summaryrefslogtreecommitdiff
path: root/lib/urldata.h
Commit message (Collapse)AuthorAgeFilesLines
* openssl: CURLSSLOPT_NO_PARTIALCHAIN can disable partial cert chainsDaniel Stenberg2019-12-031-0/+1
| | | | Closes #4655
* doh: use dedicated probe slotsNiall2019-11-281-1/+19
| | | | | | ... to easier allow additional DNS transactions. Closes #4629
* lib: Move lib/ssh.h -> lib/vssh/ssh.hJay Satiro2019-11-171-1/+1
| | | | | | Follow-up to 5b2d703 which moved ssh source files to vssh. Closes https://github.com/curl/curl/pull/4609
* cookies: using a share with cookies shouldn't enable the cookie engineDaniel Stenberg2019-09-281-0/+1
| | | | | | | | | | | | | | | | | The 'share object' only sets the storage area for cookies. The "cookie engine" still needs to be enabled or activated using the normal cookie options. This caused the curl command line tool to accidentally use cookies without having been told to, since curl switched to using shared cookies in 7.66.0. Test 1166 verifies Updated test 506 Fixes #4429 Closes #4434
* url: don't set appconnect time for non-ssl/non-ssh connectionsJay Satiro2019-09-261-0/+1
| | | | | | | | | | | | | | | | Prior to this change non-ssl/non-ssh connections that were reused set TIMER_APPCONNECT [1]. Arguably that was incorrect since no SSL/SSH handshake took place. [1]: TIMER_APPCONNECT is publicly known as CURLINFO_APPCONNECT_TIME in libcurl and %{time_appconnect} in the curl tool. It is documented as "the time until the SSL/SSH handshake is completed". Reported-by: Marcel Hernandez Ref: https://github.com/curl/curl/issues/3760 Closes https://github.com/curl/curl/pull/3773
* urldata: use 'bool' for the bit type on MSVC compilersDaniel Stenberg2019-09-211-193/+197
| | | | | Closes #4387 Fixes #4379
* url: only reuse TLS connections with matching pinningDaniel Stenberg2019-09-191-0/+1
| | | | | | | | | | If the requests have different CURLOPT_PINNEDPUBLICKEY strings set, the connection should not be reused. Bug: https://curl.haxx.se/mail/lib-2019-09/0061.html Reported-by: Sebastian Haglund Closes #4347
* urldata: avoid 'generic', use dedicated pointersDaniel Stenberg2019-09-031-1/+4
| | | | | | For the 'proto' union within the connectdata struct. Closes #4290
* http: fix use of credentials from URL when using HTTP proxyDaniel Stenberg2019-08-161-0/+3
| | | | | | | | | | | | | | | | When a username and password are provided in the URL, they were wrongly removed from the stored URL so that subsequent uses of the same URL wouldn't find the crendentials. This made doing HTTP auth with multiple connections (like Digest) mishave. Regression from 46e164069d1a5230 (7.62.0) Test case 335 added to verify. Reported-by: Mike Crowe Fixes #4228 Closes #4229
* ngtcp2: do QUIC connections happy-eyeballs friendlyDaniel Stenberg2019-08-141-1/+2
|
* alt-svc: send Alt-Used: in redirected requestsDaniel Stenberg2019-08-081-0/+1
| | | | | | | | | | | | | | | RFC 7838 section 5: When using an alternative service, clients SHOULD include an Alt-Used header field in all requests. Removed CURLALTSVC_ALTUSED again (feature is still EXPERIMENTAL thus this is deemed ok). You can disable sending this header just like you disable any other HTTP header in libcurl. Closes #4199
* CURLOPT_HTTP_VERSION: seting this to 3 forces HTTP/3 use directlyDaniel Stenberg2019-08-081-1/+0
| | | | | | | | | | | | Even though it cannot fall-back to a lower HTTP version automatically. The safer way to upgrade remains via CURLOPT_ALTSVC. CURLOPT_H3 no longer has any bits that do anything and might be removed before we remove the experimental label. Updated the curl tool accordingly to use "--http3". Closes #4197
* CURLINFO_RETRY_AFTER: parse the Retry-After header valueDaniel Stenberg2019-08-071-1/+1
| | | | | | | | This is only the libcurl part that provides the information. There's no user of the parsed value. This change includes three new tests for the parser. Ref: #3794
* quiche: make use of the connection timeout API properlyDaniel Stenberg2019-08-071-0/+1
|
* sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZIDSteve Holme2019-08-061-1/+3
