aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2009-11-14- Constantine Sapuntzakis provided the fix that ensures that an SSL connectionYang Tse
won't be reused unless protection level for peer and host verification match.
2009-10-08Attempt to silence bogus compiler warning: "Potential null pointer dereference"Yang Tse
2009-09-17Attempt to silence bogus compiler warning: "Potential null pointer dereference"Yang Tse
2009-08-21- Lots of good work by Krister Johansen, mostly related to pipelining:Daniel Stenberg
Fix SIGSEGV on free'd easy_conn when pipe unexpectedly breaks Fix data corruption issue with re-connected transfers Fix use after free if we're completed but easy_conn not NULL
2009-08-11- Benbuck Nason posted the bug report #2835196Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2835196), fixing a few compiler warnings when mixing ints and bools.
2009-08-01- Alexander Beedie provided the patch for a noproxy problem: If I have setDaniel Stenberg
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually could still end up using a proxy if a proxy environment variable was set.
2009-07-22- Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.Daniel Stenberg
They introduce known_host support for SSH keys to libcurl. See docs for details.
2009-06-16- When doing non-anonymous ftp via http proxies and the password is notMichal Marek
provided in the url, add it there (squid needs this).
2009-06-12include <limits.h> for INT_MAX definitionYang Tse
2009-06-12fix compiler warningYang Tse
2009-06-10- Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings andDaniel Stenberg
contributed a range of patches to fix them.
2009-06-10Adjusted to take in account that...Yang Tse
With the curl memory tracking feature decoupled from the debug build feature, CURLDEBUG and DEBUGBUILD preprocessor symbol definitions are used as follows: CURLDEBUG used for curl debug memory tracking specific code (--enable-curldebug) DEBUGBUILD used for debug enabled specific code (--enable-debug)
2009-05-29corrected commentsDaniel Stenberg
2009-05-28fix compiler warning: unused parameterYang Tse
2009-05-27- Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clearDaniel Stenberg
the auth credentials back in 7.19.0 and earlier while now you have to set "" to get the same effect. His patch brings back the ability to use NULL.
2009-05-17- James Bursa posted a patch to the mailing list that fixed a problem withDaniel Stenberg
no_proxy which made it not skip the proxy if the URL entered contained a user name. I added test case 1101 to verify.
2009-05-12make no proxy set return OK from Curl_connected_proxy() since it will be calledDaniel Stenberg
unconditionally
2009-05-11fix the Curl_connected_proxy function for when libcurl actually connects fineDaniel Stenberg
to it in the actual connect call and not asynchronously.
2009-05-09ConnectPlease() fixed for the new proxy connect functionality to make sureDaniel Stenberg
'connected' truly is false when the socks connect fails. Curl_done() fixed for the check-conn->bits.done-before-Curl_getoff_all_pipelines case
2009-05-08- Constantine Sapuntzakis fixed bug report #2784055Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2784055) identifying a problem to connect to SOCKS proxies when using the multi interface. It turned out to almost not work at all previously. We need to wait for the TCP connect to be properly verified before doing the SOCKS magic. There's still a flaw in the FTP code for this.
2009-04-21libcurl's memory.h renamed to curl_memory.hYang Tse
2009-04-13- bug report #2727981 (http://curl.haxx.se/bug/view.cgi?id=2727981) by MartinDaniel Stenberg
Storsjo pointed out how setting CURLOPT_NOBODY to 0 could be downright confusing as it set the method to either GET or HEAD. The example he showed looked like: curl_easy_setopt(curl, CURLOPT_PUT, 1); curl_easy_setopt(curl, CURLOPT_NOBODY, 0); The new way doesn't alter the method until the request is about to start. If CURLOPT_NOBODY is then 1 the HTTP request will be HEAD. If CURLOPT_NOBODY is 0 and the request happens to have been set to HEAD, it will then instead be set to GET. I believe this will be less surprising to users, and hopefully not hit any existing users badly.
