summaryrefslogtreecommitdiff
path: root/lib/socks.c
Commit message (Collapse)AuthorAgeFilesLines
* CURLOPT_SOCKS5_AUTH: allowed methods for SOCKS5 proxy authKamil Dudka2017-06-281-9/+18
| | | | | | | | | | | | | | | | | | If libcurl was built with GSS-API support, it unconditionally advertised GSS-API authentication while connecting to a SOCKS5 proxy. This caused problems in environments with improperly configured Kerberos: a stock libcurl failed to connect, despite libcurl built without GSS-API connected fine using username and password. This commit introduces the CURLOPT_SOCKS5_AUTH option to control the allowed methods for SOCKS5 authentication at run time. Note that a new option was preferred over reusing CURLOPT_PROXYAUTH for compatibility reasons because the set of authentication methods allowed by default was different for HTTP and SOCKS5 proxies. Bug: https://curl.haxx.se/mail/lib-2017-01/0005.html Closes https://github.com/curl/curl/pull/1454
* socks: deduplicate the code for auth requestKamil Dudka2017-06-281-9/+10
|
* socks: use proxy_user instead of proxy_nameKamil Dudka2017-06-281-16/+16
| | | | ... to make it obvious what the data is used for
* Improve code readbilitySylvestre Ledru2017-03-131-7/+5
| | | | | | ... by removing the else branch after a return, break or continue. Closes #1310
* checksrc: white space edits to comply to stricter checksrcDaniel Stenberg2016-11-241-11/+12
|
* proxy: Support HTTPS proxy and SOCKS+HTTP(s)Alex Rousskov2016-11-241-3/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * HTTPS proxies: An HTTPS proxy receives all transactions over an SSL/TLS connection. Once a secure connection with the proxy is established, the user agent uses the proxy as usual, including sending CONNECT requests to instruct the proxy to establish a [usually secure] TCP tunnel with an origin server. HTTPS proxies protect nearly all aspects of user-proxy communications as opposed to HTTP proxies that receive all requests (including CONNECT requests) in vulnerable clear text. With HTTPS proxies, it is possible to have two concurrent _nested_ SSL/TLS sessions: the "outer" one between the user agent and the proxy and the "inner" one between the user agent and the origin server (through the proxy). This change adds supports for such nested sessions as well. A secure connection with a proxy requires its own set of the usual SSL options (their actual descriptions differ and need polishing, see TODO): --proxy-cacert FILE CA certificate to verify peer against --proxy-capath DIR CA directory to verify peer against --proxy-cert CERT[:PASSWD] Client certificate file and password --proxy-cert-type TYPE Certificate file type (DER/PEM/ENG) --proxy-ciphers LIST SSL ciphers to use --proxy-crlfile FILE Get a CRL list in PEM format from the file --proxy-insecure Allow connections to proxies with bad certs --proxy-key KEY Private key file name --proxy-key-type TYPE Private key file type (DER/PEM/ENG) --proxy-pass PASS Pass phrase for the private key --proxy-ssl-allow-beast Allow security flaw to improve interop --proxy-sslv2 Use SSLv2 --proxy-sslv3 Use SSLv3 --proxy-tlsv1 Use TLSv1 --proxy-tlsuser USER TLS username --proxy-tlspassword STRING TLS password --proxy-tlsauthtype STRING TLS authentication type (default SRP) All --proxy-foo options are independent from their --foo counterparts, except --proxy-crlfile which defaults to --crlfile and --proxy-capath which defaults to --capath. Curl now also supports %{proxy_ssl_verify_result} --write-out variable, similar to the existing %{ssl_verify_result} variable. Supported backends: OpenSSL, GnuTLS, and NSS. * A SOCKS proxy + HTTP/HTTPS proxy combination: If both --socks* and --proxy options are given, Curl first connects to the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS proxy. TODO: Update documentation for the new APIs and --proxy-* options. Look for "Added in 7.XXX" marks.
* lib: fix compiler warnings after de4de4e3c7cMarcel Raad2016-11-181-2/+2
| | | | | | | | | Visual C++ now complains about implicitly casting time_t (64-bit) to long (32-bit). Fix this by changing some variables from long to time_t, or explicitly casting to long where the public interface would be affected. Closes #1131
* strcasecompare: is the new name for strequal()Daniel Stenberg2016-10-311-1/+0
| | | | | | | ... to make it less likely that we forget that the function actually does case insentive compares. Also replaced several invokes of the function with a plain strcmp when case sensitivity is not an issue (like comparing with "-").
