aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2019-03-14fuzzer: Only clone the latest fuzzer code, for speed.Dan Fandrich
2019-03-14Negotiate: fix for HTTP POST with NegotiateDominik Hölzl
* Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975
2019-03-13http: send payload when (proxy) authentication is doneMarc Schlatter
The check that prevents payload from sending in case of authentication doesn't check properly if the authentication is done or not. They're cases where the proxy respond "200 OK" before sending authentication challenge. This change takes care of that. Fixes #2431 Closes #3669
2019-03-12file: fix "Checking if unsigned variable 'readcount' is less than zero."Daniel Stenberg
Pointed out by codacy Closes #3672
2019-03-12memdebug: log pointer before freeing its dataDaniel Stenberg
Coverity warned for two potentional "Use after free" cases. Both are false positives because the memory wasn't used, it was only the actual pointer value that was logged. The fix still changes the order of execution to avoid the warnings. Coverity CID 1443033 and 1443034 Closes #3671
2019-03-12RELEASE-NOTES: syncedDaniel Stenberg
2019-03-12travis: actually use updated compiler versionsMarcel Raad
For the Linux builds, GCC 8 and 7 and clang 7 were installed, but the new GCC versions were only used for the coverage build and for building nghttp2, while the new clang version was not used at all. BoringSSL needs to use the default GCC as it respects CC, but not CXX, so it would otherwise pass gcc 8 options to g++ 4.8 and fail. Also remove GCC 7, it's not needed anymore. Ref: https://docs.travis-ci.com/user/languages/c/#c11c11-and-beyond-and-toolchain-versioning Closes https://github.com/curl/curl/pull/3670
2019-03-12travis: update clang to version 7Marcel Raad
Closes https://github.com/curl/curl/pull/3670
2019-03-11examples/externalsocket: add missing close socket callsAndre Guibert de Bruet
.. and for Windows also call WSACleanup since we call WSAStartup. The example is to demonstrate handling the socket independently of libcurl. In this case libcurl is not responsible for creating, opening or closing the socket, it is handled by the application (our example). Fixes https://github.com/curl/curl/pull/3663
2019-03-11multi: removed unused code for request retriesDaniel Stenberg
This code was once used for the non multi-interface using code path, but ever since easy_perform was turned into a wrapper around the multi interface, this code path never runs. Closes #3666
2019-03-11doh: inherit some SSL options from user's easy handleJay Satiro
- Inherit SSL options for the doh handle but not SSL client certs, SSL ALPN/NPN, SSL engine, SSL version, SSL issuer cert, SSL pinned public key, SSL ciphers, SSL id cache setting, SSL kerberos or SSL gss-api settings. - Fix inheritance of verbose setting. - Inherit NOSIGNAL. There is no way for the user to set options for the doh (DNS-over-HTTPS) handles and instead we inherit some options from the user's easy handle. My thinking for the SSL options not inherited is they are most likely not intended by the user for the DOH transfer. I did inherit insecure because I think that should still be in control of the user. Prior to this change doh did not work for me because CAINFO was not inherited. Also verbose was set always which AFAICT was a bug (#3660). Fixes https://github.com/curl/curl/issues/3660 Closes https://github.com/curl/curl/pull/3661
2019-03-09test331: verify set-cookie for dotless host nameDaniel Stenberg
Reproduced bug #3649 Closes #3659
2019-03-09Revert "cookies: extend domain checks to non psl builds"Daniel Stenberg
This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0. Regression shipped in 7.64.0 Fixes #3649
2019-03-08memdebug: make debug-specific functions use curl_dbg_ prefixDaniel Stenberg
To not "collide" or use up the regular curl_ name space. Also makes them easier to detect in helper scripts. Closes #3656
2019-03-08cmdline-opts/proxytunnel.d: the option tunnnels all protocolsDaniel Stenberg
Clarify the language and simplify. Reported-by: Daniel Lublin Closes #3658
2019-03-07KNOWN_BUGS: Client cert (MTLS) issues with SchannelDaniel Stenberg
Closes #3145
2019-03-07ROADMAP: updated to some more current things to work onDaniel Stenberg
2019-03-05tests: fix multiple may be used uninitialized warningsDaniel Stenberg
2019-03-05RELEASE-NOTES: syncedDaniel Stenberg
2019-03-05source: fix two 'nread' may be used uninitialized warningsDaniel Stenberg
Both seem to be false positives but we don't like warnings. Closes #3646
2019-03-05gopher: remove check for path == NULLDaniel Stenberg
Since it can't be NULL and it makes Coverity believe we lack proper NULL checks. Verified by test 659, landed in commit 15401fa886b. Pointed out by Coverity CID 1442746. Assisted-by: Dan Fandrich Fixes #3617 Closes #3642
2019-03-05examples: only include <curl/curl.h>Daniel Stenberg
That's the only public curl header we should encourage use of. Reviewed-by: Marcel Raad Closes #3645
2019-03-05ssh: loop the state machine if not done and not blockingDaniel Stenberg
If the state machine isn't complete, didn't fail and it didn't return due to blocking it can just as well loop again. This addresses the problem with SFTP directory listings where we would otherwise return back to the parent and as the multi state machine doesn't have any code for using CURLM_CALL_MULTI_PERFORM for as long the doing phase isn't complete, it would return out when in reality there was more data to deal with. Fixes #3506 Closes #3644
