aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2010-11-13security: tighten enum protection_level usage.Julien Chaffraix
While changing Curl_sec_read_msg to accept an enum protection_level instead of an int, I went ahead and fixed the usage of the associated fields. Some code was assuming that prot_clear == 0. Fixed those to use the proper value. Added assertions prior to any code that would set the protection level.
2010-11-12krb5: Use GSS_ERROR to check for error.Julien Chaffraix
This is the advised way of checking for errors in the GSS-API RFC. Also added some '\n' to the error message so that they are not mixed with other outputs.
2010-11-12security: Pass the right parameter to init.Julien Chaffraix
init is expecting app_data. Passing it the struct connecdata would make us crash later.
2010-11-11ip_version: moved to connection structDaniel Stenberg
The IP version choice was previously only in the UserDefined struct within the SessionHandle, but since we sometimes alter that option during a request we need to have it on a per-connection basis. I also moved more "init conn" code into the allocate_conn() function which is designed for that purpose more or less.
2010-11-10TFTP: resend the correct dataRutger Hofman
I found a bug in tftp_tx() in tftp.c. If a data resend is done after reception of an ACK/OACK, the call to sendto is wrong.
2010-11-09ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUTKamil Dudka
Bug: https://bugzilla.redhat.com/650255 Reported by: Simon H.
2010-11-08ftp: close connection as soon as ABOR has been sentKamil Dudka
... and do not send ABOR unless really necessary. Bug: https://bugzilla.redhat.com/649347 Reported by: Simon H.
2010-11-08CURLOPT_RESOLVE: addedDaniel Stenberg
CURLOPT_RESOLVE is a new option that sends along a curl_slist with name:port:address sets that will populate the DNS cache with entries so that request can be "fooled" to use another host than what otherwise would've been used. Previously we've encouraged the use of Host: for that when dealing with HTTP, but this new feature has the added bonus that it allows the name from the URL to be used for TLS SNI and server certificate name checks as well. This is a first change. Surely more will follow to make it decent.
2010-11-08fix compiler warningYang Tse
2010-11-05LDAP: detect non-binary attributes properlyAlfred Gebert
If the query result has a binary attribute, the binary attribute is base64 encoded. But all following non binary attributes are also base64 encoded which is wrong. This is a test (LDAP server is public). curl ldap://x500.bund.de:389/o=Bund,c=DE?userCertificate,certificateSerialNumber?sub ?cn=*Woehleke*
2010-11-05Revert: use Host: name for SNI and cert name checksDaniel Stenberg
This reverts commit b0fd03f5b8d4520dd232a9d13567d16bd0ad8951, 4b2fbe1e97891f, afecd1aa13b4f, 68cde058f66b3
2010-11-04certcheck: use the custom Host: name for checksDaniel Stenberg
If you use a custom Host: name in a request to a SSL server, libcurl will now use that given name when it verifies the server certificate to be correct rather than using the host name used in the actual URL.
2010-11-04SNI: simplify the custom host name useDaniel Stenberg
The redirect check is already done at the position where the customhost field is assigned so there's no point in doing that a second time.
2010-11-04host: get the custom Host: name more genericlyDaniel Stenberg
When given a custom host name in a Host: header, we can use it for several different purposes other than just cookies, so we rename it and use it for SSL SNI etc.
2010-11-04SNI: set name to custom Host headerHongli Lai (Phusion)
OpenSSL SNI host name should be set to the custom Host header, if the user provided one.
2010-10-29ftp: prevent server from hanging on closed data connectionKamil Dudka
Some FTP servers (e.g. Pure-ftpd) end up hanging if we close the data connection before transferring all the requested data. If we send ABOR in that case, it prevents the server from hanging. Bug: https://bugzilla.redhat.com/643656 Reported by: Pasi Karkkainen, Patrick Monnerat
2010-10-28Removed a leftover mention of FTP in an error messageDan Fandrich
2010-10-21Removed the native Makefile.riscos filesDan Fandrich
These haven't worked in at least 8 years due to missing source files, and most active RiscOS developers these days apparently cross-compile anyway. Signed-off-by: James Bursa <james@zamez.org>
2010-10-20Lightened the stack in wc_statemach to permit deeper recursionDan Fandrich
Also, added a few hints to help compilers to perform tail call recursion optimization.
2010-10-20SSH: use libssh2_session_handshake()Daniel Stenberg
In libssh2 1.2.8, libssh2_session_handshake() replaces libssh2_session_startup() to fix the previous portability problem with the socket type that was too small for win64 and thus easily could cause crashes and more.
2010-10-20SSH: avoid using the libssh2_ prefixDaniel Stenberg
It is a bad idea to use the public prefix used by another library and now we realize that libssh2 introduces a symbol in the upcoming version 1.2.8 that conflicts with our static function named libssh2_free.
2010-10-20formdata: provide error messageDaniel Stenberg
When failing to build form post due to an error, the code now does a proper failf(). Previously libcurl would report an error like "failed creating formpost data" when a file wasn't possible to open which was not easy for users to figure out. I also lower cased a function name to be named more curl-style and removed some unnecessary code.
