summaryrefslogtreecommitdiff
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* tool_operate: Don't use Windows CA store as a fallbackJay Satiro2020-06-221-8/+0
| | | | | | | | | | | | | | | | | | | | | | | Background: 148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides CURLOPT_CAINFO if both are set. The curl tool will fall back to CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set via CURLOPT_CAINFO. Problem: libcurl may be built with hardcoded paths to a certificate bundle or directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are ignored. Solution: A solution is still being discussed but since there's an impending release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool. Ref: https://github.com/curl/curl/issues/5585
* tool_getparam: -i is not OK if -J is usedDaniel Stenberg2020-06-222-18/+9
| | | | | Reported-by: sn on hackerone Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
* urlglob: treat literal IPv6 addresses with zone IDs as a host nameDaniel Stenberg2020-06-181-20/+27
| | | | | | | | | | ... and not as a "glob". Now done by passing the supposed host to the URL parser which supposedly will do a better job at identifying "real" numerical IPv6 addresses. Reported-by: puckipedia on github Fixes #5576 Closes #5579
* tool_getparam: repair the error message for unknown flagDaniel Stenberg2020-06-181-1/+2
| | | | | | | Follow-up to 9e5669f3880674 Detected by Coverity CID 1464582 ("Logically dead code") Closes #5577
* tool_getparam: fix memory leak in parse_argsJay Satiro2020-06-091-0/+2
| | | | | | | | | Prior to this change in Windows Unicode builds most parsed options would not be freed. Found using _CrtDumpMemoryLeaks(). Ref: https://github.com/curl/curl/issues/5545
* tool_cfgable: free login_options at exitDaniel Stenberg2020-06-081-0/+1
| | | | | | | Memory leak Reported-by: Geeknik Labs Fixes #5535 Closes #5536
* all: fix codespell errorsViktor Szakats2020-05-251-1/+1
| | | | | | Reviewed-by: Jay Satiro Reviewed-by: Daniel Stenberg Closes https://github.com/curl/curl/pull/5452
* copyright: updated year ranges out of syncDaniel Stenberg2020-05-241-1/+1
| | | | ... and whitelisted a few more files in the the copyright.pl script.
* curl: remove -J "informational" written on stdoutDaniel Stenberg2020-05-231-4/+0
| | | | | | | | | | | curl would previously show "curl: Saved to filename 'name from header'" if -J was used and a name was picked from the Content-Disposition header. That output could interfer with other stdout output, such as -w. This commit removes that output line. Bug: https://curl.haxx.se/mail/archive-2020-05/0044.html Reported-by: Коваленко Анатолий Викторович Closes #5435
* tool_paramhlp: fixup C89 mistakeDaniel Stenberg2020-05-191-2/+1
| | | | Follow-up to c5f0a9db22.
* tool_paramhlp: fixed potentially uninitialized strtol() variableSiva Sivaraman2020-05-191-0/+1
| | | | | | | Seems highly unlikely to actually be possible, but better safe than sorry. Closes #5417
* tool_operate: fixed potentially uninitialized variablesSiva Sivaraman2020-05-191-5/+5
| | | | | | | ... in curl_easy_getinfo() calls. They're harmless but clearing the variables makes the code safer and comforts the reader. Closes #5416
* setopt: support certificate options in memory with struct curl_blobGilles Vollant2020-05-152-1/+94
| | | | | | | | | | | | | This change introduces a generic way to provide binary data in setopt options, called BLOBs. This change introduces these new setopts: CURLOPT_ISSUERCERT_BLOB, CURLOPT_PROXY_SSLCERT_BLOB, CURLOPT_PROXY_SSLKEY_BLOB, CURLOPT_SSLCERT_BLOB and CURLOPT_SSLKEY_BLOB. Reviewed-by: Daniel Stenberg Closes #5357
* source cleanup: remove all custom typedef structsDaniel Stenberg2020-05-1512-181/+176
