]> granicus.if.org Git - curl/log
curl
6 years agourl: use the URL API internally as well
Daniel Stenberg [Fri, 14 Sep 2018 21:33:28 +0000 (23:33 +0200)]
url: use the URL API internally as well

... to make it a truly unified URL parser.

Closes #3017

6 years agoURL and mailmap updates, remove an obsolete directory [ci skip]
Viktor Szakats [Sat, 22 Sep 2018 07:58:05 +0000 (07:58 +0000)]
URL and mailmap updates, remove an obsolete directory [ci skip]

Closes https://github.com/curl/curl/pull/3031

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 21 Sep 2018 22:16:57 +0000 (00:16 +0200)]
RELEASE-NOTES: synced

6 years agoconfigure: force-use -lpthreads on HPUX
Daniel Stenberg [Fri, 21 Sep 2018 07:40:56 +0000 (09:40 +0200)]
configure: force-use -lpthreads on HPUX

When trying to detect pthreads use on HPUX the checks will succeed
without the correct -l option but then end up failing at run-time.

Reported-by: Eason-Yu on github
Fixes #2697
Closes #3025

6 years agoCurl_saferealloc: Fixed typo in docblock
Erik Minekus [Fri, 21 Sep 2018 12:20:18 +0000 (14:20 +0200)]
Curl_saferealloc: Fixed typo in docblock

Closes #3029

6 years agourlapi: fix support for address scope in IPv6 numerical addresses
Daniel Stenberg [Fri, 21 Sep 2018 06:17:39 +0000 (08:17 +0200)]
urlapi: fix support for address scope in IPv6 numerical addresses

Closes #3024

6 years agoGnutTLS: TLS 1.3 support
Loganaden Velvindron [Mon, 10 Sep 2018 18:35:38 +0000 (22:35 +0400)]
GnutTLS: TLS 1.3 support

Closes #2971

6 years agoTODO: c-ares and CURLOPT_OPENSOCKETFUNCTION
Daniel Stenberg [Thu, 20 Sep 2018 21:56:20 +0000 (23:56 +0200)]
TODO: c-ares and CURLOPT_OPENSOCKETFUNCTION

Removed DoH.

Closes #2734

6 years agovtls: fix ssl version "or later" behavior change for many backends
Jay Satiro [Tue, 18 Sep 2018 20:35:36 +0000 (16:35 -0400)]
vtls: fix ssl version "or later" behavior change for many backends

- Treat CURL_SSLVERSION_MAX_NONE the same as
  CURL_SSLVERSION_MAX_DEFAULT. Prior to this change NONE would mean use
  the minimum version also as the maximum.

This is a follow-up to 6015cef which changed the behavior of setting
the SSL version so that the requested version would only be the minimum
and not the maximum. It appears it was (mostly) implemented in OpenSSL
but not other backends. In other words CURL_SSLVERSION_TLSv1_0 used to
mean use just TLS v1.0 and now it means use TLS v1.0 *or later*.

- Fix CURL_SSLVERSION_MAX_DEFAULT for OpenSSL.

Prior to this change CURL_SSLVERSION_MAX_DEFAULT with OpenSSL was
erroneously treated as always TLS 1.3, and would cause an error if
OpenSSL was built without TLS 1.3 support.

Co-authored-by: Daniel Gustafsson
Fixes https://github.com/curl/curl/issues/2969
Closes https://github.com/curl/curl/pull/3012

6 years agocerts: generate tests certs with sha256 digest algorithm
Daniel Stenberg [Wed, 19 Sep 2018 07:04:48 +0000 (09:04 +0200)]
certs: generate tests certs with sha256 digest algorithm

As OpenSSL 1.1.1 starts to complain and fail on sha1 CAs:

"SSL certificate problem: CA signature digest algorithm too weak"

Closes #3014

6 years agourlapi: document the error codes, remove two unused ones
Daniel Stenberg [Wed, 19 Sep 2018 09:28:40 +0000 (11:28 +0200)]
urlapi: document the error codes, remove two unused ones

Assisted-by: Daniel Gustafsson
Closes #3019

6 years agourlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance
Daniel Stenberg [Wed, 19 Sep 2018 08:17:03 +0000 (10:17 +0200)]
urlapi: add CURLU_GUESS_SCHEME and fix hostname acceptance

In order for this API to fully work for libcurl itself, it now offers a
CURLU_GUESS_SCHEME flag that makes it "guess" scheme based on the host
name prefix just like libcurl always did. If there's no known prefix, it
will guess "http://".

