]> granicus.if.org Git - curl/log
curl
5 years agoeasy: fix win32 init to work without CURL_GLOBAL_WIN32
Jay Satiro [Sat, 16 Feb 2019 23:55:40 +0000 (18:55 -0500)]
easy: fix win32 init to work without CURL_GLOBAL_WIN32

- Change the behavior of win32_init so that the required initialization
  procedures are not affected by CURL_GLOBAL_WIN32 flag.

libcurl via curl_global_init supports initializing for win32 with an
optional flag CURL_GLOBAL_WIN32, which if omitted was meant to stop
Winsock initialization. It did so internally by skipping win32_init()
when that flag was set. Since then win32_init() has been expanded to
include required initialization routines that are separate from
Winsock and therefore must be called in all cases. This commit fixes
it so that CURL_GLOBAL_WIN32 only controls the optional win32
initialization (which is Winsock initialization, according to our doc).

The only users affected by this change are those that don't pass
CURL_GLOBAL_WIN32 to curl_global_init. For them this commit removes the
risk of a potential crash.

Ref: https://github.com/curl/curl/pull/3573

Fixes https://github.com/curl/curl/issues/3313
Closes https://github.com/curl/curl/pull/3575

5 years agocookie: Add support for cookie prefixes
Daniel Gustafsson [Sat, 16 Feb 2019 23:09:30 +0000 (00:09 +0100)]
cookie: Add support for cookie prefixes

The draft-ietf-httpbis-rfc6265bis-02 draft, specify a set of prefixes
and how they should affect cookie initialization, which has been
adopted by the major browsers. This adds support for the two prefixes
defined, __Host- and __Secure, and updates the testcase with the
supplied examples from the draft.

Closes #3554
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agombedtls: release sessionid resources on error
Daniel Gustafsson [Sat, 16 Feb 2019 21:30:31 +0000 (22:30 +0100)]
mbedtls: release sessionid resources on error

If mbedtls_ssl_get_session() fails, it may still have allocated
memory that needs to be freed to avoid leaking. Call the library
API function to release session resources on this errorpath as
well as on Curl_ssl_addsessionid() errors.

Closes: #3574
Reported-by: Michał Antoniak <M.Antoniak@posnet.com>
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agocli tool: refactor encoding conversion sequence for switch case fallthrough.
Patrick Monnerat [Sat, 16 Feb 2019 01:04:24 +0000 (02:04 +0100)]
cli tool: refactor encoding conversion sequence for switch case fallthrough.

5 years agoversion.c: silent scan-build even when librtmp is not enabled
Patrick Monnerat [Fri, 15 Feb 2019 19:19:00 +0000 (20:19 +0100)]
version.c: silent scan-build even when librtmp is not enabled

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 15 Feb 2019 22:33:47 +0000 (23:33 +0100)]
RELEASE-NOTES: synced

5 years agoCurl_now: figure out windows version in win32_init
Daniel Stenberg [Thu, 14 Feb 2019 16:08:29 +0000 (17:08 +0100)]
Curl_now: figure out windows version in win32_init

... and avoid use of static variables that aren't thread safe.

Fixes regression from e9ababd4f5a (present in the 7.64.0 release)

Reported-by: Paul Groke
Fixes #3572
Closes #3573

5 years agounit1307: just fail without FTP support
Marcel Raad [Thu, 14 Feb 2019 08:35:54 +0000 (09:35 +0100)]
unit1307: just fail without FTP support

I missed to check this in with commit
71786c0505926aaf7e9b2477b2fb7ee16a915ec6, which only disabled the test.
This fixes the actual linker error.

Closes https://github.com/curl/curl/pull/3568

5 years agotravis: enable valgrind for the iconv tests too
Daniel Stenberg [Thu, 14 Feb 2019 15:13:27 +0000 (16:13 +0100)]
travis: enable valgrind for the iconv tests too

Closes #3571

5 years agotravis: add scan-build
Daniel Stenberg [Mon, 20 Nov 2017 22:31:05 +0000 (23:31 +0100)]
travis: add scan-build

Closes #3564

5 years agoexamples/sftpuploadresume: Value stored to 'result' is never read
Daniel Stenberg [Thu, 14 Feb 2019 11:30:25 +0000 (12:30 +0100)]
examples/sftpuploadresume: Value stored to 'result' is never read

Detected by scan-build

5 years agoexamples/http2-upload: cleaned up
Daniel Stenberg [Thu, 14 Feb 2019 11:28:23 +0000 (12:28 +0100)]
examples/http2-upload: cleaned up

Fix scan-build warnings, no globals, no silly handle scan. Also remove
handles from the multi before cleaning up.

5 years agoexamples/http2-download: cleaned up
Daniel Stenberg [Thu, 14 Feb 2019 11:19:40 +0000 (12:19 +0100)]
examples/http2-download: cleaned up

To avoid scan-build warnings and global variables.

5 years agoexamples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
Daniel Stenberg [Thu, 14 Feb 2019 10:53:02 +0000 (11:53 +0100)]
examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'

Detected by scan-build

5 years agoexamples/httpcustomheader: Value stored to 'res' is never read
Daniel Stenberg [Thu, 14 Feb 2019 10:50:12 +0000 (11:50 +0100)]
examples/httpcustomheader: Value stored to 'res' is never read

Detected by scan-build

5 years agoexamples: remove superfluous null-pointer checks
Daniel Stenberg [Thu, 14 Feb 2019 10:48:43 +0000 (11:48 +0100)]
examples: remove superfluous null-pointer checks

in ftpget, ftpsget and sftpget, so that scan-build stops warning for
potential NULL pointer dereference below!

Detected by scan-build

5 years agostrip_trailing_dot: make sure NULL is never used for strlen
Daniel Stenberg [Wed, 13 Feb 2019 12:20:41 +0000 (13:20 +0100)]
strip_trailing_dot: make sure NULL is never used for strlen

scan-build warning: Null pointer passed as an argument to a 'nonnull'
parameter

5 years agoconnection_check: restore original conn->data after the check
Jay Satiro [Tue, 12 Feb 2019 04:00:00 +0000 (23:00 -0500)]
connection_check: restore original conn->data after the check

- Save the original conn->data before it's changed to the specified
  data transfer for the connection check and then restore it afterwards.

This is a follow-up to 38d8e1b 2019-02-11.

History:

It was discovered a month ago that before checking whether to extract a
dead connection that that connection should be associated with a "live"
transfer for the check (ie original conn->data ignored and set to the
passed in data). A fix was landed in 54b201b which did that and also
cleared conn->data after the check. The original conn->data was not
restored, so presumably it was thought that a valid conn->data was no
longer needed.

