aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2018-07-11schannel: fix MinGW compile breakMarcel Raad
Original MinGW's w32api has a sytax error in its definition of CALG_TLS1PRF [0]. Don't use original MinGW w32api's CALG_TLS1PRF until this bug [1] is fixed. [0] https://osdn.net/projects/mingw/scm/git/mingw-org-wsl/blobs/d1d4a17e51a2b78e252ef0147d483267d56c90cc/w32api/include/wincrypt.h [1] https://osdn.net/projects/mingw/ticket/38391 Fixes https://github.com/curl/curl/pull/2721#issuecomment-403636043 Closes https://github.com/curl/curl/pull/2728
2018-07-09lib/curl_setup.h: remove unicode characterJay Satiro
Follow-up to 82ce416. Ref: https://github.com/curl/curl/commit/8272ec5#commitcomment-29646818
2018-07-09lib/curl_setup.h: remove unicode bom from 8272ec50f02Daniel Stenberg
2018-07-09schannel: fix -Wsign-compare warningMarcel Raad
MinGW warns: /lib/vtls/schannel.c:219:64: warning: signed and unsigned type in conditional expression [-Wsign-compare] Fix this by casting the ptrdiff_t to size_t as we know it's positive. Closes https://github.com/curl/curl/pull/2721
2018-07-09schannel: workaround for wrong function signature in w32apiMarcel Raad
Original MinGW's w32api has CryptHashData's second parameter as BYTE * instead of const BYTE *. Closes https://github.com/curl/curl/pull/2721
2018-07-09schannel: make more cipher options conditionalMarcel Raad
They are not defined in the original MinGW's <wincrypt.h>. Closes https://github.com/curl/curl/pull/2721
2018-07-09curl_setup: include <winerror.h> before <windows.h>Marcel Raad
Otherwise, only part of it gets pulled in through <windows.h> on original MinGW. Fixes https://github.com/curl/curl/issues/2361 Closes https://github.com/curl/curl/pull/2721
2018-07-09smtp: use the upload buffer size for scratch buffer mallocDaniel Stenberg
... not the read buffer size, as that can be set smaller and thus cause a buffer overflow! CVE-2018-0500 Reported-by: Peter Wu Bug: https://curl.haxx.se/docs/adv_2018-70a2.html
2018-07-06darwinssl: allow High Sierra users to build the code using GCCNick Zitzmann
...but GCC users lose out on TLS 1.3 support, since we can't weak-link enumeration constants. Fixes #2656 Closes #2703
2018-07-06libssh: goto DISCONNECT state on error, not SSH_SESSION_FREEDaniel Stenberg
... because otherwise not everything get closed down correctly. Fixes #2708 Closes #2712
2018-07-06libssh: include line number in state change debug messagesDaniel Stenberg
Closes #2713
2018-07-01telnet: fix clang warningsGisle Vanem
telnet.c(1401,28): warning: cast from function call of type 'int' to non-matching type 'HANDLE' (aka 'void *') [-Wbad-function-cast] Fixes #2696 Closes #2700
2018-06-29openssl: Remove some dead codeGaurav Malhotra
Closes #2698
2018-06-29openssl: make the requested TLS version the *minimum* wantedDaniel Stenberg
The code treated the set version as the *exact* version to require in the TLS handshake, which is not what other TLS backends do and probably not what most people expect either. Reported-by: Andreas Olsson Assisted-by: Gaurav Malhotra Fixes #2691 Closes #2694
2018-06-29openssl: allow TLS 1.3 by defaultDaniel Stenberg
Reported-by: Andreas Olsson Fixes #2692 Closes #2693
2018-06-27getnameinfo: not usedDaniel Stenberg
Closes #2687
2018-06-27easy_perform: use *multi_timeout() to get wait timesDaniel Stenberg
... and trim the threaded Curl_resolver_getsock() to return zero millisecond wait times during the first three milliseconds so that localhost or names in the OS resolver cache gets detected and used faster. Closes #2685
2018-06-25url: check Curl_conncache_add_conn return codeDaniel Stenberg
... it was previously unchecked in two places and thus errors could remain undetected and cause trouble. Closes #2681
2018-06-23netrc: use a larger bufferDaniel Stenberg
... to work with longer passwords etc. Grow it from a 256 to a 4096 bytes buffer. Reported-by: Dario Nieuwenhuis Fixes #2676 Closes #2680
2018-06-23multi: fix crash due to dangling entry in connect-pending listJavier Blazquez
Fixes #2677 Closes #2679
2018-06-22ConnectionExists: make sure conn->data is set when "taking" a connectionDaniel Stenberg
Follow-up to 2c15693. Bug #2674 Closes #2675
