aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2012-12-27darwinssl: Fixed inability to disable peer verificationNick Zitzmann
... on Snow Leopard and Lion Snow Leopard introduced the SSLSetSessionOption() function, but it doesn't disable peer verification as expected on Snow Leopard or Lion (it works as expected in Mountain Lion). So we now use sysctl() to detect whether or not the user is using Snow Leopard or Lion, and if that's the case, then we now use the deprecated SSLSetEnableCertVerify() function instead to disable peer verification.
2012-12-26curl_multi_remove_handle: commit 0aabfd9963 follow-upYang Tse
2012-12-25curl_multi_remove_handle: fix memory leak triggered with CURLOPT_RESOLVEYang Tse
2012-12-25Curl_hash_clean: OOM handling fixYang Tse
2012-12-24Curl_conncache_foreach: allow callback to break loopDaniel Stenberg
... and have it take a proper 'struct connectdata *' as first argument
2012-12-24pop3_doing: don't call pop3_dophase_done() if already failedDaniel Stenberg
... it also clobbered the 'result' return value so that it wouldn't return the error back to the parent function properly, which broke test 809 when run with 'multi-always'.
2012-12-23curl_multi_wait: OOM handling fixYang Tse
2012-12-23curl_multi_wait: avoid an unnecessary memory allocationDaniel Stenberg
2012-12-21multi.c: OOM handling fixYang Tse
2012-12-21SCP: relative path didn't workDaniel Stenberg
When prefixing a path with /~/ it is supposed to be used relative to the user's home directory but it didn't work. Now we cut off the entire three byte sequenct "/~/" which seems to be how OpenSSH does it. Bug: http://curl.haxx.se/bug/view.cgi?id=1173 Reported by: Balaji Parasuram
2012-12-19bundles connection caching: some out of memory handling fixesYang Tse
2012-12-18VC6 IDE: link with advapi32.lib when using WIN32 crypto API (md5.c)Yang Tse
2012-12-17setup_once.h: HP-UX specific 'bool', 'false' and 'true' definitions.Yang Tse
Also reverts commit f254c59dc7
2012-12-15warnless.c: fix compiler warningsYang Tse
2012-12-14darwinssl: Fix implicit conversion compiler warningsNick Zitzmann
The Clang compiler found a few implicit conversion problems that have now been fixed.
2012-12-14setup_once.h: HP-UX <sys/socket.h> issue workaroundYang Tse
Issue: When building a 32bit target with large file support HP-UX <sys/socket.h> header file may simultaneously provide two different sets of declarations for sendfile and sendpath functions, one with static and another with external linkage. Given that we do not use mentioned functions we really don't care which linkage is the appropriate one, but on the other hand, the double declaration emmits warnings when using the HP-UX compiler and errors when using modern gcc versions resulting in fatal compilation errors. Mentioned issue is now fixed as long as we don't use sendfile nor sendpath functions.
2012-12-14setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>Yang Tse
Inclusion of top two most included header files now done in setup_once.h
2012-12-12setup_once.h: HP-UX specific TRUE and FALSE definitionsYang Tse
Some HP-UX system headers require TRUE defined to 1 and FALSE to 0.
2012-12-12gopher: #include cleanupDaniel Stenberg
Remove all system file includes from this file as they're not needed Reported by: Dan Fandrich
2012-12-10build: add bundles and conncache files to other build systemsYang Tse
2012-12-10conncache: fix enumerated type mixed with another typeYang Tse
2012-12-07Introducing a new persistent connection caching system using "bundles".Linus Nielsen Feltzing
A bundle is a list of all persistent connections to the same host. The connection cache consists of a hash of bundles, with the hostname as the key. The benefits may not be obvious, but they are two: 1) Faster search for connections to reuse, since the hash lookup only finds connections to the host in question. 2) It lays out the groundworks for an upcoming patch, which will introduce multiple HTTP pipelines. This patch also removes the awkward list of "closure handles", which were needed to send QUIT commands to the FTP server when closing a connection. Now we allocate a separate closure handle and use that one to close all connections. This has been tested in a live system for a few weeks, and of course passes the test suite.
