aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2019-08-06http09: disable HTTP/0.9 by default in both tool and libraryDaniel Stenberg
As the plan has been laid out in DEPRECATED. Update docs accordingly and verify in test 1174. Now requires the option to be set to allow HTTP/0.9 responses. Closes #4191
2019-08-05quiche: initial h3 request send/receiveDaniel Stenberg
2019-08-05lib/Makefile.am: make checksrc run in vquic tooDaniel Stenberg
2019-08-05altsvc: fix removal of expired cache entryDaniel Stenberg
Closes #4192
2019-08-04md4: Use our own MD4 implementation when no crypto libraries are availableSteve Holme
Closes #3780
2019-08-04md4: No need to include Curl_md4.h for each TLS librarySteve Holme
2019-08-04md4: No need for the NTLM code to call Curl_md4it() for each TLS librarySteve Holme
As the NTLM code no longer calls any of TLS libraries' specific MD4 functions, there is no need to call this function for each #ifdef.
2019-08-04md4: Move the mbed TLS MD4 implementation out of the NTLM codeSteve Holme
2019-08-04md4: Move the WinCrypt implementation out of the NTLM codeSteve Holme
2019-08-04md4: Move the SecureTransport implementation out of the NTLM codeSteve Holme
2019-08-04md4: Use the Curl_md4it() function for OpenSSL based NTLMSteve Holme
2019-08-04md4: Move the GNU TLS gcrypt MD4 implementation out of the NTLM codeSteve Holme
2019-08-04md4: Move the GNU TLS Nettle MD4 implementation out of the NTLM codeSteve Holme
2019-08-04OS400: Add CURLOPT_H3 symbolsJay Satiro
Follow-up to 3af0e76 which added experimental H3 support. Closes https://github.com/curl/curl/pull/4185
2019-08-03url: make use of new HTTP version if alt-svc has oneDaniel Stenberg
2019-08-03url: set conn->transport to default TCP at init timeDaniel Stenberg
2019-08-03altsvc: with quiche, use the quiche h3 alpn stringDaniel Stenberg
Closes #4183
2019-08-03alt-svc: more liberal ALPN name parsingDaniel Stenberg
Allow pretty much anything to be part of the ALPN identifier. In particular minus, which is used for "h3-20" (in-progress HTTP/3 versions) etc. Updated test 356. Closes #4182
2019-08-02quiche: use the proper HTTP/3 ALPNDaniel Stenberg
2019-08-02quiche: add failf() calls for two error casesDaniel Stenberg
To aid debugging Closes #4181
2019-08-01http_negotiate: improve handling of gss_init_sec_context() failuresKamil Dudka
If HTTPAUTH_GSSNEGOTIATE was used for a POST request and gss_init_sec_context() failed, the POST request was sent with empty body. This commit also restores the original behavior of `curl --fail --negotiate`, which was changed by commit 6c6035532383e300c712e4c1cd9fdd749ed5cf59. Add regression tests 2077 and 2078 to cover this. Fixes #3992 Closes #4171
2019-08-01timediff: make it 64 bit (if possible) even with 32 bit time_tDaniel Stenberg
... to make it hold microseconds too. Fixes #4165 Closes #4168
2019-07-31getenv: support up to 4K environment variable contents on windowsDaniel Stenberg
Reported-by: Michal Čaplygin Fixes #4174 Closes #4175
2019-07-31plan9: add support for running on Plan 9lufia
Closes #3701
2019-07-31ntlm: explicit type castinglufia
2019-07-30cleanup: remove the 'numsocks' argument used in many placesDaniel Stenberg
It was used (intended) to pass in the size of the 'socks' array that is also passed to these functions, but was rarely actually checked/used and the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries that should be used instead. Closes #4169
2019-07-30readwrite_data: repair setting the TIMER_STARTTRANSFER stampDaniel Stenberg
Regression, broken in commit 65eb65fde64bd5f (curl 7.64.1) Reported-by: Jonathan Cardoso Machado Assisted-by: Jay Satiro Fixes #4136 Closes #4162
2019-07-30asyn-thread: removed unused variableDaniel Stenberg
Follow-up to eb9a604f. Mistake caused by me when I edited the commit before push...
