summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* checksrc: verify spaces around equals signsDaniel Stenberg2017-09-111-1/+17
| | | | ... as the code style mandates.
* Curl_checkheaders: make it available for IMAP and SMTP tooDaniel Stenberg2017-09-115-25/+30
| | | | | | ... not only HTTP uses this now. Closes #1875
* mbedtls: enable CA path processingJay Satiro2017-09-101-1/+1
| | | | | | | | CA path processing was implemented when mbedtls.c was added to libcurl in fe7590f, but it was never enabled. Bug: https://github.com/curl/curl/issues/1877 Reported-by: SBKarr@users.noreply.github.com
* rtsp: do not call fwrite() with NULL pointer FILE *Daniel Stenberg2017-09-081-0/+9
| | | | | | | | | | | If the default write callback is used and no destination has been set, a NULL pointer would be passed to fwrite()'s 4th argument. OSS-fuzz bug https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=3327 (not publicly open yet) Detected by OSS-fuzz Closes #1874
* http-proxy: when not doing CONNECT, that phase is done immediatelyDaniel Stenberg2017-09-071-1/+1
| | | | | | | | | `conn->connect_state` is NULL when doing a regular non-CONNECT request over the proxy and should therefor be considered complete at once. Fixes #1853 Closes #1862 Reported-by: Lawrence Wagerfield
* OpenSSL: fix yet another mistake while encapsulating SSL backend dataJohannes Schindelin2017-09-071-1/+3
| | | | | | | | | | | | Another mistake in my manual fixups of the largely mechanical search-and-replace ("connssl->" -> "BACKEND->"), just like the previous commit concerning HTTPS proxies (and hence not caught during my earlier testing). Fixes #1855 Closes #1871 Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* OpenSSL: fix erroneous SSL backend encapsulationJohannes Schindelin2017-09-071-2/+2
| | | | | | | | | | | | | | | | | | In d65e6cc4f (vtls: prepare the SSL backends for encapsulated private data, 2017-06-21), this developer prepared for a separation of the private data of the SSL backends from the general connection data. This conversion was partially automated (search-and-replace) and partially manual (e.g. proxy_ssl's backend data). Sadly, there was a crucial error in the manual part, where the wrong handle was used: rather than connecting ssl[sockindex]' BIO to the proxy_ssl[sockindex]', we reconnected proxy_ssl[sockindex]. The reason was an incorrect location to paste "BACKEND->"... d'oh. Reported by Jay Satiro in https://github.com/curl/curl/issues/1855. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: fix memory corruptionJay Satiro2017-09-071-0/+10
| | | | | | | | | | | | Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, 2017-07-28), the code handling HTTPS proxies was broken because the pointer to the SSL backend data was not swapped between conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but instead set to NULL (causing segmentation faults). [jes: provided the commit message, tested and verified the patch] Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: switch to CURL_SHA256_DIGEST_LENGTH defineDaniel Stenberg2017-09-073-7/+8
| | | | | | | | | ... instead of the prefix-less version since WolfSSL 3.12 now uses an enum with that name that causes build failures for us. Fixes #1865 Closes #1867 Reported-by: Gisle Vanem
* SSL: fix unused parameter warningsJay Satiro2017-09-064-0/+6
|
* mime: drop internal FILE * support.Patrick Monnerat2017-09-063-134/+70
| | | | | | | | - The part kind MIMEKIND_FILE and associated code are suppressed. - Seek data origin offset not used anymore: suppressed. - MIMEKIND_NAMEDFILE renamed MIMEKIND_FILE; associated fields/functions renamed accordingly. - Curl_getformdata() processes stdin via a callback.
