summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* URLs: change all http:// URLs to https://Daniel Stenberg2016-02-03251-259/+259
|
* dotdot: allow an empty input string tooDaniel Stenberg2016-02-021-1/+8
| | | | | | | It isn't used by the code in current conditions but for safety it seems sensible to at least not crash on such input. Extended unit test 1395 to verify this too as well as a plain "/" input.
* urldata: Error on missing SSL backend-specific connect infoGisle Vanem2016-01-291-20/+13
|
* urldata: moved common variable out of ifdefSergei Nikulov2016-01-281-10/+1
| | | | Closes https://github.com/bagder/curl/pull/618
* NTLM: Fix ConnectionExists to compare Proxy credentialsIsaac Boukris2016-01-261-22/+40
| | | | | | | | | | | | | | | Proxy NTLM authentication should compare credentials when re-using a connection similar to host authentication, as it authenticate the connection. Example: curl -v -x http://proxy:port http://host/ -U good_user:good_pwd --proxy-ntlm --next -x http://proxy:port http://host/ [-U fake_user:fake_pwd --proxy-ntlm] CVE-2016-0755 Bug: http://curl.haxx.se/docs/adv_20160127A.html
* mbedtls: Fix pinned key return value on failJay Satiro2016-01-181-49/+66
| | | | | | | | | | | | | | | | | | | | | | | - Switch from verifying a pinned public key in a callback during the certificate verification to inline after the certificate verification. The callback method had three problems: 1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH was not returned. 2. If peer certificate verification was disabled the pinned key verification did not take place as it should. 3. (related to #2) If there was no certificate of depth 0 the callback would not have checked the pinned public key. Though all those problems could have been fixed it would have made the code more complex. Instead we now verify inline after the certificate verification in mbedtls_connect_step2. Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html Ref: https://github.com/bagder/curl/pull/601
* ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULLKamil Dudka2016-01-151-2/+5
| | | | | | | | | | | | The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle empty strings specially since curl-7_25_0-31-g05a443a but the behavior was unintentionally removed in curl-7_38_0-47-gfa7d04f. This commit restores the original behavior and clarifies it in the documentation that NULL and "" have both the same meaning when passed to CURLOPT_SSH_PUBLIC_KEYFILE. Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html
* openssl: improved error detection/reportingDaniel Stenberg2016-01-141-25/+18
| | | | | | ... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL 1.1.0+ returned a new func number of another cerfificate fail so this required a fix and this is the better way to catch this error anyway.
* openssl: for 1.1.0+ they now provide a SSLeay() macro of their ownDaniel Stenberg2016-01-141-2/+1
|
* ConnectionExists: only do pipelining/multiplexing when askedDaniel Stenberg2016-01-111-3/+18
| | | | | | | | | | | When an HTTP/2 upgrade request fails (no protocol switch), it would previously detect that as still possible to pipeline on (which is acorrect) and do that when PIPEWAIT was enabled even if pipelining was not explictily enabled. It should only pipelined if explicitly asked to. Closes #584
* lib: Prefix URLs with lower-case protocol names/schemesMohammad AlSaleh2016-01-111-0/+5
| | | | | | | | | | | | | | | | | | Before this patch, if a URL does not start with the protocol name/scheme, effective URLs would be prefixed with upper-case protocol names/schemes. This behavior might not be expected by library users or end users. For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the URL is "hostname/path". The effective URL would be "HTTPS://hostname/path" instead of "https://hostname/path". After this patch, effective URLs would be prefixed with a lower-case protocol name/scheme. Closes #597 Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
* IDN host names: Remove the port number before converting to ACEMichael Kaufmann2016-01-111-7/+7
| | | | Closes #596
* mbedtls: implement CURLOPT_PINNEDPUBLICKEYThomas Glanzmann2016-01-102-1/+54
|
* url: Fix compile error with --enable-werrorTatsuhiro Tsujikawa2016-01-091-0/+2
|
* http2: Ensure that http2_handle_stream_close is calledTatsuhiro Tsujikawa2016-01-081-1/+12
| | | | | | | | | | | | | Previously, when HTTP/2 is enabled and used, and stream has content length known, Curl_read was not called when there was no bytes left to read. Because of this, we could not make sure that http2_handle_stream_close was called for every stream. Since we use http2_handle_stream_close to emit trailer fields, they were effectively ignored. This commit changes the code so that Curl_read is called even if no bytes left to read, to ensure that http2_handle_stream_close is called for every stream. Discussed in https://github.com/bagder/curl/pull/564
* http2: handle the received SETTINGS frameDaniel Stenberg2016-01-081-29/+25
| | | | | | | | This regression landed in 5778e6f5 and made libcurl not act on received settings and instead stayed with its internal defaults. Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html Reported-by: Bankde
* Revert "multiplex: allow only once HTTP/2 is actually used"Daniel Stenberg2016-01-081-4/+3
| | | | | | This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36. Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
* http2: Fix PUSH_PROMISE headers being treated as trailersTatsuhiro Tsujikawa2016-01-081-17/+17
| | | | Discussed in https://github.com/bagder/curl/pull/564
* connection reuse: IDN host names fixedMichael Kaufmann2016-01-081-26/+30
| | | | | | | Use the ACE form of IDN hostnames as key in the connection cache. Add new tests. Closes #592
* mbedtls: Fix ALPN supportJay Satiro2016-01-071-13/+23
| | | | | | | | | - Fix ALPN reply detection. - Wrap nghttp2 code in ifdef USE_NGHTTP2. Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.
