aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-06-16http-proxy: fix chunked-encoded CONNECT responsesDaniel Stenberg
Regression since 5113ad0424. ... and remove 'flaky' from test 1061 again Closes #1579
2017-06-16http-proxy: deal with EAGAINDaniel Stenberg
... the previous code would reset the header length wrongly (since 5113ad0424). This makes test 1060 reliable again. Also: make sws send even smaller chunks of data to increase the likeliness of this happening.
2017-06-16HTTPS-Proxy: don't offer h2 for https proxy connectionsJay Satiro
Bug: https://github.com/curl/curl/issues/1254 Closes #1546
2017-06-16url: refactor the check for Windows drive letter in pathJay Satiro
- Move the logic to detect a Windows drive letter prefix (eg c: in c:foo) into a function-like macro. Closes https://github.com/curl/curl/pull/1571
2017-06-16mk-ca-bundle.pl: Check curl's exit code after certdata downloadJay Satiro
- No longer allow partial downloads of certdata. Prior to this change partial downloads were (erroneously?) allowed since only the server code was checked to be 200. Bug: https://github.com/curl/curl/pull/1577 Reported-by: Matteo B.
2017-06-16http-proxy: fix build with --disable-proxy or --disable-httpDaniel Stenberg
Reported-by: Dan Fandrich
2017-06-15http-proxy: only attempt FTP over HTTP proxyDaniel Stenberg
... all other non-HTTP protocol schemes are now defaulting to "tunnel trough" mode if a HTTP proxy is specified. In reality there are no HTTP proxies out there that allow those other schemes. Assisted-by: Ray Satiro, Michael Kaufmann Closes #1505
2017-06-15curl_setup.h: error out on CURL_WANTS_CA_BUNDLE_ENV useDaniel Stenberg
... to make it really apparent if there's any user using this on purpose. Suggested-by: Jay Satiro Closes #1542
2017-06-15lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENVDaniel Stenberg
When this define was set, libcurl would check the environment variable named CURL_CA_BUNDLE at run-time and use that CA cert bundle. This feature was only defined by the watcom and m32 makefiles and caused inconsistent behaviours among libcurls built on different platforms. The curl tool does already feature its own similar logic and the library does not really need it, and it isn't documented libcurl behavior. So this change removes it. Ref: #1538
2017-06-14http-proxy: do the HTTP CONNECT process entirely non-blockingDaniel Stenberg
Mentioned as a problem since 2007 (8f87c15bdac63) and of course it existed even before that. Closes #1547
2017-06-14progress: let "current speed" be UL + DL speeds combinedDaniel Stenberg
Bug #1556 Reported-by: Paul Harris Closes #1559
2017-06-14timers: store internal time stamps as time_t instead of doublesDaniel Stenberg
This gives us accurate precision and it allows us to avoid storing "no time" for systems with too low timer resolution as we then bump the time up to 1 microsecond. Should fix test 573 on windows. Remove the now unused curlx_tvdiff_secs() function. Maintains the external getinfo() API with using doubles. Fixes #1531
2017-06-14includes: remove curl/curlbuild.h and curl/curlrules.hDaniel Stenberg
Rely entirely on curl/system.h now. Introduced in Aug 2008 with commit 14240e9e109f. Now gone. Fixes #1456
2017-06-13libressl: OCSP and intermediate certs workaround no longer neededStuart Henderson
lib/vtls/openssl.c has a workaround for a bug with OCSP responses signed by intermediate certs, this was fixed in LibreSSL in https://github.com/libressl-portable/openbsd/commit/912c64f68f7ac4f225b7d1fdc8fbd43168912ba0 Bug: https://curl.haxx.se/mail/lib-2017-06/0038.html
2017-06-13url: fix buffer overwrite with file protocol (CVE-2017-9502)Daniel Stenberg
Bug: https://github.com/curl/curl/issues/1540 Advisory: https://curl.haxx.se/docs/adv_20170614.html Assisted-by: Ray Satiro Reported-by: Marcel Raad
2017-06-09setopt: check CURLOPT_ADDRESS_SCOPE option rangeDaniel Stenberg
... and return error instead of triggering an assert() when being way out of range.
