Age | Commit message (Collapse) | Author |
|
With NTLM a new connection will always require authentication.
Fixes #435
|
|
Add a "pinnedpubkey" section to the "Server Certificate" verbose
Bug: https://github.com/bagder/curl/issues/410
Reported-by: W. Mark Kubacki
Closes #430
Closes #410
|
|
Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f
Closes #440
|
|
|
|
Fixes #427
|
|
Without this workaround, NSS re-uses a session cache entry despite the
server name does not match. This causes SNI host name to differ from
the actual host name. Consequently, certain servers (e.g. github.com)
respond by 400 to such requests.
Bug: https://bugzilla.mozilla.org/1202264
|
|
|
|
... without sha256 support and no define saying so.
Reported-by: Rajkumar Mandal
|
|
|
|
Bug: https://github.com/bagder/curl/pull/411
Reported-by: Viktor Szakats
|
|
If the port number in the proxy string ended weirdly or the number is
too large, skip it. Mostly as a means to bail out early if a "bare" IPv6
numerical address is used without enclosing brackets.
Also mention the bracket requirement for IPv6 numerical addresses to the
man page for CURLOPT_PROXY.
Closes #415
Reported-by: Marcel Raad
|
|
In some timing-dependnt cases when a 4xx response immediately followed
after a 150 when a STOR was issued, this function would wrongly return
'complete == true' while 'wait_data_conn' was still set.
Closes #405
Reported-by: Patricia Muscalu
|
|
It causes dynamic linking issues at run-time after an update of NSS.
Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
|
|
|
|
RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an
HTTP/2 message containing connection-specific header fields; any message
containing connection-specific header fields MUST be treated as
malformed"
Closes #401
|
|
This fixes another run-time check failure because of a narrowing cast on
Visual C++.
Closes #408
|
|
Introduced in commit 59f3f92ba6 this function is only implemented when
CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define
the function in the header file either.
|
|
In places the "host name" and "realm" variable was referred to as
"instance" whilst in others it was referred to as "host".
|
|
Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native
Windows builds don't use the autoconf tools.
|
|
curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined;
assuming extern returning int
|
|
But kept the original author, when they were specified in a comment, as
the initial copyright holder.
|
|
Closes #399
|
|
This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64
bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable.
Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
|
|
Leftovers from when we removed the private socket hash.
Coverity CID 1317365, "Logically dead code"
|
|
Coverity CID 1317367, "Missing break in switch"
|
|
"Explicit null dereferenced (FORWARD_NULL)"
Coverity CID 1317366
|
|
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default
protocol for schemeless URLs.
- Add new tool option --proto-default to expose
CURLOPT_DEFAULT_PROTOCOL.
In the case of schemeless URLs libcurl will behave in this way:
When the option is used libcurl will use the supplied default.
When the option is not used, libcurl will follow its usual plan of
guessing from the hostname and falling back to 'http'.
|
|
... so improve the #ifdefs for using our local implementation.
|
|
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER
and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server
doesn't present a certificate at all.
Closes #392
|
|
The multi state machine would otherwise go into the DO_MORE state after
DO, even for the case when the FTP state machine had already performed
those duties, which caused libcurl to get stuck in that state and fail
miserably. This occured for for active ftp uploads.
Reported-by: Patricia Muscalu
|
|
Based-on-patch-by: Jim Hollinger
|
|
|
|
Visual Studio complains with a message box:
"Run-Time Check Failure #1 - A cast to a smaller data type has caused a
loss of data. If this was intentional, you should mask the source of
the cast with the appropriate bitmask.
For example:
char c = (i & 0xFF);
Changing the code in this way will not affect the quality of the
resulting optimized code."
This is because only 'val' is cast to unsigned char, so the "& 0xff" has
no effect.
Closes #387
|
|
find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
|
|
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the
SessionHandle. Apparently mod_h2 will sometimes send a frame for a
stream_id we're finished with.
Use nghttp2_session_get_stream_user_data and
nghttp2_session_set_stream_user_data to identify SessionHandles instead
of a hash.
Closes #372
|
|
closes #371
|
|
Reported-by: Tim Stack
Closes #359
|
|
Currently when the server responds with 401 on NTLM authenticated
connection (re-used) we consider it to have failed. However this is
legitimate and may happen when for example IIS is set configured to
'authPersistSingleRequest' or when the request goes thru a proxy (with
'via' header).
Implemented by imploying an additional state once a connection is
re-used to indicate that if we receive 401 we need to restart
authentication.
Closes #363
|
|
The SSH state machine didn't clear the 'rc' variable appropriately in a
two places which prevented it from looping the way it should. And it
lacked an 'else' statement that made it possible to erroneously get
stuck in the SSH_AUTH_AGENT state.
Reported-by: Tim Stack
Closes #357
|
|
initialization discards 'const' qualifier from pointer target type
|
|
References to NTLM in the identity generation should have been removed
in commit c469941293 but not all were.
|
|
connect.c:953:5: warning: initializer element is not computable at load
time
connect.c:953:5: warning: missing initializer for field 'dwMinorVersion'
of 'OSVERSIONINFOEX'
curl_sspi.c:97:5: warning: initializer element is not computable at load
time
curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion'
of 'OSVERSIONINFOEX'
|
|
schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion'
of 'OSVERSIONINFOEX' [-Wmissing-field-initializers
|
|
Otherwise it would never be called for an HTTP/2 connection, which has
its own disconnect handler.
I spotted this while debugging <https://bugzilla.redhat.com/1248389>
where the http_disconnect() handler was called on an FTP session handle
causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *)
was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in
Curl_add_buffer_free() after printing the "Connection cache is full,
closing the oldest one." message.
A previously working version of libcurl started to crash after it was
recompiled with the HTTP/2 support despite the HTTP/2 protocol was not
actually used. This commit makes it work again although I suspect the
root cause (reinterpreting session handle data of incompatible protocol)
still has to be fixed. Otherwise the same will happen when mixing FTP
and HTTP/2 connections and exceeding the connection cache limit.
Reported-by: Tomas Tomecek
Bug: https://bugzilla.redhat.com/1248389
|
|
Currently, libcurl rejects responses with "Content-Encoding: compress"
when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should
treat the Content-Encoding "compress" the same as other
Content-Encodings that it does not support, e.g. "bzip2". That means
just ignoring it.
|
|
MSVC 12 complains:
lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local
variable 'verstr' used It's a false positive, but as it's normally not,
I have enabled warning-as-error for that warning.
|
|
Detected by Coverity.
Error: NULL_RETURNS:
lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times).
lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr".
lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf".
1300|
1301| hdbuf = strchr(hdbuf, 0x0a);
1302|-> ++hdbuf;
1303|
1304| authority_idx = 0;
|
|
- Fix the VerifyVersionInfo calls, which we use to test for the OS major
version, to also test for the minor version as well as the service pack
major and minor versions.
MSDN: "If you are testing the major version, you must also test the
minor version and the service pack major and minor versions."
https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx
Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098
Reported-by: Marcel Raad <MarcelRaad@users.noreply.github.com>
|
|
|
|
Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname
requires VERSIONINFO updating.
|