Age | Commit message (Collapse) | Author |
|
|
|
... as it implies we need to check for that on all the other variable
references as well (as Coverity otherwise warns us for missing NULL
checks), and we're alredy making sure that the pointer is never NULL.
|
|
RFC 6265 section 4.1.1 spells out that the first name/value pair in the
header is the actual cookie name and content, while the following are
the parameters.
libcurl previously had a more liberal approach which causes significant
problems when introducing new cookie parameters, like the suggested new
cookie priority draft.
The previous logic read all n/v pairs from left-to-right and the first
name used that wassn't a known parameter name would be used as the
cookie name, thus accepting "Set-Cookie: Max-Age=2; person=daniel" to be
a cookie named 'person' while an RFC 6265 compliant parser should
consider that to be a cookie named 'Max-Age' with an (unknown) parameter
'person'.
Fixes #709
|
|
|
|
|
|
Such a return value isn't documented but could still happen, and the
curl tool code checks for it. It would happen when the underlying
Curl_poll() function returns an error. Starting now we mask that error
as a user of curl_multi_wait() would have no way to handle it anyway.
Reported-by: Jay Satiro
Closes #707
|
|
|
|
|
|
Regression since commit 710f14edba.
Bug: https://github.com/curl/curl/issues/422
Reported-by: Justin Ehlert
|
|
..SH should be .SH
Bug: https://github.com/curl/curl/issues/705
Reported-by: Eric S. Raymond
|
|
Closes #658
|
|
Introducing a function for closing the secondary connection to make this
bug less likely to happen again.
Reported-by: daboul
Closes #701
|
|
|
|
|
|
I got a crash with this stack:
curl/lib/url.c:2873 (Curl_removeHandleFromPipeline)
curl/lib/url.c:2919 (Curl_getoff_all_pipelines)
curl/lib/multi.c:561 (curl_multi_remove_handle)
curl/lib/url.c:415 (Curl_close)
curl/lib/easy.c:859 (curl_easy_cleanup)
Closes #704
|
|
|
|
And delete trailing whitespace
And rename section 17 to "command line tool" from "client"
Closes #702
|
|
It also makes it less readable as plain text, so let's keep this
primarily for github use.
Removed the top ascii art logo, as it looks weird when markdownified.
|
|
Attempt to make it look more appealing on github
|
|
|
|
|
|
|
|
|
|
|
|
Fixed inconsistency from commit 1eae114065 and 0ad6c72227 of the order
in which Perl was added to the PATH.
|
|
|
|
|
|
and removed erroneous reference to test case lib509
|
|
|
|
Since two of the cookies would now otherwise expire and cause the test
to fail after commit 20de9b4f09
Discussed in #697
|
|
Bug: https://github.com/curl/curl/pull/693
|
|
Prior to this change when a single protocol CURL_SSLVERSION_ was
specified by the user that version was set only as the minimum version
but not as the maximum version as well.
|
|
|
|
|
|
|
|
In makefile.m32, option -ssh2 (libssh2) automatically implied -ssl
(OpenSSL) option, with no way to override it with -winssl. Since both
libssh2 and curl support using Windows's built-in SSL backend, modify
the logic to allow that combination.
|
|
Prior to this change cookies with an expiry date that failed parsing
and were converted to session cookies could be purged in remove_expired.
Bug: https://github.com/curl/curl/issues/697
Reported-by: Seth Mos
|
|
... as it was already checked previously within the function.
Reported-by: Dmitry-Me
Closes #695
|
|
Prevent a crash if 2 (or more) requests are made to the same host and
pipelining is enabled and the connection does not complete.
Bug: https://github.com/curl/curl/pull/690
|
|
using envvars `CURL_LDFLAG_EXTRAS_DLL` and
`CURL_LDFLAG_EXTRAS_EXE` respectively. This
is useful f.e. to pass ASLR-related extra
options, that are required to make this
feature work when using the mingw toolchain.
Ref: https://github.com/curl/curl/pull/670#issuecomment-190863985
Closes https://github.com/curl/curl/pull/689
|
|
Reported-by: Dmitry-Me
Fixes #688
|
|
The assignment of the mbedTLS TLS session info in the parent commit was
incorrect. Change the assignment to a pointer to the session structure.
|
|
.. and preprocessor check TLS session info is defined for all backends.
|
|
|
|
Some systems have special files that report as 0 bytes big, but still
contain data that can be read (for example /proc/cpuinfo on
Linux). Starting now, a zero byte size is considered "unknown" size and
will be read as far as possible anyway.
Reported-by: Jesse Tan
Closes #681
|
|
- Warn if --with-ca-bundle file does not exist.
- Warn if --with-ca-path directory does not contain certificates.
- Improve help messages for both.
Example configure output:
ca cert bundle: /some/file (warning: certs not found)
ca cert path: /some/dir (warning: certs not found)
Bug: https://github.com/curl/curl/issues/404
Reported-by: Jeffrey Walton
|
|
... as when pipelining is used, we read things into a unified buffer and
we don't do that with HTTP/2. This could then easily make programs that
set CURLMOPT_PIPELINING = CURLPIPE_HTTP1|CURLPIPE_MULTIPLEX to get data
intermixed or plain broken between HTTP/2 streams.
Reported-by: Anders Bakken
|
|
|
|
The two options are almost the same, except in the case of OpenSSL:
CURLINFO_TLS_SESSION OpenSSL session internals is SSL_CTX *.
CURLINFO_TLS_SSL_PTR OpenSSL session internals is SSL *.
For backwards compatibility we couldn't modify CURLINFO_TLS_SESSION to
return an SSL pointer for OpenSSL.
Also, add support for the 'internals' member to point to SSL object for
the other backends axTLS, PolarSSL, Secure Channel, Secure Transport and
wolfSSL.
Bug: https://github.com/curl/curl/issues/234
Reported-by: dkjjr89@users.noreply.github.com
Bug: https://curl.haxx.se/mail/lib-2015-09/0127.html
Reported-by: Michael König
|
|
The internal Curl_done() function uses Curl_expire() at times and that
uses the timeout list. Better clean up the list once we're done using
it. This caused a segfault.
Reported-by: 蔡文凱
Bug: https://curl.haxx.se/mail/lib-2016-02/0097.html
|