aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-02-28Curl_easy: remove req.maxfd - never used!Daniel Stenberg
Introduced in 8b6314ccfb, but not used anymore in current code. Unclear since when. Closes #3626
2019-02-28http: set state.infilesize when sending formpostsDaniel Stenberg
Without it set, we would unwillingly triger the "HTTP error before end of send, stop sending" condition even if the entire POST body had been sent (since it wouldn't know the expected size) which would unnecessarily log that message and close the connection when it didn't have to. Reported-by: Matt McClure Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html Closes #3624
2019-02-28INSTALL: refer to the current TLS library names and configure optionsDaniel Stenberg
2019-02-28FAQ: minor updates and spelling fixesDaniel Stenberg
2019-02-28GOVERNANCE.md: minor spelling fixesDaniel Stenberg
2019-02-28Secure Transport: no more "darwinssl"Daniel Stenberg
Everyone calls it Secure Transport, now we do too. Reviewed-by: Nick Zitzmann Closes #3619
2019-02-27AppVeyor: add classic MinGW buildMarcel Raad
But use the MSYS2 shell rather than the default MSYS shell because of POSIX path conversion issues. Classic MinGW is only available on the Visual Studio 2015 image. Closes https://github.com/curl/curl/pull/3623
2019-02-27AppVeyor: add MinGW-w64 buildMarcel Raad
Add a MinGW-w64 build using CMake's MSYS Makefiles generator. Use the Visual Studio 2015 image as it has GCC 8, while the Visual Studio 2017 image only has GCC 7.2. Closes https://github.com/curl/curl/pull/3623
2019-02-27cookies: only save the cookie file if the engine is enabledDaniel Stenberg
Follow-up to 8eddb8f4259. If the cookieinfo pointer is NULL there really is nothing to save. Without this fix, we got a problem when a handle was using shared object with cookies and is told to "FLUSH" it to file (which worked) and then the share object was removed and when the easy handle was closed just afterwards it has no cookieinfo and no cookies so it decided to save an empty jar (overwriting the file just flushed). Test 1905 now verifies that this works. Assisted-by: Michael Wallner Assisted-by: Marcel Raad Closes #3621
2019-02-27cacertinmem.c: use multiple certificates for loading CA-chainDaVieS
Closes #3421
2019-02-27urldata: convert bools to bitfields and move to endDaniel Stenberg
This allows the compiler to pack and align the structs better in memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. Removed an unused struct field. No functionality changes. Closes #3610
2019-02-27curl.h: use __has_declspec_attribute for shared buildsDon J Olmstead
Closes #3616
2019-02-27curl: display --version features sorted alphabeticallyDaniel Stenberg
Closes #3611
2019-02-26runtests: detect "schannel" as an alias for "winssl"Daniel Stenberg
Follow-up to 180501cb02 Reported-by: Marcel Raad Fixes #3609 Closes #3620
2019-02-26AppVeyor: update to Visual Studio 2017Marcel Raad
Switch all Visual Studio 2015 builds to Visual Studio 2017. It's not a moving target anymore as the last update, Update 9, has been released. Closes https://github.com/curl/curl/pull/3606
2019-02-26AppVeyor: switch VS 2015 builds to VS 2017 imageMarcel Raad
The Visual Studio 2017 image has Visual Studio 2015 and 2017 installed. Closes https://github.com/curl/curl/pull/3606
2019-02-26AppVeyor: explicitly select worker imageMarcel Raad
Currently, we're using the default Visual Studio 2015 image for everything. Closes https://github.com/curl/curl/pull/3606
2019-02-26strerror: make the strerror function use local buffersDaniel Stenberg
Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata struct by 11.8%, from 2160 to 1904 bytes with no functionality or performance loss. This also fixes a bug in schannel's Curl_verify_certificate where it called Curl_sspi_strerror when it should have called Curl_strerror for string from GetLastError. the only effect would have been no text or the wrong text being shown for the error. Co-authored-by: Jay Satiro Closes #3612
2019-02-26cookies: fix NULL dereference if flushing cookies with no CookieInfo setMichael Wallner
Regression brought by a52e46f3900fb0 (shipped in 7.63.0) Closes #3613
2019-02-26AppVeyor: re-enable test 500Marcel Raad
It's passing now. Closes https://github.com/curl/curl/pull/3615
2019-02-26AppVeyor: remove redundant buildsMarcel Raad
Remove the Visual Studio 2012 and 2013 builds as they add little value. Ref: https://github.com/curl/curl/pull/3606 Closes https://github.com/curl/curl/pull/3614
2019-02-25RELEASE-NOTES: syncedDaniel Stenberg
2019-02-25OpenSSL: add support for TLS ASYNC stateBernd Mueller
Closes #3591
2019-02-25acinclude: add additional libraries to check for LDAP supportMichael Felt
- Add an additional check for LDAP that also checks for OpenSSL since on AIX those libraries may be required to link LDAP properly. Fixes https://github.com/curl/curl/issues/3595 Closes https://github.com/curl/curl/pull/3596
2019-02-25schannel: support CALG_ECDH_EPHEM algorithmgeorgeok
Add support for Ephemeral elliptic curve Diffie-Hellman key exchange algorithm option when selecting ciphers. This became available on the Win10 SDK. Closes https://github.com/curl/curl/pull/3608
2019-02-24multi: call multi_done on connect timeoutsDaniel Stenberg
Failing to do so would make the CURLINFO_TOTAL_TIME timeout to not get updated correctly and could end up getting reported to the application completely wrong (way too small). Reported-by: accountantM on github Fixes #3602 Closes #3605
2019-02-23examples: remove recursive calls to curl_multi_socket_actionDaniel Stenberg
From within the timer callbacks. Recursive is problematic for several reasons. They should still work, but this way the examples and the documentation becomes simpler. I don't think we need to encourage recursive calls. Discussed in #3537 Closes #3601
2019-02-23configure: remove CURL_CHECK_FUNC_FDOPEN callMarcel Raad
The macro itself has been removed in commit 11974ac859c5d82def59e837e0db56fef7f6794e. Closes https://github.com/curl/curl/pull/3604
2019-02-23wolfssl: stop custom-adding curvesDaniel Stenberg
since wolfSSL PR https://github.com/wolfSSL/wolfssl/pull/717 (shipped in wolfSSL 3.10.2 and later) it sends these curves by default already. Pointed-out-by: David Garske Closes #3599
2019-02-22configure: remove the unused fdopen macroDaniel Stenberg
and the two remaining #ifdefs for it Closes #3600
2019-02-22url: change conn shutdown order to unlink data as last stepJay Satiro
- Split off connection shutdown procedure from Curl_disconnect into new function conn_shutdown. - Change the shutdown procedure to close the sockets before disassociating the transfer. Prior to this change the sockets were closed after disassociating the transfer so SOCKETFUNCTION wasn't called since the transfer was already disassociated. That likely came about from recent work started in Jan 2019 (#3442) to separate transfers from connections. Bug: https://curl.haxx.se/mail/lib-2019-02/0101.html Reported-by: Pavel Löbl Closes https://github.com/curl/curl/issues/3597 Closes https://github.com/curl/curl/pull/3598
2019-02-22Fix strict-prototypes GCC warningMarcel Raad
As seen in the MinGW autobuilds. Caused by commit f26bc29cfec0be84c67cf74065cf8e5e78fd68b7.