Separately, it relaxes the check of the host name so that IDN host names
can be passed in as well.

Both these changes are necessary for libcurl itself to use this API.

Assisted-by: Daniel Gustafsson
Closes #3018

6 years agonss: try to connect even if libnssckbi.so fails to load
Kamil Dudka [Wed, 19 Sep 2018 08:05:56 +0000 (10:05 +0200)]
nss: try to connect even if libnssckbi.so fails to load

One can still use CA certificates stored in NSS database.

Reported-by: Maxime Legros
Bug: https://curl.haxx.se/mail/lib-2018-09/0077.html

Closes #3016

6 years agourlapi: don't set value which is never read
Daniel Gustafsson [Wed, 19 Sep 2018 11:44:10 +0000 (13:44 +0200)]
urlapi: don't set value which is never read

In the CURLUPART_URL case, there is no codepath which invokes url
decoding so remove the assignment of the urldecode variable. This
fixes the deadstore bug-report from clang static analysis.

Closes #3015
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agotodo: Update reference to already done item
Daniel Gustafsson [Wed, 19 Sep 2018 07:12:45 +0000 (09:12 +0200)]
todo: Update reference to already done item

TODO item 1.1 was implemented in commit 946ce5b61f, update reference
to it with instead referencing the implemented option.

Closes #3013
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 18 Sep 2018 14:45:58 +0000 (16:45 +0200)]
RELEASE-NOTES: synced

6 years agocmake: don't require OpenSSL if USE_OPENSSL=OFF
slodki [Sat, 15 Sep 2018 23:15:08 +0000 (01:15 +0200)]
cmake: don't require OpenSSL if USE_OPENSSL=OFF

User must have OpenSSL installed even if not used by libcurl at all
since 7.61.1 release.  Broken at
7867aaa9a01decf93711428462335be8cef70212

Reviewed-by: Sergei Nikulov
Closes #3001

6 years agocurl_multi_wait: call getsock before figuring out timeout
Daniel Stenberg [Sat, 15 Sep 2018 22:16:49 +0000 (00:16 +0200)]
curl_multi_wait: call getsock before figuring out timeout

.... since getsock may update the expiry timer.

Fixes #2996
Closes #3000

6 years agoexamples/http2-pushinmemory: receive HTTP/2 pushed files in memory
Daniel Stenberg [Sun, 16 Sep 2018 22:31:34 +0000 (00:31 +0200)]
examples/http2-pushinmemory: receive HTTP/2 pushed files in memory

Closes #3004

6 years agodarwinssl: Fix realloc memleak
Daniel Gustafsson [Tue, 18 Sep 2018 07:06:07 +0000 (09:06 +0200)]
darwinssl: Fix realloc memleak

The reallocation was using the input pointer for the return value, which
leads to a memory leak on reallication failure. Fix by instead use the
safe internal API call Curl_saferealloc().

Closes #3005
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Nick Zitzmann <nickzman@gmail.com>
6 years agoexamples: Fix memory leaks from realloc errors
Kruzya [Sat, 15 Sep 2018 05:55:11 +0000 (08:55 +0300)]
examples: Fix memory leaks from realloc errors

Make sure to not overwrite the reallocated pointer in realloc() calls
to avoid a memleak on memory errors.

6 years agomemory: add missing curl_printf header
Daniel Gustafsson [Mon, 17 Sep 2018 07:28:10 +0000 (09:28 +0200)]
memory: add missing curl_printf header

ftp_send_command() was using vsnprintf() without including the libcurl
*rintf() replacement header. Fix by including curl_printf.h and also
add curl_memory.h while at it since memdebug.h depends on it.

