summaryrefslogtreecommitdiff
path: root/lib
Commit message (Collapse)AuthorAgeFilesLines
* ntlm: Moved the HMAC MD5 function into the HMAC module as a generic functionSteve Holme2020-02-243-31/+56
|
* md4: Use const for the length input parameterSteve Holme2020-02-232-3/+6
| | | | This keeps the interface the same as md5 and sha256.
* ntlm: Removed the dependency on the TLS libaries when using MD5Steve Holme2020-02-232-12/+11
| | | | | | | As we have our own MD5 implementation use the MD5 wrapper to remove the TLS dependency. Closes #4967
* md5/sha256: Updated the functions to allow non-string data to be hashedSteve Holme2020-02-235-37/+32
|
* digest: Corrected the name of the local HTTP digest functionSteve Holme2020-02-231-12/+12
| | | | | Follow up to 2b5b37cb. Local static functions do not require the Curl prefix.
* tests: Added a unit test for SHA256 digest generationSteve Holme2020-02-222-4/+10
| | | | | | Follow up to 2b5b37c. Closes #4968
* md4: Fixed compilation issues when using GNU TLS gcryptSteve Holme2020-02-221-4/+7
| | | | | | | | | | * Don't include 'struct' in the gcrypt MD4_CTX typedef * The call to gcry_md_read() should use a dereferenced ctx * The call to gcry_md_close() should use a dereferenced ctx Additional minor whitespace issue in the USE_WIN32_CRYPTO code. Closes #4959
* http2: now require nghttp2 >= 1.12.0Daniel Stenberg2020-02-211-47/+5
| | | | | | | | | To simplify our code and since earlier versions lack important function calls libcurl needs to function correctly. nghttp2 1.12.0 was relased on June 26, 2016. Closes #4961
* gtls: fix the copyright yearDaniel Stenberg2020-02-211-1/+1
| | | | Follow-up from 41fcb4f609
* GnuTLS: Always send client certjethrogb2020-02-211-1/+1
| | | | | | | | | | | | | | TLS servers may request a certificate from the client. This request includes a list of 0 or more acceptable issuer DNs. The client may use this list to determine which certificate to send. GnuTLS's default behavior is to not send a client certificate if there is no match. However, OpenSSL's default behavior is to send the configured certificate. The `GNUTLS_FORCE_CLIENT_CERT` flag mimics OpenSSL behavior. Authored-by: jethrogb on github Fixes #1411 Closes #4958
* cleanup: comment typosDaniel Stenberg2020-02-214-5/+3
| | | | | | Spotted by 'codespell' Closes #4957
* win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functionsSteve Holme2020-02-202-3/+5
| | | | | | | | | Whilst lib\md4.c used this pre-processor, lib\md5.c and src\tool_metalink.c did not and simply relied on the WIN32 pre-processor directive. Reviewed-by: Marcel Raad Closes #4955
* connect: remove some spurious infof() callsDaniel Stenberg2020-02-191-7/+0
| | | | | | | As they were added primarily for debugging, they provide little use for users. Closes #4951
* nit: Copyright year out of dateDaniel Stenberg2020-02-192-2/+2
| | | | Follow-up to 1fc0617dcc
* tool_util: Improve Windows version of tvnow()Jay Satiro2020-02-182-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | - Change tool_util.c tvnow() for Windows to match more closely to timeval.c Curl_now(). - Create a win32 init function for the tool, since some initialization is required for the tvnow() changes. Prior to this change the monotonic time function used by curl in Windows was determined at build-time and not runtime. That was a problem because when curl was built targeted for compatibility with old versions of Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps every 49.7 days that Windows has been running. This change makes curl behave similar to libcurl's tvnow function, which determines at runtime whether the OS is Vista+ and if so calls QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used because it has higher resolution than the more obvious candidate GetTickCount64). The changes to tvnow are basically a copy and paste but the types in some cases are different. Ref: https://github.com/curl/curl/issues/3309 Closes https://github.com/curl/curl/pull/4847
* SOCKS: fix typo in printf formattingDaniel Stenberg2020-02-181-1/+1
| | | | | | | Follow-up to 4a4b63daa Reported-by: Peter Piekarski Bug: https://github.com/curl/curl/commit/4a4b63daaa01ef59b131d91e8e6e6dfe275c0f08#r37351330
* altsvc: make saving the cache an atomic operationDaniel Stenberg2020-02-183-17/+39
| | | | | | | | ... by writing the file to temp name then rename to the final when done. Assisted-by: Jay Satiro Fixes #4936 Closes #4942
* rename: a new file for Curl_rename()Daniel Stenberg2020-02-184-28/+93
| | | | And make the cookie save function use it.
