diff options
-rw-r--r-- | docs/MANUAL | 4 | ||||
-rw-r--r-- | docs/libcurl/curl_multi_info_read.3 | 6 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 | 2 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 | 2 | ||||
-rw-r--r-- | docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 | 2 | ||||
-rw-r--r-- | lib/ftp.c | 46 | ||||
-rw-r--r-- | lib/netrc.c | 4 | ||||
-rw-r--r-- | lib/vtls/gtls.c | 96 | ||||
-rw-r--r-- | lib/vtls/openssl.c | 69 | ||||
-rw-r--r-- | lib/vtls/schannel.c | 11 | ||||
-rw-r--r-- | packages/OS400/README.OS400 | 2 | ||||
-rw-r--r-- | packages/OS400/ccsidcurl.c | 6 | ||||
-rw-r--r-- | packages/OS400/curl.inc.in | 6 | ||||
-rw-r--r-- | src/tool_help.c | 2 | ||||
-rw-r--r-- | winbuild/BUILD.WINDOWS.txt | 11 |
15 files changed, 206 insertions, 63 deletions
diff --git a/docs/MANUAL b/docs/MANUAL index 113df2016..fb349485f 100644 --- a/docs/MANUAL +++ b/docs/MANUAL @@ -470,8 +470,8 @@ COOKIES stored cookies which match the request as it follows the location. The file "empty.txt" may be a nonexistent file. - Alas, to both read and write cookies from a netscape cookie file, you can - set both -b and -c to use the same file: + To read and write cookies from a netscape cookie file, you can set both -b + and -c to use the same file: curl -b cookies.txt -c cookies.txt www.example.com diff --git a/docs/libcurl/curl_multi_info_read.3 b/docs/libcurl/curl_multi_info_read.3 index 875176486..a23ea7138 100644 --- a/docs/libcurl/curl_multi_info_read.3 +++ b/docs/libcurl/curl_multi_info_read.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -49,8 +49,8 @@ calling \fIcurl_multi_cleanup(3)\fP, \fIcurl_multi_remove_handle(3)\fP or \fIcurl_easy_cleanup(3)\fP. The 'CURLMsg' struct is very simple and only contains very basic information. -If more involved information is wanted, the particular "easy handle" in -present in that struct and can thus be used in subsequent regular +If more involved information is wanted, the particular "easy handle" is +present in that struct and can be used in subsequent regular \fIcurl_easy_getinfo(3)\fP calls (or similar): .nf diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 index 5ddadd093..941cc4882 100644 --- a/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 +++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPALIVE.3 @@ -50,7 +50,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); /* interval time between keep-alive probes: 60 seconds */ - curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); curl_easy_perform(curl); } diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 index 843f65057..d60a3dffb 100644 --- a/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 +++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPIDLE.3 @@ -48,7 +48,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); /* interval time between keep-alive probes: 60 seconds */ - curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); curl_easy_perform(curl); } diff --git a/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 index ee4d53543..42bc0b4ed 100644 --- a/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 +++ b/docs/libcurl/opts/CURLOPT_TCP_KEEPINTVL.3 @@ -46,7 +46,7 @@ if(curl) { curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 120L); /* interval time between keep-alive probes: 60 seconds */ - curl_easy_setopt(curl, CURLOPT_TCP_KEEPIDLE, 60L); + curl_easy_setopt(curl, CURLOPT_TCP_KEEPINTVL, 60L); curl_easy_perform(curl); } @@ -1906,6 +1906,22 @@ static CURLcode proxy_magic(struct connectdata *conn, return result; } +static char *control_address(struct connectdata *conn) +{ + /* Returns the control connection IP address. + If a proxy tunnel is used, returns the original host name instead, because + the effective control connection address is the proxy address, + not the ftp host. */ + if(conn->bits.tunnel_proxy || + conn->proxytype == CURLPROXY_SOCKS5 || + conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME || + conn->proxytype == CURLPROXY_SOCKS4 || + conn->proxytype == CURLPROXY_SOCKS4A) + return conn->host.name; + + return conn->ip_addr_str; +} + static CURLcode ftp_state_pasv_resp(struct connectdata *conn, int ftpcode) { @@ -1928,12 +1944,12 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, unsigned int num; char separator[4]; ptr++; - if(5 == sscanf(ptr, "%c%c%c%u%c", - &separator[0], - &separator[1], - &separator[2], - &num, - &separator[3])) { + if(5 == sscanf(ptr, "%c%c%c%u%c", + &separator[0], + &separator[1], + &separator[2], + &num, + &separator[3])) { const char sep1 = separator[0]; int i; @@ -1951,9 +1967,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, } if(ptr) { ftpc->newport = (unsigned short)(num & 0xffff); - - /* use the original host name again */ - ftpc->newhost = strdup(conn->host.name); + ftpc->newhost = strdup(control_address(conn)); if(!ftpc->newhost) return CURLE_OUT_OF_MEMORY; } @@ -1983,8 +1997,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, */ while(*str) { if(6 == sscanf(str, "%d,%d,%d,%d,%d,%d", - &ip[0], &ip[1], &ip[2], &ip[3], - &port[0], &port[1])) + &ip[0], &ip[1], &ip[2], &ip[3], + &port[0], &port[1])) break; str++; } @@ -2001,9 +2015,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, infof(data, "Skip %d.%d.%d.%d for data connection, re-use %s instead\n", ip[0], ip[1], ip[2], ip[3], conn->host.name); - - /* use the original host name again */ - ftpc->newhost = strdup(conn->host.name); + ftpc->newhost = strdup(control_address(conn)); } else ftpc->newhost = aprintf("%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); @@ -2061,9 +2073,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, conn->bits.tcpconnect[SECONDARYSOCKET] = FALSE; result = Curl_connecthost(conn, addr); - Curl_resolv_unlock(data, addr); /* we're done using this address */ - if(result) { + Curl_resolv_unlock(data, addr); /* we're done using this address */ if(ftpc->count1 == 0 && ftpcode == 229) return ftp_epsv_disable(conn); @@ -2079,8 +2090,9 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn, if(data->set.verbose) /* this just dumps information about this second connection */ - ftp_pasv_verbose(conn, conn->ip_addr, ftpc->newhost, connectport); + ftp_pasv_verbose(conn, addr->addr, ftpc->newhost, connectport); + Curl_resolv_unlock(data, addr); /* we're done using this address */ conn->bits.do_more = TRUE; state(conn, FTP_STOP); /* this phase is completed */ diff --git a/lib/netrc.c b/lib/netrc.c index e656cf7c6..97a07b88e 100644 --- a/lib/netrc.c +++ b/lib/netrc.c @@ -109,7 +109,11 @@ int Curl_parsenetrc(const char *host, netrc_alloc = TRUE; } +#ifdef __CYGWIN__ + file = fopen(netrcfile, "rt"); +#else file = fopen(netrcfile, "r"); +#endif if(netrc_alloc) free(netrcfile); if(file) { diff --git a/lib/vtls/gtls.c b/lib/vtls/gtls.c index 3ad0f82ff..3c473cb7c 100644 --- a/lib/vtls/gtls.c +++ b/lib/vtls/gtls.c @@ -897,10 +897,98 @@ gtls_connect_step3(struct connectdata *conn, #ifdef HAS_OCSP