aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2015-03-14hostip: Fix signal race in Curl_resolv_timeout.Tobias Stoeckmann
A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is configured to interrupt system calls and uses siglongjmp to return into the function if alarm() goes off. The signal handler is installed before curl_jmpenv is initialized. This means that an already installed alarm timer could trigger the newly installed signal handler, leading to undefined behavior when it accesses the uninitialized curl_jmpenv. Even if there is no previously installed alarm available, the code in Curl_resolv_timeout itself installs an alarm before the environment is fully set up. If the process is sent into suspend right after that, the signal handler could be called too early as in previous scenario. To fix this, the signal handler should only be installed and the alarm timer only be set after sigsetjmp has been called.
2015-03-14http2: detect prematures close without data transferedDaniel Stenberg
... by using the regular Curl_http_done() method which checks for that. This makes test 1801 fail consistently with error 56 (which seems fine) to that test is also updated here. Reported-by: Ben Darnell Bug: https://github.com/bagder/curl/issues/166
2015-03-13test320: Expect the Host header to be the first headerDan Fandrich
Required for the test to work after a5d994941c2b.
2015-03-12RELEASE-NOTES: synced with 186e46d88ddDaniel Stenberg
2015-03-12openssl: use colons properly in the ciphers listDaniel Stenberg
While the previous string worked, this is the documented format. Reported-by: Richard Moore
2015-03-12openssl: sort the ciphers on strengthDaniel Stenberg
This makes curl pick better (stronger) ciphers by default. The strongest available ciphers are fine according to the HTTP/2 spec so an OpenSSL built curl is no longer rejected by string HTTP/2 servers. Bug: http://curl.haxx.se/bug/view.cgi?id=1487
2015-03-12test203[0-3]: Expect the Host header to be the first headerFabian Keil
Required for the tests to work after a5d994941c2b.
2015-03-12openssl: show the cipher selection to useDaniel Stenberg
2015-03-12http: always send Host: header as first headerDaniel Stenberg
...after the method line: "Since the Host field-value is critical information for handling a request, a user agent SHOULD generate Host as the first header field following the request-line." / RFC 7230 section 5.4 Additionally, this will also make libcurl ignore multiple specified custom Host: headers and only use the first one. Test 1121 has been updated accordingly Bug: http://curl.haxx.se/bug/view.cgi?id=1491 Reported-by: Rainer Canavan
2015-03-11mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q".Alexander Pepper
Also unified printing to STDERR by creating the helper method "report".
2015-03-11proxy: re-use proxy connections (regression)Daniel Stenberg
When checking for a connection to re-use, a proxy-using request must check for and use a proxy connection and not one based on the host name! Added test 1421 to verify Bug: http://curl.haxx.se/bug/view.cgi?id=1492
2015-03-10memanalyze.pl: handle free(NULL)Jay Satiro
2015-03-10.travis.yml: Change CI make test to make test-fullJay Satiro
- Change the continuous integration script to use 'make test-full' instead of just 'make test' so that the diagnostic log output is printed to stdout when a test fails. - Change the continuous integration script to use './configure --enable-debug' instead of just './configure' so that the memory analyzer will work during testing. Prior to this change Travis used its default C test script: ./configure && make && make test
2015-03-10gtls: correctly align certificate status verification messagesAlessandro Ghedini
2015-03-10gtls: don't print double newline after certificate datesAlessandro Ghedini
2015-03-10gtls: print negotiated TLS version and full cipher suite nameAlessandro Ghedini
Instead of priting cipher and MAC algorithms names separately, print the whole cipher suite string which also includes the key exchange algorithm, along with the negotiated TLS version.
2015-03-10gtls: fix compiler warningsDaniel Stenberg
2015-03-10gtls: add support for CURLOPT_CAPATHAlessandro Ghedini
2015-03-09MacOSX-Framework: use @rpath instead of @executable_pathstopiccot
Bug: https://github.com/bagder/curl/pull/157
2015-03-09RELEASE-NOTES: synced with c19349951Daniel Stenberg
2015-03-07multi: fix *getsock() with CONNECTDaniel Stenberg
The code used some happy eyeballs logic even _after_ CONNECT has been sent to a proxy, while the happy eyeball phase is already (should be) over by then. This is solved by splitting the multi state into two separate states introducing the new SENDPROTOCONNECT state. Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html Reported-by: Peter Laser
2015-03-07conncontrol: only log changes to the connection bitDaniel Stenberg
2015-03-07http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*Daniel Stenberg
Since they already exist and will make comparing easier
2015-03-07http2: make the info-message about receiving HTTP2 headers debug-onlyDaniel Stenberg
2015-03-07urldata: remove unused asked_for_h2 fieldAlessandro Ghedini
2015-03-07polarssl: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-07nss: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-07gtls: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-07openssl: make it possible to enable ALPN/NPN without HTTP2Alessandro Ghedini
2015-03-06metalink: add some error checksDaniel Stenberg
malloc() and strdup() calls without checking return codes. Reported-by: Markus Elfring Bug: https://github.com/bagder/curl/issues/150
2015-03-06curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUSDaniel Stenberg
Reported-by: Jonathan Cardoso
2015-03-06urldata: fix gnutls buildDaniel Stenberg
2015-03-05openssl: Removed use of USE_SSLEAY from the Visual Studio project filesSteve Holme
In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor variable from the Visual Studio project files as it isn't required anymore.
2015-03-05multi: fix memory-leak on timeout (regression)Daniel Stenberg
Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't necesarily clear everything up, like formpost data. Bug: https://github.com/bagder/curl/issues/147 Reported-by: Michel Promonet Patched-by: Michel Promonet
2015-03-05configure: follow-up fix from 709cf76f6Daniel Stenberg
OpenSSL handling was a little broken.
2015-03-05openssl: remove all uses of USE_SSLEAYDaniel Stenberg
SSLeay was the name of the library that was subsequently turned into OpenSSL many moons ago (1999). curl does not work with the old SSLeay library since years. This is now reflected by only using USE_OPENSSL in code that depends on OpenSSL.
2015-03-05cmake: handle build definitions CURLDEBUG/DEBUGBUILDSergei Nikulov
Acked-by: Brad King
2015-03-04FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request?Daniel Stenberg
2015-03-04symbols.pl: handle '-' in the deprecated fieldDaniel Stenberg
... which otherwise made the script skip the _LAST define for some symbols. Reported-by: Jeroen Ooms Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html
2015-03-04curl.1: fix "The the" typoDaniel Stenberg
Reported-by: Jon Seymour
2015-03-03vtls: use curl_printf.h all overDaniel Stenberg
No need to use _MPRINTF_REPLACE internally.
2015-03-03tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACEDaniel Stenberg
2015-03-03tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't usedDaniel Stenberg
2015-03-03libtest: fixed linker errors on msvcSergei Nikulov
Bug: https://github.com/bagder/curl/pull/144
2015-03-03mprintf.h: remove #ifdef CURLDEBUGDaniel Stenberg
... and as a consequence, introduce curl_printf.h with that re-define magic instead and make all libcurl code use that instead.
2015-03-03tool_getpass: remove unused curl/mprintf.h includeDaniel Stenberg
2015-03-03CONTRIBUTING.md: file for advice on githubDaniel Stenberg
2015-03-02BINDINGS: add link to Harbour bindingsViktor Szakáts
And UTF8-fix a few names
2015-03-02CURLOPT_HEADERFUNCTION.3: typo in error code nameDaniel Stenberg
Reported-by: Jonathan Cardoso
2015-03-02BINDINGS: tclcurl movedDaniel Stenberg
Reporte-by: Steve Havelka