* cookies: make saving atomic with a renameDaniel Stenberg2020-02-171-16/+63
| | | | | | | | | | Saves the file as "[filename].[8 random hex digits].tmp" and renames away the extension when done. Co-authored-by: Jay Satiro Reported-by: Mike Frysinger Fixes #4914 Closes #4926
* socks: make the connect phase non-blockingDaniel Stenberg2020-02-1711-535/+817
| | | | | | Removes two entries from KNOWN_BUGS. Closes #4907
* multi: if Curl_readwrite sets 'comeback' use expire, not loopDaniel Stenberg2020-02-161-2/+7
| | | | | | | Otherwise, a very fast single transfer ricks starving out other concurrent transfers. Closes #4927
* ftp: convert 'sock_accepted' to a plain booleanDaniel Stenberg2020-02-163-6/+5
| | | | | | | This was an array indexed with sockindex but it was only ever used for the secondary socket. Closes #4929
* tool_home: Fix the copyright year being out of dateSteve Holme2020-02-131-1/+1
| | | | Follow up to 9dc350b6.
* tool_homedir: Change GetEnv() to use libcurl's curl_getenv()Jay Satiro2020-02-121-11/+34
| | | | | | | | | | | | | | | | | | | | | | - Deduplicate GetEnv() code. - On Windows change ultimate call to use Windows API GetEnvironmentVariable() instead of C runtime getenv(). Prior to this change both libcurl and the tool had their own GetEnv which over time diverged. Now the tool's GetEnv is a wrapper around curl_getenv (libcurl API function which is itself a wrapper around libcurl's GetEnv). Furthermore this change fixes a bug in that Windows API GetEnvironmentVariable() is called instead of C runtime getenv() to get the environment variable since some changes aren't always visible to the latter. Reported-by: Christoph M. Becker Fixes https://github.com/curl/curl/issues/4774 Closes https://github.com/curl/curl/pull/4863
* strerror.h: Copyright year out of dateDaniel Stenberg2020-02-121-1/+1
| | | | Follow-up to 1c4fa67e8a8fcf6
* strerror: Increase STRERROR_LEN 128 -> 256Jay Satiro2020-02-121-1/+1
| | | | | | | | | | STRERROR_LEN is the constant used throughout the library to set the size of the buffer on the stack that the curl strerror functions write to. Prior to this change some extended length Windows error messages could be truncated. Closes https://github.com/curl/curl/pull/4920
* multi: fix outdated commentJay Satiro2020-02-121-2/+2
| | | | | | | | | | - Do not say that conn->data is "cleared" by multi_done(). If the connection is in use then multi_done assigns another easy handle still using the connection to conn->data, therefore in that case it is not cleared. Closes https://github.com/curl/curl/pull/4901
* easy: remove dead codeJay Satiro2020-02-121-4/+0
| | | | | | multi is already assigned to data->multi by curl_multi_add_handle. Closes https://github.com/curl/curl/pull/4900
* smtp: Simplify the MAIL command and avoid a duplication of send stringsSteve Holme2020-02-091-12/+7
| | | | | | | | This avoids the duplication of strings when the optional AUTH and SIZE parameters are required. It also assists with the modifications that are part of #4892. Closes #4903
* altsvc: keep a copy of the file name to survive handle resetDaniel Stenberg2020-02-091-1/+16
| | | | | | | | | | | | The alt-svc cache survives a call to curl_easy_reset fine, but the file name to use for saving the cache was cleared. Now the alt-svc cache has a copy of the file name to survive handle resets. Added test 1908 to verify. Reported-by: Craig Andrews Fixes #4898 Closes #4902
* url: Include the failure reason when curl_win32_idn_to_ascii() failsSteve Holme2020-02-091-1/+3
