From: Seonah Moon Date: Thu, 7 Apr 2016 01:07:19 +0000 (+0900) Subject: Imported Upstream version 7.44.0 X-Git-Tag: upstream/7.48.0~4 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcurl.git;a=commitdiff_plain;h=31368b6eac8092a307849518e912b4c475c0238a Imported Upstream version 7.44.0 Change-Id: Iacb2e604edff0cb8e7687289419ad1908a7a9de6 --- diff --git a/CHANGES b/CHANGES index ddcd07e..056e274 100644 --- a/CHANGES +++ b/CHANGES @@ -6,5321 +6,5159 @@ Changelog -Version 7.40.0 (7 Jan 2015) +Version 7.44.0 (11 Aug 2015) -Daniel Stenberg (7 Jan 2015) -- RELEASE-NOTES: version 7.40.0 +Daniel Stenberg (11 Aug 2015) +- RELEASE-NOTES: synced with c75a1e775061 -- darwinssl: fix session ID keys to only reuse identical sessions - - ...to avoid a session ID getting cached without certificate checking and - then after a subsequent _enabling_ of the check libcurl could still - re-use the session done without cert checks. - - Bug: http://curl.haxx.se/docs/adv_20150108A.html - Reported-by: Marc Hesse +- [Svyatoslav Mishyn brought this change] -- tests: make sure CRLFs can't be used in URLs passed to proxy + curl_formget.3: correct return code - Bug: http://curl.haxx.se/docs/adv_20150108B.html + Closes #375 -- url-parsing: reject CRLFs within URLs +- [Svyatoslav Mishyn brought this change] + + libcurl-tutorial.3: fix formatting - Bug: http://curl.haxx.se/docs/adv_20150108B.html - Reported-by: Andrey Labunets + Closes #374 -Steve Holme (7 Jan 2015) -- ldap: Convert attribute output to UTF-8 when Unicode +- [Svyatoslav Mishyn brought this change] -- ldap: Convert DN output to UTF-8 when Unicode + curl_easy_recv.3: fix formatting -Daniel Stenberg (7 Jan 2015) -- hostip: remove 'stale' argument from Curl_fetch_addr proto - - Also, remove the log output of the resolved name is NOT in the cache in - the spirit of only telling when something is actually happening. +- [Anders Bakken brought this change] -Steve Holme (7 Jan 2015) -- ldap/imap: Fixed spelling mistake in comments and variable names + http2: discard frames with no SessionHandle - Reported-by: Michael Osipov - -Daniel Stenberg (7 Jan 2015) -- RELEASE-NOTES: updated with ./contributors.sh output + Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the + SessionHandle. Apparently mod_h2 will sometimes send a frame for a + stream_id we're finished with. + + Use nghttp2_session_get_stream_user_data and + nghttp2_session_set_stream_user_data to identify SessionHandles instead + of a hash. + + Closes #372 -Dan Fandrich (5 Jan 2015) -- curl_multibyte.h: Eliminated some trailing whitespace +- RELEASE-NOTES: synced with 9ee40ce2aba -Steve Holme (4 Jan 2015) -- RELEASE-NOTES: Synced with ea93252ef1 +- [Viktor Szakats brought this change] -- ldap: Fixed Unicode usage for all Win32 builds + build: refer to fixed libidn versions - Otherwise, the fixes in the previous commits would only be applicable - to IDN and SSPI based builds and not others such as OpenSSL with LDAP - enabled. + closes #371 -- ldap: Fixed memory leak from commit efb64fdf80 +- Revert "configure: disable libidn by default" + + This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3. + + ... since libidn has since been fixed. -- ldap: Fix memory leak from commit 3a805c5cc1 +- [Jakub Zakrzewski brought this change] -- ldap: Fixed attribute variable warnings when Unicode is enabled + CMake: s/HAVE_GSS_API/HAVE_GSSAPI/ to match header define - Use 'TCHAR *' for local attribute variable rather than 'char *'. - -- ldap: Fixed DN variable warnings when Unicode is enabled + Otherwise the build only pretended to use GSS-API - Use 'TCHAR *' for local DN variable rather than 'char *'. + Closes #370 -- ldap: Remove the unescape_elements() function +- SFTP: fix range request off-by-one in size check - Due to the recent modifications this function is no longer used. - -- ldap.c: Fixed compilation warning + Reported-by: Tim Stack - ldap.c:98: warning: extra tokens at end of #endif directive + Closes #359 -- ldap: Fixed support for Unicode filter in Win32 search call - -- ldap.c: Fixed compilation warning +- test46: update cookie expire time - ldap.c:802: warning: comparison between signed and unsigned integer - expressions + ... since it went old and thus was expired and caused the test to fail! -- ldap: Fixed support for Unicode attributes in Win32 search call +Steve Holme (9 Aug 2015) +- generate.bat: Use buildconf.bat for prerequisite file generation -- ldap: Fixed memory leak from commit efb64fdf80 +- buildconf.bat: Tidy up of comments after recent commits + +- buildconf.bat: Added full generation of src\tool_hugehelp.c - The unescapped DN was not freed after a successful character conversion. + Added support for generating the full man page based on code from + generate.bat. -- ldap.c: Fixed compilation error +- buildconf.bat: Added detection of groff, nroff, perl and gzip - ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes - just 1 + To allow for the full generation of tool_hugehelp.c added detection of + the required programs - based on code from generate.bat. -- ldap.c: Fixed compilation warning +- buildconf.bat: Move DOS variable clean-up code to separate function - ldap.c:89: warning: extra tokens at end of #endif directive + Rather than duplicate future variables, during clean-up of both success + and error conditions, use a common function that can be called by both. -- ldap: Fixed support for Unicode DN in Win32 search call +- RELEASE-NOTES: Synced with 39dcf352d2 -- ldap: Fixed Unicode user and password in Win32 bind calls +- buildconf.bat: Added error messages on failure -- ldap: Fixed Unicode host name in Win32 initialisation calls +- buildconf.bat: Generate and clean files in the same order -- ldap: Use host.dispname for infof() connection failure messages +- buildconf.bat: Maintain compatibility with DOS based systems - As host.name may be encoded use dispname for infof() failure messages. - -- ldap: Prefer 'CURLcode result' for curl result codes + Commit f08e30d7bc broke compatibility with DOS and non Windows NT based + versions of Windows due to the use of the setlocal command. -- ldap: Pass write length in all Curl_client_write() calls +Jay Satiro (9 Aug 2015) +- CURLOPT_RESOLVE.3: Note removal support was added in 7.42 - As we get the length for the DN and attribute variables, and we know - the length for the line terminator, pass the length values rather than - zero as this will save Curl_client_write() from having to perform an - additional strlen() call. + Bug: http://curl.haxx.se/mail/lib-2015-08/0019.html + Reported-by: Inca R -- ldap: Fixed attribute memory leaks on failed client write +Steve Holme (8 Aug 2015) +- checksrc.bat: Fixed error when missing *.c and *.h files - Fixed memory leaks from commit 086ad79970 as was noted in the commit - comments. + File Not Found -- ldap: Fixed DN memory leaks on failed client write +- checksrc.bat: Fixed incorrect 'lib\vtls' path check in commit 333c36b276 + +- checksrc.bat: Fixed error when [directory] isn't a curl source directory - Fixed memory leaks from commit 086ad79970 as was noted in the commit - comments. + The system cannot find the file specified. -- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d +- checksrc.bat: Added check for unknown arguments + +- scripts: Added missing comments + +- scripts: Always perform setlocal and endlocal calls in pairs - curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char - [8]') to parameter of type 'char *' converts - between pointers to integer types with different - sign + Ensure that there isn't a mismatch between setlocal and endlocal calls, + which could have happened due to setlocal being called after certain + error conditions were checked for. -- ntlm: Use extend_key_56_to_64() for all cryptography engines +- scripts: Allow -help to be specified in any argument - Rather than duplicate the code in setup_des_key() for OpenSSL and in - extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is - the same, use extend_key_56_to_64() for all engines. + Allow the -help command line argument to be specified in any argument + and not just as the first. -- RELEASE-NOTES: Synced with 34f0bd110f +Daniel Stenberg (6 Aug 2015) +- [juef brought this change] -- curl_ntlm_core.c: Fixed compilation warning + curl_multi_remove_handle.3: fix formatting - curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined - but not used + closes #366 -- endian: Fixed bit-shift in 64-bit integer read functions +Steve Holme (6 Aug 2015) +- README: Added notes about 'Running DLL based configurations' - From commit 43792592ca and 4bb5a351b2. + ...as well as a TODO for a future enhancement to the project files. - Reported-by: Michael Osipov - -- smb: Use endian functions for reading NBT and message size values + Thanks-to: Jay Satiro -- endian: Added big endian read functions +- RELEASE-NOTES: Synced with cf8975387f -- endian: Added 64-bit integer read function +- buildconf.bat: Synchronise no repository error with generate.bat -- COPYING: Bumped copyright year to 2015 +- generate.bat: Added a check for the presence of a git repository -- version: Bump copyright year to 2015 +- [Jay Satiro brought this change] -- smb.c: Fixed compilation warnings + build: Added wolfSSL configurations to VC10+ project files - smb.c:780: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - smb.c:781: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - smb.c:804: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign + URL: https://github.com/bagder/curl/pull/174 -- smb: Use endian functions for reading length and offset values +- [Jay Satiro brought this change] -- endian: Added 16-bit integer write function + build: Added wolfSSL build script for Visual Studio projects + + Added the wolfSSL build script, based on build-openssl.bat, as well as + the property sheet and header file required for the upcoming additions + to the Visual Studio project files. -- endian: Fixed Linux compilation issues +Daniel Stenberg (6 Aug 2015) +- CHANGES: refer to the online changelog - Having files named endian.[c|h] seemed to cause issues under Linux so - renamed them both to have the curl_ prefix in the filenames. + Suggested-by: mc0e -- [Julien Nabet brought this change] +- [Isaac Boukris brought this change] - lib1900.c: Fixed cppcheck error + NTLM: handle auth for only a single request - lib1900.c:182: (style) Array index 'handlenum' is used before limits - check + Currently when the server responds with 401 on NTLM authenticated + connection (re-used) we consider it to have failed. However this is + legitimate and may happen when for example IIS is set configured to + 'authPersistSingleRequest' or when the request goes thru a proxy (with + 'via' header). - Bug: https://github.com/bagder/curl/pull/133 + Implemented by imploying an additional state once a connection is + re-used to indicate that if we receive 401 we need to restart + authentication. + + Closes #363 -- endian: Added standard function descriptions +Steve Holme (5 Aug 2015) +- RELEASE-NOTES: Synced with 473807b95f -- endian: Renamed functions for curl API naming convention +- generate.bat: Use buildconf.bat for prerequisite file clean-up -- endian: Moved write functions to new module +- buildconf.bat: Added support for file clean-up via -clean -- endian: Moved read functions to new module +- buildconf.bat: Added progress output -- endian: Introduced endian module - - To allow the little endian functions, currently used in two of the NTLM - source files, to be used by other modules such as the SMB module. +- buildconf.bat: Avoid using goto for file not in repository -- sepheaders.c: Applied curl oding standards +Daniel Stenberg (5 Aug 2015) +- curl_slist_append.3: add error checking to the example -- [Julien Nabet brought this change] +Steve Holme (5 Aug 2015) +- buildconf.bat: Added display of usage text with -help - sepheaders.c: Fixed resource leak on failure +- buildconf.bat: Added exit codes for error handling -- vtls: Use '(void) arg' for unused parameters +- buildconf.bat: Added our standard copyright header + +- buildconf.bat: Use lower-case for commands and reserved keywords + +- generate.bat: Only clean prerequisite files when in ALL mode + +- generate.bat: Moved error messages out of sub-routines + +- generate.bat: More use of lower-case for commands and reserved keywords + +Daniel Stenberg (3 Aug 2015) +- libcurl.3: fix a single typo - Prefer void for unused parameters, rather than assigning an argument to - itself as a) unintelligent compilers won't optimize it out, b) it can't - be used for const parameters, c) it will cause compilation warnings for - clang with -Wself-assign and d) is inconsistent with other areas of the - curl source code. + Closes #361 -- smb.c: Fixed compilation warning +- RELEASE-NOTES: synced with c4eb10e2f06f + +- SSH: three state machine fixups - smb.c:586: warning: conversion to 'short unsigned int' from 'int' may - alter its value + The SSH state machine didn't clear the 'rc' variable appropriately in a + two places which prevented it from looping the way it should. And it + lacked an 'else' statement that made it possible to erroneously get + stuck in the SSH_AUTH_AGENT state. + + Reported-by: Tim Stack + + Closes #357 -- [Bill Nagel brought this change] +- curl_gssapi: remove 'const' to fix compiler warnings + + initialization discards 'const' qualifier from pointer target type - smb: Use the connection's upload buffer +- docs: formpost needs the full size at start of upload - Use the connection's upload buffer instead of allocating our own send - buffer. + Closes #360 -- RELEASE-NOTES: Synced with 1933f9d33c +Steve Holme (1 Aug 2015) +- sspi: Fix typo from left over from old code which referenced NTLM + + References to NTLM in the identity generation should have been removed + in commit c469941293 but not all were. -- schannel: Moved the ISC return flag definitions to the SSPI module +- win32: Fix compilation warnings from commit 40c921f8b8 - Moved our Initialize Security Context return attribute definitions to - the SSPI module, as a) these can be used by other SSPI based providers - and b) the ISC required attributes are defined there. + connect.c:953:5: warning: initializer element is not computable at load + time + connect.c:953:5: warning: missing initializer for field 'dwMinorVersion' + of 'OSVERSIONINFOEX' + curl_sspi.c:97:5: warning: initializer element is not computable at load + time + curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion' + of 'OSVERSIONINFOEX' -- [Bill Nagel brought this change] +- schannel: Fix compilation warning from commit 7a8e861a56 + + schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion' + of 'OSVERSIONINFOEX' [-Wmissing-field-initializers - smb: Close the connection after a failed client write +Daniel Stenberg (31 Jul 2015) +- libcurl-thread.3: minor reformatting -- darwinssl: Fixed compilation warning +Jay Satiro (31 Jul 2015) +- curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs - vtls.c:683:43: warning: unused parameter 'data' + Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html + Reported-by: Eric Ridge -- sockfilt.c: Fixed compilation warnings +- libcurl-thread.3: Warn memory functions must be thread safe - sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter - its value + Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html + Reported-by: Eric Ridge -- test1509: Fixed compilation warning +Steve Holme (31 Jul 2015) +- RELEASE-NOTES: Synced with 8b1d00ac1a + +- INSTALL: Minor formatting correction in 'Legacy Windows and SSL' section - lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may - alter its value + ...as well as some rewording. -- test556: Fixed compilation warning +Kamil Dudka (30 Jul 2015) +- http: move HTTP/2 cleanup code off http_disconnect() - lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may - alter its value + Otherwise it would never be called for an HTTP/2 connection, which has + its own disconnect handler. + + I spotted this while debugging + where the http_disconnect() handler was called on an FTP session handle + causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) + was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in + Curl_add_buffer_free() after printing the "Connection cache is full, + closing the oldest one." message. + + A previously working version of libcurl started to crash after it was + recompiled with the HTTP/2 support despite the HTTP/2 protocol was not + actually used. This commit makes it work again although I suspect the + root cause (reinterpreting session handle data of incompatible protocol) + still has to be fixed. Otherwise the same will happen when mixing FTP + and HTTP/2 connections and exceeding the connection cache limit. + + Reported-by: Tomas Tomecek + Bug: https://bugzilla.redhat.com/1248389 -- sasl_gssapi: Fixed use of dummy username with real username +Daniel Stenberg (30 Jul 2015) +- [Viktor Szakats brought this change] -- vtls: Fixed compilation warning and an ignored return code + ABI doc: use secure URL + +- ABI: remove the ascii logo - curl_schannel.h:123: warning: right-hand operand of comma expression - has no effect + and made the indent level to 1 + +- libcurl-multi.3: mention curl_multi_wait - Some instances of the curlssl_close_all() function were declared with a - void return type whilst others as int. The schannel version returned - CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the - return code was ignored by the calling function Curl_ssl_close_all(). + ... and some general rewordings to improve this docs. - For the time being and to keep the internal API consistent, changed all - declarations to use a void return type. + Reported-by: Tim Stack - To reduce code we might want to consider removing the unimplemented - versions and use a void #define like schannel does. + Closes #356 -Daniel Stenberg (28 Dec 2014) -- TODO: 2.3 Better support for same name resolves +Steve Holme (30 Jul 2015) +- maketgz: Fixed some VC makefiles missing from the release tarball + + VC7, VC11, VC12 and VC14 makefiles were missing from the release + tarball. -Steve Holme (28 Dec 2014) -- test1520: Fixed initial teething problems +- RELEASE-NOTES: Synced with 2d7e165761 + +- build: Added VC14 project files to Makefile.am + +- build: Added VC14 project files - * Missing initialisation of upload status caused a seg fault - * Missing data termination caused corrupt data to be uploaded - * Data verification should be performed in element - * Added missing recipient list cleanup + Updates to Makefile.am for the generation of the project files in + the tarball to follow. -- test1520: Fixed compilation errors +Jay Satiro (29 Jul 2015) +- libcurl-thread.3: Clarify CURLOPT_NOSIGNAL takes long value 1L -- tests: Added test for bug #1456 +Steve Holme (28 Jul 2015) +- generate.bat: Use lower-case for commands and reserved keywords + + Whilst there are no coding standards for the batch files used in curl, + most tend to use lower-case for keywords and upper-case for variables. -- checksrc.bat: Fixed a problem opening files with spaces in the filename +- build: Added initial VC14 support to generate.bat + + Visual Studio project files and updates to makefile.am to follow. -- openldap: Prefer use of 'CURLcode result' +- build: Fixed missing .opensdf files from VC10+ .gitignore files -- openldap: Use 'LDAPMessage *msg' for messages +- build: Use $(ProjectName) macro for curl.exe and curld.exe filenames - This frees up the 'result' variable for CURLcode based result codes. + This wasn't possible with the old curlsrc project filenames, but like + commit 2a615a2b64 and 11397eb6dd for libcurl use the built in Visual + Studio macros for the output filenames. -- nss: Don't ignore Curl_extract_certinfo() OOM failure +- build: Renamed curl src Visual Studio project files + + Following commit 957fcd9049 and in preparation for adding the VC14 + project files renamed the curl source project files. -- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure +Daniel Stenberg (28 Jul 2015) +- [Jay Satiro brought this change] -- nss: Use 'CURLcode result' for curl result codes + libcurl-thread.3: Revert to stricter handle wording - ...and don't use CURLE_OK in failure/success comparisons. + .. also update formatting and add WinSSL and wolfSSL to the SSL/TLS + handlers list. -- getinfo: Code style policing +- [Jay Satiro brought this change] -- getinfo: Use 'CURLcode result' for curl result codes + libcurl-thread.3: Consolidate thread safety info + + This is a new document to consolidate our thread safety information from + several documents (curl-www:features, libcurl.3, libcurl-tutorial.3). + Each document's section on multi-threading will now point to this one. -- darwinssl: Use 'CURLcode result' for curl result codes +Steve Holme (27 Jul 2015) +- README: Corrected formatting for 'Legacy Windows and SSL' section + + ...as well as some wording. -- polarssl: Use 'CURLcode result' for curl result codes +- build-openssl.bat: Added support for VC14 -- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries +Daniel Stenberg (26 Jul 2015) +- RELEASE-NOTES: synced with 0f645adc95390e8 + +- test1902: attempt to make the test more reliable - As this feature has been implemented for 7.40.0. + Closes #355 -- asiohiper.cpp: No need to initialise members of ConnInfo +- comment: fix comment about adding new option support + +Jay Satiro (25 Jul 2015) +- build-openssl.bat: Show syntax if required args are missing + +Daniel Stenberg (26 Jul 2015) +- TODO: improve how curl works in a windows console window - ...as calloc() automatically clears the area of memory with zeros. + Closes #322 for now -- asiohiper.cpp: Updated for curl coding standards +- 1.11 minimize dependencies with dynamicly loaded modules - ...with the exception of the start of block statement curly brackets. + Closes #349 for now -- code/docs: Use correct case for IPv4 and IPv6 +Jay Satiro (25 Jul 2015) +- tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS - For consistency, as we seem to have a bit of a mixed bag, changed all - instances of ipv4 and ipv6 in comments and documentations to use the - correct case. - -- runtests: Fixed detection of Unix Sockets feature + - Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option. - ...following change in curl --version output. - -- code/docs: Use Unix rather than UNIX to avoid use of the trademark + Broken by me several days ago in 172b2be. + https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b - Use Unix when generically writing about Unix based systems as UNIX is - the trademark and should only be used in a particular product's name. + Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html + Reported-by: Dan Fandrich -- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported +Daniel Stenberg (25 Jul 2015) +- configure: check if OpenSSL linking wants -ldl - if2ip.c:119: warning: unused parameter 'remote_scope_id' + To make it easier to link with static versions of OpenSSL, the configure + script now checks if -ldl is needed for linking. - ...and some minor code style policing in the same function. + Help-by: TJ Saunders -- vtls: Don't set cert info count until memory allocation is successful +- [Michael Kaufmann brought this change] + + HTTP: ignore "Content-Encoding: compress" - Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs - member variable to the requested count, which could then be used - incorrectly as libcurl closes down. + Currently, libcurl rejects responses with "Content-Encoding: compress" + when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should + treat the Content-Encoding "compress" the same as other + Content-Encodings that it does not support, e.g. "bzip2". That means + just ignoring it. -- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type +- [Marcel Raad brought this change] + + openssl: work around MSVC warning - The return type for this function was 0 on success and 1 on error. This - was then examined by the calling functions and, in most cases, used to - return CURLE_OUT_OF_MEMORY. + MSVC 12 complains: - Instead use CURLcode for the return type and return the out of memory - error directly, propagating it up the call stack. + lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local + variable 'verstr' used It's a false positive, but as it's normally not, + I have enabled warning-as-error for that warning. -- configure: Use camel case for UNIX sockets feature output +- [Michał Fita brought this change] + + configure: add --disable-rt option - To match the curl --version output. + This option disables any attempts in configure to create dependency on + stuff requiring linking to librt.so and libpthread.so, in this case this + means clock_gettime(CLOCK_MONOTONIC, &mt). + + We were in need to build curl which doesn't link libpthread.so to avoid + the following bug: + https://sourceware.org/bugzilla/show_bug.cgi?id=16628. -Marc Hoersken (26 Dec 2014) -- sockfilt.c: Reduce the number of individual memory allocations +Kamil Dudka (23 Jul 2015) +- http2: verify success of strchr() in http2_send() - Merge multiple internal arrays into one, even if some variables - will not not be used. They are all created with the number of - file descriptors as their size. + Detected by Coverity. - Also fix possible thread handle leak in CloseHandle-loop. + Error: NULL_RETURNS: + lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times). + lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr". + lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf". + 1300| + 1301| hdbuf = strchr(hdbuf, 0x0a); + 1302|-> ++hdbuf; + 1303| + 1304| authority_idx = 0; -- sockfilt.c: Replace 100ms sleep with thread throttle +Jay Satiro (22 Jul 2015) +- Windows: Fix VerifyVersionInfo calls - Improves performance of test cases 574 and 575 by 50%. + - Fix the VerifyVersionInfo calls, which we use to test for the OS major + version, to also test for the minor version as well as the service pack + major and minor versions. - A value of zero causes the thread to relinquish the remainder - of its time slice to any other thread of equal priority that is - ready to run. If there are no other threads of equal priority - ready to run, the function returns immediately, and the thread - continues execution. + MSDN: "If you are testing the major version, you must also test the + minor version and the service pack major and minor versions." - http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx - -Steve Holme (25 Dec 2014) -- tool_help: Use camel case for UNIX sockets feature output + https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx - In line with the other features listed in the --version output, - capitalise the UNIX socket feature. + Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098 + Reported-by: Marcel Raad -- vtls: Use bool for Curl_ssl_getsessionid() return type - - The return type of this function is a boolean value, and even uses a - bool internally, so use bool in the function declaration as well as - the variables that store the return value, to avoid any confusion. +- [Marcel Raad brought this change] -- schannel: Minor code style policing for casts + schannel: Replace deprecated GetVersion with VerifyVersionInfo -- schannel: Prefer 'CURLcode result' for curl result codes +Steve Holme (21 Jul 2015) +- makefile: Added support for VC14 -- cyassl: Prefer 'CURLcode result' for curl result codes +Patrick Monnerat (21 Jul 2015) +- os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings. -- tool_xattr: Use 'CURLcode result' for curl result codes +- libcurl: VERSIONINFO update + Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname + requires VERSIONINFO updating. -- curl_ntlm_core.c: Fixed compilation warnings - - curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of - 'CryptImportKey' differ in signedness - curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from - incompatible pointer type - curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' - from incompatible pointer type +- http2: satisfy external references even if http2 is not compiled in. -- RELEASE-NOTES: Synced with 8830df8b66 +Daniel Stenberg (20 Jul 2015) +- http2: add stream != NULL checks for reliability + + They should not trigger, but in case of internal problems we at least + avoid crashes this way. -- gtls: Use preferred 'CURLcode result' +Jay Satiro (18 Jul 2015) +- symbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol -- openldap: Use standard naming for setup connection function +- SSL: Add an option to disable certificate revocation checks - Renamed ldap_setup() to ldap_setup_connection() to follow more widely - used function naming. - -- rtmp: Use standard naming for setup connection function + New tool option --ssl-no-revoke. + New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. - Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely - used function naming. - -- smb: Use standard naming for setup connection function + Currently this option applies only to WinSSL where we have automatic + certificate revocation checking by default. According to the + ssl-compared chart there are other backends that have automatic checking + (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at + some later point. - Renamed smb_setup() to smb_setup_connection() to follow more widely - used function naming. - -- config-win32.h: Fixed line length > 79 columns - -- openssl: Prefer we don't use NULL in comparisons + Bug: https://github.com/bagder/curl/issues/264 + Reported-by: zenden2k -- build: Removed WIN32 definition from the Visual Studio projects +- runtests: Allow for spaces in curl custom path - As this pre-processor definition is defined in curl_setup.h there is no - need to include it in the Visual Studio project files. + .. also fix some typos in test's FILEFORMAT spec. -- build: Removed WIN64 definition from the libcurl Visual Studio projects - - Removed the WIN64 pre-processor definition from the libcurl project - files as: +- [David Woodhouse brought this change] + + ntlm_wb: Fix theoretical memory leak - * WIN64 is not used in our source code - * The curl projects files don't define it - * It isn't required by or used in the platform SDK - * For backwards compatability curl_setup.h defines WIN32 - * The compiler automatically defines _WIN64 for x64 builds + Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix + hard-coded limit on NTLM auth packet size") introduced a potential + memory leak on an error path, because we forget to free the buffer + before returning an error. - Historically Visual Studio projects have defined WIN32, in addition to - the compiler defined _WIN32 definition, and I had incorrectly changed - that to WIN64 for the x64 libcurl builds but not in the curl projects. + Fix this. - As such, it is questionable whether this should be defined or not. For - more information see the following cache of a discussion that took - place on the microsoft.public.vc.mfc newsgroup: + Although actually, it never happens in practice because we never *get* + here with state == NTLMSTATE_TYPE1. The state is always zero. That + might want cleaning up in a separate patch. - http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html + Reported-by: Terri Oda -- openssl.c Fix for compilation errors with older versions of OpenSSL +- strerror: Add CRYPT_E_REVOKED to SSPI error strings + +Kamil Dudka (14 Jul 2015) +- libtest: call PR_Cleanup() on exit if NSPR is used - openssl.c:1408: error: 'TLS1_1_VERSION' undeclared - openssl.c:1411: error: 'TLS1_2_VERSION' undeclared + This prevents valgrind from reporting possibly lost memory that NSPR + uses for file descriptor cache and other globally allocated internal + data structures. + + Reported-by: Å tefan Kremeň -Daniel Stenberg (22 Dec 2014) +Jay Satiro (14 Jul 2015) - [John Malmberg brought this change] - Fix comment edit in vms/backup_gnv_curl_src.com + openssl: VMS support for SHA256 - packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. - -- curl: show size of inhibited data when using -v + setup-vms.h: More symbols for SHA256, hacks for older VAX - To offer some more info and yet it doesn't use more lines. + openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX. + + openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to + allow building on VAX and 64 bit VMS. -- openssl: fix SSL/TLS versions in verbose output +- examples: Fix typo in multi-single.c -- openssl: make it compile against openssl 1.1.0-DEV master branch +Daniel Stenberg (7 Jul 2015) +- [Tatsuhiro Tsujikawa brought this change] -Marc Hoersken (22 Dec 2014) -- sshserver.pl: clarify and streamline variable names + http2: Fix memory leak in push header array -Daniel Stenberg (21 Dec 2014) -- openssl: warn for SRP set if SSLv3 is used, not for TLS version +Dan Fandrich (2 Jul 2015) +- test2041: fixed line endings in protocol part + +- cyassl: fixed mismatched sha256sum function prototype + +Daniel Stenberg (1 Jul 2015) +- [moparisthebest brought this change] + + SSL: Pinned public key hash support + +- examples: provide sections + +- [John Malmberg brought this change] + + OpenVMS: VMS Software, Inc now the supplier. - ... as it requires TLS and it was was left to warn on the default from - when default was SSL... + setup-vms.h: Symbol case fixups submitted by Michael Steve + + build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the + supplier of new versions of VMS. The install kit needs to accept + VSI as a producer. -- smb: use memcpy() instead of strncpy() +Jay Satiro (30 Jun 2015) +- multi: Move http2 push function declarations to header end - ... as it never copies the trailing zero anyway and always just the four - bytes so let's not mislead anyone into thinking it is actually treated - as a string. + This change necessary for binary compatibility. - Coverity CID: 1260214 + Prior to this change test 1135 failed due to the order of functions. -- [John E. Malmberg brought this change] +- symbols-in-versions: Add new http2 push symbols + + Prior to this change test 1119 failed due to the missing symbols. - VMS: Updates for 0740-0D1220 +Daniel Stenberg (30 Jun 2015) +- RELEASE-NOTES: synced with e6749055d653 + +- configure: disable libidn by default - lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. - More defines to set symbols to uppercase. + For security reasons, until there is a fix. - src/tool_main.c : Fix parameter to vms_special_exit() call. + Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html + Reported-by: Gustavo Grieco, Feist Josselin + +- SSL-PROBLEMS: mention WinSSL problems in WinXP + +- CODE_OF_CONDUCT.md: added - packages/vms/ : - backup_gnv_curl_src.com : Fix the error message to have the correct package. + Just to underscore how we treat each other in this project. Nothing new + really, but could be useful for newcomers and outsiders to see our + values. + +- tool_header_cb: fflush the header stream - build_curl-config_script.com : Rewrite to be more accurate. + Flush the header stream when -D is used so that they are sent off + earlier. - build_libcurl_pc.com : Use tool_version.h now. + Bug: https://github.com/bagder/curl/issues/324 + Reported-by: Cédric Connes + +- [Roger Leigh brought this change] + + tests: Distribute CMakeLists.txt files in subdirectories + +- CURLOPT_FAILONERROR.3: mention that it closes the connection - build_vms.com : Fix to handle lib/vtls directory. + Reported-by: bemoody + Bug: https://github.com/bagder/curl/issues/325 + +- curl_multi_setopt.3: alpha sort the options + +- curl_multi_setopt.3: add the new push options + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Use nghttp2 library error code for error return value + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Harden header validation for curl_pushheader_byname - curl_gnv_build_steps.txt : Updated build procedure documentation. + Since we do prefix match using given header by application code + against header name pair in format "NAME:VALUE", and VALUE part can + contain ":", we have to careful about existence of ":" in header + parameter. ":" should be allowed to match HTTP/2 pseudo-header field, + and other use of ":" in header must be treated as error, and + curl_pushheader_byname should return NULL. This commit implements + this behaviour. + +- [Tatsuhiro Tsujikawa brought this change] + + CURLMOPT_PUSHFUNCTION.3: Remove unused variable + +- CURLMOPT_PUSHFUNCTION.3: added example + +- http2: curl_pushheader_byname now takes a const char * + +- http2-serverpush.c: example code + +- http2: free all header memory after the push callback + +- http2: init the pushed transfer properly + +- http2: fixed the header accessor functions for the push callback + +- http2: setup the new pushed stream properly + +- http2: initial implementation of the push callback + +- http2: initial HTTP/2 server push types/docs + +- test1531: verify POSTFIELDSIZE set after add_handle - generate_config_vms_h_curl.com : - * VAX does not support 64 bit ints, so no NTLM support for now. - * VAX HP SSL port is ancient, needs some help. - * Disable NGHTTP2 for now, not ported to VMS. - * Disable UNIX_SOCKETS, not available on VMS yet. - * HP GSSAPI port does not have gss_nt_service_name. + Following the fix made in 903b6e05565bf. + +- pretransfer: init state.infilesize here, not in add_handle - gnv_link_curl.com : Update for new curl structure. + ... to properly support that options are set to the handle after it is + added to the multi handle. - pcsi_product_gnv_curl.com : Set up to optionally do a complete build. + Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html + Reported-by: Stefan Bühler -Marc Hoersken (21 Dec 2014) -- sockfilt.c: use non-Ex functions that are available before WinXP - - It was initially reported by Guenter that GetFileSizeEx - requires (_WIN32_WINNT >= 0x0500) to be true. +Jay Satiro (21 Jun 2015) +- [Lior Kaplan brought this change] -- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files + tool_help: fix --tlsv1 help text to use >= for TLSv1 + +- INSTALL: Advise use of non-native SSL for Windows <= XP - Second patch to enable Windows support using Cygwin-based OpenSSH. + Advise that WinSSL in versions <= XP will not be able to connect to + servers that no longer support the legacy handshakes and algorithms used + by those versions, and to use an alternate backend like OpenSSL instead. - Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. + Bug: https://github.com/bagder/curl/issues/253 + Reported-by: zenden2k -- tests: support spaces in paths to SSH, SSHD and SFTP binaries +Kamil Dudka (19 Jun 2015) +- curl_easy_setopt.3: restore contents removed by mistake - First patch to enable Windows support using Cygwin-based OpenSSH. + ... in commit curl-7_43_0-18-g570076e -Steve Holme (20 Dec 2014) -- non-ascii: Reduce variable usage +Daniel Stenberg (19 Jun 2015) +- curl_easy_setopt.3: mention CURLOPT_PIPEWAIT + +Jay Satiro (18 Jun 2015) +- cookie: Fix bug in export if any-domain cookie is present - Removed 'next' variable in Curl_convert_form(). Rather than setting it - from 'form->next' and using that to set 'form' after the conversion - just use 'form = form->next' instead. + In 3013bb6 I had changed cookie export to ignore any-domain cookies, + however the logic I used to do so was incorrect, and would lead to a + busy loop in the case of exporting a cookie list that contained + any-domain cookies. The result of that is worse though, because in that + case the other cookies would not be written resulting in an empty file + once the application is terminated to stop the busy loop. -- non-ascii: Prefer while loop rather than a do loop +Dan Fandrich (18 Jun 2015) +- FTP: fixed compiling with --disable-proxy, broken in b88f980a + +Daniel Stenberg (18 Jun 2015) +- tool: always provide negotiate/kerberos options - This also removes the need to check that the 'form' argument is valid. + libcurl can still be built with it, even if the tool is not. Maintain + independence! -- non-ascii: Reduce variable scope +- TODO: Support IDNA2008 + +- [Viktor Szakats brought this change] + + Makefile.m32: add support for CURL_LDFLAG_EXTRAS - As 'result' isn't used out side the conversion callback code and - previously caused variable shadowing in the libiconv based code. + It is similar to existing CURL_CFLAG_EXTRAS, but for + extra linker option. -- non-ascii: We prefer 'CURLcode result' +- RTSP: removed another piece of dead code - This also fixes a variable shadowing issue when HAVE_ICONV is defined - as rc was declared for the result code of libiconv based functions. + Coverity CID 1306668 -Marc Hoersken (19 Dec 2014) -- secureserver.pl: clean up formatting of config and fix verbose output +- openssl: fix use of uninitialized buffer - Verbose output was not matching the actual configuration file, - because FIPS and Windows conditions were ignored. + Make sure that the error buffer is always initialized and simplify the + use of it to make the logic easier. + + Bug: https://github.com/bagder/curl/issues/318 + Reported-by: sneis -- secureserver.pl: update Windows detection and fix path conversion +- examples: more descriptions -- secureserver.pl: make OpenSSL CApath and cert absolute path values +- examples: add descriptions with - Recent stunnel versions (5.08) seem to have trouble with relative - paths on Windows. This turns the relative paths into absolute ones. - -Patrick Monnerat (18 Dec 2014) -- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. + Using this fixed format for example descriptions, we can generate a + better list on the web site. -- [Kyle J. McKay brought this change] +- libcurl-errors.3: fix typo - parseurlandfillconn(): fix improper non-numeric scope_id stripping. - Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ +- curl_easy_setopt.3: option order doesn't matter -- IPV6: address scope != scope id - There was a confusion between these: this commit tries to disambiguate them. - - Scope can be computed from the address itself. - - Scope id is scope dependent: it is currently defined as 1-based local - interface index for link-local scoped addresses, and as a site index(?) for - (obsolete) site-local addresses. Linux only supports it for link-local - addresses. - The URL parser properly parses a scope id as an interface index, but stores it - in a field named "scope": confusion. The field has been renamed into "scope_id". - Curl_if2ip() used the scope id as it was a scope. This caused failures - to bind to an interface. - Scope is now computed from the addresses and Curl_if2ip() matches them. - If redundantly specified in the URL, scope id is check for mismatch with - the interface index. +- openssl: fix build with BoringSSL - This commit should fix SF bug #1451. + OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression + from cae43a1 -- connect: singleipconnect(): properly try other address families after failure +- [Paul Howarth brought this change] -Daniel Stenberg (16 Dec 2014) -- SFTP: work-around servers that return zero size on STAT + openssl: Fix build with openssl < ~ 0.9.8f - Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html - Pathed-by: Marc Renault - -- glob_next_url: make the loop count upwards - - As the former contruct apparently caused a compiler warning, mentioned - in d8efde07e556c. - -- tool_operate: we prefer 'CURLcode result' + The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at + around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks + builds with older openssls (certainly with 0.9.8b, which is the latest + older version I have to try with). -- tool_urlglob: unify return codes to use CURLcode +- FTP: do the HTTP CONNECT for data connection blocking - There was a mix of GlobCode, CURLcode and ints and they were mostly - passing around CURLcode errors. This change makes the functions use only - CURLcode and removes the GlobCode type completely. - -- tool_urlglob.c: partly reverse dc19789444 + ** WORK-AROUND ** - The loop in glob_next_url() needs to be done backwards to maintain the - logic. dc19789444 caused test 1235 to fail. - -- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME - -- [Jay Satiro brought this change] - - opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS + The introduced non-blocking general behaviour for Curl_proxyCONNECT() + didn't work for the data connection establishment unless it was very + fast. The newly introduced function argument makes it operate in a more + blocking manner, more like it used to work in the past. This blocking + approach is only used when the FTP data connecting through HTTP proxy. - Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and - CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one - that will be used. + Blocking like this is bad. A better fix would make it work more + asynchronously. - Prior to this change that behavior was only noted in the - CURLOPT_TIMEOUT_MS doc. + Bug: https://github.com/bagder/curl/issues/278 -Nick Zitzmann (15 Dec 2014) -- darwinssl: fix incorrect usage of aprintf() - - Commit b13923f changed an snprintf() to use aprintf(), but the API usage - wasn't correct, and was causing a crash to occur. This fixes it. - -Steve Holme (14 Dec 2014) -- copyright: Updated the copyright year following recent updates +- bump: start the journey toward 7.44.0 -Daniel Stenberg (14 Dec 2014) -- tool_urlglob.c: reverse two loops - - By counting from 0 and up instead of backwards like before, we remove - the need for the "funny" check of the unsigned variable when decreased - passed zero. Easier to read and less risk for compiler warnings. +Jay Satiro (17 Jun 2015) +- CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes -Marc Hoersken (14 Dec 2014) -- tool_urlglob.c: Added braces to clarify the conditions +- CURLOPT_ERRORBUFFER.3: Improve example -- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop - - The >= 0 is actually not required, since i underflows and - the for-loop is stopped using the < condition, but this - makes the VS2012 compiler and code analysis happy. - -- tool_binmode.c: Explicitly ignore the return code of setmode - - Fixes code analysis warning C6031: - return value ignored: could return unexpected value - -- lib: Fixed multiple code analysis warnings if SAL are available - - warning C28252: Inconsistent annotation for function: - parameter has another annotation on this instance - -Steve Holme (14 Dec 2014) -- smb.c: Fixed code analysis warning - - smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, - then cast to 64-bit value. Result may not be an expected - value +Version 7.43.0 (17 Jun 2015) -Marc Hoersken (14 Dec 2014) -- tool_util.c: Use GetTickCount64 if it is available +Daniel Stenberg (17 Jun 2015) +- RELEASE-NOTES: 7.43.0 release -Steve Holme (14 Dec 2014) -- smb: Use HAVE_PROCESS_H for process.h inclusion - - Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H - pre-processor define when including process.h. +- THANKS: updated with 7.43.0 names -Daniel Stenberg (14 Dec 2014) -- darwinssl: aprintf() to allocate the session key - - ... to avoid using a fixed memory size that risks being too large or too - small. +- [Kamil Dudka brought this change] -Marc Hoersken (14 Dec 2014) -- curl_schannel: Improvements to memory re-allocation strategy + http: do not leak basic auth credentials on re-used connections - - do not grow memory by doubling its size - - do not leak previously allocated memory if reallocation fails - - replace while-loop with a single check to make sure - that the requested amount of data fits into the buffer + CVE-2015-3236 - Bug: http://curl.haxx.se/bug/view.cgi?id=1450 - Reported-by: Warren Menzer - -Steve Holme (14 Dec 2014) -- asyn-ares: We prefer use of 'CURLcode result' - -Marc Hoersken (14 Dec 2014) -- curl_schannel.c: Data may be available before connection shutdown - -Steve Holme (14 Dec 2014) -- http2: Use 'CURLcode result' for curl result codes - -- asyn-thread: We prefer 'CURLcode result' - -- smb: Fixed unnecessary initialisation of struct member variables + This partially reverts commit curl-7_39_0-237-g87c4abb - There is no need to set the 'state' and 'result' member variables to - SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() - as calloc() initialises the contents to zero. + Reported-by: Tomas Tomecek, Kamil Dudka + Bug: http://curl.haxx.se/docs/adv_20150617A.html -- ntlm: Fixed return code for bad type-2 Target Info - - Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security - buffers just like we do for bad decodes. +- [Kamil Dudka brought this change] -- ntlm: Remove unnecessary casts in readshort_le() - - I don't think both of my fix ups from yesterday were needed to fix the - compilation warning, so remove the one that I think is unnecessary and - let the next Android autobuild prove/disprove it. + test2040: verify basic auth on re-used connections -- curl_ntlm_msgs.c: Another attempt to fix compilation warning +- SMB: rangecheck values read off incoming packet - curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from - 'int' may alter its value - -Guenter Knauf (13 Dec 2014) -- synctime.c: added own user-agent string. - -Steve Holme (13 Dec 2014) -- smb.c: Fixed line longer than 79 columns - -- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 + CVE-2015-3237 - curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from - 'int' may alter its value - -Guenter Knauf (13 Dec 2014) -- mk-ca-bundle.pl: restored forced run again. - -- synctime.c: removed another timeserver URL. + Detected by Coverity. CID 1299430. - worldtimeserver.com seems also no longer available. + Bug: http://curl.haxx.se/docs/adv_20150617B.html -- synctime.c: fixed timeserver URLs. +Jay Satiro (17 Jun 2015) +- schannel: schannel_recv overhaul - For getting the date header its not necessary to access special - pages or even CGI scripts - all pages including the main index - reply with the date header, therefore shortened URLs to domain. - Removed worldtime.com; added pool.ntp.org. - -Steve Holme (13 Dec 2014) -- ftp.c: Fixed compilation warning when no verbose string support + This commit is several drafts squashed together. The changes from each + draft are noted below. If any changes are similar and possibly + contradictory the change in the latest draft takes precedence. - ftp.c:819: warning: unused parameter 'lineno' - -- smb: Added state change functions to assist with debugging + Bug: https://github.com/bagder/curl/issues/244 + Reported-by: Chris Araman - For debugging purposes, and as per other protocols within curl, added - state change functions rather than changing the states directly. - -- ntlm: Use short integer when decoding 16-bit values - -- RELEASE-NOTES: Synced with 6291a16b20 - -- smtp.c: Fixed compilation warnings + %% + %% Draft 1 + %% + - return 0 if len == 0. that will have to be documented. + - continue on and process the caches regardless of raw recv + - if decrypted data will be returned then set the error code to CURLE_OK + and return its count + - if decrypted data will not be returned and the connection has closed + (eg nread == 0) then return 0 and CURLE_OK + - if decrypted data will not be returned and the connection *hasn't* + closed then set the error code to CURLE_AGAIN --only if an error code + isn't already set-- and return -1 + - narrow the Win2k workaround to only Win2k - smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string + %% + %% Draft 2 + %% + - Trying out a change in flow to handle corner cases. - Used array index notation instead. - -- smb: Disable SMB when 64-bit integers are not supported + %% + %% Draft 3 + %% + - Back out the lazier decryption change made in draft2. - This fixes compilation issues with compilers that don't support 64-bit - integers through long long or __int64. - -- ntlm: Disable NTLM v2 when 64-bit integers are not supported + %% + %% Draft 4 + %% + - Some formatting and branching changes + - Decrypt all encrypted cached data when len == 0 + - Save connection closed state + - Change special Win2k check to use connection closed state - This fixes compilation issues with compilers that don't support 64-bit - integers through long long or __int64 which was introduced in commit - 07b66cbfa4. - -- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined + %% + %% Draft 5 + %% + - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the + connection isn't closed. - Previously USE_NTLM2SESSION would only be defined automatically when - USE_NTRESPONSES wasn't already defined. Separated the two definitions - so that the user can manually set USE_NTRESPONSES themselves but - USE_NTLM2SESSION is defined automatically if they don't define it. - -- smtp.c: Fixed line longer than 79 columns - -- config-win32.h: Don't enable Windows Crypt API if using OpenSSL + %% + %% Draft 6 + %% + - Save the last error only if it is an unrecoverable error. - As the OpenSSL and NSS Crypto engines are prefered by the core NTLM - routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT - automatically when either OpenSSL or NSS are in use - doing so would - disable NTLM2Session responses in NTLM type-3 messages. - -- smtp: Fixed inappropriate free of the scratch buffer + Prior to this I saved the last error state in all cases; unfortunately + the logic to cover that in all cases would lead to some muddle and I'm + concerned that could then lead to a bug in the future so I've replaced + it by only recording an unrecoverable error and that state will persist. - If the scratch buffer was allocated in a previous call to - Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent - call and no action taken by that call, then an attempt would be made to - try and free the buffer which, by now, would be part of the data->state - structure. + - Do not recurse on renegotiation. - This bug was introduced in commit 4bd860a001. - -- smtp: Fixed dot stuffing when EOL characters were at end of input buffers + Instead we'll continue on to process any trailing encrypted data + received during the renegotiation only. - Fixed a problem with the CRLF. detection when multiple buffers were - used to upload an email to libcurl and the line ending character(s) - appeared at the end of each buffer. This meant any lines which started - with . would not be escaped into .. and could be interpreted as the end - of transmission string instead. + - Move the err checks in cleanup after the check for decrypted data. - This only affected libcurl based applications that used a read function - and wasn't reproducible with the curl command-line tool. + In either case decrypted data is always returned but I think it's easier + to understand when those err checks come after the decrypted data check. - Bug: http://curl.haxx.se/bug/view.cgi?id=1456 - Assisted-by: Patrick Monnerat - -Daniel Stenberg (11 Dec 2014) -- telnet: fix "cast increases required alignment of target type" - -- ntlm_wb_response: fix "statement not reached" + %% + %% Draft 7 + %% + - Regardless of len value go directly to cleanup if there is an + unrecoverable error or a close_notify was already received. Prior to + this change we only acknowledged those two states if len != 0. - ... and I could use a break instead of a goto to end the loop. + - Fix a bug in connection closed behavior: Set the error state in the + cleanup, because we don't know for sure it's an error until that time. - Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html - Reported-by: Tor Arntsen - -Steve Holme (10 Dec 2014) -- RELEASE-NOTES: Synced with 1cc5194337 + - (Related to above) In the case the connection is closed go "greedy" + with the decryption to make sure all remaining encrypted data has been + decrypted even if it is not needed at that time by the caller. This is + necessary because we can only tell if the connection closed gracefully + (close_notify) once all encrypted data has been decrypted. - Added some bug fixes that I had missed in previous synchronisations. - -Daniel Stenberg (10 Dec 2014) -- Curl_unix2addr: avoid using the variable name 'sun' + - Do not renegotiate when an unrecoverable error is pending. - I suspect this causes compile failures on Solaris: + %% + %% Draft 8 + %% + - Don't show 'server closed the connection' info message twice. - Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html + - Show an info message if server closed abruptly (missing close_notify). -Steve Holme (10 Dec 2014) -- url.c: Fixed compilation warning when USE_NTLM is not defined - - url.c:3078: warning: variable 'credentialsMatch' set but not used +Daniel Stenberg (16 Jun 2015) +- [Paul Oliver brought this change] -- parsedate.c: Fixed compilation warning + Fix typo in docs - parsedate.c:548: warning: 'parsed' may be used uninitialized in this - function - - As curl_getdate() returns -1 when parsedate() fails we can initialise - parsed to -1. + s/curret/current/ -Daniel Stenberg (10 Dec 2014) -- TODO: Cache negative name resolves - - Worth exploring +- [Viktor Szakats brought this change] -- ldap: check Curl_client_write() return codes - - There might be one or two memory leaks left in the error paths. + docs: update URLs -- ldap: rename variables to comply to curl standards +- RELEASE-NOTES: synced with f29f2cbd00dbe5f -Dan Fandrich (10 Dec 2014) -- sws.c: Fixed 'rc' may be used uninitialized warning +- [Viktor Szakats brought this change] -- cookies: Improved OOM handling in cookies - - This fixes the test 506 torture test. The internal cookie API really - ought to be improved to separate cookie parsing errors (which may be - ignored) with OOM errors (which should be fatal). + README: use secure protocol for Git repository -Guenter Knauf (9 Dec 2014) -- synctime.c: fixed user-agent setting. - - Some websites meanwhile refuse to reply to requests from ancient - browsers like IE6, therefore I've comment out this setting, but - also fixed the string to now fake IE8 if someone enables it. +- [Viktor Szakats brought this change] -Daniel Stenberg (9 Dec 2014) -- smb: fix unused return code warning + HTTP2.md: use SSL/TLS IETF URLs -Patrick Monnerat (9 Dec 2014) -- Curl_client_write() & al.: chop long data, convert data only once. +- [Viktor Szakats brought this change] -Guenter Knauf (9 Dec 2014) -- VC build: added sspi define for winssl-zlib builds. - -Daniel Stenberg (9 Dec 2014) -- schannel_recv: return the correct code + LICENSE-MIXING: update URLs - Bug: http://curl.haxx.se/bug/view.cgi?id=1462 - Reported-by: Tae Hyoung Ahn - -- http2: avoid logging neg "failure" if h2 was not requested - -- openldap: do not ignore Curl_client_write() return codes + * use SSL/TLS where available + * follow permanent redirects -- compile: warn on unused return code from Curl_client_write() +- LICENSE-MIXING: refreshed -Patrick Monnerat (8 Dec 2014) -- SMB: Fix a data size mismatch that broke SMB on big-endian platforms +- curl_easy_duphandle: see also *reset -Steve Holme (7 Dec 2014) -- smb: Fixed Windows autoconf builds following commit eb88d778e7 +- rtsp_do: fix DEAD CODE - As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO - either explicitly through --enable-win32-cypto or automatically on - _WIN32 based platforms, subsequent builds broke with the following - error message: + "At condition p_request, the value of p_request cannot be NULL." - "Can't compile NTLM support without a crypto library." - -- RELEASE-NOTES: Synced with 526603ff05 - -- [Bill Nagel brought this change] + Coverity CID 1306668. - smb: Build with SSPI enabled +- security:choose_mech fix DEAD CODE warning - Build SMB/CIFS protocol support when SSPI is enabled. - -- [Bill Nagel brought this change] - - ntlm: Use Windows Crypt API + ... by removing the "do {} while (0)" block. - Allow the use of the Windows Crypt API for NTLMv1 functions. + Coverity CID 1306669 -Dan Fandrich (7 Dec 2014) -- cookie.c: Refactored cleanup code to simplify - - Also, fixed the outdated comments on the cookie API. +- curl.1: netrc is in man section 5 -- get_url_file_name: Fixed crash on OOM on debug build +- curl.1: small format fix - This caused a null-pointer dereference which caused a few dozen - torture tests to fail. + use \fI-style instead of .BR for references -Steve Holme (6 Dec 2014) -- sws.c: Fixed compilation warning +- urldata: store POST size in state.infilesize too - sws.c:2191 warning: 'rc' may be used uninitialized in this function - -- ftp.c: Fixed compilation warnings when proxy support disabled + ... to simplify checking when PUT _or_ POST have completed. - ftp.c:1827 warning: unused parameter 'newhost' - ftp.c:1827 warning: unused parameter 'newport' + Reported-by: Frank Meier + Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html -- smb: Fixed a problem with large file transfers - - Fixed an issue with the message size calculation where the raw bytes - from the buffer were interpreted as signed values rather than unsigned - values. - - Reported-by: Gisle Vanem - Assisted-by: Bill Nagel +Dan Fandrich (14 Jun 2015) +- test1530: added http to required features -- smb: Moved the URL decoding into a separate function +Jay Satiro (14 Jun 2015) +- [Drake Arconis brought this change] -- smb: Fixed URL encoded URLs not working + build: Fix typo from OpenSSL 1.0.2 version detection fix -- Makefile.inc: Added our standard header and updated file formatting +- [Drake Arconis brought this change] -- Makefile.inc: Updated file formatting - - Aligned continuation character and used space as the separator - character as per other makefile files. + build: Properly detect OpenSSL 1.0.2 when using configure -- curl_md4.h: Updated copyright year following recent edit - - ...and minor layout adjustment. +- curl_multi_info_read.3: fix example formatting -Patrick Monnerat (5 Dec 2014) -- SMB: Fix big endian problems. Make it OS/400 aware. +Daniel Stenberg (13 Jun 2015) +- BINDINGS: there's a new R binding in town! -- OS400: enable NTLM authentication +- BINDINGS: added the Xojo binding -Steve Holme (5 Dec 2014) -- multi.c: Fixed compilation warning +Jay Satiro (11 Jun 2015) +- [Joel Depooter brought this change] + + schannel: Add support for optional client certificates - multi.c:2695: warning: declaration of `exp' shadows a global declaration + Some servers will request a client certificate, but not require one. + This change allows libcurl to connect to such servers when using + schannel as its ssl/tls backend. When a server requests a client + certificate, libcurl will now continue the handshake without one, + rather than terminating the handshake. The server can then decide + if that is acceptable or not. Prior to this change, libcurl would + terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS + error. -Guenter Knauf (5 Dec 2014) -- build: updated dependencies in makefiles. +Daniel Stenberg (11 Jun 2015) +- curl_easy_cleanup.3: provide more SEE ALSO -Steve Holme (5 Dec 2014) -- sasl: Corrected formatting of function descriptions +- debug: remove http2 debug leftovers -- sasl_gssapi: Added missing function description +- VERSIONS: now using markdown -- RELEASE-NOTES: Provided better descriptions - - As it is often difficult to choose the best description for a single - feature when it spans many commits, updated the descriptions for the - recent SMB/CIFS protocol and GSS-API additions. +- RELEASE-PROCEDURE: remove ascii logo at the top of file -- sasl_sspi: Corrected some typos +- INTERNALS: absorbed docs/LIBCURL-STRUCTS -- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data +- INTERNALS: cat lib/README* >> INTERNALS - Don't use a hard coded size of 4 for the security layer and buffer size - in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as - we have done in the sasl_gssapi module. - -- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it + and a conversion to markdown. Removed the lib/README.