Daniel Stenberg [Mon, 3 Mar 2014 10:55:23 +0000 (11:55 +0100)]
Curl_cert_hostcheck: strip trailing dots in host name and wildcard
Reported-by: Richard Moore
Daniel Stenberg [Mon, 3 Mar 2014 10:46:36 +0000 (11:46 +0100)]
Curl_cert_hostcheck: reject IP address wildcard matches
There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.
Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore
Steve Holme [Thu, 20 Feb 2014 23:51:36 +0000 (23:51 +0000)]
url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.
Bug: http://curl.haxx.se/docs/adv_20140326A.html
Daniel Stenberg [Tue, 25 Mar 2014 21:40:46 +0000 (22:40 +0100)]
THANKS: 14 new friends from the 7.36.0 announcement
Daniel Stenberg [Tue, 25 Mar 2014 13:54:11 +0000 (14:54 +0100)]
RELEASE-NOTES: synced with
3ebfaf6a0399b6a
Steve Holme [Sun, 23 Mar 2014 11:01:10 +0000 (11:01 +0000)]
tool_operate: Fixed uninitialised variable under some error situations
For example when a URL is not specified or the headers file fails to
open.
Steve Holme [Sat, 22 Mar 2014 16:50:47 +0000 (16:50 +0000)]
tool_parsecfg: Reworked error handling from commit
fc59a9e1
Steve Holme [Sat, 22 Mar 2014 16:31:13 +0000 (16:31 +0000)]
tool_getparam: Removed "dead assignment" code introduced in commit
1a9b58fc
Gisle Vanem [Sat, 22 Mar 2014 15:52:48 +0000 (16:52 +0100)]
polarssl: avoid extra newlines in debug messages
The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.
Daniel Stenberg [Thu, 20 Mar 2014 10:52:27 +0000 (11:52 +0100)]
rtsp: parse "Session:" header properly
The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.
Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
Daniel Stenberg [Wed, 19 Mar 2014 22:28:28 +0000 (23:28 +0100)]
runtests.pl: verify specified test cases
To better allow arguments like "1 to 9999" without flooding the terminal
with error messages, the given test cases range is now checked and only
test numbers with existing files are actually run.
Dan Fandrich [Wed, 19 Mar 2014 22:10:56 +0000 (23:10 +0100)]
RELEASE-NOTES: fixed typo
Daniel Stenberg [Tue, 18 Mar 2014 07:56:13 +0000 (08:56 +0100)]
trynextip: don't store 'ai' on failed connects...
It leads to the "next family" tries starting from the wrong point and thus
fails!
Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker
Daniel Stenberg [Wed, 19 Mar 2014 15:18:21 +0000 (16:18 +0100)]
RELEASE-NOTES: synced with
47f8e99e78c
Gaël PORTAY [Wed, 19 Mar 2014 14:56:13 +0000 (15:56 +0100)]
polarssl: fix possible handshake timeout issue in multi.
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.
In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
Gaël PORTAY [Tue, 18 Mar 2014 18:18:24 +0000 (19:18 +0100)]
polarssl: break compatibility with version older than 1.3.
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
Gaël PORTAY [Tue, 18 Mar 2014 18:18:23 +0000 (19:18 +0100)]
polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
* x509 certificate structure has been renamed to from x509_cert to
x509_crt
* new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
ssl_set_own_cert is for generic keys
* ssl_default_ciphersuites has been replaced by function
ssl_list_ciphersuites()
This patch drops the use of the compatibly header.
Daniel Stenberg [Tue, 18 Mar 2014 07:03:45 +0000 (08:03 +0100)]
polarssl: added missing end-of-comment from previous commit
Daniel Stenberg [Mon, 17 Mar 2014 19:48:06 +0000 (20:48 +0100)]
polarssl: now require 1.3.0+
Also fixed a function name change in the version requirement bump
hasufell [Mon, 17 Mar 2014 18:03:29 +0000 (19:03 +0100)]
polarssl: fix compilation
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
Kamil Dudka [Fri, 7 Mar 2014 12:14:08 +0000 (13:14 +0100)]
nss: allow to enable/disable new AES GCM cipher-suites
... if built against a new enough version of NSS
Kamil Dudka [Fri, 7 Mar 2014 12:10:54 +0000 (13:10 +0100)]
nss: allow to enable/disable new HMAC-SHA256 cipher-suites
... if built against a new enough version of NSS
Kamil Dudka [Fri, 7 Mar 2014 12:02:03 +0000 (13:02 +0100)]
nss: do not enable AES cipher-suites by default
... but allow them to be enabled/disabled explicitly. The default
policy should be maintained at the NSS level.
