]> granicus.if.org Git - curl/log
curl
6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sat, 8 Sep 2018 20:45:45 +0000 (22:45 +0200)]
RELEASE-NOTES: synced

6 years agotest324: fix after 3f3b26d6feb0667714902e836af608094235fca2
Marcel Raad [Sat, 8 Sep 2018 20:30:28 +0000 (22:30 +0200)]
test324: fix after 3f3b26d6feb0667714902e836af608094235fca2

The expected error code is now 60. 51 is dead.

6 years agocurl_url_set.3: correct description
Daniel Stenberg [Sat, 8 Sep 2018 17:39:57 +0000 (19:39 +0200)]
curl_url_set.3: correct description

6 years agocurl_url-docs: fix AVAILABILITY as Added in curl 7.62.0
Daniel Stenberg [Sat, 8 Sep 2018 14:02:25 +0000 (16:02 +0200)]
curl_url-docs: fix AVAILABILITY as Added in curl 7.62.0

6 years agoURL-API
Daniel Stenberg [Sun, 5 Aug 2018 09:51:07 +0000 (11:51 +0200)]
URL-API

See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.

Closes #2842

6 years agocurl_easy_upkeep: removed 'conn' from the name
Daniel Stenberg [Fri, 7 Sep 2018 08:28:57 +0000 (10:28 +0200)]
curl_easy_upkeep: removed 'conn' from the name

... including the associated option.

Fixes #2951
Closes #2952

6 years agoupkeep: add a connection upkeep API: curl_easy_conn_upkeep()
Max Dymond [Wed, 18 Apr 2018 15:40:17 +0000 (16:40 +0100)]
upkeep: add a connection upkeep API: curl_easy_conn_upkeep()

Add functionality so that protocols can do custom keepalive on their
connections, when an external API function is called.

Add docs for the new options in 7.62.0

Closes #1641

6 years agoconfigure: add option to disable automatic OpenSSL config loading
Philipp Waehnert [Wed, 25 Jul 2018 09:00:15 +0000 (11:00 +0200)]
configure: add option to disable automatic OpenSSL config loading

Sometimes it may be considered a security risk to load an external
OpenSSL configuration automatically inside curl_global_init(). The
configuration option --disable-ssl-auto-load-config disables this
automatism. The Windows build scripts winbuild/Makefile.vs provide a
corresponding option ENABLE_SSL_AUTO_LOAD_CONFIG accepting a boolean
value.

Setting neither of these options corresponds to the previous behavior
loading the external OpenSSL configuration automatically.

Fixes #2724
Closes #2791

6 years agodoh: minor edits to please Coverity
Daniel Stenberg [Fri, 7 Sep 2018 07:26:08 +0000 (09:26 +0200)]
doh: minor edits to please Coverity

The gcc typecheck macros and coverity combined made it warn on the 2nd
argument for ERROR_CHECK_SETOPT(). Here's minor rearrange to please it.

Coverity CID 1439115 and CID 1439114.

6 years agoschannel: avoid switch-cases that go to default anyway
Daniel Stenberg [Thu, 6 Sep 2018 20:53:42 +0000 (22:53 +0200)]
schannel: avoid switch-cases that go to default anyway

SEC_E_APPLICATION_PROTOCOL_MISMATCH isn't defined in some versions of
mingw and would require an ifdef otherwise.

Reported-by: Thomas Glanzmann
Approved-by: Marc Hörsken
Bug: https://curl.haxx.se/mail/lib-2018-09/0020.html
Closes #2950

6 years agoimap: change from "FETCH" to "UID FETCH"
Nicklas Avén [Tue, 31 Jul 2018 11:12:18 +0000 (13:12 +0200)]
imap: change from "FETCH" to "UID FETCH"

... and add "MAILINDEX".

As described in #2789, this is a suggested solution.  Changing UID=xx to
actually get mail with UID xx and add "MAILINDEX" to get a mail with a
special index in the mail box (old behavior).  So MAILINDEX=1 gives the
first non deleted mail in the mail box.

Fixes #2789
Closes #2815

6 years agoCURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size
Daniel Stenberg [Sat, 18 Aug 2018 14:17:05 +0000 (16:17 +0200)]
CURLOPT_UPLOAD_BUFFERSIZE: set upload buffer size

This is step 3 of #2888.

