Age | Commit message (Collapse) | Author |
|
The SSL_CTX_set_msg_callback callback is not just called for the
Handshake or Alert protocols, but also for the raw record header
(SSL3_RT_HEADER) and the decrypted inner record type
(SSL3_RT_INNER_CONTENT_TYPE). Be sure to ignore the latter to avoid
excess debug spam when using `curl -v` against a TLSv1.3-enabled server:
* TLSv1.3 (IN), TLS app data, [no content] (0):
(Following this message, another callback for the decrypted
handshake/alert messages will be be present anyway.)
Closes https://github.com/curl/curl/pull/3281
|
|
SO_EXCLUSIVEADDRUSE is on by default on Vista or newer,
but does not work together with SO_REUSEADDR being on.
The default changes were made with stunnel 5.34 and 5.35.
|
|
Closes #3262
|
|
Fixes #3261
|
|
Commit 5bfaa86ceb3c2a9ac474a928e748c4a86a703b33 introduced a new
compiler warning on Windows cross compilation with GCC. See below
for an example of the warning from the autobuild logs (whitespace
edited to fit):
/src/tool_cb_wrt.c:175:9: warning: cast from function call of type
'intptr_t {aka long long int}' to non-matching type 'void *'
[-Wbad-function-cast]
(HANDLE) _get_osfhandle(fileno(outs->stream)),
^
Store the return value from _get_osfhandle() in an intermediate
variable and cast the variable in WriteConsoleW() rather than the
function call directly to avoid a compiler warning.
In passing, also add inspection of the MultiByteToWideChar() return
value and return failure in case an error is reported.
Closes #3263
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
|
|
|
|
Curl_ftp_parselist: avoid unsigned integer overflows
The overflow has no real world impact, just avoid it for "best
practice".
Closes #3225
|
|
The end port number in a given range was not included in the range used,
as it is documented to be.
Reported-by: infinnovation-dev on github
Fixes #3251
Closes #3255
|
|
As per BoringSSL porting documentation [1], BoringSSL rejects peer
renegotiations by default.
curl fails when trying to authenticate to server through client
certificate if it is requested by server after the initial TLS
handshake.
Enable renegotiation by default with BoringSSL to get same behavior as
with OpenSSL. This is done by calling SSL_set_renegotiate_mode [2]
which was introduced in commit 1d5ef3bb1eb9 [3].
1 - https://boringssl.googlesource.com/boringssl/+/HEAD/PORTING.md#tls-renegotiation
2 - https://boringssl.googlesource.com/boringssl/+/master/include/openssl/ssl.h#3482
3 - https://boringssl.googlesource.com/boringssl/+/1d5ef3bb1eb97848617db5e7d633d735a401df86
Signed-off-by: Jérémy Rocher <rocher.jeremy@gmail.com>
Fixes #3258
Closes #3259
|
|
Added a few of the more notable milestones in curl history that were
missing. Primarily more recent ones but I also noted some older that
could be worth mentioning.
[ci skip]
Closes #3257
|
|
Add the identified issue with --proxy-any and proxy servers which
advertise authentication schemes other than the supported one.
Closes #876
Closes #3250
Reported-by: NTMan on Github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Allows an application to pass in a pre-parsed URL via a URL handle.
Closes #3227
|
|
Groff / Troff will display a:
printaf("Errno: %ld\n", error);
as:
printf("Errno: %ld0, error);
when a "\n" is not escaped. Use "\\n" instead.
Closes #3246
|
|
Regression by 52db54869e6.
Reported-by: infinnovation-dev on github
Fixes #3248
Closes #3249
|
|
|
|
|
|
The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.
Reported-by: Brian Carpenter
Closes #3242
|
|
Follow-up to e431daf013, as I did the wrong correction for a compiler
warning. It should be a break and not a fall-through.
Pointed-out-by: Frank Gevaerts
|
|
Closes #3115
|
|
The productname from Microsoft is "Schannel", but in infof/failf
reporting we use "schannel". This removes different versions.
Closes #3243
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Similar to how URL decoding/encoding is done, we could have URL
functions to convert IDN host names to punycode.
Suggested-by: Alexey Melnichuk
Closes #3232
|
|
APPENDQUERY + URLENCODE would skip all equals signs but now it only skip
encoding the first to better allow "name=content" for any content.
Reported-by: Alexey Melnichuk
Fixes #3231
Closes #3231
|
|
The function identifying a leading "scheme" part of the URL considered a
few letters ending with a colon to be a scheme, making something like
"short:80" to become an unknown scheme instead of a short host name and
a port number.