| | | | | | | | | | | - Stick to a single unified way to use structs - Make checksrc complain on 'typedef struct {' - Allow them in tests, public headers and examples - Let MD4_CTX, MD5_CTX, and SHA256_CTX typedefs remain as they actually typedef different types/structs depending on build conditions. Closes #5338
* tool: support UTF-16 command line on WindowsMarcel Raad2020-05-143-10/+22
| | | | | | | | | | | | | | | | | | - use `wmain` instead of `main` when `_UNICODE` is defined [0] - define `argv_item_t` as `wchar_t *` in this case - use the curl_multibyte gear to convert the command-line arguments to UTF-8 This makes it possible to pass parameters with characters outside of the current locale on Windows, which is required for some tests, e.g. the IDN tests. Out of the box, this currently only works with the Visual Studio project files, which default to Unicode, and winbuild with the `ENABLE_UNICODE` option. [0] https://devblogs.microsoft.com/oldnewthing/?p=40643 Ref: https://github.com/curl/curl/issues/3747 Closes https://github.com/curl/curl/pull/3784
* curl_multibyte: add to curlxMarcel Raad2020-05-141-2/+4
| | | | | | | This will also be needed in the tool and tests. Ref: https://github.com/curl/curl/pull/3758#issuecomment-482197512 Closes https://github.com/curl/curl/pull/3784
* checksrc: enhance the ASTERISKSPACE and update code accordinglyDaniel Stenberg2020-05-141-2/+2
| | | | | | | | Fine: "struct hello *world" Not fine: "struct hello* world" (and variations) Closes #5386
* tool: shorten 3 --help descriptionsDaniel Stenberg2020-05-131-16/+17
| | | | | | | | --happy-eyeballs-timeout-ms, --resolve and --ssl-revoke-best-effort gen.pl already warned about these lines but we didn't listen Closes #5379
* retry-all-errors.d: Shorten the summary lineJay Satiro2020-05-121-1/+1
| | | | | | | | Follow-up to b995bb5 from a few moments ago. Reported-by: Daniel Stenberg Ref: https://github.com/curl/curl/commit/b995bb5#r39108929
* tool: Add option --retry-all-errors to retry on any errorJay Satiro2020-05-124-0/+12
| | | | | | The "sledgehammer" of retrying. Closes https://github.com/curl/curl/pull/5185
* tool_operate: only set CURLOPT_SSL_OPTIONS if SSL support is presentDaniel Stenberg2020-05-101-17/+18
| | | | | | | Reported-by: Marcel Raad Follow-up to 148534db5 Fixes #5367 Closes #5369
* CURLOPT_SSL_OPTIONS: add *_NATIVE_CA to use Windows CA store (with openssl)Gilles Vollant2020-05-083-0/+14
| | | | Closes #4346
* tool: do not declare functions with Curl_ prefixDaniel Stenberg2020-04-144-47/+41
| | | | | | | | | To avoid collision risks with private libcurl symbols when linked with static versions (or just versions not hiding internal symbols). Reported-by: hydra3333 on github Fixes #5219 Closes #5234
* cmake: add aliases so exported target names are available in treeNathaniel R. Lewis2020-04-131-1/+6
| | | | | Reviewed-by: Brad King Closes #5206
* curl: allow both --etag-compare and --etag-save with same file nameKwon-Young Choi2020-04-051-30/+30
| | | | | | | | | | | | This change inverse the order of processing for the --etag-compare and --etag-save option to process first --etag-compare. This in turn allows to use the same file name to compare and save an etag. The original behavior of not failing if the etag file does not exists is conserved. Fixes #5179 Closes #5180
* misc: copyright year updatesDaniel Stenberg2020-03-311-1/+1
| | | | Follow-up to 7a71965e9
* build: fixed build for systems with select() in unistd.hHarry Sintonen2020-03-312-0/+4
| | | | Closes #5169
* cleanup: insert newline after if() conditionsDaniel Stenberg2020-03-301-1/+2
| | | | | Our code style mandates we put the conditional block on a separate line. These mistakes are now detected by the updated checksrc.
