| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Hook the new (1.11.0 or newer) libssh2 support for setting a read timeout
into the SERVER_RESPONSE_TIMEOUT option. With this done, clients can use
the standard curl response timeout setting to also control the time that
libssh2 will wait for packets from a slow server. This is necessary to
enable use of very slow SFTP servers.
Signed-off-by: Daniel Silverstone <daniel.silverstone@codethink.co.uk>
Closes #10965
|
| |
|
|
|
| |
Reported-by: Wei Chong Tan
Closes #11088
|
| |
|
|
|
|
| |
Reported-by: Andreas Huebner
Fixes #11020
Closes #11039
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Always set the libssh2 'abstract' user-pointer to the libcurl easy
handle associated with the ssh session, so it is always passed to the
ssh keyboard callback.
Prior to this change and since 8b5f100 (precedes curl 8.0.0), if libcurl
was built without CURL_DEBUG then it could crash during the ssh auth
phase due to a null dereference in the ssh keyboard callback.
Reported-by: Andreas Falkenhahn
Fixes https://github.com/curl/curl/pull/11024
Closes https://github.com/curl/curl/pull/11026
|
| |
|
|
|
|
|
|
| |
By making sure we set state.upload based on the set.method value and not
independently as set.upload, we reduce confusion and mixup risks, both
internally and externally.
Closes #11017
|
| |
|
|
|
|
| |
When building lines to show for SFTP directory listings.
Closes #10778
|
| |
|
|
| |
Closes #10777
|
| |
|
|
|
|
|
|
|
|
| |
This makes us debug libssh2 less and libcurl more when for example
running torture tests that otherwise will spend a lot of time in libssh2
functions.
We leave libssh2 to test libssh2.
Closes #10721
|
| |
|
|
|
|
|
|
|
|
|
|
| |
- they are mostly pointless in all major jurisdictions
- many big corporations and projects already don't use them
- saves us from pointless churn
- git keeps history for us
- the year range is kept in COPYING
checksrc is updated to allow non-year using copyright statements
Closes #10205
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Refactoring of connection setup and happy eyeballing. Move
nghttp2. ngtcp2, quiche and msh3 into connection filters.
- eyeballing cfilter that uses sub-filters for performing parallel connects
- socket cfilter for all transport types, including QUIC
- QUIC implementations in cfilter, can now participate in eyeballing
- connection setup is more dynamic in order to adapt to what filter did
really connect. Relevant to see if a SSL filter needs to be added or
if SSL has already been provided
- HTTP/3 test cases similar to HTTP/2
- multiuse of parallel transfers for HTTP/3, tested for ngtcp2 and quiche
- Fix for data attach/detach in VTLS filters that could lead to crashes
during parallel transfers.
- Eliminating setup() methods in cfilters, no longer needed.
- Improving Curl_conn_is_alive() to replace Curl_connalive() and
integrated ssl alive checks into cfilter.
- Adding CF_CNTRL_CONN_INFO_UPDATE to tell filters to update
connection into and persist it at the easy handle.
- Several more cfilter related cleanups and moves:
- stream_weigth and dependency info is now wrapped in struct
Curl_data_priority
- Curl_data_priority members depend is available in HTTP2|HTTP3
- Curl_data_priority members depend on NGHTTP2 support
- handling init/reset/cleanup of priority part of url.c
- data->state.priority same struct, but shallow copy for compares only
- PROTOPT_STREAM has been removed
- Curl_conn_is_mulitplex() now available to check on capability
- Adding query method to connection filters.
- ngtcp2+quiche: implementing query for max concurrent transfers.
- Adding is_alive and keep_alive cfilter methods. Adding DATA_SETUP event.
- setting keepalive timestamp on connect
- DATA_SETUP is called after the connection has been completely
setup (but may not connected yet) to allow filters to initialize
data members they use.
- there is no socket to be had with msh3, it is unclear how select
shall work
- manual test via "curl --http3 https://curl.se" fail with "empty
reply from server".
