summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* quiche: update for network path aware APIAlessandro Ghedini2021-05-241-7/+19
| | | | | | | | Latest version of quiche requires the application to pass the peer address of received packets, and it provides the address for outgoing packets back. Closes #7120
* rustls: switch read_tls and write_tls to callbacksJacob Hoffman-Andrews2021-05-241-131/+102
| | | | | | | And update to 0.6.0, including a rename from session to connection for many fields. Closes #7071
* sectransp: fix 7f4a9a9b2a49 commit about missing commaKoichi Shiraishi2021-05-241-1/+1
| | | | | | Follow-up to 7f4a9a9b2a495 Closes #7119
* openssl: associate/detach the transfer from connectionHarry Sintonen2021-05-2413-50/+172
| | | | | | CVE-2021-22901 Bug: https://curl.se/docs/CVE-2021-22901.html
* telnet: check sscanf() for correct number of matchesHarry Sintonen2021-05-241-1/+1
| | | | | | CVE-2021-22898 Bug: https://curl.se/docs/CVE-2021-22898.html
* schannel: don't use static to store selected ciphersDaniel Stenberg2021-05-242-4/+8
| | | | | | CVE-2021-22897 Bug: https://curl.se/docs/CVE-2021-22897.html
* NSS: make colons, commas and spaces valid separators in cipher listSergey Markelov2021-05-231-1/+1
| | | | | Fixes #7110 Closes #7115
* cmake: detect CURL_SA_FAMILY_TPeng-Yu Chen2021-05-212-2/+15
| | | | | Fixes #7049 Closes #7065
* CURLOPT_IPRESOLVE: preventing wrong IP version from being usedLucas Clemente Vella2021-05-206-86/+54
| | | | | | | | | | | | | | | | | | | In some situations, it was possible that a transfer was setup to use an specific IP version, but due do DNS caching or connection reuse, it ended up using a different IP version from requested. This commit changes the effect of CURLOPT_IPRESOLVE from simply restricting address resolution to preventing the wrong connection type being used, when choosing a connection from the pool, and to restricting what addresses could be used when establishing a new connection. It is important that all addresses versions are resolved, even if not used in that transfer in particular, because the result is cached, and could be useful for a different transfer with a different CURLOPT_IPRESOLVE setting. Closes #6853
* AmigaOS: add functions definitions for SHA256Oliver Urbann2021-05-201-0/+27
| | | | | | | | | | | AmiSSL replaces many functions with macros. Curl requires pointer to some of these functions. Thus, we have to encapsulate these macros: SHA256_Init, SHA256_Update, SHA256_Final, X509_INFO_free. Bug: https://github.com/jens-maus/amissl/issues/15 Co-authored-by: Daniel Stenberg <daniel@haxx.se> Closes #7099
* config: remove now-unused macrosMarc Aldorasi2021-05-1912-175/+2
| | | | Closes #7094
* hostip.h: remove declaration of unimplemented functionMarc Aldorasi2021-05-191-9/+0
| | | | Closes #7094
* h3: add 'attach' callback to protocol handlersDaniel Stenberg2021-05-192-0/+2
| | | | | | | Follow-up to 0c55fbab45be Reviewed-by: Emil Engler Closes #7090
* wolfssl: remove SSLv3 support leftoversDaniel Stenberg2021-05-181-4/+0
| | | | Closes #7088
* data_pending: check only SECONDARY socket for FTP(S) transfersJoel Depooter2021-05-181-4/+5
| | | | | | | | | | | | | | | | Check the FIRST for all other protocols. This fixes a timeout in an ftps download. The server sends a TLS close_notify message in the same packet as the file data. The close_notify seems to not be handled in the schannel_recv function, so libcurl is not aware that the server has closed the connection. Thus libcurl ends up waiting for action on the socket until a timeout is reached. With the secondary socket check added to the data_pending function, the close_notify is properly handled, and the ftps transfer terminates as expected. Fixes #7068 Closes #7069
* conn: add 'attach' to protocol handler, make libssh2 use itDaniel Stenberg2021-05-1724-0/+66
| | | | | | | | | | | The libssh2 backend has SSH session associated with the connection but the callback context is the easy handle, so when a connection gets attached to a transfer, the protocol handler now allows for a custom function to get used to set things up correctly. Reported-by: Michael O'Farrell Fixes #6898 Closes #7078
* http2: make sure pause is done on HTTPDaniel Stenberg2021-05-171-1/+2