2010-10-19URL-parsing: consider ? a dividerDaniel Stenberg
The URL parser got a little stricter as it now considers a ? to be a host name divider so that the slightly sloppier URLs work too. The problem that made me do this change was the reported problem with an URL like: www.example.com?email=name@example.com This form of URL is not really a legal URL (due to the missing slash after the host name) but is widely accepted by all major browsers and libcurl also already accepted it, it was just the '@' letter that triggered the problem now. The side-effect of this change is that now libcurl no longer accepts the ? letter as part of user-name or password when given in the URL, which it used to accept (and is tested in test 191). That letter is however mentioned in RFC3986 to be required to be percent encoded since it is used as a divider. Bug: http://curl.haxx.se/bug/view.cgi?id=3090268
2010-10-18krb4.h: removed unused prototypesDaniel Stenberg
2010-10-18krb4: make a few functions staticDaniel Stenberg
2010-10-17http_chunks: remove debug outputDaniel Stenberg
Accidentally left in there during my previous debugging of this
2010-10-14Curl_setopt: disallow CURLOPT_USE_SSL without SSL supportDaniel Stenberg
In order to avoid for example the pingpong protocols to issue STARTTLS (or equivalent) even though there's no SSL support built-in. Reported by: Sune Ahlgren Bug: http://curl.haxx.se/mail/archive-2010-10/0045.html
2010-10-14Some more small Watcom makefile fixes.Guenter Knauf
2010-10-13Modified Watcom makefiles to work on Linux too.Guenter Knauf
2010-10-13gitignore: ignore Makefile.vc10.dist made by maketgzDaniel Stenberg
2010-10-12Fixed Watcom makefile.Guenter Knauf
2010-10-12Added build bits for librtmp / libssh2 to Watcom makefiles.Guenter Knauf
2010-10-12Added build bits for librtmp to NetWare makefiles.Guenter Knauf
2010-10-12SFTP: more ignoring negative file sizesDaniel Stenberg
As the change in 5f0ae7a0626cbe709 added a precaution against negative file sizes that for some reason managed to get returned, this change now introduces the same check at the second place in the code where the file size from the libssh2 stat call is used. This check might not be suitable for a 32 bit curl_off_t, but libssh2.h assumes long long to work and to be 64 bit so I believe such a small curl_off_t will be very unlikely to occur in the wild.
2010-10-11SMTP: debug output for no known auth mechanisms supportedDaniel Stenberg
... and some minor source code whitespace edits
2010-10-11Added build bits for librtmp to MingW32 makefiles.Guenter Knauf
2010-10-03Some NetWare makefile tweaks.Guenter Knauf
Renamed SDK_* to NDK_*; made NDK_* defines overwriteable from environment; removed now obsolete YACC macro; moved some curl_config.h defines to IPv6 section since they are only needed when IPv6 is enabled - this makes libcurl compile with older NDKs too which were not IPv6-aware.
2010-10-02krb5-gssapi: Removed a memory leak in krb5_auth.Julien Chaffraix
We forgot to release the buffer passed to gss_init_sec_context. The previous logic was difficult to read as we were reusing the same variable (gssbuf) for both input buffer and output buffer. Splitted the logic in 2 variables to better underline who needs to be released. Also made the code break at 80 lines.
2010-10-02krb5-gssapi: Made the function always return a value.Julien Chaffraix
kr5_auth missed a final 'return' statement. This is not an error in gcc but can lead to potential bugs.
2010-10-02krb5-gssapi: Delete the GSS-API context.Julien Chaffraix
This fixes a memory leak related to the GSS-API code. Added a krb5_init and krb5_end functions. Also removed a work-around the lack of proper initialization of the GSS-API context.
2010-10-02HTTP: remove special case for 416Daniel Stenberg
It was pointed out that the special case libcurl did for 416 was incorrect and wrong. 416 is not really different to other errors so the response body must be handled like for other errors/http responses. Reported by: Chris Smowton Bug: http://curl.haxx.se/bug/view.cgi?id=3076808
2010-09-30README.ares: we know require c-ares 1.6.0Daniel Stenberg
2010-09-30SFTP: avoid downloading negative sizes!Daniel Stenberg
It is still not clarified exactly why this happens, but libssh2 sometimes report a negative file size for the remote SFTP file and that deeply confuses libcurl (or crashes it) so this precaution is added to avoid badness. Reported by: Ernest Beinrohr Bug: http://curl.haxx.se/bug/view.cgi?id=3076430
2010-09-28krb5-gssapi: Remove several memory leaks.Julien Chaffraix
Remove a leak seen on Kerberos/MIT (gss_OID is copied internally and we were leaking it). Now we just pass NULL as advised in RFC2744. |tmp| was never set back to buf->data. Cleaned up Curl_sec_end to take into account failure in Curl_sec_login (where conn->mech would be NULL but not conn->app_data or conn->in_buffer->data).
2010-09-28security.c: Remove Curl_sec_fflush_fd.Julien Chaffraix
The current implementation would make us send wrong data on a closed socket. We don't buffer our data so the method can be safely removed.
2010-09-28security.c: We should always register the socket handler.Julien Chaffraix
Following a change in the way socket handler are registered, the custom recv and send method were conditionaly registered. We need to register them everytime to handle the ftp security extensions. Re-added the clear text handling in sec_recv.
2010-09-28security.c: Fix Curl_sec_login after rewrite.Julien Chaffraix
Curl_sec_login was returning the opposite result that the code in ftp.c was expecting. Simplified the return code (using a CURLcode) so to see more clearly what is going on.
2010-09-28security.c: Readd the '\n' to the infof() calls.Julien Chaffraix
They are not automatically added and make the output of the verbose mode a lot more readable.
2010-09-28security.c: Fix typo (PSBZ -> PBSZ)Julien Chaffraix
2010-09-28security.c: Fix ftp_send_command.Julien Chaffraix
My use of va_args was completely wrong. Fixed the usage so that we send the right commands!