]> granicus.if.org Git - curl/log
curl
5 years agoopenssl: fix pubkey/signature algorithm detection in certinfo
Gergely Nagy [Sun, 16 Jun 2019 07:44:21 +0000 (09:44 +0200)]
openssl: fix pubkey/signature algorithm detection in certinfo

Certinfo gives the same result for all OpenSSL versions.
Also made printing RSA pubkeys consistent with older versions.

Reported-by: Michael Wallner
Fixes #3706
Closes #4030

5 years agoconn_maxage: move the check to prune_dead_connections()
Daniel Stenberg [Sun, 16 Jun 2019 21:25:38 +0000 (23:25 +0200)]
conn_maxage: move the check to prune_dead_connections()

... and avoid the locking issue.

Reported-by: Kunal Ekawde
Fixes #4029
Closes #4032

5 years agotests: have runtests figure out disabled features
Daniel Stenberg [Mon, 10 Jun 2019 06:17:16 +0000 (08:17 +0200)]
tests: have runtests figure out disabled features

... so that runtests can skip individual test cases that test features
that are explicitly disabled in this build. This new logic is intended
for disabled features that aren't otherwise easily visible through the
curl_version_info() or other API calls.

tests/server/disabled is a newly built executable that will output a
list of disabled features. Outputs nothing for a default build.

Closes #3950

5 years agotest188/189: fix Content-Length
Daniel Stenberg [Mon, 17 Jun 2019 09:44:21 +0000 (11:44 +0200)]
test188/189: fix Content-Length

This cures the flaky test results

Closes #4034

5 years agowinbuild: use WITH_PREFIX if given
Thomas Gamper [Sun, 16 Jun 2019 13:38:13 +0000 (15:38 +0200)]
winbuild: use WITH_PREFIX if given

Closes #4031

5 years agoopenssl: remove outdated comment
Daniel Gustafsson [Mon, 17 Jun 2019 11:11:02 +0000 (13:11 +0200)]
openssl: remove outdated comment

OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(),
which is why we switched to CONF_modules_load_file() and introduced
a comment stating why. This behavior was however changed in OpenSSL
commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now
outdated and incorrect comment. The mentioned commit also declares
OPENSSL_config() deprecated so keep the current coding.

Closes #4033
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sun, 16 Jun 2019 20:48:26 +0000 (22:48 +0200)]
RELEASE-NOTES: synced

5 years agoos400: make vsetopt() non-static as Curl_vsetopt() for os400 support.
Patrick Monnerat [Sat, 15 Jun 2019 23:05:53 +0000 (01:05 +0200)]
os400: make vsetopt() non-static as Curl_vsetopt() for os400 support.

Use it in curl_easy_setopt_ccsid().

Reported-by: jonrumsey on github
Fixes #3833
Closes #4028

5 years agoruntests: report single test time + total duration
Daniel Stenberg [Fri, 14 Jun 2019 09:06:03 +0000 (11:06 +0200)]
runtests: report single test time + total duration

... after each successful test.

Closes #4027

5 years agomulti: fix the transfer hash function
Daniel Stenberg [Thu, 13 Jun 2019 15:07:59 +0000 (17:07 +0200)]
multi: fix the transfer hash function

Follow-up from 8b987cc7eb

Reported-by: Tom van der Woerdt
Fixes #4018
Closes #4024

5 years agounit1654: cleanup on memory failure
Daniel Stenberg [Thu, 13 Jun 2019 09:09:32 +0000 (11:09 +0200)]
unit1654: cleanup on memory failure

... to make it handle torture tests properly.

Reported-by: Marcel Raad
Fixes #4021
Closes #4022

5 years agokrb5: fix compiler warning
Marcel Raad [Wed, 12 Jun 2019 21:07:07 +0000 (23:07 +0200)]
krb5: fix compiler warning

Even though the variable was used in a DEBUGASSERT, GCC 8 warned in
debug mode:
krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable]

Just suppress the warning and declare the variable unconditionally
instead of only for DEBUGBUILD (which also missed the check for
HAVE_ASSERT_H).