2019-07-30asyn-thread: create a socketpair to wait onamkatyal
Closes #4157
2019-07-29progress: reset download/uploaded counterDaniel Stenberg
... to make CURLOPT_MAX_RECV_SPEED_LARGE and CURLOPT_MAX_SEND_SPEED_LARGE work correctly on subsequent transfers that reuse the same handle. Fixed-by: Ironbars13 on github Fixes #4084 Closes #4161
2019-07-29http2_recv: trigger another read when the last data is returnedDaniel Stenberg
... so that end-of-stream is detected properly. Reported-by: Tom van der Woerdt Fixes #4043 Closes #4160
2019-07-29HTTP: use chunked Transfer-Encoding for HTTP_POST if size unknownBalazs Kovacsics
If using the read callback for HTTP_POST, and POSTFIELDSIZE is not set, automatically add a Transfer-Encoding: chunked header, same as it is already done for HTTP_PUT, HTTP_POST_FORM and HTTP_POST_MIME. Update test 1514 according to the new behaviour. Closes #4138
2019-07-25easy: resize receive buffer on easy handle resetJay Satiro
- In curl_easy_reset attempt to resize the receive buffer to its default size. If realloc fails then continue using the previous size. Prior to this change curl_easy_reset did not properly handle resetting the receive buffer (data->state.buffer). It reset the variable holding its size (data->set.buffer_size) to the default size (READBUFFER_SIZE) but then did not actually resize the buffer. If a user resized the buffer by using CURLOPT_BUFFERSIZE to set the size smaller than the default, later called curl_easy_reset and attempted to reuse the handle then a heap overflow would very likely occur during that handle's next transfer. Reported-by: Felix Hädicke Fixes https://github.com/curl/curl/issues/4143 Closes https://github.com/curl/curl/pull/4145
2019-07-25ssh-libssh: do not specify O_APPEND when not in append modeFelix Hädicke
Specifying O_APPEND in conjunction with O_TRUNC and O_CREAT does not make much sense. And this combination of flags is not accepted by all SFTP servers (at least not Apache SSHD). Fixes #4147 Closes #4148
2019-07-25multi: call detach_connection before Curl_disconnectGergely Nagy
Curl_disconnect bails out if conn->easyq is not empty, detach_connection needs to be called first to remove the current easy from the queue. Fixes #4144 Closes #4151
2019-07-21HTTP3: initial (experimental) supportDaniel Stenberg
USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
2019-07-20curl_version_info: provide nghttp2 detailsDaniel Stenberg
Introducing CURLVERSION_SIXTH with nghttp2 info. Closes #4121
2019-07-19source: remove names from source commentsDaniel Stenberg
Several reasons: - we can't add everyone who's helping out so its unfair to just a few selected ones. - we already list all helpers in THANKS and in RELEASE-NOTES for each release - we don't want to give the impression that some parts of the code is "owned" or "controlled" by specific persons Assisted-by: Daniel Gustafsson Closes #4129
2019-07-19progress: make the progress meter appear againDaniel Stenberg
Fix regression caused by 21080e1 Reported-by: Chih-Hsuan Yen Fixes #4122 Closes #4124
2019-07-17nss: inspect returnvalue of token checkDaniel Gustafsson
PK11_IsPresent() checks for the token for the given slot is available, and sets needlogin flags for the PK11_Authenticate() call. Should it return false, we should however treat it as an error and bail out. Closes https://github.com/curl/curl/pull/4110
2019-07-17libcurl: Restrict redirect schemes (follow-up)Jay Satiro
- Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115
2019-07-14libcurl: Restrict redirect schemesLinos Giannopoulos
All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS counterpart were allowed for redirect. This vastly broadens the exploitation surface in case of a vulnerability such as SSRF [1], where libcurl-based clients are forced to make requests to arbitrary hosts. For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based protocol by URL-encoding a payload in the URI. Gopher will open a TCP connection and send the payload. Only HTTP/HTTPS and FTP are allowed. All other protocols have to be explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ Signed-off-by: Linos Giannopoulos <lgian@skroutz.gr> Closes #4094
2019-07-14openssl: define HAVE_SSL_GET_SHUTDOWN based on version numberZenju
Closes #4100
2019-07-14http: allow overriding timecond with custom headerPeter Simonyi
With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. If-Modified-Since). Allow this to be replaced or suppressed with CURLOPT_HTTPHEADER. Fixes #4103 Closes #4109
2019-07-11smb: Use the correct error code for access denied on file openJuergen Hoetzel
- Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. Closes https://github.com/curl/curl/pull/4095
2019-07-11system_win32: fix clang warningGisle Vanem
- Declare variable in header as extern. Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597
2019-07-10headers: Remove no longer exported functionsDaniel Gustafsson
There were a leftover few prototypes of Curl_ functions that we used to export but no longer do, this removes those prototypes and cleans up any comments still referring to them. Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. For the remainder, I didn't trawl the Git logs hard enough to capture their exact time of deletion, but they were all gone: Curl_splayprint(), Curl_http2_send_request(), Curl_global_host_cache_dtor(), Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), Curl_http_auth_stage() and Curl_close_connections(). Closes #4096 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-07-08cleanup: fix typo in commentDaniel Gustafsson
2019-07-06nss: support using libnss on macOSDaniel Gustafsson
The file suffix for dynamically loadable objects on macOS is .dylib, which need to be added for the module definitions in order to get the NSS TLS backend to work properly on macOS. Closes https://github.com/curl/curl/pull/4046
2019-07-06nss: don't set unused parameterDaniel Gustafsson
The value of the maxPTDs parameter to PR_Init() has since at least NSPR 2.1, which was released sometime in 1998, been marked ignored as is accordingly not used in the initialization code. Setting it to a value when calling PR_Init() is thus benign, but indicates an intent which may be misleading. Reset the value to zero to improve clarity. Closes https://github.com/curl/curl/pull/4054