summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* (lib)curl.rc: fixup for minor bugsbagder/curl-rc-filesStefan Kanthak2018-12-072-11/+11
| | | | | | | | | | | All resources defined in lib/libcurl.rc and curl.rc are language neutral winbuild/MakefileBuild.vc ALWAYS defines the macro DEBUGBUILD, so the replace the hard-coded constants in both *.rc files with #define'd values URL: https://curl.haxx.se/mail/lib-2018-11/0000.html
* NTLM: force the connection to HTTP/1.1Johannes Schindelin2018-12-071-0/+6
| | | | | | | | | | | | | | | | Since v7.62.0, cURL tries to use HTTP/2 whenever the server announces the capability. However, NTLM authentication only works with HTTP/1.1, and will likely remain in that boat (for details, see https://docs.microsoft.com/en-us/iis/get-started/whats-new-in-iis-10/http2-on-iis#when-is-http2-not-supported). When we just found out that we want to use NTLM, and when the current connection runs in HTTP/2 mode, let's force the connection to be closed and to be re-opened using HTTP/1.1. Fixes https://github.com/curl/curl/issues/3341. Closes #3345 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* curl_global_sslset(): id == -1 is not necessarily an errorJohannes Schindelin2018-12-071-1/+8
| | | | | | | | | | It is allowed to call that function with id set to -1, specifying the backend by the name instead. We should imitate what is done further down in that function to allow for that. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes #3346
* .gitattributes: make tabs in indentation a visible errorJohannes Schindelin2018-12-061-0/+1
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* RELEASE-NOTES: syncedDaniel Stenberg2018-12-061-7/+22
|
* doh: fix memory leak in OOM situationDaniel Stenberg2018-12-061-3/+4
| | | | | Reviewed-by: Daniel Gustafsson Closes #3342
* doh: make it work for h2-disabled builds tooDaniel Stenberg2018-12-051-26/+2
| | | | | | Reported-by: dtmsecurity at github Fixes #3325 Closes #3336
* packages: remove old leftover files and dirsDaniel Stenberg2018-12-0521-806/+1
| | | | | | | This subdir has mostly become an attic of never-used cruft from the past. Closes #3331
* openssl: do not use file BIOs if not requestedGergely Nagy2018-12-051-15/+13
| | | | | | | Moves the file handling BIO calls to the branch of the code where they are actually used. Closes #3339
* nss: Fix compatibility with nss versions 3.14 to 3.15Paul Howarth2018-12-051-1/+5
|
* nss: Improve info message when falling back SSL protocolPaul Howarth2018-12-051-2/+34
| | | | Use descriptive text strings rather than decimal numbers.
* nss: Fall back to latest supported SSL versionPaul Howarth2018-12-051-0/+9
| | | | | | | | | | | | | NSS may be built without support for the latest SSL/TLS versions, leading to "SSL version range is not valid" errors when the library code supports a recent version (e.g. TLS v1.3) but it has explicitly been disabled. This change adjusts the maximum SSL version requested by libcurl to be the maximum supported version at runtime, as long as that version is at least as high as the minimum version required by libcurl. Fixes #3261
* travis: enable COPYRIGHTYEAR extended warningDaniel Gustafsson2018-12-031-0/+3
| | | | | | The extended warning for checking incorrect COPYRIGHTYEAR is quite expensive to run, so rather than expecting every developer to do it we ensure it's turned on locally for Travis.
* checksrc: add COPYRIGHTYEAR checkDaniel Gustafsson2018-12-034-5/+101
| | | | | | | | | | | | | | | | | | | | Forgetting to bump the year in the copyright clause when hacking has been quite common among curl developers, but a traditional checksrc check isn't a good fit as it would penalize anyone hacking on January 1st (among other things). This adds a more selective COPYRIGHTYEAR check which intends to only cover the currently hacked on changeset. The check for updated copyright year is currently not enforced on all files but only on files edited and/or committed locally. This is due to the amount of files which aren't updated with their correct copyright year at the time of their respective commit. To further avoid running this expensive check for every developer, it adds a new local override mode for checksrc where a .checksrc file can be used to turn on extended warnings locally. Closes #3303 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* CHECKSRC.md: document more warningsDaniel Stenberg2018-12-031-2/+27
| | | | | Closes #3335 [ci skip]
* RELEASE-NOTES: syncedDaniel Stenberg2018-11-301-6/+18
|
* SECURITY-PROCESS: bountygraph shuts downDaniel Stenberg2018-11-302-89/+9
| | | | | | This backpedals back the documents to the state before bountygraph. Closes #3311
* curl: fix memory leak reading --writeout from fileDaniel Stenberg2018-11-301-0/+1
| | | | | | | | | If another string had been set first, the writout function for reading the syntax from file would leak the previously allocated memory. Reported-by: Brian Carpenter Fixes #3322 Closes #3330
* tool_main: rename function to make it unique and betterDaniel Stenberg2018-11-301-2/+2
| | | | | ... there's already another function in the curl tool named free_config_fields!