Several days later it was discovered that a valid conn->data was needed
after the check and follow-up fix was landed in bbae24c which partially
reverted the original fix and attempted to limit the scope of when
conn->data was changed to only when pruning dead connections. In that
case conn->data was not cleared and the original conn->data not
restored.

A month later it was discovered that the original fix was somewhat
correct; a "live" transfer is needed for the check in all cases
because original conn->data could be null which could cause a bad deref
at arbitrary points in the check. A fix was landed in 38d8e1b which
expanded the scope to all cases. conn->data was not cleared and the
original conn->data not restored.

A day later it was discovered that not restoring the original conn->data
may lead to busy loops in applications that use the event interface, and
given this observation it's a pretty safe assumption that there is some
code path that still needs the original conn->data. This commit is the
follow-up fix for that, it restores the original conn->data after the
connection check.

Assisted-by: tholin@users.noreply.github.com
Reported-by: tholin@users.noreply.github.com
Fixes https://github.com/curl/curl/issues/3542
Closes #3559

5 years agomemdebug: bring back curl_mark_sclose
Daniel Stenberg [Thu, 14 Feb 2019 16:34:55 +0000 (17:34 +0100)]
memdebug: bring back curl_mark_sclose

Used by debug builds with NSS.

Reverted from 05b100aee247bb

5 years agotransfer.c: do not compute length of undefined hex buffer.
Patrick Monnerat [Thu, 14 Feb 2019 15:03:24 +0000 (16:03 +0100)]
transfer.c: do not compute length of undefined hex buffer.

On non-ascii platforms, the chunked hex header was measured for char code
conversion length, even for chunked trailers that do not have an hex header.
In addition, the efective length is already known: use it.
Since the hex length can be zero, only convert if needed.

Reported by valgrind.

5 years agoKNOWN_BUGS: Cannot compile against a static build of OpenLDAP
Daniel Stenberg [Thu, 14 Feb 2019 14:36:43 +0000 (15:36 +0100)]
KNOWN_BUGS: Cannot compile against a static build of OpenLDAP

Closes #2367

5 years agox509asn1: "Dereference of null pointer"
Patrick Monnerat [Thu, 14 Feb 2019 13:54:01 +0000 (14:54 +0100)]
x509asn1: "Dereference of null pointer"

Detected by scan-build (false positive).

5 years agoconfigure: show features as well in the final summary
Daniel Stenberg [Thu, 14 Feb 2019 10:45:49 +0000 (11:45 +0100)]
configure: show features as well in the final summary

Closes #3569

5 years agoKNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10
Daniel Stenberg [Thu, 14 Feb 2019 09:49:22 +0000 (10:49 +0100)]
KNOWN_BUGS: curl compiled on OSX 10.13 failed to run on OSX 10.10

Closes #2905

5 years agoKNOWN_BUGS: Deflate error after all content was received
Daniel Stenberg [Thu, 14 Feb 2019 09:46:18 +0000 (10:46 +0100)]
KNOWN_BUGS: Deflate error after all content was received

Closes #2719

5 years agogssapi: fix deprecated header warnings
Daniel Stenberg [Wed, 13 Feb 2019 12:48:18 +0000 (13:48 +0100)]
gssapi: fix deprecated header warnings

Heimdal includes on FreeBSD spewed out lots of them. Less so now.

Closes #3566

5 years agoTODO: Upgrade to websockets
Daniel Stenberg [Thu, 14 Feb 2019 07:30:49 +0000 (08:30 +0100)]
TODO: Upgrade to websockets

Closes #3523

5 years agoTODO: cmake test suite improvements
Daniel Stenberg [Thu, 14 Feb 2019 07:09:31 +0000 (08:09 +0100)]
TODO: cmake test suite improvements

Closes #3109

5 years agocurl: "Dereference of null pointer"
Patrick Monnerat [Wed, 13 Feb 2019 17:44:17 +0000 (18:44 +0100)]
curl: "Dereference of null pointer"

Rephrase to satisfy scan-build.

5 years agounit1307: require FTP support
Marcel Raad [Wed, 13 Feb 2019 07:35:15 +0000 (08:35 +0100)]
unit1307: require FTP support

This test doesn't link without FTP support after
fc7ab4835b5fd09d0a6f57000633bb6bb6edfda1, which made Curl_fnmatch
unavailable without FTP support.

Closes https://github.com/curl/curl/pull/3565

5 years agoTODO: TFO support on Windows
Daniel Stenberg [Wed, 13 Feb 2019 07:28:28 +0000 (08:28 +0100)]
TODO: TFO support on Windows

Nobody works on this now.

Closes #3378

5 years agomulti: Dereference of null pointer
Daniel Stenberg [Tue, 12 Feb 2019 15:38:57 +0000 (16:38 +0100)]
multi: Dereference of null pointer

Mostly a false positive, but this makes the code easier to read anyway.

Detected by scan-build.

Closes #3563

5 years agourlglob: Argument with 'nonnull' attribute passed null
Daniel Stenberg [Tue, 12 Feb 2019 15:15:12 +0000 (16:15 +0100)]
urlglob: Argument with 'nonnull' attribute passed null

Detected by scan-build.

5 years agoschannel: restore some debug output but only for debug builds
Jay Satiro [Wed, 13 Feb 2019 00:54:08 +0000 (19:54 -0500)]
schannel: restore some debug output but only for debug builds

Follow-up to 84c10dc from earlier today which wrapped a lot of the noisy
debug output in DEBUGF but omitted a few lines.

Ref: https://github.com/curl/curl/commit/84c10dc#r32292900

5 years agoexamples/crawler: Fix the Accept-Encoding setting
Jay Satiro [Tue, 12 Feb 2019 23:07:29 +0000 (18:07 -0500)]
examples/crawler: Fix the Accept-Encoding setting

- Pass an empty string to CURLOPT_ACCEPT_ENCODING to use the default
  supported encodings.

Prior to this change the specific encodings of gzip and deflate were set
but there's no guarantee they'd be supported by the user's libcurl.

5 years agomime: put the boundary buffer into the curl_mime struct
Daniel Stenberg [Tue, 12 Feb 2019 13:30:25 +0000 (14:30 +0100)]
mime: put the boundary buffer into the curl_mime struct

... instead of allocating it separately and point to it. It is
fixed-size and always used for each part.

Closes #3561

5 years agoschannel: be quiet
Daniel Stenberg [Mon, 11 Feb 2019 11:09:45 +0000 (12:09 +0100)]
schannel: be quiet

Convert numerous infof() calls into debug-build only messages since they
are annoyingly verbose for regular applications. Removed a few.

