aboutsummaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Collapse)Author
2013-09-07http2: actually init nghttp2 and send HTTP2-Settings properlyDaniel Stenberg
2013-09-07README.http2: how to use it best with the multi API?Daniel Stenberg
2013-09-07http2: first embryo toward Upgrade:Daniel Stenberg
2013-09-07http: rename use_http_1_1 to use_http_1_1plusDaniel Stenberg
Since it now actually says if 1.1 or a later version should be used.
2013-09-07Pass password to OpenSSL engine by user interfacePetr Písař
Recent OpenSSL uses user interface abstraction to negotiate access to private keys in the cryprographical engines. An OpenSSL application is expected to implement the user interface. Otherwise a default one provided by OpenSSL (interactive standard I/O) will be used and the aplication will have no way how to pass a password to the engine. Longer-desc: http://curl.haxx.se/mail/lib-2013-08/0265.html
2013-09-06http2: use correct include for snprintfGisle Vanem
Using the first little merge of nghttp2 into libcurl, I stumbeled on the missing 'snprintf' in MSVCRT. Isn't this how we do it for other libcurl files? I.e. use 'curl_msnprintf' and not 'snprintf' directly:
2013-09-06LDAP: fix bad free() when URL parsing failedGeoff Beier
When an error occurs parsing an LDAP URL, The ludp->lud_attrs[i] entries could be freed even though they sometimes point to data within an allocated area. This change introduces a lud_attrs_dup[] array for the duplicated string pointers, and it removes the unused lud_exts array. Bug: http://curl.haxx.se/mail/lib-2013-08/0209.html
2013-09-05darwinssl: add support for PKCS#12 files for client authenticationNick Zitzmann
I also documented the fact that the OpenSSL engine also supports them.
2013-09-04SASL: fix compiler warningsDaniel Stenberg
comparison between signed and unsigned integer expressions suggest parentheses around '&&' within '||' (twice)
2013-09-04Curl_setopt: refuse CURL_HTTP_VERSION_2_0 if built without supportDaniel Stenberg
2013-09-04http2: add http2.[ch] and add nghttp2 version outputDaniel Stenberg
2013-09-04imap/smtp: Fixed incorrect SASL mechanism selection with XOAUTH2 serversSteve Holme
XOAUTH2 would be selected in preference to LOGIN and PLAIN if the IMAP or SMTP server advertised support for it even though a user's password was supplied but bearer token wasn't. Modified the selection logic so that XOAUTH2 will only be selected if the server supports it and A) The curl user/libcurl programmer has specifically asked for XOAUTH via the ;AUTH=XOAUTH login option or 2) The bearer token is specified. Obviously if XOAUTH is asked for via the login option but no token is specified the user will receive a authentication failure which makes more sense than no known authentication mechanisms supported!
2013-09-04curl.h: added CURL_HTTP_VERSION_2_0Daniel Stenberg
Initial library considerations documented in lib/README.http2
2013-09-01url.c: Fixed compilation warningSteve Holme
An enumerated type is mixed with another type
2013-09-01easy.c: Fixed compilation warningSteve Holme
warning: `code' might be used uninitialized in this function
2013-08-31Removed reference to krb4.c.Guenter Knauf
2013-08-31imap: Fixed response check for EXPUNGE commandSteve Holme
2013-08-29FTP: fix getsock during DO_MORE stateDaniel Stenberg
... when doing upload it would return the wrong values at times. This commit attempts to cleanup the mess. Bug: http://curl.haxx.se/mail/lib-2013-08/0109.html Reported-by: Mike Mio
2013-08-29curl_multi_remove_handle: allow multiple removesDaniel Stenberg
When removing an already removed handle, avoid that to ruin the internals and just return OK instead.
2013-08-29Curl_parsenetrc: document that the arguments must be allocatedDaniel Stenberg
2013-08-29easy: rename struct monitor to socketmonitorDaniel Stenberg
'struct monitor', introduced in 6cf8413e, already exists in an IRIX header file (sys/mon.h) which gets included via various standard headers by lib/easy.c cc-1101 cc: ERROR File = ../../curl/lib/easy.c, Line = 458 "monitor" has already been declared in the current scope. Reported-by: Tor Arntsen
2013-08-28multi_socket: improved 100-continue timeout handlingDaniel Stenberg
When waiting for a 100-continue response from the server, the Curl_readwrite() will refuse to run if called until the timeout has been reached. We timeout code in multi_socket() allows code to run slightly before the actual timeout time, so for test 154 it could lead to the function being executed but refused in Curl_readwrite() and then the application would just sit idling forever. This was detected with runtests.pl -e on test 154.
