aboutsummaryrefslogtreecommitdiff
path: root/lib/http.c
AgeCommit message (Collapse)Author
2014-10-24Curl_add_timecondition: skip superfluous varible assignmentDaniel Stenberg
Detected by cppcheck.
2014-09-07Ensure progress.size_dl/progress.size_ul are always >= 0Brandon Casey
Historically the default "unknown" value for progress.size_dl and progress.size_ul has been zero, since these values are initialized implicitly by the calloc that allocates the curl handle that these variables are a part of. Users of curl that install progress callbacks may expect these values to always be >= 0. Currently it is possible for progress.size_dl and progress.size_ul to by set to a value of -1, if Curl_pgrsSetDownloadSize() or Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few places currently do, and a following patch will add more). So lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() so they make sure that these variables always contain a value that is >= 0. Updates test579 and test599. Signed-off-by: Brandon Casey <drafnel@gmail.com>
2014-08-15http: fix the Content-Range: parserDaniel Stenberg
... to handle "*/[total]". Also, removed the strange hack that made CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return CURLE_OK. Reported-by: Dimitrios Siganos Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html
2014-08-02HTTP2: Support expect: 100-continueTatsuhiro Tsujikawa
"Expect: 100-continue", which was once deprecated in HTTP/2, is now resurrected in HTTP/2 draft 14. This change adds its support to HTTP/2 code. This change also includes stricter header field checking.
2014-07-23http2: more and better error checkingDaniel Stenberg
1 - fixes the warnings when built without http2 support 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 basically when they are about http2 specific things.
2014-07-23docs: Improve inline GSS-API naming in code documentationMichael Osipov
2014-07-23curl.h/features: Deprecate GSS-Negotiate macros due to bad namingMichael Osipov
- Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE - CURL_VERSION_GSSNEGOTIATE is deprecated which is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and CURUL_VERSION_SPNEGO now. - Remove display of feature 'GSS-Negotiate'
2014-07-23HTTP: Remove checkprefix("GSS-Negotiate")Michael Osipov
That auth mech has never existed neither on MS nor on Unix side. There is only Negotiate over SPNEGO.
2014-07-16Fix negotiate auth to proxies to track correct stateDavid Woodhouse
2014-07-16Don't abort Negotiate auth when the server has a response for usDavid Woodhouse
It's wrong to assume that we can send a single SPNEGO packet which will complete the authentication. It's a *negotiation* — the clue is in the name. So make sure we handle responses from the server. Curl_input_negotiate() will already handle bailing out if it thinks the state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps talking to us, so we should avoid endless loops that way.
2014-07-16Don't clear GSSAPI state between each exchange in the negotiationDavid Woodhouse
GSSAPI doesn't work very well if we forget everything ever time. XX: Is Curl_http_done() the right place to do the final cleanup?
2014-06-15https: Fix build when http2 is disabledDan Fandrich
2014-06-14http2: better return code error checkingDaniel Stenberg
2014-05-22http: Fix a compiler warning when http2 support is disabledDan Fandrich
2014-05-22bits.close: introduce connection close trackingDaniel Stenberg
Make all code use connclose() and connkeep() when changing the "close state" for a connection. These two macros take a string argument with an explanation, and debug builds of curl will include that in the debug output. Helps tracking connection re-use/close issues.
2014-05-20http2: make connection re-use workDaniel Stenberg
Http2 connections would wrongly get closed after each individual request. Co-authored-by: Tatsuhiro Tsujikawa Bug: http://curl.haxx.se/bug/view.cgi?id=1374
2014-05-15HTTP: CREDSPERREQUEST is for HTTP tooDaniel Stenberg
Commit 517b06d657ace (in 7.36.0) that brought the CREDSPERREQUEST flag only set it for HTTPS, making HTTP less good at doing connection re-use than it should be. Now set it for HTTP as well. Simple test case "curl -v -u foo:bar localhost --next -u bar:foo localhos" Bug: http://curl.haxx.se/mail/lib-2014-05/0127.html Reported-by: Kamil Dudka
2014-05-09http: avoid auth failure on a duplicated headerKamil Dudka
... 'WWW-Authenticate: Negotiate' received from server Reported by: David Woodhouse Bug: https://bugzilla.redhat.com/1093348
2014-04-26INFILESIZE: fields in UserDefined must not be changed run-timeDaniel Stenberg
set.infilesize in this case was modified in several places, which could lead to repeated requests using the same handle to get unintendent/wrong consequences based on what the previous request did!
