aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2016-08-16Revert "Proxy-Connection: stop sending this header by default"Daniel Stenberg
This reverts commit 113f04e664b16b944e64498a73a4dab990fe9a68.
2016-08-15proxy: polished the error message for unsupported schemesDaniel Stenberg
Follow up to a96319ebb93
2016-08-15proxy: reject attempts to use unsupported proxy schemesDaniel Stenberg
I discovered some people have been using "https://example.com" style strings as proxy and it "works" (curl doesn't complain) because curl ignores unknown schemes and then assumes plain HTTP instead. I think this misleads users into believing curl uses HTTPS to proxies when it doesn't. Now curl rejects proxy strings using unsupported schemes instead of just ignoring and defaulting to HTTP.
2016-08-14socks.c: Correctly calculate position of port in response packetMarc Hoersken
Third commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-14socks.c: Do not modify and invalidate calculated response lengthMarc Hoersken
Second commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-14socks.c: Move error output after reading the whole response packetMarc Hoersken
First commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
2016-08-13openssl: accept subjectAltName iPAddress if no dNSName matchJay Satiro
Undo change introduced in d4643d6 which caused iPAddress match to be ignored if dNSName was present but did not match. Also, if iPAddress is present but does not match, and dNSName is not present, fail as no-match. Prior to this change in such a case the CN would be checked for a match. Bug: https://github.com/curl/curl/issues/959 Reported-by: wmsch@users.noreply.github.com
2016-08-11rtsp: ignore whitespace in session idDaniel Stenberg
Follow-up to e577c43bb to fix test case 569 brekage: stop the parser at whitespace as well. Help-by: Erik Janssen
2016-08-11HTTP: retry failed HEAD requests tooDaniel Stenberg
Mark's new document about HTTP Retries (https://mnot.github.io/I-D/httpbis-retry/) made me check our code and I spotted that we don't retry failed HEAD requests which seems totally inconsistent and I can't see any reason for that separate treatment. So, no separate treatment for HEAD starting now. A HTTP request sent over a reused connection that gets cut off before a single byte is received will be retried on a fresh connection. Made-aware-by: Mark Nottingham
2016-08-10rtsp: accept any RTSP session idErik Janssen
Makes libcurl work in communication with gstreamer-based RTSP servers. The original code validates the session id to be in accordance with the RFC. I think it is better not to do that: - For curl the actual content is a don't care. - The clarity of the RFC is debatable, is $ allowed or only as \$, that is imho not clear - Gstreamer seems to url-encode the session id but % is not allowed by the RFC - less code With this patch curl will correctly handle real-life lines like: Session: biTN4Kc.8%2B1w-AF.; timeout=60 Bug: https://curl.haxx.se/mail/lib-2016-08/0076.html
2016-08-08cmake: Enable win32 threaded resolver by defaultJay Satiro
- Turn on USE_THREADS_WIN32 in Windows if ares isn't on This change is similar to what we already do in the autotools build.
2016-08-08cmake: Enable win32 large file support by defaultJay Satiro
All compilers used by cmake in Windows should support large files. - Add test SIZEOF_OFF_T - Remove outdated test SIZEOF_CURL_OFF_T - Turn on USE_WIN32_LARGE_FILES in Windows - Check for 'Largefile' during the features output
2016-08-05http2: always wait for readable socketDaniel Stenberg
Since the server can at any time send a HTTP/2 frame to us, we need to wait for the socket to be readable during all transfers so that we can act on incoming frames even when uploading etc. Reminded-by: Tatsuhiro Tsujikawa
2016-08-05mbedtls: set debug threshold to 4 (verbose) when MBEDTLS_DEBUG is definedThomas Glanzmann
In order to make MBEDTLS_DEBUG work, the debug threshold must be unequal to 0. This patch also adds a comment how mbedtls must be compiled in order to make debugging work, and explains the possible debug levels.
