| Age | Commit message (Collapse) | Author |
|---|
|
Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.
Closes #3504
|
|
The previously used ax_code_coverage.m4 is not license compatible and
must not be used.
Reported-by: William A. Rowe Jr
Fixes #3497
Closes #3499
|
|
OpenSSL_version() replaces OpenSSL_version_num()
Closes #3462
|
|
This subdir has mostly become an attic of never-used cruft from the
past.
Closes #3331
|
|
When compiling a collection of SSL libraries to link against (SSL_LIBS),
ensure all libraries are included. The call `--libs-only-l` can produce
only a subset of found in a `--libs` call (e.x. pthread may be excluded).
Adding `--libs-only-other` ensures other libraries are also included in
the list. This corrects select build environments compiling against a
static version of OpenSSL. Before the change, the following could be
observed:
checking for openssl options with pkg-config... found
configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl "
configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
checking for HMAC_Update in -lcrypto... no
checking for HMAC_Init_ex in -lcrypto... no
checking OpenSSL linking with -ldl... no
checking OpenSSL linking with -ldl and -lpthread... no
configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.
configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.
...
SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )
...
And include the other libraries when compiling SSL_LIBS succeeds with:
checking for openssl options with pkg-config... found
configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread "
configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib "
configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include "
checking for HMAC_Update in -lcrypto... yes
checking for SSL_connect in -lssl... yes
...
SSL support: enabled (OpenSSL)
...
Signed-off-by: James Knight <james.d.knight@live.com>
Closes #3193
|
|
- ENGINE_cleanup() was used without including "openssl/engine.h"
- enable engine support for OpenSSL 0.9.7
Closes #3266
|
|
To make it easier to understand other people's and remote builds etc.
Closes #3207
|
|
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.
Use a better supported TLS library!
Assisted-by: Daniel Gustafsson
Closes #3194
|
|
Follow-up to #3166 which did the cmake part of this. This type/define is
not used.
Closes #3168
|
|
- also update two URLs outside of docs/examples
- fix spelling of filename persistant.c
- fix three long lines that started failing checksrc.pl
Closes https://github.com/curl/curl/pull/3036
|
|
Closes https://github.com/curl/curl/pull/3031
|
|
When trying to detect pthreads use on HPUX the checks will succeed
without the correct -l option but then end up failing at run-time.
Reported-by: Eason-Yu on github
Fixes #2697
Closes #3025
|
|
|
|
Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.
Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.
Fixes #2724
Closes #2791
|
|
Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
pedantic-errors was synonymous to -Werror=pedantic [0], which is still
the case for clang [1]. With GCC 5, it became complementary [2].
Also fix a resulting error in acinclude.m4 as main's return type was
missing, which is illegal in C99.
[0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
[1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
[2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html
Closes https://github.com/curl/curl/pull/2747
|
|
... by making sure it uses the -I provided by pkg-config!
Reported-by: pszemus on github
Fixes #2848
Closes #2850
|
|
Since it isn't used either and requires the getnameinfo check
Follow-up to 0aeca41702d2
|
|
Closes #2687
|
|
The linker is pretty dumb and processes things left to right, keeping a
tally of symbols it hasn't resolved yet. So, we need -ldl to appear
after -lcrypto otherwise the linker won't find the dl functions.
Closes #2684
|
|
Fix the -ldl and -ldl + -lpthread checks for OpenSSL, necessary for
building with static libs without pkg-config.
Reported-by: Marcel Raad
Fixes #2199
Closes #2659
|
|
Previously it was checked for in configure/cmake, but that would then
leave other build systems built without engine support.
While engine support probably existed prior to 1.0.1, I decided to play
safe. If someone experience a problem with this, we can widen the
version check.
Fixes #2641
Closes #2644
|
|
If configure detects fnmatch to be available, use that instead of our
custom one for FTP wildcard pattern matching. For standard compliance,
to reduce our footprint and to use already well tested and well
exercised code.
A POSIX fnmatch behaves slightly different than the internal function
for a few test patterns currently and the macOS one yet slightly
different. Test case 1307 is adjusted for these differences.
Closes #2626
|
|
On our x86 Android toolchain, getpwuid_r is implemented but the header
is missing:
netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration]
Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved
the prototype to curl_setup.h.
Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
Closes #2609
|
|
The automake default ar flags are 'cru', but the 'u' flag in there
causes warnings on many modern Linux distros. Removing 'u' may have a
minor performance impact on older distros but should not cause harm.