Fixes #2888
Closes #2896

6 years agotravis: add the DOH tests to the torture testing
Daniel Stenberg [Wed, 20 Jun 2018 20:58:13 +0000 (22:58 +0200)]
travis: add the DOH tests to the torture testing

6 years agoDOH: add test case 1650 and 2100
Daniel Stenberg [Tue, 19 Jun 2018 14:08:05 +0000 (16:08 +0200)]
DOH: add test case 1650 and 2100

6 years agocurl: --doh-url added
Daniel Stenberg [Thu, 6 Sep 2018 07:16:02 +0000 (09:16 +0200)]
curl: --doh-url added

6 years agosetopt: add CURLOPT_DOH_URL
Daniel Stenberg [Thu, 6 Sep 2018 07:16:02 +0000 (09:16 +0200)]
setopt: add CURLOPT_DOH_URL

Closes #2668

6 years agossl: deprecate CURLE_SSL_CACERT in favour of a unified error code
Han Han [Wed, 22 Aug 2018 18:13:32 +0000 (11:13 -0700)]
ssl: deprecate CURLE_SSL_CACERT in favour of a unified error code

Long live CURLE_PEER_FAILED_VERIFICATION

6 years agox509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert
Han Han [Mon, 20 Aug 2018 22:10:40 +0000 (15:10 -0700)]
x509asn1: return CURLE_PEER_FAILED_VERIFICATION on failure to parse cert

CURLE_PEER_FAILED_VERIFICATION makes more sense because Curl_parseX509
does not allocate memory internally as its first argument is a pointer
to the certificate structure. The same error code is also returned by
Curl_verifyhost when its call to Curl_parseX509 fails so the change
makes error handling more consistent.

6 years agoopenssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer
Han Han [Thu, 16 Aug 2018 19:41:31 +0000 (12:41 -0700)]
openssl: return CURLE_PEER_FAILED_VERIFICATION on failure to parse issuer

Failure to extract the issuer name from the server certificate should
return a more specific error code like on other TLS backends.

6 years agoschannel: unified error code handling
Han Han [Thu, 16 Aug 2018 02:57:16 +0000 (19:57 -0700)]
schannel: unified error code handling

Closes #2901

6 years agodarwinssl: more specific and unified error codes
Han Han [Tue, 14 Aug 2018 23:53:18 +0000 (16:53 -0700)]
darwinssl: more specific and unified error codes

Closes #2901

6 years agoCURLOPT_DNS_USE_GLOBAL_CACHE: deprecated
Daniel Stenberg [Tue, 4 Sep 2018 22:05:46 +0000 (00:05 +0200)]
CURLOPT_DNS_USE_GLOBAL_CACHE: deprecated

Disable the CURLOPT_DNS_USE_GLOBAL_CACHE option and mark it for
deprecation and complete removal in six months.

Bug: https://curl.haxx.se/mail/lib-2018-09/0010.html
Closes #2942

6 years agourl: default to CURL_HTTP_VERSION_2TLS if built h2-enabled
Daniel Stenberg [Wed, 5 Sep 2018 12:35:57 +0000 (14:35 +0200)]
url: default to CURL_HTTP_VERSION_2TLS if built h2-enabled

Closes #2709

6 years agomultiplex: enable by default
Daniel Stenberg [Wed, 5 Sep 2018 12:35:57 +0000 (14:35 +0200)]
multiplex: enable by default

Starting 7.62.0, multiplexing is enabled by default in multi handles.

6 years agotests: add unit tests for url.c
Jim Fuller [Fri, 13 Jul 2018 15:17:19 +0000 (15:17 +0000)]
tests: add unit tests for url.c

Approved-by: Daniel Gustafsson
Closes #2937

6 years agotest1452: mark as flaky
Daniel Stenberg [Wed, 5 Sep 2018 09:36:58 +0000 (11:36 +0200)]
test1452: mark as flaky

makes it not run in the CI builds

Closes #2941

6 years agopipelining: deprecated
Daniel Stenberg [Wed, 5 Sep 2018 09:33:51 +0000 (11:33 +0200)]
pipelining: deprecated

Transparently. The related curl_multi_setopt() options all still returns
OK when pipelining is selected.