| | | | | | | | | Since the function is called for any protocol, we can't assume that the HTTP struct is there without first making sure it is HTTP. Reported-by: Denis Goleshchikhin Fixes #7079 Closes #7080
* c-hyper: handle body on HYPER_TASK_EMPTYJacob Hoffman-Andrews2021-05-161-1/+1
| | | | | | | | | | | | | | | | | Some of the time, we get a HYPER_TASK_EMPTY response before the status line, headers, and body have been read. Previously, that would cause us to poll again, leading to a 1 second timeout. The HYPER_TASK_EMPTY docs say: The value of this task is null (does not imply an error). So, if we receive a HYPER_TASK_EMPTY, continue on with processing the response. Reported-by: Kevin Burke Fixes #7064 Closes #7070
* version: free the openldap info correctlyDaniel Stenberg2021-05-151-0/+2
| | | | | | | ... to avoid memory leaks. Follow-up to: bf0feae7768d9 Closes #7061
* dupset: remove totally off commentDaniel Stenberg2021-05-151-1/+0
| | | | Closes #7067
* version: add OpenLDAP version in the outputDaniel Stenberg2021-05-131-1/+24
| | | | | Assisted-by: Howard Chu Closes #7054
* schannel: Ensure the security context request flags are always setJoel Depooter2021-05-131-6/+9
| | | | | | | | As of commit 54e7475, these flags would only be set when using a new credential handle. When re-using an existing credential handle, the flags would not be set. Closes https://github.com/curl/curl/pull/7051
* sasl: use 'unsigned short' to store mechanismDaniel Stenberg2021-05-125-12/+13
| | | | | | | ... saves a few bytes of struct size in memory and it only uses 10 bits anyway. Closes #7045
* hostip: remove the debug code for LocalHostDaniel Stenberg2021-05-111-11/+1
| | | | | | | | | | | | The Curl_resolv() had special code (when built in debug mode) for when resolving the host name "LocalHost" (using that exact casing). It would then get the host name from the --interface option instead. This development-only feature was not used by anything (anymore) and we have the --resolve feature if we want to play similar tricks properly going forward. Closes #7044
* progress: reset limit_size variables at transfer startDaniel Stenberg2021-05-111-0/+2
| | | | | | | | | | Otherwise the old value would linger from a previous use and would mess up the network speed cap logic. Reported-by: Ymir1711 on github Fixes #7042 Closes #7043
* cookies: use CURLcode for cookie_output reportingDaniel Gustafsson2021-05-111-14/+26
| | | | | | | | | | | Writing the cookie file has multiple error conditions, and was using an int with magic numbers to report the different error (which in turn were disregarded anyways). This moves reporting to use a CURLcode value. Lightly-touched-by: Daniel Stenberg Closes #7037 Closes #6749
* cookies: make use of string duplication functionDaniel Gustafsson2021-05-111-4/+4
| | | | | | strstore() is defined as a strdup which ensures to free the target pointer before duping the source char * into it. Make use of it in two more cases where it can simplify the code.
* cookies: refactor commentsDaniel Gustafsson2021-05-111-151/+207
| | | | | | | | Comments in the cookie code were a bit all over the place in terms of style and wording. This takes a stab at cleaning them up by keeping to a single style and overall shape. Some comments are moved a little and some removed alltogether due to being redundant. No functional changes have been made,
* http2: skip immediate parsing of payload following protocol switchPeng-Yu Chen2021-05-111-2/+9
| | | | | | | | | | | | | This is considered not harmful as a following http2_recv shall be called very soon. This is considered helpful in the specific situation where some servers (e.g. nghttpx v1.43.0) may fulfill stream 1 immediately following the return of HTTP status 101, other than waiting for the client-side connection preface to arrive. Fixes #7036 Closes #7040
* http2: use nghttp2_session_upgrade2 instead of nghttp2_session_upgradePeng-Yu Chen2021-05-111-3/+3
| | | | | | | | Following the upstream deprecation of nghttp2_session_upgrade. Also provides further checks for requests with the HEAD method. Closes #7041
* progress/trspeed: use a local convenient pointer to beautify codeDaniel Stenberg2021-05-091-33/+26
| | | | The function becomes easier to read and understand with less repetition.
