aboutsummaryrefslogtreecommitdiff
path: root/lib/urldata.h
AgeCommit message (Collapse)Author
2012-02-09CURLOPT_SSL_OPTIONS: addedDaniel Stenberg
Allow an appliction to set libcurl specific SSL options. The first and only options supported right now is CURLSSLOPT_ALLOW_BEAST. It will make libcurl to disable any work-arounds the underlying SSL library may have to address a known security flaw in the SSL3 and TLS1.0 protocol versions. This is a reaction to us unconditionally removing that behavior after this security advisory: http://curl.haxx.se/docs/adv_20120124B.html ... it did however cause a lot of programs to fail because of old servers not liking this work-around. Now programs can opt to decrease the security in order to interoperate with old servers better.
2012-02-09add library support for tuning TCP_KEEPALIVEDave Reisner
This adds three new options to control the behavior of TCP keepalives: - CURLOPT_TCP_KEEPALIVE: enable/disable probes - CURLOPT_TCP_KEEPIDLE: idle time before sending first probe - CURLOPT_TCP_KEEPINTVL: delay between successive probes While not all operating systems support the TCP_KEEPIDLE and TCP_KEEPINTVL knobs, the library will still allow these options to be set by clients, silently ignoring the values.
2012-01-18ssl session caching: fix compiler warningsYang Tse
2011-12-20FTP: move FTP-specific struct field to ftpc_connDaniel Stenberg
"wait_data_conn" was added to the connectionbits in commit c834213ad5 for handling active FTP connections but as it is purely FTP specific and now only ever accessed by ftp.c I moved it into the FTP connection struct.
2011-12-20non-blocking active FTP: cleanup multi state usageDaniel Stenberg
Backpedaled out the funny double-change of state in the multi state machine by adding a new argument to the do_more() function to signal completion. This way it can remain in the DO_MORE state properly until done. Long term, the entire DO_MORE logic should be moved into the FTP code and be hidden from the multi code as the logic is only used for FTP.
2011-12-20FTP: perform active connections non-blockingGokhan Sengun
1- Two new error codes are introduced. CURLE_FTP_ACCEPT_FAILED to be set whenever ACCEPTing fails because of FTP server connected. CURLE_FTP_ACCEPT_TIMEOUT to be set whenever ACCEPTing timeouts. Neither of these errors are considered fatal and control connection remains OK because it could just be a firewall blocking server to connect to the client. 2- One new setopt option was introduced. CURLOPT_ACCEPTTIMEOUT_MS It sets the maximum amount of time FTP client is going to wait for a server to connect. Internal default accept timeout is 60 seconds.
2011-12-05FTP: close callback fixDaniel Stenberg
Keep track of which sockets that are the result of accept() calls and refuse to call the closesocket callback for those sockets. Test case 596 now verifies that the open socket callback is called the same number of times as the closed socket callback for active FTP connections. Bug: http://curl.haxx.se/mail/lib-2011-12/0018.html Reported by: Gokhan Sengun
2011-11-24query-part: ignore the URI part for given protocolsJonas Schnelli
By setting PROTOPT_NOURLQUERY in the protocol handler struct, the protocol will get the "query part" of the URL cut off before the data is handled by the protocol-specific code. This makes libcurl adhere to RFC3986 section 2.2. Test 1220 is added to verify a file:// URL with query-part.
2011-11-03rename ftp_ssl: the struct field is used for many protocolsDaniel Stenberg
Now called 'use_ssl' instead, which better matches the current CURLOPT name and since the option is used for all pingpong protocols (at least) it makes sense to not use 'ftp' in the name.
2011-10-21curl_multi_fdset: correct fdset with FTP PORT useDaniel Stenberg
After a PORT has been issued, and the multi handle would switch to the CURLM_STATE_DO_MORE state (which is unique for FTP), libcurl would return the wrong fdset to wait for when curl_multi_fdset() is called. The code would blindly assume that it was waiting for a connect of the second connection, while that isn't true immediately after the PORT command. Also, the function multi.c:domore_getsock() was highly FTP-centric and therefore ugly to keep in protocol-agnostic code. I solved this problem by introducing a new function pointer in the Curl_handler struct called domore_getsock() which is only called during the DOMORE state for protocols that set that pointer. The new ftp.c:ftp_domore_getsock() function now returns fdset info about the control connection's command/response handling while such a state is in use, and goes over to waiting for a writable second connection first once the commands are done. The original problem could be seen by running test 525 and checking the time stamps in the FTP server log. I can verify that this fix at least fixes this problem. Bug: http://curl.haxx.se/mail/lib-2011-10/0250.html Reported by: Gokhan Sengun
2011-10-17nss: select client certificates by DERKamil Dudka
... instead of nicknames, which are not unique.
