aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-09-06openssl: fix CURLINFO_SSL_VERIFYRESULTGaurav Malhotra
CURLINFO_SSL_VERIFYRESULT does not get the certificate verification result when SSL_connect fails because of a certificate verification error. This fix saves the result of SSL_get_verify_result so that it is returned by CURLINFO_SSL_VERIFYRESULT. Closes https://github.com/curl/curl/pull/995
2016-09-06darwinssl: test for errSecSuccess in PKCS12 import rather than noErr (#993)Daniel Gustafsson
While noErr and errSecSuccess are defined as the same value, the API documentation states that SecPKCS12Import() returns errSecSuccess if there were no errors in importing. Ensure that a future change of the defined value doesn't break (however unlikely) and be consistent with the API docs.
2016-09-05openssl: Fix compilation with OPENSSL_API_COMPAT=0x10100000LMarcel Raad
With OPENSSL_API_COMPAT=0x10100000L (OpenSSL 1.1 API), the cleanup functions are unavailable (they're no-ops anyway in OpenSSL 1.1). The replacements for SSL_load_error_strings, SSLeay_add_ssl_algorithms, and OpenSSL_add_all_algorithms are called automatically [1][2]. SSLeay() is now called OpenSSL_version_num(). [1]: https://www.openssl.org/docs/man1.1.0/ssl/OPENSSL_init_ssl.html [2]: https://www.openssl.org/docs/man1.1.0/crypto/OPENSSL_init_crypto.html Closes #992
2016-09-05http2: return EOF when done uploading without known sizeDaniel Stenberg
Fixes #982
2016-09-05http2: skip the content-length parsing, detect unknown sizeDaniel Stenberg
2016-09-05http2: minor white space editDaniel Stenberg
2016-09-05http2: use named define instead of magic constant in read callbackDaniel Stenberg
2016-09-04speed caps: not based on average speeds anymoreOlivier Brunel
Speed limits (from CURLOPT_MAX_RECV_SPEED_LARGE & CURLOPT_MAX_SEND_SPEED_LARGE) were applied simply by comparing limits with the cumulative average speed of the entire transfer; While this might work at times with good/constant connections, in other cases it can result to the limits simply being "ignored" for more than "short bursts" (as told in man page). Consider a download that goes on much slower than the limit for some time (because bandwidth is used elsewhere, server is slow, whatever the reason), then once things get better, curl would simply ignore the limit up until the average speed (since the beginning of the transfer) reached the limit. This could prove the limit useless to effectively avoid using the entire bandwidth (at least for quite some time). So instead, we now use a "moving starting point" as reference, and every time at least as much as the limit as been transferred, we can reset this starting point to the current position. This gets a good limiting effect that applies to the "current speed" with instant reactivity (in case of sudden speed burst). Closes #971
2016-08-31curl_sspi.c: Updated function description commentsSteve Holme
* Added description to Curl_sspi_free_identity() * Added parameter and return explanations to Curl_sspi_global_init() * Added parameter explaination to Curl_sspi_global_cleanup()
2016-08-30connect: fix #ifdefs for debug versions of conn/streamclose() macrosDaniel Stenberg
CURLDEBUG is for the memory debugging DEBUGBUILD is for the extra debug stuff Pointed-out-by: Steve Holme
2016-08-28http2: return CURLE_HTTP2_STREAM for unexpected stream closeDaniel Stenberg
Follow-up to c3e906e9cd0f, seems like a more appropriate error code Suggested-by: Jay Satiro
2016-08-28http2: handle closed streams when uploadingTatsuhiro Tsujikawa
Fixes #986
2016-08-28http2: make sure stream errors don't needlessly close the connectionDaniel Stenberg
With HTTP/2 each transfer is made in an indivial logical stream over the connection, making most previous errors that caused the connection to get forced-closed now instead just kill the stream and not the connection. Fixes #941
2016-08-27Curl_verify_windows_version: minor edit to avoid compiler warningsDaniel Stenberg
... instead of if() before the switch(), add a default to the switch so that the compilers don't warn on "warning: enumeration value 'PLATFORM_DONT_CARE' not handled in switch" anymore.
2016-08-26schannel: Disable ALPN for Wine since it is causing problemsJay Satiro
- Disable ALPN on Wine. - Don't pass input secbuffer when ALPN is disabled. When ALPN support was added a change was made to pass an input secbuffer to initialize the context. When ALPN is enabled the buffer contains the ALPN information, and when it's disabled the buffer is empty. In either case this input buffer caused problems with Wine and connections would not complete. Bug: https://github.com/curl/curl/issues/983 Reported-by: Christian Fillion
2016-08-26nss: work around race condition in PK11_FindSlotByName()Peter Wang
Serialise the call to PK11_FindSlotByName() to avoid spurious errors in a multi-threaded environment. The underlying cause is a race condition in nssSlot_IsTokenPresent(). Bug: https://bugzilla.mozilla.org/1297397 Closes #985
2016-08-26nss: refuse previously loaded certificate from fileKamil Dudka
... when we are not asked to use a certificate from file
2016-08-26ftp_done: remove dead codeDaniel Stenberg
2016-08-26TLS: random file/egd doesn't have to match for conn reuseDaniel Stenberg
2016-08-25HTTP: stop parsing headers when switching to unknown protocolsMichael Kaufmann
- unknown protocols probably won't send more headers (e.g. WebSocket) - improved comments and moved them to the correct case statements Closes #899
2016-08-25openssl: make build with 1.1.0 againDaniel Stenberg
synced with OpenSSL git master commit cc06906707
2016-08-25http2: Remove incorrect commentsJay Satiro
.. also remove same from scp
2016-08-23ftp: fix wrong poll on the secondary socketAles Novak
When we're uploading using FTP and the server issues a tiny pause between opening the connection to the client's secondary socket, the client's initial poll() times out, which leads to second poll() which does not wait for POLLIN on the secondary socket. So that poll() also has to time out, creating a long (200ms) pause. This patch adds the correct flag to the secondary socket, making the second poll() correctly wait for the connection there too. Signed-off-by: Ales Novak <alnovak@suse.cz> Closes #978
2016-08-21win: Basic support for Universal Windows Platform appsMarco Deckel
Closes #820
2016-08-21sasl: Don't use GSSAPI authentication when domain name not specifiedSteve Holme
Only choose the GSSAPI authentication mechanism when the user name contains a Windows domain name or the user is a valid UPN. Fixes #718
2016-08-21vauth: Added check for supported SSPI based authentication mechanismsSteve Holme
Completing commit 00417fd66c and 2708d4259b.
