| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Closes #6770
|
| |
|
|
|
|
|
|
|
|
|
| |
If libssh2_knownhost_init() returns NULL, like in an OOM situation, the
ssh session was freed but the pointer wasn't cleared which made libcurl
later call libssh2 to cleanup using the stale pointer.
Fixes #6764
Closes #6766
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This also pins a specific release in the Travis test so future
API-breaking changins in crustls won't break curl builds.
Add RUSTLS documentation to release tarball.
Enable running tests for rustls, minus FTP tests (require
connect_blocking, which rustls doesn't implement) and 313 (requires CRL
handling).
Closes #6763
|
|
|
|
|
|
|
|
| |
If we get a close_notify, treat that as EOF. If we get an EOF from the
TCP stream, treat that as an error (because we should have ended the
connection earlier, when we got a close_notify).
Closes #6763
|
|
|
|
| |
Closes #6758
|
|
|
|
|
|
| |
We always preprocess and tests are no longer sensible to load "raw"
Closes #6738
|
|
|
|
|
|
|
| |
This makes the tests easier to copy and relocate to other test numbers
without having to update content.
Closes #6738
|
|
|
|
| |
Closes #5747
|
|
|
|
| |
Closes #6743
|
|
|
|
|
|
|
|
|
|
|
| |
- Document the names that can be used with CURL_SSL_BACKEND:
bearssl, gnutls, gskit, mbedtls, mesalink, nss, openssl, rustls,
schannel, secure-transport, wolfssl
Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201
Closes https://github.com/curl/curl/pull/6755
|
|
|
|
|
|
|
|
|
|
|
| |
- Document in DOH that some SSL settings are inherited but DOH hostname
and peer verification are not and are controlled separately.
- Document that CURLOPT_SSL_CTX_FUNCTION is inherited by DOH handles but
we're considering changing behavior to no longer inherit it. Request
feedback.
Closes https://github.com/curl/curl/pull/6688
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.
Updated test 1156, added test 1273
Reported-by: Jonathan Watt
Fixes #6740
Closes #6753
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The duration of a connect and the total transfer are calculated from two
different time-stamps. It can end up with the total timeout triggering
before the connect timeout expires and we should make sure to
acknowledge whichever timeout that is reached first.
This is especially notable when a transfer first sits in PENDING, as
that time is counted in the total time but the connect timeout is based
on the time since the handle changed to the CONNECT state.
The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
operation.
Fixes #6744
Closes #6745
Reported-by: Andrei Bica
Assisted-by: Jay Satiro
|
|
|
|
| |
AC_HEADER_TIME, AC_HEADER_STDC and AC_TYPE_SIGNAL
|
|
|
|
| |
... as the former versions are deprecated.
|
|
|
|
|
|
|
|
|
| |
AC_HELP_STRING is deprecated in 2.70+ and I believe AS_HELP_STRING works
already since 2.59 so bump the minimum required version to that.
Reported-by: Emil Engler
Fixes #6647
Closes #6748
|
| |
|
|
|
|
| |
Closes #6751
|
| |
|
|
|
|
| |
Closes #6751
|
|
|
|
|
|
|
|
|
| |
Previously, rustls was using an on-stack array for TLS data. However,
crustls has an (unusual) requirement that buffers it deals with are
initialized before writing to them. By using calloc, we can ensure the
buffer is initialized once and then reuse it across calls.
Closes #6742
|
|
|
|
|
|
| |
... that doesn't run any tests (yet)
Closes #6750
|
| |
|
|
|
|
|
|
|
| |
this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received over http2
Closes #6747
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Align conditions for NTLM features between CMake and configure
builds by differentiating between USE_NTLM and USE_CURL_NTLM_CORE,
just like curl_setup.h does internally to detect support of:
- USE_NTLM: required for NTLM crypto authentication feature
- USE_CURL_NTLM_CORE: required for SMB protocol
Implement USE_WIN32_CRYPTO detection by checking for Crypt functions
in wincrypt.h which are not available in the Windows App environment.
Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.
Reviewed-by: Marcel Raad
Closes #6277
|
|
|
|
|
|
|
|
|
|
| |
Move the detection of the restricted Windows App environment
in curl_setup.h before the definition of USE_WIN32_CRYPTO
via included config-win32.h in case no build system is used.
Reviewed-by: Marcel Raad
Part of #6277
|
| |
|
|
|
|
|
|
| |
Reported-by: Alejandro Colomar
Fixes #6698
Closes #6722
|
|
|
|
|
|
|
|
|
| |
MAX_HSTS_SUBLEN and MAX_HSTS_SUBLENSTR were unused from the initial commit,
and mostly likely leftovers from early development. Remove as they're not
used for anything.
Closes #6741
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
| |
and at 20% to try to keep the run-time reasonable
Closes #6728
|
|
|
|
|
|
|
|
|
| |
Run torture without FTP and reducing coverage to 20%
For some reason the torture tests now run a lot slower on travis and run
into the 50 minute limit all the time.
Closes #6728
|
|
|
|
|
|
|
|
|
| |
If after a transfer is complete Curl_GetFTPResponse() returns an error,
curl would not free the ftp->pathalloc block.
Found by torture-testing test 576
Closes #6737
|
|
|
|
| |
Closes #6736
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This requires the latest main branch of crustls, which provides
rustls_client_config_builder_dangerous_set_certificate_verifier and
rustls_client_config_builder_set_enable_sni.
This refactors the session setup into its own function, and adds a new
function cr_hostname_is_ip. Because crustls doesn't support verification
of IP addresses, special handling is needed: We disable SNI and set a
placeholder hostname (which never actually gets sent on the wire).
Closes #6719
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions must be careful
to only use data where it's checked for being a NULL pointer. The libpsl
support code does however dereference data without checking, so if we are
indeed having an unset data pointer we cannot PSL check the cookiedomain.
This is currently not a reachable dereference, as the only caller with a
NULL data isn't passing a file to initialize cookies from, but since the
API has this contract let's ensure we hold it.
Closes #6731
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
|
|
| |
Add paths for OpenSSL compiling and linking only if they have been
defined. If they haven't been defined, we'll assume that the paths are
already available to the toolchain.
Closes #6730
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Clarify the only 5xx response codes that are treated as transient are
500, 502, 503 and 504.
Prior to this change it said it treated all 5xx as transient, but the
code says otherwise.
Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495
Closes https://github.com/curl/curl/pull/6724
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Add a paragraph explaining that curl does not consider HTTP response
errors as curl errors, and how that behavior can be modified by using
--retry and --fail.
The --retry-all-errors doc says "Retry on any error" which some users
may find misleading without the added explanation.
Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT
Reported-by: Lawrence Gripper
Fixes https://github.com/curl/curl/issues/6712
Closes https://github.com/curl/curl/pull/6720
|
|
|
|
|
|
|
| |
The ngtcp2 project switched over to using the quictls OpenSSL fork
instead of their own patched OpenSSL. We follow suit.
Closes #6729
|
| |
|
|
|
|
| |
Closes #6727
|
|
|
|
| |
Closes #6727
|
|
|
|
| |
Closes #6727
|
|
|
|
|
|
| |
Not supported.
Closes #6727
|
|
|
|
| |
... as it tests HTTP/0.9 which Hyper doesn't support.
|
| |
|
|
|
|
|
|
|
|
|
| |
Added test 362 to verify.
Reported-by: Jordan Brown
Regression since 7ea2e1d0c5a7f (7.73.0)
Fixes #6715
Closes #6725
|
|
|
|
|
|
| |
... as cmake now does it correctly, and make test1014 check for it
Closes #6702
|