Bug: https://curl.haxx.se/mail/lib-2019-02/0027.html
Reported-by: Volker Schmid
Closes #3552

5 years agoCurl_resolv: fix a gcc -Werror=maybe-uninitialized warning
Romain Geissler [Tue, 12 Feb 2019 17:43:55 +0000 (17:43 +0000)]
Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning

Closes #3562

5 years agohttp2: multi_connchanged() moved from multi.c, only used for h2
Daniel Stenberg [Mon, 11 Feb 2019 16:25:48 +0000 (17:25 +0100)]
http2: multi_connchanged() moved from multi.c, only used for h2

Closes #3557

5 years agocurl: "Function call argument is an uninitialized value"
Daniel Stenberg [Tue, 12 Feb 2019 09:09:09 +0000 (10:09 +0100)]
curl: "Function call argument is an uninitialized value"

Follow-up to cac0e4a6ad14b42471eb

Detected by scan-build
Closes #3560

5 years agopretransfer: don't strlen() POSTFIELDS set for GET requests
Daniel Stenberg [Mon, 11 Feb 2019 08:17:07 +0000 (09:17 +0100)]
pretransfer: don't strlen() POSTFIELDS set for GET requests

... since that data won't be used in the request anyway.

Fixes #3548
Reported-by: Renaud Allard
Close #3549

5 years agomulti: remove verbose "Expire in" ... messages
Daniel Stenberg [Mon, 11 Feb 2019 21:57:33 +0000 (22:57 +0100)]
multi: remove verbose "Expire in" ... messages

Reported-by: James Brown
Bug: https://curl.haxx.se/mail/archive-2019-02/0013.html
Closes #3558

5 years agombedtls: make it build even if MBEDTLS_VERSION_C isn't set
Daniel Stenberg [Mon, 11 Feb 2019 13:30:23 +0000 (14:30 +0100)]
mbedtls: make it build even if MBEDTLS_VERSION_C isn't set

Reported-by: MAntoniak on github
Fixes #3553
Closes #3556

5 years agonon-ascii.c: fix typos in comments
Daniel Gustafsson [Tue, 12 Feb 2019 09:23:31 +0000 (10:23 +0100)]
non-ascii.c: fix typos in comments

Fix two occurrences of s/convers/converts/ spotted while reading code.

5 years agofnmatch: disable if FTP is disabled
Daniel Stenberg [Thu, 7 Feb 2019 10:35:26 +0000 (11:35 +0100)]
fnmatch: disable if FTP is disabled

Closes #3551

5 years agocurl_path: only enabled for SSH builds
Daniel Stenberg [Thu, 7 Feb 2019 14:28:23 +0000 (15:28 +0100)]
curl_path: only enabled for SSH builds

5 years agotests: add stderr comparison to the test suite
Frank Gevaerts [Fri, 8 Feb 2019 09:55:45 +0000 (10:55 +0100)]
tests: add stderr comparison to the test suite

The code is more or less copied from the stdout comparison code, maybe
some better reuse is possible.

test 1457 is adjusted to make the output actually match (by using --silent)
test 506 used <stderr> without actually needing it, so that <stderr> block is removed

Closes #3536

5 years agocli tool: do not use mime.h private structures.
Patrick Monnerat [Mon, 11 Feb 2019 18:10:41 +0000 (19:10 +0100)]
cli tool: do not use mime.h private structures.

Option -F generates an intermediate representation of the mime structure
that is used later to create the libcurl mime structure and generate
the --libcurl statements.

Reported-by: Daniel Stenberg
Fixes #3532
Closes #3546

5 years agocurlver: bump to 7.64.1-dev
Daniel Stenberg [Mon, 11 Feb 2019 17:15:13 +0000 (18:15 +0100)]
curlver: bump to 7.64.1-dev

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 11 Feb 2019 17:09:33 +0000 (18:09 +0100)]
RELEASE-NOTES: synced

and bump the version in progress to 7.64.1. If we merge any "change"
before the cut-off date, we update again.

5 years agocurl: follow-up to 3f16990ec84
Daniel Gustafsson [Mon, 11 Feb 2019 13:22:36 +0000 (14:22 +0100)]
curl: follow-up to 3f16990ec84

Commit 3f16990ec84cc4b followed-up a bug in b49652ac66cc0 but was
inadvertently introducing a new bug in the ternary expression.

Close #3555
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agodns: release sharelock as soon as possible
Daniel Gustafsson [Mon, 11 Feb 2019 12:34:11 +0000 (13:34 +0100)]
dns: release sharelock as soon as possible

There is no benefit to holding the data sharelock when freeing the
addrinfo in case it fails, so ensure releaseing it as soon as we can
rather than holding on to it. This also aligns the code with other
consumers of sharelocks.

Closes #3516
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agocurl: follow-up to b49652ac66cc0
Daniel Stenberg [Mon, 11 Feb 2019 11:17:31 +0000 (12:17 +0100)]
curl: follow-up to b49652ac66cc0

On FreeBSD, return non-zero on error otherwise zero.

Reported-by: Marcel Raad
5 years agomulti: (void)-prefix when ignoring return values
Daniel Stenberg [Thu, 7 Feb 2019 09:40:27 +0000 (10:40 +0100)]
multi: (void)-prefix when ignoring return values

... and added braces to two function calls which fixes warnings if they
are replace by empty macros at build-time.

5 years agocurl: fix FreeBSD compiler warning in the --xattr code
Daniel Stenberg [Mon, 11 Feb 2019 09:09:18 +0000 (10:09 +0100)]
curl: fix FreeBSD compiler warning in the --xattr code

Closes #3550

5 years agoconnection_check: set ->data to the transfer doing the check
Daniel Stenberg [Mon, 11 Feb 2019 06:56:00 +0000 (07:56 +0100)]
connection_check: set ->data to the transfer doing the check

The http2 code for connection checking needs a transfer to use. Make
sure a working one is set before handler->connection_check() is called.

Reported-by: jnbr on github
Fixes #3541
Closes #3547

5 years agohostip: make create_hostcache_id avoid alloc + free
Daniel Stenberg [Sat, 9 Feb 2019 23:10:18 +0000 (00:10 +0100)]
hostip: make create_hostcache_id avoid alloc + free

Closes #3544

5 years agoscripts/singleuse: script to use to track single-use functions
Daniel Stenberg [Fri, 8 Feb 2019 11:08:42 +0000 (12:08 +0100)]
scripts/singleuse: script to use to track single-use functions

That is functions that are declared global but are not used from outside
of the file in which it is declared. Such functions should be made
static or even at times be removed.

