aboutsummaryrefslogtreecommitdiff
path: root/tests/data
AgeCommit message (Collapse)Author
2019-04-29CURL_MAX_INPUT_LENGTH: largest acceptable string input sizeDaniel Stenberg
This limits all accepted input strings passed to libcurl to be less than CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: curl_easy_setopt() and curl_url_set(). The 8000000 number is arbitrary picked and is meant to detect mistakes or abuse, not to limit actual practical use cases. By limiting the acceptable string lengths we also reduce the risk of integer overflows all over. NOTE: This does not apply to `CURLOPT_POSTFIELDS`. Test 1559 verifies. Closes #3805
2019-04-22sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616Steve Holme
RFC 4616 specifies the authzid is optional in the client authentication message and that the server will derive the authorisation identity (authzid) from the authentication identity (authcid) when not specified by the client.
2019-04-21test 196,197,198: add 'retry' keyword [skip ci]Daniel Stenberg
2019-04-20test1002: correct the name [skip ci]Daniel Stenberg
2019-04-20test660: verify CONNECT_ONLY with IMAPDaniel Stenberg
which basically just makes sure LOGOUT is *not* issued on disconnect
2019-04-13test: make tests and test scripts use socksd for SOCKSDaniel Stenberg
Make all SOCKS tests use socksd instead of ssh.
2019-04-13socksd: new SOCKS 4+5 server for testsDaniel Stenberg
Closes #3752
2019-04-11test1906: verify CURLOPT_CURLU + CURLOPT_PORT usageDaniel Stenberg
Based-on-code-by: Poul T Lomholt
2019-04-06pipelining: removedDaniel Stenberg
As previously planned and documented in DEPRECATE.md, all pipelining code is removed. Closes #3651
2019-04-02vauth/oauth2: Fix OAUTHBEARER token generationMert Yazıcıoğlu
OAUTHBEARER tokens were incorrectly generated in a format similar to XOAUTH2 tokens. These changes make OAUTHBEARER tokens conform to the RFC7628. Fixes: #2487 Reported-by: Paolo Mossino Closes https://github.com/curl/curl/pull/3377
2019-03-24tests: Fixed XML validation errors in some test files.Dan Fandrich
2019-03-24tests: Fix some incorrect precheck error messages.Dan Fandrich
[ci skip]
2019-03-18test1541: threaded connection sharingDaniel Stenberg
The threaded-shared-conn.c example turned into test case. Only works if pthread was detected. An attempt to detect future regressions such as e3a53e3efb942a5 Closes #3687
2019-03-14Negotiate: fix for HTTP POST with NegotiateDominik Hölzl
* Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975
2019-03-13http: send payload when (proxy) authentication is doneMarc Schlatter
The check that prevents payload from sending in case of authentication doesn't check properly if the authentication is done or not. They're cases where the proxy respond "200 OK" before sending authentication challenge. This change takes care of that. Fixes #2431 Closes #3669
2019-03-09test331: verify set-cookie for dotless host nameDaniel Stenberg
Reproduced bug #3649 Closes #3659
2019-03-09Revert "cookies: extend domain checks to non psl builds"Daniel Stenberg
This reverts commit 3773de378d48b06c09931e44dca4d274d0bfdce0. Regression shipped in 7.64.0 Fixes #3649
2019-03-05multi: support verbose conncache closure handleJay Satiro
- Change closure handle to receive verbose setting from the easy handle most recently added via curl_multi_add_handle. The closure handle is a special easy handle used for closing cached connections. It receives limited settings from the easy handle most recently added to the multi handle. Prior to this change that did not include verbose which was a problem because on connection shutdown verbose mode was not acknowledged. Ref: https://github.com/curl/curl/pull/3598 Co-authored-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/3618
2019-03-04CURLU: fix NULL dereference when used over proxyDaniel Stenberg
Test 659 verifies Also fixed the test 658 name Closes #3641
2019-03-03alt-svc: add test 355 and 356 to verify with command line curlDaniel Stenberg
2019-03-03alt-svc: the libcurl bitsDaniel Stenberg
2019-02-28test578: make it read data from the correct testDaniel Stenberg
2019-02-27cookies: only save the cookie file if the engine is enabledDaniel Stenberg
Follow-up to 8eddb8f4259. If the cookieinfo pointer is NULL there really is nothing to save. Without this fix, we got a problem when a handle was using shared object with cookies and is told to "FLUSH" it to file (which worked) and then the share object was removed and when the easy handle was closed just afterwards it has no cookieinfo and no cookies so it decided to save an empty jar (overwriting the file just flushed). Test 1905 now verifies that this works. Assisted-by: Michael Wallner Assisted-by: Marcel Raad Closes #3621
2019-02-21tests: Fixed XML validation errors in some test files.Dan Fandrich
2019-02-20curl: remove MANUAL from -M outputDaniel Stenberg
... and remove it from the dist tarball. It has served its time, it barely gets updated anymore and "everything curl" is now convering all this document once tried to include, and does it more and better. In the compressed scenario, this removes ~15K data from the binary, which is 25% of the -M output. It remains in the git repo for now for as long as the web site builds a page using that as source. It renders poorly on the site (especially for mobile users) so its not even good there. Closes #3587
2019-02-19connection: never reuse CONNECT_ONLY conectionsDaniel Stenberg
and make CONNECT_ONLY conections never reuse any existing ones either. Reported-by: Pavel Löbl Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html Closes #3586
