aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2017-01-13IDN: revert use of the transitional optionDaniel Stenberg
It made the german ß get converted to ss, IDNA2003 style, and we can't have that for the .de TLD - a primary reason for our switch to IDNA2008. Test 165 verifies.
2017-01-13IDN: Fix compile time detection of linidn2 TR46Tim Rühsen
Follow-up to f30cbcac1 Closes #1207
2017-01-13url: --noproxy option overrides NO_PROXY environment variableERAMOTO Masaya
Under condition using http_proxy env var, noproxy list was the combination of --noproxy option and NO_PROXY env var previously. Since this commit, --noproxy option overrides NO_PROXY environment variable even if use http_proxy env var. Closes #1140
2017-01-13url: Refactor detect_proxy()ERAMOTO Masaya
If defined CURL_DISABLE_HTTP, detect_proxy() returned NULL. If not defined CURL_DISABLE_HTTP, detect_proxy() checked noproxy list. Thus refactor to set proxy to NULL instead of calling detect_proxy() if define CURL_DISABLE_HTTP, and refactor to call detect_proxy() if not define CURL_DISABLE_HTTP and the host is not in the noproxy list.
2017-01-13url: Fix NO_PROXY env var to work properly with --proxy option.ERAMOTO Masaya
The combination of --noproxy option and http_proxy env var works well both for proxied hosts and non-proxied hosts. However, when combining NO_PROXY env var with --proxy option, non-proxied hosts are not reachable while proxied host is OK. This patch allows us to access non-proxied hosts even if using NO_PROXY env var with --proxy option.
2017-01-13IDN: Use TR46 'transitional' for toASCII translationsTim Rühsen
References: http://unicode.org/faq/idn.html http://unicode.org/reports/tr46 Closes #1206
2017-01-13gnutls: check for alpn and ocsp in configureMarcus Hoffmann
Check for presence of gnutls_alpn_* and gnutls_ocsp_* functions during configure instead of relying on the version number. GnuTLS has options to turn these features off and we ca just work with with such builds like we work with older versions. Signed-off-by: Marcus Hoffmann <m.hoffmann@cartelsol.com> Closes #1204
2017-01-12url: Fix parsing for when 'file' is the default protocolJay Satiro
Follow-up to 3463408. Prior to 3463408 file:// hostnames were silently stripped. Prior to this commit it did not work when a schemeless url was used with file as the default protocol. Ref: https://curl.haxx.se/mail/lib-2016-11/0081.html Closes https://github.com/curl/curl/pull/1124 Also fix for drive letters: - Support --proto-default file c:/foo/bar.txt - Support file://c:/foo/bar.txt - Fail when a file:// drive letter is detected and not MSDOS/Windows. Bug: https://github.com/curl/curl/issues/1187 Reported-by: Anatol Belski Assisted-by: Anatol Belski
2017-01-12rand: make it work without TLS backingDaniel Stenberg
Regression introduced in commit f682156a4fc6c4 Reported-by: John Kohl Bug: https://curl.haxx.se/mail/lib-2017-01/0055.html
2017-01-12STARTTLS: Don't print response character in denied messagesJay Satiro
Both IMAP and POP3 response characters are used internally, but when appended to the STARTTLS denial message likely could confuse the user. Closes https://github.com/curl/curl/pull/1203
2017-01-12smtp: Fix STARTTLS denied error messageJay Satiro
- Format the numeric denial code as an integer instead of a character.
2017-01-11http2_send: avoid unsigned integer wrap aroundDaniel Stenberg
... when checking for a too large request.
2017-01-07wolfssl: display negotiated SSL version and cipherDan Fandrich
2017-01-06wolfssl: support setting cipher listDan Fandrich
2017-01-03darwinssl: --insecure overrides --cacert if both settings are in useNick Zitzmann
Fixes #1184
2016-12-29content_encoding: change return code on a failureDaniel Stenberg
Failure to decompress is now a write error instead of the weird "function not found".
2016-12-29digest_sspi: copy terminating NUL as wellMax Khon
Curl_auth_decode_digest_http_message(): copy terminating NUL as later Curl_override_sspi_http_realm() expects a NUL-terminated string. Fixes #1180
2016-12-27darwinssl: fix CFArrayRef leakChris Araman
Reviewed-by: Nick Zitzmann Closes #1173
2016-12-27darwinssl: fix iOS buildChris Araman
Reviewed-by: Nick Zitzmann Fixes #1172
2016-12-26vtls: s/SSLEAY/OPENSSLDaniel Stenberg
Fixed an old leftover use of the USE_SSLEAY define which would make a socket get removed from the applications sockets to monitor when the multi_socket API was used, leading to timeouts. Bug: #1174
2016-12-25formdata: use NULL, not 0, when returning pointersDaniel Stenberg
2016-12-25ftp: failure to resolve proxy should return that error codeDaniel Stenberg
2016-12-24ftp-gss: check for init before useDaniel Stenberg
To avoid dereferencing a NULL pointer. Reported-by: Daniel Romero
2016-12-24cyassl: use time_t instead of long for timeoutJay Satiro
2016-12-23http: remove "Curl_http_done: called premature" messageDaniel Stenberg
... it only confuses people.
