aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-04-06Revert "openssl: Don't add verify locations when verifypeer==0"Gaurav Malhotra
This reverts commit dc85437736e1fc90e689bb1f6c51c8f1aa9430eb. libcurl (with the OpenSSL backend) performs server certificate verification even if verifypeer == 0 and the verification result is available using CURLINFO_SSL_VERIFYRESULT. The commit that is being reverted caused the CURLINFO_SSL_VERIFYRESULT to not have useful information for the verifypeer == 0 use case (it would always have X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY). Closes #2451
2018-04-06tls: fix mbedTLS 2.7.0 build + handle sha256 failuresWyatt O'Day
(mbedtls 2.70 compiled with MBEDTLS_DEPRECATED_REMOVED) Closes #2453
2018-04-06cookie: case-insensitive hashing for the domainsLauri Kasanen
closes #2458
2018-04-04cookie: fix and optimize 2nd top level domain name extractionPatrick Monnerat
This fixes a segfault occurring when a name of the (invalid) form "domain..tld" is processed. test46 updated to cover this case. Follow-up to commit c990ead. Ref: https://github.com/curl/curl/pull/2440
2018-04-04openssl: provide defines for argument typecasts to build warning-freeDaniel Stenberg
... as OpenSSL >= 1.1.0 and libressl >= 2.7.0 use different argument types.
2018-04-04openssl: fix build with LibreSSL 2.7Bernard Spil
- LibreSSL 2.7 implements (most of) OpenSSL 1.1 API Fixes #2319 Closes #2447 Closes #2448 Signed-off-by: Bernard Spil <brnrd@FreeBSD.org>
2018-04-02cookie: store cookies per top-level-domain-specific hash tableLauri Kasanen
This makes libcurl handle thousands of cookies much better and speedier. Closes #2440
2018-04-02cookies: when reading from a file, only remove_expired onceLauri Kasanen
This drops the cookie load time for 8k cookies from 178ms to 15ms. Closes #2441
2018-03-24threaded resolver: track resolver time and set suitable timeout valuesDaniel Stenberg
In order to make curl_multi_timeout() return suitable "sleep" times even when there's no socket to wait for while the name is being resolved in a helper thread. It will increases the timeouts as time passes. Closes #2419
2018-03-23openldap: fix for NULL return from ldap_get_attribute_ber()Howard Chu
Closes #2399
2018-03-22timeval: remove compilation warning by casting (#2417)Sergei Nikulov
This is fixes #2358
2018-03-22http2: read pending frames (including GOAWAY) in connection-checkDaniel Stenberg
If a connection has received a GOAWAY frame while not being used, the function now reads frames off the connection before trying to reuse it to avoid reusing connections the server has told us not to use. Reported-by: Alex Baines Fixes #1967 Closes #2402
2018-03-20vauth/cleartext: fix integer overflow checkDaniel Stenberg
Make the integer overflow check not rely on the undefined behavior that a size_t wraps around on overflow. Detected by lgtm.com Closes #2408
2018-03-20lib/curl_path.h: add #ifdef header guardDaniel Stenberg
Detected by lgtm.com
2018-03-20vauth/ntlm.h: fix the #ifdef header guardDaniel Stenberg
Detected by lgtm.com
2018-03-19parsedate: support UT timezoneNikos Tsipinakis
RFC822 section 5.2 mentions Universal Time, 'UT', to be synonymous with GMT. Closes #2401
2018-03-19cmake: add support for brotliDon
Currently CMake cannot detect Brotli support. This adds detection of the libraries and associated header files. It also adds this to the generated config. Closes #2392
2018-03-18darwinssl: fix iOS buildChris Araman
2018-03-17resolve: add CURLOPT_DNS_SHUFFLE_ADDRESSESRick Deist
This patch adds CURLOPT_DNS_SHUFFLE_ADDRESSES to explicitly request shuffling of IP addresses returned for a hostname when there is more than one. This is useful when the application knows that a round robin approach is appropriate and is willing to accept the consequences of potentially discarding some preference order returned by the system's implementation. Closes #1694
2018-03-17add_handle/easy_perform: clear errorbuffer on start if setDaniel Stenberg
To offer applications a more defined behavior, we clear the buffer as early as possible. Assisted-by: Jay Satiro Fixes #2190 Closes #2377
2018-03-17CURLOPT_HAPROXYPROTOCOL: support the HAProxy PROXY protocolLawrence Matthews