* configure: remove --enable-soname-bump and SONAME_BUMPDaniel Stenberg2017-09-061-14/+0
| | | | | | | | | | | | | | | | | | Back in 2008, (and commit 3f3d6ebe665f3) we changed the logic in how we determine the native type for `curl_off_t`. To really make sure we didn't break ABI without bumping SONAME, we introduced logic that attempted to detect that it would use a different size and thus not be compatible. We also provided a manual switch that allowed users to tell configure to bump SONAME by force. Today, we know of no one who ever got a SONAME bump auto-detected and we don't know of anyone who's using the manual bump feature. The auto- detection is also no longer working since we introduced defining curl_off_t in system.h (7.55.0). Finally, this bumping logic is not present in the cmake build. Closes #1861
* vtls: select ssl backend case-insensitive (follow-up)Gisle Vanem2017-09-062-7/+10
| | | | | | | | | | | | | - Do a case-insensitive comparison of CURL_SSL_BACKEND env as well. - Change Curl_strcasecompare calls to strcasecompare (maps to the former but shorter). Follow-up to c290b8f. Bug: https://github.com/curl/curl/commit/c290b8f#commitcomment-24094313 Co-authored-by: Jay Satiro
* openssl: Integrate Peter Wu's SSLKEYLOGFILE implementationJay Satiro2017-09-052-0/+171
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an adaptation of 2 of Peter Wu's SSLKEYLOGFILE implementations. The first one, written for old OpenSSL versions: https://git.lekensteyn.nl/peter/wireshark-notes/tree/src/sslkeylog.c The second one, written for BoringSSL and new OpenSSL versions: https://github.com/curl/curl/pull/1346 Note the first one is GPL licensed but the author gave permission to waive that license for libcurl. As of right now this feature is disabled by default, and does not have a configure option to enable it. To enable this feature define ENABLE_SSLKEYLOGFILE when building libcurl and set environment variable SSLKEYLOGFILE to a pathname that will receive the keys. And in Wireshark change your preferences to point to that key file: Edit > Preferences > Protocols > SSL > Master-Secret Co-authored-by: Peter Wu Ref: https://github.com/curl/curl/pull/1030 Ref: https://github.com/curl/curl/pull/1346 Closes https://github.com/curl/curl/pull/1866
* mime: fix a trivial warning.Patrick Monnerat2017-09-051-1/+0
|
* mime: replace 'struct Curl_mimepart' by 'curl_mimepart' in encoder code.Patrick Monnerat2017-09-052-23/+22
| | | | mime_state is now a typedef.
* mime: implement encoders.Patrick Monnerat2017-09-052-16/+473
| | | | | | | | curl_mime_encoder() is operational and documented. curl tool -F option is extended with ";encoder=". curl tool --libcurl option generates calls to curl_mime_encoder(). New encoder tests 648 & 649. Test 1404 extended with an encoder specification.
* mime: unified to use the typedef'd mime structs everywhereDaniel Stenberg2017-09-057-96/+96
| | | | ... and slightly edited to follow our code style better.
* openssl: use OpenSSL's default ciphers by defaultKamil Dudka2017-09-051-4/+14
| | | | | | | | Up2date versions of OpenSSL maintain the default reasonably secure without breaking compatibility, so it is better not to override the default by curl. Suggested at https://bugzilla.redhat.com/1483972 Closes #1846
* http-proxy: treat all 2xx as CONNECT successDaniel Stenberg2017-09-051-3/+4
| | | | | | | | Added test 1904 to verify. Reported-by: Lawrence Wagerfield Fixes #1859 Closes #1860
* mime: use CURL_ZERO_TERMINATED in examplesViktor Szakats2017-09-041-3/+3
| | | | and some minor whitespace fixes
* schannel: return CURLE_SSL_CACERT on failed verificationDaniel Stenberg2017-09-041-1/+1
| | | | | | | ... not *CACERT_BADFILE as it isn't really because of a bad file. Bug: https://curl.haxx.se/mail/lib-2017-09/0002.html Closes #1858
* lib: bump version info (soname). Adapt and reenable test 1135.Patrick Monnerat2017-09-041-2/+2
|
* mime: use size_t instead of ssize_t in public API interface.Patrick Monnerat2017-09-031-9/+11
| | | | | | | | | To support telling a string is nul-terminated, symbol CURL_ZERO_TERMINATED has been introduced. Documentation updated accordingly. symbols in versions updated. Added form API symbols deprecation info.
* mime: remove support "-" stdin pseudo-file name in curl_mime_filedata().Patrick Monnerat2017-09-032-5/+15
| | | | | | | | | | | | | | | This feature is badly supported in Windows: as a replacement, a caller has to use curl_mime_data_cb() with fread, fseek and possibly fclose callbacks to process opened files. The cli tool and documentation are updated accordingly. The feature is however kept internally for form API compatibility, with the known caveats it always had. As a side effect, stdin size is not determined by the cli tool even if possible and this results in a chunked transfer encoding. Test 173 is updated accordingly.
