aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-02-12chunked decoder: track overflows correctlyDaniel Stenberg
The code didn't properly check the return codes to detect overflows so it could trigger incorrectly. Like on mingw32. Regression introduced in 345891edba (curl 7.35.0) Bug: http://curl.haxx.se/mail/lib-2014-02/0097.html Reported-by: LM
2014-02-11openssl: honor --[no-]alpn|npn command line switchFabian Frank
Disable ALPN or NPN if requested by the user.
2014-02-11gtls: honor --[no-]alpn command line switchFabian Frank
Disable ALPN if requested by the user.
2014-02-10NPN/ALPN: allow disabling via command lineFabian Frank
when using --http2 one can now selectively disable NPN or ALPN with --no-alpn and --no-npn. for now honored with NSS only. TODO: honor this option with GnuTLS and OpenSSL
2014-02-10nss: use correct preprocessor macroFabian Frank
SSL_ENABLE_ALPN can be used for preprocessor ALPN feature detection, but not SSL_NEXT_PROTO_SELECTED, since it is an enum value and not a preprocessor macro.
2014-02-09formdata: Must use Curl_safefree instead of freeDan Fandrich
2014-02-08formdata: Fixed memory leak on OOM conditionDan Fandrich
2014-02-07http2: updated README after NSS additionDaniel Stenberg
Changed the support to a little matrix and added brief explanation of what ALPN and NPN are for.
2014-02-07nss: support pre-ALPN versionsDaniel Stenberg
2014-02-07nss: ALPN and NPN supportFabian Frank
Add ALPN and NPN support for NSS. This allows cURL to negotiate HTTP/2.0 connections when built with NSS.
2014-02-07formpost: use semicolon in multipart/mixedDaniel Stenberg
Not comma, which is an inconsistency and a mistake probably inherited from the examples section of RFC1867. This bug has been present since the day curl started to support multipart formposts, back in the 90s. Reported-by: Rob Davies Bug: http://curl.haxx.se/bug/view.cgi?id=1333
2014-02-06ssh: Fixed a NULL pointer dereference on OOM conditionDan Fandrich
2014-02-06nss: Updated copyright year for recent editsSteve Holme
2014-02-06100-continue: fix timeout conditionRemi Gacogne
When using the multi socket interface, libcurl calls the curl_multi_timer_callback asking to be woken up after CURL_TIMEOUT_EXPECT_100 milliseconds. After the timeout has expired, calling curl_multi_socket_action with CURL_SOCKET_TIMEOUT as sockfd leads libcurl to check expired timeouts. When handling the 100-continue one, the following check in Curl_readwrite() fails if exactly CURL_TIMEOUT_EXPECT_100 milliseconds passed since the timeout has been set! It seems logical to consider that having waited for exactly CURL_TIMEOUT_EXPECT_100 ms is enough. Bug: http://curl.haxx.se/bug/view.cgi?id=1334
2014-02-06nss: prefer highest available TLS versionFabian Frank
Offer TLSv1.0 to 1.2 by default, still fall back to SSLv3 if --tlsv1[.N] was not specified on the command line.
2014-02-06http2: spell fixed README and added version requirementDaniel Stenberg
2014-02-05http2: minor update of the READMEDaniel Stenberg
2014-02-05http2: rely on content-encoding headerFabian Frank
A server might respond with a content-encoding header and a response that was encoded accordingly in HTTP-draft-09/2.0 mode, even if the client did not send an accept-encoding header earlier. The server might not send a content-encoding header if the identity encoding was used to encode the response. See: http://tools.ietf.org/html/draft-ietf-httpbis-http2-09#section-9.3
2014-02-04http2: enforce gzip auto-decompressDaniel Stenberg
As this is mandated by the http2 spec draft-09
2014-02-04http2: handle incoming data larger than remaining bufferTatsuhiro Tsujikawa
2014-02-04http2: Check stream ID we are interested inTatsuhiro Tsujikawa
2014-02-04http2: store response header in temporary bufferTatsuhiro Tsujikawa
2014-02-04HTTP2: add layer between existing http and socket(TLS) layerTatsuhiro Tsujikawa
This patch chooses different approach to integrate HTTP2 into HTTP curl stack. The idea is that we insert HTTP2 layer between HTTP code and socket(TLS) layer. When HTTP2 is initialized (either in NPN or Upgrade), we replace the Curl_recv/Curl_send callbacks with HTTP2's, but keep the original callbacks in http_conn struct. When sending serialized data by nghttp2, we use original Curl_send callback. Likewise, when reading data from network, we use original Curl_recv callback. In this way we can treat both TLS and non-TLS connections. With this patch, one can transfer contents from https://twitter.com and from nghttp2 test server in plain HTTP as well. The code still has rough edges. The notable one is I could not figure out how to call nghttp2_session_send() when underlying socket is writable.
