Professional Documents
Culture Documents
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
Changelog
Closes #7979
Closes #7979
Closes #7978
Also skip all IDN tests which are broken while using an msys shell.
Closes #7975
Follow-up to cc71d352651a0d95
Reported-by: Marc Hörsken
Bug: https://github.com/curl/curl/pull/7922#issuecomment-963042676
Closes #7971
Closes #7972
Closes #7970
Closes #7930
Follow-up to 24155569d8a
Reported-by: Sergey Markelov
Fixes https://github.com/curl/curl-www/issues/163
Closes #7962
When failing to create the output file for saving an etag, only fail
that particular single transfer and allow others to follow.
Closes #7955
- CURLOPT_ALTSVC_CTRL.3: mention conn reuse is preferred
Ref: https://github.com/curl/curl/discussions/7954
Closes #7957
- RELEASE-NOTES: synced
The latest cmake-rs assumes cmake's --parallel works. That was added in
cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
has cmake 3.10.
Fixes #7927
Closes #7952
Closes #7941
Fixes https://github.com/curl/curl/issues/7877
Closes https://github.com/curl/curl/pull/7878
So that CURLINFO_PRIMARY_IP etc work for HTTP/3 like for other HTTP
versions.
s/transfering/transferring/
s/transfered/transferred/
Ref: https://github.com/SecureAuthCorp/impacket/pull/1066
Fixes #7924
Closes #7935
Closes #7936
Closes #7929
Bold the example ciphers instead of using single quotes, which then also
avoids the problem of how to use single quotes when first in a line.
Closes #7923
Closes #6973
- RELEASE-NOTES: synced
Closes #7885
Closes #7917
The rationale is that custom *-config tools don't work well when
cross-compiling or using sysroots (such as when using Yocto project) and
require custom fixing for each of them; pkg-config on the other hand
works similarly everywhere.
Closes #7916
Closes #7912
- data/DISABLED: enable tests that now work with hyper
Closes #7911
Closes #7911
Closes #7911
Follow up to #7897
Closes #7913
Follow up to #7897
Closes #7832
Closes #7897
Follow up to #7785
Closes #7832
Fixes #7865
Closes #7897
... which then also includes negative ones as test 1430 uses.
This makes native + hyper backend act identically on this and therefore
test 1430 can now be enabled when building with hyper. Adjust test 1431
as well.
Closes #7909
Closes #7910
Closes #7908
The current commit removes the DEBUGASSERT and makes the function to
return immediately if length is 0.
Closes #7898
- hyper: disable test 1294 since hyper doesn't allow such crazy headers
Closes #7905
Closes #7905
Closes #7905
Closes #7895
Make them all say "Added in [version]" without using 'curl' or 'libcurl'
in that phrase.
- man pages: require all to use the same section header order
This is the same order we already enforce among the options' man pages:
consistency is good. Add lots of previously missing examples.
Adjust the manpage-syntax script for this purpose, used in test 1173.
Closes #7904
Closes #7842
Restore support for building curl for iOS with SecureTransport enabled.
Closes #7501
Closes #7900
Three were missing, one used a non-standard name for the header.
Closes #7902
Ref: https://curl.se/mail/lib-2021-10/0035.html
Closes https://github.com/curl/curl/pull/7901
Closes #7899
Closes #7894
Signed-off-by: ewlumpkin <ewlumpkin@gmail.com>
Closes #7892
- curl-confopts.m4: remove --enable/disable-hidden-symbols
Closes #7891
... and make sure to stop ignoring the body once the CONNECT is done.
This should make test 206 work proper again and not be flaky.
Closes #7889
Simply because hyper doesn't have this ability. Mentioned in docs now.
Closes #7889
This test verifies that curl works with binary zeroes in HTTP response
headers and hyper refuses such. They're not kosher http.
Closes #7889
Closes #7889
Follow-up to 823d3ab855c
Closes #7889
Closes #7889
Closes #7890
Closes #7887
Closes https://github.com/curl/curl/pull/7886
- Explain the difference between IMAP search via URL (which returns
message sequence numbers) and IMAP search via custom request (which
can return UID numbers if prefixed with UID, eg "UID SEARCH ...").
Bug: https://github.com/curl/curl/issues/7626
Reported-by: orycho@users.noreply.github.com
Ref: https://github.com/curl/curl/issues/2789
Closes https://github.com/curl/curl/pull/7881
Closes #7884
- cut out the description of pre-7.20.0 return code behavior - that version
is now more than eleven years old and is basically no longer out there
Closes #7883
Follow-up to e7416cf
- RELEASE-NOTES: synced
Follow-up to 20e980f85b0ea6
In #7875 these inits were modified but I get two warnings that these new
typecasts are necessary for.
Closes #7876
Fixes #7657
Closes #7875
Closes #7866
Closes #7866
Fixes #7871
Closes #7872
The code for sending DoH requests with GET was never enabled in a way
such that it could be used or tested. As there haven't been requests
for this feature, and since it at this is effectively dead, remove it
and favor reimplementing the feature in case anyone is interested.
Closes #7870
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes #7869
Note that some rules then still don't need to be followed when code is
exactly below a cpp instruction.
... and update the includes to match how current htmltidy wants them
used.
- Make content length (ie download size) accessible to the user in the
header callback, but only after all headers have been processed (ie
only in the final call to the header callback).
Background:
For a long time the content length could be retrieved in the header
callback via CURLINFO_CONTENT_LENGTH_DOWNLOAD_T as soon as it was parsed
by curl.
This change keeps the same intention --all headers must be processed--
but now the content length is available before the final call to the
header function that indicates all headers have been processed (ie
a blank header).
Bug: https://github.com/curl/curl/commit/8a16e54#r57374914
Reported-by: sergio-nsk@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/7804
Closes https://github.com/curl/curl/pull/7803
User sets the post fields size for binary data. Hence, we should not be
using strlen on it.
Closes #7844
Closes #7859
- RELEASE-NOTES: synced
cmake: add CURL_ENABLE_SSL option and make CMAKE_USE_* SSL backend options depend
on it
Closes https://github.com/curl/curl/pull/7822
Daniel Stenberg (14 Oct 2021)
- http: remove assert that breaks hyper
and remove the bad assert again, since it was run even with no error!
Closes #7854
Prior to this change if sws was built with leak sanitizer it would
report a memory leak error during testing.
Closes https://github.com/curl/curl/pull/7849
Pass on better return codes when errors occur within Curl_http instead
of insisting that CURLE_OUT_OF_MEMORY is the only possible one.
For every 'goto error', make sure the result variable holds the error
code for what went wrong.
Closes #7853
Closes #7802
Fixes #7818
Closes #7841
- http2: make getsock not wait for write if there's no remote window
Follow-up to 8758a26f8878
Closes #7837
- RELEASE-NOTES: synced
The host name is stored decoded and can be encoded when used to extract
the full URL. By default when extracting the URL, the host name will not
be URL encoded to work as similar as possible as before. When not URL
encoding the host name, the '%' character will however still be encoded.
Getting the URL with the CURLU_URLENCODE flag set will percent encode
the host name part.
Follow up to #7690
Closes #7785
Closes #7829
Fixes #7679
Reported-by: David Cook
Closes #7827
lcrypto may depend on lz, and configure corrently fails with when
statically linking as the order is "-lz -lcrypto". This commit switches
the order to "-lcrypto -lz".
Closes #7826
Closes https://github.com/curl/curl/pull/7808
Closes https://github.com/curl/curl/pull/7808
Also fix wolfSSL build with `NO_MD5`, in which case neither the
wolfSSL/OpenSSL implementation nor the fallback implementation was
used.
Closes https://github.com/curl/curl/pull/7808
Later versions of Windows have normal version functions that compare and
return versions based on the way the application is manifested, instead
of the actual version of Windows the application is running on. We
prefer the actual version of Windows so we'll now call the Rtl variant
of version functions (RtlVerifyVersionInfo) which does a proper
comparison of the actual version.