2019-02-21tests: Fixed XML validation errors in some test files.Dan Fandrich
2019-02-20TODO: Allow SAN names in HTTP/2 server pushDaniel Stenberg
Suggested-by: Nicolas Grekas
2019-02-20RELEASE-NOTES: syncedDaniel Stenberg
2019-02-20curl: remove MANUAL from -M outputDaniel Stenberg
... and remove it from the dist tarball. It has served its time, it barely gets updated anymore and "everything curl" is now convering all this document once tried to include, and does it more and better. In the compressed scenario, this removes ~15K data from the binary, which is 25% of the -M output. It remains in the git repo for now for as long as the web site builds a page using that as source. It renders poorly on the site (especially for mobile users) so its not even good there. Closes #3587
2019-02-20http2: verify :athority in push promise requestsDaniel Stenberg
RFC 7540 says we should verify that the push is for an "authoritative" server. We make sure of this by only allowing push with an :athority header that matches the host that was asked for in the URL. Fixes #3577 Reported-by: Nicolas Grekas Bug: https://curl.haxx.se/mail/lib-2019-02/0057.html Closes #3581
2019-02-20singlesocket: fix the 'sincebefore' placementDaniel Stenberg
The variable wasn't properly reset within the loop and thus could remain set for sockets that hadn't been set before and miss notifying the app. This is a follow-up to 4c35574 (shipped in curl 7.64.0) Reported-by: buzo-ffm on github Detected-by: Jan Alexander Steffens Fixes #3585 Closes #3589
2019-02-19connection: never reuse CONNECT_ONLY conectionsDaniel Stenberg
and make CONNECT_ONLY conections never reuse any existing ones either. Reported-by: Pavel Löbl Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html Closes #3586
2019-02-19cli tool: fix mime post with --disable-libcurl-option configure optionPatrick Monnerat
Reported-by: Marcel Raad Fixes #3576 Closes #3583
2019-02-19x509asn1: cleanup and unify code layoutDaniel Stenberg
- rename 'n' to buflen in functions, and use size_t for them. Don't pass in negative buffer lengths. - move most function comments to above the function starts like we use to - remove several unnecessary typecasts (especially of NULL) Reviewed-by: Patrick Monnerat Closes #3582
2019-02-19curl_multi_remove_handle.3: use at any time, just not from within callbacksDaniel Stenberg
[ci skip]
2019-02-19http: make adding a blank header thread-safeDaniel Stenberg
Previously the function would edit the provided header in-place when a semicolon is used to signify an empty header. This made it impossible to use the same set of custom headers in multiple threads simultaneously. This approach now makes a local copy when it needs to edit the string. Reported-by: d912e3 on github Fixes #3578 Closes #3579
2019-02-19unit1651: survive curl_easy_init() failsDaniel Stenberg
2019-02-18rand: Fix a mismatch between comments in source and header.Frank Gevaerts
Reported-by: Björn Stenberg <bjorn@haxx.se> Closes #3584
2019-02-18x509asn1: replace single char with an arrayPatrick Monnerat
Although safe in this context, using a single char as an array may cause invalid accesses to adjacent memory locations. Detected by Coverity.
2019-02-18examples/http2-serverpush: add some sensible error checksDaniel Stenberg
To avoid NULL pointer dereferences etc in the case of problems. Closes #3580
2019-02-18easy: fix win32 init to work without CURL_GLOBAL_WIN32Jay Satiro
- Change the behavior of win32_init so that the required initialization procedures are not affected by CURL_GLOBAL_WIN32 flag. libcurl via curl_global_init supports initializing for win32 with an optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop Winsock initialization. It did so internally by skipping win32_init() when that flag was set. Since then win32_init() has been expanded to include required initialization routines that are separate from Winsock and therefore must be called in all cases. This commit fixes it so that CURL_GLOBAL_WIN32 only controls the optional win32 initialization (which is Winsock initialization, according to our doc). The only users affected by this change are those that don't pass CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the risk of a potential crash. Ref: https://github.com/curl/curl/pull/3573 Fixes https://github.com/curl/curl/issues/3313 Closes https://github.com/curl/curl/pull/3575
2019-02-17cookie: Add support for cookie prefixesDaniel Gustafsson
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-16mbedtls: release sessionid resources on errorDaniel Gustafsson
If mbedtls_ssl_get_session() fails, it may still have allocated memory that needs to be freed to avoid leaking. Call the library API function to release session resources on this errorpath as well as on Curl_ssl_addsessionid() errors. Closes: #3574 Reported-by: Michał Antoniak <M.Antoniak@posnet.com> Reviewed-by: Daniel Stenberg <daniel@haxx.se>