* select: switch to macros in uppercaseDaniel Stenberg2016-10-181-3/+3
| | | | | | | | | | Curl_select_ready() was the former API that was replaced with Curl_select_check() a while back and the former arg setup was provided with a define (in order to leave existing code unmodified). Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most common shortcuts where only one socket is checked. They're also more visibly macros.
* socks.c: display the hostname returned by the SOCKS5 proxy serverMarc Hoersken2016-08-201-2/+5
| | | | | | | | | Instead of displaying the requested hostname the one returned by the SOCKS5 proxy server is used in case of connection error. The requested hostname is displayed earlier in the connection sequence. The upper-value of the port is moved to a temporary variable and replaced with a 0-byte to make sure the hostname is 0-terminated.
* socks.c: use Curl_printable_address in SOCKS5 connection sequenceMarc Hoersken2016-08-201-24/+17
| | | | | Replace custom string formatting with Curl_printable_address. Add additional debug and error output in case of failures.
* socks.c: align SOCKS4 connection sequence with SOCKS5Marc Hoersken2016-08-201-11/+13
| | | | | Calling sscanf is not required since the raw IPv4 address is available and the protocol can be detected using ai_family.
* socks.c: improve verbose output of SOCKS5 connection sequenceMarc Hoersken2016-08-201-1/+19
|
* socks.c: Correctly calculate position of port in response packetMarc Hoersken2016-08-141-3/+6
| | | | | | Third commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
* socks.c: Do not modify and invalidate calculated response lengthMarc Hoersken2016-08-141-3/+2
| | | | | | Second commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
* socks.c: Move error output after reading the whole response packetMarc Hoersken2016-08-141-33/+34
| | | | | | First commit to fix issue #944 regarding SOCKS5 error handling. Reported-by: David Kalnischkies
* internals: rename the SessionHandle struct to Curl_easyDaniel Stenberg2016-06-221-2/+2
|
* code: style updatesDaniel Stenberg2016-04-031-3/+3
|
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-031-1/+1
|
* socks: Fix incorrect port numbers in failed connect messagesJay Satiro2015-10-271-14/+14
|
* build: fix failures with -Wcast-align and -WerrorTatsuhiro Tsujikawa2015-09-261-2/+2
| | | | Closes #457
* checksrc: use space after commaDaniel Stenberg2015-03-171-2/+2
|
* code cleanup: we prefer 'CURLcode result'Daniel Stenberg2014-10-241-12/+12
| | | | | | | | | | | | | | ... for the local variable name in functions holding the return code. Using the same name universally makes code easier to read and follow. Also, unify code for checking for CURLcode errors with: if(result) or if(!result) instead of if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK)
* nonblock: call with (void) to show we ignore the return codeDaniel Stenberg2014-10-041-8/+8
| | | | Coverity pointed out several of these.
* docs: Improve inline GSS-API naming in code documentationMichael Osipov2014-07-231-4/+4
|
* FTP: make the data connection work when going through proxyDaniel Stenberg2013-10-261-0/+4
| | | | | | | | | | | This is a regression since the switch to always-multi internally c43127414d89c. Test 1316 was modified since we now clearly call the Curl_client_write() function when doing the LIST transfer part and then the handler->protocol says FTP and ftpc.transfertype is 'A' which implies text converting even though that the response is initially a HTTP CONNECT response in this case.