Closes https://github.com/curl/curl/pull/4020

5 years agoquote.d: asterisk prefix works for SFTP as well
Daniel Stenberg [Wed, 12 Jun 2019 20:36:47 +0000 (22:36 +0200)]
quote.d: asterisk prefix works for SFTP as well

Reported-by: Ben Voris
Fixes #4017
Closes #4019

5 years agomulti: fix the transfer hashes in the socket hash entries
Daniel Stenberg [Tue, 11 Jun 2019 21:50:26 +0000 (23:50 +0200)]
multi: fix the transfer hashes in the socket hash entries

- The transfer hashes weren't using the correct keys so removing entries
  failed.

- Simplified the iteration logic over transfers sharing the same socket and
  they now simply are set to expire and thus get handled in the "regular"
  timer loop instead.

Reported-by: Tom van der Woerdt
Fixes #4012
Closes #4014

5 years agourl: Fix CURLOPT_MAXAGE_CONN time comparison
Cliff Crosland [Tue, 11 Jun 2019 21:17:30 +0000 (14:17 -0700)]
url: Fix CURLOPT_MAXAGE_CONN time comparison

Old connections are meant to expire from the connection cache after
CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x
that value. This occurs because a time value measured in milliseconds is
accidentally divided by 1M instead of by 1,000.

Closes https://github.com/curl/curl/pull/4013

5 years agotest1165: verify that CURL_DISABLE_ symbols are in sync
Daniel Stenberg [Tue, 11 Jun 2019 13:33:29 +0000 (15:33 +0200)]
test1165: verify that CURL_DISABLE_ symbols are in sync

between configure.ac and source code. They should be possible to switch
on/off in configure AND be used in source code.

5 years agoconfigure: remove CURL_DISABLE_TLS_SRP
Daniel Stenberg [Tue, 11 Jun 2019 13:33:29 +0000 (15:33 +0200)]
configure: remove CURL_DISABLE_TLS_SRP

It isn't used by code so stop providing the define.

Closes #4010

5 years agoRevert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified"
Daniel Stenberg [Tue, 11 Jun 2019 13:19:47 +0000 (15:19 +0200)]
Revert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified"

This reverts commit 36738caeb78603ce24e3ea089a167b8c216fb938.

Apparently several of the appveyor windows builds broke.

5 years agocmake: add SMB to list of disabled protocols if HTTP_ONLY is specified
sergey-raevskiy [Fri, 12 Apr 2019 13:28:37 +0000 (16:28 +0300)]
cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified

Reviewed-by: Jakub Zakrzewski
Closes #3770

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Tue, 11 Jun 2019 06:20:14 +0000 (08:20 +0200)]
RELEASE-NOTES: synced

5 years agohttp2: remove CURL_DISABLE_TYPECHECK define
Daniel Stenberg [Tue, 11 Jun 2019 05:49:24 +0000 (07:49 +0200)]
http2: remove CURL_DISABLE_TYPECHECK define

... in http2-less builds as it served no use.

5 years agoconfigure: more --disable switches to toggle off individual features
Daniel Stenberg [Mon, 10 Jun 2019 21:10:19 +0000 (23:10 +0200)]
configure: more --disable switches to toggle off individual features

... actual support in the code for disabling these has already landed.

Closes #4009

5 years agowolfssl: fix key pinning build error
Daniel Stenberg [Tue, 11 Jun 2019 05:45:12 +0000 (07:45 +0200)]
wolfssl: fix key pinning build error

follow-up from deb9462ff2de8

5 years agoCURLMOPT_SOCKETFUNCTION.3: clarified
Daniel Stenberg [Mon, 10 Jun 2019 09:47:17 +0000 (11:47 +0200)]
CURLMOPT_SOCKETFUNCTION.3: clarified

Moved away the callback explanation from curl_multi_socket_action.3 and
expanded it somewhat.

Closes #4006

5 years agowolfssl: fixup for SNI use
Daniel Stenberg [Mon, 10 Jun 2019 10:40:25 +0000 (12:40 +0200)]
wolfssl: fixup for SNI use

follow-up from deb9462ff2de8

Closes #4007

5 years agoCURLOPT_CAINFO.3: polished wording
Daniel Stenberg [Mon, 10 Jun 2019 07:10:14 +0000 (09:10 +0200)]
CURLOPT_CAINFO.3: polished wording

Clarify the functionality when built to use Schannel and Secure
Transport and stop calling it the "recommended" or "preferred" way and
instead rather call it the default.