Explained on the automake mailing list already back in April 2015:
https://www.mail-archive.com/automake-patches@gnu.org/msg07705.html
Reported-by: elephoenix on github
Fixes #2617
Closes #2619
|
|
The ssh2 pkg-config file could contain the following lines when build
with a static version of mbedtls:
Libs: -L${libdir} -lssh2 /xxx/libmbedcrypto.a
Libs.private: /xxx/libmbedcrypto.a
This static mbedtls library must be used to correctly detect ssh2
support and this library must be copied in libcurl.pc otherwise
compilation of any application (such as upmpdcli) with libcurl will fail
when trying to found mbedtls functions included in libssh2. So, replace
pkg-config --libs-only-l by pkg-config --libs.
Fixes:
- http://autobuild.buildroot.net/results/43e24b22a77f616d6198c10435dcc23cc3b9088a
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Closes #2613
|
|
When given a prefix, the $PREFIX_OPENSSL/lib/openssl.pc or
$PREFIX_OPENSSL/include/openssl/ssl.h files must be present or cause an
error. Helps users detect when giving configure the wrong path.
Reported-by: Oleg Pudeyev
Assisted-by: Per Malmberg
Fixes #2580
|
|
... instead of exeucting code to get the size. Removes the use of
LD_LIBRARY_PATH for this.
Fixes #2586
Closes #2589
Reported-by: Bernhard Walle
|
|
When only building with SSL backends that don't use the CA bundle file
(by default), skip the check.
Fixes #2543
Fixes #2180
Closes #2545
|
|
|
|
... only set it when we actually have to run tests to reduce its impact
on for example build commands etc.
Fixes #2490
Closes #2492
Reported-by: Dmitry Mikhirev
|
|
|
|
... so that the memory allocated by applications using libcurl does not
grow per each TLS connection.
Bug: https://bugzilla.redhat.com/1510247
Closes #2297
|
|
Assign the time_t variable negative value and then check if it is
greater than zero, which will evaluate true for unsigned time_t but
false for signed time_t.
|
|
Make curl_getdate() handle dates before 1970 as well (returning negative
values).
Make test 517 test dates for 64 bit time_t.
This fixes bug (3) mentioned in #2238
Closes #2250
|
|
Link order should list libraries after the libraries that use them,
so when we're guessing that we might also need to add -ldl in order
to use -lssl, we should add -ldl after -lssl.
Closes https://github.com/curl/curl/pull/2234
|
|
.. because limits.h presence isn't optional, it's required by C89.
Ref: http://port70.net/~nsz/c/c89/c89-draft.html#2.2.4.2
Closes https://github.com/curl/curl/pull/2215
|
|
Follow-up to c92d2e1
Closes #2172
|
|
Fixes #2076
Closes #2125
|
|
Needed by HPE NonStop NSE and NSX systems
Fixes #2146
Closes #2155
|
|
Lists all SSL backends that were enabled at build-time.
Suggested-by: Oleg Pudeyev
Fixes #2128
|
|
The SFTP back-end supports asynchronous reading only, limited
to 32-bit file length. Writing is synchronous with no other
limitations.
This also brings keyboard-interactive authentication.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
|
|
libssh is an alternative library to libssh2.
https://www.libssh.org/
That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.
Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
|
|
The new API added in Linux 4.11 only requires setting a socket option
before connecting, without the whole sento() machinery.
Notably, this makes it possible to use TFO with SSL connections on Linux
as well, without the need to mess around with OpenSSL (or whatever other
SSL library) internals.
Closes #2056
|
|
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
|
|
If clock_gettime() is not supported, use mach_absolute_time() on MacOS.
closes #2033
|
|
... we used it only for the fuzzer, which we now have in a separate git
repo.
Closes #1990
|
|
Enable PKCS12 for all non-boringssl builds without relying on configure
or cmake checks.
Bug: https://curl.haxx.se/mail/lib-2017-10/0007.html
Reported-by: Christian Schmitz
Closes #1948
|
|
Use the external curl-fuzzer repository for fuzzing.
Closes #1923
|
|
The stub implementation is pre-loaded using LD_PRELOAD
and emulates common gssapi uses (only builds if curl is
initially built with gssapi support).
The initial tests are currently disabled for debug builds
as LD_PRELOAD is not used then.
Ref: https://github.com/curl/curl/pull/1687
|
|
The tests for object file/executable file extensions are presumably only
done for the first of these macros in the configure file.
Bug: https://github.com/curl/curl/pull/1851#issuecomment-327597515
Reported-by: Marcel Raad
Closes #1873
|
