aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-02-21url: Improve CURLOPT_PROXY_CAPATH error handlingJay Satiro
- Change CURLOPT_PROXY_CAPATH to return CURLE_NOT_BUILT_IN if the option is not supported, which is the same as what we already do for CURLOPT_CAPATH. - Change the curl tool to handle CURLOPT_PROXY_CAPATH error CURLE_NOT_BUILT_IN as a warning instead of as an error, which is the same as what we already do for CURLOPT_CAPATH. - Fix CAPATH docs to show that CURLE_NOT_BUILT_IN is returned when the respective CAPATH option is not supported by the SSL library. Ref: https://github.com/curl/curl/pull/1257
2017-02-21cyassl: fix typoJay Satiro
2017-02-21cookie: fix declaration of 'dup' shadows a global declarationDaniel Stenberg
2017-02-21TLS: make SSL_VERIFYSTATUS work againDaniel Stenberg
The CURLOPT_SSL_VERIFYSTATUS option was not properly handled by libcurl and thus even if the status couldn't be verified, the connection would be allowed and the user would not be told about the failed verification. Regression since cb4e2be7c6d42ca CVE-2017-2629 Bug: https://curl.haxx.se/docs/adv_20170222.html Reported-by: Marcus Hoffmann
2017-02-21digest_sspi: Handle 'stale=TRUE' directive in HTTP digestJay Satiro
- If the server has provided another challenge use it as the replacement input token if stale=TRUE. Otherwise previous credentials have failed so return CURLE_LOGIN_DENIED. Prior to this change the stale directive was ignored and if another challenge was received it would cause error CURLE_BAD_CONTENT_ENCODING. Ref: https://tools.ietf.org/html/rfc2617#page-10 Bug: https://github.com/curl/curl/issues/928 Reported-by: tarek112@users.noreply.github.com
2017-02-20smb: use getpid replacement for windows UWP buildsDaniel Stenberg
Source: https://github.com/Microsoft/vcpkg/blob/7676b8780db1e1e591c4fc7eba4f96f73c428cb4/ports/curl/0002_fix_uwp.patch
2017-02-20sftp: improved checks for create dir failuresJean Gressmann
Since negative values are errors and not only -1. This makes SFTP upload with --create-dirs work (again). Closes #1269
2017-02-20digest_sspi: Fix nonce-count generation in HTTP digestMax Khon
- on the first invocation: keep security context returned by InitializeSecurityContext() - on subsequent invocations: use MakeSignature() instead of InitializeSecurityContext() to generate HTTP digest response Bug: https://github.com/curl/curl/issues/870 Reported-by: Andreas Roth Closes https://github.com/curl/curl/pull/1251
2017-02-19string formatting: fix 4 printf-style format stringsMichael Kaufmann
2017-02-18speed caps: update the timeouts if the speed is too low/highMichael Kaufmann
Follow-up to 4b86113 Fixes https://github.com/curl/curl/issues/793 Fixes https://github.com/curl/curl/issues/942
2017-02-18proxy: fix hostname resolution and IDN conversionMichael Kaufmann
Properly resolve, convert and log the proxy host names. Support the "--connect-to" feature for SOCKS proxies and for passive FTP data transfers. Follow-up to cb4e2be Reported-by: Jay Satiro Fixes https://github.com/curl/curl/issues/1248
2017-02-17http: fix missing 'Content-Length: 0' while negotiating authIsaac Boukris
- While negotiating auth during PUT/POST if a user-specified Content-Length header is set send 'Content-Length: 0'. This is what we do already in HTTPREQ_POST_FORM and what we did in the HTTPREQ_POST case (regression since afd288b). Prior to this change no Content-Length header would be sent in such a case. Bug: https://curl.haxx.se/mail/lib-2017-02/0006.html Reported-by: Dominik Hölzl Closes https://github.com/curl/curl/pull/1242
2017-02-15axtls: adapt to API changesDaniel Stenberg
Builds with axTLS 2.1.2. This then also breaks compatibility with axTLS < 2.1.0 (the older API) ... and fix the session_id mixup brought in 04b4ee549 Fixes #1220
2017-02-14smb: code indentDaniel Stenberg
2017-02-13http2: fix memory-leak when denying push streamsDaniel Stenberg
Reported-by: zelinchen@users.noreply.github.com Fixes #1229
2017-02-10URL: only accept ";options" in SMTP/POP3/IMAP URL schemesDaniel Stenberg
Fixes #1252
2017-02-09nss: make FTPS work with --proxytunnelKamil Dudka
If the NSS code was in the middle of a non-blocking handshake and it was asked to finish the handshake in blocking mode, it unexpectedly continued in the non-blocking mode, which caused a FTPS connection over CONNECT to fail with "(81) Socket not ready for send/recv". Bug: https://bugzilla.redhat.com/1420327
2017-02-09http_proxy: avoid freeing static memoryDaniel Stenberg
Follow up to 7fe81ec298e0: make sure 'host' is either NULL or malloced.