2014-04-25nss: propagate blocking direction from NSPR I/OKamil Dudka
... during the non-blocking SSL handshake
2014-04-23handler: make 'protocol' always specified as a single bitDaniel Stenberg
This makes the findprotocol() function work as intended so that libcurl can properly be restricted to not support HTTP while still supporting HTTPS - since the HTTPS handler previously set both the HTTP and HTTPS bits in the protocol field. This fixes --proto and --proto-redir for most SSL protocols. This is done by adding a few new convenience defines that groups HTTP and HTTPS, FTP and FTPS etc that should then be used when the code wants to check for both protocols at once. PROTO_FAMILY_[protocol] style. Bug: https://github.com/bagder/curl/pull/97 Reported-by: drizzt
2014-04-04PROXYHEADER: send these headers in "normal" proxy requests tooDaniel Stenberg
Updated the docs to clarify and the code accordingly, with test 1528 to verify: When CURLHEADER_SEPARATE is set and libcurl is asked to send a request to a proxy but it isn't CONNECT, then _both_ header lists (CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the single request is then made for both the proxy and the server.
2014-04-04CURLOPT_HEADEROPT: addedDaniel Stenberg
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER is actually used or not.
2014-04-04CURLOPT_PROXYHEADER: set headers for proxy-onlyDaniel Stenberg
Includes docs and new test cases: 1525, 1526 and 1527 Co-written-by: Vijay Panghal
2014-04-04HTTP: don't send Content-Length: 0 _and_ Expect: 100-continueDaniel Stenberg
Without request body there's no point in asking for 100-continue. Bug: http://curl.haxx.se/bug/view.cgi?id=1349 Reported-by: JimS
2014-03-31http2: let openssl mention the exact protocol negotiatedDaniel Stenberg
Remove a superfluous "negotiated http2" info line
2014-03-31http2: remove _DRAFT09 from the NPN_HTTP2 enumDaniel Stenberg
We're progressing throught drafts so there's no point in having a fixed one in a symbol that'll survive.
2014-03-25url: Fixed connection re-use when using different log-in credentialsSteve Holme
In addition to FTP, other connection based protocols such as IMAP, POP3, SMTP, SCP, SFTP and LDAP require a new connection when different log-in credentials are specified. Fixed the detection logic to include these other protocols. Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-19polarssl: fix possible handshake timeout issue in multi.Gaël PORTAY
Because of the socket is unblocking, PolarSSL does need call to getsock to get the action to perform in multi environment. In some cases, it might happen we have not received yet all data to perform the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state is updated but because of the getsock has not the proper #define macro to, the library never prevents to select socket for input thus the socket will never be awaken when last data is available. Thus it leads to timeout.
2014-02-17http2: Support HTTP POST/PUTTatsuhiro Tsujikawa
This patch enables HTTP POST/PUT in HTTP2. We disabled Expect header field and chunked transfer encoding since HTTP2 forbids them. In HTTP1, Curl sends small upload data with request headers, but HTTP2 requires upload data must be in DATA frame separately. So we added some conditionals to achieve this.
2014-02-05http2: rely on content-encoding headerFabian Frank
A server might respond with a content-encoding header and a response that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the client did not send an accept-encoding header earlier. The server might not send a content-encoding header if the identity encoding was used to encode the response. See: http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3
2014-02-04HTTP2: add layer between existing http and socket(TLS) layerTatsuhiro Tsujikawa
This patch chooses different approach to integrate HTTP2 into HTTP curl stack. The idea is that we insert HTTP2 layer between HTTP code and socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade), we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the original callbacks in http_conn struct. When sending serialized data by nghttp2, we use original Curl_send callback. Likewise, when reading data from network, we use original Curl_recv callback. In this way we can treat both TLS and non-TLS connections. With this patch, one can transfer contents from https://twitter.com and from nghttp2 test server in plain HTTP as well. The code still has rough edges. The notable one is I could not figure out how to call nghttp2_session_send() when underlying socket is writable.
2014-01-30http2: switch into http2 mode if NPN indicatesFabian Frank
Check the NPN result before preparing an HTTP request and switch into HTTP/2.0 mode if necessary. This is a work in progress, the actual code to prepare and send the request using nghttp2 is still missing from Curl_http2_send_request().
