aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2020-06-04projects: Add crypt32.lib to dependencies for all OpenSSL configsJay Satiro
Windows project configurations that use OpenSSL with USE_WIN32_CRYPTO need crypt32. Follow-up to 148534d which added CURLSSLOPT_NATIVE_CA for 7.71.0. The changes that are in this commit were made by script. Ref: https://gist.github.com/jay/a1861b50ecce2b32931237180f856e28 Closes https://github.com/curl/curl/pull/5516
2020-06-03CI/macos: fix 'is already installed' errors by using bundleMarc Hoersken
Avoid failing CI builds due to nghttp2 being already installed. Closes #5513
2020-06-03altsvc: fix 'dsthost' may be used uninitialized in this functionDaniel Stenberg
2020-06-02RELEASE-NOTES: syncedDaniel Stenberg
2020-06-02urldata: let the HTTP method be in the set.* structDaniel Stenberg
When the method is updated inside libcurl we must still not change the method as set by the user as then repeated transfers with that same handle might not execute the same operation anymore! This fixes the libcurl part of #5462 Test 1633 added to verify. Closes #5499
2020-06-02hostip: fix the memory-leak introduced in 67d2802Daniel Stenberg
Fixes #5503 Closes #5504
2020-06-02test970: make it require proxy supportDaniel Stenberg
This test verifies the -w %json output and the test case includes a full generated "blob". If there's no proxy support built into libcurl, it will return an error for proxy related info variables and they will not be included in the json, thus causing a mismatch and this test fails. Reported-by: Marc Hörsken Fixes #5501 Closes #5502
2020-06-02examples/http2-down/upload: add error checksRadoslav Georgiev
If `index.html` does not exist in the directory from which the example is invoked, the fopen(upload, "rb") invocation in `setup` would fail, returning NULL. This value is subsequently passed as the FILE* argument of the `fread` invocation in the `read_callback` function, which is the actual cause of the crash (apparently `fread` assumes that argument to be non-null). In addition, mitigate some possible crashes of similar origin. Closes #5463
2020-06-02examples/ephiperfifo: turn off interval when setting timerfdkotoriのねこ
Reported-by: therealhirudo on github Fixes #5485 Closes #5497
2020-06-01vtls: repair the build with `CURL_DISABLE_PROXY`Saleem Abdulrasool
`http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY` is enabled. Repair the build with that configuration. Follow-up to f3d501dc67 Closes #5498
2020-06-01transfer: remove k->str NULL checkDaniel Stenberg
"Null-checking k->str suggests that it may be null, but it has already been dereferenced on all paths leading to the check" - and it can't legally be NULL at this point. Remove check. Detected by Coverity CID 1463884 Closes #5495
2020-06-01select: always use Sleep in Curl_wait_ms on Win32Marc Hoersken
Since Win32 almost always will also have USE_WINSOCK, we can reduce complexity and always use Sleep there. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Follow up to #5343 Closes #5489
2020-05-31conncache: download buffer needs +1 size for trailing zeroDaniel Stenberg
Follow-up to c4e6968127e Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608
2020-05-31azure: use matrix strategy to avoid configuration redundancyMarc Hoersken
This also includes the following changes: - Use the same timeout for all jobs on Linux (60 minutes) and Windows (90 minutes) - Use CLI stable apt-get install -y instead of apt install which warns about that and run apt-get update first - Enable MQTT for Windows msys2 builds instead of legacy msys1 builds - Add ./configure --prefix parameter to the msys2 builds - The MSYSTEM environment variable is now preset inside the container images for the msys2 builds Note: on Azure Pipelines the matrix strategy is basically just a simple list of job copies and not really a matrix. Closes #5468
2020-05-30build: disable more code/data when built without proxy supportDaniel Stenberg
Added build to travis to verify Closes #5466
2020-05-30url: alloc the download buffer at transfer startDaniel Stenberg
