aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2014-01-29http2: handle 101 responses and switch to HTTP2Daniel Stenberg
2014-01-28oauth2: Fixed a memory leak in an OOM conditionDan Fandrich
2014-01-28hostip: don't remove DNS entries that are in useRomulo A. Ceccon
hostcache_timestamp_remove() should remove old *unused* entries from the host cache, but it never checked whether the entry was actually in use. This complements commit 030a2b8cb. Bug: http://curl.haxx.se/bug/view.cgi?id=1327
2014-01-28TFTP: fix crash on time-outDaniel Stenberg
tftp_done() can get called with its TFTP state pointer still being NULL on an early time-out, which caused a segfault when dereferenced. Reported-by: Glenn Sheridan Bug: http://curl.haxx.se/mail/lib-2014-01/0246.html
2014-01-24netrc: Fixed a memory and file descriptor leak on OOMDan Fandrich
2014-01-24multi: Fixed a memory leak on OOM conditionDan Fandrich
2014-01-21axtls: fix compiler warning on conversion ssize_t => intFabian Frank
2014-01-20SFTP: stat remote file also when CURLOPT_NOBODY is 1Fabian Frank
Make it possible to call curl_easy_getinfo(curl, CURLINFO_CONTENT_LENGTH_DOWNLOAD, &filesize) and related functions on remote sftp:// files, without downloading them. Reported-by: Yingwei Liu Bug: http://curl.haxx.se/mail/lib-2014-01/0139.html
2014-01-20HTTP POST: omit Content-Length if data size is unknownCédric Deltheil
This prevents sending a `Content-Length: -1` header, e.g this ocurred with the following combination: * standard HTTP POST (no chunked encoding), * user-defined read function set, * `CURLOPT_POSTFIELDSIZE(_LARGE)` NOT set. With this fix it now behaves like HTTP PUT.
2014-01-20disable GnuTLS insecure ciphersFabian Frank
Make GnuTLS old and new consistent, specify the desired protocol, cipher and certificate type in always in both modes. Disable insecure ciphers as reported by howsmyssl.com. Honor not only --sslv3, but also the --tlsv1[.N] switches. Related Bug: http://curl.haxx.se/bug/view.cgi?id=1323
2014-01-19gtls: fix compiler warnings on conversions size_t => unsigned intDaniel Stenberg
2014-01-19http_chunks.c: Fixed compilation warnings under some 32-bit systemsSteve Holme
conversion from 'curl_off_t' to 'size_t', possible loss of data Where curl_off_t is a 64-bit word and size_t is 32-bit - for example with 32-bit Windows builds.
2014-01-18win32: Added additional preprocessor check for Version Helper APISteve Holme
A follow up patch to commit d2671340a613 as _WIN32_WINNT_WIN2K and _WIN32_WINNT_WIN2K may not be defined on all systems.
2014-01-17win32: Corrected the preprocessor check for Version Helper APISteve Holme
Following some auto build failures after commit c7a76bb056f31e changed the preprocessor check to use _WIN32_WINNT.
2014-01-17cookie: max-age fixesDaniel Stenberg
1 - allow >31 bit max-age values 2 - don't overflow on extremely large max-age values when we add the value to the current time 3 - make sure max-age takes precedence over expires as dictated by RFC6265 Bug: http://curl.haxx.se/mail/lib-2014-01/0130.html Reported-by: Chen Prog
2014-01-17chunked parsing: relax the CR strictnessDaniel Stenberg
Allow for chunked-encoding data to get parsed with only LF line endings. This is allowed by browsers.
2014-01-17chunked-parser: abort on overflows, allow 64 bit chunksDaniel Stenberg
2014-01-16Curl_cookie_add: remove 'now' from curl_getdate() callDaniel Stenberg
The now argument is unused by curl_getdate()
2014-01-16connect.c:942:84: warning: Longer than 79 columnsDaniel Stenberg
2014-01-15connect.c: Corrected version compare in commit c7a76bb056f31eSteve Holme
2014-01-15win32: Fixed use of deprecated function 'GetVersionInfoEx' for VC12Steve Holme
Starting with Visual Studio 2013 (VC12) and Windows 8.1 the GetVersionInfoEx() function has been marked as deprecated and it's return value atered. Updated connect.c and curl_sspi.c to use VerifyVersionInfo() where possible, which has been available since Windows 2000.
