Age | Commit message (Collapse) | Author |
|
This also fixes PolarSSL session resume.
Prior to this change the TLS session information wasn't properly
saved and restored for PolarSSL and mbedTLS.
Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html
Reported-by: Thomas Glanzmann
Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html
Reported-by: Moti Avrahami
|
|
OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those
numbers so make sure the function handles this.
Reported-by: Linus Nordberg
|
|
Previously, connections were closed immediately before the user had a
chance to extract the socket when the proxy required Negotiate
authentication.
This regression was brought in with the security fix in commit
79b9d5f1a42578f
Closes #655
|
|
|
|
Regression introduced in 09b5a998
Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html
Reported-by: BoBo
|
|
If buffer is allocated, but nothing is received during prereceive
stage, than number of processed bytes must be zero.
Closes #778
|
|
|
|
The RSA, DSA and DH structs are now opaque and require use of new APIs
Fixes #763
|
|
Fixed commit fa5fa65a30 to not use NULLs in if condition.
|
|
At ConnectionExists, both check->proxyuser and check->proxypasswd
could be NULL, so make sure to check first.
Fixes #765
|
|
WinSock destroys recv() buffer if send() is failed. As result - server
response may be lost if server sent it while curl is still sending
request. This behavior noticeable on HTTP server short replies if
libcurl use several send() for request (usually for POST request).
To workaround this problem, libcurl use recv() before every send() and
keeps received data in intermediate buffer for further processing.
Fixes: #657
Closes: #668
|
|
This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13:
Error: CLANG_WARNING:
lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value
1118| }
1119|
1120|-> if(-1 == rc)
1121| error = SOCKERRNO;
1122| }
|
|
... as checksrc now skips comments
|
|
... that the new checksrc detected
|
|
|
|
... since checksrc now skips comments
|
|
|
|
... but output non-stripped version of the line, even if that then can
make the script identify the wrong position in the line at
times. Showing the line stripped (ie without comments) is just too
surprising.
|
|
Closes #660
|
|
|
|
|
|
|
|
|
|
... to properly support out of source tree builds.
|
|
Makes curl connect to the given host+port instead of the host+port found
in the URL.
|
|
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
- Error if a header line is larger than supported.
- Warn if cumulative header line length may be larger than supported.
- Allow spaces when parsing the path component.
- Make sure each header line ends in \r\n. This fixes an out of bounds.
- Disallow header continuation lines until we decide what to do.
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
Sicne we write header field in temporary location, not in the memory
that upper layer provides, incrementing drain should not happen.
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
This commit ensures that streams which was closed in on_stream_close
callback gets passed to http2_handle_stream_close. Previously, this
might not happen. To achieve this, we increment drain property to
forcibly call recv function for that stream.
To more accurately check that we have no pending event before shutting
down HTTP/2 session, we sum up drain property into
http_conn.drain_total. We only shutdown session if that value is 0.
With this commit, when stream was closed before reading response
header fields, error code CURLE_HTTP2_STREAM is returned even if
HTTP/2 level error is NO_ERROR. This signals the upper layer that
stream was closed by error just like TCP connection close in HTTP/1.
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
This commit ensures that data from network are processed before HTTP/2
session is terminated. This is achieved by pausing nghttp2 whenever
different stream than current easy handle receives data.
This commit also fixes the bug that sometimes processing hangs when
multiple HTTP/2 streams are multiplexed.
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR
by RST_STREAM, underlying TCP connection was dropped. This is
undesirable since there may be other streams multiplexed and they are
very much fine. This change introduce new error code
CURLE_HTTP2_STREAM, which indicates stream error that only affects the
relevant stream, and connection should be kept open. The existing
CURLE_HTTP2 means connection error in general.
Ref: https://github.com/curl/curl/issues/659
Ref: https://github.com/curl/curl/pull/663
|
|
... but ignore EAGAIN if the stream has ended so that we don't end up in
a loop. This is a follow-up to c8ab613 in order to avoid the problem
d261652 was made to fix.
Reported-by: Jay Satiro
Clues-provided-by: Tatsuhiro Tsujikawa
Discussed in #750
|
|
As these two options provide identical functionality, the former for
SOCK5 proxies and the latter for HTTP proxies, merged the two options
together.
As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of
7.49.0.
|
|
This value is set to TRUE or FALSE so should be a bool and not a long.
|
|
|
|
...when GSS-API or Windows SSPI are not used.
|
|
|
|
|
|
|
|
|
|
Allow the service name to be overridden for DIGIST-MD5 and Kerberos 5
authentication in FTP, IMAP, POP3 and SMTP.
|
|
Calculate the service name and proxy service names locally, rather than
in url.c which will allow for us to support overriding the service name
for other protocols such as FTP, IMAP, POP3 and SMTP.
|
|
|
|
... as otherwise we might get stuck thinking there's no more data to
handle.
Reported-by: Damien Vielpeau
Fixes #737
|
|
|
|
|
|
mbedtls_ is the prefix used by the mbedTLS library itself so we should
avoid using that for our private functions.
|
|
|