aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2015-09-23gnutls: Report actual GnuTLS error message for certificate errorsMike Crowe
If GnuTLS fails to read the certificate then include whatever reason it provides in the failure message reported to the client. Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22gnutls: Support CURLOPT_KEYPASSWDMike Crowe
The gnutls vtls back-end was previously ignoring any password set via CURLOPT_KEYPASSWD. Presumably this was because gnutls_certificate_set_x509_key_file did not support encrypted keys. gnutls now has a gnutls_certificate_set_x509_key_file2 function that does support encrypted keys. Let's determine at compile time whether the available gnutls supports this new function. If it does then use it to pass the password. If it does not then emit a helpful diagnostic if a password is set. This is preferable to the previous behaviour of just failing to read the certificate without giving a reason in that case. Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22CURLINFO_TLS_SESSION: always return backend infoDaniel Stenberg
... even for those that don't support providing anything in the 'internals' struct member since it offers a convenient way for applications to figure this out.
2015-09-19vtls: Change designator name for server's pubkey hashJay Satiro
- Change the designator name we use to show the base64 encoded sha256 hash of the server's public key from 'pinnedpubkey' to 'public key hash'. Though the server's public key hash is only shown when comparing pinned public key hashes, the server's hash may not match one of the pinned.
2015-09-19NTLM: Reset auth-done when using a fresh connectionIsaac Boukris
With NTLM a new connection will always require authentication. Fixes #435
2015-09-19ssl: add server cert's "sha256//" hash to verboseDaniel Hwang
Add a "pinnedpubkey" section to the "Server Certificate" verbose Bug: https://github.com/bagder/curl/issues/410 Reported-by: W. Mark Kubacki Closes #430 Closes #410
2015-09-19openldap: only part of LDAP query results receivedJakub Zakrzewski
Introduced with commit 65d141e6da5c6003a1592bbc87ee550b0ad75c2f Closes #440
2015-09-19openssl: don't output certinfo dataAlessandro Ghedini
2015-09-19openssl: refactor certificate parsing to use OpenSSL memory BIOAlessandro Ghedini
Fixes #427
2015-09-18nss: prevent NSS from incorrectly re-using a sessionKamil Dudka
Without this workaround, NSS re-uses a session cache entry despite the server name does not match. This causes SNI host name to differ from the actual host name. Consequently, certain servers (e.g. github.com) respond by 400 to such requests. Bug: https://bugzilla.mozilla.org/1202264
2015-09-18nss: check return values of NSS functionsKamil Dudka
2015-09-17openssl: build with < 0.9.8Daniel Stenberg
... without sha256 support and no define saying so. Reported-by: Rajkumar Mandal
2015-09-13http2: removed unused functionDaniel Stenberg
2015-09-10curl_sspi: fix possibly undefined CRYPT_E_REVOKEDJay Satiro
Bug: https://github.com/bagder/curl/pull/411 Reported-by: Viktor Szakats
2015-09-08parse_proxy: reject illegal port numbersDaniel Stenberg
If the port number in the proxy string ended weirdly or the number is too large, skip it. Mostly as a means to bail out early if a "bare" IPv6 numerical address is used without enclosing brackets. Also mention the bracket requirement for IPv6 numerical addresses to the man page for CURLOPT_PROXY. Closes #415 Reported-by: Marcel Raad
2015-09-08FTP: do_more: add check for wait_data_conn in upload caseDaniel Stenberg
In some timing-dependnt cases when a 4xx response immediately followed after a 150 when a STOR was issued, this function would wrongly return 'complete == true' while 'wait_data_conn' was still set. Closes #405 Reported-by: Patricia Muscalu
2015-09-04nss: do not directly access SSL_ImplementedCiphers[]Kamil Dudka
It causes dynamic linking issues at run-time after an update of NSS. Bug: https://lists.fedoraproject.org/pipermail/devel/2015-September/214117.html
2015-09-03gitignore: ignore more generated VC MakefilesDaniel Stenberg
2015-09-03http2: don't pass on Connection: headersDaniel Stenberg
RFC 7540 section 8.1.2.2 states: "An endpoint MUST NOT generate an HTTP/2 message containing connection-specific header fields; any message containing connection-specific header fields MUST be treated as malformed" Closes #401
2015-09-03inet_pton.c: Fix MSVC run-time check failure (2)Marcel Raad
This fixes another run-time check failure because of a narrowing cast on Visual C++. Closes #408
2015-08-31sasl: Only define Curl_sasl_digest_get_pair() when CRYPTO_AUTH enabledSteve Holme
Introduced in commit 59f3f92ba6 this function is only implemented when CURL_DISABLE_CRYPTO_AUTH is not defined. As such we shouldn't define the function in the header file either.