2011-09-22NTLM_WB: fix disabling of NTLM_WB when NTLM is disabledYang Tse
2011-08-27NTLM_WB: final congruency naming adjustmentsYang Tse
Configure script option --enable-wb-ntlm-auth renamed to --enable-ntlm-wb Configure script option --disable-wb-ntlm-auth renamed to --disable-ntlm-wb Preprocessor symbol WINBIND_NTLM_AUTH_ENABLED renamed to NTLM_WB_ENABLED Preprocessor symbol WINBIND_NTLM_AUTH_FILE renamed to NTLM_WB_FILE Test harness env var CURL_NTLM_AUTH renamed to CURL_NTLM_WB_FILE Static function wb_ntlm_close renamed to ntlm_wb_cleanup Static function wb_ntlm_initiate renamed to ntlm_wb_init Static function wb_ntlm_response renamed to ntlm_wb_response
2011-08-18FTP: fix proxy connect race conditionDaniel Stenberg
When using the multi interface, a SOCKS proxy, and a connection that wouldn't immediately consider itself connected (which my Linux tests do by default), libcurl would be tricked into doing _two_ connects to the SOCKS proxy when it setup the data connection and then of course the second attempt would fail miserably and cause error. This problem is a regression that was introduced by commit 4a42e5cdaa344755 that was introduced in the 7.21.7 release. Bug: http://curl.haxx.se/mail/lib-2011-08/0199.html Reported by: Fabian Keil
2011-08-11http NTLM: Tidied up more inconsistent spacing.Steve Holme
Moved NTLMSSP_SIGNATURE, HOSTNAME_MAX, SHORTPAIR and LONGQUARTET definitions in ready for move to curl_ntlm.c. Used separate variables for Windows SSPI and native code to ease moving of code to curl_ntlm.c. Fixed typographical erros where SPPI should be SSPI. Fixed compilation warnings on 64-bit builds when calling Windows SSPI functions.
2011-08-03curl_gssapi: refine the handling of CURLOPT_GSSAPI_DELEGATIONKamil Dudka
Suggested by Richard Silverman.
2011-08-03Add new CURLOPT_GSSAPI_DELEGATION option.Adam Tkac
Curl_gss_init_sec_context got new parameter - SessionHandle. Signed-off-by: Adam Tkac <atkac@redhat.com>
2011-07-31NTLM single-sign on adjustments (VIII)Yang Tse
Use preprocessor symbols WINBIND_NTLM_AUTH_ENABLED and WINBIND_NTLM_AUTH_FILE for Samba's winbind daemon ntlm_auth helper code implementation and filename. Retain preprocessor symbol USE_NTLM_SSO for NTLM single-sign-on feature availability implementation independent. For test harness, prefix NTLM_AUTH environment vars with CURL_ Refactor and rename configure option --with-ntlm-auth to --enable-wb-ntlm-auth[=FILE]
2011-07-29socketpair() usage tracking to allow fd leak detectionYang Tse
2011-07-18NTLM single-sign on supportedMandy Wu
With the use of the 'ntlm_auth' tool from the Samba project
2011-06-07urldata: use uniform inclusion style for OpenSSL headersYang Tse
2011-05-18CLOSESOCKETFUNCTION: addedDaniel Stenberg
Introduced the initial setup to allow closesocket callbacks by making sure sclose() is only ever called from one place in the libcurl source and still run all test cases fine.
2011-05-05set_userpass: convert from protocol-specific to genericDaniel Stenberg
The protocol handler's flags field now can set that the protocol requires a password, so that the set_userpass function doesn't have to have the specific knowledge of which protocols that do.
2011-05-05RTSP: convert protocol-specific checks to genericDaniel Stenberg
Add a 'readwrite' function to the protocol handler struct and use that for the extra readwrite functionality RTSP needs.
2011-05-05remove FILE protocol-specific checksDaniel Stenberg
Also, convert the BANPROXY flag into NONETWORK for the protocols (file:// only atm) that don't work over networks.
2011-04-27whitespace cleanup: no space first in conditionalsDaniel Stenberg
"if(a)" is our style, not "if( a )"
2011-04-27source cleanup: unify look, style and indent levelsDaniel Stenberg
By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
2011-04-25asynch resolvers: unifiedVsevolod Novikov
Introducing an internal API for handling of different async resolver backends.
2011-04-21Fix a couple of spelling errors in lib/Fabian Keil
Found with codespell.
2011-04-18transfer-encoding: added new option and cmdlineDaniel Stenberg
Added CURLOPT_TRANSFER_ENCODING as the option to set to request Transfer Encoding in HTTP requests (if built zlib enabled). I also renamed CURLOPT_ENCODING to CURLOPT_ACCEPT_ENCODING (while keeping the old name around) to reduce the confusion when we have to encoding options for HTTP. --tr-encoding is now the new command line option for curl to request this, and thus I updated the test cases accordingly.
2011-04-18TE: rename struct field content_encodingDaniel Stenberg
Since this struct member is used in the code to determine what and how to decode automatically and since it is now also used for compressed Transfer-Encodings, I renamed it to the more suitable 'auto_decoding'
2011-04-18HTTP: add support for gzip and deflate Transfer-EncodingDaniel Stenberg
Transfer-Encoding differs from Content-Encoding in a few subtle ways, but primarily it concerns the transfer only and not the content so when discovered to be compressed we know we have to uncompress it. There will only arrive compressed transfers in a response after we have requested them with the appropriate TE: header. Test case 1122 and 1123 verify.
