Age | Commit message (Collapse) | Author |
|
|
|
Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the
reply ATYP is X'01'. This resulted in erroneously expecting more bytes
when the request length is greater than the reply length (e.g., when
remotely resolving the hostname).
Closes #5527
|
|
Since the new curl/stats repository is designed to be
checked out into the curl repository working tree as stats/
it should be on the ignore list to aid in commit staging.
|
|
Cargo needs to be called from within the 'quiche' directory.
Closes #5522
|
|
Closes #5525
|
|
In the continued effort to remove "manual" realloc schemes.
Closes #5524
|
|
Reported-by: Jay Satiro
Fixes #5299
Closes #5520
|
|
|
|
In the logic that works out if a given OpenSSL path works, it stripped
off a possibly leading -L flag using an incorrect sed pattern which
would remove all instances of -L in the string, including if the path
itself contained that two-letter sequence!
The same pattern was used and is now updated in multiple places. Now it
only removes -L if it starts the strings.
Reported-by: Mohamed Osama
Fixes #5519
Closes #5521
|
|
Fix the verbose message while at it, quiche currently supports draft
27 and draft 28 simultaneously.
Closes #5518
|
|
Closes #4750
|
|
Windows project configurations that use OpenSSL with USE_WIN32_CRYPTO
need crypt32.
Follow-up to 148534d which added CURLSSLOPT_NATIVE_CA for 7.71.0.
The changes that are in this commit were made by script.
Ref: https://gist.github.com/jay/a1861b50ecce2b32931237180f856e28
Closes https://github.com/curl/curl/pull/5516
|
|
Avoid failing CI builds due to nghttp2 being already installed.
Closes #5513
|
|
|
|
|
|
When the method is updated inside libcurl we must still not change the
method as set by the user as then repeated transfers with that same
handle might not execute the same operation anymore!
This fixes the libcurl part of #5462
Test 1633 added to verify.
Closes #5499
|
|
Fixes #5503
Closes #5504
|
|
This test verifies the -w %json output and the test case includes a full
generated "blob". If there's no proxy support built into libcurl, it
will return an error for proxy related info variables and they will not
be included in the json, thus causing a mismatch and this test fails.
Reported-by: Marc Hörsken
Fixes #5501
Closes #5502
|
|
If `index.html` does not exist in the directory from which the example
is invoked, the fopen(upload, "rb") invocation in `setup` would fail,
returning NULL. This value is subsequently passed as the FILE* argument
of the `fread` invocation in the `read_callback` function, which is the
actual cause of the crash (apparently `fread` assumes that argument to
be non-null).
In addition, mitigate some possible crashes of similar origin.
Closes #5463
|
|
Reported-by: therealhirudo on github
Fixes #5485
Closes #5497
|
|
`http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY`
is enabled. Repair the build with that configuration.
Follow-up to f3d501dc67
Closes #5498
|
|
"Null-checking k->str suggests that it may be null, but it has already
been dereferenced on all paths leading to the check" - and it can't
legally be NULL at this point. Remove check.
Detected by Coverity CID 1463884
Closes #5495
|
|
Since Win32 almost always will also have USE_WINSOCK,
we can reduce complexity and always use Sleep there.
Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Follow up to #5343
Closes #5489
|
|
Follow-up to c4e6968127e
Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608
|
|
This also includes the following changes:
- Use the same timeout for all jobs on Linux (60 minutes)
and Windows (90 minutes)
- Use CLI stable apt-get install -y instead of apt install
which warns about that and run apt-get update first
- Enable MQTT for Windows msys2 builds instead of
legacy msys1 builds
- Add ./configure --prefix parameter to the msys2 builds
- The MSYSTEM environment variable is now preset inside
the container images for the msys2 builds
Note: on Azure Pipelines the matrix strategy is basically
just a simple list of job copies and not really a matrix.
Closes #5468
|
|
Added build to travis to verify
Closes #5466
|
|
... and free it as soon as the transfer is done. It removes the extra
alloc when a new size is set with setopt() and reduces memory for unused
easy handles.
In addition: the closure_handle now doesn't use an allocated buffer at
all but the smallest supported size as a stack based one.
Closes #5472
|
|
For millisecond timers we like timediff_t better. Also, time_t can be
unsigned so returning a negative value doesn't work then.
Closes #5479
|
|
Using time_t and suseconds_t if suseconds_t is available,
long on Windows (maybe others in the future) and int elsewhere.
