aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-03-18http2: Fix erroneous debug message that h2 connection closedJay Satiro
Prior to this change in libcurl debug builds http2 stream closure was erroneously referred to as connection closure. Before: * nread <= 0, server closed connection, bailing After: * nread == 0, stream closed, bailing Closes https://github.com/curl/curl/pull/5118
2020-03-18tool_setopt: correct the copyright year rangeDaniel Stenberg
Follow-up to 5450428491
2020-03-18schannel: add "best effort" revocation check optionJohannes Schindelin
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
2020-03-18multi: Improve parameter check for curl_multi_remove_handleJay Satiro
- If an easy handle is owned by a multi different from the one specified then return CURLM_BAD_EASY_HANDLE. Prior to this change I assume user error could cause corruption. Closes https://github.com/curl/curl/pull/5116
2020-03-17windows: suppress UI in all CryptAcquireContext() callsViktor Szakats
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters Reviewed-by: Marc Hörsken Closes https://github.com/curl/curl/pull/5088
2020-03-17writeout_json: add missing comma to fix the HTTP versionDaniel Stenberg
Follow-up to 04c03416e68fd635a15
2020-03-17test 970: verify --write-out '%{json}'Daniel Stenberg
Makes curl_easy_getinfo() of "variable" numerical content instead return the number set in the env variable `CURL_TIME`. Makes curl_version() of "variable" textual content. This guarantees a stable version string which can be tested against. Environment variable `CURL_VERSION` defines the content. Assisted-by: Mathias Gumz
2020-03-17writeout: support to generate JSON outputMathias Gumz
This commit adds support to generate JSON via the writeout feature: -w "%{json}" It leverages the existing infrastructure as much as possible. Thus, generating the JSON on STDERR is possible by: -w "%{stderr}%{json}" This implements a variant of https://github.com/curl/curl/wiki/JSON#--write-out-json. Closes #4870
2020-03-17CI: stop ignoring 323, it is disabledDaniel Stenberg
2020-03-17DISABLED: disable test 323Daniel Stenberg
The test uses SRP to "a server not supporting it" but modern stunnel versions will silently accept it and remain happy. The test is therefore faulty. I haven't figured out how to make stunnel explicitly reject SRP-using connects. Reported-by: Marc Hörsken Fixes #5105 Closes #5113
2020-03-17ci/tests: increase timeouts for torture builds on Azure PipelinesMarc Hoersken
For some reason the torture builds have slowed down recently. Reported-by: Daniel Stenberg
2020-03-16cmake: add support for building with wolfSSLDaniel Stenberg
My working build cmdline: $ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON . Assisted-by: Brad King Closes #5095
2020-03-16tool_operate: fix add_parallel_transfers when more are in queueDaniel Stenberg
Trying to return early from the function if no new transfers were added would break the "morep" argument and cause issues. This could lead to zero content "transfers" (within quotes since they would never be started) when parallel-max was reduced. Reported-by: Gavin Wong Analyzed-by: Jay Satiro Fixes #4937 Closes #5112
2020-03-16vtls: free ssl_config leftovers on out-of-memoryDaniel Stenberg
Torture testing 2034 and 2037 found this. Reported-by: Marc Hörsken Fixes #5108 Closes #5109
2020-03-16ci/tests: fix Azure Pipelines not running for pull requestsMarc Hoersken
Closes #5111
2020-03-15gskit: update the copyright year rangeDaniel Stenberg
Follow-up from 083603c63a3
2020-03-15gskit: use our internal select wrapper for portabilityMarc Hoersken
Follow up to c52b342 Closes #5106
2020-03-15tests: fix verification of stdout in test 1452 due to newlineMarc Hoersken
Fixes test1452:41:1: error: missing </stdout> tag before </verify>
2020-03-15ci/tests: install impacket for SMB tests on FreeBSD using CirrusCIMarc Hoersken
Also force the package index/cache to be updated before installing. Closes #5103
2020-03-15tests/README: add note about manually installing python-impacketMarc Hoersken
Follow up to 4be2560
2020-03-15transfer: cap retries of "dead connections" to 5Daniel Stenberg
When libcurl retries a connection due to it being "seemingly dead" or by REFUSED_STREAM, it will now only do it up five times before giving up, to avoid never-ending loops. Reported-by: Dima Tisnek Bug: https://curl.haxx.se/mail/lib-2020-03/0044.html Closes #5074
2020-03-15TODO: TLS-PSK with OpenSSLDaniel Stenberg
Closes #5081
2020-03-15select: add 'timeout_ms' wrap-around precaution to Curl_selectMarc Hoersken
2020-03-15select: fix 'pending_ms' is assigned a value that is never usedMarc Hoersken
Detected by Codacy
2020-03-15select: move duplicate select preparation code into Curl_selectMarc Hoersken
Reviewed by Daniel Stenberg Reviewed by Marcel Raad Closes #5078
2020-03-15connect: happy eyeballs cleanupDaniel Stenberg
