aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-04-17libssh: Use new ECDSA key types to check known hostsAnderson Toshiyuki Sasaki
From libssh 0.9.0, ssh_key_type() returns different key types for ECDSA keys depending on the curve. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Fixes #5252 Closes #5253
2020-04-15copyright: bump the copyright year rangeDaniel Stenberg
2020-04-14mqtt: add new experimental protocolBjorn Stenberg
Closes #5173
2020-04-13cmake: add aliases so exported target names are available in treeNathaniel R. Lewis
Reviewed-by: Brad King Closes #5206
2020-04-13version: increase buffer space for ssl version outputDaniel Stenberg
To avoid it getting truncated, especially when several SSL backends are built-in. Reported-by: Gisle Vanem Fixes #5222 Closes #5226
2020-04-12schannel: Fix blocking timeout logicAndrew Kurushin
- Fix schannel_send for the case when no timeout was set. Prior to this change schannel would error if the socket was not ready to send data and no timeout was set. This commit is similar to parent commit 89dc6e0 which recently made the same change for SOCKS, for the same reason. Basically it was not well understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms but actually means no timeout. Fixes https://github.com/curl/curl/issues/5177 Closes https://github.com/curl/curl/pull/5221
2020-04-12socks: Fix blocking timeout logicJay Satiro
- Document in Curl_timeleft's comment block that returning 0 signals no timeout (ie there's infinite time left). - Fix SOCKS' Curl_blockread_all for the case when no timeout was set. Prior to this change if the timeout had a value of 0 and that was passed to SOCKET_READABLE it would return right away instead of blocking. That was likely because it was not well understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms but actually means no timeout. Ref: https://github.com/curl/curl/pull/5214#issuecomment-612512360 Closes https://github.com/curl/curl/pull/5220
2020-04-12gopher: check remaining time left during write busy loopMarc Hoersken
Prior to this change gopher's blocking code would block forever, ignoring any set timeout value. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Similar to #5220 and #5221 Closes #5214
2020-04-13gnutls: ensure TLS 1.3 when SRP isn't requestedDirkjan Bussink
When SRP is requested in the priority string, GnuTLS will disable support for TLS 1.3. Before this change, curl would always add +SRP to the priority list, effectively always disabling TLS 1.3 support. With this change, +SRP is only added to the priority list when SRP authentication is also requested. This also allows updating the error handling here to not have to retry without SRP. This is because SRP is only added when requested and in that case a retry is not needed. Closes #5223
2020-04-11Revert "file: on Windows, refuse paths that start with \\"Daniel Stenberg
This reverts commit 1b71bc532bde8621fd3260843f8197182a467ff2. Reminded-by: Chris Roberts Bug: https://curl.haxx.se/mail/archive-2020-04/0013.html Closes #5215
2020-04-11lib: fix conversion warnings for SOCKET_WRITABLE/READABLEJay Satiro
- If loss of data may occur converting a timediff_t to time_t and the time value is > TIME_T_MAX then treat it as TIME_T_MAX. This is a follow-up to 8843678 which removed the (time_t) typecast from the macros so that conversion warnings could be identified. Closes https://github.com/curl/curl/pull/5199
2020-04-09url: allow non-HTTPS altsvc-matching for debug buildsDaniel Stenberg
This is already partly supported but this part was missing. Reported-by: James Fuller Closes #5205
2020-04-08schannel: support .P12 or .PFX client certificatesGilles Vollant
Used with curl command line option like this: --cert <filename>:<password> --cert-type p12 Closes #5193
2020-04-08http: don't consider upload done if the request isn't completely sent offDaniel Stenberg
Fixes #4919 Closes #5197
2020-04-08http: allow Curl_add_buffer_send() to do a short first send by forceDaniel Stenberg
In a debug build, settting the environment variable "CURL_SMALLREQSEND" will make the first HTTP request send not send more bytes than the set amount, thus ending up verifying that the logic for handling a split HTTP request send works correctly.
2020-04-08connect: store connection info for QUIC connectionsDaniel Stenberg
Restores the --head functionality to the curl utility which extracts 'protocol' that is stored that way. Reported-by: James Fuller Fixes #5196 Closes #5198
2020-04-07select: remove typecast from SOCKET_WRITABLE/READABLE macrosDaniel Stenberg
So that they don't hide conversions-by-mistake Reviewed-by: Jay Satiro Closes #5190
2020-04-06cleanup: correct copyright year range on a few filesDaniel Stenberg
2020-04-06warnless: remove code block for icc that didn't workDaniel Stenberg
Reported-by: Alain Miniussi Fixes #5096
2020-04-06dist: add missing setup-win32.hMarc Hoersken
Follow up to d820224b8b
2020-04-05lib: never define CURL_CA_BUNDLE with a getenvDaniel Stenberg
- it breaks the build (since 6de756c9b1de34b7a1) - it's not documented and not consistent across platforms - the curl tool does that getenv magic Bug: https://github.com/curl/curl/commit/6de756c#r38127030 Reported-by: Gisle Vanem Closes #5187
2020-04-05CURLINFO_CONDITION_UNMET: return true for 304 http status codeKwon-Young Choi
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the output file if the server did not transfered a file based on time condition. In the same manner, getting a 304 HTTP response back from the server, for example after passing a custom If-Match-* header, also fulfill this condition. Fixes #5181 Closes #5183
2020-04-04windows: enable UnixSockets with all build toolchainsViktor Szakats
Extend existing unix socket support in Windows builds to be enabled for all toolchain vendors or versions. (Previously it was only supported with certain MSVC versions + more recent Windows 10 SDKs) Ref: https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/ Ref: https://github.com/curl/curl/issues/5162 Closes: https://github.com/curl/curl/pull/5170
2020-03-31vquic/ngtcp2.h: update copyright year rangeDaniel Stenberg
Follow-up to 0736ee73d346a52
2020-03-31vquic: add support for GnuTLS backend of ngtcp2Daiki Ueno
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile time. Therefore OpenSSL support needs to be explicitly disabled. Signed-off-by: Daiki Ueno <dueno@redhat.com> Closes #5148
2020-03-31misc: copyright year updatesDaniel Stenberg
Follow-up to 7a71965e9
2020-03-31build: fixed build for systems with select() in unistd.hHarry Sintonen
Closes #5169
2020-03-31memdebug: don't log free(NULL)Daniel Stenberg
... it serves no purpose and fills up the log.