2019-03-05multi: support verbose conncache closure handleJay Satiro
- Change closure handle to receive verbose setting from the easy handle most recently added via curl_multi_add_handle. The closure handle is a special easy handle used for closing cached connections. It receives limited settings from the easy handle most recently added to the multi handle. Prior to this change that did not include verbose which was a problem because on connection shutdown verbose mode was not acknowledged. Ref: https://github.com/curl/curl/pull/3598 Co-authored-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/3618
2019-03-04CURLU: fix NULL dereference when used over proxyDaniel Stenberg
Test 659 verifies Also fixed the test 658 name Closes #3641
2019-03-03altsvc_out: check the return code from Curl_gmtimeDaniel Stenberg
Pointed out by Coverity, CID 1442956. Closes #3640
2019-03-03docs/ALTSVC.md: docs describing the approachDaniel Stenberg
Closes #3498
2019-03-03alt-svc: add a travis buildDaniel Stenberg
2019-03-03alt-svc: add test 355 and 356 to verify with command line curlDaniel Stenberg
2019-03-03alt-svc: the curl command line bitsDaniel Stenberg
2019-03-03alt-svc: the libcurl bitsDaniel Stenberg
2019-03-02travis: add build using gnutlsDaniel Stenberg
Closes #3637
2019-03-02RELEASE-NOTES: syncedDaniel Stenberg
2019-03-02scripts/completion.pl: also generate fish completion fileSimon Legner
This is the renamed script formerly known as zsh.pl Closes #3545
2019-03-02gnutls: remove call to deprecated gnutls_compression_get_nameDaniel Stenberg
It has been deprecated by GnuTLS since a year ago and now causes build warnings. Ref: https://gitlab.com/gnutls/gnutls/commit/b0041897d2846737f5fb0f Docs: https://www.gnutls.org/manual/html_node/Compatibility-API.html Closes #3636
2019-03-02system_win32: move win32_init here from easy.cJay Satiro
.. since system_win32 is a more appropriate location for the functions and to extern the globals. Ref: https://github.com/curl/curl/commit/ca597ad#r32446578 Reported-by: Gisle Vanem Closes https://github.com/curl/curl/pull/3625
2019-03-01curl_easy_duphandle.3: clarify that a duped handle has no sharesDaniel Stenberg
Reported-by: Sara Golemon Fixes #3592 Closes #3634
2019-03-0110-at-a-time.c: fix too long lineDaniel Stenberg
2019-03-01examples: various fixes in ephiperfifo.cArnaud Rebillout
The main change here is the timer value that was wrong, it was given in usecs (ms * 1000), while the itimerspec struct wants nsecs (ms * 1000 * 1000). This resulted in the callback being invoked WAY TOO OFTEN. As a quick check you can run this command before and after applying this commit: # shell 1 ./ephiperfifo 2>&1 | tee ephiperfifo.log # shell 2 echo http://hacking.elboulangero.com > hiper.fifo Then just compare the size of the logs files. Closes #3633 Fixes #3632 Signed-off-by: Arnaud Rebillout <arnaud.rebillout@collabora.com>
2019-03-01urldata: simplify bytecountersDaniel Stenberg
- no need to have them protocol specific - no need to set pointers to them with the Curl_setup_transfer() call - make Curl_setup_transfer() operate on a transfer pointer, not connection - switch some counters from long to the more proper curl_off_t type Closes #3627
2019-03-01examples/10-at-a-time.c: improve readability and simplifyDaniel Stenberg
- use better variable names to explain their purposes - convert logic to curl_multi_wait()
2019-03-01threaded-resolver: shutdown the resolver thread without error messageDaniel Stenberg
When a transfer is done, the resolver thread will be brought down. That could accidentally generate an error message in the error buffer even though this is not an error situationand the transfer would still return OK. An application that still reads the error buffer could find a "Could not resolve host: [host name]" message there and get confused. Reported-by: Michael Schmid Fixes #3629 Closes #3630
2019-03-01docs: update max-redirs.d phrasingԜеѕ
clarify redir - "in absurdum" doesn't seem to make sense in this context Closes #3631
2019-03-01ssh: fix Condition '!status' is always trueDaniel Stenberg
in the same sftp_done function in both SSH backends. Simplify them somewhat. Pointed out by Codacy. Closes #3628
2019-02-28test578: make it read data from the correct testDaniel Stenberg
2019-02-28Curl_easy: remove req.maxfd - never used!Daniel Stenberg
Introduced in 8b6314ccfb, but not used anymore in current code. Unclear since when. Closes #3626
2019-02-28http: set state.infilesize when sending formpostsDaniel Stenberg
Without it set, we would unwillingly triger the "HTTP error before end of send, stop sending" condition even if the entire POST body had been sent (since it wouldn't know the expected size) which would unnecessarily log that message and close the connection when it didn't have to. Reported-by: Matt McClure Bug: https://curl.haxx.se/mail/archive-2019-02/0023.html Closes #3624
2019-02-28INSTALL: refer to the current TLS library names and configure optionsDaniel Stenberg
2019-02-28FAQ: minor updates and spelling fixesDaniel Stenberg
2019-02-28GOVERNANCE.md: minor spelling fixesDaniel Stenberg