2017-06-08asyn-ares: s/Curl_expire_latest/Curl_expireDaniel Stenberg
2017-06-08expire: remove Curl_expire_latest()Daniel Stenberg
With the introduction of expire IDs and the fact that existing timers can be removed now and thus never expire, the concept with adding a "latest" timer is not working anymore as it risks to not expire at all. So, to be certain the timers actually are in line and will expire, the plain Curl_expire() needs to be used. The _latest() function was added as a sort of shortcut in the past that's quite simply not necessary anymore. Follow-up to 31b39c40cf90 Reported-by: Paul Harris Closes #1555
2017-06-07file: make speedcheck use current time for checksDaniel Stenberg
... as it would previously just get the "now" timestamp before the transfer starts and then not update it again. Closes #1550
2017-06-05test1521: test *all* curl_easy_setopt optionsDaniel Stenberg
mk-lib1521.pl generates a test program (lib1521.c) that calls curl_easy_setopt() for every known option with a few typical values to make sure they work (ignoring the return codes). Some small changes were necessary to avoid asserts and NULL accesses when doing this. The perl script needs to be manually rerun when we add new options. Closes #1543
2017-06-05curl_ntlm_core: use Curl_raw_toupper instead of toupperMarcel Raad
This was the only remaining use of toupper in the entire source code. Suggested-by: Daniel Stenberg
2017-06-04curl_ntlm_core: pass unsigned char to toupperMarcel Raad
Otherwise, clang on Cygwin64 warns: curl_ntlm_core.c:525:35: error: array subscript is of type 'char' [-Werror,-Wchar-subscripts] dest[2 * i] = (unsigned char)(toupper(src[i])); ^~~~~~~~~~~~~~~ /usr/include/ctype.h:152:25: note: expanded from macro 'toupper' (void) __CTYPE_PTR[__x]; (toupper) (__x);}) ^~~~
2017-06-03x509asn1: fix implicit-fallthrough warning with GCC 7Marcel Raad
2017-06-03curl_sasl: fix unused-variable warningMarcel Raad
This fixes the following warning with CURL_DISABLE_CRYPTO_AUTH, as seen in the autobuilds: curl_sasl.c:417:9: warning: unused variable 'serverdata' [-Wunused-variable]
2017-06-03cyassl: define build macros before including ssl.hMarcel Raad
cyassl/ssl.h needs the macros from cyassl/options.h, so define them before including cyassl/ssl.h the first time, which happens in urldata.h. This broke the build on Ubuntu Xenial, which comes with WolfSSL 3.4.8 and therefore redefines the symbols from cyassl/options.h instead of including the header. Closes https://github.com/curl/curl/pull/1536
2017-06-03dedotdot: fixed output for ".." and "." only inputDaniel Stenberg
Found when updating test 1395, which I did to increase test coverage of this source file... Closes #1535
2017-06-02mbedtls: make TU-local variable staticMarcel Raad
mbedtls_x509_crt_profile_fr is only used locally. This fixes a missing-variable-declarations warning with clang.
2017-06-02MD(4|5): silence cast-align clang warningMarcel Raad
Unaligned access is on purpose here and the warning is harmless on affected architectures. GCC knows that, while clang warns on all architectures.
