aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-03-31vquic/ngtcp2.h: update copyright year rangeDaniel Stenberg
Follow-up to 0736ee73d346a52
2020-03-31vquic: add support for GnuTLS backend of ngtcp2Daiki Ueno
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile time. Therefore OpenSSL support needs to be explicitly disabled. Signed-off-by: Daiki Ueno <dueno@redhat.com> Closes #5148
2020-03-31misc: copyright year updatesDaniel Stenberg
Follow-up to 7a71965e9
2020-03-31build: fixed build for systems with select() in unistd.hHarry Sintonen
Closes #5169
2020-03-31memdebug: don't log free(NULL)Daniel Stenberg
... it serves no purpose and fills up the log.
2020-03-30cleanup: insert newline after if() conditionsDaniel Stenberg
Our code style mandates we put the conditional block on a separate line. These mistakes are now detected by the updated checksrc.
2020-03-30checksrc: warn on obvious conditional blocks on the same line as if()Daniel Stenberg
Closes #5164
2020-03-30ngtcp2: update to git master for the key installation API changeDaiki Ueno
This updates the ngtcp2 OpenSSL backend to follow the API change in commit 32e703164 of ngtcp2. Notable changes are: - ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace ngtcp2_crypto_derive_and_install_key - the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key has been removed Fixes #5166 Closes #5168
2020-03-29curl.h: remnove CURL_VERSION_ESNI. Never supported nor documentedDaniel Stenberg
Considered experimental and therefore we can do this. Closes #5157
2020-03-27version: add 'cainfo' and 'capath' to version info structDaniel Stenberg
Suggested-by: Timothe Litt URL: https://curl.haxx.se/mail/lib-2020-03/0090.html Reviewed-by: Jay Satiro Closes #5150
2020-03-26openssl: adapt to functions marked as deprecated since version 3Daniel Stenberg
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES functions we use. Fix the MD4 and SSL_CTX_load_verify_locations warnings. In configure, detect OpenSSL v3 and if so, inhibit the deprecation warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and until we rewrite the code to use non-deprecated functions we better ignore these warnings as they don't help us. Closes #5139
2020-03-24config: remove all defines of HAVE_DES_HDaniel Stenberg
As there's no code using it. Closes #5144
2020-03-24copyright: fix out-of-date copyright ranges and missing headersDaniel Stenberg
Reported by the new script 'scripts/copyright.pl'. The script has a regex whitelist for the files that don't need copyright headers. Removed three (mostly usesless) README files from docs/ Closes #5141
2020-03-22getinfo: provide CURLINFO_HEADER_SIZE and CURLINFO_REQUEST_SIZE overrideDaniel Stenberg
To let debug-builds return fake values, like in test 970. Ref: #5131 Closes #5136
2020-03-22CURLINFO_NUM_CONNECTS: improve accuracyDaniel Stenberg
The counter was not bumped in all cases correctly. Reported-by: Marcel Raad Ref: #5131 Closes #5135
2020-03-21lib/curl_setup: adjust the copyright year rangeDaniel Stenberg
Follow-up from d820224b8
2020-03-21curl_setup: define _WIN32_WINNT_[OS] symbolsJay Satiro
.. because not all Windows build systems have those symbols, and even those that do may be missing newer symbols (eg the Windows 7 SDK does not define _WIN32_WINNT_WIN10). Those symbols are used in build-time logic to decide which API to use and prior to this change if the symbols were missing it would have resulted in deprecated API being used when more recent functions were available (eg GetVersionEx used instead of VerifyVersionInfo). Reported-by: FuccDucc@users.noreply.github.com Probably fixes https://github.com/curl/curl/issues/4995 Closes https://github.com/curl/curl/pull/5057
2020-03-19secure transport: remove the BACKEND define kludgeDaniel Stenberg
Closes #5122
2020-03-19mbedtls: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19bearssl: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19wolfssl: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19nss: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19gnutls: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19openssl: remove the BACKEND define kludgeDaniel Stenberg
Use a proper variable instead to make it easier to use a debugger and read the code.
