aboutsummaryrefslogtreecommitdiff
path: root/lib/http.c
AgeCommit message (Collapse)Author
2016-02-16http: Don't break the header into chunks if HTTP/2Tatsuhiro Tsujikawa
nghttp2 callback deals with TLS layer and therefore the header does not need to be broken into chunks. Bug: https://github.com/curl/curl/issues/659 Reported-by: Kazuho Oku
2016-02-08Proxy-Connection: stop sending this header by defaultDaniel Stenberg
RFC 7230 says we should stop. Firefox already stopped. Bug: https://github.com/curl/curl/issues/633 Reported-By: Brad Fitzpatrick Closes #633
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-12-15http2: Support trailer fieldsTatsuhiro Tsujikawa
This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked encoding must be used to send trialer fields. HTTP/2 deprecated any trandfer-encoding, including chunked. But trailer fields are now always available. Since trailer fields are relatively rare these days (gRPC uses them extensively though), allocating buffer for trailer fields is done when we detect that HEADERS frame containing trailer fields is started. We use Curl_add_buffer_* functions to buffer all trailers, just like we do for regular header fields. And then deliver them when stream is closed. We have to be careful here so that all data are delivered to upper layer before sending trailers to the application. We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE mechanism, but current method is far more simple. Another possibility is use chunked encoding internally for HTTP/2 traffic. I have not tested it, but it could add another overhead. Closes #564
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-12-09fix b6d5cb40d7038feDaniel Stenberg
2015-12-08build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGSChristian Stewart
With curl disable verbose strings in http.c the compilation fails due to the data variable being undefined later on in the function. Closes #558
2015-11-25timecond: do not add if-modified-since without timeconditionDaniel Stenberg
The RTSP code path didn't skip adding the if-modified-since for certain RTSP code paths, even if CURLOPT_TIMECONDITION was set to CURL_TIMECOND_NONE. Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals CURL_TIMECOND_IFMODSINCE. Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-17http2: http_done: don't free already-freed push headersDaniel Stenberg
The push headers are freed after the push callback has been invoked, meaning this code should only free the headers if the callback was never invoked and thus the headers weren't freed at that time. Reported-by: Davey Shafik
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-10-20vtls: added support for mbedTLSJonas Minnberg
closes #496
2015-10-15fread_func: move callback pointer from set to state structDaniel Stenberg
... and assign it from the set.fread_func_set pointer in the Curl_init_CONNECT function. This A) avoids that we have code that assigns fields in the 'set' struct (which we always knew was bad) and more importantly B) it makes it impossibly to accidentally leave the wrong value for when the handle is re-used etc. Introducing a state-init functionality in multi.c, so that we can set a specific function to get called when we enter a state. The Curl_init_CONNECT is thus called when switching to the CONNECT state. Bug: https://github.com/bagder/curl/issues/346 Closes #346
2015-08-20rtsp: stop reading empty DESCRIBE responsesErik Janssen
Based-on-patch-by: Jim Hollinger
2015-08-11http2: discard frames with no SessionHandleAnders Bakken
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the SessionHandle. Apparently mod_h2 will sometimes send a frame for a stream_id we're finished with. Use nghttp2_session_get_stream_user_data and nghttp2_session_set_stream_user_data to identify SessionHandles instead of a hash. Closes #372
2015-07-30http: move HTTP/2 cleanup code off http_disconnect()Kamil Dudka
Otherwise it would never be called for an HTTP/2 connection, which has its own disconnect handler. I spotted this while debugging <https://bugzilla.redhat.com/1248389> where the http_disconnect() handler was called on an FTP session handle causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in Curl_add_buffer_free() after printing the "Connection cache is full, closing the oldest one." message. A previously working version of libcurl started to crash after it was recompiled with the HTTP/2 support despite the HTTP/2 protocol was not actually used. This commit makes it work again although I suspect the root cause (reinterpreting session handle data of incompatible protocol) still has to be fixed. Otherwise the same will happen when mixing FTP and HTTP/2 connections and exceeding the connection cache limit. Reported-by: Tomas Tomecek Bug: https://bugzilla.redhat.com/1248389
2015-07-25HTTP: ignore "Content-Encoding: compress"Michael Kaufmann
Currently, libcurl rejects responses with "Content-Encoding: compress" when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should treat the Content-Encoding "compress" the same as other Content-Encodings that it does not support, e.g. "bzip2". That means just ignoring it.
2015-07-07http2: Fix memory leak in push header arrayTatsuhiro Tsujikawa
2015-06-24http2: fixed the header accessor functions for the push callbackDaniel Stenberg
2015-06-24http2: setup the new pushed stream properlyDaniel Stenberg
2015-06-17http: do not leak basic auth credentials on re-used connectionsKamil Dudka
CVE-2015-3236 This partially reverts commit curl-7_39_0-237-g87c4abb Reported-by: Tomas Tomecek, Kamil Dudka Bug: http://curl.haxx.se/docs/adv_20150617A.html
2015-06-14urldata: store POST size in state.infilesize tooDaniel Stenberg
... to simplify checking when PUT _or_ POST have completed. Reported-by: Frank Meier Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-05-31HTTP-NTLM: fail auth on connection close instead of loopingIsaac Boukris
Bug: https://github.com/bagder/curl/issues/256
2015-05-22http: removed self assignmentDaniel Stenberg
Follow-up fix from b0143a2a33f0 Detected by coverity. CID 1299429
2015-05-20read_callback: move to SessionHandle from connectdataDaniel Stenberg
With many easy handles using the same connection for multiplexing, it is important we store and keep the transfer-oriented stuff in the SessionHandle so that callbacks and callback data work fine even when many easy handles share the same physical connection.
