delta/curl.git/lib, branch bagder/test493-https github.com: bagder/curl.git openssl: fix build error with OpenSSL < 1.0.2 2021-04-20T04:08:36+00:00 Georeth Zhou georeth2010@gmail.com 2021-04-20T03:11:56+00:00 6e3f2febcba4e744eb2f78db4905c76e73615c6c Closes https://github.com/curl/curl/pull/6920 
Closes https://github.com/curl/curl/pull/6920
urlapi: "normalize" numerical IPv4 host names 2021-04-19T06:34:55+00:00 Daniel Stenberg daniel@haxx.se 2021-04-19T06:34:52+00:00 56a037cc0ad1b2a770d0c08d3d09dee1ce600f0f When the host name in a URL is given as an IPv4 numerical address, the address can be specified with dotted numericals in four different ways: a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in decimal, octal (0-prefixed) or hexadecimal (0x-prefixed). Instead of passing on the name as-is and leaving the handling to the underlying name functions, which made them not work with c-ares but work with getaddrinfo, this change now makes the curl URL API itself detect and "normalize" host names specified as IPv4 numericals. The WHATWG URL Spec says this is an okay way to specify a host name in a URL. RFC 3896 does not allow them, but curl didn't prevent them before and it seems other RFC 3896-using tools have not either. Host names used like this are widely supported by other tools as well due to the handling being done by getaddrinfo and friends. I decided to add the functionality into the URL API itself so that all users of these functions get the benefits, when for example wanting to compare two URLs. Also, it makes curl built to use c-ares now support them as well and make curl builds more consistent. The normalization makes HTTPS and virtual hosted HTTP work fine even when curl gets the address specified using one of the "obscure" formats. Test 1560 is extended to verify. Fixes #6863 Closes #6871 
When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different ways:
a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).

Instead of passing on the name as-is and leaving the handling to the
underlying name functions, which made them not work with c-ares but work
with getaddrinfo, this change now makes the curl URL API itself detect
and "normalize" host names specified as IPv4 numericals.

The WHATWG URL Spec says this is an okay way to specify a host name in a
URL. RFC 3896 does not allow them, but curl didn't prevent them before
and it seems other RFC 3896-using tools have not either. Host names used
like this are widely supported by other tools as well due to the
handling being done by getaddrinfo and friends.

I decided to add the functionality into the URL API itself so that all
users of these functions get the benefits, when for example wanting to
compare two URLs. Also, it makes curl built to use c-ares now support
them as well and make curl builds more consistent.

The normalization makes HTTPS and virtual hosted HTTP work fine even
when curl gets the address specified using one of the "obscure" formats.

Test 1560 is extended to verify.

Fixes #6863
Closes #6871
libssh: fix "empty expression statement has no effect" warnings 2021-04-19T06:30:04+00:00 Daniel Stenberg daniel@haxx.se 2021-04-17T17:00:15+00:00 2426fa49ea30323d01db3ecff42c6d2c929943e4 ... by fixing macros to do-while constructs and moving out the calls to "break" outside of the actual macro. It also fixes the problem where the macro was used witin a loop and the break didn't do right. Reported-by: Emil Engler Fixes #6847 Closes #6909 
... by fixing macros to do-while constructs and moving out the calls to
"break" outside of the actual macro. It also fixes the problem where the
macro was used witin a loop and the break didn't do right.

Reported-by: Emil Engler
Fixes #6847
Closes #6909
hsts: enable by default 2021-04-19T06:22:16+00:00 Daniel Stenberg daniel@haxx.se 2021-03-08T07:30:32+00:00 d71ff2b9db566b3f4b2eb29441c2df86715d4339 No longer considered experimental. Closes #6700 
No longer considered experimental.

Closes #6700
vtls: refuse setting any SSL version 2021-04-19T06:16:02+00:00 Daniel Stenberg daniel@haxx.se 2021-03-22T12:39:37+00:00 eff614fb0242cb37d33f89e2e74a93cef5203aed ... previously they were supported if a TLS library would (unexpectedly) still support them, but from this change they will be refused already in curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for many years now. Closes #6773 
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.

Closes #6773
openldap: protect SSL-specific code with proper #ifdef 2021-04-15T21:31:41+00:00 Daniel Stenberg daniel@haxx.se 2021-04-15T20:47:09+00:00 2cd26861296c701d6380bc770ea3e09f72187aad Closes #6901 
Closes #6901
libssh2: fix Value stored to 'sshp' is never read 2021-04-15T20:43:35+00:00 Daniel Stenberg daniel@haxx.se 2021-04-15T15:46:24+00:00 b532d35b5c97a2900f8511f3ecbf45c9342cfcba Pointed out by scan-build Closes #6900 
Pointed out by scan-build

Closes #6900
rustls: only return CURLE_AGAIN when TLS session is fully drained 2021-04-15T06:19:49+00:00 Javier Blazquez jblazquez@riotgames.com 2021-04-14T21:55:12+00:00 40d2d39f86812d295008648f249a98d07f4c93ee The code in cr_recv was returning prematurely as soon as the socket reported no more data to read. However, this could be leaving some unread plaintext data in the rustls session from a previous call, causing causing the transfer to hang if the socket never receives further data. We need to ensure that the session is fully drained of plaintext data before returning CURLE_AGAIN to the caller. Reviewed-by: Jacob Hoffman-Andrews Closes #6894 
The code in cr_recv was returning prematurely as soon as the socket
reported no more data to read. However, this could be leaving some
unread plaintext data in the rustls session from a previous call,
causing causing the transfer to hang if the socket never receives
further data.

We need to ensure that the session is fully drained of plaintext data
before returning CURLE_AGAIN to the caller.

Reviewed-by: Jacob Hoffman-Andrews
Closes #6894
cookie: CURLOPT_COOKIEFILE set to NULL switches off cookies 2021-04-14T21:09:36+00:00 Daniel Stenberg daniel@haxx.se 2021-04-14T07:15:19+00:00 520bd5225c70a5c4cceee08f1aa7447eb0ec6653 Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears the cookiejar from memory. Reported-by: Stefan Karpinski Fixes #6889 Closes #6891 
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.

Reported-by: Stefan Karpinski
Fixes #6889
Closes #6891
ngtcp2: Use ALPN h3-29 for now 2021-04-13T12:22:32+00:00 Tatsuhiro Tsujikawa tatsuhiro.t@gmail.com 2021-04-13T12:01:20+00:00 f141b0bbf78c818e0fd6ea6782ec718e4a9055c0 Fixes #6864 Cloes #6886 
Fixes #6864
Cloes #6886