* strlcat: remove functionDaniel Stenberg2013-02-141-3/+10
| | | | | | | | | | | | | | | | | | This function was only used twice, both in places where performance isn't crucial (socks + if2ip). Removing the use of this function removes the need to have our private version for systems without it == reduced amount of code. Also, in the SOCKS case it is clearly better to fail gracefully rather than to truncate the results. This work was triggered by a bug report on the strcal prototype in strequal.h. strlcat was added in commit db70cd28 in February 2001! Bug: http://curl.haxx.se/bug/view.cgi?id=1192 Reported by: Jeremy Huddleston
* build: fix circular header inclusion with other packagesYang Tse2013-01-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit renames lib/setup.h to lib/curl_setup.h and renames lib/setup_once.h to lib/curl_setup_once.h. Removes the need and usage of a header inclusion guard foreign to libcurl. [1] Removes the need and presence of an alarming notice we carried in old setup_once.h [2] ---------------------------------------- 1 - lib/setup_once.h used __SETUP_ONCE_H macro as header inclusion guard up to commit ec691ca3 which changed this to HEADER_CURL_SETUP_ONCE_H, this single inclusion guard is enough to ensure that inclusion of lib/setup_once.h done from lib/setup.h is only done once. Additionally lib/setup.h has always used __SETUP_ONCE_H macro to protect inclusion of setup_once.h even after commit ec691ca3, this was to avoid a circular header inclusion triggered when building a c-ares enabled version with c-ares sources available which also has a setup_once.h header. Commit ec691ca3 exposes the real nature of __SETUP_ONCE_H usage in lib/setup.h, it is a header inclusion guard foreign to libcurl belonging to c-ares's setup_once.h The renaming this commit does, fixes the circular header inclusion, and as such removes the need and usage of a header inclusion guard foreign to libcurl. Macro __SETUP_ONCE_H no longer used in libcurl. 2 - Due to the circular interdependency of old lib/setup_once.h and the c-ares setup_once.h header, old file lib/setup_once.h has carried back from 2006 up to now days an alarming and prominent notice about the need of keeping libcurl's and c-ares's setup_once.h in sync. Given that this commit fixes the circular interdependency, the need and presence of mentioned notice is removed. All mentioned interdependencies come back from now old days when the c-ares project lived inside a curl subdirectory. This commit removes last traces of such fact.
* Revert changes relative to lib/*.[ch] recent renamingYang Tse2013-01-061-0/+744
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts renaming and usage of lib/*.h header files done 28-12-2012, reverting 2 commits: f871de0... build: make use of 76 lib/*.h renamed files ffd8e12... build: rename 76 lib/*.h files This also reverts removal of redundant include guard (redundant thanks to changes in above commits) done 2-12-2013, reverting 1 commit: c087374... curl_setup.h: remove redundant include guard This also reverts renaming and usage of lib/*.c source files done 3-12-2013, reverting 3 commits: 13606bb... build: make use of 93 lib/*.c renamed files 5b6e792... build: rename 93 lib/*.c files 7d83dff... build: commit 13606bbfde follow-up 1 Start of related discussion thread: http://curl.haxx.se/mail/lib-2013-01/0012.html Asking for confirmation on pushing this revertion commit: http://curl.haxx.se/mail/lib-2013-01/0048.html Confirmation summary: http://curl.haxx.se/mail/lib-2013-01/0079.html NOTICE: The list of 2 files that have been modified by other intermixed commits, while renamed, and also by at least one of the 6 commits this one reverts follows below. These 2 files will exhibit a hole in history unless git's '--follow' option is used when viewing logs. lib/curl_imap.h lib/curl_smtp.h