2013-08-26security.h: rename to curl_sec.h to avoid name collisionDaniel Stenberg
I brought back security.h in commit bb5529331334e. As we actually already found out back in 2005 in commit 62970da675249, the file name security.h causes problems so I renamed it curl_sec.h instead.
2013-08-26smtp: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to use an XOAUTH2 bearer token [RFC6750] with SMTP for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "AUTH XOAUTH2 <bearer token>".
2013-08-26imap: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to use an XOAUTH2 bearer token [RFC6750] with IMAP for authentication using RFC6749 "OAuth 2.0 Authorization Framework". The bearer token is expected to be valid for the user specified in conn->user. If CURLOPT_XOAUTH2_BEARER is defined and the connection has an advertised auth mechanism of "XOAUTH2", the user and access token are formatted as a base64 encoded string and sent to the server as "A001 AUTHENTICATE XOAUTH2 <bearer token>".
2013-08-26security.h: Fixed compilation warningSteve Holme
ISO C forbids forward references to 'enum' types
2013-08-25options: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to specify an XOAUTH2 bearer token [RFC6750] via the option CURLOPT_XOAUTH2_BEARER for authentication using RFC6749 "OAuth 2.0 Authorization Framework".
2013-08-25sasl: added basic SASL XOAUTH2 supportKyle L. Huff
Added the ability to generated a base64 encoded XOAUTH2 token containing: "user=<username>^Aauth=Bearer <bearer token>^A^A" as per RFC6749 "OAuth 2.0 Authorization Framework".
2013-08-25FTP: remove krb4 supportDaniel Stenberg
We've announced this pending removal for a long time and we've repeatedly asked if anyone would care or if anyone objects. Nobody has objected. It has probably not even been working for a good while since nobody has tested/used this code recently. The stuff in krb4.h that was generic enough to be used by other sources is now present in security.h
2013-08-25easy: define away easy_events() for non-debug buildsDaniel Stenberg
2013-08-22multi: move on from STATE_DONE fasterDaniel Stenberg
Make sure we always return CURLM_CALL_MULTI_PERFORM when we reach CURLM_STATE_DONE since the state is transient and it can very well continue executing as there is nothing to wait for. Bug: http://curl.haxx.se/mail/lib-2013-08/0211.html Reported-by: Yi Huang
2013-08-22TFTP: make the CURLOPT_LOW_SPEED* options workDaniel Stenberg
... this also makes sure that the progess callback gets called more often during TFTP transfers. Added test 1238 to verify. Bug: http://curl.haxx.se/bug/view.cgi?id=1269 Reported-by: Jo3
2013-08-21curl_easy_perform_ev: make it CURL_EXTERNGisle Vanem
I build curl.exe (using MingW) with '-DCURLDEBUG' and by importing from libcurl.dll. Which means the new curl_easy_perform_ev() must be exported from libcurl.dll.
2013-08-20CURLM_ADDED_ALREADY: new error codeDaniel Stenberg
Doing curl_multi_add_handle() on an easy handle that is already added to a multi handle now returns this error code. It previously returned CURLM_BAD_EASY_HANDLE for this condition.
2013-08-20multi_init: moved init code here from add_handleDaniel Stenberg
The closure_handle is "owned" by the multi handle and it is unconditional so the setting up of it should be in the Curl_multi_handle function rather than curl_multi_add_handle.
2013-08-20multi: remove dns cache creation code from *add_handleDaniel Stenberg
As it is done unconditionally in multi_init() this code will never run!
2013-08-20curl_easy_perform_ev: debug/test functionDaniel Stenberg
This function is meant to work *exactly* as curl_easy_perform() but will use the event-based libcurl API internally instead of curl_multi_perform(). To avoid relying on an actual event-based library and to not use non-portable functions (like epoll or similar), there's a rather inefficient emulation layer implemented on top of Curl_poll() instead. There's currently some convenience logging done in curl_easy_perform_ev which helps when tracking down problems. They may be suitable to remove or change once things seem to be fine enough. curl has a new --test-event option when built with debug enabled that then uses curl_easy_perform_ev() instead of curl_easy_perform(). If built without debug, using --test-event will only output a warning message. NOTE: curl_easy_perform_ev() is not part if the public API on purpose. It is only present in debug builds of libcurl and MUST NOT be considered stable even then. Use it for libcurl-testing purposes only. runtests.pl now features an -e command line option that makes it use --test-event for all curl command line tests. The man page is updated.