if(data->set.ssl.verifystatus) { if(gnutls_ocsp_status_request_is_checked(session, 0) == 0) { - if(verify_status & GNUTLS_CERT_REVOKED) - infof(data, "\t server certificate was REVOKED\n"); - else - infof(data, "\t server certificate status verification FAILED\n"); + gnutls_datum_t status_request; + gnutls_ocsp_resp_t ocsp_resp; + + gnutls_ocsp_cert_status_t status; + gnutls_x509_crl_reason_t reason; + + rc = gnutls_ocsp_status_request_get(session, &status_request); + + infof(data, "\t server certificate status verification FAILED\n"); + + if(rc == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + failf(data, "No OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + gnutls_ocsp_resp_init(&ocsp_resp); + + rc = gnutls_ocsp_resp_import(ocsp_resp, &status_request); + if(rc < 0) { + failf(data, "Invalid OCSP response received"); + return CURLE_SSL_INVALIDCERTSTATUS; + } + + rc = gnutls_ocsp_resp_get_single(ocsp_resp, 0, NULL, NULL, NULL, NULL, + &status, NULL, NULL, NULL, &reason); + + switch(status) { + case GNUTLS_OCSP_CERT_GOOD: + break; + + case GNUTLS_OCSP_CERT_REVOKED: { + const char *crl_reason; + + switch(reason) { + default: + case GNUTLS_X509_CRLREASON_UNSPECIFIED: + crl_reason = "unspecified reason"; + break; + + case GNUTLS_X509_CRLREASON_KEYCOMPROMISE: + crl_reason = "private key compromised"; + break; + + case GNUTLS_X509_CRLREASON_CACOMPROMISE: + crl_reason = "CA compromised"; + break; + + case GNUTLS_X509_CRLREASON_AFFILIATIONCHANGED: + crl_reason = "affiliation has changed"; + break; + + case GNUTLS_X509_CRLREASON_SUPERSEDED: + crl_reason = "certificate superseded"; + break; + + case GNUTLS_X509_CRLREASON_CESSATIONOFOPERATION: + crl_reason = "operation has ceased"; + break; + + case GNUTLS_X509_CRLREASON_CERTIFICATEHOLD: + crl_reason = "certificate is on hold"; + break; + + case GNUTLS_X509_CRLREASON_REMOVEFROMCRL: + crl_reason = "will be removed from delta CRL"; + break; + + case GNUTLS_X509_CRLREASON_PRIVILEGEWITHDRAWN: + crl_reason = "privilege withdrawn"; + break; + + case GNUTLS_X509_CRLREASON_AACOMPROMISE: + crl_reason = "AA compromised"; + break; + } + + failf(data, "Server certificate was revoked: %s", crl_reason); + break; + } + + default: + case GNUTLS_OCSP_CERT_UNKNOWN: + failf(data, "Server certificate status is unknown"); + break; + } + + gnutls_ocsp_resp_deinit(ocsp_resp); return CURLE_SSL_INVALIDCERTSTATUS; } diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 594a2eec2..16053a768 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1487,8 +1487,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) return "Client hello"; case SSL3_MT_SERVER_HELLO: return "Server hello"; + case SSL3_MT_NEWSESSION_TICKET: + return "Newsession Ticket"; case SSL3_MT_CERTIFICATE: - return "CERT"; + return "Certificate"; case SSL3_MT_SERVER_KEY_EXCHANGE: return "Server key exchange"; case SSL3_MT_CLIENT_KEY_EXCHANGE: @@ -1501,6 +1503,10 @@ static const char *ssl_msg_type(int ssl_ver, int msg) return "CERT verify"; case SSL3_MT_FINISHED: return "Finished"; +#ifdef SSL3_MT_CERTIFICATE_STATUS + case SSL3_MT_CERTIFICATE_STATUS: + return "Certificate Status"; +#endif } } return "Unknown"; @@ -1508,12 +1514,22 @@ static const char *ssl_msg_type(int ssl_ver, int msg) static const char *tls_rt_type(int type) { - return ( - type == SSL3_RT_CHANGE_CIPHER_SPEC ? "TLS change cipher, " : - type == SSL3_RT_ALERT ? "TLS alert, " : - type == SSL3_RT_HANDSHAKE ? "TLS handshake, " : - type == SSL3_RT_APPLICATION_DATA ? "TLS