aboutsummaryrefslogtreecommitdiff
path: root/lib/url.c
AgeCommit message (Collapse)Author
2016-02-03URLs: change all http:// URLs to https://Daniel Stenberg
2016-01-26NTLM: Fix ConnectionExists to compare Proxy credentialsIsaac Boukris
Proxy NTLM authentication should compare credentials when re-using a connection similar to host authentication, as it authenticate the connection. Example: curl -v -x http://proxy:port http://host/ -U good_user:good_pwd --proxy-ntlm --next -x http://proxy:port http://host/ [-U fake_user:fake_pwd --proxy-ntlm] CVE-2016-0755 Bug: http://curl.haxx.se/docs/adv_20160127A.html
2016-01-11ConnectionExists: only do pipelining/multiplexing when askedDaniel Stenberg
When an HTTP/2 upgrade request fails (no protocol switch), it would previously detect that as still possible to pipeline on (which is acorrect) and do that when PIPEWAIT was enabled even if pipelining was not explictily enabled. It should only pipelined if explicitly asked to. Closes #584
2016-01-11lib: Prefix URLs with lower-case protocol names/schemesMohammad AlSaleh
Before this patch, if a URL does not start with the protocol name/scheme, effective URLs would be prefixed with upper-case protocol names/schemes. This behavior might not be expected by library users or end users. For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the URL is "hostname/path". The effective URL would be "HTTPS://hostname/path" instead of "https://hostname/path". After this patch, effective URLs would be prefixed with a lower-case protocol name/scheme. Closes #597 Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
2016-01-11IDN host names: Remove the port number before converting to ACEMichael Kaufmann
Closes #596
2016-01-09url: Fix compile error with --enable-werrorTatsuhiro Tsujikawa
2016-01-08Revert "multiplex: allow only once HTTP/2 is actually used"Daniel Stenberg
This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36. Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
2016-01-08connection reuse: IDN host names fixedMichael Kaufmann
Use the ACE form of IDN hostnames as key in the connection cache. Add new tests. Closes #592
2016-01-06ConnectionExists: add missing newline in infof() callDaniel Stenberg
Mistake from commit a464f33843ee1
2016-01-06multiplex: allow only once HTTP/2 is actually usedDaniel Stenberg
To make sure curl doesn't allow multiplexing before a connection is upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the connection uses HTTP/2 as well and not only check what's wanted. Closes #584 Patch-by: c0ff
2015-12-23ConnectionExists: with *PIPEWAIT, wait for connectionsAnders Bakken
Try harder to prevent libcurl from opening up an additional socket when CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS handshakes complete first before the decision is made. Closes #575
2015-12-14setstropt: const-correctnessAnders Bakken
Closes #565
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-11-24done: make sure the final progress update is madeDaniel Stenberg
It would previously be skipped if an existing error was returned, but would lead to a previous value being left there and later used. CURLINFO_TOTAL_TIME for example. Still it avoids that final progress update if we reached DONE as the result of a callback abort to avoid another callback to be called after an abort-by-callback. Reported-by: Lukas Ruzicka Closes #538
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-11-09oauth2: Don't use XOAUTH2 in OAuth 2.0 variablesSteve Holme
2015-11-09oauth2: Use OAuth 2.0 rather than XOAUTH2 in commentsSteve Holme
When referring to OAuth 2.0 we should use the official name rather the SASL mechanism name.
2015-10-23http2: s/priority/weightDaniel Stenberg
2015-10-23http2: added three stream prio/deps optionsDaniel Stenberg
CURLOPT_STREAM_DEPENDS CURLOPT_STREAM_DEPENDS_E CURLOPT_STREAM_PRIORITY
2015-10-15fread_func: move callback pointer from set to state structDaniel Stenberg
... and assign it from the set.fread_func_set pointer in the Curl_init_CONNECT function. This A) avoids that we have code that assigns fields in the 'set' struct (which we always knew was bad) and more importantly B) it makes it impossibly to accidentally leave the wrong value for when the handle is re-used etc. Introducing a state-init functionality in multi.c, so that we can set a specific function to get called when we enter a state. The Curl_init_CONNECT is thus called when switching to the CONNECT state. Bug: https://github.com/bagder/curl/issues/346 Closes #346
2015-09-19NTLM: Reset auth-done when using a fresh connectionIsaac Boukris
With NTLM a new connection will always require authentication. Fixes #435
2015-09-08parse_proxy: reject illegal port numbersDaniel Stenberg
If the port number in the proxy string ended weirdly or the number is too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 numerical address is used without enclosing brackets. Also mention the bracket requirement for IPv6 numerical addresses to the man page for CURLOPT_PROXY. Closes #415 Reported-by: Marcel Raad
2015-08-22CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
2015-07-17SSL: Add an option to disable certificate revocation checksJay Satiro
New tool option --ssl-no-revoke. New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. Currently this option applies only to WinSSL where we have automatic certificate revocation checking by default. According to the ssl-compared chart there are other backends that have automatic checking (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at some later point. Bug: https://github.com/bagder/curl/issues/264 Reported-by: zenden2k <zenden2k@gmail.com>
2015-06-24http2: init the pushed transfer properlyDaniel Stenberg
2015-05-22parse_proxy: switch off tunneling if non-HTTP proxyDaniel Stenberg
non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html Reported-by: Sean Boudreau
2015-05-20read_callback: move to SessionHandle from connectdataDaniel Stenberg
With many easy handles using the same connection for multiplexing, it is important we store and keep the transfer-oriented stuff in the SessionHandle so that callbacks and callback data work fine even when many easy handles share the same physical connection.