- Various socket/conn related cleanups:
- Curl_socket is now Curl_socket_open and in cf-socket.c
- Curl_closesocket is now Curl_socket_close and in cf-socket.c
- Curl_ssl_use has been replaced with Cur_conn_is_ssl
- Curl_conn_tcp_accepted_set has been split into
Curl_conn_tcp_listen_set and Curl_conn_tcp_accepted_set
with a clearer purpose
Closes #10141
|
| |
|
|
|
|
|
|
|
|
| |
As is supported by recent libssh2, but should just be ignored by older
versions.
Reported-by: norbertmm on github
Assisted-by: norbertmm on github
Fixes #10143
Closes #10145
|
| |
|
|
|
|
|
| |
return CURLE_PEER_FAILED_VERIFICATION if verification with the callback
return a result different than CURLKHMATCH_OK
Closes #10034
|
| |
|
|
|
|
|
|
|
| |
Commit 3b16575ae938dec2a29454631a12aa52b6ab9c67 removed support for
building on Novell Netware, but a few leftover traces remained. This
removes the last bits.
Closes: #9966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- almost all backend calls pass the Curl_cfilter intance instead of
connectdata+sockindex
- ssl_connect_data is remove from struct connectdata and made internal
to vtls
- ssl_connect_data is allocated in the added filter, kept at cf->ctx
- added function to let a ssl filter access its ssl_primary_config and
ssl_config_data this selects the propert subfields in conn and data,
for filters added as plain or proxy
- adjusted all backends to use the changed api
- adjusted all backends to access config data via the exposed
functions, no longer using conn or data directly
cfilter renames for clear purpose:
- methods `Curl_conn_*(data, conn, sockindex)` work on the complete
filter chain at `sockindex` and connection `conn`.
- methods `Curl_cf_*(cf, ...)` work on a specific Curl_cfilter
instance.
- methods `Curl_conn_cf()` work on/with filter instances at a
connection.
- rebased and resolved some naming conflicts
- hostname validation (und session lookup) on SECONDARY use the same
name as on FIRST (again).
new debug macros and removing connectdata from function signatures where not
needed.
adapting schannel for new Curl_read_plain paramter.
Closes #9919
|
| |
|
|
|
|
|
| |
... instead of using 0 argument that allows decimal, hex or octal when
the number is documented and assumed to use base 10.
Closes #9933
|
| |
|
|
|
|
|
|
|
|
| |
This struct field MUST remain what the application set it to, so that
handle reuse and handle duplication work.
Instead, the request state bit 'no_body' is introduced for code flows
that need to change this in run-time.
Closes #9888
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- general construct/destroy in connectdata
- default implementations of callback functions
- connect: cfilters for connect and accept
- socks: cfilter for socks proxying
- http_proxy: cfilter for http proxy tunneling
- vtls: cfilters for primary and proxy ssl
- change in general handling of data/conn
- Curl_cfilter_setup() sets up filter chain based on data settings,
if none are installed by the protocol handler setup
- Curl_cfilter_connect() boot straps filters into `connected` status,
used by handlers and multi to reach further stages
- Curl_cfilter_is_connected() to check if a conn is connected,
e.g. all filters have done their work
- Curl_cfilter_get_select_socks() gets the sockets and READ/WRITE
indicators for multi select to work
- Curl_cfilter_data_pending() asks filters if the have incoming
data pending for recv
- Curl_cfilter_recv()/Curl_cfilter_send are the general callbacks
installed in conn->recv/conn->send for io handling
- Curl_cfilter_attach_data()/Curl_cfilter_detach_data() inform filters
and addition/removal of a `data` from their connection
- adding vtl functions to prevent use of Curl_ssl globals directly
in other parts of the code.
Reviewed-by: Daniel Stenberg
Closes #9855
|
| |
|
|
|
|
|
|
|
|
| |
/* like this */
/*not this*/
checksrc is updated accordingly
Closes #9828
|
| |
|
|
| |
Closes #9796
|
| |
|
|
|
|
|
|
|
|
| |
This flow extracted the wrong code (sftp code instead of ssh code), and
the code is sometimes (erroneously) returned as zero anyway, so skip
getting it and set a generic error.