2013-08-20transfer: the recent sessionhandle change broke CURL_DOES_CONVERSIONSGisle Vanem
2013-08-20url: handle arbitrary-length username and password before '@'Jonathan Nieder
libcurl quietly truncates usernames, passwords, and options from before an '@' sign in a URL to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters to fit in fixed-size buffers on the stack. Allocate a buffer large enough to fit the parsed fields on the fly instead to support longer passwords. After this change, there are no more uses of MAX_CURL_OPTIONS_LENGTH left, so stop defining that constant while at it. The hardcoded max username and password length constants, on the other hand, are still used in HTTP proxy credential handling (which this patch doesn't touch). Reported-by: Colby Ranger
2013-08-20url: handle exceptional cases first in parse_url_login()Jonathan Nieder
Instead of nesting "if(success)" blocks and leaving the reader in suspense about what happens in the !success case, deal with failure cases early, usually with a simple goto to clean up and return from the function. No functional change intended. The main effect is to decrease the indentation of this function slightly.
2013-08-20Curl_setopt: handle arbitrary-length username and passwordJonathan Nieder
libcurl truncates usernames, passwords, and options set with curl_easy_setopt to 255 (= MAX_CURL_PASSWORD_LENGTH - 1) characters. This doesn't affect the return value from curl_easy_setopt(), so from the caller's point of view, there is no sign anything strange has happened, except that authentication fails. For example: # Prepare a long (300-char) password. s=0123456789; s=$s$s$s$s$s$s$s$s$s$s; s=$s$s$s; # Start a server. nc -l -p 8888 | tee out & pid=$! # Tell curl to pass the password to the server. curl --user me:$s http://localhost:8888 & sleep 1; kill $pid # Extract the password. userpass=$( awk '/Authorization: Basic/ {print $3}' <out | tr -d '\r' | base64 -d ) password=${userpass#me:} echo ${#password} Expected result: 300 Actual result: 255 The fix is simple: allocate appropriately sized buffers on the heap instead of trying to squeeze the provided values into fixed-size on-stack buffers. Bug: http://bugs.debian.org/719856 Reported-by: Colby Ranger
2013-08-20netrc: handle longer username and passwordJonathan Nieder
libcurl truncates usernames and passwords it reads from .netrc to LOGINSIZE and PASSWORDSIZE (64) characters without any indication to the user, to ensure the values returned from Curl_parsenetrc fit in a caller-provided buffer. Fix the interface by passing back dynamically allocated buffers allocated to fit the user's input. The parser still relies on a 256-character buffer to read each line, though. So now you can include an ~246-character password in your .netrc, instead of the previous limit of 63 characters. Reported-by: Colby Ranger
2013-08-20url: allocate username, password, and options on the heapJonathan Nieder
This makes it possible to increase the size of the buffers when needed in later patches. No functional change yet.
2013-08-20url: use goto in create_conn() for exception handlingJonathan Nieder
Instead of remembering before each "return" statement which temporary allocations, if any, need to be freed, take care to set pointers to NULL when no longer needed and use a goto to a common block to exit the function and free all temporaries. No functional change intended. Currently the only temporary buffer in this function is "proxy" which is already correctly freed when appropriate, but there will be more soon.
2013-08-20sasl: allow arbitrarily long username and passwordJonathan Nieder
Use appropriately sized buffers on the heap instead of fixed-size buffers on the stack, to allow for longer usernames and passwords. Callers never pass anything longer than MAX_CURL_USER_LENGTH (resp. MAX_CURL_PASSWORD_LENGTH), so no functional change inteded yet.
2013-08-19imap: Fixed response check for SEARCH commandAlex McLellan
Adding this line allows libcurl to return the server response when performing a search command via a custom request.
2013-08-14ftp: convert state names to a global arrayDaniel Stenberg
... just to make them easier to print in debug ouputs while debugging. They are still within #ifdef [debugbuild].
2013-08-14ftp_domore_getsock: when passive mode, the second conn is already thereDaniel Stenberg
This makes the socket callback get called with the proper bitmask as otherwise the application could be left hanging waiting for reading on an upload connection! Bug: http://curl.haxx.se/mail/lib-2013-08/0043.html Reported-by: Bill Doyle
2013-08-12nss: make sure that NSS is initializedKamil Dudka
... prior to calling PK11_GenerateRandom()
2013-08-12multi: s/easy/dataDaniel Stenberg
With everything being struct SessionHandle pointers now, this rename makes multi.c use the library-wide practise of calling that pointer 'data' instead of the previously used 'easy'.