| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
It does not belong in the curlx_ name space as it is never used
externally.
Closes #10132
|
|
|
|
| |
Closes #10125
|
|
|
|
| |
Closes #10071
|
|
|
|
|
|
|
|
| |
Warn users that disabling certficate verification allows servers to
"pollute" curl with data it trusts.
Reported-by: Harry Sintonen
Closes #10126
|
|
|
|
| |
Closes #10118
|
|
|
|
| |
bumped version for new cycle
|
|
|
|
|
|
|
| |
`CURLOPT_SOCKS5_GSSAPI_NEC` is a long, while `socks5_gssapi_nec` was
made a bool in commit 4ac64eadf60.
Closes https://github.com/curl/curl/pull/10124
|
|
|
|
| |
The curl 7.87.0 release
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When checking if there is a "secure context", which it is if the
connection is to localhost even if the protocol is HTTP, the comparison
for ::1 was done incorrectly and included brackets.
Reported-by: BratSinot on github
Fixes #10120
Closes #10121
|
| |
|
|
|
|
|
|
|
|
| |
It is managed by the generic layer.
Reported-by: Trail of Bits
Closes #10112
|
|
|
|
|
|
|
|
|
|
| |
Otherwise it stores the info HSTS into the persistent cache for the IDN
name which will not match when the HSTS status is later checked for
using the decoded name.
Reported-by: Hiroki Kurosawa
Closes #10111
|
|
|
|
| |
Closes #10106
|
|
|
|
|
|
| |
Closes #10105
Reviewed-by: Daniel Gustafsson
|
| |
|
|
|
|
| |
Closes #10094
|
|
|
|
| |
Closes #10094
|
|
|
|
|
|
| |
It was not used. Introduce a new IDN header for the prototype(s).
Closes #10094
|
| |
|
|
|
|
|
|
|
|
| |
Put there by mistake.
Follow-up from 9a8564a92
Closes #10101
|
|
|
|
|
|
|
|
|
| |
It used to be a 'long', %lu is no longer correct.
Follow-up to 57d2d9b6bed33d
Detected by Coverity CID 1517663
Closes #10100
|
|
|
|
| |
Closes #10093
|
|
|
|
| |
Closes #10099
|
|
|
|
|
|
|
|
|
| |
Set SONAME and VERSION for platforms we think this works on. Remove
issue from KNOWN_BUGS.
Assisted-by: Jakub Zakrzewski
Closes #10023
|
|
|
|
|
|
|
|
|
| |
And also make sure that repeated use of the options free the previous
string before it stores a new.
Follow-up from e6f8445edef8e7996d
Closes #10098
|
|
|
|
|
|
| |
Follow-up to ede125b7b
Closes #10097
|
|
|
|
|
|
|
|
| |
Follow-up from eb0167ff7d31d3a5
Extend test 1560 to verify
Closes #10096
|
|
|
|
|
|
|
|
|
|
|
| |
Follow-up to ac612dfeee95
strtoul() accepts a leading minus so better make sure there is none
Extended test 356 somewhat to use a huge negative 64 bit number that
otherwise becomes a low positive number.
Closes #10095
|
|
|
|
|
|
|
| |
Since long is not using a consistent data size in curl builds, making it
often "waste" 32 bits.
Closes #10088
|
|
|
|
|
|
| |
To make it less fragile
Closes #10092
|
|
|
|
|
|
|
|
|
|
|
| |
When utf8asn1str fails there is no allocation returned, so freeing
the return pointer in **to is at best a no-op and at worst a double-
free bug waiting to happen. The current coding isn't hiding any such
bugs but to future proof, avoid freeing the return value pointer iff
the function failed.
Closes: #10087
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
| |
Closes: #10089
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- curl_ws_send returns CURLE_SEND_ERROR if data->conn is gone
- curl_ws_recv returns CURLE_GOT_NOTHING on connection close
- curl_ws_recv.3: mention new return code for connection close + example
embryo
Closes #10084
|
|
|
|
|
|
|
|
| |
This commit extends the documentation of the --dump-header command-line
option to reflect the behavior introduced in 8b1e5df7.