2017-06-02curl_endian: remove unused functionsDaniel Stenberg
Closes #1529
2017-06-02build: provide easy code coverage measuringDaniel Stenberg
Closes #1528
2017-05-30transfer: init the infilesize from the postfields...Daniel Stenberg
... with a strlen() if no size was set, and do this in the pretransfer function so that the info is set early. Otherwise, the default strlen() done on the POSTFIELDS data never sets state.infilesize. Reported-by: Vincas Razma Bug: #1294
2017-05-29mbedtls: fix variable shadow warningJay Satiro
vtls/mbedtls.c:804:69: warning: declaration of 'entropy' shadows a global declaration [-Wshadow] CURLcode Curl_mbedtls_random(struct Curl_easy *data, unsigned char *entropy, ^~~~~~~
2017-05-25ssh: fix 'left' may be used uninitializedDaniel Stenberg
follow-up to f31760e63b4e Reported-by: Michael Kaufmann Bug: https://github.com/curl/curl/pull/1495#issuecomment-303982793
2017-05-24time: fix type conversions and compiler warningsMichael Kaufmann
Fix bugs and compiler warnings on systems with 32-bit long and 64-bit time_t. Reviewed-by: Daniel Stenberg Closes #1499
2017-05-23redirect: store the "would redirect to" URL when max redirs is reachedDaniel Stenberg
Test 1261 added to verify. Reported-by: Lloyd Fournier Fixes #1489 Closes #1497
2017-05-24LDAP: fixed checksrc issueSergei Nikulov
2017-05-23LDAP: using ldap_bind_s on Windows with methods (#878)Sergei Nikulov
* LDAP: using ldap_bind_s on Windows with methods(BASIC/DIGEST/NTLM/AUTONEG) * ldap: updated per build options handling * ldap: fixed logic for auth selection
2017-05-23cmake: fix build on Ubuntu 14.04Akhil Kedia
Fixed a syntax error with setting cache variables (The type and docstring were missing), resulting in build errors. Quoted the CURL_CA_PATH and CURL_CA_BUNDLE otherwise the path was written without quotes in C code, resulting in build errors. Closes #1503 Signed-off-by: Akhil <akhil.kedia@samsung.com>
2017-05-23url: fix declaration of 'pipe' shadows a global declarationDaniel Stenberg
follow-up to 4cdb1be8246c
2017-05-22memdebug: fix compilation failureKamil Dudka
.... caused by a typo in the last commit (fixing issue #1504): memdebug.c: In function ‘curl_fclose’: memdebug.c:444:3: error: implicit declaration of function ‘DEBUGDEBUGASSERT’ [-Werror=implicit-function-declaration]
2017-05-22assert: avoid, use DEBUGASSERT instead!Daniel Stenberg
... as it does extra checks to actually work. Reported-by: jonrumsey at github Fixes #1504
2017-05-21cmake: Add CURL_CA_FALLBACK to curl_config.h.cmakeSimon Warta
This is for symmetry with the autoconf generated curl_config.h.in
2017-05-20ssh: ignore timeouts during disconnectDaniel Stenberg
... as otherwise it risks not cleaning up the libssh2 handle properly which leads to memory leak! Assisted-by: Joel Depooter Closes #1495 Closes #1479 Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html
2017-05-16darwinssl: Fix exception when processing a client-side certificate fileNick Zitzmann
if no error was raised by the API but the SecIdentityRef was null Fixes #1450
2017-05-16curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLMDaniel Stenberg
Reported-by: wyattoday at github Fixes #1487
2017-05-15SecureTransport/DarwinSSL: Implement public key pinningmoparisthebest
Closes #1400
2017-05-13url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enoughDan Fandrich
Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not exceedingly tiny and will break if it is. This same check is already done at run time in the CURLOPT_BUFFERSIZE option.
2017-05-12multi: remove leftover debug infof() calls from e9fd794a6Daniel Stenberg
2017-05-12pipeline: fix mistakenly trying to pipeline POSTsDaniel Stenberg
The function IsPipeliningPossible() would return TRUE if either pipelining OR HTTP/2 were possible on a connection, which would lead to it returning TRUE even for POSTs on HTTP/1 connections. It now returns a bitmask so that the caller can differentiate which kind the connection allows. Fixes #1481 Closes #1483 Reported-by: stootill at github
2017-05-12mbedtls: Support server renegotiation requestRon Eldor
Tested with servers: IIS 7.5; OpenSSL 1.0.2. Closes https://github.com/curl/curl/pull/1475