* http2: Fix client write for trailers on stream closeJay Satiro2016-01-061-12/+14
| | | | | | | Check that the trailer buffer exists before attempting a client write for trailers on stream close. Refer to comments in https://github.com/bagder/curl/pull/564
* ConnectionExists: add missing newline in infof() callDaniel Stenberg2016-01-061-1/+1
| | | | Mistake from commit a464f33843ee1
* multiplex: allow only once HTTP/2 is actually usedDaniel Stenberg2016-01-061-3/+4
| | | | | | | | | | To make sure curl doesn't allow multiplexing before a connection is upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the connection uses HTTP/2 as well and not only check what's wanted. Closes #584 Patch-by: c0ff
* ftplistparser.c: fix handling of file LISTings using Windows EOLMarc Hoersken2015-12-231-4/+2
| | | | | | | | Previously file.txt[CR][LF] would have been returned as file.tx (without the last t) if filetype is symlink. Now the t is included and the internal item_length includes the zero byte. Spotted using test 576 on Windows.
* ConnectionExists: with *PIPEWAIT, wait for connectionsAnders Bakken2015-12-231-0/+10
| | | | | | | | Try harder to prevent libcurl from opening up an additional socket when CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS handshakes complete first before the decision is made. Closes #575
* cyassl: deal with lack of *get_peer_certificateDaniel Stenberg2015-12-161-0/+6
| | | | | | | | | | The function is only present in wolfssl/cyassl if it was built with --enable-opensslextra. With these checks added, pinning support is disabled unless the TLS lib has that function available. Also fix the mistake in configure that checks for the wrong lib name. Closes #566
* wolfssl: handle builds without SSLv3 supportDaniel Stenberg2015-12-161-0/+7
|
* http2: Support trailer fieldsTatsuhiro Tsujikawa2015-12-153-13/+71
| | | | | | | | | | | | | | | | | | | | | | | This commit adds trailer support in HTTP/2. In HTTP/1.1, chunked encoding must be used to send trialer fields. HTTP/2 deprecated any trandfer-encoding, including chunked. But trailer fields are now always available. Since trailer fields are relatively rare these days (gRPC uses them extensively though), allocating buffer for trailer fields is done when we detect that HEADERS frame containing trailer fields is started. We use Curl_add_buffer_* functions to buffer all trailers, just like we do for regular header fields. And then deliver them when stream is closed. We have to be careful here so that all data are delivered to upper layer before sending trailers to the application. We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE mechanism, but current method is far more simple. Another possibility is use chunked encoding internally for HTTP/2 traffic. I have not tested it, but it could add another overhead. Closes #564
* x509asn1: Fix host altname verificationJay Satiro2015-12-151-8/+4
| | | | | | | | | | - In Curl_verifyhost check all altnames in the certificate. Prior to this change only the first altname was checked. Only the GSKit SSL backend was affected by this bug. Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html Reported-by: John Kohl
* cyassl: fix compiler warning on type conversionDaniel Stenberg2015-12-151-1/+1
|
* setstropt: const-correctnessAnders Bakken2015-12-141-10/+10
| | | | Closes #565
* libressl: the latest openssl x509 funcs are not in libresslDaniel Stenberg2015-12-141-2/+4
|
* http: add libcurl option to allow HTTP/2 for HTTPS onlyDaniel Stenberg2015-12-137-21/+23
| | | | | ... and stick to 1.1 for HTTP. This is in line with what browsers do and should have very little risk.
