aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2020-06-16ntlm: enable NTLM support with wolfSSLRuurd Beerstra
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES* functions that OpenSSL has. This change take advantage of that. Co-authored-by: Daniel Stenberg Closes #5556 Fixes #5548
2020-06-15http: move header storage to Curl_easy from connectdataDaniel Stenberg
Since the connection can be used by many independent requests (using HTTP/2 or HTTP/3), things like user-agent and other transfer-specific data MUST NOT be kept connection oriented as it could lead to requests getting the wrong string for their requests. This struct data was lingering like this due to old HTTP1 legacy thinking where it didn't mattered.. Fixes #5566 Closes #5567
2020-06-12altsvc: remove the num field from the altsvc structDaniel Stenberg
It was superfluous since we have the list.size alredy Reported-by: Jay Satiro Fixes #5553 Closes #5563
2020-06-12share: don't set the share flag it something failsDaniel Stenberg
When asking for a specific feature to be shared in the share object, that bit was previously set unconditionally even if the shared feature failed or otherwise wouldn't work. Closes #5554
2020-06-10wording: avoid blacklist/whitelist stereotypesDaniel Stenberg
Instead of discussing if there's value or meaning (implied or not) in the colors, let's use words without the same possibly negative associations. Closes #5546
2020-06-08socks: detect connection close during handshakeDaniel Stenberg
The SOCKS4/5 state machines weren't properly terminated when the proxy connection got closed, leading to a busy-loop. Reported-By: zloi-user on github Fixes #5532 Closes #5542
2020-06-08multi: add defensive check on data->multi->num_alivexquery
Closes #5540
2020-06-08Curl_addrinfo: use one malloc instead of threeDaniel Stenberg
To reduce the amount of allocations needed for creating a Curl_addrinfo struct, make a single larger malloc instead of three separate smaller ones. Closes #5533
2020-06-08quiche: update SSLKEYLOGFILE supportAlessandro Ghedini
quiche now requires the application to explicitly set the keylog path for each connection, rather than reading the environment variable itself. Closes #5541
2020-06-08ngtcp2: update with recent API changesDaniel Stenberg
Syncs with ngtcp2 commit 7e9a917d386d98 merged June 7 2020. Assisted-by: Tatsuhiro Tsujikawa Closes #5538
2020-06-08socks: remove unreachable breaks in socks.c and mime.cxquery
Closes #5537
2020-06-08libssh2: keep sftp errors as 'unsigned long'Daniel Stenberg
Remove weird work-around for storing the SFTP errors as int instead of the "unsigned long" that libssh2 actually returns for SFTP errors. Closes #5534
2020-06-06timeouts: move ms timeouts to timediff_t from int and longMarc Hoersken
Now that all functions in select.[ch] take timediff_t instead of the limited int or long, we can remove type conversions and related preprocessor checks to silence compiler warnings. Avoiding conversions from time_t was already done in 842f73de. Based upon #5262 Supersedes #5214, #5220 and #5221 Follow up to #5343 and #5479 Closes #5490
2020-06-06openssl: set FLAG_TRUSTED_FIRST unconditionallyFrançois Rigault
On some systems, openssl 1.0.x is still the default, but it has been patched to contain all the recent security fixes. As a result of this patching, it is possible for macro X509_V_FLAG_NO_ALT_CHAINS to be defined, while the previous behavior of openssl to not look at trusted chains first, remains. Fix it: ensure X509_V_FLAG_TRUSTED_FIRST is always set, do not try to probe for the behavior of openssl based on the existence ofmacros. Closes #5530
2020-06-05socks: fix expected length of SOCKS5 replyCherish98
Commit 4a4b63d forgot to set the expected SOCKS5 reply length when the reply ATYP is X'01'. This resulted in erroneously expecting more bytes when the request length is greater than the reply length (e.g., when remotely resolving the hostname). Closes #5527
