]> granicus.if.org Git - curl/log
curl
9 years agoopenssl: fix serial number output
Daniel Stenberg [Sun, 26 Apr 2015 14:36:19 +0000 (16:36 +0200)]
openssl: fix serial number output

The code extracting the cert serial number was broken and didn't display
it properly.

Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
9 years agosasl_sspi: Populate domain from the realm in the challenge
Grant Pannell [Sun, 26 Apr 2015 14:12:23 +0000 (16:12 +0200)]
sasl_sspi: Populate domain from the realm in the challenge

Without this, SSPI based digest auth was broken.

Bug: https://github.com/bagder/curl/pull/141.patch

9 years agotool: New option --data-raw to HTTP POST data, '@' allowed.
Anthony Avina [Sat, 25 Apr 2015 18:49:39 +0000 (14:49 -0400)]
tool: New option --data-raw to HTTP POST data, '@' allowed.

Add new option --data-raw which is almost the same as --data but does
not have a special interpretation of the @ character.

Prior to this change there was no (easy) way to pass the @ character as
the first character in POST data without it being interpreted as a
special character.

Bug: https://github.com/bagder/curl/issues/198
Reported-by: Jens Rantil
9 years agotest2039: fixed line endings that caused a test failure
Dan Fandrich [Sat, 25 Apr 2015 08:17:46 +0000 (10:17 +0200)]
test2039: fixed line endings that caused a test failure

9 years agonetrc: add unit tests for 'default' support
Viktor Szakats [Sun, 19 Apr 2015 14:18:16 +0000 (16:18 +0200)]
netrc: add unit tests for 'default' support

9 years agonetrc: support 'default' token
Viktor Szakats [Thu, 9 Apr 2015 01:46:15 +0000 (03:46 +0200)]
netrc: support 'default' token

The 'default' token has no argument and means to match _any_ domain.
It must be placed last if there are 'machine <name>' tokens in the same file.

See full description here:
https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html

9 years agoROADMAP.md: extended the HTTP/2 section, reformatted
Daniel Stenberg [Fri, 24 Apr 2015 08:49:31 +0000 (10:49 +0200)]
ROADMAP.md: extended the HTTP/2 section, reformatted

Elaborated on several of the remaining HTTP/2 parts and made document
use a format that ends up nicer on the web page:
http://curl.haxx.se/dev/roadmap.html

9 years agocurl -z: do not write empty file on unmet condition
Kamil Dudka [Thu, 23 Apr 2015 12:01:08 +0000 (14:01 +0200)]
curl -z: do not write empty file on unmet condition

This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe.
It also introduces a regression test 1424 based on tests 78 and 1423.

Reported-by: Viktor Szakats
Bug: https://github.com/bagder/curl/issues/237

9 years agotool: fixed a comment typo
Dan Fandrich [Wed, 22 Apr 2015 22:09:49 +0000 (00:09 +0200)]
tool: fixed a comment typo

9 years agoREADME: convert to UTF-8
Dan Fandrich [Wed, 22 Apr 2015 22:02:49 +0000 (00:02 +0200)]
README: convert to UTF-8

9 years agocyassl: Implement public key pinning
Jay Satiro [Sun, 5 Apr 2015 05:48:16 +0000 (01:48 -0400)]
cyassl: Implement public key pinning

Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.

9 years agocurl.1: fix typo
Alessandro Ghedini [Wed, 22 Apr 2015 12:57:46 +0000 (14:57 +0200)]
curl.1: fix typo

9 years agodocs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too
Kamil Dudka [Wed, 22 Apr 2015 12:47:26 +0000 (14:47 +0200)]
docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too

9 years agotests/unit/.gitignore: hide unit1601 and above, too
Kamil Dudka [Wed, 22 Apr 2015 12:18:40 +0000 (14:18 +0200)]
tests/unit/.gitignore: hide unit1601 and above, too

9 years agoconnectionexists: follow-up to fd9d3a1ef1f
Daniel Stenberg [Wed, 22 Apr 2015 11:58:10 +0000 (13:58 +0200)]
connectionexists: follow-up to fd9d3a1ef1f

PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.

