aboutsummaryrefslogtreecommitdiff
path: root/src/tool_operate.c
AgeCommit message (Collapse)Author
2020-05-08CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)Gilles Vollant
Closes #4346
2020-04-05curl: allow both --etag-compare and --etag-save with same file nameKwon-Young Choi
This change inverse the order of processing for the --etag-compare and --etag-save option to process first --etag-compare. This in turn allows to use the same file name to compare and save an etag. The original behavior of not failing if the etag file does not exists is conserved. Fixes #5179 Closes #5180
2020-03-31build: fixed build for systems with select() in unistd.hHarry Sintonen
Closes #5169
2020-03-18schannel: add "best effort" revocation check optionJohannes Schindelin
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
2020-03-16tool_operate: fix add_parallel_transfers when more are in queueDaniel Stenberg
Trying to return early from the function if no new transfers were added would break the "morep" argument and cause issues. This could lead to zero content "transfers" (within quotes since they would never be started) when parallel-max was reduced. Reported-by: Gavin Wong Analyzed-by: Jay Satiro Fixes #4937 Closes #5112
2020-02-05curl: error on --alt-svc use w/o supportDaniel Stenberg
Make the tool check for alt-svc support at run-time and return error accordingly if not present when the option is used. Reported-by: Harry Sintonen Closes #4878
2020-01-21smtp: Allow RCPT TO command to fail for some recipientsPavel Volgarev
Introduces CURLOPT_MAIL_RCPT_ALLLOWFAILS. Verified with the new tests 3002-3007 Closes #4816
2020-01-21curl: Let -D merge headers in one file againEmil Engler
Closes #4762 Fixes #4753
2020-01-12curl: remove 'config' field from OutStructDaniel Stenberg
As it was just unnecessary duplicated information already stored in the 'per_transfer' struct and that's around mostly anyway. The duplicated pointer caused problems when the code flow was aborted before the dupe was filled in and could cause a NULL pointer access. Reported-by: Brian Carpenter Fixes #4807 Closes #4810
2020-01-04curl: properly free mimepost dataDaniel Stenberg
... as it could otherwise leak memory when a transfer failed. Added test 1293 to verify. Reported-by: Brian Carpenter Fixes #4781 Closes #4782
2020-01-04curl: cleanup multi handle on failureDaniel Stenberg
... to fix memory leak in error path. Fixes #4772 Closes #4780 Reported-by: Brian Carpenter
2019-12-29tool_operate: fix mem leak when failed config parseJay Satiro
Found by fuzzing the config file. Reported-by: Geeknik Labs Fixes https://github.com/curl/curl/issues/4767
2019-12-12curl: fix memory leak in OOM in etags logicDaniel Stenberg
Detected by torture tests Closes #4706
2019-12-10curl: use errorf() betterDaniel Stenberg
Change series of error outputs to use errorf(). Only errors that are due to mistakes in command line option usage should use helpf(), other types of errors in the tool should rather use errorf(). Closes #4691
2019-12-06curl: make the etag load logic work without fseekDaniel Stenberg
The fseek()s were unnecessary and caused Coverity warning CID 1456554 Closes #4681
2019-12-05etag: allow both --etag-compare and --etag-save in same cmdlineDaniel Stenberg
Fixes #4669 Closes #4678
2019-12-03curl: show better error message when no homedir is foundDaniel Stenberg
Reported-by: Vlastimil Ovčáčík Fixes #4644 Closes #4665
2019-11-28curl: two new command line options for etagsMaros Priputen
--etag-compare and --etag-save Suggested-by: Paul Hoffman Fixes #4277 Closes #4543
2019-11-26curl: fix --upload-file . hangs if delay in STDINJohn Schroeder
Attempt to unpause a busy read in the CURLOPT_XFERINFOFUNCTION. When uploading from stdin in non-blocking mode, a delay in reading the stream (EAGAIN) causes curl to pause sending data (CURL_READFUNC_PAUSE). Prior to this change, a busy read was detected and unpaused only in the CURLOPT_WRITEFUNCTION handler. This change performs the same busy read handling in a CURLOPT_XFERINFOFUNCTION handler. Fixes #2051 Closes #4599 Reported-by: bdry on github
2019-11-21curl: add --parallel-immediateDaniel Stenberg
Starting with this change when doing parallel transfers, without this option set, curl will prefer to create new transfers multiplexed on an existing connection rather than creating a brand new one. --parallel-immediate can be set to tell curl to prefer to use new connections rather than to wait and try to multiplex. libcurl-wise, this means that curl will set CURLOPT_PIPEWAIT by default on parallel transfers. Suggested-by: Tom van der Woerdt Closes #4500
2019-11-14curl: fix -T globbingDaniel Stenberg
Regression from e59371a4936f8 (7.67.0) Added test 490, 491 and 492 to verify the functionality. Reported-by: Kamil Dudka Reported-by: Anderson Sasaki Fixes #4588 Closes #4591
2019-10-16tool_operate: Fix retry sleep time shown to user when Retry-AfterStian Soiland-Reyes
- If server header Retry-After is being used for retry sleep time then show that value to the user instead of the normal retry sleep time. This is a follow-up to 640b973 (7.66.0) which changed curl tool so that the value from Retry-After header overrides other retry timing options. Closes https://github.com/curl/curl/pull/4498
2019-10-05curl: ensure HTTP 429 triggers --retryStian Soiland-Reyes
This completes #3794. Also make sure the new tests from #4195 are enabled Closes #4465
2019-10-02tool_operate: rename functions to make more senseDaniel Stenberg
2019-10-02curl: create easy handles on-demand and not ahead of timeDaniel Stenberg
This should again enable crazy-large download ranges of the style [1-10000000] that otherwise easily ran out of memory starting in 7.66.0 when this new handle allocating scheme was introduced. Reported-by: Peter Sumatra Fixes #4393 Closes #4438
