aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-09-21GnutTLS: TLS 1.3 supportLoganaden Velvindron
Closes #2971
2018-09-20vtls: fix ssl version "or later" behavior change for many backendsJay Satiro
- Treat CURL_SSLVERSION_MAX_NONE the same as CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use the minimum version also as the maximum. This is a follow-up to 6015cef which changed the behavior of setting the SSL version so that the requested version would only be the minimum and not the maximum. It appears it was (mostly) implemented in OpenSSL but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to mean use just TLS v1.0 and now it means use TLS v1.0 *or later*. - Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL. Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was erroneously treated as always TLS 1.3, and would cause an error if OpenSSL was built without TLS 1.3 support. Co-authored-by: Daniel Gustafsson Fixes https://github.com/curl/curl/issues/2969 Closes https://github.com/curl/curl/pull/3012
2018-09-19urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptanceDaniel Stenberg
In order for this API to fully work for libcurl itself, it now offers a CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host name prefix just like libcurl always did. If there's no known prefix, it will guess "http://". Separately, it relaxes the check of the host name so that IDN host names can be passed in as well. Both these changes are necessary for libcurl itself to use this API. Assisted-by: Daniel Gustafsson Closes #3018
2018-09-19nss: try to connect even if libnssckbi.so fails to loadKamil Dudka
One can still use CA certificates stored in NSS database. Reported-by: Maxime Legros Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html Closes #3016
2018-09-19urlapi: don't set value which is never readDaniel Gustafsson
In the CURLUPART_URL case, there is no codepath which invokes url decoding so remove the assignment of the urldecode variable. This fixes the deadstore bug-report from clang static analysis. Closes #3015 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-18curl_multi_wait: call getsock before figuring out timeoutDaniel Stenberg
.... since getsock may update the expiry timer. Fixes #2996 Closes #3000
2018-09-18darwinssl: Fix realloc memleakDaniel Gustafsson
The reallocation was using the input pointer for the return value, which leads to a memory leak on reallication failure. Fix by instead use the safe internal API call Curl_saferealloc(). Closes #3005 Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
2018-09-17memory: add missing curl_printf headerDaniel Gustafsson
ftp_send_command() was using vsnprintf() without including the libcurl *rintf() replacement header. Fix by including curl_printf.h and also add curl_memory.h while at it since memdebug.h depends on it. Closes #2999 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-16http: made Curl_add_buffer functions take a pointer-pointerDaniel Stenberg
... so that they can clear the original pointer on failure, which makes the error-paths and their cleanups easier. Closes #2992
2018-09-16http2: fix memory leaks on error-pathDaniel Stenberg
2018-09-14secure Openwall URLsViktor Szakats
2018-09-14openssl: show "proper" version number for libressl buildsDaniel Stenberg
Closes #2989
2018-09-14openssl: assume engine support in 0.9.8 or laterRainer Jung
Fixes #2983 Closes #2988
2018-09-13sendf: use failf() rather than Curl_failf()Daniel Gustafsson
The failf() macro is the name used for invoking Curl_failf(). While there isn't a way to turn off failf like there is for infof, but it's still a good idea to use the macro. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13sendf: Fix whitespace in infof/failf concatenationDaniel Gustafsson
Strings broken on multiple rows in the .c file need to have appropriate whitespace padding on either side of the concatenation point to render a correct amalgamated string. Fix by adding a space at the occurrences found. Closes #2986 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13krb5: fix memory leak in krb_authDaniel Gustafsson
The FTP command allocated by aprintf() must be freed after usage. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13ftp: include command in Curl_ftpsend sendbufferDaniel Gustafsson
Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed the actual command to be sent from the send buffer in a refactoring. Add back copying the command into the buffer. Also add more guards against malformed input while at it. Closes #2985 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13ntlm_wb: Fix memory leaks in ntlm_wb_responseDaniel Gustafsson
When erroring out on a request being too large, the existing buffer was leaked. Fix by explicitly freeing on the way out. Closes #2966 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-09-13vtls: add a MesaLink vtls backendYiming Jing
Closes #2984
2018-09-13configure.ac: add a MesaLink vtls backendYiming Jing
2018-09-12lib: fix gcc8 warning on WindowsViktor Szakats
Closes https://github.com/curl/curl/pull/2979
2018-09-12openssl: fix gcc8 warningJay Satiro
- Use memcpy instead of strncpy to copy a string without termination, since gcc8 warns about using strncpy to copy as many bytes from a string as its length. Suggested-by: Viktor Szakats Closes https://github.com/curl/curl/issues/2980