It also verifies that all used curl_ prefixed functions are "blessed"

Closes #3538

5 years agocleanup: make local functions static
Daniel Stenberg [Fri, 8 Feb 2019 08:33:42 +0000 (09:33 +0100)]
cleanup: make local functions static

urlapi: turn three local-only functions into statics

conncache: make conncache_find_first_connection static

multi: make detach_connnection static

connect: make getaddressinfo static

curl_ntlm_core: make hmac_md5 static

http2: make two functions static

http: make http_setup_conn static

connect: make tcpnodelay static

tests: make UNITTEST a thing to mark functions with, so they can be static for
normal builds and non-static for unit test builds

... and mark Curl_shuffle_addr accordingly.

url: make up_free static

setopt: make vsetopt static

curl_endian: make write32_le static

rtsp: make rtsp_connisdead static

warnless: remove unused functions

memdebug: remove one unused function, made another static

5 years agocirrus: Added FreeBSD builds using Cirrus CI.
Dan Fandrich [Sat, 9 Feb 2019 09:04:39 +0000 (10:04 +0100)]
cirrus: Added FreeBSD builds using Cirrus CI.

The build logs will be at https://cirrus-ci.com/github/curl/curl

Some tests are currently failing and so disabled for now. The SSH server
isn't starting for the SSH tests due to unsupported options used in its
config file. The DICT server also is failing on startup.

5 years agourl/idnconvert: remove scan for <= 32 ascii values
Daniel Stenberg [Thu, 7 Feb 2019 10:54:00 +0000 (11:54 +0100)]
url/idnconvert: remove scan for <= 32 ascii values

The check was added back in fa939220df before the URL parser would catch
these problems and therefore these will never trigger now.

Closes #3539

5 years agourlapi: reduce variable scope, remove unreachable 'break'
Daniel Stenberg [Fri, 8 Feb 2019 12:49:45 +0000 (13:49 +0100)]
urlapi: reduce variable scope, remove unreachable 'break'

Both nits pointed out by codacy.com

Closes #3540

5 years agozsh.pl: escape ':' character
Alessandro Ghedini [Tue, 5 Feb 2019 21:06:26 +0000 (21:06 +0000)]
zsh.pl: escape ':' character

':' is interpreted as separator by zsh, so if used as part of the argument
or option's description it needs to be escaped.

The problem can be reproduced as follows:

 % curl --reso<TAB>
 % curl -E <TAB>

Bug: https://bugs.debian.org/921452

5 years agozsh.pl: update regex to better match curl -h output
Alessandro Ghedini [Tue, 5 Feb 2019 20:44:14 +0000 (20:44 +0000)]
zsh.pl: update regex to better match curl -h output

The current regex fails to match '<...>' arguments properly (e.g. those
with spaces in them), which causes an completion script with wrong
descriptions for some options.

Here's a diff of the generated completion script, comparing the previous
version to the one with this fix:

--- /usr/share/zsh/vendor-completions/_curl 2019-01-15 20:47:40.000000000 +0000
+++ _curl 2019-02-05 20:57:29.453349040 +0000
@@ -9,48 +9,48 @@

