| Age | Commit message (Collapse) | Author |
|---|
|
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
functions we use.
Fix the MD4 and SSL_CTX_load_verify_locations warnings.
In configure, detect OpenSSL v3 and if so, inhibit the deprecation
warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
until we rewrite the code to use non-deprecated functions we better
ignore these warnings as they don't help us.
Closes #5139
|
|
Reported-by: Maksim Stsepanenka
Reviewed-by: Jat Satiro
Closes #5146
|
|
... which also makes it OpenSSL 1.1.1d based and not v3.
|
|
We are already running a very similar Ubuntu build on Travis CI.
The macOS variant of this default build is kept on Github Actions.
|
|
Update YAML formatting, job naming and triggers.
|
|
Reduce workload on Azure Pipelines and Travis CI while
consolidating macOS jobs onto less utilized GitHub Actions.
Reviewed-by: Daniel Stenberg
Closes #5124
|
|
As there's no code using it.
Closes #5144
|
|
Reported by the new script 'scripts/copyright.pl'. The script has a
regex whitelist for the files that don't need copyright headers.
Removed three (mostly usesless) README files from docs/
Closes #5141
|
|
Reported-by: Jon Rumsey
Fixes #5142
Closes #5143
|
|
since nghttp2_session_set_local_window_size is needed
Closes #5140
|
|
|
|
Fixes build.
Closes #5132
|
|
To allow us to see in the CI logs how they actually behave
Closes #5091
|
|
|
|
This reverts commit 691b71be930f0e285c8f7a76efd56bbe0576cda6.
|
|
To let debug-builds return fake values, like in test 970.
Ref: #5131
Closes #5136
|
|
- send more data to make problems more obvious
- don't start the data with minus, it makes diffs harder to read
- skip the headers in the stdout comparison
- save to a file name to also verify 'filename_effective'
Ref: #5131
|
|
The counter was not bumped in all cases correctly.
Reported-by: Marcel Raad
Ref: #5131
Closes #5135
|
|
|
|
Follow-up from d820224b8
|
|
.. because not all Windows build systems have those symbols, and even
those that do may be missing newer symbols (eg the Windows 7 SDK does
not define _WIN32_WINNT_WIN10).
Those symbols are used in build-time logic to decide which API to use
and prior to this change if the symbols were missing it would have
resulted in deprecated API being used when more recent functions were
available (eg GetVersionEx used instead of VerifyVersionInfo).
Reported-by: FuccDucc@users.noreply.github.com
Probably fixes https://github.com/curl/curl/issues/4995
Closes https://github.com/curl/curl/pull/5057
|
|
AC_REQUIRE means "if this macro hasn't been executed already, execute
it". So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFELSE)
isn't correct at that will execute AC_RUN_IFELSE without any arguments.
With autoconf 2.69 this is basically a no-op, but with autoconf 2.70,
AC_RUN_IFELSE without a default value when cross-compiling is fatal.
The result is that curl with autoconf 2.70 cannot cross-compile.
Fixes https://github.com/curl/curl/issues/5126
Closes https://github.com/curl/curl/pull/5130
|
|
Workaround posted here: microsoft/azure-pipelines-agent#2864
Assisted-by: Simon Chalifoux
Assisted-by: Tommy Petty
Fixes #5117
Closes #5129
|
|
Verify the fixes in 4e0b4fee4
|
|
Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -K/--config
option has been parsed, the option parser's view of the current config
is update.
Fixes #5120
Closes #5123
|
|
|
|
|
|
Closes #5122
|
|
|
|
|
|
|
|
|
|
|
|
Use a proper variable instead to make it easier to use a debugger and
read the code.
|
|
Update smbserver.py and negtelnetserver.py to be compatible with
Python 3 while staying backwards-compatible to support Python 2.
Fix string encoding and handling of echoed and transferred data.
Tested with both Python 2.7.17 and Python 3.7.7
Reported-by: Daniel Stenberg
Assisted-by: Kamil Dudka
Reviewed-by: Marcel Raad
Fixes #5104
Closes #5110
|
|
Follow-up to: 04c03416e68fd635a15
Closes #5115
|
|
Uh, I missed this in 1a46b218db
|
|
... and bumped curlver.h to 7.70.0
|
|
Prior to this change in libcurl debug builds http2 stream closure was
erroneously referred to as connection closure.
Before:
* nread <= 0, server closed connection, bailing
After:
* nread == 0, stream closed, bailing
Closes https://github.com/curl/curl/pull/5118
|
|
Follow-up to 5450428491
|
|
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
|
|
- If an easy handle is owned by a multi different from the one specified
then return CURLM_BAD_EASY_HANDLE.
Prior to this change I assume user error could cause corruption.
Closes https://github.com/curl/curl/pull/5116
|
|
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
Reviewed-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/5088
|
|
Follow-up to 04c03416e68fd635a15
|
|
Makes curl_easy_getinfo() of "variable" numerical content instead return
the number set in the env variable `CURL_TIME`.
Makes curl_version() of "variable" textual content. This guarantees a
stable version string which can be tested against. Environment variable
`CURL_VERSION` defines the content.
Assisted-by: Mathias Gumz
|
|
This commit adds support to generate JSON via the writeout feature:
-w "%{json}"
It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:
-w "%{stderr}%{json}"
This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.
Closes #4870
|
|
|
|
The test uses SRP to "a server not supporting it" but modern stunnel
versions will silently accept it and remain happy. The test is therefore
faulty.
I haven't figured out how to make stunnel explicitly reject SRP-using
connects.
Reported-by: Marc Hörsken
Fixes #5105
Closes #5113
|
|
For some reason the torture builds have slowed down recently.
Reported-by: Daniel Stenberg
|
|
My working build cmdline:
$ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON .
Assisted-by: Brad King
Closes #5095
|
