summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* socks5: use appropriate ATYP for numerical IP address host namesDaniel Stenberg2022-01-031-5/+28
| | | | | | | | | | When not resolving the address locallly (known as socks5h). Add test 719 and 720 to verify. Reported-by: Peter Piekarski Fixes #8216 Closes #8217
* ftp: disable warning 4706 in MSVCDaniel Stenberg2022-01-031-1/+6
| | | | | | | | | Follow-up to 21248e052d Disabling "assignment within conditional expression" for MSVC needs to be done before the function starts, for it to take effect. Closes #8218
* mbedtls: fix private member designations for v3.1.0Valentin Richter2022-01-031-4/+4
| | | | | | | | | | | | | | "As a last resort, you can access the field foo of a structure bar by writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS." - https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md That future minor version is v3.1.0. I set the >= to == for the version checks because v3.1.0 is a release, and I am not sure when the private designation was reverted after v3.0.0. Closes #8214
* urlapi: if possible, shorten given numerical IPv6 addressesDaniel Stenberg2022-01-021-8/+18
| | | | | | Extended test 1560 to verify Closes #8206
* url: reduce ssl backend count for CURL_DISABLE_PROXY buildsMAntoniak2022-01-021-2/+11
| | | | Closes #8212
* misc: update copyright year rangeDaniel Stenberg2021-12-302-2/+2
|
* gtls: add gnutls include for the session typeDaniel Stenberg2021-12-291-1/+1
| | | | Follow-up to 8fbd6feddfa5 to make it build more universally
* http_proxy: don't close the socket (too early)Daniel Stenberg2021-12-292-2/+6
| | | | | | | | | | ... and double-check in the OpenSSL shutdown that the socket is actually still there before it is used. Fixes #8193 Closes #8195 Reported-by: Leszek Kubik
* ngtcp2: verify the server certificate for the gnutls caseDaniel Stenberg2021-12-283-17/+24
| | | | Closes #8178
* ngtcp2: verify the server cert on connect (quictls)Daniel Stenberg2021-12-284-13/+84
| | | | | | | | | | | | | | | Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and `CURLOPT_SSL_VERIFYHOST`. The name check now uses a function from lib/vtls/openssl.c which will need attention for when TLS is not done by OpenSSL or is disabled while QUIC is enabled. Possibly the servercert() function in openssl.c should be adjusted to be able to use for both regular TLS and QUIC. Ref: #8173 Closes #8178
* checksrc: detect more kinds of NULL comparisons we avoidDaniel Stenberg2021-12-2720-60/+60
| | | | | Co-authored-by: Jay Satiro Closes #8180
* mesalink: remove the BACKEND define kludgeDaniel Stenberg2021-12-261-43/+48
| | | | Closes #8183
* schannel: remove the BACKEND define kludgeDaniel Stenberg2021-12-261-187/+198
| | | | Closes #8182
* gtls: check return code for gnutls_alpn_set_protocolsDaniel Stenberg2021-12-261-1/+5
| | | | Closes #8181
* http: Fix CURLOPT_HTTP200ALIASESVladimir Panteleev2021-12-211-1/+1
| | | | | | | The httpcode < 100 check was also triggered when none of the fields were parsed, thus making the if(!nc) block unreachable. Closes #8171
* nss:set_cipher don't clobber the cipher listDaniel Stenberg2021-12-201-38/+40
| | | | | | | | | The string is set by the user and needs to remain intact for proper connection reuse etc. Reported-by: Eric Musser Fixes #8160 Closes #8161
* misc: s/e-mail/emailDaniel Stenberg2021-12-192-2/+2
| | | | | | Consistency is king. Following the lead in everything curl. Closes #8159
* openssl: define HAVE_OPENSSL_VERSION for OpenSSL 1.1.0+Jay Satiro2021-12-161-7/+14
| | | | | | | | | | | | | | | | | | | | | Prior to this change OpenSSL_version was only detected in configure builds. For other builds the old version parsing code was used which would result in incorrect versioning for OpenSSL 3: Before: curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11 WinIDN libssh2/1.9.0 After: curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11 WinIDN libssh2/1.9.0 Reported-by: lllaffer@users.noreply.github.com Fixes https://github.com/curl/curl/issues/8154 Closes https://github.com/curl/curl/pull/8155
* x509asn1: return early on errorsDaniel Stenberg2021-12-151-39/+88
| | | | | | | Overhaul to make sure functions that detect errors bail out early with error rather than trying to continue and risk hiding the problem. Closes #8147
* openldap: several minor improvementsPatrick Monnerat2021-12-151-79/+100