Dan Fandrich [Sat, 15 Mar 2014 10:13:13 +0000 (11:13 +0100)]
tests: made the SASL modes separate keywords
Dan Fandrich [Sat, 15 Mar 2014 09:54:49 +0000 (10:54 +0100)]
tests: added missing HTTP NTLM auth keywords
Also, removed an unneeded strippart
Dan Fandrich [Sat, 15 Mar 2014 09:24:50 +0000 (10:24 +0100)]
tests: disable valgrind on the remaining scp/sftp tests
Dan Fandrich [Sat, 15 Mar 2014 09:23:08 +0000 (10:23 +0100)]
valgrind.supp: added another test 165 suppression
This one seems to come and go as the optimizer decides how best
to inline some functions.
Dan Fandrich [Sat, 15 Mar 2014 08:57:41 +0000 (09:57 +0100)]
ssh: prevent a logic error that could result in an infinite loop
Dan Fandrich [Thu, 13 Mar 2014 03:48:38 +0000 (04:48 +0100)]
docs: fixed a bunch of typos
Dan Fandrich [Thu, 13 Mar 2014 02:22:02 +0000 (03:22 +0100)]
test640/1: add tests for --head with sftp and scp
This option is currently rather useless with these protocols
when no quote command is given, but it is valid.
Dan Fandrich [Thu, 13 Mar 2014 02:02:38 +0000 (03:02 +0100)]
ssh: removed a redundant close state transition
Dan Fandrich [Thu, 13 Mar 2014 01:59:24 +0000 (02:59 +0100)]
ssh: abort immediately on a header callback error
Daniel Stenberg [Fri, 14 Mar 2014 14:44:18 +0000 (15:44 +0100)]
chunked-encoding: provide a readable error string for chunked errors
Daniel Stenberg [Tue, 11 Mar 2014 13:10:20 +0000 (14:10 +0100)]
TODO: remove http2, we now have it
Tatsuhiro Tsujikawa [Mon, 10 Mar 2014 17:30:01 +0000 (02:30 +0900)]
http2: free resources on disconnect
... and use Curl_safefree() instead of free()
Daniel Stenberg [Mon, 10 Mar 2014 16:11:25 +0000 (17:11 +0100)]
openssl: info massage with SSL version used
Patch-by: byte_bucket
Steve Holme [Sun, 9 Mar 2014 19:44:10 +0000 (19:44 +0000)]
RELEASE-NOTES: Synced with
8ddda0e999
Daniel Stenberg [Sun, 9 Mar 2014 16:39:46 +0000 (16:39 +0000)]
README.http2: clarify the build prerequisites
Daniel Stenberg [Sun, 9 Mar 2014 15:55:13 +0000 (15:55 +0000)]
SSL-PROBLEMS: add "missing intermediate certificates" piece
Daniel Stenberg [Sat, 8 Mar 2014 22:21:15 +0000 (22:21 +0000)]
SSL-PROBLEMS: describes common curl+SSL problems
Nick Zitzmann [Sat, 8 Mar 2014 17:58:06 +0000 (11:58 -0600)]
docs: remove documentation on setting up krb4 support
The information about building with Kerberos4 support was half a year out
of date. We dropped support for that.
Daniel Stenberg [Thu, 6 Mar 2014 13:25:59 +0000 (13:25 +0000)]
ssh: fix compiler warning converting ssize_t to int
Dan Fandrich [Thu, 6 Mar 2014 12:39:22 +0000 (13:39 +0100)]
ssh: Fixed a style warning
Also, combined a couple of #ifdef sections
Dan Fandrich [Thu, 6 Mar 2014 11:48:33 +0000 (12:48 +0100)]
ssh: Pass errors from libssh2_sftp_read up the stack
Daniel Stenberg [Thu, 6 Mar 2014 00:06:45 +0000 (00:06 +0000)]
parse_remote_port: error out on illegal port numbers better
Daniel Stenberg [Wed, 5 Mar 2014 17:38:05 +0000 (17:38 +0000)]
remote_port: allow connect to port 0
Port number zero is perfectly allowed to connect to. I moved to storing
the remote port number in an int so that -1 means undefined and 0-65535
can be used for legitimate port numbers.