| | | | | | | | | | | | | | | | | Added the ability for the calling program to specify the authorisation identity (authzid), the identity to act as, in addition to the authentication identity (authcid) and password when using SASL PLAIN authentication. Fixes #3653 Closes #3790 NOTE: This commit was cherry-picked and is part of a series of commits that added the authzid feature for upcoming 7.66.0. The series was temporarily reverted in db8ec1f so that it would not ship in a 7.65.x patch release. Closes https://github.com/curl/curl/pull/4186
* timediff: make it 64 bit (if possible) even with 32 bit time_tDaniel Stenberg2019-08-011-9/+9
| | | | | | | ... to make it hold microseconds too. Fixes #4165 Closes #4168
* cleanup: remove the 'numsocks' argument used in many placesDaniel Stenberg2019-07-301-8/+4
| | | | | | | | | It was used (intended) to pass in the size of the 'socks' array that is also passed to these functions, but was rarely actually checked/used and the array is defined to a fixed size of MAX_SOCKSPEREASYHANDLE entries that should be used instead. Closes #4169
* HTTP3: initial (experimental) supportDaniel Stenberg2019-07-211-1/+11
| | | | | | | | | USe configure --with-ngtcp2 or --with-quiche Using either option will enable a HTTP3 build. Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me> Closes #3500
* multi: make sure 'data' can present in several sockhash entriesDaniel Stenberg2019-06-101-2/+0
| | | | | | | | | | | | | | | | | | | Since more than one socket can be used by each transfer at a given time, each sockhash entry how has its own hash table with transfers using that socket. In addition, the sockhash entry can now be marked 'blocked = TRUE'" which then makes the delete function just set 'removed = TRUE' instead of removing it "for real", as a way to not rip out the carpet under the feet of a parent function that iterates over the transfers of that same sockhash entry. Reported-by: Tom van der Woerdt Fixes #3961 Fixes #3986 Fixes #3995 Fixes #4004 Closes #3997
* ssl: Update outdated "openssl-only" comments for supported backendsFrank Gevaerts2019-06-041-2/+3
| | | | | | | These are for features that used to be openssl-only but were expanded over time to support other SSL backends. Closes #3985
* http: don't parse body-related headers bodyless responsesMichael Kaufmann2019-06-021-2/+2
| | | | | | | | | | | | | | | | | | | Responses with status codes 1xx, 204 or 304 don't have a response body. For these, don't parse these headers: - Content-Encoding - Content-Length - Content-Range - Last-Modified - Transfer-Encoding This change ensures that HTTP/2 upgrades work even if a "Content-Length: 0" or a "Transfer-Encoding: chunked" header is present. Co-authored-by: Daniel Stenberg Closes #3702 Fixes #3968 Closes #3977
* multi: track users of a socket betterDaniel Stenberg2019-05-281-0/+1
| | | | | | | | | | | | | | They need to be removed from the socket hash linked list with more care. When sh_delentry() is called to remove a sockethash entry, remove all individual transfers from the list first. To enable this, each Curl_easy struct now stores a pointer to the sockethash entry to know how to remove itself. Reported-by: Tom van der Woerdt and Kunal Ekawde Fixes #3952 Fixes #3904 Closes #3953
* Revert all SASL authzid (new feature) commitsJay Satiro2019-05-251-3/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Revert all commits related to the SASL authzid feature since the next release will be a patch release, 7.65.1. Prior to this change CURLOPT_SASL_AUTHZID / --sasl-authzid was destined for the next release, assuming it would be a feature release 7.66.0. However instead the next release will be a patch release, 7.65.1 and will not contain any new features. After the patch release after the reverted commits can be restored by using cherry-pick: git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690 Details for all reverted commits: Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()." This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a. Revert "tests: Fix the line endings for the SASL alt-auth tests" This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221. Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples" This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75. Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool" This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817. Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID" This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.
* sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZIDSteve Holme2019-05-221-1/+3
| | | | | | | | | | Added the ability for the calling program to specify the authorisation identity (authzid), the identity to act as, in addition to the authentication identity (authcid) and password when using SASL PLAIN authentication. Fixed #3653 Closes #3790
* libcurl: #ifdef away more code for disabled features/protocolsDaniel Stenberg2019-05-171-7/+13
|
* http_negotiate: Move the Negotiate state out of the negotiatedata structureSteve Holme2019-05-151-3/+4
| | | | | | | Given that this member variable is not used by the SASL based protocols there is no need to have it here. Closes #3882
* http_ntlm: Move the NTLM state out of the ntlmdata structureSteve Holme2019-05-151-1/+3
| | | | | Given that this member variable is not used by the SASL based protocols there is no need to have it here.
* url: Move the negotiate state type into a dedicated enumSteve Holme2019-05-151-3/+9
|
* wildcard: disable from build when FTP isn't presentDaniel Stenberg2019-05-131-0/+2
|
* http: CURL_DISABLE_HTTP_AUTHDaniel Stenberg2019-05-131-1/+0
|
* doh: CURL_DISABLE_DOHDaniel Stenberg2019-05-131-0/+2
|
* ssh: define USE_SSH if SSH is enabled (any backend)Daniel Stenberg2019-05-061-1/+1
| | | | Closes #3846
* process_pending_handles: mark queued transfers as previously pendingDaniel Stenberg2019-05-011-0/+1
| | | | | | | | | With transfers being queued up, we only move one at a a time back to the CONNECT state but now we mark moved transfers so that when a moved transfer is confirmed "successful" (it connected) it will trigger the move of another pending transfer. Previously, it would otherwise wait until the transfer was done before doing this. This makes queued up pending transfers get processed (much) faster.
* CURL_MAX_INPUT_LENGTH: largest acceptable string input sizeDaniel Stenberg2019-04-291-0/+4
| | | | | | | | | | | | | | | | | This limits all accepted input strings passed to libcurl to be less than CURL_MAX_INPUT_LENGTH (8000000) bytes, for these API calls: curl_easy_setopt() and curl_url_set(). The 8000000 number is arbitrary picked and is meant to detect mistakes or abuse, not to limit actual practical use cases. By limiting the acceptable string lengths we also reduce the risk of integer overflows all over. NOTE: This does not apply to `CURLOPT_POSTFIELDS`. Test 1559 verifies. Closes #3805
* CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuseDaniel Stenberg2019-04-211-0/+3
| | | | | | | | | ... and disconnect too old ones instead of trying to reuse. Default max age is set to 118 seconds. Ref: #3722 Closes #3782
* CURLOPT_DNS_USE_GLOBAL_CACHE: removeDaniel Stenberg2019-04-111-2/+0
| | | | | | | | Remove the code too. The functionality has been disabled in code since 7.62.0. Setting this option will from now on simply be ignored and have no function. Closes #3654
* pipelining: removedDaniel Stenberg2019-04-061-21/+7
| | | | | | | As previously planned and documented in DEPRECATE.md, all pipelining code is removed. Closes #3651
* resolve: apply Happy Eyeballs philosophy to parallel c-ares queriesBrad Spencer2019-03-271-0/+1
| | | | Closes #3699
* Negotiate: fix for HTTP POST with NegotiateDominik Hölzl2019-03-141-6/+12
| | | | | | | | | | | | | | | | | | | | | | | | * Adjusted unit tests 2056, 2057 * do not generally close connections with CURLAUTH_NEGOTIATE after every request * moved negotiatedata from UrlState to connectdata * Added stream rewind logic for CURLAUTH_NEGOTIATE * introduced negotiatedata::GSS_AUTHDONE and negotiatedata::GSS_AUTHSUCC * Consider authproblem state for CURLAUTH_NEGOTIATE * Consider reuse_forbid for CURLAUTH_NEGOTIATE * moved and adjusted negotiate authentication state handling from output_auth_headers into Curl_output_negotiate * Curl_output_negotiate: ensure auth done is always set * Curl_output_negotiate: Set auth done also if result code is GSS_S_CONTINUE_NEEDED/SEC_I_CONTINUE_NEEDED as this result code may also indicate the last challenge request (only works with disabled Expect: 100-continue and CURLOPT_KEEP_SENDING_ON_ERROR -> 1) * Consider "Persistent-Auth" header, detect if not present; Reset/Cleanup negotiate after authentication if no persistent authentication * apply changes introduced with #2546 for negotiate rewind logic Fixes #1261 Closes #1975