Closes #2999
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agocurl: update --tlsv* descriptions in --help output
Si [Fri, 14 Sep 2018 12:48:01 +0000 (13:48 +0100)]
curl: update --tlsv* descriptions in --help output

Closes #2994

6 years agohttp: made Curl_add_buffer functions take a pointer-pointer
Daniel Stenberg [Fri, 14 Sep 2018 09:48:53 +0000 (11:48 +0200)]
http: made Curl_add_buffer functions take a pointer-pointer

... so that they can clear the original pointer on failure, which makes
the error-paths and their cleanups easier.

Closes #2992

6 years agohttp2: fix memory leaks on error-path
Daniel Stenberg [Fri, 14 Sep 2018 09:16:26 +0000 (11:16 +0200)]
http2: fix memory leaks on error-path

6 years agolibtest: Add chkdecimalpoint to .gitignore
Rikard Falkeborn [Sat, 15 Sep 2018 19:53:41 +0000 (21:53 +0200)]
libtest: Add chkdecimalpoint to .gitignore

Closes #2998

6 years agosecure Openwall URLs
Viktor Szakats [Fri, 14 Sep 2018 18:48:35 +0000 (18:48 +0000)]
secure Openwall URLs

6 years agoopenssl: show "proper" version number for libressl builds
Daniel Stenberg [Thu, 13 Sep 2018 12:09:24 +0000 (14:09 +0200)]
openssl: show "proper" version number for libressl builds

Closes #2989

6 years agoopenssl: assume engine support in 0.9.8 or later
Rainer Jung [Thu, 13 Sep 2018 07:55:47 +0000 (09:55 +0200)]
openssl: assume engine support in 0.9.8 or later

Fixes #2983
Closes #2988

6 years agosendf: use failf() rather than Curl_failf()
Daniel Gustafsson [Thu, 13 Sep 2018 08:48:21 +0000 (10:48 +0200)]
sendf: use failf() rather than Curl_failf()

The failf() macro is the name used for invoking Curl_failf(). While
there isn't a way to turn off failf like there is for infof, but it's
still a good idea to use the macro.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agosendf: Fix whitespace in infof/failf concatenation
Daniel Gustafsson [Thu, 13 Sep 2018 08:47:45 +0000 (10:47 +0200)]
sendf: Fix whitespace in infof/failf concatenation

Strings broken on multiple rows in the .c file need to have appropriate
whitespace padding on either side of the concatenation point to render
a correct amalgamated string. Fix by adding a space at the occurrences
found.

Closes #2986
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agokrb5: fix memory leak in krb_auth
Daniel Gustafsson [Thu, 13 Sep 2018 08:10:55 +0000 (10:10 +0200)]
krb5: fix memory leak in krb_auth

The FTP command allocated by aprintf() must be freed after usage.

Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoftp: include command in Curl_ftpsend sendbuffer
Daniel Gustafsson [Thu, 13 Sep 2018 08:10:18 +0000 (10:10 +0200)]
ftp: include command in Curl_ftpsend sendbuffer

Commit 8238ba9c5f10414a88f502bf3f5d5a42d632984c inadvertently removed
the actual command to be sent from the send buffer in a refactoring.
Add back copying the command into the buffer. Also add more guards
against malformed input while at it.

Closes #2985
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agontlm_wb: Fix memory leaks in ntlm_wb_response
Daniel Gustafsson [Thu, 13 Sep 2018 08:06:05 +0000 (10:06 +0200)]
ntlm_wb: Fix memory leaks in ntlm_wb_response

When erroring out on a request being too large, the existing buffer was
leaked. Fix by explicitly freeing on the way out.

Closes #2966
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agotravis: build the MesaLink vtls backend with MesaLink 0.7.1
Yiming Jing [Mon, 10 Sep 2018 20:11:59 +0000 (13:11 -0700)]
travis: build the MesaLink vtls backend with MesaLink 0.7.1

6 years agoruntests.pl: run tests against the MesaLink vtls backend
Yiming Jing [Mon, 10 Sep 2018 20:11:23 +0000 (13:11 -0700)]
runtests.pl: run tests against the MesaLink vtls backend

6 years agovtls: add a MesaLink vtls backend
Yiming Jing [Mon, 10 Sep 2018 20:08:21 +0000 (13:08 -0700)]
vtls: add a MesaLink vtls backend