Daniel Stenberg [Mon, 17 Feb 2014 22:43:31 +0000 (23:43 +0100)]
multi_runsingle: move timestamp into INIT
Setting the TIMER_STARTSINGLE timestamp first in CONNECT has the
drawback that for actions that go back to the CONNECT state, the time
stamp is reset and for the multi_socket API there's no corresponding
Curl_expire() then so the timeout logic gets wrong!
Reported-by: Brad Spencer
Bug: http://curl.haxx.se/mail/lib-2014-02/0036.html
Daniel Stenberg [Mon, 3 Mar 2014 12:41:48 +0000 (13:41 +0100)]
hostcheck: update comment after previous change
Daniel Stenberg [Mon, 3 Mar 2014 12:39:06 +0000 (13:39 +0100)]
hostcheck: Curl_cert_hostcheck is not used by NSS builds
Michael Osipov [Mon, 3 Mar 2014 10:06:38 +0000 (11:06 +0100)]
configure: call it GSS-API
... since that’s how the RFC calls it.
Daniel Stenberg [Mon, 3 Mar 2014 07:44:25 +0000 (08:44 +0100)]
x509asn: moved out Curl_verifyhost from NSS builds
... as it isn't used then!
Daniel Stenberg [Mon, 3 Mar 2014 07:39:25 +0000 (08:39 +0100)]
NSS: avoid compiler warnings when built without http2 support
Jiri Malak [Sun, 2 Mar 2014 23:27:38 +0000 (00:27 +0100)]
Rework Open Watcom make files to use standard Wmake features
Remove slash/backslash problem, now only slashes are used,
Wmake automaticaly translate slash/backslash to proper version or tools are not sensitive for it.
Enable spaces in path.
Use internal rm command for all host platforms
Add error message if old Open Watcom version is used. Some old versions exhibit build problems for Curl latest version. Now only versions 1.8, 1.9 and 2.O beta are supported
Jiri Malak [Sun, 2 Mar 2014 08:04:35 +0000 (09:04 +0100)]
parsedate: Fixed compilation warning
Remove compilation message for platforms where size of long type
is equal size of int type.
Steve Holme [Sun, 2 Mar 2014 10:11:12 +0000 (10:11 +0000)]
RELEASE-NOTES: Synced with
7fef4016de
Steve Holme [Sun, 2 Mar 2014 09:50:36 +0000 (09:50 +0000)]
tool: Do not output libcurl source for the information only parameters
Ensure a source file isn't generated for the following informational
command line parameters when --libcurl is specified:
--help, --manual, --version and --engine list
As the output would only include a fairly empty looking main() function
and a call to curl_easy_init() and curl_easy_cleanup() when performed
with --engine list.
Steve Holme [Sun, 2 Mar 2014 09:28:17 +0000 (09:28 +0000)]
tool: Fixed libcurl source output for multiple operations
Correctly output libcurl source code that includes multiply operations
as specified by --next. Note that each operation evaluates to a single
curl_easy_perform() in source code form.
Also note that the output could be optimised a little so global config
options are only output once rather than per operation as is presently
the case.
