| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Ref: https://curl.se/mail/lib-2021-04/0085.html
|
| |
|
|
|
|
|
|
| |
Fixes the segfault in ldaps disconnect.
Reported-by: Illarion Taev
Fixes #6934
Closes #6937
|
| |
|
|
| |
Reported-by: Pontus Lundkvist
|
| | |
|
| |
|
|
|
|
|
|
| |
- Add gsasl_version string and bump to CURLVERSION_TENTH.
Ref: https://curl.se/mail/lib-2021-04/0003.html
Closes https://github.com/curl/curl/pull/6843
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Support enabling strong crypto via optional user cipher list when
USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
MSDN says SCH_USE_STRONG_CRYPTO "Instructs Schannel to disable known
weak cryptographic algorithms, cipher suites, and SSL/TLS protocol
versions that may be otherwise enabled for better interoperability."
Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-schannel_cred
Closes https://github.com/curl/curl/pull/6734
|
| | |
|
| | |
|
| |
|
|
| |
... and put those functions in separate m4 files per TLS library.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
configure no longer tries to find a TLS library by default, but all
libraries are now equal: the user needs to explicitly ask what TLS
library or libraries to use.
If no TLS library is selected, configure will error out unless
--without-ssl is explicitly used to request a built without TLS (as that
is very rare these days).
Removes: --with-winssl, --with-darwinssl and all --without-* options for
TLS libraries.
Closes #6897
|
| |
|
|
|
| |
Fixes test 1165 when functions are moved from configure.ac to files in
m4/
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Disable auto credentials by default. This is a breaking change
for clients that are using it, wittingly or not.
- New libcurl ssl option value CURLSSLOPT_AUTO_CLIENT_CERT tells libcurl
to automatically locate and use a client certificate for
authentication, when requested by the server.
- New curl tool options --ssl-auto-client-cert and
--proxy-ssl-auto-client-cert map to CURLSSLOPT_AUTO_CLIENT_CERT.
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
|
| |
|
|
|
|
|
|
|
|
|
| |
continue from #5735
- using SSL_HOST_NAME, SSL_HOST_DISPNAME, SSL_PINNED_PUB_KEY for other
tls backend
- create SSL_HOST_PORT
Closes #6660
|
| |
|
|
| |
CURLVERSION_HEIGHTH -> CURLVERSION_EIGHTH
|
| |
|
|
|
|
|
|
| |
... to make them all consistenly use if(!var) and if(var)
Also added a few missing warnings to the documentation.
Closes #6912
|
| |
|
|
|
|
| |
... remove '== NULL' and '!= 0'
Closes #6912
|
| |
|
|
|
|
|
|
| |
Input challenges and returned messages are now in binary.
Conversions from/to base64 are performed by callers (currently curl_sasl.c
and http_ntlm.c).
Closes #6654
|
| |
|
|
|
|
|
|
|
|
|
| |
A struct bufref holds a buffer pointer, a data size and a destructor.
When freed or its contents are changed, the previous buffer is implicitly
released by the associated destructor. The data size, although not used
internally, allows binary data support.
A unit test checks its handling methods: test 1661
Closes #6654
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
New functions curl_easy_option_by_name_ccsid() and
curl_easy_option_get_name_ccsid() allows accessing metadata in alternate
character encoding.
This commit also updates curl_version_info_ccsid() to handle info version 9
and adds recent definitions to the ILE/RPG include file.
Documentation updated accordingly.
Reviewed-by: Jon Rumsey
Closes #6574
|
| |
|
|
| |
Closes #6529
|
| |
|
|
|
|
|
|
| |
Suggested-by: Gergely Nagy
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Closes #6245
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Reset FD_WRITE by sending zero bytes which is permissible
and will be treated by implementations as successful send.
Without this we won't be notified in case a socket is still
writable if we already received such a notification and did
not send any data afterwards on the socket. This would lead
to waiting forever on a writable socket being writable again.
Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Tested-by: tmkk on github
Bug: #6146
Closes #6245
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
1. Consolidate pre-checks into a single Curl_poll call:
This is an attempt to restructure the code in Curl_multi_wait
in such a way that less syscalls are made by removing individual
calls to Curl_socket_check via SOCKET_READABLE/SOCKET_WRITABLE.
2. Avoid resetting the WinSock event multiple times:
We finally call WSAResetEvent anyway, so specifying it as
an optional parameter to WSAEnumNetworkEvents is redundant.
3. Wakeup directly in case no sockets are being monitoring:
Fix the WinSock based implementation to skip extra waiting by
not sleeping in case no sockets are to be waited on and just
the WinSock event is being monitored for wakeup functionality.
Assisted-by: Tommy Odom
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Bug: #6146
Closes #6245
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 2260e0ebe6d45529495231b3e37a0c58fb92a6a2,
also restoring previous follow up changes which were reverted.
Authored-by: rcombs on github
Authored-by: Marc Hörsken
Reviewed-by: Jay Satiro
Reviewed-by: Marcel Raad
Restores #5634
Reverts #6281
Part of #6245
|
| |
|
|
|
|
|
|
|
| |
This reverts commit 1cba36d2166c396f987eea587cf92671b27acb92.