* mime: fix some implicit curl_off_t --> size_t conversion warnings.Patrick Monnerat2017-09-031-2/+2
|
* mime: new MIME API.Patrick Monnerat2017-09-0215-954/+1995
| | | | | | | Available in HTTP, SMTP and IMAP. Deprecates the FORM API. See CURLOPT_MIMEPOST. Lib code and associated documentation.
* checksrc: disable SPACEBEFOREPAREN for case statement.Patrick Monnerat2017-09-021-0/+3
| | | | | The case keyword may be followed by a constant expression and thus should allow it to start with an open parenthesis.
* Curl_base64_encode: always call with a real data handle.Patrick Monnerat2017-09-025-14/+21
| | | | | Some calls in different modules were setting the data handle to NULL, causing segmentation faults when using builds that enable character code conversions.
* non-ascii: allow conversion functions to be called with a NULL data handle.Patrick Monnerat2017-09-021-19/+37
|
* http: fix a memory leakage in checkrtspprefix().Patrick Monnerat2017-09-021-6/+8
|
* curl_global_sslset: select backend by name case insensitivelyDaniel Stenberg2017-09-011-1/+1
| | | | Closes #1849
* strcase: corrected comment header for Curl_strcasecompare()Daniel Stenberg2017-08-311-5/+6
|
* darwinssl: handle long strings in TLS certs (follow-up)Jay Satiro2017-08-311-2/+17
| | | | | | | | | | | | | - Fix handling certificate subjects that are already UTF-8 encoded. Follow-up to b3b75d1 from two days ago. Since then a copy would be skipped if the subject was already UTF-8, possibly resulting in a NULL deref later on. Ref: https://github.com/curl/curl/issues/1823 Ref: https://github.com/curl/curl/pull/1831 Closes https://github.com/curl/curl/pull/1836
* cyassl: call it the "WolfSSL" backendDaniel Stenberg2017-08-311-1/+1
| | | | | | ... instead of cyassl, as this is the current name for it. Closes #1844
* polarssl: fix multissl breakageDaniel Stenberg2017-08-311-5/+2
| | | | | | Reported-by: Dan Fandrich Bug: https://curl.haxx.se/mail/lib-2017-08/0121.html Closes #1843
* makefile.m32: add multissl supportViktor Szakats2017-08-301-7/+7
| | | | Closes https://github.com/curl/curl/pull/1840
* asyn-thread: Fixed cleanup after OOMDan Fandrich2017-08-291-0/+9
| | | | | | | | | destroy_async_data() assumes that if the flag "done" is not set yet, the thread itself will clean up once the request is complete. But if an error (generally OOM) occurs before the thread even has a chance to start, it will never get a chance to clean up and memory will be leaked. By clearing "done" only just before starting the thread, the correct cleanup sequence will happen in all cases.
* asyn-thread: Improved cleanup after OOM situationsDan Fandrich2017-08-281-3/+7
|
* asyn-thread: Set errno to the proper value ENOMEM in OOM situationDan Fandrich2017-08-281-1/+1
| | | | | This used to be set in some configurations to EAI_MEMORY which is not a valid value for errno and caused Curl_strerror to fail an assertion.
* configure: allow setting the default SSL backendJohannes Schindelin2017-08-281-0/+4
| | | | | | | | | | | | | Previously, we used as default SSL backend whatever was first in the `available_backends` array. However, some users may want to override that default without patching the source code. Now they can: with the --with-default-ssl-backend=<backend> option of the ./configure script. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: use Curl_ssl_multi pseudo backend only when neededJohannes Schindelin2017-08-281-1/+26
| | | | | | | | When only one SSL backend is configured, it is totally unnecessary to let multissl_init() configure the backend at runtime, we can select the correct backend at build time already. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* version: if built with more than one SSL backend, report all of themJohannes Schindelin2017-08-281-7/+44
| | | | | | | To discern the active one from the inactive ones, put the latter into parentheses. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* version: add the CURL_VERSION_MULTI_SSL feature flagJohannes Schindelin2017-08-281-0/+3
| | | | | | | This new feature flag reports When cURL was built with multiple SSL backends. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: introduce curl_global_sslset()Johannes Schindelin2017-08-281-9/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Let's add a compile time safe API to select an SSL backend. This function needs to be called *before* curl_global_init(), and can be called only once. Side note: we do not explicitly test that it is called before curl_global_init(), but we do verify that it is not called multiple times (even implicitly). If SSL is used before the function was called, it will use whatever the CURL_SSL_BACKEND environment variable says (or default to the first available SSL backend), and if a subsequent call to curl_global_sslset() disagrees with the previous choice, it will fail with CURLSSLSET_TOO_LATE. The function also accepts an "avail" parameter to point to a (read-only) NULL-terminated list of available backends. This comes in real handy if an application wants to let the user choose between whatever SSL backends the currently available libcurl has to offer: simply call curl_global_sslset(-1, NULL, &avail); which will return CURLSSLSET_UNKNOWN_BACKEND and populate the avail variable to point to the relevant information to present to the user. Just like with the HTTP/2 push functions, we have to add the function declaration of curl_global_sslset() function to the header file *multi.h* because VMS and OS/400 require a stable order of functions declared in include/curl/*.h (where the header files are sorted alphabetically). This looks a bit funny, but it cannot be helped. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: refactor out essential information about the SSL backendsJohannes Schindelin2017-08-2812-26/+18