Steve Holme [Sat, 1 Mar 2014 20:11:28 +0000 (20:11 +0000)]
tool_metalink.h: Fixed compilation warning
warning: declaration of 'struct GlobalConfig' will not be visible
outside of this function
Steve Holme [Sat, 1 Mar 2014 13:49:28 +0000 (13:49 +0000)]
tool: Moved internal variable isatty to the global config
Steve Holme [Sat, 1 Mar 2014 18:06:07 +0000 (18:06 +0000)]
tool_operate.c: Fixed compilation error
incompatible types - from 'OperationConfig *' to 'GlobalConfig *'
Steve Holme [Sat, 1 Mar 2014 13:38:00 +0000 (13:38 +0000)]
tool: Moved --libcurl to the global config
Steve Holme [Sat, 1 Mar 2014 13:20:20 +0000 (13:20 +0000)]
tool: Moved --progress-bar to the global config
Steve Holme [Sat, 1 Mar 2014 13:00:31 +0000 (13:00 +0000)]
tool: Moved --stderr to the global config
Steve Holme [Fri, 28 Feb 2014 22:59:10 +0000 (22:59 +0000)]
transfer.c: Fixed non-HTTP2 builds from commit
cde0cf7c5e
Tatsuhiro Tsujikawa [Wed, 26 Feb 2014 16:21:17 +0000 (01:21 +0900)]
Fix bug that HTTP/2 hangs if whole response body is read with headers
For HTTP/2, we may read up everything including responde body with
header fields in Curl_http_readwrite_headers. If no content-length is
provided, curl waits for the connection close, which we emulate it
using conn->proto.httpc.closed = TRUE. The thing is if we read
everything, then http2_recv won't be called and we cannot signal the
HTTP/2 stream has closed. As a workaround, we return nonzero from
data_pending to call http2_recv.
Daniel Stenberg [Fri, 28 Feb 2014 22:26:43 +0000 (23:26 +0100)]
http2: build with current nghttp2 version
nghttp2 has yet again extended its callback struct and this is an
attempt to make curl compile with nghttp2 from current git
Dan Fandrich [Fri, 28 Feb 2014 20:57:04 +0000 (21:57 +0100)]
tool_main: Fixed a memory leak on main_init error
Steve Holme [Fri, 28 Feb 2014 09:45:38 +0000 (09:45 +0000)]
test96: Updated accordly for recent changes
Steve Holme [Thu, 27 Feb 2014 20:59:15 +0000 (20:59 +0000)]
tool_cfgable: Code policing of structure pointers
Steve Holme [Thu, 27 Feb 2014 20:51:49 +0000 (20:51 +0000)]
tool: Moved --trace and --verbose to the global config
Steve Holme [Thu, 27 Feb 2014 20:31:10 +0000 (20:31 +0000)]
tool_main: Forgot to initialise the first operation's global pointer
Steve Holme [Thu, 27 Feb 2014 20:21:23 +0000 (20:21 +0000)]
tool: Moved --silient to the global config
Other global options such as --libcurl, --trace and --verbose to
follow.
Steve Holme [Wed, 26 Feb 2014 21:02:53 +0000 (21:02 +0000)]
tool_cfgable: Added GlobalConfig pointer to OperationConfig
In order to ease the moving of global options such as the error stream,
updated the OperationConfig structure to point to the GlobalConfig.
Steve Holme [Sun, 23 Feb 2014 18:01:36 +0000 (18:01 +0000)]
tool: Added support to .curlrc for URL specific options
In addition to adding support for URL specific options via the command
line with --next it is now possible to specify "next" in .curlrc.
Steve Holme [Sun, 23 Feb 2014 17:32:19 +0000 (17:32 +0000)]
tool: Reworked argument parsing to use --next/-:
Follow up to commit
1a9b58fcb2 to replace the : command line option
with --next and -:.
Steve Holme [Sun, 23 Feb 2014 17:19:45 +0000 (17:19 +0000)]
tool_getparam: Added initial support for --next/-:
Added initial support for --next/-: which will be used to replace the
rather confusing : command line operation what was used for the URL
specific options prototype.
Dan Fandrich [Wed, 26 Feb 2014 07:25:47 +0000 (08:25 +0100)]
valgrind.supp: tweaked a test 165 suppression
A recent change seems to have slightly changed the call stack
produced by the gcc optimizer.
nickzman [Tue, 25 Feb 2014 23:36:44 +0000 (17:36 -0600)]
Merge pull request #93 from d235j/darwinssl_ip_address_fix
darwinssl: don't omit CN verification when an IP address is used
Daniel Stenberg [Tue, 25 Feb 2014 22:36:13 +0000 (23:36 +0100)]
parse_args: fix a too long source code line
naota [Sun, 23 Feb 2014 13:32:51 +0000 (22:32 +0900)]
configure: Tiny fix to honor POSIX
Change "==" to "=" to honor POSIX test construction.
