]> granicus.if.org Git - curl/log
curl
8 years agoTHANKS: 6 new contributors from 7.47.0 release notes
Daniel Stenberg [Tue, 26 Jan 2016 22:45:02 +0000 (23:45 +0100)]
THANKS: 6 new contributors from 7.47.0 release notes

8 years agoNTLM: Fix ConnectionExists to compare Proxy credentials
Isaac Boukris [Wed, 13 Jan 2016 09:05:51 +0000 (11:05 +0200)]
NTLM: Fix ConnectionExists to compare Proxy credentials

Proxy NTLM authentication should compare credentials when
re-using a connection similar to host authentication, as it
authenticate the connection.

Example:
curl -v -x http://proxy:port http://host/ -U good_user:good_pwd
  --proxy-ntlm --next -x http://proxy:port http://host/
    [-U fake_user:fake_pwd --proxy-ntlm]

CVE-2016-0755

Bug: http://curl.haxx.se/docs/adv_20160127A.html

8 years agocurl: avoid local drive traversal when saving file (Windows)
Ray Satiro [Tue, 26 Jan 2016 22:23:15 +0000 (23:23 +0100)]
curl: avoid local drive traversal when saving file (Windows)

curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html

8 years agoRELEASE-NOTES: 7.47.0
Daniel Stenberg [Tue, 26 Jan 2016 22:34:10 +0000 (23:34 +0100)]
RELEASE-NOTES: 7.47.0

8 years agoFAQ: language fix in 4.19
Daniel Stenberg [Mon, 25 Jan 2016 10:11:29 +0000 (11:11 +0100)]
FAQ: language fix in 4.19

8 years agoFAQ: Update to point to GitHub
paulehoffman [Sun, 24 Jan 2016 22:27:08 +0000 (14:27 -0800)]
FAQ: Update to point to GitHub

Current FAQ didn't make it clear where the main repo is.

Closes #612

8 years agomaketgz: generate date stamp with LC_TIME=C
Daniel Stenberg [Sun, 24 Jan 2016 19:30:07 +0000 (20:30 +0100)]
maketgz: generate date stamp with LC_TIME=C

bug: http://curl.haxx.se/mail/lib-2016-01/0123.html

8 years agocurl_multi_socket_action.3: line wrap
Daniel Stenberg [Sun, 24 Jan 2016 19:29:51 +0000 (20:29 +0100)]
curl_multi_socket_action.3: line wrap

8 years agoRELEASE-NOTES: synced with d58ba66eeceb
Daniel Stenberg [Thu, 21 Jan 2016 22:57:52 +0000 (23:57 +0100)]
RELEASE-NOTES: synced with d58ba66eeceb

8 years agoTODO: "Create remote directories" for SMB
Steve Holme [Thu, 21 Jan 2016 21:05:55 +0000 (21:05 +0000)]
TODO: "Create remote directories" for SMB

8 years agombedtls: Fix pinned key return value on fail
Jay Satiro [Mon, 18 Jan 2016 08:48:10 +0000 (03:48 -0500)]
mbedtls: Fix pinned key return value on fail

- Switch from verifying a pinned public key in a callback during the
certificate verification to inline after the certificate verification.

The callback method had three problems:

1. If a pinned public key didn't match, CURLE_SSL_PINNEDPUBKEYNOTMATCH
was not returned.

2. If peer certificate verification was disabled the pinned key
verification did not take place as it should.

3. (related to #2) If there was no certificate of depth 0 the callback
would not have checked the pinned public key.

Though all those problems could have been fixed it would have made the
code more complex. Instead we now verify inline after the certificate
verification in mbedtls_connect_step2.

Ref: http://curl.haxx.se/mail/lib-2016-01/0047.html
Ref: https://github.com/bagder/curl/pull/601

8 years agotests: Add a test for pinnedpubkey fail even when insecure
Jay Satiro [Mon, 18 Jan 2016 08:10:10 +0000 (03:10 -0500)]
tests: Add a test for pinnedpubkey fail even when insecure

Because disabling the peer verification (--insecure) must not disable
the public key pinning check (--pinnedpubkey).