2016-08-05CURLOPT_TCP_NODELAY: now enabled by defaultDaniel Stenberg
After a few wasted hours hunting down the reason for slowness during a TLS handshake that turned out to be because of TCP_NODELAY not being set, I think we have enough motivation to toggle the default for this option. We now enable TCP_NODELAY by default and allow applications to switch it off. This also makes --tcp-nodelay unnecessary, but --no-tcp-nodelay can be used to disable it. Thanks-to: Tim Rühsen Bug: https://curl.haxx.se/mail/lib-2016-06/0143.html
2016-08-04TFTP: Fix upload problem with piped inputSerj Kalichev
When input stream for curl is stdin and input stream is not a file but generated by a script then curl can truncate data transfer to arbitrary size since a partial packet is treated as end of transfer by TFTP. Fixes #857
2016-08-04mk-ca-bundle.pl: -m keeps ca cert meta data in outputDaniel Stenberg
Makes the script pass on comments holding meta data to the output file. Like fingerprinters, issuer, date ranges etc. Closes #937
2016-08-04multi: make Curl_expire() work with 0 ms timeoutsDaniel Stenberg
Previously, passing a timeout of zero to Curl_expire() was a magic code for clearing all timeouts for the handle. That is now instead made with the new Curl_expire_clear() function and thus a 0 timeout is fine to set and will trigger a timeout ASAP. This will help removing short delays, in particular notable when doing HTTP/2.
2016-08-04transfer: return without select when the read loop reached maxcountDaniel Stenberg
Regression added in 790d6de48515. The was then added to avoid one particular transfer to starve out others. But when aborting due to reading the maxcount, the connection must be marked to be read from again without first doing a select as for some protocols (like SFTP/SCP) the data may already have been read off the socket. Reported-by: Dan Donahue Bug: https://curl.haxx.se/mail/lib-2016-07/0057.html
2016-08-03mbedtls: Added support for NTLMBill Nagel
2016-08-03TLS: only reuse connections with the same client certDaniel Stenberg
CVE-2016-5420 Bug: https://curl.haxx.se/docs/adv_20160803B.html
2016-08-03TLS: switch off SSL session id when client cert is usedDaniel Stenberg
CVE-2016-5419 Bug: https://curl.haxx.se/docs/adv_20160803A.html Reported-by: Bru Rom Contributions-by: Eric Rescorla and Ray Satiro
2016-08-03curl_multi_cleanup: clear connection pointer for easy handlesDaniel Stenberg
CVE-2016-5421 Bug: https://curl.haxx.se/docs/adv_20160803C.html Reported-by: Marcelo Echeverria and Fernando Muñoz
2016-08-01mbedtls: Fix debug function nameThomas Glanzmann
This patch is necessary so that curl compiles if MBEDTLS_DEBUG is defined. Bug: https://curl.haxx.se/mail/lib-2016-08/0001.html
2016-08-01win32: fix a potential memory leak in Curl_load_libraryMartin Vejnár
If a call to GetSystemDirectory fails, the `path` pointer that was previously allocated would be leaked. This makes sure that `path` is always freed. Closes #938
2016-07-23vauth.h: No need to query HAVE_GSSAPI || USE_WINDOWS_SSPI for SPNEGOSteve Holme
As SPNEGO is only defined when these pre-processor variables are defined there is no need to query them explicitly.
2016-07-23spnego: Corrected miss-placed * in Curl_auth_spnego_cleanup() declarationSteve Holme
Typo introduced in commit ad5e9bfd5d.
2016-07-20vauth: Fix memleak by freeing credentials if out of memoryJay Satiro
This is a follow up to the parent commit dcdd4be which fixes one leak but creates another by failing to free the credentials handle if out of memory. Also there's a second location a few lines down where we fail to do same. This commit fixes both of those issues.
2016-07-20vauth: Fixed memory leak due to function returning without freeSaurav Babu
This patch allocates memory to "output_token" only when it is required so that memory is not leaked if function returns.