2016-12-23openssl-random: check return code when asking for randomDaniel Stenberg
and fail appropriately if it returns error
2016-12-23gnutls-random: check return code for failed randomDaniel Stenberg
2016-12-21randit: store the value in the bufferKamil Dudka
2016-12-21lib: fix MSVC compiler warningsMarcel Raad
Visual C++ complained: warning C4267: '=': conversion from 'size_t' to 'long', possible loss of data warning C4701: potentially uninitialized local variable 'path' used
2016-12-20ssh: inhibit coverity warning with (void)Daniel Stenberg
CID 1397391 (#1 of 1): Unchecked return value (CHECKED_RETURN)
2016-12-19Curl_recv_has_postponed_data: silence compiler warningsDaniel Stenberg
Follow-up to d00f2a8f2
2016-12-19tests: checksrc complianceJay Satiro
2016-12-19http_proxy: Fix proxy CONNECT hang on pending dataJay Satiro
- Check for pending data before waiting on the socket. Bug: https://github.com/curl/curl/issues/1156 Reported-by: Adam Langley
2016-12-19schannel: fix wildcard cert name validation on Win CEDan McNulty
Fixes a few issues in manual wildcard cert name validation in schannel support code for Win32 CE: - when comparing the wildcard name to the hostname, the wildcard character was removed from the cert name and the hostname was checked to see if it ended with the modified cert name. This allowed cert names like *.com to match the connection hostname. This violates recommendations from RFC 6125. - when the wildcard name in the certificate is longer than the connection hostname, a buffer overread of the connection hostname buffer would occur during the comparison of the certificate name and the connection hostname.
2016-12-19printf: fix floating point buffer overflow issuesDaniel Stenberg
... and add a bunch of floating point printf tests
2016-12-18config-amigaos.h: (embarrassed) made the line shorterDaniel Stenberg
2016-12-18config-amigaos.h: fix bug report email referenceDaniel Stenberg
2016-12-18openssl: simplify expression in Curl_ossl_versionMichael Kaufmann
2016-12-18Curl_getconnectinfo: avoid checking if the connection is closedIsaac Boukris
It doesn't benefit us much as the connection could get closed at any time, and also by checking we lose the ability to determine if the socket was closed by reading zero bytes. Reported-by: Michael Kaufmann Closes https://github.com/curl/curl/pull/1134
2016-12-16preproxy: renamed what was added as SOCKS_PROXYDaniel Stenberg
CURLOPT_SOCKS_PROXY -> CURLOPT_PRE_PROXY Added the corresponding --preroxy command line option. Sets a SOCKS proxy to connect to _before_ connecting to a HTTP(S) proxy.
2016-12-16CURLOPT_SOCKS_PROXYTYPE: removedDaniel Stenberg
This was added as part of the SOCKS+HTTPS proxy merge but there's no need to support this as we prefer to have the protocol specified as a prefix instead.
2016-12-14checksrc: warn for assignments within if() expressionsDaniel Stenberg
... they're already frowned upon in our source code style guide, this now enforces the rule harder.
2016-12-13checksrc: stricter no-space-before-paren enforcementDaniel Stenberg
In order to make the code style more uniform everywhere
2016-12-07openssl: don't use OpenSSL's ERR_PACK.Adam Langley
ERR_PACK is an internal detail of OpenSSL. Also, when using it, a function name must be specified which is overly specific: the test will break whenever OpenSSL internally change things so that a different function creates the error. Closes #1157
2016-12-01http_proxy: simplify CONNECT response readingDaniel Stenberg
Since it now reads responses one byte a time, a loop could be removed and it is no longer limited to get the whole response within 16K, it is now instead only limited to 16K maximum header line lengths.
2016-12-01CONNECT: read responses one byte at a timeDaniel Stenberg
... so that it doesn't read data that is actually coming from the remote. 2xx responses have no body from the proxy, that data is from the peer. Fixes #1132
2016-12-01CONNECT: reject TE or CL in 2xx responsesDaniel Stenberg
A server MUST NOT send any Transfer-Encoding or Content-Length header fields in a 2xx (Successful) response to CONNECT. (RFC 7231 section 4.3.6) Also fixes the three test cases that did this.
2016-12-01URL parser: reject non-numerical port numbersDaniel Stenberg
Test 1281 added to verify
2016-11-30cyassl: fixed typo introduced in 4f8b1774Dan Fandrich
2016-11-30CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properlyMichael Kaufmann
If a port number in a "connect-to" entry does not match, skip this entry instead of connecting to port 0. If a port number in a "connect-to" entry matches, use this entry and look no further. Reported-by: Jay Satiro Assisted-by: Jay Satiro, Daniel Stenberg Closes #1148