* TODO: remove CURLOPT_DNS_USE_GLOBAL_CACHE entryDaniel Gustafsson2018-11-291-7/+0
| | | | | | | | | | Commit 7c5837e79280e6abb3ae143dfc49bca5e74cdd11 deprecated the option making it a manual code-edit operation to turn it back on. The removal process has thus started and is now documented in docs/DEPRECATE.md so remove from the TODO to avoid anyone looking for something to pick up spend cycles on an already in-progress entry. Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* connect: fix building for recent versions of MinixSevan Janiyan2018-11-291-1/+1
| | | | | | | | EBADIOCTL doesn't exist on more recent Minix. There have also been substantial changes to the network stack. Fixes build on Minix 3.4rc Closes https://github.com/curl/curl/pull/3323
* CMake: fix MIT/Heimdal Kerberos detectionKonstantin Kushnir2018-11-292-4/+4
| | | | | | | | - fix syntax error in FindGSS.cmake - correct krb5 include directory. FindGSS exports "GSS_INCLUDE_DIR" variable. Closes https://github.com/curl/curl/pull/3316
* test328: verify Content-Encoding: noneDaniel Stenberg2018-11-282-1/+56
| | | | | | Because of issue #3315 Closes #3317
* configure: include all libraries in ssl-libs fetchJames Knight2018-11-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When compiling a collection of SSL libraries to link against (SSL_LIBS), ensure all libraries are included. The call `--libs-only-l` can produce only a subset of found in a `--libs` call (e.x. pthread may be excluded). Adding `--libs-only-other` ensures other libraries are also included in the list. This corrects select build environments compiling against a static version of OpenSSL. Before the change, the following could be observed: checking for openssl options with pkg-config... found configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -lcrypto -lz -ldl " configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " checking for HMAC_Update in -lcrypto... no checking for HMAC_Init_ex in -lcrypto... no checking OpenSSL linking with -ldl... no checking OpenSSL linking with -ldl and -lpthread... no configure: WARNING: SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more. configure: WARNING: Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this. ... SSL support: no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} ) ... And include the other libraries when compiling SSL_LIBS succeeds with: checking for openssl options with pkg-config... found configure: pkg-config: SSL_LIBS: "-lssl -lz -ldl -pthread -lcrypto -lz -ldl -pthread " configure: pkg-config: SSL_LDFLAGS: "-L/home/jdknight/<workdir>/staging/usr/lib -L/home/jdknight/<workdir>/staging/usr/lib " configure: pkg-config: SSL_CPPFLAGS: "-I/home/jdknight/<workdir>/staging/usr/include " checking for HMAC_Update in -lcrypto... yes checking for SSL_connect in -lssl... yes ... SSL support: enabled (OpenSSL) ... Signed-off-by: James Knight <james.d.knight@live.com> Closes #3193
* doh: fix typo in infof callDaniel Gustafsson2018-11-261-1/+1
| | | | Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* cmdline-opts/gen.pl: define the correct varnameDaniel Gustafsson2018-11-261-1/+1
| | | | | | | | The variable definition had a small typo making it declare another variable then the intended. Closes #3304 Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* RELEASE-NOTES: syncedDaniel Stenberg2018-11-251-6/+34
|
* curl_easy_perform: fix timeout handlingDaniel Stenberg2018-11-253-5/+30
| | | | | | | | | | | | | curl_multi_wait() was erroneously used from within curl_easy_perform(). It could lead to it believing there was no socket to wait for and then instead sleep for a while instead of monitoring the socket and then miss acting on that activity as swiftly as it should (causing an up to 1000 ms delay). Reported-by: Antoni Villalonga Fixes #3305 Closes #3306 Closes #3308
* CURLOPT_WRITEFUNCTION.3: spell out that it gets called many timesDaniel Stenberg2018-11-231-3/+5
|
* cookies: create the cookiejar even if no cookies to saveDaniel Stenberg2018-11-234-36/+107
| | | | | | | | | | | Important for when the file is going to be read again and thus must not contain old contents! Adds test 327 to verify. Reported-by: daboul on github Fixes #3299 Closes #3300
* checksrc: ban snprintf use, add command line flag to override warnsDaniel Stenberg2018-11-231-0/+27
|
* snprintf: renamed and we now only use msnprintf()Daniel Stenberg2018-11-2392-646/+647
| | | | | | | | | | | The function does not return the same value as snprintf() normally does, so readers may be mislead into thinking the code works differently than it actually does. A different function name makes this easier to detect. Reported-by: Tomas Hoger Assisted-by: Daniel Gustafsson Fixes #3296 Closes #3297
* test: update test20/1322 for eglibc bug workaroundTobias Hintze2018-11-222-2/+2
| | | | | | | | | | | | The tests 20 and 1322 are using getaddrinfo of libc for resolving. In eglibc-2.19 there is a memory leakage and invalid free bug which surfaces in some special circumstances (PF_UNSPEC hint with invalid or non-existent names). The valgrind runs in testing fail in these situations. As the tests 20/1322 are not specific on either protocol (IPv4/IPv6) this commit changes the hints to IPv4 protocol by passing `--ipv4` flag on the tests' command line. This prevents the valgrind failures.
