aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-05-27wolfssl: add SSLKEYLOGFILE supportPeter Wu
Tested following the same curl and tshark commands as in commit "vtls: Extract and simplify key log file handling from OpenSSL" using WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with `./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`. Full support for this feature requires certain wolfSSL build options, see "Availability note" in lib/vtls/wolfssl.c for details. Closes #5327
2020-05-27vtls: Extract and simplify key log file handling from OpenSSLPeter Wu
Create a set of routines for TLS key log file handling to enable reuse with other TLS backends. Simplify the OpenSSL backend as follows: - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled. - Do not perform dynamic memory allocation when preparing a log entry. Unless the TLS specifications change we can suffice with a reasonable fixed-size buffer. - Simplify state tracking when SSL_CTX_set_keylog_callback is unavailable. My original sslkeylog.c code included this tracking in order to handle multiple calls to SSL_connect and detect new keys after renegotiation (via SSL_read/SSL_write). For curl however we can be sure that a single master secret eventually becomes available after SSL_connect, so a simple flag is sufficient. An alternative to the flag is examining SSL_state(), but this seems more complex and is not pursued. Capturing keys after server renegotiation was already unsupported in curl and remains unsupported. Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`) against an OpenSSL 1.1.1f server configured with: # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2 openssl s_server -www -tls1 # Likewise, but fail the server handshake. openssl s_server -www -tls1 -Verify 2 # TLS 1.3 test. No need to test the failing server handshake. openssl s_server -www -tls1_3 Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly written using Wireshark. For the first and third case, expect four matches per connection (decrypted Server Finished, Client Finished, HTTP Request, HTTP Response). For the second case where the handshake fails, expect a decrypted Server Finished only. tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \ -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \ -dtls.port==4433,http -ohttp.desegment_body:FALSE \ -Y 'tls.handshake.verify_data or http' A single connection can easily be identified via the `tcp.stream` field.
2020-05-27FILEFORMAT: add more features that tests can depend onDaniel Stenberg
2020-05-27transfer: close connection after excess data has been readMichael Kaufmann
For HTTP 1.x, it's a protocol error when the server sends more bytes than announced. If this happens, don't reuse the connection, because the start position of the next response is undefined. Closes #5440
2020-05-27Revert "ssh: ignore timeouts during disconnect"Estanislau Augé-Pujadas
This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in curl 7.54.1. Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html Closes #5465
2020-05-27urldata: connect related booleans live in struct ConnectBitsDaniel Stenberg
And remove a few unused booleans! Closes #5461
2020-05-26hostip: on macOS avoid DoH when given a numerical IP addressDaniel Stenberg
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that numerical IP addresses still need to get "resolved" - but not with DoH. Reported-by: Viktor Szakats Fixes #5454 Closes #5459
2020-05-26ngtcp2: cleanup memory when failing to connectDaniel Stenberg
Reported-by: Peter Wu Fixes #5447 (the ngtcp2 side of it) Closes #5451
2020-05-26quiche: clean up memory properly when failing to connectDaniel Stenberg
Addresses the quiche side of #5447 Reported-by: Peter Wu Closes #5450
2020-05-26cleanup: use a single space after equals sign in assignmentsDaniel Stenberg
2020-05-25url: accept "any length" credentials for proxy authDaniel Stenberg
They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25test1167: fixes in badsymbols.plMaksim Stsepanenka
Closes #5442
2020-05-25altsvc: fix parser for lines ending with CRLFDaniel Stenberg
Fixed the alt-svc parser to treat a newline as end of line. The unit tests in test 1654 were done without CRLF and thus didn't quite match the real world. Now they use CRLF as well. Reported-by: Peter Wu Assisted-by: Peter Wu Assisted-by: Jay Satiro Fixes #5445 Closes #5446
2020-05-25all: fix codespell errorsViktor Szakats
Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/5452
2020-05-25ngtcp2: fix build with current ngtcp2 master implementing draft 28Peter Wu
Based on client.cc changes from ngtcp2. Tested with current git master, ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380. Fixes #5444 Closes #5443
2020-05-25RELEASE-NOTES: syncedDaniel Stenberg
moved the new setopts up to a "change"
2020-05-25RELEASE-NOTES: syncedDaniel Stenberg
2020-05-24copyright: updated year ranges out of syncDaniel Stenberg
... and whitelisted a few more files in the the copyright.pl script.
2020-05-23setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherencyGilles Vollant
Closes #5431
2020-05-23curl: remove -J "informational" written on stdoutDaniel Stenberg
curl would previously show "curl: Saved to filename 'name from header'" if -J was used and a name was picked from the Content-Disposition header. That output could interfer with other stdout output, such as -w. This commit removes that output line. Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html Reported-by: Коваленко Анатолий Викторович Closes #5435
2020-05-22travis: simplify quiche build instructions wrt boringsslPeter Wu
quiche builds boringssl as static library, reuse that instead of building another shared library. Closes #5438
2020-05-22configure: fix pthread check with static boringsslPeter Wu
A shared boringssl/OpenSSL library requires -lcrypto only for linking. A static build additionally requires `-ldl -lpthread`. In the latter case `-lpthread` is added to LIBS which prevented `-pthread` from being added to CFLAGS. Clear LIBS to fix linking failures for libtest tests.