Add --haproxy-protocol for the command line tool Closes #2162
2018-03-16multi: improved pending transfers handling => improved performanceDaniel Stenberg
When a transfer is requested to get done and it is put in the pending queue when limited by number of connections, total or per-host, libcurl would previously very aggressively retry *ALL* pending transfers to get them transferring. That was very time consuming. By reducing the aggressiveness in how pending are being retried, we waste MUCH less time on putting transfers back into pending again. Some test cases got a factor 30(!) speed improvement with this change. Reported-by: Cyril B Fixes #2369 Closes #2383
2018-03-16pause: when changing pause state, update socket stateDaniel Stenberg
Especially unpausing a transfer might have to move the socket back to the "currently used sockets" hash to get monitored. Otherwise it would never get any more data and get stuck. Easily triggered with pausing using the multi_socket API. Reported-by: Philip Prindeville Bug: https://curl.haxx.se/mail/lib-2018-03/0048.html Fixes #2393 Closes #2391
2018-03-16rate-limit: use three second window to better handle high speedsDaniel Stenberg
Due to very frequent updates of the rate limit "window", it could attempt to rate limit within the same milliseconds and that then made the calculations wrong, leading to it not behaving correctly on very fast transfers. This new logic updates the rate limit "window" to be no shorter than the last three seconds and only updating the timestamps for this when switching between the states TOOFAST/PERFORM. Reported-by: 刘佩东 Fixes #2386 Closes #2388
2018-03-16cleanup: misc typos in strings and commentsluz.paz
Found via `codespell` Closes #2389
2018-03-15http2: fixes typoKobi Gurkan
Closes #2387
2018-03-15transfer: make HTTP without headers count correct body sizeDaniel Stenberg
This is what "HTTP/0.9" basically looks like. Reported on IRC Closes #2382
2018-03-14FTP: fix typo in recursive callback detection for seekingdasimx
Fixes #2380
2018-03-12Revert "hostip: fix compiler warning: 'variable set but not used'"Daniel Stenberg
This reverts commit a577059f92fc65bd6b81717f0737f897a5b34248. The assignment really needs to be there or we risk working with an uninitialized pointer.
2018-03-12limit-rate: fix compiler warningMichael Kaufmann
follow-up to 72a0f62
2018-03-12checksrc.pl: add -i and -m optionsViktor Szakats
To sync it with changes made for the libssh2 project. Also cleanup some whitespace.
2018-03-12http2: mark the connection for close on GOAWAYDaniel Stenberg
... don't consider it an error! Assisted-by: Jay Satiro Reported-by: Łukasz Domeradzki Fixes #2365 Closes #2375
2018-03-12openldap: white space changes, fixed up the copyright yearsDaniel Stenberg
2018-03-12openldap: check ldap_get_attribute_ber() results for NULL before usingDaniel Stenberg
CVE-2018-1000121 Reported-by: Dario Weisser Bug: https://curl.haxx.se/docs/adv_2018-97a2.html
2018-03-12FTP: reject path components with control codesDaniel Stenberg
Refuse to operate when given path components featuring byte values lower than 32. Previously, inserting a %00 sequence early in the directory part when using the 'singlecwd' ftp method could make curl write a zero byte outside of the allocated buffer. Test case 340 verifies. CVE-2018-1000120 Reported-by: Duy Phan Thanh Bug: https://curl.haxx.se/docs/adv_2018-9cd6.html
2018-03-12readwrite: make sure excess reads don't go beyond buffer endDaniel Stenberg
CVE-2018-1000122 Bug: https://curl.haxx.se/docs/adv_2018-b047.html Detected by OSS-fuzz
2018-03-11limit-rate: kick in even before "limit" data has been receivedDaniel Stenberg
... and make sure to avoid integer overflows with really large values. Reported-by: 刘佩东 Fixes #2371 Closes #2373
2018-03-11Curl_range: fix FTP-only and FILE-only buildsMichael Kaufmann
follow-up to e04417d
2018-03-11hostip: fix compiler warning: 'variable set but not used'Michael Kaufmann
2018-03-11HTTP: allow "header;" to replace an internal header with a blank oneDaniel Stenberg
Reported-by: Michael Kaufmann Fixes #2357 Closes #2362
2018-03-10http2: verbose output new MAX_CONCURRENT_STREAMS valuesDaniel Stenberg
... as it is interesting for many users.