2012-12-05build: fix compilation with CURL_DISABLE_CRYPTO_AUTH flagStanislav Ivochkin
2012-12-04build: explain current role of LIBS in our Makefile.am filesYang Tse
BLANK_AT_MAKETIME may be used in our Makefile.am files to blank LIBS variable used in generated makefile at makefile processing time. Doing this functionally prevents LIBS from being used for all link targets in given makefile.
2012-12-04multi: fix re-sending request on early connection closeDaniel Stenberg
This handling already works with the easy-interface code. When a request is sent on a re-used connection that gets closed by the server at the same time as the request is sent, the situation may occur so that we can send the request and we discover the broken connection as a RECV_ERROR in the PERFORM state and then the request needs to be retried on a fresh connection. Test 64 broke with 'multi-always-internally'.
2012-12-03build: prevent global LIBS from influencing src and lib build targetsYang Tse
Currently, LIBS is already used through other macros.
2012-12-03nss: prevent NSS from crashing on client auth hook failureKamil Dudka
Although it is not explicitly stated in the documentation, NSS uses *pRetCert and *pRetKey even if the client authentication hook returns a failure. Namely, if we destroy *pRetCert without clearing *pRetCert afterwards, NSS destroys the certificate once again, which causes a double free. Reported by: Bob Relyea
2012-11-26avoid mixing of enumerated type with another typeYang Tse
2012-11-26multi.c: disambiguate precedence of bitwise and relational operationYang Tse
2012-11-26Remove stray CRLF in chunk-encoded content-free request bodiesFabian Keil
.. that are sent when auth-negotiating before a chunked upload or when setting the 'Transfer-Encoding: chunked' header and intentionally sending no content. Adjust test565 and test1333 accordingly.
2012-11-21VC Makefiles: add missing hostcheckDaniel Stenberg
the newly introduced hostcheck.h/c is missing in the Visual Studio Makefiles as obj file. Bug: http://curl.haxx.se/mail/lib-2012-11/0176.html
2012-11-20compiler warning fixesDaniel Stenberg
The conversions from ssize_t to int need to be typecasted.
2012-11-18fixed memory leak: CURLOPT_RESOLVE with multi interfaceDaniel Stenberg
DNS cache entries populated with CURLOPT_RESOLVE were not properly freed again when done using the multi interface. Test case 1502 added to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=3575448 Reported by: Alex Gruz
2012-11-17mem-include-scan: verify memory #includesDaniel Stenberg
If we use memory functions (malloc, free, strdup etc) in C sources in libcurl and we fail to include curl_memory.h or memdebug.h we either fail to properly support user-provided memory callbacks or the memory leak system of the test suite fails. After Ajit's report of a failure in the first category in http_proxy.c, I spotted a few in the second category as well. These problems are now tested for by test 1132 which runs a perl program that scans for and attempts to check that we use the correct include files if a memory related function is used in the source code. Reported by: Ajit Dhumale Bug: http://curl.haxx.se/mail/lib-2012-11/0125.html
2012-11-16tftp_rx: code style cleanupDaniel Stenberg
Fixed checksrc warnings
2012-11-16tftp_rx: handle resendsChristian Vogt
Re-send ACK for block X in case we receive block X data again while waiting for block X+1. Based on an earlier patch by Marcin Adamski.
2012-11-13OpenSSL: Disable SSL/TLS compressionCristian Rodríguez
It either causes increased memory usage or exposes users to the "CRIME attack" (CVE-2012-4929)
2012-11-13FILE: Make upload-writes unbuffered by not using FILE streamsSebastian Rasmussen
2012-11-12ftp: EPSV-disable fix over SOCKSAnton Malov
Bug: http://curl.haxx.se/bug/view.cgi?id=3586338
2012-11-12Digst: Add microseconds into nounce calculationGabriel Sjoberg
When using only 1 second precision, curl doesn't create new cnonce values quickly enough for all uses. For example, issuing the following command multiple times to a recent Tomcat causes authentication failures: curl --digest -utest:test http://tomcat.test.com:8080/manager/list This is because curl uses the same cnonce for several seconds, but doesn't increment the nonce counter.  Tomcat correctly interprets this as a replay attack and rejects the request. When microsecond-precision is available, this commit causes curl to change cnonce values much more frequently. With microsecond resolution, increasing the nounce length used in the headers to 32 was made to further reduce the risk of duplication.