8 years agoCURLINFO_RESPONSE_CODE.3: add example
Daniel Schauenberg [Sun, 17 Jan 2016 04:04:46 +0000 (23:04 -0500)]
CURLINFO_RESPONSE_CODE.3: add example

8 years agossh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL
Kamil Dudka [Fri, 15 Jan 2016 09:27:33 +0000 (10:27 +0100)]
ssh: make CURLOPT_SSH_PUBLIC_KEYFILE treat "" as NULL

The CURLOPT_SSH_PUBLIC_KEYFILE option has been documented to handle
empty strings specially since curl-7_25_0-31-g05a443a but the behavior
was unintentionally removed in curl-7_38_0-47-gfa7d04f.

This commit restores the original behavior and clarifies it in the
documentation that NULL and "" have both the same meaning when passed
to CURLOPT_SSH_PUBLIC_KEYFILE.

Bug: http://curl.haxx.se/mail/lib-2016-01/0072.html

8 years agoRELEASE-NOTES: synced with 35083ca60ed035a
Daniel Stenberg [Thu, 14 Jan 2016 21:09:09 +0000 (22:09 +0100)]
RELEASE-NOTES: synced with 35083ca60ed035a

8 years agoopenssl: improved error detection/reporting
Daniel Stenberg [Thu, 14 Jan 2016 20:25:30 +0000 (21:25 +0100)]
openssl: improved error detection/reporting

... by extracting the LIB + REASON from the OpenSSL error code. OpenSSL
1.1.0+ returned a new func number of another cerfificate fail so this
required a fix and this is the better way to catch this error anyway.

8 years agoopenssl: for 1.1.0+ they now provide a SSLeay() macro of their own
Daniel Stenberg [Thu, 14 Jan 2016 15:38:14 +0000 (16:38 +0100)]
openssl: for 1.1.0+ they now provide a SSLeay() macro of their own

8 years agoCURLOPT_RESOLVE.3: minor language polish
Daniel Stenberg [Wed, 13 Jan 2016 08:11:12 +0000 (09:11 +0100)]
CURLOPT_RESOLVE.3: minor language polish

8 years agoconfigure: assume IPv6 works when cross-compiled
Daniel Stenberg [Tue, 12 Jan 2016 09:30:54 +0000 (10:30 +0100)]
configure: assume IPv6 works when cross-compiled

The configure test uses AC_TRY_RUN to figure out if an ipv6 socket
works, and testing like that doesn't work for cross-compiles. These days
IPv6 support is widespread so a blind guess is probably more likely to
be 'yes' than 'no' now.

Further: anyone who cross-compiles can use configure's --disable-ipv6 to
explicitly disable IPv6 and that also works for cross-compiles.

Made happen after discussions in issue #594

8 years agoTODO: "Try to URL encode given URL"
Daniel Stenberg [Mon, 11 Jan 2016 23:03:05 +0000 (00:03 +0100)]
TODO: "Try to URL encode given URL"

Closes #514

8 years agoConnectionExists: only do pipelining/multiplexing when asked
Daniel Stenberg [Sun, 10 Jan 2016 00:00:06 +0000 (01:00 +0100)]
ConnectionExists: only do pipelining/multiplexing when asked

When an HTTP/2 upgrade request fails (no protocol switch), it would
previously detect that as still possible to pipeline on (which is
acorrect) and do that when PIPEWAIT was enabled even if pipelining was
not explictily enabled.

It should only pipelined if explicitly asked to.

Closes #584

8 years agolib: Prefix URLs with lower-case protocol names/schemes
Mohammad AlSaleh [Fri, 8 Jan 2016 22:50:38 +0000 (00:50 +0200)]
lib: Prefix URLs with lower-case protocol names/schemes

Before this patch, if a URL does not start with the protocol
name/scheme, effective URLs would be prefixed with upper-case protocol
names/schemes. This behavior might not be expected by library users or
end users.