Also handle case of ULONG_MAX being greater or equal to INFINITE.
Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Part of #5343
|
|
Make all functions in select.[ch] take timeout_ms as timediff_t
which should always be large enough and signed on all platforms
to take all possible timeout values and avoid type conversions.
Reviewed-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Replaces #5107 and partially #5262
Related to #5240 and #5286
Closes #5343
|
|
GCC 10 warns about this with warning: implicit conversion
from 'SANITIZEcode' to 'CURLcode' [-Wenum-conversion]
Since 'expected_result' is not really of type 'CURLcode' and
it is not exposed in any way, we can just use 'SANITIZEcode'.
Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad
Closes #5476
|
|
Since curl_setup.h now makes use of curlx_win32_fopen for Win32
builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined,
we need to include the relevant files for tests using fopen,
because the libtest sources are also including curl_setup.h
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Follow up to #3784 (ffdddb45d9)
Closes #5475
|
|
This should enable us to catch linking issues with the
testsuite early, like the one described/fixed in #5475.
Reviewed-by: Daniel Stenberg
Reviewed-by: Marcel Raad
Closes #5477
|
|
|
|
This partially reverts commit c712009838f44211958854de431315586995bc61.
Keep the ares_ files removed but bring back the older way to run find,
to make it work with busybox's find, as apparently that's being used.
Reported-by: Max Peal
Fixes #5483
Closes #5484
|
|
|
|
Reported-by: Werner Stolz
Closes #5474
|
|
Follow-up to cac5374298b3
Closes #5478
|
|
Due to bad escaping of the test code, the test wouldn't build and thus
result in a negative test result, which would lead to the unconditional
assumption that overwriting the arguments doesn't work and thus curl
would never hide credentials given in the command line, even when it
would otherwise be possible.
Regression from commit 2d4c2152c (7.60.0)
Reported-by: huzunhao on github
Fixes #5470
Closes #5471
|
|
Otherwise the build might fail due to missing source files, as
demonstrated by the recent keylog.c addition on an existing build dir.
Closes #5469
|
|
... since 575e885db
|
|
Tested with ngtcp2 built against the OpenSSL library. Additionally
tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC).
The TLS backend (independent of QUIC) may or may not already have opened
the keylog file before. Therefore Curl_tls_keylog_open is always called
to ensure the file is open.
|
|
Tested following the same curl and tshark commands as in commit
"vtls: Extract and simplify key log file handling from OpenSSL" using
WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with
`./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`.
Full support for this feature requires certain wolfSSL build options,
see "Availability note" in lib/vtls/wolfssl.c for details.
Closes #5327
|
|
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:
- Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
- Do not perform dynamic memory allocation when preparing a log entry.
Unless the TLS specifications change we can suffice with a reasonable
fixed-size buffer.
- Simplify state tracking when SSL_CTX_set_keylog_callback is
unavailable. My original sslkeylog.c code included this tracking in
order to handle multiple calls to SSL_connect and detect new keys
after renegotiation (via SSL_read/SSL_write). For curl however we can
be sure that a single master secret eventually becomes available
after SSL_connect, so a simple flag is sufficient. An alternative to
the flag is examining SSL_state(), but this seems more complex and is
not pursued. Capturing keys after server renegotiation was already
unsupported in curl and remains unsupported.
Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:
# Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
openssl s_server -www -tls1
# Likewise, but fail the server handshake.
openssl s_server -www -tls1 -Verify 2
# TLS 1.3 test. No need to test the failing server handshake.
openssl s_server -www -tls1_3
Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.
tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
-eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
-dtls.port==4433,http -ohttp.desegment_body:FALSE \
-Y 'tls.handshake.verify_data or http'
A single connection can easily be identified via the `tcp.stream` field.
|
|
|
|
For HTTP 1.x, it's a protocol error when the server sends more bytes
than announced. If this happens, don't reuse the connection, because the
start position of the next response is undefined.
Closes #5440
|
|
This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in
curl 7.54.1.
Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html
Closes #5465
|
|
And remove a few unused booleans!
Closes #5461
|
|
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that
numerical IP addresses still need to get "resolved" - but not with DoH.
Reported-by: Viktor Szakats
Fixes #5454
Closes #5459
|
|
Reported-by: Peter Wu
Fixes #5447 (the ngtcp2 side of it)
Closes #5451
|