Closes #2984

6 years agoconfigure.ac: add a MesaLink vtls backend
Yiming Jing [Mon, 10 Sep 2018 20:07:40 +0000 (13:07 -0700)]
configure.ac: add a MesaLink vtls backend

6 years agocurl_url_set.3: properly escape \n in example code
Dave Reisner [Mon, 10 Sep 2018 13:39:33 +0000 (09:39 -0400)]
curl_url_set.3: properly escape \n in example code

This yields

  "the scheme is %s\n"

instead of

  "the scheme is %s0

Closes #2970

6 years agocurl_url_set.3: fix typo in reference to CURLU_APPENDQUERY
Dave Reisner [Mon, 10 Sep 2018 13:38:46 +0000 (09:38 -0400)]
curl_url_set.3: fix typo in reference to CURLU_APPENDQUERY

6 years agourlglob: improve error message
Daniel Stenberg [Tue, 11 Sep 2018 20:03:47 +0000 (22:03 +0200)]
urlglob: improve error message

to help user understand what the problem is

Reported-by: Daniel Shahaf
Fixes #2763
Closes #2977

6 years agotests/certs: rebuild certs with 2048-bit RSA keys
Yiming Jing [Mon, 10 Sep 2018 18:32:23 +0000 (11:32 -0700)]
tests/certs: rebuild certs with 2048-bit RSA keys

The previous test certificates contained RSA keys of only 1024 bits.
However, RSA claims that 1024-bit RSA keys are likely to become
crackable some time before 2010. The NIST recommends at least 2048-bit
keys for RSA for now.

Better use full 2048 also for testing.

Closes #2973

6 years agoTODO: fix typo in item
Daniel Gustafsson [Wed, 12 Sep 2018 11:12:15 +0000 (13:12 +0200)]
TODO: fix typo in item

Closes #2968
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
6 years agoanyauthput: fix compiler warning on 64-bit Windows
Marcel Raad [Mon, 10 Sep 2018 19:10:38 +0000 (21:10 +0200)]
anyauthput: fix compiler warning on 64-bit Windows

On Windows, the read function from <io.h> is used, which has its byte
count parameter as unsigned int instead of size_t.

Closes https://github.com/curl/curl/pull/2972

6 years agolib: fix gcc8 warning on Windows
Viktor Szakats [Wed, 12 Sep 2018 08:52:40 +0000 (08:52 +0000)]
lib: fix gcc8 warning on Windows

Closes https://github.com/curl/curl/pull/2979

6 years agoopenssl: fix gcc8 warning
Jay Satiro [Wed, 12 Sep 2018 07:14:20 +0000 (03:14 -0400)]
openssl: fix gcc8 warning

- Use memcpy instead of strncpy to copy a string without termination,
  since gcc8 warns about using strncpy to copy as many bytes from a
  string as its length.

Suggested-by: Viktor Szakats
Closes https://github.com/curl/curl/issues/2980

6 years agolibcurl-url.3: overview man page for the URL API
Daniel Stenberg [Mon, 10 Sep 2018 08:09:18 +0000 (10:09 +0200)]
libcurl-url.3: overview man page for the URL API

Closes #2967

6 years agoexample/asiohiper: insert warning comment about its status
Daniel Stenberg [Mon, 10 Sep 2018 15:42:39 +0000 (17:42 +0200)]
example/asiohiper: insert warning comment about its status

This example is simply not working correctly but there's nobody around
with the skills and energy to fix it.

Closes #2407

6 years agodocs/cmdline-opts: update the documentation of --tlsv1.0
Kamil Dudka [Fri, 7 Sep 2018 14:50:45 +0000 (16:50 +0200)]
docs/cmdline-opts: update the documentation of --tlsv1.0

... to reflect the changes in 6015cefb1b2cfde4b4850121c42405275e5e77d9

Closes #2955

6 years agodocs/examples: do not wait when no transfers are running
Kamil Dudka [Fri, 7 Sep 2018 14:15:24 +0000 (16:15 +0200)]
docs/examples: do not wait when no transfers are running

Closes #2948

6 years agocookies: Move failure case label to end of function
Daniel Gustafsson [Sun, 9 Sep 2018 22:20:34 +0000 (00:20 +0200)]
cookies: Move failure case label to end of function

Rather than jumping backwards to where failure cleanup happens
to be performed, move the failure case to end of the function
where it is expected per existing coding convention.

