From b8673bb9f05013eef1ae413e15ac995e9d215641 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sat, 30 May 2015 01:29:48 -0400 Subject: openssl: Fix verification of server-sent legacy intermediates - Try building a chain using issuers in the trusted store first to avoid problems with server-sent legacy intermediates. Prior to this change server-sent legacy intermediates with missing legacy issuers would cause verification to fail even if the client's CA bundle contained a valid replacement for the intermediate and an alternate chain could be constructed that would verify successfully. https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest --- lib/vtls/openssl.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 6378e10ff..1df32558b 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -2013,6 +2013,20 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) data->set.str[STRING_SSL_CRLFILE]: "none"); } + /* Try building a chain using issuers in the trusted store first to avoid + problems with server-sent legacy intermediates. + Newer versions of OpenSSL do alternate chain checking by default which + gives us the same fix without as much of a performance hit (slight), so we + prefer that if available. + https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + */ +#if defined(X509_V_FLAG_TRUSTED_FIRST) && !defined(X509_V_FLAG_NO_ALT_CHAINS) + if(data->set.ssl.verifypeer) { + X509_STORE_set_flags(SSL_CTX_get_cert_store(connssl->ctx), + X509_V_FLAG_TRUSTED_FIRST); + } +#endif + /* SSL always tries to verify the peer, this only says whether it should * fail to connect if the verification fails, or if it should continue * anyway. In the latter case the result of the verification is checked with -- cgit v1.2.1 From 1a8926d12f416a1d6bc47ab55e38eb73d542128b Mon Sep 17 00:00:00 2001 From: Linus Nielsen Date: Mon, 8 Jun 2015 10:00:11 +0200 Subject: help: Add --proxy-service-name and --service-name to the --help output --- src/tool_help.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/tool_help.c b/src/tool_help.c index 3153fcdd9..46ae341fe 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -174,6 +174,10 @@ static const char *const helptext[] = { " --proxy-negotiate " "Use HTTP Negotiate (SPNEGO) authentication on the proxy (H)", " --proxy-ntlm Use NTLM authentication on the proxy (H)", +#if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) + " --proxy-service-name NAME SPNEGO proxy service name", + " --service-name NAME SPNEGO service name", +#endif " -U, --proxy-user USER[:PASSWORD] Proxy user and password", " --proxy1.0 HOST[:PORT] Use HTTP/1.0 proxy on given port", " -p, --proxytunnel Operate through a HTTP proxy tunnel (using CONNECT)", -- cgit v1.2.1 From 025dbe46df8385c3d0a76874758232e7eabc5013 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Mon, 8 Jun 2015 14:14:18 +0300 Subject: docs: man page indentation and syntax fixes --- docs/curl.1 | 7 ++++--- docs/mk-ca-bundle.1 | 4 ++-- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/curl.1 b/docs/curl.1 index 1d1bc8102..ea2efe48b 100644 --- a/docs/curl.1 +++ b/docs/curl.1 @@ -667,6 +667,7 @@ curl does one CWD with the full target directory and then operates on the file \&"normally" (like in the multicwd case). This is somewhat more standards compliant than 'nocwd' but without the full penalty of 'multicwd'. .RE +.IP (Added in 7.15.1) .IP "--ftp-pasv" (FTP) Use passive mode for the data connection. Passive is the internal default @@ -1227,7 +1228,7 @@ i.e "my.host.domain" to specify the machine make curl pick the same IP address that is already used for the control connection .RE - +.IP If this option is used several times, the last one will be used. Disable the use of PORT with \fI--ftp-pasv\fP. Disable the attempt to use the EPRT command instead of PORT by using \fI--disable-eprt\fP. EPRT is really PORT++. @@ -1434,7 +1435,7 @@ specifies 300 bytes from offset 