2014-01-13error message: Sensible message on timeout when transfer size unknownColin Hogben
A transfer timeout could result in an error message such as "Operation timed out after 3000 milliseconds with 19 bytes of -1 received". This patch removes the non-sensical "of -1" when the size of the transfer is unknown, mirroring the logic in lib/transfer.c
2014-01-12OpenSSL: deselect weak ciphers by defaultDaniel Stenberg
By default even recent versions of OpenSSL support and accept both "export strength" ciphers, small-bitsize ciphers as well as downright deprecated ones. This change sets a default cipher set that avoids the worst ciphers, and subsequently makes https://www.howsmyssl.com/a/check no longer grade curl/OpenSSL connects as 'Bad'. Bug: http://curl.haxx.se/bug/view.cgi?id=1323 Reported-by: Jeff Hodges
2014-01-12multi: remove MULTI_TIMEOUT_INACCURACYDaniel Stenberg
With the recently added timeout "reminder" functionality, there's no reason left for us to execute timeout code before the time is ripe. Simplifies the handling too. This will make the *TIMEOUT and *CONNECTTIMEOUT options more accurate again, which probably is most important when the *_MS versions are used. In multi_socket, make sure to update 'now' after having handled activity on a socket.
2014-01-10multi_socket: remind app if timeout didn't runDaniel Stenberg
BACKGROUND: We have learned that on some systems timeout timers are inaccurate and might occasionally fire off too early. To make the multi_socket API work with this, we made libcurl execute timeout actions a bit early too if they are within our MULTI_TIMEOUT_INACCURACY. (added in commit 2c72732ebf, present since 7.21.0) Switching everything to the multi API made this inaccuracy problem slightly more notable as now everyone can be affected. Recently (commit 21091549c02) we tweaked that inaccuracy value to make timeouts more accurate and made it platform specific. We also figured out that we have code at places that check for fixed timeout values so they MUST NOT run too early as then they will not trigger at all (see commit be28223f35 and a691e044705) - so there are definitately problems with running timeouts before they're supposed to run. (We've handled that so far by adding the inaccuracy margin to those specific timeouts.) The libcurl multi_socket API tells the application with a callback that a timeout expires in N milliseconds (and it explicitly will not tell it again for the same timeout), and the application is then supposed to call libcurl when that timeout expires. When libcurl subsequently gets called with curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...), it knows that the application thinks the timeout expired - and alas, if it is within the inaccuracy level libcurl will run code handling that handle. If the application says CURL_SOCKET_TIMEOUT to libcurl and _isn't_ within the inaccuracy level, libcurl will not consider the timeout expired and it will not tell the application again since the timeout value is still the same. NOW: This change introduces a modified behavior here. If the application says CURL_SOCKET_TIMEOUT and libcurl finds no timeout code to run, it will inform the application about the timeout value - *again* even if it is the same timeout that it already told about before (although libcurl will of course tell it the updated time so that it'll still get the correct remaining time). This way, we will not risk that the application believes it has done its job and libcurl thinks the time hasn't come yet to run any code and both just sit waiting. This also allows us to decrease the MULTI_TIMEOUT_INACCURACY margin, but that will be handled in a separate commit. A repeated timeout update to the application risk that the timeout will then fire again immediately and we have what basically is a busy-loop until the time is fine even for libcurl. If that becomes a problem, we need to address it.
2014-01-10threaded-resolver: never use NULL hints with getaddrinfoDaniel Stenberg
The net effect of this bug as it appeared to users, would be that libcurl would timeout in the connect phase. When disabling IPv6 use but still using getaddrinfo, libcurl would wrongly not init the "hints" struct field in init_thread_sync() which would subsequently lead to a getaddrinfo() invoke with a zeroed hints with ai_socktype set to 0 instead of SOCK_STREAM. This would lead to different behaviors on different platforms but basically incorrect output. This code was introduced in 483ff1ca75cbea, released in curl 7.20.0. This bug became a problem now due to the happy eyeballs code and how libcurl now traverses the getaddrinfo() results differently. Bug: http://curl.haxx.se/mail/lib-2014-01/0061.html Reported-by: Fabian Frank Debugged-by: Fabian Frank
2014-01-09darwinssl: un-break Leopard build after PKCS#12 changeNick Zitzmann
It turns out errSecDecode wasn't defined in Leopard's headers. So we use the enum's value instead. Bug: http://curl.haxx.se/mail/lib-2013-12/0150.html Reported by: Abram Pousada
2014-01-08Curl_updateconninfo: don't do anything for UDP "connections"Daniel Stenberg
getpeername() doesn't work for UDP sockets since they're not connected Reported-by: Priyanka Shah Bug: http://curl.haxx.se/mail/archive-2014-01/0016.html
2014-01-08info: remove debug outputDaniel Stenberg
Removed some of the infof() calls that were added with the recent pipeline improvements but they're not useful to the vast majority of readers and the pipelining seems to fundamentaly work - the debugging outputs can easily be added there if debugging these functions is needed again.