Ref: https://github.com/curl/curl/pull/7727
Fixes https://github.com/curl/curl/issues/7742
Closes https://github.com/curl/curl/pull/7810
... and close connections that are too old instead of reusing them.
Bug: https://curl.se/mail/lib-2021-09/0058.html
Closes #7751
Closes #7817
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes #7813
Closes #7812
Closes: #7811
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes #7809
If http authentication flags have been set, those are used as sasl
default preferred mechanisms.
Closes #6930
wolfssl: use for SHA256, MD4, MD5, and setting DES odd parity
Prior to this commit, OpenSSL could be used for all these functions, but
not wolfSSL. This commit makes it so wolfSSL will be used if USE_WOLFSSL
is defined.
Closes #7806
- RELEASE-NOTES: synced
With this change applied, the now expired 'DST Root CA X3' cert will no
longer be included in the output.
Details: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
Closes #7801
tool_listhelp.c is now a separate file with only the command line --help
output, exactly as generated by gen.pl. This makes it easier to generate
updates according to what's in the docs/cmdline-opts docs.
cd $srcroot/docs/cmdline-opts
./gen.pl listhelp *.d > $srcroot/src/tool_listhelp.c
Closes #7787
Closes #7728
Closes #7737
Closes https://github.com/curl/curl/pull/7796
Follow-up to 15910dfd143dd
Follow-up to a517378de58358a
Closes #7799
Closes https://github.com/curl/curl/pull/7795
Closes https://github.com/curl/curl/pull/7795
Closes https://github.com/curl/curl/pull/7795
Closes https://github.com/curl/curl/pull/7795
Follow-up to a517378de58358a
Due to CI issues
Closes #7790
Closes: #7322
See-also: #7295
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Ref: https://docs.microsoft.com/en-us/previous-versions/windows/embedded/
ms899586(v=msdn.10)
Closes https://github.com/curl/curl/pull/7778
- externalsocket: use WinSock 2.2
Closes https://github.com/curl/curl/pull/7778
Closes https://github.com/curl/curl/pull/7778
Since "too old" versions are no longer included in the generated man
page, this field is now mandatory so that it won't be forgotten and then
not included in the documentation.
Closes #7786
To make the man page more readable, this change removes all references
to changes in support/versions etc that happened before 7.30.0 from the
curl.1 output file. 7.30.0 was released on Apr 12 2013. This particular
limit is a bit arbitrary but was fairly easy to grep for.
This change removes about 80 version number references from curl.1, down
to 138 from 218.
Closes #7786
- RELEASE-NOTES: synced
- gen.pl: insert the current date and version in generated man page
Replaces #7591
Closes #7690
Changes:
Closes #7477
Closes #6936
Closes #7753
Closes #7605
- RELEASE-NOTES: synced
Closes #7646
Closes #7771
On connection shutdown, a new TLS session ticket may arrive after the
SSL session cache has already been destructed. In this case, the new
SSL session cannot be added to the SSL session cache.
Fixes #7683
Closes #7752
Closes #7746
Closes #7770
Closes #7772
Previously this code used a compile time constant, meaning that libcurl
always reported the libssh2 version that libcurl was built with. This
could differ from the libssh2 version actually being used. The new code
uses the CURL_LIBSSH2_VERSION macro, which is defined in ssh.h. The
macro calls the libssh2_version function if it is available, otherwise
it falls back to the compile time version.
Closes https://github.com/curl/curl/pull/7768
Closes https://github.com/curl/curl/pull/7769
- RELEASE-NOTES: synced
Closes #7747
Closes #7761
Constify a number of static structs that are never modified. Make them
const to show this.
Closes #7759
The IMAP server can now get 'POSTFETCH' set to include more data to
include after the body and test 897 is done to verify that such "extra"
header data is in fact delivered by curl as header.
Closes #7748
- KNOWN_BUGS: connection migration doesn't work
Closes #7695
- RELEASE-NOTES: synced
When the "reason phrase" in the HTTP status line starts with a digit,
that was treated as the forth response code digit and curl would claim
the response to be non-compliant.
Ref: https://github.com/curl/curl/pull/7685
Ref: https://github.com/curl/curl/commit/2f0bb86
Closes https://github.com/curl/curl/pull/7735
Closes #6968
The test should be fine and it works for me repeated when run manually,
but clearly it causes CI failures and it needs more research.
- RELEASE-NOTES: synced
Closes #7724
When setting a blank expire string, meaning unlimited, curl would pass
TIME_T_MAX to getime_r() when creating the output, while on 64 bit
systems such a large value cannot be convetered to a tm struct making
curl to exit the loop with an error instead. It can't be converted
because the year it would represent doesn't fit in the 'int tm_year'
field!
Test 1660 and 1915 have been updated to help verify this change.
The VALID_SOCK() macro was made to only check for FD_SETSIZE if curl was
built to use select(), even though the curl_multi_fdset() function
always and unconditionally uses FD_SET and needs the check.
Closes #7714
This fix detects pipelined STARTTLS responses and rejects them with an
error.
CVE-2021-22947
Bug: https://curl.se/docs/CVE-2021-22947.html
Bug: https://curl.se/docs/CVE-2021-22946.html
CVE-2021-22946
CVE-2021-22945
Bug: https://curl.se/docs/CVE-2021-22945.html
Closes #7701
Closes #7713
It should not refer to the uagent string that is allocated and created
for the end server http request, as that pointer may be cleared on
subsequent CONNECT requests.
Closes #7709
Reported-by: Inho Oh
Fixes #7630
Closes #7692
Closes #7700
Follow-up to 2f0bb864c12
Closes #7697
Closes #7698
Follow-up to 2f0bb864c12
Closes #7689
Closes #7688
Extended checksrc to warn for this, but feature the check disabled by
default and only enable it in lib/
Closes #7685
The sanitizer builds were running on the 12.1 image which since has
been removed from the config, leaving the builds not running at all.
When enabled it turns out that they don't actually work due to very
long timeouts in executing the tests, so keep the disabled for now
but a bit more controlled.
Closes #7592
- RELEASE-NOTES: synced
Closes #7674
Closes #7678
Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings is
set to a value greater than 2kB.
Bug: https://github.com/curl/curl/pull/7666#issuecomment-912214751
Reported-by: Viktor Szakats
Closes https://github.com/curl/curl/pull/7667
Closes #7656
In every libcurl option man page there are now 8 mandatory sections that
must use the right name in the correct order and test 1173 verifies
this. Only 14 man pages needed adjustments.
- NAME
- SYNOPSIS
- DESCRIPTION
- PROTOCOLS
- EXAMPLE
- AVAILABILITY
- RETURN VALUE
- SEE ALSO
Closes #7668
Closes #7665
Closes https://github.com/curl/curl/pull/7661
By making them look less like http headers, the hyper mode "tweak"
doesn't interfere.
Enable test 2002 and 2003 in hyper builds (and 1280 which is unrelated
but should be enabled).
Closes #7658
This adds support for the previously unhandled supplemental data which
in -v output was printed like:
Closes #7652
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the
output. All options MUST have at least one example or gen.pl complains
at build-time.
This fix also does a few other minor format and consistency cleanups.
Closes #7654
Fixes #7643
Closes #7649
- RELEASE-NOTES: synced
Reported-by: Tk Xiong
Fixes #7633
Closes #7648
Closes #7625
Otherwise it would wait socket writability even after the entire CONNECT
request has sent and make curl basically busy-loop while waiting for a
response to come back.
Make the built-in HTTP parser behave similar to hyper and reject any
HTTP response using more than 3 digits for the response code.
Closes #7637
Closes #7639
Closes #7638
Fixes #7628
Closes #7635
- RELEASE-NOTES: synced
Adds the full listing of CURL_DISABLE options to the CMake build. Moves
all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
resides near OpenSSL configuration, to the same block of code. Also
sorts the options here and in the cmake config header.
