aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-08-21INTERNALS: require GnuTLS >= 2.11.3Daniel Stenberg
Since the public pinning support was brought in e644866caf4. GnuTLS 2.11.3 was released in October 2010. Figured out in #2890
2018-08-21http2: avoid set_stream_user_data() before stream is assignedDaniel Stenberg
... before the stream is started, we have it set to -1. Fixes #2894 Closes #2898
2018-08-20SSLCERTS: improve the openssl command lineDaniel Stenberg
... for extracting certs from a live HTTPS server to make a cacerts.pem from them.
2018-08-20docs/SECURITY-PROCESS: now we name the files after the CVE idDaniel Stenberg
2018-08-19RELEASE-NOTES: syncedDaniel Stenberg
2018-08-18upload: change default UPLOAD_BUFSIZE to 64KBDaniel Stenberg
To make uploads significantly faster in some circumstances. Part 2 of #2888 Closes #2892
2018-08-18upload: allocate upload buffer on-demandDaniel Stenberg
Saves 16KB on the easy handle for operations that don't need that buffer. Part 1 of #2888
2018-08-18vtls: reinstantiate engine on duplicated handlesLaurent Bonnans
Handles created with curl_easy_duphandle do not use the SSL engine set up in the original handle. This fixes the issue by storing the engine name in the internal url state and setting the engine from its name inside curl_easy_duphandle. Reported-by: Anton Gerasimov Signed-of-by: Laurent Bonnans Fixes #2829 Closes #2833
2018-08-17http2: make sure to send after RST_STREAMDaniel Stenberg
If this is the last stream on this connection, the RST_STREAM might not get pushed to the wire otherwise. Fixes #2882 Closes #2887 Researched-by: Michael Kaufmann
2018-08-16test1268: check the stderr output as "text"Daniel Stenberg
Follow-up to 099f37e9c57 Pointed-out-by: Marcel Raad
2018-08-16urldata: remove unused pipe_broke struct fieldDaniel Stenberg
This struct field is never set TRUE in any existing code path. This change removes the field completely. Closes #2871
2018-08-15curl: warn the user if a given file name looks like an optionDaniel Stenberg
... simply because this is usually a sign of the user having omitted the file name and the next option is instead "eaten" by the parser as a file name. Add test1268 to verify Closes #2885
2018-08-15http2: check nghttp2_session_set_stream_user_data return codeDaniel Stenberg
Might help bug #2688 debugging Closes #2880
2018-08-15travis: revert back to gcc-7 for coverage buildsDaniel Stenberg
... since the gcc-8 ones seem to fail frequently. Follow-up from b85207199544ca Closes #2886
2018-08-15RELEASE-NOTES: syncedDaniel Stenberg
... and now listed in alphabetical order!
2018-08-15CMake: CMake config files are defining CURL_STATICLIB for static buildsAdrien
This change allows to use the CMake config files generated by Curl's CMake scripts for static builds of the library. The symbol CURL_STATIC lib must be defined to compile downstream, thus the config package is the perfect place to do so. Fixes #2817 Closes #2823 Reported-by: adnn on github Reviewed-by: Sergei Nikulov
2018-08-15TODO: host name sections in config filesDaniel Stenberg
2018-08-14ssh-libssh: fix infinite connect loop on invalid private keyKamil Dudka
Added test 656 (based on test 604) to verify the fix. Bug: https://bugzilla.redhat.com/1595135 Closes #2879
2018-08-14ssh-libssh: reduce excessive verbose output about pubkey authKamil Dudka
The verbose message "Authentication using SSH public key file" was printed each time the ssh_userauth_publickey_auto() was called, which meant each time a packet was transferred over network because the API operates in non-blocking mode. This patch makes sure that the verbose message is printed just once (when the authentication state is entered by the SSH state machine).
