summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* http: minor whitespace cleanup from f464535bDaniel Stenberg2018-12-143-39/+19
|
* http: Implement trailing headers for chunked transfersAyoub Boudhar2018-12-1417-22/+618
| | | | | | | | | | | | | This adds the CURLOPT_TRAILERDATA and CURLOPT_TRAILERFUNCTION options that allow a callback based approach to sending trailing headers with chunked transfers. The test server (sws) was updated to take into account the detection of the end of transfer in the case of trailing headers presence. Test 1591 checks that trailing headers can be sent using libcurl. Closes #3350
* darwinssl: accept setting max-tls with default min-tlsDaniel Stenberg2018-12-141-2/+1
| | | | | | Reported-by: Andrei Neculau Fixes #3367 Closes #3373
* gopher: fix memory leak from 9026083ddb2a9Daniel Stenberg2018-12-131-0/+1
|
* test1201: Add a trailing `?' to the selectorLeonardo Taccari2018-12-131-2/+2
| | | | | | This verify that the `?' in the selector is kept as is. Verifies the fix in #3370
* gopher: always include the entire gopher-path in requestLeonardo Taccari2018-12-131-2/+15
| | | | | | | | | | | | After the migration to URL API all octets in the selector after the first `?' were interpreted as query and accidentally discarded and not passed to the server. Add a gopherpath to always concatenate possible path and query URL pieces. Fixes #3369 Closes #3370
* urlapi: distinguish possibly empty queryLeonardo Taccari2018-12-131-3/+3
| | | | | | | | | | If just a `?' to indicate the query is passed always store a zero length query instead of having a NULL query. This permits to distinguish URL with trailing `?'. Fixes #3369 Closes #3370
* OS400: handle memory error in list conversionDaniel Gustafsson2018-12-131-1/+8
| | | | | | | | | | | | | | | Curl_slist_append_nodup() returns NULL when it fails to create a new item for the specified list, and since the coding here reassigned the new list on top of the old list it would result in a dangling pointer and lost memory. Also, in case we hit an allocation failure at some point during the conversion, with allocation succeeding again on the subsequent call(s) we will return a truncated list around the malloc failure point. Fix by assigning to a temporary list pointer, which can be checked (which is the common pattern for slist appending), and free all the resources on allocation failure. Closes #3372 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cookies: leave secure cookies aloneDaniel Gustafsson2018-12-1311-43/+148
| | | | | | | | | | | Only allow secure origins to be able to write cookies with the 'secure' flag set. This reduces the risk of non-secure origins to influence the state of secure origins. This implements IETF Internet-Draft draft-ietf-httpbis-cookie-alone-01 which updates RFC6265. Closes #2956 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* docs: fix the --tls-max descriptionDaniel Stenberg2018-12-132-5/+5
| | | | | | | Reported-by: Tobias Lindgren Pointed out in #3367 Closes #3368
* urlapi: Fix port parsing of eol colonDaniel Gustafsson2018-12-122-16/+24
| | | | | | | | | A URL with a single colon without a portnumber should use the default port, discarding the colon. Fix, add a testcase and also do little bit of comment wordsmithing. Closes #3365 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* RELEASE-NOTES: 7.63.0curl-7_63_0Daniel Stenberg2018-12-121-12/+23
|
* THANKS: from the curl 7.62.0 cycleDaniel Stenberg2018-12-121-0/+21
|
* test1519: use lib1518 and test CURLINFO_REDIRECT_URL moreDaniel Stenberg2018-12-122-3/+63
|
* Curl_follow: extract the Location: header field unvalidatedDaniel Stenberg2018-12-125-7/+156
| | | | | | | | | | | ... when not actually following the redirect. Otherwise we return error for this and an application can't extract the value. Test 1518 added to verify. Reported-by: Pavel Pavlov Fixes #3340 Closes #3364
* multi: convert two timeout variables to timediff_tDaniel Stenberg2018-12-111-2/+2
| | | | | | | | The time_t type is unsigned on some systems and these variables are used to hold return values from functions that return timediff_t already. timediff_t is always a signed type. Closes #3363
* delta: use --diff-filter on the git diff-tree invokesDaniel Stenberg2018-12-111-2/+2
| | | | Suggested-by: Dave Reisner
* documentation: curl_formadd field and file names are now escapedPatrick Monnerat2018-12-111-1/+2
| | | | | | | | | | | Prior to 7.56.0, fieldnames and filenames were set in Content-Disposition header without special processing: this may lead to invalid RFC 822 quoted-strings. 7.56.0 introduces escaping of backslashes and double quotes in these names: mention it in the documentation. Reported-by: daboul on github Closes #3361
* scripts/delta: show repo delta info from last releaseDaniel Stenberg2018-12-111-0/+137
| | | | ... where "last release" should be the git tag in the repo.
