| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
When not resolving the address locallly (known as socks5h).
Add test 719 and 720 to verify.
Reported-by: Peter Piekarski
Fixes #8216
Closes #8217
|
|
|
|
|
|
|
|
|
| |
Follow-up to 21248e052d
Disabling "assignment within conditional expression" for MSVC needs to
be done before the function starts, for it to take effect.
Closes #8218
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
"As a last resort, you can access the field foo of a structure bar by
writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk,
since such code is likely to break in a future minor version of Mbed
TLS." -
https://github.com/ARMmbed/mbedtls/blob/f2d1199edc5834df4297f247f213e614f7782d1d/docs/3.0-migration-guide.md
That future minor version is v3.1.0. I set the >= to == for the version
checks because v3.1.0 is a release, and I am not sure when the private
designation was reverted after v3.0.0.
Closes #8214
|
|
|
|
|
|
| |
Extended test 1560 to verify
Closes #8206
|
|
|
|
| |
Closes #8212
|
| |
|
|
|
|
| |
Follow-up to 8fbd6feddfa5 to make it build more universally
|
|
|
|
|
|
|
|
|
|
| |
... and double-check in the OpenSSL shutdown that the socket is actually
still there before it is used.
Fixes #8193
Closes #8195
Reported-by: Leszek Kubik
|
|
|
|
| |
Closes #8178
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make ngtcp2+quictls correctly acknowledge `CURLOPT_SSL_VERIFYPEER` and
`CURLOPT_SSL_VERIFYHOST`.
The name check now uses a function from lib/vtls/openssl.c which will
need attention for when TLS is not done by OpenSSL or is disabled while
QUIC is enabled.
Possibly the servercert() function in openssl.c should be adjusted to be
able to use for both regular TLS and QUIC.
Ref: #8173
Closes #8178
|
|
|
|
|
| |
Co-authored-by: Jay Satiro
Closes #8180
|
|
|
|
| |
Closes #8183
|
|
|
|
| |
Closes #8182
|
|
|
|
| |
Closes #8181
|
|
|
|
|
|
|
| |
The httpcode < 100 check was also triggered when none of the fields were
parsed, thus making the if(!nc) block unreachable.
Closes #8171
|
|
|
|
|
|
|
|
|
| |
The string is set by the user and needs to remain intact for proper
connection reuse etc.
Reported-by: Eric Musser
Fixes #8160
Closes #8161
|
|
|
|
|
|
| |
Consistency is king. Following the lead in everything curl.
Closes #8159
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change OpenSSL_version was only detected in configure
builds. For other builds the old version parsing code was used which
would result in incorrect versioning for OpenSSL 3:
Before:
curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.0a zlib/1.2.11
WinIDN libssh2/1.9.0
After:
curl 7.80.0 (i386-pc-win32) libcurl/7.80.0 OpenSSL/3.0.1 zlib/1.2.11
WinIDN libssh2/1.9.0
Reported-by: lllaffer@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/8154
Closes https://github.com/curl/curl/pull/8155
|
|
|
|
|
|
|
| |
Overhaul to make sure functions that detect errors bail out early with
error rather than trying to continue and risk hiding the problem.
Closes #8147
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Early check proper LDAP URL syntax. Reject URLs with a userinfo part.
- Use dynamic memory for ldap_init_fd() URL rather than a
stack-allocated buffer.
- Never chase referrals: supporting it would require additional parallel
connections and alternate authentication credentials.
- Do not wait 1 microsecond while polling/reading query response data.
- Store last received server code for retrieval with CURLINFO_RESPONSE_CODE.
Closes #8140
|
|
|
|
| |
Closes #8148
|
|
|
|
|
|
|
| |
The memory passed to mbedTLS for this needs to be null terminated.
Reported-by: Florian Van Heghe
Closes #8146
|
|
|
|
| |
Closes #8142
|
| |
|
|
|
|
|
|
|
|
|
| |
Since the mbedTLS API requires the data to the null terminated.
Follow-up to 456c53730d21b1fad0c7f72c1817
Fixes #8139
Closes #8145
|
|
|
|
|
|
|
| |
and take care of zero-length values, avoiding conversion to base64
and/or trailing spaces.
Closes #8136
|
|
|
|
| |
Closes #8133
|
|
|
|
|
|
|
|
| |
Upon receiving large result sets, this reduces memory consumption and
allows starting to output results while the transfer is still in
progress.
Closes #8101
|
|
|
|
|
|
| |
This makes Curl_hash_init() infallible which saves error paths.