For example, if `CURLOPT_DEFAULT_PROTOCOL` is set to "https". And the
URL is "hostname/path". The effective URL would be
"HTTPS://hostname/path" instead of "https://hostname/path".

After this patch, effective URLs would be prefixed with a lower-case
protocol name/scheme.

Closes #597

Signed-off-by: Mohammad AlSaleh <CE.Mohammad.AlSaleh@gmail.com>
8 years agoscripts: don't generate and install zsh completion when cross-compiling
Alessandro Ghedini [Mon, 11 Jan 2016 22:22:25 +0000 (22:22 +0000)]
scripts: don't generate and install zsh completion when cross-compiling

8 years agoscripts: fix zsh completion generation
Alessandro Ghedini [Sun, 27 Dec 2015 17:08:53 +0000 (18:08 +0100)]
scripts: fix zsh completion generation

The script should use the just-built curl, not the system one. This fixes
zsh completion generation when no system curl is installed.

8 years agozsh.pl: fail if no curl is found
Alessandro Ghedini [Sun, 27 Dec 2015 17:12:46 +0000 (18:12 +0100)]
zsh.pl: fail if no curl is found

Instead of generation a broken completion file.

8 years agoIDN host names: Remove the port number before converting to ACE
Michael Kaufmann [Fri, 8 Jan 2016 13:54:56 +0000 (14:54 +0100)]
IDN host names: Remove the port number before converting to ACE

Closes #596

8 years agoruntests: Add mbedTLS to the SSL backends
Jay Satiro [Sun, 10 Jan 2016 07:56:26 +0000 (02:56 -0500)]
runtests: Add mbedTLS to the SSL backends

.. and enable SSLpinning tests for mbedTLS, BoringSSL and LibreSSL.

8 years agombedtls: implement CURLOPT_PINNEDPUBLICKEY
Thomas Glanzmann [Wed, 6 Jan 2016 06:00:11 +0000 (07:00 +0100)]
mbedtls: implement CURLOPT_PINNEDPUBLICKEY

8 years agourl: Fix compile error with --enable-werror
Tatsuhiro Tsujikawa [Sat, 9 Jan 2016 00:51:05 +0000 (09:51 +0900)]
url: Fix compile error with --enable-werror

8 years agohttp2: Ensure that http2_handle_stream_close is called
Tatsuhiro Tsujikawa [Thu, 7 Jan 2016 13:10:09 +0000 (22:10 +0900)]
http2: Ensure that http2_handle_stream_close is called

Previously, when HTTP/2 is enabled and used, and stream has content
length known, Curl_read was not called when there was no bytes left to
read. Because of this, we could not make sure that
http2_handle_stream_close was called for every stream. Since we use
http2_handle_stream_close to emit trailer fields, they were
effectively ignored. This commit changes the code so that Curl_read is
called even if no bytes left to read, to ensure that
http2_handle_stream_close is called for every stream.

Discussed in https://github.com/bagder/curl/pull/564

8 years agohttp2: handle the received SETTINGS frame
Daniel Stenberg [Fri, 8 Jan 2016 22:06:59 +0000 (23:06 +0100)]
http2: handle the received SETTINGS frame

This regression landed in 5778e6f5 and made libcurl not act on received
settings and instead stayed with its internal defaults.

Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html
Reported-by: Bankde
8 years agoRevert "multiplex: allow only once HTTP/2 is actually used"
Daniel Stenberg [Fri, 8 Jan 2016 13:39:54 +0000 (14:39 +0100)]
Revert "multiplex: allow only once HTTP/2 is actually used"

This reverts commit 46cb70e9fa81c9a56de484cdd7c5d9d0d9fbec36.

Bug: http://curl.haxx.se/mail/lib-2016-01/0031.html

8 years agohttp2: Fix PUSH_PROMISE headers being treated as trailers
Tatsuhiro Tsujikawa [Fri, 8 Jan 2016 08:04:19 +0000 (03:04 -0500)]
http2: Fix PUSH_PROMISE headers being treated as trailers

Discussed in https://github.com/bagder/curl/pull/564

8 years agoconnection reuse: IDN host names fixed
Michael Kaufmann [Thu, 7 Jan 2016 17:00:00 +0000 (18:00 +0100)]
connection reuse: IDN host names fixed

Use the ACE form of IDN hostnames as key in the connection cache.  Add
new tests.