* build: rename 93 lib/*.c filesYang Tse2013-01-031-744/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 93 lib/*.c source files renamed to use our standard naming scheme. This commit only does the file renaming. ---------------------------------------- renamed: lib/amigaos.c -> lib/curl_amigaos.c renamed: lib/asyn-ares.c -> lib/curl_asyn_ares.c renamed: lib/asyn-thread.c -> lib/curl_asyn_thread.c renamed: lib/axtls.c -> lib/curl_axtls.c renamed: lib/base64.c -> lib/curl_base64.c renamed: lib/bundles.c -> lib/curl_bundles.c renamed: lib/conncache.c -> lib/curl_conncache.c renamed: lib/connect.c -> lib/curl_connect.c renamed: lib/content_encoding.c -> lib/curl_content_encoding.c renamed: lib/cookie.c -> lib/curl_cookie.c renamed: lib/cyassl.c -> lib/curl_cyassl.c renamed: lib/dict.c -> lib/curl_dict.c renamed: lib/easy.c -> lib/curl_easy.c renamed: lib/escape.c -> lib/curl_escape.c renamed: lib/file.c -> lib/curl_file.c renamed: lib/fileinfo.c -> lib/curl_fileinfo.c renamed: lib/formdata.c -> lib/curl_formdata.c renamed: lib/ftp.c -> lib/curl_ftp.c renamed: lib/ftplistparser.c -> lib/curl_ftplistparser.c renamed: lib/getenv.c -> lib/curl_getenv.c renamed: lib/getinfo.c -> lib/curl_getinfo.c renamed: lib/gopher.c -> lib/curl_gopher.c renamed: lib/gtls.c -> lib/curl_gtls.c renamed: lib/hash.c -> lib/curl_hash.c renamed: lib/hmac.c -> lib/curl_hmac.c renamed: lib/hostasyn.c -> lib/curl_hostasyn.c renamed: lib/hostcheck.c -> lib/curl_hostcheck.c renamed: lib/hostip.c -> lib/curl_hostip.c renamed: lib/hostip4.c -> lib/curl_hostip4.c renamed: lib/hostip6.c -> lib/curl_hostip6.c renamed: lib/hostsyn.c -> lib/curl_hostsyn.c renamed: lib/http.c -> lib/curl_http.c renamed: lib/http_chunks.c -> lib/curl_http_chunks.c renamed: lib/http_digest.c -> lib/curl_http_digest.c renamed: lib/http_negotiate.c -> lib/curl_http_negotiate.c renamed: lib/http_negotiate_sspi.c -> lib/curl_http_negotiate_sspi.c renamed: lib/http_proxy.c -> lib/curl_http_proxy.c renamed: lib/idn_win32.c -> lib/curl_idn_win32.c renamed: lib/if2ip.c -> lib/curl_if2ip.c renamed: lib/imap.c -> lib/curl_imap.c renamed: lib/inet_ntop.c -> lib/curl_inet_ntop.c renamed: lib/inet_pton.c -> lib/curl_inet_pton.c renamed: lib/krb4.c -> lib/curl_krb4.c renamed: lib/krb5.c -> lib/curl_krb5.c renamed: lib/ldap.c -> lib/curl_ldap.c renamed: lib/llist.c -> lib/curl_llist.c renamed: lib/md4.c -> lib/curl_md4.c renamed: lib/md5.c -> lib/curl_md5.c renamed: lib/memdebug.c -> lib/curl_memdebug.c renamed: lib/mprintf.c -> lib/curl_mprintf.c renamed: lib/multi.c -> lib/curl_multi.c renamed: lib/netrc.c -> lib/curl_netrc.c renamed: lib/non-ascii.c -> lib/curl_non_ascii.c renamed: lib/curl_non-ascii.h -> lib/curl_non_ascii.h renamed: lib/nonblock.c -> lib/curl_nonblock.c renamed: lib/nss.c -> lib/curl_nss.c renamed: lib/nwlib.c -> lib/curl_nwlib.c renamed: lib/nwos.c -> lib/curl_nwos.c renamed: lib/openldap.c -> lib/curl_openldap.c renamed: lib/parsedate.c -> lib/curl_parsedate.c renamed: lib/pingpong.c -> lib/curl_pingpong.c renamed: lib/polarssl.c -> lib/curl_polarssl.c renamed: lib/pop3.c -> lib/curl_pop3.c renamed: lib/progress.c -> lib/curl_progress.c renamed: lib/qssl.c -> lib/curl_qssl.c renamed: lib/rawstr.c -> lib/curl_rawstr.c renamed: lib/rtsp.c -> lib/curl_rtsp.c renamed: lib/security.c -> lib/curl_security.c renamed: lib/select.c -> lib/curl_select.c renamed: lib/sendf.c -> lib/curl_sendf.c renamed: lib/share.c -> lib/curl_share.c renamed: lib/slist.c -> lib/curl_slist.c renamed: lib/smtp.c -> lib/curl_smtp.c renamed: lib/socks.c -> lib/curl_socks.c renamed: lib/socks_gssapi.c -> lib/curl_socks_gssapi.c renamed: lib/socks_sspi.c -> lib/curl_socks_sspi.c renamed: lib/speedcheck.c -> lib/curl_speedcheck.c renamed: lib/splay.c -> lib/curl_splay.c renamed: lib/ssh.c -> lib/curl_ssh.c renamed: lib/sslgen.c -> lib/curl_sslgen.c renamed: lib/ssluse.c -> lib/curl_ssluse.c renamed: lib/strdup.c -> lib/curl_strdup.c renamed: lib/strequal.c -> lib/curl_strequal.c renamed: lib/strerror.c -> lib/curl_strerror.c renamed: lib/strtok.c -> lib/curl_strtok.c renamed: lib/strtoofft.c -> lib/curl_strtoofft.c renamed: lib/telnet.c -> lib/curl_telnet.c renamed: lib/tftp.c -> lib/curl_tftp.c renamed: lib/timeval.c -> lib/curl_timeval.c renamed: lib/transfer.c -> lib/curl_transfer.c renamed: lib/url.c -> lib/curl_url.c renamed: lib/version.c -> lib/curl_version.c renamed: lib/warnless.c -> lib/curl_warnless.c renamed: lib/wildcard.c -> lib/curl_wildcard.c ----------------------------------------
* build: make use of 76 lib/*.h renamed filesYang Tse2012-12-281-9/+9
| | | | | | 76 private header files renamed to use our standard naming scheme. This change affects 322 files in libcurl's source tree.