2014-02-04gtls: add ALPN supportFabian Frank
Add ALPN support when using GnuTLS >= 3.2.0. This allows libcurl to negotiate HTTP/2.0 for https connections when built with GnuTLS. See: http://www.gnutls.org/manual/gnutls.html#Application-Layer-Protocol-Negotiation-_0028ALPN_0029 http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-02-03openssl: add ALPN supportFabian Frank
Add ALPN support when using OpenSSL. This will offer ALPN and NPN to the server, who can respond with either one or none of the two. OpenSSL >= 1.0.2 is required, which means as of today obtaining a snapshot from ftp://ftp.openssl.org/snapshot/. See: http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04 https://github.com/openssl/openssl/blob/ba168244a14bbd056e502d7daa04cae4aabe9d0d/ssl/ssl_lib.c#L1787
2014-01-31winssl: improved default SSL/TLS protocol selectionMarc Hoersken
For some reason Windows 7 SP1 chooses TLS 1.0 instead of TLS 1.2 if it is not explicitly enabled within grbitEnabledProtocols. More information can be found on MSDN: http://msdn.microsoft.com/library/windows/desktop/aa379810.aspx
2014-01-31pipeline: Fixed a NULL pointer dereference on OOMDan Fandrich
2014-01-30ftp: fixed a memory leak on wildcard error pathDan Fandrich
2014-01-30netrc: Fixed a memory leak in an OOM conditionDan Fandrich
2014-01-30ntlm: Fixed a memory leak when using NTLM with a proxy serverSteve Holme
2014-01-30http2: fix size check in on_data_chunk_recvDaniel Stenberg
2014-01-30http2: add CRLF when first data arrivesDaniel Stenberg
2014-01-30http2_recv: Return written length on CURLE_AGAINTatsuhiro Tsujikawa
2014-01-30http2: Use nghttp2_session_mem_recv and nghttp2_session_upgradeTatsuhiro Tsujikawa
2014-01-30http2: basic version of receiving DATADaniel Stenberg
2014-01-30http2: convert HEADER frames to HTTP1-like headersDaniel Stenberg
... and then go through the "normal" HTTP engine.
2014-01-30http2: fix EWOULDBLOCK in recv_callback()Daniel Stenberg
2014-01-30http2: do the POST Upgrade dance properlyDaniel Stenberg
2014-01-30ntlm: Use static client nonce for the test suiteSteve Holme
2014-01-30http2.h: provide empty macros for non-http2 buildsDaniel Stenberg
2014-01-30http2: switch into http2 mode if NPN indicatesFabian Frank
Check the NPN result before preparing an HTTP request and switch into HTTP/2.0 mode if necessary. This is a work in progress, the actual code to prepare and send the request using nghttp2 is still missing from Curl_http2_send_request().
2014-01-30http2: s/Curl_http2_request/Curl_http2_request_upgradeDaniel Stenberg
To better reflect its purpose
2014-01-30http2-openssl: verify that NPN functionality is presentDaniel Stenberg
2014-01-30openssl: set up hooks with to perform NPNFabian Frank
NPN is what is available in the wild today to negotiate SPDY or HTTP/2.0 connections. It is expected to be replaced by ALPN in the future. If HTTP/2.0 is negotiated, this is indicated for the entire connection and http.c is expected to initialize itself for HTTP/2.0 instead of HTTP/1.1. see: http://technotes.googlecode.com/git/nextprotoneg.html http://tools.ietf.org/html/draft-ietf-tls-applayerprotoneg-04
2014-01-30http2: added stubs for all nghttp2 callbacksDaniel Stenberg
This makes it easier to trace what's happening.
2014-01-29http2: use FIRSTSOCKET instead of 0 to index the sockets arrayDaniel Stenberg
2014-01-29http2: receive and log the received header framesDaniel Stenberg
2014-01-29http2_recv: log nghttp2 return codes for debugging purposesDaniel Stenberg
2014-01-29HTTP2: reject nghttp2 versions before 0.3.0Daniel Stenberg
2014-01-29http2: adjusted to newer nghttp2_session_callbacks structGisle Vanem
the number of elements in the 'nghttp2_session_callbacks' structure is now reduced by 2 in version 0.3.0 (I'm not sure when the change happened, but checking for ver 0.3.0 work for me).