aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-08-28http2: return CURLE_HTTP2_STREAM for unexpected stream closeDaniel Stenberg
Follow-up to c3e906e9cd0f, seems like a more appropriate error code Suggested-by: Jay Satiro
2016-08-28http2: handle closed streams when uploadingTatsuhiro Tsujikawa
Fixes #986
2016-08-28http2: make sure stream errors don't needlessly close the connectionDaniel Stenberg
With HTTP/2 each transfer is made in an indivial logical stream over the connection, making most previous errors that caused the connection to get forced-closed now instead just kill the stream and not the connection. Fixes #941
2016-08-27Curl_verify_windows_version: minor edit to avoid compiler warningsDaniel Stenberg
... instead of if() before the switch(), add a default to the switch so that the compilers don't warn on "warning: enumeration value 'PLATFORM_DONT_CARE' not handled in switch" anymore.
2016-08-27RELEASE-NOTES: Added missing fix from commit 15592143fSteve Holme
2016-08-26schannel: Disable ALPN for Wine since it is causing problemsJay Satiro
- Disable ALPN on Wine. - Don't pass input secbuffer when ALPN is disabled. When ALPN support was added a change was made to pass an input secbuffer to initialize the context. When ALPN is enabled the buffer contains the ALPN information, and when it's disabled the buffer is empty. In either case this input buffer caused problems with Wine and connections would not complete. Bug: https://github.com/curl/curl/issues/983 Reported-by: Christian Fillion
2016-08-26nss: work around race condition in PK11_FindSlotByName()Peter Wang
Serialise the call to PK11_FindSlotByName() to avoid spurious errors in a multi-threaded environment. The underlying cause is a race condition in nssSlot_IsTokenPresent(). Bug: https://bugzilla.mozilla.org/1297397 Closes #985
2016-08-26nss: refuse previously loaded certificate from fileKamil Dudka
... when we are not asked to use a certificate from file
2016-08-26ftp_done: remove dead codeDaniel Stenberg
2016-08-26TLS: random file/egd doesn't have to match for conn reuseDaniel Stenberg
2016-08-26test161: add comment for the exit codeDaniel Stenberg
2016-08-26test219: Add http as a required featureDan Fandrich
2016-08-25HTTP: stop parsing headers when switching to unknown protocolsMichael Kaufmann
- unknown protocols probably won't send more headers (e.g. WebSocket) - improved comments and moved them to the correct case statements Closes #899
2016-08-25openssl: make build with 1.1.0 againDaniel Stenberg
synced with OpenSSL git master commit cc06906707
2016-08-25INTERNALS: fix titleDaniel Stenberg
2016-08-25configure: detect zlib with our pkg-config macrosDaniel Stenberg
... instead of relying on the pkg-config autoconf macros to be present. Fixes #972 (again...)
2016-08-25http2: Remove incorrect commentsJay Satiro
.. also remove same from scp
2016-08-23ftp: fix wrong poll on the secondary socketAles Novak
When we're uploading using FTP and the server issues a tiny pause between opening the connection to the client's secondary socket, the client's initial poll() times out, which leads to second poll() which does not wait for POLLIN on the secondary socket. So that poll() also has to time out, creating a long (200ms) pause. This patch adds the correct flag to the secondary socket, making the second poll() correctly wait for the connection there too. Signed-off-by: Ales Novak <alnovak@suse.cz> Closes #978
2016-08-22RELEASE-NOTES: synced with 95ded2c56Daniel Stenberg
2016-08-21configure: make it work without PKG_CHECK_MODULESDaniel Stenberg
With commit c2f9b78 we added a new dependency on pkg-config for developers which may be unwanted. This change make the configure script still work as before if pkg-config isn't installed, it'll just use the old zlib detection logic without pkg-config. Reported-by: Marc Hörsken Fixes #972
2016-08-21Revert "KNOWN_BUGS: SOCKS proxy not working via IPv6"Marc Hoersken
This reverts commit 9cb1059f92286a6eb5d28c477fdd3f26aed1d554. As discussed in #835 SOCKS5 supports IPv6 proxies and destinations.
2016-08-21win: Basic support for Universal Windows Platform appsMarco Deckel
Closes #820
2016-08-21sasl: Don't use GSSAPI authentication when domain name not specifiedSteve Holme
Only choose the GSSAPI authentication mechanism when the user name contains a Windows domain name or the user is a valid UPN. Fixes #718
2016-08-21vauth: Added check for supported SSPI based authentication mechanismsSteve Holme
Completing commit 00417fd66c and 2708d4259b.
2016-08-21http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) checkSteve Holme
From commit 2708d4259b.
2016-08-20socks.c: display the hostname returned by the SOCKS5 proxy serverMarc Hoersken
Instead of displaying the requested hostname the one returned by the SOCKS5 proxy server is used in case of connection error. The requested hostname is displayed earlier in the connection sequence. The upper-value of the port is moved to a temporary variable and replaced with a 0-byte to make sure the hostname is 0-terminated.