* files. The idea + being to move toward having INTERNALS as the one and only "book" of + internals documentation. - Reduced the amount of free's required for the decoded challenge message - in Curl_sasl_create_gssapi_security_message() as a result of coding it - differently in the sasl_gssapi module. - -- gssapi: Corrected typo in comments - -- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message() - -Daniel Stenberg (4 Dec 2014) -- [Stefan Bühler brought this change] + Added a TOC to top of the document. - http_perhapsrewind: don't abort CONNECT requests +Jay Satiro (8 Jun 2015) +- openssl: LibreSSL and BoringSSL do not use TLS_client_method - ...they never have a body - -- [Stefan Bühler brought this change] - - HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request + Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of + TLS_client_method LibreSSL and BoringSSL didn't and still use + SSLv23_client_method. - Sending NTLM/Negotiate header again after successful authentication - breaks the connection with certain Proxies and request types (POST to MS - Forefront). + Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 + Reported-by: asavah@users.noreply.github.com -- [Stefan Bühler brought this change] +Daniel Stenberg (9 Jun 2015) +- RELEASE-NOTES: synced with 20ac3458068 - HTTP: don't abort connections with pending Negotiate authentication +- CURLOPT_OPENSOCKETFUNCTION: return error at once - ... similarly to how NTLM works as Negotiate is in fact often NTLM with - another name. + When CURL_SOCKET_BAD is returned in the callback, it should be treated + as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently + created when trying to connect to a server. + + Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html -- [Stefan Bühler brought this change] +- fopen.c: fix a few compiler warnings - fix gdb libtool invocation path +- [Ville Skyttä brought this change] -Steve Holme (4 Dec 2014) -- sasl_gssapi: Fixed missing include from commit d3cca934ee + docs: Spelling fixes -Daniel Stenberg (4 Dec 2014) -- [Jay Satiro brought this change] +- [Ville Skyttä brought this change] - examples: remove sony.com from 10-at-a-time - - Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR - for the sony website because it ends the connection when the request is - missing a user agent. + docs: man page indentation and syntax fixes -Steve Holme (4 Dec 2014) -- sasl_gssapi: Fixed missing decoding debug failure message +Linus Nielsen (8 Jun 2015) +- help: Add --proxy-service-name and --service-name to the --help output -- sasl_gssapi: Fixed honouring of no mutual authentication +Jay Satiro (7 Jun 2015) +- openssl: Fix verification of server-sent legacy intermediates + + - Try building a chain using issuers in the trusted store first to avoid + problems with server-sent legacy intermediates. + + Prior to this change server-sent legacy intermediates with missing + legacy issuers would cause verification to fail even if the client's CA + bundle contained a valid replacement for the intermediate and an + alternate chain could be constructed that would verify successfully. + + https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest -- sasl_sspi: Added more Kerberos V5 decoding debug failure messages +Daniel Stenberg (5 Jun 2015) +- BINDINGS: update several URLs + + Stop linking to the curl.haxx.se anchor pages, they are usually only + themselves pointers to the real page so better point there directly + instead. -Daniel Stenberg (4 Dec 2014) -- [Anthon Pang brought this change] +- BINDINGS: the curl-rust binding - docs: Fix FAILONERROR typos +- curl.h: add CURL_HTTP_VERSION_2 - It returns error for >= 400 HTTP responses. + The protocol is named "HTTP/2" after all. It is an alias for the + existing CURL_HTTP_VERSION_2_0 enum. + +- openssl: removed error string #ifdef - Bug: https://github.com/bagder/curl/pull/129 + ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore -- [Peter Wu brought this change] +- openssl: removed USERDATA_IN_PWD_CALLBACK kludge + + Code for OpenSSL 0.9.4 serves no purpose anymore! - tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output +- openssl: remove SSL_get_session()-using code - Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as - option in the file generated by --libcurl. + It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or + later. + +- openssl: remove dummy callback use from SSL_CTX_set_verify() - Signed-off-by: Peter Wu + The existing callback served no purpose. -- [Peter Wu brought this change] +- LIBCURL-STRUCTS: clarify for multiplexing - opts: fix CURLOPT_UNIX_SOCKET_PATH formatting +Jay Satiro (3 Jun 2015) +- cookie: Stop exporting any-domain cookies - Add .nf and .fi such that the code gets wrapped in a pre on the web. - Fixed grammar, fixed formatting of the "See also" items. + Prior to this change any-domain cookies (cookies without a domain that + are sent to any domain) were exported with domain name "unknown". - Signed-off-by: Peter Wu - -Patrick Monnerat (4 Dec 2014) -- OS400: enable Unix sockets. + Bug: https://github.com/bagder/curl/issues/292 -Daniel Stenberg (3 Dec 2014) -- RELEASE-NOTES: synced with b216427e73b5e9 +Daniel Stenberg (3 Jun 2015) +- RELEASE-PROCEDURE: refreshed 'coming dates' -- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am - -- updateconninfo: clear destination struct before getsockname() +Jay Satiro (2 Jun 2015) +- curl_setup: Change fopen text macros to use 't' for MSDOS - Otherwise we may read uninitialized bytes later in the unix-domain - sockets case. - -- curl.1: added --unix-socket + Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 + Reported-by: Gisle Vanem -- [Peter Wu brought this change] +Daniel Stenberg (2 Jun 2015) +- curl_multi_timeout.3: added example - tool: add --unix-socket option - - Signed-off-by: Peter Wu +- curl_multi_perform.3: added example -- [Peter Wu brought this change] +- curl_multi_info_read.3: added example - libcurl: add UNIX domain sockets support - - The ability to do HTTP requests over a UNIX domain socket has been - requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a - discussion happened, no patch seems to get through. I decided to give it - a go since I need to test a nginx HTTP server which listens on a UNIX - domain socket. - - One patch [3] seems to make it possible to use the - CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. - Another person wrote a Go program which can do HTTP over a UNIX socket - for Docker[4] which uses a special URL scheme (though the name contains - cURL, it has no relation to the cURL library). - - This patch considers support for UNIX domain sockets at the same level - as HTTP proxies / IPv6, it acts as an intermediate socket provider and - not as a separate protocol. Since this feature affects network - operations, a new feature flag was added ("unix-sockets") with a - corresponding CURL_VERSION_UNIX_SOCKETS macro. - - A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This - option enables UNIX domain sockets support for all requests on the - handle (replacing IP sockets and skipping proxies). +- checksrc: detect fopen() for text without the FOPEN_* macros - A new configure option (--enable-unix-sockets) and CMake option - (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I - deliberately did not mark this feature as advanced, this is a - feature/component that should easily be available. + Follow-up to e8423f9ce150 with discussionis in + https://github.com/bagder/curl/pull/258 - [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html - [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ - [2]: http://sourceforge.net/p/curl/feature-requests/53/ - [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html - [4]: https://github.com/Soulou/curl-unix-socket - - Signed-off-by: Peter Wu + This check scans for fopen() with a mode string without 'b' present, as + it may indicate that an FOPEN_* define should rather be used. -- [Peter Wu brought this change] +- curl_getdate.3: update RFC reference - tests: add two HTTP over UNIX socket tests - - test1435: a simple test that checks whether a HTTP request can be - performed over the UNIX socket. The hostname/port are interpreted - by sws and should be ignored by cURL. +Jay Satiro (1 Jun 2015) +- curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT - test1436: test for the ability to do two requests to the same host, - interleaved with one to a different hostname. + - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt" + - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt" - Signed-off-by: Peter Wu - -- [Peter Wu brought this change] - - tests: add HTTP UNIX socket server testing support + This change is to explicitly specify when we need to read/write text. + Unfortunately 't' is not part of POSIX fopen so we can't specify it + directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT. - The variable `$ipvnum` can now contain "unix" besides the integers 4 - and 6 since the variable. Functions which receive this parameter - have their `$port` parameter renamed to `$port_or_path` to support a - path to the UNIX domain socket (as a "port" is only meaningful for TCP). + Prior to this change we had an issue on Windows if an application that + uses libcurl overrides the default file mode to binary. The default file + mode in Windows is normally text mode (translation mode) and that's what + libcurl expects. - Signed-off-by: Peter Wu + Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055 + Reported-by: Orgad Shaneh -- [Peter Wu brought this change] +Daniel Stenberg (1 Jun 2015) +- http2-upload.c: use PIPEWAIT for playing HTTP/2 better - sws: try to remove socket and retry bind +- http2-download: check for CURLPIPE_MULTIPLEX properly - If sws is killed it might leave a stale socket file on the filesystem - which would cause an EADDRINUSE error. After this patch, it is checked - whether the socket is really stale and if so, the socket file gets - removed and another bind is executed. - - Signed-off-by: Peter Wu + Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html + Reported-by: Rafayel Mkrtchyan -- [Peter Wu brought this change] +- [Isaac Boukris brought this change] - sws: add UNIX domain socket support - - This extends sws with a --unix-socket option which causes the port to - be ignored (as the server now listens on the path specified by - --unix-socket). This feature will be available in the following patch - that enables checking for UNIX domain socket support. + HTTP-NTLM: fail auth on connection close instead of looping - Proxy support (CONNECT) is not considered nor tested. It does not make - sense anyway, first connecting through a TCP proxy, then let that TCP - proxy connect to a UNIX socket. - - Signed-off-by: Peter Wu + Bug: https://github.com/bagder/curl/issues/256 -- [Peter Wu brought this change] +- 5.6 Refuse "downgrade" redirects - sws: restrict TCP_NODELAY to IP sockets - - TCP_NODELAY does not make sense for Unix sockets, so enable it only if - the socket is using IP. - - Signed-off-by: Peter Wu +- README.pingpong: removed -Dan Fandrich (3 Dec 2014) -- [Dave Reisner brought this change] +- ROADMAP: remove HTTP/2 multiplexing - its here now - curl.1: fix trivial typo +- HTTP2.md: formatted properly -Steve Holme (3 Dec 2014) -- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message() +- HTTP2: moved docs into docs/ and make it markdown -- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup() +- README.http2: refreshed and added multiplexing info -- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function - - Added helper function for returning a GSS-API compatible SPN. +- dist: add the http2 examples -Daniel Stenberg (3 Dec 2014) -- NSS: enable the CAPATH option - - Bug: http://curl.haxx.se/bug/view.cgi?id=1457 - Patch-by: Tomasz Kojm +- http2 examples: clean up some comments -Steve Holme (3 Dec 2014) -- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds +- examples: added two programs doing multiplexed HTTP/2 -- sasl_gssapi: Added GSS-API based Kerberos V5 variables +- scripts: moved contributors.sh and contrithanks.sh into subdir -- sws.c: Fixed compilation warning when IPv6 is disabled - - sws.c:69: warning: comma at end of enumerator list +- RELEASE-NOTES: synced with c005790ff1c0a -- sasl_gssapi: Made log_gss_error() a common GSS-API function - - Made log_gss_error() a common function so that it can be used in both - the http_negotiate code as well as the curl_sasl_gssapi code. +- [Daniel Melani brought this change] -- sasl_gssapi: Introduced GSS-API based SASL module - - Added the initial version of curl_sasl_gssapi.c and updated the project - files in preparation for adding GSS-API based Kerberos V5 support. + openssl: typo in comment -- smb: Don't try to connect with empty credentials +Jay Satiro (27 May 2015) +- openssl: Use TLS_client_method for OpenSSL 1.1.0+ - On some platforms curl would crash if no credentials were used. As such - added detection of such a use case to prevent this from happening. + SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The + equivalent is TLS_client_method. - Reported-by: Gisle Vanem - -- smb.c: Coding policing of pointer usage + https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557 -- configure: Fixed inclusion of SMB when no crypto engines available +Daniel Stenberg (26 May 2015) +- FAQ: How do I port libcurl to my OS? -Guenter Knauf (1 Dec 2014) -- build: in Makefile.m32 simplified autodetection. - -Daniel Stenberg (30 Nov 2014) -- [Peter Wu brought this change] - - sws: move away from IPv4/IPv4-only assumption +Jay Satiro (25 May 2015) +- CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain - Instead of depending the socket domain type on use_ipv6, specify the - domain type (AF_INET / AF_INET6) as variable. An enum is used here with - switch to avoid compiler warnings in connect_to, complaining that rc - is possibly undefined (which is not possible as socket_domain is - always set). + Document that if Set-Cookie is used without a domain then the cookie is + sent for any domain and will not be modified. - Besides abstracting the socket type, make the debugging messages be - independent on IP (introduce location_str which points to "port XXXXX"). - Rename "ipv_inuse" to "socket_type" and tighten the scope (main). - - Signed-off-by: Peter Wu + Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html + Reported-by: Alexander Dyagilev -- [Peter Wu brought this change] +Daniel Stenberg (25 May 2015) +- [Tatsuhiro Tsujikawa brought this change] - lib/connect: restrict IP/TCP options to said sockets + http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer - This patch prepares for adding UNIX domain sockets support. + Previously, after seeing upgrade to HTTP/2, we feed data followed by + upgrade response headers directly to nghttp2_session_mem_recv() in + Curl_http2_switched(). But it turns out that passed buffer, mem, is + part of stream->mem, and callbacks called by + nghttp2_session_mem_recv() will write stream specific data into + stream->mem, overwriting input data. This will corrupt input, and + most likely frame length error is detected by nghttp2 library. The + fix is first copy the passed data to HTTP/2 connection buffer, + httpc->inbuf, and call nghttp2_session_mem_recv(). + +Jay Satiro (24 May 2015) +- CURLOPT_COOKIE.3: Explain that the cookies won't be modified - TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not - apply these to other socket types. bindlocal only works for IP sockets - (independent of TCP/UDP), so filter that out too for other types. + The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the + outgoing request(s)." However there seems to be some user confusion + about cookie modification. Document that the cookies set by this option + are not modified by the cookie engine. - Signed-off-by: Peter Wu + Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html + Reported-by: Alexander Dyagilev + +- CURLOPT_COOKIELIST.3: Add example -- smb.c: use size_t as input argument types for msg sizes +Dan Fandrich (24 May 2015) +- testcurl.pl: use rel2abs to make the source directory absolute - This fixes warnings about conversions to int + This function makes a platform-specific absolute path which uses + backslashes on Windows. This form works when passing it on the + command-line, as well as if the source is on another drive. -Steve Holme (30 Nov 2014) -- version: The next release will become 7.40.0 +- conncache: fixed memory leak on OOM (torture tests) -- [Bill Nagel brought this change] +Daniel Stenberg (24 May 2015) +- perl: remove subdir, not touched in 9 years - docs: Updated for the SMB protocol - - This patch updates the documentation for the SMB/CIFS protocol. +- log2changes.pl: moved to scripts/ -- curl tool: Exclude SMB from the protocol redirect - - As local files could be accessed through \\localhost\c$. +- [Alessandro Ghedini brought this change] -- [Bill Nagel brought this change] + scripts: add zsh.pl for generating zsh completion - curl tool: Enable support for the SMB protocol - - This patch enables SMB/CIFS support in the curl command-line tool. +Dan Fandrich (23 May 2015) +- test1510: another flaky test -- smb.c: Fixed compilation warnings +Daniel Stenberg (22 May 2015) +- security: fix "Unchecked return value" from sscanf() - smb.c:398: warning: comparison of integers of different signs: - 'ssize_t' (aka 'long') and 'unsigned long' - smb.c:443: warning: comparison of integers of different signs: - 'ssize_t' (aka 'long') and 'unsigned long' - -- libcurl: Exclude SMB from the protocol redirect + By (void) prefixing it and adding a comment. Did some minor related + cleanups. - As local files could be accessed through \\localhost\c$. - -- [Bill Nagel brought this change] + Coverity CID 1299423. - libcurl: Enable support for the SMB protocol +- security: simplify choose_mech - This patch enables SMB/CIFS support in libcurl. - -- smb.c: Fixed compilation warnings + Coverity CID 1299424 identified dead code because of checks that could + never equal true (if the mechanism's name was NULL). - smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned - int' may alter its value - smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned - int' may alter its value - smb.c:482: warning: conversion to 'short unsigned int' from 'int' may - alter its value - smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may - alter its value - smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may - alter its value - smb.c:550: warning: conversion to 'short unsigned int' from 'int' may - alter its value + Simplified the function by removing a level of pointers and removing the + loop and array that weren't used. -- smb.c: Renamed SMB command message variables to avoid compiler warnings +- RTSP: catch attempted unsupported requests better - smb.c:489: warning: declaration of 'close' shadows a global declaration - smb.c:511: warning: declaration of 'read' shadows a global declaration - smb.c:528: warning: declaration of 'write' shadows a global declaration - -- smb.c: Fixed compilation warnings + Replace use of assert with code that properly catches bad input at + run-time even in non-debug builds. - smb.c:212: warning: unused parameter 'done' - smb.c:380: warning: ISO C does not allow extra ';' outside of a function - smb.c:812: warning: unused parameter 'premature' - smb.c:822: warning: unused parameter 'dead' + This flaw was sort of detected by Coverity CID 1299425 which claimed the + "case RTSPREQ_NONE" was dead code. -- smb.c: Fixed compilation warnings +- share_init: fix OOM crash - smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short', - possible loss of data - smb.c:425: warning: conversion from '__int64' to 'unsigned short', - possible loss of data - smb.c:452: warning: conversion from '__int64' to 'unsigned short', - possible loss of data - -- smb.c: Fixed compilation warnings + A failed calloc() would lead to NULL pointer use. - smb.c:162: error: comma at end of enumerator list - smb.c:469: warning: conversion from 'size_t' to 'unsigned short', - possible loss of data - smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int', - possible loss of data - smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int', - possible loss of data + Coverity CID 1299427. -- [Bill Nagel brought this change] - - smb: Added initial SMB functionality +- parse_proxy: switch off tunneling if non-HTTP proxy - Initial implementation of the SMB/CIFS protocol. + non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL + + Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html + Reported-by: Sean Boudreau -- [Bill Nagel brought this change] +- curl: fix potential NULL dereference + + Coverity CID 1299428: Dereference after null check (FORWARD_NULL) - smb: Added SMB handler interfaces +- http2: on_frame_recv: return early on stream 0 - Added the SMB and SMBS handler interface structures and associated - functions required for SMB/CIFS operation. + Coverity CID 1299426 warned about possible NULL dereference otherwise, + but that would only ever happen if we get invalid HTTP/2 data with + frames for stream 0. Avoid this risk by returning early when stream 0 is + used. -- transfer: Code style policing +- http: removed self assignment + + Follow-up fix from b0143a2a33f0 - Prefer ! rather than NULL in if statements, added comments and updated - function spacing, argument spacing and line spacing to be more readble. + Detected by coverity. CID 1299429 + +- [Tatsuhiro Tsujikawa brought this change] -- transfer: Fixed existing scratch buffer being checked for NULL twice + http2: Make HTTP Upgrade work - If the scratch buffer already existed when the CRLF conversion was - performed then the buffer pointer would be checked twice for NULL. This - second check is only necessary if the call to malloc() was performed by - the first check. + This commit just add implicitly opened stream 1 to streams hash. -- smtp: Fixed dot stuffing being performed when no new data read +Jay Satiro (22 May 2015) +- strerror: Change SEC_E_ILLEGAL_MESSAGE description - Whilst I had moved the dot stuffing code from being performed before - CRLF conversion takes place to after it, in commit 4bd860a001, I had - moved it outside the 'when something read' block of code when meant - it could perform the dot stuffing twice on partial send if nread - happened to contain the right values. It also meant the function could - potentially read past the end of buffer. This was highlighted by the - following warning: + Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS + and language specific, and invariably translated to something not very + helpful like: "The message received was unexpected or badly formatted." - warning: `nread' might be used uninitialized in this function + Bug: https://github.com/bagder/curl/issues/267 + Reported-by: Michael Osipov -Daniel Stenberg (29 Nov 2014) -- smb.h: fixed picky compiler warning +- telnet: Fix read-callback change for Windows builds - smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic] - -Steve Holme (29 Nov 2014) -- tests: Disable test 1013 until SMB is fully added + Refer to b0143a2 for more information on the read-callback change. -- [Bill Nagel brought this change] +Daniel Stenberg (21 May 2015) +- CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy! - smb: Added SMB protocol and port definitions +Dan Fandrich (21 May 2015) +- testcurl.pl: allow source to be in an arbitrary directory - Added the necessary protocol and port definitions in order to support - SMB/CIFS. + This way, the build directory can be located on an entirely different + filesystem from the source code (e.g. a tmpfs). -- [Bill Nagel brought this change] +Daniel Stenberg (20 May 2015) +- read_callback: move to SessionHandle from connectdata + + With many easy handles using the same connection for multiplexing, it is + important we store and keep the transfer-oriented stuff in the + SessionHandle so that callbacks and callback data work fine even when + many easy handles share the same physical connection. - smb: Added internal SMB definitions and structures +- http2: show stream IDs in decimal - Added the internal definitions and structures necessary for SMB/CIFS - support. + It makes them easier to match output from the nghttpd test server. -- [Bill Nagel brought this change] +- [Tatsuhiro Tsujikawa brought this change] - smb: Added SMB connection structure + http2: Faster http2 upload - Added the connection structure that will be required in urldata.h for - SMB/CIFS based connections. + Previously, when we send all given buffer in data_source_callback, we + return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream + temporarily for writing. This itself is good. If this is the sole + stream in the session, nghttp2_session_want_write() returns zero, + which means that libcurl does not check writeability of the underlying + socket. This leads to very slow upload, because it seems curl only + upload 16k something per 1 second. To fix this, if we still have data + to send, call nghttp2_session_resume_data after nghttp2_session_send. + This makes nghttp2_session_want_write() returns nonzero (if connection + window still opens), and as a result, socket writeability is checked, + and upload speed becomes normal. -- [Bill Nagel brought this change] +- [Dmitry Eremin-Solenikov brought this change] - smb: Added initial source files for SMB + gtls: don't fail on non-fatal alerts during handshake - Added the initial source files and updated the relevant project files in - order to support SMB/CIFS. + Stop curl from failing when non-fatal alert is received during + handshake. This e.g. fixes lots of problems when working with https + sites through proxies. -- [Bill Nagel brought this change] +- curl_easy_unescape.3: update RFC reference + + Reported-by: bsammon + Bug: https://github.com/bagder/curl/issues/282 - smb: Added configuration options for SMB +Jay Satiro (20 May 2015) +- CURLOPT_POSTFIELDS.3: Mention curl_easy_escape - Added --enable-smb and --disable-smb configuration options for the - upcoming SMB/CIFS protocol support. + .. also correct some variable naming in curl_easy_escape.3 + + Bug: https://github.com/bagder/curl/issues/281 + Reported-by: bsammon@users.noreply.github.com -Daniel Stenberg (28 Nov 2014) -- [Peter Wu brought this change] +Daniel Stenberg (19 May 2015) +- [Brian Prodoehl brought this change] - runtests.pl: fix startup of IPv6 servers - - Commit curl-7_23_1-143-g8218064 changed the parameter of - responsive_http_server to accept types other than IPv6 (converting - from a boolean to a string), but only considered the lower-case "ipv6" - and not the "IPv6" variant. This caused all servers to start in IPv4 - mode instead. + openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg - This patch converts the remaining cases to "ipv6". While not strictly - necessary for the run*server variants, these got also converted for - consistency and to prevent future errors. + BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl + and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and + OpenSSL. - Signed-off-by: Peter Wu + re #275 -- [Peter Wu brought this change] +Jay Satiro (19 May 2015) +- curl.1: fix missing space in section --data - runtests.pl: fix warning message, remove duplicate value +Daniel Stenberg (19 May 2015) +- transfer: remove erroneous and misleading comment + +Kamil Dudka (19 May 2015) +- http: silence compile-time warnings without USE_NGHTTP2 + + Error: CLANG_WARNING: + lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read - Signed-off-by: Peter Wu + Error: COMPILER_WARNING: + lib/http.c: scope_hint: In function ‘http_disconnect’ + lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable] -Steve Holme (27 Nov 2014) -- http.c: Fixed compilation warnings from features being disabled +Jay Satiro (19 May 2015) +- transfer: Replace __func__ instances with function name - warning: unused variable 'data' - warning: variable 'addcookies' set but not used + .. also make __func__ replacement in multi. - ...and some very minor coding style policing. + Prior to this change debug builds would fail to build if the compiler + was building pre-c99 and didn't support __func__. -- RELEASE-NOTES: Synced with c5399c827d +Daniel Stenberg (19 May 2015) +- [Viktor Szakats brought this change] -- tests: Added SMTP with --crlf test case + build: bump version in default nghttp2 paths -- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion +- INTERNALS: we require nghttp2 1.0.0+ now -- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob() - - ...and some comment typos! +Jay Satiro (18 May 2015) +- http: Add some include guards for the new HTTP/2 stuff -- smtp: Added support for the conversion of Unix newlines during mail send - - Added support for the automatic conversion of Unix newlines to CRLF - during mail uploads. +Daniel Stenberg (18 May 2015) +- http2: store upload state per stream - Feature: http://curl.haxx.se/bug/view.cgi?id=1456 + Use a curl_off_t for upload left -- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols +- http2: fix build when NOT h2-enabled -Daniel Stenberg (25 Nov 2014) -- curl*3: added small examples +- http2: switch to use Curl_hash_destroy() - and some minor edits + as after 4883f7019d3, the *_clean() function only flushes the hash. -- libcurl.3: fix formatting +- curlver: restore LIBCURL_VERSION_NUM defined as a full number - refer to functions with the man page section properly + As it breaks configure, curl-config and test 1023 if not. -- man pages: SEE ALSO curl_multi_wait +- [Anthony Avina brought this change] -- curl_multi_wait.3: clarify numfds being used if not NULL - -- multi-single.c: switch to use curl_multi_wait + hostip: fix unintended destruction of hash table - Makes the example much easier and straight-forward! + .. and added unit1602 for hash.c -- testcurl: bump the version of this script! +- curlver: introducing new version number (checking) macros -- testcurl: skip reading the setup file if given enough cmdline info - - This makes it much easier to run multiple tests in the same directory, - just altering the command lines used. +- runtests.pl: use 'h2c' now, no -14 anymore -- select.c: fix compilation for VxWorks - - Reported-by: Brian - Bug: http://curl.haxx.se/bug/view.cgi?id=1455 +- [Tatsuhiro Tsujikawa brought this change] -Patrick Monnerat (24 Nov 2014) -- [moparisthebest brought this change] + http2: Ignore if we have stream ID not in hash in on_stream_close + + We could get stream ID not in the hash in on_stream_close. For + example, if we decided to reject stream (e.g., PUSH_PROMISE), then we + don't create stream and store it in hash with its stream ID. - SSL: Add PEM format support for public key pinning +- [Tatsuhiro Tsujikawa brought this change] -Kamil Dudka (24 Nov 2014) -- Revert "repository: ignore patch files generated by git" + Require nghttp2 v1.0.0 - This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61. + This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0, + and utilize recent version of nghttp2 to simplify the code, - Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738 - -Steve Holme (23 Nov 2014) -- multi.c: Fixed compilation warnings when no verbose string support + First we use nghttp2_option_set_no_recv_client_magic function to + detect nghttp2 v1.0.0. That function only exists since v1.0.0. - warning: variable 'connection_id' set but not used - warning: unused parameter 'lineno' - -- RELEASE-NOTES: Synced with 1450712e76 + Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and + validates received header field. If it found error, RST_STREAM with + PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize + this feature to simplify libcurl code. This commit does this. + + Migration from 0.7 series are done based on nghttp2 migration + document. For libcurl, we removed the code sending first 24 bytes + client magic. It is now done by nghttp2 library. + on_invalid_frame_recv callback signature changed, and is updated + accordingly. -- sasl: Tidied up some parameter comments +- http2: infof length in on_frame_send() -- sasl: Reduced the need for two sets of NTLM functions +- pipeline: switch some code over to functions + + ... to "compartmentalize" a bit and make it easier to change behavior + when multiplexing is used instead of good old pipelining. -- ntlm: Moved NSS initialisation to base decode function +- symbols-in-versions: add CURLOPT_PIPEWAIT -- http_ntlm: Fixed additional NSS initialisation call when decoding type-2 +- CURLOPT_PIPEWAIT: added - After commit 48d19acb7c the HTTP code would call Curl_nss_force_init() - twice when decoding a NTLM type-2 message, once directly and the other - through the call to Curl_sasl_decode_ntlm_type2_message(). + By setting this option to 1 libcurl will wait for a connection to reveal + if it is possible to pipeline/multiplex on before it continues. -- ntlm: Fixed static'ness of local decode function +- Curl_http_readwrite_headers: minor code simplification -- ntlm: Corrected some parameter names and comments +- IsPipeliningPossible: fixed for http2 -- runtests.pl: Re-aligned feature support comments +- http2: bump the h2 buffer size to 32K for speed -- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature - - In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto - feature. +- http2: remove the stream from the hash in stream_close callback - ...and converted tab characters, from commit 4b4e8a5853, to spaces. + ... and suddenly things work much better! -- runtests.pl: Added support for SPNEGO +- http2: if there is paused data, do not clear the drain field -- runtests.pl: Added Kerberos detection +- http2: rename s/data/pausedata -- runtests.pl: Added GSS-API detection +- http2: "stream %x" in all outputs to make it easier to search for -- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list - -- FILEFORMAT: Added test requires feature not present information +- http2: Curl_expire() all handles with incoming traffic - Such as !SSPI as we do for the NTLM and Digest tests. - -Daniel Stenberg (20 Nov 2014) -- http.c: log if it notices HTTP 1.1 after a upgrade to http2 + ... so that they'll get handled next in the multi loop. -- test1801: first real http2 test case +- http2: don't signal settings change for same values -- sws: initial tiny steps toward http2 support +- http2: set default concurrency, fix ConnectionExists for multiplex -- FILEFORMAT: mention the new upgrade support +- bundles: store no/default/pipeline/multiplex + + to allow code to act differently on the situation. + + Also added some more info message for the connection re-use function to + make it clearer when connections are not re-used. -- test1800: first plain-text http2 test case +- http2: lazy init header_recvbuf - Verifies the upgrade request, but gets a plain 1.1 response + It makes us use less memory when not doing HTTP/2 and subsequently also + makes us not have to cleanup HTTP/2 related data when not using HTTP/2! -- [Tatsuhiro Tsujikawa brought this change] +- http2: separate multiplex/pipelining + cleanup memory leaks - http: Disable pipelining for HTTP/2 and upgraded connections - - This commit disables pipelining for HTTP/2 or upgraded connections. For - HTTP/2, we do not support multiplexing. In general, requests cannot be - pipelined in an upgraded connection, since it is now different protocol. +- CURLMOPT_PIPELINE: bit 1 is for multiplexing -- [Brad Harder brought this change] +- [Tatsuhiro Tsujikawa brought this change] - CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option + http2: Fix bug that data to be drained are overwritten by pending "paused" data -Steve Holme (19 Nov 2014) -- multi-uv.c: Updated for curl coding standards +- [Tatsuhiro Tsujikawa brought this change] -- conncache: Fixed specifiers in infof() for long and size_t variables + http2: Don't call nghttp2_session_mem_recv while it is paused by a stream -- [Peter Wu brought this change] +- [Tatsuhiro Tsujikawa brought this change] - cmake: add Kerberos to the supported features + http2: Read data left in connection buffer after pause - Updated following commit eda919f and a4b7f71. - - Acked-by: Brad King - Signed-off-by: Peter Wu + Previously when we do pause because of out of buffer, we just throw + away unread data in connection buffer. This just broke protocol + framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this + issue by remembering how much data read, and in the next iteration, we + process remaining data. -- [Peter Wu brought this change] +- [Tatsuhiro Tsujikawa brought this change] - cmake: fix NTLM detection when CURL_DISABLE_HTTP defined + http2: Fix streams get stuck - Updated following changes in commit f0d860d. + This commit fixes the bug that streams get stuck if stream gets some + DATA, and stream->closed becomes true at the same time. Previously, + in this condition, after we processed DATA, we are going to try to + read data from underlying transport, but there is no data, and gets + EAGAIN. There was no code path to evaludate stream->closed. + +- http2: store incoming h2 SETTINGS + +- pipeline: move function to pipeline.c and make static - Acked-by: Brad King - Signed-off-by: Peter Wu + ... as it was only used from there. -Daniel Stenberg (19 Nov 2014) -- RELEASE-NOTES: synced with cb13fad733e +- IsPipeliningPossible: http2 can always "pipeline" (multiplex) -- [Jay Satiro brought this change] +- http2: remove debug logging from on_frame_recv - examples: Wait recommended 100ms when no file descriptors are ready - - Prior to this change when no file descriptors were ready on platforms - other than Windows the multi examples would sleep whatever was in - timeout, which may or may not have been less than the minimum - recommended value [1] of 100ms. +- http2: remove the closed check in http2_recv - [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html + With the "drained" functionality we can get here slightly asynchronously + so the stream have have been closed but there is pending data left to + read. -- [Waldek Kozba brought this change] +- http2: bump the h2 buffer to 8K - multi-uv.c: close the file handle after download +- http2: Curl_read should not use the single buffer + + ... as it does for pipelining when we're multiplexing, as we need the + different buffers to store incoming data correctly for all streams. -- [Jon Spencer brought this change] +- http2: more debug outputs - multi: inform about closed sockets before they are closed +- http2: leave WAITPERFORM when conn is multiplexed - When the connection code decides to close a socket it informs the multi - system via the Curl_multi_closed function. The multi system may, in - turn, invoke the CURLMOPT_SOCKETFUNCTION function with - CURL_POLL_REMOVE. This happens after the socket has already been - closed. Reorder the code so that CURL_POLL_REMOVE is called before the - socket is closed. + No need to wait for our "spot" like for pipelining -Guenter Knauf (19 Nov 2014) -- build: in Makefile.m32 moved target autodetection. +- http2: force "drainage" of streams - Moved target autodetection block after defining CC macro. - -- build: in Makefile.m32 simplify platform flags. + ... which is necessary since the socket won't be readable but there is + data waiting in the buffer. -- build: in Makefile.m32 try to detect 64bit target. +- http2: move the mem+len pair to the stream struct -Daniel Stenberg (19 Nov 2014) -- [Brad King brought this change] +- http2: more stream-oriented data, stream ID 0 is for connections - CMake: Simplify if() conditions on check result variables +- http2: move lots of state data to the 'stream' struct - Remove use of an old hack that takes advantage of the auto-dereference - behavior of the if() command to detect if a variable is defined. The - hack has the form: + ... from the connection struct. The stream one being the 'struct HTTP' + which is kept in the SessionHandle struct (easy handle). - if("${VAR} MATCHES "^${VAR}$") - - where "${VAR}" is a macro argument reference. Use if(DEFINED) instead. - This also avoids warnings for CMake Policy CMP0054 in CMake 3.1. + lookup streams for incoming frames in the stream hash, hashing is based + on the stream id and we get the SessionHandle for the incoming stream + that way. -- TODO-RELEASE: removed +- HTTP: partial start at fixing up hash-lookups on http2 frame receival -- [Carlo Wood brought this change] +- http: a stream hash for h2 multiplexing - debug: added new connection cache output, plus fixups - - Debug output 'typo' fix. +- http: a stream hash for h2 multiplexing + +- http2: debug log when receiving unexpected stream_id + +- http2: move stream_id to the HTTP struct (per-stream) + +- Curl_http2_setup: only do it once and enable multiplex on the server - Don't print an extra "0x" in - * Pipe broke: handle 0x0x2546d88, url = / + Once we know we are HTTP/2 enabled we know the server can multiplex. + +- http: switch on "pipelining" (multiplexing) for HTTP/2 servers - Add debug output. - Print the number of connections in the connection cache when - adding one, and not only when one is removed. + ... and do not blacklist any. + +- README.pipelining: removed - Fix typos in comments. + All the details mentioned here are better documented in man pages -- multi: move the ending condition into the loop as well +Dan Fandrich (14 May 2015) +- build: removed bundles.c from make files - ... as it was before I changed the loop in commit e04ccbd50. It caused - test 2030 and 2032 to fail. + This file was removed in commit fd137786 + +Daniel Stenberg (14 May 2015) +- Curl_conncache_add_conn: fix memory leak on OOM -Steve Holme (18 Nov 2014) -- multi: Prefer we don't use CURLE_OK and NULL in comparisons +- CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number -Daniel Stenberg (18 Nov 2014) -- multi_runsingle: use 'result' for local CURLcode storage +- conncache: keep bundles on host+port bases, not only host names - ... and assign data->result only at the end. Makes the code more compact - (easier to read) and more similar to other code. + Previously we counted all connections to a specific host name and that + would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example, + while servers on different port numbers are normally considered + different "origins" on the web and should thus be considered different + hosts. -- multi_runsingle: rename result to rc +- bundles: merged into conncache.c - save 'result' for CURLcode types + All the existing Curl_bundle* functions were only ever used from within + the conncache.c file, so I moved them over and made them static (and + removed the Curl_ prefix). -- multi: make multi_runsingle loop internally +- hostcache: made all host caches use structs, not pointers - simplifies the use of this function at little cost. + This avoids unnecessary dynamic allocs and as this also removed the last + users of *hash_alloc() and *hash_destroy(), those two functions are now + removed. -- [Carlo Wood brought this change] +- multi: converted socket hash into non-allocated struct + + avoids extra dynamic allocation - multi: when leaving for timeout, close accordingly +- connection cache: avoid Curl_hash_alloc() - Fixes the problem when a transfer in a pipeline times out. + ... by using plain structs instead of pointers for the connection cache, + we can avoid several dynamic allocations that weren't necessary. -Guenter Knauf (18 Nov 2014) -- build: in Makefile.m32 add -m32 flag for 32bit. +- proxy: add newline to info message -- mk-ca-bundle.vbs: update copyright year. +Patrick Monnerat (8 May 2015) +- FTP: fix dangling conn->ip_addr dereference on verbose EPSV. -- build: in Makefile.m32 pass -F flag to windres. +- FTP: Make EPSV use the control IP address rather than the original host. + This ensures an alternate address is not used. + Does not apply to proxy tunnel. -Steve Holme (17 Nov 2014) -- config-win32: Fixed build targets for the VS2012+ Windows XP toolset - - Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had - forgotten to include the relevant pre-processor definitions. +Daniel Stenberg (8 May 2015) +- [Alessandro Ghedini brought this change] -- sasl_sspi: Removed note about the NTLM functions being a wrapper + tool_help: fix formatting for --next option -- connect.c: Fixed compilation warning when no verbose string support - - warning: unused parameter 'reason' +- [Egon Eckert brought this change] -- easy.c: Fixed compilation warning when no verbose string support - - warning: unused parameter 'easy' + opts: improved the TCP keepalive examples -- win32: Updated some legacy APIs to use the newer extended versions +Jay Satiro (8 May 2015) +- winbuild: Document the option used to statically link the CRT - Updated the usage of some legacy APIs, that are preventing curl from - compiling for Windows Store and Windows Phone build targets. + - Document option RTLIBCFG (runtime library configuration). - Suggested-by: Stefan Neis - Feature: http://sourceforge.net/p/curl/feature-requests/82/ + Bug: https://github.com/bagder/curl/issues/254 + Reported-by: Bert Huijben -- config-win32: Introduce build targets for VS2012+ - - Visual Studio 2012 introduced support for Windows Store apps as well as - supporting Windows Phone 8. Introduced build targets that allow more - modern APIs to be used as certain legacy ones are not available on these - new platforms. +- [Orgad Shaneh brought this change] -- sasl_sspi: Fixed compilation warnings when no verbose string support - -- sasl_sspi: Added base64 decoding debug failure messages + netrc: Read in text mode when cygwin + + Use text mode when cygwin to eliminate trailing carriage returns. - Just like in the NTLM code, added infof() failure messages for - DIGEST-MD5 and GSSAPI authentication when base64 decoding fails. + Bug: https://github.com/bagder/curl/pull/258 -- ntlm: Moved the SSPI based Type-3 message generation into the SASL module +Patrick Monnerat (5 May 2015) +- OS400: Add SPNEGO service name options to ILE/RPG binding. -- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module +Daniel Stenberg (4 May 2015) +- curl_multi_info_read.3: fix typo + + Reported-by: Liviu Chircu -- ntlm: Moved the SSPI based Type-1 message generation into the SASL module +- MANUAL: language fix + + Reported-by: Fred Stluka + Bug: https://github.com/bagder/curl/issues/255 -- [Michael Osipov brought this change] +- [Alessandro Ghedini brought this change] - kerberos: Use symbol qualified with _KERBEROS5 + gtls: properly retrieve certificate status - For consistency renamed USE_KRB5 to USE_KERBEROS5. + Also print the revocation reason if appropriate. -Daniel Stenberg (15 Nov 2014) -- [Jay Satiro brought this change] +- OpenSSL: conditional check for SSL3_RT_HEADER + + The symbol is fairly new. + + Reported-by: Kamil Dudka - examples: Don't call select() to sleep on windows +- openssl: skip trace outputs for ssl_ver == 0 - Windows does not support using select() for sleeping without a dummy - socket. Instead use Windows' Sleep() and sleep for 100ms which is the - minimum suggested value in the curl_multi_fdset() doc. + The OpenSSL trace callback is wonderfully undocumented but given a + journey in the source code, it seems the cases were ssl_ver is zero + doesn't follow the same pattern and thus turned out confusing and + misleading. For now, we skip doing any CURLINFO_TEXT logging on those + but keep sending them as CURLINFO_SSL_DATA_OUT/IN. - Prior to this change the multi examples would exit prematurely since - select() would error instead of sleeping when called without an fd. + Also, I added direction to the text info and I edited some functions + slightly. - Reported-by: Johan Lantz - Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html + Bug: https://github.com/bagder/curl/issues/219 + Reported-by: Jay Satiro, Ashish Shukla -- [Tatsuhiro Tsujikawa brought this change] +Marc Hoersken (2 May 2015) +- schannel.c: Small changes + +- schannel.c: Improve code path and readability - http2: Don't send Upgrade headers when we already do HTTP/2 +- schannel.c: Improve error and return code handling upon aa99a63f03 -Steve Holme (15 Nov 2014) -- sasl: Corrected Curl_sasl_build_spn() function description +- [Chris Araman brought this change] + + schannel: fix regression in schannel_recv + + https://github.com/bagder/curl/issues/244 - There was a mismatch in function parameter names. + Commit 145c263 changed the behavior when Curl_read_plain returns + CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED + correctly. -- tool: Removed krb4 from the supported features +- Bug born in changes made several days ago 9a91e80. - Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33, - so would not be output with --version, removed krb4 from the supported - features output. + Commit: https://github.com/bagder/curl/commit/926cb9f + Reported-by: Ray Satiro +Daniel Stenberg (30 Apr 2015) - [Michael Osipov brought this change] - tool: Use Kerberos for supported features - -- urldata: Don't define sec_complete when no GSS-API support present + configure: remove missing and make it autogenerate - This variable is only used with HAVE_GSSAPI is defined by the FTP code - so let's place the definition with the other GSS-API based variables. + The missing file has not been autogenerated because a temporary fix was + employed in acinclude.m4 which blocked update. Removed that fix and a recent + version of missing is copied to build root. - [Michael Osipov brought this change] - docs: Use consistent naming for Kerberos + acinclude.m4: fix test for default CA cert bundle/path + + test(1) on HP-UX requires a single equals sign and fails with two. + Let's use one and make every OS happy. + +- CONTRIBUTING.md: remove the sourceforge mention + + Reported-By: Michael Osipov -- TODO: Lets support QOP options in GSSAPI authentication +Dan Fandrich (30 Apr 2015) +- http_negotiate_sspi: added missing data variable -- sasl_sspi: Corrected a couple of comment typos +Daniel Stenberg (30 Apr 2015) +- [Michael Osipov brought this change] -- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file + configure: remove --automake from libtoolize call + + That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4. + Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility". - Rather than define the function as extern in the source files that use - it, moved the function declaration into the SASL header file just like - the Digest and NTLM clean-up functions. + This option is redundant now. + +- [Viktor Szakats brought this change] + + build: update depedency versions, urls, example makefiles - Additionally, added a function description comment block. + - update default versions of dependencies (except for rare/old platforms) + - update urls + - sync examples makefiles with main ones + - remove line ending space -- sasl_sspi: Added missing RFC reference for HTTP Digest authentication +- [Michael Osipov brought this change] -- ntlm: Clean-up and standardisation of base64 decoding + configure: remove autogenerated files by autoconf + + * install-sh is always regenerated + * mkinstalldirs was already redudant years ago. Automake uses install for + that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html -- ntlm: We prefer 'CURLcode result' +- [Anders Bakken brought this change] -Daniel Stenberg (13 Nov 2014) -- [Brad King brought this change] + curl_multi_add_handle: next is already NULL - CMake: Restore order-dependent library checks +Jay Satiro (30 Apr 2015) +- schannel: Fix out of bounds array - Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies, - 2014-08-22) and add a comment explaining the purpose of the original - code. + Bug born in changes made several days ago 9a91e80. - The check_library_exists_concat macro is intended to be called multiple - times on a sequence of possibly dependent libraries. Later libraries - may depend on earlier libraries when they are static. They cannot be - safely linked in reverse order on some platforms. + Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html + Reported-by: Brian Chrisman + +- docs/libcurl: gitignore libcurl-symbols.3 - Signed-off-by: Brad King + Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html + Reported-by: Michael Osipov -- [Brad King brought this change] +- [Viktor Szakats brought this change] - CMake: Restore order-dependent header checks - - Revert commit 1269df2e3b (Cmake: Don't check for all headers each - time, 2014-08-15) and add a comment explaining the purpose of the - original code. - - The check_include_file_concat macro is intended to be called multiple - times on a sequence of possibly dependent headers. Later headers - may depend on earlier headers to provide declarations. They cannot - be safely included independently on some platforms. + lib/makefile.m32: add arch -m32/-m64 to LDFLAGS - For example, many POSIX APIs document including sys/types.h before some - other headers. Also on some OS X versions sys/socket.h must be included - before net/if.h or the check for the latter will fail. + This fixes using a multi-target mingw distro to build curl .dll for the + non-default target. + (mirroring the same patch present in src/makefile.m32) + +Daniel Stenberg (29 Apr 2015) +- RELEASE-NOTES: synced with cd39b944afc - Signed-off-by: Brad King + I've not mentioned the bug fixes that were shipped in 7.42.1 from the + 7_42 branch. -- [Peter Wu brought this change] +- THANKS: merged from the 7.42.1 release - test22: expand a backtick command +- CURLOPT_HEADEROPT: default to separate - This is the only user of the backtick operator in the command. As the - commands will soon not be executed by a shell anymore (but by perl), - replace the command with its output. + Make the HTTP headers separated by default for improved security and + reduced risk for information leakage. - Signed-off-by: Peter Wu + Bug: http://curl.haxx.se/docs/adv_20150429.html + Reported-by: Yehezkel Horowitz, Oren Souroujon -- RELEASE-NOTES: synced with 2ee3c63b13 +Linus Nielsen (28 Apr 2015) +- docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentation -- http2: fix switched macro when http2 is not enabled +Daniel Stenberg (28 Apr 2015) +- hash: simplify Curl_str_key_compare() -- [Tatsuhiro Tsujikawa brought this change] +- dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME - http2: Deal with HTTP/2 data inside response header buffer - - Previously if HTTP/2 traffic is appended to HTTP Upgrade response header - (thus they are in the same buffer), the trailing HTTP/2 traffic is not - processed and lost. The appended data is most likely SETTINGS frame. - If it is lost, nghttp2 library complains server does not obey the HTTP/2 - protocol and issues GOAWAY frame and curl eventually drops connection. - This commit fixes this problem and now trailing data is processed. +- [Linus Nielsen brought this change] -Steve Holme (11 Nov 2014) -- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined + Negotiate: custom service names for SPNEGO. - Commit fe0f8967bf fixed a problem with krb5 not being defined as a - supported feature when HAVE_GSSAPI is defined, however, it should - only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when - SPNEGO is listed as a feature. + * Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. + * Add new curl options, --proxy-service-name and --service-name. + +- http2: unify http_conn variable names to 'c' -Daniel Stenberg (10 Nov 2014) -- multi: removed Curl_multi_set_easy_connection +- ConnectionExists: call it multi-use instead of pipelining - It isn't used anywhere! + So that it fits HTTP/2 as well + +Kamil Dudka (27 Apr 2015) +- [Paul Howarth brought this change] + + nss: fix compilation failure with old versions of NSS - Reported-by: Carlo Wood + Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html -- [Peter Wu brought this change] +Daniel Stenberg (27 Apr 2015) +- sws: init http2 state properly + + It would otherwise cause problems when running tests after 1801 etc. - symbol-scan.pl: do not require autotools +- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION - Makes test1119 pass when building with cmake. + ... as it was previouly undocumented what the pointer was. + +- runtests: use a DISABLED.local file too - configurehelp.pm is generated by configure (autotools). As cmake does - not provide a separate variable for the C preprocessor, default to cpp. - Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan: - use configure script knowledge about how to run the C preprocessor"), - this tool would also use 'cpp'. + ... and have git ignore that. Allows for a dev to add tests to ignore in + local tests and yet don't obstruct a normal git work flow. + +Marc Hoersken (26 Apr 2015) +- schannel.c: Fix typo introduced with 3447c973d0 + +- schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error - Signed-off-by: Peter Wu + Reported-by: Brian Chrisman -- [Peter Wu brought this change] +Daniel Stenberg (26 Apr 2015) +- schannel: re-indented file to follow curl style better + + white space changes only - cmake: add ENABLE_THREADED_RESOLVER, rename ARES +- Curl_ossl_init: load builtin modules - Fix detection of the AsynchDNS feature which not just depends on - pthreads support, but also on whether USE_POSIX_THREADS is set or not. - Caught by test 1014. + To have engine modules work, we must tell openssl to load builtin + modules first. - This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to - --enable-threaded-resolver of autotools) which also needs a check for - HAVE_PTHREAD_H. + Bug: https://github.com/bagder/curl/pull/206 + +- configure: follow-up fix for krb5-config - For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES - (--enable-ares). Checks that test for the availability actually use - USE_ARES instead as that is the result of whether a-res is available or - not (in practice this does not matter as CARES is marked as required - package, but nevertheless it is better to write the intent). + commit 5b66860652 was incomplete so here's a follow-up fix - Signed-off-by: Peter Wu + Reported-by: Dagobert Michelsen + Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445 -- [Peter Wu brought this change] - - cmake: build libhostname for test suite +- openssl: fix serial number output - Used by some test cases via LD_PRELOAD in order to fake the host name. + The code extracting the cert serial number was broken and didn't display + it properly. - Signed-off-by: Peter Wu + Bug: https://github.com/bagder/curl/issues/235 + Reported-by: dkjjr89 -- [Peter Wu brought this change] +- [Grant Pannell brought this change] - cmake: fix HAVE_GETHOSTNAME definition + sasl_sspi: Populate domain from the realm in the challenge - Otherwise Curl_gethostname always fails. Windows has gethostname - since Vista according to - http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but - accordings to byte_bucket's VC 2005 documentation, it is available even - in Windows 95. (possibly after installing a Platform SDK, the - Windows Server 2003 SP1 Platform SDK should be sufficient). + Without this, SSPI based digest auth was broken. - Signed-off-by: Peter Wu + Bug: https://github.com/bagder/curl/pull/141.patch -- [Peter Wu brought this change] +Jay Satiro (25 Apr 2015) +- [Anthony Avina brought this change] - tests: fix libhostname visibility - - I noticed that a patched cmake build would pass tests with a fake local - hostname, but the autotools build skips them: + tool: New option --data-raw to HTTP POST data, '@' allowed. - got unexpected host name back, LD_PRELOAD failed + Add new option --data-raw which is almost the same as --data but does + not have a special interpretation of the @ character. - It turns out that -fvisibility=hidden hides the symbol, and since the - tests are not part of libcurl, it fails too. Just remove the LIBCURL - guard. + Prior to this change there was no (easy) way to pass the @ character as + the first character in POST data without it being interpreted as a + special character. - Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093, - "curl.h: stricter CURL_EXTERN linkage decorations logic"). - - Signed-off-by: Peter Wu - -- [Peter Wu brought this change] + Bug: https://github.com/bagder/curl/issues/198 + Reported-by: Jens Rantil - tests: fix memleak in server/resolve.c - - This makes LeakSanitizer happy. - - Signed-off-by: Peter Wu +Dan Fandrich (25 Apr 2015) +- test2039: fixed line endings that caused a test failure -- configure: assume krb5 when gss-api works - - To please test 1014 while we work out if this is truly the a correct - assumption. +Daniel Stenberg (24 Apr 2015) +- [Viktor Szakats brought this change] -Steve Holme (9 Nov 2014) -- vtls.h: Fixed compiler warning when compiled without SSL - - vtls.c:185:46: warning: unused parameter 'data' + netrc: add unit tests for 'default' support -- RELEASE-NOTES: Synced with 2fbf23875f +- [Viktor Szakats brought this change] -- ntlm: Added separate SSPI based functions + netrc: support 'default' token - In preparation for moving the NTLM message code into the SASL module, - and separating the native code from the SSPI code, added functions that - simply call the functions in curl_ntlm_msg.c. - -- http_ntlm: Use the SASL functions instead + The 'default' token has no argument and means to match _any_ domain. + It must be placed last if there are 'machine ' tokens in the same file. - In preparation for moving the NTLM message code into the SASL module - use the SASL functions in the HTTP code instead. + See full description here: + https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html -Daniel Stenberg (9 Nov 2014) -- libssh2: detect features based on version, not configure checks +- ROADMAP.md: extended the HTTP/2 section, reformatted - ... so that non-configure builds get the correct functions too based on - the libssh2 version used. - -- [Nobuhiro Ban brought this change] + Elaborated on several of the remaining HTTP/2 parts and made document + use a format that ends up nicer on the web page: + http://curl.haxx.se/dev/roadmap.html - SSH: use the port number as well for known_known checks +Kamil Dudka (23 Apr 2015) +- curl -z: do not write empty file on unmet condition - ... if the libssh2 version is new enough. + This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. + It also introduces a regression test 1424 based on tests 78 and 1423. - Bug: http://curl.haxx.se/bug/view.cgi?id=1448 + Reported-by: Viktor Szakats + Bug: https://github.com/bagder/curl/issues/237 -Steve Holme (9 Nov 2014) -- INSTALL: Updated pre-processor references to the old VC6 project files +Dan Fandrich (23 Apr 2015) +- tool: fixed a comment typo + +- README: convert to UTF-8 + +Jay Satiro (22 Apr 2015) +- cyassl: Implement public key pinning - Reworked the two sections that discuss modifying the Visual Studio pre- - processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the - project files references as they have been superseded by a more thorough - set of project files for VC6 through VC12, but to also give the correct - reference to this setting in later versions of Visual Studio. + Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc. + +Dan Fandrich (22 Apr 2015) +- [Alessandro Ghedini brought this change] -- INSTALL: Added email protocols to the "Disabling in Win32 builds" section + curl.1: fix typo -- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined +Kamil Dudka (22 Apr 2015) +- docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too -- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined +- tests/unit/.gitignore: hide unit1601 and above, too + +Daniel Stenberg (22 Apr 2015) +- connectionexists: follow-up to fd9d3a1ef1f - USE_NTLM would only be defined if: HTTP support was enabled, NTLM and - cryptography weren't disabled, and either a supporting cryptography - library or Windows SSPI was being compiled against. + PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not + enabled. - This means it was not possible to build libcurl without HTTP support - and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather - than introduce a new SASL pre-processor definition, removed the HTTP - prerequisite just like USE_SPNEGO and USE_KRB5. + Mistake-caught-by: Kamil Dudka + +- connectionexists: fix build without NTLM - Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP - as it is only available to HTTP at present. + Do not access NTLM-specific struct fields when built without NTLM + enabled! - This bug dates back to August 2011 when I started to add support for - NTLM to SMTP. + bug: http://curl.haxx.se/?i=231 + Reported-by: Patrick Rapin -- ntlm: Removed an unnecessary free of native Target Info - - Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is - longer required. +- bump: start working toward 7.43.0 -- ntlm: Moved the native Target Info clean-up from HTTP specific function +Kamil Dudka (22 Apr 2015) +- nss: implement public key pinning for NSS backend + + Bug: https://bugzilla.redhat.com/1195771 -- ntlm: Moved SSPI clean-up code into SASL module +Daniel Stenberg (22 Apr 2015) +- dist: include {src,lib}/checksrc.whitelist -- Makefile.dist: Added support for WinIDN +Version 7.42.0 (22 Apr 2015) -- Makefile.vc6: Added support for WinIDN +Daniel Stenberg (22 Apr 2015) +- RELEASE-NOTES: updated for 7.42.0 -- Makefile.dist: Added some missing SSPI configurations +- THANKS: added contributors from 7.42.0 release notes -- Makefile.dist: Separated the groups of SSL configurations from each other +- THANKS-filter: a few more alterations to squash -- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts +- contrithanks.sh: helper script for maintaining THANKS -- curl.h: Tidy up of CURL_VERSION_* flags +- http_done: close Negotiate connections when done + + When doing HTTP requests Negotiate authenticated, the entire connnection + may become authenticated and not just the specific HTTP request which is + otherwise how HTTP works, as Negotiate can basically use NTLM under the + hood. curl was not adhering to this fact but would assume that such + requests would also be authenticated per request. - As the list has gotten a little messy and hard to read, especially with - the introduction of deprecated items, aligned the values and comments - into clean columns and reworked some of the comments in the process. + CVE-2015-3148 + + Bug: http://curl.haxx.se/docs/adv_20150422B.html + Reported-by: Isaac Boukris -- curl_tool: Added krb5 to the supported features +- fix_hostname: zero length host name caused -1 index offset + + If a URL is given with a zero-length host name, like in "http://:80" or + just ":80", `fix_hostname()` will index the host name pointer with a -1 + offset (as it blindly assumes a non-zero length) and both read and + assign that address. + + CVE-2015-3144 + + Bug: http://curl.haxx.se/docs/adv_20150422D.html + Reported-by: Hanno Böck -- configure: Added krb5 to the supported features +- cookie: cookie parser out of boundary memory access + + The internal libcurl function called sanitize_cookie_path() that cleans + up the path element as given to it from a remote site or when read from + a file, did not properly validate the input. If given a path that + consisted of a single double-quote, libcurl would index a newly + allocated memory area with index -1 and assign a zero to it, thus + destroying heap memory it wasn't supposed to. + + CVE-2015-3145 + + Bug: http://curl.haxx.se/docs/adv_20150422C.html + Reported-by: Hanno Böck -- version info: Added Kerberos V5 to the supported features +- ConnectionExists: for NTLM re-use, require credentials to match + + CVE-2015-3143 + + Bug: http://curl.haxx.se/docs/adv_20150422A.html + Reported-by: Paras Sethia -Guenter Knauf (7 Nov 2014) -- mk-ca-bundle.vbs: switch to new certdata.txt url. +Jay Satiro (21 Apr 2015) +- [byronhe brought this change] -Steve Holme (7 Nov 2014) -- RELEASE-NOTES: Synced with dcad09e125 + openssl: add OPENSSL_NO_SSL3_METHOD check -- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1 +Daniel Stenberg (20 Apr 2015) +- CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc - Fixed a couple of memory leaks as a result of moving code that used to - populate allocuserpwd and relied on it's clean up. + Bug: https://github.com/bagder/curl/issues/229 + Reported-by: bsammon -- docs: Updated following the addition of SSPI based HTTP digest auth +Kamil Dudka (20 Apr 2015) +- [Mostyn Bramley-Moore brought this change] -- sasl_sspi: Tidy up of the existing digest code - - Following the addition of SSPI support for HTTP digest, synchronised - elements of the email digest code with that of the new HTTP code. + configure --with-nss: remove unneeded libs from the fallback -- http_digest: Post SSPI support tidy up - - Post tidy up to ensure commonality of code style and variable names. +Daniel Stenberg (20 Apr 2015) +- contributors.sh: fix help output, filter out (-prefix from names -Dan Fandrich (6 Nov 2014) -- test552: Don't run HTTP digest tests for SSPI based builds - - Technical difficulties prevented this from going into the - previous commit. +- RELEASE-NOTES: synced with cc0e7ebc3be0 -Steve Holme (6 Nov 2014) -- tests: Don't run HTTP digest tests for SSPI based builds - - Added !SSPI to the features list of the HTTP digest tests, as SSPI - based builds now use the Windows SSPI messaging API rather than the - internal functions, and we can't control the random numbers that get - used as part of the digest. +- [Michael Stapelberg brought this change] -Daniel Stenberg (6 Nov 2014) -- curl.1: show zone index use in a URL + CURLMOPT_TIMERFUNCTION.3: Clarify, add an example -Steve Holme (6 Nov 2014) -- http_digest: Fixed auth retry loop when SSPI based authentication fails +- [Viktor Szakáts brought this change] -- http_digest: Reworked the SSPI based input token storage - - Reworked the input token (challenge message) storage as what is passed - to the buf and desc in the response generation are typically blobs of - data rather than strings, so this is more in keeping with other areas - of the SSPI code, such as the NTLM message functions. + vtls/openssl: use https in URLs and a comment typo fixed -- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9 +- curl_version_info.3: fixed the 'protocols' variable type - Added void reference to unused 'data' parameter back to fix compilation - warning. + Reported-by: John Marshall + Bug: https://github.com/bagder/curl/issues/225 -- sspi: Align definition values to even columns as we use 2 char spacing +Dan Fandrich (18 Apr 2015) +- test1423: added missing "file" to server section -- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE +Daniel Stenberg (17 Apr 2015) +- TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods - Some versions of Microsoft's sspi.h don't define this. + ... and some minor edits -- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds +- Revert "HTTP: don't abort connections with pending Negotiate authentication" + + This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. - Introduced in commit 7e6d51a73c these functions and definitions are only - required by the internal challenge-response functions now. + Bug: https://github.com/bagder/curl/issues/223 + Reported-by: Michael Osipov -- sasl_sspi: Added HTTP digest response generation code +Jay Satiro (17 Apr 2015) +- cyassl: Fix include order + + Prior to this change CyaSSL's build options could redefine some generic + build symbols. + + http://curl.haxx.se/mail/lib-2015-04/0069.html -- http_digest: Added SSPI based challenge decoding code +Kamil Dudka (17 Apr 2015) +- configure --with-nss: drop redundant if statement -- http_digest: Added SSPI based clean-up code +- configure --with-nss=PATH: query pkg-config if available + + Bug: https://github.com/bagder/curl/pull/171 -- http_digest: Added SSPI based authentication functions +Daniel Stenberg (17 Apr 2015) +- parsecfg: do not continue past a zero termination - This temporarily breaks HTTP digest authentication in SSPI based builds, - causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will - resume normal operation. + When a config file line ends without newline, the parsing function could + continue reading beyond that point in memory. + + Reported-by: Hanno Böck -- http_digest: Added required SSPI based variables to digest structure +Jay Satiro (16 Apr 2015) +- gitignore: Ignore Windows build output directories -Daniel Stenberg (6 Nov 2014) -- [Frank Gevaerts brought this change] +Daniel Stenberg (15 Apr 2015) +- RELEASE-NOTES: synced with 1ba6e4c88e0 - contributors.sh: --releasenotes reads in names from RELEASE-NOTES - - This is very handy when updating the RELEASE-NOTES as then we sometimes - have names added manually in the existing list and we use this script to - update the set. +- TODO: 17.9 Choose the name of file in braces for complex URLs -- RELEASE-NOTES: synced with 68542e72a9 +- TODO: a little caution that maybe not all ideas are still good -- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY - - Reported-by: Christian Hägele - Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html +- TODO: 17.8 offer color-coded HTTP header output -Steve Holme (5 Nov 2014) -- build: Fixed Visual Studio project file generation of strdup.