 _arguments -C -S \
   --happy-eyeballs-timeout-ms'[How long to wait in milliseconds for IPv6 before trying IPv4]':'<milliseconds>' \
+  --resolve'[Resolve the host+port to this address]':'<host:port:address[,address]...>' \
   {-c,--cookie-jar}'[Write cookies to <filename> after operation]':'<filename>':_files \
   {-D,--dump-header}'[Write the received headers to <filename>]':'<filename>':_files \
   {-y,--speed-time}'[Trigger '\''speed-limit'\'' abort after this time]':'<seconds>' \
   --proxy-cacert'[CA certificate to verify peer against for proxy]':'<file>':_files \
-  --tls13-ciphers'[of TLS 1.3 ciphersuites> TLS 1.3 cipher suites to use]':'<list' \
+  --tls13-ciphers'[TLS 1.3 cipher suites to use]':'<list of TLS 1.3 ciphersuites>' \
   {-E,--cert}'[Client certificate file and password]':'<certificate[:password]>' \
   --libcurl'[Dump libcurl equivalent code of this command line]':'<file>':_files \
   --proxy-capath'[CA directory to verify peer against for proxy]':'<dir>':_files \
-  --proxy-negotiate'[HTTP Negotiate (SPNEGO) authentication on the proxy]':'Use' \
   --proxy-pinnedpubkey'[FILE/HASHES public key to verify proxy with]':'<hashes>' \
   --crlfile'[Get a CRL list in PEM format from the given file]':'<file>':_files \
-  --proxy-insecure'[HTTPS proxy connections without verifying the proxy]':'Do' \
-  --proxy-ssl-allow-beast'[security flaw for interop for HTTPS proxy]':'Allow' \
+  --proxy-negotiate'[Use HTTP Negotiate (SPNEGO) authentication on the proxy]' \
   --abstract-unix-socket'[Connect via abstract Unix domain socket]':'<path>' \
   --pinnedpubkey'[FILE/HASHES Public key to verify peer against]':'<hashes>' \
+  --proxy-insecure'[Do HTTPS proxy connections without verifying the proxy]' \
   --proxy-pass'[Pass phrase for the private key for HTTPS proxy]':'<phrase>' \
+  --proxy-ssl-allow-beast'[Allow security flaw for interop for HTTPS proxy]' \
   {-p,--proxytunnel}'[Operate through an HTTP proxy tunnel (using CONNECT)]' \
   --socks5-hostname'[SOCKS5 proxy, pass host name to proxy]':'<host[:port]>' \
   --proto-default'[Use PROTOCOL for any URL missing a scheme]':'<protocol>' \
-  --proxy-tls13-ciphers'[list> TLS 1.3 proxy cipher suites]':'<ciphersuite' \
+  --proxy-tls13-ciphers'[TLS 1.3 proxy cipher suites]':'<ciphersuite list>' \
   --socks5-gssapi-service'[SOCKS5 proxy service name for GSS-API]':'<name>' \
   --ftp-alternative-to-user'[String to replace USER \[name\]]':'<command>' \
-  --ftp-ssl-control'[SSL/TLS for FTP login, clear for transfer]':'Require' \
   {-T,--upload-file}'[Transfer local FILE to destination]':'<file>':_files \
   --local-port'[Force use of RANGE for local port numbers]':'<num/range>' \
   --proxy-tlsauthtype'[TLS authentication type for HTTPS proxy]':'<type>' \
   {-R,--remote-time}'[Set the remote file'\''s time on the local output]' \
-  --retry-connrefused'[on connection refused (use with --retry)]':'Retry' \
-  --suppress-connect-headers'[proxy CONNECT response headers]':'Suppress' \
-  {-j,--junk-session-cookies}'[session cookies read from file]':'Ignore' \
-  --location-trusted'[--location, and send auth to other hosts]':'Like' \
+  --ftp-ssl-control'[Require SSL/TLS for FTP login, clear for transfer]' \
   --proxy-cert-type'[Client certificate type for HTTPS proxy]':'<type>' \
   {-O,--remote-name}'[Write output to a file named as the remote file]' \
+  --retry-connrefused'[Retry on connection refused (use with --retry)]' \
+  --suppress-connect-headers'[Suppress proxy CONNECT response headers]' \
   --trace-ascii'[Like --trace, but without hex output]':'<file>':_files \
   --connect-timeout'[Maximum time allowed for connection]':'<seconds>' \
   --expect100-timeout'[How long to wait for 100-continue]':'<seconds>' \
   {-g,--globoff}'[Disable URL sequences and ranges using {} and \[\]]' \
+  {-j,--junk-session-cookies}'[Ignore session cookies read from file]' \
   {-m,--max-time}'[Maximum time allowed for the transfer]':'<seconds>' \
   --dns-ipv4-addr'[IPv4 address to use for DNS requests]':'<address>' \
   --dns-ipv6-addr'[IPv6 address to use for DNS requests]':'<address>' \
-  --ignore-content-length'[the size of the remote resource]':'Ignore' \
   {-k,--insecure}'[Allow insecure server connections when using SSL]' \
+  --location-trusted'[Like --location, and send auth to other hosts]' \
   --mail-auth'[Originator address of the original email]':'<address>' \
   --noproxy'[List of hosts which do not use proxy]':'<no-proxy-list>' \
   --proto-redir'[Enable/disable PROTOCOLS on redirect]':'<protocols>' \
@@ -62,18 +62,19 @@
   --socks5-basic'[Enable username/password auth for SOCKS5 proxies]' \
   --cacert'[CA certificate to verify peer against]':'<file>':_files \
   {-H,--header}'[Pass custom header(s) to server]':'<header/@file>' \
+  --ignore-content-length'[Ignore the size of the remote resource]' \
   {-i,--include}'[Include protocol response headers in the output]' \
   --proxy-header'[Pass custom header(s) to proxy]':'<header/@file>' \
   --unix-socket'[Connect through this Unix domain socket]':'<path>' \
   {-w,--write-out}'[Use output FORMAT after completion]':'<format>' \
-  --http2-prior-knowledge'[HTTP 2 without HTTP/1.1 Upgrade]':'Use' \
   {-o,--output}'[Write to file instead of stdout]':'<file>':_files \
-  {-J,--remote-header-name}'[the header-provided filename]':'Use' \
+  --preproxy'[\[protocol://\]host\[:port\] Use this proxy first]' \
   --socks4a'[SOCKS4a proxy on given host + port]':'<host[:port]>' \
   {-Y,--speed-limit}'[Stop transfers slower than this]':'<speed>' \
   {-z,--time-cond}'[Transfer based on a time condition]':'<time>' \
   --capath'[CA directory to verify peer against]':'<dir>':_files \
   {-f,--fail}'[Fail silently (no output at all) on HTTP errors]' \
+  --http2-prior-knowledge'[Use HTTP 2 without HTTP/1.1 Upgrade]' \
   --proxy-tlspassword'[TLS password for HTTPS proxy]':'<string>' \
   {-U,--proxy-user}'[Proxy user and password]':'<user:password>' \
   --proxy1.0'[Use HTTP/1.0 proxy on given port]':'<host[:port]>' \
@@ -81,52 +82,49 @@
   {-A,--user-agent}'[Send User-Agent <name> to server]':'<name>' \
   --egd-file'[EGD socket path for random data]':'<file>':_files \
   --fail-early'[Fail on first transfer error, do not continue]' \
-  --haproxy-protocol'[HAProxy PROXY protocol v1 header]':'Send' \
-  --preproxy'[Use this proxy first]':'[protocol://]host[:port]' \
+  {-J,--remote-header-name}'[Use the header-provided filename]' \
   --retry-max-time'[Retry only within this period]':'<seconds>' \
   --socks4'[SOCKS4 proxy on given host + port]':'<host[:port]>' \
