aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-11-21openssl: support session resume with TLS 1.3Michael Kaufmann
Session resumption information is not available immediately after a TLS 1.3 handshake. The client must wait until the server has sent a session ticket. Use OpenSSL's "new session" callback to get the session information and put it into curl's session cache. For TLS 1.3 sessions, this callback will be invoked after the server has sent a session ticket. The "new session" callback is invoked only if OpenSSL's session cache is enabled, so enable it and use the "external storage" mode which lets curl manage the contents of the session cache. A pointer to the connection data and the sockindex are now saved as "SSL extra data" to make them available to the callback. This approach also works for old SSL/TLS versions and old OpenSSL versions. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Fixes #3202 Closes #3271
2018-11-21ssl: fix compilation with OpenSSL 0.9.7Michael Kaufmann
- ENGINE_cleanup() was used without including "openssl/engine.h" - enable engine support for OpenSSL 0.9.7 Closes #3266
2018-11-21openssl: disable TLS renegotiation with BoringSSLDaniel Stenberg
Since we're close to feature freeze, this change disables this feature with an #ifdef. Define ALLOW_RENEG at build-time to enable. This could be converted to a bit for CURLOPT_SSL_OPTIONS to let applications opt-in this. Concern-raised-by: David Benjamin Fixes #3283 Closes #3293
2018-11-20ares: remove fd from multi fd set when ares is about to close the fdRomain Fliedel
When using c-ares for asyn dns, the dns socket fd was silently closed by c-ares without curl being aware. curl would then 'realize' the fd has been removed at next call of Curl_resolver_getsock, and only then notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with CURL_POLL_REMOVE. At this point the fd is already closed. By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this patch allows curl to be notified that the fd is not longer needed for neither for write nor read. At this point by calling Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE before the fd is actually closed by ares. In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore since it does not allow passing a different sock_state_cb_data Closes #3238
2018-11-20examples/ephiperfifo: report error when epoll_ctl failsRomain Fliedel
2018-11-20ntlm: Remove redundant ifdef USE_OPENSSLpkubaj
lib/curl_ntlm.c had code that read as follows: #ifdef USE_OPENSSL # ifdef USE_OPENSSL # else # .. # endif #endif Remove the redundant USE_OPENSSL along with #else (it's not possible to reach it anyway). The removed construction is a leftover from when the SSLeay support was removed. Closes #3269 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-20ssl: replace all internal uses of CURLE_SSL_CACERTHan Han
Closes #3291
2018-11-19docs: add more description to unified ssl error codesHan Han
2018-11-19curle: move deprecated error code to ifndef blockHan Han
2018-11-19os400: add CURLOPT_CURLU to ILE/RPG binding.Patrick Monnerat
2018-11-19os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.Patrick Monnerat
2018-11-19os400: fix return type of curl_easy_pause() in ILE/RPG binding.Patrick Monnerat
2018-11-19RELEASE-NOTES: syncedDaniel Stenberg
2018-11-19impacket: add LICENSEDaniel Stenberg
The license for the impacket package was not in our tree. Imported now from upstream's https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE Reported-by: infinnovation-dev on github Fixes #3276 Closes #3277
2018-11-18tool_doswin: Fix uninitialized field warningDaniel Gustafsson
The partial struct initialization in 397664a065abffb7c3445ca9 caused a warning on uninitialized MODULEENTRY32 struct members: /src/tool_doswin.c:681:3: warning: missing initializer for field 'th32ModuleID' of 'MODULEENTRY32 {aka struct tagMODULEENTRY32}' [-Wmissing-field-initializers] This is sort of a bogus warning as the remaining members will be set to zero by the compiler, as all omitted members are. Nevertheless, remove the warning by omitting all members and setting the dwSize members explicitly. Closes #3254 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
2018-11-17openssl: Remove SSLEAY leftoversDaniel Gustafsson
Commit 709cf76f6bb7dbac deprecated USE_SSLEAY, as curl since long isn't compatible with the SSLeay library. This removes the few leftovers that were omitted in the less frequently used platform targets. Closes #3270 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-16http_negotiate: do not close connection until negotiation is completedElia Tufarolo
Fix HTTP POST using CURLAUTH_NEGOTIATE. Closes #3275
2018-11-16pop3: only do APOP with a valid timestampDaniel Stenberg
Brought-by: bobmitchell1956 on github Fixes #3278 Closes #3279
2018-11-16openssl: do not log excess "TLS app data" lines for TLS 1.3Peter Wu
The SSL_CTX_set_msg_callback callback is not just called for the Handshake or Alert protocols, but also for the raw record header (SSL3_RT_HEADER) and the decrypted inner record type (SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid excess debug spam when using `curl -v` against a TLSv1.3-enabled server: * TLSv1.3 (IN), TLS app data, [no content] (0): (Following this message, another callback for the decrypted handshake/alert messages will be be present anyway.) Closes https://github.com/curl/curl/pull/3281
2018-11-15tests: disable SO_EXCLUSIVEADDRUSE for stunnel on WindowsMarc Hoersken
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer, but does not work together with SO_REUSEADDR being on. The default changes were made with stunnel 5.34 and 5.35.