Closes #7624
Bug: https://github.com/curl/curl/issues/6149
Reported-by: Bylon2@users.noreply.github.com
Closes https://github.com/curl/curl/pull/7623
Daniel Stenberg (24 Aug 2021)
- cmake: avoid poll() on macOS
Reported-by: marc-groundctl
Fixes #7595
Closes #7619
Closes #7617
Closes #7616
Closes #7602
Closes #7602
Closes #7612
Since this option is also used for FTP, it needs to work to set for
applications even if hyper doesn't support it for HTTP. Verified by test
1137.
Updated docs to specify that the option doesn't work for HTTP when using
the hyper backend.
Closes #7614
Closes #7613
Ref: #7605
Closes #7611
... and also change the 'Removed' column name to 'Last' since that
column is for the last version to contain the symbol.
Closes https://github.com/curl/curl/pull/7609
There's no code flow possible where this can happen. The assert makes
sure it also won't be introduced undetected in the future.
Closes #7610
This output doesn't actually change what configure generates but is only
"cosmetic".
Bug: https://github.com/curl/curl/commit/4e53b94#commitcomment-55239509
Reported-by: i-ky@users.noreply.github.com
Reported-by: i-ky
Bug:
https://github.com/curl/curl/commit/4e53b9430c7504de8984796e2a2091ec16f27136#commit
comment-55239253
Closes #7607
- asyn-ares: call ares_freeaddrinfo() to clean up addrinfo results
Follow-up to ba904db0705c931
Closes #7599
Closes #7594
Extended test 1173 (via the manpage-syntax.pl script) to detect and warn
for them.
Ref: #7602
Reported-by: a1346054 on github
Closes #7604
Closes #7603
Closes #7601
Ref: https://github.com/curl/curl/issues/7483#issuecomment-891597034
Closes https://github.com/curl/curl/pull/7581
Ref: 48cf45c
Ref: https://osdn.net/projects/mingw/ticket/38391
Ref: https://github.com/curl/curl/issues/2924
Closes https://github.com/curl/curl/pull/7580
- http_proxy: fix user-agent and custom headers for CONNECT with hyper
Closes #7598
Closes #7597
See: https://cygwin.com/cygwin-ug-net/highlights.html
and: https://docs.microsoft.com/cpp/c-runtime-library/exec-wexec-functions
Ref: https://github.com/curl/curl/pull/7530#issuecomment-900949010
Closes #7587
Remove the previous handling that would call SSL_CTX_free(), and instead
add an assert that halts a debug build if there ever is a context
already set at this point.
Closes #7585
Closes https://github.com/curl/curl/issues/6785
Replaces #7523
Closes #7574
Closes #7048
curl: add warning for ignored data after quoted form parameter
Closes #7394
Ref: https://github.com/github/codeql-action/issues/464
Ref: https://github.blog/changelog/2021-04-20-github-actions-control-permissions-
for-github_token/
Fixes https://github.com/curl/curl/issues/7575
Closes https://github.com/curl/curl/pull/7576
Fixes https://github.com/curl/curl/issues/6939
Closes https://github.com/curl/curl/pull/6984
Fixes #4130
Closes #7372
Closes #7578
Closes #7577
Closes #7532
Closes #6904
- RELEASE-NOTES: synced
Reverts 252790c5335a221
Closes #7008
Closes #7008
Closes #7008
Closes #6995
Cloes #7528
Closes #7568
Closes #7566
The current man-page lacks some details regarding the obtained path and
query.
Closes #7563
Closes #7567
- replace broken URL with the one it was most probably pointing to
when added (lib/tftp.c)
- replace broken URL with archive.org link (lib/curl_ntlm_wb.c)
- delete unnecessary protocol designator from archive.org URL
(docs/BINDINGS.md)
Closes #7562
Closes #7561
Closes #7560
Closes #7558
... and use #ifdef [feature] in the code as per our guidelines.
Reported-by: jjandesmet
Fixes #7364
Closes #7552
Closes #7551
Closes #7538
Closes #7549
Updated test31.
Added test 392 to verify secure cookies used for http://localhost
Closes #7268
Prior to this change if getaddrinfo() was not found at compile time then
Curl_ipv6works() would be defined as a macro that returns FALSE.
Ref: https://github.com/curl/curl/issues/7483#issuecomment-890765378
Closes https://github.com/curl/curl/pull/7529
- Use our wait_ms() instead of sleep() since Windows doesn't have the
latter.
Closes https://github.com/curl/curl/pull/7527
Ref: https://github.com/curl/curl/issues/7502
Closes #7546
Closes #7546
Closes #7540
- zuul: add an mbedtls3 CI job
Closes #7544
Closes #7428
- RELEASE-NOTES: synced
The logic is now back to assuming that the nghttp2 lib is called nghttp2 and
nothing else.
Closes #7393
Closes #7541
Cirrus CI VMs have 2 CPUs, let's use them also for Windows builds.
Closes #7466
Clarified
Closes #7512
Closes #7511
Reviewed-by: Carlo Marcelo Arenas Belón
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes #7468
Fixes #7457
Closes #7510
Closes #7351
Closes #7339
Closes #7125
Closes #7489
Fixes https://github.com/curl/curl/issues/7444
Fixes https://github.com/curl/curl/issues/7451
Fixes https://github.com/curl/curl/issues/7465
Closes https://github.com/curl/curl/pull/7495
Fixes https://github.com/curl/curl/issues/7452
Closes https://github.com/curl/curl/pull/7495
1. it's superfluous
2. it didn't work identically to the Curl_hyper_stream one which could
cause problems like #7486
Closes #7503
Use the proper code style. Don't store return codes that aren't read.
Copy the same example into CURLOPT_SSL_CTX_FUNCTION.3 as well.
Closes #7500
Follow-up to 4b79c4fb565
Fixes #7497
Closes #7498
Fixes #7439
Closes #7494
Closes #7490
... so that Curl_connect_getsock() will know how to wait for the socket
to become readable and not writable after the entire CONNECT request has
been issued.
Closes https://github.com/curl/curl/pull/7480
Ref: https://github.com/curl/curl/pull/7472
Closes https://github.com/curl/curl/pull/7485
- Revert wording on unknown file size caveat and do not discuss specific
protocols in that section.
Partial revert of ecf0225. All max-filesize options now have the list of
protocols and it's clearer just to have that list without discussing
specific protocols in the caveat.
Ref: https://github.com/curl/curl/issues/7453#issuecomment-884128762
Bug: https://curl.se/mail/lib-2021-07/0050.html
Closes #7472
Closes #7474
Closes #7470
Also make it clearer that the caveat 'if the file size is unknown it
the option will have no effect' may apply to protocols other than FTP
and HTTP.
Closes https://github.com/curl/curl/issues/7414
Closes https://github.com/curl/curl/pull/7454
Closes https://github.com/curl/curl/pull/7455
Closes https://github.com/curl/curl/pull/7456
Closes https://github.com/curl/curl/pull/7459
Closes https://github.com/curl/curl/pull/7460
Closes https://github.com/curl/curl/pull/7461
Closes https://github.com/curl/curl/pull/7462
Closes https://github.com/curl/curl/pull/7463
CVE-2021-22924
CVE-2021-22926
Bug: https://curl.se/docs/CVE-2021-22926.html
CVS-2021-22925
0842175 (not in any release) used the wrong format specifier (long int)
for timediff_t. On an OS such as Windows libcurl's timediff_t (usually
64-bit) is bigger than long int (32-bit). In 32-bit Windows builds the
upper 32-bits of the timediff_t were erroneously then used by the next
format specifier. Usually since the timeout isn't larger than 32-bits
this would result in null as a pointer to the string with the reason for
the connection failing. On other OSes or maybe other compilers it could
probably result in garbage values (ie crash on deref).