2019-02-17cookie: Add support for cookie prefixesDaniel Gustafsson
The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes and how they should affect cookie initialization, which has been adopted by the major browsers. This adds support for the two prefixes defined, __Host- and __Secure, and updates the testcase with the supplied examples from the draft. Closes #3554 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2019-02-13unit1307: require FTP supportMarcel Raad
This test doesn't link without FTP support after fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch unavailable without FTP support. Closes https://github.com/curl/curl/pull/3565
2019-02-11tests: add stderr comparison to the test suiteFrank Gevaerts
The code is more or less copied from the stdout comparison code, maybe some better reuse is possible. test 1457 is adjusted to make the output actually match (by using --silent) test 506 used <stderr> without actually needing it, so that <stderr> block is removed Closes #3536
2019-02-11cli tool: do not use mime.h private structures.Patrick Monnerat
Option -F generates an intermediate representation of the mime structure that is used later to create the libcurl mime structure and generate the --libcurl statements. Reported-by: Daniel Stenberg Fixes #3532 Closes #3546
2019-01-15tests: move objnames-* from lib into testsDaniel Stenberg
Since they're used purely for testing purposes, I think they should rather be stored there. Closes #3470
2019-01-10test1558: verify CURLINFO_PROTOCOL on file:// transferDaniel Stenberg
Attempt to reproduce issue #3444. Closes #3447
2019-01-10xattr: strip credentials from any URL that is storedDaniel Stenberg
Both user and password are cleared uncondtitionally. Added unit test 1621 to verify. Fixes #3423 Closes #3433
2019-01-10cookies: allow secure override when done over HTTPSDaniel Stenberg
Added test 1562 to verify. Reported-by: Jeroen Ooms Fixes #3445 Closes #3450
2019-01-09test1561: improve test nameDaniel Stenberg
[skip ci]
2019-01-09cookies: skip custom cookies when redirecting cross-siteKatsuhiko YOSHIDA
Closes #3417
2019-01-08tests: allow tests to pass by 2037-02-12Bernhard M. Wiedemann
similar to commit f508d29f3902104018 Closes #3443
2019-01-07curl_multi_remove_handle() don't block terminating c-ares requestsBrad Spencer
Added Curl_resolver_kill() for all three resolver modes, which only blocks when necessary, along with test 1592 to confirm curl_multi_remove_handle() doesn't block unless it must. Closes #3428 Fixes #3371
2019-01-01ntlm: update selection of type 3 responseMarkus Moeller
NTLM2 did not work i.e. no NTLMv2 response was created. Changing the check seems to work. Ref: https://winprotocoldoc.blob.core.windows.net/productionwindowsarchives/MS-NLMP/[MS-NLMP].pdf Fixes https://github.com/curl/curl/issues/3286 Closes https://github.com/curl/curl/pull/3287 Closes https://github.com/curl/curl/pull/3415
2018-12-27hostip: support wildcard hostsClaes Jakobsson
This adds support for wildcard hosts in CURLOPT_RESOLVE. These are try-last so any non-wildcard entry is resolved first. If specified, any host not matched by another CURLOPT_RESOLVE config will use this as fallback. Example send a.com to 10.0.0.1 and everything else to 10.0.0.2: curl --resolve *:443:10.0.0.2 --resolve a.com:443:10.0.0.1 \ https://a.com https://b.com This is probably quite similar to using: --connect-to a.com:443:10.0.0.1:443 --connect-to :443:10.0.0.2:443 Closes #3406 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-21http: added options for allowing HTTP/0.9 responsesDaniel Stenberg
Added CURLOPT_HTTP09_ALLOWED and --http0.9 for this purpose. For now, both the tool and library allow HTTP/0.9 by default. docs/DEPRECATE.md lays out the plan for when to reverse that default: 6 months after the 7.64.0 release. The options are added already now so that applications/scripts can start using them already now. Fixes #2873 Closes #3383
2018-12-19cookies: extend domain checks to non psl buildsDaniel Gustafsson
Ensure to perform the checks we have to enforce a sane domain in the cookie request. The check for non-PSL enabled builds is quite basic but it's better than nothing. Closes #2964 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-14http: Implement trailing headers for chunked transfersAyoub Boudhar
This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
2018-12-13test1201: Add a trailing `?' to the selectorLeonardo Taccari
This verify that the `?' in the selector is kept as is. Verifies the fix in #3370
2018-12-13cookies: leave secure cookies aloneDaniel Gustafsson
Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
2018-12-12test1519: use lib1518 and test CURLINFO_REDIRECT_URL moreDaniel Stenberg
2018-12-12Curl_follow: extract the Location: header field unvalidatedDaniel Stenberg
... when not actually following the redirect. Otherwise we return error for this and an application can't extract the value. Test 1518 added to verify. Reported-by: Pavel Pavlov Fixes #3340 Closes #3364
2018-12-11tests: add urlapi unittestDaniel Gustafsson
This adds a new unittest intended to cover the internal functions in the urlapi code, starting with parse_port(). In order to avoid name collisions in debug builds, parse_port() is renamed Curl_parse_port() since it will be exported. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2018-12-11http: fix HTTP auth to include query in URIJay Satiro
- Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e1640, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356
2018-12-09test329: verify cookie max-age=0 immediate expiryDaniel Stenberg