2020-03-18http2: Fix erroneous debug message that h2 connection closedJay Satiro
Prior to this change in libcurl debug builds http2 stream closure was erroneously referred to as connection closure. Before: * nread <= 0, server closed connection, bailing After: * nread == 0, stream closed, bailing Closes https://github.com/curl/curl/pull/5118
2020-03-18schannel: add "best effort" revocation check optionJohannes Schindelin
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
2020-03-18multi: Improve parameter check for curl_multi_remove_handleJay Satiro
- If an easy handle is owned by a multi different from the one specified then return CURLM_BAD_EASY_HANDLE. Prior to this change I assume user error could cause corruption. Closes https://github.com/curl/curl/pull/5116
2020-03-17windows: suppress UI in all CryptAcquireContext() callsViktor Szakats
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters Reviewed-by: Marc Hörsken Closes https://github.com/curl/curl/pull/5088
2020-03-17test 970: verify --write-out '%{json}'Daniel Stenberg
Makes curl_easy_getinfo() of "variable" numerical content instead return the number set in the env variable `CURL_TIME`. Makes curl_version() of "variable" textual content. This guarantees a stable version string which can be tested against. Environment variable `CURL_VERSION` defines the content. Assisted-by: Mathias Gumz
2020-03-17writeout: support to generate JSON outputMathias Gumz
This commit adds support to generate JSON via the writeout feature: -w "%{json}" It leverages the existing infrastructure as much as possible. Thus, generating the JSON on STDERR is possible by: -w "%{stderr}%{json}" This implements a variant of https://github.com/curl/curl/wiki/JSON#--write-out-json. Closes #4870
2020-03-16cmake: add support for building with wolfSSLDaniel Stenberg
My working build cmdline: $ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON . Assisted-by: Brad King Closes #5095
2020-03-16vtls: free ssl_config leftovers on out-of-memoryDaniel Stenberg
Torture testing 2034 and 2037 found this. Reported-by: Marc Hörsken Fixes #5108 Closes #5109
2020-03-15gskit: update the copyright year rangeDaniel Stenberg
Follow-up from 083603c63a3
2020-03-15gskit: use our internal select wrapper for portabilityMarc Hoersken
Follow up to c52b342 Closes #5106
2020-03-15transfer: cap retries of "dead connections" to 5Daniel Stenberg
When libcurl retries a connection due to it being "seemingly dead" or by REFUSED_STREAM, it will now only do it up five times before giving up, to avoid never-ending loops. Reported-by: Dima Tisnek Bug: https://curl.haxx.se/mail/lib-2020-03/0044.html Closes #5074
2020-03-15select: add 'timeout_ms' wrap-around precaution to Curl_selectMarc Hoersken
2020-03-15select: fix 'pending_ms' is assigned a value that is never usedMarc Hoersken
Detected by Codacy
2020-03-15select: move duplicate select preparation code into Curl_selectMarc Hoersken
Reviewed by Daniel Stenberg Reviewed by Marcel Raad Closes #5078
2020-03-15connect: happy eyeballs cleanupDaniel Stenberg
Make sure each separate index in connn->tempaddr[] is used for a fixed family (and only that family) during the connection process. If family one takes a long time and family two fails immediately, the previous logic could misbehave and retry the same family two address repeatedly. Reported-by: Paul Vixie Reported-by: Jay Satiro Fixes #5083 Fixes #4954 Closes #5089
2020-03-14Makefile.m32: Improve windres parameter compatibilityJay Satiro
- s/COFF/coff/ Some versions of windres do not recognize uppercase COFF as a valid way to specify the COFF output format. Reported-by: Steven Penny Fixes https://github.com/curl/curl/issues/5099 Closes https://github.com/curl/curl/pull/5101
2020-03-14easy: Fix curl_easy_duphandle for builds missing IPv6 that use c-aresJay Satiro
- Ignore CURLE_NOT_BUILT_IN errors returned by c-ares functions in curl_easy_duphandle. Prior to this change if c-ares was used as the resolver backend and either it was too old or libcurl was built without IPv6 support then some of our resolver functions could return CURLE_NOT_BUILT_IN to curl_easy_duphandle causing it to fail. Caused by c8f086b which shipped in 7.69.1. Reported-by: Karl Chen Fixes https://github.com/curl/curl/issues/5097 Closes https://github.com/curl/curl/pull/5100
2020-03-09sftp: fix segfault regression introduced by #4747Jim Fuller
This fix adds a defensive check for the case where the char *name in struct libssh2_knownhost is NULL Fixes #5041 Closes #5062
2020-03-08socks4: fix host resolve regressionDaniel Stenberg
1. The socks4 state machine was broken in the host resolving phase 2. The code now insists on IPv4-only when using SOCKS4 as the protocol only supports that. Regression from #4907 and 4a4b63d, shipped in 7.69.0 Reported-by: amishmm on github Bug: https://github.com/curl/curl/issues/5053#issuecomment-596191594 Closes #5061
2020-03-08cookie: get_top_domain() sets zero length for null domainsPatrick Monnerat
This silents a compilation warning with gcc -O3.
2020-03-08sha256: Added WinCrypt implementationSteve Holme
Closed #5030
2020-03-08sha256: Added SecureTransport implementationSteve Holme
2020-03-07mime: fix the binary encoder to handle large data properlyPatrick Monnerat
New test 666 checks this is effective. As upload buffer size is significant in this kind of tests, shorten it in similar test 652. Fixes #4860 Closes #4833 Reported-by: RuurdBeerstra on github
2020-03-07mime: do not perform more than one read in a rowPatrick Monnerat
Input buffer filling may delay the data sending if data reads are slow. To overcome this problem, file and callback data reads do not accumulate in buffer anymore. All other data (memory data and mime framing) are considered as fast and still concatenated in buffer. As this may highly impact performance in terms of data overhead, an early end of part data check is added to spare a read call. When encoding a part's data, an encoder may require more bytes than made available by a single read. In this case, the above rule does not apply and reads are performed until the encoder is able to deliver some data. Tests 643, 644, 645, 650 and 654 have been adapted to the output data changes, with test data size reduced to avoid the boredom of long lists of 1-byte chunks in verification data. New test 667 checks mimepost using single-byte read callback with encoder. New test 668 checks the end of part data early detection. Fixes #4826 Reported-by: MrdUkk on github
2020-03-07mime: latch last read callback status.Patrick Monnerat
In case a read callback returns a status (pause, abort, eof, error) instead of a byte count, drain the bytes read so far but remember this status for further processing. Takes care of not losing data when pausing, and properly resume a paused mime structure when requested. New tests 670-673 check unpausing cases, with easy or multi interface and mime or form api. Fixes #4813 Reported-by: MrdUkk on github
2020-03-07ares: store dns parameters for duphandleErnst Sjöstrand
With c-ares the dns parameters lives in ares_channel. Store them in the curl handle and set them again in easy_duphandle. Regression introduced in #3228 (6765e6d), shipped in curl 7.63.0. Fixes #4893 Closes #5020 Signed-off-by: Ernst Sjöstrand <ernst.sjostrand@verisure.com>