aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-01-07mbedtls: Fix ALPN supportJay Satiro
- Fix ALPN reply detection. - Wrap nghttp2 code in ifdef USE_NGHTTP2. Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
2016-01-06http2: Fix client write for trailers on stream closeJay Satiro
Check that the trailer buffer exists before attempting a client write for trailers on stream close. Refer to comments in https://github.com/bagder/curl/pull/564
2016-01-06ConnectionExists: add missing newline in infof() callDaniel Stenberg
Mistake from commit a464f33843ee1
2016-01-06multiplex: allow only once HTTP/2 is actually usedDaniel Stenberg
To make sure curl doesn't allow multiplexing before a connection is upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the connection uses HTTP/2 as well and not only check what's wanted. Closes #584 Patch-by: c0ff
2015-12-23ftplistparser.c: fix handling of file LISTings using Windows EOLMarc Hoersken
Previously file.txt[CR][LF] would have been returned as file.tx (without the last t) if filetype is symlink. Now the t is included and the internal item_length includes the zero byte. Spotted using test 576 on Windows.
2015-12-23ConnectionExists: with *PIPEWAIT, wait for connectionsAnders Bakken
Try harder to prevent libcurl from opening up an additional socket when CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS handshakes complete first before the decision is made. Closes #575
2015-12-16cyassl: deal with lack of *get_peer_certificateDaniel Stenberg
The function is only present in wolfssl/cyassl if it was built with --enable-opensslextra. With these checks added, pinning support is disabled unless the TLS lib has that function available. Also fix the mistake in configure that checks for the wrong lib name. Closes #566
2015-12-16wolfssl: handle builds without SSLv3 supportDaniel Stenberg
2015-12-15http2: Support trailer fieldsTatsuhiro Tsujikawa
This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked encoding must be used to send trialer fields. HTTP/2 deprecated any trandfer-encoding, including chunked. But trailer fields are now always available. Since trailer fields are relatively rare these days (gRPC uses them extensively though), allocating buffer for trailer fields is done when we detect that HEADERS frame containing trailer fields is started. We use Curl_add_buffer_* functions to buffer all trailers, just like we do for regular header fields. And then deliver them when stream is closed. We have to be careful here so that all data are delivered to upper layer before sending trailers to the application. We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE mechanism, but current method is far more simple. Another possibility is use chunked encoding internally for HTTP/2 traffic. I have not tested it, but it could add another overhead. Closes #564
2015-12-15x509asn1: Fix host altname verificationJay Satiro
- In Curl_verifyhost check all altnames in the certificate. Prior to this change only the first altname was checked. Only the GSKit SSL backend was affected by this bug. Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html Reported-by: John Kohl
2015-12-15cyassl: fix compiler warning on type conversionDaniel Stenberg
2015-12-14setstropt: const-correctnessAnders Bakken
Closes #565
2015-12-14libressl: the latest openssl x509 funcs are not in libresslDaniel Stenberg
2015-12-13http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg
... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
2015-12-10openssl: adapt to openssl >= 1.1.0 X509 opaque structsDaniel Stenberg
Closes #491
2015-12-10openssl: avoid BIO_reset() warnings since it returns a valueDaniel Stenberg
2015-12-10openssl: adapt to 1.1.0+ name changesDaniel Stenberg
2015-12-09fix b6d5cb40d7038feDaniel Stenberg
2015-12-08http2: Fix hanging paused streamTatsuhiro Tsujikawa
When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we might not process DATA frame fully. Calling nghttp2_session_mem_recv() again will continue to process DATA frame, but if there is no incoming frames, then we have to call it again with 0-length data. Without this, on_stream_close callback will not be called, and stream could be hanged. Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html Reported-by: Francisco Moraes
2015-12-08build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGSChristian Stewart
With curl disable verbose strings in http.c the compilation fails due to the data variable being undefined later on in the function. Closes #558
2015-12-07config-win32: Fix warning HAVE_WINSOCK2_H undefinedGisle Vanem
2015-12-07openssl: BoringSSL doesn't have CONF_modules_freeGisle Vanem
2015-12-07lwip: Fix compatibility issues with later versionsGisle Vanem
The name of the header guard in lwIP's <lwip/opt.h> has changed from '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015). Other fixes: - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is used. - In memdebug.h, the 'socket' should be undefined first due to lwIP's lwip_socket() macro. - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need special handling because they were undef'ed in memdebug.h. - In select.c we can't use preprocessor conditionals inside select if MSVC and select is a macro, as it is with lwIP. http://curl.haxx.se/mail/lib-2015-12/0023.html http://curl.haxx.se/mail/lib-2015-12/0024.html
2015-12-07version: Add flag CURL_VERSION_PSL for libpslGisle Vanem
2015-12-07formdata: Check if length is too large for memoryJay Satiro
- If the size of the length type (curl_off_t) is greater than the size of the size_t type then check before allocating memory to make sure the value of length will fit in a size_t without overflow. If it doesn't then return CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679 Reported-by: Steve Holme
2015-11-30Curl_read_plain: clean up ifdefs that break statementsFlavio Medeiros
Closes #546
2015-11-30http2: convert some verbose output into debug-only outputDaniel Stenberg
2015-11-30http2 push: add missing inits of new streamDaniel Stenberg
- set the correct stream_id for pushed streams - init maxdownload and size properly
2015-11-30http2 push: set weight for new streamDaniel Stenberg
give the new stream the old one's stream_weight internally to avoid sending a PRIORITY frame unless asked for it
2015-11-28curl_setup.h: undef freeaddrinfo in c-ares block to fix buildDaniel Stenberg
Fixes warnings 78c25c854a added.
