aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-10-17cookies: Add support for Mozilla's Publix Suffix ListTim Rühsen
Use libpsl to check the domain value of Set-Cookie headers (and cookie jar entries) for not being a Publix Suffix. The configure script checks for "libpsl" by default. Disable the check with --without-libpsl. Ref: https://publicsuffix.org/ Ref: https://github.com/publicsuffix/list Ref: https://github.com/rockdaboot/libpsl
2015-10-16http2: Don't pass unitialized name+len pairs to nghttp2_submit_requestAnders Bakken
bug introduced by 18691642931e5c7ac8af83ac3a84fbcb36000f96. Closes #493
2015-10-16multi: fix off-by-one finit[] array sizeDaniel Stenberg
introduced in c6aedf680f6. It needs to be CURLM_STATE_LAST big since it must hande the range 0 .. CURLM_STATE_MSGSENT (18) and CURLM_STATE_LAST is 19 right now. Reported-by: Dan Fandrich Bug: http://curl.haxx.se/mail/lib-2015-10/0069.html
2015-10-15fread_func: move callback pointer from set to state structDaniel Stenberg
... and assign it from the set.fread_func_set pointer in the Curl_init_CONNECT function. This A) avoids that we have code that assigns fields in the 'set' struct (which we always knew was bad) and more importantly B) it makes it impossibly to accidentally leave the wrong value for when the handle is re-used etc. Introducing a state-init functionality in multi.c, so that we can set a specific function to get called when we enter a state. The Curl_init_CONNECT is thus called when switching to the CONNECT state. Bug: https://github.com/bagder/curl/issues/346 Closes #346
2015-10-11openssl: Fix set up of pkcs12 certificate verification chainErik Johansson
sk_X509_pop will decrease the size of the stack which means that the loop would end after having added only half of the certificates. Also make sure that the X509 certificate is freed in case SSL_CTX_add_extra_chain_cert fails.
2015-10-09ntlm: error out without 64bit support as the code needs itDaniel Stenberg
It makes it a clearer message for developers reaching that point without the necessary support. Thanks-by: Jay Satiro Closes #78
2015-10-09curl_global_init: set the memory function pointers correctDaniel Stenberg
follow-up from 6f8ecea0
2015-10-09curl_global_init_mem: set function pointers before doing initDaniel Stenberg
... as in the polarssl TLS backend for example it uses memory functions.
2015-10-09http2: Fix http2_recv to return -1 if recv returned -1Jay Satiro
If the underlying recv called by http2_recv returns -1 then that is the value http2_recv returns to the caller.
2015-10-08ntlm: get rid of unconditional use of long longDaniel Stenberg
... since some compilers don't have it and instead use other types, such as __int64. Reported by: gkinseyhpw Closes #478
2015-10-08des: Fix header conditional for Curl_des_set_odd_parityAnders Bakken
Follow up to 613e502.
2015-10-04getinfo: Fix return code for unknown CURLINFO optionsJay Satiro
- If a CURLINFO option is unknown return CURLE_UNKNOWN_OPTION. Prior to this change CURLE_BAD_FUNCTION_ARGUMENT was returned on unknown. That return value is contradicted by the CURLINFO option documentation which specifies a return of CURLE_UNKNOWN_OPTION on unknown.
2015-10-01gopher: don't send NUL byteOrange Tsai
Closes #466
2015-09-30win32: make recent Borland compilers use long longThorsten Schöning
2015-09-28openssl: Fix algorithm initMichael Kalinin
- Change algorithm init to happen after OpenSSL config load. Additional algorithms may be available due to the user's config so we initialize the algorithms after the user's config is loaded. Bug: https://github.com/bagder/curl/issues/447 Reported-by: Denis Feklushkin
2015-09-27http2: set TCP_NODELAY unconditionallyDaniel Stenberg
For a single-stream download from localhost, we managed to increase transfer speed from 1.6MB/sec to around 400MB/sec, mostly because of this single fix.
2015-09-27http2: avoid superfluous Curl_expire() callsDaniel Stenberg
... only call it when there is data arriving for another handle than the one that is currently driving it. Improves single-stream download performance quite a lot. Thanks-to: Tatsuhiro Tsujikawa Bug: http://curl.haxx.se/mail/lib-2015-09/0097.html
2015-09-27readwrite_data: set a max number of loopsDaniel Stenberg
... as otherwise a really fast pipe can "lock" one transfer for some protocols, like with HTTP/2.
2015-09-26FTP: fix uploading ASCII with unknown sizeDaniel Stenberg
... don't try to increase the supposed file size on newlines if we don't know what file size it is! Patch-by: lzsiga
2015-09-26build: fix failures with -Wcast-align and -WerrorTatsuhiro Tsujikawa
Closes #457
2015-09-23gnutls: Report actual GnuTLS error message for certificate errorsMike Crowe
If GnuTLS fails to read the certificate then include whatever reason it provides in the failure message reported to the client. Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22gnutls: Support CURLOPT_KEYPASSWDMike Crowe
The gnutls vtls back-end was previously ignoring any password set via CURLOPT_KEYPASSWD. Presumably this was because gnutls_certificate_set_x509_key_file did not support encrypted keys. gnutls now has a gnutls_certificate_set_x509_key_file2 function that does support encrypted keys. Let's determine at compile time whether the available gnutls supports this new function. If it does then use it to pass the password. If it does not then emit a helpful diagnostic if a password is set. This is preferable to the previous behaviour of just failing to read the certificate without giving a reason in that case. Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22CURLINFO_TLS_SESSION: always return backend infoDaniel Stenberg
... even for those that don't support providing anything in the 'internals' struct member since it offers a convenient way for applications to figure this out.