* tests: add urlapi unittestDaniel Gustafsson2018-12-116-4/+170
| | | | | | | | | | This adds a new unittest intended to cover the internal functions in the urlapi code, starting with parse_port(). In order to avoid name collisions in debug builds, parse_port() is renamed Curl_parse_port() since it will be exported. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
* urlapi: fix portnumber parsing for ipv6 zone indexDaniel Gustafsson2018-12-111-6/+20
| | | | | | | | | | | | | | An IPv6 URL which contains a zone index includes a '%%25<zode id>' string before the ending ']' bracket. The parsing logic wasn't set up to cope with the zone index however, resulting in a malformed url error being returned. Fix by breaking the parsing into two stages to correctly handle the zone index. Closes #3355 Closes #3319 Reported-by: tonystz on Github Reviewed-by: Daniel Stenberg <daniel@haxx.se> Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
* http: fix HTTP auth to include query in URIJay Satiro2018-12-113-5/+89
| | | | | | | | | | - Include query in the path passed to generate HTTP auth. Recent changes to use the URL API internally (46e1640, 7.62.0) inadvertently broke authentication URIs by omitting the query. Fixes https://github.com/curl/curl/issues/3353 Closes #3356
* http: don't set CURLINFO_CONDITION_UNMET for http status code 204Michael Kaufmann2018-12-111-7/+7
| | | | | | | | The http status code 204 (No Content) should not change the "condition unmet" flag. Only the http status code 304 (Not Modified) should do this. Closes #359
* ldap: fix LDAP URL parsing regressionsSamuel Surtees2018-12-111-5/+10
| | | | | | | | | - Match URL scheme with LDAP and LDAPS - Retrieve attributes, scope and filter from URL query instead Regression brought in 46e164069d1a5230 (7.62.0) Closes #3362
* RELEASE-NOTES: syncedDaniel Stenberg2018-12-101-8/+21
|
* (lib)curl.rc: fixup for minor bugsStefan Kanthak2018-12-102-11/+11
| | | | | | | | | | | | | | | All resources defined in lib/libcurl.rc and curl.rc are language neutral. winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the ifdef's in line 33 of lib/libcurl.rc and src/curl.rc are wrong. Replace the hard-coded constants in both *.rc files with #define'd values. Thumbs-uped-by: Rod Widdowson, Johannes Schindelin URL: https://curl.haxx.se/mail/lib-2018-11/0000.html Closes #3348
* test329: verify cookie max-age=0 immediate expiryDaniel Stenberg2018-12-092-1/+71
|
* cookies: expire "Max-Age=0" immediatelyDaniel Stenberg2018-12-091-1/+4
| | | | | | Reported-by: Jeroen Ooms Fixes #3351 Closes #3352
* Upon HTTP_1_1_REQUIRED, retry the request with HTTP/1.1Johannes Schindelin2018-12-083-0/+32
| | | | | | | | | | | | | | | | | | | This is a companion patch to cbea2fd2c (NTLM: force the connection to HTTP/1.1, 2018-12-06): with NTLM, we can switch to HTTP/1.1 preemptively. However, with other (Negotiate) authentication it is not clear to this developer whether there is a way to make it work with HTTP/2, so let's try HTTP/2 first and fall back in case we encounter the error HTTP_1_1_REQUIRED. Note: we will still keep the NTLM workaround, as it avoids an extra round trip. Daniel Stenberg helped a lot with this patch, in particular by suggesting to introduce the Curl_h2_http_1_1_error() function. Closes #3349 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* openssl: fix unused variable compiler warning with old opensslBen Greear2018-12-071-0/+1
| | | | | | URL: https://curl.haxx.se/mail/lib-2018-11/0055.html Closes #3347
* NTLM: force the connection to HTTP/1.1Johannes Schindelin2018-12-071-0/+6
| | | | | | | | | | | | | | | | Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces the capability. However, NTLM authentication only works with HTTP/1.1, and will likely remain in that boat (for details, see https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). When we just found out that we want to use NTLM, and when the current connection runs in HTTP/2 mode, let's force the connection to be closed and to be re-opened using HTTP/1.1. Fixes https://github.com/curl/curl/issues/3341. Closes #3345 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* curl_global_sslset(): id == -1 is not necessarily an errorJohannes Schindelin2018-12-071-1/+8
| | | | | | | | | | It is allowed to call that function with id set to -1, specifying the backend by the name instead. We should imitate what is done further down in that function to allow for that. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #3346
