aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-05-20ssh: ignore timeouts during disconnectDaniel Stenberg
... as otherwise it risks not cleaning up the libssh2 handle properly which leads to memory leak! Assisted-by: Joel Depooter Closes #1495 Closes #1479 Bug: https://curl.haxx.se/mail/lib-2017-04/0024.html
2017-05-16darwinssl: Fix exception when processing a client-side certificate fileNick Zitzmann
if no error was raised by the API but the SecIdentityRef was null Fixes #1450
2017-05-16curl_sasl: fix build error with CURL_DISABLE_CRYPTO_AUTH + USE_NTLMDaniel Stenberg
Reported-by: wyattoday at github Fixes #1487
2017-05-15SecureTransport/DarwinSSL: Implement public key pinningmoparisthebest
Closes #1400
2017-05-13url.c: add a compile-time check that CURL_MAX_WRITE_SIZE is large enoughDan Fandrich
Some code (e.g. Curl_fillreadbuffer) assumes that this buffer is not exceedingly tiny and will break if it is. This same check is already done at run time in the CURLOPT_BUFFERSIZE option.
2017-05-12multi: remove leftover debug infof() calls from e9fd794a6Daniel Stenberg
2017-05-12pipeline: fix mistakenly trying to pipeline POSTsDaniel Stenberg
The function IsPipeliningPossible() would return TRUE if either pipelining OR HTTP/2 were possible on a connection, which would lead to it returning TRUE even for POSTs on HTTP/1 connections. It now returns a bitmask so that the caller can differentiate which kind the connection allows. Fixes #1481 Closes #1483 Reported-by: stootill at github
2017-05-12mbedtls: Support server renegotiation requestRon Eldor
Tested with servers: IIS 7.5; OpenSSL 1.0.2. Closes https://github.com/curl/curl/pull/1475
2017-05-11formdata: fix -Wcomma warningMarcel Raad
clang 5.0 complains: possible misuse of comma operator here [-Wcomma] Change the comma to a semicolon to fix that.
2017-05-10multi: use a fixed array of timers instead of mallocDaniel Stenberg
... since the total amount is low this is faster, easier and reduces memory overhead. Also, Curl_expire_done() can now mark an expire timeout as done so that it never times out. Closes #1472
2017-05-10multi: assign IDs to all timers and make each timer singletonDaniel Stenberg
A) reduces the timeout lists drastically B) prevents a lot of superfluous loops for timers that expires "in vain" when it has actually already been extended to fire later on
2017-05-09formboundary: convert assert into run-time checkDaniel Stenberg
... to really make sure the boundary fits in the target buffer. Fixes unused parameter 'buflen' warning. Reported-by: Michael Kaufmann Bug: https://github.com/curl/curl/pull/1468#issuecomment-300078754
2017-05-08rand: treat fake entropy the same regardless of endiannessJay Satiro
When the random seed is purposely made predictable for testing purposes by using the CURL_ENTROPY environment variable, process that data in an endian agnostic way so the the initial random seed is the same regardless of endianness. - Change Curl_rand to write to a char array instead of int array. - Add Curl_rand_hex to write random hex characters to a buffer. Fixes #1315 Closes #1468 Co-authored-by: Daniel Stenberg Reported-by: Michael Kaufmann
2017-05-07asyn-thread: fix unused macro warningsMarcel Raad
Don't do anything in this file if CURLRES_THREADED is not defined.
2017-05-07tftp: silence bad-function-cast warningMarcel Raad
The cases this warns about are handled elsewhere, so just use an intermediate variable to silence the warning.
2017-05-04schannel: return a more specific error code for SEC_E_UNTRUSTED_ROOTDan Fandrich
2017-05-04curl_setup_once: use SEND_QUAL_ARG2 for swriteMarcel Raad
SEND_QUAL_ARG2 had to be set, but was never used. Use it in swrite to avoid warnings about casting away low-level const. Closes https://github.com/curl/curl/pull/1464
2017-05-03lib: fix compiler warningsMarcel Raad
Fix the following warnings when building the tests by using the correct types: cast from 'const char *' to 'void *' drops const qualifier [-Wcast-qual] implicit conversion changes signedness [-Wsign-conversion]
2017-05-02Telnet: Write full buffer instead of byte-by-byteRichard Hsu
Previous TODO wanting to write in chunks. We should support writing more at once since some TELNET servers may respond immediately upon first byte written such as WHOIS servers. Closes #1389
2017-05-02gtls: fixed a lingering BUFSIZE referenceDan Fandrich
2017-05-02ssh: fix compiler warning from e40e9d7f0deDaniel Stenberg
2017-05-02url: let CURLOPT_BUFFERSIZE realloc to smaller sizes tooDaniel Stenberg
Closes #1449
2017-05-01BUFSIZE: rename to READBUFFER_*, make separate MASTERBUF_SIZEDaniel Stenberg
2017-05-01openssl: use local stack for temp storageDaniel Stenberg
2017-05-01sendf: remove use of BUFSIZE from debug data conversionsDaniel Stenberg
The buffer can have other sizes.
