aboutsummaryrefslogtreecommitdiff
path: root/lib/Makefile.inc
AgeCommit message (Collapse)Author
2013-06-25formpost: better random boundariesDaniel Stenberg
When doing multi-part formposts, libcurl used a pseudo-random value that was seeded with time(). This turns out to be bad for users who formpost data that is provided with users who then can guess how the boundary string will look like and then they can forge a different formpost part and trick the receiver. My advice to such implementors is (still even after this change) to not rely on the boundary strings being cryptographically strong. Fix your code and logic to not depend on them that much! I moved the Curl_rand() function into the sslgen.c source file now to be able to take advantage of the SSL library's random function if it provides one. If not, try to use the RANDOM_FILE for seeding and as a last resort keep the old logic, just modified to also add microseconds which makes it harder to properly guess the exact seed. The formboundary() function in formdata.c is now using 64 bit entropy for the boundary and therefore the string of dashes was reduced by 4 letters and there are 16 hex digits following it. The total length is thus still the same. Bug: http://curl.haxx.se/bug/view.cgi?id=1251 Reported-by: "Floris"
2013-06-22dotdot: introducing dot file path cleanupDaniel Stenberg
RFC3986 details how a path part passed in as part of a URI should be "cleaned" from dot sequences before getting used. The described algorithm is now implemented in lib/dotdot.c with the accompanied test case in test 1395. Bug: http://curl.haxx.se/bug/view.cgi?id=1200 Reported-by: Alex Vinnik
2013-03-13Multiple pipelines and limiting the number of connections.Linus Nielsen Feltzing
Introducing a number of options to the multi interface that allows for multiple pipelines to the same host, in order to optimize the balance between the penalty for opening new connections and the potential pipelining latency. Two new options for limiting the number of connections: CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections to the same host. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished, so we can reuse the connection. CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished. The free connection will then be reused, if possible, or closed if the pending handle can't reuse it. Several new options for pipelining: CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a pipeline is "full" when a connection is to be reused, a new connection will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it. If not, the handle will be put in a pending state until a connection is ready (either free or a pipe got shorter). CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a transfer with a content length that is larger than this. CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a chunk larger than this. CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow pipelining. CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow pipelining. See the curl_multi_setopt() man page for details.
2013-02-19polarssl threadlock cleanupYang Tse
2013-02-15PolarSSL: pthread support for entropyWillem Sparreboom
Added pthread support for polarssl entropy if --enable-threaded-resolver config flag is set and pthread.h can be found.
2013-02-06setup-vms.h: post VMS patch cleanup - IIIYang Tse
- rename post-config-vms.h to setup-vms.h - move its inclusion into proper location in curl_setup.h
2013-02-05VMS: fix and generate the VMS build configJohn E. Malmberg
config_h.com is a new file that generates a config.h file based on the curl_config.h.in file and a quick scan of the configure script. This is actually a generic procedure that is shared with other VMS packages. The existing pre-built config-vms.h had over 100 entries that were not correct and in some cases conflicted with the build options available in the build_vms.com. generate_config_vms_h_curl.com is a helper procedure to the config_h.com. It covers the cases that the generic config_h.com is not able to figure out, and accepts input from the build_vms.com procedure. build_curlbuild_h.com is a new file to generate the curlbuild.h file that Curl is now using when it is using a curl_config.h file. post-config-vms.h is a new file that is needed to provide VMS specific definitions, and most of them need to be set before the system header files are included. The VMS build procedure is fixed: 1. Fixed to link in the correct HP ssl library. 2. Fixed to detect if HP Kerberos is installed. 3. Fixed to detect if HP LDAP is installed. 4. Fixed to detect if gnv$libzshr is installed. 5. Simplified the input parameter parsing to not use a loop. 6. Warn that 64 bit pointer option support is not complete in comments. 7. Default to IEEE floating if platform supports it so resulting libcurl will be compatible with other open source projects on VMS. 8. Default to LARGEFILE if platform supports it. 9. Default to enable SSL, LDAP, Kerberos, libz if the libraries are present. 10. Build with exact case global symbols for libcurl. 11. Generate linker option file needed. 12. Compiler list option only commonly needed items. 13. fulllist option for those who really want it. 14. Create debug symbol file on Alpha, IA64.
2013-01-17always-multi: always use non-blocking internalsDaniel Stenberg
Remove internal separated behavior of the easy vs multi intercace. curl_easy_perform() is now using the multi interface itself. Several minor multi interface quirks and bugs have been fixed in the process. Much help with debugging this has been provided by: Yang Tse
2013-01-09build: fix circular header inclusion with other packagesYang Tse
This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
2013-01-06Revert changes relative to lib/*.[ch] recent renamingYang Tse
This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
2013-01-03build: make use of 93 lib/*.c renamed filesYang Tse
93 *.c source files renamed to use our standard naming scheme. This change affects 77 files in libcurl's source tree.
