aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-11-16openssl: do not log excess "TLS app data" lines for TLS 1.3Peter Wu
The SSL_CTX_set_msg_callback callback is not just called for the Handshake or Alert protocols, but also for the raw record header (SSL3_RT_HEADER) and the decrypted inner record type (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid excess debug spam when using `curl -v` against a TLSv1.3-enabled server: * TLSv1.3 (IN), TLS app data, [no content] (0): (Following this message, another callback for the decrypted handshake/alert messages will be be present anyway.) Closes https://github.com/curl/curl/pull/3281
2018-11-15tests: disable SO_EXCLUSIVEADDRUSE for stunnel on WindowsMarc Hoersken
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, but does not work together with SO_REUSEADDR being on. The default changes were made with stunnel 5.34 and 5.35.
2018-11-13nss: remove version selecting dead codeKamil Dudka
Closes #3262
2018-11-13nss: set default max-tls to 1.3/1.2Daniel Stenberg
Fixes #3261
2018-11-13tool_cb_wrt: Silence function cast compiler warningDaniel Gustafsson
Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new compiler warning on Windows cross compilation with GCC. See below for an example of the warning from the autobuild logs (whitespace edited to fit): /src/tool_cb_wrt.c:175:9: warning: cast from function call of type 'intptr_t {aka long long int}' to non-matching type 'void *' [-Wbad-function-cast] (HANDLE) _get_osfhandle(fileno(outs->stream)), ^ Store the return value from _get_osfhandle() in an intermediate variable and cast the variable in WriteConsoleW() rather than the function call directly to avoid a compiler warning. In passing, also add inspection of the MultiByteToWideChar() return value and return failure in case an error is reported. Closes #3263 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-11-12nss: fix fallthrough comment to fix picky compiler warningDaniel Stenberg
2018-11-11docs: expanded on some CURLU detailsDaniel Stenberg
2018-11-09ftp: avoid two unsigned int overflows in FTP listing parserTim Rühsen
Curl_ftp_parselist: avoid unsigned integer overflows The overflow has no real world impact, just avoid it for "best practice". Closes #3225
2018-11-09curl: --local-port range was not "including"Daniel Stenberg
The end port number in a given range was not included in the range used, as it is documented to be. Reported-by: infinnovation-dev on github Fixes #3251 Closes #3255
2018-11-09openssl: support BoringSSL TLS renegotiationJérémy Rocher
As per BoringSSL porting documentation [1], BoringSSL rejects peer renegotiations by default. curl fails when trying to authenticate to server through client certificate if it is requested by server after the initial TLS handshake. Enable renegotiation by default with BoringSSL to get same behavior as with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2] which was introduced in commit 1d5ef3bb1eb9 [3]. 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86 Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com> Fixes #3258 Closes #3259
2018-11-09HISTORY: add some milestonesDaniel Stenberg
Added a few of the more notable milestones in curl history that were missing. Primarily more recent ones but I also noted some older that could be worth mentioning. [ci skip] Closes #3257
2018-11-09KNOWN_BUGS: add --proxy-any connection issueDaniel Gustafsson
Add the identified issue with --proxy-any and proxy servers which advertise authentication schemes other than the supported one. Closes #876 Closes #3250 Reported-by: NTMan on Github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-09setopt: add CURLOPT_CURLUJim Fuller
Allows an application to pass in a pre-parsed URL via a URL handle. Closes #3227
2018-11-09docs: ESCape "\n" codesGisle Vanem
Groff / Troff will display a: printaf("Errno: %ld\n", error); as: printf("Errno: %ld0, error); when a "\n" is not escaped. Use "\\n" instead. Closes #3246
2018-11-08curl: --local-port fix followupDaniel Stenberg
Regression by 52db54869e6. Reported-by: infinnovation-dev on github Fixes #3248 Closes #3249
2018-11-07More "\n" ESCapingGisle Vanem
2018-11-07RELEASE-NOTES: syncedDaniel Stenberg
2018-11-07curl: fix --local-port integer overflowDaniel Stenberg
The tool's local port command line range parser didn't check for integer overflows and could pass "weird" data to libcurl for this option. libcurl however, has a strict range check for the values so it rejects anything outside of the accepted range. Reported-by: Brian Carpenter Closes #3242
2018-11-07curl: correct the switch() logic in ourWriteOutDaniel Stenberg
Follow-up to e431daf013, as I did the wrong correction for a compiler warning. It should be a break and not a fall-through. Pointed-out-by: Frank Gevaerts
2018-11-07curl: add %{stderr} and %{stdout} for --write-outFrank Gevaerts
Closes #3115
2018-11-07winssl: be consistent in Schannel capitalizationDaniel Gustafsson
The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. Closes #3243 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-07TODO: Have the URL API offer IDN decodingDaniel Stenberg
Similar to how URL decoding/encoding is done, we could have URL functions to convert IDN host names to punycode. Suggested-by: Alexey Melnichuk Closes #3232
2018-11-07urlapi: only skip encoding the first '=' with APPENDQUERY setDaniel Stenberg
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip encoding the first to better allow "name=content" for any content. Reported-by: Alexey Melnichuk Fixes #3231 Closes #3231
2018-11-06url: a short host name + port is not a schemeDaniel Stenberg
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Also fixed test203 to use file_pwd to make it get the correct path on windows. Removed test 2070 since it was a duplicate of 203. Assisted-by: Marcel Raad Reported-by: Hagai Auro Fixes #3220 Fixes #3233 Closes #3223 Closes #3235