2014-01-30http2: s/Curl_http2_request/Curl_http2_request_upgradeDaniel Stenberg
To better reflect its purpose
2014-01-29http2: handle 101 responses and switch to HTTP2Daniel Stenberg
2014-01-20HTTP POST: omit Content-Length if data size is unknownCédric Deltheil
This prevents sending a `Content-Length: -1` header, e.g this ocurred with the following combination: * standard HTTP POST (no chunked encoding), * user-defined read function set, * `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set. With this fix it now behaves like HTTP PUT.
2013-12-31mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TUSteve Holme
Following commit 0aafd77fa4c6f2, replaced the internal usage of FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we expect API programmers to use. This negates the need for separate definitions which were subtly different under different platforms/compilers.
2013-12-20vtls: renamed sslgen.[ch] to vtls.[ch]Daniel Stenberg
2013-12-20vtls: created subdir, moved sslgen.[ch] there, updated all include linesDaniel Stenberg
2013-11-03http: Post base64 decoding tidy upSteve Holme
Renamed copy_header_value() to Curl_copy_header_value() as this function is now non static. Simplified proxy flag in Curl_http_input_auth() when calling sub-functions. Removed unnecessary white space removal when using negotiate as it had been missed in commit cdccb422671aeb.
2013-11-02http: Added proxy tunnel authentication message header value extractionSteve Holme
...following recent changes to Curl_base64_decode() rather than trying to parse a header line for the authentication mechanisms which is CRLF terminated and inline zero terminate it.
2013-10-31http: Added authentication message header value extractionSteve Holme
...following recent changes to Curl_base64_decode() rather than trying to parse a header line for the authentication mechanisms which is CRLF terminated and inline zero terminate it.
2013-09-07http2: first embryo toward Upgrade:Daniel Stenberg
2013-09-07http: rename use_http_1_1 to use_http_1_1plusDaniel Stenberg
Since it now actually says if 1.1 or a later version should be used.
2013-08-12SessionHandle: the protocol specific pointer is now a void *Daniel Stenberg
All protocol handler structs are now opaque (void *) in the SessionHandle struct and moved in the request-specific sub-struct 'SingleRequest'. The intension is to keep the protocol specific knowledge in their own dedicated source files [protocol].c etc. There's some "leakage" where this policy is violated, to be addressed at a later point in time.
2013-08-12urldata: clean up the use of the protocol specific structsDaniel Stenberg
1 - always allocate the struct in protocol->setup_connection. Some protocol handlers had to get this function added. 2 - always free at the end of a request. This is also an attempt to keep less memory in the handle after it is completed.
2013-03-25NTLM: fix several NTLM code paths memory leaksYang Tse
2013-03-13Multiple pipelines and limiting the number of connections.Linus Nielsen Feltzing
Introducing a number of options to the multi interface that allows for multiple pipelines to the same host, in order to optimize the balance between the penalty for opening new connections and the potential pipelining latency. Two new options for limiting the number of connections: CURLMOPT_MAX_HOST_CONNECTIONS - Limits the number of running connections to the same host. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished, so we can reuse the connection. CURLMOPT_MAX_TOTAL_CONNECTIONS - Limits the number of connections in total. When adding a handle that exceeds this limit, that handle will be put in a pending state until another handle is finished. The free connection will then be reused, if possible, or closed if the pending handle can't reuse it. Several new options for pipelining: CURLMOPT_MAX_PIPELINE_LENGTH - Limits the pipeling length. If a pipeline is "full" when a connection is to be reused, a new connection will be opened if the CURLMOPT_MAX_xxx_CONNECTIONS limits allow it. If not, the handle will be put in a pending state until a connection is ready (either free or a pipe got shorter). CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a transfer with a content length that is larger than this. CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE - A pipelined connection will not be reused if it is currently processing a chunk larger than this. CURLMOPT_PIPELINING_SITE_BL - A blacklist of hosts that don't allow pipelining. CURLMOPT_PIPELINING_SERVER_BL - A blacklist of server types that don't allow pipelining. See the curl_multi_setopt() man page for details.
2013-01-17always-multi: always use non-blocking internalsDaniel Stenberg
Remove internal separated behavior of the easy vs multi intercace. curl_easy_perform() is now using the multi interface itself. Several minor multi interface quirks and bugs have been fixed in the process. Much help with debugging this has been provided by: Yang Tse
2013-01-09build: fix circular header inclusion with other packagesYang Tse
This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.