| Age | Commit message (Collapse) | Author |
|---|
|
Previously, options set explicitly through command line options could be
overridden by the configuration files parsed automatically when
ssh_connect() was called.
By calling ssh_options_parse_config() explicitly, the configuration
files are parsed before setting the options, avoiding the options
override. Once the configuration files are parsed, the automatic
configuration parsing is not executed.
Fixes #4972
Closes #5283
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
|
|
Coverity found CID 1461718:
Integer handling issues (CONSTANT_EXPRESSION_RESULT) "timeout_ms >
9223372036854775807L" is always false regardless of the values of its
operands. This occurs as the logical second operand of "||".
Closes #5240
|
|
Prior to this change if there was a 303 reply to a PUT request then
the subsequent request to respond to that redirect would also be a PUT.
It was determined that was most likely incorrect based on the language
of the RFCs. Basically 303 means "see other" resource, which implies it
is most likely not the same resource, therefore we should not try to PUT
to that different resource.
Refer to the discussions in #5237 and #5248 for more information.
Fixes https://github.com/curl/curl/issues/5237
Closes https://github.com/curl/curl/pull/5248
|
|
Reviewed-by: Emil Engler
Reported-by: Ashwin Metpalli
Fixes #5278
Closes #5280
|
|
A gcc-10's -fanalyze complaint made me spot and do these improvements.
Closes #5281
|
|
Closes #5271
|
|
GnuTLS 3.1.10 added new functions we want to use. That version was
released on Mar 22, 2013. Removing support for older versions also
greatly simplifies the code.
Ref: #5271
Closes #5276
|
|
|
|
Detected by Coverity. CID 1462319.
"The same code is executed when the condition result is true or false,
because the code in the if-then branch and after the if statement is
identical."
Closes #5275
|
|
Detected by Coverity. CID 1462320.
Closes #5274
|
|
Reported-by: James Fuller
Fixes #5268
Closes #5269
|
|
This fixes a few randomly spotted typos in recently merged code, most
notably one in a userfacing errormessage the schannel code.
|
|
When cURL is compiled with support for multiple SSL backends, it is
possible to configure an SSL backend via `curl_global_sslset()`, but
only *before* `curl_global_init()` was called.
If another SSL backend should be used after that, a user might be
tempted to call `curl_global_cleanup()` to start over. However, we did
not foresee that use case and forgot to reset the SSL backend in that
cleanup.
Let's allow that use case.
Fixes #5255
Closes #5257
Reported-by: davidedec on github
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
|
|
To handle PUBLISH before SUBACK and more.
Updated the existing tests and added three new ones.
Reported-by: Christoph Krey
Bug: https://curl.haxx.se/mail/lib-2020-04/0021.html
Closes #5246
|
|
New test 669 checks this fix is effective.
Fixes #5256
Closes #5258
Reported-by: thanhchungbtc on github
|
|
From libssh 0.9.0, ssh_key_type() returns different key types for ECDSA
keys depending on the curve.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Fixes #5252
Closes #5253
|
|
|
|
Closes #5173
|
|
Reviewed-by: Brad King
Closes #5206
|
|
To avoid it getting truncated, especially when several SSL backends are
built-in.
Reported-by: Gisle Vanem
Fixes #5222
Closes #5226
|
|
- Fix schannel_send for the case when no timeout was set.
Prior to this change schannel would error if the socket was not ready
to send data and no timeout was set.
This commit is similar to parent commit 89dc6e0 which recently made the
same change for SOCKS, for the same reason. Basically it was not well
understood that when Curl_timeleft returns 0 it is not a timeout of 0 ms
but actually means no timeout.
Fixes https://github.com/curl/curl/issues/5177
Closes https://github.com/curl/curl/pull/5221
|
|
- Document in Curl_timeleft's comment block that returning 0 signals no
timeout (ie there's infinite time left).
- Fix SOCKS' Curl_blockread_all for the case when no timeout was set.
Prior to this change if the timeout had a value of 0 and that was passed
to SOCKET_READABLE it would return right away instead of blocking. That
was likely because it was not well understood that when Curl_timeleft
returns 0 it is not a timeout of 0 ms but actually means no timeout.
Ref: https://github.com/curl/curl/pull/5214#issuecomment-612512360
Closes https://github.com/curl/curl/pull/5220
|
|
Prior to this change gopher's blocking code would block forever,
ignoring any set timeout value.
