Age | Commit message (Collapse) | Author |
|
Prior to this change schannel ignored --tls-max (CURL_SSLVERSION_MAX_
macros) when --tlsv1 (CURL_SSLVERSION_TLSv1) or default TLS
(CURL_SSLVERSION_DEFAULT), using a max of TLS 1.2 always.
Closes https://github.com/curl/curl/pull/4633
|
|
Ref: https://github.com/curl/curl/pull/4607
|
|
- Generate VQUIC and VSSH filenames in Visual Studio project files.
Prior to this change generated Visual Studio project configurations that
enabled SSH did not build properly. Broken since SSH files were moved to
lib/vssh 3 months ago in 5b2d703.
Fixes https://github.com/curl/curl/issues/4492
Fixes https://github.com/curl/curl/issues/4630
Closes https://github.com/curl/curl/pull/4607
|
|
|
|
- Disable the extra sensitivity except in debug builds (--enable-debug).
- Improve SYSCALL error message logic in ossl_send and ossl_recv so that
"No error" / "Success" socket error text isn't shown on SYSCALL error.
Prior to this change 0ab38f5 (precedes 7.67.0) increased the sensitivity
of OpenSSL's SSL_ERROR_SYSCALL error so that abrupt server closures were
also considered errors. For example, a server that does not send a known
protocol termination point (eg HTTP content length or chunked encoding)
_and_ does not send a TLS termination point (close_notify alert) would
cause an error if it closed the connection.
To be clear that behavior made it into release build 7.67.0
unintentionally. Several users have reported it as an issue.
Ultimately the idea is a good one, since it can help prevent against a
truncation attack. Other SSL backends may already behave similarly (such
as Windows native OS SSL Schannel). However much more of our user base
is using OpenSSL and there is a mass of legacy users in that space, so I
think that behavior should be partially reverted and then rolled out
slowly.
This commit changes the behavior so that the increased sensitivity is
disabled in all curl builds except curl debug builds (DEBUGBUILD). If
after a period of time there are no major issues then it can be enabled
in dev and release builds with the newest OpenSSL (1.1.1+), since users
using the newest OpenSSL are the least likely to have legacy problems.
Bug: https://github.com/curl/curl/issues/4409#issuecomment-555955794
Reported-by: Bjoern Franke
Fixes https://github.com/curl/curl/issues/4624
Closes https://github.com/curl/curl/pull/4623
|
|
Reported-by: Paulo Roberto Tomasi
Bug: https://curl.haxx.se/mail/archive-2019-11/0005.html
Closes https://github.com/curl/curl/pull/4593
|
|
Closes #4628
|
|
To avoid potential issues with error code reuse.
Reported-by: Christoph M. Becker
Assisted-by: Dan Fandrich
Fixes #4601
Closes #4627
|
|
|
|
Starting with this change when doing parallel transfers, without this
option set, curl will prefer to create new transfers multiplexed on an
existing connection rather than creating a brand new one.
--parallel-immediate can be set to tell curl to prefer to use new
connections rather than to wait and try to multiplex.
libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default
on parallel transfers.
Suggested-by: Tom van der Woerdt
Closes #4500
|
|
Change 'experiemental' to 'experimental'.
Closes #4618
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
- s/USE_CYASSL/USE_WOLFSSL/
- Remove old compatibility macros.
Follow-up to 1c6c59a from several months ago when CyaSSL named symbols
were renamed to wolfSSL. The wolfSSL library was formerly named CyaSSL
and we kept using their old name for compatibility reasons, until
earlier this year.
|
|
|
|
Fixes #4525
Closes #4603
|
|
... as both ngtcp2 and quiche now support that in their master branches
Closes #4604
|
|
Fixes #4614
Closes #4615
|
|
Reviewed-by: Tatsuhiro Tsujikawa
Fixes #4612
Closes #4613
|
|
Prior to this change:
The check if an extra wait is necessary was based not on the
number of extra fds but on the pointer.
If a non-null pointer was given in extra_fds, but extra_nfds
was zero, then the wait was skipped even though poll was not
called.
Closes https://github.com/curl/curl/pull/4610
|
|
Follow-up to 5b2d703 which moved ssh source files to vssh.