2015-05-19http: silence compile-time warnings without USE_NGHTTP2Kamil Dudka
Error: CLANG_WARNING: lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read Error: COMPILER_WARNING: lib/http.c: scope_hint: In function ‘http_disconnect’ lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
2015-05-18http: Add some include guards for the new HTTP/2 stuffJay Satiro
2015-05-18http2: fix build when NOT h2-enabledDaniel Stenberg
2015-05-18pipeline: switch some code over to functionsDaniel Stenberg
... to "compartmentalize" a bit and make it easier to change behavior when multiplexing is used instead of good old pipelining.
2015-05-18Curl_http_readwrite_headers: minor code simplificationDaniel Stenberg
2015-05-18http2: rename s/data/pausedataDaniel Stenberg
2015-05-18http2: set default concurrency, fix ConnectionExists for multiplexDaniel Stenberg
2015-05-18bundles: store no/default/pipeline/multiplexDaniel Stenberg
to allow code to act differently on the situation. Also added some more info message for the connection re-use function to make it clearer when connections are not re-used.
2015-05-18http2: lazy init header_recvbufDaniel Stenberg
It makes us use less memory when not doing HTTP/2 and subsequently also makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
2015-05-18http2: separate multiplex/pipelining + cleanup memory leaksDaniel Stenberg
2015-05-18http2: force "drainage" of streamsDaniel Stenberg
... which is necessary since the socket won't be readable but there is data waiting in the buffer.
2015-05-18http2: move the mem+len pair to the stream structDaniel Stenberg
2015-05-18http2: more stream-oriented data, stream ID 0 is for connectionsDaniel Stenberg
2015-05-18http2: move lots of state data to the 'stream' structDaniel Stenberg
... from the connection struct. The stream one being the 'struct HTTP' which is kept in the SessionHandle struct (easy handle). lookup streams for incoming frames in the stream hash, hashing is based on the stream id and we get the SessionHandle for the incoming stream that way.
2015-05-18http: switch on "pipelining" (multiplexing) for HTTP/2 serversDaniel Stenberg
... and do not blacklist any.
2015-05-12bundles: merged into conncache.cDaniel Stenberg
All the existing Curl_bundle* functions were only ever used from within the conncache.c file, so I moved them over and made them static (and removed the Curl_ prefix).
2015-04-21http_done: close Negotiate connections when doneDaniel Stenberg
When doing HTTP requests Negotiate authenticated, the entire connnection may become authenticated and not just the specific HTTP request which is otherwise how HTTP works, as Negotiate can basically use NTLM under the hood. curl was not adhering to this fact but would assume that such requests would also be authenticated per request. CVE-2015-3148 Bug: http://curl.haxx.se/docs/adv_20150422B.html Reported-by: Isaac Boukris
2015-04-17Revert "HTTP: don't abort connections with pending Negotiate authentication"Daniel Stenberg
This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. Bug: https://github.com/bagder/curl/issues/223 Reported-by: Michael Osipov
2015-03-24curl_memory: make curl_memory.h the second-last header file loadedDan Fandrich
This header file must be included after all header files except memdebug.h, as it does similar memory function redefinitions and can be similarly affected by conflicting definitions in system or dependent library headers.
2015-03-17HTTP: don't use Expect: headers when on HTTP/2Daniel Stenberg
Reported-by: Stefan Eissing Bug: https://github.com/bagder/curl/issues/169
2015-03-17checksrc: detect and remove space before trailing semicolonsDaniel Stenberg
2015-03-16free: instead of Curl_safefree()Daniel Stenberg
Since we just started make use of free(NULL) in order to simplify code, this change takes it a step further and: - converts lots of Curl_safefree() calls to good old free() - makes Curl_safefree() not check the pointer before free() The (new) rule of thumb is: if you really want a function call that frees a pointer and then assigns it to NULL, then use Curl_safefree(). But we will prefer just using free() from now on.
2015-03-16Bug #149: Deletion of unnecessary checks before calls of the function "free"Markus Elfring
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc24. Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
2015-03-12http: always send Host: header as first headerDaniel Stenberg
...after the method line: "Since the Host field-value is critical information for handling a request, a user agent SHOULD generate Host as the first header field following the request-line." / RFC 7230 section 5.4 Additionally, this will also make libcurl ignore multiple specified custom Host: headers and only use the first one. Test 1121 has been updated accordingly Bug: http://curl.haxx.se/bug/view.cgi?id=1491 Reported-by: Rainer Canavan
2015-03-07http2: use CURL_HTTP_VERSION_* symbols instead of NPN_*Daniel Stenberg
Since they already exist and will make comparing easier