2018-09-10cookies: Move failure case label to end of functionDaniel Gustafsson
Rather than jumping backwards to where failure cleanup happens to be performed, move the failure case to end of the function where it is expected per existing coding convention. Closes #2965
2018-09-10misc: fix typos in commentsDaniel Gustafsson
Closes #2963
2018-09-10cookies: fix leak when writing cookies to fileDaniel Gustafsson
If the formatting fails, we error out on a fatal error and clean up on the way out. The array was however freed within the wrong scope and was thus never freed in case the cookies were written to a file instead of STDOUT. Closes #2957
2018-09-10cookies: Remove redundant expired checkDaniel Gustafsson
Expired cookies have already been purged at a later expiration time before this check, so remove the redundant check. closes #2962
2018-09-09ntlm_wb: bail out if the response gets overly largeDaniel Stenberg
Exit the realloc() loop if the response turns out ridiculously large to avoid worse problems. Reported-by: Harry Sintonen Closes #2959
2018-09-08url.c: fix comment typo and indentationDaniel Gustafsson
Closes #2960
2018-09-08urlapi: avoid derefencing a possible NULL pointerDaniel Stenberg
Coverity CID 1439134
2018-09-08URL-APIDaniel Stenberg
See header file and man pages for API. All documented API details work and are tested in the 1560 test case. Closes #2842
2018-09-07curl_easy_upkeep: removed 'conn' from the nameDaniel Stenberg
... including the associated option. Fixes #2951 Closes #2952
2018-09-07upkeep: add a connection upkeep API: curl_easy_conn_upkeep()Max Dymond
Add functionality so that protocols can do custom keepalive on their connections, when an external API function is called. Add docs for the new options in 7.62.0 Closes #1641
2018-09-07configure: add option to disable automatic OpenSSL config loadingPhilipp Waehnert
Sometimes it may be considered a security risk to load an external OpenSSL configuration automatically inside curl_global_init(). The configuration option --disable-ssl-auto-load-config disables this automatism. The Windows build scripts winbuild/Makefile.vs provide a corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean value. Setting neither of these options corresponds to the previous behavior loading the external OpenSSL configuration automatically. Fixes #2724 Closes #2791
2018-09-07doh: minor edits to please CoverityDaniel Stenberg
The gcc typecheck macros and coverity combined made it warn on the 2nd argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it. Coverity CID 1439115 and CID 1439114.
2018-09-07schannel: avoid switch-cases that go to default anywayDaniel Stenberg
SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of mingw and would require an ifdef otherwise. Reported-by: Thomas Glanzmann Approved-by: Marc Hörsken Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html Closes #2950
2018-09-06imap: change from "FETCH" to "UID FETCH"Nicklas Avén
... and add "MAILINDEX". As described in #2789, this is a suggested solution. Changing UID=xx to actually get mail with UID xx and add "MAILINDEX" to get a mail with a special index in the mail box (old behavior). So MAILINDEX=1 gives the first non deleted mail in the mail box. Fixes #2789 Closes #2815
2018-09-06CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer sizeDaniel Stenberg
This is step 3 of #2888. Fixes #2888 Closes #2896
2018-09-06DOH: add test case 1650 and 2100Daniel Stenberg
2018-09-06setopt: add CURLOPT_DOH_URLDaniel Stenberg
Closes #2668
2018-09-06ssl: deprecate CURLE_SSL_CACERT in favour of a unified error codeHan Han
Long live CURLE_PEER_FAILED_VERIFICATION
2018-09-06x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse certHan Han
CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509 does not allocate memory internally as its first argument is a pointer to the certificate structure. The same error code is also returned by Curl_verifyhost when its call to Curl_parseX509 fails so the change makes error handling more consistent.
2018-09-06openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuerHan Han
Failure to extract the issuer name from the server certificate should return a more specific error code like on other TLS backends.
2018-09-06schannel: unified error code handlingHan Han
Closes #2901
2018-09-06darwinssl: more specific and unified error codesHan Han
Closes #2901
2018-09-06CURLOPT_DNS_USE_GLOBAL_CACHE: deprecatedDaniel Stenberg
Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for deprecation and complete removal in six months. Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html Closes #2942
2018-09-05url: default to CURL_HTTP_VERSION_2TLS if built h2-enabledDaniel Stenberg
Closes #2709
2018-09-05multiplex: enable by defaultDaniel Stenberg
Starting 7.62.0, multiplexing is enabled by default in multi handles.
2018-09-05tests: add unit tests for url.cJim Fuller
Approved-by: Daniel Gustafsson Closes #2937
2018-09-05pipelining: deprecatedDaniel Stenberg
Transparently. The related curl_multi_setopt() options all still returns OK when pipelining is selected. To re-enable the support, the single line change in lib/multi.c needs to be reverted. See docs/DEPRECATE.md Closes #2705
2018-09-04Curl_getoff_all_pipelines: ignore unused return valuesDaniel Stenberg
Since scan-build would warn on the dead "Dead store/Dead increment"