2020-05-22Revert "sendf: make failf() use the mvsnprintf() return code"Daniel Stenberg
This reverts commit 74623551f306990e70c7c5515b88972005604a74. Instead mark the function call with (void). Getting the return code and using it instead triggered Coverity warning CID 1463596 because snprintf() can return a negative value... Closes #5441
2020-05-21typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'Daniel Stenberg
Reported-by: Billyzou0741326 on github Fixes #5432 Closes #5436
2020-05-20tests/server/util.h: add extern to silence compiler warningDaniel Stenberg
Follow-up from a3b0699d5c1
2020-05-20typecheck-gcc.h: fix the OFF_T checkDaniel Stenberg
The option number also needs to be less than CURLOPTTYPE_BLOB. Follow-up to cac5374298 Reported-by: Jeroen Ooms Bug: https://github.com/curl/curl/pull/5365#issuecomment-631084114
2020-05-19TODO: --dry-runDaniel Stenberg
Closes #5426
2020-05-19TODO: Ratelimit or wait between serial requestsDaniel Stenberg
Closes #5406
2020-05-19tool_paramhlp: fixup C89 mistakeDaniel Stenberg
Follow-up to c5f0a9db22.
2020-05-19tool_paramhlp: fixed potentially uninitialized strtol() variableSiva Sivaraman
Seems highly unlikely to actually be possible, but better safe than sorry. Closes #5417
2020-05-19tool_operate: fixed potentially uninitialized variablesSiva Sivaraman
... in curl_easy_getinfo() calls. They're harmless but clearing the variables makes the code safer and comforts the reader. Closes #5416
2020-05-19sha256: move assign to the declaration lineDaniel Stenberg
Follow-up to fae30656. Should've been squashed with that commit...
2020-05-19sha256: fixed potentially uninitialized variableSiva Sivaraman
Closes #5414
2020-05-19sendf: make failf() use the mvsnprintf() return codeDaniel Stenberg
... and avoid a strlen() call. Fixes a MonocleAI warning. Reported-by: MonocleAI Fixes #5413 Closes #5420
2020-05-19hostip: make Curl_printable_address not return anythingDaniel Stenberg
It was not used much anyway and instead we let it store a blank buffer in case of failure. Reported-by: MonocleAI Fixes #5411 Closes #5418
2020-05-19ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)Daniel Stenberg
They're done on purpose, make that visible in the code. Reported-by: MonocleAI Fixes #5412 Closes #549
2020-05-18TODO: forbid TLS post-handshake auth and do TLS record paddingDaniel Stenberg
Closes #5396 Closes #5398
2020-05-18RELEASE-NOTES: syncedDaniel Stenberg
2020-05-17dynbuf: return NULL when there's no buffer lengthDaniel Stenberg
... as returning a "" is not a good idea as the string is supposed to be allocated and returning a const string will cause issues. Reported-by: Brian Carpenter Follow-up to ed35d6590e72c Closes #5405
2020-05-16travis: upgrade to bionic, clang-9, improve readabilityPeter Wu
Changes, partially to reduce build failures from external dependencies: - Upgrade Ubuntu and drop unnecessary third-party repos. - Properly clone apt config to ensure retries. - Upgrade to clang-9 from the standard repos. - Use Ubuntu 20.04 focal for the libssh build, use of ssh_get_publickey fails on -Werror=deprecated-declarations in Ubuntu 18.04. Do not use focal everywhere yet since Travis CI has not documented this option. In focal, python-impacket (Py2.7) has been removed, leaving only python3-impacket. Since it is only needed for SMB tests and not SSH, skip it for the libssh job since it might need more work. - apt: Remove gcc-8 and libstdc++-8-dev, already installed via g++-8. Non-functional cleanups: - Simplify test matrix, drop redundant os and compiler keys. - Deprecation fixes: remove sudo, rename matrix -> jobs. - Every job has an 'env' key, put this key first in a list item. Closes #5370
2020-05-16travis: whitespace-only changes for consistencyPeter Wu
Automatically apply a consistent indentation with: python3 -c 'from ruamel.yaml import YAML;y=YAML();d=y.load(open(".travis.yml"));y.width=500;y.dump(d,open(".travis.yml.new","w"))' followed by manually re-indenting three comments. Closes #5370
2020-05-15CMake: add libssh build supportPeter Wu
Closes #5372
2020-05-15KNOWN_BUGS: wolfssh: publickey auth doesn't workDaniel Stenberg
Closes #4820
2020-05-15KNOWN_BUGS: OS400 port requires deprecated IBM libraryDaniel Stenberg
Closes #5176
2020-05-15http2: keep trying to send pending frames after req.upload_doneVyron Tsingaras
Fixes #1410 Closes #5401
2020-05-15setopt: support certificate options in memory with struct curl_blobGilles Vollant
This change introduces a generic way to provide binary data in setopt options, called BLOBs. This change introduces these new setopts: CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. Reviewed-by: Daniel Stenberg Closes #5357
2020-05-15source cleanup: remove all custom typedef structsDaniel Stenberg
- Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
2020-05-15travis: remove the .checksrc fiddlingDaniel Stenberg
2020-05-15ftp: make domore_getsock() return the secondary socket properlyDaniel Stenberg
Previously, after PASV and immediately after the data connection has connected, the function would only return the control socket to wait for which then made the data connection simply timeout and not get polled correctly. This become obvious when running test 1631 and 1632 event- based.
2020-05-15test1632: verify FTP through HTTPS-proxy with connection re-useDaniel Stenberg