Age | Commit message (Collapse) | Author |
|
- Move verify_certificate functionality in schannel.c into a new
file called schannel_verify.c. Additionally, some structure defintions
from schannel.c have been moved to schannel.h to allow them to be
used in schannel_verify.c.
- Make verify_certificate functionality for Schannel available on
all versions of Windows instead of just Windows CE. verify_certificate
will be invoked on Windows CE or when the user specifies
CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.
- In verify_certificate, create a custom certificate chain engine that
exclusively trusts the certificate store backed by the CURLOPT_CAINFO
file.
- doc updates of --cacert/CAINFO support for schannel
- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
when available. This implements a TODO in schannel.c to improve
handling of multiple SANs in a certificate. In particular, all SANs
will now be searched instead of just the first name.
- Update tool_operate.c to not search for the curl-ca-bundle.crt file
when using Schannel to maintain backward compatibility. Previously,
any curl-ca-bundle.crt file found in that search would have been
ignored by Schannel. But, with CAINFO support, the file found by
that search would have been used as the certificate store and
could cause issues for any users that have curl-ca-bundle.crt in
the search path.
- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
SSL backend is Schannel. We allow setting CA location for schannel
only when explicitly specified by the user via CURLOPT_CAINFO /
--cacert.
- Add new test cases 3000 and 3001. These test cases check that the first
and last SAN, respectively, matches the connection hostname. New test
certificates have been added for these cases. For 3000, the certificate
prefix is Server-localhost-firstSAN and for 3001, the certificate
prefix is Server-localhost-secondSAN.
- Remove TODO 15.2 (Add support for custom server certificate
validation), this commit addresses it.
Closes https://github.com/curl/curl/pull/1325
|
|
When a zeroed out allocation is required, use calloc() rather than
malloc() followed by an explicit memset(). The result will be the
same, but using calloc() everywhere increases consistency in the
codebase and avoids the risk of subtle bugs when code is injected
between malloc and memset by accident.
Closes https://github.com/curl/curl/pull/2497
|
|
Only treat response code as FTP response codes in case the
protocol type is FTP.
This fixes an issue where an HTTP download was treated as FTP
in case libcurl returned with 33. This happens when the
download has already finished and the server responses 416:
HTTP/1.1 416 Requested Range Not Satisfiable
This should not be treated as an FTP error.
Fixes #2464
Closes #2465
|
|
Add --haproxy-protocol for the command line tool
Closes #2162
|
|
Found via `codespell`
Closes #2389
|
|
|
|
Detected using the `codespell` tool.
Also contains one URL protocol upgrade.
Closes https://github.com/curl/curl/pull/2334
|
|
- In keeping with the naming of our other connect timeout options rename
CURLOPT_HAPPY_EYEBALLS_TIMEOUT to CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.
This change adds the _MS suffix since the option expects milliseconds.
This is more intuitive for our users since other connect timeout options
that expect milliseconds use _MS such as CURLOPT_TIMEOUT_MS,
CURLOPT_CONNECTTIMEOUT_MS, CURLOPT_ACCEPTTIMEOUT_MS.
The tool option already uses an -ms suffix, --happy-eyeballs-timeout-ms.
Follow-up to 2427d94 which added the lib and tool option yesterday.
Ref: https://github.com/curl/curl/pull/2260
|
|
- Add new option CURLOPT_HAPPY_EYEBALLS_TIMEOUT to set libcurl's happy
eyeball timeout value.
- Add new optval macro CURL_HET_DEFAULT to represent the default happy
eyeballs timeout value (currently 200 ms).
- Add new tool option --happy-eyeballs-timeout-ms to expose
CURLOPT_HAPPY_EYEBALLS_TIMEOUT. The -ms suffix is used because the
other -timeout options in the tool expect seconds not milliseconds.
Closes https://github.com/curl/curl/pull/2260
|
|
... not of the #define was set at build-time!
|
|
On Windows, stat() may adjust the unix file time by a daylight saving time
offset. Avoid this by calling GetFileTime() instead.
Fixes #2164
Closes #2204
|
|
Bug: https://curl.haxx.se/mail/lib-2018-01/0122.html
Signed-off-by: Ben Greear <greearb@candelatech.com>
|
|
To verify a proxy's public key. For when using HTTPS proxies.
Fixes #2192
Closes #2268
|
|
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differently on
different platforms which caused test 1307 failures on macos only.
Closes #2269
|
|
Reported-By: Gisle Vanem
Bug: https://github.com/curl/curl/commit/993dd5651a6c853bfe3870f6a69c7b329fa4e8ce#commitcomment-27070080
|
|
djgpp do have 'mkdir(dir, mode)'. Other DOS-compilers does not
But djgpp seems the only choice for MSDOS anyway.
PellesC do have a 'F_OK' defined in it's <unistd.h>.
Update year in Copyright.
|
|
|
|
Get screen width from the environment variable COLUMNS first, if set. If
not, use ioctl(). If nether works, assume 79.
Closes #2242
The "refresh" is for the -# output when no total transfer size is
known. It will now only use a single updated line even for this case:
The "-=O=-" ship moves when data is transferred. The four flying
"hashes" move (on a sine wave) on each refresh, independent of data.
|
|
|
|
- Move the size modifier detection code from limit-rate to its own
function so that it can also be used with max-filesize.
Size modifiers are the suffixes such as G (gigabyte), M (megabyte) etc.