Closes #592

8 years agotests: mark IPv6 FTP and FTPS tests with the FTP keyword
Daniel Stenberg [Thu, 7 Jan 2016 12:48:05 +0000 (13:48 +0100)]
tests: mark IPv6 FTP and FTPS tests with the FTP keyword

8 years agombedtls: Fix ALPN support
Jay Satiro [Thu, 7 Jan 2016 06:49:31 +0000 (01:49 -0500)]
mbedtls: Fix ALPN support

- Fix ALPN reply detection.

- Wrap nghttp2 code in ifdef USE_NGHTTP2.

Prior to this change ALPN and HTTP/2 did not work properly in mbedTLS.

8 years agohttp2: Fix client write for trailers on stream close
Jay Satiro [Thu, 7 Jan 2016 03:10:49 +0000 (22:10 -0500)]
http2: Fix client write for trailers on stream close

Check that the trailer buffer exists before attempting a client write
for trailers on stream close.

Refer to comments in https://github.com/bagder/curl/pull/564

8 years agoCOPYING: update general copyright year range
Daniel Stenberg [Wed, 6 Jan 2016 23:11:16 +0000 (00:11 +0100)]
COPYING: update general copyright year range

8 years agoConnectionExists: add missing newline in infof() call
Daniel Stenberg [Tue, 5 Jan 2016 11:09:33 +0000 (12:09 +0100)]
ConnectionExists: add missing newline in infof() call

Mistake from commit a464f33843ee1

8 years agomultiplex: allow only once HTTP/2 is actually used
Daniel Stenberg [Tue, 5 Jan 2016 10:32:30 +0000 (11:32 +0100)]
multiplex: allow only once HTTP/2 is actually used

To make sure curl doesn't allow multiplexing before a connection is
upgraded to HTTP/2 (like when Upgrade: h2c fails), we must make sure the
connection uses HTTP/2 as well and not only check what's wanted.

Closes #584

Patch-by: c0ff
8 years agocurl_global_init.3: Add Windows-specific info for init via DLL
Jay Satiro [Mon, 4 Jan 2016 22:44:39 +0000 (17:44 -0500)]
curl_global_init.3: Add Windows-specific info for init via DLL

- Add to both curl_global_init.3 and libcurl.3 the caveat for Windows
that initializing libcurl via a DLL's DllMain or static initializer
could cause a deadlock.

Bug: https://github.com/bagder/curl/issues/586
Reported-by: marc-groundctl@users.noreply.github.com
8 years agoFAQ: clarify who to mail about ECCN clarifications
Daniel Stenberg [Mon, 4 Jan 2016 17:59:29 +0000 (18:59 +0100)]
FAQ: clarify who to mail about ECCN clarifications

8 years agoprogressfunc.c: spellfix description
Daniel Stenberg [Mon, 4 Jan 2016 17:49:10 +0000 (18:49 +0100)]
progressfunc.c: spellfix description

8 years agodocs/examples/multi-app.c: fix bad desc formatting
Daniel Stenberg [Mon, 4 Jan 2016 14:35:16 +0000 (15:35 +0100)]
docs/examples/multi-app.c: fix bad desc formatting

8 years agoexamples: added descriptions
Daniel Stenberg [Mon, 4 Jan 2016 14:34:05 +0000 (15:34 +0100)]
examples: added descriptions

8 years agoexample/simple.c: add description
Daniel Stenberg [Mon, 4 Jan 2016 14:12:22 +0000 (15:12 +0100)]
example/simple.c: add description

8 years agogetredirect.c: a new example
Daniel Stenberg [Mon, 4 Jan 2016 14:12:08 +0000 (15:12 +0100)]
getredirect.c: a new example