... and free it as soon as the transfer is done. It removes the extra alloc when a new size is set with setopt() and reduces memory for unused easy handles. In addition: the closure_handle now doesn't use an allocated buffer at all but the smallest supported size as a stack based one. Closes #5472
2020-05-30timeouts: change millisecond timeouts to timediff_t from time_tDaniel Stenberg
For millisecond timers we like timediff_t better. Also, time_t can be unsigned so returning a negative value doesn't work then. Closes #5479
2020-05-30select: add overflow checks for timeval conversionsMarc Hoersken
Using time_t and suseconds_t if suseconds_t is available, long on Windows (maybe others in the future) and int elsewhere. Also handle case of ULONG_MAX being greater or equal to INFINITE. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Part of #5343
2020-05-30select: use timediff_t instead of time_t and int for timeout_msMarc Hoersken
Make all functions in select.[ch] take timeout_ms as timediff_t which should always be large enough and signed on all platforms to take all possible timeout values and avoid type conversions. Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Replaces #5107 and partially #5262 Related to #5240 and #5286 Closes #5343
2020-05-30unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'Marc Hoersken
GCC 10 warns about this with warning: implicit conversion from 'SANITIZEcode' to 'CURLcode' [-Wenum-conversion] Since 'expected_result' is not really of type 'CURLcode' and it is not exposed in any way, we can just use 'SANITIZEcode'. Reviewed-by: Daniel Stenberg Reviewed-by: Marcel Raad Closes #5476
2020-05-30tests/libtest: fix undefined reference to 'curlx_win32_fopen'Marc Hoersken
Since curl_setup.h now makes use of curlx_win32_fopen for Win32 builds with USE_WIN32_LARGE_FILES or USE_WIN32_SMALL_FILES defined, we need to include the relevant files for tests using fopen, because the libtest sources are also including curl_setup.h Reviewed-by: Marcel Raad Reviewed-by: Daniel Stenberg Follow up to #3784 (ffdddb45d9) Closes #5475
2020-05-30appveyor: add non-debug plain autotools-based buildMarc Hoersken
This should enable us to catch linking issues with the testsuite early, like the one described/fixed in #5475. Reviewed-by: Daniel Stenberg Reviewed-by: Marcel Raad Closes #5477
2020-05-29RELEASE-NOTES: syncedDaniel Stenberg
2020-05-29Revert "buildconf: use find -execdir"Daniel Stenberg
This partially reverts commit c712009838f44211958854de431315586995bc61. Keep the ares_ files removed but bring back the older way to run find, to make it work with busybox's find, as apparently that's being used. Reported-by: Max Peal Fixes #5483 Closes #5484
2020-05-29server/sws: fix asan warning on use of uninitialized variableDaniel Stenberg
2020-05-29libssh2: improved error output for wrong quote syntaxDaniel Stenberg
Reported-by: Werner Stolz Closes #5474
2020-05-29mk-lib1521: generate code for testing BLOB options as wellDaniel Stenberg
Follow-up to cac5374298b3 Closes #5478
2020-05-28configure: repair the check if argv can be written toDaniel Stenberg
Due to bad escaping of the test code, the test wouldn't build and thus result in a negative test result, which would lead to the unconditional assumption that overwriting the arguments doesn't work and thus curl would never hide credentials given in the command line, even when it would otherwise be possible. Regression from commit 2d4c2152c (7.60.0) Reported-by: huzunhao on github Fixes #5470 Closes #5471
2020-05-28CMake: rebuild Makefile.inc.cmake when Makefile.inc changesPeter Wu
Otherwise the build might fail due to missing source files, as demonstrated by the recent keylog.c addition on an existing build dir. Closes #5469
2020-05-28urldata: fix comments: Curl_done() is called multi_done() nowDaniel Stenberg
... since 575e885db
2020-05-27ngtcp2: use common key log routine for better thread-safetyPeter Wu
Tested with ngtcp2 built against the OpenSSL library. Additionally tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC). The TLS backend (independent of QUIC) may or may not already have opened the keylog file before. Therefore Curl_tls_keylog_open is always called to ensure the file is open.