| | | | | | | | | | | | | | | There is information about the compiled-in SSL backends that is really no concern of any code other than the SSL backend itself, such as which function (if any) implements SHA-256 summing. And there is information that is really interesting to the user, such as the name, or the curl_sslbackend value. Let's factor out the latter into a publicly visible struct. This information will be used in the upcoming API to set the SSL backend globally. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: allow selecting which SSL backend to use at runtimeJohannes Schindelin2017-08-2811-18/+143
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When building software for the masses, it is sometimes not possible to decide for all users which SSL backend is appropriate. Git for Windows, for example, uses cURL to perform clones, fetches and pushes via HTTPS, and some users strongly prefer OpenSSL, while other users really need to use Secure Channel because it offers enterprise-ready tools to manage credentials via Windows' Credential Store. The current Git for Windows versions use the ugly work-around of building libcurl once with OpenSSL support and once with Secure Channel support, and switching out the binaries in the installer depending on the user's choice. Needless to say, this is a super ugly workaround that actually only works in some cases: Git for Windows also comes in a portable form, and in a form intended for third-party applications requiring Git functionality, in which cases this "swap out libcurl-4.dll" simply is not an option. Therefore, the Git for Windows project has a vested interest in teaching cURL to make the SSL backend a *runtime* option. This patch makes that possible. By running ./configure with multiple --with-<backend> options, cURL will be built with multiple backends. For the moment, the backend can be configured using the environment variable CURL_SSL_BACKEND (valid values are e.g. "openssl" and "schannel"). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: fold the backend ID into the Curl_ssl structureJohannes Schindelin2017-08-2822-33/+17
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* curl_ntlm_core: don't complain but #include OpenSSL header if neededJohannes Schindelin2017-08-281-4/+1
| | | | Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
* vtls: encapsulate SSL backend-specific dataJohannes Schindelin2017-08-2813-174/+193
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | So far, all of the SSL backends' private data has been declared as part of the ssl_connect_data struct, in one big #if .. #elif .. #endif block. This can only work as long as the SSL backend is a compile-time option, something we want to change in the next commits. Therefore, let's encapsulate the exact data needed by each SSL backend into a private struct, and let's avoid bleeding any SSL backend-specific information into urldata.h. This is also necessary to allow multiple SSL backends to be compiled in at the same time, as e.g. OpenSSL's and CyaSSL's headers cannot be included in the same .c file. To avoid too many malloc() calls, we simply append the private structs to the connectdata struct in allocate_conn(). This requires us to take extra care of alignment issues: struct fields often need to be aligned on certain boundaries e.g. 32-bit values need to be stored at addresses that divide evenly by 4 (= 32 bit / 8 bit-per-byte). We do that by assuming that no SSL backend's private data contains any fields that need to be aligned on boundaries larger than `long long` (typically 64-bit) would need. Under this assumption, we simply add a dummy field of type `long long` to the `struct connectdata` struct. This field will never be accessed but acts as a placeholder for the four instances of ssl_backend_data instead. the size of each ssl_backend_data struct is stored in the SSL backend-specific metadata, to allow allocate_conn() to know how much extra space to allocate, and how to initialize the ssl[sockindex]->backend and proxy_ssl[sockindex]->backend pointers. This would appear to be a little complicated at first, but is really necessary to encapsulate the private data of each SSL backend correctly. And we need to encapsulate thusly if we ever want to allow selecting CyaSSL and OpenSSL at runtime, as their headers cannot be included within the same .c file (there are just too many conflicting definitions and declarations for that). Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
View Lorry Controller Status