CMake provides properties that can be set on a target to rename the
output artifact without changing the name of a target.
Ref: #6899
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Add parser for CURLOPT_SSL_CIPHER_LIST option for Secure Transport (ST)
back-end. Similar to NSS and GSKit back-ends, new code parses string
value and configures ST library to use those ciphers for communication.
Create cipher spec data structure and initialize the array of specs with
cipher number, name, alias, and 'weak' flag.
Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.
Closes #6464
|
| |
|
|
|
|
|
|
| |
Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c
Closes #6670
|
| |
|
|
| |
Accidentally committed in 605e84235
|
| |
|
|
| |
Closes #6899
|
| |
|
|
|
|
|
|
| |
SCO OpenServer 5.0.7 does not define S_IFSOCK.
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0074.html
Closes #6926
|
| |
|
|
|
|
|
|
|
|
| |
By using #ifdef on the symbol names to work on anything that don't
provide them. SCO OpenServer 5.0.7, sys/socket.h does not define either
SHUT_RDWR, SHUT_RD, and SHUT_WR.
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0073.html
Closes #6925
|
| |
|
|
|
|
|
| |
Reported-by: Kevin R. Bulgrien
Bug: https://curl.se/mail/lib-2021-04/0071.html
Closes #6918
|
| |
|
|
|
|
|
|
| |
Follow-up to 56a037cc0ad1b2. Extends test 1560 to verify.
Reported-by: Tuomas Siipola
Fixes #6916
Closes #6917
|
| |
|
|
|
|
|
| |
... for situations when multiplexing isn't enabled on the h2 connection
and h1 is explicitly requested for the transfer.
Assisted-by: Gergely Nagy
|
| |
|
|
|
|
| |
The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open a
new connection instead.
|
| |
|
|
|
|
|
|
| |
Storing a stream error in the per-connection struct was an error that lead to
race conditions as subsequent stream handling could overwrite the error code
before it was used for the stream with the actual problem.
Closes #6910
|
| |
|
|
|
|
|
|
|
| |
This was this one condition where the stream could be closed due to an
error and the function would still wrongly just return 0 for it.
Reported-by: Gergely Nagy
Fixes #6862
Closes #6910
|
| |
|
|
| |
Closes #6922
|
| | |
|
| |
|
|
| |
Closes #6927
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Save a parallel transfer's result code only when it fails and the
transfer is not being retried.
Prior to this change the result code was always set which meant that a
failed result could be erroneously discarded if a different transfer
later had a successful result (CURLE_OK).
Before:
> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
0
After:
> curl --fail -Z https://httpbin.org/status/404 https://httpbin.org/delay/10
> echo %ERRORLEVEL%
22
Closes #xxxx
|
| |
|
|
| |
Closes https://github.com/curl/curl/pull/6920
|
| |
|
|
|
|
|
|
|
|
|
| |
UTM parameters leak referrer and various marketing/tracking information
even if these would normally be stripped by website or client policy.
This link also works fine without them. Also took the opportunity to
update the URL to the one pointed to by the previous one via permanent
redirect.
Reviewed-by: Daniel Stenberg
Closes #6919
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different ways:
a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).
Instead of passing on the name as-is and leaving the handling to the
underlying name functions, which made them not work with c-ares but work
with getaddrinfo, this change now makes the curl URL API itself detect
and "normalize" host names specified as IPv4 numericals.
The WHATWG URL Spec says this is an okay way to specify a host name in a
URL. RFC 3896 does not allow them, but curl didn't prevent them before
and it seems other RFC 3896-using tools have not either. Host names used
like this are widely supported by other tools as well due to the
handling being done by getaddrinfo and friends.
I decided to add the functionality into the URL API itself so that all
users of these functions get the benefits, when for example wanting to
compare two URLs. Also, it makes curl built to use c-ares now support
them as well and make curl builds more consistent.
The normalization makes HTTPS and virtual hosted HTTP work fine even
when curl gets the address specified using one of the "obscure" formats.
Test 1560 is extended to verify.
Fixes #6863
Closes #6871
|
| |
|
|
|
|
|
|
|
|
| |
... by fixing macros to do-while constructs and moving out the calls to
"break" outside of the actual macro. It also fixes the problem where the
macro was used witin a loop and the break didn't do right.
Reported-by: Emil Engler
Fixes #6847
Closes #6909
|
| |
|
|
|
|
| |
No longer considered experimental.
Closes #6700
|
| |
|
|
|
|
|
|
|
| |
... previously they were supported if a TLS library would (unexpectedly)
still support them, but from this change they will be refused already in
curl_easy_setopt(). SSLv2 and SSLv3 have been known to be insecure for
many years now.
Closes #6773
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Instead output a warning about it and continue with the defaults.
These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.
In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.
Closes #6772
|
| |
|
|
|
|
|
| |
Make sure one of the azure jobs has jsonlint installed so that the test
runs there.
Ref: #6905
|