Mistake-caught-by: Kamil Dudka
9 years agoconnectionexists: fix build without NTLM
Daniel Stenberg [Wed, 22 Apr 2015 11:31:35 +0000 (13:31 +0200)]
connectionexists: fix build without NTLM

Do not access NTLM-specific struct fields when built without NTLM
enabled!

bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
9 years agobump: start working toward 7.43.0
Daniel Stenberg [Wed, 22 Apr 2015 11:31:06 +0000 (13:31 +0200)]
bump: start working toward 7.43.0

9 years agonss: implement public key pinning for NSS backend
Kamil Dudka [Wed, 25 Mar 2015 12:48:41 +0000 (13:48 +0100)]
nss: implement public key pinning for NSS backend

Bug: https://bugzilla.redhat.com/1195771

9 years agodist: include {src,lib}/checksrc.whitelist
Daniel Stenberg [Wed, 22 Apr 2015 11:16:04 +0000 (13:16 +0200)]
dist: include {src,lib}/checksrc.whitelist

9 years agoRELEASE-NOTES: updated for 7.42.0 curl-7_42_0
Daniel Stenberg [Tue, 21 Apr 2015 09:18:06 +0000 (11:18 +0200)]
RELEASE-NOTES: updated for 7.42.0

9 years agoTHANKS: added contributors from 7.42.0 release notes
Daniel Stenberg [Tue, 21 Apr 2015 09:37:18 +0000 (11:37 +0200)]
THANKS: added contributors from 7.42.0 release notes

9 years agoTHANKS-filter: a few more alterations to squash
Daniel Stenberg [Tue, 21 Apr 2015 09:35:37 +0000 (11:35 +0200)]
THANKS-filter: a few more alterations to squash

9 years agocontrithanks.sh: helper script for maintaining THANKS
Daniel Stenberg [Tue, 21 Apr 2015 09:18:54 +0000 (11:18 +0200)]
contrithanks.sh: helper script for maintaining THANKS

9 years agohttp_done: close Negotiate connections when done
Daniel Stenberg [Sat, 18 Apr 2015 21:50:16 +0000 (23:50 +0200)]
http_done: close Negotiate connections when done

When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.

CVE-2015-3148

Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
9 years agofix_hostname: zero length host name caused -1 index offset
Daniel Stenberg [Thu, 16 Apr 2015 21:52:04 +0000 (23:52 +0200)]
fix_hostname: zero length host name caused -1 index offset

If a URL is given with a zero-length host name, like in "http://:80" or
just ":80", `fix_hostname()` will index the host name pointer with a -1
offset (as it blindly assumes a non-zero length) and both read and
assign that address.

CVE-2015-3144

Bug: http://curl.haxx.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
9 years agocookie: cookie parser out of boundary memory access
Daniel Stenberg [Thu, 16 Apr 2015 14:37:40 +0000 (16:37 +0200)]
cookie: cookie parser out of boundary memory access

The internal libcurl function called sanitize_cookie_path() that cleans
up the path element as given to it from a remote site or when read from
a file, did not properly validate the input. If given a path that
consisted of a single double-quote, libcurl would index a newly
allocated memory area with index -1 and assign a zero to it, thus
destroying heap memory it wasn't supposed to.

CVE-2015-3145

Bug: http://curl.haxx.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
9 years agoConnectionExists: for NTLM re-use, require credentials to match
Daniel Stenberg [Thu, 16 Apr 2015 11:26:46 +0000 (13:26 +0200)]
ConnectionExists: for NTLM re-use, require credentials to match

CVE-2015-3143

Bug: http://curl.haxx.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
9 years agoopenssl: add OPENSSL_NO_SSL3_METHOD check
byronhe [Tue, 21 Apr 2015 19:08:08 +0000 (15:08 -0400)]
openssl: add OPENSSL_NO_SSL3_METHOD check

9 years agoCURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc
Daniel Stenberg [Mon, 20 Apr 2015 21:39:04 +0000 (23:39 +0200)]
CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc

Bug: https://github.com/bagder/curl/issues/229
Reported-by: bsammon
9 years agoconfigure --with-nss: remove unneeded libs from the fallback
Mostyn Bramley-Moore [Mon, 20 Apr 2015 07:50:15 +0000 (09:50 +0200)]
configure --with-nss: remove unneeded libs from the fallback