2018-11-13nss: remove version selecting dead codeKamil Dudka
Closes #3262
2018-11-13nss: set default max-tls to 1.3/1.2Daniel Stenberg
Fixes #3261
2018-11-13tool_cb_wrt: Silence function cast compiler warningDaniel Gustafsson
Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new compiler warning on Windows cross compilation with GCC. See below for an example of the warning from the autobuild logs (whitespace edited to fit): /src/tool_cb_wrt.c:175:9: warning: cast from function call of type 'intptr_t {aka long long int}' to non-matching type 'void *' [-Wbad-function-cast] (HANDLE) _get_osfhandle(fileno(outs->stream)), ^ Store the return value from _get_osfhandle() in an intermediate variable and cast the variable in WriteConsoleW() rather than the function call directly to avoid a compiler warning. In passing, also add inspection of the MultiByteToWideChar() return value and return failure in case an error is reported. Closes #3263 Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com> Reviewed-by: Viktor Szakats <commit@vszakats.net>
2018-11-12nss: fix fallthrough comment to fix picky compiler warningDaniel Stenberg
2018-11-11docs: expanded on some CURLU detailsDaniel Stenberg
2018-11-09ftp: avoid two unsigned int overflows in FTP listing parserTim Rühsen
Curl_ftp_parselist: avoid unsigned integer overflows The overflow has no real world impact, just avoid it for "best practice". Closes #3225
2018-11-09curl: --local-port range was not "including"Daniel Stenberg
The end port number in a given range was not included in the range used, as it is documented to be. Reported-by: infinnovation-dev on github Fixes #3251 Closes #3255
2018-11-09openssl: support BoringSSL TLS renegotiationJérémy Rocher
As per BoringSSL porting documentation [1], BoringSSL rejects peer renegotiations by default. curl fails when trying to authenticate to server through client certificate if it is requested by server after the initial TLS handshake. Enable renegotiation by default with BoringSSL to get same behavior as with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2] which was introduced in commit 1d5ef3bb1eb9 [3]. 1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation 2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482 3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86 Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com> Fixes #3258 Closes #3259
2018-11-09HISTORY: add some milestonesDaniel Stenberg
Added a few of the more notable milestones in curl history that were missing. Primarily more recent ones but I also noted some older that could be worth mentioning. [ci skip] Closes #3257
2018-11-09KNOWN_BUGS: add --proxy-any connection issueDaniel Gustafsson
Add the identified issue with --proxy-any and proxy servers which advertise authentication schemes other than the supported one. Closes #876 Closes #3250 Reported-by: NTMan on Github Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-09setopt: add CURLOPT_CURLUJim Fuller
Allows an application to pass in a pre-parsed URL via a URL handle. Closes #3227
2018-11-09docs: ESCape "\n" codesGisle Vanem
Groff / Troff will display a: printaf("Errno: %ld\n", error); as: printf("Errno: %ld0, error); when a "\n" is not escaped. Use "\\n" instead. Closes #3246
2018-11-08curl: --local-port fix followupDaniel Stenberg
Regression by 52db54869e6. Reported-by: infinnovation-dev on github Fixes #3248 Closes #3249
2018-11-07More "\n" ESCapingGisle Vanem
2018-11-07RELEASE-NOTES: syncedDaniel Stenberg
2018-11-07curl: fix --local-port integer overflowDaniel Stenberg
The tool's local port command line range parser didn't check for integer overflows and could pass "weird" data to libcurl for this option. libcurl however, has a strict range check for the values so it rejects anything outside of the accepted range. Reported-by: Brian Carpenter Closes #3242
2018-11-07curl: correct the switch() logic in ourWriteOutDaniel Stenberg
