aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-05-12darwinssl: fix certificate verification disable on OS X 10.8Per Malmberg
The new way of disabling certificate verification doesn't work on Mountain Lion (OS X 10.8) so we need to use the old way in that version too. I've tested this solution on versions 10.7.5, 10.8, 10.9, 10.10.2 and 10.11. Closes #802
2016-05-12http2: Add space between colon and header valueCory Benfield
curl's representation of HTTP/2 responses involves transforming the response to a format that is similar to HTTP/1.1. Prior to this change, curl would do this by separating header names and values with only a colon, without introducing a space after the colon. While this is technically a valid way to represent a HTTP/1.1 header block, it is much more common to see a space following the colon. This change introduces that space, to ensure that incautious tools are safely able to parse the header block. This also ensures that the difference between the HTTP/1.1 and HTTP/2 response layout is as minimal as possible. Bug: https://github.com/curl/curl/issues/797 Closes #798 Fixes #797
2016-05-12openssl: fix compile-time warning in Curl_ossl_check_cxn()Kamil Dudka
... introduced in curl-7_48_0-293-g2968c83: Error: COMPILER_WARNING: lib/vtls/openssl.c: scope_hint: In function ‘Curl_ossl_check_cxn’ lib/vtls/openssl.c:767:15: warning: conversion to ‘int’ from ‘ssize_t’ may alter its value [-Wconversion]
2016-05-11openssl: stricter connection check functionJay Satiro
- In the case of recv error, limit returning 'connection still in place' to EINPROGRESS, EAGAIN and EWOULDBLOCK. This is an improvement on the parent commit which changed the openssl connection check to use recv MSG_PEEK instead of SSL_peek. Ref: https://github.com/curl/curl/commit/856baf5#comments
2016-05-11TLS: SSL_peek is not a const operationAnders Bakken
Calling SSL_peek can cause bytes to be read from the raw socket which in turn can upset the select machinery that determines whether there's data available on the socket. Since Curl_ossl_check_cxn only tries to determine whether the socket is alive and doesn't actually need to see the bytes SSL_peek seems like the wrong function to call. We're able to occasionally reproduce a connect timeout due to this bug. What happens is that Curl doesn't know to call SSL_connect again after the peek happens since data is buffered in the SSL buffer and thus select won't fire for this socket. Closes #795
2016-05-09TLS: move the ALPN/NPN enable bits to the connectionDaniel Stenberg
Only protocols that actually have a protocol registered for ALPN and NPN should try to get that negotiated in the TLS handshake. That is only HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN would wrongly be used in all handshakes if libcurl was built with it enabled. Reported-by: Jay Satiro Fixes #789
2016-05-08libcurl-thread.3: openssl 1.1.0 is safe, and so is boringsslDaniel Stenberg
2016-05-08connect: fix invalid "Network is unreachable" errorsAntonio Larrosa
Sometimes, in systems with both ipv4 and ipv6 addresses but where the network doesn't support ipv6, Curl_is_connected returns an error (intermittently) even if the ipv4 socket connects successfully. This happens because there's a for-loop that iterates on the sockets but the error variable is not resetted when the ipv4 is checked and is ok. This patch fixes this problem by setting error to 0 when checking the second socket and not having a result yet. Fixes #794
2016-05-05FAQ: refer to thread safety guidelinesJay Satiro
2016-05-03connections: non-HTTP proxies on different ports aren't reused eitherDaniel Stenberg
Reported-by: Oleg Pudeyev and fuchaoqun Fixes #648
2016-05-02http: make sure a blank header overrides accept_decodingDaniel Stenberg
Reported-by: rcanavan Assisted-by: Isaac Boukris Closes #785
2016-05-02CHECKSRC.md: clarified, explained the whitelist fileDaniel Stenberg
2016-05-02nroff-scan.pl: verify that references are made with \fIDaniel Stenberg
2016-05-02docs: unified man page references to use \fIDaniel Stenberg
2016-05-02TODO: 17.14 --fail without --location should treat 3xx as a failureDaniel Stenberg
Closes #727
2016-05-01RELEASE-NOTES: synced with 7987f5cb14dDaniel Stenberg
2016-05-01CURLOPT_ACCEPT_ENCODING.3: Follow-up clarificationIsaac Boukris
Mention possible content-length mismatch with sum of bytes reported by write callbacks when auto decoding is enabled. See #785
2016-05-01test1140: run nroff-scan to verify man pagesDaniel Stenberg
2016-05-01nroff-scan.pl: verify the .BR references as wellDaniel Stenberg
2016-05-01CURLOPT_CONV_TO_NETWORK_FUNCTION.3: fix bad man page referenceDaniel Stenberg
2016-05-01CURLOPT_BUFFERSIZE.3: fix reference to CURLOPT_MAX_RECV_SPEED_LARGEDaniel Stenberg
2016-05-01curl_easy_pause.3: fix man page referenceDaniel Stenberg
2016-05-01tool_cb_hdr: Fix --remote-header-name with schemeless URLJay Satiro
- Move the existing scheme check from tool_operate. In the case of --remote-header-name we want to parse Content-disposition for a filename, but only if the scheme is http or https. A recent adjustment 0dc4d8e was made to account for schemeless URLs however it's not 100% accurate. To remedy that I've moved the scheme check to the header callback, since at that point the library has already determined the scheme. Bug: https://github.com/curl/curl/issues/760 Reported-by: Kai Noda
2016-05-01tls: make setting pinnedkey option fail if not supportedDaniel Stenberg
to make it obvious to users trying to use the feature with TLS backends not supporting it. Discussed in #781 Reported-by: Travis Burtrum
2016-05-01nroff-scan.pl: verifies nroff pagesDaniel Stenberg
... not used by any test yet but can be used stand-alone.
