aboutsummaryrefslogtreecommitdiff
path: root/lib/urldata.h
AgeCommit message (Collapse)Author
2012-12-07Introducing a new persistent connection caching system using "bundles".Linus Nielsen Feltzing
A bundle is a list of all persistent connections to the same host. The connection cache consists of a hash of bundles, with the hostname as the key. The benefits may not be obvious, but they are two: 1) Faster search for connections to reuse, since the hash lookup only finds connections to the host in question. 2) It lays out the groundworks for an upcoming patch, which will introduce multiple HTTP pipelines. This patch also removes the awkward list of "closure handles", which were needed to send QUIT commands to the FTP server when closing a connection. Now we allocate a separate closure handle and use that one to close all connections. This has been tested in a live system for a few weeks, and of course passes the test suite.
2012-11-06CURLOPT_SSL_VERIFYHOST: stop supporting the 1 valueDaniel Stenberg
After a research team wrote a document[1] that found several live source codes out there in the wild that misused the CURLOPT_SSL_VERIFYHOST option thinking it was a boolean, this change now bans 1 as a value and will make libcurl return error for it. 1 was never a sensible value to use in production but was introduced back in the days to help debugging. It was always documented clearly this way. 1 was never supported by all SSL backends in libcurl, so this cleanup makes the treatment of it unified. The report's list of mistakes for this option were all PHP code and while there's a binding layer between libcurl and PHP, the PHP team has decided that they have an as thin layer as possible on top of libcurl so they will not alter or specifically filter a 'TRUE' value for this particular option. I sympathize with that position. [1] = http://daniel.haxx.se/blog/2012/10/25/libcurl-claimed-to-be-dangerous/
2012-09-09curl_schannel.c: Reference count the credential/session handleMarc Hoersken
Reference counting the credential handle should avoid that such a handle is freed while it is still required for connection shutdown
2012-07-25darwinssl: fixed freeze involving the multi interfaceNick Zitzmann
Previously the curl_multi interface would freeze if darwinssl was enabled and at least one of the handles tried to connect to a Web site using HTTPS. Removed the "wouldblock" state darwinssl was using because I figured out a solution for our "would block but in which direction?" dilemma.
2012-06-26DarwinSSL: several adjustmentsNick Zitzmann
- Renamed st_ function prefix to darwinssl_ - Renamed Curl_st_ function prefix to Curl_darwinssl_ - Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h - Fixed a teensy little bug that made non-blocking connection attempts block - Made it so that it builds cleanly against the iOS 5.1 SDK
2012-06-26darwinssl: add support for native Mac OS X/iOS SSLNick Zitzmann
2012-06-14urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.hGisle Vanem
Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included via <winldap.h> in ldap.c. http://curl.haxx.se/mail/lib-2012-06/0196.html
2012-06-11schannel: Code cleanup and bug fixesMarc Hoersken
curl_sspi.c: Fixed mingw32-gcc compiler warnings curl_sspi.c: Fixed length of error code hex output The hex value was printed as signed 64-bit value on 64-bit systems: SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322) It is now correctly printed as the following: SEC_E_WRONG_PRINCIPAL (0x80090322) curl_sspi.c: Fallback to security function table version number Instead of reporting an unknown version, the interface version is used. curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version curl_schannel: Replaced static buffer sizes with defined names curl_schannel.c: First brace when declaring functions on column 0 curl_schannel.c: Put the pointer sign directly at variable name curl_schannel.c: Use structs directly instead of typedef'ed structs curl_schannel.c: Removed space before opening brace curl_schannel.c: Fixed lines being longer than 80 chars
2012-06-11schannel: Moved interal struct types to urldata.hMarc Hoersken
Moved type definitions in order to avoid inclusion loop
2012-06-11schannel: Save session credential handles in session cacheMarc Hoersken
2012-06-11schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPIMarc Hoersken
2012-04-18Take in account that CURLAUTH_* bitmasks are now 'unsigned long'Yang Tse
Data type of internal vars holding CURLAUTH_* bitmasks changed from 'long' to 'unsigned long' for proper handling and operating.
2012-04-13nss: unconditionally require PK11_CreateGenericObject()Kamil Dudka
This bumps the minimal supported version of NSS to 3.12.x.