Removed the reference to the ssl comparison table as it isn't necessary.

Reported-by: Richard Alcock
Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html
Closes #4005

5 years agoSECURITY.md: created
Daniel Stenberg [Mon, 10 Jun 2019 08:16:02 +0000 (10:16 +0200)]
SECURITY.md: created

Brief security policy description for use/display on github.

5 years agotool_cb_prg: Fix integer overflow in progress bar
Daniel Gustafsson [Mon, 10 Jun 2019 07:32:30 +0000 (09:32 +0200)]
tool_cb_prg: Fix integer overflow in progress bar

Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar
width calculation to avoid integer overflow, but failed to account for
the fact that initial_size is initialized to -1 when the file size is
retrieved from the remote on an upload, causing another signed integer
overflow.  Fix by separately checking for this case before the width
calculation.

Closes #3984
Reported-by: Brian Carpenter (Geeknik Labs)
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agowolfssl: refer to it as wolfSSL only
Daniel Stenberg [Sun, 2 Jun 2019 14:55:05 +0000 (16:55 +0200)]
wolfssl: refer to it as wolfSSL only

Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson
Closes #3903

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 10 Jun 2019 06:50:30 +0000 (08:50 +0200)]
RELEASE-NOTES: synced

5 years agobindlocal: detect and avoid IP version mismatches in bind()
Daniel Stenberg [Sat, 8 Jun 2019 21:21:45 +0000 (23:21 +0200)]
bindlocal: detect and avoid IP version mismatches in bind()

Reported-by: Alex Grebenschikov
Fixes #3993
Closes #4002

5 years agomulti: make sure 'data' can present in several sockhash entries
Daniel Stenberg [Wed, 5 Jun 2019 13:50:49 +0000 (15:50 +0200)]
multi: make sure 'data' can present in several sockhash entries

Since more than one socket can be used by each transfer at a given time,
each sockhash entry how has its own hash table with transfers using that
socket.

In addition, the sockhash entry can now be marked 'blocked = TRUE'"
which then makes the delete function just set 'removed = TRUE' instead
of removing it "for real", as a way to not rip out the carpet under the
feet of a parent function that iterates over the transfers of that same
sockhash entry.

Reported-by: Tom van der Woerdt
Fixes #3961
Fixes #3986
Fixes #3995
Fixes #4004
Closes #3997

5 years agolibcurl-tutorial.3: Fix small typo (mutipart -> multipart)
Sorcus [Sat, 8 Jun 2019 20:18:18 +0000 (20:18 +0000)]
libcurl-tutorial.3: Fix small typo (mutipart -> multipart)

Fixed-by: MrSorcus on github
Closes #4000

5 years agounpause: trigger a timeout for event-based transfers
Daniel Stenberg [Sat, 8 Jun 2019 21:03:03 +0000 (23:03 +0200)]
unpause: trigger a timeout for event-based transfers

... so that timeouts or other state machine actions get going again
after a changing pause state. For example, if the last delivery was
paused there's no pending socket activity.

Reported-by: sstruchtrup on github
Fixes #3994
Closes #4001

5 years agotravis: use xenial LLVM package for scan-build
Marcel Raad [Sun, 9 Jun 2019 11:20:57 +0000 (13:20 +0200)]
travis: use xenial LLVM package for scan-build

I missed that in commit 99a49d6.

5 years agotravis: update scan-build job to xenial
Marcel Raad [Sat, 8 Jun 2019 13:02:07 +0000 (15:02 +0200)]
travis: update scan-build job to xenial

Closes https://github.com/curl/curl/pull/3999

5 years agobump: start working on 7.65.2
Daniel Stenberg [Sat, 8 Jun 2019 20:39:36 +0000 (22:39 +0200)]
bump: start working on 7.65.2

5 years agoexamples/htmltitle: use C++ casts between pointer types
Marcel Raad [Sat, 25 May 2019 17:36:35 +0000 (19:36 +0200)]
examples/htmltitle: use C++ casts between pointer types

Compilers and static analyzers warn about using C-style casts here.

