summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* smtp: fix memory leak on exit pathbagder/smtp-memleakDaniel Stenberg2020-02-271-1/+3
| | | | | Detected by Coverity. CID 1418139. "leaked_storage: Variable 'from' going out of scope leaks the storage it points to"
* Curl_is_ASCII_name: handle a NULL argumentDaniel Stenberg2020-02-272-2/+4
| | | | | | | | | | | | Make the function tolerate a NULL pointer input to avoid dereferencing that pointer. Follow-up to efce3ea5a85126d Detected by OSS-Fuzz Reviewed-By: Steve Holme Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20907 Fixes #4985 Closes #4986
* RELEASE-NOTES: syncedDaniel Stenberg2020-02-271-15/+38
|
* http2: make pausing/unpausing set/clear local stream windowDaniel Stenberg2020-02-275-39/+101
| | | | | | | | | | | | | This reduces the HTTP/2 window size to 32 MB since libcurl might have to buffer up to this amount of data in memory and yet we don't want it set lower to potentially impact tranfer performance on high speed networks. Requires nghttp2 commit b3f85e2daa629 (https://github.com/nghttp2/nghttp2/pull/1444) to work properly, to end up in the next release after 1.40.0. Fixes #4939 Closes #4940
* libssh: improve known hosts handlingAnderson Toshiyuki Sasaki2020-02-271-6/+92
| | | | | | | | | | | | | | | | Previously, it was not possible to get a known hosts file entry due to the lack of an API. ssh_session_get_known_hosts_entry(), introduced in libssh-0.9.0, allows libcurl to obtain such information and behave the same as when compiled with libssh2. This also tries to avoid the usage of deprecated functions when the replacements are available. The behaviour will not change if versions older than libssh-0.8.0 are used. Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> Fixes #4953 Closes #4962
* tests: Automatically deduce the tool name from the test case for unit testsSteve Holme2020-02-2739-153/+16
| | | | | | | | | | | | It is still possible to override the executable to run during the test, using the <tool> tag, but this patch removes the requirement that the tag must be present for unit tests. It also removes the possibility of human error when existing test cases are used as the basis for new tests, as recently witnessed in 81c37124. Reviewed-by: Daniel Stenberg Closes #4976
* test1323: Added the missing 'unit test' feature requirement in the test caseSteve Holme2020-02-271-0/+3
|
* cookie: remove unnecessary check for 'out != 0'Daniel Stenberg2020-02-261-1/+1
| | | | | | ... as it will always be non-NULL at this point. Detected by Coverity: CID 1459009
* http: added 417 response treatmentDaniel Stenberg2020-02-266-10/+137
| | | | | | | | | | | | | | | When doing a request with a body + Expect: 100-continue and the server responds with a 417, the same request will be retried immediately without the Expect: header. Added test 357 to verify. Also added a control instruction to tell the sws test server to not read the request body if Expect: is present, which the new test 357 uses. Reported-by: bramus on github Fixes #4949 Closes #4964
* smtp: Tidy up, following recent changes, to maintain the coding styleSteve Holme2020-02-261-4/+4
| | | | Closes #4892
* smtp: Support the SMTPUTF8 extension for the EXPN commandSteve Holme2020-02-263-10/+67
| | | | Simply notify the server we support the SMTPUTF8 extension if it does.
* smtp: Support the SMTPUTF8 extension in the VRFY commandSteve Holme2020-02-265-8/+131
|
* smtp: Support the SMTPUTF8 extension in the RCPT TO commandSteve Holme2020-02-264-6/+91
| | | | | | Note: The RCPT TO command isn't required to advertise to the server that it contains UTF-8 characters, instead the server is told that a mail may contain UTF-8 in any envelope command via the MAIL command.