9 years agocontributors.sh: fix help output, filter out (-prefix from names
Daniel Stenberg [Mon, 20 Apr 2015 08:15:31 +0000 (10:15 +0200)]
contributors.sh: fix help output, filter out (-prefix from names

9 years agoRELEASE-NOTES: synced with cc0e7ebc3be0
Daniel Stenberg [Mon, 20 Apr 2015 08:05:46 +0000 (10:05 +0200)]
RELEASE-NOTES: synced with cc0e7ebc3be0

9 years agoCURLMOPT_TIMERFUNCTION.3: Clarify, add an example
Michael Stapelberg [Sat, 11 Apr 2015 20:28:10 +0000 (22:28 +0200)]
CURLMOPT_TIMERFUNCTION.3: Clarify, add an example

9 years agovtls/openssl: use https in URLs and a comment typo fixed
Viktor Szakáts [Mon, 29 Dec 2014 03:15:36 +0000 (04:15 +0100)]
vtls/openssl: use https in URLs and a comment typo fixed

9 years agocurl_version_info.3: fixed the 'protocols' variable type
Daniel Stenberg [Sat, 18 Apr 2015 20:46:04 +0000 (22:46 +0200)]
curl_version_info.3: fixed the 'protocols' variable type

Reported-by: John Marshall
Bug: https://github.com/bagder/curl/issues/225

9 years agotest1423: added missing "file" to server section
Dan Fandrich [Sat, 18 Apr 2015 19:12:36 +0000 (21:12 +0200)]
test1423: added missing "file" to server section

9 years agoTheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods
Daniel Stenberg [Fri, 17 Apr 2015 21:53:11 +0000 (23:53 +0200)]
TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods

... and some minor edits

9 years agoRevert "HTTP: don't abort connections with pending Negotiate authentication"
Daniel Stenberg [Fri, 17 Apr 2015 21:23:42 +0000 (23:23 +0200)]
Revert "HTTP: don't abort connections with pending Negotiate authentication"

This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6.

Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
9 years agocyassl: Fix include order
Jay Satiro [Fri, 17 Apr 2015 19:22:48 +0000 (15:22 -0400)]
cyassl: Fix include order

Prior to this change CyaSSL's build options could redefine some generic
build symbols.

http://curl.haxx.se/mail/lib-2015-04/0069.html

9 years agoconfigure --with-nss: drop redundant if statement
Kamil Dudka [Wed, 8 Apr 2015 13:19:37 +0000 (15:19 +0200)]
configure --with-nss: drop redundant if statement

9 years agoconfigure --with-nss=PATH: query pkg-config if available
Kamil Dudka [Wed, 8 Apr 2015 13:17:49 +0000 (15:17 +0200)]
configure --with-nss=PATH: query pkg-config if available

Bug: https://github.com/bagder/curl/pull/171

9 years agoparsecfg: do not continue past a zero termination
Daniel Stenberg [Thu, 16 Apr 2015 22:38:50 +0000 (00:38 +0200)]
parsecfg: do not continue past a zero termination

When a config file line ends without newline, the parsing function could
continue reading beyond that point in memory.

Reported-by: Hanno Böck
9 years agogitignore: Ignore Windows build output directories
Jay Satiro [Thu, 16 Apr 2015 22:24:42 +0000 (18:24 -0400)]
gitignore: Ignore Windows build output directories

9 years agoRELEASE-NOTES: synced with 1ba6e4c88e0
Daniel Stenberg [Wed, 15 Apr 2015 21:21:35 +0000 (23:21 +0200)]
RELEASE-NOTES: synced with 1ba6e4c88e0

9 years agoTODO: 17.9 Choose the name of file in braces for complex URLs
Daniel Stenberg [Wed, 15 Apr 2015 19:13:25 +0000 (21:13 +0200)]
TODO: 17.9 Choose the name of file in braces for complex URLs

9 years agoTODO: a little caution that maybe not all ideas are still good
Daniel Stenberg [Wed, 15 Apr 2015 18:56:43 +0000 (20:56 +0200)]
TODO: a little caution that maybe not all ideas are still good

9 years agoTODO: 17.8 offer color-coded HTTP header output
Daniel Stenberg [Wed, 15 Apr 2015 12:29:30 +0000 (14:29 +0200)]
TODO: 17.8 offer color-coded HTTP header output

