| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
`BN_print`'s `BIGNUM` parameter has been `const` since OpenSSL 0.9.4.
Closes https://github.com/curl/curl/pull/7893
|
| |
|
|
|
|
| |
The flag has been deprecated without replacement in OpenSSL 3.0.
Closes https://github.com/curl/curl/pull/7893
|
| |
|
|
|
|
|
| |
The function name was changed to `SSL_get1_peer_certificate` in OpenSSL
3.0.
Closes https://github.com/curl/curl/pull/7893
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is done by having native code do the haproxy header output before
hyper issues its request. The little downside with this approach is that
we need the entire Curl_buffer_send() function built, which is otherwise
not used for hyper builds.
If hyper ends up getting native support for the haproxy protocols we can
backpedal on this.
Enables test 1455 and 1456
Closes #8034
|
| |
|
|
| |
Closes #8030
|
| |
|
|
|
|
|
|
|
| |
... and make connect_init() refusing trying to tunnel protocols marked
as not working. Avoids a double-free.
Reported-by: Even Rouault
Fixes #8018
Closes #8020
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now, form field and file names where escaped using the
backslash-escaping algorithm defined for multipart mails. This commit
replaces this with the percent-escaping method for URLs.
As this may introduce incompatibilities with server-side applications, a
new libcurl option CURLOPT_MIME_OPTIONS with bitmask
CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
backslash-escaping. This is controlled by new cli tool option
--form-escape.
New tests and documentation are provided for this feature.
Reported by: Ryan Sleevi
Fixes #7789
Closes #7805
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When we're reading out plaintext from rustls' internal buffers, we might
get a read of zero bytes (meaning a clean TCP close, including
close_notify). However, we shouldn't return immediately when that
happens, since we may have already copied out some plaintext bytes.
Break out of the loop when we get a read of zero bytes, and figure out
which path we're dealing with.
Acked-by: Kevin Burke
Closes #8003
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The update to rustls-ffi 0.8.0 changed handling of EOF and close_notify.
From the CHANGELOG:
> Handling of unclean close and the close_notify TLS alert. Mirroring
> upstream changes, a rustls_connection now tracks TCP closed state like
> so: rustls_connection_read_tls considers a 0-length read from its
> callback to mean "TCP stream was closed by peer." If that happens
> before the peer sent close_notify, rustls_connection_read will return
> RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are
> exhausted. This is useful to protect against truncation attacks. Note:
> some TLS implementations don't send close_notify. If you are already
> getting length information from your protocol (e.g. Content-Length in
> HTTP) you may choose to ignore UNEXPECTED_EOF so long as the number of
> plaintext bytes was as expected.
That means we don't need to check for unclean EOF in `cr_recv()`,
because `process_new_packets()` will give us an error if appropriate.
Closes #8003
|
| |
|
|
|
|
|
|
|
| |
... by making it an empty macro then.
Follow-up to f0b7099a10d1a
Reported-by: Vincent Grande
Fixes #7995
Closes #7996
|
| |
|
|
|
|
|
|
|
|
| |
Follow-up to f0b7099a10d1a7c
When torture testing 1021, it turns out the Curl_connect_done function
might be called twice and that previously then wrongly cleared the HTTP
pointer in the second invoke.
Closes #7999
|
| |
|
|
| |
Closes #7956
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously we'd return CURLE_READ_ERROR if we received this, instead
of triggering the error handling logic that's present in the next if
block down.
After this change, curl requests to https://go.googlesource.com using
HTTP/2 complete successfully.
Fixes #7949
Closes #7948
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some method names, as well as the generated library name, were changed
in a recent refactoring.
Further, change the default configuration instructions to check for
Hyper in either "target/debug" or "target/release" - the latter
contains an optimized build configuration.
Fixes #7947
Closes #7948
|
| |
|
|
|
|
|
|
|
|
| |
... to prevent a lingering pointer that would lead to a double-free.
Added test 1939 to verify.
Reported-by: Stephen M. Coakley
Fixes #7982
Closes #7986
|
| |
|
|
| |
Closes #7984
|
| |
|
|
|
|
|
| |
Advertise h3 as well as h3-29 since some servers out there require h3
for QUIC v1.
Closes #7979
|
| |
|
|
|
|
|
| |
Since we switched to v1 quic_transport_parameters codepoint in #7960
with quictls, lets use QUIC v1 consistently.
Closes #7979
|
| |
|
|
| |
Closes #7978
|
| |
|
|
|
|
| |
Reported-by: Roger Young
Fixes #7967
Closes #7976
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
QUIC Transport Parameters Extension has been changed between draft-29
and latest RFC9001. Most notably, its identifier has been updated from
0xffa5 to 0x0039. The version is selected through the QUIC TLS library
via the legacy codepoint.
Disable the usage of legacy codepoint in curl to switch to latest
RFC9001. This is required to be able to keep up with latest QUIC
implementations.
Acked-by: Tatsuhiro Tsujikawa
Closes #7960
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Call schannel_shutdown if the SSL connection fails.
Prior to this change schannel_shutdown (which shuts down the SSL
connection as well as memory cleanup) was not called when the SSL
connection failed (eg due to failed handshake).
Co-authored-by: Gisle Vanem
Fixes https://github.com/curl/curl/issues/7877
Closes https://github.com/curl/curl/pull/7878
|
| |
|
|
|
|
|
|
|
| |
So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
versions.
