aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-03-28http: Fix proxy connection reuse with basic-authIsaac Boukris
When using basic-auth, connections and proxy connections can be re-used with different Authorization headers since it does not authenticate the connection (like NTLM does). For instance, the below command should re-use the proxy connection, but it currently doesn't: curl -v -U alice:a -x http://localhost:8181 http://localhost/ --next -U bob:b -x http://localhost:8181 http://localhost/ This is a regression since refactoring of ConnectionExists() as part of: cb4e2be7c6d42ca0780f8e0a747cecf9ba45f151 Fix the above by removing the username and password compare when re-using proxy connection at proxy_info_matches(). However, this fix brings back another bug would make curl to re-print the old proxy-authorization header of previous proxy basic-auth connection because it wasn't cleared. For instance, in the below command the second request should fail if the proxy requires authentication, but would succeed after the above fix (and before aforementioned commit): curl -v -U alice:a -x http://localhost:8181 http://localhost/ --next -x http://localhost:8181 http://localhost/ Fix this by clearing conn->allocptr.proxyuserpwd after use unconditionally, same as we do for conn->allocptr.userpwd. Also fix test 540 to not expect digest auth header to be resent when connection is reused. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Closes https://github.com/curl/curl/pull/1350
2017-03-28openssl: exclude DSA code when OPENSSL_NO_DSA is definedJay Satiro
- Fix compile errors that occur in openssl.c when OpenSSL lib was built without DSA support. Bug: https://github.com/curl/curl/issues/1361 Reported-by: neheb@users.noreply.github.com
2017-03-28schannel: fix variable shadowing warningMarcel Raad
No need to redeclare the variable.
2017-03-27multi: fix MinGW-w64 compiler warningsMarcel Raad
error: conversion to 'long int' from 'time_t {aka long long int}' may alter its value [-Werror=conversion]
2017-03-26spelling fixesklemens
Closes #1356
2017-03-23openssl: fix comparison between signed and unsigned integer expressionsDaniel Stenberg
2017-03-23openssl: made the error table static constDan Fandrich
2017-03-23openssl: fall back on SSL_ERROR_* string when no error detailJay Satiro
- If SSL_get_error is called but no extended error detail is available then show that SSL_ERROR_* as a string. Prior to this change there was some inconsistency in that case: the SSL_ERROR_* code may or may not have been shown, or may have been shown as unknown even if it was known. Ref: https://github.com/curl/curl/issues/1300 Closes https://github.com/curl/curl/pull/1348
2017-03-21mbedtls: add support for CURLOPT_SSL_CTX_FUNCTIONAles Mlakar
Ref: https://curl.haxx.se/mail/lib-2017-02/0097.html Closes https://github.com/curl/curl/pull/1272
2017-03-21multi: fix streamclose() crash in debug modeDaniel Stenberg
The code would refer to the wrong data pointer. Only debug builds do this - for verbosity. Reported-by: zelinchen@users.noreply.github.com Fixes #1329
2017-03-18darwinssl: fix typo in variable namePalo Markovic
Broken a week ago in 6448f98. Closes https://github.com/curl/curl/pull/1337
2017-03-13Improve code readbilitySylvestre Ledru
... by removing the else branch after a return, break or continue. Closes #1310
2017-03-12url: add option CURLOPT_SUPPRESS_CONNECT_HEADERSDesmond O. Chang
- Add new option CURLOPT_SUPPRESS_CONNECT_HEADERS to allow suppressing proxy CONNECT response headers from the user callback functions CURLOPT_HEADERFUNCTION and CURLOPT_WRITEFUNCTION. - Add new tool option --suppress-connect-headers to expose CURLOPT_SUPPRESS_CONNECT_HEADERS and allow suppressing proxy CONNECT response headers from --dump-header and --include. Assisted-by: Jay Satiro Assisted-by: CarloCannas@users.noreply.github.com Closes https://github.com/curl/curl/pull/783
2017-03-11http_proxy: Ignore TE and CL in CONNECT 2xx responsesJay Satiro
A client MUST ignore any Content-Length or Transfer-Encoding header fields received in a successful response to CONNECT. "Successful" described as: 2xx (Successful). RFC 7231 4.3.6 Prior to this change such a case would cause an error. In some ways this bug appears to be a regression since c50b878. Prior to that libcurl may have appeared to function correctly in such cases by acting on those headers instead of causing an error. But that behavior was also incorrect. Bug: https://github.com/curl/curl/issues/1317 Reported-by: mkzero@users.noreply.github.com