Closes #2965

6 years agomisc: fix typos in comments
Daniel Gustafsson [Sun, 9 Sep 2018 19:29:39 +0000 (21:29 +0200)]
misc: fix typos in comments

Closes #2963

6 years agocookies: fix leak when writing cookies to file
Daniel Gustafsson [Sat, 8 Sep 2018 20:23:33 +0000 (22:23 +0200)]
cookies: fix leak when writing cookies to file

If the formatting fails, we error out on a fatal error and
clean up on the way out. The array was however freed within
the wrong scope and was thus never freed in case the cookies
were written to a file instead of STDOUT.

Closes #2957

6 years agocookies: Remove redundant expired check
Daniel Gustafsson [Sun, 9 Sep 2018 06:52:04 +0000 (08:52 +0200)]
cookies: Remove redundant expired check

Expired cookies have already been purged at a later expiration time
before this check, so remove the redundant check.

closes #2962

6 years agontlm_wb: bail out if the response gets overly large
Daniel Stenberg [Sat, 8 Sep 2018 21:03:53 +0000 (23:03 +0200)]
ntlm_wb: bail out if the response gets overly large

Exit the realloc() loop if the response turns out ridiculously large to
avoid worse problems.

Reported-by: Harry Sintonen
Closes #2959

6 years agourl.c: fix comment typo and indentation
Daniel Gustafsson [Sat, 8 Sep 2018 21:05:21 +0000 (23:05 +0200)]
url.c: fix comment typo and indentation

Closes #2960

6 years agourlapi: avoid derefencing a possible NULL pointer
Daniel Stenberg [Sat, 8 Sep 2018 20:57:36 +0000 (22:57 +0200)]
urlapi: avoid derefencing a possible NULL pointer

Coverity CID 1439134

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sat, 8 Sep 2018 20:45:45 +0000 (22:45 +0200)]
RELEASE-NOTES: synced

6 years agotest324: fix after 3f3b26d6feb0667714902e836af608094235fca2
Marcel Raad [Sat, 8 Sep 2018 20:30:28 +0000 (22:30 +0200)]
test324: fix after 3f3b26d6feb0667714902e836af608094235fca2

The expected error code is now 60. 51 is dead.

6 years agocurl_url_set.3: correct description
Daniel Stenberg [Sat, 8 Sep 2018 17:39:57 +0000 (19:39 +0200)]
curl_url_set.3: correct description

6 years agocurl_url-docs: fix AVAILABILITY as Added in curl 7.62.0
Daniel Stenberg [Sat, 8 Sep 2018 14:02:25 +0000 (16:02 +0200)]
curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0

6 years agoURL-API
Daniel Stenberg [Sun, 5 Aug 2018 09:51:07 +0000 (11:51 +0200)]
URL-API

See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.

Closes #2842

6 years agocurl_easy_upkeep: removed 'conn' from the name
Daniel Stenberg [Fri, 7 Sep 2018 08:28:57 +0000 (10:28 +0200)]
curl_easy_upkeep: removed 'conn' from the name

... including the associated option.

Fixes #2951
Closes #2952

6 years agoupkeep: add a connection upkeep API: curl_easy_conn_upkeep()
Max Dymond [Wed, 18 Apr 2018 15:40:17 +0000 (16:40 +0100)]
upkeep: add a connection upkeep API: curl_easy_conn_upkeep()

Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.

Add docs for the new options in 7.62.0

Closes #1641

6 years agoconfigure: add option to disable automatic OpenSSL config loading
Philipp Waehnert [Wed, 25 Jul 2018 09:00:15 +0000 (11:00 +0200)]
configure: add option to disable automatic OpenSSL config loading

Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.

Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.

Fixes #2724
Closes #2791

6 years agodoh: minor edits to please Coverity
Daniel Stenberg [Fri, 7 Sep 2018 07:26:08 +0000 (09:26 +0200)]
doh: minor edits to please Coverity

The gcc typecheck macros and coverity combined made it warn on the 2nd
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.

Coverity CID 1439115 and CID 1439114.