Steve Holme [Sun, 23 Feb 2014 16:53:55 +0000 (16:53 +0000)]
tool_help: Moved --no-alpn and --no-npn to be listed alphabetically
...and added the HTTP suffix as these options are only used for HTTP2
based connections.
Steve Holme [Sun, 23 Feb 2014 16:37:28 +0000 (16:37 +0000)]
tool: Moved --showerror to the global config
Other global options such as --libcurl, --trace and --verbose to
follow.
Steve Holme [Sun, 23 Feb 2014 16:04:39 +0000 (16:04 +0000)]
tool_getparam: Added global config to getparameter()
In preparation for parsing global options added the GlobalConfig
structure to the getparameter() function.
Steve Holme [Tue, 25 Feb 2014 07:16:51 +0000 (07:16 +0000)]
tool_getparam.h: Fixed compilation warning
warning: declaration of 'struct GlobalConfig' will not be visible
outside of this function
Marc Hoersken [Mon, 24 Feb 2014 21:28:56 +0000 (22:28 +0100)]
RELEASE-NOTES: Updated for
63fc8ee7
Steve Holme [Sun, 23 Feb 2014 15:30:24 +0000 (15:30 +0000)]
tool_cfgable: Added support for knowing the current operation
Marc Hoersken [Mon, 24 Feb 2014 21:10:54 +0000 (22:10 +0100)]
curl_schannel.c: Updated copyright years
David Ryskalczyk [Sun, 23 Feb 2014 17:38:58 +0000 (18:38 +0100)]
winssl: Enable hostname verification of IP address using SAN or CN
Original commit message was:
Don't omit CN verification in SChannel when an IP address is used.
Side-effect of this change:
SChannel and CryptoAPI do not support the iPAddress subjectAltName
according to RFC 2818. If present, SChannel will first compare the
IP address to the dNSName subjectAltNames and then fallback to the
most specific Common Name in the Subject field of the certificate.
This means that after this change curl will not connect to SSL/TLS
hosts as long as the IP address is not specified in the SAN or CN
of the server certificate or the verifyhost option is disabled.
Steve Holme [Sun, 23 Feb 2014 15:10:18 +0000 (15:10 +0000)]
tool_operate: Moved easy handle cleanup into tool_main
Marc Hoersken [Mon, 24 Feb 2014 20:22:41 +0000 (21:22 +0100)]
tool_hugehelp: partially reverted
24e22e10
Compilation was not possible if manuel is disabled due this error:
error: macro "hugehelp" passed 1 arguments, but takes just 0
void hugehelp(void) {}
Steve Holme [Sun, 23 Feb 2014 14:32:22 +0000 (14:32 +0000)]
tool_main: Moved easy handle into global config structure
David Ryskalczyk [Sun, 23 Feb 2014 15:35:30 +0000 (10:35 -0500)]
Don't omit CN verification in DarwinSSL when an IP address is used.
Steve Holme [Sun, 23 Feb 2014 16:09:15 +0000 (16:09 +0000)]
tool: Fixed line longer than 79 characters from commit
705a4cb549
Steve Holme [Sun, 23 Feb 2014 13:49:46 +0000 (13:49 +0000)]
tool_main: Corrected typo from commit
d6b9f054e9 in Symbian code
Steve Holme [Sun, 23 Feb 2014 13:44:59 +0000 (13:44 +0000)]
tool_main: Moved OperateConfig cleanup into main_free()
Steve Holme [Sun, 23 Feb 2014 13:34:29 +0000 (13:34 +0000)]
tool_main: Moved initial OperateConfig creation into main_init()
Steve Holme [Sun, 23 Feb 2014 13:15:31 +0000 (13:15 +0000)]
tool_cfgable: Added global config structure
Steve Holme [Sun, 23 Feb 2014 12:59:59 +0000 (12:59 +0000)]
tool_cfgable: Renamed Configurable structure to OperationConfig
To allow for the addition of a global config structure and prevent
confusion between the two.
Steve Holme [Sun, 23 Feb 2014 12:10:42 +0000 (12:10 +0000)]
tool: Fixed incorrect return code with --version from commit
c10bf9bb36
Steve Holme [Sun, 23 Feb 2014 11:24:46 +0000 (11:24 +0000)]
RELEASE-NOTES: Synced with
8c80840d01