2019-09-22curl: exit the create_transfers loop on errorsDaniel Stenberg
When looping around the ranges and given URLs to create transfers, all errors should exit the loop and return. Previously it would keep looping. Reported-by: SumatraPeter on github Bug: #4393 Closes #4396
2019-09-20tool_operate: removed unused variable 'done'Daniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-20tool_operate: Expression 'config->resume_from' is always trueDaniel Stenberg
Fixes warning detected by PVS-Studio Fixes #4374
2019-09-13curl: fix memory leaked by parse_metalink()Kamil Dudka
This commit fixes a regression introduced by curl-7_65_3-5-gb88940850. Detected by tests 2005, 2008, 2009, 2010, 2011, and 2012 with valgrind and libmetalink enabled. Closes #4326
2019-09-10curl: make sure the parallel transfers do them allDaniel Stenberg
The logic could erroneously break the loop too early before all transfers had been transferred. Reported-by: Tom van der Woerdt Fixes #4316 Closes #4317
2019-08-29curl: fix include conditionslufia
2019-08-20cleanup: remove DOT_CHAR completelyDaniel Stenberg
Follow-up to f9c7ba9096ec The use of DOT_CHAR for ".ssh" was probably a mistake and is removed now. Pointed-out-by: Gisle Vanem Bug: https://github.com/curl/curl/pull/4230#issuecomment-522960638 Closes #4247
2019-08-08CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directlyDaniel Stenberg
Even though it cannot fall-back to a lower HTTP version automatically. The safer way to upgrade remains via CURLOPT_ALTSVC. CURLOPT_H3 no longer has any bits that do anything and might be removed before we remove the experimental label. Updated the curl tool accordingly to use "--http3". Closes #4197
2019-08-07curl: make use of CURLINFO_RETRY_AFTER when retryingDaniel Stenberg
If a Retry-After: header was used in the response, that value overrides other retry timing options. Fixes #3794 Closes #4195
2019-08-07curl: use CURLINFO_PROTOCOL to check for HTTP(s)Daniel Stenberg
... instead of CURLINFO_EFFECTIVE_URL to avoid string operations.
2019-08-06curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme
Ref: https://github.com/curl/curl/issues/3653 Ref: https://github.com/curl/curl/pull/3790 NOTE: This commit was cherry-picked and is part of a series of commits that added the authzid feature for upcoming 7.66.0. The series was temporarily reverted in db8ec1f so that it would not ship in a 7.65.x patch release. Closes https://github.com/curl/curl/pull/4186
2019-08-06curl_multi_poll: a sister to curl_multi_wait() that waits moreDaniel Stenberg
Repeatedly we see problems where using curl_multi_wait() is difficult or just awkward because if it has no file descriptor to wait for internally, it returns immediately and leaves it to the caller to wait for a small amount of time in order to avoid occasional busy-looping. This is often missed or misunderstood, leading to underperforming applications. This change introduces curl_multi_poll() as a replacement drop-in function that accepts the exact same set of arguments. This function works identically to curl_multi_wait() - EXCEPT - for the case when there's nothing to wait for internally, as then this function will by itself wait for a "suitable" short time before it returns. This effectiely avoids all risks of busy-looping and should also make it less likely that apps "over-wait". This also changes the curl tool to use this funtion internally when doing parallel transfers and changes curl_easy_perform() to use it internally. Closes #4163
2019-07-30curl: remove outdated commentDaniel Stenberg
Turned bad with commit b8894085000 Reported-by: niallor on github Fixes #4172 Closes #4173
2019-07-29curl: avoid uncessary libcurl timeouts (in parallel mode)Daniel Stenberg
When curl_multi_wait() returns OK without file descriptors to wait for, it might already have done a long timeout. Closes #4159
2019-07-23tool_operate: fix implicit call to easysrc_cleanupJay Satiro
easysrc_cleanup is only defined when CURL_DISABLE_LIBCURL_OPTION is not defined, and prior to this change would be called regardless. Bug: https://github.com/curl/curl/pull/3804#issuecomment-513922637 Reported-by: Marcel Raad Closes https://github.com/curl/curl/pull/4142
2019-07-22curl:create_transfers check return code from curl_easy_setoptDaniel Stenberg
From commit b8894085 Pointed out by Coverity CID 1451703 Closes #4134
2019-07-21HTTP3: initial (experimental) supportDaniel Stenberg
USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
2019-07-21curl: remove dead codeDaniel Stenberg
The loop never loops (since b889408500), pointed out by Coverity (CID 1451702) Closes #4133
2019-07-20curl: support parallel transfersDaniel Stenberg
This is done by making sure each individual transfer is first added to a linked list as then they can be performed serially, or at will, in parallel. Closes #3804
2019-06-24curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy buildsKoen Dergent
Closes #4061
2019-06-18curl: improved skip-setopt-options when built with disabled featuresDaniel Stenberg
Reduces #ifdefs in src/tool_operate.c Follow-up from 4e86f2fc4e6 Closes #3936
2019-05-25Revert all SASL authzid (new feature) commitsJay Satiro
- Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
2019-05-22curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the toolSteve Holme
2019-05-18curl: make code work with protocol-disabled libcurlDaniel Stenberg
Closes #3844
2019-05-16cleanup: remove FIXME and TODO commentsDaniel Stenberg
They serve very little purpose and mostly just add noise. Most of them have been around for a very long time. I read them all before removing or rephrasing them. Ref: #3876 Closes #3883