Make sure each separate index in connn->tempaddr[] is used for a fixed family (and only that family) during the connection process. If family one takes a long time and family two fails immediately, the previous logic could misbehave and retry the same family two address repeatedly. Reported-by: Paul Vixie Reported-by: Jay Satiro Fixes #5083 Fixes #4954 Closes #5089
2020-03-15ci/tests: fix and align setting TFLAGS for make test-nonflakyMarc Hoersken
2020-03-15ci/tests: install test suite dependencies stunnel and impacketMarc Hoersken
2020-03-15tests: remove python_dependencies for smbserver from our treeMarc Hoersken
Users of the SMB tests will have to install impacket manually. Reasoning: our in-tree version of impacket was quite outdated and only compatible with Python 2 which is already end-of-life. Upgrading to Python 3 and a compatible impacket version would require to import additional Python-only and CPython-extension dependencies. This would have hindered portability enormously. Closes #5094
2020-03-14Makefile.m32: Improve windres parameter compatibilityJay Satiro
- s/COFF/coff/ Some versions of windres do not recognize uppercase COFF as a valid way to specify the COFF output format. Reported-by: Steven Penny Fixes https://github.com/curl/curl/issues/5099 Closes https://github.com/curl/curl/pull/5101
2020-03-14easy: Fix curl_easy_duphandle for builds missing IPv6 that use c-aresJay Satiro
- Ignore CURLE_NOT_BUILT_IN errors returned by c-ares functions in curl_easy_duphandle. Prior to this change if c-ares was used as the resolver backend and either it was too old or libcurl was built without IPv6 support then some of our resolver functions could return CURLE_NOT_BUILT_IN to curl_easy_duphandle causing it to fail. Caused by c8f086b which shipped in 7.69.1. Reported-by: Karl Chen Fixes https://github.com/curl/curl/issues/5097 Closes https://github.com/curl/curl/pull/5100
2020-03-13docs: add warnings about FILE: URLs on WindowsDaniel Stenberg
- --url man page section - libcurl-security.3 gets the full text - CURLOPT_URL.3 Reported-by: Tim Sedlmeyer
2020-03-13server/getpart: make the "XML-parser" stricterDaniel Stenberg
When extracting a <section> <part> and there's no </part> before </section>, this now outputs an error and returns a wrong string to make users spot the mistake. Ref: #5070 Closes #5071
2020-03-13impacket: some more Python 3 code compatibility updatesMarc Hoersken
This makes smbserver load on Python 3, but still not work completely.
2020-03-13smbserver: pin Python version to 2 since we are not yet 3 compatibleMarc Hoersken
Even though the existing code can be fixed to run on Python 3, the tests will fail due to the Unicode transition the protocol is invalid. Follow up to ee63837 Closes #5085
2020-03-12cleanup: fix some text/comment typosViktor Szakats
Closes #5087
2020-03-12smbserver: fix Python version specific ConfigParser importMarc Hoersken
Follow up to ee63837 and 8c7c4a6 Fixes #5077
2020-03-11RELEASE-NOTES: syncedDaniel Stenberg
bumped to 7.69.2
2020-03-11tests/data: Fix some XML formatting issues in test casesDan Fandrich
This allows these test files to pass xmllint.
2020-03-11Makefile: run the cd commands in a subshellMuhammad Herdiansyah
In bmake, if the directory is changed (with cd or anything else), bmake won't return to the "root directory" on the next command (in the same Makefile rule). This commit runs the cd command in a subshell so it would work in bmake. Closes #5073
2020-03-11configure: convert -I to -isystem as a last stepDaniel Stenberg
As all the -I uses in CFLAGS at that point are for system headers and third party libraries this helps us remove/ignore warnings on those! Closes #5060
2020-03-11configure: fix -pedantic-errors for GCC 5 and laterDaniel Stenberg
If --enable-werror is used. Follow-up to d5c0351055d5709da which added it too early in the configure script before $compiler_num was set correctly and thus this option was never used. Reported-by: Stepan Efremov Fixes #5067 Closes #5068
2020-03-11configure: document 'compiler_num' for gccDaniel Stenberg
The CURL_CHECK_COMPILER_GNU_C function sets the number to MAJOR*100 + MINOR and ignores the patch version, and since gcc version 7 it only sets it to MAJOR*100. Reported-by: Stepan Efremov Ref: #5067 Closes #5069
2020-03-11RELEASE-NOTES: 7.69.1Daniel Stenberg
2020-03-11THANKS: from the 7.69.1 releaseDaniel Stenberg
2020-03-10test1129: fix invalid case of closing XML-tag and Content-LengthMarc Hoersken
Fixes #5070 Closes #5072
2020-03-10tests/data: fix static ip instead of dynamic value being usedMarc Hoersken
Follow up to 94ced8e
2020-03-10tests/data: fix static ip:port instead of dynamic values being usedMarc Hoersken
Closes #5065
2020-03-10tests/server: fix missing use of exe_ext helper functionMarc Hoersken
Follow up to 9819984 and 3dce984 Reviewed-By: Daniel Stenberg Closes #5064
2020-03-10runtests: log minimal and maximal used port numbersMarc Hoersken