6 years agoschannel: avoid switch-cases that go to default anyway
Daniel Stenberg [Thu, 6 Sep 2018 20:53:42 +0000 (22:53 +0200)]
schannel: avoid switch-cases that go to default anyway

SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
mingw and would require an ifdef otherwise.

Reported-by: Thomas Glanzmann
Approved-by: Marc Hörsken
Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
Closes #2950

6 years agoimap: change from "FETCH" to "UID FETCH"
Nicklas Avén [Tue, 31 Jul 2018 11:12:18 +0000 (13:12 +0200)]
imap: change from "FETCH" to "UID FETCH"

... and add "MAILINDEX".

As described in #2789, this is a suggested solution.  Changing UID=xx to
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
special index in the mail box (old behavior).  So MAILINDEX=1 gives the
first non deleted mail in the mail box.

Fixes #2789
Closes #2815

6 years agoCURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
Daniel Stenberg [Sat, 18 Aug 2018 14:17:05 +0000 (16:17 +0200)]
CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size

This is step 3 of #2888.

Fixes #2888
Closes #2896

6 years agotravis: add the DOH tests to the torture testing
Daniel Stenberg [Wed, 20 Jun 2018 20:58:13 +0000 (22:58 +0200)]
travis: add the DOH tests to the torture testing

6 years agoDOH: add test case 1650 and 2100
Daniel Stenberg [Tue, 19 Jun 2018 14:08:05 +0000 (16:08 +0200)]
DOH: add test case 1650 and 2100

6 years agocurl: --doh-url added
Daniel Stenberg [Thu, 6 Sep 2018 07:16:02 +0000 (09:16 +0200)]
curl: --doh-url added

6 years agosetopt: add CURLOPT_DOH_URL
Daniel Stenberg [Thu, 6 Sep 2018 07:16:02 +0000 (09:16 +0200)]
setopt: add CURLOPT_DOH_URL

Closes #2668

6 years agossl: deprecate CURLE_SSL_CACERT in favour of a unified error code
Han Han [Wed, 22 Aug 2018 18:13:32 +0000 (11:13 -0700)]
ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code

Long live CURLE_PEER_FAILED_VERIFICATION

6 years agox509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
Han Han [Mon, 20 Aug 2018 22:10:40 +0000 (15:10 -0700)]
x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert

CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.

6 years agoopenssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
Han Han [Thu, 16 Aug 2018 19:41:31 +0000 (12:41 -0700)]
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer

Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.

6 years agoschannel: unified error code handling
Han Han [Thu, 16 Aug 2018 02:57:16 +0000 (19:57 -0700)]
schannel: unified error code handling

Closes #2901

6 years agodarwinssl: more specific and unified error codes
Han Han [Tue, 14 Aug 2018 23:53:18 +0000 (16:53 -0700)]
darwinssl: more specific and unified error codes

Closes #2901

6 years agoCURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
Daniel Stenberg [Tue, 4 Sep 2018 22:05:46 +0000 (00:05 +0200)]
CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated

Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
deprecation and complete removal in six months.

Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
Closes #2942

6 years agourl: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
Daniel Stenberg [Wed, 5 Sep 2018 12:35:57 +0000 (14:35 +0200)]
url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled

Closes #2709

6 years agomultiplex: enable by default
Daniel Stenberg [Wed, 5 Sep 2018 12:35:57 +0000 (14:35 +0200)]
multiplex: enable by default

Starting 7.62.0, multiplexing is enabled by default in multi handles.

6 years agotests: add unit tests for url.c
Jim Fuller [Fri, 13 Jul 2018 15:17:19 +0000 (15:17 +0000)]
tests: add unit tests for url.c

Approved-by: Daniel Gustafsson
Closes #2937

6 years agotest1452: mark as flaky
Daniel Stenberg [Wed, 5 Sep 2018 09:36:58 +0000 (11:36 +0200)]
test1452: mark as flaky

makes it not run in the CI builds

Closes #2941

6 years agopipelining: deprecated
Daniel Stenberg [Wed, 5 Sep 2018 09:33:51 +0000 (11:33 +0200)]
pipelining: deprecated

Transparently. The related curl_multi_setopt() options all still returns
OK when pipelining is selected.