2017-02-09http_proxy: Fix tiny memory leak upon edge case connecting to proxyCameron MacMinn
Fixes #1255
2017-02-08polarssl, mbedtls: Fix detection of pending dataMichael Kaufmann
Reported-by: Dan Fandrich Bug: https://curl.haxx.se/mail/lib-2017-02/0032.html
2017-02-07http2: reset push header counter fixes crashDaniel Stenberg
When removing an easy handler from a multi before it completed its transfer, and it had pushed streams, it would segfault due to the pushed counted not being cleared. Fixed-by: zelinchen@users.noreply.github.com Fixes #1249
2017-02-07transfer: only retry nobody-requests for HTTPMarkus Westerlind
Using sftp to delete a file with CURLOPT_NOBODY set with a reused connection would fail as curl expected to get some data. Thus it would retry the command again which fails as the file has already been deleted. Fixes #1243
2017-02-07telnet: Fix typosDaniel Gustafsson
Ref: https://github.com/curl/curl/pull/1245
2017-02-07darwinssl: Avoid parsing certificates when not in verbose modeDaniel Gustafsson
The information extracted from the server certificates in step 3 is only used when in verbose mode, and there is no error handling or validation performed as that has already been done. Only run the certificate information extraction when in verbose mode and libcurl was built with verbose strings. Closes https://github.com/curl/curl/pull/1246
2017-02-07schannel: Remove incorrect SNI disabled messageJDepooter
- Remove the SNI disabled when host verification disabled message since that is incorrect. - Show a message for legacy versions of Windows <= XP that connections may fail since those versions of WinSSL lack SNI, algorithms, etc. Bug: https://github.com/curl/curl/pull/1240
2017-02-06use *.sourceforge.io and misc URL updatesViktor Szakats
Ref: https://sourceforge.net/blog/introducing-https-for-project-websites/ Closes: https://github.com/curl/curl/pull/1247
2017-02-01cmake: Support curl --xattr when built with cmakeSean Burford
- Test for and set HAVE_FSETXATTR when support for extended file attributes is present. Closes https://github.com/curl/curl/pull/1176
2017-01-31openssl: Don't use certificate after transferring ownershipAdam Langley
SSL_CTX_add_extra_chain_cert takes ownership of the given certificate while, despite the similar name, SSL_CTX_add_client_CA does not. Thus it's best to call SSL_CTX_add_client_CA before SSL_CTX_add_extra_chain_cert, while the code still has ownership of the argument. Closes https://github.com/curl/curl/pull/1236
2017-01-29mbedtls: implement CTR-DRBG and HAVEGE random generatorsAntoine Aubert
closes #1227
2017-01-28mbedtls: disable TLS session ticketsMichael Kaufmann
SSL session reuse with TLS session tickets is not supported yet. Use SSL session IDs instead. See https://github.com/curl/curl/issues/1109
2017-01-28gnutls: disable TLS session ticketsMichael Kaufmann
SSL session reuse with TLS session tickets is not supported yet. Use SSL session IDs instead. Fixes https://github.com/curl/curl/issues/1109
2017-01-28polarssl: fix hangsMichael Kaufmann
This bugfix is similar to commit c111178bd4.