2018-03-05WolfSSL: adding TLSv1.3sergii.kavunenko
Closes #2349
2018-03-04krb5: use nondeprecated functionsMarcel Raad
gss_seal/gss_unseal have been deprecated in favor of gss_wrap/gss_unwrap with GSS-API v2 from January 1997 [1]. The first version of "The Kerberos Version 5 GSS-API Mechanism" [2] from June 1996 already says "GSS_Wrap() (formerly GSS_Seal())" and "GSS_Unwrap() (formerly GSS_Unseal())". Use the nondeprecated functions to avoid deprecation warnings. [1] https://tools.ietf.org/html/rfc2078 [2] https://tools.ietf.org/html/rfc1964 Closes https://github.com/curl/curl/pull/2356
2018-03-04NO_PROXY: fix for IPv6 numericals in the URLDaniel Stenberg
Added test 1265 that verifies. Reported-by: steelman on github Fixes #2353 Closes #2355
2018-03-03curl_ctype: fix macro redefinition warningsMarcel Raad
On MinGW and Cygwin, GCC and clang have been complaining about macro redefinitions since 4272a0b0fc49a1ac0ceab5c4a365c9f6ab8bf8e2. Fix this by undefining the macros before redefining them as suggested in https://github.com/curl/curl/pull/2269. Suggested-by: Daniel Stenberg
2018-02-28unit1309: fix warning on Windows x64Marcel Raad
When targeting x64, MinGW-w64 complains about conversions between 32-bit long and 64-bit pointers. Fix this by reusing the GNUTLS_POINTER_TO_SOCKET_CAST / GNUTLS_SOCKET_TO_POINTER_CAST logic from gtls.c, moving it to warnless.h as CURLX_POINTER_TO_INTEGER_CAST / CURLX_INTEGER_TO_POINTER_CAST. Closes https://github.com/curl/curl/pull/2341
2018-02-23spelling fixesViktor Szakats
Detected using the `codespell` tool. Also contains one URL protocol upgrade. Closes https://github.com/curl/curl/pull/2334
2018-02-21url: Add option CURLOPT_RESOLVER_START_FUNCTIONFrancisco Sedano
- Add new option CURLOPT_RESOLVER_START_FUNCTION to set a callback that will be called every time before a new resolve request is started (ie before a host is resolved) with a pointer to backend-specific resolver data. Currently this is only useful for ares. - Add new option CURLOPT_RESOLVER_START_DATA to set a user pointer to pass to the resolver start callback. Closes https://github.com/curl/curl/pull/2311
2018-02-21lib: CURLOPT_HAPPY_EYEBALLS_TIMEOUT => CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MSJay Satiro
- In keeping with the naming of our other connect timeout options rename CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS. This change adds the _MS suffix since the option expects milliseconds. This is more intuitive for our users since other connect timeout options that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS, CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS. The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms. Follow-up to 2427d94 which added the lib and tool option yesterday. Ref: https://github.com/curl/curl/pull/2260
2018-02-21sasl: prefer PLAIN mechanism over LOGINPatrick Monnerat
SASL PLAIN is a standard, LOGIN only a draft. The LOGIN draft says PLAIN should be used instead if available.