Assisted-by: Jay Satiro
Reviewed-by: Daniel Stenberg
Similar to #5220 and #5221
Closes #5214
|
|
When SRP is requested in the priority string, GnuTLS will disable
support for TLS 1.3. Before this change, curl would always add +SRP to
the priority list, effectively always disabling TLS 1.3 support.
With this change, +SRP is only added to the priority list when SRP
authentication is also requested. This also allows updating the error
handling here to not have to retry without SRP. This is because SRP is
only added when requested and in that case a retry is not needed.
Closes #5223
|
|
This reverts commit 1b71bc532bde8621fd3260843f8197182a467ff2.
Reminded-by: Chris Roberts
Bug: https://curl.haxx.se/mail/archive-2020-04/0013.html
Closes #5215
|
|
- If loss of data may occur converting a timediff_t to time_t and
the time value is > TIME_T_MAX then treat it as TIME_T_MAX.
This is a follow-up to 8843678 which removed the (time_t) typecast
from the macros so that conversion warnings could be identified.
Closes https://github.com/curl/curl/pull/5199
|
|
This is already partly supported but this part was missing.
Reported-by: James Fuller
Closes #5205
|
|
Used with curl command line option like this: --cert
<filename>:<password> --cert-type p12
Closes #5193
|
|
Fixes #4919
Closes #5197
|
|
In a debug build, settting the environment variable "CURL_SMALLREQSEND"
will make the first HTTP request send not send more bytes than the set
amount, thus ending up verifying that the logic for handling a split
HTTP request send works correctly.
|
|
Restores the --head functionality to the curl utility which extracts
'protocol' that is stored that way.
Reported-by: James Fuller
Fixes #5196
Closes #5198
|
|
So that they don't hide conversions-by-mistake
Reviewed-by: Jay Satiro
Closes #5190
|
|
|
|
Reported-by: Alain Miniussi
Fixes #5096
|
|
Follow up to d820224b8b
|
|
- it breaks the build (since 6de756c9b1de34b7a1)
- it's not documented and not consistent across platforms
- the curl tool does that getenv magic
Bug: https://github.com/curl/curl/commit/6de756c#r38127030
Reported-by: Gisle Vanem
Closes #5187
|
|
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
output file if the server did not transfered a file based on time
condition. In the same manner, getting a 304 HTTP response back from the
server, for example after passing a custom If-Match-* header, also
fulfill this condition.
Fixes #5181
Closes #5183
|
|
Extend existing unix socket support in Windows builds to be
enabled for all toolchain vendors or versions. (Previously
it was only supported with certain MSVC versions + more recent
Windows 10 SDKs)
Ref: https://devblogs.microsoft.com/commandline/af_unix-comes-to-windows/
Ref: https://github.com/curl/curl/issues/5162
Closes: https://github.com/curl/curl/pull/5170
|
|
Follow-up to 0736ee73d346a52
|
|
Currently, the TLS backend used by vquic/ngtcp2.c is selected at compile
time. Therefore OpenSSL support needs to be explicitly disabled.
Signed-off-by: Daiki Ueno <dueno@redhat.com>
Closes #5148
|
|
Follow-up to 7a71965e9
|
|
Closes #5169
|
|
... it serves no purpose and fills up the log.
|
|
Our code style mandates we put the conditional block on a separate
line. These mistakes are now detected by the updated checksrc.
|
|
Closes #5164
|
|
This updates the ngtcp2 OpenSSL backend to follow the API change in
commit 32e703164 of ngtcp2.
Notable changes are:
- ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace
ngtcp2_crypto_derive_and_install_key
- the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key
has been removed
Fixes #5166
Closes #5168
|
|
Considered experimental and therefore we can do this.
Closes #5157
|
|
Suggested-by: Timothe Litt
URL: https://curl.haxx.se/mail/lib-2020-03/0090.html
Reviewed-by: Jay Satiro
Closes #5150
|
|
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
functions we use.
Fix the MD4 and SSL_CTX_load_verify_locations warnings.
In configure, detect OpenSSL v3 and if so, inhibit the deprecation
warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
until we rewrite the code to use non-deprecated functions we better
ignore these warnings as they don't help us.
Closes #5139
|
|
As there's no code using it.
Closes #5144
|