To re-enable the support, the single line change in lib/multi.c needs to
be reverted.

See docs/DEPRECATE.md

Closes #2705

6 years agoRELEASE-NOTES: start working on 7.62.0
Daniel Stenberg [Wed, 5 Sep 2018 08:22:54 +0000 (10:22 +0200)]
RELEASE-NOTES: start working on 7.62.0

6 years agoTHANKS: 7.61.1 status curl-7_61_1
Daniel Stenberg [Tue, 4 Sep 2018 21:49:50 +0000 (23:49 +0200)]
THANKS: 7.61.1 status

6 years agoRELEASE-NOTES: 7.61.1
Daniel Stenberg [Tue, 4 Sep 2018 21:49:50 +0000 (23:49 +0200)]
RELEASE-NOTES: 7.61.1

6 years agoCurl_getoff_all_pipelines: ignore unused return values
Daniel Stenberg [Tue, 4 Sep 2018 17:21:16 +0000 (19:21 +0200)]
Curl_getoff_all_pipelines: ignore unused return values

Since scan-build would warn on the dead "Dead store/Dead increment"

6 years agosftp: fix indentation
Viktor Szakats [Tue, 4 Sep 2018 14:44:47 +0000 (14:44 +0000)]
sftp: fix indentation

6 years agosftp: don't send post-qoute sequence when retrying a connection
Przemysław Tomaszewski [Tue, 4 Sep 2018 06:44:34 +0000 (08:44 +0200)]
sftp: don't send post-qoute sequence when retrying a connection

Fixes #2939
Closes #2940

6 years agourl, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work
Kamil Dudka [Mon, 3 Sep 2018 11:04:00 +0000 (13:04 +0200)]
url, vtls: make CURLOPT{,_PROXY}_TLS13_CIPHERS work

This is a follow-up to PR #2607 and PR #2926.

Closes #2936

6 years agotool_operate: Add http code 408 to transient list for --retry
Jay Satiro [Fri, 31 Aug 2018 19:27:54 +0000 (15:27 -0400)]
tool_operate: Add http code 408 to transient list for --retry

- Treat 408 request timeout as transient so that curl will retry the
  request if --retry was used.

Closes #2925

6 years agoopenssl: Fix setting TLS 1.3 cipher suites
Jay Satiro [Fri, 31 Aug 2018 23:46:29 +0000 (19:46 -0400)]
openssl: Fix setting TLS 1.3 cipher suites

The flag indicating TLS 1.3 cipher support in the OpenSSL backend was
missing.

Bug: https://github.com/curl/curl/pull/2607#issuecomment-417283187
Reported-by: Kamil Dudka
Closes #2926

6 years agoCurl_ntlm_core_mk_nt_hash: return error on too long password
Daniel Stenberg [Mon, 13 Aug 2018 08:35:52 +0000 (10:35 +0200)]
Curl_ntlm_core_mk_nt_hash: return error on too long password

... since it would cause an integer overflow if longer than (max size_t
/ 2).

This is CVE-2018-14618

Bug: https://curl.haxx.se/docs/CVE-2018-14618.html
Closes #2756
Reported-by: Zhaoyang Wu
6 years agohttp2: Use correct format identifier for stream_id
Rikard Falkeborn [Sat, 25 Aug 2018 19:15:47 +0000 (21:15 +0200)]
http2: Use correct format identifier for stream_id

Closes #2928

6 years agotest1148: fix precheck output
Marcel Raad [Sun, 2 Sep 2018 10:51:00 +0000 (12:51 +0200)]
test1148: fix precheck output

"precheck command error" is not very helpful.