2018-11-06libcurl: stop reading from paused transfersSangamkar
In the transfer loop it would previously not acknwledge the pause bit and continue until drained or loop ended. Closes #3240
2018-11-06tool: add undocumented option --dump-module-paths for win32Jay Satiro
- Add an undocumented diagnostic option for Windows to show the full paths of all loaded modules regardless of whether or not libcurl initialization succeeds. This is needed so that in the CI we can get a list of all DLL dependencies after initialization (when they're most likely to have finished loading) and then package them as artifacts so that a functioning build can be downloaded. Also I imagine it may have some use as a diagnostic for help requests. Ref: https://github.com/curl/curl/pull/3103 Closes https://github.com/curl/curl/pull/3208
2018-11-06curl_multibyte: fix a malloc overcalculationJay Satiro
Prior to this change twice as many bytes as necessary were malloc'd when converting wchar to UTF8. To allay confusion in the future I also changed the variable name for the amount of bytes from len to bytes. Closes https://github.com/curl/curl/pull/3209
2018-11-05netrc: don't ignore the login name specified with "--user"Michael Kaufmann
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes #3213 Closes #3224
2018-11-05OS400: add URL API ccsid wrappers and sync ILE/RPG bindingsPatrick Monnerat
2018-11-05curl: fixed UTF-8 in current console code page (Windows)Yasuhiro Matsumoto
Fixes #3211 Fixes #3175 Closes #3212
2018-11-05TODO: 2.6 multi upkeepDaniel Stenberg
Closes #3199
2018-11-05unittest: make 1652 stable across collationsDaniel Gustafsson
The previous coding used a format string whose output depended on the current locale of the environment running the test. Since the gist of the test is to have a format string, with the actual formatting being less important, switch to a more stable formatstring with decimals. Reported-by: Marcel Raad Closes #3234 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-05Revert "url: a short host name + port is not a scheme"Daniel Stenberg
This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2. This commit caused test failures on appveyor/windows. Work on fixing them is in #3235.
2018-11-04symbols-in-versions: add missing CURLU_ symbolsDaniel Stenberg
...and fix symbol-scan.pl to also scan urlapi.h Reported-by: Alexey Melnichuk Fixes #3226 Closes #3230
2018-11-03infof: clearly indicate truncationDaniel Gustafsson
The internal buffer in infof() is limited to 2048 bytes of payload plus an additional byte for NULL termination. Servers with very long error messages can however cause truncation of the string, which currently isn't very clear, and leads to badly formatted output. This appends a "...\n" (or just "..." in case the format didn't with a newline char) marker to the end of the string to clearly show that it has been truncated. Also include a unittest covering infof() to try and catch any bugs introduced in this quite important function. Closes #3216 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-11-03tool_getparam: fix some commentsMichael Kaufmann
2018-11-03url: a short host name + port is not a schemeDaniel Stenberg
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Reported-by: Hagai Auro Fixes #3220 Closes #3223
2018-11-03URL: fix IPv6 numeral address parserDaniel Stenberg
Regression from 46e164069d1a52. Extended test 1560 to verify. Reported-by: tpaukrt on github Fixes #3218 Closes #3219
2018-11-02travis: remove curl before a normal buildDaniel Stenberg
on Linux. To make sure the test suite runs with its newly build tool and doesn't require an external one present. Bug: #3198 Closes #3200
2018-11-02mprintf: avoid unsigned integer overflow warningTim Rühsen
The overflow has no real world impact. Just avoid it for "best practice". Code change suggested by "The Infinnovation Team" and Daniel Stenberg. Closes #3184
2018-11-02Curl_follow: accept non-supported schemes for "fake" redirectsDaniel Stenberg
When not actually following the redirect and the target URL is only stored for later retrieval, curl always accepted "non-supported" schemes. This was a regression from 46e164069d1a5230. Reported-by: Brad King Fixes #3210 Closes #3215
2018-11-02openvms: fix example nameDaniel Gustafsson
Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to fix the typo in the name, but missed to update the OpenVMS package files which still looked for the old name. Closes #3217 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-11-01configure: show CFLAGS, LDFLAGS etc in summaryDaniel Stenberg
To make it easier to understand other people's and remote builds etc. Closes #3207
2018-11-01version: bump for next cycleDaniel Stenberg
2018-11-01axtls: removedDaniel Stenberg
As has been outlined in the DEPRECATE.md document, the axTLS code has been disabled for 6 months and is hereby removed. Use a better supported TLS library! Assisted-by: Daniel Gustafsson Closes #3194
2018-11-01schannel: make CURLOPT_CERTINFO support using Issuer chainmarcosdiazr
Closes #3197
2018-11-01travis: build with sanitize=address,undefined,signed-integer-overflowDaniel Stenberg
... using clang Closes #3190
2018-11-01schannel: use Curl_ prefix for global private symbolsDaniel Stenberg
Curl_verify_certificate() must use the Curl_ prefix since it is globally available in the lib and otherwise steps outside of our namespace! Closes #3201
2018-11-01tests: drop http_pipe.py script no longer usedKamil Dudka
It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135. Closes #3204
2018-10-31runtests: use the local curl for verifyingDaniel Stenberg
... revert the mistaken change brought in commit 8440616f53. Reported-by: Alessandro Ghedini Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html Closes #3198