| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
CURL_DISABLE_MIME is not mentioned in the comment describing the if else
preprocessor directive.
Closes #7882
|
| |
|
|
|
|
|
|
| |
Follow-up to e7416cf
Reported-by: billionai on github
Fixes #7879
Closes #7880
|
| |
|
|
|
|
|
|
|
| |
Follow-up to 20e980f85b0ea6
In #7875 these inits were modified but I get two warnings that these new
typecasts are necessary for.
Closes #7876
|
| |
|
|
|
| |
Fixes #7657
Closes #7875
|
| |
|
|
|
|
| |
and adjust the MULTISPACE one to use plural
Closes #7866
|
| |
|
|
|
|
|
| |
The size of the transfer is unknown at that point.
Fixes #7871
Closes #7872
|
| |
|
|
|
|
|
|
|
|
| |
The code for sending DoH requests with GET was never enabled in a way
such that it could be used or tested. As there haven't been requests
for this feature, and since it at this is effectively dead, remove it
and favor reimplementing the feature in case anyone is interested.
Closes #7870
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to check the actual code better, checksrc now ignores
everything that look like preprocessor instructions. It also means
that code in macros are now longer checked.
Note that some rules then still don't need to be followed when code is
exactly below a cpp instruction.
Removes two checksrc exceptions we needed previously because of
preprocessor lines being checked.
Reported-by: Marcel Raad
Fixes #7863
Closes #7864
|
| |
|
|
|
|
|
|
|
| |
... to let curl_easy_escape() itself do the strlen. This avoids a (false
positive) Coverity warning and it avoids us having to store the strlen()
return value in an int variable.
Reviewed-by: Daniel Gustafsson
Closes #7862
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Make content length (ie download size) accessible to the user in the
header callback, but only after all headers have been processed (ie
only in the final call to the header callback).
Background:
For a long time the content length could be retrieved in the header
callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
by curl.
Changes were made in 8a16e54 (precedes 7.79.0) to ignore content length
if any transfer encoding is used. A side effect of that was that
content length was not set by libcurl until after the header callback
was called the final time, because until all headers are processed it
cannot be determined if content length is valid.
This change keeps the same intention --all headers must be processed--
but now the content length is available before the final call to the
header function that indicates all headers have been processed (ie
a blank header).
Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
Reported-by: sergio-nsk@users.noreply.github.com
Co-authored-by: Daniel Stenberg
Fixes https://github.com/curl/curl/issues/7804
Closes https://github.com/curl/curl/pull/7803
|
| |
|
|
|
|
|
|
|
| |
User sets the post fields size for binary data. Hence, we should not be
using strlen on it.
Added test 1937 and 1938 to verify.
Closes #7844
|
| |
|
|
|
|
|
|
|
| |
One reason we know it can fail is if a provider is used that doesn't do
a proper job or is wrongly configured.
Reported-by: Michael Baentsch
Fixes #7840
Closes #7856
|
| |
|
|
|
|
| |
Reported-by: Jay Satiro
Fixes #7852
Closes #7855
|
| |
|
|
|
|
| |
and remove the bad assert again, since it was run even with no error!
Closes #7854
|
| |
|
|
|
|
|
|
| |
Pass on better return codes when errors occur within Curl_http instead
of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
Pointed-out-by: Jay Satiro
Closes #7851
|
| |
|
|
|
|
|
|
|
| |
For every 'goto error', make sure the result variable holds the error
code for what went wrong.
Reported-by: RafaĆ Mikrut
Fixes #7825
Closes #7846
|
| |
|
|
|
|
|
|
|
|
| |
While uploading, check for remote window availability in the getsock
function so that we don't wait for a writable socket if no data can be
sent.
Reported-by: Steini2000 on github
Fixes #7821
Closes #7839
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The host name is stored decoded and can be encoded when used to extract
the full URL. By default when extracting the URL, the host name will not
be URL encoded to work as similar as possible as before. When not URL
encoding the host name, the '%' character will however still be encoded.
Getting the URL with the CURLU_URLENCODE flag set will percent encode
the host name part.
As a bonus, setting the host name part with curl_url_set() no longer
accepts a name that contains space, CR or LF.
Test 1560 has been extended to verify percent encodings.