Before:
Failed to connect to localhost port 12345 after 1201 ms: (nil)
After:
Failed to connect to localhost port 12345 after 1203 ms: Connection refused
Closes https://github.com/curl/curl/pull/7449
nghttp2 briefly changed its static lib name to nghttp2_static, but then
made the _static suffix optional.
Ref: https://github.com/nghttp2/nghttp2/pull/1394
Ref: https://github.com/nghttp2/nghttp2/pull/1418
Ref: https://github.com/nghttp2/nghttp2/issues/1466
Fixes https://github.com/curl/curl/issues/7446
Closes https://github.com/curl/curl/pull/7447
Closes https://github.com/curl/curl/pull/7432
Closes https://github.com/curl/curl/pull/7436
Closes https://github.com/curl/curl/pull/7438
Closes https://github.com/curl/curl/pull/7440
Closes https://github.com/curl/curl/pull/7445
Closes https://github.com/curl/curl/pull/7408
Closes https://github.com/curl/curl/pull/7407
Closes https://github.com/curl/curl/pull/7405
Daniel Stenberg (19 Jul 2021)
- misc: copyright year range updates
Write out directories rather than using the dirs abbrevation. Also
use plural form consistently, even if the code in the end might just
create a single directory.
Closes #7406
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes: #7427
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes #7418
Closes #7410
Closes #7411
Closes #7412
... since the tooling adds that to the output based on the "Protocols:"
tag.
docs: make the documentation for --etag-save match the program behaviour
When using curl with the option `--etag-save` I expected it to save the
ETag without its surrounding quotes, as stated by the documentation in
the repository and by the generated man pages.
My first endeavour was to fix the program, but while investigating the
history of the relevant parts, I discovered that curl once saved the
ETag without the quotes. This was undone by Daniel Stenberg in commit
`98c94596f5928840177b6bd3c7b0f0dd03a431af`, therefore I decided that in
this case the documentation should be adjusted to match the behaviour of
curl.
Closes #7429
Closes #7404
Fixes #7386
Closes #7387
Reported-by: Josie Huddleston
Closes #7413
Closes #7416
Fixes #7415
Closes #7417
Closes #7419
- RELEASE-NOTES: synced
Reported-by: sylgal@users.noreply.github.com
Authored-by: sylgal@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/7379
Closes https://github.com/curl/curl/pull/7389
Closes https://github.com/curl/curl/pull/7380
Closes https://github.com/curl/curl/pull/7377
Closes https://github.com/curl/curl/pull/7375
Fixes https://github.com/curl/curl/issues/7367
Closes https://github.com/curl/curl/pull/7368
Closes #7390
Fixes #7385
Reported-by: Wyatt OʼDay
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Only the OpenSSL backend actually use the EGDSOCKET, and also use
TLS consistently rather than mixing SSL and TLS. While there, also
fix a minor spelling nit.
Closes: #7391
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
- [Борис Верховский brought this change]
Closes #7382
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes #7383
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Closes #7378
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
The command to run had a typo in the pathname which prevented copy
pasting it to work, which has annoyed me enough to fix this now.
- RELEASE-NOTES: synced
Fixes https://github.com/curl/curl/issues/7342
Closes https://github.com/curl/curl/pull/7369
Closes: #7370
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
The logic error happens if the STOR response from the server have
arrived by the time ftp_multi_statemach() in the affected code path
is called, but the incoming data connection have not arrived yet.
In that case, the processing of the STOR response will cause
'ftpc->wait_data_conn' to be set to TRUE, contradicting the comment
in the code. Since 'complete' will also be set, later logic would
believe the transfer was done.
In most cases, the STOR response will not have arrived yet when
the affected code path is executed, or the incoming connection will
also have arrived, and thus the error would not express itself.
But if the speed difference of the device using libcurl and the
FTP server is exactly right, the error may happen as often as in
one out of hundred file transfers.
Bug: https://curl.se/mail/lib-2021-07/0025.html
Closes #7362
... even when the output is "capped" by the maximum length argument.
Closes #7361
- the data needs to be "line-based" anyway since it's also passed to the
debug callback/application
- Removes the code that would append "..." to the end of the data *iff*
it was truncated in infof()
Closes #7357
Follow-up to ae8e11ed5fd2ce
Closes #7360
Closes #7358
The API is soon two years old and deserves being shown as the primary
way to drive multi code as it makes it much easier to write code.
multi-poll: removed
Closes #7352
Closes #6972
- RELEASE-NOTES: synced
Closes #7349
Closes #7350
Closes #7350
Closes #7348
Closes #7343
Closes https://github.com/curl/curl/pull/7341
Closes https://github.com/curl/curl/pull/7340
Has been suppored for a while now with the *BLOB options.
imap-append.c
smtp-authzid.c
smtp-mail.c
smtp-multi.c
smtp-ssl.c
smtp-tls.c
It should not assume that it can copy full lines into the buffer as it
will encourage sloppy coding practices. Instead use byte-wise logic and
check/acknowledge the buffer size appropriately.
Closes #7333
... by making sure the stdout output doesn't look like HTTP headers.
Closes #7333
Closes #7334
Closes #7328
Assisted-by: Daniel Gustafsson
Detected by Coverity
Closes #7329
Closes #7326
Closes #7325
Closes #7327
Closes #7320
Closes #7324
Closes #7318
Also no longer call it crustls in the docs and bump to rusttls-ffi 0.7.1
Closes #7311
- Don't set the size of the piece of data to send to the rate limit if
that limit is larger than the buffer size that will hold the piece.
Fixes https://github.com/curl/curl/issues/7308
Closes https://github.com/curl/curl/pull/7315
Closes #7314
Rename still used leftovers to "zuul" as that's now the CI using them.
Closes #7313
- RELEASE-NOTES: synced
Avoid the race condition risk by instead storing the "seeded" flag in
the multi handle. Modern OpenSSL versions handle the seeding itself so
doing the seeding once per multi-handle instead of once per process is
less of an issue.
... since it no longer acknowledges the comment markup we use for that
purpose.
Closes #7303
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Follow-up to a5ab72d5edd7
Closes #7300
* luacurl page is now not accessible, fix it with wayback machine page
* Scheme one seems not providing https now, change it back to http one
Closes #7301
- RELEASE-NOTES: synced
Bug: https://curl.se/mail/lib-2021-06/0024.html
Reported-by: Aleksander Mazur
Closes #7288
- http: make the haproxy support work with unix domain sockets
... it should then pass on "PROXY UNKNOWN" since it doesn't know the
involved IP addresses.
Closes #7287
Closes #7285
Closes #7260
Add ADDRESS_FAMILY typedef for old mingw, now old mingw can also use
unix sockets.
Closes #7034
Source: https://developer.apple.com/documentation/systemconfiguration/1517088-
scdynamicstorecopyproxies
Closes #7265
- RELEASE-NOTES: synced
Background:
Ref: https://github.com/curl/curl/pull/7246
Closes https://github.com/curl/curl/pull/7257
Closes #7280
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7276
Closes #7273
Closes #7272
Reported-by: Alex Xu
Fixes #7216
Closes #7267
Closes #7271
... by making sure the loops are only allowed to read the shutdown
traffic a limited number of times.
Closes #7266
- KNOWN_BUGS: Negotiate on Windows fails
Closes #5881
Closes #6882
Closes #6884
Closes #7261
They were never officially allowed and slipped in only due to sloppy
parsing. Spaces (ascii 32) should be correctly encoded (to %20) before
being part of a URL.
The new flag bit CURLU_ALLOW_SPACE when a full URL is set, makes libcurl
allow spaces.
Closes #7073
- RELEASE-NOTES: synced
... and bump to version 7.78.0 for the next planned release.
Supported since 7.66.0 via --parallel, but the doc wasn't updated.