* .gitattributes: make tabs in indentation a visible errorJohannes Schindelin2018-12-061-0/+1
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* RELEASE-NOTES: syncedDaniel Stenberg2018-12-061-7/+22
|
* doh: fix memory leak in OOM situationDaniel Stenberg2018-12-061-3/+4
| | | | | Reviewed-by: Daniel Gustafsson Closes #3342
* doh: make it work for h2-disabled builds tooDaniel Stenberg2018-12-051-26/+2
| | | | | | Reported-by: dtmsecurity at github Fixes #3325 Closes #3336
* packages: remove old leftover files and dirsDaniel Stenberg2018-12-0521-806/+1
| | | | | | | This subdir has mostly become an attic of never-used cruft from the past. Closes #3331
* openssl: do not use file BIOs if not requestedGergely Nagy2018-12-051-15/+13
| | | | | | | Moves the file handling BIO calls to the branch of the code where they are actually used. Closes #3339
* nss: Fix compatibility with nss versions 3.14 to 3.15Paul Howarth2018-12-051-1/+5
|
* nss: Improve info message when falling back SSL protocolPaul Howarth2018-12-051-2/+34
| | | | Use descriptive text strings rather than decimal numbers.
* nss: Fall back to latest supported SSL versionPaul Howarth2018-12-051-0/+9
| | | | | | | | | | | | | NSS may be built without support for the latest SSL/TLS versions, leading to "SSL version range is not valid" errors when the library code supports a recent version (e.g. TLS v1.3) but it has explicitly been disabled. This change adjusts the maximum SSL version requested by libcurl to be the maximum supported version at runtime, as long as that version is at least as high as the minimum version required by libcurl. Fixes #3261
* travis: enable COPYRIGHTYEAR extended warningDaniel Gustafsson2018-12-031-0/+3
| | | | | | The extended warning for checking incorrect COPYRIGHTYEAR is quite expensive to run, so rather than expecting every developer to do it we ensure it's turned on locally for Travis.
* checksrc: add COPYRIGHTYEAR checkDaniel Gustafsson2018-12-034-5/+101
| | | | | | | | | | | | | | | | | | | | Forgetting to bump the year in the copyright clause when hacking has been quite common among curl developers, but a traditional checksrc check isn't a good fit as it would penalize anyone hacking on January 1st (among other things). This adds a more selective COPYRIGHTYEAR check which intends to only cover the currently hacked on changeset. The check for updated copyright year is currently not enforced on all files but only on files edited and/or committed locally. This is due to the amount of files which aren't updated with their correct copyright year at the time of their respective commit. To further avoid running this expensive check for every developer, it adds a new local override mode for checksrc where a .checksrc file can be used to turn on extended warnings locally. Closes #3303 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* CHECKSRC.md: document more warningsDaniel Stenberg2018-12-031-2/+27
| | | | | Closes #3335 [ci skip]
* RELEASE-NOTES: syncedDaniel Stenberg2018-11-301-6/+18
|
* SECURITY-PROCESS: bountygraph shuts downDaniel Stenberg2018-11-302-89/+9
| | | | | | This backpedals back the documents to the state before bountygraph. Closes #3311
* curl: fix memory leak reading --writeout from fileDaniel Stenberg2018-11-301-0/+1
| | | | | | | | | If another string had been set first, the writout function for reading the syntax from file would leak the previously allocated memory. Reported-by: Brian Carpenter Fixes #3322 Closes #3330
* tool_main: rename function to make it unique and betterDaniel Stenberg2018-11-301-2/+2
| | | | | ... there's already another function in the curl tool named free_config_fields!
* TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entryDaniel Gustafsson2018-11-291-7/+0
| | | | | | | | | | Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option making it a manual code-edit operation to turn it back on. The removal process has thus started and is now documented in docs/DEPRECATE.md so remove from the TODO to avoid anyone looking for something to pick up spend cycles on an already in-progress entry. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* connect: fix building for recent versions of MinixSevan Janiyan2018-11-291-1/+1
| | | | | | | | EBADIOCTL doesn't exist on more recent Minix. There have also been substantial changes to the network stack. Fixes build on Minix 3.4rc Closes https://github.com/curl/curl/pull/3323