6 years agoall: s/int/size_t cleanup
Daniel Stenberg [Fri, 31 Aug 2018 08:17:40 +0000 (10:17 +0200)]
all: s/int/size_t cleanup

Assisted-by: Rikard Falkeborn
Closes #2922

6 years agossh-libssh: use FALLTHROUGH to silence gcc8
Daniel Stenberg [Thu, 30 Aug 2018 22:10:10 +0000 (00:10 +0200)]
ssh-libssh: use FALLTHROUGH to silence gcc8

6 years agotool_operate: Fix setting proxy TLS 1.3 ciphers
Jay Satiro [Fri, 31 Aug 2018 23:40:55 +0000 (19:40 -0400)]
tool_operate: Fix setting proxy TLS 1.3 ciphers

6 years agocookies: support creation-time attribute for cookies
Daniel Gustafsson [Tue, 28 Aug 2018 09:28:50 +0000 (11:28 +0200)]
cookies: support creation-time attribute for cookies

According to RFC6265 section 5.4, cookies with equal path lengths
SHOULD be sorted by creation-time (earlier first). This adds a
creation-time record to the cookie struct in order to make cookie
sorting more deterministic. The creation-time is defined as the
order of the cookies in the jar, the first cookie read fro the
jar being the oldest. The creation-time is thus not serialized
into the jar. Also remove the strcmp() matching in the sorting as
there is no lexicographic ordering in RFC6265. Existing tests are
updated to match.

Closes #2524

6 years agoDon't use Windows path %PWD for SSH tests
Marcel Raad [Thu, 30 Aug 2018 06:35:21 +0000 (08:35 +0200)]
Don't use Windows path %PWD for SSH tests

All these tests failed on Windows because something like
sftp://%HOSTIP:%SSHPORT%PWD/
expanded to
sftp://127.0.0.1:1234c:/msys64/home/bla/curl
and then curl complained about the port number ending with a letter.

Use the original POSIX path instead of the Windows path created in
checksystem to fix this.

Closes https://github.com/curl/curl/pull/2920

6 years agoCURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning
Jay Satiro [Wed, 29 Aug 2018 14:08:16 +0000 (10:08 -0400)]
CURLOPT_SSL_CTX_FUNCTION.3: clarify connection reuse warning

Reported-by: Daniel Stenberg
Closes https://github.com/curl/curl/issues/2916

6 years agoTHANKS-filter: dedup Daniel Jeliński
Daniel Stenberg [Mon, 27 Aug 2018 22:51:53 +0000 (00:51 +0200)]
THANKS-filter: dedup Daniel Jeliński

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 27 Aug 2018 21:33:45 +0000 (23:33 +0200)]
RELEASE-NOTES: synced

6 years agoCURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip]
Daniel Stenberg [Mon, 27 Aug 2018 09:15:21 +0000 (11:15 +0200)]
CURLOPT_ACCEPT_ENCODING.3: list them comma-separated [ci skip]

6 years agoCURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]
Daniel Stenberg [Mon, 27 Aug 2018 06:30:57 +0000 (08:30 +0200)]
CURLOPT_SSL_CTX_FUNCTION.3: might cause unintended connection reuse [ci skip]

Added a warning!

Closes #2915

6 years agocurl: fix time-of-check, time-of-use race in dir creation
Daniel Stenberg [Fri, 24 Aug 2018 08:01:42 +0000 (10:01 +0200)]
curl: fix time-of-check, time-of-use race in dir creation

Patch-by: Jay Satiro
Detected by Coverity
Fixes #2739
Closes #2912

6 years agocmdline-opts/page-footer: fix edit mistake
Daniel Stenberg [Sat, 25 Aug 2018 21:37:00 +0000 (23:37 +0200)]
cmdline-opts/page-footer: fix edit mistake

There was a missing newline.

follow-up to a7ba60bb7250

6 years agodocs: clarify NO_PROXY env variable functionality
Daniel Stenberg [Fri, 24 Aug 2018 07:30:47 +0000 (09:30 +0200)]
docs: clarify NO_PROXY env variable functionality

Reported-by: Kirill Marchuk
Fixes #2773
Closes #2911

6 years agolib1522: fix curl_easy_setopt argument type
Marcel Raad [Fri, 24 Aug 2018 19:06:26 +0000 (21:06 +0200)]
lib1522: fix curl_easy_setopt argument type

CURLOPT_POSTFIELDSIZE is a long option.

6 years agocurl_threads: silence bad-function-cast warning
Marcel Raad [Thu, 23 Aug 2018 07:55:40 +0000 (09:55 +0200)]
curl_threads: silence bad-function-cast warning

As uintptr_t and HANDLE are always the same size, this warning is
harmless. Just silence it using an intermediate uintptr_t variable.