Closes https://github.com/curl/curl/pull/4609
|
|
Closes #4606
|
|
Improved estimation of expected_len and updated related comments;
increased strictness of QNAME-encoding, adding error detection for empty
labels and names longer than the overall limit; avoided treating DNAME
as unexpected;
updated unit test 1655 with more thorough set of proofs and tests
Closes #4598
|
|
Assisted-by: Javier Blazquez
Ref #4525 (partial fix)
Closes #4600
|
|
Define the OS macro properly for Windows on ARM builds. Also, we might
as well add the GCC-style IA-64 macro.
Closes #4590
|
|
Show how curl_multi_poll() makes it even easier to use the multi
interface.
Closes #4596
|
|
Fixes #4594
Closes #4595
Reported-by: 3dyd on github
|
|
Regression from e59371a4936f8 (7.67.0)
Added test 490, 491 and 492 to verify the functionality.
Reported-by: Kamil Dudka
Reported-by: Anderson Sasaki
Fixes #4588
Closes #4591
|
|
|
|
Pseudo header MUST come before regular headers or cause an error.
Reported-by: Cynthia Coan
Fixes #4571
Closes #4584
|
|
Follow the pattern of many other callbacks.
Ref: #4546
Closes #4585
|
|
The disable-scan script used in test 1165 is extended to also verify
that the docs cover all used defines and all defines offered by
configure.
Reported-by: SLDiggie on github
Fixes #4545
Closes #4587
|
|
Since 59041f0, a new timer might be set in multi_done() so the clearing
of the timers need to happen afterwards!
Reported-by: Max Kellermann
Fixes #4575
Closes #4583
|
|
Classic MinGW / MSYS 1 doesn't support `MSYS2_ARG_CONV_EXCL`, so this
test unnecessarily failed when using `file:/` instead of `file:///`.
Closes https://github.com/curl/curl/pull/4554
|
|
... avoids unnecesary recursive risk when the transfer is already done.
Reported-by: Richard Bowker
Fixes #4563
Closes #4574
|
|
- Use FORMAT_MESSAGE_IGNORE_INSERTS to ignore format specifiers in
Windows error strings.
Since we are not in control of the error code we don't know what
information may be needed by the error string's format specifiers.
Prior to this change Windows API error strings which contain specifiers
(think specifiers like similar to printf specifiers) would not be shown.
The FormatMessage Windows API call which turns a Windows error code into
a string could fail and set error ERROR_INVALID_PARAMETER if that error
string contained a format specifier. FormatMessage expects a va_list for
the specifiers, unless inserts are ignored in which case no substitution
is attempted.
Ref: https://devblogs.microsoft.com/oldnewthing/20071128-00/?p=24353
|
|
Fixed build by MCST lcc compiler on MCST Elbrus 2000 architecture and do
some code cleanup.
e2k (Elbrus 2000) - this is VLIW/EPIC architecture, like Intel Itanium
architecture.
Ref: https://en.wikipedia.org/wiki/Elbrus_2000
Closes https://github.com/curl/curl/pull/4576
|
|
Closes #4418
|
|
Closes #4477
|
|
Closes #4476
|
|
The URL parser function can't reject a bad IPv6 address properly when
curl was built without IPv6 support.
Reported-by: Marcel Raad
Fixes #4556
Closes #4572
|
|
- Consider a modified file to be committed this year.
- Make the travis CHECKSRC also do COPYRIGHTYEAR scan in examples and
includes
- Ignore 0 parents when getting latest commit date of file.
since in the CI we're dealing with a truncated repo of last 50 commits,
the file's most recent commit may not be available. when this happens
git log and rev-list show the initial commit (ie first commit not to be
truncated) but that's incorrect so ignore it.
Ref: https://github.com/curl/curl/pull/4547
Closes https://github.com/curl/curl/pull/4549
Co-authored-by: Jay Satiro
|
|
.. because checksrc's copyright year check stopped working.
Ref: https://github.com/curl/curl/pull/4547
Closes https://github.com/curl/curl/pull/4549
|
|
|
|
|
|
|
|
in addition to authors
|
|
Closes https://github.com/curl/curl/pull/4570
|
|
Closes #3704
|
|
Fixes https://github.com/curl/curl/issues/4565
Closes https://github.com/curl/curl/pull/4566
|
|
Closes https://github.com/curl/curl/pull/4567
|
|
The 7.67.0 release
|