9 years agoRELEASE-NOTES: add 5e0e81a9c4e35f04ca
Marc Hoersken [Sun, 27 Dec 2015 17:18:20 +0000 (18:18 +0100)]
RELEASE-NOTES: add 5e0e81a9c4e35f04ca

9 years agoRELEASE-NOTES: synced with 2aec4359db1088b10d
Daniel Stenberg [Sat, 26 Dec 2015 22:13:32 +0000 (23:13 +0100)]
RELEASE-NOTES: synced with 2aec4359db1088b10d

9 years agotest 1515: add data check
Marc Hoersken [Sat, 26 Dec 2015 16:25:59 +0000 (17:25 +0100)]
test 1515: add data check

9 years agotest 1515: add MSYS support by passing a relative path
Marc Hoersken [Sat, 26 Dec 2015 16:25:42 +0000 (17:25 +0100)]
test 1515: add MSYS support by passing a relative path

MSYS would otherwise turn a /-style path into a C:\-style path.

9 years agotest 539: use datacheck mode text for ASCII-mode LISTings
Marc Hoersken [Sat, 26 Dec 2015 10:01:13 +0000 (11:01 +0100)]
test 539: use datacheck mode text for ASCII-mode LISTings

While still using datacheck mode binary for the inline reply data.

9 years agoruntests.pl: check up to 5 data parts with different text modes
Marc Hoersken [Sat, 26 Dec 2015 09:59:22 +0000 (10:59 +0100)]
runtests.pl: check up to 5 data parts with different text modes

Move the text-mode conversion for reply/replycheck from the verify
section into the load section and add support for 4 more check parts.

9 years agoCURLOPT_RANGE: for HTTP servers, range support is optional
Daniel Stenberg [Thu, 24 Dec 2015 22:35:54 +0000 (23:35 +0100)]
CURLOPT_RANGE: for HTTP servers, range support is optional

9 years agotests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings
Marc Hoersken [Thu, 24 Dec 2015 13:56:47 +0000 (14:56 +0100)]
tests 1048 and 1050: use datacheck mode text for ASCII-mode LISTings

9 years agotests 706 and 707: use datacheck mode text for ASCII-mode LISTings
Marc Hoersken [Thu, 24 Dec 2015 13:48:36 +0000 (14:48 +0100)]
tests 706 and 707: use datacheck mode text for ASCII-mode LISTings

9 years agotests 400,403,406: use datacheck mode text for ASCII-mode LISTings
Marc Hoersken [Thu, 24 Dec 2015 13:22:26 +0000 (14:22 +0100)]
tests 400,403,406: use datacheck mode text for ASCII-mode LISTings

9 years agosockfilt.c: fix calculation of sleep timeout on Windows
Marc Hoersken [Wed, 23 Dec 2015 14:04:02 +0000 (15:04 +0100)]
sockfilt.c: fix calculation of sleep timeout on Windows

Not converting to double caused small timeouts to be skipped.

9 years agotests first.c: fix calculation of sleep timeout on Windows
Marc Hoersken [Wed, 23 Dec 2015 14:03:40 +0000 (15:03 +0100)]
tests first.c: fix calculation of sleep timeout on Windows

Not converting to double caused small timeouts to be skipped.

9 years agotest 573: add more debug output
Marc Hoersken [Wed, 23 Dec 2015 14:02:43 +0000 (15:02 +0100)]
test 573: add more debug output

9 years agoftplistparser.c: fix handling of file LISTings using Windows EOL
Marc Hoersken [Wed, 23 Dec 2015 13:19:36 +0000 (14:19 +0100)]
ftplistparser.c: fix handling of file LISTings using Windows EOL

Previously file.txt[CR][LF] would have been returned as file.tx
(without the last t) if filetype is symlink. Now the t is
included and the internal item_length includes the zero byte.

Spotted using test 576 on Windows.

9 years agotest 16: fix on Linux (and Windows) by using plain ASCII characters
Marc Hoersken [Wed, 23 Dec 2015 12:35:36 +0000 (13:35 +0100)]
test 16: fix on Linux (and Windows) by using plain ASCII characters

Follow up on b064ff0c351bb287557228575ef4c1d079b866fb, thanks Daniel.

