aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2017-03-12tool_writeout: fixed a buffer read overrun on --write-outDan Fandrich
If a % ended the statement, the string's trailing NUL would be skipped and memory past the end of the buffer would be accessed and potentially displayed as part of the --write-out output. Added tests 1440 and 1441 to check for this kind of condition. Reported-by: Brian Carpenter
2017-03-12url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2017-03-11http_proxy: Ignore TE and CL in CONNECT 2xx responsesJay Satiro
A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11mbedtls: fix typo in variable nameThomas Glanzmann
Broken a few days ago in 6448f98. Bug: https://curl.haxx.se/mail/lib-2017-03/0015.html
2017-03-11tests: fix the authretry testsMichael Kaufmann
Do not call curl_easy_reset() between the requests, because the auth state must be preserved for these tests. Follow-up to 0afbcfd
2017-03-11proxy: skip SSL initialization for closed connectionsMichael Kaufmann
This prevents a "Descriptor is not a socket" error for WinSSL. Reported-by: Antony74@users.noreply.github.com Reviewed-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1239
2017-03-11curl_easy_reset: Also reset the authentication stateMichael Kaufmann
Follow-up to 5278462 See https://github.com/curl/curl/issues/1095
2017-03-11authneg: clear auth.multi flag at http_doneIsaac Boukris
This flag is meant for the current request based on authentication state, once the request is done we can clear the flag. Also change auth.multi to auth.multipass for better readability. Fixes https://github.com/curl/curl/issues/1095 Closes https://github.com/curl/curl/pull/1326 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Michael Kaufmann
2017-03-11url: don't compile detect_proxy if HTTP support is disabledDan Fandrich
2017-03-11cmdline-opts: fixed a few typosDan Fandrich
2017-03-10README.md: add coverity and travis badgesDaniel Stenberg
2017-03-10ISSUE_TEMPLATE: for bugs, ask questions on the mailing listDaniel Stenberg
and try to add the top comment within an HTML comment in the hope that it might get hidden if the text is kept
2017-03-10openssl: add two /* FALLTHROUGH */ to satisfy coverityDaniel Stenberg
CID 1402159 and 1402158
2017-03-09tests: disabled 1903 nowDaniel Stenberg
Test 1903 is doing HTTP pipelining, and that is a timing and ordering sensitive operation and this fails far too often on the Travis CI leading to people more or less ignoring test failures there. Not good. The end of pipelning is probably coming sooner rather than later anyway...
2017-03-09tls-max.d: added to the makefileDan Fandrich
2017-03-09build: fixed making man page in out-of-tree tarball buildsDan Fandrich
The man page taken from the release package is found in a different location than if it's built from source. It must be referenced as $< in the rule to get its correct location in the VPATH.
2017-03-09mkhelp: simplified the gzip codeDan Fandrich
This eliminates the need for an external gzip program, which wasn't working with Busybox's gzip, anyway. It now compresses using perl's IO::Compress::Gzip
2017-03-09polarssl: fixed compile errors introduced in 6448f98cDan Fandrich
2017-03-08bump: next release will be known as 7.54.0Daniel Stenberg
...due to the newly added CURL_SSLVERSION_MAX_* functionality
2017-03-08openssl: unbreak the build after 6448f98c1857deDaniel Stenberg
Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1)
2017-03-08vtls: add options to specify range of enabled TLS versionsJozef Kralik
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
2017-03-08RELEASE-NOTES: synced with 6888a670aa01Daniel Stenberg
2017-03-08MANPAGE: clarify the dash situation in meta dataDaniel Stenberg
2017-03-08insecure.d: clarify that this is for server connectionsDaniel Stenberg
Assisted-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2017-03/0002.html
2017-03-08test1260: added http as a required featureDan Fandrich
2017-03-07maketgz: Run updatemanpages.pl to update man pagesSteve Brokenshire
maketgz now runs scripts/updatemanpages.pl to update the man pages .TH section to use the current date and curl/libcurl version. (TODO Section 3.1) Closes #1058
2017-03-07gitignore: Ignore man page dist filesSteve Brokenshire
Ignore man page dist files generated by scripts/updatemanpages.pl
2017-03-07Makefile.am: Remove distribution man pages when running 'make clean'Steve Brokenshire
2017-03-07Makefile.am: Added scripts/updatemanpages.pl to EXTRA_DISTSteve Brokenshire