Closes https://github.com/curl/curl/pull/3975

5 years agoexamples/fopen: fix comparison
Marcel Raad [Sat, 25 May 2019 17:24:13 +0000 (19:24 +0200)]
examples/fopen: fix comparison

As want is size_t, (file->buffer_pos - want) is unsigned, so checking
if it's less than zero makes no sense.
Check if file->buffer_pos is less than want instead to avoid the
unsigned integer wraparound.

Closes https://github.com/curl/curl/pull/3975

5 years agobuild: fix Codacy warnings
Marcel Raad [Sat, 25 May 2019 08:06:08 +0000 (10:06 +0200)]
build: fix Codacy warnings

Reduce variable scopes and remove redundant variable stores.

Closes https://github.com/curl/curl/pull/3975

5 years agosws: remove unused variables
Marcel Raad [Sat, 25 May 2019 08:04:08 +0000 (10:04 +0200)]
sws: remove unused variables

Unused since commit 2f44e94.

Closes https://github.com/curl/curl/pull/3975

5 years agoRELEASE-NOTES: 7.65.1 curl-7_65_1
Daniel Stenberg [Sun, 2 Jun 2019 21:08:57 +0000 (23:08 +0200)]
RELEASE-NOTES: 7.65.1

5 years agoTHANKS: new contributors from 7.65.1
Daniel Stenberg [Sun, 2 Jun 2019 21:09:47 +0000 (23:09 +0200)]
THANKS: new contributors from 7.65.1

5 years agossl: Update outdated "openssl-only" comments for supported backends
Frank Gevaerts [Tue, 4 Jun 2019 11:51:12 +0000 (13:51 +0200)]
ssl: Update outdated "openssl-only" comments for supported backends

These are for features that used to be openssl-only but were expanded
over time to support other SSL backends.

Closes #3985

5 years agocurl_share_setopt.3: improve wording [ci ship]
Daniel Stenberg [Tue, 4 Jun 2019 18:25:39 +0000 (20:25 +0200)]
curl_share_setopt.3: improve wording [ci ship]

Reported-by: Carlos ORyan
5 years agotool_parsecfg: Use correct return type for GetModuleFileName()
Steve Holme [Sun, 2 Jun 2019 21:21:31 +0000 (22:21 +0100)]
tool_parsecfg: Use correct return type for GetModuleFileName()

GetModuleFileName() returns a DWORD which is a typedef of an unsigned
long and not an int.

Closes #3980

5 years agoTODO: "at least N milliseconds between requests" [ci skip]
Daniel Stenberg [Mon, 3 Jun 2019 20:55:15 +0000 (22:55 +0200)]
TODO: "at least N milliseconds between requests" [ci skip]

Suggested-by: dkwolfe4 on github
Closes #3920

5 years agotests/server/.gitignore: Add socksd to the ignore list
Steve Holme [Sun, 2 Jun 2019 13:42:36 +0000 (14:42 +0100)]
tests/server/.gitignore: Add socksd to the ignore list

Missed in 04fd6755.

Closes #3978

5 years agotool_parsecfg: Fix control flow issue (DEADCODE)
Steve Holme [Sun, 2 Jun 2019 10:57:19 +0000 (11:57 +0100)]
tool_parsecfg: Fix control flow issue (DEADCODE)

Follow-up to 8144ba38.

Detected by Coverity CID 1445663
Closes #3976

5 years agoNTLM: reset proxy "multipass" state when CONNECT request is done
Sergey Ogryzkov [Fri, 31 May 2019 15:40:03 +0000 (18:40 +0300)]
NTLM: reset proxy "multipass" state when CONNECT request is done

Closes #3972

5 years agotest334: verify HTTP 204 response with chunked coding header
Daniel Stenberg [Sun, 2 Jun 2019 13:38:03 +0000 (15:38 +0200)]
test334: verify HTTP 204 response with chunked coding header

Verifies that a bodyless response don't parse this content-related
header.