2016-08-20urldata.h: Corrected comment for httpcode which is also populated by SMTPSteve Holme
As of 7.25.0 and commit 5430007222.
2016-08-20socks.c: use Curl_printable_address in SOCKS5 connection sequenceMarc Hoersken
Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
2016-08-20socks.c: align SOCKS4 connection sequence with SOCKS5Marc Hoersken
Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
2016-08-20http.c: Corrected indentation change from commit 2708d4259bSteve Holme
Made by Visual Studio's auto-correct feature and missed by me in my own code reviews!
2016-08-20http: Added calls to Curl_auth_is_<mechansism>_supported()Steve Holme
Hooked up the HTTP authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. As per commit 00417fd66c existing functionality is maintained for now.
2016-08-20socks.c: improve verbose output of SOCKS5 connection sequenceMarc Hoersken
2016-08-20configure.ac: add missing quotes to PKG_CHECK_MODULESMarc Hoersken
2016-08-20sasl: Added calls to Curl_auth_is_<mechansism>_supported()Steve Holme
Hooked up the SASL authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. For now existing functionality is maintained.
2016-08-19spnego_sspi: fix memory leak in case *outlen is zero (#970)Miroslav Franc
2016-08-19CURLMOPT_MAX_TOTAL_CONNECTIONS.3: mention it can also multiplexDaniel Stenberg
2016-08-18vauth: Introduced Curl_auth_is_<mechansism>_supported() functionsSteve Holme
As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
2016-08-18test1144: verify HEAD with body-only responseDaniel Stenberg
2016-08-17RELEASE-PROCEDURE: Added some more future release datesSteve Holme
...and removed some old ones
2016-08-17curl: allow "pkcs11:" prefix for client certificatesDavid Woodhouse
RFC7512 provides a standard method to reference certificates in PKCS#11 tokens, by means of a URI starting 'pkcs11:'. We're working on fixing various applications so that whenever they would have been able to use certificates from a file, users can simply insert a PKCS#11 URI instead and expect it to work. This expectation is now a part of the Fedora packaging guidelines, for example. This doesn't work with cURL because of the way that the colon is used to separate the certificate argument from the passphrase. So instead of curl -E 'pkcs11:manufacturer=piv_II;id=%01' … I instead need to invoke cURL with the colon escaped, like this: curl -E 'pkcs11\:manufacturer=piv_II;id=%01' … This is suboptimal because we want *consistency* — the URI should be usable in place of a filename anywhere, without having strange differences for different applications. This patch therefore disables the processing in parse_cert_parameter() when the string starts with 'pkcs11:'. It means you can't pass a passphrase with an unescaped PKCS#11 URI, but there's no need to do so because RFC7512 allows a PIN to be given as a 'pin-value' attribute in the URI itself. Also, if users are already using RFC7512 URIs with the colon escaped as in the above example — even providing a passphrase for cURL to handling instead of using a pin-value attribute, that will continue to work because their string will start 'pkcs11\:' and won't match the check. What *does* break with this patch is the extremely unlikely case that a user has a file which is in the local directory and literally named just "pkcs11", and they have a passphrase on it. If that ever happened, the user would need to refer to it as './pkcs11:<passphrase>' instead.
2016-08-17nss: make the global variables staticDaniel Stenberg
2016-08-16openssl: use regular malloc instead of OPENSSL_mallocDaniel Stenberg
This allows for better memmory debugging and torture tests.
2016-08-16proxy: fix tests as follow-up to 93b0d907d5Daniel Stenberg
This fixes tests that were added after 113f04e664b as the tests would fail otherwise. We bring back "Proxy-Connection: Keep-Alive" now unconditionally to fix regressions with old and stupid proxies, but we could possibly switch to using it only for CONNECT or only for NTLM in a future if we want to gradually reduce it. Fixes #954 Reported-by: János Fekete
2016-08-16Revert "Proxy-Connection: stop sending this header by default"Daniel Stenberg
This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
2016-08-15CURLOPT_PROXY.3: unsupported schemes cause errors nowDaniel Stenberg
Follow-up to a96319ebb9 (document the new behavior)
2016-08-15tests/README: mention nghttpx for HTTP/2 testsDaniel Stenberg
2016-08-15README.md: add our CII Best Practices badgeDaniel Stenberg
2016-08-15proxy: polished the error message for unsupported schemesDaniel Stenberg
Follow up to a96319ebb93
2016-08-15test219: verify unsupported scheme for proxies get rejectedDaniel Stenberg
2016-08-15proxy: reject attempts to use unsupported proxy schemesDaniel Stenberg
I discovered some people have been using "https://example.com" style strings as proxy and it "works" (curl doesn't complain) because curl ignores unknown schemes and then assumes plain HTTP instead. I think this misleads users into believing curl uses HTTPS to proxies when it doesn't. Now curl rejects proxy strings using unsupported schemes instead of just ignoring and defaulting to HTTP.