Reported-by: David McLaughlin
Fixes #9737
Closes #9740
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Detecting headers and lib separately makes sense when headers come in
variations or with extra ones, but this wasn't the case here. These were
duplicate/parallel macros that we had to keep in sync with each other
for a working build. This patch leaves a single macro for each of these
dependencies:
- Rely on `HAVE_LIBZ`, delete parallel `HAVE_ZLIB_H`.
Also delete CMake logic making sure these two were in sync, along with
a toggle to turn off that logic, called `CURL_SPECIAL_LIBZ`.
Also delete stray `HAVE_ZLIB` defines.
There is also a `USE_ZLIB` variant in `lib/config-dos.h`. This patch
retains it for compatibility and deprecates it.
- Rely on `USE_LIBSSH2`, delete parallel `HAVE_LIBSSH2_H`.
Also delete `LIBSSH2_WIN32`, `LIBSSH2_LIBRARY` from
`winbuild/MakefileBuild.vc`, these have a role when building libssh2
itself. And `CURL_USE_LIBSSH`, which had no use at all.
Also delete stray `HAVE_LIBSSH2` defines.
- Rely on `USE_LIBSSH`, delete parallel `HAVE_LIBSSH_LIBSSH_H`.
Also delete `LIBSSH_WIN32`, `LIBSSH_LIBRARY` and `HAVE_LIBSSH` from
`winbuild/MakefileBuild.vc`, these were the result of copy-pasting the
libssh2 line, and were not having any use.
- Delete unused `HAVE_LIBPSL_H` and `HAVE_LIBPSL`.
Reviewed-by: Daniel Stenberg
Closes #9652
|
| |
|
|
|
|
|
|
|
|
|
| |
Instances of ISSPACE() use that should rather use ISBLANK(). I think
somewhat carelessly used because it sounds as if it checks for space or
whitespace, but also includes %0a to %0d.
For parsing purposes, we should only accept what we must and not be
overly liberal. It leads to surprises and surprises lead to bad things.
Closes #9432
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libssh 0.10.0 marks all SCP functions as "deprecated" which causes
compiler warnings and errors in our CI jobs and elsewhere. Ignore
deprecation warnings if 0.10.0 or later is found in the build.
If they actually remove the functions at a later point, then someone can
deal with that pain and functionality break then.
Fixes #9382
Closes #9383
|
| |
|
|
|
|
|
| |
When reading the symbolic link name for a file, we need to add the file
name to base path name.
Closes #9369
|
| |
|
|
| |
Closes #9328
|
| |
|
|
| |
Closes #9328
|
| |
|
|
|
|
|
|
|
|
|
| |
Since the libssh2 API uses 'long' to store the timestamp, it cannot
transfer >32bit times on Windows and 32bit architecture builds.
Avoid nasty surprises by instead not setting such time.
Spotted by Coverity
Closes #9325
|
| |
|
|
|
|
|
|
|
| |
The libssh API used caps the time to an unsigned 32bit variable. Avoid
nasty surprises by instead not setting such time.
Spotted by Coverity.
Closes #9324
|
| |
|
|
|
|
|
|
|
|
| |
Starting in libssh 0.10.0 ssh_disconnect() will no longer close our
socket. Instead it will be kept alive as we want it, and it is our
responsibility to close it later.
Ref: #8718
Ref: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/240
Closes #9021
|
| |
|
|
|
|
|
|
|
|
|
| |
Add licensing and copyright information for all files in this repository. This
either happens in the file itself as a comment header or in the file
`.reuse/dep5`.
This commit also adds a Github workflow to check pull requests and adapts
copyright.pl to the changes.
Closes #8869
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The callback set by CURLOPT_SSH_HOSTKEYFUNCTION is called to check
wether or not the connection should continue.
The host key is passed in argument with a custom handle for the
application.
