| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Follow-up to c4e6968127e876b0
When a new transfer is created, as a resuly of an acknowledged push,
that transfer needs a download buffer allocated.
Closes #5590
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default
locations. Instead the CA store can now be used at the same time.
The change is due to the impending release. The issue is still being
discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and
is now documented as experimental.
Ref: bc052cc (parent commit)
Ref: https://github.com/curl/curl/issues/5585
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Background:
148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.
Problem:
libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.
Solution:
A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.
Ref: https://github.com/curl/curl/issues/5585
|
|
|
|
|
|
|
| |
Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.
Closes https://github.com/curl/curl/pull/5587
|
| |
|
| |
|
|
|
|
|
| |
Reported-by: sn on hackerone
Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
|
|
|
|
|
|
| |
Reviewed-by: Marcel Raad
Fixes #5512
Closes #5517
|
|
|
|
|
| |
Reviewed-by: Marcel Raad
Closes #5580
|
|
|
|
| |
Closes #5584
|
|
|
|
|
|
|
|
|
|
| |
... and not as a "glob". Now done by passing the supposed host to the
URL parser which supposedly will do a better job at identifying "real"
numerical IPv6 addresses.
Reported-by: puckipedia on github
Fixes #5576
Closes #5579
|
| |
|
|
|
|
|
|
|
| |
Follow-up to 9e5669f3880674
Detected by Coverity CID 1464582 ("Logically dead code")
Closes #5577
|
| |
|
|
|
|
|
|
|
|
| |
For QUIC but also for regular TCP when the second family runs out of IPs
with a failure while the first family is still trying to connect.
Separated the timeout handling for IPv4 and IPv6 connections when they
both have a number of addresses to iterate over.
|
| |
|
|
|
|
|
|
| |
Reported-by: Peter Wu
Fixes #5565
Closes #5568
|
|
|
|
| |
Closes #5573
|
|
|
|
|
|
|
|
|
|
|
|
| |
This avoids using a pair of TCP ports to provide wakeup functionality
for every multi instance on Windows, where socketpair() is emulated
using a TCP socket on loopback which could in turn lead to socket
resource exhaustion.
Reviewed-by: Gergely Nagy
Reviewed-by: Marc Hörsken
Closes #5397
|
|
|
|
|
|
| |
CURL_SSL_BACKEND, QLOGDIR and SSLKEYLOGFILE
Closes #5571
|
| |
|
|
|
|
| |
Also adds pkg-config support for the wolfSSL detection.
|
|
|
|
|
|
|
|
|
| |
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES*
functions that OpenSSL has. This change take advantage of that.
Co-authored-by: Daniel Stenberg
Closes #5556
Fixes #5548
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since the connection can be used by many independent requests (using
HTTP/2 or HTTP/3), things like user-agent and other transfer-specific
data MUST NOT be kept connection oriented as it could lead to requests
getting the wrong string for their requests. This struct data was
lingering like this due to old HTTP1 legacy thinking where it didn't
mattered..
Fixes #5566
Closes #5567
|
|
|
|
|
|
|
|
|
|
|
| |
Assisted-by: Daniel Gustafsson
Assisted-by: Rich Salz
Assisted-by: Hugo van Kemenade
Assisted-by: James Fuller
Assisted-by: Marc Hörsken
Assisted-by: Jay Satiro
Closes #5555
|
|
|
|
|
|
|
|
| |
It was superfluous since we have the list.size alredy
Reported-by: Jay Satiro
Fixes #5553
Closes #5563
|
|
|
|
|
|
|
| |
Added a few missing features not previously mentioned. Ordered them
alphabetically.
Closes #5558
|
|
|
|
| |
Closes #5562
|
|
|
|
|
|
|
|
|
|
| |
The point of this section is to meet the CII Best Practices gold level
critera:
"The project MUST clearly identify small tasks that can be performed by
new or casual contributors"
Closes #5560
|
|
|
|
| |
Closes #5462
|
| |
|
|
|
|
|
|
|
| |
Follow-up to ad6416986755e417c66e2c6, which caused wrong formatting on
curl documentation website
Closes #5561
|
|
|
|
| |
Closes #5549
|
|
|
|
|
|
|
|
| |
When asking for a specific feature to be shared in the share object,
that bit was previously set unconditionally even if the shared feature
failed or otherwise wouldn't work.
Closes #5554
|
|
|
|
| |
It's just too annoying and unnecessary to get a long list of files shown
|
| |
|
|
|
|
|
|
|
|
| |
Instead of discussing if there's value or meaning (implied or not) in
the colors, let's use words without the same possibly negative
associations.
Closes #5546
|
|
|
|
|
|
|
|
|
| |
Prior to this change in Windows Unicode builds most parsed options would
not be freed.
Found using _CrtDumpMemoryLeaks().
Ref: https://github.com/curl/curl/issues/5545
|
|
|
|
|
|
|
|
|
| |
The SOCKS4/5 state machines weren't properly terminated when the proxy
connection got closed, leading to a busy-loop.
Reported-By: zloi-user on github
Fixes #5532
Closes #5542
|
|
|
|
| |
Closes #5540
|
|
|
|
|
|
|
|
| |
To reduce the amount of allocations needed for creating a Curl_addrinfo
struct, make a single larger malloc instead of three separate smaller
ones.
Closes #5533
|
|
|
|
|
|
|
|
| |
quiche now requires the application to explicitly set the keylog path
for each connection, rather than reading the environment variable
itself.
Closes #5541
|
|
|
|
|
|
| |
Test 895 and 896 - as a follow-up to a3e972313b
Closes #5539
|
|
|
|
|
|
|
| |
Syncs with ngtcp2 commit 7e9a917d386d98 merged June 7 2020.
Assisted-by: Tatsuhiro Tsujikawa
Closes #5538
|
|
|
|
| |
Closes #5537
|
|
|
|
|
|
|
| |
Memory leak
Reported-by: Geeknik Labs
Fixes #5535
Closes #5536
|
|
|
|
|
|
|
| |
Remove weird work-around for storing the SFTP errors as int instead of
the "unsigned long" that libssh2 actually returns for SFTP errors.
Closes #5534
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that all functions in select.[ch] take timediff_t instead
of the limited int or long, we can remove type conversions
and related preprocessor checks to silence compiler warnings.
Avoiding conversions from time_t was already done in 842f73de.
Based upon #5262
Supersedes #5214, #5220 and #5221
Follow up to #5343 and #5479
Closes #5490
|