2009-03-03- David James brought a patch that make libcurl close (all) dead connectionsDaniel Stenberg
whenever you attempt to open a new connection.
2009-03-02- David Kierznowski notified us about a security flawDaniel Stenberg
(http://curl.haxx.se/docs/adv_20090303.html also known as CVE-2009-0037) in which previous libcurl versions (by design) can be tricked to access an arbitrary local/different file instead of a remote one when CURLOPT_FOLLOWLOCATION is enabled. This flaw is now fixed in this release together this the addition of two new setopt options for controlling this new behavior: o CURLOPT_REDIR_PROTOCOLS controls what protocols libcurl is allowed to follow to when CURLOPT_FOLLOWLOCATION is enabled. By default, this option excludes the FILE and SCP protocols and thus you nee to explicitly allow them in your app if you really want that behavior. o CURLOPT_PROTOCOLS controls what protocol(s) libcurl is allowed to fetch using the primary URL option. This is useful if you want to allow a user or other outsiders control what URL to pass to libcurl and yet not allow all protocols libcurl may have been built to support.
2009-02-28fix compiler warningYang Tse
2009-02-17- CURLOPT_FTP_CREATE_MISSING_DIRS can now be set to 2 in addition to 1 forDaniel Stenberg
plain FTP connections, and it will then allow MKD to fail once and retry the CWD afterwards. This is especially useful if you're doing many simultanoes connections against the same server and they all have this option enabled, as then CWD may first fail but then another connection does MKD before this connection and thus MKD fails but trying CWD works! The numbers can (should?) now be set with the convenience enums now called CURLFTP_CREATE_DIR and CURLFTP_CREATE_DIR_RETRY. Tests has proven that if you're making an application that uploads a set of files to an ftp server, you will get a noticable gain in speed if you're using multiple connections and this option will be then be very useful.
2009-02-07Moved Curl_strntoupper() to the rawstr.c file where the other raw stringDaniel Stenberg
functions are.
2009-02-02- Patrick Scott found a rather large memory leak when using the multiDaniel Stenberg
interface and setting CURLMOPT_MAXCONNECTS to something less than the number of handles you add to the multi handle. All the connections that didn't fit in the cache would not be properly disconnected nor freed!
2009-02-02- Craig A West brought us: libcurl now defaults to do CONNECT with HTTPDaniel Stenberg
version 1.1 instead of 1.0 like before. This change also introduces the new proxy type for libcurl called 'CURLPROXY_HTTP_1_0' that then allows apps to switch (back) to CONNECT 1.0 requests. The curl tool also got a --proxy1.0 option that works exactly like --proxy but sets CURLPROXY_HTTP_1_0. I updated all test cases cases that use CONNECT and I tried to do some using --proxy1.0 and some updated to do CONNECT 1.1 to get both versions run.
2009-01-28- Markus Moeller introduced two new options to libcurl:Daniel Stenberg
CURLOPT_SOCKS5_GSSAPI_SERVICE and CURLOPT_SOCKS5_GSSAPI_NEC to allow libcurl to do GSS-style authentication with SOCKS5 proxies. The curl tool got the options called --socks5-gssapi-service and --socks5-gssapi-nec to enable these.
2009-01-26- Chad Monroe provided the new CURLOPT_TFTP_BLKSIZE option that allows an appDaniel Stenberg
to set desired block size to use for TFTP transfers instead of the default 512 bytes.
2009-01-25- Craig A West brought CURLOPT_NOPROXY and the corresponding --noproxy option.Daniel Stenberg
They basically offer the same thing the NO_PROXY environment variable only offered previously: list a set of host names that shall not use the proxy even if one is specified.
2009-01-21Fixed a couple more locale-dependent toupper conversions, mainly forDan Fandrich
clarity. This does fix one problem that causes ;type=i FTP URLs to fail in the Turkish locale when CURLOPT_PROXY_TRANSFER_MODE is used (test case 561) Added tests 561 and 1092 through 1094 to test various combinations of ;type= and ;mode= URLs that could potentially fail in the Turkish locale.