2014-01-08trynextip: fix build for non-IPV6 capable systemsDaniel Stenberg
AF_INET6 may not exist then Patched-by: Iida Yosiaki Bug: http://curl.haxx.se/bug/view.cgi?id=1322
2014-01-07ConnectionExists: fix NTLM check for new connectionDaniel Stenberg
When the requested authentication bitmask includes NTLM, we cannot re-use a connection for another username/password as we then risk re-using NTLM (connection-based auth). This has the unfortunate downside that if you include NTLM as a possible auth, you cannot re-use connections for other usernames/passwords even if NTLM doesn't end up the auth type used. Reported-by: Paras S Patched-by: Paras S Bug: http://curl.haxx.se/mail/lib-2014-01/0046.html
2014-01-05mk-ca-bundle.pl: avoid warnings with -d without parameterDaniel Stenberg
2014-01-05mk-ca-bundle: introduces -d and warns about using this scriptLeif W
2014-01-05Makefile: Added missing WinSSL and x64 configurationsSteve Holme
2014-01-05multi.c: fix possible dereference of null pointerMarc Hoersken
2014-01-04Updated copyright year for recent changesSteve Holme
2014-01-04conncache.c: fix possible dereference of null pointerMarc Hoersken
2014-01-04FTP parselist: fix "total" parserDaniel Stenberg
A regression introduced in 7f3b87d8782eae1 (present in the 7.21.4 release) broke the total parser. Now skip the whitespace and the digits. Reported-by: Justin Maggard Bug: http://curl.haxx.se/mail/lib-2014-01/0019.html
2014-01-03Makefile.vc6: follow up fix for 11e8066 and 92b9ae5Marc Hoersken
2014-01-03progresscallback: make CURLE_ABORTED_BY_CALLBACK get returned betterDaniel Stenberg
When the progress callback returned 1 at a very early state, the code would not make CURLE_ABORTED_BY_CALLBACK get returned but the process would still be interrupted. In the HTTP case, this would then cause a CURLE_GOT_NOTHING to erroneously get returned instead. Reported-by: Petr Novak Bug: http://curl.haxx.se/bug/view.cgi?id=1318
2014-01-03pipeline: remove print_pipeline()Daniel Stenberg
This is a debug function only and serves no purpose in production code, it only slows things down. I left the code #ifdef'ed for possible future pipeline debugging. Also, this was a global function without proper namespace usage. Reported-by: He Qin Bug: http://curl.haxx.se/bug/view.cgi?id=1320
2014-01-03openssl: allow explicit sslv2 selectionDaniel Stenberg
If OpenSSL is built to support SSLv2 this brings back the ability to explicitly select that as a protocol level. Reported-by: Steve Holme Bug: http://curl.haxx.se/mail/lib-2014-01/0013.html
2014-01-02Updated copyright year for recent changesSteve Holme
2014-01-03vtls/nssg.h: fixed include references to moved fileMarc Hoersken
2014-01-02OpenSSL: Fix forcing SSLv3 connectionsBarry Abrahamson
Some feedback provided by byte_bucket on IRC pointed out that commit db11750cfa5b1 wasn’t really correct because it allows for “upgrading” to a newer protocol when it should be only allowing for SSLv3. This change fixes that. When SSLv3 connection is forced, don't allow SSL negotiations for newer versions. Feedback provided by byte_bucket in #curl. This behavior is also consistent with the other force flags like --tlsv1.1 which doesn't allow for TLSv1.2 negotiation, etc Feedback-by: byte_bucket Bug: http://curl.haxx.se/bug/view.cgi?id=1319
2014-01-02Trial to fix the nmake Makefile for vtls files.Guenter Knauf
2014-01-02Fix NetWare build for vtls files.Guenter Knauf
2014-01-01OpenSSL: Fix forcing SSLv3 connectionsBarry Abrahamson
Since ad34a2d5c87c7f4b14e8dded3 (present in 7.34.0 release) forcing SSLv3 will always return the error "curl: (35) Unsupported SSL protocol version" Can be replicated with `curl -I -3 https://www.google.com/`. This fix simply allows for v3 to be forced.
2013-12-31imap: Fixed line length warningSteve Holme
2013-12-31mprintf: Replaced internal usage of FORMAT_OFF_T and FORMAT_OFF_TUSteve Holme
Following commit 0aafd77fa4c6f2, replaced the internal usage of FORMAT_OFF_T and FORMAT_OFF_TU with the external versions that we expect API programmers to use. This negates the need for separate definitions which were subtly different under different platforms/compilers.