5 years agohttp: don't parse body-related headers bodyless responses
Michael Kaufmann [Sun, 2 Jun 2019 13:16:52 +0000 (15:16 +0200)]
http: don't parse body-related headers bodyless responses

Responses with status codes 1xx, 204 or 304 don't have a response body. For
these, don't parse these headers:

- Content-Encoding
- Content-Length
- Content-Range
- Last-Modified
- Transfer-Encoding

This change ensures that HTTP/2 upgrades work even if a
"Content-Length: 0" or a "Transfer-Encoding: chunked" header is present.

Co-authored-by: Daniel Stenberg
Closes #3702
Fixes #3968
Closes #3977

5 years agotls13-docs: mention it is only for OpenSSL >= 1.1.1
Daniel Stenberg [Mon, 27 May 2019 06:01:18 +0000 (08:01 +0200)]
tls13-docs: mention it is only for OpenSSL >= 1.1.1

Reported-by: Jay Satiro
Co-authored-by: Jay Satiro
Fixes #3938
Closes #3946

5 years agodump-header.d: spell out that no headers == empty file [ci skip]
Daniel Stenberg [Fri, 31 May 2019 21:09:54 +0000 (23:09 +0200)]
dump-header.d: spell out that no headers == empty file [ci skip]

Reported-by: wesinator at github
Fixes #3964
Closes #3974

5 years agosinglesocket: use separate variable for inner loop
Daniel Stenberg [Fri, 31 May 2019 21:00:06 +0000 (23:00 +0200)]
singlesocket: use separate variable for inner loop

An inner loop within the singlesocket() function wrongly re-used the
variable for the outer loop which then could cause an infinite
loop. Change to using a separate variable!

Reported-by: Eric Wu
Fixes #3970
Closes #3973

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 31 May 2019 21:16:39 +0000 (23:16 +0200)]
RELEASE-NOTES: synced

5 years agohttp2: Stop drain from being permanently set on
Josie Huddleston [Wed, 29 May 2019 14:21:26 +0000 (15:21 +0100)]
http2: Stop drain from being permanently set on

Various functions called within Curl_http2_done() can have the
side-effect of setting the Easy connection into drain mode (by calling
drain_this()).  However, the last time we unset this for a transfer (by
calling drained_transfer()) is at the beginning of Curl_http2_done().
If the Curl_easy is reused for another transfer, it is then stuck in
drain mode permanently, which in practice makes it unable to write any
data in the new transfer.

This fix moves the last call to drained_transfer() to later in
Curl_http2_done(), after the functions that could potentially call for a
drain.

Fixes #3966
Closes #3967
Reported-by: Josie-H
5 years agoconncache: Remove the DEBUGASSERT on length check
Steve Holme [Wed, 29 May 2019 06:59:40 +0000 (07:59 +0100)]
conncache: Remove the DEBUGASSERT on length check

We trust the calling code as this is an internal function.

Closes #3962

5 years agosystem_win32: fix function prototype
Gisle Vanem [Wed, 29 May 2019 18:37:10 +0000 (14:37 -0400)]
system_win32: fix function prototype

- Change if_nametoindex parameter type from char * to const char *.

Follow-up to 09eef8af from this morning.

Bug: https://github.com/curl/curl/commit/09eef8af#r33716067

5 years agoappveyor: add Visual Studio solution build
Marcel Raad [Sat, 25 May 2019 06:55:09 +0000 (08:55 +0200)]
appveyor: add Visual Studio solution build

Closes https://github.com/curl/curl/pull/3941

5 years agoappveyor: add support for other build systems
Marcel Raad [Sat, 25 May 2019 06:38:17 +0000 (08:38 +0200)]
appveyor: add support for other build systems

Introduce BUILD_SYSTEM variable, which is currently always CMake.

Closes https://github.com/curl/curl/pull/3941

5 years agourl: Load if_nametoindex() dynamically from iphlpapi.dll on Windows
Steve Holme [Tue, 28 May 2019 21:07:33 +0000 (22:07 +0100)]
url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows

This fixes the static dependency on iphlpapi.lib and allows curl to
build for targets prior to Windows Vista.

This partially reverts 170bd047.