It overrides CURLOPT_SSH_KNOWNHOSTS
Closes #7959
|
| |
|
|
|
|
|
|
| |
Unused header file
Reported-by: Illarion Taev
Fixes #8863
Closes #8866
|
| |
|
|
|
|
|
|
| |
CVE-2022-27782
Reported-by: Harry Sintonen
Bug: https://curl.se/docs/CVE-2022-27782.html
Closes #8825
|
| |
|
|
|
|
|
|
|
|
| |
Making it just skip the check unless exactly 32 is too brittle. Even if
the docs says it needs to be exactly 32, it is be safer to make the
comparison fail here instead.
Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1549461
Closes #8745
|
| |
|
|
|
|
| |
Reported-by: Harry Sintonen
Bug: https://hackerone.com/reports/1549435
Closes #8744
|
| |
|
|
|
|
|
|
| |
libssh closes the socket in ssh_diconnect() so make sure that libcurl
does not also close it.
Fixes #8708
Closes #8718
|
| |
|
|
|
|
| |
... from infof() and failf() calls. Make them less attention seeking.
Closes #8713
|
| |
|
|
|
|
|
|
|
|
| |
Ensure that all infof calls with a warning message are capitalized
in the same way. At some point we should probably set up a style-
guide for infof but until then let's aim for a little consistenncy
where we can.
Closes: #8711
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
| |
Test 604 and 606 (at least).
Closes #8490
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- If building libcurl against an old libssh version missing SSH_S_IFMT
and SSH_S_IFLNK then use the values from a supported version.
Prior to this change if libssh did not define SSH_S_IFMT and SSH_S_IFLNK
then S_IFMT and S_IFLNK, respectively, were used instead. The problem
with that is the user's S_ stat macros don't have the same values across
platforms. For example Windows has values different from Linux.
Follow-up to 7b0fd39.
Ref: https://github.com/curl/curl/pull/8511#discussion_r815292391
Ref: https://github.com/curl/curl/pull/8574
Closes https://github.com/curl/curl/pull/8588
|
| |
|
|
|
|
|
| |
... that don't have the SSH_S_* defines. Spotted on a machine using
libssh 0.7.3
Closes #8574
|
| |
|
|
|
|
| |
Reported-by: 梦终无痕
Bug: https://curl.se/mail/lib-2022-02/0131.html
Closes #8511
|
| |
|
|
|
|
|
| |
Since libssh2_socket_t uses SOCKET on windows which can be larger than
int.
Closes #8492
|
| |
|
|
|
|
| |
TPF was the only user and support for that was dropped.
Closes #8378
|
| |
|
|
| |
Closes #8133
|
| |
|
|
|
|
| |
- On mismatch error show sha256 fingerprint in base64 format.
Prior to this change the fingerprint was mistakenly printed in binary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
on implicit fallthrough cases, since the current coding of indicating
fallthrough with comments is falling out of fashion with new compilers.
This attempts to make the issue smaller by rewriting fallthroughs to no
longer fallthrough, via either breaking the cases or turning switch
statements into if statements.
lib/content_encoding.c: the fallthrough codepath is simply copied
into the case as it's a single line.
lib/http_ntlm.c: the fallthrough case skips a state in the state-
machine and fast-forwards to NTLMSTATE_LAST. Do this before the
switch statement instead to set up the states that we actually
want.
lib/http_proxy.c: the fallthrough is just falling into exiting the
switch statement which can be done easily enough in the case.
lib/mime.c: switch statement rewritten as if statement.
lib/pop3.c: the fallthrough case skips to the next state in the
statemachine, do this explicitly instead.
lib/urlapi.c: switch statement rewritten as if statement.
lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
machine, do this by running another iteration of the switch
statement instead.
lib/vtls/gtls.c: switch statement rewritten as if statement.
lib/vtls/nss.c: the fallthrough codepath is simply copied into the
case as it's a single line. Also twiddle a comment to not be
inside a non-brace if statement.
Closes: #7322
See-also: #7295
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
|
| |
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously this code used a compile time constant, meaning that libcurl
always reported the libssh2 version that libcurl was built with. This
could differ from the libssh2 version actually being used. The new code
uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
macro calls the libssh2_version function if it is available, otherwise
it falls back to the compile time version.
Closes https://github.com/curl/curl/pull/7768
|
| | |
|
