0]<<8) + port[1]) & 0xffff); } else if(ftpc->count1 == 0) { @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -147,11 +147,10 @@ struct ftp_conn { curl_off_t known_filesize; /* file size is different from -1, if wildcard LIST parsing was done and wc_statemach set it */ - /* newhost must be able to hold a full IP-style address in ASCII, which - in the IPv6 case means 5*8-1 = 39 letters */ -#define NEWHOST_BUFSIZE 48 - char newhost[NEWHOST_BUFSIZE]; /* this is the pair to connect the DATA... */ - unsigned short newport; /* connection to */ + /* newhost is the (allocated) IP addr or host name to connect the data + connection to */ + char *newhost; /* this is the pair to connect the DATA... */ + unsigned short newport; /* connection to */ }; diff --git a/lib/http_negotiate.c b/lib/http_negotiate.c index 97d0cb762..5967022b5 100644 --- a/lib/http_negotiate.c +++ b/lib/http_negotiate.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -22,14 +22,7 @@ #include "curl_setup.h" -#ifdef HAVE_GSSAPI - -#if !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) - -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif +#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_HTTP) && defined(USE_SPNEGO) #include "urldata.h" #include "sendf.h" @@ -211,6 +204,4 @@ void Curl_cleanup_negotiate(struct SessionHandle *data) cleanup(&data->state.proxyneg); } -#endif /* !CURL_DISABLE_HTTP && USE_SPNEGO */ - -#endif /* HAVE_GSSAPI */ +#endif /* HAVE_GSSAPI && !CURL_DISABLE_HTTP && USE_SPNEGO */ diff --git a/lib/krb5.c b/lib/krb5.c index a0d7bb4f0..f0cb3f196 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -2,7 +2,7 @@ * * Copyright (c) 1995, 1996, 1997, 1998, 1999, 2013 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). - * Copyright (c) 2004 - 2014 Daniel Stenberg + * Copyright (c) 2004 - 2015 Daniel Stenberg * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -34,13 +34,7 @@ #include "curl_setup.h" -#ifndef CURL_DISABLE_FTP -#ifdef HAVE_GSSAPI - -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif +#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_FTP) #ifdef HAVE_NETDB_H #include <netdb.h> @@ -335,5 +329,4 @@ struct Curl_sec_client_mech Curl_krb5_client_mech = { krb5_decode }; -#endif /* HAVE_GSSAPI */ -#endif /* CURL_DISABLE_FTP */ +#endif /* HAVE_GSSAPI && !CURL_DISABLE_FTP */ diff --git a/lib/socks_gssapi.c b/lib/socks_gssapi.c index f195c1a0e..8a016d09e 100644 --- a/lib/socks_gssapi.c +++ b/lib/socks_gssapi.c @@ -6,7 +6,7 @@ * \___|\___/|_| \_\_____| * * Copyright (C) 2009, 2011, Markus Moeller, <markus_moeller@compuserve.com> - * Copyright (C) 2012 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 2012 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,16 +23,7 @@ #include "curl_setup.h" -#ifndef CURL_DISABLE_PROXY - -#ifdef HAVE_GSSAPI -#ifdef HAVE_OLD_GSSMIT -#define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name -#define NCOMPAT 1 -#endif -#ifndef gss_nt_service_name -#define gss_nt_service_name GSS_C_NT_HOSTBASED_SERVICE -#endif +#if defined(HAVE_GSSAPI) && !defined(CURL_DISABLE_PROXY) #include "curl_gssapi.h" #include "urldata.h" @@ -162,7 +153,7 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, serviceptr, conn->proxy.name); gss_major_status = gss_import_name(&gss_minor_status, &service, - gss_nt_service_name, &server); + GSS_C_NT_HOSTBASED_SERVICE, &server); } gss_release_buffer(&gss_status, &service); /* clear allocated memory */ @@ -530,6 +521,5 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex, return CURLE_OK; } -#endif -#endif /* CURL_DISABLE_PROXY */ +#endif /* HAVE_GSSAPI && !CURL_DISABLE_PROXY */ diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index dd83a9d68..37fe48079 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -659,6 +659,8 @@ static void HandshakeCallback(PRFileDesc *sock, void *arg) unsigned int buflen; SSLNextProtoState state; + struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET]; + if(!conn->data->set.ssl_enable_npn && !conn->data->set.ssl_enable_alpn) { return; } diff --git a/winbuild/BUILD.WINDOWS.txt b/winbuild/BUILD.WINDOWS.txt index 757c41f57..7d6b364e2 100644 --- a/winbuild/BUILD.WINDOWS.txt +++ b/winbuild/BUILD.WINDOWS.txt @@ -19,7 +19,7 @@ Building with Visual C++, prerequises http://www.microsoft.com/en-us/download/details.aspx?id=12261
- If you wish to support zlib, openssl, ssh2, you will have to download
+ If you wish to support zlib, openssl, c-ares, ssh2, you will have to download
them separately and copy them to the deps directory as shown below:
somedirectory\
@@ -64,6 +64,7 @@ where <options> is one or many of: Libraries can be fetched at http://windows.php.net/downloads/php-sdk/deps/
Uncompress them into the deps folder.
