aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-05-11TLS: SSL_peek is not a const operationAnders Bakken
Calling SSL_peek can cause bytes to be read from the raw socket which in turn can upset the select machinery that determines whether there's data available on the socket. Since Curl_ossl_check_cxn only tries to determine whether the socket is alive and doesn't actually need to see the bytes SSL_peek seems like the wrong function to call. We're able to occasionally reproduce a connect timeout due to this bug. What happens is that Curl doesn't know to call SSL_connect again after the peek happens since data is buffered in the SSL buffer and thus select won't fire for this socket. Closes #795
2016-05-09TLS: move the ALPN/NPN enable bits to the connectionDaniel Stenberg
Only protocols that actually have a protocol registered for ALPN and NPN should try to get that negotiated in the TLS handshake. That is only HTTPS (well, http/1.1 and http/2) right now. Previously ALPN and NPN would wrongly be used in all handshakes if libcurl was built with it enabled. Reported-by: Jay Satiro Fixes #789
2016-05-08connect: fix invalid "Network is unreachable" errorsAntonio Larrosa
Sometimes, in systems with both ipv4 and ipv6 addresses but where the network doesn't support ipv6, Curl_is_connected returns an error (intermittently) even if the ipv4 socket connects successfully. This happens because there's a for-loop that iterates on the sockets but the error variable is not resetted when the ipv4 is checked and is ok. This patch fixes this problem by setting error to 0 when checking the second socket and not having a result yet. Fixes #794
2016-05-03connections: non-HTTP proxies on different ports aren't reused eitherDaniel Stenberg
Reported-by: Oleg Pudeyev and fuchaoqun Fixes #648
2016-05-02http: make sure a blank header overrides accept_decodingDaniel Stenberg
Reported-by: rcanavan Assisted-by: Isaac Boukris Closes #785
2016-05-01tls: make setting pinnedkey option fail if not supportedDaniel Stenberg
to make it obvious to users trying to use the feature with TLS backends not supporting it. Discussed in #781 Reported-by: Travis Burtrum
2016-04-29lib: include curl_printf.h as one of the last headersDaniel Stenberg
curl_printf.h defines printf to curl_mprintf, etc. This can cause problems with external headers which may use __attribute__((format(printf, ...))) markers etc. To avoid that they cause problems with system includes, we include curl_printf.h after any system headers. That makes the three last headers to always be, and we keep them in this order: curl_printf.h curl_memory.h memdebug.h None of them include system headers, they all do funny #defines. Reported-by: David Benjamin Fixes #743
2016-04-29memdebug.h: remove inclusion of other headersDaniel Stenberg
Mostly because they're not needed, because memdebug.h is always included last of all headers so the others already included the correct ones. But also, starting now we don't want this to accidentally include any system headers, as the header included _before_ this header may add defines and other fun stuff that we won't want used in system includes.
2016-04-28mbedtls: Fix session resumeJay Satiro
This also fixes PolarSSL session resume. Prior to this change the TLS session information wasn't properly saved and restored for PolarSSL and mbedTLS. Bug: https://curl.haxx.se/mail/lib-2016-01/0070.html Reported-by: Thomas Glanzmann Bug: https://curl.haxx.se/mail/lib-2016-04/0095.html Reported-by: Moti Avrahami
2016-04-26openssl: avoid BN_print a NULL bignumDaniel Stenberg
OpenSSL 1.1.0-pre seems to return NULL(?) for a whole lot of those numbers so make sure the function handles this. Reported-by: Linus Nordberg
2016-04-26CONNECT_ONLY: don't close connection on GSS 401/407 reponsesMarcel Raad
Previously, connections were closed immediately before the user had a chance to extract the socket when the proxy required Negotiate authentication. This regression was brought in with the security fix in commit 79b9d5f1a42578f Closes #655
2016-04-26mbedtls.c: silly spellfix of a commentDaniel Stenberg
2016-04-25multi: accidentally used resolved host name instead of proxyDaniel Stenberg
Regression introduced in 09b5a998 Bug: https://curl.haxx.se/mail/lib-2016-04/0084.html Reported-by: BoBo
2016-04-25url.c: fixed DEBUGASSERT() for WinSock workaroundKarlson2k
If buffer is allocated, but nothing is received during prereceive stage, than number of processed bytes must be zero. Closes #778
2016-04-24PolarSSL: Implement public key pinningmoparisthebest
2016-04-21openssl: builds with OpenSSL 1.1.0-pre5Daniel Stenberg
The RSA, DSA and DH structs are now opaque and require use of new APIs Fixes #763
2016-04-20url.c: Prefer we don't use explicit NULLs in conditionsSteve Holme
Fixed commit fa5fa65a30 to not use NULLs in if condition.