Closes #8132
|
|
|
|
|
|
|
|
|
| |
Since each socket hash entry may themselves have a hash table in them,
the destroying of the socket hash needs to make sure all the subhashes
are also correctly destroyed to avoid leaking memory.
Fixes #8129
Closes #8131
|
|
|
|
|
|
| |
For example trying to add entries after the hash has been "cleaned up"
Closes #8115
|
|
|
|
|
|
|
|
|
|
|
|
| |
The callbacks were partially documented to support this. Now the
behavior is documented and returning error from either of these
callbacks will effectively kill all currently ongoing transfers.
Added test 530 to verify
Reported-by: Marcelo Juchem
Fixes #8083
Closes #8089
|
|
|
|
|
|
|
|
|
| |
If curl_url() returns NULL this should return early to avoid mistakes -
even if right now the subsequent function invokes are all OK.
Coverity (wrongly) pointed out this as a NULL deref.
Closes #8100
|
|
|
|
|
|
|
| |
As this introduces use of CURLOPT_USE_SSL option for LDAP, also check
this option in ldap.c as it is not supported by this backend.
Closes #8065
|
|
|
|
|
|
|
|
|
|
| |
This is a regression since 7.62.0 (fb30ac5a2d).
Updated test 1560 accordingly
Reported-by: Brad Fitzpatrick
Fixes #8090
Closes #8091
|
|
|
|
|
| |
Fixes #8079
Closes #8081
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this change the build number was not checked during version
comparison, and the platform id was supposed to be checked but wasn't.
Checking the build number is required for enabling "evergreen"
Windows 10/11 features (like TLS 1.3).
Ref: https://github.com/curl/curl/pull/7784
Closes https://github.com/curl/curl/pull/7824
Closes https://github.com/curl/curl/pull/7867
|
|
|
|
|
|
| |
- On mismatch error show sha256 fingerprint in base64 format.
Prior to this change the fingerprint was mistakenly printed in binary.
|
|
|
|
| |
Closes #8078
|
|
|
|
| |
Closes #8071
|
|
|
|
|
|
|
|
|
| |
https://datatracker.ietf.org/doc/html/rfc7616#section-3.4.4
... the client MUST calculate a hash of the username after
any other hash calculation ...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
Closes #8066
|
|
|
|
| |
Closes #8054
|
|
|
|
|
|
|
|
|
|
|
|
| |
- accept `-schannel` as an alternative to `CFG` option `-winssl`
(latter still accepted, but deprecated)
- rename internal variable `WINSSL` to `SCHANNEL`
- make the `CFG` option evaluation shorter, without repeating the option
name
Reviewed-by: Marcel Raad
Reviewed-by: Daniel Stenberg
Closes #8053
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the return code CURLUE_MALFORMED_INPUT was used for almost
30 different URL format violations. This made it hard for users to
understand why a particular URL was not acceptable. Since the API cannot
point out a specific position within the URL for the problem, this now
instead introduces a number of additional and more fine-grained error
codes to allow the API to return more exactly in what "part" or section
of the URL a problem was detected.
Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously
returned CURLUE_OK even if no zoneid existed.
Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559
have been updated.
Updated libcurl-errors.3 and curl_url_strerror() accordingly.
Closes #8049
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instad of having all callers pass in the maximum length, always use
it. The passed in length is instead used only as the length of the
target buffer for to storing the scheme name in, if used.
Added the scheme max length restriction to the curl_url_set.3 man page.
Follow-up to 45bcb2eaa78c79
Closes #8047
|
|
|
|
|
|
|
|
| |
file URLs that are 6 bytes or shorter are not complete. Return
CURLUE_MALFORMED_INPUT for those. Extended test 1560 to verify.
Triggered by #8041
Closes #8042
|
|
|
|
|
|
|
| |
Makea Curl_is_absolute_url() always leave a defined 'buf' and avoids
copying on urls that do not start with a scheme.
Closes #8043
|
|
|
|
|
|
|
|
| |
The comment is incorrect in two ways:
- It says the check needs to be last, but the check is actually first.
- is_handshaking actually starts out true.
Closes #8038
|
|
|
|
|
|
|
| |
With OpenSSL 3.0, the parameters are read directly from the `EVP_PKEY`
using `EVP_PKEY_get_bn_param`.
Closes https://github.com/curl/curl/pull/7893
|
|
|
|
|
|
| |
`BN_print`'s `BIGNUM` parameter has been `const` since OpenSSL 0.9.4.
Closes https://github.com/curl/curl/pull/7893
|