Laurent Bonnans [Fri, 17 Aug 2018 15:39:01 +0000 (17:39 +0200)]
vtls: reinstantiate engine on duplicated handles
Handles created with curl_easy_duphandle do not use the SSL engine set
up in the original handle. This fixes the issue by storing the engine
name in the internal url state and setting the engine from its name
inside curl_easy_duphandle.
Reported-by: Anton Gerasimov Signed-of-by: Laurent Bonnans
Fixes #2829
Closes #2833
Daniel Stenberg [Wed, 15 Aug 2018 07:17:43 +0000 (09:17 +0200)]
curl: warn the user if a given file name looks like an option
... simply because this is usually a sign of the user having omitted the
file name and the next option is instead "eaten" by the parser as a file
name.
Adrien [Wed, 1 Aug 2018 12:02:26 +0000 (14:02 +0200)]
CMake: CMake config files are defining CURL_STATICLIB for static builds
This change allows to use the CMake config files generated by Curl's
CMake scripts for static builds of the library.
The symbol CURL_STATIC lib must be defined to compile downstream,
thus the config package is the perfect place to do so.
Fixes #2817
Closes #2823 Reported-by: adnn on github Reviewed-by: Sergei Nikulov
Kamil Dudka [Tue, 14 Aug 2018 11:14:49 +0000 (13:14 +0200)]
ssh-libssh: reduce excessive verbose output about pubkey auth
The verbose message "Authentication using SSH public key file" was
printed each time the ssh_userauth_publickey_auto() was called, which
meant each time a packet was transferred over network because the API
operates in non-blocking mode.
This patch makes sure that the verbose message is printed just once
(when the authentication state is entered by the SSH state machine).
Daniel Stenberg [Mon, 13 Aug 2018 10:12:14 +0000 (12:12 +0200)]
http: fix for tiny "HTTP/0.9" response
Deal with tiny "HTTP/0.9" (header-less) responses by checking the
status-line early, even before a full "HTTP/" is received to allow
detecting 0.9 properly.
Marcel Raad [Wed, 8 Aug 2018 20:43:27 +0000 (22:43 +0200)]
Split non-portable part off test 1133
Split off testing file names with double quotes into new test 1158.
Disable it for MSYS using a precheck as it doesn't support file names
with double quotes (but Cygwin does, for example).
Jay Satiro [Sat, 11 Aug 2018 20:33:12 +0000 (16:33 -0400)]
projects: Improve Windows perl detection in batch scripts
- Determine if perl is in the user's PATH by running perl.exe.
Prior to this change detection was done by checking the PATH for perl/
but that did not work in all cases (eg git install includes perl but
not in perl/ path).
Bug: https://github.com/curl/curl/pull/2865 Reported-by: Daniel Jeliński
Michael Kaufmann [Sat, 11 Aug 2018 11:52:18 +0000 (13:52 +0200)]
docs: Improve the manual pages of some callbacks
- CURLOPT_HEADERFUNCTION: add newlines
- CURLOPT_INTERLEAVEFUNCTION: fix the description of 'userdata'
- CURLOPT_READDATA: mention crashes, same as in CURLOPT_WRITEDATA
- CURLOPT_READFUNCTION: rename 'instream' to 'userdata' and explain
how to set it
Marcel Raad [Thu, 9 Aug 2018 15:19:24 +0000 (17:19 +0200)]
Silence GCC 8 cast-function-type warnings
On Windows, casting between unrelated function types is fine and
sometimes even necessary, so just use an intermediate cast to
(void (*) (void)) to silence the warning as described in [0].
ssl: set engine implicitly when a PKCS#11 URI is provided
This allows the use of PKCS#11 URI for certificates and keys without
setting the corresponding type as "ENG" and the engine as "pkcs11"
explicitly. If a PKCS#11 URI is provided for certificate, key,
proxy_certificate or proxy_key, the corresponding type is set as "ENG"
if not provided and the engine is set to "pkcs11" if not provided.
Daniel Stenberg [Wed, 1 Aug 2018 22:57:01 +0000 (00:57 +0200)]
test1307: disabled
Turns out that since we're using the native fnmatch function now when
available, and they simply disagree on a huge number of test patterns
that make it hard to test this function like this...