   --socks5'[SOCKS5 proxy on given host + port]':'<host[:port]>' \
-  --socks5-gssapi-nec'[with NEC SOCKS5 server]':'Compatibility' \
-  --ssl-allow-beast'[security flaw to improve interop]':'Allow' \
   --cert-status'[Verify the status of the server certificate]' \
-  --ftp-create-dirs'[the remote dirs if not present]':'Create' \
   {-:,--next}'[Make next URL use its separate set of options]' \
   --proxy-key-type'[Private key file type for proxy]':'<type>' \
-  --remote-name-all'[the remote file name for all URLs]':'Use' \
   {-X,--request}'[Specify request command to use]':'<command>' \
   --retry'[Retry request if transient problems occur]':'<num>' \
-  --ssl-no-revoke'[cert revocation checks (WinSSL)]':'Disable' \
   --cert-type'[Certificate file type (DER/PEM/ENG)]':'<type>' \
   --connect-to'[Connect to host]':'<HOST1:PORT1:HOST2:PORT2>' \
   --create-dirs'[Create necessary local directory hierarchy]' \
+  --haproxy-protocol'[Send HAProxy PROXY protocol v1 header]' \
   --max-redirs'[Maximum number of redirects allowed]':'<num>' \
   {-n,--netrc}'[Must read .netrc for user name and password]' \
+  {-x,--proxy}'[\[protocol://\]host\[:port\] Use this proxy]' \
   --proxy-crlfile'[Set a CRL list for proxy]':'<file>':_files \
   --sasl-ir'[Enable initial response in SASL authentication]' \
-  --socks5-gssapi'[GSS-API auth for SOCKS5 proxies]':'Enable' \
+  --socks5-gssapi-nec'[Compatibility with NEC SOCKS5 server]' \
+  --ssl-allow-beast'[Allow security flaw to improve interop]' \
+  --ftp-create-dirs'[Create the remote dirs if not present]' \
   --interface'[Use network INTERFACE (or address)]':'<name>' \
   --key-type'[Private key file type (DER/PEM/ENG)]':'<type>' \
   --netrc-file'[Specify FILE for netrc]':'<filename>':_files \
   {-N,--no-buffer}'[Disable buffering of the output stream]' \
   --proxy-service-name'[SPNEGO proxy service name]':'<name>' \
-  --styled-output'[styled output for HTTP headers]':'Enable' \
+  --remote-name-all'[Use the remote file name for all URLs]' \
+  --ssl-no-revoke'[Disable cert revocation checks (WinSSL)]' \
   --max-filesize'[Maximum file size to download]':'<bytes>' \
   --negotiate'[Use HTTP Negotiate (SPNEGO) authentication]' \
   --no-keepalive'[Disable TCP keepalive on the connection]' \
   {-#,--progress-bar}'[Display transfer progress as a bar]' \
-  {-x,--proxy}'[Use this proxy]':'[protocol://]host[:port]' \
-  --proxy-anyauth'[any proxy authentication method]':'Pick' \
   {-Q,--quote}'[Send command(s) to server before transfer]' \
-  --request-target'[the target for this request]':'Specify' \
+  --socks5-gssapi'[Enable GSS-API auth for SOCKS5 proxies]' \
   {-u,--user}'[Server user and password]':'<user:password>' \
   {-K,--config}'[Read config from a file]':'<file>':_files \
   {-C,--continue-at}'[Resumed transfer offset]':'<offset>' \
   --data-raw'[HTTP POST data, '\''@'\'' allowed]':'<data>' \
-  --disallow-username-in-url'[username in url]':'Disallow' \
   --krb'[Enable Kerberos with security <level>]':'<level>' \
   --proxy-ciphers'[SSL ciphers to use for proxy]':'<list>' \
   --proxy-digest'[Use Digest authentication on the proxy]' \
   --proxy-tlsuser'[TLS username for HTTPS proxy]':'<name>' \
+  --styled-output'[Enable styled output for HTTP headers]' \
   {-b,--cookie}'[Send cookies from string/file]':'<data>' \
   --data-urlencode'[HTTP POST data url encoded]':'<data>' \
   --delegation'[GSS-API delegation permission]':'<LEVEL>' \
@@ -134,7 +132,10 @@
   --post301'[Do not switch to GET after following a 301]' \
   --post302'[Do not switch to GET after following a 302]' \
   --post303'[Do not switch to GET after following a 303]' \
+  --proxy-anyauth'[Pick any proxy authentication method]' \
+  --request-target'[Specify the target for this request]' \
   --trace-time'[Add time stamps to trace/verbose output]' \
+  --disallow-username-in-url'[Disallow username in url]' \
   --dns-servers'[DNS server addrs to use]':'<addresses>' \
   {-G,--get}'[Put the post data in the URL and use GET]' \
   --limit-rate'[Limit transfer speed to RATE]':'<speed>' \
@@ -148,21 +149,21 @@
   --metalink'[Process given URLs as metalink XML file]' \
   --tr-encoding'[Request compressed transfer encoding]' \
   --xattr'[Store metadata in extended file attributes]' \
-  --ftp-skip-pasv-ip'[the IP address for PASV]':'Skip' \
   --pass'[Pass phrase for the private key]':'<phrase>' \
   --proxy-ntlm'[Use NTLM authentication on the proxy]' \
   {-S,--show-error}'[Show error even when -s is used]' \
-  --ciphers'[of ciphers> SSL ciphers to use]':'<list' \
+  --ciphers'[SSL ciphers to use]':'<list of ciphers>' \
   --form-string'[Specify multipart MIME data]':'<name=string>' \
   --login-options'[Server login options]':'<options>' \
   --tftp-blksize'[Set TFTP BLKSIZE option]':'<value>' \
-  --tftp-no-options'[not send any TFTP options]':'Do' \
   {-v,--verbose}'[Make the operation more talkative]' \
+  --ftp-skip-pasv-ip'[Skip the IP address for PASV]' \
   --proxy-key'[Private key for HTTPS proxy]':'<key>' \
   {-F,--form}'[Specify multipart MIME data]':'<name=content>' \
   --mail-from'[Mail from this address]':'<address>' \
   --oauth2-bearer'[OAuth 2 Bearer Token]':'<token>' \
   --proto'[Enable/disable PROTOCOLS]':'<protocols>' \
+  --tftp-no-options'[Do not send any TFTP options]' \
   --tlsauthtype'[TLS authentication type]':'<type>' \
   --doh-url'[Resolve host names over DOH]':'<URL>' \
   --no-sessionid'[Disable SSL session-ID reusing]' \
@@ -173,14 +174,13 @@
   --ftp-ssl-ccc'[Send CCC after authenticating]' \
   {-4,--ipv4}'[Resolve names to IPv4 addresses]' \
   {-6,--ipv6}'[Resolve names to IPv6 addresses]' \
-  --netrc-optional'[either .netrc or URL]':'Use' \
   --service-name'[SPNEGO service name]':'<name>' \
   {-V,--version}'[Show version number and quit]' \
   --data-ascii'[HTTP POST ASCII data]':'<data>' \
   --ftp-account'[Account data string]':'<data>' \
-  --compressed-ssh'[SSH compression]':'Enable' \
   --disable-eprt'[Inhibit using EPRT or LPRT]' \
   --ftp-method'[Control CWD usage]':'<method>' \
+  --netrc-optional'[Use either .netrc or URL]' \
   --pubkey'[SSH Public key file name]':'<key>' \
   --raw'[Do HTTP "raw"; no transfer decoding]' \
   --anyauth'[Pick any authentication method]' \
@@ -189,6 +189,7 @@
   --no-alpn'[Disable the ALPN TLS extension]' \
   --tcp-nodelay'[Use the TCP_NODELAY option]' \
   {-B,--use-ascii}'[Use ASCII/text transfer]' \
+  --compressed-ssh'[Enable SSH compression]' \
   --digest'[Use HTTP Digest Authentication]' \
   --proxy-tlsv1'[Use TLSv1 for HTTPS proxy]' \
   --engine'[Crypto engine to use]':'<name>' \