Closes https://github.com/curl/curl/pull/7259
Bug: https://github.com/curl/curl/discussions/7255
Reported-by: David Hu
Closes https://github.com/curl/curl/pull/7258
Closes #7250
Closes #7245
Closes #7245
Closes #7248
Closes #7248
Closes #7248
Closes #7243
We do it on circle CI instead
Closes #7239
- RELEASE-NOTES: synced
Closes #7242
Reported-by: Alex Xu
Reported-by: Phil E. Taylor
Fixes #7236
Closes #7237
... 2MB requests is otherwise just too big for some systems.
Bug: https://curl.se/mail/lib-2021-06/0018.html
Closes #7235
Fixes #7240
Closes #7241
Closes #7227
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7209
Closes #7219
Fixes #7211
Closes #7213
Previously the code attempted to not run such tests, but didn't do it
correctly.
Closes #7212
Closes #7208
Closes: #7172
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
500 to 512
Closes #7204
When enabled, the headers are passed to the body write callback as well.
Closes #7204
Closes #7205
Closes #7205
- test395: hyper cannot work around > 64 bit content-lengths like built-in
Closes #7205
Closes #7205
Closes #7205
- test347: CRLFify to work in hyper mode
Closes #7205
Closes #7205
Closes #7206
The test still works the same, just modified two bytes in the content.
Closes #7203
- metalink: remove
Warning: this will make existing curl command lines that use metalink to
stop working.
2. The metalink usage with curl was only very briefly documented and was
not following the "normal" curl usage pattern in several ways, making
it surprising and non-intuitive which could lead to further security
issues.
3. The metalink library was last updated 6 years ago and wasn't so
active the years before that either. An unmaintained library means
there's a security problem waiting to happen. This is probably reason
enough.
5. Metalink is not a widely used curl feature. In the 2020 curl user
survey, only 1.4% of the responders said that they'd are using it. In
2021 that number was 1.2%. Searching the web also show very few
traces of it being used, even with other tools.
Cloes #7176
- docs/INSTALL: remove mentions of configure --with-darwin-ssl
- RELEASE-NOTES: synced
```cmake
set_target_properties(CURL::libcurl PROPERTIES
INTERFACE_INCLUDE_DIRECTORIES "${_IMPORT_PREFIX}/include"
INTERFACE_LINK_LIBRARIES
"lber;ldap;/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/
Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/
SystemConfiguration.framework;OpenSSL::SSL;OpenSSL::Crypto;ZLIB::ZLIB"
)
```
Closes #7152
Bug: https://curl.se/mail/lib-2021-06/0001.html
Closes #7192
In such cases, because libCurl puts the last resolver response on top of
the address list, when IPv4 resolver response comes after IPv6 one - the
IPv4 family starts the connection phase instead of IPv6 family.
The solution for this issue is to always put IPv6 addresses on top of
the address list, regardless the order of resolver responses.
Bug: https://curl.se/mail/lib-2021-06/0003.html
Closes #7188
Thus brings back the change from #7144 as was originally landed in
c769d1eab4de8b
Follow-up to d8dcb399b8009d
Closes #7181
My Watt-32 tcp/ip stack works on Windows but it does not have `WSAIoctl()`
Closes #7183
- github: remove the cmake macOS gcc-8 jobs
They're too similar to the gcc-9 ones to be useful (and seems to not
work anymore).
Closes #7187
Closes #7184
The 'hyper mode' makes line-ending checks work in the test suite for
when hyper is used. Now it also requires that HTTP or HTTPS are
mentioned as keywords to be enabled so that it doesn't wrongly adjusts
tests for other protocols.
This makes test 271 (TFTP) work again in hyper enabled builds.
Closes #7185
Fix a typo in the sorting comment, and while in there elaborate slightly
on why creationtime can be used as a tiebreaker.
Closes: #7182
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Fixes potential hang in peer check by replacing the send/recv check with
a getsockname/getpeername check.
Closes #7144
The warning about missing entries in that file then doesn't require that
the Makefile has been regenerated which was confusing.
The scan for the test num is a little more error prone than before
(since now it doesn't actually verify that it is legitimate Makefile
syntax), but I think it is good enough.
Closes #7177
Closes #7179
For options that pass in lists or strings that are subsequently parsed
and must be correct. This broadens the scope for the option previously
known as CURLE_TELNET_OPTION_SYNTAX but the old name is of course still
provided as a #define for existing applications.
Closes #7175
Closes #7028
Closes #7028
Reverts #6809
Closes #7028
- RELEASE-NOTES: synced
Follow-up to 1a0ebf6632f889eed
Detected by Coverity.
Assisted-by: Harry Sintonen
Closes #7163
Closes #7154
As host names are case insensitive, the use of case sensitive hashing
caused unnecesary cache misses and therefore lost performance. This
lowercases the hash key.
Closes #7162
Follow-up to b249592d29ae0
Closes #7165
Closes #7164
For SSL connections, usually the server announces that it will close the
connection with an SSL close notify alert. curl should read this alert.
If curl does not read this alert and just closes the connection, some
operating systems close the TCP connection with an RST flag.
If curl reads the close notify alert, the TCP connection is closed
normally with a FIN flag.
The new code is similar to existing code in the "SSL shutdown" function:
try to read an alert (non-blocking), and ignore any read errors.
Closes #7095
Closes #7157
Closes #7157
speed-up:
```
time cmake .. -GNinja -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -
DCMAKE_USE_LIBSSH2=OFF
before: 11.64s user 11.09s system 55% cpu 40.754 total
after: 7.84s user 6.57s system 51% cpu 28.074 total
```
```
time cmake .. -GXcode -DCMAKE_USE_SECTRANSP=ON -DHTTP_ONLY=ON -
DCMAKE_USE_LIBSSH2=OFF
before: 217.07s user 104.15s system 60% cpu 8:51.79 total
after: 108.76s user 51.80s system 58% cpu 4:32.58 total
```
Closes #7158
Debug builds would warn that these structs were not initialized properly
for pushed streams.
Ref: #7148
Closes #7153
This function might get called for an easy handle for which the session
cache hasn't been setup. It now just returns a "miss" in that case.
Closes #7151
Resolving the case insensitive host name 'localhost' now returns the
addresses 127.0.0.1 and (if IPv6 is enabled) ::1 without using any
resolver.
Closes #7039
Hyper returns the same error for wrong HTTP version as for negative
content-length. Test 178 verifies that negative content-length is
rejected but the hyper backend will return a different error for it (and
without any helpful message telling why the message was bad). It will
also not return any headers at all for the response, not even the ones
that arrived before the error.
Closes #7147
Closes #7143
Closes #7142
Closes #7141
Closes #7141
- c-hyper: clear NTLM auth buffer when request is issued
Closes #7139
Closes #7138
Closes #7137
Looks like the declaration of cpp shoule be const char ** and return
null if convert_version_info_string fails.
Fixes #7134
Closes #7135
For consistency.
Closes #7130
- RELEASE-NOTES: synced
Closes #7133
Closes #7133
Follow-up to 31f631a142d855f06
Fixes #7128
Closes #7129
URL: https://curl.se/mail/archive-2021-05/0018.html
Closes #7123
Closes #7121
The fix is to check the return value of the function before using the
name.
Closes #7126
Closes #7120
Closes #7071
Follow-up to 7f4a9a9b2a495
Closes #7119
CVE-2021-22901
Bug: https://curl.se/docs/CVE-2021-22901.html
Bug: https://curl.se/docs/CVE-2021-22898.html
CVE-2021-22897
Bug: https://curl.se/docs/CVE-2021-22897.html
- RELEASE-NOTES: synced
NSS: make colons, commas and spaces valid separators in cipher list
Fixes #7110
Closes #7115
Closes #7112
Closes https://github.com/curl/curl/pull/7109
Fixes #7100
Closes #7101
Fixes #7049
Closes #7065
Closes #6853
Bug: https://github.com/jens-maus/amissl/issues/15
Co-authored-by: Daniel Stenberg <daniel@haxx.se>
Closes #7099
Closes #7083
Closes #7083
- RELEASE-NOTES: synced
We use dashes instead of dots nearly everywhere except for those few
cases. This commit addresses this issues and brings more coherency into
it.