* openssl: adapt to openssl >= 1.1.0 X509 opaque structsDaniel Stenberg2015-12-101-14/+38
| | | | Closes #491
* openssl: avoid BIO_reset() warnings since it returns a valueDaniel Stenberg2015-12-101-3/+4
|
* openssl: adapt to 1.1.0+ name changesDaniel Stenberg2015-12-101-0/+6
|
* fix b6d5cb40d7038feDaniel Stenberg2015-12-091-2/+0
|
* http2: Fix hanging paused streamTatsuhiro Tsujikawa2015-12-081-0/+9
| | | | | | | | | | | When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we might not process DATA frame fully. Calling nghttp2_session_mem_recv() again will continue to process DATA frame, but if there is no incoming frames, then we have to call it again with 0-length data. Without this, on_stream_close callback will not be called, and stream could be hanged. Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html Reported-by: Francisco Moraes
* build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGSChristian Stewart2015-12-081-1/+1
| | | | | | | With curl disable verbose strings in http.c the compilation fails due to the data variable being undefined later on in the function. Closes #558
* config-win32: Fix warning HAVE_WINSOCK2_H undefinedGisle Vanem2015-12-071-1/+2
|
* openssl: BoringSSL doesn't have CONF_modules_freeGisle Vanem2015-12-071-1/+2
|
* lwip: Fix compatibility issues with later versionsGisle Vanem2015-12-074-12/+22
| | | | | | | | | | | | | | | | | | | | | | The name of the header guard in lwIP's <lwip/opt.h> has changed from '__LWIP_OPT_H__' to 'LWIP_HDR_OPT_H' (bug #35874 in May 2015). Other fixes: - In curl_setup.h, the problem with an old PSDK doesn't apply if lwIP is used. - In memdebug.h, the 'socket' should be undefined first due to lwIP's lwip_socket() macro. - In curl_addrinfo.c lwIP's getaddrinfo() + freeaddrinfo() macros need special handling because they were undef'ed in memdebug.h. - In select.c we can't use preprocessor conditionals inside select if MSVC and select is a macro, as it is with lwIP. http://curl.haxx.se/mail/lib-2015-12/0023.html http://curl.haxx.se/mail/lib-2015-12/0024.html
* version: Add flag CURL_VERSION_PSL for libpslGisle Vanem2015-12-071-0/+3
|
* formdata: Check if length is too large for memoryJay Satiro2015-12-071-4/+11
| | | | | | | | | | - If the size of the length type (curl_off_t) is greater than the size of the size_t type then check before allocating memory to make sure the value of length will fit in a size_t without overflow. If it doesn't then return CURLE_BAD_FUNCTION_ARGUMENT. Bug: https://github.com/bagder/curl/issues/425#issuecomment-154518679 Reported-by: Steve Holme
* Curl_read_plain: clean up ifdefs that break statementsFlavio Medeiros2015-11-301-2/+4
| | | | Closes #546
* http2: convert some verbose output into debug-only outputDaniel Stenberg2015-11-301-12/+12
|
* http2 push: add missing inits of new streamDaniel Stenberg2015-11-301-1/+7
| | | | | - set the correct stream_id for pushed streams - init maxdownload and size properly
* http2 push: set weight for new streamDaniel Stenberg2015-11-301-1/+3
| | | | | give the new stream the old one's stream_weight internally to avoid sending a PRIORITY frame unless asked for it
* curl_setup.h: undef freeaddrinfo in c-ares block to fix buildDaniel Stenberg2015-11-281-0/+1
| | | | Fixes warnings 78c25c854a added.
* nonblock: fix setting non-blocking mode for AmigaDaniel Stenberg2015-11-271-2/+2
| | | | | | | | | IoctlSocket() apparently wants a pointer to a long, passed as a char * in its third parameter. This bug was introduced already back in commit c5fdeef41d from October 1 2001! Bug: http://curl.haxx.se/mail/lib-2015-11/0088.html Reported-by: Norbert Kett
View Lorry Controller Status