2015-11-27nonblock: fix setting non-blocking mode for AmigaDaniel Stenberg
IoctlSocket() apparently wants a pointer to a long, passed as a char * in its third parameter. This bug was introduced already back in commit c5fdeef41d from October 1 2001! Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html Reported-by: Norbert Kett
2015-11-27lib: Only define curl_dofreeaddrinfo if struct addrinfo is availableDan Fandrich
2015-11-25timecond: do not add if-modified-since without timeconditionDaniel Stenberg
The RTSP code path didn't skip adding the if-modified-since for certain RTSP code paths, even if CURLOPT_TIMECONDITION was set to CURL_TIMECOND_NONE. Also, an unknown non-zero CURLOPT_TIMECONDITION value no longer equals CURL_TIMECOND_IFMODSINCE. Bug: http://stackoverflow.com/questions/33903982/curl-timecond-none-doesnt-work-how-to-remove-if-modified-since-header
2015-11-24done: make sure the final progress update is madeDaniel Stenberg
It would previously be skipped if an existing error was returned, but would lead to a previous value being left there and later used. CURLINFO_TOTAL_TIME for example. Still it avoids that final progress update if we reached DONE as the result of a callback abort to avoid another callback to be called after an abort-by-callback. Reported-by: Lukas Ruzicka Closes #538
2015-11-24Revert "cleanup: general removal of TODO (and similar) comments"Daniel Stenberg
This reverts commit 64e959ffe37c436503f9fed1ce2d6ee6ae50bd9a. Feedback-by: Dan Fandrich URL: http://curl.haxx.se/mail/lib-2015-11/0062.html
2015-11-21smb.c: Fixed compilation warningsSteve Holme
smb.c:134:3: warning: conversion to 'short unsigned int' from 'int' may alter its value smb.c:146:42: warning: conversion to 'unsigned int' from 'long long unsigned int' may alter its value smb.c:146:65: warning: conversion to 'unsigned int' from 'long long unsigned int' may alter its value
2015-11-21schannel: Corrected copy/paste error in commit 8d17117683Steve Holme
2015-11-21schannel: Use GetVersionEx() when VerifyVersionInfo() isn't availableSteve Holme
Regression from commit 7a8e861a5 as highlighted in the msys autobuilds.
2015-11-20pop3: Differentiate between success and continuation responsesSteve Holme
2015-11-20pop3: Added clarity on some server response codesSteve Holme
2015-11-17http2: http_done: don't free already-freed push headersDaniel Stenberg
The push headers are freed after the push callback has been invoked, meaning this code should only free the headers if the callback was never invoked and thus the headers weren't freed at that time. Reported-by: Davey Shafik
2015-11-16getconnectinfo: Don't call recv(2) if socket == -1Anders Bakken
Closes #528
2015-11-16http2: minor comment typoDaniel Stenberg
2015-11-15sasl; fix checksrc warningsDaniel Stenberg
2015-11-15oauth2: Support OAUTHBEARER failures sent as continuation responsesSteve Holme
According to RFC7628 a failure message may be sent by the server in a base64 encoded JSON string as a continuation response. Currently only implemented for OAUTHBEARER and not XAUTH2.
2015-11-14oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMPSteve Holme
OAUTHBEARER is now the official "registered" SASL mechanism name for OAuth 2.0. However, we don't want to drop support for XOAUTH2 as some servers won't support the new mechanism yet.
2015-11-13openssl: Free modules on cleanupSebastian Pohlschmidt
Curl_ossl_init calls OPENSSL_load_builtin_modules() but Curl_ossl_cleanup doesn't make a call to free these modules. Bug: https://github.com/bagder/curl/issues/526
2015-11-13cleanup: general removal of TODO (and similar) commentsDaniel Stenberg
They tend to never get updated anyway so they're frequently inaccurate and we never go back to revisit them anyway. We document issues to work on properly in KNOWN_BUGS and TODO instead.
2015-11-13ftplistparser: remove empty functionDaniel Stenberg
2015-11-13openssl: remove #if check for 0.9.7 for ENGINE_load_private_keyDaniel Stenberg