summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* mbedtls: return CURLcode result instead of a mbedtls error codeMAntoniak2022-01-121-1/+1
| | | | | | ... when a certificate fails to be loaded from a blob Closes #8266
* openldap: implement SASL authenticationPatrick Monnerat2022-01-111-13/+309
| | | | | | | | | | | As credentials can be quite different depending on the mechanism used, there are no default mechanisms for LDAP and simple bind with a DN is then used. The caller has to provide mechanism(s) using CURLOPT_LOGIN_OPTIONS to enable SASL authentication and disable simple bind. Closes #8152
* mesalink: remove supportDaniel Stenberg2022-01-106-724/+5
| | | | | | | | | Mesalink has ceased development. We can no longer encourage use of it. It seems to be continued under the name TabbySSL, but no attempts have (yet) been to make curl support it. Fixes #8188 Closes #8191
* ldap: return CURLE_URL_MALFORMAT for bad URLDaniel Stenberg2022-01-102-7/+5
| | | | | | | | For consistency, use the same return code for URL malformats, independently of what scheme that is used. Previously this would return CURLE_LDAP_INVALID_URL, but starting now that error cannot be returned. Closes #8170
* rustls: add CURLOPT_CAINFO_BLOB supportStephen M. Coakley2022-01-101-3/+31
| | | | | | | | | | | | | | | Add support for `CURLOPT_CAINFO_BLOB` `CURLOPT_PROXY_CAINFO_BLOB` to the rustls TLS backend. Multiple certificates in a single PEM string are supported just like OpenSSL does with this option. This is compatible at least with rustls-ffi 0.8+ which is our new minimum version anyway. I was able to build and run this on Windows, pulling trusted certs from the system and then add them to rustls by setting `CURLOPT_CAINFO_BLOB`. Handy! Closes #8255
* url: given a user in the URL, find pwd for that user in netrcDaniel Stenberg2022-01-091-15/+31
| | | | | | | | Add test 380 and 381 to verify, edited test 133 Reported-by: Manfred Schwarb Fixes #8241 Closes #8243
* mbedtls: Fix ssl_init error with mbedTLS 3.1.0+Niels Martignène2022-01-091-6/+6
| | | | | | | | | | Since mbedTLS 3.1.0, mbedtls_ssl_setup() fails if the provided config struct is not valid. mbedtls_ssl_config_defaults() needs to be called before the config struct is passed to mbedtls_ssl_setup(). Closes #8238
* ngtcp2: fix declaration of ‘result’ shadows a previous localDaniel Stenberg2022-01-081-1/+0
| | | | | | Follow-up to 8fbd6feddfa587cfd3 Closes #8245
* openssl.h: avoid including OpenSSL headers hereDaniel Stenberg2022-01-081-3/+9
| | | | | | | | | ... by instead using the struct version of the typedef'ed pointer. To fix build errors when both Schannel and OpenSSL are enabled. Fixes #8240 Reported-by: Jan Ehrhardt Closes #8246
* openssl: copyright year updateDaniel Stenberg2022-01-071-1/+1
| | | | Follow-up to 30aea2b1ede
* openssl: check the return value of BIO_new_mem_buf()xkernel2022-01-071-1/+12
| | | | Closes #8233
* socks5: use appropriate ATYP for numerical IP address host namesDaniel Stenberg2022-01-031-5/+28
| | | | | | | | | | When not resolving the address locallly (known as socks5h). Add test 719 and 720 to verify. Reported-by: Peter Piekarski Fixes #8216 Closes #8217
* ftp: disable warning 4706 in MSVCDaniel Stenberg2022-01-031-1/+6
| | | | | | | | | Follow-up to 21248e052d Disabling "assignment within conditional expression" for MSVC needs to be done before the function starts, for it to take effect. Closes #8218
* mbedtls: fix private member designations for v3.1.0Valentin Richter2022-01-031-4/+4
| | | | | | | | | | | | | | "As a last resort, you can access the field foo of a structure bar by writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS." - https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md That future minor version is v3.1.0. I set the >= to == for the version checks because v3.1.0 is a release, and I am not sure when the private designation was reverted after v3.0.0. Closes #8214