See #10079
Closes #10085
|
| |
|
|
|
|
|
|
|
| |
Reported-by: u20221022 on github
Fixes #10082
Closes #10083
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit fixes a bug in the dump-header feature regarding the
determination of the second fopen(3) option.
Reported-by: u20221022 on github
See #4753
See #4762
Fixes #10074
Closes #10079
|
|
|
|
|
|
|
| |
Replace as with is in relevant sentences.
Closes: #10081
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
|
|
|
|
|
|
|
|
| |
It makes test 565 run fine.
Fixes #8896
Closes #10080
Assisted-by: Daniel Stenberg
|
|
|
|
| |
Closes #10068
|
|
|
|
|
|
|
| |
The main thing I wanted to do was fix the spelling of "spent", but I
think this rewording improves the flow of the paragraph.
Closes #10067
|
|
|
|
| |
Closes #10078
|
|
|
|
|
|
|
| |
The script was all set up for flexibility where curl-www is elsewhere in
the filesystem, but then hard-coded ../curl-www anyway...
Closes #10064
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- CURL_GLOBAL_SSL
This option was changed in libcurl 7.57.0 and clearly it has not caused
too many issues and a lot of time has passed.
- Store TLS context per transfer instead of per connection
This is a possible future optimization. One that is much less important
and interesting since the added support for CA caching.
- Microsoft telnet server
This bug was filed in May 2007 against curl 7.16.1 and we have not
received further reports.
- active FTP over a SOCKS
Actually, proxies in general is not working with active FTP mode. This
is now added in proxy documentation.
- DICT responses show the underlying protocol
curl still does this, but since this is now an established behavior
since forever we cannot change it easily and adding an option for it
seems crazy as this protocol is not so little its not worth it. Let's
just live with it.
- Secure Transport disabling hostname validation also disables SNI
This is an already documented restriction in Secure Transport.
- CURLOPT_SEEKFUNCTION not called with CURLFORM_STREAM
The curl_formadd() function is marked and documented as deprecated. No
point in collecting bugs for it. It should not be used further.
- STARTTRANSFER time is wrong for HTTP POSTs
After close source code inspection I cannot see how this is true or that
there is any special treatment for different HTTP methods. We also have
not received many further reports on this, making me strongly suspect
that this is no (longer an) issue.
- multipart formposts file name encoding
The once proposed RFC 5987-encoding is since RFC 7578 documented as MUST
NOT be used. The since then implemented MIME API allows the user to set
the name on their own and can thus provide it encoded as it wants.
- DoH is not used for all name resolves when enabled
It is questionable if users actually want to use DoH for interface and
FTP port name resolving. This restriction is now documented and we
advice users against using name resolving at all for these functions.
Closes #10043
|
|
|
|
|
|
| |
Closes #10063
Reviewed-by: Daniel Gustafsson
|
|
|
|
|
|
|
|
|
| |
CURLOPT_INFILE was replaced by CURLOPT_READDATA in 7.9.7, reword the
comment mentioning it to make code grepping easier as well as improve
the documentation.
Closes: #10062
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Change "__MWERKS__" to "macintosh". When this block was originally added
in 3ac6929 it was probably intended to handle classic Mac OS since the
previous classic Mac OS build procedure for curl (which was removed in
bf327a9) used Metrowerks CodeWarrior.
But there are other classic Mac OS compilers, such as the MPW compilers,
that were not handled by this case. For classic Mac OS,
CURL_TYPEOF_CURL_SOCKLEN_T needs to match what's provided by the
third-party GUSI library, which does not vary by compiler.
Meanwhile CodeWarrior works on platforms other than classic Mac OS, and
they may need different definitions. Separate blocks could be added
later for any of those platforms that curl doesn't already support.
Closes #10049
|