Closes https://github.com/curl/curl/pull/2908

6 years agoREADME: add appveyor build badge [ci skip]
Daniel Stenberg [Fri, 24 Aug 2018 11:23:31 +0000 (13:23 +0200)]
README: add appveyor build badge [ci skip]

Closes #2913

6 years agoschannel: client certificate store opening fix
Ihor Karpenko [Thu, 23 Aug 2018 11:18:17 +0000 (14:18 +0300)]
schannel: client certificate store opening fix

1) Using CERT_STORE_OPEN_EXISTING_FLAG ( or CERT_STORE_READONLY_FLAG )
while opening certificate store would be sufficient in this scenario and
less-demanding in sense of required user credentials ( for example,
IIS_IUSRS will get "Access Denied" 0x05 error for existing CertOpenStore
call without any of flags mentioned above ),

2) as 'cert_store_name' is a DWORD, attempt to format its value like a
string ( in "Failed to open cert store" error message ) will throw null
pointer exception

3) adding GetLastError(), in my opinion, will make error message more
useful.

Bug: https://curl.haxx.se/mail/lib-2018-08/0198.html

Closes #2909

6 years agogopher: Do not translate `?' to `%09'
Leonardo Taccari [Thu, 23 Aug 2018 21:27:34 +0000 (23:27 +0200)]
gopher: Do not translate `?' to `%09'

Since GOPHER support was added in curl `?' character was automatically
translated to `%09' (`\t').

However, this behaviour does not seems documented in RFC 4266 and for
search selectors it is documented to directly use `%09' in the URL.
Apart that several gopher servers in the current gopherspace have CGI
support where `?' is used as part of the selector and translating it to
`%09' often leads to surprising results.

Closes #2910

6 years agocookie tests: treat files as text
Marcel Raad [Thu, 23 Aug 2018 11:11:20 +0000 (13:11 +0200)]
cookie tests: treat files as text

Fixes test failures because of wrong line endings on Windows.

6 years agolibcurl-thread.3: expand somewhat on the NO_SIGNAL motivation
Daniel Stenberg [Tue, 21 Aug 2018 12:52:17 +0000 (14:52 +0200)]
libcurl-thread.3: expand somewhat on the NO_SIGNAL motivation

Multi-threaded applictions basically MUST set CURLOPT_NO_SIGNAL to 1L to
avoid the risk of getting a SIGPIPE.

Either way, a multi-threaded application that uses libcurl/openssl needs
to have a signhandler for or ignore SIGPIPE on its own.

Based on discussions in #2800
Closes #2904

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 22 Aug 2018 08:52:06 +0000 (10:52 +0200)]
RELEASE-NOTES: synced

6 years agoTests: fixes for Windows
Marcel Raad [Wed, 22 Aug 2018 10:26:21 +0000 (12:26 +0200)]
Tests: fixes for Windows

- test 1268 requires unix sockets
- test 2072 must be disabled also for MSYS/MinGW

6 years agohttp2: abort the send_callback if not setup yet
Daniel Stenberg [Wed, 22 Aug 2018 07:47:22 +0000 (09:47 +0200)]
http2: abort the send_callback if not setup yet

When Curl_http2_done() gets called before the http2 data is setup all
the way, we cannot send anything and this should just return an error.

Detected by OSS-Fuzz
Bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=10012

6 years agohttp2: remove four unused nghttp2 callbacks
Daniel Stenberg [Tue, 21 Aug 2018 08:07:38 +0000 (10:07 +0200)]
http2: remove four unused nghttp2 callbacks

Closes #2903

6 years agox509asn1: use FALLTHROUGH
Daniel Stenberg [Tue, 21 Aug 2018 20:26:36 +0000 (22:26 +0200)]
x509asn1: use FALLTHROUGH

... as no other comments are accepted since 014ed7c22f51463

6 years agotest1148: disable if decimal separator is not point
Marcel Raad [Tue, 24 Jul 2018 21:26:45 +0000 (23:26 +0200)]
test1148: disable if decimal separator is not point

Modifying the locale with environment variables doesn't work for native
Windows applications. Just disable the test in this case if the decimal
separator is something different than a point. Use a precheck with a
small C program to achieve that.

