| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
| |
|
|
|
|
|
|
| |
... as the warnings tend to go unnoticed otherwise!
Closes #6354
|
|
|
|
|
|
|
| |
... so that (auto)builds from tarballs also get the correct instructions.
Fixes #6176
Closes #6353
|
|
|
|
| |
Extended test 1029 and added 1188
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In particular, these ones can help a user to create its own error
message when one or transfers fail.
writeout: add 'onerror', 'url', 'urlnum', 'exitcode', 'errormsg'
onerror - lets a user only show the rest on non-zero exit codes
url - the input URL used for this transfer
urlnum - the numerical URL counter (0 indexed) for this transfer
exitcode - the numerical exit code for the transfer
errormsg - obvious
Reported-by: Earnestly on github
Fixes #6199
Closes #6207
|
|
|
|
| |
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
|
| |
|
|
|
|
| |
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
|
|
|
|
|
|
| |
This patch allow to call the v4 signature introduce in previous commit
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is a security process for HTTP.
It doesn't seems to be standard, but it is used by some cloud providers.
Aws:
https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html
Outscale:
https://wiki.outscale.net/display/EN/Creating+a+Canonical+Request
GCP (I didn't test that this code work with GCP though):
https://cloud.google.com/storage/docs/access-control/signing-urls-manually
most of the code is in lib/http_v4_signature.c
Information require by the algorithm:
- The URL
- Current time
- some prefix that are append to some of the signature parameters.
The data extracted from the URL are: the URI, the region,
the host and the API type
example:
https://api.eu-west-2.outscale.com/api/latest/ReadNets
~~~ ~~~~~~~~ ~~~~~~~~~~~~~~~~~~~
^ ^ ^
/ \ URI
API type region
Small description of the algorithm:
- make canonical header using content type, the host, and the date
- hash the post data
- make canonical_request using custom request, the URI,
the get data, the canonical header, the signed header
and post data hash
- hash canonical_request
- make str_to_sign using one of the prefix pass in parameter,
the date, the credential scope and the canonical_request hash
- compute hmac from date, using secret key as key.
- compute hmac from region, using above hmac as key
- compute hmac from api_type, using above hmac as key
- compute hmac from request_type, using above hmac as key
- compute hmac from str_to_sign using above hmac as key
- create Authorization header using above hmac, prefix pass in parameter,
the date, and above hash
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
Closes #5703
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems current hmac implementation use md5 for the hash,
V4 signature require sha256, so I've added the needed struct in
this commit.
I've added the functions that do the hmac in v4 signature file
as a static function ,in the next patch of the serie,
because it's used only by this file.
Signed-off-by: Matthias Gatto <matthias.gatto@outscale.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The linux kernel does not report all ICMP errors back to userspace due
to historical reasons.
IP*_RECVERR sockopt must be turned on to have the correct behaviour
which is to pass all ICMP errors to userspace.
See https://bugzilla.kernel.org/show_bug.cgi?id=202355
Closes #6341
|
|
|
|
|
|
|
|
| |
This option sets the (octal) mode to use for the remote file when one is
created, using the SFTP, SCP or FILE protocols. When not set, the
default is 0644.
Closes #6244
|
|
|
|
|
|
|
|
|
| |
Identified by clang on windows.
Reported-by: Gisle Vanem
Bug: 58974d25d8173aec154e593ed9d866da566c9811
Closes #6351
|
|
|
|
| |
Closes #5204
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use -v as the first option to enable verbose mode which will show source
input, extracted symbol and line info. For example:
Source: ./../include/curl/typecheck-gcc.h
Symbol: curlcheck_socket_info(info)
Line #423: #define curlcheck_socket_info(info) \
Ref: https://curl.se/mail/lib-2020-12/0084.html
Closes https://github.com/curl/curl/pull/6349
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
That behavior is a limitation of Apple's Secure Transport.
Reported-by: Cory Benfield
Reported-by: Ian Spence
Confirmed-by: Nick Zitzmann
Ref: https://github.com/curl/curl/issues/998
Closes https://github.com/curl/curl/issues/6347
Closes https://github.com/curl/curl/pull/6348
|
|
|
|
| |
Closes #4908
|
|
|
|
|
|
|
| |
... as it runs too long otherwise and the other tests are verified in
other builds anyway.
Closes #6345
|
|
|
|
|
|
| |
... as the mqtt code reuses the "method" originally used for HTTP.
Closes #6344
|
|
|
|
|
| |
Fixes #6112
Closes #6135
|
| |
|
|
|
|
|
|
|
|
|
| |
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28735
Added test 1916 and 1917 to verify.
Closes #6338
|
| |
|
| |
|
|
|
|
| |
... as an alternative HTTP backend within libcurl.
|
|
|
|
| |
... for when setopt() returns error.
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
As the first (optional) HTTP backend alternative instead of native
Close #6110
|
|
|
|
|
|
|
| |
I used this to track down some issues and I figured I could just as well
keep this extra logging in here for future needs.
Closes #6331
|
|
|
|
|
|
|
|
|
|
| |
When the initial request isn't possible to send in its entirety, the
remainder of request would be delivered to the debug callback as data
and would wrongly be counted internally as body-bytes sent.
Extended test 1295 to verify.
Closes #6328
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When failing in TOOFAST, the multi_done() wasn't called so the same
cleanup and handling wasn't done like when it fails in PERFORM, which in
the case of FTP could mean that the control connection wouldn't be
marked as "dead" for the CURLE_ABORTED_BY_CALLBACK case. Which caused
ftp_disconnect() to use it to send "QUIT", which could end up waiting
for a response a long time before giving up!
Reported-by: Tomas Berger
Fixes #6333
Closes #6337
|
|
|
|
| |
Closes #6336
|
|
|
|
| |
Closes #6335
|
|
|
|
| |
Closes #6334
|
|
|
|
| |
Closes #6150
|
|
|
|
|
|
|
|
| |
This reverts commit 4cbb17a2cbbbe6337142d39479e21c3990b9c22f.
... as the work-around now causes failures.
Closes #6332
|
|
|
|
| |
... for function pointers. Breaks in ancient compilers.
|
| |
|
|
|
|
| |
Follow-up to f24784f9143
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit introduces a "gophers" handler inside the gopher protocol if
USE_SSL is defined. This protocol is no different than the usual gopher
prococol, with the added TLS encapsulation upon connecting. The protocol
has been adopted in the gopher community, and many people have enabled
TLS in their gopher daemons like geomyidae(8), and clients, like clic(1)
and hurl(1).
I have not implemented test units for this protocol because my knowledge
of Perl is sub-par. However, for someone more knowledgeable it might be
fairly trivial, because the same test that tests the plain gopher
protocol can be used for "gophers" just by adding a TLS listener.
Signed-off-by: parazyd <parazyd@dyne.org>
Closes #6208
|
|
|
|
| |
Closes #5424
|