2018-06-21cmake: allow multiple SSL backendsRaphael Gozzo
This will make possible to select the SSL backend (using curl_global_sslset()) even when the libcurl is built using CMake Closes #2665
2018-06-21url: fix dangling conn->data pointerDaniel Stenberg
By masking sure to use the *current* easy handle with extracted connections from the cache, and make sure to NULLify the ->data pointer when the connection is put into the cache to make this mistake easier to detect in the future. Reported-by: Will Dietz Fixes #2669 Closes #2672
2018-06-16multi: fix memory leak when stopped during name resolveDaniel Stenberg
When the application just started the transfer and then stops it while the name resolve in the background thread hasn't completed, we need to wait for the resolve to complete and then cleanup data accordingly. Enabled test 1553 again and added test 1590 to also check when the host name resolves successfully. Detected by OSS-fuzz. Closes #1968
2018-06-14mk-ca-bundle.pl: make -u delete certdata.txt if found not changedMatteo Bignotti
certdata.txt should be deleted also when the process is interrupted by "same certificate downloaded, exiting" The certdata.txt is currently kept on disk even if you give the -u option Closes #2655
2018-06-13progress: remove a set of unused definesDaniel Stenberg
Reported-by: Peter Wu Closes #2654
2018-06-13Curl_init_do: handle NULL connection pointer passed inLyman Epp
Closes #2653
2018-06-12Curl_debug: remove dead printhost codeDaniel Stenberg
The struct field is never set (since 5e0d9aea3) so remove the use of it and remove the connectdata pointer from the prototype. Reported-by: Tejas Bug: https://curl.haxx.se/mail/lib-2018-06/0054.html Closes #2647
2018-06-12schannel: avoid incompatible pointer warningViktor Szakats
with clang-6.0: ``` vtls/schannel_verify.c: In function 'add_certs_to_store': vtls/schannel_verify.c:212:30: warning: passing argument 11 of 'CryptQueryObject' from incompatible pointer type [-Wincompatible-pointer-types] &cert_context)) { ^ In file included from /usr/share/mingw-w64/include/schannel.h:10:0, from /usr/share/mingw-w64/include/schnlsp.h:9, from vtls/schannel.h:29, from vtls/schannel_verify.c:40: /usr/share/mingw-w64/include/wincrypt.h:4437:26: note: expected 'const void **' but argument is of type 'CERT_CONTEXT ** {aka struct _CERT_CONTEXT **}' WINIMPM WINBOOL WINAPI CryptQueryObject (DWORD dwObjectType, const void *pvObject, DWORD dwExpectedContentTypeFlags, DWORD dwExpectedFormatTypeFlags, DWORD dwFlags, ^~~~~~~~~~~~~~~~ ``` Ref: https://msdn.microsoft.com/library/windows/desktop/aa380264 Closes https://github.com/curl/curl/pull/2648
2018-06-12schannel: support selecting ciphersRobert Prag
Given the contstraints of SChannel, I'm exposing these as the algorithms themselves instead; while replicating the ciphersuite as specified by OpenSSL would have been preferable, I found no way in the SChannel API to do so. To use this from the commandline, you need to pass the names of contants defining the desired algorithms. For example, curl --ciphers "CALG_SHA1:CALG_RSA_SIGN:CALG_RSA_KEYX:CALG_AES_128:CALG_DH_EPHEM" https://github.com The specific names come from wincrypt.h Closes #2630
2018-06-11cppcheck: fix warningsMarian Klymov
- Get rid of variable that was generating false positive warning (unitialized) - Fix issues in tests - Reduce scope of several variables all over etc Closes #2631
2018-06-11openssl: assume engine support in 1.0.1 or laterDaniel Stenberg
Previously it was checked for in configure/cmake, but that would then leave other build systems built without engine support. While engine support probably existed prior to 1.0.1, I decided to play safe. If someone experience a problem with this, we can widen the version check. Fixes #2641 Closes #2644
2018-06-08boringssl + schannel: undef X509_NAME in lib/schannel.hGisle Vanem
Fixes the build problem when both boringssl and schannel are enabled. Fixes #2634 Closes #2643
2018-06-08mk-ca-bundle.pl: leave certificate name untouched in decode()Vladimir Kotal
Closes #2640
2018-06-03spelling fixesViktor Szakats
Detected using the `codespell` tool (version 1.13.0). Also secure and fix an URL.