2012-04-05CURLOPT_POSTREDIR: also allow 303 to do POST on the redirected URLAndrei Cipu
As it turns out, some people do want that after all.
2012-04-05PolarSSL: add support for asynchronous connectDag Ekengren
2012-03-22CONNECT: fix multi interface regressionDaniel Stenberg
The refactoring of HTTP CONNECT handling in commit 41b0237834232 that made it protocol independent broke it for the multi interface. This fix now introduce a better state handling and moved some logic to the http_proxy.c source file. Reported by: Yang Tse Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-02-14smtp_mail: Added support to MAIL FROM for the optional AUTH parameterSteve Holme
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to set the optional AUTH parameter in the MAIL FROM command. When this option is specified and an authentication mechanism is used to communicate with the mail server then the AUTH parameter will be included in the MAIL FROM command. This is particularly useful when the calling program is acting as a relay in a trusted environment and performing server to server communication, as it allows the relaying server to specify the address of the mailbox that was used to authenticate and send the original email.
2012-02-14cyassl: update to CyaSSL 2.0.x APItoddouska
Modify configure.ac to test for new CyaSSL Init function and remove default install path to system. Change to CyaSSL OpenSSL header and proper Init in code as well. Note that this no longer detects or works with CyaSSL before v2
2012-02-09CURLOPT_SSL_OPTIONS: addedDaniel Stenberg
Allow an appliction to set libcurl specific SSL options. The first and only options supported right now is CURLSSLOPT_ALLOW_BEAST. It will make libcurl to disable any work-arounds the underlying SSL library may have to address a known security flaw in the SSL3 and TLS1.0 protocol versions. This is a reaction to us unconditionally removing that behavior after this security advisory: http://curl.haxx.se/docs/adv_20120124B.html ... it did however cause a lot of programs to fail because of old servers not liking this work-around. Now programs can opt to decrease the security in order to interoperate with old servers better.
2012-02-09add library support for tuning TCP_KEEPALIVEDave Reisner
This adds three new options to control the behavior of TCP keepalives: - CURLOPT_TCP_KEEPALIVE: enable/disable probes - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe - CURLOPT_TCP_KEEPINTVL: delay between successive probes While not all operating systems support the TCP_KEEPIDLE and TCP_KEEPINTVL knobs, the library will still allow these options to be set by clients, silently ignoring the values.
2012-01-18ssl session caching: fix compiler warningsYang Tse
2011-12-20FTP: move FTP-specific struct field to ftpc_connDaniel Stenberg
"wait_data_conn" was added to the connectionbits in commit c834213ad5 for handling active FTP connections but as it is purely FTP specific and now only ever accessed by ftp.c I moved it into the FTP connection struct.
2011-12-20non-blocking active FTP: cleanup multi state usageDaniel Stenberg
Backpedaled out the funny double-change of state in the multi state machine by adding a new argument to the do_more() function to signal completion. This way it can remain in the DO_MORE state properly until done. Long term, the entire DO_MORE logic should be moved into the FTP code and be hidden from the multi code as the logic is only used for FTP.
2011-12-20FTP: perform active connections non-blockingGokhan Sengun
1- Two new error codes are introduced. CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of FTP server connected. CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts. Neither of these errors are considered fatal and control connection remains OK because it could just be a firewall blocking server to connect to the client. 2- One new setopt option was introduced. CURLOPT_ACCEPTTIMEOUT_MS It sets the maximum amount of time FTP client is going to wait for a server to connect. Internal default accept timeout is 60 seconds.
2011-12-05FTP: close callback fixDaniel Stenberg
Keep track of which sockets that are the result of accept() calls and refuse to call the closesocket callback for those sockets. Test case 596 now verifies that the open socket callback is called the same number of times as the closed socket callback for active FTP connections. Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html Reported by: Gokhan Sengun
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-10-17nss: select client certificates by DERKamil Dudka
... instead of nicknames, which are not unique.