Follow-up to e431daf013, as I did the wrong correction for a compiler warning. It should be a break and not a fall-through. Pointed-out-by: Frank Gevaerts
2018-11-07curl: add %{stderr} and %{stdout} for --write-outFrank Gevaerts
Closes #3115
2018-11-07winssl: be consistent in Schannel capitalizationDaniel Gustafsson
The productname from Microsoft is "Schannel", but in infof/failf reporting we use "schannel". This removes different versions. Closes #3243 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-11-07TODO: Have the URL API offer IDN decodingDaniel Stenberg
Similar to how URL decoding/encoding is done, we could have URL functions to convert IDN host names to punycode. Suggested-by: Alexey Melnichuk Closes #3232
2018-11-07urlapi: only skip encoding the first '=' with APPENDQUERY setDaniel Stenberg
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip encoding the first to better allow "name=content" for any content. Reported-by: Alexey Melnichuk Fixes #3231 Closes #3231
2018-11-06url: a short host name + port is not a schemeDaniel Stenberg
The function identifying a leading "scheme" part of the URL considered a few letters ending with a colon to be a scheme, making something like "short:80" to become an unknown scheme instead of a short host name and a port number. Extended test 1560 to verify. Also fixed test203 to use file_pwd to make it get the correct path on windows. Removed test 2070 since it was a duplicate of 203. Assisted-by: Marcel Raad Reported-by: Hagai Auro Fixes #3220 Fixes #3233 Closes #3223 Closes #3235
2018-11-06libcurl: stop reading from paused transfersSangamkar
In the transfer loop it would previously not acknwledge the pause bit and continue until drained or loop ended. Closes #3240
2018-11-06tool: add undocumented option --dump-module-paths for win32Jay Satiro
- Add an undocumented diagnostic option for Windows to show the full paths of all loaded modules regardless of whether or not libcurl initialization succeeds. This is needed so that in the CI we can get a list of all DLL dependencies after initialization (when they're most likely to have finished loading) and then package them as artifacts so that a functioning build can be downloaded. Also I imagine it may have some use as a diagnostic for help requests. Ref: https://github.com/curl/curl/pull/3103 Closes https://github.com/curl/curl/pull/3208
2018-11-06curl_multibyte: fix a malloc overcalculationJay Satiro
Prior to this change twice as many bytes as necessary were malloc'd when converting wchar to UTF8. To allay confusion in the future I also changed the variable name for the amount of bytes from len to bytes. Closes https://github.com/curl/curl/pull/3209
2018-11-05netrc: don't ignore the login name specified with "--user"Michael Kaufmann
- for "--netrc", don't ignore the login/password specified with "--user", only ignore the login/password in the URL. This restores the netrc behaviour of curl 7.61.1 and earlier. - fix the documentation of CURL_NETRC_REQUIRED - improve the detection of login/password changes when reading .netrc - don't read .netrc if both login and password are already set Fixes #3213 Closes #3224
2018-11-05OS400: add URL API ccsid wrappers and sync ILE/RPG bindingsPatrick Monnerat
2018-11-05curl: fixed UTF-8 in current console code page (Windows)Yasuhiro Matsumoto
Fixes #3211 Fixes #3175 Closes #3212
2018-11-05TODO: 2.6 multi upkeepDaniel Stenberg
Closes #3199
2018-11-05unittest: make 1652 stable across collationsDaniel Gustafsson
The previous coding used a format string whose output depended on the current locale of the environment running the test. Since the gist of the test is to have a format string, with the actual formatting being less important, switch to a more stable formatstring with decimals. Reported-by: Marcel Raad Closes #3234 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>