Extended test 1560 to verify.
Also fixed test203 to use file_pwd to make it get the correct path on
windows. Removed test 2070 since it was a duplicate of 203.
Assisted-by: Marcel Raad
Reported-by: Hagai Auro
Fixes #3220
Fixes #3233
Closes #3223
Closes #3235
|
|
In the transfer loop it would previously not acknwledge the pause bit
and continue until drained or loop ended.
Closes #3240
|
|
- Add an undocumented diagnostic option for Windows to show the full
paths of all loaded modules regardless of whether or not libcurl
initialization succeeds.
This is needed so that in the CI we can get a list of all DLL
dependencies after initialization (when they're most likely to have
finished loading) and then package them as artifacts so that a
functioning build can be downloaded. Also I imagine it may have some use
as a diagnostic for help requests.
Ref: https://github.com/curl/curl/pull/3103
Closes https://github.com/curl/curl/pull/3208
|
|
Prior to this change twice as many bytes as necessary were malloc'd when
converting wchar to UTF8. To allay confusion in the future I also
changed the variable name for the amount of bytes from len to bytes.
Closes https://github.com/curl/curl/pull/3209
|
|
- for "--netrc", don't ignore the login/password specified with "--user",
only ignore the login/password in the URL.
This restores the netrc behaviour of curl 7.61.1 and earlier.
- fix the documentation of CURL_NETRC_REQUIRED
- improve the detection of login/password changes when reading .netrc
- don't read .netrc if both login and password are already set
Fixes #3213
Closes #3224
|
|
|
|
Fixes #3211
Fixes #3175
Closes #3212
|
|
Closes #3199
|
|
The previous coding used a format string whose output depended on the
current locale of the environment running the test. Since the gist of
the test is to have a format string, with the actual formatting being
less important, switch to a more stable formatstring with decimals.
Reported-by: Marcel Raad
Closes #3234
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
This reverts commit 226cfa8264cd979eff3fd52c0f3585ef095e7cf2.
This commit caused test failures on appveyor/windows. Work on fixing them is
in #3235.
|
|
...and fix symbol-scan.pl to also scan urlapi.h
Reported-by: Alexey Melnichuk
Fixes #3226
Closes #3230
|
|
The internal buffer in infof() is limited to 2048 bytes of payload plus
an additional byte for NULL termination. Servers with very long error
messages can however cause truncation of the string, which currently
isn't very clear, and leads to badly formatted output.
This appends a "...\n" (or just "..." in case the format didn't with a
newline char) marker to the end of the string to clearly show
that it has been truncated.
Also include a unittest covering infof() to try and catch any bugs
introduced in this quite important function.
Closes #3216
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
|
|
|
|
The function identifying a leading "scheme" part of the URL considered a few
letters ending with a colon to be a scheme, making something like "short:80"
to become an unknown scheme instead of a short host name and a port number.
Extended test 1560 to verify.
Reported-by: Hagai Auro
Fixes #3220
Closes #3223
|
|
Regression from 46e164069d1a52. Extended test 1560 to verify.
Reported-by: tpaukrt on github
Fixes #3218
Closes #3219
|
|
on Linux. To make sure the test suite runs with its newly build tool and
doesn't require an external one present.
Bug: #3198
Closes #3200
|
|
The overflow has no real world impact.
Just avoid it for "best practice".
Code change suggested by "The Infinnovation Team" and Daniel Stenberg.
Closes #3184
|
|
When not actually following the redirect and the target URL is only
stored for later retrieval, curl always accepted "non-supported"
schemes. This was a regression from 46e164069d1a5230.
Reported-by: Brad King
Fixes #3210
Closes #3215
|
|
Commit efc696a2e09225bfeab4 renamed persistant.c to persistent.c to
fix the typo in the name, but missed to update the OpenVMS package
files which still looked for the old name.
Closes #3217
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
To make it easier to understand other people's and remote builds etc.
Closes #3207
|
|
|
|
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.
Use a better supported TLS library!
Assisted-by: Daniel Gustafsson
Closes #3194
|
|
Closes #3197
|
|
... using clang
Closes #3190
|
|
Curl_verify_certificate() must use the Curl_ prefix since it is globally
available in the lib and otherwise steps outside of our namespace!
Closes #3201
|
|
It is unused since commit f7208df7d9d5cd5e15e2d89237e828f32b63f135.
Closes #3204
|
|
... revert the mistaken change brought in commit 8440616f53.
Reported-by: Alessandro Ghedini
Bug: https://curl.haxx.se/mail/lib-2018-10/0118.html
Closes #3198
|