[c|h] - - As the curl command-line tool now includes it's own version of strdup(), - for platforms that don't have it, fixed up the git respository Visual - Studio project file generator to not include the version from lib in the - tool project files, rather than having both lib\strdup.[c|h] and - src\tool_strdup.[c|h] present. +- TODO: 17.7 warning when sending binary output to terminal -Daniel Stenberg (5 Nov 2014) -- tool_strdup.c: include the tool strdup.h - - ... not the lib/ one that the tool no longer uses! +- KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes -- THANKS-filter: added another Michał Górny version we've used +Jay Satiro (14 Apr 2015) +- cyassl: Add support for TLS extension SNI -- contributors.sh: split lists using " and " - - ... and require the space after the filtering to make the filter able to - remove names. +Daniel Stenberg (13 Apr 2015) +- [Matthew Hall brought this change] -Steve Holme (5 Nov 2014) -- http_digest: Fixed memory leaks from commit 6f8d8131b1 + gitignore: ignore test-driver file -- sasl: Fixed compilation warning from commit 25264131e2 - - Added forward declaration of digestdata to overcome the following - compilation warning: - - warning: 'struct digestdata' declared inside parameter list - - Additionally made the ntlmdata forward declaration dependent on - USE_NTLM similar to how digestdata and kerberosdata are. +- [Matthew Hall brought this change] -- sasl: Fixed HTTP digest challenges with spaces between auth parameters - - Broken as part of the rework, in commit 7e6d51a73c, to assist with the - addition of HTTP digest via Windows SSPI. + vtls_openssl: improve PKCS#12 load failure error message -- http_digest: Fixed compilation errors from commit 6f8d8131b1 - - error: invalid operands to binary - warning: pointer targets in assignment differ in signedness +- [Matthew Hall brought this change] -- http_digest: Moved response generation into SASL module + vtls_openssl: fix minor typo in PKCS#12 load routine -- http_digest: Moved challenge decoding into SASL module +- [Matthew Hall brought this change] -- http_digest: Moved clean-up function into SASL module + vtls_openssl: improve client certificate load failure error messages -- http_digest: Moved algorithm definitions to SASL module +- [Matthew Hall brought this change] -- [Gisle Vanem brought this change] + vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant - ssh: Fixed build on platforms where R_OK is not defined - - Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html - Reported-by: Jan Ehrhardt +- BUGS: refer to the github issue tracker now as primary -- strdup: Removed irrelevant comment +- firefox-db2pem: fix wildcard to find Firefox default profile - ...as Curl_memdup() duplicates an area of fix size memory, that may be - binary, and not a null terminated string. - -- url.c: Fixed compilation warning + At some point, Firefox has changed and generates different directory + names for the default profile that made this script fail to find them. - conversion from 'curl_off_t' to 'size_t', possible loss of data + Bug: https://github.com/bagder/curl/issues/207 + Reported-by: sneakyimp -- http_digest: Use CURLcode instead of CURLdigest +Jay Satiro (11 Apr 2015) +- cyassl: Include the CyaSSL build config - To provide consistent behaviour between the various HTTP authentication - functions use CURLcode based error codes for Curl_input_digest() - especially as the calling code doesn't use the specific error code just - that it failed. + CyaSSL >= 2.6.0 may have an options.h that was generated during + its build by configure. -Daniel Stenberg (5 Nov 2014) -- contributors.sh: filter common alternative name spellings +- build: Generate source prerequisites for Visual Studio in generate.bat - docs/THANKS-filter is a new filter file for converting contributor names - we get or have recorded in alternative formats to the one we already use - in THANKS. To help us show individual contributors using a single - presentation of their names. - -- THANKS: added missing contributor from 2012 + Prior to this change Visual Studio builds could fail due to missing + prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. + + http://curl.haxx.se/mail/lib-2015-04/0034.html -- [Frank Gevaerts brought this change] +Daniel Stenberg (9 Apr 2015) +- [Viktor Szakats brought this change] - Remove duplicate names. + lib/makefile.m32: add missing libs to build libcurl.dll - The removed names also appear as: - Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien - Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su, - S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder + Add 'gdi32' and 'crypt32' Windows implibs to avoid failure + while building libcurl.dll using the mingw compiler. + The same logic is used in 'src/makefile.m32' when + building curl.exe. -Steve Holme (5 Nov 2014) -- sspi: Define authentication package name constants +Kamil Dudka (8 Apr 2015) +- test142[23]: verify that an empty file is stored on success + +- src/tool_operate: create output file on successful download - These were previously hard coded, and whilst defined in security.h, - they may or may not be present in old header files given that these - defines were never used in the original code. + ... of an empty file - Not only that, but there appears to be some ambiguity between the ANSI - and UNICODE NTLM definition name in security.h. + Bug: https://github.com/bagder/curl/issues/183 + +- src/tool_cb_wrt: separate fnc for output file creation -Patrick Monnerat (5 Nov 2014) -- Adjust OS400-specific support to last release +Daniel Stenberg (7 Apr 2015) +- [Da-Yoon Chung brought this change] -Daniel Stenberg (5 Nov 2014) -- THANKS: added two missing names and removed a duplicate + lib/transfer.c: Remove factor of 8 from sleep time calculation - ./contributors.sh found these extra ones that somehow had fallen - through the cracks and never gotten added here. + The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and + rate_bps are both in bytes. When using the rate limiting option, curl + waits 8 times too long, and then transfers very quickly until the + average rate reaches the limit. The average rate follows the limit over + time, but the actual traffic is bursty. - Reported-by: Frank Gevaerts - -- bump: towards next release + Thanks-to: Benjamin Gilbert -- THANKS: added names from 7.39.0 release notes +- [Jay Satiro brought this change] -Version 7.39.0 (5 Nov 2014) + x509asn1: Silence x64 loss-of-data warning on RSA key length assignment + + The key length in bits will always fit in an unsigned long so the + loss-of-data warning assigning the result of x64 pointer arithmetic to + an unsigned long is unnecessary. -Daniel Stenberg (5 Nov 2014) -- RELEASE-NOTES: 7.39.0 release (commit b3875606925) +- [Jay Satiro brought this change] -- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds - - When duplicating a handle, the data to post was duplicated using - strdup() when it could be binary and contain zeroes and it was not even - zero terminated! This caused read out of bounds crashes/segfaults. + cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size - Since the lib/strdup.c file no longer is easily shared with the curl - tool with this change, it now uses its own version instead. + Also fix it so that all ERR_error_string calls use an error buffer. + CyaSSL's implementation of ERR_error_string only writes the error when + an error buffer is passed. - Bug: http://curl.haxx.se/docs/adv_20141105.html - CVE: CVE-2014-3707 - Reported-By: Symeon Paraschoudis + http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html -- lib544.c: use duphandle for test 545 - - To verify that curl_easy_duphandle() works fine on a handle that has - gotten data stored with *_COPYPOSTFIELDS. +- [Jay Satiro brought this change] -- tests: add new feature 'SSLpinning' + cyassl: Remove 'Connecting to' message from cyassl_connect_step2 - ... and make test 2034 and 2035 require it, and have it set when built - with OpenSSL or GnuTLS. + Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' + messages since cyassl_connect_step2 is called multiple times, typically. + The message is superfluous even once since libcurl already informs the + user elsewhere in code that it is connecting. -- buildconf: update copyright year +- [Viktor Szakats brought this change] -Steve Holme (4 Nov 2014) -- INSTALL: Consistent spacing in section headings, paragraphs and examples + checksrc.bat: quotes to support an SRC_DIR with spaces -Daniel Stenberg (4 Nov 2014) -- buildconf: stop checking for libtool +- hostip: fix compiler warnings - As we only use libtoolize, only check for that! + introduced in the previous mini-series of 3 commits -Steve Holme (4 Nov 2014) -- INSTALL: Corrected MIT Kerberos and Heimdal package names - -- README: Corrected inconsistent use of --help +- [Stefan Bühler brought this change] -- INSTALL: Use GSS-API rather than GSSAPI + actually implement CURLOPT_RESOLVE removals - As implementations are refereed to GSS-API libraries as per the RFC and - GSSAPI typically refers to the SASL authentication mechanism. - - ...and minor rewording on the same paragraph. + - also log when a CURLOPT_RESOLVE entry couldn't get parsed + +- [Stefan Bühler brought this change] -- README: Added note about using Visual Studio projects out of git repository + move Curl_share_lock and ref counting into Curl_fetch_addr -Daniel Stenberg (4 Nov 2014) -- [K. R. Walker brought this change] +- [Stefan Bühler brought this change] - cmake: fix ZLIB_INCLUDE_DIRS use + fix refreshing of obsolete dns cache entries - CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see - http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB - - Bug: https://github.com/bagder/curl/pull/123 + - cache entries must be also refreshed when they are in use + - have the cache count as inuse reference too, freeing timestamp == 0 special + value + - use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed + - remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh) + - fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special + reference anymore, and it would also release non CURLOPT_RESOLVE references + - fix locking in Curl_hostcache_clean + - fix unit1305.c: hash now keeps a reference, need to set inuse = 1 + +- RELEASE-NOTES: synced with abf6bddc14a - [Jay Satiro brought this change] - SSL: PolarSSL default min SSL version TLS 1.0 - - - Prior to this change no SSL minimum version was set by default at - runtime for PolarSSL. Therefore in most cases PolarSSL would probably - have defaulted to a minimum version of SSLv3 which is no longer secure. + checksrc.bat: Check lib\vtls source -- opts-Makefile: put more man pages into dist and make hmtl+pdf +- [Jay Satiro brought this change] -- curl_multi_setopt.3: refer to stand-alone pages + cyassl: Set minimum protocol version before CTX callback - ... instead of duplicating info. + This change is to allow the user's CTX callback to change the minimum + protocol version in the CTX without us later overriding it, as we did + prior to this change. -- opts: more multi options as stand-alone man pages +- [Jay Satiro brought this change] -- Makefile.am: two cmake files are gone + build-openssl.bat: Fix mixed line endings - 8cb010144 removed the CurlCheckCSourceCompiles.cmake and - CurlCheckCSourceRuns.cmake files - -- opts: made stand-alone man-pages for several multi options + Use LF not CRLF, throughout. msysgit will only convert a file to CRLF + on checkout if it's not mixed. -- [Carlo Wood brought this change] +- [Jay Satiro brought this change] - Curl_single_getsock: fix hold/pause sock handling + cyassl: Fix certificate load check - The previous condition that checked if the socket was marked as readable - when also adding a writable one, was incorrect and didn't take the pause - bits properly into account. + SSL_CTX_load_verify_locations can return negative values on fail, + therefore to check for failure we check if load is != 1 (success) + instead of if load is == 0 (failure), the latter being incorrect given + that behavior. -- [Peter Wu brought this change] +- [Tatsuhiro Tsujikawa brought this change] - cmake: fix struct sockaddr_storage check + http2: Fix missing nghttp2_session_send call in Curl_http2_switched - CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which - was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion - of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem - to affect the tests, so remove it too[2]. + Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to + parse incoming data which were already received while curl was handling + upgrade. But we didn't call nghttp2_session_send, and it led to make + curl not send any response to the received frames. Most likely, we + received SETTINGS from server at this point, so we missed opportunity to + send SETTINGS + ACK. This commit adds missing nghttp2_session_send call + in Curl_http2_switched to fix this issue. + + Bug: https://github.com/bagder/curl/issues/192 + Reported-by: Stefan Eissing + +- cookie: handle spaces after the name in Set-Cookie - For the non-windows case, remove inet headers as POSIX only requires - sys/socket.h. + "name =value" is fine and the space should just be skipped. - [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx - [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly + Updated test 31 to also test for this. - Signed-off-by: Peter Wu + Bug: https://github.com/bagder/curl/issues/195 + Reported-by: cromestant + Help-by: Frank Gevaerts -- [Peter Wu brought this change] +- [Jay Satiro brought this change] - cmake: clean OtherTests, fixing -Werror + cyassl: Fix library initialization return value - There were several -Wunused warnings and one duplicate macro definition. - The EXTRA_DEFINES variable of the CurlCheckCSources macro was being - abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to - insert extra C code. Avoid this broken abstraction and use cmake's - check_c_source_compiles directly (works fine with CMake 2.8, maybe - even cmake 2.6). + (Curl_cyassl_init) + - Return 1 on success, 0 in failure. - After cleaning up all related variables (EXTRA_DEFINES, - HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate - add_headers_include macro and remove duplicate header additions before - the struct timeval check. + Prior to this change the fail path returned an incorrect value and the + evaluation to determine whether CyaSSL_Init had succeeded was incorrect. + Ironically that combined with the way curl_global_init tests SSL library + initialization (!Curl_ssl_init()) meant that CyaSSL having been + successfully initialized would be seen as that even though the code path + and return value in Curl_cyassl_init were wrong. + +- [Thomas Ruecker brought this change] + + CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" - Oh, and now the code is converted to use CheckCSourceRuns and - CheckCSourceCompiles, the two curl-specific helpers can be removed. - Unfortunately, the cmake output is now slightly more verbose. Before: + Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200" + under certain conditions: - Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed + client_wants_icy_headers (connection_t *con) + { + const char *val; - Since check_c_source_compiles prints the varname, now you see: + if (!con) + return 1; - Performing Test curl_cv_func_send_test - Performing Test curl_cv_func_send_test - Failed - Tested: int send(int, const void *, size_t, int) + val = get_user_agent (con); + if (!val || !val[0] || strcmp (val, "(null)") == 0) + return 1; - Compared cmake output with each other using vimdiff, no functional - differences were found. Tested with GCC 4.9.1 and Clang 3.5.0. + if (con->food.client->use_icy) + return 1; + if (strncasecmp (val, "winamp", 6) == 0) + return 1; + if (strncasecmp (val, "Shoutcast", 9) == 0) + return 1; - Signed-off-by: Peter Wu - -- [Peter Wu brought this change] - - cmake: fix gethostby{addr,name}_r in CurlTests + return 0; + } - This patch cleans up the automatically-generated (?) code and fixes one - case that will always fail due to syntax error. + So mainly if there is no 'user agent' or it is '(null)' or contains + 'winamp' or 'Shoutcast'. - HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing - character ("int length;q"). Several parameter type and unused variable - warnings popped up. This causes a detection failure with -Werror. + No mainstream distribution carries Icecast 1.3.x anymore, after all + it was released in 2002 and superseded by Icecast 2.x. + +Dan Fandrich (31 Mar 2015) +- axtls: add timeout within Curl_axtls_connect - Observe that the REENTRANT cases are exactly the same as their - non-REENTRANT cases except for a `_REENTRANT` macro definition. - Merge all these pieces and build one big main function with different - cases, but reusing variables where logical. + This allows test 405 to pass on axTLS. + +Daniel Stenberg (30 Mar 2015) +- [Jay Satiro brought this change] + + checksrc: Windows-specific input fixes - For the cases where the parameters where NULL, I looked at - lib/hostip4.c to get an idea of the parameters types. + lib/config-win32ce.h + - Fix whitespace for checksrc compliance. - void-cast variables such as 'rc' to avoid -Wuninitialized errors. + lib/checksrc.pl + - Remove trailing carriage returns from input. - Signed-off-by: Peter Wu + projects/checksrc.bat + - Ignore tool_hugehelp.c. -- [Peter Wu brought this change] +- [Dagobert Michelsen brought this change] - cmake: drop _BSD_SOURCE macro usage + configure: Use KRB5CONFIG for krb5-config - autotools does not use features.h nor _BSD_SOURCE. As this macro - triggers warnings since glibc 2.20, remove it. It should not have - functional differences. + Allows the user to easier override its path. - Signed-off-by: Peter Wu + Bug: http://curl.haxx.se/bug/view.cgi?id=1486 -Steve Holme (2 Nov 2014) -- RELEASE-NOTES: Synced with d71ea7c01e +- multi: remove_handle: move pending connections - Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change - as GSSAPI can be confused with the authentication mechanism rather than - a GSS-API implementation library such as MIT or Heimdal. - -- build: Added WinIDN build configuration options + If the handle removed from the multi handle happens to be the one + "owning" the pipeline other transfers will be waiting indefinitely. Now + we move such handles back to connect to have them race (again) for + getting the connection and thus avoid hanging. - Added support for WinIDN build configurations to the VC6 project files. + Bug: http://curl.haxx.se/bug/view.cgi?id=1465 + Reported-by: Jiri Dvorak -- build: Added WinIDN build configuration options +- KNOWN_BUGS: 89 is bug #1411 - Added support for WinIDN build configurations to the VC7 and VC7.1 - project files. + Disabling pipelining on multi handle with in-progress pipelined requests + leads to heap corruption and crash -- build: Fixed the pre-processor separator in Visual Studio project files - - A left over from the VC6 project files, so mainly cosmetic in Visual - Studio .NET as it can handle both comma and semi-colon characters for - separating multiple pre-processor definitions. +- [Jay Satiro brought this change] + + cyassl: CTX callback cosmetic changes and doc fix - However, the IDE uses semi-colons if the value is edited, and as such, - this may cause problems in future for anyone updating the files or - merging patches. + - More descriptive fail message for NO_FILESYSTEM builds. + - Cosmetic changes. + - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific. + +- RELEASE-NOTES: synced with d2feb71752f + +Dan Fandrich (28 Mar 2015) +- tool_operate: only set SSL options if SSL is enabled + +- runtests.pl: detect WolfSSL as yassl + +Daniel Stenberg (27 Mar 2015) +- [Kyle L. Huff brought this change] + + cyassl: add SSL context callback support for CyaSSL - Used the Visual Studio IDE to correct the separator character. + Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better + handles CyaSSL instances using NO_FILESYSTEM. -- build: Added optional specific version generation of VC project files +- [Kyle L. Huff brought this change] + + cyassl: remove undefined reference to CyaSSL_no_filesystem_verify - ..when working from the git repository. This is particularly useful - for single development environments where the project files for all - supported versions of Visual Studio may not be required. + CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or + CyaSSL. This reference causes build errors when compiling with + NO_FILESYSTEM. - [Jay Satiro brought this change] - build-openssl.bat: Fix x64 release build + build: Fix libcurl.sln erroneous mixed configurations - Prior to this change if x64 release was specified a failed attempt was - made to build x86 release instead. + Prior to this change some Release configurations had an active + configuration assignment to their Debug counterpart. + +- [Jay Satiro brought this change] -- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number + vtls: Don't accept unknown CURLOPT_SSLVERSION values -- CURLOPT_SASL_IR.3: Added supported mechanism information - - ...and removed duplication of what protocols are supported from the - description text. +- [Jay Satiro brought this change] + + url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined -- opts: Use common wording for MAIL related names +- [Paul Howarth brought this change] + + build: link curl to openssl libraries when openssl support is enabled + + This fixes a build failure where openssl and libmetalink are used + together and the system linker does not do implicit linking (e.g. + Fedora 13 and later releases). The MD5 functions required for + metalink support must be pulled in from the openssl crypto library. + + This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133, + which fixes the same sort of problem for NSS builds. -- opts: Use common wording for TLS user/password option names +- multi: on a request completion, check all CONNECT_PEND transfers - ...and revised the proxy wording a little as well. + ... even if they don't have an associated connection anymore. It could + leave the waiting transfers pending with no active one on the + connection. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1465 + Reported-by: Jiri Dvorak + +- [Emil Lerner brought this change] -- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing + globbing: fix url number calculation when using range with step - ...and corrected a related typo in curl_easy_setopt.3. + In function glob_range, the number of urls was multiplied by (max - min + + 1), regardless of step. The correct formula is (max - min) / step + 1 -Guenter Knauf (2 Nov 2014) -- RELEASE-NOTES: removed obsolete entry; fixed entry. +- README.http2: refreshed and added TODO items -Steve Holme (2 Nov 2014) -- RELEASE-NOTES: Synced with e7da67f5d3 +- [Emil Lerner brought this change] -- docs: Added mention of Kerberos for CURL_VERSION_SSPI + globbing: fix step parsing for character globbing ranges - As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP, - POP3 and SMTP authentication since v7.38.0. + The glob_range function used wrong offset (3 instead of 4) for parsing + integer step inside character range specification, which led to 'bad + range' error when using character ranges with explicitly specified step + (such as '[a-z:2]') -- CURL_VERSION_KERBEROS4: Mark as deprecated +- polarssl: called mbedTLS in 1.3.10 and later + +- polarssl: remove dead code + + and simplify code by changing if-elses to a switch() - Support for Kerberos V4 was removed in v7.33.0. + CID 1291706: Logically dead code. Execution cannot reach this statement -- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used +- polarssl: remove superfluous for(;;) loop - Typically the USE_WINDOWS_SSPI definition would not be used when the - CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build - configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication - data structures and functions would incorrectly be used when they - shouldn't be. + "unreachable: Since the loop increment is unreachable, the loop body + will never execute more than once." - Introduced a new USE_KRB5 definition that takes into account the use of - CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do. + Coverity CID 1291707 -- openssl: Use 'CURLcode result' +- Curl_ssl_md5sum: return CURLcode - More CURLcode fixes. + ... since the funciton can fail on OOM. Check this return code. + + Coverity CID 1291705. + +- [Jay Satiro brought this change] -Daniel Stenberg (1 Nov 2014) -- resume: consider a resume from [content-length] to be OK + cyassl: default to highest possible TLS version - Basically since servers often then don't respond well to this and - instead send the full contents and then libcurl would instead error out - with the assumption that the server doesn't support resume. As the data - is then already transfered, this is now considered fine. + (cyassl_connect_step1) + - Use TLS 1.0-1.2 by default when available. - Test case 1434 added to verify this. Test case 1042 slightly modified. + CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade + version. - Reported-by: hugo - Bug: http://curl.haxx.se/bug/view.cgi?id=1443 + cyassl/cyassl@322f79f -Steve Holme (1 Nov 2014) -- openssl: Use 'CURLcode result' - - More standardisation of CURLcode usage and coding style. +- [Jay Satiro brought this change] -- openssl: Use 'CURLcode result' - - ...and some minor code style changes. + cyassl: Check for invalid length parameter in Curl_cyassl_random + +- [Jay Satiro brought this change] -- ftplistparser: We prefer 'CURLcode result' + cyassl: If wolfSSL then identify as such in version string -- opts: Use common wording for user/password option names +Dan Fandrich (24 Mar 2015) +- symbols-in-versions: added CURLOPT_PATH_AS_IS -- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text +- testcurl.pl: add the --notes option to supply more info about a build - As this is covered by the PROTOCOLS section and saves having to update - two parts of the document with the same information in future. + Support for notes has been in place for a while, but it required + being added to the setup file manually. -- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI +- curl_memory: make curl_memory.h the second-last header file loaded - As implementations are refereed to GSS-API libraries as per the RFC and - GSSAPI typically refers to an authentication mechanism. + This header file must be included after all header files except + memdebug.h, as it does similar memory function redefinitions and can be + similarly affected by conflicting definitions in system or dependent + library headers. -- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list +Daniel Stenberg (24 Mar 2015) +- openssl: do the OCSP work-around for libressl too - Added missing IMAP to the protocol list. + I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to + still require the work-around for stapling to work. -- code cleanup: Use 'CURLcode result' +- openssl: verifystatus: only use the OCSP work-around <= 1.0.2a + + URL: http://curl.haxx.se/mail/lib-2015-03/0205.html + Reported-by: Alessandro Ghedini -- curl_easy_setopt.3: Fixed lots of typos +- openssl: adapt to ASN1/X509 things gone opaque in 1.1 -- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS - - ...as this option affects more that just FTP. +Dan Fandrich (24 Mar 2015) +- [Jay Satiro brought this change] + + curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description -Guenter Knauf (30 Oct 2014) -- build: added Watcom support to build with WinSSL. +- [Viktor Szakáts brought this change] + + CURLOPT_HTTPHEADER.3: fix typo in recent commit + +- [Viktor Szakáts brought this change] -Daniel Stenberg (30 Oct 2014) -- CURLOPT_PINNEDPUBLICKEY.3: added details + CURLOPT_PATH_AS_IS.3: add type 'long' to prototype -Steve Holme (30 Oct 2014) -- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list +- vtls: fix compile with --disable-crypto-auth but with SSL - Whilst the description included information about SMTP, the protocol - list only showed "TTP, FTP, IMAP, POP3". + This is a strange combination of options, but is allowed. -- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3 +Patrick Monnerat (24 Mar 2015) +- os400: define new options in ILE/RPG binding. -Daniel Stenberg (29 Oct 2014) -- openssl: enable NPN separately from ALPN +Daniel Stenberg (24 Mar 2015) +- RELEASE-NOTES: synced with f6878609361 + +- curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS + +- CURLOPT_PATH_AS_IS: added - ... and allow building with nghttp2 but completely without NPN and ALPN, - as nghttp2 can still be used for plain-text HTTP. + --path-as-is is the command line option - Reported-by: Lucas Pardue - -- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again + Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 - ... since the conditional in the code are now based on OpenSSL versions - instead to better support non-configure builds. + Added test in test 1241 + +- [Yamada Yasuharu brought this change] -- opts: added some "SEE ALSO" references + curl_easy_recv/send: make them work with the multi interface + + By making sure Curl_getconnectinfo() uses the correct connection cache + to find the last connection. -Steve Holme (29 Oct 2014) -- RELEASE-NOTES: Synced with 32913182dc +- http2: move the init too for when its actually needed + + ... it would otherwise lead to memory leakage if we never actually do + the switch. -- vtls.c: Fixed compilation warning +Dan Fandrich (23 Mar 2015) +- dict: rename byte to avoid compiler shadowed declaration warning - conversion from 'size_t' to 'unsigned int', possible loss of data + This conflicted with a WolfSSL typedef. -- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure +- cyassl: include version.h to ensure the version macros are defined + +- test1513: eliminated race condition in test run - Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when - acquiring the credentials handle fails. This is then consistent with - the code prior to commit f7e24683c4 when log-in credentials were empty. + It seems that some systems (e.g. fairly consistently in some recent + Solaris autobuilds) would manage to get to the connect phase before the + progress callback was called, resulting in a CURLE_COULDNT_CONNECT + error. Reworked the test to point at a test server that never returns a + full result so the progress callback always gets a chance to be called + before the transfer can complete in some other way. -- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials +Nick Zitzmann (21 Mar 2015) +- darwinsssl: add support for TLS False Start - Fixed the ability to use the current log-in credentials with DIGEST-MD5. - I had previously disabled this functionality in commit 607883f13c as I - couldn't get this to work under Windows 8, however, from testing HTTP - Digest authentication through Windows SSPI and then further testing of - this code I have found it works in Windows 7. + TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later. + +Daniel Stenberg (21 Mar 2015) +- gtls: add check of return code - Some further investigation is required to see what the differences are - between Windows 7 and 8, but for now enable this functionality as the - code will return an error when AcquireCredentialsHandle() fails. + Coverity CID 1291167 pointed out that 'rc' was received but never used when + gnutls_credentials_set() was used. Added return code check now. -Kamil Dudka (29 Oct 2014) -- transfer: drop the code handling the ssl_connect_retry flag +- gtls: dereferencing NULL pointer - Its last use has been removed by the previous commit. + Coverity CID 1291165 pointed out 'chainp' could be dereferenced when + NULL if gnutls_certificate_get_peers() had previously failed. -- nss: drop the code for libcurl-level downgrade to SSLv3 +- gtls: avoid uninitialized variable. - This code was already deactivated by commit - ec783dc142129d3860e542b443caaa78a6172d56. + Coverity CID 1291166 pointed out that we could read this variable + uninitialized. -- openssl: fix a line length warning +Dan Fandrich (21 Mar 2015) +- tests/certs: rebuild certificates with modified key usage bits + + The certificates were missing the digitalSignature and keyAgreement + usage types, of which at least digitalSignature was checked by CyaSSL. + This caused the test server in test 310 (among others) to fail the + startup verification and therefore run (see + http://curl.haxx.se/mail/lib-2014-07/0303.html). -Guenter Knauf (29 Oct 2014) -- Added NetWare support to build with nghttp2. +- tests/certs: added make target to rebuild certificates + + The certificate generation scripts were also updated to better match the + format of the certificates currently checked in. -- Fixed error message since we require ALPN support. +Daniel Stenberg (21 Mar 2015) +- x509asn1: add /* fallthrough */ in switch() case -- Check for ALPN via OpenSSL version number. +- x509asn1: minor edit to unconfuse Coverity - This check works also with to non-configure platforms. + CID 1202732 warns on the previous use, although I cannot fine any + problems with it. I'm doing this change only to make the code use a more + familiar approach to accomplish the same thing. -Steve Holme (28 Oct 2014) -- sasl_sspi: Fixed typo in comment +- [Dagobert Michelsen brought this change] -- code cleanup: We prefer 'CURLcode result' + testcurl: Allow '=' in values given on command line -Daniel Stenberg (28 Oct 2014) -- TODO: consider supporting STAT +- nss: error: unused variable 'connssl' -- mk-ca-bundle: spell fix "version" +Dan Fandrich (21 Mar 2015) +- test938: added missing closing tags -- HTTP: return larger than 3 digit response codes too - - HTTP 1.1 is clearly specified to only allow three digit response codes, - and libcurl used sscanf("%3d") for that purpose. This made libcurl - support smaller numbers but not larger. It does now, but we will not - make any specific promises nor document this further since it is going - outside of what HTTP is. - - Bug: http://curl.haxx.se/bug/view.cgi?id=1441 - Reported-by: Balaji +- cyassl: use new library version macro when available -- src/: remove version.h.dist from gitignore - - It has not been used since commit f7bfdbab in 2011 +Kamil Dudka (20 Mar 2015) +- [Alessandro Ghedini brought this change] -Steve Holme (26 Oct 2014) -- ntlm: We prefer 'CURLcode result' - - Continuing commit 0eb3d15ccb more return code variable name changes. + curl: add --false-start option + +- [Alessandro Ghedini brought this change] -Guenter Knauf (26 Oct 2014) -- Cosmetics: lowercase non-special subroutine names. + nss: add support for TLS False Start -Steve Holme (26 Oct 2014) -- RELEASE-NOTES: Synced with 07ac29a058 +- [Alessandro Ghedini brought this change] -- http_negotiate: We prefer 'CURLcode result' + url: add CURLOPT_SSL_FALSESTART option - Continuing commit 0eb3d15ccb more return code variable name changes. + This option can be used to enable/disable TLS False Start defined in the RFC + draft-bmoeller-tls-falsestart. + +Patrick Monnerat (20 Mar 2015) +- [Alessandro Ghedini brought this change] -- http_negotiate: Fixed missing check for USE_SPNEGO + gtls: implement CURLOPT_CERTINFO -- sspi: Synchronization of cleanup code between auth mechanisms +Daniel Stenberg (20 Mar 2015) +- [Alessandro Ghedini brought this change] + + openssl: try to avoid accessing OCSP structs when possible -- sspi: Renamed max token length variables +- CURLOPT_URL.3: spelling! - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. + Reported-by: Frank Gevaerts + +- CURLOPT_URL.3: Added "SECURITY CONCERNS" -- sspi: Renamed expiry time stamp variables +- CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section + +Dan Fandrich (19 Mar 2015) +- cyassl: detect the library as renamed wolfssl - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. + This change was made in CyaSSL/WolfSSL ver. 3.4.0 -- sspi: Only call CompleteAuthToken() when complete is needed +Daniel Stenberg (19 Mar 2015) +- HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 - Don't call CompleteAuthToken() after InitializeSecurityContext() has - returned SEC_I_CONTINUE_NEEDED as this return code only indicates the - function should be called again after receiving a response back from - the server. + We prematurely changed protocol handler to HTTP/2 which made things very + slow (and wrong). - This only affected the Digest and NTLM authentication code. + Reported-by: Stefan Eissing + Bug: https://github.com/bagder/curl/issues/169 -Dan Fandrich (26 Oct 2014) -- Added the "flaky" keyword to a number of tests - - Each shows evidence of flakiness on at least one platform on - the autobuilds. Users can use this keyword to skip these tests - if desired. +Dan Fandrich (19 Mar 2015) +- axtls: version 1.5.2 now requires that config.h be manually included -Steve Holme (26 Oct 2014) -- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash() +Daniel Stenberg (19 Mar 2015) +- metalink: fix resource leak in OOM - For consistency with other areas of the NTLM code propagate all errors - from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just - CURLE_OUT_OF_MEMORY. + Coverity CID 1288826 -- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash() +Dan Fandrich (18 Mar 2015) +- docs/libcurl: clean up libcurl-symbols.3 -- ntlm: Use 'CURLcode result' +- docs/libcurl: check that all options with man pages are referenced - Continuing commit 0eb3d15ccb more return code variable name changes. + If a man page exists in the opts/ directory, it must also be referenced + either in curl_easy_setopt.3 or curl_multi_setopt.3 -- ntlm: Only define ntlm data structure when USE_NTLM is defined +- curl_easy_setopt.3: added a few missing options -- ntlm: Changed handles to be dynamic like other SSPI handles +Kamil Dudka (18 Mar 2015) +- nss: explicitly tell NSS to disable NPN/ALPN - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. + ... if disabled at libcurl level. Otherwise, we would allow to + negotiate NPN despite curl was invoked with the --no-npn option. -- ntlm: Renamed handle variables to match other SSPI structures - - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. +Daniel Stenberg (18 Mar 2015) +- [Jay Satiro brought this change] -- ntlm: Renamed SSPI based input token variables + mkhelp: Remove trailing carriage return from every line of input - Code cleanup to try and synchronise code between the different SSPI - based authentication mechanisms. - -- ntlm: We prefer 'CURLcode result' + - Get rid of this flood of warnings in Windows mingw build: + warning: missing terminating " character - Continuing commit 0eb3d15ccb more return code variable name changes. + The warning is due to the carriage return. When msysgit checks out files + from the repo by default it converts the line endings to CRLF. Prior to + this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF + format the trailing carriage returns caused unnecessary CR in the + output. -- build: Added WinIDN build configuration options - - Added support for WinIDN build configurations to the VC8 and VC9 - project files. +- RELEASE-NOTES: synced with e539f01567 -Nick Zitzmann (24 Oct 2014) -- darwinssl: detect possible future removal of SSLv3 from the framework +- [Christian Weisgerber brought this change] + + docs/libcurl: make portability fix - If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3. + Using $< in a non-suffix rule context is a GNU make idiom. This bug was + introduced in 7.41.0. -Patrick Monnerat (24 Oct 2014) -- gskit.c: remove SSLv3 from SSL default. +Dan Fandrich (17 Mar 2015) +- checksrc: Fix whitelist on out-of-tree builds -- gskit.c: use 'CURLcode result' +Daniel Stenberg (17 Mar 2015) +- [Stefan Bühler brought this change] -Daniel Stenberg (24 Oct 2014) -- [Jay Satiro brought this change] + Curl_sh_entry: remove unused 'timestamp' - SSL: Remove SSLv3 from SSL default due to POODLE attack - - - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, - openssl effectively making the default TLS 1.x. axTLS is not affected - since it supports only TLS, and gnutls is not affected since it already - defaults to TLS 1.x. +- HTTP: don't use Expect: headers when on HTTP/2 - - Update CURLOPT_SSLVERSION doc + Reported-by: Stefan Eissing + Bug: https://github.com/bagder/curl/issues/169 -- pipelining: only output "is not blacklisted" in debug builds +- checksrc: detect and remove space before trailing semicolons -- *.3: add/extend "SEE ALSO" sections +- checksrc: introduce a whitelisting concept -- curl_easy_pause.3: minor wording edit +- checksrc: use space after comma -- curl_getdate.3: provide a "SEE ALSO" section +- checksrc: use space before paren in "return (expr);" -- curl_global_init.3: minor formatting fix, add version info +- CONTRIBUTE: refer to git log instead of deprecated CHANGES file -- url.c: use 'CURLcode result' +- CURLOPT_*.3: more examples and edits -- code cleanup: we prefer 'CURLcode result' - - ... for the local variable name in functions holding the return - code. Using the same name universally makes code easier to read and - follow. - - Also, unify code for checking for CURLcode errors with: +- CURLOPT_*.3: added lots of small example sections + +- CURLOPT_PRIVATE.3: provide an example + +- CURLOPT_*TIMEOUT.3: provide examples + +- CURLOPT_USERAGENT.3: added an example + +- CURLOPT_STDERR.3: added an example + +- curl_easy_perform.3: remove superfluous close brace from example + +- free: instead of Curl_safefree() - if(result) or if(!result) + Since we just started make use of free(NULL) in order to simplify code, + this change takes it a step further and: - instead of + - converts lots of Curl_safefree() calls to good old free() + - makes Curl_safefree() not check the pointer before free() - if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK) + The (new) rule of thumb is: if you really want a function call that + frees a pointer and then assigns it to NULL, then use Curl_safefree(). + But we will prefer just using free() from now on. -- Curl_add_timecondition: skip superfluous varible assignment - - Detected by cppcheck. +- [Markus Elfring brought this change] -- Curl_pp_flushsend: skip superfluous assignment + Bug #149: Deletion of unnecessary checks before a few calls of cURL functions - Detected by cppcheck. - -- Curl_pp_readresp: remove superfluous assignment + The following functions return immediately if a null pointer was passed. + * Curl_cookie_cleanup + * curl_formfree - Variable already assigned a few lines up. + It is therefore not needed that a function caller repeats a corresponding check. - Detected by cppcheck. + This issue was fixed by using the software Coccinelle 1.0.0-rc24. + + Signed-off-by: Markus Elfring + +- [Markus Elfring brought this change] -- Curl_proxyCONNECT: remove superfluous statement + Bug #149: Deletion of unnecessary checks before calls of the function "free" - The variable is already assigned, skip the duplicate assignment. + The function "free" is documented in the way that no action shall occur for + a passed null pointer. It is therefore not needed that a function caller + repeats a corresponding check. + http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first - Pointed out by cppcheck. + This issue was fixed by using the software Coccinelle 1.0.0-rc24. + + Signed-off-by: Markus Elfring -Guenter Knauf (24 Oct 2014) -- Added MinGW support to build with nghttp2. +- [Jay Satiro brought this change] -- Added VC ssh2 target to main Makefile. + connect: Fix happy eyeballs logic for IPv4-only builds + + Bug: https://github.com/bagder/curl/pull/168 + + (trynextip) + - Don't try the "other" protocol family unless IPv6 is available. In an + IPv4-only build the other family can only be IPv6 which is unavailable. + + This change essentially stops IPv4-only builds from attempting the + "happy eyeballs" secondary parallel connection that is supposed to be + used by the "other" address family. + + Prior to this change in IPv4-only builds that secondary parallel + connection attempt could be erroneously used by the same family (IPv4) + which caused a bug where every address after the first for a host could + be tried twice, often in parallel. This change fixes that bug. An + example of the bug is shown below. + + Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4: + + * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000) + * Rebuilt URL to: http://MTEST/ + * Added connection 0. The cache now contains 1 members + * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083 + (connection #0) + * Trying 127.0.0.2... + * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163 + (connection #0) + * Trying 127.0.0.3... + * connect to 127.0.0.2 port 80 failed: Connection refused + * Trying 127.0.0.3... + * connect to 127.0.0.3 port 80 failed: Connection refused + * Trying 127.0.0.4... + * connect to 127.0.0.3 port 80 failed: Connection refused + * Trying 127.0.0.4... + * connect to 127.0.0.4 port 80 failed: Connection refused + * connect to 127.0.0.4 port 80 failed: Connection refused + * Failed to connect to MTEST port 80: Connection refused + * Closing connection 0 + * The cache now contains 0 members + * Expire cleared + curl: (7) Failed to connect to MTEST port 80: Connection refused + + The bug was born in commit bagder/curl@2d435c7. + +- mksymbolsmanpage.pl: use std header and generate better nroff header -- Some cosmetics and simplifies. +- [Frank Meier brought this change] -- Remove dependency on openssl and cut. + closesocket: call multi socket cb on close even with custom close - Prefer usage of Perl modules for sha1 calculation since there - might be systems where openssl is not installed or not in path. - If openssl is used for sha1 calculation then dont rely on cut - since it is usually not available on other systems than Linux. - -Daniel Stenberg (23 Oct 2014) -- RELEASE-NOTES: synced with e116d0a62 + In function Curl_closesocket() in connect.c the call to + Curl_multi_closed() was wrongly omitted if a socket close function + (CURLOPT_CLOSESOCKETFUNCTION) is registered. + + That would lead to not removing the socket from the internal hash table + and not calling the multi socket callback appropriately. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1493 -- CURLOPT_RESOLVE.3: add an example +- [Tobias Stoeckmann brought this change] -- gnutls: removed dead code + hostip: Fix signal race in Curl_resolv_timeout. - Bug: http://curl.haxx.se/bug/view.cgi?id=1437 - Reported-by: Julien - -- Curl_rand: Uninitialized variable: r + A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is + configured to interrupt system calls and uses siglongjmp to return into + the function if alarm() goes off. + + The signal handler is installed before curl_jmpenv is initialized. + This means that an already installed alarm timer could trigger the + newly installed signal handler, leading to undefined behavior when it + accesses the uninitialized curl_jmpenv. - This is not actually used uninitialized but we silence warnings. + Even if there is no previously installed alarm available, the code in + Curl_resolv_timeout itself installs an alarm before the environment is + fully set up. If the process is sent into suspend right after that, the + signal handler could be called too early as in previous scenario. - Bug: http://curl.haxx.se/bug/view.cgi?id=1437 - Reported-by: Julien + To fix this, the signal handler should only be installed and the alarm + timer only be set after sigsetjmp has been called. -- opts: provide more and updated examples +- http2: detect prematures close without data transfered + + ... by using the regular Curl_http_done() method which checks for + that. This makes test 1801 fail consistently with error 56 (which seems + fine) to that test is also updated here. + + Reported-by: Ben Darnell + Bug: https://github.com/bagder/curl/issues/166 -- CURLOPT_RANGE.3: works for SFTP as well +Dan Fandrich (13 Mar 2015) +- test320: Expect the Host header to be the first header - ... and added a small example + Required for the test to work after a5d994941c2b. -- curl.1: edited for clarity +Daniel Stenberg (12 Mar 2015) +- RELEASE-NOTES: synced with 186e46d88dd -- CURLOPT_SSLVERSION.3: provide an example +- openssl: use colons properly in the ciphers list + + While the previous string worked, this is the documented format. + + Reported-by: Richard Moore -- docs/libcurl/ABI: more markdown friendly +- openssl: sort the ciphers on strength + + This makes curl pick better (stronger) ciphers by default. The strongest + available ciphers are fine according to the HTTP/2 spec so an OpenSSL + built curl is no longer rejected by string HTTP/2 servers. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1487 -- docs: edited lots of libcurl docs for clarity +- [Fabian Keil brought this change] -- opts: added examples + test203[0-3]: Expect the Host header to be the first header + + Required for the tests to work after a5d994941c2b. -- HISTORY: two glimpses in 2014 +- openssl: show the cipher selection to use -Kamil Dudka (20 Oct 2014) -- nss: reset SSL handshake state machine +- http: always send Host: header as first header + + ...after the method line: + + "Since the Host field-value is critical information for handling a + request, a user agent SHOULD generate Host as the first header field + following the request-line." / RFC 7230 section 5.4 - ... when the handshake succeeds + Additionally, this will also make libcurl ignore multiple specified + custom Host: headers and only use the first one. Test 1121 has been + updated accordingly - This fixes a connection failure when FTPS handle is reused. + Bug: http://curl.haxx.se/bug/view.cgi?id=1491 + Reported-by: Rainer Canavan -Daniel Stenberg (20 Oct 2014) -- [Peter Wu brought this change] +- [Alexander Pepper brought this change] - cmake: generate pkg-config and curl-config + mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q". - Initial work to generate a pkg-config and curl-config script. Static - linking (`curl-config --static-libs` and `pkg-config --shared --libs - libcurl`) is broken and therefore disabled. + Also unified printing to STDERR by creating the helper method "report". + +- proxy: re-use proxy connections (regression) - CONFIGURE_OPTIONS does not make sense for CMake, use an empty string - for now. + When checking for a connection to re-use, a proxy-using request must + check for and use a proxy connection and not one based on the host + name! - At least `curl-config --features` and `curl-config --protocols` work - which is needed by runtests.pl. + Added test 1421 to verify - Signed-off-by: Peter Wu + Bug: http://curl.haxx.se/bug/view.cgi?id=1492 -- [Peter Wu brought this change] +- [Jay Satiro brought this change] - cmake: use LIBCURL_VERSION from curlver.h - - This matches the behavior from autotools. The auxiliary major, minor - and patch components are not needed anymore and therefore removed. - - Signed-off-by: Peter Wu + memanalyze.pl: handle free(NULL) -- [Peter Wu brought this change] +- [Jay Satiro brought this change] - cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS + .travis.yml: Change CI make test to make test-full - For compatibility with autoconf, it will be used later for curl-config - and pkg-config. Not all features and or protocols can be enabled as - these are missing additional checks (see new TODOs). + - Change the continuous integration script to use 'make test-full' + instead of just 'make test' so that the diagnostic log output is + printed to stdout when a test fails. - SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=) - and manually verified/modified. SUPPORT_FEATURES is manually added. + - Change the continuous integration script to use + './configure --enable-debug' instead of just './configure' so that the + memory analyzer will work during testing. - Signed-off-by: Peter Wu + Prior to this change Travis used its default C test script: + ./configure && make && make test -- cmake: add CMake/Macros.cmake to the release tarball +- [Alessandro Ghedini brought this change] -- test545: make it not use a trailing zero - - CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not - require a trailing zero of the data and by making sure this test doesn't - use one we know it works (combined with valgrind). + gtls: correctly align certificate status verification messages -Steve Holme (16 Oct 2014) -- ntlm: Fixed empty type-2 decoded message info text - - Updated the info text when the base-64 decode of the type-2 message - returns a null buffer to be more specific. +- [Alessandro Ghedini brought this change] -- ntlm: Fixed empty/bad base-64 decoded buffer return codes + gtls: don't print double newline after certificate dates -- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token +- [Alessandro Ghedini brought this change] -Daniel Stenberg (16 Oct 2014) -- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features + gtls: print negotiated TLS version and full cipher suite name - ... and only do a single request for clarity. + Instead of priting cipher and MAC algorithms names separately, print the + whole cipher suite string which also includes the key exchange algorithm, + along with the negotiated TLS version. + +- gtls: fix compiler warnings + +- [Alessandro Ghedini brought this change] + + gtls: add support for CURLOPT_CAPATH -Steve Holme (15 Oct 2014) -- sasl_sspi: Fixed some typos +- [stopiccot brought this change] -- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO + MacOSX-Framework: use @rpath instead of @executable_path + + Bug: https://github.com/bagder/curl/pull/157 -Daniel Stenberg (15 Oct 2014) -- [Bruno Thomsen brought this change] +- RELEASE-NOTES: synced with c19349951 - mk-ca-bundle: added SHA-384 signature algorithm +- multi: fix *getsock() with CONNECT + + The code used some happy eyeballs logic even _after_ CONNECT has been + sent to a proxy, while the happy eyeball phase is already (should be) + over by then. - Certificates based on SHA-1 are being phased out[1]. - So we should expect a rise in certificates based on SHA-2. - Adding SHA-384 as a valid signature algorithm. + This is solved by splitting the multi state into two separate states + introducing the new SENDPROTOCONNECT state. - [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ + Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html + Reported-by: Peter Laser + +- conncontrol: only log changes to the connection bit + +- http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* - Signed-off-by: Bruno Thomsen + Since they already exist and will make comparing easier + +- http2: make the info-message about receiving HTTP2 headers debug-only + +- [Alessandro Ghedini brought this change] + + urldata: remove unused asked_for_h2 field + +- [Alessandro Ghedini brought this change] + + polarssl: make it possible to enable ALPN/NPN without HTTP2 + +- [Alessandro Ghedini brought this change] + + nss: make it possible to enable ALPN/NPN without HTTP2 -Patrick Monnerat (14 Oct 2014) -- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope +- [Alessandro Ghedini brought this change] + + gtls: make it possible to enable ALPN/NPN without HTTP2 + +- [Alessandro Ghedini brought this change] -- Implement pinned public key in GSKit backend + openssl: make it possible to enable ALPN/NPN without HTTP2 -Daniel Stenberg (14 Oct 2014) -- CURLOPT_TLSAUTH_*.3: fix reference typos +- metalink: add some error checks + + malloc() and strdup() calls without checking return codes. + + Reported-by: Markus Elfring + Bug: https://github.com/bagder/curl/issues/150 -- cleanups: reduce variable scope +- curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS - cppcheck pointed these out. + Reported-by: Jonathan Cardoso -- singleipconnect: remove dead assignment never used +- urldata: fix gnutls build + +Steve Holme (5 Mar 2015) +- openssl: Removed use of USE_SSLEAY from the Visual Studio project files - cppcheck pointed this out. + In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor + variable from the Visual Studio project files as it isn't required + anymore. -- pinning: minor code style policing +Daniel Stenberg (5 Mar 2015) +- multi: fix memory-leak on timeout (regression) + + Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't + necesarily clear everything up, like formpost data. + + Bug: https://github.com/bagder/curl/issues/147 + Reported-by: Michel Promonet + Patched-by: Michel Promonet -Patrick Monnerat (13 Oct 2014) -- Factorize pinned public key code into generic file handling and backend specific +- configure: follow-up fix from 709cf76f6 + + OpenSSL handling was a little broken. -- vtls: remove QsoSSL +- openssl: remove all uses of USE_SSLEAY + + SSLeay was the name of the library that was subsequently turned into + OpenSSL many moons ago (1999). curl does not work with the old SSLeay + library since years. This is now reflected by only using USE_OPENSSL in + code that depends on OpenSSL. -- gskit: supply dummy randomization function +- [Sergei Nikulov brought this change] -- vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation + cmake: handle build definitions CURLDEBUG/DEBUGBUILD + + Acked-by: Brad King -Daniel Stenberg (13 Oct 2014) -- [Peter Wu brought this change] +- FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? - tests: move TESTCASES to Makefile.inc, add show for cmake +- symbols.pl: handle '-' in the deprecated field - This change allows runtests.pl to be run from the CMake builddir: + ... which otherwise made the script skip the _LAST define for some + symbols. - export srcdir=/tmp/curl/tests; - perl -I$srcdir $srcdir/runtests.pl -l + Reported-by: Jeroen Ooms + Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html + +- curl.1: fix "The the" typo - In order to make this possible, all test cases have been moved from - Makefile.am to Makefile.inc. + Reported-by: Jon Seymour + +- vtls: use curl_printf.h all over - Signed-off-by: Peter Wu + No need to use _MPRINTF_REPLACE internally. + +- tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE + +- tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used -- [Peter Wu brought this change] +- [Sergei Nikulov brought this change] - cmake: enable IPv6 by default if available + libtest: fixed linker errors on msvc - ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a - Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if - struct sockaddr_in6 is not found in netinet/in.h. + Bug: https://github.com/bagder/curl/pull/144 + +- mprintf.h: remove #ifdef CURLDEBUG + + ... and as a consequence, introduce curl_printf.h with that re-define + magic instead and make all libcurl code use that instead. + +- tool_getpass: remove unused curl/mprintf.h include + +- CONTRIBUTING.md: file for advice on github + +- [Viktor Szakáts brought this change] + + BINDINGS: add link to Harbour bindings - Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more - platform checks even though POSIX requires a thread-safe getaddrinfo. + And UTF8-fix a few names + +- CURLOPT_HEADERFUNCTION.3: typo in error code name - Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7. + Reported-by: Jonathan Cardoso + +- BINDINGS: tclcurl moved - Signed-off-by: Peter Wu + Reporte-by: Steve Havelka + +- [Jay Satiro brought this change] + + opts: Fix pipelining examples + +- [Jay Satiro brought this change] + + curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS + +- CONTRIBUTE: the new more github-friendly attitude! -- [Peter Wu brought this change] +Steve Holme (28 Feb 2015) +- RELEASE-NOTES: Synced with 921d195187 - cmake: build tool_hugehelp (ENABLE_MANUAL) +Kamil Dudka (28 Feb 2015) +- tool: wrap lines longer than 79 columns - Rather than always outputting an empty manual page for the '-M' option, - generate a full manual page as done by autotools. For simplicity in - CMake, always generate the gzipped page as it will not be used anyway - when zlib is not available. - - Signed-off-by: Peter Wu + ... to avoid a build failure when configured with --enable-debug -- [Peter Wu brought this change] +Steve Holme (27 Feb 2015) +- [Tatsuhiro Tsujikawa brought this change] - tests/http_pipe.py: Python 3 support + http2: Return error if stream was closed with other than NO_ERROR - The 2to3 tool converted socketserver (which I manually fixed up with an - import fallback) and the print(e) line. The xrange option was converted - to range, but it seems better to use the '*' operator here for - simplicity. - - Signed-off-by: Peter Wu - -- SECURITY: slightly nicer markdown format + Previously, we just ignored error code passed to + on_stream_close_callback and just return 0 (success) after stream + closure even if stream was reset with error. This patch records error + code in on_stream_close_callback, and return -1 and use CURLE_HTTP2 + error code on abnormal stream closure. -- RELEASE-PROCEDURE: better markdown, more content +- tool: Updated the warnf() function to use the GlobalConfig structure + + As the 'error' and 'mute' options are now part of the GlobalConfig, + rather than per Operation, updated the warnf() function to use this + structure rather than the OperationConfig. -- RELEASE-NOTES: synced with 6637b237e6eb +- build: Removed DataExecutionPrevention directive from VC9+ project files - ... and bumped the planned release version. + Removed the DataExecutionPrevention directive from the project files for + Visual Studio 2008 and above. The XML value in the VC9 project files was + set to "0" (Default) whilst the VC10+ project files contained an empty + XML element. -- vtls: have vtls.h include the backend header files +- build: Use default RandomizedBaseAddress directive in VC9+ project files + + Visual Studio 2008 introduced support for the address space layout + randomization (ASLR) feature of Windows Vista. However, upgrading the + VC8 project files to VC9 and above disabled this feature. - It turned out some features were not enabled in the build since for - example url.c #ifdefs on features that are defined on a per-backend - basis but vtls.h didn't include the backend headers. + Removed the RandomizedBaseAddress directive to enabled the default + setting (/DYNAMICBASE). Note: This doesn't appear to have any negative + impact when compiled and ran on Windows XP. + +- build: Added support to Generate.bat for files in the upcoming vauth folder + +Daniel Stenberg (25 Feb 2015) +- http2: return recv error on unexpected EOF - CURLOPT_CERTINFO was one such feature that was accidentally disabled. + Pointed-out-by: Tatsuhiro Tsujikawa + Bug: http://curl.haxx.se/bug/view.cgi?id=1487 -- test2036: verify -O with no slash at all in the URL +Kamil Dudka (25 Feb 2015) +- dist: add symbol-scan.pl to the tarball - Similar to test 76 but that test's URL has a slash just no file name - part. + ... in order to make test1135 succeed -- get_url_file_name: make no slash equal empty string +Daniel Stenberg (25 Feb 2015) +- http2: move lots of verbose output to be debug-only -- get_url_file_name: never return a NULL string *and* OK +Kamil Dudka (25 Feb 2015) +- curl-config.in: eliminate double quotes around CURL_CA_BUNDLE - Change 987a4a73 assumes that as it simplifies life in the calling - function. + Otherwise it expands to: - Reported-by: Fabian Keil + echo ""/etc/pki/tls/certs/ca-bundle.crt"" + + Detected by ShellCheck: + + curl-config:74:16: warning: The double quotes around this do + nothing. Remove or escape them. [SC2140] -- [Jakub Zakrzewski brought this change] +- nss: do not skip Curl_nss_seed() if data is NULL + + In that case, we only skip writing the error message for failed NSS + initialization (while still returning the correct error code). - Cmake: Build with GSSAPI (MIT or Heimdal) +- nss: improve error handling in Curl_nss_random() - It tries hard to recognise SDK's on different platforms. On windows MIT - Kerberos installs SDK with other things and puts path into registry. - Heimdal have separate zip archive. On linux pkg-config is tried, then - krb5-config script and finally old-style libs and headers detection. + The vtls layer now checks the return value, so it is no longer necessary + to abort if a random number cannot be provided by NSS. This also fixes + the following Coverity report: - Command line args: - * CMAKE_USE_GSSAPI - enables GSSAPI detection - * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation - (the one with include and lib directories) + Error: FORWARD_NULL (CWE-476): + lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. + lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. + lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". -- [Jakub Zakrzewski brought this change] - - Cmake: Got rid of setup_curl_dependencies +Daniel Stenberg (25 Feb 2015) +- RELEASE-PROCEDURE: add some more future release dates - There is no need for such function. Include_directories propagate by - themselves and having a function with one simple link statement makes - little sense. + ... and remove some old ones -- [Jakub Zakrzewski brought this change] +- sws: timeout idle CONNECT connections - Cmake: Avoid cycle directory dependencies. - - Because we prepended libraries to list, CMake had troubles resolving - link directory order as it detected some cycles. Appending to list ensures - that dependencies will preceed dependees. +- bump: start working toward 7.42.0 -- [Jakub Zakrzewski brought this change] +Version 7.41.0 (25 Feb 2015) - Cmake: Fix library list provided to cURL tests. - - The list must be set after those nice CMake tests as we mess with - CMAKE_REQUIRED_LIBRARIES there. +Daniel Stenberg (25 Feb 2015) +- THANKS: added contributors from the 7.41.0 RELEASE-NOTES -- [Jakub Zakrzewski brought this change] +- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!) - Cmake: Check for OpenSSL before OpenLDAP. +Marc Hoersken (25 Feb 2015) +- Revert "telnet.c: fix handling of 0 being returned from custom read function" - OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first - may result in undefined symbols. Of course, the found OpenSSL libraries - must also be linked whenever OpenLDAP is. - -- curl_multi_fdset.3: improved the formatting slightly + This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe. -- curl_multi_fdset: explain the fd_set arguments +- telnet.c: fix invalid use of custom read function if not being set + + obj_count can be 1 if the custom read function is set or the stdin + handle is a reference to a pipe. Since the pipe should be handled + using the PeekNamedPipe-check below, the custom read function should + only be used if it is actually enabled. -Kamil Dudka (8 Oct 2014) -- nss: do not fail if a CRL is already cached +- telnet.c: fix handling of 0 being returned from custom read function + + According to [1]: "Returning 0 will signal end-of-file to the library + and cause it to stop the current transfer." + This change makes the Windows telnet code handle this case accordingly. - This fixes a copy-paste mistake from commit 2968f957. + [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html -Patrick Monnerat (8 Oct 2014) -- OS400: upgrade interface for pinned public key (no implementation yet) +Daniel Stenberg (24 Feb 2015) +- sws: stop logging about TPC_NODELAY nonsense -Daniel Stenberg (8 Oct 2014) -- FormAdd: precaution against memdup() of NULL pointer +- lib530: make it less timing sensible - Coverity CID 252518. This function is in general far too complicated for - its own good and really should be broken down into several smaller - funcitons instead - but I'm adding this protection here now since it - seems there's a risk the code flow can end up here and dereference a - NULL pointer. + ... by making sure the first request is completed before doing the + remainder. -- operate: avoid NULL dereference +Kamil Dudka (23 Feb 2015) +- connect: wait for IPv4 connection attempts - Coverity CID 1241948. dumpeasysrc() would get called with - config->current set to NULL which could be dereferenced by a warnf() - call. - -- do_sec_send: remove dead code + ... even if the last IPv6 connection attempt has failed. - Coverity CID 1241951. The condition 'len >= 0' would always be true at - that point and thus not necessary to check for. + Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4 -- krb5_encode: remove unused argument +- connect: avoid skipping an IPv4 address - Coverity CID 1241957. Removed the unused argument. As this struct and - pointer now are used only for krb5, there's no need to keep unused - function arguments around. - -- operate_do: skip superfluous check for NULL pointer + ... in case the protocol versions are mixed in a DNS response + (IPv6 -> IPv4 -> IPv6). - Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL - file name pointer so skip the check for that - it tricks coverity into - believing it can happen and it then warns later on when we use 'outfile' - without checking for NULL. + Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3 -- curl_easy_getinfo.3: spell-fix - - Reported-By: Luan Cestari +Daniel Stenberg (23 Feb 2015) +- RELEASE-NOTES: synced with 5e4395eab839d -- [moparisthebest brought this change] +- ROADMAP: curl_easy_setopt.3 has already been split up + + Remove cmake as marked for removal. It is in much better state now. - GnuTLS: Implement public key pinning +- ROADMAP: extend the HTTP/2 stuff, remove SPDY -- [moparisthebest brought this change] +- [Julian Ospald brought this change] - SSL: implement public key pinning + configure: allow both --with-ca-bundle and --with-ca-path - Option --pinnedpubkey takes a path to a public key in DER format and - only connect if it matches (currently only implemented with OpenSSL). + SSL_CTX_load_verify_locations by default (and if given non-Null + parameters) searches the CAfile first and falls back to CApath. This + allows for CAfile to be a basis (e.g. installed by the package manager) + and CApath to be a user configured directory. - Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). + This wasn't reflected by the previous configure constraint which this + patch fixes. - Extract a public RSA key from a website like so: - openssl s_client -connect google.com:443 2>&1 < /dev/null | \ - sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ - | openssl rsa -pubin -outform DER > google.com.der + Bug: https://github.com/bagder/curl/pull/139 -- multi_runsingle: fix possible memory leak - - Coverity CID 1202837. 