2018-06-02axtls: follow-up spell fix of commentDaniel Stenberg
2018-06-02axTLS: not considered fit for useDaniel Stenberg
URL: https://curl.haxx.se/mail/lib-2018-06/0000.html This is step one. It adds #error statements that require source edits to make curl build again if asked to use axTLS. At a later stage we might remove the axTLS specific code completely. Closes #2628
2018-06-02build: remove the Borland specific makefilesDaniel Stenberg
According to the user survey 2018, not even one out of 670 users use them. Nobody on the mailing list spoke up for them either. Closes #2629
2018-06-01curl_addrinfo: use same #ifdef conditions in source as headerDaniel Stenberg
... for curl_dofreeaddrinfo
2018-06-01multi: remove a DEBUGF()Daniel Stenberg
... it might call infof() with a NULL first argument that isn't harmful but makes it not do anything. The infof() line is not very useful anymore, it has served it purpose. Good riddance! Fixes #2627
2018-06-01CURLOPT_RESOLVE: always purge old entry firstAlibek.Jorajev
If there's an existing entry using the selected name. Closes #2622
2018-06-01fnmatch: use the system one if availableDaniel Stenberg
If configure detects fnmatch to be available, use that instead of our custom one for FTP wildcard pattern matching. For standard compliance, to reduce our footprint and to use already well tested and well exercised code. A POSIX fnmatch behaves slightly different than the internal function for a few test patterns currently and the macOS one yet slightly different. Test case 1307 is adjusted for these differences. Closes #2626
2018-05-31configure: check for declaration of getpwuid_rBernhard Walle
On our x86 Android toolchain, getpwuid_r is implemented but the header is missing: netrc.c:81:7: error: implicit declaration of function 'getpwuid_r' [-Werror=implicit-function-declaration] Unfortunately, the function is used in curl_ntlm_wb.c, too, so I moved the prototype to curl_setup.h. Signed-off-by: Bernhard Walle <bernhard@bwalle.de> Closes #2609
2018-05-31strictness: correct {infof, failf} format specifiersRikard Falkeborn
Closes #2623
2018-05-31option: disallow username in URLBjörn Stenberg
Adds CURLOPT_DISALLOW_USERNAME_IN_URL and --disallow-username-in-url. Makes libcurl reject URLs with a username in them. Closes #2340
2018-05-29setopt: add TLS 1.3 ciphersuitesDaniel Stenberg
Adds CURLOPT_TLS13_CIPHERS and CURLOPT_PROXY_TLS13_CIPHERS. curl: added --tls13-ciphers and --proxy-tls13-ciphers Fixes #2435 Reported-by: zzq1015 on github Closes #2607
2018-05-28fnmatch: insist on escaped bracket to matchDaniel Stenberg
A non-escaped bracket ([) is for a character group - as documented. It will *not* match an individual bracket anymore. Test case 1307 updated accordingly to match. Problem detected by OSS-Fuzz, although this fix is probably not a final fix for the notorious timeout issues. Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=8525 Closes #2614
2018-05-28psl: use latest psl and refresh it periodicallyPatrick Monnerat
The latest psl is cached in the multi or share handle. It is refreshed before use after 72 hours. New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing. If the latest psl is not available, the builtin psl is used. Reported-by: Yaakov Selkowitz Fixes #2553 Closes #2601
2018-05-28cmake: check for getpwuid_rBernhard Walle
The autotools-based build system does it, so we do it also in CMake. Bug: #2609 Signed-off-by: Bernhard Walle <bernhard@bwalle.de>
2018-05-27schannel: add failf calls for client certificate failuresralcock
Closes #2604