| | | | | | | Provide the failure reason in the failf() info just as we do for the libidn2 version of code. Closes #4899
* asyn-thread: remove dead codeJay Satiro2020-02-091-3/+0
|
* digest: Do not quote algorithm in HTTP authorisationPierre-Yves Bigourdan2020-02-071-2/+2
| | | | | | | | | | RFC 7616 section 3.4 (The Authorization Header Field) states that "For historical reasons, a sender MUST NOT generate the quoted string syntax for the following parameters: algorithm, qop, and nc". This removes the quoting for the algorithm parameter. Reviewed-by: Steve Holme Closes #4890
* ftp: remove the duplicated user/password struct fieldsDaniel Stenberg2020-02-072-14/+3
| | | | Closes #4887
* ftp: remove superfluous checking for crlf in user or pwdDaniel Stenberg2020-02-071-17/+0
| | | | | | | | | ... as this is already done much earlier in the URL parser. Also add test case 894 that verifies that pop3 with an encodedd CR in the user name is rejected. Closes #4887
* ntlm_wb: Use Curl_socketpair() for greater portabilitySteve Holme2020-02-061-1/+1
| | | | | Reported-by: Daniel Stenberg Closes #4886
* ftp: shrink temp buffers used for PORTDaniel Stenberg2020-02-051-5/+6
| | | | | | | These two stack based buffers only need to be 46 + 66 bytes instead of 256 + 1024. Closes #4880
* altsvc: set h3 version at a common single spotDaniel Stenberg2020-02-041-11/+8
| | | | | | | | ... and move the #ifdefs out of the functions. Addresses the fact they were different before this change. Reported-by: Harry Sintonen Closes #4876
* altsvc: improved header parserHarry Sintonen2020-02-041-73/+98
| | | | | | | | | | | | | - Fixed the flag parsing to apply to specific alternative entry only, as per RFC. The earlier code would also get totally confused by multiprotocol header, parsing flags from the wrong part of the header. - Fixed the parser terminating on unknown protocols, instead of skipping them. - Fixed a busyloop when protocol-id was present without an equal sign. Closes #4875
* ngtcp2: fixed to only use AF_INET6 when ENABLE_IPV6Harry Sintonen2020-02-041-0/+2
|
* ntlm: Pass the Curl_easy structure to the private winbind functionsSteve Holme2020-02-041-14/+21
| | | | ...rather than the full conndata structure.
* ntlm: Ensure the HTTP header data is not stored in the challenge/responseSteve Holme2020-02-032-14/+14
|
* openssl: remove redundant assignmentMarcel Raad2020-02-031-1/+0
| | | | | | Fixes a scan-build failure on Bionic. Closes https://github.com/curl/curl/pull/4872
* cleanup: fix typos and wording in docs and commentsPedro Monreal2020-02-025-7/+7
| | | | | Closes #4869 Reviewed-by: Emil Engler and Daniel Gustafsson
* ntlm: Move the winbind data into the NTLM data structureSteve Holme2020-02-023-41/+54
| | | | | To assist with adding winbind support to the SASL NTLM authentication, move the winbind specific data out of conndata into ntlmdata.
* quiche: Copyright year out of dateDaniel Stenberg2020-01-301-1/+1
| | | | Follow-up to 7fc63d72333a
* altsvc: use h3-25Daniel Stenberg2020-01-301-2/+2
| | | | Closes #4868
* quiche: update to draft-25Alessandro Ghedini2020-01-301-1/+1
| | | | Closes #4867
* ngtcp2: update to git master and its draft-25 supportDaniel Stenberg2020-01-291-1/+3
| | | | Closes #4865
* cookie: check __Secure- and __Host- case sensitivelyDaniel Stenberg2020-01-291-3/+3
| | | | | | | | | | While most keywords in cookies are case insensitive, these prefixes are specified explicitly to get checked "with a case-sensitive match". (From the 6265bis document in progress) Ref: https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-04 Closes #4864
View Lorry Controller Status