2015-09-19vtls: Change designator name for server's pubkey hashJay Satiro
- Change the designator name we use to show the base64 encoded sha256 hash of the server's public key from 'pinnedpubkey' to 'public key hash'. Though the server's public key hash is only shown when comparing pinned public key hashes, the server's hash may not match one of the pinned.
2015-09-19NTLM: Reset auth-done when using a fresh connectionIsaac Boukris
With NTLM a new connection will always require authentication. Fixes #435
2015-09-19ssl: add server cert's "sha256//" hash to verboseDaniel Hwang
Add a "pinnedpubkey" section to the "Server Certificate" verbose Bug: https://github.com/bagder/curl/issues/410 Reported-by: W. Mark Kubacki Closes #430 Closes #410
2015-09-19openldap: only part of LDAP query results receivedJakub Zakrzewski
Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f Closes #440
2015-09-19openssl: don't output certinfo dataAlessandro Ghedini
2015-09-19openssl: refactor certificate parsing to use OpenSSL memory BIOAlessandro Ghedini
Fixes #427
2015-09-18nss: prevent NSS from incorrectly re-using a sessionKamil Dudka
Without this workaround, NSS re-uses a session cache entry despite the server name does not match. This causes SNI host name to differ from the actual host name. Consequently, certain servers (e.g. github.com) respond by 400 to such requests. Bug: https://bugzilla.mozilla.org/1202264
2015-09-18nss: check return values of NSS functionsKamil Dudka
2015-09-17openssl: build with < 0.9.8Daniel Stenberg
... without sha256 support and no define saying so. Reported-by: Rajkumar Mandal
2015-09-13http2: removed unused functionDaniel Stenberg
2015-09-10curl_sspi: fix possibly undefined CRYPT_E_REVOKEDJay Satiro
Bug: https://github.com/bagder/curl/pull/411 Reported-by: Viktor Szakats
2015-09-08parse_proxy: reject illegal port numbersDaniel Stenberg
If the port number in the proxy string ended weirdly or the number is too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 numerical address is used without enclosing brackets. Also mention the bracket requirement for IPv6 numerical addresses to the man page for CURLOPT_PROXY. Closes #415 Reported-by: Marcel Raad
2015-09-08FTP: do_more: add check for wait_data_conn in upload caseDaniel Stenberg
In some timing-dependnt cases when a 4xx response immediately followed after a 150 when a STOR was issued, this function would wrongly return 'complete == true' while 'wait_data_conn' was still set. Closes #405 Reported-by: Patricia Muscalu
2015-09-04nss: do not directly access SSL_ImplementedCiphers[]Kamil Dudka
It causes dynamic linking issues at run-time after an update of NSS. Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
2015-09-03gitignore: ignore more generated VC MakefilesDaniel Stenberg
2015-09-03http2: don't pass on Connection: headersDaniel Stenberg
RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an HTTP/2 message containing connection-specific header fields; any message containing connection-specific header fields MUST be treated as malformed" Closes #401
2015-09-03inet_pton.c: Fix MSVC run-time check failure (2)Marcel Raad
This fixes another run-time check failure because of a narrowing cast on Visual C++. Closes #408
2015-08-31sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabledSteve Holme
Introduced in commit 59f3f92ba6 this function is only implemented when CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define the function in the header file either.
2015-08-31sasl: Updated SPN variables and comments for consistencySteve Holme
In places the "host name" and "realm" variable was referred to as "instance" whilst in others it was referred to as "host".
2015-08-30win32: Use DES_set_odd_parity() from OpenSSL/BoringSSL by defaultSteve Holme
Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native Windows builds don't use the autoconf tools.
2015-08-30des: Fixed compilation warning from commit 613e5022feSteve Holme
curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined; assuming extern returning int
2015-08-30makefiles: Added our standard copyright headerSteve Holme
But kept the original author, when they were specified in a comment, as the initial copyright holder.
2015-08-25cmake: added Windows SSL supportSergei Nikulov
Closes #399
2015-08-24getinfo: added CURLINFO_ACTIVESOCKETRazvan Cojocaru
This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64 bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable. Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
2015-08-24http2: remove dead codeDaniel Stenberg
Leftovers from when we removed the private socket hash. Coverity CID 1317365, "Logically dead code"
2015-08-24ntlm: mark deliberate switch case fall-throughDaniel Stenberg
Coverity CID 1317367, "Missing break in switch"
2015-08-24http2: on_frame_recv: get a proper 'conn' for the debug loggingDaniel Stenberg
"Explicit null dereferenced (FORWARD_NULL)" Coverity CID 1317366