* curl.h: remnove CURL_VERSION_ESNI. Never supported nor documentedDaniel Stenberg2020-03-291-1/+0
| | | | | | Considered experimental and therefore we can do this. Closes #5157
* writeout_json: Fix data type issuesMichael Kaufmann2020-03-273-5/+19
| | | | | | | | | | | | | | | Load long values correctly (e.g. for http_code). Use curl_off_t (not long) for: - size_download (CURLINFO_SIZE_DOWNLOAD_T) - size_upload (CURLINFO_SIZE_UPLOAD_T) The unit for these values is bytes/second, not microseconds: - speed_download (CURLINFO_SPEED_DOWNLOAD_T) - speed_upload (CURLINFO_SPEED_UPLOAD_T) Fixes #5131 Closes #5152
* docs/make: generate curl.1 from listed files onlyDaniel Stenberg2020-03-261-1/+1
| | | | | | | | | | | | | Previously it rendered the page from files matching "*.d" in the correct directory, which worked fine in git builds when the files were added but made it easy to forget adding the files to the dist. Now, only man page sections listed in DPAGES in Makefile.inc will be used, thus "forcing" us to update this to get the man page right and get it included in the dist at the same time. Ref: #5146 Closes #5149
* copyright: fix out-of-date copyright ranges and missing headersDaniel Stenberg2020-03-248-6/+69
| | | | | | | | | Reported by the new script 'scripts/copyright.pl'. The script has a regex whitelist for the files that don't need copyright headers. Removed three (mostly usesless) README files from docs/ Closes #5141
* cmdline: fix handling of OperationConfig linked list (--next)Rici Lake2020-03-202-2/+4
| | | | | | | | | | Ensures that -K/--config inserts new items at the end of the list instead of overwriting the second item, and that after a -K/--config option has been parsed, the option parser's view of the current config is update. Fixes #5120 Closes #5123
* writeout_json: use curl_off_t printf() option for the time outputDaniel Stenberg2020-03-181-1/+2
| | | | | | Follow-up to: 04c03416e68fd635a15 Closes #5115
* tool_setopt: correct the copyright year rangeDaniel Stenberg2020-03-181-1/+1
| | | | Follow-up to 5450428491
* schannel: add "best effort" revocation check optionJohannes Schindelin2020-03-185-1/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and --ssl-revoke-best-effort to allow a "best effort" revocation check. A best effort revocation check ignores errors that the revocation check was unable to take place. The reasoning is described in detail below and discussed further in the PR. --- When running e.g. with Fiddler, the schannel backend fails with an unhelpful error message: Unknown error (0x80092012) - The revocation function was unable to check revocation for the certificate. Sadly, many enterprise users who are stuck behind MITM proxies suffer the very same problem. This has been discussed in plenty of issues: https://github.com/curl/curl/issues/3727, https://github.com/curl/curl/issues/264, for example. In the latter, a Microsoft Edge developer even made the case that the common behavior is to ignore issues when a certificate has no recorded distribution point for revocation lists, or when the server is offline. This is also known as "best effort" strategy and addresses the Fiddler issue. Unfortunately, this strategy was not chosen as the default for schannel (and is therefore a backend-specific behavior: OpenSSL seems to happily ignore the offline servers and missing distribution points). To maintain backward-compatibility, we therefore add a new flag (`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option (`--ssl-revoke-best-effort`) to select the new behavior. Due to the many related issues Git for Windows and GitHub Desktop, the plan is to make this behavior the default in these software packages. The test 2070 was added to verify this behavior, adapted from 310. Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Closes https://github.com/curl/curl/pull/4981
* windows: suppress UI in all CryptAcquireContext() callsViktor Szakats2020-03-171-6/+6
| | | | | | Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters Reviewed-by: Marc Hörsken Closes https://github.com/curl/curl/pull/5088
* writeout_json: add missing comma to fix the HTTP versionDaniel Stenberg2020-03-171-1/+1
| | | | Follow-up to 04c03416e68fd635a15
