delta/curl.git/lib/Makefile.inc, branch bagder/https-proxyu-req-http github.com: bagder/curl.git curl_krb5.h: rename from krb5.h 2020-09-22T11:46:22+00:00 Daniel Stenberg daniel@haxx.se 2020-09-22T09:22:34+00:00 1ee289f7b50a414ab4599dae796e286d617bc79e Follow-up from f4873ebd0be32cf Turns out some older openssl installations go bananas otherwise. Reported-by: Tom van der Woerdt Fixes #5995 Closes #5996 
Follow-up from f4873ebd0be32cf

Turns out some older openssl installations go bananas otherwise.
Reported-by: Tom van der Woerdt
Fixes #5995
Closes #5996
krb5: merged security.c and krb specific FTP functions in here 2020-09-21T21:31:39+00:00 Daniel Stenberg daniel@haxx.se 2020-09-21T11:59:33+00:00 f4873ebd0be32cf9ae2c389e0b328f0e03211c84 These two files were always tightly connected and it was hard to understand what went into which. This also allows us to make the ftpsend() function static (moved from ftp.c). Removed security.c Renamed curl_sec.h to krb5.h Closes #5987 
These two files were always tightly connected and it was hard to
understand what went into which. This also allows us to make the
ftpsend() function static (moved from ftp.c).

Removed security.c
Renamed curl_sec.h to krb5.h

Closes #5987
options: API for meta-data about easy options 2020-08-27T12:17:36+00:00 Daniel Stenberg daniel@haxx.se 2020-08-26T06:30:38+00:00 6ebe63fac23f38df911edc348e8ccc72280f9434 const struct curl_easyoption *curl_easy_option_by_name(const char *name); const struct curl_easyoption *curl_easy_option_by_id (CURLoption id); const struct curl_easyoption * curl_easy_option_next(const struct curl_easyoption *prev); The purpose is to provide detailed enough information to allow for example libcurl bindings to get option information at run-time about what easy options that exist and what arguments they expect. Assisted-by: Jeroen Ooms Closes #5365 
 const struct curl_easyoption *curl_easy_option_by_name(const char *name);

 const struct curl_easyoption *curl_easy_option_by_id (CURLoption id);

 const struct curl_easyoption *
 curl_easy_option_next(const struct curl_easyoption *prev);

The purpose is to provide detailed enough information to allow for
example libcurl bindings to get option information at run-time about
what easy options that exist and what arguments they expect.

Assisted-by: Jeroen Ooms
Closes #5365
win32: Add Curl_verify_windows_version() to curlx 2020-08-02T15:58:44+00:00 Cameron Cawley ccawley2011@gmail.com 2020-07-31T19:36:56+00:00 790137b0f701fc9dc8e40d903b89be9f1ecadd00 Closes https://github.com/curl/curl/pull/5754 
Closes https://github.com/curl/curl/pull/5754
vtls: Extract and simplify key log file handling from OpenSSL 2020-05-27T19:19:51+00:00 Peter Wu peter@lekensteyn.nl 2020-05-03T15:10:40+00:00 6011a986ca3a4c162eb0daf9204fa5ddbc20a86e Create a set of routines for TLS key log file handling to enable reuse with other TLS backends. Simplify the OpenSSL backend as follows: - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled. - Do not perform dynamic memory allocation when preparing a log entry. Unless the TLS specifications change we can suffice with a reasonable fixed-size buffer. - Simplify state tracking when SSL_CTX_set_keylog_callback is unavailable. My original sslkeylog.c code included this tracking in order to handle multiple calls to SSL_connect and detect new keys after renegotiation (via SSL_read/SSL_write). For curl however we can be sure that a single master secret eventually becomes available after SSL_connect, so a simple flag is sufficient. An alternative to the flag is examining SSL_state(), but this seems more complex and is not pursued. Capturing keys after server renegotiation was already unsupported in curl and remains unsupported. Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f (`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`) against an OpenSSL 1.1.1f server configured with: # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2 openssl s_server -www -tls1 # Likewise, but fail the server handshake. openssl s_server -www -tls1 -Verify 2 # TLS 1.3 test. No need to test the failing server handshake. openssl s_server -www -tls1_3 Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly written using Wireshark. For the first and third case, expect four matches per connection (decrypted Server Finished, Client Finished, HTTP Request, HTTP Response). For the second case where the handshake fails, expect a decrypted Server Finished only. tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \ -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \ -dtls.port==4433,http -ohttp.desegment_body:FALSE \ -Y 'tls.handshake.verify_data or http' A single connection can easily be identified via the `tcp.stream` field. 
Create a set of routines for TLS key log file handling to enable reuse
with other TLS backends. Simplify the OpenSSL backend as follows:

 - Drop the ENABLE_SSLKEYLOGFILE macro as it is unconditionally enabled.
 - Do not perform dynamic memory allocation when preparing a log entry.
   Unless the TLS specifications change we can suffice with a reasonable
   fixed-size buffer.
 - Simplify state tracking when SSL_CTX_set_keylog_callback is
   unavailable. My original sslkeylog.c code included this tracking in
   order to handle multiple calls to SSL_connect and detect new keys
   after renegotiation (via SSL_read/SSL_write). For curl however we can
   be sure that a single master secret eventually becomes available
   after SSL_connect, so a simple flag is sufficient. An alternative to
   the flag is examining SSL_state(), but this seems more complex and is
   not pursued. Capturing keys after server renegotiation was already
   unsupported in curl and remains unsupported.