Closes https://github.com/curl/curl/pull/2786

6 years agoEnable more GCC warnings
Marcel Raad [Sat, 7 Jul 2018 07:00:29 +0000 (09:00 +0200)]
Enable more GCC warnings

This enables the following additional warnings:
-Wold-style-definition
-Warray-bounds=2 instead of the default 1
-Wformat=2, but only for GCC 4.8+ as Wno-format-nonliteral is not
 respected for older versions
-Wunused-const-variable, which enables level 2 instead of the default 1
-Warray-bounds also in debug mode through -ftree-vrp
-Wnull-dereference also in debug mode through
 -fdelete-null-pointer-checks

Closes https://github.com/curl/curl/pull/2747

6 years agocurl-compilers: enable -Wimplicit-fallthrough=4 for GCC
Marcel Raad [Mon, 9 Jul 2018 16:52:05 +0000 (18:52 +0200)]
curl-compilers: enable -Wimplicit-fallthrough=4 for GCC

This enables level 4 instead of the default level 3, which of the
currently used comments only allows /* FALLTHROUGH */ to silence the
warning.

Closes https://github.com/curl/curl/pull/2747

6 years agocurl-compilers: enable -Wbad-function-cast on GCC
Marcel Raad [Mon, 9 Jul 2018 16:43:55 +0000 (18:43 +0200)]
curl-compilers: enable -Wbad-function-cast on GCC

This warning used to be enabled only for clang as it's a bit stricter
on GCC. Silence the remaining occurrences and enable it on GCC too.

Closes https://github.com/curl/curl/pull/2747

6 years agoconfigure: conditionally enable pedantic-errors
Marcel Raad [Mon, 9 Jul 2018 16:38:23 +0000 (18:38 +0200)]
configure: conditionally enable pedantic-errors

Enable pedantic-errors for GCC >= 5 with --enable-werror. Before GCC 5,
pedantic-errors was synonymous to -Werror=pedantic [0], which is still
the case for clang [1]. With GCC 5, it became complementary [2].

Also fix a resulting error in acinclude.m4 as main's return type was
missing, which is illegal in C99.

[0] https://gcc.gnu.org/onlinedocs/gcc-4.9.0/gcc/Warning-Options.html
[1] https://clang.llvm.org/docs/UsersManual.html#options-to-control-error-and-warning-messages
[2] https://gcc.gnu.org/onlinedocs/gcc-5.1.0/gcc/Warning-Options.html

Closes https://github.com/curl/curl/pull/2747

6 years agoRemove unused definitions
Marcel Raad [Mon, 9 Jul 2018 16:28:26 +0000 (18:28 +0200)]
Remove unused definitions

Closes https://github.com/curl/curl/pull/2747

6 years agox509asn1: make several functions static
Daniel Stenberg [Tue, 21 Aug 2018 07:44:22 +0000 (09:44 +0200)]
x509asn1: make several functions static

and remove the private SIZE_T_MAX define and use the generic one.

Closes #2902

6 years agoINTERNALS: require GnuTLS >= 2.11.3
Daniel Stenberg [Tue, 21 Aug 2018 08:45:20 +0000 (10:45 +0200)]
INTERNALS: require GnuTLS >= 2.11.3

Since the public pinning support was brought in e644866caf4. GnuTLS
2.11.3 was released in October 2010.

Figured out in #2890

6 years agohttp2: avoid set_stream_user_data() before stream is assigned
Daniel Stenberg [Mon, 20 Aug 2018 11:19:08 +0000 (13:19 +0200)]
http2: avoid set_stream_user_data() before stream is assigned

... before the stream is started, we have it set to -1.

Fixes #2894
Closes #2898

6 years agoSSLCERTS: improve the openssl command line
Daniel Stenberg [Mon, 20 Aug 2018 12:05:28 +0000 (14:05 +0200)]
SSLCERTS: improve the openssl command line

... for extracting certs from a live HTTPS server to make a cacerts.pem
from them.