* writeout: support to generate JSON outputMathias Gumz2020-03-175-83/+347
| | | | | | | | | | | | | | | | This commit adds support to generate JSON via the writeout feature: -w "%{json}" It leverages the existing infrastructure as much as possible. Thus, generating the JSON on STDERR is possible by: -w "%{stderr}%{json}" This implements a variant of https://github.com/curl/curl/wiki/JSON#--write-out-json. Closes #4870
* tool_operate: fix add_parallel_transfers when more are in queueDaniel Stenberg2020-03-161-1/+1
| | | | | | | | | | | | Trying to return early from the function if no new transfers were added would break the "morep" argument and cause issues. This could lead to zero content "transfers" (within quotes since they would never be started) when parallel-max was reduced. Reported-by: Gavin Wong Analyzed-by: Jay Satiro Fixes #4937 Closes #5112
* Makefile.m32: Improve windres parameter compatibilityJay Satiro2020-03-141-1/+1
| | | | | | | | | | | | - s/COFF/coff/ Some versions of windres do not recognize uppercase COFF as a valid way to specify the COFF output format. Reported-by: Steven Penny Fixes https://github.com/curl/curl/issues/5099 Closes https://github.com/curl/curl/pull/5101
* tool_cb_see: set correct copyright year rangeDaniel Stenberg2020-03-072-2/+2
| | | | Follow-up to a39e5bfb9
* seek: fix fallback for missing ftruncate on WindowsMarc Hoersken2020-03-072-7/+6
| | | | | | | | This fixes test 198 on versions of MinGW-w64 without ftruncate Reviewed-By: Daniel Stenberg Reviewed-By: Marcel Raad Closes #5055
* polarssl: Additional removalSteve Holme2020-03-011-63/+0
| | | | | | | Follow up to 6357a19f. Reviewed-by: Daniel Stenberg Closes #5004
* cleanup: comment typosDaniel Stenberg2020-02-211-2/+2
| | | | | | Spotted by 'codespell' Closes #4957
* win32: USE_WIN32_CRYPTO to enable Win32 based MD4, MD5 and SHA256 functionsSteve Holme2020-02-201-2/+2
| | | | | | | | | Whilst lib\md4.c used this pre-processor, lib\md5.c and src\tool_metalink.c did not and simply relied on the WIN32 pre-processor directive. Reviewed-by: Marcel Raad Closes #4955
* nit: Copyright year out of dateDaniel Stenberg2020-02-194-4/+4
| | | | Follow-up to 1fc0617dcc
* tool_util: Improve Windows version of tvnow()Jay Satiro2020-02-184-32/+70
| | | | | | | | | | | | | | | | | | | | | | | | | - Change tool_util.c tvnow() for Windows to match more closely to timeval.c Curl_now(). - Create a win32 init function for the tool, since some initialization is required for the tvnow() changes. Prior to this change the monotonic time function used by curl in Windows was determined at build-time and not runtime. That was a problem because when curl was built targeted for compatibility with old versions of Windows (eg _WIN32_WINNT < 0x0600) it would use GetTickCount which wraps every 49.7 days that Windows has been running. This change makes curl behave similar to libcurl's tvnow function, which determines at runtime whether the OS is Vista+ and if so calls QueryPerformanceCounter instead. (Note QueryPerformanceCounter is used because it has higher resolution than the more obvious candidate GetTickCount64). The changes to tvnow are basically a copy and paste but the types in some cases are different. Ref: https://github.com/curl/curl/issues/3309 Closes https://github.com/curl/curl/pull/4847
* tool_home: Fix the copyright year being out of dateSteve Holme2020-02-131-1/+1
| | | | Follow up to 9dc350b6.
* tool_homedir: Change GetEnv() to use libcurl's curl_getenv()Jay Satiro2020-02-121-31/+24
| | | | | | | | | | | | | | | | | | | | | | - Deduplicate GetEnv() code. - On Windows change ultimate call to use Windows API GetEnvironmentVariable() instead of C runtime getenv(). Prior to this change both libcurl and the tool had their own GetEnv which over time diverged. Now the tool's GetEnv is a wrapper around curl_getenv (libcurl API function which is itself a wrapper around libcurl's GetEnv). Furthermore this change fixes a bug in that Windows API GetEnvironmentVariable() is called instead of C runtime getenv() to get the environment variable since some changes aren't always visible to the latter. Reported-by: Christoph M. Becker Fixes https://github.com/curl/curl/issues/4774 Closes https://github.com/curl/curl/pull/4863
View Lorry Controller Status