9 years agotftpd server: add Windows support by writing files in binary mode
Marc Hoersken [Wed, 23 Dec 2015 12:04:00 +0000 (13:04 +0100)]
tftpd server: add Windows support by writing files in binary mode

9 years agotests 252-255: use datacheck mode text for ASCII-mode LISTings
Marc Hoersken [Wed, 23 Dec 2015 11:49:40 +0000 (12:49 +0100)]
tests 252-255: use datacheck mode text for ASCII-mode LISTings

9 years agotest 16: fix on Windows by converting data file from ANSI to UTF-8
Marc Hoersken [Wed, 23 Dec 2015 11:41:52 +0000 (12:41 +0100)]
test 16: fix on Windows by converting data file from ANSI to UTF-8

9 years agoMakefile.inc: s/curl_SOURCES/CURL_FILES
Daniel Stenberg [Wed, 23 Dec 2015 11:07:50 +0000 (12:07 +0100)]
Makefile.inc: s/curl_SOURCES/CURL_FILES

This allows the root Makefile.am to include the Makefile.inc without
causing automake to warn on it (variables named *_SOURCES are
magic). curl_SOURCES is then instead assigned properly in
src/Makefile.am only.

Closes #577

9 years agoConnectionExists: with *PIPEWAIT, wait for connections
Anders Bakken [Mon, 21 Dec 2015 18:13:15 +0000 (10:13 -0800)]
ConnectionExists: with *PIPEWAIT, wait for connections

Try harder to prevent libcurl from opening up an additional socket when
CURLOPT_PIPEWAIT is set. Accomplished by letting ongoing TCP and TLS
handshakes complete first before the decision is made.

Closes #575

9 years agoAdd .dir-locals and set c-basic-offset to 2.
Anders Bakken [Mon, 21 Dec 2015 18:12:35 +0000 (10:12 -0800)]
Add .dir-locals and set c-basic-offset to 2.

This makes it easier for emacs users to automatically get the right
2-space indentation when they edit curl source files.

c++-mode is in there as well because Emacs can't easily know if
something is a C or C++ header.

Closes #574

9 years agoconfigure: detect IPv6 support on Windows
Johannes Schindelin [Thu, 17 Sep 2015 18:03:34 +0000 (20:03 +0200)]
configure: detect IPv6 support on Windows

This patch was "nicked" from the MINGW-packages project by Daniel.

https://github.com/Alexpux/MINGW-packages/commit/9253d0bf58a1486e91f7efb5316e7fdb48fa4007
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
9 years agoconfigure: allow static builds on mingw
Daniel Stenberg [Sun, 20 Dec 2015 22:43:46 +0000 (23:43 +0100)]
configure: allow static builds on mingw

This patch is adopted from the MINGW-packages project. It makes it
possible to build curl both shared and static again.

URL: https://github.com/Alexpux/MINGW-packages/tree/master/mingw-w64-curl

9 years agotest 1326: fix file check since curl is outputting binary data
Marc Hoersken [Thu, 17 Dec 2015 15:04:33 +0000 (16:04 +0100)]
test 1326: fix file check since curl is outputting binary data

9 years agotest 1326: fix getting stuck on Windows due to incomplete request
Marc Hoersken [Thu, 17 Dec 2015 14:12:19 +0000 (15:12 +0100)]
test 1326: fix getting stuck on Windows due to incomplete request

The request needs to be read and send in binary mode in order to use
CRLF instead of LF. Adding --upload-file - causes curl to read stdin
in binary mode.