2016-07-20connect: disable TFO on Linux when using SSLJay Satiro
- Linux TFO + TLS is not implemented yet. Bug: https://github.com/curl/curl/issues/907
2016-07-18curl_global_init: Check if IPv6 worksBrian Prodoehl
- Curl_ipv6works() is not thread-safe until after the first call, so call it once during global init to avoid a possible race condition. Bug: https://github.com/curl/curl/issues/915 PR: https://github.com/curl/curl/pull/918
2016-07-14library: Fix memory leaks found during static analysisMiroslav Franc
Closes https://github.com/curl/curl/pull/913
2016-07-13cookie.c: Fix misleading indentationViktor Szakats
Closes https://github.com/curl/curl/pull/911
2016-06-29conn: don't free easy handle data in handler->disconnectDaniel Stenberg
Reported-by: Gou Lingfeng Bug: https://curl.haxx.se/mail/lib-2016-06/0139.html
2016-06-28cleanup: minor code cleanup in Curl_http_readwrite_headers()Michael Kaufmann
- the expression of an 'if' was always true - a 'while' contained a condition that was always true - use 'if(k->exp100 > EXP100_SEND_DATA)' instead of 'if(k->exp100)' - fixed a typo Closes #889
2016-06-28SFTP: set a generic error when no SFTP one exists...Daniel Stenberg
... as otherwise we could get a 0 which would count as no error and we'd wrongly continue and could end up segfaulting. Bug: https://curl.haxx.se/mail/lib-2016-06/0052.html Reported-by: 暖和的和暖
2016-06-22Makefile.vc: link with crypt32.lib for winssl buildsDaniel Stenberg
Necessary since 6cabd78531f Fixes #853
2016-06-22vc: fix the build for schannel certinfo supportDaniel Stenberg
Broken since 6cabd785, which adds use of the Curl_extract_certinfo function from the x509asn1.c file.
2016-06-22typedefs: use the full structs in internal code...Daniel Stenberg
... and save the typedef'ed names for headers and external APIs.
2016-06-22internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg
2016-06-22vtls: Only call add/getsession if session id is enabledJay Satiro
Prior to this change we called Curl_ssl_getsessionid and Curl_ssl_addsessionid regardless of whether session ID reusing was enabled. According to comments that is in case session ID reuse was disabled but then later enabled. The old way was not intuitive and probably not something users expected. When a user disables session ID caching I'd guess they don't expect the session ID to be cached anyway in case the caching is later enabled.
2016-06-21cleanup: fix method names in code commentsMichael Kaufmann
Closes #887
2016-06-19openssl: use more 'const' to fix build warnings with 1.1.0 branchDaniel Stenberg
2016-06-16openssl: fix cert check with non-DNS name fields presentDaniel Stenberg
Regression introduced in 5f5b62635 (released in 7.48.0) Reported-by: Fabian Ruff Fixes #875
2016-06-16axtls: Use Curl_wait_ms instead of the less-portable usleepDan Fandrich
2016-06-16axtls: Fixed compile after compile 31c521b0Dan Fandrich
2016-06-07resolve: enable protocol family logic for synthesized IPv6Luo Jinghua
- Enable protocol family logic for IPv6 resolves even when support for synthesized addresses is enabled. This is a follow up to the parent commit that added support for synthesized IPv6 addresses from IPv4 on iOS/OS X. The protocol family logic needed for IPv6 was inadvertently excluded if support for synthesized addresses was enabled. Bug: https://github.com/curl/curl/issues/863 Ref: https://github.com/curl/curl/pull/866 Ref: https://github.com/curl/curl/pull/867
2016-06-07resolve: add support for IPv6 DNS64/NAT64 Networks on OS X + iOSLuo Jinghua
Use getaddrinfo() to resolve the IPv4 address literal on iOS/Mac OS X. If the current network interface doesn’t support IPv4, but supports IPv6, NAT64, and DNS64. Closes #866 Fixes #863
2016-06-06schannel: Disable ALPN on Windows < 8.1Steve Holme
Calling QueryContextAttributes with SECPKG_ATTR_APPLICATION_PROTOCOL fails on Windows < 8.1 so we need to disable ALPN on these OS versions. Inspiration provide by: Daniel Seither Closes #848 Fixes #840
2016-06-05checksrc: Add LoadLibrary to the banned functions listJay Satiro
LoadLibrary was supplanted by Curl_load_library for security reasons in 6df916d.