2011-09-22NTLM_WB: fix disabling of NTLM_WB when NTLM is disabledYang Tse
2011-08-27NTLM_WB: final congruency naming adjustmentsYang Tse
Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE Static function wb_ntlm_close renamed to ntlm_wb_cleanup Static function wb_ntlm_initiate renamed to ntlm_wb_init Static function wb_ntlm_response renamed to ntlm_wb_response
2011-08-18FTP: fix proxy connect race conditionDaniel Stenberg
When using the multi interface, a SOCKS proxy, and a connection that wouldn't immediately consider itself connected (which my Linux tests do by default), libcurl would be tricked into doing _two_ connects to the SOCKS proxy when it setup the data connection and then of course the second attempt would fail miserably and cause error. This problem is a regression that was introduced by commit 4a42e5cdaa344755 that was introduced in the 7.21.7 release. Bug: http://curl.haxx.se/mail/lib-2011-08/0199.html Reported by: Fabian Keil
2011-08-11http NTLM: Tidied up more inconsistent spacing.Steve Holme
Moved NTLMSSP_SIGNATURE, HOSTNAME_MAX, SHORTPAIR and LONGQUARTET definitions in ready for move to curl_ntlm.c. Used separate variables for Windows SSPI and native code to ease moving of code to curl_ntlm.c. Fixed typographical erros where SPPI should be SSPI. Fixed compilation warnings on 64-bit builds when calling Windows SSPI functions.
2011-08-03curl_gssapi: refine the handling of CURLOPT_GSSAPI_DELEGATIONKamil Dudka
Suggested by Richard Silverman.
2011-08-03Add new CURLOPT_GSSAPI_DELEGATION option.Adam Tkac
Curl_gss_init_sec_context got new parameter - SessionHandle. Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-07-31NTLM single-sign on adjustments (VIII)Yang Tse
Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE for Samba's winbind daemon ntlm_auth helper code implementation and filename. Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature availability implementation independent. For test harness, prefix NTLM_AUTH environment vars with CURL_ Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
2011-07-29socketpair() usage tracking to allow fd leak detectionYang Tse
2011-07-18NTLM single-sign on supportedMandy Wu
With the use of the 'ntlm_auth' tool from the Samba project
2011-06-07urldata: use uniform inclusion style for OpenSSL headersYang Tse
2011-05-18CLOSESOCKETFUNCTION: addedDaniel Stenberg
Introduced the initial setup to allow closesocket callbacks by making sure sclose() is only ever called from one place in the libcurl source and still run all test cases fine.
2011-05-05set_userpass: convert from protocol-specific to genericDaniel Stenberg
The protocol handler's flags field now can set that the protocol requires a password, so that the set_userpass function doesn't have to have the specific knowledge of which protocols that do.
2011-05-05RTSP: convert protocol-specific checks to genericDaniel Stenberg
Add a 'readwrite' function to the protocol handler struct and use that for the extra readwrite functionality RTSP needs.
2011-05-05remove FILE protocol-specific checksDaniel Stenberg
Also, convert the BANPROXY flag into NONETWORK for the protocols (file:// only atm) that don't work over networks.
2011-04-27whitespace cleanup: no space first in conditionalsDaniel Stenberg
"if(a)" is our style, not "if( a )"
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-25asynch resolvers: unifiedVsevolod Novikov
Introducing an internal API for handling of different async resolver backends.
2011-04-21Fix a couple of spelling errors in lib/Fabian Keil
Found with codespell.
2011-04-18transfer-encoding: added new option and cmdlineDaniel Stenberg
Added CURLOPT_TRANSFER_ENCODING as the option to set to request Transfer Encoding in HTTP requests (if built zlib enabled). I also renamed CURLOPT_ENCODING to CURLOPT_ACCEPT_ENCODING (while keeping the old name around) to reduce the confusion when we have to encoding options for HTTP. --tr-encoding is now the new command line option for curl to request this, and thus I updated the test cases accordingly.
2011-04-18TE: rename struct field content_encodingDaniel Stenberg
Since this struct member is used in the code to determine what and how to decode automatically and since it is now also used for compressed Transfer-Encodings, I renamed it to the more suitable 'auto_decoding'
2011-04-18HTTP: add support for gzip and deflate Transfer-EncodingDaniel Stenberg
Transfer-Encoding differs from Content-Encoding in a few subtle ways, but primarily it concerns the transfer only and not the content so when discovered to be compressed we know we have to uncompress it. There will only arrive compressed transfers in a response after we have requested them with the appropriate TE: header. Test case 1122 and 1123 verify.