Fixes #3960
Closes #3958

5 years agohttp: fix "error: equality comparison with extraneous parentheses"
Daniel Stenberg [Wed, 29 May 2019 06:17:08 +0000 (08:17 +0200)]
http: fix "error: equality comparison with extraneous parentheses"

5 years agoparse_proxy: make sure portptr is initialized
Daniel Stenberg [Tue, 28 May 2019 21:50:49 +0000 (23:50 +0200)]
parse_proxy: make sure portptr is initialized

Reported-by: Benbuck Nason
fixes #3959

5 years agourl: default conn->port to the same as conn->remote_port
Daniel Stenberg [Tue, 28 May 2019 14:17:51 +0000 (16:17 +0200)]
url: default conn->port to the same as conn->remote_port

... so that it has a sensible value when ConnectionExists() is called which
needs it set to differentiate host "bundles" correctly on port number!

Also, make conncache:hashkey() use correct port for bundles that are proxy vs
host connections.

Probably a regression from 7.62.0

Reported-by: Tom van der Woerdt
Fixes #3956
Closes #3957

5 years agoconncache: make "bundles" per host name when doing proxy tunnels
Daniel Stenberg [Tue, 28 May 2019 10:14:51 +0000 (12:14 +0200)]
conncache: make "bundles" per host name when doing proxy tunnels

Only HTTP proxy use where multiple host names can be used over the same
connection should use the proxy host name for bundles.

Reported-by: Tom van der Woerdt
Fixes #3951
Closes #3955

5 years agomulti: track users of a socket better
Daniel Stenberg [Tue, 28 May 2019 06:23:43 +0000 (08:23 +0200)]
multi: track users of a socket better

They need to be removed from the socket hash linked list with more care.

When sh_delentry() is called to remove a sockethash entry, remove all
individual transfers from the list first. To enable this, each Curl_easy struct
now stores a pointer to the sockethash entry to know how to remove itself.

Reported-by: Tom van der Woerdt and Kunal Ekawde
Fixes #3952
Fixes #3904
Closes #3953

5 years agocurl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version
Steve Holme [Fri, 24 May 2019 06:02:06 +0000 (07:02 +0100)]
curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version

Microsoft added support for Unix Domain Sockets in Windows 10 1803
(RS4). Rather than expect the user to enable Unix Domain Sockets by
uncommenting the #define that was added in 0fd6221f we use the RS4
pre-processor variable that is present in newer versions of the
Windows SDK.

Closes #3939

5 years agocmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables
Jonas Vautherin [Sat, 25 May 2019 12:49:59 +0000 (14:49 +0200)]
cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables

Closes #3945

5 years agoHAProxy tests: add keywords
Marcel Raad [Mon, 27 May 2019 11:42:05 +0000 (13:42 +0200)]
HAProxy tests: add keywords

Add the proxy and haproxy keywords in order to be able to exclude or
run these specific tests.

Closes https://github.com/curl/curl/pull/3949

5 years agotests: make test 1420 and 1406 work with rtsp-disabled libcurl
Maksim Stsepanenka [Sun, 26 May 2019 22:24:52 +0000 (01:24 +0300)]
tests: make test 1420 and 1406 work with rtsp-disabled libcurl

Closes #3948

5 years agonss: allow to specify TLS 1.3 ciphers if supported by NSS
Hubert Kario [Fri, 17 May 2019 17:15:24 +0000 (17:15 +0000)]
nss: allow to specify TLS 1.3 ciphers if supported by NSS

Closes #3916

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sun, 26 May 2019 09:24:01 +0000 (11:24 +0200)]
RELEASE-NOTES: synced

5 years agoRevert all SASL authzid (new feature) commits
Jay Satiro [Fri, 24 May 2019 18:53:03 +0000 (14:53 -0400)]
Revert all SASL authzid (new feature) commits

- Revert all commits related to the SASL authzid feature since the next
  release will be a patch release, 7.65.1.

Prior to this change CURLOPT_SASL_AUTHZID  / --sasl-authzid was destined
for the next release, assuming it would be a feature release 7.66.0.
However instead the next release will be a patch release, 7.65.1 and
will not contain any new features.

After the patch release after the reverted commits can be restored by
using cherry-pick:

git cherry-pick a14d72c a9499ff 8c1cc36 c2a8d52 0edf690

Details for all reverted commits:

Revert "os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid()."