2017-03-11mbedtls: fix typo in variable nameThomas Glanzmann
Broken a few days ago in 6448f98. Bug: https://curl.haxx.se/mail/lib-2017-03/0015.html
2017-03-11proxy: skip SSL initialization for closed connectionsMichael Kaufmann
This prevents a "Descriptor is not a socket" error for WinSSL. Reported-by: Antony74@users.noreply.github.com Reviewed-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1239
2017-03-11curl_easy_reset: Also reset the authentication stateMichael Kaufmann
Follow-up to 5278462 See https://github.com/curl/curl/issues/1095
2017-03-11authneg: clear auth.multi flag at http_doneIsaac Boukris
This flag is meant for the current request based on authentication state, once the request is done we can clear the flag. Also change auth.multi to auth.multipass for better readability. Fixes https://github.com/curl/curl/issues/1095 Closes https://github.com/curl/curl/pull/1326 Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Michael Kaufmann
2017-03-11url: don't compile detect_proxy if HTTP support is disabledDan Fandrich
2017-03-10openssl: add two /* FALLTHROUGH */ to satisfy coverityDaniel Stenberg
CID 1402159 and 1402158
2017-03-09polarssl: fixed compile errors introduced in 6448f98cDan Fandrich
2017-03-08openssl: unbreak the build after 6448f98c1857deDaniel Stenberg
Verified with OpenSSL 1.1.0e and OpenSSL master (1.1.1)
2017-03-08vtls: add options to specify range of enabled TLS versionsJozef Kralik
This commit introduces the CURL_SSLVERSION_MAX_* constants as well as the --tls-max option of the curl tool. Closes https://github.com/curl/curl/pull/1166
2017-03-07http2: Fix assertion error on redirect with CL=0Tatsuhiro Tsujikawa
This fixes assertion error which occurs when redirect is done with 0 length body via HTTP/2, and the easy handle is reused, but new connection is established due to hostname change: curl: http2.c:1572: ssize_t http2_recv(struct connectdata *, int, char *, size_t, CURLcode *): Assertion `httpc->drain_total >= data->state.drain' failed. To fix this bug, ensure that http2_handle_stream is called. Fixes #1286 Closes #1302
2017-03-07ares: Curl_resolver_wait_resolv: clear *entry first in functionDaniel Stenberg
2017-03-07ares: better error return on timeoutsDaniel Stenberg
Assisted-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2017-03/0009.html
2017-03-06URL: return error on malformed URLs with junk after port numberDaniel Stenberg
... because it causes confusion with users. Example URLs: "http://[127.0.0.1]:11211:80" which a lot of languages' URL parsers will parse and claim uses port number 80, while libcurl would use port number 11211. "http://user@example.com:80@localhost" which by the WHATWG URL spec will be treated to contain user name 'user@example.com' but according to RFC3986 is user name 'user' for the host 'example.com' and then port 80 is followed by "@localhost" Both these formats are now rejected, and verified so in test 1260. Reported-by: Orange Tsai
2017-03-06ares: return error at once if timed out before name resolve startsDaniel Stenberg
Pointed-out-by: Ray Satiro Bug: https://curl.haxx.se/mail/lib-2017-03/0004.html
2017-03-05CMake: Add DarwinSSL supportMichael Maltese
Assisted-by: Simon Warta <simon@kullo.net> Ref: https://github.com/curl/curl/pull/1228
2017-03-04fix potential use of uninitialized variablesAndrew Krieger
MSVC with LTCG detects this at warning level 4. Closes #1304
2017-03-03url: split off proxy init and parsing from create_connJay Satiro
Move the proxy parse/init into helper create_conn_helper_init_proxy to mitigate the chances some non-proxy code will be mistakenly added to it. Ref: https://github.com/curl/curl/issues/1274#issuecomment-281556510 Ref: https://github.com/curl/curl/pull/1293 Closes https://github.com/curl/curl/pull/1298
2017-03-03build: fix gcc7 implicit fallthrough warningsAlexis La Goutte
Mark intended fallthroughs with /* FALLTHROUGH */ so that gcc will know it's expected and won't warn on [-Wimplicit-fallthrough=]. Closes https://github.com/curl/curl/pull/1297
2017-03-02darwinssl: Warn that disabling host verify also disables SNIJDepooter
In DarwinSSL the SSLSetPeerDomainName function is used to enable both sending SNI and verifying the host. When host verification is disabled the function cannot be called, therefore SNI is disabled as well. Closes https://github.com/curl/curl/pull/1240
2017-02-28warnless: suppress compiler warningMarcel Raad
If size_t is 32 bits, MSVC warns: warning C4310: cast truncates constant value The warning is harmless as CURL_MASK_SCOFFT gets truncated to the maximum value of size_t.