* setup_once.h: refactor inclusion of <unistd.h> and <sys/socket.h>Yang Tse2012-12-141-4/+1
| | | | Inclusion of top two most included header files now done in setup_once.h
* lib/socks.c: Merged two size variables into oneMarc Hoersken2012-10-041-16/+15
|
* lib/socks.c: Avoid type conversions where possibleMarc Hoersken2012-10-041-16/+15
| | | | | Streamlined variable names and types to avoid type conversions that may result in data being lost on non 32-bit systems.
* socks.c: Fixed warning: conversion to 'int' from 'long unsigned int'Marc Hoersken2012-09-141-1/+1
|
* socks.c: Check that IPv6 is enabled before using it's featuresMarc Hoersken2012-09-141-0/+4
|
* checksrc: Fixed line length and comment indentationMarc Hoersken2012-09-141-3/+3
|
* socks.c: Updated error messages to handle hostname and IPv6Marc Hoersken2012-09-141-1/+25
|
* socks.c: Added support for IPv6 connections through SOCKSv5 proxyMarc Hoersken2012-09-141-31/+34
|
* SOCKS: truly disable it if CURL_DISABLE_PROXY is definedDaniel Stenberg2012-09-061-1/+1
| | | | | | Bug: http://curl.haxx.se/bug/view.cgi?id=3561305 Patch by: Marcel Raad
* fix bool variables checking and assignmentYang Tse2011-09-051-1/+1
|
* Curl_SOCKS4: minor code compressionDaniel Stenberg2011-08-181-4/+1
|
* SOCKS: fix the connect timeoutDaniel Stenberg2011-08-081-24/+11
| | | | | | | The connect timeout logic when using SOCKS was done wrong Bug: http://curl.haxx.se/mail/lib-2011-07/0177.html Reported by: "Spoon Man"
* stdio.h, stdlib.h, string.h, stdarg.h and ctype.h inclusion done in setup_once.hYang Tse2011-07-261-4/+0
|
* Curl_socket_ready: make timeout a 'long'Daniel Stenberg2011-06-041-3/+3
| | | | | It was mostly typecasted to int all over the code so switching to long instead all over should be a net gain.
* socks: fix unaligned memory accessYang Tse2011-05-261-9/+13
|
* proxy: allow socks:// prefix in proxy stringDaniel Stenberg2011-04-281-1/+1
| | | | Inspired by a patch from OB.Conseil. Added test case 708 to verify.
* source cleanup: unify look, style and indent levelsDaniel Stenberg2011-04-271-12/+13
| | | | | By the use of a the new lib/checksrc.pl script that checks that our basic source style rules are followed.
* async resolvers: further cleanupsDaniel Stenberg2011-04-251-2/+2
| | | | | | | | asyn-ares.c and asyn-thread.c are two separate backends that implement the same (internal) async resolver API for libcurl to use. Backend is specified at build time. The internal resolver API is defined in asyn.h for asynch resolvers.
* Fix a couple of spelling errors in lib/Fabian Keil2011-04-211-2/+2
| | | | Found with codespell.
View Lorry Controller Status