Closes #7093
- [Emil Engler brought this change]
This adds the I/O prefix to indicate that those "actions" are kind-of
related to those found in select(2) or poll(2) (reading/writing).
It also adds a note where the prototypes of those functions can be found
in the source code.
Closes #7092
The new field in the Curl_handler struct still lacks documentation. This
adds it it from the information extracted from lib/urldata.h:797
Closes #7091
Closes #7094
Closes #7094
Follow-up to 0c55fbab45be
Closes #7088
... so that we can point out the root of the OpenSSL emulation headers.
Previously this used the '$includedir' variable which is wrong since
that defaults to the dir where the current configure invoke will install
the built libcurl headers: /usr/local by default.
Fixes #7085
Reported-by: Joel Jakobsson
Closes #7087
Fixes #7068
Closes #7069
Fixes #7081
Closes #7082
The libssh2 backend has SSH session associated with the connection but
the callback context is the easy handle, so when a connection gets
attached to a transfer, the protocol handler now allows for a custom
function to get used to set things up correctly.
Since the function is called for any protocol, we can't assume that the
HTTP struct is there without first making sure it is HTTP.
... or the cookies won't get sent. Push users to using the "Netscape"
format instead, which curl uses when saving a cookie "jar".
- RELEASE-NOTES: synced
Closes #7047
Closes #7075
Closes #7063
Closes #6991
Closes #7062
Closes #7074
... so that ldap_memfree() for example doesn't match the scan for free.
Closes #7061
- version: free the openldap info correctly
Closes #7067
schannel: Ensure the security context request flags are always set
As of commit 54e7475, these flags would only be set when using a new
credential handle. When re-using an existing credential handle, the
flags would not be set.
Closes https://github.com/curl/curl/pull/7051
... saves a few bytes of struct size in memory and it only uses
10 bits anyway.
Closes #7045
The Curl_resolv() had special code (when built in debug mode) for when
resolving the host name "LocalHost" (using that exact casing). It would
then get the host name from the --interface option instead.
Closes #7044
Otherwise the old value would linger from a previous use and would mess
up the network speed cap logic.
Fixes #7042
Closes #7043
- RELEASE-NOTES: synced
Writing the cookie file has multiple error conditions, and was using an
int with magic numbers to report the different error (which in turn were
disregarded anyways). This moves reporting to use a CURLcode value.
Closes #7037
Closes #6749
Comments in the cookie code were a bit all over the place in terms of
style and wording. This takes a stab at cleaning them up by keeping to
a single style and overall shape. Some comments are moved a little and
some removed alltogether due to being redundant. No functional changes
have been made,
Fixes #7036
Closes #7040
Also provides further checks for requests with the HEAD method.
Closes #7041
The function becomes easier to read and understand with less repetition.
Bug: https://curl.se/mail/lib-2021-05/0022.html
Closes #7035
Closes #7025
It can't run on focal and causes warnings on bionic. Since the focal
failure started rather suddenly a while ago, we can suspect it might be
temporary.
Fixes #7011
Closes #7012
http: use calculated offsets inst of integer literals for header parsing
Closes #7032
Follow-up to 85868537d
Closes #7033
Closes #7031
- http: limit the initial send amount to used upload buffer size
Also added cautions to the man pages about changing buffer sizes in
run-time.
Closes #7022
- RELEASE-NOTES: synced
... this improves precision, especially for transfers in the few or even
sub millisecond range.
Reported-by: J. Bromley
Fixes #7017
Closes #7020
Closes #7010
Also document the fact that winidn functions differently from libidn2
here.
Closes #7026
Fixes #6830
Closes #7013
Closes #7009
- GnuTLS: don't allow TLS 1.3 for versions that don't support it
Follow-up to 781864bedbc5
Closes #7014
Follow up to e917492048f4b85a0fd58a033d10072fc7666c3b
Closes #6992
Follow up to b36442b24305f3cda7c13cc64b46838995a4985b
Closes #6992
Bug: https://github.com/curl/curl/pull/6662#issuecomment-832966557
Reported-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/7006
Previously, settting only the max allowed TLS version, leaving the
minimum one at default, didn't actually set it and left it to default
(TLS 1.3) too!
As a bonus, this change also removes the dead code handling of SSLv3
since that version can't be set anymore (since eff614fb0242cb).
Since openldap itself uses that prefix and with OpenĹDAP 2.5.4 (at
least) there's a symbol collision because of that.
The private functions now use the 'oldap_' prefix where it previously
used 'ldap_'.
Reported-by: 3eka on github
Fixes #7004
Closes #7005
Prior to this change PEM certificates could only be imported from a file
and not from memory.
Co-authored-by: moparisthebest@users.noreply.github.com
Ref: https://github.com/curl/curl/pull/4679
Ref: https://github.com/curl/curl/pull/5677
Ref: https://github.com/curl/curl/pull/6109
Closes https://github.com/curl/curl/pull/6662
Closes #6987
... as they're checked for in the configure script and are used by
source code.
Removed checks for perror, setvbuf and strlcat since those defines are
not checked for in source code.
Closes #6997
Follow up from e50a877df when test 530 was removed. Since then this
source file has not been used/needed.
Closes #6999
- FILEFORMAT: mention sectransp as a feature
Closes #7001
- RELEASE-NOTES: synced
Closes #6606
Closes #6510
Closes #6494
Only supported by Secure Transport and OpenSSL for TLS 1.3 so far.
Closes #6721
Closes #6985
Closes #6993
Closes #6993
Closes #6993
Closes #6986
Closes #6986
Closes #6960
Removed localfd and remotefd from ssl_backend_data (ued only with proxy
connection). Function pipe_ssloverssl return always 0, when proxy is not
used.
Closes #6981
Closes #6980
Add our own define for the "h2" ALPN protocol, so TLS backends can use
it without depending on a specific HTTP backend.
Closes #6959
Closes #6954
Closes #6954
Closes #6979
Closes https://github.com/curl/curl/pull/6977
Bug: https://github.com/curl/curl/pull/6602#issuecomment-825236763
Reported-by: sergio-nsk@users.noreply.github.com
Closes https://github.com/curl/curl/pull/6938
... which otherwise caused an integer overflow and circumvented the if()
conditional size check.
Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33720
Assisted-by: Max Dymond
Closes #6975
Instead, process the client write for the status line using the same
logic we use to process the client write for the later HTTP headers,
which contains the appropriate guard logic. As a side benefit,
data->set.writeheader is now only read in one file instead of two.
Fixes #6619
Fixes abetterinternet/crustls#49
Fixes hyperium/hyper#2438
Closes #6971
Closes #6967
Closes #6965
Closes #6966
Closes #6942
- RELEASE-NOTES: synced
Closes #6964
... because it makes the knowledge and usage cross-transfer in funny and
unexpected ways.
Fixes #6955
Cloes #6956
Closes #6947
As far as I can see, the URL part is either malloc'ed before due to
encoding or it is strdup'ed.
Closes #6953
Closes #6951
Ref: https://curl.se/mail/lib-2021-04/0085.html
Closes #6943
Ref: https://curl.se/mail/lib-2021-04/0003.html
Closes https://github.com/curl/curl/pull/6843
- Support enabling strong crypto via optional user cipher list when
USE_STRONG_CRYPTO or SCH_USE_STRONG_CRYPTO is in the list.
Ref: https://curl.se/mail/lib-2021-02/0066.html
Ref: https://curl.se/docs/manpage.html#--ciphers
Ref: https://curl.se/libcurl/c/CURLOPT_SSL_CIPHER_LIST.html
Ref: https://docs.microsoft.com/en-us/windows/win32/api/schannel/ns-schannel-
schannel_cred
Closes https://github.com/curl/curl/pull/6734
... and put those functions in separate m4 files per TLS library.