'newurl' can in fact be allocated even when - Curl_retry_request() returns failure so free it if need be. - -- ares::Curl_resolver_cancel: skip checking for NULL conn - - Coverity CID 1243581. 'conn' will never be NULL here, and if it would be - the subsequent statement would dereference it! +- [Ben Boeckel brought this change] -- parseconfig: skip a NULL check - - Coverity CID 1154198. This NULL check implies that the pointer _can_ be - NULL at this point, which it can't. Thus it is dead code. It tricks - static analyzers to warn about dereferencing the pointer since the code - seems to imply it can be NULL. + cmake: install the dll file to the correct directory -- [Waldek Kozba brought this change] +- [Alessandro Ghedini brought this change] - multi-uv.c: call curl_multi_info_read() better + nss: fix NPN/ALPN protocol negotiation - Improves it for low-latency cases (like the communication with - localhost) - -- tool_go_sleep: use (void) to spell out we ignore the return value + Correctly check for memcmp() return value (it returns 0 if the strings match). - Coverity CID 1222080. + This is not really important, since curl is going to use http/1.1 anyway, but + it's still a bug I guess. -- ssh_statemach_act: split out assignment from check - - just a minor code style thing to make the code clearer +- [Alessandro Ghedini brought this change] -Marc Hoersken (4 Oct 2014) -- curl_schannel.c: Fixed possible memory or handle leak + polarssl: fix ALPN protocol negotiation - First try to fix possible memory leaks, in this case: - Only connssl->ctxt xor onnssl->cred being initialized. + Correctly check for strncmp() return value (it returns 0 if the strings + match). -Daniel Stenberg (4 Oct 2014) -- getparameter: remove dead code - - Coverity CID 1061126. 'parse' will always be non-NULL here. +- [Sergei Nikulov brought this change] -- getparameter: comment a switch FALLTHROUGH + CMake: Fix generation of tool_hugehelp.c on windows - Coverity CID 1061118. Point out that it is on purpose. - -- choose_mech: fix return code + Use "cmake -E echo" instead of "echo". - Coverity CID 1241950. The pointer is never NULL but it might point to - NULL. + Reviewed-by: Brad King -- Curl_sec_read_msg: spell out that we ignore return code - - Coverity CID 1241947. Since if sscanf() fails, the previously set value - remains set. +- [Sergei Nikulov brought this change] -- nonblock: call with (void) to show we ignore the return code + CMake: fix winsock2 detection on windows - Coverity pointed out several of these. - -- parse_proxy: remove dead code. + Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get + the winsock2 API from windows.h. Simplify the order of checks to + avoid extra conditions. - Coverity CID 982331. + Use check_include_file instead of check_include_file_concat to look + for OpenSSL headers. They do not need to participate in a sequence + of dependent system headers. Also they may cause winsock.h to be + included before ws2tcpip.h, causing the latter to not be detected + in the sequence. + + Reviewed-by: Brad King -- Curl_debug: document switch fallthroughs +- [Alessandro Ghedini brought this change] -- curl_multi_remove_handle: remove dead code - - Coverify CID 1157776. Removed a superfluous if() that always evaluated - true (and an else clause that never ran), and then re-indented the - function accordingly. + gtls: fix build with HTTP2 -- Curl_pipeline_server_blacklisted: handle a NULL server name - - Coverity CID 1215284. The server name is extracted with - Curl_copy_header_value() and passed in to this function, and - copy_header_value can actually can fail and return NULL. +Steve Holme (16 Feb 2015) +- Makefile.vc6: Corrected typos in rename of darwinssl.obj -- ssh: comment "fallthrough" in switch statement +Nick Zitzmann (15 Feb 2015) +- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" -- [Jeremy Lin brought this change] +Steve Holme (14 Feb 2015) +- RELEASE-NOTES: Synced with 6f89f86c3d - ssh: improve key file search - - For private keys, use the first match from: user-specified key file - (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa - - Note that the previous code only looked for id_dsa files. id_rsa is - now generally preferred, as it supports larger key sizes. - - For public keys, use the user-specified key file, if provided. - Otherwise, try to extract the public key from the private key file. - This means that passing --pubkey is typically no longer required, - and makes the key-handling behavior more like OpenSSH. +- tests/README: Updated to reflect email test ranges + +- [Alessandro Ghedini brought this change] -- CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list + curl.1: --cert-status is also supported by OpenSSL now -- detect_proxy: fix possible single-byte memory leak +- build: Removed Visual Studio SuppressStartupBanner directive for VC8+ - Coverity CID 1202836. If the proxy environment variable returned an empty - string, it would be leaked. While an empty string is not really a proxy, other - logic in this function already allows a blank string to be returned so allow - that here to avoid the leak. + Visual Studio 2005 and above defaults to disabling the startup banner + for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there + is no need to explicitly set the SuppressStartupBanner directive, as + this is a leftover from the VC7 and VC7.1 projects being upgraded to + VC8 and above. -- multi_runsingle: fix memory leak +Kamil Dudka (12 Feb 2015) +- openssl: fix a compile-time warning - Coverity CID 1202837. There's a potential risk that 'newurl' gets - overwritten when it was already pointing to allocated memory. + lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive -- pop3_perform_authentication: fix memory leak +Steve Holme (11 Feb 2015) +- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection - Coverity CID 1215287. There's a potential risk for a memory leak in - here, and moving the free call to be unconditional seems like a cheap - price to remove the risk. + For consistency with other conditionally compiled code in openssl.c, + use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use + HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are + not included. -- imap_perform_authentication: fix memory leak - - Coverity CID 1215296. There's a potential risk for a memory leak in - here, and moving the free call to be unconditional seems like a cheap - price to remove the risk. +Patrick Monnerat (11 Feb 2015) +- ftp: accept all 2xx responses to the PORT command -- wait_or_timeout: return failure when Curl_poll() fails +Steve Holme (9 Feb 2015) +- openssl: Disable OCSP in old versions of OpenSSL - Coverity detected this. CID 1241954. When Curl_poll() returns a negative value - 'mcode' was uninitialized. Pretty harmless since this is debug code only and - would at worst cause an error to _not_ be returned... + Versions of OpenSSL prior to v0.9.8h do not support the necessary + functions for OCSP stapling. + +Daniel Stenberg (9 Feb 2015) +- [Tatsuhiro Tsujikawa brought this change] -- curl.1: mention quoting in the URL section + http2: Fix bug that associated stream canceled on PUSH_PROMISE - and separate the example URLs with newlines + Previously we don't ignore PUSH_PROMISE header fields in on_header + callback. It makes header values mixed with following HEADERS, + resulting protocol error. -Steve Holme (30 Sep 2014) -- [Bill Nagel brought this change] +- [Jay Satiro brought this change] - smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error + polarssl: Fix exclusive SSL protocol version options - This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that - sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL - appears to require the same pointer on a write that follows a retry - (CURLE_AGAIN) as discussed here: + Prior to this change the options for exclusive SSL protocol versions did + not actually set the protocol exclusive. - http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr + http://curl.haxx.se/mail/lib-2015-01/0002.html + Reported-by: Dan Fandrich -Daniel Stenberg (30 Sep 2014) -- RELEASE-NOTES: synced with 53cbea22310f15 +- [Jay Satiro brought this change] -- file: reject paths using embedded %00 - - Mostly because we use C strings and they end at a binary zero so we know - we can't open a file name using an embedded binary zero. + gskit: Fix exclusive SSLv3 option + +- curl.1: clarify that -X is used for all requests - Reported-by: research@g0blin.co.uk + Reported-by: Jon Seymour + +- curl.1: add warning when using -H and redirects -Dan Fandrich (26 Sep 2014) -- test506: Fixed a couple of memory leaks in test +Steve Holme (7 Feb 2015) +- schannel: Removed curl_ prefix from source files + + Removed the curl_ prefix from the schannel source files as discussed + with Marc and Daniel at FOSDEM. -Daniel Stenberg (25 Sep 2014) -- [Yousuke Kimoto brought this change] +Daniel Stenberg (6 Feb 2015) +- md5: use axTLS's own MD5 functions when available - CURLOPT_COOKIELIST: Added "RELOAD" command +- MD(4|5): make the MD4_* and MD5_* functions static -- [Michael Wallner brought this change] +- axtls: fix conversion from size_t to int warning - CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303 +Steve Holme (5 Feb 2015) +- ftp: Use 'CURLcode result' for curl result codes -- threaded-resolver: revert Curl_expire_latest() switch +Daniel Stenberg (5 Feb 2015) +- openssl: SSL_SESSION->ssl_version no longer exist - The switch to using Curl_expire_latest() in commit cacdc27f52b was a - mistake and was against the advice even mentioned in that commit. The - comparison in asyn-thread.c:Curl_resolver_is_resolved() makes - Curl_expire() the suitable function to use. + The struct went private in 1.0.2 so we cannot read the version number + from there anymore. Use SSL_version() instead! - Bug: http://curl.haxx.se/bug/view.cgi?id=1426 - Reported-By: graysky + Reported-by: Gisle Vanem + Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html -- libcurl docs: improvements all over +Dan Fandrich (4 Feb 2015) +- unit1600: Fix compilation when NTLM is disabled -Steve Holme (19 Sep 2014) -- build: Added WinIDN build configuration options +Daniel Stenberg (4 Feb 2015) +- MD5: fix compiler warnings and code style nits + +- MD5: replace implementation + + The previous one was "encumbered" by RSA Inc - to avoid the licensing + restrictions it has being replaced. This is the initial import, + inserting the md5.c and md5.h files from + http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 - Added initial support for WinIDN build configurations to the VC10+ - project files. + Code-by: Alexander Peslyak -Daniel Stenberg (19 Sep 2014) -- tutorial: signals aren't used for the threaded resolver +- MD4: fix compiler warnings and code style nits -- FAQ: update the pronunciation section +- MD4: replace implementation - As we weren't using the correct phonetic description and doing it correctly - involves funny letters that I'm sure will cause problems for people in a text - document so I instead rephrased it and link to a WAV file with a person - actually saying 'curl'. + The previous one was "encumbered" by RSA Inc - to avoid the licensing + restrictions it has being replaced. This is the initial import, + inserting the md4.c and md4.h files from + http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 - Reported-By: Dimitar Boevski + Code-by: Alexander Peslyak -- CURLOPT_COOKIE*: added more cross-references +Steve Holme (4 Feb 2015) +- telnet: Prefer 'CURLcode result' for curl result codes -- BINDINGS: add node-libcurl - - Reported-By: Jonathan Cardoso Machado - URL: http://curl.haxx.se/mail/lib-2014-09/0102.html +- hostasyn: Prefer 'CURLcode result' for curl result codes + +- schannel: Prefer 'CURLcode result' for curl result codes -- README.http2: updated to reflect current status +Daniel Stenberg (3 Feb 2015) +- unit1601: MD5 unit tests -- formdata: removed unnecessary USE_SSLEAY use +- unit1600: unit test for Curl_ntlm_core_mk_nt_hash -- curlssl: make tls backend symbols use curlssl in the name +- unit1600: NTLM unit test -- url: let the backend decide CURLOPT_SSL_CTX_ support - - ... to further remove specific TLS backend knowledge from url.c +- tests/README: add a new range, clean up some language -- vtls: have the backend tell if it supports CERTINFO +- [Jay Satiro brought this change] -- [Catalin Patulea brought this change] + opts: CURLOPT_CAINFO availability depends on SSL engine - configure: allow --with-ca-path with PolarSSL too - - Missed this in af45542c. +- getpass: protect include with proper #ifdef - Signed-off-by: Catalin Patulea + Reported-by: Tamir -- CURLOPT_CAPATH: return failure if set without backend support +- getpass_r: read from stdin, not stdout! + + The file number used was wrong. This bug was introduced over 10 years + ago, proving this function isn't used much... + + Bug: http://curl.haxx.se/bug/view.cgi?id=1476 + Reported-by: Tamir -- [Tatsuhiro Tsujikawa brought this change] +- test1135: verify the CURL_EXTERN order in header files - http2: Fix busy loop when EOF is encountered +- Makefile.am: fix 'make distcheck' + + ... by removing generated files from the *_DIST variable [*] and instead + generate them with a .dist suffix, since that is then handled and put + into the release archive by our generic dist-hook. - Previously we did not handle EOF from underlying transport socket and - wrongly just returned error code CURL_AGAIN from http2_recv, which - caused busy loop since socket has been closed. This patch adds the - code to handle EOF situation and tells the upper layer that we got - EOF. + [*] = 'make distcheck' fails with non-existing files listed there -Steve Holme (13 Sep 2014) -- build: Added batch wrapper to checksrc.pl +Steve Holme (2 Feb 2015) +- curl_sasl.c: More code policing + + Better use of 80 character line limit, comment corrections and line + spacing preferences. -- RELEASE-NOTES: Synced with bd3df5ec6d +Daniel Stenberg (2 Feb 2015) +- libcurl-symbols: first basic shot for autogenerated docs -- [Marcel Raad brought this change] +- FAQ: minor edit of 3.22 - sasl_sspi: Fixed Unicode build +Steve Holme (2 Feb 2015) +- build: Added removal of Visual Studio project files - Bug: http://curl.haxx.se/bug/view.cgi?id=1422 - Verified-by: Steve Holme + Added the removal of the locally generated project files so one + may revert to a clean repository. -Daniel Stenberg (12 Sep 2014) -- libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines +- build: Renamed top level Visual Studio solution files - The former link was turned into a 404 at some point. + In preparation for adding the test suite and examples projects renamed + the top level "all" solution files to better describe what they are. - Reported-By: Askar Safin + This will also enable us to use "curl" rather than "curlsrc" for the + command line tool solution and project files, which will simplify some + of the configuration. -- contributors.sh: split list of names at comma +- build: Enabled DEBUGBUILD in Visual Studio debug builds - ... to support a list of names provided in a commit message. + Defined the DEBUGBUILD pre-processor variable to allow extra logging, + which is particularly useful in debug builds, as we use this and Visual + Studio typically uses _DEBUG. + + We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is + defined but that would also affect the makefile based builds which we + probably don't want to do. -Steve Holme (12 Sep 2014) -- [Ulrich Telle brought this change] +- build: Removed unused Visual Studio bscmake settings - ntlm: Fixed HTTP proxy authentication when using Windows SSPI - - Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix - bug in NTLM handshake for HTTP proxy authentication. +Daniel Stenberg (2 Feb 2015) +- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 - NTLM handshake for HTTP proxy authentication failed with error - SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy - servers on generating the NTLM Type-3 message. + And modify the text to refer to HTTP 2 as it isn't called "2.0". - The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according - to the observations and suggestions made in a bug report for the - QT project (https://bugreports.qt-project.org/browse/QTBUG-17322). - - Removing all the flags solved the problem. - - Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html - Reported-by: Ulrich Telle - Assisted-by: Steve Holme, Daniel Stenberg + Reported-By: Michael Wallner -Daniel Stenberg (12 Sep 2014) -- [Ray Satiro brought this change] +Marc Hoersken (31 Jan 2015) +- TODO: moved WinSSL/SChannel todo items into docs - newlines: fix mixed newlines to LF-only - - I use the curl repo mainly on Windows with the typical Windows git - checkout which converts the LF line endings in the curl repo to CRLF - automatically on checkout. The automatic conversion is not done on files - in the repo with mixed line endings. I recently noticed some weird - output with projects/build-openssl.bat that I traced back to mixed line - endings, so I scanned the repo and there are files (excluding the - test data) that have mixed line endings. +Daniel Stenberg (29 Jan 2015) +- [Michael Kaufmann brought this change] + + CURLOPT_SEEKFUNCTION.3: also when server closes a connection + +Steve Holme (29 Jan 2015) +- curl_sasl.c: Fixed compilation warning when cryptography is disabled - I used this command below to do the scan. Unfortunately it's not as easy - as git grep, at least not on Windows. This gets the names of all the - files in the repo's HEAD, gets each of those files raw from HEAD, checks - for mixed line endings of both LF and CRLF, and prints the name if - mixed. I excluded path tests/data/test* because those can have mixed - line endings if I understand correctly. + curl_sasl.c:1506: warning: unused variable 'chlg' + +- curl_sasl.c: Fixed compilation warning when verbose debug output disabled - for f in `git ls-tree --name-only --full-tree -r HEAD`; - do if [ -n "${f##tests/data/test*}" ]; - then git show "HEAD:$f" | \ - perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/'; - if [ $? -ne 0 ]; - then echo "$f"; - fi; - fi; - done + curl_sasl.c:1317: warning: unused parameter 'conn' -- [Viktor Szakáts brought this change] +- ntlm_core: Use own odd parity function when crypto engine doesn't have one + +- ntlm_core: Prefer sizeof(key) rather than hard coded sizes - mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces +- ntlm_core: Added consistent comments to DES functions -- ROADMAP: markdown eats underscores +- des: Added Curl_des_set_odd_parity() - It interprets them as italic indictors unless we backtick the word. + Added Curl_des_set_odd_parity() for use when cryptography engines + don't include this functionality. -- ROADMAP: tiny formatting edit for nicer web output +- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests -Steve Holme (10 Sep 2014) -- ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions +- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests -- INTERNALS: Added email and updated Kerberos details +- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests -- FEATURES: Updated Kerberos details - - Added support for Kerberos 5 to the email protocols following the recent - additions in 7.38.0. - - Removed Kerberos 4 as this has been gone for a while now. +- sasl: Minor code policing and grammar corrections -Daniel Stenberg (10 Sep 2014) -- [Paul Howarth brought this change] +Daniel Stenberg (28 Jan 2015) +- [Gisle Vanem brought this change] - openssl: build fix for versions < 0.9.8e - - Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html + ldap: build with BoringSSL -- mk-ca-bundle.pl: first, try downloading HTTPS with curl - - As a sort of step forward, this script will now first try to get the - data from the HTTPS URL using curl, and only if that fails it will - switch back to the HTTP transfer using perl's native LWP functionality. - To reduce the risk of this script being tricked. +- security: avoid compiler warning - Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so - we can't really ever completely disable HTTP, but chances are that most - users already have a ca cert bundle that trusts the mozilla.org site - that this script downloads from. + Possible access to uninitialised memory '&nread' at line 140 of + lib/security.c in function 'ftp_send_command'. - A future version of this script will probably switch to require a - dedicated "insecure" command line option to allow downloading over HTTP - (or unverified HTTPS). + Reported-by: Rich Burridge -- LICENSE-MIXING: removed krb4 info - - krb4 has been dropped since a while now +- runtests: identify BoringSSL and libressl -- bump: on the 7.38.1-DEV train now! +Patrick Monnerat (27 Jan 2015) +- docs: cite SASL external authentication. -- SSLCERTS: minor updates - - Edited format to look better on the web, added a "it is about trust" - section. +- sasl: remove XOAUTH2 from default enabled authentication mechanism. -Version 7.38.0 (10 Sep 2014) +- test: add test cases for sasl external authentication (imap/pop3/smtp). -Daniel Stenberg (10 Sep 2014) -- dist: two cmake files are no more - - CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b +- imap: remove automatic password setting: it breaks external sasl authentication -- RELEASE-NOTES: final update for 7.38.0 +- sasl: implement EXTERNAL authentication mechanism. + Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and + by not setting the password. -- cookies: reject incoming cookies set for TLDs +Steve Holme (27 Jan 2015) +- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE - Test 61 was modified to verify this. + Modified the Curl_ossl_cert_status_request() function to return FALSE + when built with BoringSSL or when OpenSSL is missing the necessary TLS + extensions. + +- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' - CVE-2014-3620 + Fixed the build of openssl.c when OpenSSL is built without the necessary + TLS extensions for OCSP stapling. - Reported-by: Tim Ruehsen - URL: http://curl.haxx.se/docs/adv_20140910B.html + Reported-by: John E. Malmberg -- [Tim Ruehsen brought this change] +- [Brad Spencer brought this change] - cookies: only use full host matches for hosts used as IP address - - By not detecting and rejecting domain names for partial literal IP - addresses properly when parsing received HTTP cookies, libcurl can be - fooled to both send cookies to wrong sites and to allow arbitrary sites - to set cookies for others. - - CVE-2014-3613 + curl_setup: Disable SMB/CIFS support when HTTP only + +- RELEASE-NOTES: Synced with 37824498a3 + +Daniel Stenberg (22 Jan 2015) +- configure: remove detection of the old yassl emulation API - Bug: http://curl.haxx.se/docs/adv_20140910A.html + ... as that is ancient history and not used. -- HISTORY: fix the 1998 title position +- OCSP stapling: disabled when build with BoringSSL -- HISTORY: extended and now markdown +- [Alessandro Ghedini brought this change] -- SSLCERTS: converted to markdown + openssl: add support for the Certificate Status Request TLS extension - Only minor edits to make it generate nice HTML output using markdown, as - this document serves both in source release tarballs as on the web site. + Also known as "status_request" or OCSP stapling, defined in RFC6066 + section 8. - URL: http://curl.haxx.se/docs/sslcerts.html + Thanks-to: Joe Mason + - for the work-around for the OpenSSL bug. -- ftp-wildcard.c: spell fix +- BoringSSL: fix build for non-configure builds - Reported-By: Frank Gevaerts + HAVE_BORINGSSL gets defined now by configure and should be defined by + other build systems in case a BoringSSL build is desired. -- RELEASE-NOTES: synced with 921a0c22a6f +- configure: fix BoringSSL detection and detect libresssl -- THANKS: synced with RELEASE-NOTES for 921a0c22a6f +Steve Holme (22 Jan 2015) +- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions + + Commit 7a8b2885e2 made some functions static and removed the public + Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which + is the naming convention we use in this source file. -- polarassl: avoid memset() when clearing the first byte is enough +- curl_sasl: Minor code policing following recent commits -- [Catalin Patulea brought this change] +Daniel Stenberg (22 Jan 2015) +- [John Malmberg brought this change] - polarssl: support CURLOPT_CAPATH / --capath + openvms: Handle openssl/0.8.9zb version parsing - Signed-off-by: Catalin Patulea + packages/vms/gnv_link_curl.com was assuming only a single letter suffix + in the openssl version. That assumption has been fixed for 7.40. -- SECURITY: eh, make more sense! +- BoringSSL: detected by configure, switches off NTLM -- SECURITY: how to join the curl-security list +- BoringSSL: no PKCS12 support nor ERR_remove_state -- RELEASE-NOTES: fix the required nghttp2 version typo +- [Leith Bade brought this change] -- [Brandon Casey brought this change] + BoringSSL: fix build - Ensure progress.size_dl/progress.size_ul are always >= 0 - - Historically the default "unknown" value for progress.size_dl and - progress.size_ul has been zero, since these values are initialized - implicitly by the calloc that allocates the curl handle that these - variables are a part of. Users of curl that install progress - callbacks may expect these values to always be >= 0. +Steve Holme (20 Jan 2015) +- curl_sasl.c: chlglen is not used when cryptography is disabled + +- curl_sasl.c: Fixed compilation warning when cyptography is disabled - Currently it is possible for progress.size_dl and progress.size_ul - to by set to a value of -1, if Curl_pgrsSetDownloadSize() or - Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few - places currently do, and a following patch will add more). So - lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() - so they make sure that these variables always contain a value that - is >= 0. + curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local + variable + +- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined - Updates test579 and test599. + curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier - Signed-off-by: Brandon Casey + This error could also happen for non-SSPI builds when cryptography is + disabled (CURL_DISABLE_CRYPTO_AUTH is defined). -Steve Holme (7 Sep 2014) -- tests: Added test1420 to the makefile +Patrick Monnerat (20 Jan 2015) +- SASL: make some procedures local-scoped -- test1420: Removed unnecessary CURLOPT setting +- SASL: common state engine for imap/pop3/smtp -- tests: Added more "Clear Text" authentication keywords +- SASL: common URL option and auth capabilities decoders for all protocols -- tests: Updated "based on" text due to email test renumbering +- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. -- tests: For consistency added --libcurl to test name +Daniel Stenberg (20 Jan 2015) +- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 + + Reported-by: Chris Young -- tests: Added --libcurl for IMAP test case +- [Chris Young brought this change] -- multi.c: Avoid invalid memory read after free() from commit 3c8c873252 + timeval: typecast for better type (on Amiga) - As the current element in the list is free()d by Curl_llist_remove(), - when the associated connection is pending, reworked the loop to avoid - accessing the next element through e->next afterward. - -- multi.c: Fixed compilation warning from commit 3c8c873252 + There is an issue with conflicting "struct timeval" definitions with + certain AmigaOS releases and C libraries, depending on what gets + included when. It's a minor difference - the OS one is unsigned, + whereas the common structure has signed elements. If the OS one ends up + getting defined, this causes a timing calculation error in curl. - warning: implicit conversion from enumeration type 'CURLMcode' to - different enumeration type 'CURLcode' + It's easy enough to resolve this at the curl end, by casting the + potentially errorneous calculation to a signed long. -- url.c: Use CURLAUTH_NONE constant rather than 0 +- openssl: do public key pinning check independently - Small follow up to commit 898808fa8c to use auth constants rather than - hard code value when clearing picked authentication mechanism. - -- RELEASE-NOTES: Synced with fd1ce3856a + ... of the other cert verification checks so that you can set verifyhost + and verifypeer to FALSE and still check the public key. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1471 + Reported-by: Kyle J. McKay -Nick Zitzmann (4 Sep 2014) -- [Vilmos Nebehaj brought this change] +Patrick Monnerat (19 Jan 2015) +- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too. - darwinssl: Use CopyCertSubject() to check CA cert. +Steve Holme (18 Jan 2015) +- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP - SecCertificateCopyPublicKey() is not available on iPhone. Use - CopyCertSubject() instead to see if the certificate returned by - SecCertificateCreateWithData() is valid. + For consistency with other USE_WIN32_ defines as well as the + USE_OPENLDAP define. + +- http_negotiate: Use dynamic buffer for SPN generation - Reported-by: Toby Peterson + Use a dynamicly allocated buffer for the temporary SPN variable similar + to how the SASL GSS-API code does, rather than using a fixed buffer of + 2048 characters. -Steve Holme (4 Sep 2014) -- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI +- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public -Daniel Stenberg (4 Sep 2014) -- MAIL-ETIQUETTE: "1.8 I posted, now what?" +- sasl_gssapi: Fixed memory leak with local SPN variable -- CURLOPT_CA*: better refering between *CAINFO and *CAPATH - - ... and a minor wording edit +Daniel Stenberg (17 Jan 2015) +- http_negotiate.c: unused variable 'ret' -- THANKS: added Dennis Clarke +Steve Holme (17 Jan 2015) +- gskit.h: Code policing of function pointer arguments + +- vtls: Removed unimplemented overrides of curlssl_close_all() + + Carrying on from commit 037cd0d991, removed the following unimplemented + instances of curlssl_close_all(): - Dennis Clarke from Blastwave.org for ensuring that nightly builds run - smooth on Solaris! + Curl_axtls_close_all() + Curl_darwinssl_close_all() + Curl_cyassl_close_all() + Curl_gskit_close_all() + Curl_gtls_close_all() + Curl_nss_close_all() + Curl_polarssl_close_all() -- curl_multi_cleanup: remove superfluous NULL assigns +- vtls: Separate the SSL backend definition from the API setup - ... as the struct is free()d in the end anyway. It was first pointed out - to me that one of the ->msglist assignments were supposed to have been - ->pending but was a copy and paste mistake when I realized none of the - clearing of pointers had to be there. + Slight code cleanup as the SSL backend #define is mixed up with the API + function setup. -- multi: convert CURLM_STATE_CONNECT_PEND handling to a list +- vtls: Fixed compilation errors when SSL not used - ... instead of scanning through all handles, stash only the actual - handles that are in that state in the new ->pending list and scan that - list only. It should be mostly empty or very short. And only used for - pipelining. + Fixed the following warning and error from commit 3af90a6e19 when SSL + is not being used: - This avoids a rather hefty slow-down especially notable if you add many - handles to the same multi handle. Regression introduced in commit - 0f147887 (version 7.30.0). + url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; + assuming extern returning int - Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html - Reported-by: David Meyer + error LNK2019: unresolved external symbol Curl_ssl_cert_status_request + referenced in function Curl_setopt -- RELEASE-NOTES: synced with e608324f9f9 +- http_negotiate: Added empty decoded challenge message info text -- [Andre Heinecke brought this change] +- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int - polarssl: implement CURLOPT_SSLVERSION +- http_negotiate_sspi: Prefer use of 'attrs' for context attributes - Forwards the setting as minimum ssl version (if set) to polarssl. If - the server does not support the requested version the SSL Handshake will - fail. - - Bug: http://curl.haxx.se/bug/view.cgi?id=1419 + Use the same variable name as other areas of SSPI code. -nickzman (1 Sep 2014) -- Merge pull request #115 from ldx/darwinsslfixpr +- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() - darwinssl: now accepts cacert bundles in PEM format in addition to single certs + Use the SECURITY_STATUS typedef rather than a unsigned long for the + QuerySecurityPackageInfo() return and rename the variable as per other + areas of SSPI code. + +- http_negotiate_sspi: Use 'CURLcode result' for CURL result code -Vilmos Nebehaj (1 Sep 2014) -- Check CA certificate in curl_darwinssl.c. +- curl_endian: Fixed build when 64-bit integers are not supported (Part 2) - SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even - if the buffer holds an invalid or corrupt certificate. Call - SecCertificateCopyPublicKey() to make sure cacert is a valid - certificate. + Missed Curl_read64_be() in commit bb12d44471 :( + +Daniel Stenberg (16 Jan 2015) +- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 + +- curlver.h: next release is 7.41.0 due to the changes + +- RELEASE-NOTES: mention the new OCSP stapling options, bump version + +- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile + +- help: add --cert-status to --help output + +- copyright years: after OCSP stapling changes -Daniel Stenberg (31 Aug 2014) -- low-speed-limit: avoid timeout flood +- [Alessandro Ghedini brought this change] + + curl: add --cert-status option - Introducing Curl_expire_latest(). To be used when we the code flow only - wants to get called at a later time that is "no later than X" so that - something can be checked (and another timeout be added). + This enables the CURLOPT_SSL_VERIFYSTATUS functionality. + +- [Alessandro Ghedini brought this change] + + nss: add support for the Certificate Status Request TLS extension - The low-speed logic for example could easily be made to set very many - expire timeouts if it would be called faster or sooner than what it had - set its own timer and this goes for a few other timers too that aren't - explictiy checked for timer expiration in the code. + Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. - If there's no condition the code that says if(time-passed >= TIME), then - Curl_expire_latest() is preferred to Curl_expire(). + This requires NSS 3.15 or higher. + +- [Alessandro Ghedini brought this change] + + gtls: add support for the Certificate Status Request TLS extension - If there exists such a condition, it is on the other hand important that - Curl_expire() is used and not the other. + Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. - Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html - Reported-by: Florian Weimer + This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use + at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP + response verfication to fail even on valid responses. -- [Michael Wallner brought this change] +- [Alessandro Ghedini brought this change] - resolve: cache lookup for async resolvers + url: add CURLOPT_SSL_VERIFYSTATUS option - While waiting for a host resolve, check if the host cache may have - gotten the name already (by someone else), for when the same name is - resolved by several simultanoues requests. + This option can be used to enable/disable certificate status verification using + the "Certificate Status Request" TLS extension defined in RFC6066 section 8. - The resolver thread occasionally gets stuck in getaddrinfo() when the - DNS or anything else is crappy or slow, so when a host is found in the - DNS cache, leave the thread alone and let itself cleanup the mess. + This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the + certificate status verification fails, and the Curl_ssl_cert_status_request() + function, used to check whether the SSL backend supports the status_request + extension. -Vilmos Nebehaj (30 Aug 2014) -- Fix CA certificate bundle handling in darwinssl. - - If the --cacert option is used with a CA certificate bundle that - contains multiple CA certificates, iterate through it, adding each - certificate as a trusted root CA. +- TheArtOfHttpScripting: skip the date at the top, we have git -Daniel Stenberg (29 Aug 2014) -- [Askar Safin brought this change] +- TheArtOfHttpScripting: phrase it TLS lib agnostic - getinfo-times: Typo fixed +Steve Holme (16 Jan 2015) +- TODO: Added some SMB ideas -- [Askar Safin brought this change] +- RELEASE-NOTES: Synced with 5f09947d28 - libcurl.3: Typo fixed +- build-openssl.bat: Added check for Perl installation -- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen +- checksrc.bat: Better detection of Perl installation + +- curl_endian: Fixed build when 64-bit integers are not supported + + Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html + Reported-by: John E. Malmberg -- curl.1: add an example for -H +Daniel Stenberg (15 Jan 2015) +- [Yun SangHo brought this change] -- FAQ: mention -w in the 4.20 answer as well + curl.h: remove extra space -- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses +- Curl_pretransfer: reset expected transfer sizes + + Reported-by: Mohammad AlSaleh + Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html -- CURLOPT_NOBODY.3: clarify this option is for downloads +Marc Hoersken (12 Jan 2015) +- curl_schannel.c: mark session as removed from cache if not freed - When enabling CURLOPT_NOBODY, libcurl effectively switches off upload - mode and will do a download (without a body). This is now better - explained in this man page. + If the session is still used by active SSL/TLS connections, it + cannot be closed yet. Thus we mark the session as not being cached + any longer so that the reference counting mechanism in + Curl_schannel_shutdown is used to close and free the session. - Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html - Reported-by: John Coffey + Reported-by: Jean-Francois Durand -- INTERNALS: nghttp2 must be 0.6.0 or later +Steve Holme (9 Jan 2015) +- RELEASE-NOTES: Synced with d21b66835f -- [Tatsuhiro Tsujikawa brought this change] +Guenter Knauf (9 Jan 2015) +- Merge pull request #134 from vszakats/mingw-m64 + + add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS - Compile with latest nghttp2 +- Merge pull request #136 from vszakats/mingw-allow-custom-cflags + + mingw build: allow to pass custom CFLAGS -Dan Fandrich (26 Aug 2014) -- THANKS: removed a few more duplicates +Daniel Stenberg (9 Jan 2015) +- NSS: fix compiler error when built http2-enabled -Daniel Stenberg (26 Aug 2014) -- RELEASE-NOTES: synced with 007242257683a +Steve Holme (9 Jan 2015) +- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions - ... and bumped the contributor amount after recount + Better code reuse and consistency in calls to gss_import_name(). -- THANKS: added 52 missing contributors +Viktor Szakats (9 Jan 2015) +- mingw build: allow to pass custom CFLAGS + +Daniel Stenberg (8 Jan 2015) +- FTP: if EPSV fails on IPV6 connections, bail out - I re-ran contributors.sh on all changes since 7.10 and I found these - contributors who are mentioned in the commits but never were added to - THANKS before! + ... instead of trying PASV, since PASV can't work with IPv6. - I also removed a couple of duplicates (mostly due to different - spellings). - -- contributors: grep and sort case insensitively - -- [Michael Osipov brought this change] + Reported-by: Vojtěch Král - configure.ac: Add support for recent GSS-API implementations for HP-UX +- FTP: fix IPv6 host using link-local address - By default, configure script assumes that libcurl will use the - HP-supplied GSS-API implementation which does not have krb5-config. - If a dev needs a more recent version which has that config script, - the change will allow to pass an appropriate GSSAPI_ROOT. - -- CONNECT: close proxy connections that fail to CONNECT + ... and make sure we can connect the data connection to a host name that + is longer than 48 bytes. - This is usually due to failed auth. There's no point in us keeping such - a connection alive since it shouldn't be re-used anyway. + Also simplifies the code somewhat by re-using the original host name + more, as it is likely still in the DNS cache. - Bug: http://curl.haxx.se/bug/view.cgi?id=1381 - Reported-by: Marcel Raad + Original-Patch-by: Vojtěch Král + Bug: http://curl.haxx.se/bug/view.cgi?id=1468 -- RELEASE-NOTES: added two missing HTTP/2 bug fixes - - And renamed all http2 references to HTTP/2 in this file +Steve Holme (8 Jan 2015) +- [Sam Schanken brought this change] -- RELEASE-NOTES: synced with f646e9075f47 + winbuild: Added option to build with c-ares + + Added support for a WITH_CARES option to be used when invoking nmake + via Makefile.vc. This option enables linking against both the DLL and + static versions of the c-ares libraries, as well as the debug and + release varients, depending on the value of DEBUG. The USE_ARES + preprocessor symbol is also defined. -- [Jakub Zakrzewski brought this change] +Guenter Knauf (8 Jan 2015) +- NetWare build: added TLS-SRP enabled build. - Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows +Steve Holme (8 Jan 2015) +- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API - At this point I can build libcurl on windows. It provides at least the same - list of protocols as for linux build and works with our software. + Bug: http://curl.haxx.se/bug/view.cgi?id=1469 + Reported-by: Thomas Klausner -- [Jakub Zakrzewski brought this change] +Viktor Szakats (8 Jan 2015) +- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS - Cmake: Removed repeated content from ending blocks - - They are unnecesary in modern CMake and removing them improves readability. +Daniel Stenberg (8 Jan 2015) +- bump: start working towards 7.40.1 -- [Jakub Zakrzewski brought this change] +- THANKS: 14 new contributors from the 7.40.0 release notes + +Version 7.40.0 (7 Jan 2015) + +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: version 7.40.0 - Cmake: Removed some useless empty SET statements. +- darwinssl: fix session ID keys to only reuse identical sessions + + ...to avoid a session ID getting cached without certificate checking and + then after a subsequent _enabling_ of the check libcurl could still + re-use the session done without cert checks. - Undefined variables resolve to empty strings and we do not ever test if - the variable is defined thus those SETs are superfluous. + Bug: http://curl.haxx.se/docs/adv_20150108A.html + Reported-by: Marc Hesse -- [Jakub Zakrzewski brought this change] +- tests: make sure CRLFs can't be used in URLs passed to proxy + + Bug: http://curl.haxx.se/docs/adv_20150108B.html - Cmake: Removed useless comments from CMakeLists.txt +- url-parsing: reject CRLFs within URLs - They look like some relics after changes. + Bug: http://curl.haxx.se/docs/adv_20150108B.html + Reported-by: Andrey Labunets -- [Jakub Zakrzewski brought this change] +Steve Holme (7 Jan 2015) +- ldap: Convert attribute output to UTF-8 when Unicode - Cmake: Don't check for all headers each time - - One header at a time is the right way. Apart from that the output on - windows goes from: - ... - -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h - -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h - - found - -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock2.h - -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock2.h - found - -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi - o.h - -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi - o.h - found - -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind - ows.h - -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind - ows.h - found - -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock.h - -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins - ock.h - found - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - filio.h - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - filio.h - not found - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - ioctl.h - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - ioctl.h - not found - -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ - resource.h - ... - - To much nicer: - ... - -- Looking for ws2tcpip.h - -- Looking for ws2tcpip.h - found - -- Looking for winsock2.h - -- Looking for winsock2.h - found - -- Looking for stdio.h - -- Looking for stdio.h - found - -- Looking for windows.h - -- Looking for windows.h - found - -- Looking for winsock.h - -- Looking for winsock.h - found - -- Looking for sys/filio.h - -- Looking for sys/filio.h - not found - -- Looking for sys/ioctl.h - -- Looking for sys/ioctl.h - not found - -- Looking for sys/resource.h +- ldap: Convert DN output to UTF-8 when Unicode -- [Jakub Zakrzewski brought this change] +Daniel Stenberg (7 Jan 2015) +- hostip: remove 'stale' argument from Curl_fetch_addr proto + + Also, remove the log output of the resolved name is NOT in the cache in + the spirit of only telling when something is actually happening. - Cmake: Append OpenSSL include directory to search path +Steve Holme (7 Jan 2015) +- ldap/imap: Fixed spelling mistake in comments and variable names - At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2. - Supported protocols are at least: - HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP - (those are the ones we have regression tests for - in our product's testsuite) + Reported-by: Michael Osipov -- [Jakub Zakrzewski brought this change] +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: updated with ./contributors.sh output - Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code. +Dan Fandrich (5 Jan 2015) +- curl_multibyte.h: Eliminated some trailing whitespace -- [Jakub Zakrzewski brought this change] +Steve Holme (4 Jan 2015) +- RELEASE-NOTES: Synced with ea93252ef1 - Cmake: LibSSH2 detection and use. +- ldap: Fixed Unicode usage for all Win32 builds + + Otherwise, the fixes in the previous commits would only be applicable + to IDN and SSPI based builds and not others such as OpenSSL with LDAP + enabled. -- [Jakub Zakrzewski brought this change] +- ldap: Fixed memory leak from commit efb64fdf80 - Cmake: Moved macros out of the main CMakeLists.txt +- ldap: Fix memory leak from commit 3a805c5cc1 -- [Jakub Zakrzewski brought this change] +- ldap: Fixed attribute variable warnings when Unicode is enabled + + Use 'TCHAR *' for local attribute variable rather than 'char *'. - Cmake: Added missing protocol-disable switches +- ldap: Fixed DN variable warnings when Unicode is enabled - They already have their defines in config.h. This makes it possible to - disable the protocols from command line during configure step. + Use 'TCHAR *' for local DN variable rather than 'char *'. -- [Jakub Zakrzewski brought this change] +- ldap: Remove the unescape_elements() function + + Due to the recent modifications this function is no longer used. - Cmake: Made boolean defines be defined to "1" instead of "ON" +- ldap.c: Fixed compilation warning - It's by convention, for compatibility and because the comments say so. - Just mabe someone have written a test like "#if HAVE_XX==1" + ldap.c:98: warning: extra tokens at end of #endif directive -- [Jakub Zakrzewski brought this change] +- ldap: Fixed support for Unicode filter in Win32 search call - Cmake: Require at least CMake 2.8. +- ldap.c: Fixed compilation warning - CMake 2.6 is already a bit old. Many bugs have been fixed since - its release. We use 2.8 in our company and we have no intention - of polluting our environment with old software, so 2.6 would - not be tested. This shouldn't be a problem since all one need - to build CMake from source is C and C++ compiler. + ldap.c:802: warning: comparison between signed and unsigned integer + expressions -- disconnect: don't touch easy-related state on disconnects - - This was done to make sure NTLM state that is bound to a connection - doesn't survive and gets used for the subsequent request - but - disconnects can also be done to for example make room in the connection - cache and thus that connection is not strictly related to the easy - handle's current operation. +- ldap: Fixed support for Unicode attributes in Win32 search call + +- ldap: Fixed memory leak from commit efb64fdf80 - The http authentication state is still kept in the easy handle since all - http auth _except_ NTLM is connection independent and thus survive over - multiple connections. + The unescapped DN was not freed after a successful character conversion. + +- ldap.c: Fixed compilation error - Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html - Reported-by: Paras S + ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes + just 1 -- curl.1: clarify --limit-rate's effect on both directions +- ldap.c: Fixed compilation warning - Bug: http://curl.haxx.se/bug/view.cgi?id=1414 - Reported-by: teo8976 + ldap.c:89: warning: extra tokens at end of #endif directive + +- ldap: Fixed support for Unicode DN in Win32 search call -- curl.1: mention the --post30x options within the --location desc +- ldap: Fixed Unicode user and password in Win32 bind calls -Dan Fandrich (22 Aug 2014) -- sasl: Fixed a memory leak on OOM +- ldap: Fixed Unicode host name in Win32 initialisation calls -Daniel Stenberg (22 Aug 2014) -- [Frank Meier brought this change] +- ldap: Use host.dispname for infof() connection failure messages + + As host.name may be encoded use dispname for infof() failure messages. + +- ldap: Prefer 'CURLcode result' for curl result codes - NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth +- ldap: Pass write length in all Curl_client_write() calls - Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed - since NTLM requires multiple requests that re-use the same connection - for the authentication to work + As we get the length for the DN and attribute variables, and we know + the length for the line terminator, pass the length values rather than + zero as this will save Curl_client_write() from having to perform an + additional strlen() call. + +- ldap: Fixed attribute memory leaks on failed client write - Solution: Ignore the forbid reuse flag in case the NTLM authentication - handshake is in progress, according to the NTLM state flag. + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. + +- ldap: Fixed DN memory leaks on failed client write - Fixed known bug #77. + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -Steve Holme (22 Aug 2014) -- openssl.c: Fixed longer than 79 columns +- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d + + curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char + [8]') to parameter of type 'char *' converts + between pointers to integer types with different + sign -- openssl.c: Fixed compilation warning +- ntlm: Use extend_key_56_to_64() for all cryptography engines - warning: declaration of 'minor' shadows a global declaration + Rather than duplicate the code in setup_des_key() for OpenSSL and in + extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is + the same, use extend_key_56_to_64() for all engines. -Daniel Stenberg (21 Aug 2014) -- [Haris Okanovic brought this change] +- RELEASE-NOTES: Synced with 34f0bd110f - win32: Fixed WinSock 2 #if - - A conditionally compiled block in connect.c references WinSock 2 - symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef - HAVE_WINSOCK2_H`. +- curl_ntlm_core.c: Fixed compilation warning - Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html + curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined + but not used -- Curl_disconnect: don't free the URL +- endian: Fixed bit-shift in 64-bit integer read functions - The URL is not a property of the connection so it should not be freed in - the connection disconnect but in the Curl_close() that frees the easy - handle. + From commit 43792592ca and 4bb5a351b2. - Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html - Reported-by: Paras S + Reported-by: Michael Osipov -- help output: minor whitespace edits - - Should've been amended in the previous commit but wasn't due to a - mistake. +- smb: Use endian functions for reading NBT and message size values -- [Zearin brought this change] +- endian: Added big endian read functions - help output: use ≥2 spaces between option and description - - ... and some other cleanups +- endian: Added 64-bit integer read function -- FAQ: some actually sometimes get paid... +- COPYING: Bumped copyright year to 2015 -Steve Holme (17 Aug 2014) -- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge +- version: Bump copyright year to 2015 -- sasl_sspi: Renamed GSSAPI mutual authentication parameter +- smb.c: Fixed compilation warnings - ...From "mutual" to "mutual_auth" which better describes what it is. + smb.c:780: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:781: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:804: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign -- sasl_sspi: Corrected some of the GSSAPI security message error codes - - Corrected a number of the error codes that can be returned from the - Curl_sasl_create_gssapi_security_message() function when things go - wrong. - - It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the - inbound security challenge can't be decoded correctly or doesn't - contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when - EncryptMessage() fails. Unfortunately the previous error code of - CURLE_RECV_ERROR was a copy and paste mistakes on my part and should - have been correct in commit 4b491c675f :( +- smb: Use endian functions for reading length and offset values -- docs: Escaped single backslash +- endian: Added 16-bit integer write function -- TODO: Updated following GSSAPI (Kerberos V5) additions - - Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other - authentication mechanisms" following recent additions. +- endian: Fixed Linux compilation issues - Added SASL 14.2 GSSAPI via GSS-API libraries. + Having files named endian.