2020-06-05trailers: switch h1-trailer logic to use dynbufDaniel Stenberg
In the continued effort to remove "manual" realloc schemes. Closes #5524
2020-06-04quiche: advertise draft 28 supportPeter Wu
Fix the verbose message while at it, quiche currently supports draft 27 and draft 28 simultaneously. Closes #5518
2020-06-03altsvc: fix 'dsthost' may be used uninitialized in this functionDaniel Stenberg
2020-06-02urldata: let the HTTP method be in the set.* structDaniel Stenberg
When the method is updated inside libcurl we must still not change the method as set by the user as then repeated transfers with that same handle might not execute the same operation anymore! This fixes the libcurl part of #5462 Test 1633 added to verify. Closes #5499
2020-06-02hostip: fix the memory-leak introduced in 67d2802Daniel Stenberg
Fixes #5503 Closes #5504
2020-06-01vtls: repair the build with `CURL_DISABLE_PROXY`Saleem Abdulrasool
`http_proxy` will not be available in `conndata` if `CURL_DISABLE_PROXY` is enabled. Repair the build with that configuration. Follow-up to f3d501dc67 Closes #5498
2020-06-01transfer: remove k->str NULL checkDaniel Stenberg
"Null-checking k->str suggests that it may be null, but it has already been dereferenced on all paths leading to the check" - and it can't legally be NULL at this point. Remove check. Detected by Coverity CID 1463884 Closes #5495
2020-06-01select: always use Sleep in Curl_wait_ms on Win32Marc Hoersken
Since Win32 almost always will also have USE_WINSOCK, we can reduce complexity and always use Sleep there. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Follow up to #5343 Closes #5489
2020-05-31conncache: download buffer needs +1 size for trailing zeroDaniel Stenberg
Follow-up to c4e6968127e Detected by OSS-Fuzz: https://oss-fuzz.com/testcase-detail/5727799779524608
2020-05-30build: disable more code/data when built without proxy supportDaniel Stenberg
Added build to travis to verify Closes #5466
2020-05-30url: alloc the download buffer at transfer startDaniel Stenberg
... and free it as soon as the transfer is done. It removes the extra alloc when a new size is set with setopt() and reduces memory for unused easy handles. In addition: the closure_handle now doesn't use an allocated buffer at all but the smallest supported size as a stack based one. Closes #5472
2020-05-30timeouts: change millisecond timeouts to timediff_t from time_tDaniel Stenberg
For millisecond timers we like timediff_t better. Also, time_t can be unsigned so returning a negative value doesn't work then. Closes #5479
2020-05-30select: add overflow checks for timeval conversionsMarc Hoersken
Using time_t and suseconds_t if suseconds_t is available, long on Windows (maybe others in the future) and int elsewhere. Also handle case of ULONG_MAX being greater or equal to INFINITE. Assisted-by: Jay Satiro Reviewed-by: Daniel Stenberg Part of #5343
2020-05-30select: use timediff_t instead of time_t and int for timeout_msMarc Hoersken
Make all functions in select.[ch] take timeout_ms as timediff_t which should always be large enough and signed on all platforms to take all possible timeout values and avoid type conversions. Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Replaces #5107 and partially #5262 Related to #5240 and #5286 Closes #5343
2020-05-29libssh2: improved error output for wrong quote syntaxDaniel Stenberg
Reported-by: Werner Stolz Closes #5474
2020-05-28urldata: fix comments: Curl_done() is called multi_done() nowDaniel Stenberg
... since 575e885db
2020-05-27ngtcp2: use common key log routine for better thread-safetyPeter Wu
Tested with ngtcp2 built against the OpenSSL library. Additionally tested with MultiSSL (NSS for TLS and ngtcp2+OpenSSL for QUIC). The TLS backend (independent of QUIC) may or may not already have opened the keylog file before. Therefore Curl_tls_keylog_open is always called to ensure the file is open.
