| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
and add rustls
Closes #10188
|
| |
|
|
|
|
|
|
| |
stdint.h was only included in http.h when ENABLE_QUIC was defined, but
symbols from stdint.h are also used when USE_NGHTTP2 is defined. This
causes build errors when USE_NGHTTP2 is defined but ENABLE_QUIC is not.
Closes #10185
|
| |
|
|
|
|
|
|
|
|
| |
The only TLS auth type libcurl ever supported is SRP and that is the
default type. Since nobody ever sets any other type, there is no point
in wasting space to store the set type and code to check the type.
If TLS auth is used, SRP is now implied.
Closes #10181
|
| |
|
|
|
|
|
|
| |
Previously libcurl would use the HTTP/1.1 ALPN id even when the
application specified HTTP/1.0.
Reported-by: William Tang
Ref: #10183
|
| |
|
|
|
|
|
| |
As in all other lib tests. This avoids a macro redefinition warning for
`_FILE_OFFSET_BITS` visible in the autobuilds.
Closes https://github.com/curl/curl/pull/10182
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactoring of connection setup and happy eyeballing. Move
nghttp2. ngtcp2, quiche and msh3 into connection filters.
- eyeballing cfilter that uses sub-filters for performing parallel connects
- socket cfilter for all transport types, including QUIC
- QUIC implementations in cfilter, can now participate in eyeballing
- connection setup is more dynamic in order to adapt to what filter did
really connect. Relevant to see if a SSL filter needs to be added or
if SSL has already been provided
- HTTP/3 test cases similar to HTTP/2
- multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche
- Fix for data attach/detach in VTLS filters that could lead to crashes
during parallel transfers.
- Eliminating setup() methods in cfilters, no longer needed.
- Improving Curl_conn_is_alive() to replace Curl_connalive() and
integrated ssl alive checks into cfilter.
- Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update
connection into and persist it at the easy handle.
- Several more cfilter related cleanups and moves:
- stream_weigth and dependency info is now wrapped in struct
Curl_data_priority
- Curl_data_priority members depend is available in HTTP2|HTTP3
- Curl_data_priority members depend on NGHTTP2 support
- handling init/reset/cleanup of priority part of url.c
- data->state.priority same struct, but shallow copy for compares only
- PROTOPT_STREAM has been removed
- Curl_conn_is_mulitplex() now available to check on capability
- Adding query method to connection filters.
- ngtcp2+quiche: implementing query for max concurrent transfers.
- Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event.
- setting keepalive timestamp on connect
- DATA_SETUP is called after the connection has been completely
setup (but may not connected yet) to allow filters to initialize
data members they use.
- there is no socket to be had with msh3, it is unclear how select
shall work
- manual test via "curl --http3 https://curl.se" fail with "empty
reply from server".
- Various socket/conn related cleanups:
- Curl_socket is now Curl_socket_open and in cf-socket.c
- Curl_closesocket is now Curl_socket_close and in cf-socket.c
- Curl_ssl_use has been replaced with Cur_conn_is_ssl
- Curl_conn_tcp_accepted_set has been split into
Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set
with a clearer purpose
Closes #10141
|
| | |
|
| |
|
|
| |
To avoid a fccp quirk that made it render wrongly on the website
|
| |
|
|
|
|
|
|
|
|
| |
When the RECV bit is cleared because the response reading for this
transfer is complete, the read loop should be stopped. data_pending()
can otherwise still return TRUE and another read would be attempted.
Reported-by: Hide Ishikawa
Fixes #10172
Closes #10174
|
| |
|
|
| |
Closes #10179
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- tests/ftpserver.pl blocks when expecting a DATA connection from the
client.
- the previous 10 seconds were encountered repeatedly in torture tests
and let to long waits.
- 2 seconds should still be sufficient for current hw, but CI will show.
Closes #10178
|
| |
|
|
| |
Closes #10136
|
| |
|
|
|
|
|
|
|
|
| |
- keeping the "current" easy handle registered at SSL* is no longer
necessary, since the "calling" data object is already stored in the
cfilter's context (and used by other SSL backends from there).
- The "detach" of an easy handle that goes out of scope is then avoided.
- using SSL_set0_wbio for clear reference counting where available.
Closes #10151
|
| |
|
|
|
|
|
|
|
|
| |
Windows allow programs to MITM connections to localhost. The previous
check here would detect that and error out. This new method writes data
to verify the pipe thus allowing MITM.
Reported-by: SerusDev on github
Fixes #10144
Closes #10169
|
| |
|
|
| |
Closes #10168
|
| |
|
|
| |
Closes #10170
|
| | |
|
| |
|
|
| |
Also add to FILEFORMAT.md
|
| |
|
|
|
|
| |
Let users get the server certificate chain using the command line
Closes #10019
|
| |
|
|
|
|
|
|
|
|
|
| |
- reverse order of haproxy and final ssl cfilter
- make haproxy avaiable on PROXY builds, independent of HTTP support as
it can be used with any protocol.
Reported-by: Sergio-IME on github
Fixes #10165
Closes #10167
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
It will then use the largest expire time of the two entries.
|
| | |
|
| |
|
|
| |
Closes #10138
|
| |
|
|
|
|
|
|
|
|
| |
Fix the defaults for `WOLFSSL_PATH` and `MBEDTLS_PATH` to have
meaningful values instead of the copy-pasted wrong ones.