Reported-by: Jerome Mao
Fixes #7939
Closes #7944
|
| |
|
|
| |
Closes #7929
|
| |
|
|
|
|
| |
Show response to "GETQUOTAROOT INBOX" command.
Closes #6973
|
| |
|
|
| |
Closes #7917
|
| |
|
|
|
|
|
|
|
|
| |
... which then also includes negative ones as test 1430 uses.
This makes native + hyper backend act identically on this and therefore
test 1430 can now be enabled when building with hyper. Adjust test 1431
as well.
Closes #7909
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Historically, Curl_client_write() used a length value of 0 as a marker
for a null-terminated data string. This feature has been removed in
commit f4b85d2. To detect leftover uses of the feature, a DEBUGASSERT
statement rejecting a length with value 0 was introduced, effectively
precluding use of this function with zero-length data.
The current commit removes the DEBUGASSERT and makes the function to
return immediately if length is 0.
A direct effect is to fix trying to output a zero-length distinguished
name in openldap.
Another DEBUGASSERT statement is also rephrased for better readability.
Closes #7898
|
| |
|
|
|
|
| |
Verified by the enabled test 1288
Closes #7905
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, -libssh2/-rtmp options assumed that OpenSSL is also enabled
(and then failed with an error when not finding expected OpenSSL headers),
but this isn't necessarly true, e.g. when building both libssh2 and curl
against Schannel. This patch makes sure to only enable the OpenSSL backend
with -libssh2/-rtmp, when there was no SSL option explicitly selected.
- Re-implement the logic as a single block of script.
- Also fix an indentation while there.
Assisted-by: Jay Satiro
Closes #7895
|
| |
|
|
|
| |
Closes #7894
Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
|
| |
|
|
|
|
|
|
| |
It was previously done mostly to show a match/non-match in the verbose
output even when verification was not asked for. This change skips the
loading of the CA certs unless verifypeer is set to save memory and CPU.
Closes #7892
|
| |
|
|
|
|
|
|
| |
... and make sure to stop ignoring the body once the CONNECT is done.
This should make test 206 work proper again and not be flaky.
Closes #7889
|
| |
|
|
|
|
|
|
| |
Simply because hyper doesn't have this ability. Mentioned in docs now.
Skip test 326 then
Closes #7889
|
| |
|
|
| |
Closes #7889
|
| |
|
|
|
|
| |
Enabled test 206
Closes #7888
|
| |
|
|
| |
Closes #7887
|
| |
|
|
|
|
|
| |
CURL_DISABLE_MIME is not mentioned in the comment describing the if else
preprocessor directive.
Closes #7882
|
| |
|
|
|
|
|
|
| |
Follow-up to e7416cf
Reported-by: billionai on github
Fixes #7879
Closes #7880
|
| |
|
|
|
|
|
|
|
| |
Follow-up to 20e980f85b0ea6
In #7875 these inits were modified but I get two warnings that these new
typecasts are necessary for.
Closes #7876
|
| |
|
|
|
| |
Fixes #7657
Closes #7875
|
| |
|
|
|
|
| |
and adjust the MULTISPACE one to use plural
Closes #7866
|
| |
|
|
|
|
|
| |
The size of the transfer is unknown at that point.
Fixes #7871
Closes #7872
|
| |
|
|
|
|
|
|
|
|
| |
The code for sending DoH requests with GET was never enabled in a way
such that it could be used or tested. As there haven't been requests
for this feature, and since it at this is effectively dead, remove it
and favor reimplementing the feature in case anyone is interested.
Closes #7870
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to check the actual code better, checksrc now ignores
everything that look like preprocessor instructions. It also means
that code in macros are now longer checked.
Note that some rules then still don't need to be followed when code is
exactly below a cpp instruction.
Removes two checksrc exceptions we needed previously because of
preprocessor lines being checked.
Reported-by: Marcel Raad
Fixes #7863
Closes #7864
|
| |
|
|
|
|
|
|
|
| |
... to let curl_easy_escape() itself do the strlen. This avoids a (false
positive) Coverity warning and it avoids us having to store the strlen()
return value in an int variable.
Reviewed-by: Daniel Gustafsson
Closes #7862
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make content length (ie download size) accessible to the user in the
header callback, but only after all headers have been processed (ie
only in the final call to the header callback).
Background:
For a long time the content length could be retrieved in the header
callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
by curl.
Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
if any transfer encoding is used. A side effect of that was that
content length was not set by libcurl until after the header callback
was called the final time, because until all headers are processed it
cannot be determined if content length is valid.
This change keeps the same intention --all headers must be processed--
but now the content length is available before the final call to the
header function that indicates all headers have been processed (ie
a blank header).
Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
Reported-by: sergio-nsk@users.noreply.github.com
Co-authored-by: Daniel Stenberg
Fixes https://github.com/curl/curl/issues/7804
Closes https://github.com/curl/curl/pull/7803
|
| |
|
|
|
|
|
|
|
| |
User sets the post fields size for binary data. Hence, we should not be
using strlen on it.
Added test 1937 and 1938 to verify.
Closes #7844
|
| |
|
|
|
|
|
|
|
| |
One reason we know it can fail is if a provider is used that doesn't do
a proper job or is wrongly configured.
Reported-by: Michael Baentsch
Fixes #7840
Closes #7856
|