2016-04-20NTLM: check for NULL pointer before deferencingIsaac Boukris
At ConnectionExists, both check->proxyuser and check->proxypasswd could be NULL, so make sure to check first. Fixes #765
2016-04-20sendf.c: added ability to call recv() before send() as workaroundKarlson2k
WinSock destroys recv() buffer if send() is failed. As result - server response may be lost if server sent it while curl is still sending request. This behavior noticeable on HTTP server short replies if libcurl use several send() for request (usually for POST request). To workaround this problem, libcurl use recv() before every send() and keeps received data in intermediate buffer for further processing. Fixes: #657 Closes: #668
2016-04-19connect: make sure that rc is initialized in singleipconnect()Kamil Dudka
This commit fixes a Clang warning introduced in curl-7_48_0-190-g8f72b13: Error: CLANG_WARNING: lib/connect.c:1120:11: warning: The right operand of '==' is a garbage value 1118| } 1119| 1120|-> if(-1 == rc) 1121| error = SOCKERRNO; 1122| }
2016-04-19lib/checksrc.whitelist: not needed anymoreDaniel Stenberg
... as checksrc now skips comments
2016-04-19vtls.h: remove a space before semicolonDaniel Stenberg
... that the new checksrc detected
2016-04-19darwinssl: removed commented out codeDaniel Stenberg
2016-04-19http_chunks: removed checksrc disableDaniel Stenberg
... since checksrc now skips comments
2016-04-19imap: inlined checksrc disable instead of whitelist editDaniel Stenberg
2016-04-19checksrc: taught to skip commentsDaniel Stenberg
... but output non-stripped version of the line, even if that then can make the script identify the wrong position in the line at times. Showing the line stripped (ie without comments) is just too surprising.
2016-04-18connect: implement TCP Fast Open for LinuxAlessandro Ghedini
Closes #660
2016-04-18connect: implement TCP Fast Open for OS XAlessandro Ghedini
2016-04-18url: add CURLOPT_TCP_FASTOPEN optionAlessandro Ghedini
2016-04-18checksrc: pass on -D so the whitelists are found correctlyDaniel Stenberg
2016-04-18includes: avoid duplicate memory callback typdefs even harderDaniel Stenberg
2016-04-18checksrc/makefile.am: use $top_srcdir to find source filesDaniel Stenberg
... to properly support out of source tree builds.
2016-04-17news: CURLOPT_CONNECT_TO and --connect-toMichael Kaufmann
Makes curl connect to the given host+port instead of the host+port found in the URL.
2016-04-12http2: Use size_t type for data drain countJay Satiro
Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Improve header parsingJay Satiro
- Error if a header line is larger than supported. - Warn if cumulative header line length may be larger than supported. - Allow spaces when parsing the path component. - Make sure each header line ends in \r\n. This fixes an out of bounds. - Disallow header continuation lines until we decide what to do. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Add Curl_http2_strerror for HTTP/2 error codesJay Satiro
Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Don't increment drain when one header field is receivedTatsuhiro Tsujikawa
Sicne we write header field in temporary location, not in the memory that upper layer provides, incrementing drain should not happen. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Ensure that http2_handle_stream_close is calledTatsuhiro Tsujikawa
This commit ensures that streams which was closed in on_stream_close callback gets passed to http2_handle_stream_close. Previously, this might not happen. To achieve this, we increment drain property to forcibly call recv function for that stream. To more accurately check that we have no pending event before shutting down HTTP/2 session, we sum up drain property into http_conn.drain_total. We only shutdown session if that value is 0. With this commit, when stream was closed before reading response header fields, error code CURLE_HTTP2_STREAM is returned even if HTTP/2 level error is NO_ERROR. This signals the upper layer that stream was closed by error just like TCP connection close in HTTP/1. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Process paused data first before tear down http2 sessionTatsuhiro Tsujikawa
This commit ensures that data from network are processed before HTTP/2 session is terminated. This is achieved by pausing nghttp2 whenever different stream than current easy handle receives data. This commit also fixes the bug that sometimes processing hangs when multiple HTTP/2 streams are multiplexed. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Check session closure early in http2_recvTatsuhiro Tsujikawa
Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: Add handling stream level errorTatsuhiro Tsujikawa
Previously, when a stream was closed with other than NGHTTP2_NO_ERROR by RST_STREAM, underlying TCP connection was dropped. This is undesirable since there may be other streams multiplexed and they are very much fine. This change introduce new error code CURLE_HTTP2_STREAM, which indicates stream error that only affects the relevant stream, and connection should be kept open. The existing CURLE_HTTP2 means connection error in general. Ref: https://github.com/curl/curl/issues/659 Ref: https://github.com/curl/curl/pull/663
2016-04-11http2: drain the socket better...Daniel Stenberg
... but ignore EAGAIN if the stream has ended so that we don't end up in a loop. This is a follow-up to c8ab613 in order to avoid the problem d261652 was made to fix. Reported-by: Jay Satiro Clues-provided-by: Tatsuhiro Tsujikawa Discussed in #750
2016-04-09CURLOPT_SOCKS5_GSSAPI_SERVICE: Merged with CURLOPT_PROXY_SERVICE_NAMESteve Holme
As these two options provide identical functionality, the former for SOCK5 proxies and the latter for HTTP proxies, merged the two options together. As such CURLOPT_SOCKS5_GSSAPI_SERVICE is marked as deprecated as of 7.49.0.
2016-04-09urldata: Use bool for socks5_gssapi_nec as it is a flagSteve Holme
This value is set to TRUE or FALSE so should be a bool and not a long.
2016-04-09url: Ternary operator code style changesSteve Holme
2016-04-09sasl: Fixed compilation errors from commit 9d89a0387Steve Holme
...when GSS-API or Windows SSPI are not used.
2016-04-09url: Corrected comments following 9d89a0387Steve Holme
2016-04-08Makefile: Fixed echo of checksrc checkSteve Holme
2016-04-08checksrc: Fix issue with the autobuilds not picking up the whitelistSteve Holme
2016-04-08checksrc: Added missing vauth and vtls directoriesSteve Holme