Ref: https://github.com/curl/curl/commit/66e68ca47f7fd00dff2cb7c45ba6725d40099585#r94275172
Reported-by: Ryan Schmidt
Closes #10164
|
| |
|
|
|
|
|
|
| |
- remove "operating systems" (mostly outdated)
- upodate the "build tools"
Closes #10162
|
| |
|
|
|
|
|
|
|
| |
Because this is the cmake version (released in November 2016) that
introduced GREATER_EQUAL, which is used already.
Reported-by: nick-telia on github
Fixes #10128
Closes #10161
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When there are filters addded for both socket and SSL, the code
previously checked the SSL sockets during connect when it *should* first
check the socket layer until that has connected.
Fixes #10157
Fixes #10146
Closes #10160
Reviewed-by: Stefan Eissing
|
| |
|
|
|
|
|
|
|
| |
Allows curl_url_get() get the punycode version of host names for the
host name and URL parts.
Extend test 1560 to verify.
Closes #10109
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
As is supported by recent libssh2, but should just be ignored by older
versions.
Reported-by: norbertmm on github
Assisted-by: norbertmm on github
Fixes #10143
Closes #10145
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As expressions can have side effects, evaluate only once.
To enable deprecation reporting only once, get rid of the __typeof__
use to define the local temporary variable and use the target type
(CURLoption/CURLINFO). This also avoids multiple reports on type
conflicts (if some) by the curlcheck_* macros.
Note that CURLOPT_* and CURLINFO_* symbols may be deprecated, but not
their values: a curl_easy_setopt call with an integer constant as option
will never report a deprecation.
Reported-by: Thomas Klausner
Fixes #10148
Closes #10149
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The SHA-1 algorithm is deprecated (particularly for security-sensitive
applications) in a variety of OS environments. This already affects
RHEL-9 and derivatives, which are not willing to use certificates using
that algorithm. The fix is to use sha256 instead, which is already used
for most of the other certificates in the test suite.
Fixes #10135
This gets rid of issues related to sha1 signatures.
Manual steps after "make clean-certs" and "make build-certs":
- Copy tests/certs/stunnel-sv.pem to tests/stunnel.pem
(make clean-certs does not remove the original tests/stunnel.pem)
- Copy tests/certs/Server-localhost-sv.pubkey-pinned into --pinnedpubkey
options of tests/data/test2041 and tests/data/test2087
Closes #10153
|
| |
|
|
|
|
|
|
|
| |
I haven't had the time to check other configurations, but on my macOS
Ventura 13.1 with XCode 14.2 cmake does not find `snprintf`.
Solution: ensure stdio.h is checked for definitions
Closes #10155
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The message "Mark bundle as not supporting multiuse" was added at commit
29364d93 when an http/2-related bug was fixed, and it appears to be a
leftover trace message.
This message should be removed because:
* it conveys no information to the user
* it is enabled in the default build (--enable-verbose)
* it reads like a warning/unexpected condition
* it is equivalent to "Detected http proto < 2", which is
not a useful message.
* it is a time-wasting red-herring for anyone who encounters
it for the first time while investigating some other, real
problem.
This commit removes the trace message "Mark bundle as not
supporting multiuse"
Closes #10159
|
| |
|
|
|
|
|
|
|
| |
Struct `UserDefined` has no member `cookielist` if
`CURL_DISABLE_COOKIES` is defined.
Follow-up to af5999a
Closes #10158
|
| |
|
|
| |
Closes #10114
|
| |
|
|
|
|
|
|
| |
- a simple https get
- a simple https post
- a multi get of 4 requests and check that same connection was used
Closes #10114
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- source_quote, source_prequote and source_postquote have not been used since
5e0d9aea3; September 2006
- make several fields conditional on proxy support
- make three quote struct fields conditional on FTP || SSH
- make 'mime_options' depend on MIME
- make trailer_* fields depend on HTTP
- change 'gssapi_delegation' from long to unsigned char
- make 'localportrange' unsigned short instead of int
- conn->trailer now depends on HTTP
Closes #10147
|
| |
|
|
|
|
| |
And make a few SSH-only fields depend on SSH
Closes #10140
|
| |
|
|
|
|
|
| |
Reported-by: Esdras de Morais da Silva
Fixes #10110
Closes #10142
|
| |
|
|
| |
Closes #10139
|
| |
|
|
| |
Closes #10137
|
| |
|
|
|
|
|
|
|
| |
The cookiefile entries are set into the handle and should remain set for
the lifetime of the handle so that duplicating it also duplicates the
list. Therefore, the struct field is moved from 'state' to 'set'.
Fixes #10133
Closes #10134
|
| |
|
|
|
|
|
| |
It does not belong in the curlx_ name space as it is never used
externally.
Closes #10132
|
| |
|
|
| |
Closes #10125
|
| |
|
|
| |
Closes #10071
|
| |
|
|
|
|
|
|
| |
Warn users that disabling certficate verification allows servers to
"pollute" curl with data it trusts.
Reported-by: Harry Sintonen
Closes #10126
|