2009-01-08Unified much of the SessionHandle initialization done in Curl_open() andDan Fandrich
curl_easy_reset() by creating Curl_init_userdefined(). This had the side effect of fixing curl_easy_reset() so it now also resets CURLOPT_FTP_FILEMETHOD and CURLOPT_SSL_SESSIONID_CACHE
2008-12-29 - Phil Lisiecki filed bug report #2413067Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2413067) that identified a problem that would cause libcurl to mark a DNS cache entry "in use" eternally if the subsequence TCP connect failed. It would thus never get pruned and refreshed as it should've been.
2008-12-19- Using the libssh2 0.19 function libssh2_session_block_directions(), libcurlDaniel Stenberg
now has an improved ability to do right when the multi interface (both "regular" and multi_socket) is used for SCP and SFTP transfers. This should result in (much) less busy-loop situations and thus less CPU usage with no speed loss.
2008-12-12Make the getoff all pipelines function only set _inuse to FALSE if theDaniel Stenberg
specified data pointer was head.
2008-12-11Dan F pointed out that we don't need to scan IPv6 addresses for '%'-lettersDaniel Stenberg
in the parse_remote_port() function as the scope id has already been stripped from the string.
2008-12-11- Keshav Krity found out that libcurl failed to deal with dotted IPv6Daniel Stenberg
addresses if they were very long (>39 letters) due to a too strict address validity parser. It now accepts addresses up to 45 bytes long.
2008-12-10- Internet Explorer had a broken HTTP digest authentication before v7 andDaniel Stenberg
there are servers "out there" that relies on the client doing this broken Digest authentication. Apache even comes with an option to work with such broken clients. The difference is only for URLs that contain a query-part (a '?'-letter and text to the right of it). libcurl now supports this quirk, and you enable it by setting the CURLAUTH_DIGEST_IE bit in the bitmask you pass to the CURLOPT_HTTPAUTH or CURLOPT_PROXYAUTH options. They are thus individually controlled to server and proxy.
2008-12-03- Igor Novoseltsev filed bug #2351645Daniel Stenberg
(http://curl.haxx.se/bug/view.cgi?id=2351645) that identified a problem with the multi interface that occured if you removed an easy handle while in progress and the handle was used in a HTTP pipeline.
2008-11-19- Andreas Wurf and Markus Koetter helped me analyze a problem that Andreas gotDaniel Stenberg
when uploading files to a single FTP server using multiple easy handle handles with the multi interface. Occasionally a handle would stall in mysterious ways. The problem turned out to be a side-effect of the ConnectionExists() function's eagerness to re-use a handle for HTTP pipelining so it would select it even if already being in use, due to an inadequate check for its chances of being used for pipelnining.
2008-11-05corrected and clarified the *_SPEED_LARGE commentsDaniel Stenberg
2008-11-03- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out aDaniel Stenberg
problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL pointer read. I also took the opportunity to clean up this logic (storing of the connection's IP address) somewhat as we had it stored in two different places and ways previously and they are now unified.
2008-10-23moved the Curl_raw_ functions into the new lib/rawstr.c file for easier curlx_Daniel Stenberg
inclusion by the curl tool without colliding with the curl_strequal functions.
2008-10-23Created Curl_raw_nequal() which does a C-locale string case comparison.Dan Fandrich
Changed checkprefix() to use it and those instances of strnequal() that compare host names or other protocol strings that are defined to be independent of case in the C locale. This should fix a few more Turkish locale problems.
2008-10-19attempt to fix or allow further detection of an elusive icc SIGSEGVYang Tse
2008-10-19clarified an argument's situation due to a false positive alert pointed outDaniel Stenberg
by coverity.com
2008-10-17oops ;-)Yang Tse
2008-10-17oopsYang Tse