| | | | | | | | | | | | - Early check proper LDAP URL syntax. Reject URLs with a userinfo part. - Use dynamic memory for ldap_init_fd() URL rather than a stack-allocated buffer. - Never chase referrals: supporting it would require additional parallel connections and alternate authentication credentials. - Do not wait 1 microsecond while polling/reading query response data. - Store last received server code for retrieval with CURLINFO_RESPONSE_CODE. Closes #8140
* misc: remove unused doh flags when CURL_DISABLE_DOH is definedMAntoniak2021-12-154-1/+28
| | | | Closes #8148
* mbedtls: fix CURLOPT_SSLCERT_BLOBDaniel Stenberg2021-12-141-3/+10
| | | | | | | The memory passed to mbedTLS for this needs to be null terminated. Reported-by: Florian Van Heghe Closes #8146
* asyn-ares: ares_getaddrinfo needs no happy eyeballs timerDaniel Stenberg2021-12-141-0/+4
| | | | Closes #8142
* check ssl_config when re-use proxy connectionMrDwZ2021-12-141-7/+6
|
* mbedtls: do a separate malloc for ca_info_blobDaniel Stenberg2021-12-141-19/+17
| | | | | | | | | Since the mbedTLS API requires the data to the null terminated. Follow-up to 456c53730d21b1fad0c7f72c1817 Fixes #8139 Closes #8145
* openldap: simplify ldif generation codePatrick Monnerat2021-12-131-62/+47
| | | | | | | and take care of zero-length values, avoiding conversion to base64 and/or trailing spaces. Closes #8136
* sha256/md5: return errors when init failsx20182021-12-139-40/+73
| | | | Closes #8133
* openldap: process search query response messages one by onePatrick Monnerat2021-12-111-157/+114
| | | | | | | | Upon receiving large result sets, this reduces memory consumption and allows starting to output results while the transfer is still in progress. Closes #8101
* hash: lazy-alloc the table in Curl_hash_add()bagder/hash-lazyallocDaniel Stenberg2021-12-107-69/+68
| | | | | | This makes Curl_hash_init() infallible which saves error paths. Closes #8132
* multi: cleanup the socket hash when destroying itbagder/sockhash-destroyDaniel Stenberg2021-12-101-6/+27
| | | | | | | | | Since each socket hash entry may themselves have a hash table in them, the destroying of the socket hash needs to make sure all the subhashes are also correctly destroyed to avoid leaking memory. Fixes #8129 Closes #8131
* hash: add asserts to help detect bad usageDaniel Stenberg2021-12-091-2/+7
| | | | | | For example trying to add entries after the hash has been "cleaned up" Closes #8115
* multi: handle errors returned from socket/timer callbacksDaniel Stenberg2021-12-065-59/+131
| | | | | | | | | | | | The callbacks were partially documented to support this. Now the behavior is documented and returning error from either of these callbacks will effectively kill all currently ongoing transfers. Added test 530 to verify Reported-by: Marcelo Juchem Fixes #8083 Closes #8089
* http2:set_transfer_url() return early on OOMDaniel Stenberg2021-12-061-1/+4
| | | | | | | | | If curl_url() returns NULL this should return early to avoid mistakes - even if right now the subsequent function invokes are all OK. Coverity (wrongly) pointed out this as a NULL deref. Closes #8100
* openldap: implement STARTTLSPatrick Monnerat2021-12-062-6/+67
| | | | | | | As this introduces use of CURLOPT_USE_SSL option for LDAP, also check this option in ldap.c as it is not supported by this backend. Closes #8065
* urlapi: accept port number zeroDaniel Stenberg2021-12-031-3/+1
| | | | | | | | | | This is a regression since 7.62.0 (fb30ac5a2d). Updated test 1560 accordingly Reported-by: Brad Fitzpatrick Fixes #8090 Closes #8091
* mbedTLS: include NULL byte in blob data length for CURLOPT_CAINFO_BLOBFlorian Van Heghe2021-12-021-2/+7
| | | | | Fixes #8079 Closes #8081
* version_win32: Check build number and platform idWyatt O'Day2021-12-027-26/+76
| | | | | | | | | | | | | Prior to this change the build number was not checked during version comparison, and the platform id was supposed to be checked but wasn't. Checking the build number is required for enabling "evergreen" Windows 10/11 features (like TLS 1.3). Ref: https://github.com/curl/curl/pull/7784 Closes https://github.com/curl/curl/pull/7824 Closes https://github.com/curl/curl/pull/7867
* libssh2: fix error message for sha256 mismatchJay Satiro2021-12-021-1/+1
| | | | | | - On mismatch error show sha256 fingerprint in base64 format. Prior to this change the fingerprint was mistakenly printed in binary.