2020-05-27wolfssl: add SSLKEYLOGFILE supportPeter Wu
Tested following the same curl and tshark commands as in commit "vtls: Extract and simplify key log file handling from OpenSSL" using WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with `./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`. Full support for this feature requires certain wolfSSL build options, see "Availability note" in lib/vtls/wolfssl.c for details. Closes #5327
2020-05-27vtls: Extract and simplify key log file handling from OpenSSLPeter Wu
Create a set of routines for TLS key log file handling to enable reuse with other TLS backends. Simplify the OpenSSL backend as follows: - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled. - Do not perform dynamic memory allocation when preparing a log entry. Unless the TLS specifications change we can suffice with a reasonable fixed-size buffer. - Simplify state tracking when SSL_CTX_set_keylog_callback is unavailable. My original sslkeylog.c code included this tracking in order to handle multiple calls to SSL_connect and detect new keys after renegotiation (via SSL_read/SSL_write). For curl however we can be sure that a single master secret eventually becomes available after SSL_connect, so a simple flag is sufficient. An alternative to the flag is examining SSL_state(), but this seems more complex and is not pursued. Capturing keys after server renegotiation was already unsupported in curl and remains unsupported. Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`) against an OpenSSL 1.1.1f server configured with: # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2 openssl s_server -www -tls1 # Likewise, but fail the server handshake. openssl s_server -www -tls1 -Verify 2 # TLS 1.3 test. No need to test the failing server handshake. openssl s_server -www -tls1_3 Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly written using Wireshark. For the first and third case, expect four matches per connection (decrypted Server Finished, Client Finished, HTTP Request, HTTP Response). For the second case where the handshake fails, expect a decrypted Server Finished only. tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \ -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \ -dtls.port==4433,http -ohttp.desegment_body:FALSE \ -Y 'tls.handshake.verify_data or http' A single connection can easily be identified via the `tcp.stream` field.
2020-05-27FILEFORMAT: add more features that tests can depend onDaniel Stenberg
2020-05-27transfer: close connection after excess data has been readMichael Kaufmann
For HTTP 1.x, it's a protocol error when the server sends more bytes than announced. If this happens, don't reuse the connection, because the start position of the next response is undefined. Closes #5440
2020-05-27Revert "ssh: ignore timeouts during disconnect"Estanislau Augé-Pujadas
This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in curl 7.54.1. Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html Closes #5465
2020-05-27urldata: connect related booleans live in struct ConnectBitsDaniel Stenberg
And remove a few unused booleans! Closes #5461
2020-05-26hostip: on macOS avoid DoH when given a numerical IP addressDaniel Stenberg
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that numerical IP addresses still need to get "resolved" - but not with DoH. Reported-by: Viktor Szakats Fixes #5454 Closes #5459
2020-05-26ngtcp2: cleanup memory when failing to connectDaniel Stenberg
Reported-by: Peter Wu Fixes #5447 (the ngtcp2 side of it) Closes #5451
2020-05-26quiche: clean up memory properly when failing to connectDaniel Stenberg
Addresses the quiche side of #5447 Reported-by: Peter Wu Closes #5450
2020-05-26cleanup: use a single space after equals sign in assignmentsDaniel Stenberg
2020-05-25url: accept "any length" credentials for proxy authDaniel Stenberg
They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25test1167: fixes in badsymbols.plMaksim Stsepanenka
Closes #5442
2020-05-25altsvc: fix parser for lines ending with CRLFDaniel Stenberg
Fixed the alt-svc parser to treat a newline as end of line. The unit tests in test 1654 were done without CRLF and thus didn't quite match the real world. Now they use CRLF as well. Reported-by: Peter Wu Assisted-by: Peter Wu Assisted-by: Jay Satiro Fixes #5445 Closes #5446
2020-05-25all: fix codespell errorsViktor Szakats
Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/5452
2020-05-25ngtcp2: fix build with current ngtcp2 master implementing draft 28Peter Wu
Based on client.cc changes from ngtcp2. Tested with current git master, ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380. Fixes #5444 Closes #5443
2020-05-25RELEASE-NOTES: syncedDaniel Stenberg
moved the new setopts up to a "change"
2020-05-25RELEASE-NOTES: syncedDaniel Stenberg
2020-05-24copyright: updated year ranges out of syncDaniel Stenberg
... and whitelisted a few more files in the the copyright.pl script.
2020-05-23setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherencyGilles Vollant
Closes #5431