2016-08-21http.c: Remove duplicate (authp->avail & CURLAUTH_DIGEST) checkSteve Holme
From commit 2708d4259b.
2016-08-20socks.c: display the hostname returned by the SOCKS5 proxy serverMarc Hoersken
Instead of displaying the requested hostname the one returned by the SOCKS5 proxy server is used in case of connection error. The requested hostname is displayed earlier in the connection sequence. The upper-value of the port is moved to a temporary variable and replaced with a 0-byte to make sure the hostname is 0-terminated.
2016-08-20urldata.h: Corrected comment for httpcode which is also populated by SMTPSteve Holme
As of 7.25.0 and commit 5430007222.
2016-08-20socks.c: use Curl_printable_address in SOCKS5 connection sequenceMarc Hoersken
Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
2016-08-20socks.c: align SOCKS4 connection sequence with SOCKS5Marc Hoersken
Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
2016-08-20http.c: Corrected indentation change from commit 2708d4259bSteve Holme
Made by Visual Studio's auto-correct feature and missed by me in my own code reviews!
2016-08-20http: Added calls to Curl_auth_is_<mechansism>_supported()Steve Holme
Hooked up the HTTP authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. As per commit 00417fd66c existing functionality is maintained for now.
2016-08-20socks.c: improve verbose output of SOCKS5 connection sequenceMarc Hoersken
2016-08-20sasl: Added calls to Curl_auth_is_<mechansism>_supported()Steve Holme
Hooked up the SASL authentication layer to query the new 'is mechanism supported' functions when deciding what mechanism to use. For now existing functionality is maintained.
2016-08-19spnego_sspi: fix memory leak in case *outlen is zero (#970)Miroslav Franc
2016-08-18vauth: Introduced Curl_auth_is_<mechansism>_supported() functionsSteve Holme
As Windows SSPI authentication calls fail when a particular mechanism isn't available, introduced these functions for DIGEST, NTLM, Kerberos 5 and Negotiate to allow both HTTP and SASL authentication the opportunity to query support for a supported mechanism before selecting it. For now each function returns TRUE to maintain compatability with the existing code when called.
2016-08-17nss: make the global variables staticDaniel Stenberg
2016-08-16openssl: use regular malloc instead of OPENSSL_mallocDaniel Stenberg
This allows for better memmory debugging and torture tests.
2016-08-16Revert "Proxy-Connection: stop sending this header by default"Daniel Stenberg
This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
2016-08-15proxy: polished the error message for unsupported schemesDaniel Stenberg
Follow up to a96319ebb93
2016-08-15proxy: reject attempts to use unsupported proxy schemesDaniel Stenberg
I discovered some people have been using "https://example.com" style strings as proxy and it "works" (curl doesn't complain) because curl ignores unknown schemes and then assumes plain HTTP instead. I think this misleads users into believing curl uses HTTPS to proxies when it doesn't. Now curl rejects proxy strings using unsupported schemes instead of just ignoring and defaulting to HTTP.
2016-08-14socks.c: Correctly calculate position of port in response packetMarc Hoersken
Third commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-14socks.c: Do not modify and invalidate calculated response lengthMarc Hoersken
Second commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-14socks.c: Move error output after reading the whole response packetMarc Hoersken
First commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-13openssl: accept subjectAltName iPAddress if no dNSName matchJay Satiro
Undo change introduced in d4643d6 which caused iPAddress match to be ignored if dNSName was present but did not match. Also, if iPAddress is present but does not match, and dNSName is not present, fail as no-match. Prior to this change in such a case the CN would be checked for a match. Bug: https://github.com/curl/curl/issues/959 Reported-by: wmsch@users.noreply.github.com
2016-08-11rtsp: ignore whitespace in session idDaniel Stenberg
Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at whitespace as well. Help-by: Erik Janssen
2016-08-11HTTP: retry failed HEAD requests tooDaniel Stenberg
Mark's new document about HTTP Retries (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I spotted that we don't retry failed HEAD requests which seems totally inconsistent and I can't see any reason for that separate treatment. So, no separate treatment for HEAD starting now. A HTTP request sent over a reused connection that gets cut off before a single byte is received will be retried on a fresh connection. Made-aware-by: Mark Nottingham
2016-08-10rtsp: accept any RTSP session idErik Janssen
Makes libcurl work in communication with gstreamer-based RTSP servers. The original code validates the session id to be in accordance with the RFC. I think it is better not to do that: - For curl the actual content is a don't care. - The clarity of the RFC is debatable, is $ allowed or only as \$, that is imho not clear - Gstreamer seems to url-encode the session id but % is not allowed by the RFC - less code With this patch curl will correctly handle real-life lines like: Session: biTN4Kc.8%2B1w-AF.; timeout=60 Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html
2016-08-08cmake: Enable win32 threaded resolver by defaultJay Satiro
- Turn on USE_THREADS_WIN32 in Windows if ares isn't on This change is similar to what we already do in the autotools build.