* smtp: Support the SMTPUTF8 extension in the MAIL commandSteve Holme2020-02-264-19/+111
| | | | | | | | | | Support the SMTPUTF8 extension when sending mailbox information in the MAIL command (FROM and AUTH parameters). Non-ASCII domain names will be ACE encoded, if IDN is supported, whilst non-ASCII characters in the local address part are passed to the server. Reported-by: ygthien on github Fixes #4828
* smtp: Detect server support for the UTF-8 extension as defined in RFC-6531Steve Holme2020-02-262-0/+7
|
* smtp: Support UTF-8 based host names in the VRFY commandSteve Holme2020-02-265-8/+87
|
* smtp: Support UTF-8 based host names in the RCPT TO commandSteve Holme2020-02-264-5/+85
|
* smtp: Support UTF-8 based host names in the MAIL commandSteve Holme2020-02-264-7/+187
| | | | Non-ASCII host names will be ACE encoded if IDN is supported.
* url: Make the IDN conversion functions available to othersSteve Holme2020-02-262-19/+23
|
* smtp: Added UTF-8 mailbox tests to verify existing behaviourSteve Holme2020-02-258-1/+359
|
* ftpserver: Updated VRFY_smtp() so the response isn't necessary in the test caseSteve Holme2020-02-242-6/+15
|
* ftpserver: Corrected the e-mail address regex in MAIL_smtp() and RCTP_smtp()Steve Holme2020-02-241-3/+3
| | | | | | | | | | | | | | | | | | | | | The dot character between the host and the tld was not being escaped, which meant it specified a match of 'any' character rather than an explicit dot separator. Additionally removed the dot character from the host name as it allowed the following to be specified as a valid address in our test cases: <bad@example......com> Both are typos from 98f7ca7 and 8880f84 :( I can't remember whether my intention was to allow sub-domains to be specified in the host or not with these additional dots, but by placing it outside of the host means it can only be specified once per domain and by placing a + after the new grouping support for sub-domains is kept. Closes #4912
* hmac: Added a unit test for the HMAC hash generationSteve Holme2020-02-244-2/+96
| | | | Closes #4973
* ntlm: Moved the HMAC MD5 function into the HMAC module as a generic functionSteve Holme2020-02-243-31/+56
|
* tests: Added a unit test for MD4 digest generationSteve Holme2020-02-234-2/+89
| | | | Closes #4970
* md4: Use const for the length input parameterSteve Holme2020-02-232-3/+6
| | | | This keeps the interface the same as md5 and sha256.
* test1610: Fixed the link to the unit testSteve Holme2020-02-231-1/+1
| | | | Typo from 81c37124.
* ntlm: Removed the dependency on the TLS libaries when using MD5Steve Holme2020-02-232-12/+11
| | | | | | | As we have our own MD5 implementation use the MD5 wrapper to remove the TLS dependency. Closes #4967
* md5/sha256: Updated the functions to allow non-string data to be hashedSteve Holme2020-02-237-48/+45
|
* digest: Corrected the name of the local HTTP digest functionSteve Holme2020-02-231-12/+12
| | | | | Follow up to 2b5b37cb. Local static functions do not require the Curl prefix.