500(H) .B 100-199,500-599 specifies two separate 100-byte ranges(*)(H) .RE - +.IP (*) = NOTE that this will cause the server to reply with a multipart response! @@ -1898,7 +1899,7 @@ displayed with millisecond resolution. The URL that was fetched last. This is most meaningful if you've told curl to follow location: headers. .RE - +.IP If this option is used several times, the last one will be used. .IP "-x, --proxy <[protocol://][user:password@]proxyhost[:port]>" Use the specified proxy. diff --git a/docs/mk-ca-bundle.1 b/docs/mk-ca-bundle.1 index 7d38dba26..164c9c343 100644 --- a/docs/mk-ca-bundle.1 +++ b/docs/mk-ca-bundle.1 @@ -43,7 +43,7 @@ curl, wget and more. The following options are supported: .IP -b backup an existing version of \fIoutputfilename\fP -.IP -d [name] +.IP "-d [name]" specify which Mozilla tree to pull certdata.txt from (or a custom URL). Valid names are: aurora, beta, central, mozilla, nss, release (default). They are shortcuts for which source tree to get the cert data from. @@ -70,7 +70,7 @@ DATA_ENCIPHERMENT, KEY_AGREEMENT, KEY_CERT_SIGN, CRL_SIGN, SERVER_AUTH (default), CLIENT_AUTH, CODE_SIGNING, EMAIL_PROTECTION, IPSEC_END_SYSTEM, IPSEC_TUNNEL, IPSEC_USER, TIME_STAMPING, STEP_UP_APPROVED .RE - +.IP Valid trust levels are: .RS ALL, TRUSTED_DELEGATOR (default), NOT_TRUSTED, MUST_VERIFY_TRUST, TRUSTED -- cgit v1.2.1 From 56b7663f73d44bf4774bfb934befb7071ed41280 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ville=20Skytt=C3=A4?= Date: Mon, 8 Jun 2015 14:22:54 +0300 Subject: docs: Spelling fixes --- docs/HTTP2.md | 2 +- docs/TODO | 2 +- docs/examples/curlx.c | 2 +- docs/examples/fopen.c | 6 +++--- docs/examples/ftpget.c | 2 +- docs/examples/ftpsget.c | 2 +- docs/examples/imap-ssl.c | 2 +- docs/examples/multi-post.c | 2 +- docs/examples/multi-single.c | 2 +- docs/examples/pop3-multi.c | 2 +- docs/examples/pop3-retr.c | 2 +- docs/examples/pop3-ssl.c | 4 ++-- docs/examples/pop3-tls.c | 2 +- docs/examples/postit2.c | 2 +- docs/examples/sftpget.c | 2 +- docs/examples/smtp-mail.c | 2 +- docs/examples/smtp-ssl.c | 2 +- docs/examples/xmlstream.c | 2 +- docs/libcurl/curl_multi_wait.3 | 2 +- docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 | 4 ++-- docs/libcurl/symbols.pl | 2 +- 21 files changed, 25 insertions(+), 25 deletions(-) diff --git a/docs/HTTP2.md b/docs/HTTP2.md index 863a3cee8..ea14e57c5 100644 --- a/docs/HTTP2.md +++ b/docs/HTTP2.md @@ -73,7 +73,7 @@ those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you can ask that a transfer should rather wait and see in case there's a connection for the same host in progress that might end up being possible to multiplex on. It favours keeping the number of connections low to the cost of -slightly longer time to first byte transfered. +slightly longer time to first byte transferred. Applications ------------ diff --git a/docs/TODO b/docs/TODO index 7791ea291..6d0e0854e 100644 --- a/docs/TODO +++ b/docs/TODO @@ -429,7 +429,7 @@ be the same as/similar to FTP. 11.2 Honor file timestamps -The timestamp of the transfered file should reflect that of the original file. +The timestamp of the transferred file should reflect that of the original file. 11.3 Use NTLMv2 diff --git a/docs/examples/curlx.c b/docs/examples/curlx.c index 89d5f407b..c68cf0ddb 100644 --- a/docs/examples/curlx.c +++ b/docs/examples/curlx.c @@ -490,7 +490,7 @@ int main(int argc, char **argv) { BIO_printf(p.errorbio,"the response has a correct mimetype : %s\n", response); else - BIO_printf(p.errorbio,"the reponse doesn\'t has an acceptable " + BIO_printf(p.errorbio,"the response doesn\'t have an acceptable " "mime type, it is %s instead of %s\n", response,mimetypeaccept); } diff --git a/docs/examples/fopen.c b/docs/examples/fopen.c index 4089bb433..9c575d329 100644 --- a/docs/examples/fopen.c +++ b/docs/examples/fopen.c @@ -108,7 +108,7 @@ static size_t write_callback(char *buffer, size=rembuff; } else { - /* realloc suceeded increase buffer size*/ + /* realloc succeeded increase buffer size*/ url->buffer_len+=size - rembuff; url->buffer=newbuff; } @@ -131,7 +131,7 @@ static int fill_buffer(URL_FILE *file, size_t want) CURLMcode mc; /* curl_multi_fdset() return code */ /* only attempt to fill buffer if transactions still running and buffer - * doesnt exceed required size already + * doesn't exceed required size already */ if((!file->still_running) || (file->buffer_pos > want)) return 0; @@ -229,7 +229,7 @@ static int use_buffer(URL_FILE *file,int want) URL_FILE *url_fopen(const char *url,const char *operation) { /* this code could check for URLs or types in the 'url' and - basicly use the real fopen() for standard files */ + basically use the real fopen() for standard files */ URL_FILE *file; (void)operation; diff --git a/docs/examples/ftpget.c b/docs/examples/ftpget.c index bcb42bb30..285283f72 100644 --- a/docs/examples/ftpget.c +++ b/docs/examples/ftpget.c @@ -53,7 +53,7 @@ int main(void) CURL *curl; CURLcode res; struct FtpFile ftpfile={ - "curl.tar.gz", /* name to store the file as if succesful */ + "curl.tar.gz", /* name to store the file as if successful */ NULL }; diff --git a/docs/examples/ftpsget.c b/docs/examples/ftpsget.c index 0cfe32024..dae453482 100644 --- a/docs/examples/ftpsget.c +++ b/docs/examples/ftpsget.c @@ -55,7 +55,7 @@ int main(void) CURL *curl; CURLcode res; struct FtpFile ftpfile={ - "yourfile.bin", /* name to store the file as if succesful */ + "yourfile.bin", /* name to store the file as if successful */ NULL }; diff --git a/docs/examples/imap-ssl.c b/docs/examples/imap-ssl.c index e42ff3922..eec9b0e31 100644 --- a/docs/examples/imap-ssl.c +++ b/docs/examples/imap-ssl.c @@ -60,7 +60,7 @@ int main(void) * they have mentioned in their server certificate's commonName (or * subjectAltName) fields, libcurl will refuse to connect. You can skip * this check, but this will make the connection less secure. */ -#ifdef SKIP_HOSTNAME_VERFICATION +#ifdef SKIP_HOSTNAME_VERIFICATION curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); #endif diff --git a/docs/examples/multi-post.c b/docs/examples/multi-post.c index f511d66fd..5bfdcfd1e 100644 --- a/docs/examples/multi-post.c +++ b/docs/examples/multi-post.c @@ -64,7 +64,7 @@ int main(void) curl = curl_easy_init(); multi_handle = curl_multi_init(); - /* initalize custom header list (stating that Expect: 100-continue is not + /* initialize custom header list (stating that Expect: 100-continue is not wanted */ headerlist = curl_slist_append(headerlist, buf); if(curl && multi_handle) { diff --git a/docs/examples/multi-single.c b/docs/examples/multi-single.c index 47e23f5a9..a43a9f523 100644 --- a/docs/examples/multi-single.c +++ b/docs/examples/multi-single.c @@ -81,7 +81,7 @@ int main(void) } /* 'numfds' being zero means either a timeout or no file descriptors to - wait for. Try timeout on first occurance, then assume no file + wait for. Try timeout on first occurrence, then assume no file descriptors and no file descriptors to wait for means wait for 100 milliseconds. */ diff --git a/docs/examples/pop3-multi.c b/docs/examples/pop3-multi.c index 435308623..6df09a263 100644 --- a/docs/examples/pop3-multi.c +++ b/docs/examples/pop3-multi.c @@ -69,7 +69,7 @@ int main(void) curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox */ + /* This will retrieve message 1 from the user's mailbox */ curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1"); /* Tell the multi stack about our easy handle */ diff --git a/docs/examples/pop3-retr.c b/docs/examples/pop3-retr.c index e5a50f22d..b5113fa99 100644 --- a/docs/examples/pop3-retr.c +++ b/docs/examples/pop3-retr.c @@ -39,7 +39,7 @@ int main(void) curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox */ + /* This will retrieve message 1 from the user's mailbox */ curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1"); /* Perform