2020-05-27wolfssl: add SSLKEYLOGFILE supportPeter Wu
Tested following the same curl and tshark commands as in commit "vtls: Extract and simplify key log file handling from OpenSSL" using WolfSSL v4.4.0-stable-128-g5179503e8 from git master built with `./configure --enable-all --enable-debug CFLAGS=-DHAVE_SECRET_CALLBACK`. Full support for this feature requires certain wolfSSL build options, see "Availability note" in lib/vtls/wolfssl.c for details. Closes #5327
2020-05-27vtls: Extract and simplify key log file handling from OpenSSLPeter Wu
Create a set of routines for TLS key log file handling to enable reuse with other TLS backends. Simplify the OpenSSL backend as follows: - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled. - Do not perform dynamic memory allocation when preparing a log entry. Unless the TLS specifications change we can suffice with a reasonable fixed-size buffer. - Simplify state tracking when SSL_CTX_set_keylog_callback is unavailable. My original sslkeylog.c code included this tracking in order to handle multiple calls to SSL_connect and detect new keys after renegotiation (via SSL_read/SSL_write). For curl however we can be sure that a single master secret eventually becomes available after SSL_connect, so a simple flag is sufficient. An alternative to the flag is examining SSL_state(), but this seems more complex and is not pursued. Capturing keys after server renegotiation was already unsupported in curl and remains unsupported. Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`) against an OpenSSL 1.1.1f server configured with: # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2 openssl s_server -www -tls1 # Likewise, but fail the server handshake. openssl s_server -www -tls1 -Verify 2 # TLS 1.3 test. No need to test the failing server handshake. openssl s_server -www -tls1_3 Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly written using Wireshark. For the first and third case, expect four matches per connection (decrypted Server Finished, Client Finished, HTTP Request, HTTP Response). For the second case where the handshake fails, expect a decrypted Server Finished only. tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \ -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \ -dtls.port==4433,http -ohttp.desegment_body:FALSE \ -Y 'tls.handshake.verify_data or http' A single connection can easily be identified via the `tcp.stream` field.
2020-05-27transfer: close connection after excess data has been readMichael Kaufmann
For HTTP 1.x, it's a protocol error when the server sends more bytes than announced. If this happens, don't reuse the connection, because the start position of the next response is undefined. Closes #5440
2020-05-27Revert "ssh: ignore timeouts during disconnect"Estanislau Augé-Pujadas
This reverts commit f31760e63b4e9ef1eb25f8f211390f8239388515. Shipped in curl 7.54.1. Bug: https://curl.haxx.se/mail/lib-2020-05/0068.html Closes #5465
2020-05-27urldata: connect related booleans live in struct ConnectBitsDaniel Stenberg
And remove a few unused booleans! Closes #5461
2020-05-26hostip: on macOS avoid DoH when given a numerical IP addressDaniel Stenberg
When USE_RESOLVE_ON_IPS is set (defined on macOS), it means that numerical IP addresses still need to get "resolved" - but not with DoH. Reported-by: Viktor Szakats Fixes #5454 Closes #5459
2020-05-26ngtcp2: cleanup memory when failing to connectDaniel Stenberg
Reported-by: Peter Wu Fixes #5447 (the ngtcp2 side of it) Closes #5451
2020-05-26quiche: clean up memory properly when failing to connectDaniel Stenberg
Addresses the quiche side of #5447 Reported-by: Peter Wu Closes #5450
2020-05-26cleanup: use a single space after equals sign in assignmentsDaniel Stenberg
2020-05-25url: accept "any length" credentials for proxy authDaniel Stenberg
They're only limited to the maximum string input restrictions, not to 256 bytes. Added test 1178 to verify Reported-by: Will Roberts Fixes #5448 Closes #5449
2020-05-25altsvc: fix parser for lines ending with CRLFDaniel Stenberg
Fixed the alt-svc parser to treat a newline as end of line. The unit tests in test 1654 were done without CRLF and thus didn't quite match the real world. Now they use CRLF as well. Reported-by: Peter Wu Assisted-by: Peter Wu Assisted-by: Jay Satiro Fixes #5445 Closes #5446
2020-05-25all: fix codespell errorsViktor Szakats
Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/5452
2020-05-25ngtcp2: fix build with current ngtcp2 master implementing draft 28Peter Wu
Based on client.cc changes from ngtcp2. Tested with current git master, ngtcp2 commit c77d5731ce92, nghttp3 commit 65ff479d4380. Fixes #5444 Closes #5443
2020-05-24copyright: updated year ranges out of syncDaniel Stenberg
... and whitelisted a few more files in the the copyright.pl script.
2020-05-23setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherencyGilles Vollant
Closes #5431
2020-05-22Revert "sendf: make failf() use the mvsnprintf() return code"Daniel Stenberg
This reverts commit 74623551f306990e70c7c5515b88972005604a74. Instead mark the function call with (void). Getting the return code and using it instead triggered Coverity warning CID 1463596 because snprintf() can return a negative value... Closes #5441
2020-05-19sha256: move assign to the declaration lineDaniel Stenberg
Follow-up to fae30656. Should've been squashed with that commit...
2020-05-19sha256: fixed potentially uninitialized variableSiva Sivaraman
Closes #5414