| Age | Commit message (Collapse) | Author |
|---|
|
NTLM2 did not work i.e. no NTLMv2 response was created. Changing the
check seems to work.
Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf
Fixes https://github.com/curl/curl/issues/3286
Closes https://github.com/curl/curl/pull/3287
Closes https://github.com/curl/curl/pull/3415
|
|
Due to a report of a missing name in THANKS I manually went through an
old CHANGES.0 file and added many previously missing names here.
|
|
The previous fix for parsing IPv6 URLs with a zone index was a paddle
short for URLs without an explicit port. This patch fixes that case
and adds a unit test case.
This bug was highlighted by issue #3408, and while it's not the full
fix for the problem there it is an isolated bug that should be fixed
regardless.
Closes #3411
Reported-by: GitYuanQu on github
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Reported-by: Tae Wong
|
|
|
|
|
|
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are
try-last so any non-wildcard entry is resolved first. If specified,
any host not matched by another CURLOPT_RESOLVE config will use this
as fallback.
Example send a.com to 10.0.0.1 and everything else to 10.0.0.2:
curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \
https://a.com https://b.com
This is probably quite similar to using:
--connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443
Closes #3406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
- Trailer function support.
- http 0.9 option.
- curl_easy_upkeep.
|
|
The project bug tracker is no longer hosted at sourceforge but is now
hosted on the curl Github page. Update the FAQ to reflect.
Closes #3410
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
The DCL code had a typo in one of the commands which would make the
OpenSSL discovery on VAX fail. The correct syntax is F$ENVIRONMENT.
Closes #3407
Reviewed-by: Viktor Szakats <commit@vszakats.net>
|
|
Reviewed-by: Sergei Nikulov
closes #3196
|
|
This reverts commit c98ee5f67f497195c9 since commit f3ce38739fa fixed the
problem in a more generic way.
|
|
Follow-up to fb445a1e18d: Set conn->data explicitly to point out the
current transfer when invoking the protocol-specific disconnect function
so that it can work correctly.
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12173
|
|
- Use QueryPerformanceCounter on Windows Vista+
There is confusing info floating around that QueryPerformanceCounter
can leap etc, which might have been true long time ago, but no longer
the case nowadays (perhaps starting from WinXP?). Also, boost and
std::chrono::steady_clock use QueryPerformanceCounter in a similar way.
Prior to this change GetTickCount or GetTickCount64 was used, which has
lower resolution. That is still the case for <= XP.
Fixes https://github.com/curl/curl/issues/3309
Closes https://github.com/curl/curl/pull/3318
|
|
|
|
|
|
Do not assume/store assocation between a given easy handle and the
connection if it can be avoided.
Long-term, the 'conn->data' pointer should probably be removed as it is a
little too error-prone. Still used very widely though.
Reported-by: masbug on github
Fixes #3391
Closes #3400
|
|
Assisted-by: Harry Sintonen
Fixes #3402
Closes #3403
|
|
|
|
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose.
For now, both the tool and library allow HTTP/0.9 by default.
docs/DEPRECATE.md lays out the plan for when to reverse that default: 6
months after the 7.64.0 release. The options are added already now so
that applications/scripts can start using them already now.
Fixes #2873
Closes #3383
|
|
Closes #3401
|
|
Reported-by: Florian Pritz
Fixes #3392
Closes #3399
|
|
This adds a cleanup callback for cyassl. Resolves possible memory leak
when using ECC fixed point cache.
Closes #3395
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
Fix-by: Eric Rosenquist
Fixes #3376
Closes #3390
|
|
|
|
Ensure to perform the checks we have to enforce a sane domain in
the cookie request. The check for non-PSL enabled builds is quite
basic but it's better than nothing.
Closes #2964
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Follow-up to 09e401e01bf9. If connection gets reused, then data member
will be copied, but not the proto member. As a result, in smb_do(),
path has been set from the original proto.share data.
Closes #3388
|
|
Reported-by: Kamil Dudka
Fixes #3380
Closes #3381
|
|
Previously, VERIFYPEER would enable/disable all checks.
Reported-by: Eric Rosenquist
Fixes #3376
Closes #3380
|
|
Previously it was 30 minutes
|
|
The timeout set with CURLOPT_TIMEOUT is no longer used when
disconnecting from one of the pingpong protocols (FTP, IMAP, SMTP,
POP3).
Reported-by: jasal82 on github
Fixes #3264
Closes #3374
|
|
Closes #3354
|
|
|
|
|
|
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION
options that allow a callback based approach to sending trailing headers
with chunked transfers.
The test server (sws) was updated to take into account the detection of the
end of transfer in the case of trailing headers presence.
Test 1591 checks that trailing headers can be sent using libcurl.
Closes #3350
|
|
Reported-by: Andrei Neculau
Fixes #3367
Closes #3373
|
|
|
|
This verify that the `?' in the selector is kept as is.
Verifies the fix in #3370
|
|
After the migration to URL API all octets in the selector after the
first `?' were interpreted as query and accidentally discarded and not
passed to the server.
Add a gopherpath to always concatenate possible path and query URL
pieces.
Fixes #3369
Closes #3370
|
|
If just a `?' to indicate the query is passed always store a zero length
query instead of having a NULL query.
This permits to distinguish URL with trailing `?'.
Fixes #3369
Closes #3370
|
|
Curl_slist_append_nodup() returns NULL when it fails to create a new
item for the specified list, and since the coding here reassigned the
new list on top of the old list it would result in a dangling pointer
and lost memory. Also, in case we hit an allocation failure at some
point during the conversion, with allocation succeeding again on the
subsequent call(s) we will return a truncated list around the malloc
failure point. Fix by assigning to a temporary list pointer, which can
be checked (which is the common pattern for slist appending), and free
all the resources on allocation failure.
Closes #3372
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Only allow secure origins to be able to write cookies with the
'secure' flag set. This reduces the risk of non-secure origins
to influence the state of secure origins. This implements IETF
Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates
RFC6265.
Closes #2956
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
Reported-by: Tobias Lindgren
Pointed out in #3367
Closes #3368
|
|
A URL with a single colon without a portnumber should use the default
port, discarding the colon. Fix, add a testcase and also do little bit
of comment wordsmithing.
Closes #3365
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
|
|
... when not actually following the redirect. Otherwise we return error
for this and an application can't extract the value.
Test 1518 added to verify.
Reported-by: Pavel Pavlov
Fixes #3340
Closes #3364
|