* trspeed: use long double for transfer speed calculationDaniel Stenberg2021-05-091-19/+6
|
* progress: move transfer speed calc into functionDaniel Stenberg2021-05-091-25/+27
| | | | | | | | This silences two scan-build-11 warnings: "The result of the '/' expression is undefined" Bug: https://curl.se/mail/lib-2021-05/0022.html Closes #7035
* openssl: remove unneeded cast for CertOpenSystemStore()Cameron Cawley2021-05-091-2/+1
| | | | Closes #7025
* http: use calculated offsets inst of integer literals for header parsingPeng-Yu Chen2021-05-081-9/+16
| | | | | | | | | | Assumed to be a minor coding style improvement with no behavior change. A modern compiler is expected to have the calculation optimized during compilation. It may be deemed okay even if that's not the case, since the added overhead is considered very low. Closes #7032
* http: deal with partial CONNECT sendsDaniel Stenberg2021-05-086-53/+122
| | | | | | | | | | | Also added 'CURL_SMALLSENDS' to make Curl_write() send short packets, which helped verifying this even more. Add test 363 to verify. Reported-by: ustcqidi on github Fixes #6950 Closes #7024
* http: limit the initial send amount to used upload buffer sizeDaniel Stenberg2021-05-075-15/+14
| | | | | | | | | | | | | | | Previously this logic would cap the send to CURL_MAX_WRITE_SIZE bytes, but for the situations where a larger upload buffer has been set, this function can benefit from sending more bytes. With default size used, this does the same as before. Also changed the storage of the size to an 'unsigned int' as it is not allowed to be set larger than 2M. Also added cautions to the man pages about changing buffer sizes in run-time. Closes #7022
* ngtcp2: fix the cb_acked_stream_data_offset protoDaniel Stenberg2021-05-071-1/+1
| | | | | | | | The 'datalen' value should be 64 bit, not size_t! Reported-by: Dmitry Karpov Bug: https://curl.se/mail/lib-2021-05/0019.html Closes #7027
* progress: when possible, calculate transfer speeds with microsecondsDaniel Stenberg2021-05-071-2/+8
| | | | | | | | | ... this improves precision, especially for transfers in the few or even sub millisecond range. Reported-by: J. Bromley Fixes #7017 Closes #7020
* http: reset the header buffer when sending the requestDaniel Stenberg2021-05-061-0/+4
| | | | | | | | | A reused transfer handle could otherwise reuse the previous leftover buffer and havoc would ensue. Reported-by: sergio-nsk on github Fixes #7018 Closes #7021
* GnuTLS: don't allow TLS 1.3 for versions that don't support itDaniel Stenberg2021-05-061-8/+26
| | | | | | | | Follow-up to 781864bedbc5 ... as they don't understand it and will return error at us! Closes #7014
* build: fix compilation for Windows UWP platformdmitrykos2021-05-051-0/+6
| | | | | | | - Include afunix.h which is necessary for sockaddr_un when USE_UNIX_SOCKETS is defined on Windows. Closes https://github.com/curl/curl/pull/7006
* gnutls: make setting only the MAX TLS allowed version workDaniel Stenberg2021-05-051-19/+13
| | | | | | | | | | | | | Previously, settting only the max allowed TLS version, leaving the minimum one at default, didn't actually set it and left it to default (TLS 1.3) too! As a bonus, this change also removes the dead code handling of SSLv3 since that version can't be set anymore (since eff614fb0242cb). Reported-by: Daniel Carpenter Fixes #6998 Closes #7000
* openldap: replace ldap_ prefix on private functionsDaniel Stenberg2021-05-051-33/+34
| | | | | | | | | | | | Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at least) there's a symbol collision because of that. The private functions now use the 'oldap_' prefix where it previously used 'ldap_'. Reported-by: 3eka on github Fixes #7004 Closes #7005
* http2: fix potentially uninitialized variableJay Satiro2021-05-051-1/+1
| | | | introduced several days ago in 3193170. caught by visual studio linker.
* SSL: support in-memory CA certs for some backendsGilles Vollant2021-05-0511-138/+346
| | | | | | | | | | | | | | | | | - New options CURLOPT_CAINFO_BLOB and CURLOPT_PROXY_CAINFO_BLOB to specify in-memory PEM certificates for OpenSSL, Schannel (Windows) and Secure Transport (Apple) SSL backends. Prior to this change PEM certificates could only be imported from a file and not from memory. Co-authored-by: moparisthebest@users.noreply.github.com Ref: https://github.com/curl/curl/pull/4679 Ref: https://github.com/curl/curl/pull/5677 Ref: https://github.com/curl/curl/pull/6109 Closes https://github.com/curl/curl/pull/6662
* cmake: check for getppid and utimesDaniel Stenberg2021-05-045-21/+6
| | | | | | | | | | | | | ... as they're checked for in the configure script and are used by source code. Removed checks for perror, setvbuf and strlcat since those defines are not checked for in source code. Bonus: removed HAVE_STRLCPY from a few config-*.h files since that symbol is not used in source code. Closes #6997
* libssh2: ignore timeout during disconnectDaniel Stenberg2021-05-041-16/+15
| | | | | | | | | | | | ... to avoid memory leaks! libssh2 is tricky as we have to deal with the non-blockiness even in close and shutdown cases. In the cases when we shutdown after a timeout already expired, it is crucial that curl doen't let the timeout abort the shutdown process as that then leaks memory! Reported-by: Benjamin Riefenstahl Fixes #6990
* CURLcode: add CURLE_SSL_CLIENTCERTejanchivdorj2021-05-033-3/+20
| | | | | | | | | | When a TLS server requests a client certificate during handshake and none can be provided, libcurl now returns this new error code CURLE_SSL_CLIENTCERT Only supported by Secure Transport and OpenSSL for TLS 1.3 so far. Closes #6721
* krb5/name_to_level: replace checkprefix with curl_strequalHarry Sintonen2021-05-031-1/+1
| | | | Closes #6993
View Lorry Controller Status