Tested with curl built against OpenSSL 0.9.8zh, 1.0.2u, and 1.1.1f
(`SSLKEYLOGFILE=keys.txt curl -vkso /dev/null https://localhost:4433`)
against an OpenSSL 1.1.1f server configured with:

    # Force non-TLSv1.3, use TLSv1.0 since 0.9.8 fails with 1.1 or 1.2
    openssl s_server -www -tls1
    # Likewise, but fail the server handshake.
    openssl s_server -www -tls1 -Verify 2
    # TLS 1.3 test. No need to test the failing server handshake.
    openssl s_server -www -tls1_3

Verify that all secrets (1 for TLS 1.0, 4 for TLS 1.3) are correctly
written using Wireshark. For the first and third case, expect four
matches per connection (decrypted Server Finished, Client Finished, HTTP
Request, HTTP Response). For the second case where the handshake fails,
expect a decrypted Server Finished only.

    tshark -i lo -pf tcp -otls.keylog_file:keys.txt -Tfields \
        -eframe.number -eframe.time -etcp.stream -e_ws.col.Info \
        -dtls.port==4433,http -ohttp.desegment_body:FALSE \
        -Y 'tls.handshake.verify_data or http'

A single connection can easily be identified via the `tcp.stream` field.
ngtcp2: introduce qlog support 2020-05-07T14:27:49+00:00 Daniel Stenberg daniel@haxx.se 2020-05-07T12:17:42+00:00 14c17a2b6e0c377c16db43d0e963a31db597ece5 If the QLOGDIR environment variable is set, enable qlogging. ... and create Curl_qlogdir() in the new generic vquic/vquic.c file for QUIC functions that are backend independent. Closes #5353 
If the QLOGDIR environment variable is set, enable qlogging.

... and create Curl_qlogdir() in the new generic vquic/vquic.c file for
QUIC functions that are backend independent.

Closes #5353
dynbuf: introduce internal generic dynamic buffer functions 2020-05-04T08:40:39+00:00 Daniel Stenberg daniel@haxx.se 2020-05-02T15:04:08+00:00 ed35d6590e72c23c568af1e3b8ac6e4e2d883888 A common set of functions instead of many separate implementations for creating buffers that can grow when appending data to them. Existing functionality has been ported over. In my early basic testing, the total number of allocations seem at roughly the same amount as before, possibly a few less. See docs/DYNBUF.md for a description of the API. Closes #5300 
A common set of functions instead of many separate implementations for
creating buffers that can grow when appending data to them. Existing
functionality has been ported over.

In my early basic testing, the total number of allocations seem at
roughly the same amount as before, possibly a few less.

See docs/DYNBUF.md for a description of the API.

Closes #5300
mqtt: add new experimental protocol 2020-04-14T11:03:40+00:00 Bjorn Stenberg bjorn@haxx.se 2020-04-14T09:19:12+00:00 2522903b792ac5a802f780df60dc4647c58e2477 Closes #5173 
Closes #5173
rename: a new file for Curl_rename() 2020-02-18T06:49:15+00:00 Daniel Stenberg daniel@haxx.se 2020-02-17T21:55:34+00:00 330f133224af18c65b9325d9b6502e07b4f09f6b And make the cookie save function use it. 
And make the cookie save function use it.
polarssl: removed 2020-01-16T10:55:56+00:00 Daniel Stenberg daniel@haxx.se 2020-01-16T07:17:04+00:00 6357a19ff29dac04f93eb113c8dd00c2805984f8 As detailed in DEPRECATE.md, the polarssl support is now removed after having been disabled for 6 months and nobody has missed it. The threadlock files used by mbedtls are renamed to an 'mbedtls' prefix instead of the former 'polarssl' and the common functions that previously were shared between mbedtls and polarssl and contained the name 'polarssl' have now all been renamed to instead say 'mbedtls'. Closes #4825 
As detailed in DEPRECATE.md, the polarssl support is now removed after
having been disabled for 6 months and nobody has missed it.

The threadlock files used by mbedtls are renamed to an 'mbedtls' prefix
instead of the former 'polarssl' and the common functions that
previously were shared between mbedtls and polarssl and contained the
name 'polarssl' have now all been renamed to instead say 'mbedtls'.

Closes #4825