For example --max-filesize 1G
Ref: https://curl.haxx.se/mail/archive-2017-12/0000.html
Closes https://github.com/curl/curl/pull/2179
|
|
Bug: #2174
|
|
This reverts commit 9ffad8eb1329bb35c8988115ac7ed85cf91ef955.
It was actually added rather recently in 8e8afa82cbb629 due to a crash
that would otherwise happen in the RTSP code. As I don't think we've
fixed that behavior yet, we better keep this work-around until we have
fixed it better.
|
|
These are OS/2-specific things added to the code in the year 2000. They
were always ugly. If there's any user left, they still don't need it
done this way.
Closes #2166
|
|
That data is only ever used by the CURLOPT_INTERLEAVEFUNCTION callback
and that option isn't set or used by the curl tool!
Updates the 9 tests that verify --libcurl
Closes #2167
|
|
Make it use a max 10Hz update frequency for this case as well. Return
early if the "point" hasn't moved since last invoke.
Reported-by: Elliot Saba
Fixes #2158
Closes #2163
|
|
Reported by scan-build
Closes #2109
|
|
Update CMakeLists.txt to add curl.rc to the correct list.
|
|
Ref cc1f4436099decb9d1a7034b2bb773a9f8379d31
|
|
It adds the ability to link against static brotli libs.
Also fix brotli include path.
|
|
|
|
This uses the brotli external library (https://github.com/google/brotli).
Brotli becomes a feature: additional curl_version_info() bit and
structure fields are provided for it and CURLVERSION_NOW bumped.
Tests 314 and 315 check Brotli content unencoding with correct and
erroneous data.
Some tests are updated to accomodate with the now configuration dependent
parameters of the Accept-Encoding header.
|
|
By properly keeping track of the last entry in the list of URLs/uploads
to handle, curl now avoids many meaningless traverses of the list which
speeds up many-URL handling *MASSIVELY* (several magnitudes on 100K
URLs).
Added test 1291, to verify that it doesn't take ages - but we don't have
any detection of "too slow" command in the test suite.
Reported-by: arainchik on github
Fixes #1959
Closes #2052
|
|
Assisted-by: Per Lundberg
Fixes #2044
Closes #2046
Closes #2048
|
|
Do not generate line with the current date, such as:
* Generation time: Tue Oct-24 18:01:41 2017
This will improve reproducibility. The generated string is only
part of a comment, so there should be no adverse consequences.
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
closes #2026
|
|
|
|
Also upgrade test 1133 to cover this case and clarify man page about
form data quoting.
Bug: https://github.com/curl/curl/issues/2022
Reported-By: omau on github
|
|
The config files define curl and libcurl targets as imported targets
CURL::curl and CURL::libcurl. For backward compatibility with CMake-
provided find-module the CURL_INCLUDE_DIRS and CURL_LIBRARIES are
also set.
Closes #1879
|
|
Allow to ovverride certain build tools, making it possible to
use LLVM/Clang to build curl. The default behavior is unchanged.
To build with clang (as offered by MSYS2), these settings can
be used:
CURL_CC=clang
CURL_AR=llvm-ar
CURL_RANLIB=llvm-ranlib
Closes https://github.com/curl/curl/pull/1993
|
|
Closes PR https://github.com/curl/curl/pull/1985
|
|
If stdin is not a regular file, its content is memory-buffered to enable
a possible data "rewind".
In all cases, stdin data size is determined before real use to avoid
having an unknown part's size.
--libcurl generated code is left as an unbuffered stdin fread/fseek callback
part with unknown data size.
Buffering is not supported in deprecated curl_formadd() API.
|
|
Test 1422 updated to verify.
Closes #1964
|
|
When curl and libcurl are built with some protocols disabled, they stop
setting and receiving some options that don't make sense with those
protocols. In particular, when HTTP is disabled many options aren't set
that are used only by HTTP. However, some options that appear to be
HTTP-only are actually used by other protocols as well (some despite
having HTTP in the name) and should be set, but weren't. This change now
causes some of these options to be set and used for more (or for all)
protocols. In particular, this fixes tests 646 through 649 in an
HTTP-disabled build, which use the MIME API in the mail protocols.
|
|
In MultiSSL mode (i.e. when more than one SSL backend is compiled
in), we cannot use the compile time flag `USE_NSS` as indicator that
the NSS backend is in use. As far as Metalink is concerned, the SSL
backend is only used for MD5, SHA-1 and SHA-256 calculations,
therefore one of the available SSL backends is selected at compile
time, in a strict order of preference.
Let's introduce a new `HAVE_NSS_CONTEXT` constant that can be used
to determine whether the SSL backend used for Metalink is the NSS
backend, and use that to guard the code that wants to de-initialize
the NSS-specific data structure.
Ref: https://github.com/curl/curl/pull/1848
|
|
Also suppress length argument of curl_mime_name() (names are always
zero-terminated).
|
|
Detected by coverity. CID 1418137.
|
|
... previously it would store a return value even when it returned
error, which could make the value get used anyway!
Reported-by: Brian Carpenter
Closes #1893
|
|
|
|
|
|
- The part kind MIMEKIND_FILE and associated code are suppressed.
- Seek data origin offset not used anymore: suppressed.
- MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions
renamed accordingly.
- Curl_getformdata() processes stdin via a callback.
|
|
curl_mime_encoder() is operational and documented.
curl tool -F option is extended with ";encoder=".
curl tool --libcurl option generates calls to curl_mime_encoder().
New encoder tests 648 & 649.
Test 1404 extended with an encoder specification.
|