| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
Port 8443 does not work now.
Correct origin is in the quicwg's wiki.
https://github.com/quicwg/base-drafts/wiki/Implementations#ngtcp2
Closes #6964
|
|
|
|
|
|
|
|
| |
... because it makes the knowledge and usage cross-transfer in funny and
unexpected ways.
Reported-by: Harry Sintonen
Closes #6963
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously compiling rustls on Mac would only complete if you also
compiled the SecureTransport TLS backend, which curl would prefer to
the Rust backend.
Appending these flags to LDFLAGS makes it possible to compile the
Rustls backend on Mac without the SecureTransport backend, which means
this patch will make it possible for Mac users to use the Rustls
backend for TLS.
Reviewed-by: Jacob Hoffman-Andrews
Fixes #6955
Cloes #6956
|
|
|
|
| |
Closes #6947
|
|
|
|
|
|
|
|
|
| |
wording taken from man page for CURLOPT_URL.3
As far as I can see, the URL part is either malloc'ed before due to
encoding or it is strdup'ed.
Closes #6953
|
|
|
|
| |
Closes #6951
|
|
|
|
|
| |
Ref: https://curl.se/mail/lib-2021-04/0085.html
Closes #6943
|
|
|
|
|
| |
Reviewed-by: Jakub Zakrzewski
Closes #6933
|
|
|
|
|
|
|
|
| |
Fixes the segfault in ldaps disconnect.
Reported-by: Illarion Taev
Fixes #6934
Closes #6937
|
|
|
|
| |
Reported-by: Pontus Lundkvist
|
| |
|
|
|
|
|
|
|
|
| |
- Add gsasl_version string and bump to CURLVERSION_TENTH.
Ref: https://curl.se/mail/lib-2021-04/0003.html
Closes https://github.com/curl/curl/pull/6843
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Support enabling strong crypto via optional user cipher list when
USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."
Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred
Closes https://github.com/curl/curl/pull/6734
|
| |
|
| |
|
|
|
|
| |
... and put those functions in separate m4 files per TLS library.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.
If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).
Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.
Closes #6897
|
|
|
|
|
| |
Fixes test 1165 when functions are moved from configure.ac to files in
m4/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
|
|
|
|
|
|
|
|
|
|
|
| |
continue from #5735
- using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other
tls backend
- create SSL_HOST_PORT
Closes #6660
|
|
|
|
| |
CURLVERSION_HEIGHTH -> CURLVERSION_EIGHTH
|
|
|
|
|
|
|
|
| |
... to make them all consistenly use if(!var) and if(var)
Also added a few missing warnings to the documentation.
Closes #6912
|
|
|
|
|
|
| |
... remove '== NULL' and '!= 0'
Closes #6912
|
|
|
|
|
|
|
|
| |
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).
Closes #6654
|
|
|
|
|
|
|
|
|
|
|
| |
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.
A unit test checks its handling methods: test 1661
Closes #6654
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New functions curl_easy_option_by_name_ccsid() and
curl_easy_option_get_name_ccsid() allows accessing metadata in alternate
character encoding.
This commit also updates curl_version_info_ccsid() to handle info version 9
and adds recent definitions to the ILE/RPG include file.
Documentation updated accordingly.
Reviewed-by: Jon Rumsey
Closes #6574
|
|
|
|
| |
Closes #6529
|
|
|
|
|
|
|
|
| |
Suggested-by: Gergely Nagy
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Closes #6245
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset FD_WRITE by sending zero bytes which is permissible
and will be treated by implementations as successful send.
Without this we won't be notified in case a socket is still
writable if we already received such a notification and did
not send any data afterwards on the socket. This would lead
to waiting forever on a writable socket being writable again.
Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Tested-by: tmkk on github
Bug: #6146
Closes #6245
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Consolidate pre-checks into a single Curl_poll call:
This is an attempt to restructure the code in Curl_multi_wait
in such a way that less syscalls are made by removing individual
calls to Curl_socket_check via SOCKET_READABLE/SOCKET_WRITABLE.
2. Avoid resetting the WinSock event multiple times:
We finally call WSAResetEvent anyway, so specifying it as
an optional parameter to WSAEnumNetworkEvents is redundant.
3. Wakeup directly in case no sockets are being monitoring:
Fix the WinSock based implementation to skip extra waiting by
not sleeping in case no sockets are to be waited on and just
the WinSock event is being monitored for wakeup functionality.
Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Bug: #6146
Closes #6245
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 2260e0ebe6d45529495231b3e37a0c58fb92a6a2,
also restoring previous follow up changes which were reverted.
Authored-by: rcombs on github
Authored-by: Marc Hörsken
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Restores #5634
Reverts #6281
Part of #6245
|
|
|
|
|
|
|
|
|
| |
This reverts commit 1cba36d2166c396f987eea587cf92671b27acb92.
CMake provides properties that can be set on a target to rename the
output artifact without changing the name of a target.
Ref: #6899
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize the array of specs with
cipher number, name, alias, and 'weak' flag.
Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.
Closes #6464
|
|
|
|
|
|
|
|
| |
Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c
Closes #6670
|
|
|
|
| |
Accidentally committed in 605e84235
|
|
|
|
| |
Closes #6899
|
|
|
|
|
|
|
|
| |
SCO OpenServer 5.0.7 does not define S_IFSOCK.
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0074.html
Closes #6926
|
|
|
|
|
|
|
|
|
|
| |
By using #ifdef on the symbol names to work on anything that don't
provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either
SHUT_RDWR, SHUT_RD, and SHUT_WR.
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0073.html
Closes #6925
|
|
|
|
|
|
|
| |
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0071.html
Closes #6918
|
|
|
|
|
|
|
|
| |
Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify.
Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917
|
|
|
|
|
|
|
| |
... for situations when multiplexing isn't enabled on the h2 connection
and h1 is explicitly requested for the transfer.
Assisted-by: Gergely Nagy
|
|
|
|
|
|
| |
The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open a
new connection instead.
|
|
|
|
|
|
|
|
| |
Storing a stream error in the per-connection struct was an error that lead to
race conditions as subsequent stream handling could overwrite the error code
before it was used for the stream with the actual problem.
Closes #6910
|
|
|
|
|
|
|
|
|
| |
This was this one condition where the stream could be closed due to an
error and the function would still wrongly just return 0 for it.
Reported-by: Gergely Nagy
Fixes #6862
Closes #6910
|
|
|
|
| |
Closes #6922
|
| |
|
|
|
|
| |
Closes #6927
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Save a parallel transfer's result code only when it fails and the
transfer is not being retried.
Prior to this change the result code was always set which meant that a
failed result could be erroneously discarded if a different transfer
later had a successful result (CURLE_OK).
Before:
> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
0
After:
> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
22
Closes #xxxx
|
|
|
|
| |
Closes https://github.com/curl/curl/pull/6920
|