| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
This version fixes errors with ALPN negotiation in rustls, which is
necessary for HTTP/2 support. For more information see the rustls-ffi
changelog.
Closes #8013
|
|
|
|
|
|
|
|
|
|
| |
If hyper is indeed present in the specified directory but couldn't be
used to find the correct symbol, then offer a different error message to
better help the user understand the issue.
Suggested-by: Jacob Hoffman-Andrews
Fixes #8001
Closes #8005
|
|
|
|
|
|
| |
Follow-up to f0b7099a10d1a
Closes #8011
|
|
|
|
|
|
|
|
| |
... as the others don't support --hostpubsha256
Reported-by: Paul Howarth
Fixes #8009
Closes #8010
|
|
|
|
| |
libssh2, libssh and wolfssh
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we're reading out plaintext from rustls' internal buffers, we might
get a read of zero bytes (meaning a clean TCP close, including
close_notify). However, we shouldn't return immediately when that
happens, since we may have already copied out some plaintext bytes.
Break out of the loop when we get a read of zero bytes, and figure out
which path we're dealing with.
Acked-by: Kevin Burke
Closes #8003
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The update to rustls-ffi 0.8.0 changed handling of EOF and close_notify.
From the CHANGELOG:
> Handling of unclean close and the close_notify TLS alert. Mirroring
> upstream changes, a rustls_connection now tracks TCP closed state like
> so: rustls_connection_read_tls considers a 0-length read from its
> callback to mean "TCP stream was closed by peer." If that happens
> before the peer sent close_notify, rustls_connection_read will return
> RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are
> exhausted. This is useful to protect against truncation attacks. Note:
> some TLS implementations don't send close_notify. If you are already
> getting length information from your protocol (e.g. Content-Length in
> HTTP) you may choose to ignore UNEXPECTED_EOF so long as the number of
> plaintext bytes was as expected.
That means we don't need to check for unclean EOF in `cr_recv()`,
because `process_new_packets()` will give us an error if appropriate.
Closes #8003
|
|
|
|
|
|
| |
Follow-up to f0b7099a10d1a
Closes #8007
|
|
|
|
|
|
|
|
|
|
| |
The configure line would previously depend on a configure mistake using
--without-openssl that is fixed and now this configure line needs
adjusting to use --without-ssl.
Follow-up to b589696f0312d
Closes #8006
|
|
|
|
|
|
|
|
|
| |
Note: The list of libraries that rustc tells us we need to include is
longer, but also includes some more platform-specific libraries that I
am not sure how to effectively incorporate. Adding just -lm seems to
solve an immediate problem, so I'm adding just that.
Closes #8002
|
| |
|
|
|
|
|
|
|
|
|
|
| |
CURLSHOPT_LOCKFUNC.3
CURLSHOPT_SHARE.3
CURLSHOPT_UNLOCKFUNC.3
CURLSHOPT_UNSHARE.3
CURLSHOPT_USERDATA.3
Closes #7998
|
|
|
|
|
|
|
|
|
| |
... by making it an empty macro then.
Follow-up to f0b7099a10d1a
Reported-by: Vincent Grande
Fixes #7995
Closes #7996
|
|
|
|
|
|
|
|
|
|
| |
Follow-up to f0b7099a10d1a7c
When torture testing 1021, it turns out the Curl_connect_done function
might be called twice and that previously then wrongly cleared the HTTP
pointer in the second invoke.
Closes #7999
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously specifying `--without-gnutls` would unexpectedly attempt to
compile with GnuTLS, effectively interpreting this as
`--with-gnutls`. This caused a significant amount of confusion when
`libcurl` was built with SSL disabled since GnuTLS wasn't present.
68d89f24 dropped the `--without-*` options from the configure help, but
`AC_ARG_WITH` still defines these flags automatically. As
https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/External-Software.html
describes, the `action-if-given` is called when the user specifies
`--with-*` or `--without-*` options.
To prevent this confusion, we make the `--without` flag do the right
thing by ignoring the value if it set to "no".
Closes #7994
|
|
|
|
| |
Closes #7991
|
|
|
|
| |
Closes #7956
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously we'd return CURLE_READ_ERROR if we received this, instead
of triggering the error handling logic that's present in the next if
block down.
After this change, curl requests to https://go.googlesource.com using
HTTP/2 complete successfully.
Fixes #7949
Closes #7948
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some method names, as well as the generated library name, were changed
in a recent refactoring.
Further, change the default configuration instructions to check for
Hyper in either "target/debug" or "target/release" - the latter
contains an optimized build configuration.