* urlapi: if possible, shorten given numerical IPv6 addressesDaniel Stenberg2022-01-021-8/+18
| | | | | | Extended test 1560 to verify Closes #8206
* url: reduce ssl backend count for CURL_DISABLE_PROXY buildsMAntoniak2022-01-021-2/+11
| | | | Closes #8212
* misc: update copyright year rangeDaniel Stenberg2021-12-302-2/+2
|
* gtls: add gnutls include for the session typeDaniel Stenberg2021-12-291-1/+1
| | | | Follow-up to 8fbd6feddfa5 to make it build more universally
* http_proxy: don't close the socket (too early)Daniel Stenberg2021-12-292-2/+6
| | | | | | | | | | ... and double-check in the OpenSSL shutdown that the socket is actually still there before it is used. Fixes #8193 Closes #8195 Reported-by: Leszek Kubik
* ngtcp2: verify the server certificate for the gnutls caseDaniel Stenberg2021-12-283-17/+24
| | | | Closes #8178
* ngtcp2: verify the server cert on connect (quictls)Daniel Stenberg2021-12-284-13/+84
| | | | | | | | | | | | | | | Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and `CURLOPT_SSL_VERIFYHOST`. The name check now uses a function from lib/vtls/openssl.c which will need attention for when TLS is not done by OpenSSL or is disabled while QUIC is enabled. Possibly the servercert() function in openssl.c should be adjusted to be able to use for both regular TLS and QUIC. Ref: #8173 Closes #8178
* checksrc: detect more kinds of NULL comparisons we avoidDaniel Stenberg2021-12-2720-60/+60
| | | | | Co-authored-by: Jay Satiro Closes #8180
* mesalink: remove the BACKEND define kludgeDaniel Stenberg2021-12-261-43/+48
| | | | Closes #8183
* schannel: remove the BACKEND define kludgeDaniel Stenberg2021-12-261-187/+198
| | | | Closes #8182
* gtls: check return code for gnutls_alpn_set_protocolsDaniel Stenberg2021-12-261-1/+5
| | | | Closes #8181
* http: Fix CURLOPT_HTTP200ALIASESVladimir Panteleev2021-12-211-1/+1
| | | | | | | The httpcode < 100 check was also triggered when none of the fields were parsed, thus making the if(!nc) block unreachable. Closes #8171
* nss:set_cipher don't clobber the cipher listDaniel Stenberg2021-12-201-38/+40
| | | | | | | | | The string is set by the user and needs to remain intact for proper connection reuse etc. Reported-by: Eric Musser Fixes #8160 Closes #8161
* misc: s/e-mail/emailDaniel Stenberg2021-12-192-2/+2
| | | | | | Consistency is king. Following the lead in everything curl. Closes #8159
* openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+Jay Satiro2021-12-161-7/+14
| | | | | | | | | | | | | | | | | | | | | Prior to this change OpenSSL_version was only detected in configure builds. For other builds the old version parsing code was used which would result in incorrect versioning for OpenSSL 3: Before: curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11 WinIDN libssh2/1.9.0 After: curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11 WinIDN libssh2/1.9.0 Reported-by: lllaffer@users.noreply.github.com Fixes https://github.com/curl/curl/issues/8154 Closes https://github.com/curl/curl/pull/8155
* x509asn1: return early on errorsDaniel Stenberg2021-12-151-39/+88
| | | | | | | Overhaul to make sure functions that detect errors bail out early with error rather than trying to continue and risk hiding the problem. Closes #8147
* openldap: several minor improvementsPatrick Monnerat2021-12-151-79/+100
| | | | | | | | | | | | - Early check proper LDAP URL syntax. Reject URLs with a userinfo part. - Use dynamic memory for ldap_init_fd() URL rather than a stack-allocated buffer. - Never chase referrals: supporting it would require additional parallel connections and alternate authentication credentials. - Do not wait 1 microsecond while polling/reading query response data. - Store last received server code for retrieval with CURLINFO_RESPONSE_CODE. Closes #8140
* misc: remove unused doh flags when CURL_DISABLE_DOH is definedMAntoniak2021-12-154-1/+28
| | | | Closes #8148