2020-03-30cleanup: insert newline after if() conditionsDaniel Stenberg
Our code style mandates we put the conditional block on a separate line. These mistakes are now detected by the updated checksrc.
2020-03-30checksrc: warn on obvious conditional blocks on the same line as if()Daniel Stenberg
Closes #5164
2020-03-30ngtcp2: update to git master for the key installation API changeDaiki Ueno
This updates the ngtcp2 OpenSSL backend to follow the API change in commit 32e703164 of ngtcp2. Notable changes are: - ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace ngtcp2_crypto_derive_and_install_key - the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key has been removed Fixes #5166 Closes #5168
2020-03-29curl.h: remnove CURL_VERSION_ESNI. Never supported nor documentedDaniel Stenberg
Considered experimental and therefore we can do this. Closes #5157
2020-03-27version: add 'cainfo' and 'capath' to version info structDaniel Stenberg
Suggested-by: Timothe Litt URL: https://curl.haxx.se/mail/lib-2020-03/0090.html Reviewed-by: Jay Satiro Closes #5150
2020-03-26openssl: adapt to functions marked as deprecated since version 3Daniel Stenberg
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES functions we use. Fix the MD4 and SSL_CTX_load_verify_locations warnings. In configure, detect OpenSSL v3 and if so, inhibit the deprecation warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and until we rewrite the code to use non-deprecated functions we better ignore these warnings as they don't help us. Closes #5139
2020-03-24config: remove all defines of HAVE_DES_HDaniel Stenberg
As there's no code using it. Closes #5144
2020-03-24copyright: fix out-of-date copyright ranges and missing headersDaniel Stenberg
Reported by the new script 'scripts/copyright.pl'. The script has a regex whitelist for the files that don't need copyright headers. Removed three (mostly usesless) README files from docs/ Closes #5141
2020-03-22getinfo: provide CURLINFO_HEADER_SIZE and CURLINFO_REQUEST_SIZE overrideDaniel Stenberg
To let debug-builds return fake values, like in test 970. Ref: #5131 Closes #5136
2020-03-22CURLINFO_NUM_CONNECTS: improve accuracyDaniel Stenberg
The counter was not bumped in all cases correctly. Reported-by: Marcel Raad Ref: #5131 Closes #5135
2020-03-21lib/curl_setup: adjust the copyright year rangeDaniel Stenberg
Follow-up from d820224b8
2020-03-21curl_setup: define _WIN32_WINNT_[OS] symbolsJay Satiro
.. because not all Windows build systems have those symbols, and even those that do may be missing newer symbols (eg the Windows 7 SDK does not define _WIN32_WINNT_WIN10). Those symbols are used in build-time logic to decide which API to use and prior to this change if the symbols were missing it would have resulted in deprecated API being used when more recent functions were available (eg GetVersionEx used instead of VerifyVersionInfo). Reported-by: FuccDucc@users.noreply.github.com Probably fixes https://github.com/curl/curl/issues/4995 Closes https://github.com/curl/curl/pull/5057
2020-03-19secure transport: remove the BACKEND define kludgeDaniel Stenberg
Closes #5122
2020-03-19mbedtls: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19bearssl: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19wolfssl: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19nss: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19gnutls: remove the BACKEND define kludgeDaniel Stenberg
2020-03-19openssl: remove the BACKEND define kludgeDaniel Stenberg
Use a proper variable instead to make it easier to use a debugger and read the code.
2020-03-18http2: Fix erroneous debug message that h2 connection closedJay Satiro
Prior to this change in libcurl debug builds http2 stream closure was erroneously referred to as connection closure. Before: * nread <= 0, server closed connection, bailing After: * nread == 0, stream closed, bailing Closes https://github.com/curl/curl/pull/5118
2020-03-18schannel: add "best effort" revocation check optionJohannes Schindelin
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
2020-03-18multi: Improve parameter check for curl_multi_remove_handleJay Satiro
- If an easy handle is owned by a multi different from the one specified then return CURLM_BAD_EASY_HANDLE. Prior to this change I assume user error could cause corruption. Closes https://github.com/curl/curl/pull/5116