9 years agoRELEASE-NOTES: command line option recount
Daniel Stenberg [Thu, 17 Dec 2015 12:21:31 +0000 (13:21 +0100)]
RELEASE-NOTES: command line option recount

9 years agoscripts/Makefile: build zsh script even in an out-of-tree build
Dan Fandrich [Wed, 16 Dec 2015 21:13:02 +0000 (22:13 +0100)]
scripts/Makefile: build zsh script even in an out-of-tree build

9 years agosockfilt.c: added some debug output to select_ws
Marc Hoersken [Wed, 16 Dec 2015 14:33:36 +0000 (15:33 +0100)]
sockfilt.c: added some debug output to select_ws

9 years agosockfilt.c: keep lines shorter than 80 chars
Marc Hoersken [Wed, 16 Dec 2015 14:33:13 +0000 (15:33 +0100)]
sockfilt.c: keep lines shorter than 80 chars

9 years agosockfilt.c: do not wait on unreliable file or pipe handle
Marc Hoersken [Wed, 16 Dec 2015 14:32:31 +0000 (15:32 +0100)]
sockfilt.c: do not wait on unreliable file or pipe handle

The previous implementation caused issues on modern MSYS2 runtimes.

9 years agocyassl: deal with lack of *get_peer_certificate
Daniel Stenberg [Wed, 16 Dec 2015 09:25:31 +0000 (10:25 +0100)]
cyassl: deal with lack of *get_peer_certificate

The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.

Also fix the mistake in configure that checks for the wrong lib name.

Closes #566

9 years agowolfssl: handle builds without SSLv3 support
Daniel Stenberg [Wed, 16 Dec 2015 09:06:09 +0000 (10:06 +0100)]
wolfssl: handle builds without SSLv3 support

9 years agohttp2: Support trailer fields
Tatsuhiro Tsujikawa [Sun, 13 Dec 2015 10:32:58 +0000 (19:32 +0900)]
http2: Support trailer fields

This commit adds trailer support in HTTP/2.  In HTTP/1.1, chunked
encoding must be used to send trialer fields.  HTTP/2 deprecated any
trandfer-encoding, including chunked.  But trailer fields are now
always available.

Since trailer fields are relatively rare these days (gRPC uses them
extensively though), allocating buffer for trailer fields is done when
we detect that HEADERS frame containing trailer fields is started.  We
use Curl_add_buffer_* functions to buffer all trailers, just like we
do for regular header fields.  And then deliver them when stream is
closed.  We have to be careful here so that all data are delivered to
upper layer before sending trailers to the application.

We can deliver trailer field one by one using NGHTTP2_ERR_PAUSE
mechanism, but current method is far more simple.

Another possibility is use chunked encoding internally for HTTP/2
traffic.  I have not tested it, but it could add another overhead.

Closes #564

9 years agoRELEASE-NOTES: synced with 6c2c019654e658a
Daniel Stenberg [Tue, 15 Dec 2015 22:12:32 +0000 (23:12 +0100)]
RELEASE-NOTES: synced with 6c2c019654e658a

9 years agox509asn1: Fix host altname verification
Jay Satiro [Mon, 14 Dec 2015 21:43:08 +0000 (16:43 -0500)]
x509asn1: Fix host altname verification

- In Curl_verifyhost check all altnames in the certificate.

Prior to this change only the first altname was checked. Only the GSKit
SSL backend was affected by this bug.

Bug: http://curl.haxx.se/mail/lib-2015-12/0062.html
Reported-by: John Kohl
9 years agocurl --expect100-timeout: added
Daniel Stenberg [Mon, 14 Dec 2015 12:29:13 +0000 (13:29 +0100)]
curl --expect100-timeout: added

This is the new command line option to set the value for the existing
libcurl option CURLOPT_EXPECT_100_TIMEOUT_MS

9 years agocyassl: fix compiler warning on type conversion
Daniel Stenberg [Mon, 14 Dec 2015 23:36:08 +0000 (00:36 +0100)]
cyassl: fix compiler warning on type conversion

9 years agocurlver: the pending release will become 7.47.0
Daniel Stenberg [Mon, 14 Dec 2015 23:02:20 +0000 (00:02 +0100)]
curlver: the pending release will become 7.47.0

9 years agosetstropt: const-correctness
Anders Bakken [Mon, 14 Dec 2015 21:21:32 +0000 (13:21 -0800)]
setstropt: const-correctness