5 years agotool_operate: fix typecheck warning
Marcel Raad [Wed, 6 Feb 2019 13:59:15 +0000 (14:59 +0100)]
tool_operate: fix typecheck warning

Use long for CURLOPT_HTTP09_ALLOWED to fix the following warning:
tool_operate.c: In function 'operate_do':
../include/curl/typecheck-gcc.h:47:9: error: call to
'_curl_easy_setopt_err_long' declared with attribute warning:
curl_easy_setopt expects a long argument for this option [-Werror]

Closes https://github.com/curl/curl/pull/3534

5 years agourl: close TLS before removing conn from cache
Chris Araman [Wed, 6 Feb 2019 05:56:36 +0000 (21:56 -0800)]
url: close TLS before removing conn from cache

- Fix potential crashes in schannel shutdown.

Ensure any TLS shutdown messages are sent before removing the
association between the connection and the easy handle. Reverts
@bagder's previous partial fix for #3412.

Fixes https://github.com/curl/curl/issues/3412
Fixes https://github.com/curl/curl/issues/3505
Closes https://github.com/curl/curl/pull/3531

5 years agoINTERNALS.md: fix subsection depth and link
Daniel Gustafsson [Wed, 6 Feb 2019 09:29:14 +0000 (10:29 +0100)]
INTERNALS.md: fix subsection depth and link

The Kerberos subsection was mistakenly a subsubsection under FTP, and
the curlx subsection was missing an anchor for the TOC link.

Closes #3529
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agoRELEASE-NOTES: 7.64.0 curl-7_64_0
Daniel Stenberg [Tue, 5 Feb 2019 14:11:51 +0000 (15:11 +0100)]
RELEASE-NOTES: 7.64.0

5 years agoRELEASE-PROCEDURE: update the release calendar
Daniel Stenberg [Tue, 5 Feb 2019 14:30:45 +0000 (15:30 +0100)]
RELEASE-PROCEDURE: update the release calendar

5 years agoTHANKS: 7.64.0 status
Daniel Stenberg [Tue, 5 Feb 2019 14:13:45 +0000 (15:13 +0100)]
THANKS: 7.64.0 status

5 years agoROADMAP: remove already performed item
Daniel Gustafsson [Tue, 5 Feb 2019 22:06:02 +0000 (23:06 +0100)]
ROADMAP: remove already performed item

Commit 7a09b52c98ac8d840a8a9907b1a1d9a9e684bcf5 introduced support
for the draft-ietf-httpbis-cookie-alone-01 cookie draft, and while
the entry was removed from the TODO it was mistakenly left here.
Fix by removing and rewording the entry slightly.

Closes #3530
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
5 years agoCONTRIBUTE.md: Fix grammatical errors
Etienne Simard [Tue, 5 Feb 2019 03:42:10 +0000 (22:42 -0500)]
CONTRIBUTE.md: Fix grammatical errors

Fix grammatical errors making the document read better. Also fixes
a typo.

Closes #3525
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
5 years agodocs: use $(INSTALL_DATA) to install man page
Julian Z [Mon, 4 Feb 2019 00:11:40 +0000 (16:11 -0800)]
docs: use $(INSTALL_DATA) to install man page

Fixes #3518
Closes #3522

5 years agoruntests.pl: Fix perl call to include srcdir
Ladar Levison [Thu, 24 Jan 2019 14:44:31 +0000 (08:44 -0600)]
runtests.pl: Fix perl call to include srcdir

- Use explicit include opt for perl calls.

Prior to this change some scripts couldn't find their dependencies.

At the top, perl is called using with the "-Isrcdir" option, and it
works:

https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L183

But on line 3868, that option is omitted. This caused problems for me,
as the symbol-scan.pl script in particular couldn't find its
dependencies properly:

https://github.com/curl/curl/blob/curl-7_63_0/tests/runtests.pl#L3868

This patch fixes that oversight by making calls to perl sub-shells
uniform.

Closes https://github.com/curl/curl/pull/3496

5 years agosmtp: avoid risk of buffer overflow in strtol
Daniel Gustafsson [Fri, 18 Jan 2019 23:42:47 +0000 (00:42 +0100)]
smtp: avoid risk of buffer overflow in strtol

If the incoming len 5, but the buffer does not have a termination
after 5 bytes, the strtol() call may keep reading through the line
buffer until is exceeds its boundary. Fix by ensuring that we are
using a bounded read with a temporary buffer on the stack.

Bug: https://curl.haxx.se/docs/CVE-2019-3823.html
Reported-by: Brian Carpenter (Geeknik Labs)
CVE-2019-3823

5 years agontlm: fix *_type3_message size check to avoid buffer overflow
Daniel Stenberg [Thu, 3 Jan 2019 11:59:28 +0000 (12:59 +0100)]
ntlm: fix *_type3_message size check to avoid buffer overflow

Bug: https://curl.haxx.se/docs/CVE-2019-3822.html
Reported-by: Wenxiang Qian
CVE-2019-3822

5 years agoNTLM: fix size check condition for type2 received data
Daniel Stenberg [Wed, 2 Jan 2019 19:33:08 +0000 (20:33 +0100)]
NTLM: fix size check condition for type2 received data

Bug: https://curl.haxx.se/docs/CVE-2018-16890.html
Reported-by: Wenxiang Qian
CVE-2018-16890

5 years agospnego_sspi: add support for channel binding
georgeok [Tue, 29 Jan 2019 17:26:31 +0000 (18:26 +0100)]
spnego_sspi: add support for channel binding

Attempt to add support for Secure Channel binding when negotiate
authentication is used. The problem to solve is that by default IIS
accepts channel binding and curl doesn't utilise them. The result was a
401 response. Scope affects only the Schannel(winssl)-SSPI combination.

Fixes https://github.com/curl/curl/issues/3503
Closes https://github.com/curl/curl/pull/3509

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Fri, 1 Feb 2019 08:42:37 +0000 (09:42 +0100)]
RELEASE-NOTES: synced

5 years agoschannel: stop calling it "winssl"
Daniel Stenberg [Tue, 29 Jan 2019 09:09:29 +0000 (10:09 +0100)]
schannel: stop calling it "winssl"

Stick to "Schannel" everywhere. The configure option --with-winssl is
kept to allow existing builds to work but --with-schannel is added as an
alias.

Closes #3504

5 years agomulti: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
Daniel Stenberg [Sun, 27 Jan 2019 22:45:42 +0000 (23:45 +0100)]
multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time

To make sure Curl_timeleft() also thinks the timeout has been reached
when one of the EXPIRE_*TIMEOUTs expires.

Bug: https://curl.haxx.se/mail/lib-2019-01/0073.html
Reported-by: Zhao Yisha
Closes #3501

5 years agodoc: use meaningless port number in CURLOPT_LOCALPORT example
John Marshall [Thu, 31 Jan 2019 11:52:51 +0000 (11:52 +0000)]
doc: use meaningless port number in CURLOPT_LOCALPORT example

Use an ephemeral port number here; previously the example had 8080
which could be confusing as the common web server port number might
be misinterpreted as suggesting this option affects the remote port.