2015-05-18http2: fix build when NOT h2-enabledDaniel Stenberg
2015-05-18pipeline: switch some code over to functionsDaniel Stenberg
... to "compartmentalize" a bit and make it easier to change behavior when multiplexing is used instead of good old pipelining.
2015-05-18CURLOPT_PIPEWAIT: addedDaniel Stenberg
By setting this option to 1 libcurl will wait for a connection to reveal if it is possible to pipeline/multiplex on before it continues.
2015-05-18IsPipeliningPossible: fixed for http2Daniel Stenberg
2015-05-18http2: remove the stream from the hash in stream_close callbackDaniel Stenberg
... and suddenly things work much better!
2015-05-18http2: set default concurrency, fix ConnectionExists for multiplexDaniel Stenberg
2015-05-18bundles: store no/default/pipeline/multiplexDaniel Stenberg
to allow code to act differently on the situation. Also added some more info message for the connection re-use function to make it clearer when connections are not re-used.
2015-05-18http2: separate multiplex/pipelining + cleanup memory leaksDaniel Stenberg
2015-05-18CURLMOPT_PIPELINE: bit 1 is for multiplexingDaniel Stenberg
2015-05-18pipeline: move function to pipeline.c and make staticDaniel Stenberg
... as it was only used from there.
2015-05-18IsPipeliningPossible: http2 can always "pipeline" (multiplex)Daniel Stenberg
2015-05-18http2: force "drainage" of streamsDaniel Stenberg
... which is necessary since the socket won't be readable but there is data waiting in the buffer.
2015-05-18http2: move the mem+len pair to the stream structDaniel Stenberg
2015-05-12bundles: merged into conncache.cDaniel Stenberg
All the existing Curl_bundle* functions were only ever used from within the conncache.c file, so I moved them over and made them static (and removed the Curl_ prefix).
2015-05-12hostcache: made all host caches use structs, not pointersDaniel Stenberg
This avoids unnecessary dynamic allocs and as this also removed the last users of *hash_alloc() and *hash_destroy(), those two functions are now removed.
2015-05-12connection cache: avoid Curl_hash_alloc()Daniel Stenberg
... by using plain structs instead of pointers for the connection cache, we can avoid several dynamic allocations that weren't necessary.
2015-04-28CURLOPT_HEADEROPT: default to separateDaniel Stenberg
Make the HTTP headers separated by default for improved security and reduced risk for information leakage. Bug: http://curl.haxx.se/docs/adv_20150429.html Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28Negotiate: custom service names for SPNEGO.Linus Nielsen
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. * Add new curl options, --proxy-service-name and --service-name.
2015-04-27ConnectionExists: call it multi-use instead of pipeliningDaniel Stenberg
So that it fits HTTP/2 as well
2015-04-22connectionexists: follow-up to fd9d3a1ef1fDaniel Stenberg
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not enabled. Mistake-caught-by: Kamil Dudka
2015-04-22connectionexists: fix build without NTLMDaniel Stenberg
Do not access NTLM-specific struct fields when built without NTLM enabled! bug: http://curl.haxx.se/?i=231 Reported-by: Patrick Rapin
2015-04-21fix_hostname: zero length host name caused -1 index offsetDaniel Stenberg
If a URL is given with a zero-length host name, like in "http://:80" or just ":80", `fix_hostname()` will index the host name pointer with a -1 offset (as it blindly assumes a non-zero length) and both read and assign that address. CVE-2015-3144 Bug: http://curl.haxx.se/docs/adv_20150422D.html Reported-by: Hanno Böck