aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-04-28mbedtls: Fix session resumeJay Satiro
This also fixes PolarSSL session resume. Prior to this change the TLS session information wasn't properly saved and restored for PolarSSL and mbedTLS. Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html Reported-by: Thomas Glanzmann Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html Reported-by: Moti Avrahami
2016-04-26openssl: avoid BN_print a NULL bignumDaniel Stenberg
OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those numbers so make sure the function handles this. Reported-by: Linus Nordberg
2016-04-26CONNECT_ONLY: don't close connection on GSS 401/407 reponsesMarcel Raad
Previously, connections were closed immediately before the user had a chance to extract the socket when the proxy required Negotiate authentication. This regression was brought in with the security fix in commit 79b9d5f1a42578f Closes #655
2016-04-26mbedtls.c: silly spellfix of a commentDaniel Stenberg
2016-04-25multi: accidentally used resolved host name instead of proxyDaniel Stenberg
Regression introduced in 09b5a998 Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html Reported-by: BoBo
2016-04-25url.c: fixed DEBUGASSERT() for WinSock workaroundKarlson2k
If buffer is allocated, but nothing is received during prereceive stage, than number of processed bytes must be zero. Closes #778
2016-04-24PolarSSL: Implement public key pinningmoparisthebest
2016-04-21openssl: builds with OpenSSL 1.1.0-pre5Daniel Stenberg
The RSA, DSA and DH structs are now opaque and require use of new APIs Fixes #763
2016-04-20url.c: Prefer we don't use explicit NULLs in conditionsSteve Holme
Fixed commit fa5fa65a30 to not use NULLs in if condition.
2016-04-20NTLM: check for NULL pointer before deferencingIsaac Boukris
At ConnectionExists, both check->proxyuser and check->proxypasswd could be NULL, so make sure to check first. Fixes #765
2016-04-20sendf.c: added ability to call recv() before send() as workaroundKarlson2k
WinSock destroys recv() buffer if send() is failed. As result - server response may be lost if server sent it while curl is still sending request. This behavior noticeable on HTTP server short replies if libcurl use several send() for request (usually for POST request). To workaround this problem, libcurl use recv() before every send() and keeps received data in intermediate buffer for further processing. Fixes: #657 Closes: #668
2016-04-19connect: make sure that rc is initialized in singleipconnect()Kamil Dudka
This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13: Error: CLANG_WARNING: lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value 1118| } 1119| 1120|-> if(-1 == rc) 1121| error = SOCKERRNO; 1122| }
2016-04-19lib/checksrc.whitelist: not needed anymoreDaniel Stenberg
... as checksrc now skips comments
2016-04-19vtls.h: remove a space before semicolonDaniel Stenberg
... that the new checksrc detected
2016-04-19darwinssl: removed commented out codeDaniel Stenberg
2016-04-19http_chunks: removed checksrc disableDaniel Stenberg
... since checksrc now skips comments
2016-04-19imap: inlined checksrc disable instead of whitelist editDaniel Stenberg
2016-04-19checksrc: taught to skip commentsDaniel Stenberg
... but output non-stripped version of the line, even if that then can make the script identify the wrong position in the line at times. Showing the line stripped (ie without comments) is just too surprising.
2016-04-18connect: implement TCP Fast Open for LinuxAlessandro Ghedini
Closes #660
2016-04-18connect: implement TCP Fast Open for OS XAlessandro Ghedini
2016-04-18url: add CURLOPT_TCP_FASTOPEN optionAlessandro Ghedini
2016-04-18checksrc: pass on -D so the whitelists are found correctlyDaniel Stenberg
2016-04-18includes: avoid duplicate memory callback typdefs even harderDaniel Stenberg
2016-04-18checksrc/makefile.am: use $top_srcdir to find source filesDaniel Stenberg
... to properly support out of source tree builds.