This reverts commit 0edf6907ae37e2020722e6f61229d8ec64095b0a.

Revert "tests: Fix the line endings for the SASL alt-auth tests"

This reverts commit c2a8d52a1356a722ff9f4aeb983cd4eaf80ef221.

Revert "examples: Added SASL PLAIN authorisation identity (authzid) examples"

This reverts commit 8c1cc369d0c7163c6dcc91fd38edfea1f509ae75.

Revert "curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool"

This reverts commit a9499ff136d89987af885e2d7dff0a066a3e5817.

Revert "sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID"

This reverts commit a14d72ca2fec5d4eb5a043936e4f7ce08015c177.

5 years agoFAQ: more minor updates and spelling fixes
dbrowndan [Thu, 23 May 2019 22:05:29 +0000 (15:05 -0700)]
FAQ: more minor updates and spelling fixes

Closes #3937

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 24 May 2019 10:50:01 +0000 (12:50 +0200)]
RELEASE-NOTES: synced

5 years agosectransp: handle errSSLPeerAuthCompleted from SSLRead()
Daniel Stenberg [Thu, 23 May 2019 15:16:02 +0000 (17:16 +0200)]
sectransp: handle errSSLPeerAuthCompleted from SSLRead()

Reported-by: smuellerDD on github
Fixes #3932
Closes #3933

5 years agoFix typo.
Gisle Vanem [Fri, 24 May 2019 07:05:28 +0000 (09:05 +0200)]
Fix typo.

5 years agotool_setopt: for builds with disabled-proxy, skip all proxy setopts()
Daniel Stenberg [Wed, 22 May 2019 21:25:43 +0000 (23:25 +0200)]
tool_setopt: for builds with disabled-proxy, skip all proxy setopts()

Reported-by: Marcel Raad
Fixes #3926
Closes #3929

5 years agowinbuild: Use two space indentation
Steve Holme [Tue, 14 May 2019 09:00:09 +0000 (10:00 +0100)]
winbuild: Use two space indentation

Closes #3930

5 years agotool_parse_cfg: Avoid 2 fopen() for WIN32
Gisle Vanem [Thu, 23 May 2019 15:13:39 +0000 (17:13 +0200)]
tool_parse_cfg: Avoid 2 fopen() for WIN32

Using the memdebug.h mem-leak feature, I noticed 2 calls like:
  FILE tool_parsecfg.c:70 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt")
  FILE tool_parsecfg.c:114 fopen("c:\Users\Gisle\AppData\Roaming\_curlrc","rt")

No need for 'fopen(), 'fclose()' and a 'fopen()' yet again.

5 years agomd4: include the mbedtls config.h to get the MD4 info
Daniel Stenberg [Wed, 22 May 2019 08:45:35 +0000 (10:45 +0200)]
md4: include the mbedtls config.h to get the MD4 info

5 years agomd4: build correctly with openssl without MD4
Daniel Stenberg [Wed, 22 May 2019 08:40:02 +0000 (10:40 +0200)]
md4: build correctly with openssl without MD4

Reported-by: elsamuko at github
Fixes #3921
Closes #3922

5 years agoos400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid().
Patrick Monnerat [Thu, 23 May 2019 11:24:53 +0000 (13:24 +0200)]
os400: take care of CURLOPT_SASL_AUTHZID in curl_easy_setopt_ccsid().

5 years ago.github/FUNDING: mention our opencollective "home" [ci skip]
Daniel Stenberg [Thu, 23 May 2019 09:15:19 +0000 (11:15 +0200)]
.github/FUNDING: mention our opencollective "home" [ci skip]

5 years agoconfig-win32: add support for if_nametoindex and getsockname
Zenju [Wed, 22 May 2019 09:11:36 +0000 (11:11 +0200)]
config-win32: add support for if_nametoindex and getsockname

Closes https://github.com/curl/curl/pull/3923

5 years agotests: Fix the line endings for the SASL alt-auth tests
Jay Satiro [Thu, 23 May 2019 08:01:09 +0000 (04:01 -0400)]
tests: Fix the line endings for the SASL alt-auth tests

- Change data and protocol sections to CRLF line endings.