2017-02-27digest_sspi: fix compilation warningMarcel Raad
MSVC complains: warning C4701: potentially uninitialized local variable 'output_token_len' used
2017-02-26cyassl: get library version string at runtimeJay Satiro
wolfSSL >= 3.6.0 supports getting its library version string at runtime.
2017-02-25url: fix unix-socket support for proxy-disabled buildsIsaac Boukris
Prior to this change if curl was built with Unix Socket support (--enable-unix-sockets) and without Proxy support (--disable-proxy) then unix socket options would erroneously be ignored. Regression introduced in: 0b8d682f81ee9acb763dd4c9ad805fe08d1227c0 Bug: https://github.com/curl/curl/issues/1274 Reported-by: mccormickt12@users.noreply.github.com Closes https://github.com/curl/curl/pull/1289
2017-02-26gopher: fixed detection of an error condition from Curl_urldecodeDan Fandrich
2017-02-25ftp: fixed a NULL pointer dereference on OOMDan Fandrich
2017-02-25ftp: removed an erroneous free in an OOM pathDan Fandrich
2017-02-25proxy: fixed a memory leak on OOMDan Fandrich
2017-02-23url: Default the CA proxy bundle location to CURL_CA_BUNDLEJay Satiro
If the compile-time CURL_CA_BUNDLE location is defined use it as the default value for the proxy CA bundle location, which is the same as what we already do for the regular CA bundle location. Ref: https://github.com/curl/curl/pull/1257
2017-02-23rand: added missing #ifdef HAVE_FCNTL_H around fcntl.h headerSergii Pylypenko
Closes #1285
2017-02-23formdata: check for EOF when reading from stdinDaniel Stenberg
Reported-by: shachaf@users.noreply.github.com Fixes #1281
2017-02-21urldata: include curl_sspi.h when Windows SSPI is enabledViktor Szakats
f77dabe broke builds in Windows using Windows SSPI but not Windows SSL. Bug: https://github.com/curl/curl/issues/1276 Reported-by: jveazey@users.noreply.github.com
2017-02-21url: Improve CURLOPT_PROXY_CAPATH error handlingJay Satiro
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option is not supported, which is the same as what we already do for CURLOPT_CAPATH. - Change the curl tool to handle CURLOPT_PROXY_CAPATH error CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the same as what we already do for CURLOPT_CAPATH. - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the respective CAPATH option is not supported by the SSL library. Ref: https://github.com/curl/curl/pull/1257
2017-02-21cyassl: fix typoJay Satiro
2017-02-21cookie: fix declaration of 'dup' shadows a global declarationDaniel Stenberg
2017-02-21TLS: make SSL_VERIFYSTATUS work againDaniel Stenberg
The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl and thus even if the status couldn't be verified, the connection would be allowed and the user would not be told about the failed verification. Regression since cb4e2be7c6d42ca CVE-2017-2629 Bug: https://curl.haxx.se/docs/adv_20170222.html Reported-by: Marcus Hoffmann
2017-02-21digest_sspi: Handle 'stale=TRUE' directive in HTTP digestJay Satiro
- If the server has provided another challenge use it as the replacement input token if stale=TRUE. Otherwise previous credentials have failed so return CURLE_LOGIN_DENIED. Prior to this change the stale directive was ignored and if another challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING. Ref: https://tools.ietf.org/html/rfc2617#page-10 Bug: https://github.com/curl/curl/issues/928 Reported-by: tarek112@users.noreply.github.com