Fixes #7947
Closes #7948
|
|
|
|
| |
and bump the version to 7.80.1
|
|
|
|
|
|
|
|
|
|
| |
... to prevent a lingering pointer that would lead to a double-free.
Added test 1939 to verify.
Reported-by: Stephen M. Coakley
Fixes #7982
Closes #7986
|
|
|
|
|
|
|
|
|
| |
Easy handles that are used by the multi interface should be removed from
the multi handle before they are cleaned up.
Reported-by: Stephen M. Coakley
Ref: #7982
Closes #7983
|
|
|
|
| |
Closes #7984
|
|
|
|
| |
for curl 7.80.0
|
| |
|
|
|
|
|
|
|
| |
Advertise h3 as well as h3-29 since some servers out there require h3
for QUIC v1.
Closes #7979
|
|
|
|
|
|
|
| |
Since we switched to v1 quic_transport_parameters codepoint in #7960
with quictls, lets use QUIC v1 consistently.
Closes #7979
|
|
|
|
| |
Closes #7978
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds Schannel variants of SSLpinning tests that include the option
--ssl-revoke-best-effort to ignore certificate revocation check
failures which is required due to our custom test CA certificate.
Disable the original variants if the Schannel backend is enabled.
Also skip all IDN tests which are broken while using an msys shell.
This is a step to simplify test exclusions for Windows and MinGW.
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #7968
|
|
|
|
| |
Closes #7975
|
|
|
|
|
|
| |
Reported-by: Roger Young
Fixes #7967
Closes #7976
|
|
|
|
|
|
|
|
|
|
| |
tool_operate.c(889) : warning C4701: potentially uninitialized local
variable 'per' use
Follow-up to cc71d352651a0d95
Reported-by: Marc Hörsken
Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
Closes #7971
|
|
|
|
|
|
| |
Reported-by: Godwin Stewart
Fixes #7973
Closes #7974
|
|
|
|
|
|
|
| |
Fixes torture test failures
Follow-up to cc71d352651
Closes #7972
|
| |
|
|
|
|
| |
Closes #7970
|
|
|
|
|
|
|
|
|
|
|
| |
You're => You are
Hasn't => Has not
Doesn't => Does not
Don't => Do not
You'll => You will
etc
Closes #7930
|
|
|
|
|
|
|
|
|
| |
Spotted by torture testing 343 344 345 347.
Follow-up from cc71d352651a0
Pointed-out-by: Dan Fandrich
Closes #7969
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
QUIC Transport Parameters Extension has been changed between draft-29
and latest RFC9001. Most notably, its identifier has been updated from
0xffa5 to 0x0039. The version is selected through the QUIC TLS library
via the legacy codepoint.
Disable the usage of legacy codepoint in curl to switch to latest
RFC9001. This is required to be able to keep up with latest QUIC
implementations.
Acked-by: Tatsuhiro Tsujikawa
Closes #7960
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
... to be proper backslash-backslash-n sequences to render nicely in man
and on website.
Follow-up to 24155569d8a
Reported-by: Sergey Markelov
Fixes https://github.com/curl/curl-www/issues/163
Closes #7962
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When failing to create the output file for saving an etag, only fail
that particular single transfer and allow others to follow.
In a serial transfer setup, if no transfer at all is done due to them
all being skipped because of this error, curl will output an error
message and return exit code 26.
Added test 369 and 370 to verify.
Reported-by: Earnestly on github
Ref: #7942
Closes #7945
|
|
|
|
|
|
|
|
| |
Previously we saw errors attempting to run "brew install", see
https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
an example, since this command is idempotent, it is safe to run again.
Closes #7955
|
|
|
|
|
|
| |
Ref: https://github.com/curl/curl/discussions/7954
Closes #7957
|
| |
|
|
|
|
|
|
|
|
|
| |
The latest cmake-rs assumes cmake's --parallel works. That was added in
cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
has cmake 3.10.
Fixes #7927
Closes #7952
|
|
|
|
|
|
|
|
| |
This reverts commit 7c88fe375b15c44d77bccc9ab733b8069d228e6f.
Follow up to #6535 as the pragma is obsolete with warnf
Closes #7941
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Call schannel_shutdown if the SSL connection fails.
Prior to this change schannel_shutdown (which shuts down the SSL
connection as well as memory cleanup) was not called when the SSL
connection failed (eg due to failed handshake).
Co-authored-by: Gisle Vanem
Fixes https://github.com/curl/curl/issues/7877
Closes https://github.com/curl/curl/pull/7878
|