2017-03-07updatemanpages.pl: Update man pages to use current date and versionsSteve Brokenshire
Added script to update man pages to use the current date and curl/libcurl versions. updatemanpages.pl has three arrays: list of directories to look in, list of extensions to process, list of files to exclude from processing. Check man page in git repoistory using the date from the existing man page before updating to avoid updating the man page if no change is made. If data is received from the git command then update the man page with the current date and version otherwise leave alone. Applied patch from badger to make the date argument optional, change the git command used, added date argument to processfile subroutine and print to STDERR if no date is found in a man page. Added code to process the changed man page into a new man page with .dist added to the filename to keep the original source files unchanged. Updated POD documentation to reflect that the date argument optional. Code style is in line with CODE_STYLE.md. Directories: docs/ docs/libcurl/ docs/libcurl/opts/ tests/ Extensions: .1 .3 Excluded files: mk-ca-bundle.1 template.3 (TODO Section 3.1)
2017-03-07http2: Fix assertion error on redirect with CL=0Tatsuhiro Tsujikawa
This fixes assertion error which occurs when redirect is done with 0 length body via HTTP/2, and the easy handle is reused, but new connection is established due to hostname change: curl: http2.c:1572: ssize_t http2_recv(struct connectdata *, int, char *, size_t, CURLcode *): Assertion `httpc->drain_total >= data->state.drain' failed. To fix this bug, ensure that http2_handle_stream is called. Fixes #1286 Closes #1302
2017-03-07ares: Curl_resolver_wait_resolv: clear *entry first in functionDaniel Stenberg
2017-03-07ares: better error return on timeoutsDaniel Stenberg
Assisted-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
2017-03-06KNOWN_BUGS: Add DarwinSSL won't import PKCS#12 without a passwordJay Satiro
Bug: https://github.com/curl/curl/issues/1308 Reported-by: Justin Clift
2017-03-06test1260: removed errant XML tagDan Fandrich
2017-03-06URL: return error on malformed URLs with junk after port numberDaniel Stenberg
... because it causes confusion with users. Example URLs: "http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will parse and claim uses port number 80, while libcurl would use port number 11211. "http://user@example.com:80@localhost" which by the WHATWG URL spec will be treated to contain user name 'user@example.com' but according to RFC3986 is user name 'user' for the host 'example.com' and then port 80 is followed by "@localhost" Both these formats are now rejected, and verified so in test 1260. Reported-by: Orange Tsai
2017-03-06BINDINGS: update the Lua-cURL URLDaniel Stenberg
2017-03-06BINDINGS: add Scilab bindingSylvestre Ledru
Closes #1312
2017-03-06BINDINGS: add go-curl and perl6-net-curlDaniel Stenberg
Reported-by: Peter Pentchev
2017-03-06BINDINGS: add misssing C++ bindingsDaniel Stenberg
Reported-by: Giuseppe Persico
2017-03-06ares: return error at once if timed out before name resolve startsDaniel Stenberg
Pointed-out-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html
2017-03-05CMake: Set at most one SSL libraryMichael Maltese
Ref: https://github.com/curl/curl/pull/1228
2017-03-05CMake: Add mbedTLS supportMichael Maltese
Ref: https://github.com/curl/curl/pull/1228
2017-03-05CMake: Add DarwinSSL supportMichael Maltese
Assisted-by: Simon Warta <simon@kullo.net> Ref: https://github.com/curl/curl/pull/1228
2017-03-05CMake: Reorganize SSL support, separate WinSSL and SSPIMichael Maltese
This is closer to how configure.ac does it Ref: https://github.com/curl/curl/pull/1228
2017-03-04CURLOPT_SSL_CTX_FUNCTION.3: Fix EXAMPLE formatting errorsJay Satiro
.. also document that CURLE_NOT_BUILT_IN is a RETURN VALUE. Ref: https://github.com/curl/curl/pull/1290
2017-03-04fix potential use of uninitialized variablesAndrew Krieger
MSVC with LTCG detects this at warning level 4. Closes #1304
2017-03-04fix some typos in the doc (#1306)Sylvestre Ledru
2017-03-04tests: fixed a typo in some commentsDan Fandrich
2017-03-03url: split off proxy init and parsing from create_connJay Satiro
Move the proxy parse/init into helper create_conn_helper_init_proxy to mitigate the chances some non-proxy code will be mistakenly added to it. Ref: https://github.com/curl/curl/issues/1274#issuecomment-281556510 Ref: https://github.com/curl/curl/pull/1293 Closes https://github.com/curl/curl/pull/1298