To re-enable the support, the single line change in lib/multi.c needs to
be reverted.

See docs/DEPRECATE.md

Closes #2705

6 years agoRELEASE-NOTES: start working on 7.62.0
Daniel Stenberg [Wed, 5 Sep 2018 08:22:54 +0000 (10:22 +0200)]
RELEASE-NOTES: start working on 7.62.0

6 years agoTHANKS: 7.61.1 status curl-7_61_1
Daniel Stenberg [Tue, 4 Sep 2018 21:49:50 +0000 (23:49 +0200)]
THANKS: 7.61.1 status

6 years agoRELEASE-NOTES: 7.61.1
Daniel Stenberg [Tue, 4 Sep 2018 21:49:50 +0000 (23:49 +0200)]
RELEASE-NOTES: 7.61.1

6 years agoCurl_getoff_all_pipelines: ignore unused return values
Daniel Stenberg [Tue, 4 Sep 2018 17:21:16 +0000 (19:21 +0200)]
Curl_getoff_all_pipelines: ignore unused return values

Since scan-build would warn on the dead "Dead store/Dead increment"

6 years agosftp: fix indentation
Viktor Szakats [Tue, 4 Sep 2018 14:44:47 +0000 (14:44 +0000)]
sftp: fix indentation

6 years agosftp: don't send post-qoute sequence when retrying a connection
Przemysław Tomaszewski [Tue, 4 Sep 2018 06:44:34 +0000 (08:44 +0200)]
sftp: don't send post-qoute sequence when retrying a connection

Fixes #2939
Closes #2940

6 years agourl, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
Kamil Dudka [Mon, 3 Sep 2018 11:04:00 +0000 (13:04 +0200)]
url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work

This is a follow-up to PR #2607 and PR #2926.

Closes #2936

6 years agotool_operate: Add http code 408 to transient list for --retry
Jay Satiro [Fri, 31 Aug 2018 19:27:54 +0000 (15:27 -0400)]
tool_operate: Add http code 408 to transient list for --retry

- Treat 408 request timeout as transient so that curl will retry the
  request if --retry was used.

Closes #2925

6 years agoopenssl: Fix setting TLS 1.3 cipher suites
Jay Satiro [Fri, 31 Aug 2018 23:46:29 +0000 (19:46 -0400)]
openssl: Fix setting TLS 1.3 cipher suites

The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
missing.

Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
Reported-by: Kamil Dudka
Closes #2926

6 years agoCurl_ntlm_core_mk_nt_hash: return error on too long password
Daniel Stenberg [Mon, 13 Aug 2018 08:35:52 +0000 (10:35 +0200)]
Curl_ntlm_core_mk_nt_hash: return error on too long password

... since it would cause an integer overflow if longer than (max size_t
/ 2).

This is CVE-2018-14618

Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
6 years agohttp2: Use correct format identifier for stream_id
Rikard Falkeborn [Sat, 25 Aug 2018 19:15:47 +0000 (21:15 +0200)]
http2: Use correct format identifier for stream_id

Closes #2928

6 years agotest1148: fix precheck output
Marcel Raad [Sun, 2 Sep 2018 10:51:00 +0000 (12:51 +0200)]
test1148: fix precheck output

"precheck command error" is not very helpful.

6 years agoall: s/int/size_t cleanup
Daniel Stenberg [Fri, 31 Aug 2018 08:17:40 +0000 (10:17 +0200)]
all: s/int/size_t cleanup

Assisted-by: Rikard Falkeborn
Closes #2922

6 years agossh-libssh: use FALLTHROUGH to silence gcc8
Daniel Stenberg [Thu, 30 Aug 2018 22:10:10 +0000 (00:10 +0200)]
ssh-libssh: use FALLTHROUGH to silence gcc8

6 years agotool_operate: Fix setting proxy TLS 1.3 ciphers
Jay Satiro [Fri, 31 Aug 2018 23:40:55 +0000 (19:40 -0400)]
tool_operate: Fix setting proxy TLS 1.3 ciphers

6 years agocookies: support creation-time attribute for cookies
Daniel Gustafsson [Tue, 28 Aug 2018 09:28:50 +0000 (11:28 +0200)]
cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524