the retr */ diff --git a/docs/examples/pop3-ssl.c b/docs/examples/pop3-ssl.c index 45e0054b6..0bbec8d9d 100644 --- a/docs/examples/pop3-ssl.c +++ b/docs/examples/pop3-ssl.c @@ -40,7 +40,7 @@ int main(void) curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox. Note the use of + /* This will retrieve message 1 from the user's mailbox. Note the use of * pop3s:// rather than pop3:// to request a SSL based connection. */ curl_easy_setopt(curl, CURLOPT_URL, "pop3s://pop.example.com/1"); @@ -60,7 +60,7 @@ int main(void) * they have mentioned in their server certificate's commonName (or * subjectAltName) fields, libcurl will refuse to connect. You can skip * this check, but this will make the connection less secure. */ -#ifdef SKIP_HOSTNAME_VERFICATION +#ifdef SKIP_HOSTNAME_VERIFICATION curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); #endif diff --git a/docs/examples/pop3-tls.c b/docs/examples/pop3-tls.c index 812d89b8b..58278a1e2 100644 --- a/docs/examples/pop3-tls.c +++ b/docs/examples/pop3-tls.c @@ -40,7 +40,7 @@ int main(void) curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); - /* This will retreive message 1 from the user's mailbox */ + /* This will retrieve message 1 from the user's mailbox */ curl_easy_setopt(curl, CURLOPT_URL, "pop3://pop.example.com/1"); /* In this example, we'll start with a plain text connection, and upgrade diff --git a/docs/examples/postit2.c b/docs/examples/postit2.c index 67dcc1330..88ea78c86 100644 --- a/docs/examples/postit2.c +++ b/docs/examples/postit2.c @@ -73,7 +73,7 @@ int main(int argc, char *argv[]) CURLFORM_END); curl = curl_easy_init(); - /* initalize custom header list (stating that Expect: 100-continue is not + /* initialize custom header list (stating that Expect: 100-continue is not wanted */ headerlist = curl_slist_append(headerlist, buf); if(curl) { diff --git a/docs/examples/sftpget.c b/docs/examples/sftpget.c index 8317462e9..434299dc0 100644 --- a/docs/examples/sftpget.c +++ b/docs/examples/sftpget.c @@ -58,7 +58,7 @@ int main(void) CURL *curl; CURLcode res; struct FtpFile ftpfile={ - "yourfile.bin", /* name to store the file as if succesful */ + "yourfile.bin", /* name to store the file as if successful */ NULL }; diff --git a/docs/examples/smtp-mail.c b/docs/examples/smtp-mail.c index af4d1b65b..eea90b8a8 100644 --- a/docs/examples/smtp-mail.c +++ b/docs/examples/smtp-mail.c @@ -24,7 +24,7 @@ #include /* This is a simple example showing how to send mail using libcurl's SMTP - * capabilities. For an exmaple of using the multi interface please see + * capabilities. For an example of using the multi interface please see * smtp-multi.c. * * Note that this example requires libcurl 7.20.0 or above. diff --git a/docs/examples/smtp-ssl.c b/docs/examples/smtp-ssl.c index 9a68a7ff9..a774403fc 100644 --- a/docs/examples/smtp-ssl.c +++ b/docs/examples/smtp-ssl.c @@ -111,7 +111,7 @@ int main(void) * they have mentioned in their server certificate's commonName (or * subjectAltName) fields, libcurl will refuse to connect. You can skip * this check, but this will make the connection less secure. */ -#ifdef SKIP_HOSTNAME_VERFICATION +#ifdef SKIP_HOSTNAME_VERIFICATION curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); #endif diff --git a/docs/examples/xmlstream.c b/docs/examples/xmlstream.c index 4d67f98eb..819344502 100644 --- a/docs/examples/xmlstream.c +++ b/docs/examples/xmlstream.c @@ -120,7 +120,7 @@ int main(void) XML_SetElementHandler(parser, startElement, endElement); XML_SetCharacterDataHandler(parser, characterDataHandler); - /* Initalize a libcurl handle. */ + /* Initialize a libcurl handle. */ curl_global_init(CURL_GLOBAL_ALL ^ CURL_GLOBAL_SSL); curl_handle = curl_easy_init(); curl_easy_setopt(curl_handle, CURLOPT_URL, "http://www.w3schools.com/xml/simple.xml"); diff --git a/docs/libcurl/curl_multi_wait.3 b/docs/libcurl/curl_multi_wait.3 index