2016-05-01opts: fix broken/bad referencesDaniel Stenberg
2016-05-01docs: fix bugs in CURLOPT_HTTP_VERSION.3 and CURLOPT_PIPEWAIT.3Michael Kaufmann
Closes #786
2016-05-01CURLOPT_ACCEPT_ENCODING.3: clarifiedDaniel Stenberg
As discussed in #785
2016-04-30curl.1: --mail-rcpt can be used multiple timesDaniel Stenberg
Reported-by: mgendre Closes #784
2016-04-29tests: Use 'pathhelp' for paths conversions in secureserver.plKarlson2k
Closes #675
2016-04-29tests: Use 'pathhelp' for paths conversions in sshserver.plKarlson2k
2016-04-29tests: Use 'pathhelp' for current path in runtests.plKarlson2k
2016-04-29tests: pathhelp.pm to process paths on Msys/CygwinKarlson2k
2016-04-29lib: include curl_printf.h as one of the last headersDaniel Stenberg
curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-29memdebug.h: remove inclusion of other headersDaniel Stenberg
Mostly because they're not needed, because memdebug.h is always included last of all headers so the others already included the correct ones. But also, starting now we don't want this to accidentally include any system headers, as the header included _before_ this header may add defines and other fun stuff that we won't want used in system includes.
2016-04-29curl -J: make it work even without http:// scheme on URLJay Satiro
It does open up a miniscule risk that one of the other protocols that libcurl could use would send back a Content-Disposition header and then curl would act on it even if not HTTP. A future mitigation for this risk would be to allow the callback to ask libcurl which protocol is being used. Verified with test 1312 Closes #760
2016-04-29manpage-scan.pl: also verify the command line option docsDaniel Stenberg
This script now also scans src/tool_getparam.c, docs/curl.1 and src/tool_help.c and will warn if any of them lists a command line option not mentioned in one of the other places.
2016-04-29curl: show the long option version of -q in the -h listDaniel Stenberg
2016-04-29curl: remove "--socks" as "--socks5" turned 8Daniel Stenberg
In commit 2e42b0a2524 (Jan 2008) we made the option "--socks" deprecated and it has not been documented since. The more explicit socks options (like --socks4 or --socks5) should be used.
2016-04-29curl.1: document the deprecated --ftp-ssl optionDaniel Stenberg
2016-04-29curl: remove --http-requestDaniel Stenberg
It was mentioned as deprecated already in commit ae1912cb0d4 from 1999. It has not been documented in this millennium.
2016-04-29curl: mention --ntlm-wb in -h listDaniel Stenberg
2016-04-29curl: -h output lacked --proxy-headerDaniel Stenberg
2016-04-29curl.1: document --ntlm-wbDaniel Stenberg
2016-04-29curl.1: document the long format of -q: --disableDaniel Stenberg
2016-04-29curl.1: mention the deprecated --krb4 optionDaniel Stenberg
2016-04-29curl.1: document --ftp-ssl-reqdDaniel Stenberg
Even if deprecated, document it so that people will find it as old scripts may still use it.
2016-04-29curl: use --telnet-option as documentedDaniel Stenberg
The code said "telnet-options" but no documentation ever said so. It worked fine since the code is fine with a unique match of the first part.
2016-04-29getparam: remove support for --ftpportDaniel Stenberg
It has been deprecated and undocumented since commit ad5ead8bed7 (Dec 2003). --ftp-port is the proper long option name.
2016-04-29curl: make --disable work as long form of -qDaniel Stenberg
To make the aliases list reflect reality.