Age | Commit message (Collapse) | Author |
|
This change replaces RFC 2818 based hostname check in OpenSSL build with
RFC 6125 [1] based one.
The hostname check in RFC 2818 is ambiguous and each project implements
it in the their own way and they are slightly different. I check curl,
gnutls, Firefox and Chrome and they are all different.
I don't think there is a bug in current implementation of hostname
check. But it is not as strict as the modern browsers do. Currently,
curl allows multiple wildcard character '*' and it matches '.'. (as
described in the comment in ssluse.c).
Firefox implementation is also based on RFC 2818 but it only allows at
most one wildcard character and it must be in the left-most label in the
pattern and the wildcard must not be followed by any character in the
label.[2] Chromium implementation is based on RFC 6125 as my patch does.
Firefox and Chromium both require wildcard in the left-most label in the
presented identifier.
This patch is more strict than the current implementation, so there may
be some cases where old curl works but new one does not. But at the same
time I think it is good practice to follow the modern browsers do and
follow the newer RFC.
[1] http://tools.ietf.org/html/rfc6125#section-6.4.3
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
|
|
With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
download size was known (like with a Content-Length header), but the
subsequent URL (transfered after the 3xx page) was chunked encoded, then
the previous "known download size" would linger and cause the progress
meter to get incorrect information, ie the former value would remain
being sent in. This could easily result in downloads that were WAY
larger than "expected" and would cause >100% outputs with the curl
command line tool.
Test case 599 was created and it was used to repeat the bug and then
verify the fix.
Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
Reported by: Michael Wallner
|
|
|
|
Replaced the hard coded md5 digest length (16) with a preprocessor
constant
|
|
It is now possible to calculate the md5 sum as the stream of buffers
becomes known where as previously it was only possible to calculate the
md5 sum of a pre-prepared buffer.
|
|
This reverts commit 9f0e1689f169b83b8fbdae23e0024cc57dcbc770.
It turned out that "improvement" instead made the fetching of the
certificates unreliable
Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
|
|
|
|
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
|
|
bug: http://curl.haxx.se/mail/lib-2012-03/0278.html
|
|
bug: http://curl.haxx.se/mail/lib-2012-03/0255.html
|
|
|
|
Take in account that h_errno might be a modifiable lvalue not defined as
a C preprocessor macro
|
|
|
|
curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0
bug: http://curl.haxx.se/bug/view.cgi?id=3511794
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
|
|
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
|
|
Moved the server greeting response handling code from the statemach_act
functions to separate response functions. This makes the code simpler
to follow and provides consistency with the other responses that are
handled here.
|
|
Body data would be forwarded to the client application in both the RETR
and LIST commands even if CURLOPT_NOBODY was specified.
|
|
Original wording could lead users in thinking it tries to
somehow parse the filename for a date expression (like
news_2012_03_05.html). It never mentions that it actually
reads the mtime of the file in filesystem.
|
|
|
|
|
|
|
|
This allows building of libcurl on DOS using DJGPP 2.04 and Watt-32
sockets. I know there's already Makefile.djgpp, but I find this more
convenient since I'm used to using the ./configure script from other
platforms
|
|
|
|
|
|
|
|
|
|
|
|
The commit e650dbde86d4 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.
|
|
|
|
|
|
|
|
The refactoring of HTTP CONNECT handling in commit 41b0237834232 that
made it protocol independent broke it for the multi interface. This fix
now introduce a better state handling and moved some logic to the
http_proxy.c source file.
Reported by: Yang Tse
Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
|
|
|
|
Take in account that POSIX standard Issue 7 drops h_errno support. Now, we also
consider getaddrinfo() to be thread-safe when (_POSIX_C_SOURCE >= 200809L) or
(_XOPEN_SOURCE >= 700) independently of whether h_errno exists or not.
|
|
|
|
|
|
Use fopen() with "w" mode instead of "wt" to fix cygwin builds.
|
|
|
|
3 more bugs, 1 more contributor
|
|
|
|
|
|
Windows standard libraries are located in C:/Program Files/Microsoft
SDKs/[...]. They are already included in the default MSVC
LIBPATH. Hence, find_library(WSOCK32_LIBRARY wsock32) and
find_library(WS2_32_LIBRARY ws2_32) are not needed. They return the full
path to the libraries including spaces. Of course,
list_spaces_append_once will mangle the result and the build fails.
Bug: http://curl.haxx.se/bug/view.cgi?id=3494968
|
|
|