a76fba360..45c2e8c95 100644 --- a/docs/libcurl/curl_multi_wait.3 +++ b/docs/libcurl/curl_multi_wait.3 @@ -44,7 +44,7 @@ The calling application may pass additional curl_waitfd structures which are similar to \fIpoll(2)\fP's pollfd structure to be waited on in the same call. On completion, if \fInumfds\fP is non-NULL, it will be populated with the -total number of file descriptors on which interesting events occured. This +total number of file descriptors on which interesting events occurred. This number can include both libcurl internal descriptors as well as descriptors provided in \fIextra_fds\fP. diff --git a/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 b/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 index abdbc3a87..4d0ff3da5 100644 --- a/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 +++ b/docs/libcurl/opts/CURLOPT_CHUNK_DATA.3 @@ -29,8 +29,8 @@ CURLOPT_CHUNK_DATA \- custom pointer to the FTP chunk callbacks CURLcode curl_easy_setopt(CURL *handle, CURLOPT_CHUNK_DATA, void *pointer); .SH DESCRIPTION Pass a \fIpointer\fP that will be untouched by libcurl and passed as the ptr -argument to the \fICURL_CHUNK_BGN_FUNTION(3)\fP and -\fICURL_CHUNK_END_FUNTION(3)\fP. +argument to the \fICURL_CHUNK_BGN_FUNCTION(3)\fP and +\fICURL_CHUNK_END_FUNCTION(3)\fP. .SH DEFAULT NULL .SH PROTOCOLS diff --git a/docs/libcurl/symbols.pl b/docs/libcurl/symbols.pl index 9503ebcc7..a7b76e239 100755 --- a/docs/libcurl/symbols.pl +++ b/docs/libcurl/symbols.pl @@ -24,7 +24,7 @@ # Experience has shown that the symbols-in-versions file is very useful to # applications that want to build with a wide range of libcurl versions. # It is however easy to get it wrong and the source gets a bit messy with all -# the fixed numerical comparisions. +# the fixed numerical comparisons. # # The point of this script is to provide an easy-to-use macro for libcurl- # using applications to do preprocessor checks for specific libcurl defines, -- cgit v1.2.1 From eaeeed2e8f20775421beacfbd394ff4fe99ab685 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 8 Jun 2015 13:47:33 +0200 Subject: fopen.c: fix a few compiler warnings --- docs/examples/fopen.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/examples/fopen.c b/docs/examples/fopen.c index 9c575d329..0aad0abf5 100644 --- a/docs/examples/fopen.c +++ b/docs/examples/fopen.c @@ -205,7 +205,7 @@ static int fill_buffer(URL_FILE *file, size_t want) } /* use to remove want bytes from the front of a files buffer */ -static int use_buffer(URL_FILE *file,int want) +static int use_buffer(URL_FILE *file, size_t want) { /* sort out buffer */ if((file->buffer_pos - want) <=0) { @@ -375,7 +375,7 @@ char *url_fgets(char *ptr, size_t size, URL_FILE *file) switch(file->type) { case CFTYPE_FILE: - ptr = fgets(ptr,size,file->handle.file); + ptr = fgets(ptr, (int)size, file->handle.file); break; case CFTYPE_CURL: @@ -451,7 +451,7 @@ int main(int argc, char *argv[]) URL_FILE *handle; FILE *outf; - int nread; + size_t nread; char buffer[256]; const char *url; @@ -499,7 +499,7 @@ int main(int argc, char *argv[]) } do { - nread = url_fread(buffer, 1,sizeof(buffer), handle); + nread = url_fread(buffer, 1, sizeof(buffer), handle); fwrite(buffer,1,nread,outf); } while(nread); -- cgit v1.2.1 From 20ac3458068b2bd11c3ce802f091af66b55e2c23 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 9 Jun 2015 00:22:02 +0200 Subject: CURLOPT_OPENSOCKETFUNCTION: return error at once When CURL_SOCKET_BAD is returned in the callback, it should be treated as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently created when trying to connect to a server. Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html --- lib/connect.c | 5 +++- tests/data/Makefile.inc | 2 +- tests/data/test1530 | 27 +++++++++++++++++++ tests/libtest/Makefile.inc | 6 ++++- tests/libtest/lib1530.c | 67 ++++++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 104 insertions(+), 3 deletions(-) create mode 100644 tests/data/test1530 create mode 100644 tests/libtest/lib1530.c diff --git a/lib/connect.c b/lib/connect.c index fc72c56fe..7202fa639 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -1166,8 +1166,11 @@ CURLcode Curl_connecthost(struct connectdata *conn, /* context */ conn->tempaddr[0] = conn->tempaddr[0]->ai_next; } - if(conn->tempsock[0] == CURL_SOCKET_BAD) + if(conn->tempsock[0] == CURL_SOCKET_BAD) { + if(!result) + result = CURLE_COULDNT_CONNECT; return result; + } data->info.numconnects++; /* to track the number of connections made */ diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index a15ff8afb..3e8ee4d6b 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -153,7 +153,7 @@ test1516 \ \ test1520 \ \ -test1525 test1526 test1527 test1528 test1529 \ +test1525 test1526 test1527 test1528 test1529 test1530 \ \ test1600 test1601 test1602 \ \ diff --git a/tests/data/test1530 b/tests/data/test1530 new file mode 100644 index 000000000..92abc6ce4 --- /dev/null +++ b/tests/data/test1530 @@ -0,0 +1,27 @@ + + + +CURLOPT_OPENSOCKETFUNCTION + + + + + +none + + +lib1530 + + +CURLOPT_OPENSOCKETFUNCTION returns bad socket + + + +# it should be detected and an error should be reported + +# 7 == CURLE_COULDNT_CONNECT + +7 + + + diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index 3508b8047..78d53137a 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -23,7 +23,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \ lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 \ lib1520 \ - lib1525 lib1526 lib1527 lib1528 lib1529 \ + lib1525 lib1526 lib1527 lib1528 lib1529 lib1530 \ lib1900 \ lib2033 @@ -380,6 +380,10 @@ lib1529_SOURCES = lib1529.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1529_LDADD = $(TESTUTIL_LIBS) lib1529_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1529 +lib1530_SOURCES = lib1530.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +lib1530_LDADD = $(TESTUTIL_LIBS) +lib1530_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1530 + lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1900_LDADD = $(TESTUTIL_LIBS) lib1900_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/libtest/lib1530.c b/tests/libtest/lib1530.c new file mode 100644 index 000000000..76231c97f --- /dev/null +++ b/tests/libtest/lib1530.c @@ -0,0 +1,67 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at http://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +#include "test.h" + +#include "memdebug.h" + +static curl_socket_t opensocket(void *clientp, + curlsocktype purpose, + struct curl_sockaddr *address) +{ + (void)purpose; + (void)address; + (void)clientp; + fprintf(stderr, "opensocket() returns CURL_SOCKET_BAD\n"); + return CURL_SOCKET_BAD; +} + +int test(char *URL) +{ + CURL *curl = NULL; + CURLcode res = CURLE_FAILED_INIT; + (void)URL; + + if(curl_global_init(CURL_GLOBAL_ALL) != CURLE_OK) { + fprintf(stderr, "curl_global_init() failed\n"); + return TEST_ERR_MAJOR_BAD; + } + + if((curl = curl_easy_init()) == NULL) { + fprintf(stderr, "curl_easy_init() failed\n"); + curl_global_cleanup(); + return TEST_ERR_MAJOR_BAD; + } + + test_setopt(curl, CURLOPT_URL, "http://99.99.99.99:9999"); + test_setopt(curl, CURLOPT_VERBOSE, 1L); + test_setopt(curl, CURLOPT_OPENSOCKETFUNCTION, opensocket); + + res = curl_easy_perform(curl); + +test_cleanup: + + curl_easy_cleanup(curl); + curl_global_cleanup(); + + return (int)res; +} -- cgit v1.2.1 From 0fcfe4d7acd3abf5b969c9aa4c28ff7f362b0e39 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 9 Jun 2015 00:33:23 +0200 Subject: RELEASE-NOTES: synced with 20ac3458068 --- RELEASE-NOTES | 34 ++++++++++++++++++++++++++++------ 1 file changed, 28 insertions(+), 6 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a5f03f94d..7db380b5a 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -18,6 +18,7 @@ This release includes the following changes: with the new CURLPIPE_MULTIPLEX bit for CURLMOPT_PIPELINING [16] o HTTP/2: requires nghttp2 1.0.0 or later o scripts: add zsh.pl for generating zsh completion + o curl.h: add CURL_HTTP_VERSION_2 This release includes the following bugfixes: @@ -61,6 +62,22 @@ This release includes the following bugfixes: o CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain [23] o FAQ: How do I port libcurl to my OS? o openssl: Use TLS_client_method for OpenSSL 1.1.0+ + o HTTP-NTLM: fail auth on connection close instead of looping [24] + o curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT [25] + o curl_getdate.3: update RFC reference + o curl_multi_info_read.3: added example + o curl_multi_perform.3: added example + o curl_multi_timeout.3: added example + o cookie: Stop exporting any-domain cookies [26] + o openssl: remove dummy callback use from SSL_CTX_set_verify() + o openssl: remove SSL_get_session()-using code + o openssl: removed USERDATA_IN_PWD_CALLBACK kludge + o openssl: removed error string #ifdef + o openssl: Fix verification of server-sent legacy intermediates [27] + o docs: man page indentation and syntax fixes + o docs: Spelling fixes + o fopen.c: fix a few compiler warnings + o CURLOPT_OPENSOCKETFUNCTION: return error at once [28] This release includes the following known bugs: @@ -72,12 +89,12 @@ advice from friends like these: Alessandro Ghedini, Alexander Dyagilev, Anders Bakken, Anthony Avina, Ashish Shukla, Bert Huijben, Brian Chrisman, Brian Prodoehl, Chris Araman, Dagobert Michelsen, Dan Fandrich, Daniel Melani, Daniel Stenberg, - Dmitry Eremin-Solenikov, Egon Eckert, Fred Stluka, Grant Pannell, Jens Rantil, - Kamil Dudka, Linus Nielsen, Liviu Chircu, Marc Hoersken, Michael Osipov, - Oren Souroujon, Orgad Shaneh, Patrick Monnerat, Patrick Rapin, Paul Howarth, - Ray Satiro, Sean Boudreau, Tatsuhiro Tsujikawa, Viktor Szakáts, - Yehezkel Horowitz, - (33 contributors) + Dmitry Eremin-Solenikov, Egon Eckert, Fred Stluka, Gisle Vanem, Grant Pannell, + Isaac Boukris, Jens Rantil, Kamil Dudka, Linus Nielsen, Liviu Chircu, + Marc Hoersken, Michael Osipov, Oren Souroujon, Orgad Shaneh, Patrick Monnerat, + Patrick Rapin, Paul Howarth, Rafayel Mkrtchyan, Ray Satiro, Sean Boudreau, + Tatsuhiro Tsujikawa, Viktor Szakáts, Ville Skyttä, Yehezkel Horowitz, + (37 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -106,3 +123,8 @@ References to bug reports and discussions on issues: [21] = http://curl.haxx.se/mail/lib-2015-05/0056.html [22] = http://curl.haxx.se/mail/lib-2015-05/0115.html [23] = http://curl.haxx.se/mail/lib-2015-05/0137.html + [24] = https://github.com/bagder/curl/issues/256 + [25] = https://github.com/bagder/curl/pull/258#issuecomment-107093055 + [26] = https://github.com/bagder/curl/issues/292 + [27] = https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest + [28] = http://curl.haxx.se/mail/lib-2015-06/0047.html -- cgit v1.2.1 From cbf2920d02b6d8feff7b8a36b174fef162bbcf1d Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Mon, 8 Jun 2015 23:42:11 -0400 Subject: openssl: LibreSSL and BoringSSL do not use TLS_client_method Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of TLS_client_method LibreSSL and BoringSSL didn't and still use SSLv23_client_method. Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 Reported-by: asavah@users.noreply.github.com --- lib/vtls/openssl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 1df32558b..d1ea5fbf1 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1699,7 +1699,8 @@ static CURLcode ossl_connect_step1(struct connectdata *conn, int sockindex) case CURL_SSLVERSION_TLSv1_1: case CURL_SSLVERSION_TLSv1_2: /* it will be handled later with the context options */ -#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) && \ + !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) req_method = TLS_client_method(); #else req_method = SSLv23_client_method(); -- cgit v1.2.1