aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-02-23ntlm: Removed the dependency on the TLS libaries when using MD5Steve Holme
As we have our own MD5 implementation use the MD5 wrapper to remove the TLS dependency. Closes #4967
2020-02-23md5/sha256: Updated the functions to allow non-string data to be hashedSteve Holme
2020-02-23digest: Corrected the name of the local HTTP digest functionSteve Holme
Follow up to 2b5b37cb. Local static functions do not require the Curl prefix.
2020-02-22tests: Added a unit test for SHA256 digest generationSteve Holme
Follow up to 2b5b37c. Closes #4968
2020-02-22md4: Fixed compilation issues when using GNU TLS gcryptSteve Holme
* Don't include 'struct' in the gcrypt MD4_CTX typedef * The call to gcry_md_read() should use a dereferenced ctx * The call to gcry_md_close() should use a dereferenced ctx Additional minor whitespace issue in the USE_WIN32_CRYPTO code. Closes #4959
2020-02-21http2: now require nghttp2 >= 1.12.0Daniel Stenberg
To simplify our code and since earlier versions lack important function calls libcurl needs to function correctly. nghttp2 1.12.0 was relased on June 26, 2016. Closes #4961
2020-02-21gtls: fix the copyright yearDaniel Stenberg
Follow-up from 41fcb4f609
2020-02-21GnuTLS: Always send client certjethrogb
TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Authored-by: jethrogb on github Fixes #1411 Closes #4958
2020-02-21cleanup: comment typosDaniel Stenberg
Spotted by 'codespell' Closes #4957
2020-02-20win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functionsSteve Holme
Whilst lib\md4.c used this pre-processor, lib\md5.c and src\tool_metalink.c did not and simply relied on the WIN32 pre-processor directive. Reviewed-by: Marcel Raad Closes #4955
2020-02-19connect: remove some spurious infof() callsDaniel Stenberg
As they were added primarily for debugging, they provide little use for users. Closes #4951
2020-02-19nit: Copyright year out of dateDaniel Stenberg
Follow-up to 1fc0617dcc
2020-02-18tool_util: Improve Windows version of tvnow()Jay Satiro
- Change tool_util.c tvnow() for Windows to match more closely to timeval.c Curl_now(). - Create a win32 init function for the tool, since some initialization is required for the tvnow() changes. Prior to this change the monotonic time function used by curl in Windows was determined at build-time and not runtime. That was a problem because when curl was built targeted for compatibility with old versions of Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps every 49.7 days that Windows has been running. This change makes curl behave similar to libcurl's tvnow function, which determines at runtime whether the OS is Vista+ and if so calls QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used because it has higher resolution than the more obvious candidate GetTickCount64). The changes to tvnow are basically a copy and paste but the types in some cases are different. Ref: https://github.com/curl/curl/issues/3309 Closes https://github.com/curl/curl/pull/4847
2020-02-18SOCKS: fix typo in printf formattingDaniel Stenberg
Follow-up to 4a4b63daa Reported-by: Peter Piekarski Bug: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08#r37351330
2020-02-18altsvc: make saving the cache an atomic operationDaniel Stenberg
... by writing the file to temp name then rename to the final when done. Assisted-by: Jay Satiro Fixes #4936 Closes #4942
2020-02-18rename: a new file for Curl_rename()Daniel Stenberg
And make the cookie save function use it.
2020-02-17cookies: make saving atomic with a renameDaniel Stenberg
Saves the file as "[filename].[8 random hex digits].tmp" and renames away the extension when done. Co-authored-by: Jay Satiro Reported-by: Mike Frysinger Fixes #4914 Closes #4926
2020-02-17socks: make the connect phase non-blockingDaniel Stenberg
Removes two entries from KNOWN_BUGS. Closes #4907
2020-02-16multi: if Curl_readwrite sets 'comeback' use expire, not loopDaniel Stenberg
Otherwise, a very fast single transfer ricks starving out other concurrent transfers. Closes #4927
2020-02-16ftp: convert 'sock_accepted' to a plain booleanDaniel Stenberg
This was an array indexed with sockindex but it was only ever used for the secondary socket. Closes #4929
2020-02-13tool_home: Fix the copyright year being out of dateSteve Holme
Follow up to 9dc350b6.