Reported-by: Noam Moshe
Reported-by: Sharon Brizinov
Reported-by: Raul Onitza-Klugman
Reported-by: Kirill Efimov
Fixes #7830
Closes #7834
|
| |
|
|
|
|
|
|
| |
and make sure to not send Host: over h2.
Fixes #7679
Reported-by: David Cook
Closes #7827
|
| |
|
|
|
|
|
| |
Available since OpenSSL 0.9.7. The low-level SHA256 interface is
deprecated in OpenSSL v3, and its usage was discouraged even before.
Closes https://github.com/curl/curl/pull/7808
|
| |
|
|
|
|
|
| |
This selects another SSL backend then if available, or otherwise at
least gives a meaningful error message.
Closes https://github.com/curl/curl/pull/7808
|
| |
|
|
|
|
|
|
|
|
| |
Only use OpenSSL's MD5 code if it's available.
Also fix wolfSSL build with `NO_MD5`, in which case neither the
wolfSSL/OpenSSL implementation nor the fallback implementation was
used.
Closes https://github.com/curl/curl/pull/7808
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use RtlVerifyVersionInfo instead of VerifyVersionInfo, when possible.
Later versions of Windows have normal version functions that compare and
return versions based on the way the application is manifested, instead
of the actual version of Windows the application is running on. We
prefer the actual version of Windows so we'll now call the Rtl variant
of version functions (RtlVerifyVersionInfo) which does a proper
comparison of the actual version.
Reported-by: Wyatt O'Day
Ref: https://github.com/curl/curl/pull/7727
Fixes https://github.com/curl/curl/issues/7742
Closes https://github.com/curl/curl/pull/7810
|
| |
|
|
|
|
|
|
| |
Add test 367 to verify.
Reported-by: Rick Lane
Fixes #7819
Closes #7820
|
| |
|
|
|
|
|
|
|
| |
... and close connections that are too old instead of reusing them.
By default, this behavior is disabled.
Bug: https://curl.se/mail/lib-2021-09/0058.html
Closes #7751
|
| |
|
|
|
|
|
|
|
|
| |
Capabilities of sasl module are extended to exchange messages in binary
as an alternative to base64.
If http authentication flags have been set, those are used as sasl
default preferred mechanisms.
Closes #6930
|
| |
|
|
|
|
|
|
| |
Prior to this commit, OpenSSL could be used for all these functions, but
not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
is defined.
Closes #7806
|
| |
|
|
|
|
|
|
|
| |
With this change applied, the now expired 'DST Root CA X3' cert will no
longer be included in the output.
Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Closes #7801
|
| |
|
|
|
|
|
| |
In particular, the quantum safe KEM and hybrid curves if wolfSSL is
built to support them.
Closes #7728
|
| |
|
|
| |
Closes #7737
|
| |
|
|
|
|
|
|
|
|
| |
By just glancing at the code, it looks like there is a memleak if the
call to Curl_inet_pton() fails. Looking closer, it is clear that the
call to Curl_inet_pton() can not fail, so the code will never leak
memory. However, we can make this obvious by moving the allocation
after the if-statement.
Closes https://github.com/curl/curl/pull/7796
|
| |
|
|
|
|
| |
It's not used anymore.
Closes https://github.com/curl/curl/pull/7795
|
| |
|
|
|
|
| |
It's not used anymore.
Closes https://github.com/curl/curl/pull/7795
|
| |
|
|
|
|
|
| |
WinSock v1 is not supported anymore. Exclusively use `HAVE_WINSOCK2_H`
instead.
Closes https://github.com/curl/curl/pull/7795
|
| |
|
|
|
|
|
|
|
|
| |
Follow-up to a517378de58358a
Also fix optiontable.pl to do the correct remainder on the entry.
Reported-by: Gisle Vanem
Bug: https://github.com/curl/curl/commit/a517378de58358a85b7cfe9efecb56051268f629#commitcomment-57224830
Closes #7791
|
| |
|
|
|
|
|
|
| |
Due to CI issues
This reverts commit c2ea04f92b00b6271627cb218647527b5a50f2fc.
Closes #7790
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit b5a434f7f0ee4d64857f8592eced5b9007d83620 inhibits the warning
on implicit fallthrough cases, since the current coding of indicating
fallthrough with comments is falling out of fashion with new compilers.