2012-12-28build: make use of 76 lib/*.h renamed filesYang Tse
76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
2012-12-07Introducing a new persistent connection caching system using "bundles".Linus Nielsen Feltzing
A bundle is a list of all persistent connections to the same host. The connection cache consists of a hash of bundles, with the hostname as the key. The benefits may not be obvious, but they are two: 1) Faster search for connections to reuse, since the hash lookup only finds connections to the host in question. 2) It lays out the groundworks for an upcoming patch, which will introduce multiple HTTP pipelines. This patch also removes the awkward list of "closure handles", which were needed to send QUIT commands to the FTP server when closing a connection. Now we allocate a separate closure handle and use that one to close all connections. This has been tested in a live system for a few weeks, and of course passes the test suite.
2012-11-08SSL: Several SSL-backend related fixesOscar Koeroo
axTLS: This will make the axTLS backend perform the RFC2818 checks, honoring the VERIFYHOST setting similar to the OpenSSL backend. Generic for OpenSSL and axTLS: Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c files to make them genericly available for both the OpenSSL, axTLS and other SSL backends. They are now in the new lib/hostcheck.c file. CyaSSL: CyaSSL now also has the RFC2818 checks enabled by default. There is a limitation that the verifyhost can not be enabled exclusively on the Subject CN field comparison. This SSL backend will thus behave like the NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: setting verifyhost to 0 or 1 will disable the Subject Alt Names checks too. Schannel: Updated the schannel information messages: Split the IP address usage message from the verifyhost setting and changed the message about disabling SNI (Server Name Indication, used in HTTP virtual hosting) into a message stating that the Subject Alternative Names checks are being disabled when verifyhost is set to 0 or 1. As a side effect of switching off the RFC2818 related servername checks with SCH_CRED_NO_SERVERNAME_CHECK (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature is being disabled. This effect is not documented in MSDN, but Wireshark output clearly shows the effect (details on the libcurl maillist). PolarSSL: Fix the prototype change in PolarSSL of ssl_set_session() and the move of the peer_cert from the ssl_context to the ssl_session. Found this change in the PolarSSL SVN between r1316 and r1317 where the POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu PolarSSL version 1.1.4 the check is to discriminate between lower then PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN trunk jumped from version 1.1.1 to 1.2.0. Generic: All the SSL backends are fixed and checked to work with the ssl.verifyhost as a boolean, which is an internal API change.
2012-06-26darwinssl: add support for native Mac OS X/iOS SSLNick Zitzmann
2012-06-15build: add curl_multibyte files to build systemsYang Tse
2012-06-11winbuild: Updated winbuild scripts to add schannelMarc Hoersken
2012-06-04Makefile.inc: tab adjustmentYang Tse
2012-05-30sasl: Moved plain text authentication message creation from smtp.cSteve Holme
Moved the plain text message creation from smtp.c into the sasl module to allow for use by other modules such as pop3.
2012-05-25smtp: Moved auth-mechanism constants into a separate header fileSteve Holme
Move the SMTP_AUTH constants into a separate header file in preparation for adding SASL based authentication to POP3 as the two protocols will need to share them.
2012-04-07curl tool: use configuration files from lib directory - follow-up IYang Tse
amigaos.[ch] now integrates nicely with any libcurl build
2011-08-28NTLM: END of refactoring/splitting/movingYang Tse
First: File curl_ntlm.h renamed curl_ntlm_msgs.h File curl_ntlm.c renamed curl_ntlm_msgs.c Afterwards: File http_ntlm.c renamed curl_ntlm.c File http_ntlm.h renamed curl_ntlm.h
2011-08-28NTLM: move NTLM core specifics into curl_ntlm_core.[ch]Yang Tse
2011-08-27NTLM_WB: move NTLM_WB specifics into curl_ntlm_wb.[ch]Yang Tse
2011-08-14http NTLM: split http_ntlm.[ch] between http_ntlm.[ch] and curl_ntlm.[ch]Yang Tse
For modularity purposes, huge chunks of NTLM existing code is transformed into functions to allow future internal code reuse. Resulting three new libcurl private functions: - Curl_ntlm_create_type1_message() - Curl_ntlm_create_type3_message() - Curl_ntlm_decode_type2_message() Changing static ntlm_sspi_cleanup() into non-static Curl_ntlm_sspi_cleanup() This 'refactoring' has been prepared by previous commits to allow that this specific one does not introduce any change to existing code. All existing goodness and badness previous to this commit should remain the same once it is applied, the only difference should be that existing code is moved into functions. Given the quite big portions of code being moved around, and the importance of change traceability, this commit has been done in such a way that it is possible to perform a three-way diff from initial http_ntlm.[ch] to resulting http_ntlm.[ch] and curl_ntlm.[ch] to actually verify that no functional change is introduced here. Notice that Steve Holme has provided several patches, but these included this refactoring along with 'extra' fixes. I really wanted this 'clean' refactoring done first, in order to allow discussion or committing of 'extra' fixes on a case by case basis, so, I had to bite the bullet ;-) Comments, line adjustments, compiler warning fixes, whatever, may follow afterwards.