9 years agoTODO: 17.7 warning when sending binary output to terminal
Daniel Stenberg [Wed, 15 Apr 2015 12:27:32 +0000 (14:27 +0200)]
TODO: 17.7 warning when sending binary output to terminal

9 years agoKNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes
Daniel Stenberg [Wed, 15 Apr 2015 00:48:20 +0000 (02:48 +0200)]
KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes

9 years agocyassl: Add support for TLS extension SNI
Jay Satiro [Mon, 13 Apr 2015 05:07:28 +0000 (01:07 -0400)]
cyassl: Add support for TLS extension SNI

9 years agogitignore: ignore test-driver file
Matthew Hall [Wed, 25 Mar 2015 00:37:41 +0000 (17:37 -0700)]
gitignore: ignore test-driver file

9 years agovtls_openssl: improve PKCS#12 load failure error message
Matthew Hall [Wed, 25 Mar 2015 00:36:32 +0000 (17:36 -0700)]
vtls_openssl: improve PKCS#12 load failure error message

9 years agovtls_openssl: fix minor typo in PKCS#12 load routine
Matthew Hall [Wed, 25 Mar 2015 00:35:36 +0000 (17:35 -0700)]
vtls_openssl: fix minor typo in PKCS#12 load routine

9 years agovtls_openssl: improve client certificate load failure error messages
Matthew Hall [Wed, 25 Mar 2015 00:34:13 +0000 (17:34 -0700)]
vtls_openssl: improve client certificate load failure error messages

9 years agovtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant
Matthew Hall [Wed, 25 Mar 2015 00:33:27 +0000 (17:33 -0700)]
vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant

9 years agoBUGS: refer to the github issue tracker now as primary
Daniel Stenberg [Mon, 13 Apr 2015 14:43:52 +0000 (16:43 +0200)]
BUGS: refer to the github issue tracker now as primary

9 years agofirefox-db2pem: fix wildcard to find Firefox default profile
Daniel Stenberg [Mon, 13 Apr 2015 13:29:54 +0000 (15:29 +0200)]
firefox-db2pem: fix wildcard to find Firefox default profile

At some point, Firefox has changed and generates different directory
names for the default profile that made this script fail to find them.

Bug: https://github.com/bagder/curl/issues/207
Reported-by: sneakyimp
9 years agocyassl: Include the CyaSSL build config
Jay Satiro [Sun, 12 Apr 2015 03:58:42 +0000 (23:58 -0400)]
cyassl: Include the CyaSSL build config

CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.

9 years agobuild: Generate source prerequisites for Visual Studio in generate.bat
Jay Satiro [Wed, 8 Apr 2015 16:09:30 +0000 (12:09 -0400)]
build: Generate source prerequisites for Visual Studio in generate.bat

Prior to this change Visual Studio builds could fail due to missing
prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h.

http://curl.haxx.se/mail/lib-2015-04/0034.html

9 years agolib/makefile.m32: add missing libs to build libcurl.dll
Viktor Szakats [Thu, 9 Apr 2015 01:31:00 +0000 (03:31 +0200)]
lib/makefile.m32: add missing libs to build libcurl.dll

Add 'gdi32' and 'crypt32' Windows implibs to avoid failure
while building libcurl.dll using the mingw compiler.
The same logic is used in 'src/makefile.m32' when
building curl.exe.

9 years agotest142[23]: verify that an empty file is stored on success
Kamil Dudka [Tue, 7 Apr 2015 14:54:50 +0000 (16:54 +0200)]
test142[23]: verify that an empty file is stored on success

9 years agosrc/tool_operate: create output file on successful download
Kamil Dudka [Mon, 30 Mar 2015 11:56:30 +0000 (13:56 +0200)]
src/tool_operate: create output file on successful download

... of an empty file

Bug: https://github.com/bagder/curl/issues/183

9 years agosrc/tool_cb_wrt: separate fnc for output file creation
Kamil Dudka [Mon, 30 Mar 2015 11:45:22 +0000 (13:45 +0200)]
src/tool_cb_wrt: separate fnc for output file creation

9 years agolib/transfer.c: Remove factor of 8 from sleep time calculation
Da-Yoon Chung [Mon, 6 Apr 2015 17:22:07 +0000 (13:22 -0400)]
lib/transfer.c: Remove factor of 8 from sleep time calculation

The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and
rate_bps are both in bytes. When using the rate limiting option, curl
waits 8 times too long, and then transfers very quickly until the
average rate reaches the limit. The average rate follows the limit over
time, but the actual traffic is bursty.