[c|h] seemed to cause issues under Linux so + renamed them both to have the curl_ prefix in the filenames. -- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information - - This repeats what has already been documented in both the curl manpage - and CURLOPT_USERPWD documentation but is provided here for completeness - as someone may not especially read the latter when using libcurl. +- [Julien Nabet brought this change] -- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes + lib1900.c: Fixed cppcheck error - Added information about Kerberos V5 requiring the domain part in the - user name. + lib1900.c:182: (style) Array index 'handlenum' is used before limits + check - Mentioned that the user name can be specified in UPN format, and not - just in Down-Level Logon Name format, following the information - added in commit 7679cb3fa8 reworking the exisitng information in the - process. + Bug: https://github.com/bagder/curl/pull/133 -- docs: Added Kerberos V5 and NTLM domain information to --user +- endian: Added standard function descriptions -- docs: Added Kerberos V5 to the --user SSPI current credentials usage +- endian: Renamed functions for curl API naming convention -- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer +- endian: Moved write functions to new module -- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI +- endian: Moved read functions to new module -- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI +- endian: Introduced endian module + + To allow the little endian functions, currently used in two of the NTLM + source files, to be used by other modules such as the SMB module. -- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI +- sepheaders.c: Applied curl oding standards -- email: Added mutual authentication flag +- [Julien Nabet brought this change] -Daniel Stenberg (15 Aug 2014) -- RELEASE-NOTES: synced with 0187c9e11d079 + sepheaders.c: Fixed resource leak on failure -- http: fix the Content-Range: parser +- vtls: Use '(void) arg' for unused parameters - ... to handle "*/[total]". Also, removed the strange hack that made - CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return - CURLE_OK. + Prefer void for unused parameters, rather than assigning an argument to + itself as a) unintelligent compilers won't optimize it out, b) it can't + be used for const parameters, c) it will cause compilation warnings for + clang with -Wself-assign and d) is inconsistent with other areas of the + curl source code. + +- smb.c: Fixed compilation warning - Reported-by: Dimitrios Siganos - Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html + smb.c:586: warning: conversion to 'short unsigned int' from 'int' may + alter its value -Steve Holme (14 Aug 2014) -- email: Introduced the GSSAPI states +- [Bill Nagel brought this change] -- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f - - warning: unused variable 'resp' + smb: Use the connection's upload buffer - warning: no previous prototype for 'Curl_sasl_gssapi_cleanup' + Use the connection's upload buffer instead of allocating our own send + buffer. -- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064 - - * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f - - warning: declaration of 'result' shadows a previous local +- RELEASE-NOTES: Synced with 1933f9d33c -- curl_sasl.h: Fixed compilation error from commit 4b491c675f - - warning: 'struct kerberos5data' declared inside parameter list +- schannel: Moved the ISC return flag definitions to the SSPI module - Due to missing forward declaration. + Moved our Initialize Security Context return attribute definitions to + the SSPI module, as a) these can be used by other SSPI based providers + and b) the ISC required attributes are defined there. -- urldata.h: Fixed compilation warnings from commit 3ec253532e - - warning: extra tokens at end of #endif directive +- [Bill Nagel brought this change] -- sasl_sspi: Added GSSAPI message functions + smb: Close the connection after a failed client write -- urldata: Introduced a GSSAPI (Kerberos V5) data structure +- darwinssl: Fixed compilation warning - Added a kerberos5data structure which is similar in nature to the - ntlmdata and negotiatedata structures. + vtls.c:683:43: warning: unused parameter 'data' -- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module +- sockfilt.c: Fixed compilation warnings - In preparation for the upcoming SSPI implementation of GSSAPI - authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from - socks_sspi.c to curl_sspi.h allowing it to be shared amongst other - SSPI based code. - -Daniel Stenberg (13 Aug 2014) -- mk-ca-bundle.pl: add missing $ + sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter + its value -- mk-ca-bundle.pl: switched to using hg.mozilla.org - - ... as mxr.mozilla.org is due to be retired. - - The new host doesn't support If-Modified-Since nor ETags, meaning that - the script will now defer to download and do a post-transfer checksum - check to see if a new output is to be generated. The new output format - will hold the SHA1 checksum of the source file for that purpose. - - We call this version 1.22 +- test1509: Fixed compilation warning - Reported-by: Ed Morley - Bug: http://curl.haxx.se/bug/view.cgi?id=1409 - -- [Jose Alf brought this change] + lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may + alter its value - openssl: fix version report for the 0.9.8 branch +- test556: Fixed compilation warning - Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8, - starting from openssl-0.9.8za. + lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may + alter its value -- [Frank Meier brought this change] +- sasl_gssapi: Fixed use of dummy username with real username - create_conn: prune dead connections +- vtls: Fixed compilation warning and an ignored return code - Bringing back the old functionality that was mistakenly removed when the - connection cache was remade. When creating a new connection, all the - existing ones are checked and those that are known to be dead get - disconnected for real and removed from the connection cache. It helps - the cache from holding on to very many stale connections and aids in - keeping down the number of system sockets in wait states. + curl_schannel.h:123: warning: right-hand operand of comma expression + has no effect - Help-by: Jonatan Vela + Some instances of the curlssl_close_all() function were declared with a + void return type whilst others as int. The schannel version returned + CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the + return code was ignored by the calling function Curl_ssl_close_all(). - Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html - -Kamil Dudka (11 Aug 2014) -- docs/SSLCERTS: update the section about NSS database + For the time being and to keep the internal API consistent, changed all + declarations to use a void return type. - Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html - Reported-by: David Shaw + To reduce code we might want to consider removing the unimplemented + versions and use a void #define like schannel does. -Daniel Stenberg (11 Aug 2014) -- [Peter Wang brought this change] +Daniel Stenberg (28 Dec 2014) +- TODO: 2.3 Better support for same name resolves - Curl_poll + Curl_wait_ms: fix timeout return value - - Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check - in commits b61e8b8 and c771968: +Steve Holme (28 Dec 2014) +- test1520: Fixed initial teething problems - When poll or select are interrupted and coincides with the timeout - elapsing, the functions return -1 indicating an error instead of 0 for - the timeout. - -Steve Holme (10 Aug 2014) -- config-tpf.h: Fixed up line lengths > 79 characters - -- config-symbian.h: Fixed up line lengths > 79 characters + * Missing initialisation of upload status caused a seg fault + * Missing data termination caused corrupt data to be uploaded + * Data verification should be performed in element + * Added missing recipient list cleanup -- tool_hugehelp.c.cvs: Added copyright - - Added copyright due to warning from checksrc.pl. +- test1520: Fixed compilation errors -- RELEASE-NOTES: Synced with cd6ecf6a89 +- tests: Added test for bug #1456 -- sasl_sspi: Fixed hard coded buffer for response generation - - Given the SSPI package info query indicates a token size of 4096 bytes, - updated to use a dynamic buffer for the response message generation - rather than a fixed buffer of 1024 bytes. +- checksrc.bat: Fixed a problem opening files with spaces in the filename -- sasl_sspi: Fixed missing free of challenge buffer on SPN failure +- openldap: Prefer use of 'CURLcode result' -- http_negotiate_sspi: Tidy up to remove the get_gss_name() function +- openldap: Use 'LDAPMessage *msg' for messages - Due to the reduction of code in commit 3b924b29 of get_gss_name() the - function isn't necessary anymore. + This frees up the 'result' variable for CURLcode based result codes. -- http_negotiate_sspi: Use a dynamic buffer for SPN generation - - Updated to use a dynamic buffer for the SPN generation via the recently - introduced Curl_sasl_build_spn() function rather than a fixed buffer of - 1024 characters, which should have been more than enough, but by using - the new function removes the need for another variable sname to do the - wide character conversion in Unicode builds. +- nss: Don't ignore Curl_extract_certinfo() OOM failure -- sasl: Tidy up to rename SPN variable from URI +- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure -- sasl: Use a dynamic buffer for SPN generation +- nss: Use 'CURLcode result' for curl result codes - Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer - for the SPN generation via the recently introduced Curl_sasl_build_spn() - function rather than a fixed buffer of 128 characters. + ...and don't use CURLE_OK in failure/success comparisons. -- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds - - Curl_sasl_create_digest_md5_message() would simply cast the SPN variable - to a TCHAR when calling InitializeSecurityContext(). This meant that, - under Unicode builds, it would not be valid wide character string. - - Updated to use the recently introduced Curl_sasl_build_spn() function - which performs the correct conversion for us. +- getinfo: Code style policing -- sasl: Introduced Curl_sasl_build_spn() for building a SPN - - Various parts of the libcurl source code build a SPN for inclusion in - authentication data. This information is either used by our own native - generation routines or passed to authentication functions in third-party - libraries such as SSPI. However, some of these instances use fixed - buffers rather than dynamically allocated ones and not all of those that - should, convert to wide character strings in Unicode builds. - - Implemented a common function that generates a SPN and performs the - wide character conversion where necessary. +- getinfo: Use 'CURLcode result' for curl result codes -- sasl_sspi: Fixed memory leak with not releasing Package Info struct - - Curl_sasl_create_digest_md5_message() wouldn't free the Package Info - structure after QuerySecurityPackageInfo() had allocated it. +- darwinssl: Use 'CURLcode result' for curl result codes -- [Michael Osipov brought this change] +- polarssl: Use 'CURLcode result' for curl result codes - docs: Update SPNEGO and GSS-API related doc sections +- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries - Reflect recent changes in SPNEGO and GSS-API code in the docs. - Update them with appropriate namings and remove visible spots for - GSS-Negotiate. + As this feature has been implemented for 7.40.0. -- sspi: Minor code tidy up to standardise coding style - - Following the recent changes and in attempt to align the SSPI based - authentication code performed the following: +- asiohiper.cpp: No need to initialise members of ConnInfo - * Use NULL and SECBUFFVERSION rather than hard coded constants. - * Avoid comparison of zero in if statements. - * Standardised the buf and desc setup code. + ...as calloc() automatically clears the area of memory with zeros. -- schannel: Fixed compilation warning in vtls.c +- asiohiper.cpp: Updated for curl coding standards - vtls.c:688:43: warning: unused parameter 'data' + ...with the exception of the start of block statement curly brackets. -- tool_getparam.c: Fixed compilation warning +- code/docs: Use correct case for IPv4 and IPv6 - warning: `orig_opt' might be used uninitialized in this function - -- RELEASE-NOTES: Synced with 159c3aafd8 - -Daniel Stenberg (8 Aug 2014) -- curl_ntlm_msgs: make < 80 columns wide + For consistency, as we seem to have a bit of a mixed bag, changed all + instances of ipv4 and ipv6 in comments and documentations to use the + correct case. -Steve Holme (8 Aug 2014) -- ntlm: Fixed hard coded buffer for SSPI based auth packet generation +- runtests: Fixed detection of Unix Sockets feature - Given the SSPI package info query indicates a token size of 2888 bytes, - and as with the Winbind code and commit 9008f3d56, use a dynamic buffer - for the Type-1 and Type-3 message generation rather than a fixed buffer - of 1024 bytes. + ...following change in curl --version output. -- ntlm: Added support for SSPI package info query +- code/docs: Use Unix rather than UNIX to avoid use of the trademark - Just as with the SSPI implementations of Digest and Negotiate added a - package info query so that libcurl can a) return a more appropriate - error code when the NTLM package is not supported and b) it can be of - use later to allocate a dynamic buffer for the Type-1 and Type-3 - output tokens rather than use a fixed buffer of 1024 bytes. - -Daniel Stenberg (7 Aug 2014) -- http2: added some more logging for debugging stream problems - -- [Tatsuhiro Tsujikawa brought this change] - - HTTP/2: Reset promised stream, not its associated stream. - -- [Tatsuhiro Tsujikawa brought this change] - - HTTP/2: Move :authority before non-pseudo header fields - -- http2: show the received header for better debugging + Use Unix when generically writing about Unix based systems as UNIX is + the trademark and should only be used in a particular product's name. -- openssl: replace call to OPENSSL_config - - OPENSSL_config() is "strongly recommended" to use but unfortunately that - function makes an exit() call on wrongly formatted config files which - makes it hard to use in some situations. OPENSSL_config() itself calls - CONF_modules_load_file() and we use that instead and we ignore its - return code! +- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported - Reported-by: Jan Ehrhardt - Bug: http://curl.haxx.se/bug/view.cgi?id=1401 - -Dan Fandrich (7 Aug 2014) -- [Fabian Keil brought this change] - - runtests.pl: Pad test case numbers with up to three zeroes + if2ip.c:119: warning: unused parameter 'remote_scope_id' - Test case numbers with four digits have been available for a - while now. - -Steve Holme (7 Aug 2014) -- docs: Added Negotiate to the SSPI current credentials usage description - -- TODO: HTTP Digest via Windows SSPI - -- TODO: FTP GSSAPI via Windows SSPI + ...and some minor code style policing in the same function. -- http_negotiate_sspi: Fixed specific username and password not working +- vtls: Don't set cert info count until memory allocation is successful - Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html - Reported-by: Leonardo Rosati + Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs + member variable to the requested count, which could then be used + incorrectly as libcurl closes down. -- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8 - - If the server rejects our authentication attempt and curl hasn't - called CompleteAuthToken() then the status variable will be - SEC_I_CONTINUE_NEEDED and not SEC_E_OK. - - As such the existing detection mechanism for determining whether or not - the authentication process has finished is not sufficient. +- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type - However, the WWW-Authenticate: Negotiate header line will not contain - any data when the server has exhausted the negotiation, so we can use - that coupled with the already allocated context pointer. - -Daniel Stenberg (5 Aug 2014) -- RELEASE-NOTES: synced with 5b37db44a3eb - -Dan Fandrich (5 Aug 2014) -- parsedate.c: fix the return code for an overflow edge condition - -Daniel Stenberg (5 Aug 2014) -- [Toby Peterson brought this change] - - darwinssl: don't use strtok() + The return type for this function was 0 on success and 1 on error. This + was then examined by the calling functions and, in most cases, used to + return CURLE_OUT_OF_MEMORY. - The GetDarwinVersionNumber() function uses strtok, which is not - thread-safe. + Instead use CURLcode for the return type and return the out of memory + error directly, propagating it up the call stack. -- Curl_ossl_version: adapted to detect BoringSSL +- configure: Use camel case for UNIX sockets feature output - This seems to be the way it should work. Right now we can't build with - BoringSSL and try this out properly due to a minor API breakage. + To match the curl --version output. -- Curl_ossl_version: detect and show libressl +Marc Hoersken (26 Dec 2014) +- sockfilt.c: Reduce the number of individual memory allocations - LibreSSL is otherwise OpenSSL API compliant (so far) - -- [Tatsuhiro Tsujikawa brought this change] - - HTTP/2: Fix infinite loop in readwrite_data() + Merge multiple internal arrays into one, even if some variables + will not not be used. They are all created with the number of + file descriptors as their size. - To prevent infinite loop in readwrite_data() function when stream is - reset before any response body comes, reset closed flag to false once - it is evaluated to true. - -Dan Fandrich (3 Aug 2014) -- gtls: only define Curl_gtls_seed if Nettle is not being used - -- ssl: provide Curl_ssl_backend even if no SSL library is available - -Daniel Stenberg (2 Aug 2014) -- [Tatsuhiro Tsujikawa brought this change] + Also fix possible thread handle leak in CloseHandle-loop. - HTTP2: Support expect: 100-continue +- sockfilt.c: Replace 100ms sleep with thread throttle - "Expect: 100-continue", which was once deprecated in HTTP/2, is now - resurrected in HTTP/2 draft 14. This change adds its support to - HTTP/2 code. This change also includes stricter header field - checking. - -- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it - -- FEATURES: minor update - -- openssl: make ossl_send return CURLE_OK better + Improves performance of test cases 574 and 575 by 50%. - Previously it only returned a CURLcode for errors, which is when it - returns a different size than what was passed in to it. + A value of zero causes the thread to relinquish the remainder + of its time slice to any other thread of equal priority that is + ready to run. If there are no other threads of equal priority + ready to run, the function returns immediately, and the thread + continues execution. - The http2 code only checked the curlcode and thus failed. - -- RELEASE-NOTES: synced with 7bb4c8cadb5d0 - -- [Michael Wallner brought this change] - - CURLOPT_HEADEROPT.3: typo: do -> to - -- [Marcel Raad brought this change] + http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx - schannel: use CryptGenRandom for random numbers - - This function is available for every Windows version since Windows 95/NT. +Steve Holme (25 Dec 2014) +- tool_help: Use camel case for UNIX sockets feature output - reference: - http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx + In line with the other features listed in the --version output, + capitalise the UNIX socket feature. -- curl_version_info.3: 'ssl_version_num' is always 0 +- vtls: Use bool for Curl_ssl_getsessionid() return type - ... and has been so since 2005 + The return type of this function is a boolean value, and even uses a + bool internally, so use bool in the function declaration as well as + the variables that store the return value, to avoid any confusion. -- ssl: generalize how the ssl backend identifier is set - - Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS - one which was missing previously. +- schannel: Minor code style policing for casts -Dan Fandrich (31 Jul 2014) -- axtls: define curlssl_random using axTLS's PRNG +- schannel: Prefer 'CURLcode result' for curl result codes + +- cyassl: Prefer 'CURLcode result' for curl result codes + +- tool_xattr: Use 'CURLcode result' for curl result codes -- cyassl: fix the test for ASN_NO_SIGNER_E +- curl_ntlm_core.c: Fixed compilation warnings - It's an enum so a macro test won't work. The CyaSSL changelog doesn't - say exactly when this error code was introduced, but it's likely - to be 2.7.0. + curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of + 'CryptImportKey' differ in signedness + curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from + incompatible pointer type + curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' + from incompatible pointer type -- cyassl: use RNG_GenerateBlock to generate a good random number +- RELEASE-NOTES: Synced with 8830df8b66 -- opts: fixed some typos +- gtls: Use preferred 'CURLcode result' -- smtp: fixed a segfault during test 1320 torture test +- openldap: Use standard naming for setup connection function - Under these circumstances, the connection hasn't been fully established - and smtp_connect hasn't been called, yet smtp_done still calls the state - machine which dereferences the NULL conn pointer in struct pingpong. + Renamed ldap_setup() to ldap_setup_connection() to follow more widely + used function naming. -Daniel Stenberg (30 Jul 2014) -- vtls: repair build without TLS support +- rtmp: Use standard naming for setup connection function - ... by defining Curl_ssl_random() properly + Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely + used function naming. -- polarssl: provide a (weak) random function +- smb: Use standard naming for setup connection function - This now provides a weak random function since PolarSSL doesn't have a - quick and easy way to provide a good one. It does however provide the - framework to make one so it _can_ and _should_ be done... + Renamed smb_setup() to smb_setup_connection() to follow more widely + used function naming. -- [Michael Wallner brought this change] +- config-win32.h: Fixed line length > 79 columns - curl_tlsinfo -> curl_tlssessioninfo +- openssl: Prefer we don't use NULL in comparisons -- cyassl: use the default (weeker) random +- build: Removed WIN32 definition from the Visual Studio projects - I couldn't find any dedicated function in its API to get a "good" random - with. + As this pre-processor definition is defined in curl_setup.h there is no + need to include it in the Visual Studio project files. -- cyassl: made it compile with version 2.0.6 again +- build: Removed WIN64 definition from the libcurl Visual Studio projects - ASN_NO_SIGNER_E didn't exist back then! - -- vtls: make the random function mandatory in the TLS backend + Removed the WIN64 pre-processor definition from the libcurl project + files as: - To force each backend implementation to really attempt to provide proper - random. If a proper random function is missing, then we can explicitly - make use of the default one we use when TLS support is missing. + * WIN64 is not used in our source code + * The curl projects files don't define it + * It isn't required by or used in the platform SDK + * For backwards compatability curl_setup.h defines WIN32 + * The compiler automatically defines _WIN64 for x64 builds - This commit makes sure it works for darwinssl, gnutls, nss and openssl. - -- libcurl.m4: include the standard source header + Historically Visual Studio projects have defined WIN32, in addition to + the compiler defined _WIN32 definition, and I had incorrectly changed + that to WIN64 for the x64 libcurl builds but not in the curl projects. + + As such, it is questionable whether this should be defined or not. For + more information see the following cache of a discussion that took + place on the microsoft.public.vc.mfc newsgroup: - ... with permission from David Shaw + http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html -Kamil Dudka (28 Jul 2014) -- nss: do not check the version of NSS at run time +- openssl.c Fix for compilation errors with older versions of OpenSSL - The minimal required version of NSS is 3.14.x so it does not make sense - to check for NSS 3.12.0+ at run time. + openssl.c:1408: error: 'TLS1_1_VERSION' undeclared + openssl.c:1411: error: 'TLS1_2_VERSION' undeclared -Daniel Stenberg (28 Jul 2014) -- [Anthon Pang brought this change] +Daniel Stenberg (22 Dec 2014) +- [John Malmberg brought this change] - curl.h: bring back CURLE_OBSOLETE16 - - Removing defines, even obsolete ones that haven't been used for a very - long time, still break a lot of applications. + Fix comment edit in vms/backup_gnv_curl_src.com - Bug: https://github.com/bagder/curl/pull/106 + packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. -Dan Fandrich (26 Jul 2014) -- [Fabian Keil brought this change] +- curl: show size of inhibited data when using -v + + To offer some more info and yet it doesn't use more lines. - tests: Fix a couple of incomplete response lines +- openssl: fix SSL/TLS versions in verbose output -- [Fabian Keil brought this change] +- openssl: make it compile against openssl 1.1.0-DEV master branch - runtests.pl: Remove filteroff() which hasn't been used since 2001 +Marc Hoersken (22 Dec 2014) +- sshserver.pl: clarify and streamline variable names -- [Fabian Keil brought this change] +Daniel Stenberg (21 Dec 2014) +- openssl: warn for SRP set if SSLv3 is used, not for TLS version + + ... as it requires TLS and it was was left to warn on the default from + when default was SSL... - runtests.pl: Don't expect $TESTDIR/DISABLED to exist +- smb: use memcpy() instead of strncpy() - If a non-standard $TESTDIR is used the file may not be necessary. + ... as it never copies the trailing zero anyway and always just the four + bytes so let's not mislead anyone into thinking it is actually treated + as a string. - Previously a "missing" file resulted in the warning: - readline() on closed filehandle D at ./runtests.pl line 4940. - -- [Fabian Keil brought this change] + Coverity CID: 1260214 - getpart.pm: Fix a comment typo +- [John E. Malmberg brought this change] -Daniel Stenberg (25 Jul 2014) -- c-ares: fix build without IPv6 support + VMS: Updates for 0740-0D1220 - Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html - Reported-by: Spork Schivago - -- Curl_base64url_encode: unit-tested in 1302 - -- base64: added Curl_base64url_encode() + lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. + More defines to set symbols to uppercase. - This is now used by the http2 code. It has two different symbols at the - end of the base64 table to make the output "url safe". + src/tool_main.c : Fix parameter to vms_special_exit() call. - Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62 - -- [Marcel Raad brought this change] - - SSPI Negotiate: Fix 3 memory leaks + packages/vms/ : + backup_gnv_curl_src.com : Fix the error message to have the correct package. - Curl_base64_decode allocates the output string by itself and two other - strings were not freed either. - -- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated - -- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore - -- [Sergey Nikulov brought this change] - - libtest: fixed duplicated line in Makefile + build_curl-config_script.com : Rewrite to be more accurate. - Bug: https://github.com/bagder/curl/pull/105 - -Patrick Monnerat (23 Jul 2014) -- GSSAPI: remove useless *_MECHANISM defines. - -Daniel Stenberg (23 Jul 2014) -- findprotocol: show unsupported protocol within quotes + build_libcurl_pc.com : Use tool_version.h now. - ... to aid when for example prefixed with a space or other weird - character. - -Patrick Monnerat (23 Jul 2014) -- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date. - -Daniel Stenberg (23 Jul 2014) -- [Marcel Raad brought this change] - - conncache: fix compiler warning + build_vms.com : Fix to handle lib/vtls directory. - warning C4267: '=' : conversion from 'size_t' to 'long', possible loss - of data + curl_gnv_build_steps.txt : Updated build procedure documentation. - The member connection_id of struct connectdata is a long (always a - 32-bit signed integer on Visual C++) and the member next_connection_id - of struct conncache is a size_t, so one of them should be changed to - match the other. + generate_config_vms_h_curl.com : + * VAX does not support 64 bit ints, so no NTLM support for now. + * VAX HP SSL port is ancient, needs some help. + * Disable NGHTTP2 for now, not ported to VMS. + * Disable UNIX_SOCKETS, not available on VMS yet. + * HP GSSAPI port does not have gss_nt_service_name. - This patch the size_t in struct conncache to long (the less invasive - change as that variable is only ever used in a single code line). + gnv_link_curl.com : Update for new curl structure. - Bug: http://curl.haxx.se/bug/view.cgi?id=1399 + pcsi_product_gnv_curl.com : Set up to optionally do a complete build. -- RELEASE-NOTES: synced with 81cd24adb8b +Marc Hoersken (21 Dec 2014) +- sockfilt.c: use non-Ex functions that are available before WinXP + + It was initially reported by Guenter that GetFileSizeEx + requires (_WIN32_WINNT >= 0x0500) to be true. -- http2: more and better error checking +- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files - 1 - fixes the warnings when built without http2 support + Second patch to enable Windows support using Cygwin-based OpenSSH. - 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 - basically when they are about http2 specific things. + Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. -Dan Fandrich (23 Jul 2014) -- cyassl.c: return the correct error code on no CA cert +- tests: support spaces in paths to SSH, SSHD and SFTP binaries - CyaSSL 3.0.0 returns a unique error code if no CA cert is available, - so translate that into CURLE_SSL_CACERT_BADFILE when peer verification - is requested. - -Daniel Stenberg (23 Jul 2014) -- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 + First patch to enable Windows support using Cygwin-based OpenSSH. -- test1013.pl: remove SPNEGO/GSS-API tweaks +Steve Holme (20 Dec 2014) +- non-ascii: Reduce variable usage - No longer necessary after Michael Osipov's rework - -- http_negotiate: remove unused variable - -- [Michael Osipov brought this change] - - docs: Improve inline GSS-API naming in code documentation - -- [Michael Osipov brought this change] + Removed 'next' variable in Curl_convert_form(). Rather than setting it + from 'form->next' and using that to set 'form' after the conversion + just use 'form = form->next' instead. - curl.h/features: Deprecate GSS-Negotiate macros due to bad naming +- non-ascii: Prefer while loop rather than a do loop - - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE - - CURL_VERSION_GSSNEGOTIATE is deprecated which - is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and - CURUL_VERSION_SPNEGO now. - - Remove display of feature 'GSS-Negotiate' - -- [Michael Osipov brought this change] - - configure/features: Add feature and version info for GSS-API and SPNEGO - -- [Michael Osipov brought this change] + This also removes the need to check that the 'form' argument is valid. - HTTP: Remove checkprefix("GSS-Negotiate") +- non-ascii: Reduce variable scope - That auth mech has never existed neither on MS nor on Unix side. - There is only Negotiate over SPNEGO. - -- [Michael Osipov brought this change] + As 'result' isn't used out side the conversion callback code and + previously caused variable shadowing in the libiconv based code. - curl_gssapi: Add macros for common mechs and pass them appropriately +- non-ascii: We prefer 'CURLcode result' - Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from - HTTP, FTP and SOCKS on Unix + This also fixes a variable shadowing issue when HAVE_ICONV is defined + as rc was declared for the result code of libiconv based functions. -- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design - - This reverts commit cb3e6dfa3511 and instead fixes the problem - differently. - - The reverted commit addressed a test failure in test 1021 by simplifying - and generalizing the code flow in a way that damaged the - performance. Now we modify the flow so that Curl_proxyCONNECT() again - does as much as possible in one go, yet still do test 1021 with and - without valgrind. It failed due to mistakes in the multi state machine. +Marc Hoersken (19 Dec 2014) +- secureserver.pl: clean up formatting of config and fix verbose output - Bug: http://curl.haxx.se/bug/view.cgi?id=1397 - Reported-by: Paul Saab + Verbose output was not matching the actual configuration file, + because FIPS and Windows conditions were ignored. -- [Marcel Raad brought this change] +- secureserver.pl: update Windows detection and fix path conversion - url.c: use the preferred symbol name: *READDATA - - with CURL_NO_OLDIES defined, it doesn't compile because this deprecated - symbol (*INFILE) is used +- secureserver.pl: make OpenSSL CApath and cert absolute path values - Bug: http://curl.haxx.se/bug/view.cgi?id=1398 + Recent stunnel versions (5.08) seem to have trouble with relative + paths on Windows. This turns the relative paths into absolute ones. -Dan Fandrich (19 Jul 2014) -- [Alessandro Ghedini brought this change] +Patrick Monnerat (18 Dec 2014) +- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. - CURLOPT_CHUNK_BGN_FUNCTION: fix typo +- [Kyle J. McKay brought this change] -Kamil Dudka (18 Jul 2014) -- [Alessandro Ghedini brought this change] + parseurlandfillconn(): fix improper non-numeric scope_id stripping. + Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ - build: link curl to NSS libraries when NSS support is enabled - - This fixes a build failure on Debian caused by commit - 24c3cdce88f39731506c287cb276e8bf4a1ce393. +- IPV6: address scope != scope id + There was a confusion between these: this commit tries to disambiguate them. + - Scope can be computed from the address itself. + - Scope id is scope dependent: it is currently defined as 1-based local + interface index for link-local scoped addresses, and as a site index(?) for + (obsolete) site-local addresses. Linux only supports it for link-local + addresses. + The URL parser properly parses a scope id as an interface index, but stores it + in a field named "scope": confusion. The field has been renamed into "scope_id". + Curl_if2ip() used the scope id as it was a scope. This caused failures + to bind to an interface. + Scope is now computed from the addresses and Curl_if2ip() matches them. + If redundantly specified in the URL, scope id is check for mismatch with + the interface index. - Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html + This commit should fix SF bug #1451. -Steve Holme (17 Jul 2014) -- build: Removed unnecessary XML Documentation file directive from VC8 to VC12 - - The curl tool project files for VC8 to VC12 would set this setting to - $(IntDir) which is the Visual Studio default value. To avoid confusion - when viewing settings from within Visual Studio and for consistency - with the libcurl project files removed this setting. - - Conflicts: - projects/Windows/VC10/src/curlsrc.tmpl - projects/Windows/VC11/src/curlsrc.tmpl - projects/Windows/VC12/src/curlsrc.tmpl - projects/Windows/VC8/src/curlsrc.tmpl - projects/Windows/VC9/src/curlsrc.tmpl +- connect: singleipconnect(): properly try other address families after failure -- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12 - - The curl tool project files for VC7 to VC12 would set this settings to - $(IntDir)$(TargetName).pch which is the Visual Studio default value. To - avoid confusion when viewing settings from within Visual Studio and for - consistency with the libcurl project files removed this setting. +Daniel Stenberg (16 Dec 2014) +- SFTP: work-around servers that return zero size on STAT - Conflicts: - projects/Windows/VC10/src/curlsrc.tmpl - projects/Windows/VC11/src/curlsrc.tmpl - projects/Windows/VC12/src/curlsrc.tmpl - projects/Windows/VC8/src/curlsrc.tmpl - projects/Windows/VC9/src/curlsrc.tmpl + Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html + Pathed-by: Marc Renault -- build: Removed unnecessary ASM and Object file directives in VC7 to VC12 +- glob_next_url: make the loop count upwards - The curl tool project files for VC7 to VC12 would set these settings to - $(IntDir) which is the Visual Studio default value. To avoid confusion - when viewing settings from within Visual Studio and for consistency - with the libcurl project files removed these two settings. + As the former contruct apparently caused a compiler warning, mentioned + in d8efde07e556c. -Daniel Stenberg (17 Jul 2014) -- [Dave Reisner brought this change] +- tool_operate: we prefer 'CURLcode result' - src/Makefile.am: add .DELETE_ON_ERROR - - This prevents targets like tool_hugehelp.c from leaving around - half-constructed files if the rule fails with GNU make. +- tool_urlglob: unify return codes to use CURLcode - Reported-by: Rafaël Carré - -- THANKS: added new contributors from 7.37.1 announcement - -Dan Fandrich (17 Jul 2014) -- testcurl.pl: log the value of --runtestopts in the test header - -Daniel Stenberg (16 Jul 2014) -- RELEASE-NOTES: cleared, working towards next release - -- curl_gssapi.c: make line shorter than 80 columns + There was a mix of GlobCode, CURLcode and ints and they were mostly + passing around CURLcode errors. This change makes the functions use only + CURLcode and removes the GlobCode type completely. -- [David Woodhouse brought this change] +- tool_urlglob.c: partly reverse dc19789444 + + The loop in glob_next_url() needs to be done backwards to maintain the + logic. dc19789444 caused test 1235 to fail. - Fix negotiate auth to proxies to track correct state +- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME -- [David Woodhouse brought this change] +- [Jay Satiro brought this change] - Don't abort Negotiate auth when the server has a response for us + opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS - It's wrong to assume that we can send a single SPNEGO packet which will - complete the authentication. It's a *negotiation* — the clue is in the - name. So make sure we handle responses from the server. + Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and + CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one + that will be used. - Curl_input_negotiate() will already handle bailing out if it thinks the - state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps - talking to us, so we should avoid endless loops that way. - -- [David Woodhouse brought this change] + Prior to this change that behavior was only noted in the + CURLOPT_TIMEOUT_MS doc. - Don't clear GSSAPI state between each exchange in the negotiation - - GSSAPI doesn't work very well if we forget everything ever time. +Nick Zitzmann (15 Dec 2014) +- darwinssl: fix incorrect usage of aprintf() - XX: Is Curl_http_done() the right place to do the final cleanup? + Commit b13923f changed an snprintf() to use aprintf(), but the API usage + wasn't correct, and was causing a crash to occur. This fixes it. -- [David Woodhouse brought this change] +Steve Holme (14 Dec 2014) +- copyright: Updated the copyright year following recent updates - Use SPNEGO for HTTP Negotiate - - This is the correct way to do SPNEGO. Just ask for it +Daniel Stenberg (14 Dec 2014) +- tool_urlglob.c: reverse two loops - Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket - isn't available. Of course, we bail out when the server responds with the - challenge packet, since we don't expect that. But I'll fix that bug next... + By counting from 0 and up instead of backwards like before, we remove + the need for the "funny" check of the unsigned variable when decreased + passed zero. Easier to read and less risk for compiler warnings. -- [David Woodhouse brought this change] +Marc Hoersken (14 Dec 2014) +- tool_urlglob.c: Added braces to clarify the conditions - Remove all traces of FBOpenSSL SPNEGO support - - This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which - allows client and server to negotiate the underlying mechanism which will - actually be used to authenticate. This is *often* Kerberos, and can also - be NTLM and other things. And to complicate matters, there are various - different OIDs which can be used to specify the Kerberos mechanism too. - - A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, - and will exchange GSSAPI tokens which are appropriate for that mechanism. - - But this SPNEGO implementation just strips the incoming SPNEGO packet - and extracts the token, if any. And completely discards the information - about *which* mechanism is being used. Then we *assume* it was Kerberos, - and feed the token into gss_init_sec_context() with the default - mechanism (GSS_S_NO_OID for the mech_type argument). - - Furthermore... broken as this code is, it was never even *used* for input - tokens anyway, because higher layers of curl would just bail out if the - server actually said anything *back* to us in the negotiation. We assume - that we send a single token to the server, and it accepts it. If the server - wants to continue the exchange (as is required for NTLM and for SPNEGO - to do anything useful), then curl was broken anyway. +- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop - So the only bit which actually did anything was the bit in - Curl_output_negotiate(), which always generates an *initial* SPNEGO - token saying "Hey, I support only the Kerberos mechanism and this is its - token". + The >= 0 is actually not required, since i underflows and + the for-loop is stopped using the < condition, but this + makes the VS2012 compiler and code analysis happy. + +- tool_binmode.c: Explicitly ignore the return code of setmode - You could have done that by manually just prefixing the Kerberos token - with the appropriate bytes, if you weren't going to do any proper SPNEGO - handling. There's no need for the FBOpenSSL library at all. + Fixes code analysis warning C6031: + return value ignored: could return unexpected value + +- lib: Fixed multiple code analysis warnings if SAL are available - The sane way to do SPNEGO is just to *ask* the GSSAPI library to do - SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() - is for. And then it should all Just Work™. + warning C28252: Inconsistent annotation for function: + parameter has another annotation on this instance + +Steve Holme (14 Dec 2014) +- smb.c: Fixed code analysis warning - That 'sane way' will be added in a subsequent patch, as will bug fixes - for our failure to handle any exchange other than a single outbound - token to the server which results in immediate success. + smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, + then cast to 64-bit value. Result may not be an expected + value -- [David Woodhouse brought this change] +Marc Hoersken (14 Dec 2014) +- tool_util.c: Use GetTickCount64 if it is available - ntlm_wb: Avoid invoking ntlm_auth helper with empty username +Steve Holme (14 Dec 2014) +- smb: Use HAVE_PROCESS_H for process.h inclusion + + Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H + pre-processor define when including process.h. -- [David Woodhouse brought this change] +Daniel Stenberg (14 Dec 2014) +- darwinssl: aprintf() to allocate the session key + + ... to avoid using a fixed memory size that risks being too large or too + small. - ntlm_wb: Fix hard-coded limit on NTLM auth packet size +Marc Hoersken (14 Dec 2014) +- curl_schannel: Improvements to memory re-allocation strategy + + - do not grow memory by doubling its size + - do not leak previously allocated memory if reallocation fails + - replace while-loop with a single check to make sure + that the requested amount of data fits into the buffer - Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit - a hard limit once let's just make it cope by reallocating as necessary. + Bug: http://curl.haxx.se/bug/view.cgi?id=1450 + Reported-by: Warren Menzer -Version 7.37.1 (16 Jul 2014) +Steve Holme (14 Dec 2014) +- asyn-ares: We prefer use of 'CURLcode result' -Daniel Stenberg (16 Jul 2014) -- RELEASE-NOTES: synced with 4cb2521595 +Marc Hoersken (14 Dec 2014) +- curl_schannel.c: Data may be available before connection shutdown -- test506: verify aa6884845168 - - After the fixed cookie lock deadlock, this test now passes and it - detects double-locking and double-unlocking of mutexes. +Steve Holme (14 Dec 2014) +- http2: Use 'CURLcode result' for curl result codes -- [Yousuke Kimoto brought this change] +- asyn-thread: We prefer 'CURLcode result' - cookie: avoid mutex deadlock - - ... by removing the extra mutex locks around th call to - Curl_flush_cookies() which takes care of the locking itself already. +- smb: Fixed unnecessary initialisation of struct member variables - Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html + There is no need to set the 'state' and 'result' member variables to + SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() + as calloc() initialises the contents to zero. -- gnutls: fix compiler warning +- ntlm: Fixed return code for bad type-2 Target Info - conversion to 'int' from 'long int' may alter its value + Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security + buffers just like we do for bad decodes. -Dan Fandrich (15 Jul 2014) -- test320: strip off the actual negotiated cipher width +- ntlm: Remove unnecessary casts in readshort_le() - It's irrelevant to the test, and will change depending on which SSL - library is being used by libcurl. + I don't think both of my fix ups from yesterday were needed to fix the + compilation warning, so remove the one that I think is unnecessary and + let the next Android autobuild prove/disprove it. -- gnutls: detect lack of SRP support in GnuTLS at run-time and try without +- curl_ntlm_msgs.c: Another attempt to fix compilation warning - Reported-by: David Woodhouse - -Daniel Stenberg (14 Jul 2014) -- [Michał Górny brought this change] + curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from + 'int' may alter its value - configure: respect host tool prefix for krb5-config - - Use ${host_alias}-krb5-config if available. This improves cross- - compilation support and fixes multilib on Gentoo (at least). +Guenter Knauf (13 Dec 2014) +- synctime.c: added own user-agent string. -- [David Woodhouse brought this change] +Steve Holme (13 Dec 2014) +- smb.c: Fixed line longer than 79 columns - gnutls: handle IP address in cert name check +- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 - Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function - didn't actually check IP addresses in SubjectAltName, even though it was - explicitly documented as doing so. So do it ourselves... - -Dan Fandrich (14 Jul 2014) -- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r + curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from + 'int' may alter its value -Daniel Stenberg (14 Jul 2014) -- RELEASE-NOTES: next one is called 7.37.1 +Guenter Knauf (13 Dec 2014) +- mk-ca-bundle.pl: restored forced run again. -Dan Fandrich (13 Jul 2014) -- gnutls: improved error message if setting cipher list fails +- synctime.c: removed another timeserver URL. - Reported-by: David Woodhouse + worldtimeserver.com seems also no longer available. -- netrc: fixed thread safety problem by using getpwuid_r if available - - The old way using getpwuid could cause problems in programs that enable - reading from netrc files simultaneously in multiple threads. +- synctime.c: fixed timeserver URLs. - Reported-by: David Woodhouse - -- RELEASE-NOTES: add the reporter of the previous bug fix + For getting the date header its not necessary to access special + pages or even CGI scripts - all pages including the main index + reply with the date header, therefore shortened URLs to domain. + Removed worldtime.com; added pool.ntp.org. -- netrc: treat failure to find home dir same as missing netrc file +Steve Holme (13 Dec 2014) +- ftp.c: Fixed compilation warning when no verbose string support - This previously caused a fatal error (with a confusing error code, at - that). + ftp.c:819: warning: unused parameter 'lineno' + +- smb: Added state change functions to assist with debugging - Reported by: Glen A Johnson Jr. + For debugging purposes, and as per other protocols within curl, added + state change functions rather than changing the states directly. -Steve Holme (12 Jul 2014) -- RELEASE-NOTES: Synced with aaaf9e50ec +- ntlm: Use short integer when decoding 16-bit values -- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions - - Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html - Reported-by: David Woodhouse +- RELEASE-NOTES: Synced with 6291a16b20 -- build: Fixed overridden compiler PDB settings in VC7 to VC12 +- smtp.c: Fixed compilation warnings - The curl tool project files for VC7 to VC12 would override the default - setting with the output filename being the same as the linker PDB file. - As such the compiler file would be overwritten with the linker file - for all debug builds. + smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string - To avoid this overwrite and for consistency with the libcurl project - files, removed the setting to force the default filename to be used. - -Dan Fandrich (12 Jul 2014) -- tests: added globbing keyword to URL globbing tests - -- Fixed some "statement not reached" warnings - -- gnutls: fixed a couple of uninitialized variable references + Used array index notation instead. -- gnutls: fixed compilation against versions < 2.12.0 +- smb: Disable SMB when 64-bit integers are not supported - The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but - the code path in which they're referenced here is only ever used for - somewhat older GnuTLS versions. This caused undeclared identifier errors - when compiling against those. + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64. -- gnutls: explicitly added SRP to the priority string +- ntlm: Disable NTLM v2 when 64-bit integers are not supported - This seems to have become necessary for SRP support to work starting - with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS - before the function that takes this priority string, there should be no - issue with backward compatibility. - -- tests: adjust for capitalization differences in newer gnutls-serv + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64 which was introduced in commit + 07b66cbfa4. -- test320/1/2/4: fix the port number substitution variables +- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined - These tests have been broken since commit 1958fe57 in Oct. 2011 + Previously USE_NTLM2SESSION would only be defined automatically when + USE_NTRESPONSES wasn't already defined. Separated the two definitions + so that the user can manually set USE_NTRESPONSES themselves but + USE_NTLM2SESSION is defined automatically if they don't define it. -- tests: document more test identifiers and variables +- smtp.c: Fixed line longer than 79 columns -- gnutls: ignore invalid certificate dates with VERIFYPEER disabled +- config-win32.h: Don't enable Windows Crypt API if using OpenSSL - This makes the behaviour consistent with what happens if a date can - be extracted from the certificate but is expired. - -Steve Holme (10 Jul 2014) -- CURLOPT_UPLOAD: Corrected argument type + As the OpenSSL and NSS Crypto engines are prefered by the core NTLM + routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT + automatically when either OpenSSL or NSS are in use - doing so would + disable NTLM2Session responses in NTLM type-3 messages. -Daniel Stenberg (9 Jul 2014) -- FAQ: expand the thread-safe section +- smtp: Fixed inappropriate free of the scratch buffer - ... with a mention of *NOSIGNAL, based on talk in bug #1386 - -Dan Fandrich (9 Jul 2014) -- url.c: Fixed memory leak on OOM + If the scratch buffer was allocated in a previous call to + Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent + call and no action taken by that call, then an attempt would be made to + try and free the buffer which, by now, would be part of the data->state + structure. - This showed itself on some systems with torture failures - in tests 1060 and 1061 + This bug was introduced in commit 4bd860a001. -- Update instances of some obsolete CURLOPTs to their new names +- smtp: Fixed dot stuffing when EOL characters were at end of input buffers + + Fixed a problem with the CRLF. detection when multiple buffers were + used to upload an email to libcurl and the line ending character(s) + appeared at the end of each buffer. This meant any lines which started + with . would not be escaped into .. and could be interpreted as the end + of transmission string instead. + + This only affected libcurl based applications that used a read function + and wasn't reproducible with the curl command-line tool. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1456 + Assisted-by: Patrick Monnerat -Daniel Stenberg (5 Jul 2014) -- [Marcel Raad brought this change] +Daniel Stenberg (11 Dec 2014) +- telnet: fix "cast increases required alignment of target type" - compiler warnings: potentially uninitialized variables +- ntlm_wb_response: fix "statement not reached" - ... pointed out by MSVC2013 + ... and I could use a break instead of a goto to end the loop. - Bug: http://curl.haxx.se/bug/view.cgi?id=1391 + Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html + Reported-by: Tor Arntsen -Kamil Dudka (4 Jul 2014) -- nss: make the list of CRL items global +Steve Holme (10 Dec 2014) +- RELEASE-NOTES: Synced with 1cc5194337 - Otherwise NSS could use an already freed item for another connection. - -- nss: fix a memory leak when CURLOPT_CRLFILE is used + Added some bug fixes that I had missed in previous synchronisations. -- nss: make crl_der allocated on heap +Daniel Stenberg (10 Dec 2014) +- Curl_unix2addr: avoid using the variable name 'sun' - ... and spell it as crl_der instead of crlDER - -- nss: let nss_{cache,load}_crl return CURLcode + I suspect this causes compile failures on Solaris: + + Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html -- tool: oops, forgot to include +Steve Holme (10 Dec 2014) +- url.c: Fixed compilation warning when USE_NTLM is not defined - ... that contains the declaration of PL_ArenaFinish() + url.c:3078: warning: variable 'credentialsMatch' set but not used -- tool: call PL_ArenaFinish() on exit if NSPR is used +- parsedate.c: Fixed compilation warning - This prevents valgrind from reporting still reachable memory allocated - by NSPR arenas (mainly the freelist). + parsedate.c:548: warning: 'parsed' may be used uninitialized in this + function - Reported-by: Hubert Kario - -Daniel Stenberg (3 Jul 2014) -- [Dimitrios Siganos brought this change] + As curl_getdate() returns -1 when parsedate() fails we can initialise + parsed to -1. - example: use correct type (long) for CURLOPT_FOLLOWLOCATION +Daniel Stenberg (10 Dec 2014) +- TODO: Cache negative name resolves + + Worth exploring -- [Dimitrios Siganos brought this change] +- ldap: check Curl_client_write() return codes + + There might be one or two memory leaks left in the error paths. - Document type of argument for CURLOPT_FOLLOWLOCATION. +- ldap: rename variables to comply to curl standards -- [Dimitrios Siganos brought this change] +Dan Fandrich (10 Dec 2014) +- sws.c: Fixed 'rc' may be used uninitialized warning - Document type of argument for CURLOPT_ERRORBUFFER. +- cookies: Improved OOM handling in cookies + + This fixes the test 506 torture test. The internal cookie API really + ought to be improved to separate cookie parsing errors (which may be + ignored) with OOM errors (which should be fatal). -- [Dimitrios Siganos brought this change] +Guenter Knauf (9 Dec 2014) +- synctime.c: fixed user-agent setting. + + Some websites meanwhile refuse to reply to requests from ancient + browsers like IE6, therefore I've comment out this setting, but + also fixed the string to now fake IE8 if someone enables it. - Document type of argument for CURLOPT_COPYPOSTFIELDS. +Daniel Stenberg (9 Dec 2014) +- smb: fix unused return code warning -- [Dimitrios Siganos brought this change] +Patrick Monnerat (9 Dec 2014) +- Curl_client_write() & al.: chop long data, convert data only once. - Document type of argument for CURLOPT_ADDRESS_SCOPE. +Guenter Knauf (9 Dec 2014) +- VC build: added sspi define for winssl-zlib builds. -- curl.1: minor language fix +Daniel Stenberg (9 Dec 2014) +- schannel_recv: return the correct code - Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html - -- [Ray Satiro brought this change] + Bug: http://curl.haxx.se/bug/view.cgi?id=1462 + Reported-by: Tae Hyoung Ahn - progress callback: skip last callback update on errors - - When an error has been detected, skip the final forced call to the - progress callback by making sure to pass the current return code - variable in the Curl_done() call in the CURLM_STATE_DONE state. - - This avoids the "extra" callback that could occur even if you returned - error from the progress callback. - - Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html - Reported by: Jonathan Cardoso Machado +- http2: avoid logging neg "failure" if h2 was not requested -Dan Fandrich (2 Jul 2014) -- opts: fixed some CURLOPT references so they get turned into links +- openldap: do not ignore Curl_client_write() return codes -Kamil Dudka (2 Jul 2014) -- tool: call PR_Cleanup() on exit if NSPR is used - - This prevents valgrind from reporting possibly lost memory that NSPR - uses for file descriptor cache and other globally allocated internal - data structures. +- compile: warn on unused return code from Curl_client_write() -- nss: make the fallback to SSLv3 work again - - This feature was unintentionally disabled by commit ff92fcfb. +Patrick Monnerat (8 Dec 2014) +- SMB: Fix a data size mismatch that broke SMB on big-endian platforms -- nss: do not abort on connection failure +Steve Holme (7 Dec 2014) +- smb: Fixed Windows autoconf builds following commit eb88d778e7 - ... due to calling SSL_VersionRangeGet() with NULL file descriptor + As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO + either explicitly through --enable-win32-cypto or automatically on + _WIN32 based platforms, subsequent builds broke with the following + error message: - reported-by: upstream tests 305 and 404 - -Dan Fandrich (1 Jul 2014) -- opts: Document the socket callback function parameters - -Steve Holme (28 Jun 2014) -- opts: Fixed some typos + "Can't compile NTLM support without a crypto library." -Dan Fandrich (25 Jun 2014) -- curl_easy_setopt.3: fixed the error code for an unsupported option +- RELEASE-NOTES: Synced with 526603ff05 -- opts: added some DEFAULT and RETURN VALUE sections +- [Bill Nagel brought this change] -Daniel Stenberg (21 Jun 2014) -- libcurl docs: man page edits + smb: Build with SSPI enabled - mainly to improve how the web versions render + Build SMB/CIFS protocol support when SSPI is enabled. -Dan Fandrich (21 Jun 2014) -- curl_easy_setopt.3: fixed some typos +- [Bill Nagel brought this change] -Daniel Stenberg (21 Jun 2014) -- lib man pages: update easy setopt option references + ntlm: Use Windows Crypt API - ... by using the "\fIopt(3)\fP" syntax they will be linked properly when - the web version of the page is generated. - -- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default - -- [Colin Hogben brought this change] + Allow the use of the Windows Crypt API for NTLMv1 functions. - lib: documentation updates in README.hostip +Dan Fandrich (7 Dec 2014) +- cookie.c: Refactored cleanup code to simplify - c-ares now does support IPv6; - avoid implying threaded resolver is Windows-only; - two referenced source files were renamed in 7de2f92 + Also, fixed the outdated comments on the cookie API. -- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception - - ... to the always-copy-char *-argument. +- get_url_file_name: Fixed crash on OOM on debug build - And fix some minor mistakes. + This caused a null-pointer dereference which caused a few dozen + torture tests to fail. -- curl_easy_setopt.3: refer to the individual man pages +Steve Holme (6 Dec 2014) +- sws.c: Fixed compilation warning - With all the new individual option man pages created, this now refers to - each separate one instead of duplicaing the info. Also makes this page - easier to overview. - -Dan Fandrich (21 Jun 2014) -- opts: fixed mancheck for out-of-tree builds + sws.c:2191 warning: 'rc' may be used uninitialized in this function -Daniel Stenberg (21 Jun 2014) -- curl_easy_setopt.3: shorten +- ftp.c: Fixed compilation warnings when proxy support disabled - shorten descriptions, mostly refer to the separate descriptions - -- CURLOPT_DNS_LOCAL_IP4.3: better short desc - -Dan Fandrich (20 Jun 2014) -- opts: document CURLE_OUT_OF_MEMORY among other return values - -- opts: fixed some typos - -Daniel Stenberg (20 Jun 2014) -- opts: various corrections + ftp.c:1827 warning: unused parameter 'newhost' + ftp.c:1827 warning: unused parameter 'newport' -- opts: add the rest of the options +- smb: Fixed a problem with large file transfers - ... and fixed mancheck to ignore obsolete options - -- opts: the final bunch of options as man pages + Fixed an issue with the message size calculation where the raw bytes + from the buffer were interpreted as signed values rather than unsigned + values. - Now all current options have their own man pages. - -- opts: 37 additional man pages + Reported-by: Gisle Vanem + Assisted-by: Bill Nagel -- CURLOPT_URL: move up the text from "Notes" +- smb: Moved the URL decoding into a separate function -- ROADMAP: removed, now ROADMAP.md +- smb: Fixed URL encoded URLs not working -- ROADMAP.md: make it markdown formatted +- Makefile.inc: Added our standard header and updated file formatting -- ROADMAP: initial commit of "curl the next few years" +- Makefile.inc: Updated file formatting - To be further discussed, debated and edited - -- opts: more man pages - -- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' - -- opts: makefile now includes all current man pages - -- opts: 11 more man pages - -Dan Fandrich (18 Jun 2014) -- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE + Aligned continuation character and used space as the separator + character as per other makefile files. -- opts: fixed a couple of typos +- curl_md4.h: Updated copyright year following recent edit + + ...and minor layout adjustment. -Patrick Monnerat (18 Jun 2014) -- OS400: make it compilable again. Make RPG binding up to date. +Patrick Monnerat (5 Dec 2014) +- SMB: Fix big endian problems. Make it OS/400 aware. -- buildconf: do not search tools in current directory. +- OS400: enable NTLM authentication -Dan Fandrich (18 Jun 2014) -- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx +Steve Holme (5 Dec 2014) +- multi.c: Fixed compilation warning - This is consistent with the existing obsolete error code naming - convention. + multi.c:2695: warning: declaration of `exp' shadows a global declaration + +Guenter Knauf (5 Dec 2014) +- build: updated dependencies in makefiles. -Daniel Stenberg (18 Jun 2014) -- opts: 16 more man pages +Steve Holme (5 Dec 2014) +- sasl: Corrected formatting of function descriptions diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake index 4986a8e..dfaeaf3 100644 --- a/CMake/FindGSS.cmake +++ b/CMake/FindGSS.cmake @@ -155,7 +155,7 @@ message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}") set(GSS_FLAVOUR "MIT") else() # prevent compiling the header - just check if we can include it - set(CMAKE_REQUIRED_DEFINITIONS "-D__ROKEN_H__") + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__") check_include_file( "roken.h" _GSS_HAVE_ROKEN_H) check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H) diff --git a/CMakeLists.txt b/CMakeLists.txt index fc75d59..9a42cc7 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -76,6 +76,24 @@ option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON) option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF) option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF) + +option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) +option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) + +if (ENABLE_DEBUG) + # DEBUGBUILD will be defined only for Debug builds + if(NOT CMAKE_VERSION VERSION_LESS 3.0) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$:DEBUGBUILD>) + else() + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD) + endif() + set(ENABLE_CURLDEBUG ON) +endif() + +if (ENABLE_CURLDEBUG) + set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG) +endif() + # initialize CURL_LIBS set(CURL_LIBS "") @@ -238,6 +256,7 @@ include (CheckCSourceCompiles) # On windows preload settings if(WIN32) + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_") include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) endif(WIN32) @@ -279,7 +298,6 @@ endif() option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON) mark_as_advanced(CMAKE_USE_OPENSSL) -set(USE_SSLEAY OFF) set(USE_OPENSSL OFF) set(HAVE_LIBCRYPTO OFF) set(HAVE_LIBSSL OFF) @@ -288,32 +306,31 @@ if(CMAKE_USE_OPENSSL) find_package(OpenSSL) if(OPENSSL_FOUND) list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) - set(USE_SSLEAY ON) set(USE_OPENSSL ON) set(HAVE_LIBCRYPTO ON) set(HAVE_LIBSSL ON) include_directories(${OPENSSL_INCLUDE_DIR}) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) - check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) - check_include_file_concat("openssl/err.h" HAVE_OPENSSL_ERR_H) - check_include_file_concat("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) - check_include_file_concat("openssl/rsa.h" HAVE_OPENSSL_RSA_H) - check_include_file_concat("openssl/ssl.h" HAVE_OPENSSL_SSL_H) - check_include_file_concat("openssl/x509.h" HAVE_OPENSSL_X509_H) - check_include_file_concat("openssl/rand.h" HAVE_OPENSSL_RAND_H) + check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) + check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) + check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) + check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) + check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) + check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) + check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) + check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) + check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) endif() endif() if(NOT CURL_DISABLE_LDAP) if(WIN32) - option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON) - if(CURL_LDAP_WIN) + option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) + if(USE_WIN32_LDAP) check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32) if(NOT HAVE_WLDAP32) - set(CURL_LDAP_WIN OFF) + set(USE_WIN32_LDAP OFF) endif() endif() endif() @@ -323,12 +340,12 @@ if(NOT CURL_DISABLE_LDAP) set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library") set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library") - if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN) - message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time") + if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP) + message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time") endif() # Now that we know, we're not using windows LDAP... - if(NOT CURL_LDAP_WIN) + if(NOT USE_WIN32_LDAP) # Check for LDAP set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) @@ -384,7 +401,7 @@ if(NOT CURL_DISABLE_LDAP) return 0; }" ) - set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN") + set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) if(HAVE_LIBLBER) list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) @@ -474,7 +491,7 @@ mark_as_advanced(CMAKE_USE_GSSAPI) if(CMAKE_USE_GSSAPI) find_package(GSS) - set(HAVE_GSS_API ${GSS_FOUND}) + set(HAVE_GSSAPI ${GSS_FOUND}) if(GSS_FOUND) message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"") @@ -537,15 +554,13 @@ endif() # Check for header files if(NOT UNIX) - check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) - check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) -endif(NOT UNIX) -check_include_file_concat("stdio.h" HAVE_STDIO_H) -if(NOT UNIX) check_include_file_concat("windows.h" HAVE_WINDOWS_H) check_include_file_concat("winsock.h" HAVE_WINSOCK_H) + check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) + check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) endif(NOT UNIX) +check_include_file_concat("stdio.h" HAVE_STDIO_H) check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) @@ -737,7 +752,6 @@ if(CMAKE_USE_OPENSSL) HAVE_CRYPTO_CLEANUP_ALL_EX_DATA) if(HAVE_LIBCRYPTO AND HAVE_LIBSSL) set(USE_OPENSSL 1) - set(USE_SSLEAY 1) endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL) endif(CMAKE_USE_OPENSSL) check_symbol_exists(gmtime_r "${CURL_INCLUDES}" HAVE_GMTIME_R) @@ -1032,12 +1046,12 @@ _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX) _add_if("IDN" HAVE_LIBIDN) # TODO SSP1 (WinSSL) check is missing _add_if("SSPI" USE_WINDOWS_SSPI) -_add_if("GSS-API" HAVE_GSS_API) +_add_if("GSS-API" HAVE_GSSAPI) # TODO SSP1 missing for SPNEGO _add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSS_API OR USE_WINDOWS_SSPI)) + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) _add_if("Kerberos" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSS_API OR USE_WINDOWS_SSPI)) + (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) # NTLM support requires crypto function adaptions from various SSL libs # TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR diff --git a/MacOSX-Framework b/MacOSX-Framework index 9863b78..6251bff 100755 --- a/MacOSX-Framework +++ b/MacOSX-Framework @@ -94,7 +94,7 @@ if test ! -z $SDK32; then rm -r libcurl.framework mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl - install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl + install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl @@ -121,7 +121,7 @@ if test ! -z $SDK32; then echo "----Appending 64 bit framework to 32 bit framework..." cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 + install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 pwd lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl diff --git a/Makefile b/Makefile index f0f50d8..393a09d 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -566,6 +566,17 @@ src/Makefile.vc12: src/Makefile.vc6 @echo "generate $@" @sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" src/Makefile.vc6 > src/Makefile.vc12 +# VC14 makefiles are for use with VS2015 +vc14: lib/Makefile.vc14 src/Makefile.vc14 + +lib/Makefile.vc14: lib/Makefile.vc6 + @echo "generate $@" + @sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" lib/Makefile.vc6 > lib/Makefile.vc14 + +src/Makefile.vc14: src/Makefile.vc6 + @echo "generate $@" + @sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" src/Makefile.vc6 > src/Makefile.vc14 + ca-bundle: lib/mk-ca-bundle.pl @echo "generate a fresh ca-bundle.crt" @perl $< -b -l -u lib/ca-bundle.crt diff --git a/Makefile.am b/Makefile.am index 3b91e83..5f1c881 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -30,101 +30,113 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in \ include/curl/curlbuild.h.cmake CMake/Macros.cmake VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl -VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp +VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc -VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl -VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp +VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl +VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl -VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj +VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc -VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl -VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj +VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl +VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl -VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj +VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc -VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl -VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj +VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl +VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl -VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj +VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc -VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl -VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj +VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl +VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl -VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj +VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc -VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl -VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj +VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl +VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj +VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj +VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl +VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj +VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj +VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl +VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj +VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj +VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl +VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc +VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl +VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist +VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc +VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl +VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist +VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc + VC_DIST = projects/README \ projects/build-openssl.bat \ + projects/build-wolfssl.bat \ projects/checksrc.bat \ - projects/Windows/VC6/curl.dsw \ - projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP) \ - projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP) \ - projects/Windows/VC7/curl.sln \ - projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ) \ - projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ) \ - projects/Windows/VC7.1/curl.sln \ - projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ) \ - projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ) \ - projects/Windows/VC8/curl.sln \ - projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ) \ - projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ) \ - projects/Windows/VC9/curl.sln \ - projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ) \ - projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ) \ - projects/Windows/VC10/curl.sln \ - projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ) \ - projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ) \ - projects/Windows/VC11/curl.sln \ - projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ) \ - projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ) \ - projects/Windows/VC12/curl.sln \ - projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ) \ - projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ) + projects/Windows/VC6/curl-all.dsw \ + projects/Windows/VC6/lib/libcurl.dsw \ + projects/Windows/VC6/src/curl.dsw \ + projects/Windows/VC7/curl-all.sln \ + projects/Windows/VC7/lib/libcurl.sln \ + projects/Windows/VC7/src/curl.sln \ + projects/Windows/VC7.1/curl-all.sln \ + projects/Windows/VC7.1/lib/libcurl.sln \ + projects/Windows/VC7.1/src/curl.sln \ + projects/Windows/VC8/curl-all.sln \ + projects/Windows/VC8/lib/libcurl.sln \ + projects/Windows/VC8/src/curl.sln \ + projects/Windows/VC9/curl-all.sln \ + projects/Windows/VC9/lib/libcurl.sln \ + projects/Windows/VC9/src/curl.sln \ + projects/Windows/VC10/curl-all.sln \ + projects/Windows/VC10/lib/libcurl.sln \ + projects/Windows/VC10/src/curl.sln \ + projects/Windows/VC11/curl-all.sln \ + projects/Windows/VC11/lib/libcurl.sln \ + projects/Windows/VC11/src/curl.sln \ + projects/Windows/VC12/curl-all.sln \ + projects/Windows/VC12/lib/libcurl.sln \ + projects/Windows/VC12/src/curl.sln \ + projects/Windows/VC14/curl-all.sln \ + projects/Windows/VC14/lib/libcurl.sln \ + projects/Windows/VC14/src/curl.sln WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \ winbuild/MakefileBuild.vc winbuild/Makefile.vc \ winbuild/Makefile.msvc.names EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ - $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) + $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ + $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) bin_SCRIPTS = curl-config @@ -153,7 +165,7 @@ html: pdf: cd docs; make pdf -check: test examples +check: test examples check-docs if CROSSCOMPILING test-full: test @@ -181,6 +193,9 @@ endif examples: @(cd docs/examples; $(MAKE) check) +check-docs: + @(cd docs/libcurl; $(MAKE) check) + # This is a hook to have 'make clean' also clean up the docs and the tests # dir. The extra check for the Makefiles being present is necessary because # 'make distcheck' will make clean first in these directories _before_ it runs @@ -266,7 +281,7 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) + $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ win32_lib_rc='$(LIB_RCFILES)'; \ @@ -527,4 +542,22 @@ function gen_element(type, dir, file)\ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };) + "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC14_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC14_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; };) diff --git a/Makefile.in b/Makefile.in index 51c490e..a86901d 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -43,7 +43,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -69,7 +69,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -132,12 +142,6 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -DIST_COMMON = $(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc \ - $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/configure $(am__configure_deps) mkinstalldirs \ - $(srcdir)/curl-config.in $(srcdir)/libcurl.pc.in COPYING \ - README compile config.guess config.sub depcomp install-sh \ - missing ltmain.sh subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ @@ -159,9 +163,11 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = curl-config libcurl.pc @@ -251,6 +257,10 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags CSCOPE = cscope +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/curl-config.in \ + $(srcdir)/lib/Makefile.inc $(srcdir)/libcurl.pc.in \ + $(srcdir)/src/Makefile.inc COPYING README compile config.guess \ + config.sub depcomp install-sh ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -350,7 +360,7 @@ GREP = @GREP@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ -HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@ +HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ IDN_ENABLED = @IDN_ENABLED@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -403,6 +413,7 @@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SSL_ENABLED = @SSL_ENABLED@ +SSL_LIBS = @SSL_LIBS@ STRIP = @STRIP@ SUPPORT_FEATURES = @SUPPORT_FEATURES@ SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@ @@ -419,7 +430,6 @@ USE_NSS = @USE_NSS@ USE_OPENLDAP = @USE_OPENLDAP@ USE_POLARSSL = @USE_POLARSSL@ USE_SCHANNEL = @USE_SCHANNEL@ -USE_SSLEAY = @USE_SSLEAY@ USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@ USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@ VERSION = @VERSION@ @@ -487,93 +497,104 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in \ include/curl/curlbuild.h.cmake CMake/Macros.cmake VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl -VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp +VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc -VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl -VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp +VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl +VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl -VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj +VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc -VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl -VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj +VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl +VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl -VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj +VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc -VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl -VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj +VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl +VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl -VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj +VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc -VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl -VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj +VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl +VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl -VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj +VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc -VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl -VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj +VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl +VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj +VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj +VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl +VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj +VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj +VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl +VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj +VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj +VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl +VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc +VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl +VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist +VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc +VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl +VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist +VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc VC_DIST = projects/README \ projects/build-openssl.bat \ + projects/build-wolfssl.bat \ projects/checksrc.bat \ - projects/Windows/VC6/curl.dsw \ - projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP) \ - projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP) \ - projects/Windows/VC7/curl.sln \ - projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ) \ - projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ) \ - projects/Windows/VC7.1/curl.sln \ - projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ) \ - projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ) \ - projects/Windows/VC8/curl.sln \ - projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ) \ - projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ) \ - projects/Windows/VC9/curl.sln \ - projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ) \ - projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ) \ - projects/Windows/VC10/curl.sln \ - projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ) \ - projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ) \ - projects/Windows/VC11/curl.sln \ - projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ) \ - projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ) \ - projects/Windows/VC12/curl.sln \ - projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ) \ - projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ) + projects/Windows/VC6/curl-all.dsw \ + projects/Windows/VC6/lib/libcurl.dsw \ + projects/Windows/VC6/src/curl.dsw \ + projects/Windows/VC7/curl-all.sln \ + projects/Windows/VC7/lib/libcurl.sln \ + projects/Windows/VC7/src/curl.sln \ + projects/Windows/VC7.1/curl-all.sln \ + projects/Windows/VC7.1/lib/libcurl.sln \ + projects/Windows/VC7.1/src/curl.sln \ + projects/Windows/VC8/curl-all.sln \ + projects/Windows/VC8/lib/libcurl.sln \ + projects/Windows/VC8/src/curl.sln \ + projects/Windows/VC9/curl-all.sln \ + projects/Windows/VC9/lib/libcurl.sln \ + projects/Windows/VC9/src/curl.sln \ + projects/Windows/VC10/curl-all.sln \ + projects/Windows/VC10/lib/libcurl.sln \ + projects/Windows/VC10/src/curl.sln \ + projects/Windows/VC11/curl-all.sln \ + projects/Windows/VC11/lib/libcurl.sln \ + projects/Windows/VC11/src/curl.sln \ + projects/Windows/VC12/curl-all.sln \ + projects/Windows/VC12/lib/libcurl.sln \ + projects/Windows/VC12/src/curl.sln \ + projects/Windows/VC14/curl-all.sln \ + projects/Windows/VC14/lib/libcurl.sln \ + projects/Windows/VC14/src/curl.sln WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \ winbuild/MakefileBuild.vc winbuild/Makefile.vc \ winbuild/Makefile.msvc.names EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ - $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) + $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ + $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) bin_SCRIPTS = curl-config SUBDIRS = lib src include @@ -582,11 +603,11 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcurl.pc LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \ - vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c + vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \ - vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h + vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \ @@ -604,8 +625,9 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c \ - hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c \ - http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c + hostcheck.c conncache.c pipeline.c dotdot.c x509asn1.c \ + http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c \ + curl_des.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -621,9 +643,10 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \ curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ - curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h \ + curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h \ conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h \ - dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h + dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ + curl_printf.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VTLS_CFILES) @@ -749,7 +772,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/li echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -759,7 +781,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; -$(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc: +$(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc $(am__empty): $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck @@ -1029,15 +1051,15 @@ dist-xz: distdir $(am__post_remove_distdir) dist-tarZ: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) @@ -1073,17 +1095,17 @@ distcheck: dist esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build \ - && ../configure \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=.. --prefix="$$dc_install_base" \ + --srcdir=../.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -1265,6 +1287,8 @@ uninstall-am: uninstall-binSCRIPTS uninstall-pkgconfigDATA uninstall-am uninstall-binSCRIPTS uninstall-hook \ uninstall-pkgconfigDATA +.PRECIOUS: Makefile + # List of files required to generate VC IDE .dsp, .vcproj and .vcxproj files @@ -1283,7 +1307,7 @@ html: pdf: cd docs; make pdf -check: test examples +check: test examples check-docs @CROSSCOMPILING_TRUE@test-full: test @CROSSCOMPILING_TRUE@test-torture: test @@ -1306,6 +1330,9 @@ check: test examples examples: @(cd docs/examples; $(MAKE) check) +check-docs: + @(cd docs/libcurl; $(MAKE) check) + # This is a hook to have 'make clean' also clean up the docs and the tests # dir. The extra check for the Makefiles being present is necessary because # 'make distcheck' will make clean first in these directories _before_ it runs @@ -1391,7 +1418,7 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) + $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ win32_lib_rc='$(LIB_RCFILES)'; \ @@ -1652,7 +1679,25 @@ function gen_element(type, dir, file)\ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };) + "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC14_LIBVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v lib_srcs="$$sorted_lib_srcs" \ + -v lib_hdrs="$$sorted_lib_hdrs" \ + -v lib_rc="$$win32_lib_rc" \ + -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ + -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ + "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ + \ + echo "generating '$(VC14_SRCVCXPROJ)'"; \ + awk -v proj_type=vcxproj \ + -v src_srcs="$$sorted_src_srcs" \ + -v src_hdrs="$$sorted_src_hdrs" \ + -v src_rc="$$win32_src_rc" \ + -v src_x_srcs="$$sorted_src_x_srcs" \ + -v src_x_hdrs="$$sorted_src_x_hdrs" \ + "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; };) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/README b/README index 2ffacc3..d92c7f8 100644 --- a/README +++ b/README @@ -38,12 +38,12 @@ GIT To download the very latest source off the GIT server do this: - git clone git://github.com/bagder/curl.git + git clone https://github.com/bagder/curl.git (you'll get a directory named curl created, filled with the source code) NOTICE Curl contains pieces of source code that is Copyright (c) 1998, 1999 - Kungliga Tekniska Högskolan. This notice is included here to comply with the + Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 123088f..f122978 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,146 +1,81 @@ -Curl and libcurl 7.40.0 +Curl and libcurl 7.44.0 - Public curl releases: 143 - Command line options: 162 - curl_easy_setopt() options: 208 + Public curl releases: 148 + Command line options: 176 + curl_easy_setopt() options: 219 Public functions in libcurl: 58 - Contributors: 1219 + Contributors: 1291 This release includes the following changes: - o http_digest: Added support for Windows SSPI based authentication - o version info: Added Kerberos V5 to the supported features - o Makefile: Added VC targets for WinIDN - o config-win32: Introduce build targets for VS2012+ - o SSL: Add PEM format support for public key pinning - o smtp: Added support for the conversion of Unix newlines during mail send [8] - o smb: Added initial support for the SMB/CIFS protocol - o Added support for HTTP over unix domain sockets, via - CURLOPT_UNIX_SOCKET_PATH and --unix-socket - o sasl: Added support for GSS-API based Kerberos V5 authentication + o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6] + o examples: added http2-serverpush.c [7] + o http2: added curl_pushheader_byname() and curl_pushheader_bynum() + o docs: added CODE_OF_CONDUCT.md [8] + o curl: Add --ssl-no-revoke to disable certificate revocation checks [5] + o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9] + o makefile: Added support for VC14 + o build: Added Visual Studio 2015 (VC14) project files + o build: Added wolfSSL configurations to VC10+ project files [18] This release includes the following bugfixes: - o darwinssl: fix session ID keys to only reuse identical sessions [18] - o url-parsing: reject CRLFs within URLs [19] - o OS400: Adjust specific support to last release - o THANKS: Remove duplicate names - o url.c: Fixed compilation warning - o ssh: Fixed build on platforms where R_OK is not defined [1] - o tool_strdup.c: include the tool strdup.h - o build: Fixed Visual Studio project file generation of strdup.[c|h] - o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2] - o curl.1: show zone index use in a URL - o mk-ca-bundle.vbs: switch to new certdata.txt url - o Makefile.dist: Added some missing SSPI configurations - o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined - o SSH: use the port number as well for known_known checks [3] - o libssh2: detect features based on version, not configure checks - o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4] - o multi: removed Curl_multi_set_easy_connection - o symbol-scan.pl: do not require autotools - o cmake: add ENABLE_THREADED_RESOLVER, rename ARES - o cmake: build libhostname for test suite - o cmake: fix HAVE_GETHOSTNAME definition - o tests: fix libhostname visibility - o tests: fix memleak in server/resolve.c - o vtls.h: Fixed compiler warning when compiled without SSL - o CMake: Restore order-dependent header checks - o CMake: Restore order-dependent library checks - o tool: Removed krb4 from the supported features - o http2: Don't send Upgrade headers when we already do HTTP/2 - o examples: Don't call select() to sleep on windows [6] - o win32: Updated some legacy APIs to use the newer extended versions [5] - o easy.c: Fixed compilation warning when no verbose string support - o connect.c: Fixed compilation warning when no verbose string support - o build: in Makefile.m32 pass -F flag to windres - o build: in Makefile.m32 add -m32 flag for 32bit - o multi: when leaving for timeout, close accordingly - o CMake: Simplify if() conditions on check result variables - o build: in Makefile.m32 try to detect 64bit target - o multi: inform about closed sockets before they are closed - o multi-uv.c: close the file handle after download - o examples: Wait recommended 100ms when no file descriptors are ready - o ntlm: Split the SSPI based messaging code from the native messaging code - o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined - o cmake: add Kerberos to the supported feature - o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option - o http: Disable pipelining for HTTP/2 and upgraded connections - o ntlm: Fixed static'ness of local decode function - o sasl: Reduced the need for two sets of NTLM messaging functions - o multi.c: Fixed compilation warnings when no verbose string support - o select.c: fix compilation for VxWorks [7] - o multi-single.c: switch to use curl_multi_wait - o curl_multi_wait.3: clarify numfds being used if not NULL - o http.c: Fixed compilation warnings from features being disabled - o NSS: enable the CAPATH option [9] - o docs: Fix FAILONERROR typos - o HTTP: don't abort connections with pending Negotiate authentication - o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request - o http_perhapsrewind: don't abort CONNECT requests - o build: updated dependencies in makefiles - o multi.c: Fixed compilation warning - o ftp.c: Fixed compilation warnings when proxy support disabled - o get_url_file_name: Fixed crash on OOM on debug build - o cookie.c: Refactored cleanup code to simplify - o OS400: enable NTLM authentication - o ntlm: Use Windows Crypt API - o http2: avoid logging neg "failure" if h2 was not requested - o schannel_recv: return the correct code [10] - o VC build: added sspi define for winssl-zlib builds - o Curl_client_write(): chop long data, convert data only once - o openldap: do not ignore Curl_client_write() return code - o ldap: check Curl_client_write() return codes - o parsedate.c: Fixed compilation warning - o url.c: Fixed compilation warning when USE_NTLM is not defined - o ntlm_wb_response: fix "statement not reached" [11] - o telnet: fix "cast increases required alignment of target type" - o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12] - o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined - o ntlm: Disable NTLM v2 when 64-bit integers are not supported - o ntlm: Use short integer when decoding 16-bit values - o ftp.c: Fixed compilation warning when no verbose string support - o synctime.c: fixed timeserver URLs - o mk-ca-bundle.pl: restored forced run again - o ntlm: Fixed return code for bad type-2 Target Info - o curl_schannel.c: Data may be available before connection shutdown - o curl_schannel: Improvements to memory re-allocation strategy [13] - o darwinssl: aprintf() to allocate the session key - o tool_util.c: Use GetTickCount64 if it is available - o lib: Fixed multiple code analysis warnings if SAL are available - o tool_binmode.c: Explicitly ignore the return code of setmode - o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop - o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS - o SFTP: work-around servers that return zero size on STAT [14] - o connect: singleipconnect(): properly try other address families after failure - o IPV6: address scope != scope id [15] - o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16] - o secureserver.pl: make OpenSSL CApath and cert absolute path values - o secureserver.pl: update Windows detection and fix path conversion - o secureserver.pl: clean up formatting of config and fix verbose output - o tests: Added Windows support using Cygwin-based OpenSSH - o sockfilt.c: use non-Ex functions that are available before WinXP - o VMS: Updates for 0740-0D1220 - o openssl: warn for SRP set if SSLv3 is used, not for TLS version - o openssl: make it compile against openssl 1.1.0-DEV master branch - o openssl: fix SSL/TLS versions in verbose output - o curl: show size of inhibited data when using -v - o build: Removed WIN32 definition from the Visual Studio projects - o build: Removed WIN64 definition from the libcurl Visual Studio projects - o vtls: Use bool for Curl_ssl_getsessionid() return type - o sockfilt.c: Replace 100ms sleep with thread throttle - o sockfilt.c: Reduce the number of individual memory allocations - o vtls: Don't set cert info count until memory allocation is successful - o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure - o nss: Don't ignore Curl_extract_certinfo() OOM failure - o vtls: Fixed compilation warning and an ignored return code - o sockfilt.c: Fixed compilation warnings - o darwinssl: Fixed compilation warning - o vtls: Use '(void) arg' for unused parameters - o sepheaders.c: Fixed resource leak on failure - o lib1900.c: Fixed cppcheck error [17] - o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls - o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls + o FTP: fix HTTP CONNECT logic regression [1] + o openssl: Fix build with openssl < ~ 0.9.8f + o openssl: fix build with BoringSSL + o curl_easy_setopt.3: option order doesn't matter + o openssl: fix use of uninitialized buffer [2] + o RTSP: removed dead code + o Makefile.m32: add support for CURL_LDFLAG_EXTRAS + o curl: always provide negotiate/kerberos options + o cookie: Fix bug in export if any-domain cookie is present + o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT + o INSTALL: Advise use of non-native SSL for Windows <= XP + o tool_help: fix --tlsv1 help text to use >= for TLSv1 + o HTTP: POSTFIELDSIZE set after added to multi handle [3] + o SSL-PROBLEMS: mention WinSSL problems in WinXP + o setup-vms.h: Symbol case fixups + o SSL: Pinned public key hash support + o libtest: call PR_Cleanup() on exit if NSPR is used + o ntlm_wb: Fix theoretical memory leak + o runtests: Allow for spaces in curl custom path + o http2: add stream != NULL checks for reliability + o schannel: Replace deprecated GetVersion with VerifyVersionInfo + o http2: verify success of strchr() in http2_send() + o configure: add --disable-rt option + o openssl: work around MSVC warning + o HTTP: ignore "Content-Encoding: compress" + o configure: check if OpenSSL linking wants -ldl + o build-openssl.bat: Show syntax if required args are missing + o test1902: attempt to make the test more reliable + o libcurl-thread.3: Consolidate thread safety info + o maketgz: Fixed some VC makefiles missing from the release tarball + o libcurl-multi.3: mention curl_multi_wait [10] + o ABI doc: use secure URL + o http: move HTTP/2 cleanup code off http_disconnect() [11] + o libcurl-thread.3: Warn memory functions must be thread safe [12] + o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13] + o docs: formpost needs the full size at start of upload [14] + o curl_gssapi: remove 'const' to fix compiler warnings + o SSH: three state machine fixups [15] + o libcurl.3: fix a single typo [16] + o generate.bat: Only clean prerequisite files when in ALL mode + o curl_slist_append.3: add error checking to the example + o buildconf.bat: Added support for file clean-up via -clean + o generate.bat: Use buildconf.bat for prerequisite file clean-up + o NTLM: handle auth for only a single request [17] + o curl_multi_remove_handle.3: fix formatting [19] + o checksrc.bat: Fixed error when [directory] isn't a curl source directory + o checksrc.bat: Fixed error when missing *.c and *.h files + o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20] + o test46: update cookie expire time + o SFTP: fix range request off-by-one in size check [21] + o CMake: fix GSSAPI builds [22] + o build: refer to fixed libidn versions [4] + o http2: discard frames with no SessionHandle [23] + o curl_easy_recv.3: fix formatting + o libcurl-tutorial.3: fix formatting [24] + o curl_formget.3: correct return code [25] This release includes the following known bugs: @@ -149,35 +84,41 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Andrey Labunets, Anthon Pang, Bill Nagel, Brad Harder, Brad King, Carlo Wood, - Christian Hägele, Dan Fandrich, Daniel Stenberg, Dave Reisner, Frank Gevaerts, - Gisle Vanem, Guenter Knauf, Jan Ehrhardt, Johan Lantz, John E. Malmberg, - Jon Spencer, Julien Nabet, Kamil Dudka, Kyle J. McKay, Lucas Pardue, - Marc Hesse, Marc Hoersken, Marc Renault, Michael Osipov, Nick Zitzmann, - Nobuhiro Ban, Patrick Monnerat, Peter Wu, Ray Satiro, Sam Hurst, - Stefan Bühler, Stefan Neis, Steve Holme, Tae Hyoung Ahn, Tatsuhiro Tsujikawa, - Tomasz Kojm, Tor Arntsen, Waldek Kozba, Warren Menzer + Anders Bakken, Cédric Connes, Dan Fandrich, Daniel Stenberg, David Woodhouse, + Eric Ridge, Feist Josselin, Gustavo Grieco, Inca R, Isaac Boukris, + Jakub Zakrzewski, John E. Malmberg, Kamil Dudka, Lior Kaplan, Marcel Raad, + Michael Kaufmann, Michał Fita, Patrick Monnerat, Paul Howarth, Ray Satiro, + Roger Leigh, Stefan Bühler, Å tefan Kremeň, Steve Holme, Svyatoslav Mishyn, + Tatsuhiro Tsujikawa, Terri Oda, Tim Stack, TJ Saunders, Tomas Tomecek, + Viktor Szakáts, + (31 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = http://curl.haxx.se/mail/lib-2014-11/0035.html - [2] = http://curl.haxx.se/mail/lib-2014-11/0078.html - [3] = http://curl.haxx.se/bug/view.cgi?id=1448 - [4] = https://github.com/tatsuhiro-t/nghttp2/issues/103 - [5] = http://sourceforge.net/p/curl/feature-requests/82/ - [6] = http://curl.haxx.se/mail/lib-2014-11/0221.html - [7] = http://curl.haxx.se/bug/view.cgi?id=1455 - [8] = http://curl.haxx.se/bug/view.cgi?id=1456 - [9] = http://curl.haxx.se/bug/view.cgi?id=1457 - [10] = http://curl.haxx.se/bug/view.cgi?id=1462 - [11] = http://curl.haxx.se/mail/lib-2014-12/0089.html - [12] = http://curl.haxx.se/bug/view.cgi?id=1456 - [13] = http://curl.haxx.se/bug/view.cgi?id=1450 - [14] = http://curl.haxx.se/mail/lib-2014-12/0103.html - [15] = http://curl.haxx.se/bug/view.cgi?id=1451 - [16] = http://curl.haxx.se/bug/view.cgi?id=1449 - [17] = https://github.com/bagder/curl/pull/133 - [18] = http://curl.haxx.se/docs/adv_20150108A.html - [19] = http://curl.haxx.se/docs/adv_20150108B.html + [1] = https://github.com/bagder/curl/issues/278 + [2] = https://github.com/bagder/curl/issues/318 + [3] = http://curl.haxx.se/mail/lib-2015-06/0122.html + [4] = http://curl.haxx.se/bug/?i=371 + [5] = https://github.com/bagder/curl/issues/264 + [6] = http://curl.haxx.se/libcurl/c/CURLMOPT_PUSHFUNCTION.html + [7] = http://curl.haxx.se/libcurl/c/http2-serverpush.html + [8] = https://github.com/bagder/curl/blob/master/docs/CODE_OF_CONDUCT.md + [9] = http://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html + [10] = https://github.com/bagder/curl/issues/356 + [11] = https://bugzilla.redhat.com/1248389 + [12] = http://curl.haxx.se/mail/lib-2015-07/0149.html + [13] = http://curl.haxx.se/mail/lib-2015-07/0149.html + [14] = http://curl.haxx.se/bug/?i=360 + [15] = http://curl.haxx.se/bug/?i=357 + [16] = https://github.com/bagder/curl/issues/361 + [17] = https://github.com/bagder/curl/issues/363 + [18] = https://github.com/bagder/curl/pull/174 + [19] = https://github.com/bagder/curl/issues/366 + [20] = http://curl.haxx.se/mail/lib-2015-08/0019.html + [21] = http://curl.haxx.se/bug/?i=359 + [22] = http://curl.haxx.se/bug/?i=370 + [23] = http://curl.haxx.se/bug/?i=372 + [24] = http://curl.haxx.se/bug/?i=374 + [25] = http://curl.haxx.se/bug/?i=375 diff --git a/acinclude.m4 b/acinclude.m4 index 453358d..782f32d 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1851,8 +1851,10 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ AC_REQUIRE([AC_HEADER_TIME])dnl AC_CHECK_HEADERS(sys/types.h sys/time.h time.h) AC_MSG_CHECKING([for monotonic clock_gettime]) - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ + # + if test "x$dontwant_rt" == "xno" ; then + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1866,17 +1868,18 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ #include #endif #endif - ]],[[ - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); - ]]) - ],[ - AC_MSG_RESULT([yes]) - ac_cv_func_clock_gettime="yes" - ],[ - AC_MSG_RESULT([no]) - ac_cv_func_clock_gettime="no" - ]) + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + ]]) + ],[ + AC_MSG_RESULT([yes]) + ac_cv_func_clock_gettime="yes" + ],[ + AC_MSG_RESULT([no]) + ac_cv_func_clock_gettime="no" + ]) + fi dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed dnl until library linking and run-time checks for clock_gettime succeed. ]) @@ -2452,23 +2455,6 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ ]) -# This is only a temporary fix. This macro is here to replace the broken one -# delivered by the automake project (including the 1.9.6 release). As soon as -# they ship a working version we SHOULD remove this work-around. - -AC_DEFUN([AM_MISSING_HAS_RUN], -[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" -# Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " -else - am_missing_run= - AC_MSG_WARN([`missing' script is too old or missing]) -fi -]) - - dnl CURL_VERIFY_RUNTIMELIBS dnl ------------------------------------------------- dnl Verify that the shared libs found so far can be used when running @@ -2607,15 +2593,16 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl both given - AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.]) + ca="$want_ca" + capath="$want_capath" elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then dnl --with-ca-bundle given ca="$want_ca" capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl --with-ca-path given - if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) fi capath="$want_capath" ca="no" @@ -2669,11 +2656,13 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle]) AC_SUBST(CURL_CA_BUNDLE) AC_MSG_RESULT([$ca]) - elif test "x$capath" != "xno"; then + fi + if test "x$capath" != "xno"; then CURL_CA_PATH="\"$capath\"" AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path]) AC_MSG_RESULT([$capath (capath)]) - else + fi + if test "x$ca" = "xno" && test "x$capath" = "xno"; then AC_MSG_RESULT([no]) fi ]) diff --git a/aclocal.m4 b/aclocal.m4 index fd841ca..32d8994 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.15 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +# Copyright (C) 2002-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.]) # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.14' +[am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.14.1], [], +m4_if([$1], [1.15], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.14.1])dnl +[AM_AUTOMAKE_VERSION([1.15])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -408,7 +408,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -498,8 +498,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -573,6 +573,9 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not @@ -602,7 +605,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -613,7 +616,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -623,7 +626,7 @@ if test x"${install_sh}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -645,7 +648,7 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -680,7 +683,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -730,7 +733,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -769,7 +772,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -798,7 +801,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -845,7 +848,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -864,7 +867,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -945,7 +948,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2009-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1005,7 +1008,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1033,7 +1036,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1052,7 +1055,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/buildconf b/buildconf index f3f0bd5..705f0d3 100755 --- a/buildconf +++ b/buildconf @@ -318,6 +318,8 @@ for fname in .deps \ ltsugar.m4 \ ltversion.m4 \ lt~obsolete.m4 \ + missing \ + install-sh \ stamp-h1 \ stamp-h2 \ stamp-h3 ; do @@ -329,7 +331,7 @@ done # echo "buildconf: running libtoolize" -${libtoolize} --copy --automake --force || die "libtoolize command failed" +${libtoolize} --copy --force || die "libtoolize command failed" # When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4 # subdirectory and this local copy is patched to fix some warnings that diff --git a/compile b/compile index 531136b..a85b723 100755 --- a/compile +++ b/compile @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff --git a/configure b/configure index bbdf846..34cbe8c 100755 --- a/configure +++ b/configure @@ -923,9 +923,9 @@ USE_POLARSSL HAVE_GNUTLS_SRP USE_GNUTLS_NETTLE USE_GNUTLS -HAVE_SSLEAY_SRP +HAVE_OPENSSL_SRP RANDOM_FILE -USE_SSLEAY +SSL_LIBS PKGCONFIG USE_DARWINSSL USE_WINDOWS_SSPI @@ -1105,6 +1105,7 @@ enable_curldebug enable_symbol_hiding enable_hidden_symbols enable_ares +enable_rt enable_dependency_tracking enable_silent_rules enable_largefile @@ -1816,6 +1817,7 @@ Optional Features: To be deprecated, use --disable-symbol-hiding --enable-ares[=PATH] Enable c-ares for DNS lookups --disable-ares Disable c-ares for DNS lookups + --disable-rt disable dependency on -lrt --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking @@ -3259,6 +3261,38 @@ fi $as_echo "$want_ares" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable dependency on -lrt" >&5 +$as_echo_n "checking whether to disable dependency on -lrt... " >&6; } + OPT_RT="default" + # Check whether --enable-rt was given. +if test "${enable_rt+set}" = set; then : + enableval=$enable_rt; OPT_RT=$enableval +fi + + case "$OPT_RT" in + no) + dontwant_rt="yes" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + ;; + default) + dontwant_rt="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: (assumed no) + ;; + *" >&5 +$as_echo "(assumed no) + ;; + *" >&6; } + dontwant_rt="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac + if test "$dontwant_rt" = "yes" && test "$want_thres" = "yes" ; then + as_fn_error $? "options --disable-rt and --enable-thread-resolver are mutually exclusive, at most one can be selected." "$LINENO" 5 + fi + + # # Check that 'XC_CONFIGURE_PREAMBLE' has already run. # @@ -4858,7 +4892,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -am__api_version='1.14' +am__api_version='1.15' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } @@ -4937,17 +4971,24 @@ test "$program_suffix" != NONE && ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi # Use eval to expand $SHELL -if eval "$MISSING --run true"; then - am_missing_run="$MISSING --run " +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -5342,8 +5383,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -19929,7 +19970,9 @@ done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for monotonic clock_gettime" >&5 $as_echo_n "checking for monotonic clock_gettime... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + # + if test "x$dontwant_rt" == "xno" ; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -19950,8 +19993,8 @@ $as_echo_n "checking for monotonic clock_gettime... " >&6; } int main (void) { - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); ; return 0; @@ -19960,18 +20003,19 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - ac_cv_func_clock_gettime="yes" + ac_cv_func_clock_gettime="yes" else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_clock_gettime="no" + ac_cv_func_clock_gettime="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + fi # @@ -20921,7 +20965,7 @@ done if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" -$as_echo "#define CURL_LDAP_WIN 1" >>confdefs.h +$as_echo "#define USE_WIN32_LDAP 1" >>confdefs.h else curl_ldap_msg="enabled (OpenLDAP)" @@ -21117,6 +21161,8 @@ if test "${with_gssapi+set}" = set; then : fi +: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} + save_CPPFLAGS="$CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if GSS-API support is requested" >&5 $as_echo_n "checking if GSS-API support is requested... " >&6; } @@ -21127,8 +21173,8 @@ $as_echo "yes" >&6; } if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -21272,8 +21318,8 @@ $as_echo "#define HAVE_GSSAPI 1" >>confdefs.h if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` + elif test -f "$KRB5CONFIG"; then + gss_libs=`$KRB5CONFIG --libs gssapi` LIBS="$gss_libs $LIBS" else case $host in @@ -21579,6 +21625,7 @@ $as_echo "found" >&6; } fi $PKGCONFIG --cflags-only-I openssl 2>/dev/null` + { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: SSL_LIBS: \"$SSL_LIBS\"" >&5 $as_echo "$as_me: pkg-config: SSL_LIBS: \"$SSL_LIBS\"" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: SSL_LDFLAGS: \"$SSL_LDFLAGS\"" >&5 @@ -21719,6 +21766,76 @@ fi if test X"$HAVECRYPTO" = X"yes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL linking without -ldl" >&5 +$as_echo_n "checking OpenSSL linking without -ldl... " >&6; } + saved_libs=$LIBS + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +int main (void) +{ + + SSLeay_add_all_algorithms(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LIBS="$saved_libs" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL linking with -ldl" >&5 +$as_echo_n "checking OpenSSL linking with -ldl... " >&6; } + LIBS="-ldl $LIBS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +int main (void) +{ + + SSLeay_add_all_algorithms(); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + LIBS="$saved_libs -ldl" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + LIBS="$saved_libs" + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + fi + + if test X"$HAVECRYPTO" = X"yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_connect in -lssl" >&5 $as_echo_n "checking for SSL_connect in -lssl... " >&6; } @@ -21865,10 +21982,6 @@ done fi if test X"$OPENSSL_ENABLED" = X"1"; then - -$as_echo "#define USE_SSLEAY 1" >>confdefs.h - - for ac_header in openssl/pkcs12.h do : ac_fn_c_check_header_mongrel "$LINENO" "openssl/pkcs12.h" "ac_cv_header_openssl_pkcs12_h" "$ac_includes_default" @@ -21884,8 +21997,6 @@ done else LIBS="$CLEANLIBS" fi - USE_SSLEAY="$OPENSSL_ENABLED" - if test X"$OPT_SSL" != Xoff && test "$OPENSSL_ENABLED" != "1"; then @@ -21932,7 +22043,8 @@ fi ENGINE_cleanup \ CRYPTO_cleanup_all_ex_data \ SSL_get_shutdown \ - SSLv2_client_method + SSLv2_client_method \ + DES_set_odd_parity do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -21945,23 +22057,33 @@ fi done + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BoringSSL" >&5 +$as_echo_n "checking for BoringSSL... " >&6; } + if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then + curl_ssl_msg="enabled (BoringSSL)" + +cat >>confdefs.h <<_ACEOF +#define HAVE_BORINGSSL 1 +_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yaSSL using OpenSSL compatibility mode" >&5 -$as_echo_n "checking for yaSSL using OpenSSL compatibility mode... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libressl" >&5 +$as_echo_n "checking for libressl... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include int main (void) { -#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER) - int dummy = SSL_ERROR_NONE; -#else - Not the yaSSL OpenSSL compatibility header. -#endif + int dummy = LIBRESSL_VERSION_NUMBER; ; return 0; @@ -21974,10 +22096,10 @@ if ac_fn_c_try_compile "$LINENO"; then : $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF -#define USE_YASSLEMUL 1 +#define HAVE_LIBRESSL 1 _ACEOF - curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)" + curl_ssl_msg="enabled (libressl)" else @@ -22072,6 +22194,7 @@ rm -f conftest.err conftest.i conftest.$ac_ext esac case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22181,6 +22304,42 @@ rm -f core conftest.err conftest.$ac_objext \ /* end confdefs.h. */ +#define SSL_CONF_CTX_new innocuous_SSL_CONF_CTX_new +#ifdef __STDC__ +# include +#else +# include +#endif +#undef SSL_CONF_CTX_new +#ifdef __cplusplus +extern "C" +#endif +char SSL_CONF_CTX_new (); +#if defined __stub_SSL_CONF_CTX_new || defined __stub___SSL_CONF_CTX_new +choke me +#endif + +int main (void) +{ +return SSL_CONF_CTX_new (); + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + tst_api="0x102" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + fi + if test "$tst_api" = "unknown"; then + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #define SSL_renegotiate_abbreviated innocuous_SSL_renegotiate_abbreviated #ifdef __STDC__ # include @@ -22538,6 +22697,7 @@ rm -f core conftest.err conftest.$ac_objext \ fi case $tst_api in 0x110) tst_show="1.1.0" ;; + 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22680,9 +22840,9 @@ $as_echo "$ac_cv_lib_crypto_SRP_Calc_client_key" >&6; } if test "x$ac_cv_lib_crypto_SRP_Calc_client_key" = xyes; then : -$as_echo "#define HAVE_SSLEAY_SRP 1" >>confdefs.h +$as_echo "#define HAVE_OPENSSL_SRP 1" >>confdefs.h - HAVE_SSLEAY_SRP=1 + HAVE_OPENSSL_SRP=1 fi @@ -23352,6 +23512,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then OPT_CYASSL="" fi + + cyassllibname=cyassl + if test -z "$OPT_CYASSL" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CyaSSL_Init in -lcyassl" >&5 @@ -23465,11 +23628,79 @@ else CPPFLAGS=$_cppflags LDFLAGS=$_ldflags + cyassllib="" fi fi + addld="" + addlib="" + addcflags="" + + if test "x$USE_CYASSL" != "xyes"; then + addld=-L$OPT_CYASSL/lib$libsuff + addcflags=-I$OPT_CYASSL/include + cyassllib=$OPT_CYASSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + cyassllibname=wolfssl + my_ac_save_LIBS="$LIBS" + LIBS="-l$cyassllibname -lm $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CyaSSL_Init in -lwolfssl" >&5 +$as_echo_n "checking for CyaSSL_Init in -lwolfssl... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +/* These aren't needed for detection and confuse WolfSSL. + They are set up properly later if it is detected. */ +#undef SIZEOF_LONG +#undef SIZEOF_LONG_LONG +#include + +int main (void) +{ + + return CyaSSL_Init(); + + ; + return 0; +} + +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +$as_echo "#define USE_CYASSL 1" >>confdefs.h + + USE_CYASSL=1 + + CYASSL_ENABLED=1 + USE_CYASSL="yes" + curl_ssl_msg="enabled (CyaSSL)" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + cyassllib="" + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS="$my_ac_save_LIBS" + fi + if test "x$USE_CYASSL" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: detected CyaSSL" >&5 $as_echo "$as_me: detected CyaSSL" >&6;} @@ -23508,6 +23739,19 @@ _ACEOF + for ac_header in cyassl/options.h +do : + ac_fn_c_check_header_mongrel "$LINENO" "cyassl/options.h" "ac_cv_header_cyassl_options_h" "$ac_includes_default" +if test "x$ac_cv_header_cyassl_options_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CYASSL_OPTIONS_H 1 +_ACEOF + +fi + +done + + for ac_header in cyassl/error-ssl.h do : ac_fn_c_check_header_mongrel "$LINENO" "cyassl/error-ssl.h" "ac_cv_header_cyassl_error_ssl_h" "$ac_includes_default" @@ -23521,7 +23765,7 @@ fi done - LIBS="-lcyassl -lm $LIBS" + LIBS="-l$cyassllibname -lm $LIBS" if test -n "$cyassllib"; then if test "x$cross_compiling" != "xyes"; then @@ -23705,24 +23949,190 @@ $as_echo "found" >&6; } fi fi else - # Without pkg-config, we'll kludge in some defaults - addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS - fi + NSS_PCDIR="$OPT_NSS/lib/pkgconfig" + if test -f "$NSS_PCDIR/nss.pc"; then - if test -n "$addlib"; then - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" + PKGCONFIG="no" - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKGCONFIG=$ac_cv_path_PKGCONFIG +if test -n "$PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 +$as_echo "$PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKGCONFIG"; then + ac_pt_PKGCONFIG=$PKGCONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKGCONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_dummy="$PATH:/usr/bin:/usr/local/bin" +for as_dir in $as_dummy +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG +if test -n "$ac_pt_PKGCONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 +$as_echo "$ac_pt_PKGCONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKGCONFIG" = x; then + PKGCONFIG="no" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKGCONFIG=$ac_pt_PKGCONFIG + fi +else + PKGCONFIG="$ac_cv_path_PKGCONFIG" +fi + + + if test x$PKGCONFIG != xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss options with pkg-config" >&5 +$as_echo_n "checking for nss options with pkg-config... " >&6; } + itexists=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --exists nss >/dev/null 2>&1 && echo 1` + + if test -z "$itexists"; then + PKGCONFIG="no" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 +$as_echo "found" >&6; } + fi + fi + + if test "$PKGCONFIG" != "no" ; then + addld=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --libs-only-L nss` + addlib=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --libs-only-l nss` + addcflags=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --cflags nss` + version=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --modversion nss` + nssprefix=` + if test -n "$NSS_PCDIR"; then + PKG_CONFIG_LIBDIR="$NSS_PCDIR" + export PKG_CONFIG_LIBDIR + fi + $PKGCONFIG --variable=prefix nss` + fi fi + fi + + if test -z "$addlib"; then + # Without pkg-config, we'll kludge in some defaults + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 +$as_echo "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} + addld="-L$OPT_NSS/lib" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS + fi + + CLEANLDFLAGS="$LDFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5 + LDFLAGS="$addld $LDFLAGS" + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5 $as_echo_n "checking for SSL_VersionRangeSet in -lnss3... " >&6; } if ${ac_cv_lib_nss3_SSL_VersionRangeSet+:} false; then : $as_echo_n "(cached) " >&6 @@ -23760,37 +24170,36 @@ if test "x$ac_cv_lib_nss3_SSL_VersionRangeSet" = xyes; then : $as_echo "#define USE_NSS 1" >>confdefs.h - USE_NSS=1 + USE_NSS=1 - USE_NSS="yes" - NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" + USE_NSS="yes" + NSS_ENABLED=1 + curl_ssl_msg="enabled (NSS)" else - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" + LDFLAGS="$CLEANLDFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" fi - if test "x$USE_NSS" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 + if test "x$USE_NSS" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 $as_echo "$as_me: detected NSS version $version" >&6;} - NSS_LIBS=$addlib + NSS_LIBS=$addlib - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH - { $as_echo "$as_me:${as_lineno-$LINENO}: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&5 + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" + export LD_LIBRARY_PATH + { $as_echo "$as_me:${as_lineno-$LINENO}: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&5 $as_echo "$as_me: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&6;} - fi fi fi - fi fi OPT_AXTLS=off @@ -23935,13 +24344,14 @@ fi if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - as_fn_error $? "Can't specify both --with-ca-bundle and --with-ca-path." "$LINENO" 5 + ca="$want_ca" + capath="$want_capath" elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then ca="$want_ca" capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then - as_fn_error $? "--with-ca-path only works with openSSL or PolarSSL" "$LINENO" 5 + if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then + as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5 fi capath="$want_capath" ca="no" @@ -23993,7 +24403,8 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ca" >&5 $as_echo "$ca" >&6; } - elif test "x$capath" != "xno"; then + fi + if test "x$capath" != "xno"; then CURL_CA_PATH="\"$capath\"" cat >>confdefs.h <<_ACEOF @@ -24002,7 +24413,8 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $capath (capath)" >&5 $as_echo "$capath (capath)" >&6; } - else + fi + if test "x$ca" = "xno" && test "x$capath" = "xno"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -25744,9 +26156,11 @@ $as_echo "$as_me: -L is $LD_H2" >&6;} CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2" >&5 -$as_echo_n "checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2... " >&6; } -if ${ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback+:} false; then : + # use nghttp2_option_set_no_recv_client_magic to require nghttp2 + # >= 1.0.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2" >&5 +$as_echo_n "checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2... " >&6; } +if ${ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS @@ -25758,26 +26172,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char nghttp2_session_callbacks_set_send_callback (); +char nghttp2_option_set_no_recv_client_magic (); int main (void) { -return nghttp2_session_callbacks_set_send_callback (); +return nghttp2_option_set_no_recv_client_magic (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=yes + ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=yes else - ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=no + ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&5 -$as_echo "$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&6; } -if test "x$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&5 +$as_echo "$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&6; } +if test "x$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" = xyes; then : for ac_header in nghttp2/nghttp2.h do : @@ -38758,7 +39172,7 @@ if test "x$want_thres" = xyes && test "x$want_ares" = xyes; then as_fn_error $? "Options --enable-threaded-resolver and --enable-ares are mutually exclusive" "$LINENO" 5 fi -if test "$want_thres" = "yes"; then +if test "$want_thres" = "yes" && test "$dontwant_rt" = "no"; then ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" if test "x$ac_cv_header_pthread_h" = xyes; then : @@ -38998,7 +39412,7 @@ $as_echo "yes" >&6; } fi -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then $as_echo "#define USE_TLS_SRP 1" >>confdefs.h @@ -39164,7 +39578,7 @@ ENABLE_STATIC="$enable_static" -if test "x$USE_SSLEAY" = "x1"; then +if test "x$OPENSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" @@ -39203,7 +39617,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then - if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" @@ -39275,7 +39689,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then fi if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ - -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" diff --git a/configure.ac b/configure.ac index a1b560c..683299d 100644 --- a/configure.ac +++ b/configure.ac @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -47,6 +47,7 @@ CURL_CHECK_OPTION_WERROR CURL_CHECK_OPTION_CURLDEBUG CURL_CHECK_OPTION_SYMBOL_HIDING CURL_CHECK_OPTION_ARES +CURL_CHECK_OPTION_RT XC_CHECK_PATH_SEPARATOR @@ -1046,7 +1047,7 @@ if test x$CURL_DISABLE_LDAP != x1 ; then if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" - AC_DEFINE(CURL_LDAP_WIN, 1, [Use Windows LDAP implementation]) + AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) else curl_ldap_msg="enabled (OpenLDAP)" if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then @@ -1184,6 +1185,8 @@ AC_ARG_WITH(gssapi, fi ]) +: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} + save_CPPFLAGS="$CPPFLAGS" AC_MSG_CHECKING([if GSS-API support is requested]) if test x"$want_gss" = xyes; then @@ -1192,8 +1195,8 @@ if test x"$want_gss" = xyes; then if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then - GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` + elif test -f "$KRB5CONFIG"; then + GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -1283,10 +1286,10 @@ if test x"$want_gss" = xyes; then dnl into LIBS gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" - elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then + elif test -f "$KRB5CONFIG"; then dnl krb5-config doesn't have --libs-only-L or similar, put everything dnl into LIBS - gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` + gss_libs=`$KRB5CONFIG --libs gssapi` LIBS="$gss_libs $LIBS" else case $host in @@ -1451,6 +1454,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl $PKGCONFIG --cflags-only-I openssl 2>/dev/null` + AC_SUBST(SSL_LIBS) AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) @@ -1506,6 +1510,46 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then if test X"$HAVECRYPTO" = X"yes"; then + AC_MSG_CHECKING([OpenSSL linking without -ldl]) + saved_libs=$LIBS + AC_TRY_LINK( + [ + #include + ], + [ + SSLeay_add_all_algorithms(); + ], + [ + AC_MSG_RESULT(yes) + LIBS="$saved_libs" + ], + [ + AC_MSG_RESULT(no) + AC_MSG_CHECKING([OpenSSL linking with -ldl]) + LIBS="-ldl $LIBS" + AC_TRY_LINK( + [ + #include + ], + [ + SSLeay_add_all_algorithms(); + ], + [ + AC_MSG_RESULT(yes) + LIBS="$saved_libs -ldl" + ], + [ + AC_MSG_RESULT(no) + LIBS="$saved_libs" + ] + ) + + ] + ) + + fi + + if test X"$HAVECRYPTO" = X"yes"; then dnl This is only reasonable to do if crypto actually is there: check for dnl SSL libs NOTE: it is important to do this AFTER the crypto lib @@ -1527,7 +1571,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then else - dnl Have the libraries--check for SSLeay/OpenSSL headers + dnl Have the libraries--check for OpenSSL headers AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ openssl/pem.h openssl/ssl.h openssl/err.h, curl_ssl_msg="enabled (OpenSSL)" @@ -1551,17 +1595,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then fi if test X"$OPENSSL_ENABLED" = X"1"; then - AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled]) - dnl is there a pkcs12.h header present? AC_CHECK_HEADERS(openssl/pkcs12.h) else LIBS="$CLEANLIBS" fi - dnl USE_SSLEAY is the historical name for what configure calls - dnl OPENSSL_ENABLED; the names should really be unified - USE_SSLEAY="$OPENSSL_ENABLED" - AC_SUBST(USE_SSLEAY) if test X"$OPT_SSL" != Xoff && test "$OPENSSL_ENABLED" != "1"; then @@ -1578,8 +1616,11 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then AC_CHECK_FUNCS( ENGINE_load_builtin_engines ) ]) - dnl these can only exist if openssl exists - dnl yassl doesn't have SSL_get_shutdown + dnl These can only exist if OpenSSL exists + dnl Older versions of Cyassl (some time before 2.9.4) don't have + dnl SSL_get_shutdown (but this check won't actually detect it there + dnl as it's a macro that needs the header files be included) + dnl BoringSSL doesn't have DES_set_odd_parity AC_CHECK_FUNCS( RAND_status \ RAND_screen \ @@ -1587,28 +1628,30 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then ENGINE_cleanup \ CRYPTO_cleanup_all_ex_data \ SSL_get_shutdown \ - SSLv2_client_method ) - - dnl Make an attempt to detect if this is actually yassl's headers and - dnl OpenSSL emulation layer. We still leave everything else believing - dnl and acting like OpenSSL. - - AC_MSG_CHECKING([for yaSSL using OpenSSL compatibility mode]) + SSLv2_client_method \ + DES_set_odd_parity ) + + AC_MSG_CHECKING([for BoringSSL]) + if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then + curl_ssl_msg="enabled (BoringSSL)" + AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, + [Define to 1 if using BoringSSL.]) + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + fi + AC_MSG_CHECKING([for libressl]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#include +#include ]],[[ -#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER) - int dummy = SSL_ERROR_NONE; -#else - Not the yaSSL OpenSSL compatibility header. -#endif + int dummy = LIBRESSL_VERSION_NUMBER; ]]) ],[ AC_MSG_RESULT([yes]) - AC_DEFINE_UNQUOTED(USE_YASSLEMUL, 1, - [Define to 1 if using yaSSL in OpenSSL compatibility mode.]) - curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)" + AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, + [Define to 1 if using libressl.]) + curl_ssl_msg="enabled (libressl)" ],[ AC_MSG_RESULT([no]) ]) @@ -1672,8 +1715,8 @@ dnl --- if test "$OPENSSL_ENABLED" = "1"; then AC_CHECK_LIB(crypto, SRP_Calc_client_key, [ - AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key]) - AC_SUBST(HAVE_SSLEAY_SRP, [1]) + AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) + AC_SUBST(HAVE_OPENSSL_SRP, [1]) ]) fi @@ -1943,6 +1986,10 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then OPT_CYASSL="" fi + dnl This should be reworked to use pkg-config instead + + cyassllibname=cyassl + if test -z "$OPT_CYASSL" ; then dnl check for lib in system default first @@ -1984,19 +2031,70 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then [ CPPFLAGS=$_cppflags LDFLAGS=$_ldflags + cyassllib="" ]) fi + addld="" + addlib="" + addcflags="" + + if test "x$USE_CYASSL" != "xyes"; then + dnl libcyassl renamed to libwolfssl as of 3.4.0 + addld=-L$OPT_CYASSL/lib$libsuff + addcflags=-I$OPT_CYASSL/include + cyassllib=$OPT_CYASSL/lib$libsuff + + LDFLAGS="$LDFLAGS $addld" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi + + cyassllibname=wolfssl + my_ac_save_LIBS="$LIBS" + LIBS="-l$cyassllibname -lm $LIBS" + + AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ +/* These aren't needed for detection and confuse WolfSSL. + They are set up properly later if it is detected. */ +#undef SIZEOF_LONG +#undef SIZEOF_LONG_LONG +#include + ]],[[ + return CyaSSL_Init(); + ]]) + ],[ + AC_MSG_RESULT(yes) + AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled]) + AC_SUBST(USE_CYASSL, [1]) + CYASSL_ENABLED=1 + USE_CYASSL="yes" + curl_ssl_msg="enabled (CyaSSL)" + ], + [ + AC_MSG_RESULT(no) + CPPFLAGS=$_cppflags + LDFLAGS=$_ldflags + cyassllib="" + ]) + LIBS="$my_ac_save_LIBS" + fi + if test "x$USE_CYASSL" = "xyes"; then AC_MSG_NOTICE([detected CyaSSL]) dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! AC_CHECK_SIZEOF(long long) + dnl Versions since at least 2.6.0 may have options.h + AC_CHECK_HEADERS(cyassl/options.h) + dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h AC_CHECK_HEADERS(cyassl/error-ssl.h) - LIBS="-lcyassl -lm $LIBS" + LIBS="-l$cyassllibname -lm $LIBS" if test -n "$cyassllib"; then dnl when shared libs were found in a path that the run-time @@ -2063,56 +2161,72 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then fi fi else - # Without pkg-config, we'll kludge in some defaults - addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS + NSS_PCDIR="$OPT_NSS/lib/pkgconfig" + if test -f "$NSS_PCDIR/nss.pc"; then + CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR]) + if test "$PKGCONFIG" != "no" ; then + addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss` + addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss` + addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss` + version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss` + nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss` + fi + fi fi - if test -n "$addlib"; then + if test -z "$addlib"; then + # Without pkg-config, we'll kludge in some defaults + AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) + addld="-L$OPT_NSS/lib" + addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS + fi - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" + CLEANLDFLAGS="$LDFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi + LDFLAGS="$addld $LDFLAGS" + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi - dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 - AC_CHECK_LIB(nss3, SSL_VersionRangeSet, - [ - AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) - AC_SUBST(USE_NSS, [1]) - USE_NSS="yes" - NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" - ], - [ - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" - ]) + dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 + AC_CHECK_LIB(nss3, SSL_VersionRangeSet, + [ + AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) + AC_SUBST(USE_NSS, [1]) + USE_NSS="yes" + NSS_ENABLED=1 + curl_ssl_msg="enabled (NSS)" + ], + [ + LDFLAGS="$CLEANLDFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) - if test "x$USE_NSS" = "xyes"; then - AC_MSG_NOTICE([detected NSS version $version]) + if test "x$USE_NSS" = "xyes"; then + AC_MSG_NOTICE([detected NSS version $version]) - dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS - NSS_LIBS=$addlib - AC_SUBST([NSS_LIBS]) + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS + NSS_LIBS=$addlib + AC_SUBST([NSS_LIBS]) - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl LD_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH - AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH]) - fi + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl LD_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH]) fi - fi + fi dnl NSS found fi dnl NSS not disabled @@ -2768,7 +2882,9 @@ if test X"$want_h2" != Xno; then CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback, + # use nghttp2_option_set_no_recv_client_magic to require nghttp2 + # >= 1.0.0 + AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic, [ AC_CHECK_HEADERS(nghttp2/nghttp2.h, curl_h2_msg="enabled (nghttp2)" @@ -3142,7 +3258,7 @@ if test "x$want_thres" = xyes && test "x$want_ares" = xyes; then [Options --enable-threaded-resolver and --enable-ares are mutually exclusive]) fi -if test "$want_thres" = "yes"; then +if test "$want_thres" = "yes" && test "$dontwant_rt" = "no"; then AC_CHECK_HEADER(pthread.h, [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have ]) save_CFLAGS="$CFLAGS" @@ -3268,7 +3384,7 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]), want_tls_srp=yes ) -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication]) USE_TLS_SRP=1 curl_tls_srp_msg="enabled" @@ -3382,7 +3498,7 @@ dnl For keeping supported features and protocols also in pkg-config file dnl since it is more cross-compile friendly than curl-config dnl -if test "x$USE_SSLEAY" = "x1"; then +if test "x$OPENSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" @@ -3421,7 +3537,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then - if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" @@ -3494,7 +3610,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then fi if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ - -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" diff --git a/curl-config.in b/curl-config.in index 1ddf4c2..9398722 100644 --- a/curl-config.in +++ b/curl-config.in @@ -71,7 +71,7 @@ while test $# -gt 0; do ;; --ca) - echo "@CURL_CA_BUNDLE@" + echo @CURL_CA_BUNDLE@ ;; --cc) diff --git a/depcomp b/depcomp index 4ebd5b3..fc98710 100755 --- a/depcomp +++ b/depcomp @@ -3,7 +3,7 @@ scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/docs/BINDINGS b/docs/BINDINGS index d4cf488..fed16e9 100644 --- a/docs/BINDINGS +++ b/docs/BINDINGS @@ -50,7 +50,7 @@ Cocoa D Written by Kenneth Bogert - http://curl.haxx.se/libcurl/d/ + http://dlang.org/library/std/net/curl.html Dylan @@ -60,7 +60,7 @@ Dylan Eiffel Written by Eiffel Software - http://curl.haxx.se/libcurl/eiffel/ + https://room.eiffel.com/library/curl Euphoria @@ -78,7 +78,7 @@ Ferite Gambas - http://gambas.sourceforge.net + http://gambas.sourceforge.net/ glib/GTK+ @@ -90,6 +90,11 @@ Guile: Written by Michael L. Gran http://www.lonelycactus.com/guile-curl.html +Harbour + + Written by Viktor Szakáts + https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl + Haskell Written by Galois, Inc @@ -97,8 +102,7 @@ Haskell Java - Maintained by [blank] - http://curl.haxx.se/libcurl/java/ + https://github.com/pjlegato/curl-java Julia @@ -115,7 +119,7 @@ Lua luacurl by Alexander Marinov http://luacurl.luaforge.net/ - Lua-cURL by Jürgen Hötzel + Lua-cURL by Jürgen Hötzel http://luaforge.net/projects/lua-curl/ Mono @@ -126,7 +130,7 @@ Mono .NET libcurl-net by Jeffrey Phillips - http://sourceforge.net/projects/libcurl-net/ + https://sourceforge.net/projects/libcurl-net/ node.js @@ -141,7 +145,7 @@ Object-Pascal O'Caml Written by Lars Nilsson - http://sourceforge.net/projects/ocurl/ + https://sourceforge.net/projects/ocurl/ Pascal @@ -150,13 +154,13 @@ Pascal Perl - Maintained by Cris Bailiff - http://curl.haxx.se/libcurl/perl/ + Maintained by Cris Bailiff and Bálint Szilakszi + https://github.com/szbalint/WWW--Curl PHP Written by Sterling Hughes - http://curl.haxx.se/libcurl/php/ + https://php.net/curl PostgreSQL @@ -170,8 +174,7 @@ Python R - RCurl by Duncan Temple Lang - http://www.omegahat.org/RCurl/ + http://cran.r-project.org/package=curl Rexx @@ -192,10 +195,15 @@ Ruby ruby-curl-multi - written by Kristjan Petursson and Keith Rarick http://curl-multi.rubyforge.org/ +Rust + + curl-rust - by Carl Lerche + https://github.com/carllerche/curl-rust + Scheme Bigloo binding by Kirill Lisovsky - http://curl.haxx.se/libcurl/scheme/ + http://www.metapaper.net/lisovsky/web/curl/ S-Lang @@ -219,13 +227,13 @@ SPL Tcl - Tclcurl by Andrés García - http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html + Tclcurl by Andrés García + http://mirror.yellow5.com/tclcurl/ Visual Basic libcurl-vb by Jeffrey Phillips - http://sourceforge.net/projects/libcurl-vb/ + https://sourceforge.net/projects/libcurl-vb/ Visual Foxpro @@ -245,3 +253,8 @@ XBLite Written by David Szafranski http://perso.wanadoo.fr/xblite/libraries.html + +Xojo + + Written by Andrew Lambert + https://github.com/charonn0/RB-libcURL diff --git a/docs/BUGS b/docs/BUGS index c0c6fa8..36686ef 100644 --- a/docs/BUGS +++ b/docs/BUGS @@ -35,11 +35,9 @@ BUGS have a go at a solution. You can optionally also post your bug/problem at curl's bug tracking system over at - https://sourceforge.net/p/curl/bugs/ + https://github.com/bagder/curl/issues - Please read the rest of this document below first before doing that! Also, - you need to login to your sourceforge account before being able to submit a - bug report (necessary evil done to avoid spam). + Please read the rest of this document below first before doing that! If you feel you need to ask around first, find a suitable mailing list and post there. The lists are available on http://curl.haxx.se/mail/ diff --git a/docs/CODE_OF_CONDUCT.md b/docs/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..04ea66e --- /dev/null +++ b/docs/CODE_OF_CONDUCT.md @@ -0,0 +1,32 @@ +Contributor Code of Conduct +=========================== + +As contributors and maintainers of this project, we pledge to respect all +people who contribute through reporting issues, posting feature requests, +updating documentation, submitting pull requests or patches, and other +activities. + +We are committed to making participation in this project a harassment-free +experience for everyone, regardless of level of experience, gender, gender +identity and expression, sexual orientation, disability, personal appearance, +body size, race, ethnicity, age, or religion. + +Examples of unacceptable behavior by participants include the use of sexual +language or imagery, derogatory comments or personal attacks, trolling, public +or private harassment, insults, or other unprofessional conduct. + +Project maintainers have the right and responsibility to remove, edit, or +reject comments, commits, code, wiki edits, issues, and other contributions +that are not aligned to this Code of Conduct. Project maintainers who do not +follow the Code of Conduct may be removed from the project team. + +This code of conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported by opening an issue or contacting one or more of the project +maintainers. + +This Code of Conduct is adapted from the [Contributor +Covenant](http://contributor-covenant.org), version 1.1.0, available at +[http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/) diff --git a/docs/CONTRIBUTE b/docs/CONTRIBUTE index 83fa420..c6ea977 100644 --- a/docs/CONTRIBUTE +++ b/docs/CONTRIBUTE @@ -34,7 +34,7 @@ 3.3 How To Make a Patch without git 3.4 How to get your changes into the main sources 3.5 Write good commit messages - 3.6 Please don't send pull requests + 3.6 About pull requests ============================================================================== @@ -52,6 +52,10 @@ We also hang out on IRC in #curl on irc.freenode.net + If you're at all interested in the code side of things, consider clicking + 'watch' on the curl repo at github to get notified on pull requests and new + issues posted there. + 1.2. License When contributing with code, you agree to put your changes and new code under @@ -78,10 +82,10 @@ 1.3 What To Read - Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the - most recent CHANGES. Just lurking on the curl-library mailing list is gonna - give you a lot of insights on what's going on right now. Asking there is a - good idea too. + Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the + most recent changes in the git log. Just lurking on the curl-library mailing + list is gonna give you a lot of insights on what's going on right now. Asking + there is a good idea too. 2. cURL Coding Standards @@ -199,7 +203,7 @@ You need to first checkout the repository: - git clone git://github.com/bagder/curl.git + git clone https://github.com/bagder/curl.git You then proceed and edit all the files you like and you commit them to your local repository: @@ -241,8 +245,8 @@ For unix-like operating systems: - http://www.gnu.org/software/patch/patch.html - http://www.gnu.org/directory/diffutils.html + https://savannah.gnu.org/projects/patch/ + https://www.gnu.org/software/diffutils/ For Windows: @@ -288,27 +292,15 @@ and make sure that you have your own user and email setup correctly in git before you commit -3.6 Please don't send pull requests +3.6 About pull requests With git (and especially github) it is easy and tempting to send a pull - request to one or more people in the curl project to have changes merged this - way instead of mailing patches to the curl-library mailing list. - - We don't like that. We want them mailed for these reasons: - - - Peer review. Anyone and everyone on the list can review, comment and - improve on the patch. Pull requests limit this ability. - - - Anyone can merge the patch into their own trees for testing and those who - have push rights can push it to the main repo. It doesn't have to be anyone - the patch author knows beforehand. - - - Commit messages can be tweaked and changed if merged locally instead of - using github. Merges directly on github requires the changes to be perfect - already, which they seldom are. + request to the curl project to have changes merged this way instead of + mailing patches to the curl-library mailing list. - - Merges on github prevents rebases and even enforces --no-ff which is a git - style we don't otherwise use in the project + We used to dislike this but we're trying to change that and accept that this + is a frictionless way for people to contribute to the project. We now welcome + pull requests! - However: once patches have been reviewed and deemed fine on list they are - perfectly OK to be pulled from a published git tree. + We will continue to avoid using github's merge tools to make the history + linear and to make sure commits follow our style guidelines. diff --git a/docs/DISTRO-DILEMMA b/docs/DISTRO-DILEMMA index 71186a2..2d317fd 100644 --- a/docs/DISTRO-DILEMMA +++ b/docs/DISTRO-DILEMMA @@ -112,7 +112,7 @@ The Better License, Original BSD, GPL or LGPL? In Debian land, there seems to be a common opinion that LGPL is "maximally compatible" with apps while Original BSD is not. Like this: - http://lists.debian.org/debian-devel/2005/09/msg01417.html + https://lists.debian.org/debian-devel/2005/09/msg01417.html More SSL Libraries @@ -163,13 +163,13 @@ Distro Angle of this Problem Footnotes [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6 - [2] = http://www.fsf.org/licensing/essays/bsd.html - [3] = http://www.fsf.org/licensing/licenses/gpl.html + [2] = https://www.gnu.org/philosophy/bsd.html + [3] = https://www.gnu.org/licenses/gpl.html [4] = http://curl.haxx.se/docs/copyright.html - [5] = http://www.openssl.org/source/license.html - [6] = http://www.fsf.org/licensing/licenses/gpl.html end of section 3 - [7] = http://www.fsf.org/licensing/licenses/lgpl.html - [8] = http://en.wikipedia.org/wiki/OpenSSL_exception + [5] = https://www.openssl.org/source/license.html + [6] = https://www.gnu.org/licenses/gpl.html end of section 3 + [7] = https://www.gnu.org/licenses/lgpl.html + [8] = https://en.wikipedia.org/wiki/OpenSSL_exception Feedback/Updates provided by diff --git a/docs/FAQ b/docs/FAQ index 043b7bb..06a306d 100644 --- a/docs/FAQ +++ b/docs/FAQ @@ -21,6 +21,7 @@ FAQ 1.12 I have a problem who can I chat with? 1.13 curl's ECCN number? 1.14 How do I submit my patch? + 1.15 How do I port libcurl to my OS? 2. Install Related Problems 2.1 configure doesn't find OpenSSL even when it is installed @@ -81,6 +82,7 @@ FAQ 4.18 file:// URLs containing drive letters (Windows, NetWare) 4.19 Why doesn't cURL return an error when the network cable is unplugged? 4.20 curl doesn't return error for HTTP non-200 responses! + 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? 5. libcurl Issues 5.1 Is libcurl thread-safe? @@ -350,7 +352,7 @@ FAQ cryptography. When doing so, the Export Control Classification Number (ECCN) is used to identify the level of export control etc. - ASF gives a good explanation at http://www.apache.org/dev/crypto.html + ASF gives a good explanation at https://www.apache.org/dev/crypto.html We believe curl's number might be ECCN 5D002, another possibility is 5D992. It seems necessary to write them, asking to confirm. @@ -379,6 +381,19 @@ FAQ Lots of more details are found in the CONTRIBUTE and INTERNALS docs. + 1.15 How do I port libcurl to my OS? + + Here's a rough step-by-step: + + 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h + + 2. edit lib/config-[youros].h to match your OS and setup + + 3. edit lib/curl_setup.h to include config-[youros].h when your OS is + detected by the preprocessor, in the style others already exist + + 4. compile lib/*.c and make them into a library + 2. Install Related Problems @@ -764,8 +779,9 @@ FAQ request-body in a GET request with something like "curl -X GET -d data [URL]" - Note that -X doesn't change curl's behavior. It only modifies the actual - string sent in the request. + Note that -X doesn't actually change curl's behavior as it only modifies the + actual string sent in the request, but that may of course trigger a + different set of events. Accordingly, by using -XPOST on a command line that for example would follow a 303 redirect, you will effectively prevent curl from behaving @@ -1026,7 +1042,7 @@ FAQ timeout is set. See option TcpMaxConnectRetransmissions on this page: - http://support.microsoft.com/?scid=kb%3Ben-us%3B175523&x=6&y=7 + https://support.microsoft.com/en-us/kb/175523/en-us Also, even on non-Windows systems there may run a firewall or anti-virus software or similar that accepts the connection but does not actually do @@ -1043,7 +1059,7 @@ FAQ You'll find that even if D:\blah.txt does exist, cURL returns a 'file not found' error. - According to RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html), + According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt), file:// URLs must contain a host component, but it is ignored by most implementations. In the above example, 'D:' is treated as the host component, and is taken away. Thus, cURL tries to open '/blah.txt'. @@ -1115,6 +1131,16 @@ FAQ You can also use the -w option and the variable %{response_code} to extract the exact response code that was return in the response. + 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? + + If you use verbose to see the HTTP request when you send off a HTTP/2 + request, it will still say 1.1. + + The reason for this is that we first generate the request to send using the + old 1.1 style and show that request in the verbose output, and then we + convert it over to the binary header-compressed HTTP/2 style. The actual + "1.1" part from that request is then not actually used in the transfer. The + binary HTTP/2 headers are not human readable. 5. libcurl Issues @@ -1137,13 +1163,13 @@ FAQ If you use a OpenSSL-powered libcurl in a multi-threaded environment, you need to provide one or two locking functions: - http://www.openssl.org/docs/crypto/threads.html + https://www.openssl.org/docs/crypto/threads.html If you use a GnuTLS-powered libcurl in a multi-threaded environment, you need to provide locking function(s) for libgcrypt (which is used by GnuTLS for the crypto functions). - http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html + https://web.archive.org/web/20111103083330/http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html No special locking is needed with a NSS-powered libcurl. NSS is thread-safe. @@ -1319,7 +1345,7 @@ FAQ Also note that on many networks NATs or other IP-munging techniques are used that makes you see and use a different IP address locally than what the remote server will see you coming from. You may also consider using - http://www.torproject.org . + https://www.torproject.org/ . 5.13 How do I stop an ongoing transfer? diff --git a/docs/FEATURES b/docs/FEATURES index a674002..10fbdd5 100644 --- a/docs/FEATURES +++ b/docs/FEATURES @@ -134,8 +134,8 @@ SMB - authentication with NTLMv1 SMTP - - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and Kerberos 5 - (*4) + - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), Kerberos 5 + (*4) and External. - send e-mails - mail from support - mail size support @@ -150,8 +150,8 @@ SMTPS (*1) POP3 - authentication: Clear Text, APOP and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and - Kerberos 5 (*4) + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), + Kerberos 5 (*4) and External. - list e-mails - retrieve e-mails - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via @@ -165,8 +165,8 @@ POP3S (*1) IMAP - authentication: Clear Text and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and - Kerberos 5 (*4) + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), + Kerberos 5 (*4) and External. - list the folders of a mailbox - select a mailbox with support for verifying the UIDVALIDITY - fetch e-mails with support for specifying the UID and SECTION diff --git a/docs/HTTP-COOKIES b/docs/HTTP-COOKIES index 818e161..b5abddf 100644 --- a/docs/HTTP-COOKIES +++ b/docs/HTTP-COOKIES @@ -36,7 +36,7 @@ HTTP Cookies For a very long time, the only spec explaining how to use cookies was the original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html - In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published + In 2011, RFC6265 (https://www.ietf.org/rfc/rfc6265.txt) was finally published and details how cookies work within HTTP. 1.2 Cookies saved to disk diff --git a/docs/HTTP2.md b/docs/HTTP2.md new file mode 100644 index 0000000..b4e2983 --- /dev/null +++ b/docs/HTTP2.md @@ -0,0 +1,107 @@ +HTTP/2 with curl +================ + +[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) +[http2 explained](http://daniel.haxx.se/http2/) + +Build prerequisites +------------------- + - nghttp2 + - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version + +[nghttp2](https://nghttp2.org/) +------------------------------- + +libcurl uses this 3rd party library for the low level protocol handling +parts. The reason for this is that HTTP/2 is much more complex at that layer +than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already +existing and well functional library. + +We require at least version 1.0.0. + +Over an http:// URL +------------------- + +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will +include an upgrade header in the initial request to the host to allow +upgrading to HTTP/2. + +Possibly we can later introduce an option that will cause libcurl to fail if +not possible to upgrade. Possibly we introduce an option that makes libcurl +use HTTP/2 at once over http:// + +Over an https:// URL +-------------------- + +If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use +ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce +an option that will cause libcurl to fail if not possible to use HTTP/2. +Consider options to explicitly disable ALPN and/or NPN. + +ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is +for a similar purpose, was made prior to ALPN and is used for SPDY so early +HTTP/2 servers are implemented using NPN before ALPN support is widespread. + +SSL libs +-------- + +The challenge is the ALPN and NPN support and all our different SSL +backends. You may need a fairly updated SSL library version for it to +provide the necessary TLS features. Right now we support: + + - OpenSSL: ALPN and NPN + - NSS: ALPN and NPN + - GnuTLS: ALPN + - PolarSSL: ALPN + +Multiplexing +------------ + +Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the +term for doing multiple independent transfers over the same physical TCP +connection. + +To take advantage of multiplexing, you need to use the multi interface and set +`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will +attempt to re-use existing HTTP/2 connections and just add a new stream over +that when doing subsequent parallel requests. + +While libcurl sets up a connection to a HTTP server there is a period during +which it doesn't know if it can pipeline or do multiplexing and if you add new +transfers in that period, libcurl will default to start new connections for +those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you +can ask that a transfer should rather wait and see in case there's a +connection for the same host in progress that might end up being possible to +multiplex on. It favours keeping the number of connections low to the cost of +slightly longer time to first byte transferred. + +Applications +------------ + +We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers +in HTTP 1.1 style. This allows applications to work unmodified. + +curl tool +--------- + +curl offers the `--http2` command line option to enable use of HTTP/2 + +HTTP Alternative Services +------------------------- + +Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in HTTP/2 +that tells the client about an alternative "route" to the same content for the +same origin server that you get the response from. A browser or long-living +client can use that hint to create a new connection asynchronously. For +libcurl, we may introduce a way to bring such clues to the applicaton and/or +let a subsequent request use the alternate route +automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05) + +TODO +---- + + - Provide API to set priorities / dependencies of individual streams + + - Implement "prior-knowledge" HTTP/2 connecitons over clear text so that + curl can connect with HTTP/2 at once without 1.1+Upgrade. + diff --git a/docs/INSTALL b/docs/INSTALL index 30dec53..67cd489 100644 --- a/docs/INSTALL +++ b/docs/INSTALL @@ -173,13 +173,13 @@ Win32 advice given above. KB94248 - How To Use the C Run-Time - http://support.microsoft.com/kb/94248/en-us + https://support.microsoft.com/kb/94248/en-us KB140584 - How to link with the correct C Run-Time (CRT) library - http://support.microsoft.com/kb/140584/en-us + https://support.microsoft.com/kb/140584/en-us KB190799 - Potential Errors Passing CRT Objects Across DLL Boundaries - http://msdn.microsoft.com/en-us/library/ms235460 + https://msdn.microsoft.com/en-us/library/ms235460 If your app is misbehaving in some strange way, or it is suffering from memory corruption, before asking for further help, please try @@ -209,8 +209,8 @@ Win32 environment variables, for example: set ZLIB_PATH=c:\zlib-1.2.8 - set OPENSSL_PATH=c:\openssl-0.9.8zc - set LIBSSH2_PATH=c:\libssh2-1.4.3 + set OPENSSL_PATH=c:\openssl-1.0.2c + set LIBSSH2_PATH=c:\libssh2-1.6.0 ATTENTION: if you want to build with libssh2 support you have to use latest version 0.17 - previous versions will NOT work with 7.17.0 and later! @@ -232,7 +232,7 @@ Win32 - optional MingW32-built OpenLDAP SDK available from: http://www.gknw.net/mirror/openldap/ - optional recent Novell CLDAP SDK available from: - http://developer.novell.com/ndk/cldap.htm + https://www.novell.com/developer/ndk/ldap_libraries_for_c.html Cygwin ------ @@ -254,7 +254,7 @@ Win32 If you use MSVC 6 it is required that you use the February 2003 edition of the 'Platform SDK' which can be downloaded from: - http://www.microsoft.com/en-us/download/details.aspx?id=12261 + https://www.microsoft.com/en-us/download/details.aspx?id=12261 Building any software with MSVC 6 without having PSDK installed is just asking for trouble down the road once you have released it, you might notice @@ -263,7 +263,7 @@ Win32 software built in such way will at some point regret having done so. If the compiler has been updated with the installation of a service pack as - those mentioned in http://support.microsoft.com/kb/194022 the compiler can be + those mentioned in https://support.microsoft.com/kb/194022 the compiler can be safely used to read source code, translate and make it object code. But, even with the service packs mentioned above installed, the resulting @@ -299,7 +299,7 @@ Win32 Then run 'nmake vc' in curl's root directory. If you want to compile with zlib support, you will need to build - zlib (http://www.gzip.org/zlib/) as well. Please read the zlib + zlib (http://www.zlib.net/) as well. Please read the zlib documentation on how to compile zlib. Define the ZLIB_PATH environment variable to the location of zlib.h and zlib.lib, for example: @@ -471,6 +471,15 @@ Win32 add '-DCURL_STATICLIB' to your CFLAGS. Otherwise the linker will look for dynamic import symbols. + Legacy Windows and SSL + ---------------------- + + WinSSL (specifically SChannel from Windows SSPI), is the native SSL library + in Windows. However, WinSSL in Windows <= XP is unable to connect to servers + that no longer support the legacy handshakes and algorithms used by those + versions. If you will be using curl in one of those earlier versions of + Windows you should choose another SSL backend such as OpenSSL. + Apple iOS and Mac OS X ====================== @@ -665,12 +674,10 @@ NetWare - gnu make and awk running on the platform you compile on; native Win32 versions can be downloaded from: http://www.gknw.net/development/prgtools/ - - recent Novell LibC SDK available from: - http://developer.novell.com/ndk/libc.htm - - or recent Novell CLib SDK available from: - http://developer.novell.com/ndk/clib.htm + - recent Novell LibC or Novell CLib SDK available from: + https://www.novell.com/developer/ndk/ - optional recent Novell CLDAP SDK available from: - http://developer.novell.com/ndk/cldap.htm + https://www.novell.com/developer/ndk/ldap_libraries_for_c.html - optional zlib sources (static or dynamic linking with zlib.imp); sources with NetWare Makefile can be obtained from: http://www.gknw.net/mirror/zlib/ @@ -825,7 +832,7 @@ VxWorks To build libcurl for VxWorks you need: - - CYGWIN (free, http://cygwin.com/) + - CYGWIN (free, https://cygwin.com/) - Wind River Workbench (commercial) If you have CYGWIN and Workbench installed on you machine @@ -1086,18 +1093,18 @@ Useful URLs axTLS http://axtls.sourceforge.net/ c-ares http://c-ares.haxx.se/ -GNU GSS http://www.gnu.org/software/gss/ -GnuTLS http://www.gnu.org/software/gnutls/ -Heimdal http://www.pdc.kth.se/heimdal/ -libidn http://www.gnu.org/software/libidn/ +GNU GSS https://www.gnu.org/software/gss/ +GnuTLS https://www.gnu.org/software/gnutls/ +Heimdal http://www.h5l.org/ +libidn https://www.gnu.org/software/libidn/ libmetalink https://launchpad.net/libmetalink/ libssh2 http://www.libssh2.org/ MIT Kerberos http://web.mit.edu/kerberos/www/dist/ -NSS http://www.mozilla.org/projects/security/pki/nss/ +NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS OpenLDAP http://www.openldap.org/ -OpenSSL http://www.openssl.org/ -PolarSSL http://polarssl.org/ -yassl http://www.yassl.com/ +OpenSSL https://www.openssl.org/ +PolarSSL https://tls.mbed.org/ +wolfSSL https://www.wolfssl.com/wolfSSL/ Zlib http://www.zlib.net/ MingW http://www.mingw.org/ diff --git a/docs/INSTALL.devcpp b/docs/INSTALL.devcpp index 46d1836..ee2d703 100644 --- a/docs/INSTALL.devcpp +++ b/docs/INSTALL.devcpp @@ -95,7 +95,7 @@ install instructions may produce erratic behaviour in DevCpp. For further info check the following sites http://aditsu.freeunixhost.com/dev-cpp-faq.html -http://sourceforge.net/forum/message.php?msg_id=3252213 +https://sourceforge.net/p/dev-cpp/discussion/48211/thread/2a85ea46 As I have mentioned before I will confine this to the SSL Library compilations but the process is very similar for compilation of the executable - curl.exe; diff --git a/docs/INTERNALS b/docs/INTERNALS index f8b1b47..4cd63b4 100644 --- a/docs/INTERNALS +++ b/docs/INTERNALS @@ -1,18 +1,57 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -INTERNALS +Table of Contents +================= - The project is split in two. The library and the client. The client part uses - the library, but the library is designed to allow other applications to use - it. + - [Intro](#intro) + - [git](#git) + - [Portability](#Portability) + - [Windows vs Unix](#winvsunix) + - [Library](#Library) + - [`Curl_connect`](#Curl_connect) + - [`Curl_do`](#Curl_do) + - [`Curl_readwrite`](#Curl_readwrite) + - [`Curl_done`](#Curl_done) + - [`Curl_disconnect`](#Curl_disconnect) + - [HTTP(S)](#http) + - [FTP](#ftp) + - [Kerberos](#kerberos) + - [TELNET](#telnet) + - [FILE](#file) + - [SMB](#smb) + - [LDAP](#ldap) + - [E-mail](#email) + - [General](#general) + - [Persistent Connections](#persistent) + - [multi interface/non-blocking](#multi) + - [SSL libraries](#ssl) + - [Library Symbols](#symbols) + - [Return Codes and Informationals](#returncodes) + - [AP/ABI](#abi) + - [Client](#client) + - [Memory Debugging](#memorydebug) + - [Test Suite](#test) + - [Asynchronous name resolves](#asyncdns) + - [c-ares](#cares) + - [`curl_off_t`](#curl_off_t) + - [curlx](#curlx) + - [Content Encoding](#contentencoding) + - [hostip.c explained](#hostip) + - [Track Down Memory Leaks](#memoryleak) + - [`multi_socket`](#multi_socket) + - [Structs in libcurl](#structs) + + +curl internals +============== + + This project is split in two. The library and the client. The client part + uses the library, but the library is designed to allow other applications to + use it. The largest amount of code and complexity is in the library part. -GIT + + +git === All changes to the sources are committed to the git repository as soon as @@ -23,6 +62,7 @@ GIT Tagging shall be used extensively, and by the time we release new archives we should tag the sources with a name similar to the released version number. + Portability =========== @@ -34,45 +74,55 @@ Portability want it to remain functional and buildable with these and later versions (older versions may still work but is not what we work hard to maintain): - OpenSSL 0.9.7 - GnuTLS 1.2 - zlib 1.1.4 - libssh2 0.16 - c-ares 1.6.0 - libidn 0.4.1 - cyassl 2.0.0 - openldap 2.0 - MIT Kerberos 1.2.4 - GSKit V5R3M0 - NSS 3.14.x - axTLS 1.2.7 - PolarSSL 1.3.0 - Heimdal ? - nghttp2 0.6.0 +Dependencies +------------ + + - OpenSSL 0.9.7 + - GnuTLS 1.2 + - zlib 1.1.4 + - libssh2 0.16 + - c-ares 1.6.0 + - libidn 0.4.1 + - cyassl 2.0.0 + - openldap 2.0 + - MIT Kerberos 1.2.4 + - GSKit V5R3M0 + - NSS 3.14.x + - axTLS 1.2.7 + - PolarSSL 1.3.0 + - Heimdal ? + - nghttp2 1.0.0 + +Operating Systems +----------------- On systems where configure runs, we aim at working on them all - if they have a suitable C compiler. On systems that don't run configure, we strive to keep curl running fine on: - Windows 98 - AS/400 V5R3M0 - Symbian 9.1 - Windows CE ? - TPF ? + - Windows 98 + - AS/400 V5R3M0 + - Symbian 9.1 + - Windows CE ? + - TPF ? + +Build tools +----------- When writing code (mostly for generating stuff included in release tarballs) we use a few "build tools" and we make sure that we remain functional with these versions: - GNU Libtool 1.4.2 - GNU Autoconf 2.57 - GNU Automake 1.7 (we currently avoid 1.10 due to Solaris-related bugs) - GNU M4 1.4 - perl 5.004 - roffit 0.5 - groff ? (any version that supports "groff -Tps -man [in] [out]") - ps2pdf (gs) ? + - GNU Libtool 1.4.2 + - GNU Autoconf 2.57 + - GNU Automake 1.7 + - GNU M4 1.4 + - perl 5.004 + - roffit 0.5 + - groff ? (any version that supports "groff -Tps -man [in] [out]") + - ps2pdf (gs) ? + Windows vs Unix =============== @@ -87,8 +137,9 @@ Windows vs Unix 2. Windows requires a couple of init calls for the socket stuff. - That's taken care of by the curl_global_init() call, but if other libs also - do it etc there might be reasons for applications to alter that behaviour. + That's taken care of by the `curl_global_init()` call, but if other libs + also do it etc there might be reasons for applications to alter that + behaviour. 3. The file descriptors for network communication and file operations are not easily interchangeable as in unix. @@ -101,28 +152,29 @@ Windows vs Unix We set stdout to binary under windows - Inside the source code, We make an effort to avoid '#ifdef [Your OS]'. All + Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All conditionals that deal with features *should* instead be in the format - '#ifdef HAVE_THAT_WEIRD_FUNCTION'. Since Windows can't run configure scripts, - we maintain a curl_config-win32.h file in lib directory that is supposed to - look exactly as a curl_config.h file would have looked like on a Windows + `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows can't run configure scripts, + we maintain a `curl_config-win32.h` file in lib directory that is supposed to + look exactly as a `curl_config.h` file would have looked like on a Windows machine! Generally speaking: always remember that this will be compiled on dozens of operating systems. Don't walk on the edge. + Library ======= - (See LIBCURL-STRUCTS for a separate document describing all major internal + (See `LIBCURL-STRUCTS` for a separate document describing all major internal structs and their purposes.) There are plenty of entry points to the library, namely each publicly defined function that libcurl offers to applications. All of those functions are - rather small and easy-to-follow. All the ones prefixed with 'curl_easy' are + rather small and easy-to-follow. All the ones prefixed with `curl_easy` are put in the lib/easy.c file. - curl_global_init_() and curl_global_cleanup() should be called by the + `curl_global_init_()` and `curl_global_cleanup()` should be called by the application to initialize and clean up global stuff in the library. As of today, it can handle the global SSL initing if SSL is enabled and it can init the socket layer on windows machines. libcurl itself has no "global" scope. @@ -130,51 +182,56 @@ Library All printf()-style functions use the supplied clones in lib/mprintf.c. This makes sure we stay absolutely platform independent. - curl_easy_init() allocates an internal struct and makes some initializations. - The returned handle does not reveal internals. This is the 'SessionHandle' - struct which works as an "anchor" struct for all curl_easy functions. All - connections performed will get connect-specific data allocated that should be - used for things related to particular connections/requests. + [ `curl_easy_init()`][2] allocates an internal struct and makes some + initializations. The returned handle does not reveal internals. This is the + 'SessionHandle' struct which works as an "anchor" struct for all `curl_easy` + functions. All connections performed will get connect-specific data allocated + that should be used for things related to particular connections/requests. - curl_easy_setopt() takes three arguments, where the option stuff must be - passed in pairs: the parameter-ID and the parameter-value. The list of + [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must + be passed in pairs: the parameter-ID and the parameter-value. The list of options is documented in the man page. This function mainly sets things in the 'SessionHandle' struct. - curl_easy_perform() is just a wrapper function that makes use of the multi - API. It basically curl_multi_init(), curl_multi_add_handle(), - curl_multi_wait(), and curl_multi_perform() until the transfer is done and - then returns. + `curl_easy_perform()` is just a wrapper function that makes use of the multi + API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, + `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done + and then returns. Some of the most important key functions in url.c are called from multi.c when certain key steps are to be made in the transfer operation. - o Curl_connect() + +Curl_connect() +-------------- Analyzes the URL, it separates the different components and connects to the remote host. This may involve using a proxy and/or using SSL. The - Curl_resolv() function in lib/hostip.c is used for looking up host names + `Curl_resolv()` function in lib/hostip.c is used for looking up host names (it does then use the proper underlying method, which may vary between platforms and builds). - When Curl_connect is done, we are connected to the remote site. Then it is - time to tell the server to get a document/file. Curl_do() arranges this. + When `Curl_connect` is done, we are connected to the remote site. Then it + is time to tell the server to get a document/file. `Curl_do()` arranges + this. This function makes sure there's an allocated and initiated 'connectdata' struct that is used for this particular connection only (although there may be several requests performed on the same connect). A bunch of things are inited/inherited from the SessionHandle struct. - o Curl_do() + +Curl_do() +--------- - Curl_do() makes sure the proper protocol-specific function is called. The + `Curl_do()` makes sure the proper protocol-specific function is called. The functions are named after the protocols they handle. The protocol-specific functions of course deal with protocol-specific - negotiations and setup. They have access to the Curl_sendf() (from + negotiations and setup. They have access to the `Curl_sendf()` (from lib/sendf.c) function to send printf-style formatted data to the remote host and when they're ready to make the actual file transfer they call the - Curl_Transfer() function (in lib/transfer.c) to setup the transfer and + `Curl_Transfer()` function (in lib/transfer.c) to setup the transfer and returns. If this DO function fails and the connection is being re-used, libcurl will @@ -183,11 +240,13 @@ Library we have discovered a dead connection before the DO function and thus we might wrongly be re-using a connection that was closed by the remote peer. - Some time during the DO function, the Curl_setup_transfer() function must + Some time during the DO function, the `Curl_setup_transfer()` function must be called with some basic info about the upcoming transfer: what socket(s) to read/write and the expected file transfer sizes (if known). - o Curl_readwrite() + +Curl_readwrite() +---------------- Called during the transfer of the actual protocol payload. @@ -196,18 +255,22 @@ Library called). The speedcheck functions in lib/speedcheck.c are also used to verify that the transfer is as fast as required. - o Curl_done() + +Curl_done() +----------- Called after a transfer is done. This function takes care of everything that has to be done after a transfer. This function attempts to leave - matters in a state so that Curl_do() should be possible to call again on + matters in a state so that `Curl_do()` should be possible to call again on the same connection (in a persistent connection case). It might also soon - be closed with Curl_disconnect(). + be closed with `Curl_disconnect()`. - o Curl_disconnect() + +Curl_disconnect() +----------------- When doing normal connections and transfers, no one ever tries to close any - connections so this is not normally called when curl_easy_perform() is + connections so this is not normally called when `curl_easy_perform()` is used. This function is only used when we are certain that no more transfers is going to be made on the connection. It can be also closed by force, or it can be called to make sure that libcurl doesn't keep too many @@ -216,8 +279,9 @@ Library This function cleans up all resources that are associated with a single connection. - - HTTP(S) + +HTTP(S) +======= HTTP offers a lot and is the protocol in curl that uses the most lines of code. There is a special file (lib/formdata.c) that offers all the multipart @@ -229,100 +293,123 @@ Library HTTPS uses in almost every means the same procedure as HTTP, with only two exceptions: the connect procedure is different and the function used to read or write from the socket is different, although the latter fact is hidden in - the source by the use of Curl_read() for reading and Curl_write() for writing - data to the remote server. + the source by the use of `Curl_read()` for reading and `Curl_write()` for + writing data to the remote server. - http_chunks.c contains functions that understands HTTP 1.1 chunked transfer + `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer encoding. - An interesting detail with the HTTP(S) request, is the Curl_add_buffer() + An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` series of functions we use. They append data to one single buffer, and when the building is done the entire request is sent off in one single write. This is done this way to overcome problems with flawed firewalls and lame servers. - FTP + +FTP +=== - The Curl_if2ip() function can be used for getting the IP number of a + The `Curl_if2ip()` function can be used for getting the IP number of a specified network interface, and it resides in lib/if2ip.c. - Curl_ftpsendf() is used for sending FTP commands to the remote server. It was - made a separate function to prevent us programmers from forgetting that they - must be CRLF terminated. They must also be sent in one single write() to make - firewalls and similar happy. + `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It + was made a separate function to prevent us programmers from forgetting that + they must be CRLF terminated. They must also be sent in one single write() to + make firewalls and similar happy. - Kerberos + +Kerberos +-------- Kerberos support is mainly in lib/krb5.c and lib/security.c but also - curl_sasl_sspi.c and curl_sasl_gssapi.c for the email protocols and - socks_gssapi.c & socks_sspi.c for SOCKS5 proxy specifics. + `curl_sasl_sspi.c` and `curl_sasl_gssapi.c` for the email protocols and + `socks_gssapi.c` and `socks_sspi.c` for SOCKS5 proxy specifics. - TELNET + +TELNET +====== Telnet is implemented in lib/telnet.c. - FILE + +FILE +==== The file:// protocol is dealt with in lib/file.c. - SMB + +SMB +=== The smb:// protocol is dealt with in lib/smb.c. - LDAP + +LDAP +==== Everything LDAP is in lib/ldap.c and lib/openldap.c - E-mail + +E-mail +====== The e-mail related source code is in lib/imap.c, lib/pop3.c and lib/smtp.c. - GENERAL + +General +======= URL encoding and decoding, called escaping and unescaping in the source code, is found in lib/escape.c. While transferring data in Transfer() a few functions might get used. - curl_getdate() in lib/parsedate.c is for HTTP date comparisons (and more). + `curl_getdate()` in lib/parsedate.c is for HTTP date comparisons (and more). - lib/getenv.c offers curl_getenv() which is for reading environment variables - in a neat platform independent way. That's used in the client, but also in - lib/url.c when checking the proxy environment variables. Note that contrary - to the normal unix getenv(), this returns an allocated buffer that must be - free()ed after use. + lib/getenv.c offers `curl_getenv()` which is for reading environment + variables in a neat platform independent way. That's used in the client, but + also in lib/url.c when checking the proxy environment variables. Note that + contrary to the normal unix getenv(), this returns an allocated buffer that + must be free()ed after use. lib/netrc.c holds the .netrc parser lib/timeval.c features replacement functions for systems that don't have gettimeofday() and a few support functions for timeval conversions. - A function named curl_version() that returns the full curl version string is - found in lib/version.c. + A function named `curl_version()` that returns the full curl version string + is found in lib/version.c. + Persistent Connections ====================== The persistent connection support in libcurl requires some considerations on how to do things inside of the library. - o The 'SessionHandle' struct returned in the curl_easy_init() call must never - hold connection-oriented data. It is meant to hold the root data as well as - all the options etc that the library-user may choose. - o The 'SessionHandle' struct holds the "connection cache" (an array of + - The 'SessionHandle' struct returned in the [`curl_easy_init()`][2] call + must never hold connection-oriented data. It is meant to hold the root data + as well as all the options etc that the library-user may choose. + + - The 'SessionHandle' struct holds the "connection cache" (an array of pointers to 'connectdata' structs). - o This enables the 'curl handle' to be reused on subsequent transfers. - o When libcurl is told to perform a transfer, it first checks for an already + + - This enables the 'curl handle' to be reused on subsequent transfers. + + - When libcurl is told to perform a transfer, it first checks for an already existing connection in the cache that we can use. Otherwise it creates a new one and adds that the cache. If the cache is full already when a new connection is added added, it will first close the oldest unused one. - o When the transfer operation is complete, the connection is left + + - When the transfer operation is complete, the connection is left open. Particular options may tell libcurl not to, and protocols may signal closure on connections and then they won't be kept open of course. - o When curl_easy_cleanup() is called, we close all still opened connections, + + - When `curl_easy_cleanup()` is called, we close all still opened connections, unless of course the multi interface "owns" the connections. The curl handle must be re-used in order for the persistent connections to work. + multi interface/non-blocking ============================ @@ -341,6 +428,7 @@ multi interface/non-blocking protocols are crappy examples and they are subject for rewrite in the future to better fit the libcurl protocol family. + SSL libraries ============= @@ -350,36 +438,39 @@ SSL libraries in future libcurl versions. To deal with this internally in the best way possible, we have a generic SSL - function API as provided by the vtls.[ch] system, and they are the only SSL - functions we must use from within libcurl. vtls is then crafted to use the - appropriate lower-level function calls to whatever SSL library that is in + function API as provided by the vtls/vtls.[ch] system, and they are the only + SSL functions we must use from within libcurl. vtls is then crafted to use + the appropriate lower-level function calls to whatever SSL library that is in use. For example vtls/openssl.[ch] for the OpenSSL library. + Library Symbols =============== - All symbols used internally in libcurl must use a 'Curl_' prefix if they're + All symbols used internally in libcurl must use a `Curl_` prefix if they're used in more than a single file. Single-file symbols must be made static. - Public ("exported") symbols must use a 'curl_' prefix. (There are exceptions, + Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, but they are to be changed to follow this pattern in future versions.) Public - API functions are marked with CURL_EXTERN in the public header files so that - all others can be hidden on platforms where this is possible. + API functions are marked with `CURL_EXTERN` in the public header files so + that all others can be hidden on platforms where this is possible. + Return Codes and Informationals =============================== I've made things simple. Almost every function in libcurl returns a CURLcode, - that must be CURLE_OK if everything is OK or otherwise a suitable error code - as the curl/curl.h include file defines. The very spot that detects an error - must use the Curl_failf() function to set the human-readable error + that must be `CURLE_OK` if everything is OK or otherwise a suitable error + code as the curl/curl.h include file defines. The very spot that detects an + error must use the `Curl_failf()` function to set the human-readable error description. In aiding the user to understand what's happening and to debug curl usage, we - must supply a fair amount of informational messages by using the Curl_infof() - function. Those messages are only displayed when the user explicitly asks for - them. They are best used when revealing information that isn't otherwise - obvious. + must supply a fair amount of informational messages by using the + `Curl_infof()` function. Those messages are only displayed when the user + explicitly asks for them. They are best used when revealing information that + isn't otherwise obvious. + API/ABI ======= @@ -387,29 +478,31 @@ API/ABI that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI for our promise to users. + Client ====== - main() resides in src/tool_main.c. + main() resides in `src/tool_main.c`. - src/tool_hugehelp.c is automatically generated by the mkhelp.pl perl script + `src/tool_hugehelp.c` is automatically generated by the mkhelp.pl perl script to display the complete "manual" and the src/tool_urlglob.c file holds the functions used for the URL-"globbing" support. Globbing in the sense that the {} and [] expansion stuff is there. The client mostly messes around to setup its 'config' struct properly, then - it calls the curl_easy_*() functions of the library and when it gets back - control after the curl_easy_perform() it cleans up the library, checks status - and exits. + it calls the `curl_easy_*()` functions of the library and when it gets back + control after the `curl_easy_perform()` it cleans up the library, checks + status and exits. When the operation is done, the ourWriteOut() function in src/writeout.c may be called to report about the operation. That function is using the - curl_easy_getinfo() function to extract useful information from the curl + `curl_easy_getinfo()` function to extract useful information from the curl session. It may loop and do all this several times if many URLs were specified on the command line or config file. + Memory Debugging ================ @@ -439,6 +532,7 @@ Memory Debugging the configure script. When --enable-debug is given both features will be enabled, unless some restriction prevents memory tracking from being used. + Test Suite ========== @@ -456,29 +550,546 @@ Test Suite The test suite automatically detects if curl was built with the memory debugging enabled, and if it was it will detect memory leaks, too. -Building Releases -================= + +Asynchronous name resolves +========================== + + libcurl can be built to do name resolves asynchronously, using either the + normal resolver in a threaded manner or by using c-ares. + + +[c-ares][3] +------ + +### Build libcurl to use a c-ares + +1. ./configure --enable-ares=/path/to/ares/install +2. make + +### c-ares on win32 + + First I compiled c-ares. I changed the default C runtime library to be the + single-threaded rather than the multi-threaded (this seems to be required to + prevent linking errors later on). Then I simply build the areslib project + (the other projects adig/ahost seem to fail under MSVC). + + Next was libcurl. I opened lib/config-win32.h and I added a: + `#define USE_ARES 1` + + Next thing I did was I added the path for the ares includes to the include + path, and the libares.lib to the libraries. + + Lastly, I also changed libcurl to be single-threaded rather than + multi-threaded, again this was to prevent some duplicate symbol errors. I'm + not sure why I needed to change everything to single-threaded, but when I + didn't I got redefinition errors for several CRT functions (malloc, stricmp, + etc.) + + +`curl_off_t` +========== + + curl_off_t is a data type provided by the external libcurl include + headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] + options that end with LARGE. The type is 64bit large on most modern + platforms. + +curlx +===== + + The libcurl source code offers a few functions by source only. They are not + part of the official libcurl API, but the source files might be useful for + others so apps can optionally compile/build with these sources to gain + additional functions. + + We provide them through a single header file for easy access for apps: + "curlx.h" + +`curlx_strtoofft()` +------------------- + A macro that converts a string containing a number to a curl_off_t number. + This might use the curlx_strtoll() function which is provided as source + code in strtoofft.c. Note that the function is only provided if no + strtoll() (or equivalent) function exist on your platform. If curl_off_t + is only a 32 bit number on your platform, this macro uses strtol(). + +`curlx_tvnow()` +--------------- + returns a struct timeval for the current time. + +`curlx_tvdiff()` +-------------- + returns the difference between two timeval structs, in number of + milliseconds. + +`curlx_tvdiff_secs()` +--------------------- + returns the same as curlx_tvdiff but with full usec resolution (as a + double) + +Future +------ + + Several functions will be removed from the public curl_ name space in a + future libcurl release. They will then only become available as curlx_ + functions instead. To make the transition easier, we already today provide + these functions with the curlx_ prefix to allow sources to get built properly + with the new function names. The functions this concerns are: + + - `curlx_getenv` + - `curlx_strequal` + - `curlx_strnequal` + - `curlx_mvsnprintf` + - `curlx_msnprintf` + - `curlx_maprintf` + - `curlx_mvaprintf` + - `curlx_msprintf` + - `curlx_mprintf` + - `curlx_mfprintf` + - `curlx_mvsprintf` + - `curlx_mvprintf` + - `curlx_mvfprintf` + + +Content Encoding +================ + +## About content encodings + + [HTTP/1.1][4] specifies that a client may request that a server encode its + response. This is usually used to compress a response using one of a set of + commonly available compression techniques. These schemes are 'deflate' (the + zlib algorithm), 'gzip' and 'compress'. A client requests that the sever + perform an encoding by including an Accept-Encoding header in the request + document. The value of the header should be one of the recognized tokens + 'deflate', ... (there's a way to register new schemes/tokens, see sec 3.5 of + the spec). A server MAY honor the client's encoding request. When a response + is encoded, the server includes a Content-Encoding header in the + response. The value of the Content-Encoding header indicates which scheme was + used to encode the data. + + A client may tell a server that it can understand several different encoding + schemes. In this case the server may choose any one of those and use it to + encode the response (indicating which one using the Content-Encoding header). + It's also possible for a client to attach priorities to different schemes so + that the server knows which it prefers. See sec 14.3 of RFC 2616 for more + information on the Accept-Encoding header. + +## Supported content encodings + + The 'deflate' and 'gzip' content encoding are supported by libcurl. Both + regular and chunked transfers work fine. The zlib library is required for + this feature. + +## The libcurl interface + + To cause libcurl to request a content encoding use: + + [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) + + where string is the intended value of the Accept-Encoding header. + + Currently, libcurl only understands how to process responses that use the + "deflate" or "gzip" Content-Encoding, so the only values for + [`CURLOPT_ACCEPT_ENCODING`][5] that will work (besides "identity," which does + nothing) are "deflate" and "gzip" If a response is encoded using the + "compress" or methods, libcurl will return an error indicating that the + response could not be decoded. If is NULL no Accept-Encoding header + is generated. If is a zero-length string, then an Accept-Encoding + header containing all supported encodings will be generated. + + The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for + content to be automatically decoded. If it is not set and the server still + sends encoded content (despite not having been asked), the data is returned + in its raw form and the Content-Encoding type is not checked. + +## The curl interface + + Use the [--compressed][6] option with curl to cause it to ask servers to + compress responses using any format supported by curl. + + +hostip.c explained +================== + + The main compile-time defines to keep in mind when reading the host*.c source + file are these: + +## `CURLRES_IPV6` + + this host has getaddrinfo() and family, and thus we use that. The host may + not be able to resolve IPv6, but we don't really have to take that into + account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 defined. + +## `CURLRES_ARES` + + is defined if libcurl is built to use c-ares for asynchronous name + resolves. This can be Windows or *nix. + +## `CURLRES_THREADED` + + is defined if libcurl is built to use threading for asynchronous name + resolves. The name resolve will be done in a new thread, and the supported + asynch API will be the same as for ares-builds. This is the default under + (native) Windows. + + If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If + libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is + defined. + +## host*.c sources + + The host*.c sources files are split up like this: + + - hostip.c - method-independent resolver functions and utility functions + - hostasyn.c - functions for asynchronous name resolves + - hostsyn.c - functions for synchronous name resolves + - asyn-ares.c - functions for asynchronous name resolves using c-ares + - asyn-thread.c - functions for asynchronous name resolves using threads + - hostip4.c - IPv4 specific functions + - hostip6.c - IPv6 specific functions + + The hostip.h is the single united header file for all this. It defines the + `CURLRES_*` defines based on the config*.h and curl_setup.h defines. + + +Track Down Memory Leaks +======================= + +## Single-threaded + + Please note that this memory leak system is not adjusted to work in more + than one thread. If you want/need to use it in a multi-threaded app. Please + adjust accordingly. + + +## Build + + Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with + --enable-debug fixes this). 'make clean' first, then 'make' so that all + files actually are rebuilt properly. It will also make sense to build + libcurl with the debug option (usually -g to the compiler) so that debugging + it will be easier if you actually do find a leak in the library. + + This will create a library that has memory debugging enabled. + +## Modify Your Application + + Add a line in your application code: + + `curl_memdebug("dump");` + + This will make the malloc debug system output a full trace of all resource + using functions to the given file name. Make sure you rebuild your program + and that you link with the same libcurl you built for this purpose as + described above. + +## Run Your Application + + Run your program as usual. Watch the specified memory trace file grow. + + Make your program exit and use the proper libcurl cleanup functions etc. So + that all non-leaks are returned/freed properly. + +## Analyze the Flow + + Use the tests/memanalyze.pl perl script to analyze the dump file: + + tests/memanalyze.pl dump + + This now outputs a report on what resources that were allocated but never + freed etc. This report is very fine for posting to the list! + + If this doesn't produce any output, no leak was detected in libcurl. Then + the leak is mostly likely to be in your code. + + +`multi_socket` +============== + + Implementation of the `curl_multi_socket` API + + The main ideas of this API are simply: + + 1 - The application can use whatever event system it likes as it gets info + from libcurl about what file descriptors libcurl waits for what action + on. (The previous API returns `fd_sets` which is very select()-centric). + + 2 - When the application discovers action on a single socket, it calls + libcurl and informs that there was action on this particular socket and + libcurl can then act on that socket/transfer only and not care about + any other transfers. (The previous API always had to scan through all + the existing transfers.) + + The idea is that [`curl_multi_socket_action()`][7] calls a given callback + with information about what socket to wait for what action on, and the + callback only gets called if the status of that socket has changed. + + We also added a timer callback that makes libcurl call the application when + the timeout value changes, and you set that with [`curl_multi_setopt()`][9] + and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, + Internally, there's an added a struct to each easy handle in which we store + an "expire time" (if any). The structs are then "splay sorted" so that we + can add and remove times from the linked list and yet somewhat swiftly + figure out both how long time there is until the next nearest timer expires + and which timer (handle) we should take care of now. Of course, the upside + of all this is that we get a [`curl_multi_timeout()`][8] that should also + work with old-style applications that use [`curl_multi_perform()`][11]. + + We created an internal "socket to easy handles" hash table that given + a socket (file descriptor) return the easy handle that waits for action on + that socket. This hash is made using the already existing hash code + (previously only used for the DNS cache). + + To make libcurl able to report plain sockets in the socket callback, we had + to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that + the conversion from sockets to `fd_sets` for that function is only done in + the last step before the data is returned. I also had to extend c-ares to + get a function that can return plain sockets, as that library too returned + only `fd_sets` and that is no longer good enough. The changes done to c-ares + are available in c-ares 1.3.1 and later. + + +Structs in libcurl +================== + +This section should cover 7.32.0 pretty accurately, but will make sense even +for older and later versions as things don't change drastically that often. + +## SessionHandle + + The SessionHandle handle struct is the one returned to the outside in the + external API as a "CURL *". This is usually known as an easy handle in API + documentations and examples. + + Information and state that is related to the actual connection is in the + 'connectdata' struct. When a transfer is about to be made, libcurl will + either create a new connection or re-use an existing one. The particular + connectdata that is used by this handle is pointed out by + SessionHandle->easy_conn. + + Data and information that regard this particular single transfer is put in + the SingleRequest sub-struct. + + When the SessionHandle struct is added to a multi handle, as it must be in + order to do any transfer, the ->multi member will point to the `Curl_multi` + struct it belongs to. The ->prev and ->next members will then be used by the + multi code to keep a linked list of SessionHandle structs that are added to + that same multi handle. libcurl always uses multi so ->multi *will* point to + a `Curl_multi` when a transfer is in progress. + + ->mstate is the multi state of this particular SessionHandle. When + `multi_runsingle()` is called, it will act on this handle according to which + state it is in. The mstate is also what tells which sockets to return for a + specific SessionHandle when [`curl_multi_fdset()`][12] is called etc. + + The libcurl source code generally use the name 'data' for the variable that + points to the SessionHandle. + + When doing multiplexed HTTP/2 transfers, each SessionHandle is associated + with an individual stream, sharing the same connectdata struct. Multiplexing + makes it even more important to keep things associated with the right thing! + +## connectdata + + A general idea in libcurl is to keep connections around in a connection + "cache" after they have been used in case they will be used again and then + re-use an existing one instead of creating a new as it creates a significant + performance boost. + + Each 'connectdata' identifies a single physical connection to a server. If + the connection can't be kept alive, the connection will be closed after use + and then this struct can be removed from the cache and freed. + + Thus, the same SessionHandle can be used multiple times and each time select + another connectdata struct to use for the connection. Keep this in mind, as + it is then important to consider if options or choices are based on the + connection or the SessionHandle. + + Functions in libcurl will assume that connectdata->data points to the + SessionHandle that uses this connection (for the moment). + + As a special complexity, some protocols supported by libcurl require a + special disconnect procedure that is more than just shutting down the + socket. It can involve sending one or more commands to the server before + doing so. Since connections are kept in the connection cache after use, the + original SessionHandle may no longer be around when the time comes to shut + down a particular connection. For this purpose, libcurl holds a special + dummy `closure_handle` SessionHandle in the `Curl_multi` struct to use when + needed. + + FTP uses two TCP connections for a typical transfer but it keeps both in + this single struct and thus can be considered a single connection for most + internal concerns. + + The libcurl source code generally use the name 'conn' for the variable that + points to the connectdata. + +## Curl_multi + + Internally, the easy interface is implemented as a wrapper around multi + interface functions. This makes everything multi interface. + + `Curl_multi` is the multi handle struct exposed as "CURLM *" in external APIs. + + This struct holds a list of SessionHandle structs that have been added to + this handle with [`curl_multi_add_handle()`][13]. The start of the list is + ->easyp and ->num_easy is a counter of added SessionHandles. + + ->msglist is a linked list of messages to send back when + [`curl_multi_info_read()`][14] is called. Basically a node is added to that + list when an individual SessionHandle's transfer has completed. + + ->hostcache points to the name cache. It is a hash table for looking up name + to IP. The nodes have a limited life time in there and this cache is meant + to reduce the time for when the same name is wanted within a short period of + time. + + ->timetree points to a tree of SessionHandles, sorted by the remaining time + until it should be checked - normally some sort of timeout. Each + SessionHandle has one node in the tree. + + ->sockhash is a hash table to allow fast lookups of socket descriptor to + which SessionHandle that uses that descriptor. This is necessary for the + `multi_socket` API. + + ->conn_cache points to the connection cache. It keeps track of all + connections that are kept after use. The cache has a maximum size. + + ->closure_handle is described in the 'connectdata' section. + + The libcurl source code generally use the name 'multi' for the variable that + points to the Curl_multi struct. + +## Curl_handler + + Each unique protocol that is supported by libcurl needs to provide at least + one `Curl_handler` struct. It defines what the protocol is called and what + functions the main code should call to deal with protocol specific issues. + In general, there's a source file named [protocol].c in which there's a + "struct `Curl_handler` `Curl_handler_[protocol]`" declared. In url.c there's + then the main array with all individual `Curl_handler` structs pointed to + from a single array which is scanned through when a URL is given to libcurl + to work with. + + ->scheme is the URL scheme name, usually spelled out in uppercase. That's + "HTTP" or "FTP" etc. SSL versions of the protcol need its own `Curl_handler` + setup so HTTPS separate from HTTP. + + ->setup_connection is called to allow the protocol code to allocate protocol + specific data that then gets associated with that SessionHandle for the rest + of this transfer. It gets freed again at the end of the transfer. It will be + called before the 'connectdata' for the transfer has been selected/created. + Most protocols will allocate its private 'struct [PROTOCOL]' here and assign + SessionHandle->req.protop to point to it. + + ->connect_it allows a protocol to do some specific actions after the TCP + connect is done, that can still be considered part of the connection phase. + + Some protocols will alter the connectdata->recv[] and connectdata->send[] + function pointers in this function. + + ->connecting is similarly a function that keeps getting called as long as the + protocol considers itself still in the connecting phase. + + ->do_it is the function called to issue the transfer request. What we call + the DO action internally. If the DO is not enough and things need to be kept + getting done for the entire DO sequence to complete, ->doing is then usually + also provided. Each protocol that needs to do multiple commands or similar + for do/doing need to implement their own state machines (see SCP, SFTP, + FTP). Some protocols (only FTP and only due to historical reasons) has a + separate piece of the DO state called `DO_MORE`. + + ->doing keeps getting called while issuing the transfer request command(s) + + ->done gets called when the transfer is complete and DONE. That's after the + main data has been transferred. + + ->do_more gets called during the `DO_MORE` state. The FTP protocol uses this + state when setting up the second connection. + + ->`proto_getsock` + ->`doing_getsock` + ->`domore_getsock` + ->`perform_getsock` + Functions that return socket information. Which socket(s) to wait for which + action(s) during the particular multi state. + + ->disconnect is called immediately before the TCP connection is shutdown. + + ->readwrite gets called during transfer to allow the protocol to do extra + reads/writes + + ->defport is the default report TCP or UDP port this protocol uses + + ->protocol is one or more bits in the `CURLPROTO_*` set. The SSL versions + have their "base" protocol set and then the SSL variation. Like + "HTTP|HTTPS". + + ->flags is a bitmask with additional information about the protocol that will + make it get treated differently by the generic engine: + + - `PROTOPT_SSL` - will make it connect and negotiate SSL + + - `PROTOPT_DUAL` - this protocol uses two connections + + - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the + connection. This flag is no longer used by code, yet still set for a bunch + protocol handlers. + + - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to + limit which "direction" of socket actions that the main engine will + concern itself about. + + - `PROTOPT_NONETWORK` - a protocol that doesn't use network (read file:) + + - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default + one unless one is provided + + - `PROTOPT_NOURLQUERY` - this protocol can't handle a query part on the URL + (?foo=bar) + +## conncache - There's no magic to this. When you consider everything stable enough to be - released, do this: + Is a hash table with connections for later re-use. Each SessionHandle has + a pointer to its connection cache. Each multi handle sets up a connection + cache that all added SessionHandles share by default. - 1. Tag the source code accordingly. +## Curl_share + + The libcurl share API allocates a `Curl_share` struct, exposed to the + external API as "CURLSH *". - 2. run the 'maketgz' script (using 'make distcheck' will give you a pretty - good view on the status of the current sources). maketgz requires a - version number and creates the release archive. maketgz uses 'make dist' - for the actual archive building, why you need to fill in the Makefile.am - files properly for which files that should be included in the release - archives. + The idea is that the struct can have a set of own versions of caches and + pools and then by providing this struct in the `CURLOPT_SHARE` option, those + specific SessionHandles will use the caches/pools that this share handle + holds. + + Then individual SessionHandle structs can be made to share specific things + that they otherwise wouldn't, such as cookies. - 3. When that's complete, sign the output files. + The `Curl_share` struct can currently hold cookies, DNS cache and the SSL + session cache. - 4. Upload +## CookieInfo - 5. Update web site and changelog on site + This is the main cookie struct. It holds all known cookies and related + information. Each SessionHandle has its own private CookieInfo even when + they are added to a multi handle. They can be made to share cookies by using + the share API. - 6. Send announcement to the mailing lists - NOTE: you must have curl checked out from git to be able to do a proper - release build. The release tarballs do not have everything setup in order to - do releases properly. +[1]: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html +[2]: http://curl.haxx.se/libcurl/c/curl_easy_init.html +[3]: http://c-ares.haxx.se/ +[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" +[5]: http://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html +[6]: http://curl.haxx.se/docs/manpage.html#--compressed +[7]: http://curl.haxx.se/libcurl/c/curl_multi_socket_action.html +[8]: http://curl.haxx.se/libcurl/c/curl_multi_timeout.html +[9]: http://curl.haxx.se/libcurl/c/curl_multi_setopt.html +[10]: http://curl.haxx.