* alt-svc: the libcurl bitsDaniel Stenberg2019-03-031-0/+6
|
* urldata: simplify bytecountersDaniel Stenberg2019-03-011-12/+9
| | | | | | | | | | | | | - no need to have them protocol specific - no need to set pointers to them with the Curl_setup_transfer() call - make Curl_setup_transfer() operate on a transfer pointer, not connection - switch some counters from long to the more proper curl_off_t type Closes #3627
* Curl_easy: remove req.maxfd - never used!Daniel Stenberg2019-02-281-1/+0
| | | | | | | Introduced in 8b6314ccfb, but not used anymore in current code. Unclear since when. Closes #3626
* urldata: convert bools to bitfields and move to endDaniel Stenberg2019-02-271-253/+224
| | | | | | | | | | | | This allows the compiler to pack and align the structs better in memory. For a rather feature-complete build on x86_64 Linux, gcc 8.1.2 makes the Curl_easy struct 4.9% smaller. From 6312 bytes to 6000. Removed an unused struct field. No functionality changes. Closes #3610
* strerror: make the strerror function use local buffersDaniel Stenberg2019-02-261-1/+0
| | | | | | | | | | | | | | | | Instead of using a fixed 256 byte buffer in the connectdata struct. In my build, this reduces the size of the connectdata struct by 11.8%, from 2160 to 1904 bytes with no functionality or performance loss. This also fixes a bug in schannel's Curl_verify_certificate where it called Curl_sspi_strerror when it should have called Curl_strerror for string from GetLastError. the only effect would have been no text or the wrong text being shown for the error. Co-authored-by: Jay Satiro Closes #3612
* connection: never reuse CONNECT_ONLY conectionsDaniel Stenberg2019-02-191-0/+1
| | | | | | | | and make CONNECT_ONLY conections never reuse any existing ones either. Reported-by: Pavel Löbl Bug: https://curl.haxx.se/mail/lib-2019-02/0064.html Closes #3586
* gssapi: fix deprecated header warningsDaniel Stenberg2019-02-141-2/+4
| | | | | | Heimdal includes on FreeBSD spewed out lots of them. Less so now. Closes #3566
* pretransfer: don't strlen() POSTFIELDS set for GET requestsDaniel Stenberg2019-02-121-1/+0
| | | | | | | | ... since that data won't be used in the request anyway. Fixes #3548 Reported-by: Renaud Allard Close #3549
* spnego_sspi: add support for channel bindinggeorgeok2019-02-011-0/+6
| | | | | | | | | | Attempt to add support for Secure Channel binding when negotiate authentication is used. The problem to solve is that by default IIS accepts channel binding and curl doesn't utilise them. The result was a 401 response. Scope affects only the Schannel(winssl)-SSPI combination. Fixes https://github.com/curl/curl/issues/3503 Closes https://github.com/curl/curl/pull/3509
* ntlm_sspi: add support for channel bindinggeorgeok2019-01-191-0/+6
| | | | | | | | | Windows extended potection (aka ssl channel binding) is required to login to ntlm IIS endpoint, otherwise the server returns 401 responses. Fixes #3280 Closes #3321
* urldata: rename easy_conn to just connDaniel Stenberg2019-01-111-1/+1
| | | | | | | | | | | | | | | We use "conn" everywhere to be a pointer to the connection. Introduces two functions that "attaches" and "detaches" the connection to and from the transfer. Going forward, we should favour using "data->conn" (since a transfer always only has a single connection or none at all) to "conn->data" (since a connection can have none, one or many transfers associated with it and updating conn->data to be correct is error prone and a frequent reason for internal issues). Closes #3442