Thanks-to: Benjamin Gilbert
9 years agox509asn1: Silence x64 loss-of-data warning on RSA key length assignment
Jay Satiro [Sun, 5 Apr 2015 06:25:33 +0000 (02:25 -0400)]
x509asn1: Silence x64 loss-of-data warning on RSA key length assignment

The key length in bits will always fit in an unsigned long so the
loss-of-data warning assigning the result of x64 pointer arithmetic to
an unsigned long is unnecessary.

9 years agocyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size
Jay Satiro [Sat, 4 Apr 2015 06:12:03 +0000 (02:12 -0400)]
cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size

Also fix it so that all ERR_error_string calls use an error buffer.
CyaSSL's implementation of ERR_error_string only writes the error when
an error buffer is passed.

http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html

9 years agocyassl: Remove 'Connecting to' message from cyassl_connect_step2
Jay Satiro [Sat, 4 Apr 2015 06:24:43 +0000 (02:24 -0400)]
cyassl: Remove 'Connecting to' message from cyassl_connect_step2

Prior to this change libcurl could show multiple 'CyaSSL: Connecting to'
messages since cyassl_connect_step2 is called multiple times, typically.
The message is superfluous even once since libcurl already informs the
user elsewhere in code that it is connecting.

9 years agochecksrc.bat: quotes to support an SRC_DIR with spaces
Viktor Szakats [Sat, 4 Apr 2015 16:03:25 +0000 (18:03 +0200)]
checksrc.bat: quotes to support an SRC_DIR with spaces

9 years agohostip: fix compiler warnings
Daniel Stenberg [Fri, 3 Apr 2015 21:41:58 +0000 (23:41 +0200)]
hostip: fix compiler warnings

introduced in the previous mini-series of 3 commits

9 years agoactually implement CURLOPT_RESOLVE removals
Stefan Bühler [Tue, 17 Mar 2015 08:15:25 +0000 (09:15 +0100)]
actually implement CURLOPT_RESOLVE removals

- also log when a CURLOPT_RESOLVE entry couldn't get parsed

9 years agomove Curl_share_lock and ref counting into Curl_fetch_addr
Stefan Bühler [Tue, 17 Mar 2015 08:26:36 +0000 (09:26 +0100)]
move Curl_share_lock and ref counting into Curl_fetch_addr

9 years agofix refreshing of obsolete dns cache entries
Stefan Bühler [Tue, 17 Mar 2015 08:09:43 +0000 (09:09 +0100)]
fix refreshing of obsolete dns cache entries

- cache entries must be also refreshed when they are in use
- have the cache count as inuse reference too, freeing timestamp == 0 special
  value
- use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed
- remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh)
- fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special
  reference anymore, and it would also release non CURLOPT_RESOLVE references
- fix locking in Curl_hostcache_clean
- fix unit1305.c: hash now keeps a reference, need to set inuse = 1

9 years agoRELEASE-NOTES: synced with abf6bddc14a
Daniel Stenberg [Fri, 3 Apr 2015 09:02:57 +0000 (11:02 +0200)]
RELEASE-NOTES: synced with abf6bddc14a

9 years agochecksrc.bat: Check lib\vtls source
Jay Satiro [Fri, 3 Apr 2015 05:11:34 +0000 (01:11 -0400)]
checksrc.bat: Check lib\vtls source

9 years agocyassl: Set minimum protocol version before CTX callback
Jay Satiro [Fri, 3 Apr 2015 06:11:35 +0000 (02:11 -0400)]
cyassl: Set minimum protocol version before CTX callback

This change is to allow the user's CTX callback to change the minimum
protocol version in the CTX without us later overriding it, as we did
prior to this change.

9 years agobuild-openssl.bat: Fix mixed line endings
Jay Satiro [Thu, 2 Apr 2015 15:21:09 +0000 (17:21 +0200)]
build-openssl.bat: Fix mixed line endings

Use LF not CRLF, throughout.  msysgit will only convert a file to CRLF
on checkout if it's not mixed.

