Age | Commit message (Collapse) | Author |
|
Expired cookies have already been purged at a later expiration time
before this check, so remove the redundant check.
closes #2962
|
|
Exit the realloc() loop if the response turns out ridiculously large to
avoid worse problems.
Reported-by: Harry Sintonen
Closes #2959
|
|
Closes #2960
|
|
Coverity CID 1439134
|
|
See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.
Closes #2842
|
|
... including the associated option.
Fixes #2951
Closes #2952
|
|
Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.
Add docs for the new options in 7.62.0
Closes #1641
|
|
Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.
Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.
Fixes #2724
Closes #2791
|
|
The gcc typecheck macros and coverity combined made it warn on the 2nd
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.
Coverity CID 1439115 and CID 1439114.
|
|
SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
mingw and would require an ifdef otherwise.
Reported-by: Thomas Glanzmann
Approved-by: Marc Hörsken
Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
Closes #2950
|
|
... and add "MAILINDEX".
As described in #2789, this is a suggested solution. Changing UID=xx to
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
special index in the mail box (old behavior). So MAILINDEX=1 gives the
first non deleted mail in the mail box.
Fixes #2789
Closes #2815
|
|
This is step 3 of #2888.
Fixes #2888
Closes #2896
|
|
|
|
Closes #2668
|
|
Long live CURLE_PEER_FAILED_VERIFICATION
|
|
CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.
|
|
Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.
|
|
Closes #2901
|
|
Closes #2901
|
|
Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
deprecation and complete removal in six months.
Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
Closes #2942
|
|
Closes #2709
|
|
Starting 7.62.0, multiplexing is enabled by default in multi handles.
|
|
Approved-by: Daniel Gustafsson
Closes #2937
|
|
Transparently. The related curl_multi_setopt() options all still returns
OK when pipelining is selected.
To re-enable the support, the single line change in lib/multi.c needs to
be reverted.
See docs/DEPRECATE.md
Closes #2705
|
|
Since scan-build would warn on the dead "Dead store/Dead increment"
|
|
|
|
Fixes #2939
Closes #2940
|
|
This is a follow-up to PR #2607 and PR #2926.
Closes #2936
|
|
The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
missing.
Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
Reported-by: Kamil Dudka
Closes #2926
|
|
... since it would cause an integer overflow if longer than (max size_t
/ 2).
This is CVE-2018-14618
Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
|
|
Closes #2928
|
|
Assisted-by: Rikard Falkeborn
Closes #2922
|
|
|
|
According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.
Closes #2524
|
|
As uintptr_t and HANDLE are always the same size, this warning is
harmless. Just silence it using an intermediate uintptr_t variable.
Closes https://github.com/curl/curl/pull/2908
|
|
1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
while opening certificate store would be sufficient in this scenario and
less-demanding in sense of required user credentials ( for example,
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
call without any of flags mentioned above ),
2) as 'cert_store_name' is a DWORD, attempt to format its value like a
string ( in "Failed to open cert store" error message ) will throw null
pointer exception
3) adding GetLastError(), in my opinion, will make error message more
useful.
Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html
Closes #2909
|
|
Since GOPHER support was added in curl `?' character was automatically
translated to `%09' (`\t').
However, this behaviour does not seems documented in RFC 4266 and for
search selectors it is documented to directly use `%09' in the URL.
Apart that several gopher servers in the current gopherspace have CGI
support where `?' is used as part of the selector and translating it to
`%09' often leads to surprising results.
Closes #2910
|
|
When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012
|
|
Closes #2903
|
|
... as no other comments are accepted since 014ed7c22f51463
|
|
This enables level 4 instead of the default level 3, which of the
currently used comments only allows /* FALLTHROUGH */ to silence the
warning.
Closes https://github.com/curl/curl/pull/2747
|
|
Closes https://github.com/curl/curl/pull/2747
|
|
and remove the private SIZE_T_MAX define and use the generic one.
Closes #2902
|
|
... before the stream is started, we have it set to -1.
Fixes #2894
Closes #2898
|
|
To make uploads significantly faster in some circumstances.
Part 2 of #2888
Closes #2892
|
|
Saves 16KB on the easy handle for operations that don't need that
buffer.
Part 1 of #2888
|
|
Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.
Reported-by: Anton Gerasimov
Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833
|
|
If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.
Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann
|
|
This struct field is never set TRUE in any existing code path. This
change removes the field completely.
Closes #2871
|
|
Might help bug #2688 debugging
Closes #2880
|