2015-08-31sasl: Updated SPN variables and comments for consistencySteve Holme
In places the "host name" and "realm" variable was referred to as "instance" whilst in others it was referred to as "host".
2015-08-30win32: Use DES_set_odd_parity() from OpenSSL/BoringSSL by defaultSteve Holme
Set HAVE_DES_SET_ODD_PARITY when using OpenSSL/BoringSSL as native Windows builds don't use the autoconf tools.
2015-08-30des: Fixed compilation warning from commit 613e5022feSteve Holme
curl_ntlm_core.c:150: warning 'Curl_des_set_odd_parity' undefined; assuming extern returning int
2015-08-30makefiles: Added our standard copyright headerSteve Holme
But kept the original author, when they were specified in a comment, as the initial copyright holder.
2015-08-25cmake: added Windows SSL supportSergei Nikulov
Closes #399
2015-08-24getinfo: added CURLINFO_ACTIVESOCKETRazvan Cojocaru
This patch addresses known bug #76, where on 64-bit Windows SOCKET is 64 bits wide, but long is only 32, making CURLINFO_LASTSOCKET unreliable. Signed-off-by: Razvan Cojocaru <rcojocaru@bitdefender.com>
2015-08-24http2: remove dead codeDaniel Stenberg
Leftovers from when we removed the private socket hash. Coverity CID 1317365, "Logically dead code"
2015-08-24ntlm: mark deliberate switch case fall-throughDaniel Stenberg
Coverity CID 1317367, "Missing break in switch"
2015-08-24http2: on_frame_recv: get a proper 'conn' for the debug loggingDaniel Stenberg
"Explicit null dereferenced (FORWARD_NULL)" Coverity CID 1317366
2015-08-22CURLOPT_DEFAULT_PROTOCOL: addedNathaniel Waisbrot
- Add new option CURLOPT_DEFAULT_PROTOCOL to allow specifying a default protocol for schemeless URLs. - Add new tool option --proto-default to expose CURLOPT_DEFAULT_PROTOCOL. In the case of schemeless URLs libcurl will behave in this way: When the option is used libcurl will use the supplied default. When the option is not used, libcurl will follow its usual plan of guessing from the hostname and falling back to 'http'.
2015-08-22NTLM: recent boringssl brought DES_set_odd_parity backDaniel Stenberg
... so improve the #ifdefs for using our local implementation.