9 years agocyassl: Fix certificate load check
Jay Satiro [Thu, 2 Apr 2015 05:51:07 +0000 (01:51 -0400)]
cyassl: Fix certificate load check

SSL_CTX_load_verify_locations can return negative values on fail,
therefore to check for failure we check if load is != 1 (success)
instead of if load is == 0 (failure), the latter being incorrect given
that behavior.

9 years agohttp2: Fix missing nghttp2_session_send call in Curl_http2_switched
Tatsuhiro Tsujikawa [Wed, 1 Apr 2015 15:28:58 +0000 (00:28 +0900)]
http2: Fix missing nghttp2_session_send call in Curl_http2_switched

Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to
parse incoming data which were already received while curl was handling
upgrade.  But we didn't call nghttp2_session_send, and it led to make
curl not send any response to the received frames.  Most likely, we
received SETTINGS from server at this point, so we missed opportunity to
send SETTINGS + ACK.  This commit adds missing nghttp2_session_send call
in Curl_http2_switched to fix this issue.

Bug: https://github.com/bagder/curl/issues/192
Reported-by: Stefan Eissing
9 years agocookie: handle spaces after the name in Set-Cookie
Daniel Stenberg [Wed, 1 Apr 2015 21:25:29 +0000 (23:25 +0200)]
cookie: handle spaces after the name in Set-Cookie

"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts
9 years agocyassl: Fix library initialization return value
Jay Satiro [Mon, 30 Mar 2015 23:09:26 +0000 (19:09 -0400)]
cyassl: Fix library initialization return value

(Curl_cyassl_init)
- Return 1 on success, 0 in failure.

Prior to this change the fail path returned an incorrect value and the
evaluation to determine whether CyaSSL_Init had succeeded was incorrect.
Ironically that combined with the way curl_global_init tests SSL library
initialization (!Curl_ssl_init()) meant that CyaSSL having been
successfully initialized would be seen as that even though the code path
and return value in Curl_cyassl_init were wrong.

9 years agoCURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"
Thomas Ruecker [Tue, 31 Mar 2015 10:07:53 +0000 (13:07 +0300)]
CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200"

Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200"
under certain conditions:

    client_wants_icy_headers (connection_t *con)
    {
            const char *val;

            if (!con)
                    return 1;

            val = get_user_agent (con);
            if (!val || !val[0] || strcmp (val, "(null)") == 0)
                    return 1;

            if (con->food.client->use_icy)
                    return 1;
            if (strncasecmp (val, "winamp", 6) == 0)
                    return 1;
            if (strncasecmp (val, "Shoutcast", 9) == 0)
                    return 1;

            return 0;
    }

So mainly if there is no 'user agent' or it is '(null)' or contains
'winamp' or 'Shoutcast'.

No mainstream distribution carries Icecast 1.3.x anymore, after all
it was released in 2002 and superseded by Icecast 2.x.

9 years agoaxtls: add timeout within Curl_axtls_connect
Dan Fandrich [Tue, 31 Mar 2015 00:04:22 +0000 (02:04 +0200)]
axtls: add timeout within Curl_axtls_connect

This allows test 405 to pass on axTLS.

9 years agochecksrc: Windows-specific input fixes
Jay Satiro [Mon, 30 Mar 2015 20:22:58 +0000 (16:22 -0400)]
checksrc: Windows-specific input fixes

lib/config-win32ce.h
- Fix whitespace for checksrc compliance.

lib/checksrc.pl
- Remove trailing carriage returns from input.

projects/checksrc.bat
- Ignore tool_hugehelp.c.

9 years agoconfigure: Use KRB5CONFIG for krb5-config
Dagobert Michelsen [Mon, 30 Mar 2015 12:18:21 +0000 (14:18 +0200)]
configure: Use KRB5CONFIG for krb5-config

Allows the user to easier override its path.