Prior to this change the tests would fail or hang, which is because
certain sections such as protocol require CRLF line endings.

Follow-up to a9499ff from today which added the tests.

Ref: https://github.com/curl/curl/pull/3790

5 years agourl: fix bad #ifdef
Daniel Stenberg [Wed, 22 May 2019 11:28:22 +0000 (13:28 +0200)]
url: fix bad #ifdef

Regression since e91e48161235272ff485.

Reported-by: Tom Greenslade
Fixes #3924
Closes #3925

5 years agoRevert "progress: CURL_DISABLE_PROGRESS_METER"
Daniel Stenberg [Wed, 22 May 2019 21:15:34 +0000 (23:15 +0200)]
Revert "progress: CURL_DISABLE_PROGRESS_METER"

This reverts commit 3b06e68b7734cb10a555f9d7e804dd5d808236a4.

Clearly this change wasn't good enough as it broke CURLOPT_LOW_SPEED_LIMIT +
CURLOPT_LOW_SPEED_TIME

Reported-by: Dave Reisner
Fixes #3927
Closes #3928

5 years agoexamples: Added SASL PLAIN authorisation identity (authzid) examples
Steve Holme [Sun, 21 Apr 2019 22:29:57 +0000 (23:29 +0100)]
examples: Added SASL PLAIN authorisation identity (authzid) examples

5 years agocurl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool
Steve Holme [Fri, 19 Apr 2019 13:26:47 +0000 (14:26 +0100)]
curl: --sasl-authzid added to support CURLOPT_SASL_AUTHZID from the tool

5 years agosasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID
Steve Holme [Wed, 17 Apr 2019 22:47:51 +0000 (23:47 +0100)]
sasl: Implement SASL authorisation identity via CURLOPT_SASL_AUTHZID

Added the ability for the calling program to specify the authorisation
identity (authzid), the identity to act as, in addition to the
authentication identity (authcid) and password when using SASL PLAIN
authentication.

Fixed #3653
Closes #3790

5 years agotests: add support to test against OpenSSH for Windows
Marc Hoersken [Mon, 19 Nov 2018 20:05:57 +0000 (21:05 +0100)]
tests: add support to test against OpenSSH for Windows

Testing against OpenSSH for Windows requires v7.7.0.0 or newer
due to the use of AllowUsers and DenyUsers. For more info see:
https://github.com/PowerShell/Win32-OpenSSH/wiki/sshd_config

5 years agobump: start on the next release
Daniel Stenberg [Wed, 22 May 2019 08:11:05 +0000 (10:11 +0200)]
bump: start on the next release

5 years agoexamples: fix "clarify calculation precedence" warnings
Marcel Raad [Tue, 21 May 2019 09:25:42 +0000 (11:25 +0200)]
examples: fix "clarify calculation precedence" warnings

Closes https://github.com/curl/curl/pull/3919

5 years agohiperfifo: remove unused variable
Marcel Raad [Tue, 21 May 2019 09:18:10 +0000 (11:18 +0200)]
hiperfifo: remove unused variable

Closes https://github.com/curl/curl/pull/3919

5 years agoexamples: remove dead variable stores
Marcel Raad [Tue, 21 May 2019 08:58:21 +0000 (10:58 +0200)]
examples: remove dead variable stores

Closes https://github.com/curl/curl/pull/3919

5 years agoexamples: reduce variable scopes
Marcel Raad [Tue, 21 May 2019 08:44:16 +0000 (10:44 +0200)]
examples: reduce variable scopes

Closes https://github.com/curl/curl/pull/3919

5 years agohttp2-download: fix format specifier
Marcel Raad [Tue, 21 May 2019 08:02:39 +0000 (10:02 +0200)]
http2-download: fix format specifier

Closes https://github.com/curl/curl/pull/3919

5 years agoPolarSSL: deprecate support step 1. Removed from configure.
Daniel Stenberg [Wed, 15 May 2019 11:57:16 +0000 (13:57 +0200)]
PolarSSL: deprecate support step 1. Removed from configure.

Also removed mentions from most docs.

Discussed: https://curl.haxx.se/mail/lib-2019-05/0045.html

Closes #3888