6 years agodocs/SECURITY-PROCESS: now we name the files after the CVE id
Daniel Stenberg [Mon, 20 Aug 2018 09:49:58 +0000 (11:49 +0200)]
docs/SECURITY-PROCESS: now we name the files after the CVE id

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Sat, 18 Aug 2018 22:06:44 +0000 (00:06 +0200)]
RELEASE-NOTES: synced

6 years agoupload: change default UPLOAD_BUFSIZE to 64KB
Daniel Stenberg [Fri, 17 Aug 2018 09:36:12 +0000 (11:36 +0200)]
upload: change default UPLOAD_BUFSIZE to 64KB

To make uploads significantly faster in some circumstances.

Part 2 of #2888
Closes #2892

6 years agoupload: allocate upload buffer on-demand
Daniel Stenberg [Thu, 16 Aug 2018 22:49:37 +0000 (00:49 +0200)]
upload: allocate upload buffer on-demand

Saves 16KB on the easy handle for operations that don't need that
buffer.

Part 1 of #2888

6 years agovtls: reinstantiate engine on duplicated handles
Laurent Bonnans [Fri, 17 Aug 2018 15:39:01 +0000 (17:39 +0200)]
vtls: reinstantiate engine on duplicated handles

Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.

Reported-by: Anton Gerasimov
Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833

6 years agohttp2: make sure to send after RST_STREAM
Daniel Stenberg [Thu, 16 Aug 2018 11:21:11 +0000 (13:21 +0200)]
http2: make sure to send after RST_STREAM

If this is the last stream on this connection, the RST_STREAM might not
get pushed to the wire otherwise.

Fixes #2882
Closes #2887
Researched-by: Michael Kaufmann
6 years agotest1268: check the stderr output as "text"
Daniel Stenberg [Thu, 16 Aug 2018 21:05:09 +0000 (23:05 +0200)]
test1268: check the stderr output as "text"

Follow-up to 099f37e9c57

Pointed-out-by: Marcel Raad
6 years agourldata: remove unused pipe_broke struct field
Daniel Stenberg [Sun, 12 Aug 2018 17:36:56 +0000 (19:36 +0200)]
urldata: remove unused pipe_broke struct field

This struct field is never set TRUE in any existing code path. This
change removes the field completely.

Closes #2871

6 years agocurl: warn the user if a given file name looks like an option
Daniel Stenberg [Wed, 15 Aug 2018 07:17:43 +0000 (09:17 +0200)]
curl: warn the user if a given file name looks like an option

... simply because this is usually a sign of the user having omitted the
file name and the next option is instead "eaten" by the parser as a file
name.

Add test1268 to verify

Closes #2885

6 years agohttp2: check nghttp2_session_set_stream_user_data return code
Daniel Stenberg [Tue, 14 Aug 2018 13:28:29 +0000 (15:28 +0200)]
http2: check nghttp2_session_set_stream_user_data return code

Might help bug #2688 debugging

Closes #2880

6 years agotravis: revert back to gcc-7 for coverage builds
Daniel Stenberg [Wed, 15 Aug 2018 09:13:26 +0000 (11:13 +0200)]
travis: revert back to gcc-7 for coverage builds

... since the gcc-8 ones seem to fail frequently.

Follow-up from b85207199544ca

Closes #2886

6 years agoRELEASE-NOTES: synced
Daniel Stenberg [Wed, 15 Aug 2018 11:59:07 +0000 (13:59 +0200)]
RELEASE-NOTES: synced

... and now listed in alphabetical order!

6 years agoCMake: CMake config files are defining CURL_STATICLIB for static builds
Adrien [Wed, 1 Aug 2018 12:02:26 +0000 (14:02 +0200)]
CMake: CMake config files are defining CURL_STATICLIB for static builds

This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the library.
The symbol CURL_STATIC lib must be defined to compile downstream,
thus the config package is the perfect place to do so.

Fixes #2817
Closes #2823
Reported-by: adnn on github
Reviewed-by: Sergei Nikulov
6 years agoTODO: host name sections in config files
Daniel Stenberg [Wed, 15 Aug 2018 07:17:03 +0000 (09:17 +0200)]
TODO: host name sections in config files

6 years agossh-libssh: fix infinite connect loop on invalid private key
Kamil Dudka [Tue, 14 Aug 2018 10:47:18 +0000 (12:47 +0200)]
ssh-libssh: fix infinite connect loop on invalid private key

Added test 656 (based on test 604) to verify the fix.