* host names: allow trailing dot in name resolve, then strip itTobias Hintze2018-11-223-33/+61
| | | | | | | Delays stripping of trailing dots to after resolving the hostname. Fixes #3022 Closes #3222
* CURLOPT_HEADERFUNCTION.3: match 'nitems' name in synopsis and descriptionUnknownShadow2002018-11-221-1/+1
| | | | Closes #3295
* configure: Fix typo in commentDaniel Gustafsson2018-11-211-1/+1
|
* openssl: support session resume with TLS 1.3Michael Kaufmann2018-11-211-42/+102
| | | | | | | | | | | | | | | | | | | | | | | Session resumption information is not available immediately after a TLS 1.3 handshake. The client must wait until the server has sent a session ticket. Use OpenSSL's "new session" callback to get the session information and put it into curl's session cache. For TLS 1.3 sessions, this callback will be invoked after the server has sent a session ticket. The "new session" callback is invoked only if OpenSSL's session cache is enabled, so enable it and use the "external storage" mode which lets curl manage the contents of the session cache. A pointer to the connection data and the sockindex are now saved as "SSL extra data" to make them available to the callback. This approach also works for old SSL/TLS versions and old OpenSSL versions. Reviewed-by: Daniel Stenberg <daniel@haxx.se> Fixes #3202 Closes #3271
* ssl: fix compilation with OpenSSL 0.9.7Michael Kaufmann2018-11-212-3/+2
| | | | | | | - ENGINE_cleanup() was used without including "openssl/engine.h" - enable engine support for OpenSSL 0.9.7 Closes #3266
* openssl: disable TLS renegotiation with BoringSSLDaniel Stenberg2018-11-211-1/+8
| | | | | | | | | | | | Since we're close to feature freeze, this change disables this feature with an #ifdef. Define ALLOW_RENEG at build-time to enable. This could be converted to a bit for CURLOPT_SSL_OPTIONS to let applications opt-in this. Concern-raised-by: David Benjamin Fixes #3283 Closes #3293
* ares: remove fd from multi fd set when ares is about to close the fdRomain Fliedel2018-11-208-23/+45
| | | | | | | | | | | | | | | | | | | When using c-ares for asyn dns, the dns socket fd was silently closed by c-ares without curl being aware. curl would then 'realize' the fd has been removed at next call of Curl_resolver_getsock, and only then notify the CURLMOPT_SOCKETFUNCTION to remove fd from its poll set with CURL_POLL_REMOVE. At this point the fd is already closed. By using ares socket state callback (ARES_OPT_SOCK_STATE_CB), this patch allows curl to be notified that the fd is not longer needed for neither for write nor read. At this point by calling Curl_multi_closed we are able to notify multi with CURL_POLL_REMOVE before the fd is actually closed by ares. In asyn-ares.c Curl_resolver_duphandle we can't use ares_dup anymore since it does not allow passing a different sock_state_cb_data Closes #3238
* examples/ephiperfifo: report error when epoll_ctl failsRomain Fliedel2018-11-201-3/+9
|
* ntlm: Remove redundant ifdef USE_OPENSSLpkubaj2018-11-201-16/+6
| | | | | | | | | | | | | | | | | | | lib/curl_ntlm.c had code that read as follows: #ifdef USE_OPENSSL # ifdef USE_OPENSSL # else # .. # endif #endif Remove the redundant USE_OPENSSL along with #else (it's not possible to reach it anyway). The removed construction is a leftover from when the SSLeay support was removed. Closes #3269 Reviewed-by: Daniel Gustafsson <daniel@yesql.se> Reviewed-by: Daniel Stenberg <daniel@haxx.se>
* ssl: replace all internal uses of CURLE_SSL_CACERTHan Han2018-11-208-20/+20
| | | | Closes #3291
* docs: add more description to unified ssl error codesHan Han2018-11-191-4/+4
|
* curle: move deprecated error code to ifndef blockHan Han2018-11-191-3/+3
|
* os400: add CURLOPT_CURLU to ILE/RPG binding.Patrick Monnerat2018-11-191-0/+1
|
* os400: Add curl_easy_conn_upkeep() to ILE/RPG binding.Patrick Monnerat2018-11-191-0/+5
|
* os400: fix return type of curl_easy_pause() in ILE/RPG binding.Patrick Monnerat2018-11-191-0/+1
|
* RELEASE-NOTES: syncedDaniel Stenberg2018-11-191-5/+37
|
* impacket: add LICENSEDaniel Stenberg2018-11-191-0/+84
| | | | | | | | | | | The license for the impacket package was not in our tree. Imported now from upstream's https://github.com/SecureAuthCorp/impacket/blob/master/LICENSE Reported-by: infinnovation-dev on github Fixes #3276 Closes #3277
View Lorry Controller Status