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-12http2: Use size_t type for data drain countJay Satiro
Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Improve header parsingJay Satiro
- Error if a header line is larger than supported. - Warn if cumulative header line length may be larger than supported. - Allow spaces when parsing the path component. - Make sure each header line ends in \r\n. This fixes an out of bounds. - Disallow header continuation lines until we decide what to do. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Add Curl_http2_strerror for HTTP/2 error codesJay Satiro
Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Don't increment drain when one header field is receivedTatsuhiro Tsujikawa
Sicne we write header field in temporary location, not in the memory that upper layer provides, incrementing drain should not happen. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Ensure that http2_handle_stream_close is calledTatsuhiro Tsujikawa
This commit ensures that streams which was closed in on_stream_close callback gets passed to http2_handle_stream_close. Previously, this might not happen. To achieve this, we increment drain property to forcibly call recv function for that stream. To more accurately check that we have no pending event before shutting down HTTP/2 session, we sum up drain property into http_conn.drain_total. We only shutdown session if that value is 0. With this commit, when stream was closed before reading response header fields, error code CURLE_HTTP2_STREAM is returned even if HTTP/2 level error is NO_ERROR. This signals the upper layer that stream was closed by error just like TCP connection close in HTTP/1. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Process paused data first before tear down http2 sessionTatsuhiro Tsujikawa
This commit ensures that data from network are processed before HTTP/2 session is terminated. This is achieved by pausing nghttp2 whenever different stream than current easy handle receives data. This commit also fixes the bug that sometimes processing hangs when multiple HTTP/2 streams are multiplexed. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Check session closure early in http2_recvTatsuhiro Tsujikawa
Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Add handling stream level errorTatsuhiro Tsujikawa
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR by RST_STREAM, underlying TCP connection was dropped. This is undesirable since there may be other streams multiplexed and they are very much fine. This change introduce new error code CURLE_HTTP2_STREAM, which indicates stream error that only affects the relevant stream, and connection should be kept open. The existing CURLE_HTTP2 means connection error in general. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: drain the socket better...Daniel Stenberg
... but ignore EAGAIN if the stream has ended so that we don't end up in a loop. This is a follow-up to c8ab613 in order to avoid the problem d261652 was made to fix. Reported-by: Jay Satiro Clues-provided-by: Tatsuhiro Tsujikawa Discussed in #750
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-09urldata: Use bool for socks5_gssapi_nec as it is a flagSteve Holme
This value is set to TRUE or FALSE so should be a bool and not a long.
2016-04-09url: Ternary operator code style changesSteve Holme
2016-04-09sasl: Fixed compilation errors from commit 9d89a0387Steve Holme
...when GSS-API or Windows SSPI are not used.
2016-04-09url: Corrected comments following 9d89a0387Steve Holme
2016-04-08Makefile: Fixed echo of checksrc checkSteve Holme
2016-04-08checksrc: Fix issue with the autobuilds not picking up the whitelistSteve Holme
2016-04-08checksrc: Added missing vauth and vtls directoriesSteve Holme
2016-04-08ftp/imap/pop3/smtp: Allow the service name to be overriddenSteve Holme
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5 authentication in FTP, IMAP, POP3 and SMTP.
2016-04-08http_negotiate: Calculate service name and proxy service name locallySteve Holme
Calculate the service name and proxy service names locally, rather than in url.c which will allow for us to support overriding the service name for other protocols such as FTP, IMAP, POP3 and SMTP.
2016-04-07mbedtls: fix MBEDTLS_DEBUG buildsDamien Vielpeau
2016-04-07mbedtls: implement and provide *_data_pending()Daniel Stenberg
... as otherwise we might get stuck thinking there's no more data to handle. Reported-by: Damien Vielpeau Fixes #737
2016-04-07mbedtls: follow-up for the previous commitDaniel Stenberg
2016-04-07mbedtls.c: name space pollution fix, Use 'Curl_'Daniel Stenberg
2016-04-07mbedtls.c: changed private prefix to mbed_Daniel Stenberg
mbedtls_ is the prefix used by the mbedTLS library itself so we should avoid using that for our private functions.
2016-04-07mbedtls.h: fix compiler warningsDaniel Stenberg