2015-08-21openssl: handle lack of server cert when strict checking disabledAlessandro Ghedini
If strict certificate checking is disabled (CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST are disabled) do not fail if the server doesn't present a certificate at all. Closes #392
2015-08-21ftp: clear the do_more bit when the server has connectedDaniel Stenberg
The multi state machine would otherwise go into the DO_MORE state after DO, even for the case when the FTP state machine had already performed those duties, which caused libcurl to get stuck in that state and fail miserably. This occured for for active ftp uploads. Reported-by: Patricia Muscalu
2015-08-20rtsp: stop reading empty DESCRIBE responsesErik Janssen
Based-on-patch-by: Jim Hollinger
2015-08-20rtsp: support basic/digest authenticationErik Janssen
2015-08-19inet_pton.c: Fix MSVC run-time check failureMarcel Raad
Visual Studio complains with a message box: "Run-Time Check Failure #1 - A cast to a smaller data type has caused a loss of data. If this was intentional, you should mask the source of the cast with the appropriate bitmask. For example: char c = (i & 0xFF); Changing the code in this way will not affect the quality of the resulting optimized code." This is because only 'val' is cast to unsigned char, so the "& 0xff" has no effect. Closes #387
2015-08-18gitignore: Sort for readabilityJay Satiro
find . -name .gitignore -print0 | xargs -i -0 sort -o '{}' '{}'
2015-08-11http2: discard frames with no SessionHandleAnders Bakken
Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the SessionHandle. Apparently mod_h2 will sometimes send a frame for a stream_id we're finished with. Use nghttp2_session_get_stream_user_data and nghttp2_session_set_stream_user_data to identify SessionHandles instead of a hash. Closes #372
2015-08-10build: refer to fixed libidn versionsViktor Szakats
closes #371
2015-08-10SFTP: fix range request off-by-one in size checkDaniel Stenberg
Reported-by: Tim Stack Closes #359
2015-08-06NTLM: handle auth for only a single requestIsaac Boukris
Currently when the server responds with 401 on NTLM authenticated connection (re-used) we consider it to have failed. However this is legitimate and may happen when for example IIS is set configured to 'authPersistSingleRequest' or when the request goes thru a proxy (with 'via' header). Implemented by imploying an additional state once a connection is re-used to indicate that if we receive 401 we need to restart authentication. Closes #363
2015-08-02SSH: three state machine fixupsDaniel Stenberg
The SSH state machine didn't clear the 'rc' variable appropriately in a two places which prevented it from looping the way it should. And it lacked an 'else' statement that made it possible to erroneously get stuck in the SSH_AUTH_AGENT state. Reported-by: Tim Stack Closes #357
2015-08-02curl_gssapi: remove 'const' to fix compiler warningsDaniel Stenberg
initialization discards 'const' qualifier from pointer target type
2015-08-01sspi: Fix typo from left over from old code which referenced NTLMSteve Holme
References to NTLM in the identity generation should have been removed in commit c469941293 but not all were.
2015-08-01win32: Fix compilation warnings from commit 40c921f8b8Steve Holme
connect.c:953:5: warning: initializer element is not computable at load time connect.c:953:5: warning: missing initializer for field 'dwMinorVersion' of 'OSVERSIONINFOEX' curl_sspi.c:97:5: warning: initializer element is not computable at load time curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion' of 'OSVERSIONINFOEX'
2015-08-01schannel: Fix compilation warning from commit 7a8e861a56Steve Holme
schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion' of 'OSVERSIONINFOEX' [-Wmissing-field-initializers
2015-07-30http: move HTTP/2 cleanup code off http_disconnect()Kamil Dudka
Otherwise it would never be called for an HTTP/2 connection, which has its own disconnect handler. I spotted this while debugging <https://bugzilla.redhat.com/1248389> where the http_disconnect() handler was called on an FTP session handle causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in Curl_add_buffer_free() after printing the "Connection cache is full, closing the oldest one." message. A previously working version of libcurl started to crash after it was recompiled with the HTTP/2 support despite the HTTP/2 protocol was not actually used. This commit makes it work again although I suspect the root cause (reinterpreting session handle data of incompatible protocol) still has to be fixed. Otherwise the same will happen when mixing FTP and HTTP/2 connections and exceeding the connection cache limit. Reported-by: Tomas Tomecek Bug: https://bugzilla.redhat.com/1248389
2015-07-25HTTP: ignore "Content-Encoding: compress"Michael Kaufmann
Currently, libcurl rejects responses with "Content-Encoding: compress" when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should treat the Content-Encoding "compress" the same as other Content-Encodings that it does not support, e.g. "bzip2". That means just ignoring it.
2015-07-24openssl: work around MSVC warningMarcel Raad
MSVC 12 complains: lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local variable 'verstr' used It's a false positive, but as it's normally not, I have enabled warning-as-error for that warning.