2017-05-01buffer: use data->set.buffer_size instead of BUFSIZEDaniel Stenberg
... to properly use the dynamically set buffer size!
2017-05-01krb5: use private buffer for temp string, not receive bufferDaniel Stenberg
2017-05-01upload: UPLOAD_BUFSIZE is now for the upload bufferDaniel Stenberg
2017-05-01http-proxy: use a dedicated CONNECT response bufferDaniel Stenberg
To make it suitably independent of the receive buffer and its flexible size.
2017-05-01transfer: fix minor buffer_size mistakeDaniel Stenberg
2017-05-01failf: use private buffer, don't clobber receive bufferDaniel Stenberg
2017-05-01pingpong: use the set buffer sizeDaniel Stenberg
2017-05-01http2: use the correct set buffer sizeDaniel Stenberg
2017-05-01http: don't clobber the receive buffer for timecondDaniel Stenberg
2017-05-01buffer_size: make sure it always has the correct sizeDaniel Stenberg
Removes the need for CURL_BUFSIZE
2017-05-01file: use private buffer for C-L outputDaniel Stenberg
... instead of clobbering the download buffer.
2017-05-01CURLOPT_BUFFERSIZE: 1024 bytes is now the minimum sizeDaniel Stenberg
The buffer is needed to receive FTP, HTTP CONNECT responses etc so already at this size things risk breaking and smaller is certainly not wise.
2017-05-01ftp: use private buffer for temp storage, not receive bufferDaniel Stenberg
2017-05-01http: use private user:password output bufferDaniel Stenberg
Don't clobber the receive buffer.
2017-05-01curl_setup: Ensure no more than one IDN lib is enabledJay Satiro
Prior to this change it was possible for libcurl to be built with both Windows' native IDN lib (normaliz) and libidn2 enabled. It appears that doesn't offer any benefit --and could cause a bug-- since libcurl's IDN handling is written to use either one but not both. Bug: https://github.com/curl/curl/issues/1441#issuecomment-297689856 Reported-by: Gisle Vanem
2017-04-30http2: declare TU-local variables staticMarcel Raad
This fixes the following clang warnings: http2.c:184:27: error: no previous extern declaration for non-static variable 'Curl_handler_http2' [-Werror,-Wmissing-variable-declarations] http2.c:204:27: error: no previous extern declaration for non-static variable 'Curl_handler_http2_ssl' [-Werror,-Wmissing-variable-declarations]
2017-04-29curl_rtmp: fix missing-variable-declarations warningsMarcel Raad
clang complains: curl_rtmp.c:61:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmp' [-Werror,-Wmissing-variable-declarations] curl_rtmp.c:81:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpt' [-Werror,-Wmissing-variable-declarations] curl_rtmp.c:101:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpe' [-Werror,-Wmissing-variable-declarations] curl_rtmp.c:121:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpte' [-Werror,-Wmissing-variable-declarations] curl_rtmp.c:141:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmps' [-Werror,-Wmissing-variable-declarations] curl_rtmp.c:161:27: error: no previous extern declaration for non-static variable 'Curl_handler_rtmpts' [-Werror,-Wmissing-variable-declarations] Fix this by including the header file.
2017-04-29url: fixed a memory leak on OOM while setting CURLOPT_BUFFERSIZEDan Fandrich
2017-04-27http-proxy: removed unused argument in CURL_DISABLE_PROXY caseDan Fandrich
Missed in commit 55c3c02e
2017-04-26lib: remove unused codeMarcel Raad
This fixes the following clang warnings: macro is not used [-Wunused-macros] will never be executed [-Wunreachable-code] Closes https://github.com/curl/curl/pull/1448
2017-04-26http-proxy: remove unused argument from Curl_proxyCONNECT()Daniel Stenberg
2017-04-26url: declare get_protocol_family() staticMartin Kepplinger
get_protocol_family() is not defined static even though there is a static local forward declaration. Let's simply make the definition match it's declaration. Bug: https://curl.haxx.se/mail/lib-2017-04/0127.html
2017-04-25nss: load libnssckbi.so if no other trust is specifiedKamil Dudka
The module contains a more comprehensive set of trust information than supported by nss-pem, because libnssckbi.so also includes information about distrusted certificates. Reviewed-by: Kai Engert Closes #1414
2017-04-25nss: factorize out nss_{un,}load_module to separate fncsKamil Dudka
No change of behavior is intended by this commit.
2017-04-25nss: do not leak PKCS #11 slot while loading a keyKamil Dudka
It could prevent nss-pem from being unloaded later on. Bug: https://bugzilla.redhat.com/1444860