2011-03-25fix: re-use of bound connectionsDaniel Stenberg
When asked to bind the local end of a connection when doing a request, the code will now disqualify other existing connections from re-use even if they are connected to the correct remote host. This will also affect which connections that can be used for pipelining, so that only connections that aren't bound or bound to the same device/port you're asking for will be considered.
2011-03-14protocols: use CURLPROTO_ internallyDaniel Stenberg
The PROT_* set of internal defines for the protocols is no longer used. We now use the same bits internally as we have defined in the public header using the CURLPROTO_ prefix. This is for simplicity and because the PROT_* prefix was already used duplicated internally for a set of KRB4 values. The PROTOPT_* defines were moved up to just below the struct definition within which they are used.
2011-03-14protocol handler: added flags fieldDaniel Stenberg
The protocol handler struct got a 'flags' field for special information and characteristics of the given protocol. This now enables us to move away central protocol information such as CLOSEACTION and DUALCHANNEL from single defines in a central place, out to each protocol's definition. It also made us stop abusing the protocol field for other info than the protocol, and we could start cleaning up other protocol-specific things by adding flags bits to set in the handler struct. The "protocol" field connectdata struct was removed as well and the code now refers directly to the conn->handler->protocol field instead. To make things work properly, the code now always store a conn->given pointer that points out the original handler struct so that the code can learn details from the original protocol even if conn->handler is modified along the way - for example when switching to go over a HTTP proxy.
2011-03-13SSH: add protocol lock directionDaniel Stenberg
Some protocols have to call the underlying functions without regard to what exact state the socket signals. For example even if the socket says "readable", the send function might need to be called while uploading, or vice versa. This is the case for libssh2 based protocols: SCP and SFTP and we now introduce a define to set those protocols and we make the multi interface code aware of this concept. This is another fix to make test 582 run properly.
2011-03-12PROT_CLOSEACTION: added SFTP and SCPDaniel Stenberg
Both SFTP and SCP are protocols that need to shut down stuff properly when the connection is about to get torned down. The primary effect of not doing this shows up as memory leaks (when using SCP or SFTP with the multi interface). This is one of the problems detected by test 582.
2011-03-08SSL: (part 2) Added CyaSSL to SSL abstraction layerTodd A Ouska
This is the modified existing files commit.
2011-01-27nss: avoid memory leaks and failure of NSS shutdownKamil Dudka
... in case more than one CA is loaded. Bug: https://bugzilla.redhat.com/670802
2011-01-19TLS-SRP: support added when using GnuTLSQuinn Slack
2011-01-07HTTP: HTTP Negotiate authentication using SSPIMarcel Roelofs
Only under Windows
2010-12-23multi: connect fail => use next IP addressDaniel Stenberg
When using the multi interface and connecting to a host name that resolves to multiple IP addresses, there was no logic that made it continue to the next IP if connecting to the first address times out. This is now corrected.
2010-12-18ares: ask for both IPv4 and IPv6 addressesTommie Gannert
Make the c-ares resolver code ask for both IPv4 and IPv6 addresses when IPv6 is enabled. This is a workaround for the missing ares_getaddrinfo() and is a lot easier to implement. Note that as long as c-ares returns IPv4 addresses when IPv6 addresses were requested but missing, this will cause a host's IPv4 addresses to occur twice in the DNS cache. URL: http://curl.haxx.se/mail/lib-2010-12/0041.html
2010-12-15urldate: undef hideous memory definesDaniel Stenberg
The public axTLS header (at least as of 1.2.7) redefines the memory functions. We #undef those again immediately after the public header to limit the damage. This should be fixed in axTLS.
2010-12-15Preparing for axTLS. Actual SSL API functions are only stubbed.Eric Hu
Added axTLS to autotool files and glue code to misc other files. axtls.h maps SSL API functions, but may change. axtls.c is just a stub file and will definitely change.
2010-12-06url: provide dead_connection flag in Curl_handler::disconnectKamil Dudka
It helps to prevent a hangup with some FTP servers in case idle session timeout has exceeded. But it may be useful also for other protocols that send any quit message on disconnect. Currently used by FTP, POP3, IMAP and SMTP.
2010-11-30fix getinfo CURLINFO_LOCAL* for reused connections (take 2)Yang Tse
2010-11-30fix getinfo CURLINFO_LOCAL* for reused connectionsYang Tse
2010-11-13urldata: Capitalize enum protect_level values.Julien Chaffraix
This makes it easier to spot the enum values from the variables. Removed some unneeded DEBUGASSERT added in the previous commit.
2010-11-13security: tighten enum protection_level usage.Julien Chaffraix
While changing Curl_sec_read_msg to accept an enum protection_level instead of an int, I went ahead and fixed the usage of the associated fields. Some code was assuming that prot_clear == 0. Fixed those to use the proper value. Added assertions prior to any code that would set the protection level.