WITH_SSL=<dll or static> - Enable OpenSSL support, DLL or static
+ WITH_CARES=<dll or static> - Enable c-ares support, DLL or static
WITH_ZLIB=<dll or static> - Enable zlib support, DLL or static
WITH_SSH2=<dll or static> - Enable libSSH2 support, DLL or static
ENABLE_SSPI=<yes or no> - Enable SSPI support, defaults to yes
diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc index 6dc58c4ef..21e1614ae 100644 --- a/winbuild/Makefile.vc +++ b/winbuild/Makefile.vc @@ -21,6 +21,7 @@ CFGSET=true !MESSAGE Libraries can be fetched at http://pecl2.php.net/downloads/php-windows-builds/
!MESSAGE Uncompress them into the deps folder.
!MESSAGE WITH_SSL=<dll or static> - Enable OpenSSL support, DLL or static
+!MESSAGE WITH_CARES=<dll or static> - Enable c-ares support, DLL or static
!MESSAGE WITH_ZLIB=<dll or static> - Enable zlib support, DLL or static
!MESSAGE WITH_SSH2=<dll or static> - Enable libSSH2 support, DLL or static
!MESSAGE ENABLE_IDN=<yes or no> - Enable use of Windows IDN APIs, defaults to yes
@@ -107,6 +108,14 @@ USE_SSL = true SSL = static
!ENDIF
+!IF "$(WITH_CARES)"=="dll"
+USE_CARES = true
+CARES = dll
+!ELSEIF "$(WITH_CARES)"=="static"
+USE_CARES = true
+CARES = static
+!ENDIF
+
!IF "$(WITH_ZLIB)"=="dll"
USE_ZLIB = true
ZLIB = dll
@@ -141,6 +150,10 @@ CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-static CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-ssl-$(SSL)
!ENDIF
+!IF "$(USE_CARES)"=="true"
+CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-cares-$(CARES)
+!ENDIF
+
!IF "$(USE_ZLIB)"=="true"
CONFIG_NAME_LIB = $(CONFIG_NAME_LIB)-zlib-$(ZLIB)
!ENDIF
diff --git a/winbuild/MakefileBuild.vc b/winbuild/MakefileBuild.vc index b9e150c43..985c1bcc2 100644 --- a/winbuild/MakefileBuild.vc +++ b/winbuild/MakefileBuild.vc @@ -121,6 +121,27 @@ SSL = static SSL_CFLAGS = /DUSE_SSLEAY /I"$(DEVEL_INCLUDE)/openssl"
!ENDIF
+!IF "$(WITH_CARES)"=="dll"
+!IF "$(DEBUG)"=="yes"
+CARES_LIBS = caresd.lib
+!ELSE
+CARES_LIBS = cares.lib
+!ENDIF
+USE_CARES = true
+CARES = dll
+!ELSEIF "$(WITH_CARES)"=="static"
+!IF "$(DEBUG)"=="yes"
+CARES_LIBS = libcaresd.lib
+!ELSE
+CARES_LIBS = libcares.lib
+!ENDIF
+USE_CARES = true
+CARES = static
+!ENDIF
+
+!IFDEF USE_CARES
+CARES_CFLAGS = /DUSE_ARES /I"$(DEVEL_INCLUDE)/cares"
+!ENDIF
!IF "$(WITH_ZLIB)"=="dll"
ZLIB_LIBS = zlib.lib
@@ -297,6 +318,11 @@ CFLAGS = $(CFLAGS) $(SSL_CFLAGS) LFLAGS = $(LFLAGS) $(SSL_LFLAGS) $(SSL_LIBS)
!ENDIF
+!IF "$(USE_CARES)"=="true"
+CFLAGS = $(CFLAGS) $(CARES_CFLAGS)
+LFLAGS = $(LFLAGS) $(CARES_LFLAGS) $(CARES_LIBS)
+!ENDIF
+
!IF "$(USE_ZLIB)"=="true"
CFLAGS = $(CFLAGS) $(ZLIB_CFLAGS)
LFLAGS = $(LFLAGS) $(ZLIB_LFLAGS) $(ZLIB_LIBS)
@@ -376,6 +402,7 @@ package: $(TARGET) $(TARGET): $(LIB_OBJS) $(LIB_DIROBJ) $(DISTDIR)
@echo Using SSL: $(USE_SSL)
+ @echo Using c-ares: $(USE_CARES)
@echo Using SSH2: $(USE_SSH2)
@echo Using ZLIB: $(USE_ZLIB)
@echo Using IDN: $(USE_IDN)
|