Closes #6897
Fixes test 1165 when functions are moved from configure.ac to files in
m4/
This option is only supported for Schannel (the native Windows SSL
library). Prior to this change Schannel would, with no notification to
the client, attempt to locate a client certificate and send it to the
server, when requested by the server. Since the server can request any
certificate that supports client authentication in the OS certificate
store it could be a privacy violation and unexpected.
Fixes https://github.com/curl/curl/issues/2262
Reported-by: Jeroen Ooms
Assisted-by: Wes Hinsley
Assisted-by: Rich FitzJohn
Ref: https://curl.se/mail/lib-2021-02/0066.html
Reported-by: Morten Minde Neergaard
Closes https://github.com/curl/curl/pull/6673
- create SSL_HOST_PORT
Closes #6660
Closes #6912
Closes #6912
Closes #6654
Closes #6654
Closes #6529
Closes #6245
Bug: #6146
Closes #6245
Bug: #6146
Closes #6245
Restores #5634
Reverts #6281
Part of #6245
Ref: #6899
Mark triple-DES ciphers as 'weak', and exclude them from the default
ciphers list.
Closes #6464
Add cipher names to the `cipherlist` map, based on the list of ciphers
implemented by the NSS in the source code file
https://github.com/nss-dev/nss/blob/master/lib/ssl/sslenum.c
Closes #6670
- http2: remove DEBUG_HTTP2
Closes #6899
Closes #6918
The ConnectionExists() function will note that the new transfer wants
less then h2 and that it can't multiplex it and therefor opt to open a
new connection instead.
Storing a stream error in the per-connection struct was an error that lead to
race conditions as subsequent stream handling could overwrite the error code
before it was used for the stream with the actual problem.
Closes #6910
This was this one condition where the stream could be closed due to an
error and the function would still wrongly just return 0 for it.
Closes #6922
- RELEASE-NOTES: synced
Closes #6927
- Save a parallel transfer's result code only when it fails and the
transfer is not being retried.
Prior to this change the result code was always set which meant that a
failed result could be erroneously discarded if a different transfer
later had a successful result (CURLE_OK).
Before:
After:
Closes #xxxx
Closes https://github.com/curl/curl/pull/6920
When the host name in a URL is given as an IPv4 numerical address, the
address can be specified with dotted numericals in four different ways:
a32, a.b24, a.b.c16 or a.b.c.d and each part can be specified in
decimal, octal (0-prefixed) or hexadecimal (0x-prefixed).
Instead of passing on the name as-is and leaving the handling to the
underlying name functions, which made them not work with c-ares but work
with getaddrinfo, this change now makes the curl URL API itself detect
and "normalize" host names specified as IPv4 numericals.
The WHATWG URL Spec says this is an okay way to specify a host name in a
URL. RFC 3896 does not allow them, but curl didn't prevent them before
and it seems other RFC 3896-using tools have not either. Host names used
like this are widely supported by other tools as well due to the
handling being done by getaddrinfo and friends.
I decided to add the functionality into the URL API itself so that all
users of these functions get the benefits, when for example wanting to
compare two URLs. Also, it makes curl built to use c-ares now support
them as well and make curl builds more consistent.
The normalization makes HTTPS and virtual hosted HTTP work fine even
when curl gets the address specified using one of the "obscure" formats.
Fixes #6863
Closes #6871
... by fixing macros to do-while constructs and moving out the calls to
"break" outside of the actual macro. It also fixes the problem where the
macro was used witin a loop and the break didn't do right.
Closes #6700
Closes #6773
These SSL versions are typically not supported by the TLS libraries since a
long time back already since they are inherently insecure and broken. Asking
for them to be used will just cause an error to be returned slightly later.
In the unlikely event that a user's TLS library actually still supports these
protocol versions, this change might make the request a little less insecure.
Closes #6772
Make sure one of the azure jobs has jsonlint installed so that the test
runs there.
Ref: #6905
Closes #6901
Closes #6900
Closes #6895
Closes #6887
- RELEASE-NOTES: synced
Add test 676 to verify that setting CURLOPT_COOKIEFILE to NULL again clears
the cookiejar from memory.
Fixes #6864
Cloes #6886
Closes #6881
- configure: fix CURL_DARWIN_CFLAGS use
Follow-up to 5d2c384452543c
Bug:
https://github.com/curl/curl/commit/5d2c384452543c7b6c9fb02eaa0afc84fd5ab941#commit
comment-49315187
Reported-by: Marcel Raad
Closes #6878
Closes #6815
Closes #6876
The solution implemented here is: if the extended security flag is set,
prefer using NTLM version 2 (as a server featuring extended security
should also support version 2). If version 2 has been disabled at
compile time, use extended security.
Fixes #6813
Closes #6849
Closes #6849
Closes #6849
Closes #6867
> All current systems provide time.h; it need not be checked for.
> Not all systems provide sys/time.h, but those that do, all allow
> you to include it and time.h simultaneously.
Closes #6859
> Your code may safely assume C89 semantics that RETSIGTYPE is void.
Closes #6861
Closes #6860
Closes #6857
- RELEASE-NOTES: synced
Make sure the total amount of DL/UL bytes are counted before the
transfer finalizes. Otherwise if a transfer finishes too quick, its
total numbers are not added, and results in a DL%/UL% that goes above
100%.
Detail:
Closes https://github.com/curl/curl/pull/6840
Closes #6829
Daniel Stenberg (5 Apr 2021)
- http_proxy: only loop on 407 + close if we have credentials
instead of 13, before the server has told how many streams it
accepts. The server can always reject new streams anyway if we go above
what it accepts.
Ref: #6826
Closes #6852
This brings back the previous behaviour, which was to succeed, but with
empty content. This also removes the "Accept-ranges: bytes" header,
which is nonsensical on directories.
- RELEASE-NOTES: synced
Fixes https://github.com/curl/curl/issues/6831
Closes https://github.com/curl/curl/pull/6832
Closes #6809
Follow-up to b09c8ee15771c61
Fixes #6812
Closes #6811
Closes #6807
Follow-up to 7214288898f5625
Follow-up to #6277
Fixes #6803
Closes #6808
CVE-2021-22890
CVE-2021-22876
Bug: https://curl.se/docs/CVE-2021-22876.html
Closes #6806
ldap: only set the callback ptr for TLS context when TLS is used
Follow-up to a5eee22e594c2460f
Fixes #6804
Closes #6805
Both were used for the same purposes and there was no logical separation
between them. Combined, this also saves 16 bytes in less holes in my
test build.
Closes #6798
Known bug 11.11 is the shared object's connection cache is not thread
safe, so we should not have an example for it.
Ref: https://github.com/curl/curl/issues/4915
Ref: https://curl.se/docs/knownbugs.html#A_shared_connection_cache_is_not
Closes https://github.com/curl/curl/pull/6795
- Remove the reference to #4578 (SSL verify options not inherited) since
that was fixed by #6597 (separate DoH-specific options for verify).
- Add a reference to #6605 and explain that the user's debug function is
not inherited because it would be unexpected to pass internal handles
(ie DoH handles) to the user's callback.
Closes https://github.com/curl/curl/issues/6605
Closes #6794
Otherwise, the transfer will be NULL in the trace function when the
early handshake details arrive and then curl won't show them.
Regresssion in 7.75.0
Reported-by: David Hu
Fixes #6783
Closes #6792
- RELEASE-NOTES: synced
Ref: https://stackoverflow.com/q/66789977/93747
Closes #6786
Follow-up to e467ea3bd937f38
Assisted-by: Patrick Monnerat
Closes #6787
After the recent conn/data refactor in this source file, this function
was mistakenly still getting the old struct pointer which would lead to
crash on servers with keyboard-interactive auth enabled.