Harry Sintonen [Thu, 26 Jul 2018 22:04:29 +0000 (01:04 +0300)]
HTTP: Don't attempt to needlessly decompress redirect body
This change fixes a regression where redirect body would needlessly be
decompressed even though it was to be ignored anyway. As it happens this
causes secondary issues since there appears to be a bug in apache2 that
it in certain conditions generates a corrupt zlib response. The
regression was created by commit: dbcced8e32b50c068ac297106f0502ee200a1ebd
Christopher Head [Wed, 25 Jul 2018 06:40:11 +0000 (23:40 -0700)]
docs/CURLOPT_URL: fix indentation
The statement, “The application does not have to keep the string around
after setting this option,” appears to be indented under the RTMP
paragraph. It actually applies to all protocols, not just RTMP.
Eliminate the extra indentation.
Christopher Head [Wed, 25 Jul 2018 05:47:23 +0000 (22:47 -0700)]
docs/CURLOPT_WRITEFUNCTION: size is always 1
For compatibility with `fwrite`, the `CURLOPT_WRITEFUNCTION` callback is
passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.
This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.
Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.
wolfSSL/CyaSSL: Fix memory leak in Curl_cyassl_random
RNG structure must be freed by call to FreeRng after its use in
Curl_cyassl_random. This call fixes Valgrind failures when running the
test suite with wolfSSL.
Even Rouault [Wed, 25 Jul 2018 09:22:51 +0000 (11:22 +0200)]
reuse_conn(): free old_conn->options
This fixes a memory leak when CURLOPT_LOGIN_OPTIONS is used, together with
connection reuse.
I found this with oss-fuzz on GDAL and curl master:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9582
I couldn't reproduce with the oss-fuzz original test case, but looking
at curl source code pointed to this well reproducable leak.
auth: pick Bearer authentication whenever a token is available
So far, the code tries to pick an authentication method only if
user/password credentials are available, which is not the case for
Bearer authentictation...
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754
auth: only ever pick CURLAUTH_BEARER if we *have* a Bearer token
The Bearer authentication was added to cURL 7.61.0, but there is a
problem: if CURLAUTH_ANY is selected, and the server supports multiple
authentication methods including the Bearer method, we strongly prefer
that latter method (only CURLAUTH_NEGOTIATE beats it), and if the Bearer
authentication fails, we will never even try to attempt any other
method.
This is particularly unfortunate when we already know that we do not
have any Bearer token to work with.
Such a scenario happens e.g. when using Git to push to Visual Studio
Team Services (which supports Basic and Bearer authentication among
other methods) and specifying the Personal Access Token directly in the
URL (this aproach is frequently taken by automated builds).
Let's make sure that we have a Bearer token to work with before we
select the Bearer authentication among the available authentication
methods.
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes #2754
Daniel Stenberg [Fri, 20 Jul 2018 21:24:47 +0000 (23:24 +0200)]
vtls: set conn->data when closing TLS
Follow-up to 1b76c38904f0. The VTLS backends that close down the TLS
layer for a connection still needs a Curl_easy handle for the session_id
cache etc.
Daniel Stenberg [Thu, 19 Jul 2018 22:57:28 +0000 (00:57 +0200)]
smb_getsock: always wait for write socket too
... the protocol is doing read/write a lot, so it needs to write often
even when downloading. A more proper fix could check for eactly when it
wants to write and only ask for it then.
Without this fix, an SMB download could easily get stuck when the event-driven
API was used.
By default, the MSYS2 bash interprets http:/%HOSTIP:%HTTPPORT/want/1143
as a POSIX file list and converts it to a Windows file list.
Disable this with MSYS2_ARG_CONV_EXCL for the test to pass.
Patrick Monnerat [Thu, 12 Jul 2018 20:46:15 +0000 (22:46 +0200)]
content_encoding: accept up to 4 unknown trailer bytes after raw deflate data
Some servers issue raw deflate data that may be followed by an undocumented
trailer. This commit makes curl tolerate such a trailer of up to 4 bytes
before considering the data is in error.