2020-02-12tool_homedir: Change GetEnv() to use libcurl's curl_getenv()Jay Satiro
- Deduplicate GetEnv() code. - On Windows change ultimate call to use Windows API GetEnvironmentVariable() instead of C runtime getenv(). Prior to this change both libcurl and the tool had their own GetEnv which over time diverged. Now the tool's GetEnv is a wrapper around curl_getenv (libcurl API function which is itself a wrapper around libcurl's GetEnv). Furthermore this change fixes a bug in that Windows API GetEnvironmentVariable() is called instead of C runtime getenv() to get the environment variable since some changes aren't always visible to the latter. Reported-by: Christoph M. Becker Fixes https://github.com/curl/curl/issues/4774 Closes https://github.com/curl/curl/pull/4863
2020-02-12strerror.h: Copyright year out of dateDaniel Stenberg
Follow-up to 1c4fa67e8a8fcf6
2020-02-12strerror: Increase STRERROR_LEN 128 -> 256Jay Satiro
STRERROR_LEN is the constant used throughout the library to set the size of the buffer on the stack that the curl strerror functions write to. Prior to this change some extended length Windows error messages could be truncated. Closes https://github.com/curl/curl/pull/4920
2020-02-12multi: fix outdated commentJay Satiro
- Do not say that conn->data is "cleared" by multi_done(). If the connection is in use then multi_done assigns another easy handle still using the connection to conn->data, therefore in that case it is not cleared. Closes https://github.com/curl/curl/pull/4901
2020-02-12easy: remove dead codeJay Satiro
multi is already assigned to data->multi by curl_multi_add_handle. Closes https://github.com/curl/curl/pull/4900
2020-02-09smtp: Simplify the MAIL command and avoid a duplication of send stringsSteve Holme
This avoids the duplication of strings when the optional AUTH and SIZE parameters are required. It also assists with the modifications that are part of #4892. Closes #4903
2020-02-09altsvc: keep a copy of the file name to survive handle resetDaniel Stenberg
The alt-svc cache survives a call to curl_easy_reset fine, but the file name to use for saving the cache was cleared. Now the alt-svc cache has a copy of the file name to survive handle resets. Added test 1908 to verify. Reported-by: Craig Andrews Fixes #4898 Closes #4902
2020-02-09url: Include the failure reason when curl_win32_idn_to_ascii() failsSteve Holme
Provide the failure reason in the failf() info just as we do for the libidn2 version of code. Closes #4899
2020-02-09asyn-thread: remove dead codeJay Satiro
2020-02-07digest: Do not quote algorithm in HTTP authorisationPierre-Yves Bigourdan
RFC 7616 section 3.4 (The Authorization Header Field) states that "For historical reasons, a sender MUST NOT generate the quoted string syntax for the following parameters: algorithm, qop, and nc". This removes the quoting for the algorithm parameter. Reviewed-by: Steve Holme Closes #4890
2020-02-07ftp: remove the duplicated user/password struct fieldsDaniel Stenberg
Closes #4887
2020-02-07ftp: remove superfluous checking for crlf in user or pwdDaniel Stenberg
... as this is already done much earlier in the URL parser. Also add test case 894 that verifies that pop3 with an encodedd CR in the user name is rejected. Closes #4887
2020-02-06ntlm_wb: Use Curl_socketpair() for greater portabilitySteve Holme
Reported-by: Daniel Stenberg Closes #4886
2020-02-05ftp: shrink temp buffers used for PORTDaniel Stenberg
These two stack based buffers only need to be 46 + 66 bytes instead of 256 + 1024. Closes #4880
2020-02-04altsvc: set h3 version at a common single spotDaniel Stenberg
... and move the #ifdefs out of the functions. Addresses the fact they were different before this change. Reported-by: Harry Sintonen Closes #4876
2020-02-04altsvc: improved header parserHarry Sintonen
- Fixed the flag parsing to apply to specific alternative entry only, as per RFC. The earlier code would also get totally confused by multiprotocol header, parsing flags from the wrong part of the header. - Fixed the parser terminating on unknown protocols, instead of skipping them. - Fixed a busyloop when protocol-id was present without an equal sign. Closes #4875
2020-02-04ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6Harry Sintonen
2020-02-04ntlm: Pass the Curl_easy structure to the private winbind functionsSteve Holme
...rather than the full conndata structure.
2020-02-03ntlm: Ensure the HTTP header data is not stored in the challenge/responseSteve Holme
2020-02-03openssl: remove redundant assignmentMarcel Raad
Fixes a scan-build failure on Bionic. Closes https://github.com/curl/curl/pull/4872
2020-02-02cleanup: fix typos and wording in docs and commentsPedro Monreal
Closes #4869 Reviewed-by: Emil Engler and Daniel Gustafsson
2020-02-02ntlm: Move the winbind data into the NTLM data structureSteve Holme
To assist with adding winbind support to the SASL NTLM authentication, move the winbind specific data out of conndata into ntlmdata.
2020-01-30quiche: Copyright year out of dateDaniel Stenberg
Follow-up to 7fc63d72333a
2020-01-30altsvc: use h3-25Daniel Stenberg
Closes #4868
2020-01-30quiche: update to draft-25Alessandro Ghedini
Closes #4867
2020-01-29ngtcp2: update to git master and its draft-25 supportDaniel Stenberg
Closes #4865
2020-01-29cookie: check __Secure- and __Host- case sensitivelyDaniel Stenberg
While most keywords in cookies are case insensitive, these prefixes are specified explicitly to get checked "with a case-sensitive match". (From the 6265bis document in progress) Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04 Closes #4864
2020-01-28multi_done: if multiplexed, make conn->data point to another transferDaniel Stenberg
... since the current transfer is being killed. Setting to NULL is wrong, leaving it pointing to 'data' is wrong since that handle might be about to get freed. Fixes #4845 Closes #4858 Reported-by: dmitrmax on github
2020-01-28urlapi: guess scheme correct even with credentials givenDaniel Stenberg
In the "scheme-less" parsing case, we need to strip off credentials first before we guess scheme based on the host name! Assisted-by: Jay Satiro Fixes #4856 Closes #4857