2017-01-27cookies: do not assume a valid domain has a dotDaniel Stenberg
This repairs cookies for localhost. Non-PSL builds will now only accept "localhost" without dots, while PSL builds okeys everything not listed as PSL. Added test 1258 to verify. This was a regression brought in a76825a5efa6b4
2017-01-24telnet: fix windows compiler warningsDaniel Stenberg
Thumbs-up-by: Jay Satiro Closes #1225
2017-01-23VC: remove the makefile.vc6 build infraDaniel Stenberg
The winbuild/ build files is now the single MSVC makefile build choice. Closes #1215
2017-01-22vtls: source indentation fixDaniel Stenberg
2017-01-20vtls: fix PolarSSL non-blocking handlingDaniel Stenberg
A regression brought in cb4e2be Reported-by: Michael Kaufmann Bug: https://github.com/curl/curl/issues/1174#issuecomment-274018791
2017-01-20vtls: fix mbedtls multi non blocking handshake.Antoine Aubert
When using multi, mbedtls handshake is in non blocking mode. vtls must set wait for read/write flags for the socket. Closes #1223
2017-01-19CURLOPT_BUFFERSIZE: support enlarging receive bufferRichy Kim
Replace use of fixed macro BUFSIZE to define the size of the receive buffer. Reappropriate CURLOPT_BUFFERSIZE to include enlarging receive buffer size. Upon setting, resize buffer if larger than the current default size up to a MAX_BUFSIZE (512KB). This can benefit protocols like SFTP. Closes #1222
2017-01-19*.rc: escape non-ASCII/non-UTF-8 character for clarityViktor Szakats
Closes https://github.com/curl/curl/pull/1217
2017-01-18CURLOPT_CONNECT_TO: Fix compile warningsMichael Kaufmann
Fix compile warnings that appeared only when curl has been configured with '--disable-verbose'.
2017-01-18parseurl: move back buffer to function scopeDaniel Stenberg
Regression since 1d4202ad, which moved the buffer into a more narrow scope, but the data in that buffer was used outside of that more narrow scope. Reported-by: Dan Fandrich Bug: https://curl.haxx.se/mail/lib-2017-01/0093.html
2017-01-17openssl: Fix random generationJay Satiro
- Fix logic error in Curl_ossl_random. Broken a few days ago in 807698d.
2017-01-15nss: use the correct lock in nss_find_slot_by_name()Kamil Dudka
2017-01-15http2: disable server push if not requestedAlessandro Ghedini
Ref: https://github.com/curl/curl/pull/1160
2017-01-14http: print correct HTTP string in verbose output when using HTTP/2Alessandro Ghedini
Before: ``` % src/curl https://sigsegv.ninja/ -v --http2 ... > GET / HTTP/1.1 > Host: sigsegv.ninja > User-Agent: curl/7.52.2-DEV > Accept: */* > ... ``` After: ``` % src/curl https://sigsegv.ninja/ -v --http2 ... > GET / HTTP/2 > Host: sigsegv.ninja > User-Agent: curl/7.52.2-DEV > Accept: */* > ```
2017-01-14addrinfo: fix compiler warning on offsetof() useDaniel Stenberg
curl_addrinfo.c:519:20: error: conversion to ‘curl_socklen_t {aka unsigned int}’ from ‘long unsigned int’ may alter its value [-Werror=conversion] Follow-up to 1d786faee1046f
2017-01-13unix_socket: add support for abstract unix domain socketIsaac Boukris
In addition to unix domain sockets, Linux also supports an abstract namespace which is independent of the filesystem. In order to support it, add new CURLOPT_ABSTRACT_UNIX_SOCKET option which uses the same storage as CURLOPT_UNIX_SOCKET_PATH internally, along with a flag to specify abstract socket. On non-supporting platforms, the abstract address will be interpreted as an empty string and fail gracefully. Also add new --abstract-unix-socket tool parameter. Signed-off-by: Isaac Boukris <iboukris@gmail.com> Reported-by: Chungtsun Li (typeless) Reviewed-by: Daniel Stenberg Reviewed-by: Peter Wu Closes #1197 Fixes #1061
2017-01-13IDN: Use TR46 non-transitionalDaniel Stenberg
Assisted-by: Tim Rühsen
2017-01-13IDN: revert use of the transitional optionDaniel Stenberg
It made the german ß get converted to ss, IDNA2003 style, and we can't have that for the .de TLD - a primary reason for our switch to IDNA2008. Test 165 verifies.