* mbedtls: fix CURLOPT_SSLCERT_BLOBDaniel Stenberg2021-12-141-3/+10
| | | | | | | The memory passed to mbedTLS for this needs to be null terminated. Reported-by: Florian Van Heghe Closes #8146
* asyn-ares: ares_getaddrinfo needs no happy eyeballs timerDaniel Stenberg2021-12-141-0/+4
| | | | Closes #8142
* check ssl_config when re-use proxy connectionMrDwZ2021-12-141-7/+6
|
* mbedtls: do a separate malloc for ca_info_blobDaniel Stenberg2021-12-141-19/+17
| | | | | | | | | Since the mbedTLS API requires the data to the null terminated. Follow-up to 456c53730d21b1fad0c7f72c1817 Fixes #8139 Closes #8145
* openldap: simplify ldif generation codePatrick Monnerat2021-12-131-62/+47
| | | | | | | and take care of zero-length values, avoiding conversion to base64 and/or trailing spaces. Closes #8136
* sha256/md5: return errors when init failsx20182021-12-139-40/+73
| | | | Closes #8133
* openldap: process search query response messages one by onePatrick Monnerat2021-12-111-157/+114
| | | | | | | | Upon receiving large result sets, this reduces memory consumption and allows starting to output results while the transfer is still in progress. Closes #8101
* hash: lazy-alloc the table in Curl_hash_add()bagder/hash-lazyallocDaniel Stenberg2021-12-107-69/+68
| | | | | | This makes Curl_hash_init() infallible which saves error paths. Closes #8132
* multi: cleanup the socket hash when destroying itbagder/sockhash-destroyDaniel Stenberg2021-12-101-6/+27
| | | | | | | | | Since each socket hash entry may themselves have a hash table in them, the destroying of the socket hash needs to make sure all the subhashes are also correctly destroyed to avoid leaking memory. Fixes #8129 Closes #8131
* hash: add asserts to help detect bad usageDaniel Stenberg2021-12-091-2/+7
| | | | | | For example trying to add entries after the hash has been "cleaned up" Closes #8115
* multi: handle errors returned from socket/timer callbacksDaniel Stenberg2021-12-065-59/+131
| | | | | | | | | | | | The callbacks were partially documented to support this. Now the behavior is documented and returning error from either of these callbacks will effectively kill all currently ongoing transfers. Added test 530 to verify Reported-by: Marcelo Juchem Fixes #8083 Closes #8089
* http2:set_transfer_url() return early on OOMDaniel Stenberg2021-12-061-1/+4
| | | | | | | | | If curl_url() returns NULL this should return early to avoid mistakes - even if right now the subsequent function invokes are all OK. Coverity (wrongly) pointed out this as a NULL deref. Closes #8100
* openldap: implement STARTTLSPatrick Monnerat2021-12-062-6/+67
| | | | | | | As this introduces use of CURLOPT_USE_SSL option for LDAP, also check this option in ldap.c as it is not supported by this backend. Closes #8065
* urlapi: accept port number zeroDaniel Stenberg2021-12-031-3/+1
| | | | | | | | | | This is a regression since 7.62.0 (fb30ac5a2d). Updated test 1560 accordingly Reported-by: Brad Fitzpatrick Fixes #8090 Closes #8091
* mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOBFlorian Van Heghe2021-12-021-2/+7
| | | | | Fixes #8079 Closes #8081
* version_win32: Check build number and platform idWyatt O'Day2021-12-027-26/+76
| | | | | | | | | | | | | Prior to this change the build number was not checked during version comparison, and the platform id was supposed to be checked but wasn't. Checking the build number is required for enabling "evergreen" Windows 10/11 features (like TLS 1.3). Ref: https://github.com/curl/curl/pull/7784 Closes https://github.com/curl/curl/pull/7824 Closes https://github.com/curl/curl/pull/7867
* libssh2: fix error message for sha256 mismatchJay Satiro2021-12-021-1/+1
| | | | | | - On mismatch error show sha256 fingerprint in base64 format. Prior to this change the fingerprint was mistakenly printed in binary.
* openssl: check the return value of BIO_new()x20182021-12-011-0/+12
| | | | Closes #8078
View Lorry Controller Status