2012-11-12SCP/SFTP: improve error code used for send failuresDaniel Stenberg
Instead of relying on the generic CURLE error for SCP or SFTP send failures, try passing back a more suitable error if possible.
2012-11-12Curl_write: remove unneeded typecastDaniel Stenberg
2012-11-08hostcheck: only build for the actual usersDaniel Stenberg
and make local function static
2012-11-08SSL: Several SSL-backend related fixesOscar Koeroo
axTLS: This will make the axTLS backend perform the RFC2818 checks, honoring the VERIFYHOST setting similar to the OpenSSL backend. Generic for OpenSSL and axTLS: Move the hostcheck and cert_hostcheck functions from the lib/ssluse.c files to make them genericly available for both the OpenSSL, axTLS and other SSL backends. They are now in the new lib/hostcheck.c file. CyaSSL: CyaSSL now also has the RFC2818 checks enabled by default. There is a limitation that the verifyhost can not be enabled exclusively on the Subject CN field comparison. This SSL backend will thus behave like the NSS and the GnuTLS (meaning: RFC2818 ok, or bust). In other words: setting verifyhost to 0 or 1 will disable the Subject Alt Names checks too. Schannel: Updated the schannel information messages: Split the IP address usage message from the verifyhost setting and changed the message about disabling SNI (Server Name Indication, used in HTTP virtual hosting) into a message stating that the Subject Alternative Names checks are being disabled when verifyhost is set to 0 or 1. As a side effect of switching off the RFC2818 related servername checks with SCH_CRED_NO_SERVERNAME_CHECK (http://msdn.microsoft.com/en-us/library/aa923430.aspx) the SNI feature is being disabled. This effect is not documented in MSDN, but Wireshark output clearly shows the effect (details on the libcurl maillist). PolarSSL: Fix the prototype change in PolarSSL of ssl_set_session() and the move of the peer_cert from the ssl_context to the ssl_session. Found this change in the PolarSSL SVN between r1316 and r1317 where the POLARSSL_VERSION_NUMBER was at 0x01010100. But to accommodate the Ubuntu PolarSSL version 1.1.4 the check is to discriminate between lower then PolarSSL version 1.2.0 and 1.2.0 and higher. Note: The PolarSSL SVN trunk jumped from version 1.1.1 to 1.2.0. Generic: All the SSL backends are fixed and checked to work with the ssl.verifyhost as a boolean, which is an internal API change.
2012-11-08libcurl: VERSIONINFO updateDaniel Stenberg
Since we added the curl_multi_wait function, the VERSIONINFO needed updating. Reported by: Patrick Monnerat
2012-11-08Added .def file to output.Guenter Knauf
Requested by Johnny Luong on the libcurl list.
2012-11-08Curl_readwrite: remove debug outputDaniel Stenberg
The text "additional stuff not fine" text was added for debug purposes a while ago, but it isn't really helping anyone and for some reason some Linux distributions provide their libcurls built with debug info still present and thus (far too many) users get to read this info.
2012-11-07http_perhapsrewind: consider NTLM over proxy tooDaniel Stenberg
The logic previously checked for a started NTLM negotiation only for host and not also with proxy, leading to problems doing POSTs over a proxy NTLM that are larger than 2000 bytes. Now it includes proxy in the check. Bug: http://curl.haxx.se/bug/view.cgi?id=3582321 Reported by: John Suprock
2012-11-07Curl_connecthost: friendlier "couldn't connect" messageLars Buitinck
2012-11-06URL parser: cut off '#' fragments from URLs (better)Daniel Stenberg
The existing logic only cut off the fragment from the separate 'path' buffer which is used when sending HTTP to hosts. The buffer that held the full URL used for proxies were not dealt with. It is now. Test case 5 was updated to use a fragment on a URL over a proxy. Bug: http://curl.haxx.se/bug/view.cgi?id=3579813