This attempts to make the issue smaller by rewriting fallthroughs to no
longer fallthrough, via either breaking the cases or turning switch
statements into if statements.
lib/content_encoding.c: the fallthrough codepath is simply copied
into the case as it's a single line.
lib/http_ntlm.c: the fallthrough case skips a state in the state-
machine and fast-forwards to NTLMSTATE_LAST. Do this before the
switch statement instead to set up the states that we actually
want.
lib/http_proxy.c: the fallthrough is just falling into exiting the
switch statement which can be done easily enough in the case.
lib/mime.c: switch statement rewritten as if statement.
lib/pop3.c: the fallthrough case skips to the next state in the
statemachine, do this explicitly instead.
lib/urlapi.c: switch statement rewritten as if statement.
lib/vssh/wolfssh.c: the fallthrough cases fast-forwards the state
machine, do this by running another iteration of the switch
statement instead.
lib/vtls/gtls.c: switch statement rewritten as if statement.
lib/vtls/nss.c: the fallthrough codepath is simply copied into the
case as it's a single line. Also twiddle a comment to not be
inside a non-brace if statement.
Closes: #7322
See-also: #7295
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
|
| |
|
|
|
|
|
|
|
| |
WinSock 2.2 is supported by Windows CE .NET 4.1 (from 2002, out of
support since 2013).
Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/ms899586(v=msdn.10)
Closes https://github.com/curl/curl/pull/7778
|
| |
|
|
|
|
| |
It's not supported anymore.
Closes https://github.com/curl/curl/pull/7778
|
| |
|
|
|
|
|
|
|
|
| |
... as the previously used function DES_set_key() will in some cases
reject using a key that it deems "weak" which will cause curl to
continue using the unitialized buffer content as key instead.
Assisted-by: Harry Sintonen
Fixes #7779
Closes #7781
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Triggered before a request is made but after a connection is set up
Changes:
- callback: Update docs and callback for pre-request callback
- Add documentation for CURLOPT_PREREQDATA and CURLOPT_PREREQFUNCTION,
- Add redirect test and callback failure test
- Note that the function may be called multiple times on a redirection
- Disable new 2086 test due to Windows weirdness
Closes #7477
|
| |
|
|
|
|
|
|
|
|
| |
- file://host.name/path/file.txt is a valid UNC path
\\host.name\path\files.txt to a non-local file transformed into URI
(RFC 8089 Appendix E.3)
- UNC paths on other OSs must be smb: URLs
Closes #7366
|
| |
|
|
|
|
|
|
|
|
| |
Add curl_url_strerror() to convert CURLUcode into readable string and
facilitate easier troubleshooting in programs using URL API.
Extend CURLUcode with CURLU_LAST for iteration in unit tests.
Update man pages with a mention of new function.
Update example code and tests with new functionality where it fits.
Closes #7605
|
| |
|
|
|
|
|
| |
Added support for SHA256 fingerprint in command line curl and in
libcurl.
Closes #7646
|
| |
|
|
|
|
|
| |
Reported-by: Vitaly Varyvdin
Assisted-by: Viktor Szakats
Fixes #7765
Closes #7776
|
| |
|
|
|
|
|
| |
fix inappropriate version setting for QUIC transport parameters.
this patch keeps curl with ngtcp2 uses QUIC draft version (h3-29).
Closes #7771
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
On connection shutdown, a new TLS session ticket may arrive after the
SSL session cache has already been destructed. In this case, the new
SSL session cannot be added to the SSL session cache.
The callers of Curl_ssl_addsessionid() need to know whether the SSL
session has been added to the cache. If it has not been added, the
reference counter of the SSL session must not be incremented, or memory
used by the SSL session must be freed. This is now possible with the new
output parameter "added" of Curl_ssl_addsessionid().
Fixes #7683
Closes #7752
|
| |
|
|
| |
Closes #7770
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously this code used a compile time constant, meaning that libcurl
always reported the libssh2 version that libcurl was built with. This
could differ from the libssh2 version actually being used. The new code
uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
macro calls the libssh2_version function if it is available, otherwise
it falls back to the compile time version.
Closes https://github.com/curl/curl/pull/7768
|