Bug: http://curl.haxx.se/bug/view.cgi?id=1486

9 years agomulti: remove_handle: move pending connections
Daniel Stenberg [Sun, 29 Mar 2015 21:48:32 +0000 (23:48 +0200)]
multi: remove_handle: move pending connections

If the handle removed from the multi handle happens to be the one
"owning" the pipeline other transfers will be waiting indefinitely. Now
we move such handles back to connect to have them race (again) for
getting the connection and thus avoid hanging.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
9 years agoKNOWN_BUGS: 89 is bug #1411
Daniel Stenberg [Sun, 29 Mar 2015 21:20:15 +0000 (23:20 +0200)]
KNOWN_BUGS: 89 is bug #1411

Disabling pipelining on multi handle with in-progress pipelined requests
leads to heap corruption and crash

9 years agocyassl: CTX callback cosmetic changes and doc fix
Jay Satiro [Sat, 28 Mar 2015 04:16:08 +0000 (00:16 -0400)]
cyassl: CTX callback cosmetic changes and doc fix

- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.

9 years agoRELEASE-NOTES: synced with d2feb71752f
Daniel Stenberg [Fri, 27 Mar 2015 22:46:03 +0000 (23:46 +0100)]
RELEASE-NOTES: synced with d2feb71752f

9 years agotool_operate: only set SSL options if SSL is enabled
Dan Fandrich [Sat, 28 Mar 2015 10:51:05 +0000 (11:51 +0100)]
tool_operate: only set SSL options if SSL is enabled

9 years agoruntests.pl: detect WolfSSL as yassl
Dan Fandrich [Fri, 27 Mar 2015 23:26:45 +0000 (00:26 +0100)]
runtests.pl: detect WolfSSL as yassl

9 years agocyassl: add SSL context callback support for CyaSSL
Kyle L. Huff [Fri, 27 Mar 2015 11:22:32 +0000 (07:22 -0400)]
cyassl: add SSL context callback support for CyaSSL

Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.

9 years agocyassl: remove undefined reference to CyaSSL_no_filesystem_verify
Kyle L. Huff [Fri, 27 Mar 2015 00:43:22 +0000 (20:43 -0400)]
cyassl: remove undefined reference to CyaSSL_no_filesystem_verify

CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.

9 years agobuild: Fix libcurl.sln erroneous mixed configurations
Jay Satiro [Sat, 21 Mar 2015 22:55:29 +0000 (18:55 -0400)]
build: Fix libcurl.sln erroneous mixed configurations

Prior to this change some Release configurations had an active
configuration assignment to their Debug counterpart.

9 years agovtls: Don't accept unknown CURLOPT_SSLVERSION values
Jay Satiro [Fri, 27 Mar 2015 06:20:43 +0000 (02:20 -0400)]
vtls: Don't accept unknown CURLOPT_SSLVERSION values

9 years agourl: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined
Jay Satiro [Thu, 26 Mar 2015 06:31:35 +0000 (02:31 -0400)]
url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined

9 years agobuild: link curl to openssl libraries when openssl support is enabled
Paul Howarth [Fri, 9 Jan 2015 09:49:20 +0000 (09:49 +0000)]
build: link curl to openssl libraries when openssl support is enabled

This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.

This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133,
which fixes the same sort of problem for NSS builds.

9 years agomulti: on a request completion, check all CONNECT_PEND transfers
Daniel Stenberg [Sat, 21 Mar 2015 21:42:43 +0000 (22:42 +0100)]
multi: on a request completion, check all CONNECT_PEND transfers

... even if they don't have an associated connection anymore. It could
leave the waiting transfers pending with no active one on the
connection.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
9 years agoglobbing: fix url number calculation when using range with step
Emil Lerner [Wed, 25 Mar 2015 11:23:42 +0000 (14:23 +0300)]
globbing: fix url number calculation when using range with step

In function glob_range, the number of urls was multiplied by (max - min
+ 1), regardless of step. The correct formula is (max - min) / step + 1

9 years agoREADME.http2: refreshed and added TODO items
Daniel Stenberg [Wed, 25 Mar 2015 11:13:16 +0000 (12:13 +0100)]
README.http2: refreshed and added TODO items

9 years agoglobbing: fix step parsing for character globbing ranges
Emil Lerner [Wed, 25 Mar 2015 04:43:04 +0000 (07:43 +0300)]
globbing: fix step parsing for character globbing ranges

The glob_range function used wrong offset (3 instead of 4) for parsing
integer step inside character range specification, which led to 'bad
range' error when using character ranges with explicitly specified step
(such as '[a-z:2]')