* tests: Added a unit test for SHA256 digest generationSteve Holme2020-02-226-6/+126
| | | | | | Follow up to 2b5b37c. Closes #4968
* md4: Fixed compilation issues when using GNU TLS gcryptSteve Holme2020-02-221-4/+7
| | | | | | | | | | * Don't include 'struct' in the gcrypt MD4_CTX typedef * The call to gcry_md_read() should use a dereferenced ctx * The call to gcry_md_close() should use a dereferenced ctx Additional minor whitespace issue in the USE_WIN32_CRYPTO code. Closes #4959
* RELEASE-NOTES: syncedDaniel Stenberg2020-02-211-4/+27
|
* http2: now require nghttp2 >= 1.12.0Daniel Stenberg2020-02-213-52/+10
| | | | | | | | | To simplify our code and since earlier versions lack important function calls libcurl needs to function correctly. nghttp2 1.12.0 was relased on June 26, 2016. Closes #4961
* gtls: fix the copyright yearDaniel Stenberg2020-02-211-1/+1
| | | | Follow-up from 41fcb4f609
* GnuTLS: Always send client certjethrogb2020-02-211-1/+1
| | | | | | | | | | | | | | TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Authored-by: jethrogb on github Fixes #1411 Closes #4958
* github action: add CIFuzzLeo Neat2020-02-211-0/+24
| | | | Closes #4960
* cleanup: comment typosDaniel Stenberg2020-02-215-7/+5
| | | | | | Spotted by 'codespell' Closes #4957
* win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functionsSteve Holme2020-02-203-5/+7
| | | | | | | | | Whilst lib\md4.c used this pre-processor, lib\md5.c and src\tool_metalink.c did not and simply relied on the WIN32 pre-processor directive. Reviewed-by: Marcel Raad Closes #4955
* connect: remove some spurious infof() callsDaniel Stenberg2020-02-191-7/+0
| | | | | | | As they were added primarily for debugging, they provide little use for users. Closes #4951
* HTTP-COOKIES: mention that a trailing newline is requiredDaniel Stenberg2020-02-191-11/+14
| | | | | | | | | | | | ... so that we know we got the whole and not a partial line. Also, changed the formatting of the fields away from a table again since the table format requires a github-markdown tool version that we don't run on the web server atm. Reported-by: Sunny Bean Fixes #4946 Closes #4947
* nit: Copyright year out of dateDaniel Stenberg2020-02-196-6/+6
| | | | Follow-up to 1fc0617dcc
* tool_util: Improve Windows version of tvnow()Jay Satiro2020-02-186-33/+72
| | | | | | | | | | | | | | | | | | | | | | | | | - Change tool_util.c tvnow() for Windows to match more closely to timeval.c Curl_now(). - Create a win32 init function for the tool, since some initialization is required for the tvnow() changes. Prior to this change the monotonic time function used by curl in Windows was determined at build-time and not runtime. That was a problem because when curl was built targeted for compatibility with old versions of Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps every 49.7 days that Windows has been running. This change makes curl behave similar to libcurl's tvnow function, which determines at runtime whether the OS is Vista+ and if so calls QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used because it has higher resolution than the more obvious candidate GetTickCount64). The changes to tvnow are basically a copy and paste but the types in some cases are different. Ref: https://github.com/curl/curl/issues/3309 Closes https://github.com/curl/curl/pull/4847
* SOCKS: fix typo in printf formattingDaniel Stenberg2020-02-181-1/+1
| | | | | | | Follow-up to 4a4b63daa Reported-by: Peter Piekarski Bug: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08#r37351330
* CURLOPT_REDIR_PROTOCOLS.3: update the DEFAULT sectionDaniel Stenberg2020-02-181-2/+5
| | | | | | | | to be in sync with the description above Reported-by: Joonas Kuorilehto Fixes #4943 Closes #4945
* docs/GOVERNANCE: refreshed + added "donations" and "commercial support"Daniel Stenberg2020-02-181-3/+26
|
* altsvc: make saving the cache an atomic operationDaniel Stenberg2020-02-184-19/+41
| | | | | | | | ... by writing the file to temp name then rename to the final when done. Assisted-by: Jay Satiro Fixes #4936 Closes #4942
* rename: a new file for Curl_rename()Daniel Stenberg2020-02-184-28/+93
| | | | And make the cookie save function use it.
* cookies: make saving atomic with a renameDaniel Stenberg2020-02-171-16/+63
| | | | | | | | | | Saves the file as "[filename].[8 random hex digits].tmp" and renames away the extension when done. Co-authored-by: Jay Satiro Reported-by: Mike Frysinger Fixes #4914 Closes #4926
* RELEASE-NOTES: syncedDaniel Stenberg2020-02-171-12/+35
|
View Lorry Controller Status