2011-08-12http NTLM: move portions of http_ntlm.h into new curl_ntlm.hSteve Holme
2011-07-13gssapi: rename our files to avoid conflictsDaniel Stenberg
gssapi.h is used as a header name by Heimdal-style GSSAPI so it would conflict with a private header using that name, and while renaming the header I figured we should name the .c file accordingly as well. Bug: http://curl.haxx.se/mail/lib-2011-07/0071.html Reported by: Ben Greear
2011-07-12Added Curl_gss_init_sec_context.Julien Chaffraix
This function wraps our calls to gss_init_sec_context so that we have a unified way to talk to GSSAPI.
2011-04-25async resolvers: further cleanupsDaniel Stenberg
asyn-ares.c and asyn-thread.c are two separate backends that implement the same (internal) async resolver API for libcurl to use. Backend is specified at build time. The internal resolver API is defined in asyn.h for asynch resolvers.
2011-04-20CURL_DOES_CONVERSIONS: cleanupDaniel Stenberg
Massively reduce #ifdefs all over (23 #ifdef lines less so far) Moved conversion-specific code to non-ascii.c
2011-04-04http-proxy: move proxy code to http_proxy.cDaniel Stenberg
The new http_proxy.* files now host HTTP proxy specific code (500+ lines moved out from http.c), and as a consequence there is a macro introduced for the Curl_proxyCONNECT() function so that code can use it without actually supporting proxy (or HTTP) in builds.
2011-03-08SSL: (part 2) Added CyaSSL to SSL abstraction layerTodd A Ouska
This is the modified existing files commit.
2011-01-07HTTP: HTTP Negotiate authentication using SSPIMarcel Roelofs
Only under Windows
2010-12-28IDN: use win32 API if told toPierre Joye
The functionality is provided in a new source file: lib/idn_win32.c
2010-12-15Preparing for axTLS. Actual SSL API functions are only stubbed.Eric Hu
Added axTLS to autotool files and glue code to misc other files. axtls.h maps SSL API functions, but may change. axtls.c is just a stub file and will definitely change.
2010-08-25Forgot gopher.h in Makefile.incCameron Kaiser
2010-08-25Gopher protocol support (initial release)Cameron Kaiser
2010-07-30NTLM tests: boost coverage by forcing the hostnameKamil Dudka
A shared library tests/libtest/.libs/lihostname.so is preloaded in NTLM test-cases to override the system implementation of gethostname(). It makes it possible to test the NTLM authentication for exact match, and this way test the implementation of MD4 and DES. If LD_PRELOAD doesn't work, a debug build willl also workk as debug builds are now made to prefer a specific environment variable and will then return that content as host name instead of the actual one. Kamil wrote the bulk of this, Daniel Stenberg polished it.
2010-07-29Added a comment with an alternate idea to avoid the backslash line ↵Guenter Knauf
contination character.
2010-07-28some cosmetic changes.Guenter Knauf
2010-06-30http_ntlm: add support for NSSKamil Dudka
When configured with '--without-ssl --with-nss', NTLM authentication now uses NSS crypto library for MD5 and DES. For MD4 we have a local implementation in that case. More details are available at https://bugzilla.redhat.com/603783 In order to get it working, curl_global_init() must be called with CURL_GLOBAL_SSL or CURL_GLOBAL_ALL. That's necessary because NSS needs to be initialized globally and we do so only when the NSS library is actually required by protocol. The mentioned call of curl_global_init() is responsible for creating of the initialization mutex. There was also slightly changed the NSS initialization scenario, in particular, loading of the NSS PEM module. It used to be loaded always right after the NSS library was initialized. Now the library is initialized as soon as any SSL or NTLM is required, while the PEM module is prevented from being loaded until the SSL is actually required.
2010-05-25LDAP: properly implemented as a curl_handlerHoward Chu
makes the LDAP code much cleaner, nicer and in general being a better libcurl citizen. If a new enough OpenLDAP version is detect, the new and shiny lib/openldap.c code is then used instead of the old cruft Code by Howard, minor cleanups by Daniel.
2010-05-12FTP: WILDCARDMATCH/CHUNKING/FNMATCH addedPavel Raiskup
2010-05-12RTMP: initial support added, powered by librtmpHoward Chu
librtmp is found at http://rtmpdump.mplayerhq.hu/
2010-05-05PolarSSL: initial support addedHoi-Ho Chan
This is Hoi-Ho Chan's patch with some minor fixes by me. There are some potential issues in this, but none worse than we can sort out on the list and over time.
2010-04-19Implement SMTP authenticationmonnerat
2010-02-19fix compiler warningYang Tse
2010-01-25Constantine Sapuntzakis provided initial thread abstraction layerYang Tse
2010-01-21Chris Conroy brought support for RTSP transfers, and with it comes 8(!) newDaniel Stenberg
libcurl options for controlling what to get and how to receive posssibly interleaved RTP data. Initial commit.
2009-12-12introducing IMAP, POP3 and SMTP support (still lots of polish left to do)Daniel Stenberg