2018-08-14travis: disable h2 torture tests for "coverage"Daniel Stenberg
Since they started to fail almost 100% since a few days. Closes #2876
2018-08-14travis: update to GCC 8Marcel Raad
Closes https://github.com/curl/curl/pull/2869
2018-08-13http: fix for tiny "HTTP/0.9" responseDaniel Stenberg
Deal with tiny "HTTP/0.9" (header-less) responses by checking the status-line early, even before a full "HTTP/" is received to allow detecting 0.9 properly. Test 1266 and 1267 added to verify. Fixes #2420 Closes #2872
2018-08-13docs: add disallow-username-in-url.d and haproxy-protocol.d on the listKamil Dudka
... to make make the files appear in distribution tarballs Closes #2856
2018-08-13.travis.yml: verify that man pages can be regeneratedKamil Dudka
... when curl is built from distribution tarball Closes #2856
2018-08-11Split non-portable part off test 1133Marcel Raad
Split off testing file names with double quotes into new test 1158. Disable it for MSYS using a precheck as it doesn't support file names with double quotes (but Cygwin does, for example). Fixes https://github.com/curl/curl/issues/2796 Closes https://github.com/curl/curl/pull/2854
2018-08-11projects: Improve Windows perl detection in batch scriptsJay Satiro
- Determine if perl is in the user's PATH by running perl.exe. Prior to this change detection was done by checking the PATH for perl/ but that did not work in all cases (eg git install includes perl but not in perl/ path). Bug: https://github.com/curl/curl/pull/2865 Reported-by: Daniel JeliƄski
2018-08-11docs: Improve the manual pages of some callbacksMichael Kaufmann
- CURLOPT_HEADERFUNCTION: add newlines - CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata' - CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA - CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain how to set it Closes https://github.com/curl/curl/pull/2868
2018-08-11GCC: silence -Wcast-function-type uniformlyMarcel Raad
Pointed-out-by: Rikard Falkeborn Closes https://github.com/curl/curl/pull/2860
2018-08-11Silence GCC 8 cast-function-type warningsMarcel Raad
On Windows, casting between unrelated function types is fine and sometimes even necessary, so just use an intermediate cast to (void (*) (void)) to silence the warning as described in [0]. [0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html Closes https://github.com/curl/curl/pull/2860
2018-08-11CURLINFO_SIZE_UPLOAD: fix missing counter updateDaniel Stenberg
Adds test 1522 for verification. Reported-by: cjmsoregan Fixes #2847 Closes #2864
2018-08-10Documentation: fix CURLOPT_SSH_COMPRESSION copy/paste bugDaniel Jelinski
Closes #2867
2018-08-10RELEASE-NOTES: syncedDaniel Stenberg
2018-08-10openssl: fix potential NULL pointer deref in is_pkcs11_uriDaniel Stenberg
Follow-up to 298d2565e Coverity CID 1438387
2018-08-10travis: execute "set -eo pipefail" for coverage buildMarcel Raad
Follow-up to 2de63ab179eb78630ee039ad94fb2a5423df522d and 0b87c963252d3504552ee0c8cf4402bd65a80af5. Closes https://github.com/curl/curl/pull/2862
2018-08-10lib1502: fix memory leak in torture testDaniel Stenberg
Reported-by: Marcel Raad Fixes #2861 Closes #2863
2018-08-10docs: mention NULL is fine input to several functionsDaniel Stenberg
Fixes #2837 Closes #2858 Reported-by: Markus Elfring
2018-08-09README.md: add LGTM.com code quality grade for C/C++Bas van Schaik
Closes #2857
2018-08-09test1531: Add timeoutRikard Falkeborn
Previously, the macro TEST_HANG_TIMEOUT was unused, but since there is looping going on, we might as well add timing instead of removing it. Closes #2853
2018-08-09test1540: Remove unused macro TEST_HANG_TIMEOUTRikard Falkeborn
The macro has never been used, and it there is not really any place where it would make sense to add timing checks. Closes #2852
2018-08-09asyn-thread: Remove unused macroRikard Falkeborn
The macro seems to never have been used. Closes #2852
2018-08-09http_proxy: Remove unused macro SELECT_TIMEOUTRikard Falkeborn
Usage was removed in 5113ad0424044458ac497fa1458ebe0101356b22. Closes #2852
2018-08-09formdata: Remove unused macro HTTPPOST_CONTENTTYPE_DEFAULTRikard Falkeborn
Its usage was removed in 84ad1fd3047815f9c6e78728bb351b828eac10b1. Closes #2852
2018-08-09telnet: Remove unused macros TELOPTS and TELCMDSRikard Falkeborn
Their usage was removed in 3a145180cc754a5959ca971ef3cd243c5c83fc51. Closes #2852
2018-08-09openssl: fix debug messagesDaniel Jelinski
Fixes #2806 Closes #2843
2018-08-09configure: fix for -lpthread detection with OpenSSL and pkg-configDaniel Stenberg
... by making sure it uses the -I provided by pkg-config! Reported-by: pszemus on github Fixes #2848 Closes #2850
2018-08-08RELEASE-NOTES: syncedDaniel Stenberg
2018-08-08windows: follow up to the buffer-tuning 1ba1dba7Daniel Stenberg
Somehow I didn't include the amended version of the previous fix. This is the missing piece. Pointed-out-by: Viktor Szakats
2018-08-08windows: implement send buffer tuningDaniel Jelinski
Significantly enhances upload performance on modern Windows versions. Bug: https://curl.haxx.se/mail/lib-2018-07/0080.html Closes #2762 Fixes #2224
2018-08-08ssl: set engine implicitly when a PKCS#11 URI is providedAnderson Toshiyuki Sasaki
This allows the use of PKCS#11 URI for certificates and keys without setting the corresponding type as "ENG" and the engine as "pkcs11" explicitly. If a PKCS#11 URI is provided for certificate, key, proxy_certificate or proxy_key, the corresponding type is set as "ENG" if not provided and the engine is set to "pkcs11" if not provided. Acked-by: Nikos Mavrogiannopoulos Closes #2333
2018-08-08CMake: Respect BUILD_SHARED_LIBSRuslan Baratov
Use standard CMake variable BUILD_SHARED_LIBS instead of introducing custom option CURL_STATICLIB. Use '-DBUILD_SHARED_LIBS=%SHARED%' in appveyor.yml. Reviewed-by: Sergei Nikulov Closes #2755