Bug: https://bugzilla.redhat.com/1595135

Closes #2879

6 years agossh-libssh: reduce excessive verbose output about pubkey auth
Kamil Dudka [Tue, 14 Aug 2018 11:14:49 +0000 (13:14 +0200)]
ssh-libssh: reduce excessive verbose output about pubkey auth

The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was called, which
meant each time a packet was transferred over network because the API
operates in non-blocking mode.

This patch makes sure that the verbose message is printed just once
(when the authentication state is entered by the SSH state machine).

6 years agotravis: disable h2 torture tests for "coverage"
Daniel Stenberg [Tue, 14 Aug 2018 06:39:00 +0000 (08:39 +0200)]
travis: disable h2 torture tests for "coverage"

Since they started to fail almost 100% since a few days.

Closes #2876

6 years agotravis: update to GCC 8
Marcel Raad [Thu, 9 Aug 2018 12:48:28 +0000 (14:48 +0200)]
travis: update to GCC 8

Closes https://github.com/curl/curl/pull/2869

6 years agohttp: fix for tiny "HTTP/0.9" response
Daniel Stenberg [Mon, 13 Aug 2018 10:12:14 +0000 (12:12 +0200)]
http: fix for tiny "HTTP/0.9" response

Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.

Test 1266 and 1267 added to verify.

Fixes #2420
Closes #2872

6 years agodocs: add disallow-username-in-url.d and haproxy-protocol.d on the list
Kamil Dudka [Thu, 9 Aug 2018 13:22:11 +0000 (15:22 +0200)]
docs: add disallow-username-in-url.d and haproxy-protocol.d on the list

... to make make the files appear in distribution tarballs

Closes #2856

6 years ago.travis.yml: verify that man pages can be regenerated
Kamil Dudka [Thu, 9 Aug 2018 15:16:19 +0000 (17:16 +0200)]
.travis.yml: verify that man pages can be regenerated

... when curl is built from distribution tarball

Closes #2856

6 years agoSplit non-portable part off test 1133
Marcel Raad [Wed, 8 Aug 2018 20:43:27 +0000 (22:43 +0200)]
Split non-portable part off test 1133

Split off testing file names with double quotes into new test 1158.
Disable it for MSYS using a precheck as it doesn't support file names
with double quotes (but Cygwin does, for example).

Fixes https://github.com/curl/curl/issues/2796
Closes https://github.com/curl/curl/pull/2854

6 years agoprojects: Improve Windows perl detection in batch scripts
Jay Satiro [Sat, 11 Aug 2018 20:33:12 +0000 (16:33 -0400)]
projects: Improve Windows perl detection in batch scripts

- Determine if perl is in the user's PATH by running perl.exe.

Prior to this change detection was done by checking the PATH for perl/
but that did not work in all cases (eg git install includes perl but
not in perl/ path).

Bug: https://github.com/curl/curl/pull/2865
Reported-by: Daniel Jeliński
6 years agodocs: Improve the manual pages of some callbacks
Michael Kaufmann [Sat, 11 Aug 2018 11:52:18 +0000 (13:52 +0200)]
docs: Improve the manual pages of some callbacks

- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
  how to set it

Closes https://github.com/curl/curl/pull/2868

6 years agoGCC: silence -Wcast-function-type uniformly
Marcel Raad [Fri, 10 Aug 2018 15:32:01 +0000 (17:32 +0200)]
GCC: silence -Wcast-function-type uniformly

Pointed-out-by: Rikard Falkeborn
Closes https://github.com/curl/curl/pull/2860

6 years agoSilence GCC 8 cast-function-type warnings
Marcel Raad [Thu, 9 Aug 2018 15:19:24 +0000 (17:19 +0200)]
Silence GCC 8 cast-function-type warnings

On Windows, casting between unrelated function types is fine and
sometimes even necessary, so just use an intermediate cast to
(void (*) (void)) to silence the warning as described in [0].

[0] https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html

Closes https://github.com/curl/curl/pull/2860