* openssl: check the return value of BIO_new()x20182021-12-011-0/+12
| | | | Closes #8078
* mbedTLS: add support for CURLOPT_CAINFO_BLOBFlorian Van Heghe2021-11-301-1/+20
| | | | Closes #8071
* digest: compute user:realm:pass digest w/o userhashGlenn Strauss2021-11-301-2/+1
| | | | | | | | | https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4 ... the client MUST calculate a hash of the username after any other hash calculation ... Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com> Closes #8066
* openldap: handle connect phase with a state machinePatrick Monnerat2021-11-261-111/+213
| | | | Closes #8054
* Makefile.m32: rename -winssl option to -schannel and tidy upViktor Szakats2021-11-251-26/+26
| | | | | | | | | | | | - accept `-schannel` as an alternative to `CFG` option `-winssl` (latter still accepted, but deprecated) - rename internal variable `WINSSL` to `SCHANNEL` - make the `CFG` option evaluation shorter, without repeating the option name Reviewed-by: Marcel Raad Reviewed-by: Daniel Stenberg Closes #8053
* urlapi: provide more detailed return codesbagder/urlapi-returncodesDaniel Stenberg2021-11-252-66/+126
| | | | | | | | | | | | | | | | | | | | Previously, the return code CURLUE_MALFORMED_INPUT was used for almost 30 different URL format violations. This made it hard for users to understand why a particular URL was not acceptable. Since the API cannot point out a specific position within the URL for the problem, this now instead introduces a number of additional and more fine-grained error codes to allow the API to return more exactly in what "part" or section of the URL a problem was detected. Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously returned CURLUE_OK even if no zoneid existed. Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559 have been updated. Updated libcurl-errors.3 and curl_url_strerror() accordingly. Closes #8049
* urlapi: make Curl_is_absolute_url always use MAX_SCHEME_LENDaniel Stenberg2021-11-254-13/+15
| | | | | | | | | | | | Instad of having all callers pass in the maximum length, always use it. The passed in length is instead used only as the length of the target buffer for to storing the scheme name in, if used. Added the scheme max length restriction to the curl_url_set.3 man page. Follow-up to 45bcb2eaa78c79 Closes #8047
* urlapi: reject short file URLsDaniel Stenberg2021-11-231-0/+4
| | | | | | | | file URLs that are 6 bytes or shorter are not complete. Return CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify. Triggered by #8041 Closes #8042
* urlapi: cleanup scheme parsingStefan Eissing2021-11-221-16/+22
| | | | | | | Makea Curl_is_absolute_url() always leave a defined 'buf' and avoids copying on urls that do not start with a scheme. Closes #8043
* rustls: remove comment about checking handshakingJacob Hoffman-Andrews2021-11-201-3/+0
| | | | | | | | The comment is incorrect in two ways: - It says the check needs to be last, but the check is actually first. - is_handshaking actually starts out true. Closes #8038
* openssl: use non-deprecated API to read key parametersMarcel Raad2021-11-201-28/+66
| | | | | | | With OpenSSL 3.0, the parameters are read directly from the `EVP_PKEY` using `EVP_PKEY_get_bn_param`. Closes https://github.com/curl/curl/pull/7893
* openssl: reduce code duplicationMarcel Raad2021-11-201-25/+12
| | | | | | `BN_print`'s `BIGNUM` parameter has been `const` since OpenSSL 0.9.4. Closes https://github.com/curl/curl/pull/7893
View Lorry Controller Status