app data, " : - "TLS Unknown, "); + switch(type) { +#ifdef SSL3_RT_HEADER + case SSL3_RT_HEADER: + return "TLS header"; +#endif + case SSL3_RT_CHANGE_CIPHER_SPEC: + return "TLS change cipher"; + case SSL3_RT_ALERT: + return "TLS alert"; + case SSL3_RT_HANDSHAKE: + return "TLS handshake"; + case SSL3_RT_APPLICATION_DATA: + return "TLS app data"; + default: + return "TLS Unknown"; + } } @@ -1538,8 +1554,8 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, data = conn->data; switch(ssl_ver) { -#ifdef SSL2_VERSION_MAJOR /* removed in recent versions */ - case SSL2_VERSION_MAJOR: +#ifdef SSL2_VERSION /* removed in recent versions */ + case SSL2_VERSION: verstr = "SSLv2"; break; #endif @@ -1561,29 +1577,36 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, verstr = "TLSv1.2"; break; #endif + case 0: + break; default: snprintf(unknown, sizeof(unknown), "(%x)", ssl_ver); verstr = unknown; break; } - ssl_ver >>= 8; /* check the upper 8 bits only below */ + if(ssl_ver) { + /* the info given when the version is zero is not that useful for us */ - /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL - * always pass-up content-type as 0. But the interesting message-type - * is at 'buf[0]'. - */ - if(ssl_ver == SSL3_VERSION_MAJOR && content_type != 0) - tls_rt_name = tls_rt_type(content_type); - else - tls_rt_name = ""; + ssl_ver >>= 8; /* check the upper 8 bits only below */ - msg_type = *(char*)buf; - msg_name = ssl_msg_type(ssl_ver, msg_type); + /* SSLv2 doesn't seem to have TLS record-type headers, so OpenSSL + * always pass-up content-type as 0. But the interesting message-type + * is at 'buf[0]'. + */ + if(ssl_ver == SSL3_VERSION_MAJOR && content_type) + tls_rt_name = tls_rt_type(content_type); + else + tls_rt_name = ""; - txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s, %s%s (%d):\n", - verstr, tls_rt_name, msg_name, msg_type); - Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + msg_type = *(char*)buf; + msg_name = ssl_msg_type(ssl_ver, msg_type); + + txt_len = snprintf(ssl_buf, sizeof(ssl_buf), "%s (%s), %s, %s (%d):\n", + verstr, direction?"OUT":"IN", + tls_rt_name, msg_name, msg_type); + Curl_debug(data, CURLINFO_TEXT, ssl_buf, (size_t)txt_len, NULL); + } Curl_debug(data, (direction == 1) ? CURLINFO_SSL_DATA_OUT : CURLINFO_SSL_DATA_IN, (char *)buf, len, NULL); diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c index 3301e35ec..b02e42ecc 100644 --- a/lib/vtls/schannel.c +++ b/lib/vtls/schannel.c @@ -883,12 +883,12 @@ schannel_recv(struct connectdata *conn, int sockindex, connssl->encdata_offset), size, &nread); /* check for received data */ - if(*err != CURLE_OK) + if(*err != CURLE_OK) { return -1; - else { - if(nread > 0) - /* increase encrypted data buffer offset */ - connssl->encdata_offset += nread; + } + else if(nread > 0) { + /* increase encrypted data buffer offset */ + connssl->encdata_offset += nread; } infof(data, "schannel: encrypted data got %zd\n", nread); } @@ -907,7 +907,6 @@ schannel_recv(struct connectdata *conn, int sockindex, InitSecBuffer(&inbuf[1], SECBUFFER_EMPTY, NULL, 0); InitSecBuffer(&inbuf[2], SECBUFFER_EMPTY, NULL, 0); InitSecBuffer(&inbuf[3], SECBUFFER_EMPTY, NULL, 0); - InitSecBufferDesc(&inbuf_desc, inbuf, 4); /* http://msdn.microsoft.com/en-us/library/windows/desktop/aa375348.aspx */ diff --git a/packages/OS400/README.OS400 b/packages/OS400/README.OS400 index 99b606c89..0cb1cf294 100644 --- a/packages/OS400/README.OS400 +++ b/packages/OS400/README.OS400 @@ -93,12 +93,14 @@ options: CURLOPT_PROXYPASSWORD CURLOPT_PROXYUSERNAME CURLOPT_PROXYUSERPWD + CURLOPT_PROXY_SERVICE_NAME CURLOPT_RANDOM_FILE CURLOPT_RANGE CURLOPT_REFERER CURLOPT_RTSP_SESSION_UID CURLOPT_RTSP_STREAM_URI CURLOPT_RTSP_TRANSPORT + CURLOPT_SERVICE_NAME CURLOPT_SOCKS5_GSSAPI_SERVICE CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 Note: SSH not available on OS400. CURLOPT_SSH_KNOWNHOSTS Note: SSH not available on OS400. diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c index ca3b0f1ad..a903fe34a 100644 --- a/packages/OS400/ccsidcurl.c +++ b/packages/OS400/ccsidcurl.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1154,12 +1154,14 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...) case CURLOPT_PROXYPASSWORD: case CURLOPT_PROXYUSERNAME: case CURLOPT_PROXYUSERPWD: + case CURLOPT_PROXY_SERVICE_NAME: case CURLOPT_RANDOM_FILE: case CURLOPT_RANGE: case CURLOPT_REFERER: case CURLOPT_RTSP_SESSION_ID: case CURLOPT_RTSP_STREAM_URI: case CURLOPT_RTSP_TRANSPORT: + case CURLOPT_SERVICE_NAME: case CURLOPT_SOCKS5_GSSAPI_SERVICE: case CURLOPT_SSH_HOST_PUBLIC_KEY_MD5: case CURLOPT_SSH_KNOWNHOSTS: @@ -1180,8 +1182,6 @@ curl_easy_setopt_ccsid(CURL * curl, CURLoption tag, ...) case CURLOPT_USERNAME: case CURLOPT_USERPWD: case CURLOPT_XOAUTH2_BEARER: - case CURLOPT_PROXY_SERVICE_NAME: - case CURLOPT_SERVICE_NAME: s = va_arg(arg, char *); ccsid = va_arg(arg, unsigned int); diff --git a/packages/OS400/curl.inc.in b/packages/OS400/curl.inc.in index 32c0d7f2f..2bbf6b0ff 100644 --- a/packages/OS400/curl.inc.in +++ b/packages/OS400/curl.inc.in @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -1211,6 +1211,10 @@ d c 00233 d CURLOPT_PATH_AS_IS... d c 00234 + d CURLOPT_PROXY_SERVICE_NAME... + d c 10235 + d CURLOPT_SERVICE_NAME... + d c 10236 * /if not defined(CURL_NO_OLDIES) d CURLOPT_FILE c 10001 diff --git a/src/tool_help.c b/src/tool_help.c index ef26ded0a..3153fcdd9 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -143,7 +143,7 @@ static const char *const helptext[] = { " -n, --netrc Must read .netrc for user name and password", " --netrc-optional Use either .netrc or URL; overrides -n", " --netrc-file FILE Specify FILE for netrc", - " -: --next " + " -:, --next " "Allows the following URL to use a separate set of options", " --no-alpn Disable the ALPN TLS extension (H)", " -N, --no-buffer Disable buffering of the output stream", diff --git a/winbuild/BUILD.WINDOWS.txt b/winbuild/BUILD.WINDOWS.txt index 7d6b364e2..600f73746 100644 --- a/winbuild/BUILD.WINDOWS.txt +++ b/winbuild/BUILD.WINDOWS.txt @@ -76,3 +76,14 @@ where <options> is one or many of: GEN_PDB=<yes or no> - Generate Program Database (debug symbols for release build)
DEBUG=<yes or no> - Debug builds
MACHINE=<x86 or x64> - Target architecture (default is x86)
+
+Static linking of Microsoft's C RunTime (CRT):
+==============================================
+If you are using mode=static nmake will create and link to the static build of
+libcurl but *not* the static CRT. If you must you can force nmake to link in
+the static CRT by passing RTLIBCFG=static. Typically you shouldn't use that
+option, and nmake will default to the DLL CRT. RTLIBCFG is rarely used and
+therefore rarely tested. When passing RTLIBCFG for a configuration that was
+already built but not with that option, or if the option was specified
+differently, you must destroy the build directory containing the configuration
+so that nmake can build it from scratch.
|