Follow-up to d3d90ad9c00530d
Closes #6781
Follow-up to a59c33ceffb8f78
Reported-by: Patrick Monnerat
Fixes #6676
Closes #6780
To make sure the Host: header and the URL provide the same authority
portion when sent to the proxy, strip the default port number from the
URL if one was provided.
Remove some nroffisms from the cmdline doc files to simplify editing,
and instead support this markdown style.
Closes #6771
Closes #6770
- RELEASE-NOTES: synced
Fixes #6764
Closes #6766
Closes #6763
Closes #6763
Closes #6758
Closes #6738
This makes the tests easier to copy and relocate to other test numbers
without having to update content.
Closes #6738
Closes #5747
Closes #6743
Ref: https://github.com/curl/curl/issues/2209#issuecomment-360623286
Ref: https://github.com/curl/curl/issues/6717#issuecomment-800745201
Closes https://github.com/curl/curl/pull/6755
- Document in DOH that some SSL settings are inherited but DOH hostname
and peer verification are not and are controlled separately.
Closes https://github.com/curl/curl/pull/6688
When asked to resume a download, libcurl will convert that to HTTP logic
and if then the entire file is already transferred it will result in a
416 response from the HTTP server. With CURLOPT_FAILONERRROR set in that
scenario, it should *not* lead to an error return.
The duration of a connect and the total transfer are calculated from two
different time-stamps. It can end up with the total timeout triggering
before the connect timeout expires and we should make sure to
acknowledge whichever timeout that is reached first.
The CONNECTTIMEOUT is per connect attempt. The TIMEOUT is for the entire
operation.
Fixes #6744
Closes #6745
Reported-by: Andrei Bica
Assisted-by: Jay Satiro
- configure: s/AC_HELP_STRING/AS_HELP_STRING
- RELEASE-NOTES: synced
Closes #6751
Closes #6751
Previously, rustls was using an on-stack array for TLS data. However,
crustls has an (unusual) requirement that buffers it deals with are
initialized before writing to them. By using calloc, we can ensure the
buffer is initialized once and then reuse it across calls.
Closes #6742
Closes #6750
- HTTP2: remove the outdated remark about multiplexing for the tool
this should fix an issue where curl sometimes doesn't send out a request
with authorization info after a 401 is received over http2
Closes #6747
Link advapi32 and crypt32 for Crypto API and Schannel SSL backend.
Fix condition of Schannel SSL backend in CMake build accordingly.
Closes #6277
Part of #6277
Closes #6741
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Closes #6728
For some reason the torture tests now run a lot slower on travis and run
into the 50 minute limit all the time.
Closes #6728
Closes #6737
Closes #6736
- RELEASE-NOTES: synced
This refactors the session setup into its own function, and adds a new
function cr_hostname_is_ip. Because crustls doesn't support verification
of IP addresses, special handling is needed: We disable SNI and set a
placeholder hostname (which never actually gets sent on the wire).
Closes #6719
Curl_cookie_init can be called with data being NULL, and this can in turn
be passed to Curl_cookie_add, meaning that both functions must be careful
to only use data where it's checked for being a NULL pointer. The libpsl
support code does however dereference data without checking, so if we are
indeed having an unset data pointer we cannot PSL check the cookiedomain.
Closes #6731
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Add paths for OpenSSL compiling and linking only if they have been
defined. If they haven't been defined, we'll assume that the paths are
already available to the toolchain.
Closes #6730
- Clarify the only 5xx response codes that are treated as transient are
500, 502, 503 and 504.
Prior to this change it said it treated all 5xx as transient, but the
code says otherwise.
Ref: https://github.com/curl/curl/blob/curl-7_75_0/src/tool_operate.c#L462-L495
Closes https://github.com/curl/curl/pull/6724
- Add a paragraph explaining that curl does not consider HTTP response
errors as curl errors, and how that behavior can be modified by using
--retry and --fail.
The --retry-all-errors doc says "Retry on any error" which some users
may find misleading without the added explanation.
Ref: https://curl.se/docs/faq.html#Why_do_I_get_downloaded_data_eve
Ref: https://curl.se/docs/faq.html#curl_doesn_t_return_error_for_HT
Fixes https://github.com/curl/curl/issues/6712
Closes https://github.com/curl/curl/pull/6720
The ngtcp2 project switched over to using the quictls OpenSSL fork
instead of their own patched OpenSSL. We follow suit.
Closes #6729
Closes #6727
Closes #6727
Closes #6727
Not supported.
Closes #6727
... as cmake now does it correctly, and make test1014 check for it
Closes #6702
Make the code consistently use a single name for the size of the
"curl_off_t" type.
Closes #6702
Closes https://github.com/curl/curl/pull/6716
when removing a handle, most of the lists are updated but pending list
is not updated. Updating now.
Closes #6713
Closes #6710
Fixes #6707
Closes #6708
Also: skip the "normal" tests as they're already run by many other
builds.
Closes #6705
Closes #6703
Reported-by: ウさん
Fixes #6664
Closes #6701
- RELEASE-NOTES: synced
- RELEASE-NOTES: synced
Example:
Closes https://github.com/curl/curl/pull/6690
Ref: https://github.com/curl/curl/issues/6696
Closes https://github.com/curl/curl/pull/6697
Fixes https://github.com/curl/curl/issues/6677
Closes https://github.com/curl/curl/pull/6687
Closes https://github.com/curl/curl/pull/6692
- Update VS project templates to use the OpenSSL lib names and include
directories for OpenSSL 1.1.x.
This change means the VS project files will now build only with OpenSSL
1.1.x when an OpenSSL configuration is chosen. Prior to this change the
project files built only with OpenSSL 1.0.x (end-of-life) when an
OpenSSL configuration was chosen.
And since the output directory now contains the includes it's prepended:
..\..\..\..\..\openssl\build\Win{32,64}\VC{6..15}\{DLL,LIB}
{Debug,Release}\include
Each build has its own opensslconf.h which is different so we can't just
include the source include directory any longer.
Note the include directory in the output directory is a full copy from
the build so technically we don't need to include the OpenSSL source
include directory in the template. However, I left it last in case the
user made a custom OpenSSL build using the old method which would put
opensslconf in the OpenSSL source include directory.
For OpenSSL 1.1.x the temporary paths must be separate not a descendant
of the other, otherwise pdb files will be lost between builds.
Ref: https://curl.se/mail/lib-2018-10/0049.html
Ref: https://gist.github.com/jay/125191c35bbeb894444eff827651f755
Ref; https://github.com/openssl/openssl/issues/10005
Fixes https://github.com/curl/curl/issues/984
Closes https://github.com/curl/curl/pull/6675
Prior to this change if the user set their easy handle's error stream
to something other than stderr it was not inherited by the doh handles,
which meant that they would still write to the default standard error
stream (stderr) for verbose output.
Bug: https://github.com/curl/curl/issues/6605
Reported-by: arvids-kokins-bidstack@users.noreply.github.com
Closes https://github.com/curl/curl/pull/6661
Closes #6678
Ref: #6058
Closes #6179
Part of #6179
Closes #6671
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
- Increase the minimum number of spaces between the option and the
description from 1 to 2.
Before:
~~~
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
--xattr Store metadata in extended file attributes
~~~
After:
~~~
-u, --user <user:password> Server user and password
-A, --user-agent <name> Send User-Agent <name> to server
-v, --verbose Make the operation more talkative
-V, --version Show version number and quit
-w, --write-out <format> Use output FORMAT after completion
--xattr Store metadata in extended file attributes
~~~
Closes https://github.com/curl/curl/pull/6674
The --create-file-mode code logic accepted the value but never actually
passed it on to libcurl!
Follow-up to 09363500b
Reported-by: Emil Engler
Reviewed-by: Daniel Gustafsson
Closes #6668
Closes #6665
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Signed-off-by: Jean-Philippe Menil <jpmenil@gmail.com>