URL: https://curl.haxx.se/mail/lib-2019-01/0084.html
Closes #3513

5 years agoEscape the '\'
Gisle Vanem [Tue, 29 Jan 2019 15:42:22 +0000 (16:42 +0100)]
Escape the '\'

A backslash should be escaped in Roff / Troff.

5 years agoTODO: WinSSL: 'Add option to disable client cert auto-send'
Jay Satiro [Tue, 29 Jan 2019 05:33:14 +0000 (00:33 -0500)]
TODO: WinSSL: 'Add option to disable client cert auto-send'

By default WinSSL selects and send a client certificate automatically,
but for privacy and consistency we should offer an option to disable the
default auto-send behavior.

Reported-by: Jeroen Ooms
Closes https://github.com/curl/curl/issues/2262

5 years agosigpipe: if mbedTLS is used, ignore SIGPIPE
Jeremie Rapin [Wed, 23 Jan 2019 14:35:46 +0000 (15:35 +0100)]
sigpipe: if mbedTLS is used, ignore SIGPIPE

mbedTLS doesn't have a sigpipe management. If a write/read occurs when
the remote closes the socket, the signal is raised and kills the
application.  Use the curl mecanisms fix this behavior.

Signed-off-by: Jeremie Rapin <j.rapin@overkiz.com>
Closes #3502

5 years agounit1653: make it survive torture tests
Daniel Stenberg [Mon, 28 Jan 2019 07:44:15 +0000 (08:44 +0100)]
unit1653: make it survive torture tests

5 years agotimeval: Disable MSVC Analyzer GetTickCount warning
Michael Kujawa [Sat, 5 Jan 2019 01:18:25 +0000 (20:18 -0500)]
timeval: Disable MSVC Analyzer GetTickCount warning

Compiling with msvc /analyze and a recent Windows SDK warns against
using GetTickCount (Suggests to use GetTickCount64 instead.)

Since GetTickCount is only being used when GetTickCount64 isn't
available, I am disabling that warning.

Fixes https://github.com/curl/curl/issues/3437
Closes https://github.com/curl/curl/pull/3440

5 years agoconfigure: rewrite --enable-code-coverage
Daniel Stenberg [Fri, 25 Jan 2019 09:14:25 +0000 (10:14 +0100)]
configure: rewrite --enable-code-coverage

The previously used ax_code_coverage.m4 is not license compatible and
must not be used.

Reported-by: William A. Rowe Jr
Fixes #3497
Closes #3499

5 years agosetopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
Felix Hädicke [Wed, 23 Jan 2019 22:10:39 +0000 (23:10 +0100)]
setopt: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh

CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION are supported for
libssh as well. So accepting these options only when compiling with
libssh2 is wrong here.

Fixes #3493
Closes #3494

5 years agolibssh: do not let libssh create socket
Felix Hädicke [Wed, 23 Jan 2019 22:47:55 +0000 (23:47 +0100)]
libssh: do not let libssh create socket

By default, libssh creates a new socket, instead of using the socket
created by curl for SSH connections.

Pass the socket created by curl to libssh using ssh_options_set() with
SSH_OPTIONS_FD directly after ssh_new(). So libssh uses our socket
instead of creating a new one.

This approach is very similar to what is done in the libssh2 code, where
the socket created by curl is passed to libssh2 when
libssh2_session_startup() is called.

Fixes #3491
Closes #3495

5 years agoRELEASE-NOTES: synced
Daniel Stenberg [Mon, 21 Jan 2019 22:28:33 +0000 (23:28 +0100)]
RELEASE-NOTES: synced

5 years agoschannel: preserve original certificate path parameter
Archangel_SDY [Sun, 20 Jan 2019 04:47:56 +0000 (12:47 +0800)]
schannel: preserve original certificate path parameter

Fixes #3480
Closes #3487

5 years agoKNOWN_BUGS: tests not compatible with python3
Daniel Stenberg [Mon, 21 Jan 2019 11:16:20 +0000 (12:16 +0100)]
KNOWN_BUGS: tests not compatible with python3

Closes #3289
[skip ci]

5 years agomemcmp: avoid doing single char memcmp
Daniel Gustafsson [Sun, 20 Jan 2019 20:59:04 +0000 (21:59 +0100)]
memcmp: avoid doing single char memcmp

There is no real gain in performing memcmp() comparisons on single
characters, so change these to array subscript inspections which
saves a call and makes the code clearer.

Closes #3486
Reviewed-by: Daniel Stenberg <daniel@haxx.se>
Reviewed-by: Jay Satiro <raysatiro@yahoo.com>
5 years agoCOPYING: it's 2019
Daniel Stenberg [Sat, 19 Jan 2019 19:26:20 +0000 (20:26 +0100)]
COPYING: it's 2019

[skip ci]

5 years agoconfigure: fix recv/send/select detection on Android
hhb [Fri, 18 Jan 2019 23:03:49 +0000 (15:03 -0800)]
configure: fix recv/send/select detection on Android

This reverts commit d4f25201fb7da03fc88f90d51101beb3d0026db9.

The overloadable attribute is removed again starting from
NDK17. Actually they only exist in two NDK versions (15 and 16). With
overloadable, the first condition tried will succeed. Results in wrong
detection result.

Closes #3484

5 years agontlm_sspi: add support for channel binding
georgeok [Tue, 27 Nov 2018 17:39:45 +0000 (18:39 +0100)]
ntlm_sspi: add support for channel binding

Windows extended potection (aka ssl channel binding) is required
to login to ntlm IIS endpoint, otherwise the server returns 401
responses.

Fixes #3280
Closes #3321

5 years agoschannel: on connection close there might not be a transfer
Daniel Stenberg [Fri, 18 Jan 2019 10:21:25 +0000 (11:21 +0100)]
schannel: on connection close there might not be a transfer

Reported-by: Marcel Raad
Fixes #3412
Closes #3483

5 years agossh: log the libssh2 error message when ssh session startup fails
JDepooter [Thu, 17 Jan 2019 01:18:20 +0000 (17:18 -0800)]
ssh: log the libssh2 error message when ssh session startup fails

When a ssh session startup fails, it is useful to know why it has
failed. This commit changes the message from:
   "Failure establishing ssh session"
to something like this, for example:
   "Failure establishing ssh session: -5, Unable to exchange encryption keys"

Closes #3481

5 years agoFix typo in manpage
Alessandro Ghedini [Wed, 16 Jan 2019 19:05:12 +0000 (19:05 +0000)]
Fix typo in manpage