aboutsummaryrefslogtreecommitdiff
path: root/lib/http.c
AgeCommit message (Collapse)Author
2016-04-26CONNECT_ONLY: don't close connection on GSS 401/407 reponsesMarcel Raad
Previously, connections were closed immediately before the user had a chance to extract the socket when the proxy required Negotiate authentication. This regression was brought in with the security fix in commit 79b9d5f1a42578f Closes #655
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-03code: style updatesDaniel Stenberg
2016-03-31http2: support "prior knowledge", no upgrade from HTTP/1.1Diego Bes
Supports HTTP/2 over clear TCP - Optimize switching to HTTP/2 by removing calls to init and setup before switching. Switching will eventually call setup and setup calls init. - Supports new version to “force” the use of HTTP/2 over clean TCP - Add common line parameter “--http2-prior-knowledge” to the Curl command line tool.
2016-03-31http: remove ((expression)) double parenthesesDaniel Stenberg
2016-03-31Curl_add_buffer_send: avoid possible NULL dereferenceDaniel Stenberg
... as we check for a NULL pointer below, we move the derefence to after the check. Detected by PVS Studio. Reported-by: Alexis La Goutte
2016-03-30multi: turn Curl_done into file local multi_doneDaniel Stenberg
... as it now is used by multi.c only.
2016-03-27http_ntlm: Renamed from curl_ntlm.[c|h]Steve Holme
Renamed the header and source files for this module as they are HTTP specific and as such, they should use the naming convention as other HTTP authentication source files do - this revert commit 260ee6b7bf. Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind code needs separating from the HTTP protocol and migrating into the vauth directory, thus adding support for Winbind to the SASL based protocols such as IMAP, POP3 and SMTP.
2016-03-26vauth: Moved the Negotiate authentication code to the new vauth directorySteve Holme
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
2016-03-24http: Minor update based on CODE_STYLE guidelinesSteve Holme
2016-03-20connect/ntlm/http: Fixed compilation warnings when verbose strings disabledSteve Holme
warning C4189: 'data': local variable is initialized but not referenced
2016-02-17http2: don't decompress gzip decoding automaticallyDaniel Stenberg
At one point during the development of HTTP/2, the commit 133cdd29ea0 introduced automatic decompression of Content-Encoding as that was what the spec said then. Now however, HTTP/2 should work the same way as HTTP/1 in this regard. Reported-by: Kazuho Oku Closes #661
2016-02-16http: Don't break the header into chunks if HTTP/2Tatsuhiro Tsujikawa
nghttp2 callback deals with TLS layer and therefore the header does not need to be broken into chunks. Bug: https://github.com/curl/curl/issues/659 Reported-by: Kazuho Oku
2016-02-08Proxy-Connection: stop sending this header by defaultDaniel Stenberg
RFC 7230 says we should stop. Firefox already stopped. Bug: https://github.com/curl/curl/issues/633 Reported-By: Brad Fitzpatrick Closes #633
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2015-12-15http2: Support trailer fieldsTatsuhiro Tsujikawa
This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked encoding must be used to send trialer fields. HTTP/2 deprecated any trandfer-encoding, including chunked. But trailer fields are now always available. Since trailer fields are relatively rare these days (gRPC uses them extensively though), allocating buffer for trailer fields is done when we detect that HEADERS frame containing trailer fields is started. We use Curl_add_buffer_* functions to buffer all trailers, just like we do for regular header fields. And then deliver them when stream is closed. We have to be careful here so that all data are delivered to upper layer before sending trailers to the application. We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE mechanism, but current method is far more simple. Another possibility is use chunked encoding internally for HTTP/2 traffic. I have not tested it, but it could add another overhead. Closes #564
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-12-09fix b6d5cb40d7038feDaniel Stenberg
2015-12-08build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGSChristian Stewart
With curl disable verbose strings in http.c the compilation fails due to the data variable being undefined later on in the function. Closes #558
2015-11-25timecond: do not add if-modified-since without timeconditionDaniel Stenberg
The RTSP code path didn't skip adding the if-modified-since for certain RTSP code paths, even if CURLOPT_TIMECONDITION was set to CURL_TIMECOND_NONE. Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals CURL_TIMECOND_IFMODSINCE. Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-17http2: http_done: don't free already-freed push headersDaniel Stenberg
The push headers are freed after the push callback has been invoked, meaning this code should only free the headers if the callback was never invoked and thus the headers weren't freed at that time. Reported-by: Davey Shafik
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-10-20vtls: added support for mbedTLSJonas Minnberg
closes #496
2015-10-15fread_func: move callback pointer from set to state structDaniel Stenberg