Closes #565

9 years agoROADMAP: implemented HTTP2 for HTTPS-only
Daniel Stenberg [Mon, 14 Dec 2015 09:13:21 +0000 (10:13 +0100)]
ROADMAP: implemented HTTP2 for HTTPS-only

9 years agoHTTP2.md: spell fix and remove TODO now implemented
Daniel Stenberg [Mon, 14 Dec 2015 09:10:35 +0000 (10:10 +0100)]
HTTP2.md: spell fix and remove TODO now implemented

9 years agolibressl: the latest openssl x509 funcs are not in libressl
Daniel Stenberg [Mon, 14 Dec 2015 08:49:19 +0000 (09:49 +0100)]
libressl: the latest openssl x509 funcs are not in libressl

9 years agocurl: use 2TLS by default
Daniel Stenberg [Sun, 13 Dec 2015 08:24:08 +0000 (09:24 +0100)]
curl: use 2TLS by default

Make this the default for the curl tool (if built with HTTP/2 powers
enabled) unless a specific HTTP version is requested on the command
line.

This should allow more users to get HTTP/2 powers without having to
change anything.

9 years agohttp: add libcurl option to allow HTTP/2 for HTTPS only
Daniel Stenberg [Sun, 13 Dec 2015 08:23:36 +0000 (09:23 +0100)]
http: add libcurl option to allow HTTP/2 for HTTPS only

... and stick to 1.1 for HTTP. This is in line with what browsers do and
should have very little risk.

9 years agoopenssl: adapt to openssl >= 1.1.0 X509 opaque structs
Daniel Stenberg [Thu, 10 Dec 2015 18:20:22 +0000 (19:20 +0100)]
openssl: adapt to openssl >= 1.1.0 X509 opaque structs

Closes #491

9 years agoopenssl: avoid BIO_reset() warnings since it returns a value
Daniel Stenberg [Thu, 10 Dec 2015 16:31:00 +0000 (17:31 +0100)]
openssl: avoid BIO_reset() warnings since it returns a value

9 years agoopenssl: adapt to 1.1.0+ name changes
Daniel Stenberg [Thu, 10 Dec 2015 16:30:31 +0000 (17:30 +0100)]
openssl: adapt to 1.1.0+ name changes

9 years agoscripts/makefile: add standard header
Daniel Stenberg [Tue, 8 Dec 2015 23:34:39 +0000 (00:34 +0100)]
scripts/makefile: add standard header

9 years agoscripts/Makefile: fix GNUism and survive no perl
Daniel Stenberg [Tue, 8 Dec 2015 23:32:42 +0000 (00:32 +0100)]
scripts/Makefile: fix GNUism and survive no perl

Closes #555

Reported-by: Thomas Klausner
9 years agofix b6d5cb40d7038fe
Daniel Stenberg [Tue, 8 Dec 2015 23:27:04 +0000 (00:27 +0100)]
fix b6d5cb40d7038fe

9 years agohttp2: Fix hanging paused stream
Tatsuhiro Tsujikawa [Fri, 4 Dec 2015 15:40:10 +0000 (00:40 +0900)]
http2: Fix hanging paused stream

When NGHTTP2_ERR_PAUSE is returned from data_source_read_callback, we
might not process DATA frame fully.  Calling nghttp2_session_mem_recv()
again will continue to process DATA frame, but if there is no incoming
frames, then we have to call it again with 0-length data.  Without this,
on_stream_close callback will not be called, and stream could be hanged.

Bug: http://curl.haxx.se/mail/lib-2015-11/0103.html
Reported-by: Francisco Moraes
9 years agobuild: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS
Christian Stewart [Tue, 8 Dec 2015 15:04:52 +0000 (10:04 -0500)]
build: fix compilation error with CURL_DISABLE_VERBOSE_STRINGS

With curl disable verbose strings in http.c the compilation fails due to
the data variable being undefined later on in the function.

Closes #558

9 years agoconfig-win32: Fix warning HAVE_WINSOCK2_H undefined
Gisle Vanem [Tue, 8 Dec 2015 00:05:42 +0000 (19:05 -0500)]
config-win32: Fix warning HAVE_WINSOCK2_H undefined