Age | Commit message (Collapse) | Author |
|
RFC 7616 section 3.4 (The Authorization Header Field) states that "For
historical reasons, a sender MUST NOT generate the quoted string syntax
for the following parameters: algorithm, qop, and nc". This removes the
quoting for the algorithm parameter.
Reviewed-by: Steve Holme
Closes #4890
|
|
Closes #4887
|
|
... as this is already done much earlier in the URL parser.
Also add test case 894 that verifies that pop3 with an encodedd CR in
the user name is rejected.
Closes #4887
|
|
Reported-by: Daniel Stenberg
Closes #4886
|
|
These two stack based buffers only need to be 46 + 66 bytes instead of
256 + 1024.
Closes #4880
|
|
... and move the #ifdefs out of the functions. Addresses the fact they
were different before this change.
Reported-by: Harry Sintonen
Closes #4876
|
|
- Fixed the flag parsing to apply to specific alternative entry only, as
per RFC. The earlier code would also get totally confused by
multiprotocol header, parsing flags from the wrong part of the header.
- Fixed the parser terminating on unknown protocols, instead of skipping
them.
- Fixed a busyloop when protocol-id was present without an equal sign.
Closes #4875
|
|
|
|
...rather than the full conndata structure.
|
|
|
|
Fixes a scan-build failure on Bionic.
Closes https://github.com/curl/curl/pull/4872
|
|
Closes #4869
Reviewed-by: Emil Engler and Daniel Gustafsson
|
|
To assist with adding winbind support to the SASL NTLM authentication,
move the winbind specific data out of conndata into ntlmdata.
|
|
Follow-up to 7fc63d72333a
|
|
Closes #4868
|
|
Closes #4867
|
|
Closes #4865
|
|
While most keywords in cookies are case insensitive, these prefixes are
specified explicitly to get checked "with a case-sensitive match".
(From the 6265bis document in progress)
Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04
Closes #4864
|
|
... since the current transfer is being killed. Setting to NULL is
wrong, leaving it pointing to 'data' is wrong since that handle might be
about to get freed.
Fixes #4845
Closes #4858
Reported-by: dmitrmax on github
|
|
In the "scheme-less" parsing case, we need to strip off credentials
first before we guess scheme based on the host name!
Assisted-by: Jay Satiro
Fixes #4856
Closes #4857
|
|
Previously it was stored in a global state which contributed to
curl_global_init's thread unsafety. This boolean is now instead figured
out in curl_multi_init() and stored in the multi handle. Less effective,
but thread safe.
Closes #4851
|
|
... and check for inconsistencies for OS400 at build time with the new
chkstrings tool.
Closes #4822
|
|
- Removed from global_init since it isn't thread-safe. The symbol will
still remain to not break compiles, it just won't have any effect going
forward.
- make the internals NOT loop on EINTR (the opposite from previously).
It only risks returning from the select/poll/wait functions early, and that
should be risk-free.
Closes #4840
|
|
Closes #4835
|
|
(and the corresponding unit test)
Closes #4842
|
|
|
|
Only ever used from within this file.
|
|
Closes #4846
|
|
Avoid "reparsing" the content and instead deliver more exactly what is
provided in the certificate and avoid truncating the data after 512
bytes as done previously. This no longer removes embedded newlines.
Fixes #4837
Reported-by: bnfp on github
Closes #4841
|
|
For now, no cert in the bundle actually sets a date there...
Co-Authored-by: Jay Satiro
Reported-by: Christian Heimes
Fixes #4834
Closes #4836
|
|
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS.
Verified with the new tests 3002-3007
Closes #4816
|
|
follow-up from dea17b519d (one of these days I'll learn to check before
I push)
|
|
Fixes the bug where oauth_bearer gets deallocated when we re-use a
connection.
Closes #4824
|
|
Follow-up to 7ff9222ced8c
|
|
Mentioned: https://curl.haxx.se/mail/lib-2020-01/0050.html
Closes #4814
|
|
The symbols without wc_ prefix are not always provided.
Ref: https://github.com/wolfSSL/wolfssl/issues/2744
Closes #4827
|
|
As detailed in DEPRECATE.md, the polarssl support is now removed after
having been disabled for 6 months and nobody has missed it.
The threadlock files used by mbedtls are renamed to an 'mbedtls' prefix
instead of the former 'polarssl' and the common functions that
previously were shared between mbedtls and polarssl and contained the
name 'polarssl' have now all been renamed to instead say 'mbedtls'.
Closes #4825
|
|
This led to a conversion warning on 64-bit MinGW, which has 32-bit
`long` but 64-bit `size_t`.
Closes https://github.com/curl/curl/pull/4823
|
|
|
|
|
|
Follow-up to 29e40a6 from two days ago, which added that feature for
Windows 7 and earlier. The bug only occurred in same.
Ref: https://github.com/curl/curl/pull/4761
|
|
This enables Link Time Optimization. LTO is a proven technique for
optimizing across compilation units.
Closes #4799
|
|
A regression made the code use 'multiplexed' as a boolean instead of the
counter it is intended to be. This made curl try to "over-populate"
connections with new streams.
This regression came with 41fcdf71a1, shipped in curl 7.65.0.
Also, respect the CURLMOPT_MAX_CONCURRENT_STREAMS value in the same
check.
Reported-by: Kunal Ekawde
Fixes #4779
Closes #4784
|
|
Adds support for SFTP (not SCP) using WolfSSH.
Closes #4231
|
|
Follow-up to recent commits
[skip ci]
|
|
- Allow forcing the host's key type found in the known_hosts file.
Currently, curl (with libssh2) does not take keys from your known_hosts
file into account when talking to a server. With this patch the
known_hosts file will be searched for an entry matching the hostname
and, if found, libssh2 will be told to claim this key type from the
server.
Closes https://github.com/curl/curl/pull/4747
|
|
- Support hostname verification via alternative names (SAN) in the
peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier.
CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a
result CertGetNameString doesn't quite work on those versions of
Windows. This change provides an alternative solution for
CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier
versions of Windows.
Prior to this change many certificates failed the hostname validation
when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates
now represent multiple hostnames and rely on the alternative names field
exclusively to represent their hostnames.
Reported-by: Jeroen Ooms
Fixes https://github.com/curl/curl/issues/3711
Closes https://github.com/curl/curl/pull/4761
|
|
- Add new error code CURLE_QUIC_CONNECT_ERROR for QUIC connection
errors.
Prior to this change CURLE_FAILED_INIT was used, but that was not
correct.
Closes https://github.com/curl/curl/pull/4754
|
|
- Add new error CURLM_BAD_FUNCTION_ARGUMENT and return that error when
curl_multi_wait/poll is passed timeout param < 0.
Prior to this change passing a negative value to curl_multi_wait/poll
such as -1 could cause the function to wait forever.
Reported-by: hamstergene@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/4763
Closes https://github.com/curl/curl/pull/4765
|
|
- Define USE_WIN32_CRYPTO by default. This enables SMB.
- Show whether SMB is enabled in the "Enabled features" output.
- Fix mingw compiler warning for call to CryptHashData by casting away
const param. mingw CryptHashData prototype is wrong.
Closes https://github.com/curl/curl/pull/4717
|