... and assign it from the set.fread_func_set pointer in the Curl_init_CONNECT function. This A) avoids that we have code that assigns fields in the 'set' struct (which we always knew was bad) and more importantly B) it makes it impossibly to accidentally leave the wrong value for when the handle is re-used etc. Introducing a state-init functionality in multi.c, so that we can set a specific function to get called when we enter a state. The Curl_init_CONNECT is thus called when switching to the CONNECT state. Bug: https://github.com/bagder/curl/issues/346 Closes #346
2015-08-20rtsp: stop reading empty DESCRIBE responsesErik Janssen
Based-on-patch-by: Jim Hollinger
2015-08-11http2: discard frames with no SessionHandleAnders Bakken
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the SessionHandle. Apparently mod_h2 will sometimes send a frame for a stream_id we're finished with. Use nghttp2_session_get_stream_user_data and nghttp2_session_set_stream_user_data to identify SessionHandles instead of a hash. Closes #372
2015-07-30http: move HTTP/2 cleanup code off http_disconnect()Kamil Dudka
Otherwise it would never be called for an HTTP/2 connection, which has its own disconnect handler. I spotted this while debugging <https://bugzilla.redhat.com/1248389> where the http_disconnect() handler was called on an FTP session handle causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in Curl_add_buffer_free() after printing the "Connection cache is full, closing the oldest one." message. A previously working version of libcurl started to crash after it was recompiled with the HTTP/2 support despite the HTTP/2 protocol was not actually used. This commit makes it work again although I suspect the root cause (reinterpreting session handle data of incompatible protocol) still has to be fixed. Otherwise the same will happen when mixing FTP and HTTP/2 connections and exceeding the connection cache limit. Reported-by: Tomas Tomecek Bug: https://bugzilla.redhat.com/1248389
2015-07-25HTTP: ignore "Content-Encoding: compress"Michael Kaufmann
Currently, libcurl rejects responses with "Content-Encoding: compress" when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should treat the Content-Encoding "compress" the same as other Content-Encodings that it does not support, e.g. "bzip2". That means just ignoring it.
2015-07-07http2: Fix memory leak in push header arrayTatsuhiro Tsujikawa
2015-06-24http2: fixed the header accessor functions for the push callbackDaniel Stenberg
2015-06-24http2: setup the new pushed stream properlyDaniel Stenberg
2015-06-17http: do not leak basic auth credentials on re-used connectionsKamil Dudka
CVE-2015-3236 This partially reverts commit curl-7_39_0-237-g87c4abb Reported-by: Tomas Tomecek, Kamil Dudka Bug: http://curl.haxx.se/docs/adv_20150617A.html
2015-06-14urldata: store POST size in state.infilesize tooDaniel Stenberg
... to simplify checking when PUT _or_ POST have completed. Reported-by: Frank Meier Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-05-31HTTP-NTLM: fail auth on connection close instead of loopingIsaac Boukris
Bug: https://github.com/bagder/curl/issues/256
2015-05-22http: removed self assignmentDaniel Stenberg
Follow-up fix from b0143a2a33f0 Detected by coverity. CID 1299429
2015-05-20read_callback: move to SessionHandle from connectdataDaniel Stenberg
With many easy handles using the same connection for multiplexing, it is important we store and keep the transfer-oriented stuff in the SessionHandle so that callbacks and callback data work fine even when many easy handles share the same physical connection.
2015-05-19http: silence compile-time warnings without USE_NGHTTP2Kamil Dudka
Error: CLANG_WARNING: lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read Error: COMPILER_WARNING: lib/http.c: scope_hint: In function ‘http_disconnect’ lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable]
2015-05-18http: Add some include guards for the new HTTP/2 stuffJay Satiro
2015-05-18http2: fix build when NOT h2-enabledDaniel Stenberg
2015-05-18pipeline: switch some code over to functionsDaniel Stenberg
... to "compartmentalize" a bit and make it easier to change behavior when multiplexing is used instead of good old pipelining.
2015-05-18Curl_http_readwrite_headers: minor code simplificationDaniel Stenberg
2015-05-18http2: rename s/data/pausedataDaniel Stenberg
2015-05-18http2: set default concurrency, fix ConnectionExists for multiplexDaniel Stenberg
2015-05-18bundles: store no/default/pipeline/multiplexDaniel Stenberg
to allow code to act differently on the situation. Also added some more info message for the connection re-use function to make it clearer when connections are not re-used.
2015-05-18http2: lazy init header_recvbufDaniel Stenberg
It makes us use less memory when not doing HTTP/2 and subsequently also makes us not have to cleanup HTTP/2 related data when not using HTTP/2!
2015-05-18http2: separate multiplex/pipelining + cleanup memory leaksDaniel Stenberg
2015-05-18http2: force "drainage" of streamsDaniel Stenberg
... which is necessary since the socket won't be readable but there is data waiting in the buffer.
2015-05-18http2: move the mem+len pair to the stream structDaniel Stenberg
2015-05-18http2: more stream-oriented data, stream ID 0 is for connectionsDaniel Stenberg