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html +[11]: http://curl.haxx.se/libcurl/c/curl_multi_perform.html +[12]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html +[13]: http://curl.haxx.se/libcurl/c/curl_multi_add_handle.html +[14]: http://curl.haxx.se/libcurl/c/curl_multi_info_read.html diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 7788567..345dc45 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -3,6 +3,15 @@ join in and help us correct one or more of these! Also be sure to check the changelog of the current development status, as one or more of these problems may have been fixed since this was written! +90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the + code reveals that pingpong.c contains some truncation code, at line 408, + when it deems the server response to be too large truncating it to 40 + characters" + http://curl.haxx.se/bug/view.cgi?id=1366 + +89. Disabling HTTP Pipelining when there are ongoing transfers can lead to + heap corruption and crash. http://curl.haxx.se/bug/view.cgi?id=1411 + 88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus curl's -R option also doesn't work then. @@ -88,7 +97,7 @@ may have been fixed since this was written! something beyond ascii but currently libcurl will only pass in the verbatim string the app provides. There are several browsers that already do this encoding. The key seems to be the updated draft to RFC2231: - http://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 + https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 66. When using telnet, the time limitation options don't work. http://curl.haxx.se/bug/view.cgi?id=846 diff --git a/docs/LIBCURL-STRUCTS b/docs/LIBCURL-STRUCTS deleted file mode 100644 index 136d17c..0000000 --- a/docs/LIBCURL-STRUCTS +++ /dev/null @@ -1,245 +0,0 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - -Structs in libcurl - -This document should cover 7.32.0 pretty accurately, but will make sense even -for older and later versions as things don't change drastically that often. - - 1. The main structs in libcurl - 1.1 SessionHandle - 1.2 connectdata - 1.3 Curl_multi - 1.4 Curl_handler - 1.5 conncache - 1.6 Curl_share - 1.7 CookieInfo - -============================================================================== - -1. The main structs in libcurl - - 1.1 SessionHandle - - The SessionHandle handle struct is the one returned to the outside in the - external API as a "CURL *". This is usually known as an easy handle in API - documentations and examples. - - Information and state that is related to the actual connection is in the - 'connectdata' struct. When a transfer is about to be made, libcurl will - either create a new connection or re-use an existing one. The particular - connectdata that is used by this handle is pointed out by - SessionHandle->easy_conn. - - Data and information that regard this particular single transfer is put in - the SingleRequest sub-struct. - - When the SessionHandle struct is added to a multi handle, as it must be in - order to do any transfer, the ->multi member will point to the Curl_multi - struct it belongs to. The ->prev and ->next members will then be used by the - multi code to keep a linked list of SessionHandle structs that are added to - that same multi handle. libcurl always uses multi so ->multi *will* point to - a Curl_multi when a transfer is in progress. - - ->mstate is the multi state of this particular SessionHandle. When - multi_runsingle() is called, it will act on this handle according to which - state it is in. The mstate is also what tells which sockets to return for a - specific SessionHandle when curl_multi_fdset() is called etc. - - The libcurl source code generally use the name 'data' for the variable that - points to the SessionHandle. - - - 1.2 connectdata - - A general idea in libcurl is to keep connections around in a connection - "cache" after they have been used in case they will be used again and then - re-use an existing one instead of creating a new as it creates a significant - performance boost. - - Each 'connectdata' identifies a single physical connection to a server. If - the connection can't be kept alive, the connection will be closed after use - and then this struct can be removed from the cache and freed. - - Thus, the same SessionHandle can be used multiple times and each time select - another connectdata struct to use for the connection. Keep this in mind, as - it is then important to consider if options or choices are based on the - connection or the SessionHandle. - - Functions in libcurl will assume that connectdata->data points to the - SessionHandle that uses this connection. - - As a special complexity, some protocols supported by libcurl require a - special disconnect procedure that is more than just shutting down the - socket. It can involve sending one or more commands to the server before - doing so. Since connections are kept in the connection cache after use, the - original SessionHandle may no longer be around when the time comes to shut - down a particular connection. For this purpose, libcurl holds a special - dummy 'closure_handle' SessionHandle in the Curl_multi struct to - - FTP uses two TCP connections for a typical transfer but it keeps both in - this single struct and thus can be considered a single connection for most - internal concerns. - - The libcurl source code generally use the name 'conn' for the variable that - points to the connectdata. - - - 1.3 Curl_multi - - Internally, the easy interface is implemented as a wrapper around multi - interface functions. This makes everything multi interface. - - Curl_multi is the multi handle struct exposed as "CURLM *" in external APIs. - - This struct holds a list of SessionHandle structs that have been added to - this handle with curl_multi_add_handle(). The start of the list is ->easyp - and ->num_easy is a counter of added SessionHandles. - - ->msglist is a linked list of messages to send back when - curl_multi_info_read() is called. Basically a node is added to that list - when an individual SessionHandle's transfer has completed. - - ->hostcache points to the name cache. It is a hash table for looking up name - to IP. The nodes have a limited life time in there and this cache is meant - to reduce the time for when the same name is wanted within a short period of - time. - - ->timetree points to a tree of SessionHandles, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each - SessionHandle has one node in the tree. - - ->sockhash is a hash table to allow fast lookups of socket descriptor to - which SessionHandle that uses that descriptor. This is necessary for the - multi_socket API. - - ->conn_cache points to the connection cache. It keeps track of all - connections that are kept after use. The cache has a maximum size. - - ->closure_handle is described in the 'connectdata' section. - - The libcurl source code generally use the name 'multi' for the variable that - points to the Curl_multi struct. - - - 1.4 Curl_handler - - Each unique protocol that is supported by libcurl needs to provide at least - one Curl_handler struct. It defines what the protocol is called and what - functions the main code should call to deal with protocol specific issues. - In general, there's a source file named [protocol].c in which there's a - "struct Curl_handler Curl_handler_[protocol]" declared. In url.c there's - then the main array with all individual Curl_handler structs pointed to from - a single array which is scanned through when a URL is given to libcurl to - work with. - - ->scheme is the URL scheme name, usually spelled out in uppercase. That's - "HTTP" or "FTP" etc. SSL versions of the protcol need its own Curl_handler - setup so HTTPS separate from HTTP. - - ->setup_connection is called to allow the protocol code to allocate protocol - specific data that then gets associated with that SessionHandle for the rest - of this transfer. It gets freed again at the end of the transfer. It will be - called before the 'connectdata' for the transfer has been selected/created. - Most protocols will allocate its private 'struct [PROTOCOL]' here and assign - SessionHandle->req.protop to point to it. - - ->connect_it allows a protocol to do some specific actions after the TCP - connect is done, that can still be considered part of the connection phase. - - Some protocols will alter the connectdata->recv[] and connectdata->send[] - function pointers in this function. - - ->connecting is similarly a function that keeps getting called as long as the - protocol considers itself still in the connecting phase. - - ->do_it is the function called to issue the transfer request. What we call - the DO action internally. If the DO is not enough and things need to be kept - getting done for the entire DO sequence to complete, ->doing is then usually - also provided. Each protocol that needs to do multiple commands or similar - for do/doing need to implement their own state machines (see SCP, SFTP, - FTP). Some protocols (only FTP and only due to historical reasons) has a - separate piece of the DO state called DO_MORE. - - ->doing keeps getting called while issuing the transfer request command(s) - - ->done gets called when the transfer is complete and DONE. That's after the - main data has been transferred. - - ->do_more gets called during the DO_MORE state. The FTP protocol uses this - state when setting up the second connection. - - ->proto_getsock - ->doing_getsock - ->domore_getsock - ->perform_getsock - Functions that return socket information. Which socket(s) to wait for which - action(s) during the particular multi state. - - ->disconnect is called immediately before the TCP connection is shutdown. - - ->readwrite gets called during transfer to allow the protocol to do extra - reads/writes - - ->defport is the default report TCP or UDP port this protocol uses - - ->protocol is one or more bits in the CURLPROTO_* set. The SSL versions have - their "base" protocol set and then the SSL variation. Like "HTTP|HTTPS". - - ->flags is a bitmask with additional information about the protocol that will - make it get treated differently by the generic engine: - - PROTOPT_SSL - will make it connect and negotiate SSL - - PROTOPT_DUAL - this protocol uses two connections - - PROTOPT_CLOSEACTION - this protocol has actions to do before closing the - connection. This flag is no longer used by code, yet still set for a bunch - protocol handlers. - - PROTOPT_DIRLOCK - "direction lock". The SSH protocols set this bit to - limit which "direction" of socket actions that the main engine will - concern itself about. - - PROTOPT_NONETWORK - a protocol that doesn't use network (read file:) - - PROTOPT_NEEDSPWD - this protocol needs a password and will use a default - one unless one is provided - - PROTOPT_NOURLQUERY - this protocol can't handle a query part on the URL - (?foo=bar) - - - 1.5 conncache - - Is a hash table with connections for later re-use. Each SessionHandle has - a pointer to its connection cache. Each multi handle sets up a connection - cache that all added SessionHandles share by default. - - - 1.6 Curl_share - - The libcurl share API allocates a Curl_share struct, exposed to the external - API as "CURLSH *". - - The idea is that the struct can have a set of own versions of caches and - pools and then by providing this struct in the CURLOPT_SHARE option, those - specific SessionHandles will use the caches/pools that this share handle - holds. - - Then individual SessionHandle structs can be made to share specific things - that they otherwise wouldn't, such as cookies. - - The Curl_share struct can currently hold cookies, DNS cache and the SSL - session cache. - - - 1.7 CookieInfo - - This is the main cookie struct. It holds all known cookies and related - information. Each SessionHandle has its own private CookieInfo even when - they are added to a multi handle. They can be made to share cookies by using - the share API. diff --git a/docs/LICENSE-MIXING b/docs/LICENSE-MIXING index a53835c..ccb6ada 100644 --- a/docs/LICENSE-MIXING +++ b/docs/LICENSE-MIXING @@ -23,29 +23,29 @@ libcurl http://curl.haxx.se/docs/copyright.html Uses an MIT (or Modified BSD)-style license that is as liberal as possible. -OpenSSL http://www.openssl.org/source/license.html +OpenSSL https://www.openssl.org/source/license.html (May be used for SSL/TLS support) Uses an Original BSD-style license with an announcement clause that makes it "incompatible" with GPL. You are not allowed to ship binaries that link with OpenSSL that includes GPL code (unless that specific GPL code includes an exception for OpenSSL - a habit that is growing more and more common). If OpenSSL's - licensing is a problem for you, consider using GnuTLS or yassl - instead. + licensing is a problem for you, consider using another TLS library. GnuTLS http://www.gnutls.org/ (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is - a problem for you, consider using OpenSSL instead. Also note that + a problem for you, consider using another TLS library. Also note that GnuTLS itself depends on and uses other libs (libgcrypt and libgpg-error) and they too are LGPL- or GPL-licensed. -yassl http://www.yassl.com/ +WolfSSL https://www.wolfssl.com/ - (May be used for SSL/TLS support) Uses the GPL[1] license. If this is - a problem for you, consider using OpenSSL or GnuTLS instead. + (May be used for SSL/TLS support) Uses the GPL[1] license or a + propietary license. If this is a problem for you, consider using + another TLS library. -NSS http://www.mozilla.org/projects/security/pki/nss/ +NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS (May be used for SSL/TLS support) Is covered by the MPL[4] license, the GPL[1] license and the LGPL[3] license. You may choose to license @@ -57,13 +57,29 @@ axTLS http://axtls.sourceforge.net/ (May be used for SSL/TLS support) Uses a Modified BSD-style license. +mbedTLS https://tls.mbed.org/ + + (May be used for SSL/TLS support) Uses the GPL[1] license or a + propietary license. If this is a problem for you, consider using + another TLS library. + +BoringSSL https://boringssl.googlesource.com/ + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + +libressl http://www.libressl.org/ + + (May be used for SSL/TLS support) As an OpenSSL fork, it has the same + license as that. + c-ares http://daniel.haxx.se/projects/c-ares/license.html (Used for asynchronous name resolves) Uses an MIT license that is very liberal and imposes no restrictions on any other library or part you may link with. -zlib http://www.gzip.org/zlib/zlib_license.html +zlib http://www.zlib.net/zlib_license.html (Used for compressed Transfer-Encoding support) Uses an MIT-style license that shouldn't collide with any other library. @@ -73,12 +89,12 @@ MIT Kerberos http://web.mit.edu/kerberos/www/dist/ (May be used for GSS support) MIT licensed, that shouldn't collide with any other parts. -Heimdal http://www.pdc.kth.se/heimdal/ +Heimdal http://www.h5l.org (May be used for GSS support) Heimdal is Original BSD licensed with the announcement clause. -GNU GSS http://www.gnu.org/software/gss/ +GNU GSS https://www.gnu.org/software/gss/ (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not distribute binary curl packages that uses this if you build @@ -105,10 +121,10 @@ libssh2 http://www.libssh2.org/ (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. -[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html -[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on +[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html +[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on how to write such an exception to the GPL [3] = LGPL - GNU Lesser General Public License: - http://www.gnu.org/licenses/lgpl.html + https://www.gnu.org/licenses/lgpl.html [4] = MPL - Mozilla Public License: - http://www.mozilla.org/MPL/ + https://www.mozilla.org/MPL/ diff --git a/docs/MAIL-ETIQUETTE b/docs/MAIL-ETIQUETTE index fb50312..b6c0f45 100644 --- a/docs/MAIL-ETIQUETTE +++ b/docs/MAIL-ETIQUETTE @@ -230,7 +230,7 @@ MAIL ETIQUETTE Quote as little as possible. Just enough to provide the context you cannot leave out. A lengthy description can be found here: - http://www.netmeister.org/news/learn2quote.html + https://www.netmeister.org/news/learn2quote.html 2.7 Digest diff --git a/docs/MANUAL b/docs/MANUAL index 113df20..fb34948 100644 --- a/docs/MANUAL +++ b/docs/MANUAL @@ -470,8 +470,8 @@ COOKIES stored cookies which match the request as it follows the location. The file "empty.txt" may be a nonexistent file. - Alas, to both read and write cookies from a netscape cookie file, you can - set both -b and -c to use the same file: + To read and write cookies from a netscape cookie file, you can set both -b + and -c to use the same file: curl -b cookies.txt -c cookies.txt www.example.com diff --git a/docs/Makefile.am b/docs/Makefile.am index 1f92911..cfef3e9 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -37,8 +37,8 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE \ - SSL-PROBLEMS + MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \ + SSL-PROBLEMS HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md MAN2HTML= roffit < $< >$@ diff --git a/docs/Makefile.in b/docs/Makefile.in index 49f9338..9750269 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -36,7 +36,17 @@ # ########################################################################### VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -100,8 +110,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = docs -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/mkinstalldirs INSTALL THANKS TODO ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -122,7 +130,8 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = @@ -214,6 +223,7 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in INSTALL THANKS TODO DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -297,7 +307,7 @@ GREP = @GREP@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ -HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@ +HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ IDN_ENABLED = @IDN_ENABLED@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -350,6 +360,7 @@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SSL_ENABLED = @SSL_ENABLED@ +SSL_LIBS = @SSL_LIBS@ STRIP = @STRIP@ SUPPORT_FEATURES = @SUPPORT_FEATURES@ SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@ @@ -366,7 +377,6 @@ USE_NSS = @USE_NSS@ USE_OPENLDAP = @USE_OPENLDAP@ USE_POLARSSL = @USE_POLARSSL@ USE_SCHANNEL = @USE_SCHANNEL@ -USE_SSLEAY = @USE_SSLEAY@ USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@ USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@ VERSION = @VERSION@ @@ -438,8 +448,8 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE \ - SSL-PROBLEMS + MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \ + SSL-PROBLEMS HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md MAN2HTML = roffit < $< >$@ SUFFIXES = .1 .html .pdf @@ -459,7 +469,6 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign docs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign docs/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -800,6 +809,8 @@ uninstall-man: uninstall-man1 mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 +.PRECIOUS: Makefile + html: $(HTMLPAGES) cd libcurl; make html diff --git a/docs/RELEASE-PROCEDURE b/docs/RELEASE-PROCEDURE index 2f85b3f..fc31274 100644 --- a/docs/RELEASE-PROCEDURE +++ b/docs/RELEASE-PROCEDURE @@ -1,9 +1,3 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - curl release procedure - how to do a release ============================================ @@ -84,11 +78,12 @@ Coming dates Based on the description above, here are some planned release dates (at the time of this writing): -- November 5, 2014 (version 7.39.0) -- December 31, 2014 -- February 25, 2015 -- April 22, 2015 -- June 17, 2015 +- June 17, 2015 (version 7.43.0) - August 12, 2015 - October 7, 2015 - December 2, 2015 +- January 27, 2016 +- March 23, 2016 +- May 18, 2016 +- July 13, 2016 +- September 7, 2016 diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md new file mode 100644 index 0000000..eb52d18 --- /dev/null +++ b/docs/ROADMAP.md @@ -0,0 +1,139 @@ +curl the next few years - perhaps +================================= + +Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is +intended to serve as a guideline for others for information, feedback and +possible participation. + +HTTP/2 +------ + +- test suite + + Base this on existing nghttp2 server to start with to make functional + tests. Later on we can adopt that code or work with nghttp2 to provide ways + to have the http2 server respond with broken responses to make sure we deal + with that nicely as well. + + To decide: if we need to bundle parts of the nghttp2 stuff that probably + won't be shipped by many distros. + +- stream properties API + + Provide options for setting priorities and dependencies among the streams + (easy handles). They are mostly information set for the stream and sent to + the server so we don't have to add much logic for this. + +- server push + + Not exactly clear exactly how to support this API-wise, but by adding + handles without asking for a resource it could be a way to be prepared to + receive pushes in case such are sent. We probably need it to still specify + a URL with host name, port etc but we probably need a special option to + tell libcurl it is for server push purposes. + +- provide option for HTTP/2 "prior knowledge" over clear text + + As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_ + it speaks HTTP/2. + +- provide option to allow curl to default to HTTP/2 only when using HTTPS + + We could switch on HTTP/2 by-default for HTTPS quite easily and it + shouldn't hurt anyone, while HTTP/2 for HTTP by default could introduce + lots of Upgrade: roundtrips that users won't like. So a separated option + alternative makes sense. + +SRV records +----------- + +How to find services for specific domains/hosts. + +HTTPS to proxy +-------------- + +To avoid network traffic to/from the proxy getting snooped on. + +curl_formadd() +-------------- + +make sure there's an easy handle passed in to `curl_formadd()`, +`curl_formget()` and `curl_formfree()` by adding replacement functions and +deprecating the old ones to allow custom mallocs and more + +third-party SASL +---------------- + +add support for third-party SASL libraries such as Cyrus SASL - may need to +move existing native and SSPI based authentication into vsasl folder after +reworking HTTP and SASL code + +SASL authentication in LDAP +--------------------------- + +... + +Simplify the SMTP email +----------------------- + +Simplify the SMTP email interface so that programmers don't have to +construct the body of an email that contains all the headers, alternative +content, images and attachments - maintain raw interface so that +programmers that want to do this can + +email capabilities +------------------ + +Allow the email protocols to return the capabilities before +authenticating. This will allow an application to decide on the best +authentication mechanism + +Win32 pthreads +-------------- + +Allow Windows threading model to be replaced by Win32 pthreads port + +dynamic buffer size +------------------- + +Implement a dynamic buffer size to allow SFTP to use much larger buffers and +possibly allow the size to be customizable by applications. Use less memory +when handles are not in use? + +New stuff - curl +---------------- + +1. Embed a language interpreter (lua?). For that middle ground where curl + isn’t enough and a libcurl binding feels “too much”. Build-time conditional + of course. + +2. Simplify the SMTP command line so that the headers and multi-part content + don't have to be constructed before calling curl + +Improve +------- + +1. build for windows (considered hard by many users) + +2. curl -h output (considered overwhelming to users) + +3. we have > 160 command line options, is there a way to redo things to + simplify or improve the situation as we are likely to keep adding + features/options in the future too + +4. docs (considered "bad" by users but how do we make it better?) + + - split up curl.1 + +5. authentication framework (consider merging HTTP and SASL authentication to + give one API for protocols to call) + +6. Perform some of the clean up from the TODO document, removing old + definitions and such like that are currently earmarked to be removed years + ago + +Remove +------ + +1. makefile.vc files as there is no point in maintaining two sets of Windows + makefiles. Note: These are currently being used by the Windows autobuilds diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS index 7ee4d14..45faa24 100644 --- a/docs/SSL-PROBLEMS +++ b/docs/SSL-PROBLEMS @@ -26,7 +26,7 @@ CA bundle missing intermediate certificates problems if your CA cert does not have the certificates for the intermediates in the whole trust chain. -SSL version +Protocol version Some broken servers fail to support the protocol negotiation properly that SSL servers are supposed to handle. This may cause the connection to fail @@ -36,7 +36,9 @@ SSL version An additional complication can be that modern SSL libraries sometimes are built with support for older SSL and TLS versions disabled! -SSL ciphers + All versions of SSL are considered insecure and should be avoided. Use TLS. + +Ciphers Clients give servers a list of ciphers to select from. If the list doesn't include any ciphers the server wants/can use, the connection handshake @@ -51,9 +53,13 @@ SSL ciphers Note that these weak ciphers are identified as flawed. For example, this includes symmetric ciphers with less than 128 bit keys and RC4. + WinSSL in Windows XP is not able to connect to servers that no longer + support the legacy handshakes and algorithms used by those versions, so we + advice against building curl to use WinSSL on really old Windows versions. + References: - http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 + https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 Allow BEAST @@ -65,3 +71,17 @@ Allow BEAST introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability but on the other hand it allows curl to connect to that kind of strange servers. + +Disabling certificate revocation checks + + Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) + depending on the OS or build configuration. The --ssl-no-revoke option was + introduced in 7.44.0 to disable revocation checking but currently is only + supported for WinSSL (the native Windows SSL library), with an exception in + the case of Windows' Untrusted Publishers blacklist which it seems can't be + bypassed. This option may have broader support to accommodate other SSL + backends in the future. + + References: + + http://curl.haxx.se/docs/ssl-compared.html diff --git a/docs/THANKS b/docs/THANKS index 0887881..89a738d 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -36,10 +36,14 @@ Alex Suykov Alex Vinnik Alex aka WindEagle Alexander Beedie +Alexander Dyagilev +Alexander Elgert Alexander Klauer Alexander Kourakos Alexander Krasnostavsky Alexander Lazic +Alexander Pepper +Alexander Peslyak Alexander Zhuravlev Alexey Borzov Alexey Pesternikov @@ -52,6 +56,7 @@ Alona Rossen Amol Pattekar Amr Shahin Anatoli Tubman +Anders Bakken Anders Gustafsson Anders Havn Andi Jahja @@ -79,6 +84,7 @@ Andrew Kurushin Andrew Moise Andrew Wansink Andrew de los Reyes +Andrey Labunets Andrii Moiseiev Andrés García Andy Cedilnik @@ -86,6 +92,7 @@ Andy Serpa Andy Tsouladze Angus Mackay Anthon Pang +Anthony Avina Anthony Bryan Anthony G. Basile Antoine Calando @@ -100,6 +107,7 @@ Arnaud Ebalard Arthur Murray Arve Knudsen Arvid Norberg +Ashish Shukla Ask Bjørn Hansen Askar Safin Ates Goral @@ -112,6 +120,7 @@ Balint Szilakszi Barry Abrahamson Bart Whiteley Bas Mevissen +Ben Boeckel Ben Darnell Ben Greear Ben Madsen @@ -126,6 +135,7 @@ Benoit Neil Benoit Sigoure Bernard Leak Bernhard Reutner-Fischer +Bert Huijben Bertrand Demiddelaer Bill Doyle Bill Egert @@ -142,6 +152,7 @@ Bob Richmond Bob Schader Bogdan Nicula Brad Burdick +Brad Harder Brad Hards Brad King Brad Spencer @@ -151,8 +162,10 @@ Brandon Wang Brendan Jurd Brent Beardsley Brian Akins +Brian Chrisman Brian Dessent Brian J. Murrell +Brian Prodoehl Brian R Duffy Brian Ulm Brock Noland @@ -172,9 +185,11 @@ Catalin Patulea Chad Monroe Chandrakant Bagul Charles Kerr +Charles Romestant Chen Prog Chih-Chung Chang Chris "Bob Bob" +Chris Araman Chris Combes Chris Conlon Chris Deidun @@ -221,6 +236,7 @@ Curt Bogmine Cyrill Osterwalder Cédric Deltheil D. Flinkmann +Da-Yoon Chung Dag Ekengren Dagobert Michelsen Damian Dixon @@ -237,6 +253,7 @@ Daniel Black Daniel Cater Daniel Egger Daniel Johnson +Daniel Melani Daniel Mentz Daniel Steinberg Daniel Stenberg @@ -298,6 +315,7 @@ Dirk Manske Dmitri Shubin Dmitriy Sergeyev Dmitry Bartsevich +Dmitry Eremin-Solenikov Dmitry Falko Dmitry Kurochkin Dmitry Popov @@ -313,6 +331,7 @@ Douglas Kilpatrick Douglas R. Horner Douglas Steinwand Dov Murik +Drake Arconis Duane Cathey Duncan Mac-Vicar Prett Dustin Boswell @@ -327,10 +346,12 @@ Edward Rudd Edward Sheldrake Eelco Dolstra Eetu Ojanen +Egon Eckert Eldar Zaitov Ellis Pritchard Elmira A Semenova Emanuele Bovisio +Emil Lerner Emil Romanus Emiliano Ida Enrico Scholz @@ -381,6 +402,7 @@ François Charlier Fred Machado Fred New Fred Noz +Fred Stluka Frederic Lepied Fredrik Thulin Gabriel Kuri @@ -418,6 +440,7 @@ Glenn Sheridan Gordon Marler Gorilla Maguila Grant Erickson +Grant Pannell Greg Hewgill Greg Morse Greg Onufer @@ -436,6 +459,7 @@ Götz Babin-Ebell Hamish Mackenzie Hang Kin Lau Hang Su +Hanno Böck Hanno Kranzhoff Hans Steegers Hans-Jurgen May @@ -476,6 +500,7 @@ Immanuel Gregoire Ingmar Runge Ingo Ralf Blum Ingo Wilken +Isaac Boukris Ishan SinghLevett Ivo Bellin Salarin Jack Zhang @@ -516,6 +541,7 @@ Jaz Fresh Jean Jacques Drouin Jean-Claude Chauve Jean-Francois Bertrand +Jean-Francois Durand Jean-Louis Lemaire Jean-Marc Ranger Jean-Noël Rouvignac @@ -528,10 +554,12 @@ Jeff Lawson Jeff Phillips Jeff Pohlmeyer Jeff Weber +Jens Rantil Jeremy Friesner Jeremy Huddleston Jeremy Lin Jeroen Koekkoek +Jeroen Ooms Jerome Muffat-Meridol Jerome Robert Jerome Vouillon @@ -545,6 +573,7 @@ Jim Drash Jim Freeman Jim Hollinger Jim Meyering +Jiri Dvorak Jiri Hruska Jiri Jaburek Jiri Malak @@ -553,8 +582,10 @@ Joe Halpin Joe Malicki Joe Mason Joel Chen +Joel Depooter Jofell Gallardo Johan Anderson +Johan Lantz Johan Nilsson Johan van Selst Johannes Bauer @@ -572,6 +603,7 @@ John Kelly John Lask John Lightsey John Marino +John Marshall John McGowan John P. McCaskey John Suprock @@ -581,6 +613,8 @@ Johnny Luong Jon Grubbs Jon Nelson Jon Sargeant +Jon Seymour +Jon Spencer Jon Torrey Jon Travis Jon Turner @@ -589,6 +623,7 @@ Jonas Schnelli Jonatan Lander Jonatan Vela Jonathan Cardoso Machado +Jonathan Cardoso Machado Machado Jonathan Hseu Jonathan Nieder Jongki Suwandi @@ -605,8 +640,10 @@ Judson Bishop Juergen Wilke Jukka Pihl Julian Noble +Julian Ospald Julian Taylor Julien Chaffraix +Julien Nabet Julien Royer Jun-ichiro itojun Hagino Jurij Smakov @@ -652,6 +689,7 @@ Krishnendu Majumdar Krister Johansen Kristian Gunstone Kristian Köhntopp +Kyle J. McKay Kyle L. Huff Kyle Sallee Lachlan O'Dea @@ -670,6 +708,7 @@ Laurent Rabret Legoff Vincent Lehel Bernadt Leif W +Leith Bade Len Krause Lenaic Lefever Lenny Rachitsky @@ -682,6 +721,7 @@ Lindley French Ling Thio Linus Nielsen Feltzing Lisa Xu +Liviu Chircu Liza Alenchery Lluís Batlle i Rossell Loic Dachary @@ -709,8 +749,10 @@ Manuel Massing Marc Boucher Marc Deslauriers Marc Doughty +Marc Hesse Marc Hoersken Marc Kleine-Budde +Marc Renault Marcel Raad Marcel Roelofs Marcelo Juchem @@ -733,6 +775,7 @@ Mark Salisbury Mark Snelling Mark Tully Markus Duft +Markus Elfring Markus Koetter Markus Moeller Markus Oberhumer @@ -761,6 +804,7 @@ Matt Wixson Matteo Rocco Matthew Blain Matthew Clarke +Matthew Hall Matthias Bolte Maurice Barnum Mauro Iorio @@ -781,16 +825,19 @@ Michael Day Michael Goffioul Michael Jahn Michael Jerris +Michael Kaufmann Michael Mealling Michael Mueller Michael Osipov Michael Smith +Michael Stapelberg Michael Stillwell Michael Wallner Michal Bonino Michal Marek Michał Górny Michał Kowalczyk +Michel Promonet Michele Bini Miguel Angel Miguel Diaz @@ -814,6 +861,7 @@ Mitz Wark Mohamed Lrhazi Mohammad AlSaleh Mohun Biswas +Mostyn Bramley-Moore Myk Taylor Nach M. S. Nagai H @@ -843,6 +891,7 @@ Nikos Mavrogiannopoulos Ning Dong Nir Soffer Nis Jorgensen +Nobuhiro Ban Nodak Sodak Norbert Frese Norbert Novotny @@ -854,7 +903,9 @@ Oliver Gondža Oliver Kuckertz Oliver Schindler Olivier Berger +Oren Souroujon Oren Tirosh +Orgad Shaneh Ori Avtalion Oscar Koeroo Oscar Norlander @@ -870,6 +921,7 @@ Patricia Muscalu Patrick Bihan-Faou Patrick McManus Patrick Monnerat +Patrick Rapin Patrick Scott Patrick Smith Patrick Watson @@ -882,6 +934,7 @@ Paul Marks Paul Marquis Paul Moore Paul Nolan +Paul Oliver Paul Querna Paul Saab Pavel Cenek @@ -898,6 +951,7 @@ Peter Heuchert Peter Hjalmarsson Peter Korsgaard Peter Lamberg +Peter Laser Peter O'Gorman Peter Pentchev Peter Silva @@ -938,6 +992,7 @@ Quinn Slack Radu Simionescu Rafa Muyo Rafael Sagula +Rafayel Mkrtchyan Rafaël Carré Rainer Canavan Rainer Jung @@ -963,6 +1018,7 @@ Rene Rebe Reuven Wachtfogel Reza Arbab Ricardo Cadime +Rich Burridge Rich Gray Rich Rauenzahn Richard Archer @@ -1021,6 +1077,8 @@ S. Moonesamy Salvador Dávila Salvatore Sorrentino Sam Deane +Sam Hurst +Sam Schanken Sampo Kellomaki Samuel Díaz García Samuel Listopad @@ -1038,6 +1096,7 @@ Scott Barrett Scott Cantor Scott Davis Scott McCreary +Sean Boudreau Sebastian Rasmussen Senthil Raja Velu Sergei Nikulov @@ -1065,6 +1124,8 @@ Spork Schivago Stadler Stephan Stan van de Burgt Stanislav Ivochkin +Stefan Bühler +Stefan Eissing Stefan Esser Stefan Krause Stefan Neis @@ -1079,6 +1140,7 @@ Stephen More Sterling Hughes Steve Green Steve H Truong +Steve Havelka Steve Holme Steve Lhomme Steve Little @@ -1099,6 +1161,7 @@ Symeon Paraschoudis Sébastien Willemijns T. Bharath T. Yamada +Tae Hyoung Ahn Taneli Vahakangas Tanguy Fautre Tatsuhiro Tsujikawa @@ -1108,6 +1171,7 @@ Thomas J. Moore Thomas Klausner Thomas L. Shinnick Thomas Lopatic +Thomas Ruecker Thomas Schwinge Thomas Tonino Tiit Pikma @@ -1127,6 +1191,7 @@ Timo Sirainen Tinus van den Berg Tobias Markus Tobias Rundström +Tobias Stoeckmann Toby Peterson Todd A Ouska Todd Kulesza @@ -1147,6 +1212,8 @@ Tomas Hoger Tomas Mlcoch Tomas Pospisek Tomas Szepe +Tomas Tomecek +Tomasz Kojm Tomasz Lacki Tommie Gannert Tommy Tam @@ -1173,6 +1240,7 @@ Victor Snezhko Vijay Panghal Vikram Saxena Viktor Szakáts +Ville Skyttä Vilmos Nebehaj Vincent Bronner Vincent Le Normand @@ -1185,10 +1253,12 @@ Vladimir Grishchenko Vladimir Lazarenko Vojtech Janota Vojtech Minarik +Vojtěch Král Vsevolod Novikov Waldek Kozba Walter J. Mack Ward Willats +Warren Menzer Wayne Haigh Werner Koch Wesley Laxton @@ -1203,6 +1273,7 @@ Wouter Van Rooy Wu Yongzheng Xavier Bouchoux Yaakov Selkowitz +Yamada Yasuharu Yang Tse Yarram Sunil Yasuharu Yamada @@ -1212,6 +1283,7 @@ Yi Huang Yingwei Liu Yousuke Kimoto Yukihiro Kawada +Yun SangHo Yuriy Sosov Yves Arrouye Yves Lejeune diff --git a/docs/TODO b/docs/TODO index 2b5a4c2..9eb6b26 100644 --- a/docs/TODO +++ b/docs/TODO @@ -9,6 +9,11 @@ Things to do in project cURL. Please tell us what you think, contribute and send us patches that improve things! + Be aware that these are things that we could do, or have once been considered + things we could do. If you want to work on any of these areas, please + consider bringing it up for discussions first on the mailing list so that we + all agree it is still a good idea for the project! + All bugs documented in the KNOWN_BUGS document are subject for fixing! 1. libcurl @@ -20,6 +25,8 @@ 1.7 Detect when called from within callbacks 1.8 Allow SSL (HTTPS) to proxy 1.9 Cache negative name resolves + 1.10 Support IDNA2008 + 1.11 minimize dependencies with dynamicly loaded modules 2. libcurl - multi interface 2.1 More non-blocking @@ -44,6 +51,7 @@ 5.3 Rearrange request header order 5.4 SPDY 5.5 auth= in URLs + 5.6 Refuse "downgrade" redirects 6. TELNET 6.1 ditch stdin @@ -65,61 +73,75 @@ 10. LDAP 10.1 SASL based authentication mechanisms - 11. New protocols - 11.1 RSYNC - - 12. SSL - 12.1 Disable specific versions - 12.2 Provide mutex locking API - 12.3 Evaluate SSL patches - 12.4 Cache OpenSSL contexts - 12.5 Export session ids - 12.6 Provide callback for cert verification - 12.7 improve configure --with-ssl - 12.8 Support DANE - - 13. GnuTLS - 13.1 SSL engine stuff - 13.2 check connection - - 14. SASL - 14.1 Other authentication mechanisms - 14.2 Add QOP support to GSSAPI authentication + 11. SMB + 11.1 File listing support + 11.2 Honor file timestamps + 11.3 Use NTLMv2 + + 12. New protocols + 12.1 RSYNC + + 13. SSL + 13.1 Disable specific versions + 13.2 Provide mutex locking API + 13.3 Evaluate SSL patches + 13.4 Cache OpenSSL contexts + 13.5 Export session ids + 13.6 Provide callback for cert verification + 13.7 improve configure --with-ssl + 13.8 Support DANE + + 14. GnuTLS + 14.1 SSL engine stuff + 14.2 check connection + + 15. WinSSL/SChannel + 15.1 Add support for client certificate authentication + 15.2 Add support for custom server certificate validation + 15.3 Add support for the --ciphers option + + 16. SASL + 16.1 Other authentication mechanisms + 16.2 Add QOP support to GSSAPI authentication - 15. Client - 15.1 sync - 15.2 glob posts - 15.3 prevent file overwriting - 15.4 simultaneous parallel transfers - 15.5 provide formpost headers - 15.6 warning when setting an option - - 16. Build - 16.1 roffit - - 17. Test suite - 17.1 SSL tunnel - 17.2 nicer lacking perl message - 17.3 more protocols supported - 17.4 more platforms supported - 17.5 Add support for concurrent connections - - 18. Next SONAME bump - 18.1 http-style HEAD output for FTP - 18.2 combine error codes - 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype - - 19. Next major release - 19.1 cleanup return codes - 19.2 remove obsolete defines - 19.3 size_t - 19.4 remove several functions - 19.5 remove CURLOPT_FAILONERROR - 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE - 19.7 remove progress meter from libcurl - 19.8 remove 'curl_httppost' from public - 19.9 have form functions use CURL handle argument - 19.10 Add CURLOPT_MAIL_CLIENT option + 17. Client + 17.1 sync + 17.2 glob posts + 17.3 prevent file overwriting + 17.4 simultaneous parallel transfers + 17.5 provide formpost headers + 17.6 warning when setting an option + 17.7 warning when sending binary output to terminal + 17.8 offer color-coded HTTP header output + 17.9 Choose the name of file in braces for complex URLs + 17.10 improve how curl works in a windows console window + + 18. Build + 18.1 roffit + + 19. Test suite + 19.1 SSL tunnel + 19.2 nicer lacking perl message + 19.3 more protocols supported + 19.4 more platforms supported + 19.5 Add support for concurrent connections + + 20. Next SONAME bump + 20.1 http-style HEAD output for FTP + 20.2 combine error codes + 20.3 extend CURLOPT_SOCKOPTFUNCTION prototype + + 21. Next major release + 21.1 cleanup return codes + 21.2 remove obsolete defines + 21.3 size_t + 21.4 remove several functions + 21.5 remove CURLOPT_FAILONERROR + 21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE + 21.7 remove progress meter from libcurl + 21.8 remove 'curl_httppost' from public + 21.9 have form functions use CURL handle argument + 21.10 Add CURLOPT_MAIL_CLIENT option ============================================================================== @@ -189,7 +211,7 @@ To prevent local users from snooping on your traffic to the proxy. Supported by Chrome already: - http://www.chromium.org/developers/design-documents/secure-web-proxy + https://www.chromium.org/developers/design-documents/secure-web-proxy ...and by Firefox soon: https://bugzilla.mozilla.org/show_bug.cgi?id=378637 @@ -199,6 +221,19 @@ A name resolve that has failed is likely to fail when made again within a short period of time. Currently we only cache positive responses. +1.10 Support IDNA2008 + + International Domain Names are supported in libcurl since years back, powered + by libidn. libidn implements IDNA2003 which has been superseded by IDNA2008. + libidn2 is an existing library offering support for IDNA2008. + +1.11 minimize dependencies with dynamicly loaded modules + + We can create a system with loadable modules/plug-ins, where these modules + would be the ones that link to 3rd party libs. That would allow us to avoid + having to load ALL dependencies since only the necessary ones for this + app/invoke/used protocols would be necessary to load. See + https://github.com/bagder/curl/issues/349 2. libcurl - multi interface @@ -246,7 +281,7 @@ HOST is a command for a client to tell which host name to use, to offer FTP servers named-based virtual hosting: - http://tools.ietf.org/html/rfc7151 + https://tools.ietf.org/html/rfc7151 4.2 Alter passive/active on failure and retry @@ -330,6 +365,14 @@ This is not detailed in any FTP specification. Additionally this should be implemented for proxy base URLs as well. +5.6 Refuse "downgrade" redirects + + See https://github.com/bagder/curl/issues/226 + + Consider a way to tell curl to refuse to "downgrade" protocol with a redirect + and/or possibly a bit that refuses redirect to change protocol completely. + + 6. TELNET 6.1 ditch stdin @@ -393,32 +436,47 @@ to provide the data to send. be possible to use ldap_bind_s() instead specifying the security context information ourselves. -11. New protocols +11. SMB + +11.1 File listing support -11.1 RSYNC +Add support for listing the contents of a SMB share. The output should probably +be the same as/similar to FTP. + +11.2 Honor file timestamps + +The timestamp of the transferred file should reflect that of the original file. + +11.3 Use NTLMv2 + +Currently the SMB authentication uses NTLMv1. + +12. New protocols + +12.1 RSYNC There's no RFC for the protocol or an URI/URL format. An implementation should most probably use an existing rsync library, such as librsync. -12. SSL +13. SSL -12.1 Disable specific versions +13.1 Disable specific versions Provide an option that allows for disabling specific SSL versions, such as SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276 -12.2 Provide mutex locking API +13.2 Provide mutex locking API Provide a libcurl API for setting mutex callbacks in the underlying SSL library, so that the same application code can use mutex-locking independently of OpenSSL or GnutTLS being used. -12.3 Evaluate SSL patches +13.3 Evaluate SSL patches Evaluate/apply Gertjan van Wingerde's SSL patches: http://curl.haxx.se/mail/lib-2004-03/0087.html -12.4 Cache OpenSSL contexts +13.4 Cache OpenSSL contexts "Look at SSL cafile - quick traces look to me like these are done on every request as well, when they should only be necessary once per SSL context (or @@ -428,7 +486,7 @@ to provide the data to send. style connections are re-used. It will make us use slightly more memory but it will libcurl do less creations and deletions of SSL contexts. -12.5 Export session ids +13.5 Export session ids Add an interface to libcurl that enables "session IDs" to get exported/imported. Cris Bailiff said: "OpenSSL has functions which can @@ -436,22 +494,22 @@ to provide the data to send. the state from such a buffer at a later date - this is used by mod_ssl for apache to implement and SSL session ID cache". -12.6 Provide callback for cert verification +13.6 Provide callback for cert verification OpenSSL supports a callback for customised verification of the peer certificate, but this doesn't seem to be exposed in the libcurl APIs. Could it be? There's so much that could be done if it were! -12.7 improve configure --with-ssl +13.7 improve configure --with-ssl make the configure --with-ssl option first check for OpenSSL, then GnuTLS, then NSS... -12.8 Support DANE +13.8 Support DANE DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL keys and certs over DNS using DNSSEC as an alternative to the CA model. - http://www.rfc-editor.org/rfc/rfc6698.txt + https://www.rfc-editor.org/rfc/rfc6698.txt An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple @@ -459,34 +517,69 @@ to provide the data to send. http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the correct library to base this development on. -13. GnuTLS +14. GnuTLS -13.1 SSL engine stuff +14.1 SSL engine stuff Is this even possible? -13.2 check connection +14.2 check connection Add a way to check if the connection seems to be alive, to correspond to the SSL_peak() way we use with OpenSSL. -14. SASL +15. WinSSL/SChannel + +15.1 Add support for client certificate authentication + + WinSSL/SChannel currently makes use of the OS-level system and user + certificate and private key stores. This does not allow the application + or the user to supply a custom client certificate using curl or libcurl. + + Therefore support for the existing -E/--cert and --key options should be + implemented by supplying a custom certificate to the SChannel APIs, see: + - Getting a Certificate for Schannel + https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx -14.1 Other authentication mechanisms +15.2 Add support for custom server certificate validation - Add support for other authentication mechanisms such as EXTERNAL, OLP, + WinSSL/SChannel currently makes use of the OS-level system and user + certificate trust store. This does not allow the application or user to + customize the server certificate validation process using curl or libcurl. + + Therefore support for the existing --cacert or --capath options should be + implemented by supplying a custom certificate to the SChannel APIs, see: + - Getting a Certificate for Schannel + https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx + +15.3 Add support for the --ciphers option + + The cipher suites used by WinSSL/SChannel are configured on an OS-level + instead of an application-level. This does not allow the application or + the user to customize the configured cipher suites using curl or libcurl. + + Therefore support for the existing --ciphers option should be implemented + by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see + - Specifying Schannel Ciphers and Cipher Strengths + https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx + +16. SASL + +16.1 Other authentication mechanisms + + Add support for other authentication mechanisms such as OLP, GSS-SPNEGO and others. -14.2 Add QOP support to GSSAPI authentication +16.2 Add QOP support to GSSAPI authentication Currently the GSSAPI authentication only supports the default QOP of auth (Authentication), whilst Kerberos V5 supports both auth-int (Authentication with integrity protection) and auth-conf (Authentication with integrity and privacy protection). -15. Client +17. Client -15.1 sync +17.1 sync "curl --sync http://example.com/feed[1-100].rss" or "curl --sync http://example.net/{index,calendar,history}.html" @@ -495,12 +588,12 @@ to provide the data to send. remote file is newer than the local file. A Last-Modified HTTP date header should also be used to set the mod date on the downloaded file. -15.2 glob posts +17.2 glob posts Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. This is easily scripted though. -15.3 prevent file overwriting +17.3 prevent file overwriting Add an option that prevents cURL from overwriting existing local files. When used, and there already is an existing file with the target file name @@ -508,14 +601,14 @@ to provide the data to send. existing). So that index.html becomes first index.html.1 and then index.html.2 etc. -15.4 simultaneous parallel transfers +17.4 simultaneous parallel transfers The client could be told to use maximum N simultaneous parallel transfers and then just make sure that happens. It should of course not make more than one connection to the same remote host. This would require the client to use the multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595 -15.5 provide formpost headers +17.5 provide formpost headers Extending the capabilities of the multipart formposting. How about leaving the ';type=foo' syntax as it is and adding an extra tag (headers) which @@ -529,43 +622,73 @@ to provide the data to send. which should overwrite the program reasonable defaults (plain/text, 8bit...) -15.6 warning when setting an option +17.6 warning when setting an option + + Display a warning when libcurl returns an error when setting an option. + This can be useful to tell when support for a particular feature hasn't been + compiled into the library. + +17.7 warning when sending binary output to terminal + + Provide a way that prompts the user for confirmation before binary data is + sent to the terminal, much in the style 'less' does it. + +17.8 offer color-coded HTTP header output + + By offering different color output on the header name and the header + contents, they could be made more readable and thus help users working on + HTTP services. + +17.9 Choose the name of file in braces for complex URLs + + When using braces to download a list of URLs and you use complicated names + in the list of alternatives, it could be handy to allow curl to use other + names when saving. + + Consider a way to offer that. Possibly like + {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the + colon is the output name. + + See https://github.com/bagder/curl/issues/221 + +17.10 improve how curl works in a windows console window + + If you pull the scrollbar when transferring with curl in a Windows console + window, the transfer is interrupted and can get disconnected. This can + probably be improved. See https://github.com/bagder/curl/issues/322 - Display a warning when libcurl returns an error when setting an option. - This can be useful to tell when support for a particular feature hasn't been - compiled into the library. -16. Build +18. Build -16.1 roffit +18.1 roffit Consider extending 'roffit' to produce decent ASCII output, and use that instead of (g)nroff when building src/tool_hugehelp.c -17. Test suite +19. Test suite -17.1 SSL tunnel +19.1 SSL tunnel Make our own version of stunnel for simple port forwarding to enable HTTPS and FTP-SSL tests without the stunnel dependency, and it could allow us to provide test tools built with either OpenSSL or GnuTLS -17.2 nicer lacking perl message +19.2 nicer lacking perl message If perl wasn't found by the configure script, don't attempt to run the tests but explain something nice why it doesn't. -17.3 more protocols supported +19.3 more protocols supported Extend the test suite to include more protocols. The telnet could just do FTP or http operations (for which we have test servers). -17.4 more platforms supported +19.4 more platforms supported Make the test suite work on more platforms. OpenBSD and Mac OS. Remove fork()s and it should become even more portable. -17.5 Add support for concurrent connections +19.5 Add support for concurrent connections Tests 836, 882 and 938 were designed to verify that separate connections aren't used when using different login credentials in protocols that shouldn't re-use @@ -579,14 +702,14 @@ to provide the data to send. and thus the wait for connections loop is never entered to receive the second connection. -18. Next SONAME bump +20. Next SONAME bump -18.1 http-style HEAD output for FTP +20.1 http-style HEAD output for FTP #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers from being output in NOBODY requests over FTP -18.2 combine error codes +20.2 combine error codes Combine some of the error codes to remove duplicates. The original numbering should not be changed, and the old identifiers would be @@ -611,29 +734,29 @@ to provide the data to send. CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED -18.3 extend CURLOPT_SOCKOPTFUNCTION prototype +20.3 extend CURLOPT_SOCKOPTFUNCTION prototype The current prototype only provides 'purpose' that tells what the connection/socket is for, but not any protocol or similar. It makes it hard for applications to differentiate on TCP vs UDP and even HTTP vs FTP and similar. -19. Next major release +21. Next major release -19.1 cleanup return codes +21.1 cleanup return codes curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a CURLMcode. These should be changed to be the same. -19.2 remove obsolete defines +21.2 remove obsolete defines remove obsolete defines from curl/curl.h -19.3 size_t +21.3 size_t make several functions use size_t instead of int in their APIs -19.4 remove several functions +21.4 remove several functions remove the following functions from the public API: @@ -654,18 +777,18 @@ to provide the data to send. curl_multi_socket_all -19.5 remove CURLOPT_FAILONERROR +21.5 remove CURLOPT_FAILONERROR Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird internally. Let the app judge success or not for itself. -19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE +21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE Remove support for a global DNS cache. Anything global is silly, and we already offer the share interface for the same functionality but done "right". -19.7 remove progress meter from libcurl +21.7 remove progress meter from libcurl The internally provided progress meter output doesn't belong in the library. Basically no application wants it (apart from curl) but instead applications @@ -675,7 +798,7 @@ to provide the data to send. variable types passed to it instead of doubles so that big files work correctly. -19.8 remove 'curl_httppost' from public +21.8 remove 'curl_httppost' from public curl_formadd() was made to fill in a public struct, but the fact that the struct is public is never really used by application for their own advantage @@ -684,7 +807,7 @@ to provide the data to send. Changing them to return a private handle will benefit the implementation and allow us much greater freedoms while still maintaining a solid API and ABI. -19.9 have form functions use CURL handle argument +21.9 have form functions use CURL handle argument curl_formadd() and curl_formget() both currently have no CURL handle argument, but both can use a callback that is set in the easy handle, and @@ -692,7 +815,7 @@ to provide the data to send. curl_easy_perform() (or similar) called - which is hard to grasp and a design mistake. -19.10 Add CURLOPT_MAIL_CLIENT option +21.10 Add CURLOPT_MAIL_CLIENT option Rather than use the URL to specify the mail client string to present in the HELO and EHLO commands, libcurl should support a new CURLOPT specifically for diff --git a/docs/TheArtOfHttpScripting b/docs/TheArtOfHttpScripting index 7235f12..76faee4 100644 --- a/docs/TheArtOfHttpScripting +++ b/docs/TheArtOfHttpScripting @@ -1,4 +1,3 @@ -Updated: Dec 24, 2013 (http://curl.haxx.se/docs/httpscripting.html) _ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | @@ -23,6 +22,8 @@ The Art Of Scripting HTTP Requests Using Curl 3. Fetch a page 3.1 GET 3.2 HEAD + 3.3 Multiple URLs in a single command line + 3.4 Multiple HTTP methods in a single command line 4. HTML forms 4.1 Forms explained 4.2 GET @@ -136,7 +137,7 @@ The Art Of Scripting HTTP Requests Using Curl The Uniform Resource Locator format is how you specify the address of a particular resource on the Internet. You know these, you've seen URLs like http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the - canonical spec. + canonical spec. And yeah, the formal name is not URL, it is URI. 2.2 Host @@ -193,7 +194,6 @@ The Art Of Scripting HTTP Requests Using Curl the associated response. The path is what is to the right side of the slash that follows the host name and possibly port number. - 3. Fetch a page 3.1 GET @@ -224,6 +224,46 @@ The Art Of Scripting HTTP Requests Using Curl may see a Content-Length: in the response headers, but there must not be an actual body in the HEAD response. + 3.3 Multiple URLs in a single command line + + A single curl command line may involve one or many URLs. The most common case + is probably to just use one, but you can specify any amount of URLs. Yes + any. No limits. You'll then get requests repeated over and over for all the + given URLs. + + Example, send two GETs: + + curl http://url1.example.com http://url2.example.com + + If you use --data to POST to the URL, using multiple URLs means that you send + that same POST to all the given URLs. + + Example, send two POSTs: + + curl --data name=curl http://url1.example.com http://url2.example.com + + + 3.4 Multiple HTTP methods in a single command line + + Sometimes you need to operate on several URLs in a single command line and do + different HTTP methods on each. For this, you'll enjoy the --next option. It + is basically a separator that separates a bunch of options from the next. All + the URLs before --next will get the same method and will get all the POST + data merged into one. + + When curl reaches the --next on the command line, it'll sort of reset the + method and the POST data and allow a new set. + + Perhaps this is best shown with a few examples. To send first a HEAD and then + a GET: + + curl -I http://example.com --next http://example.com + + To first send a POST and then a GET: + + curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html + + 4. HTML forms 4.1 Forms explained @@ -302,6 +342,10 @@ The Art Of Scripting HTTP Requests Using Curl curl --data-urlencode "name=I am Daniel" http://www.example.com + If you repeat --data several times on the command line, curl will + concatenate all the given data pieces - and put a '&' symbol between each + data segment. + 4.4 File Upload POST Back in late 1995 they defined an additional way to post data over HTTP. It @@ -557,8 +601,10 @@ The Art Of Scripting HTTP Requests Using Curl truckload of advanced features to allow all those encryptions and key infrastructure mechanisms encrypted HTTP requires. - Curl supports encrypted fetches thanks to the freely available OpenSSL - libraries. To get a page from a HTTPS server, simply run curl like: + Curl supports encrypted fetches when built to use a TLS library and it can be + built to use one out of a fairly large set of libraries - "curl -V" will show + which one your curl was built to use (if any!). To get a page from a HTTPS + server, simply run curl like: curl https://secure.example.com @@ -584,6 +630,12 @@ The Art Of Scripting HTTP Requests Using Curl http://curl.haxx.se/docs/sslcerts.html + At times you may end up with your own CA cert store and then you can tell + curl to use that to verify the server's certificate: + + curl --cacert ca-bundle.pem https://example.com/ + + 11. Custom Request Elements 11.1 Modify method and headers @@ -692,7 +744,7 @@ The Art Of Scripting HTTP Requests Using Curl 14.1 Standards - RFC 2616 is a must to read if you want in-depth understanding of the HTTP + RFC 7230 is a must to read if you want in-depth understanding of the HTTP protocol RFC 3986 explains the URL syntax diff --git a/docs/VERSIONS b/docs/VERSIONS index 0670089..72a4547 100644 --- a/docs/VERSIONS +++ b/docs/VERSIONS @@ -1,22 +1,18 @@ - _ _ ____ _ - ___| | | | _ \| | - / __| | | | |_) | | - | (__| |_| | _ <| |___ - \___|\___/|_| \_\_____| - Version Numbers and Releases +============================ Curl is not only curl. Curl is also libcurl. They're actually individually versioned, but they mostly follow each other rather closely. The version numbering is always built up using the same system: - X.Y[.Z] + X.Y.Z + + - X is main version number + - Y is release number + - Z is patch number - Where - X is main version number - Y is release number - Z is patch number +## Bumping numbers One of these numbers will get bumped in each new release. The numbers to the right of a bumped number will be reset to zero. If Z is zero, it may not be @@ -57,4 +53,4 @@ Version Numbers and Releases release. It makes comparisons with greater than and less than work. This number is also available as three separate defines: - LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH. + `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. diff --git a/docs/curl-config.html b/docs/curl-config.html index 1563d54..015dae8 100644 --- a/docs/curl-config.html +++ b/docs/curl-config.html @@ -4,15 +4,20 @@ curl-config man page + + +

NAME

+

libcurl-symbols - libcurl symbol version information

libcurl symbols

+

This man page details version information for public symbols provided in the libcurl header files. This lists the first version in which the symbol was introduced and for some symbols two additional information pieces: +

The first version in which the symbol is marked "deprecated" - meaning that since that version no new code should be written to use the symbol as it is marked for getting removed in a future. +

The last version that featured the specific symbol. Using the symbol in source code will make it no longer compile error-free after that specified version. +

This man page is automatically generated from the symbols-in-versions file. +

CURLAUTH_ANY +

Introduced in 7.10.6 +

CURLAUTH_ANYSAFE +

Introduced in 7.10.6 +

CURLAUTH_BASIC +

Introduced in 7.10.6 +

CURLAUTH_DIGEST +

Introduced in 7.10.6 +

CURLAUTH_DIGEST_IE +

Introduced in 7.19.3 +

CURLAUTH_GSSNEGOTIATE +

Introduced in 7.10.6 Deprecated since 7.38.0 +

CURLAUTH_NEGOTIATE +

Introduced in 7.38.0 +

CURLAUTH_NONE +

Introduced in 7.10.6 +

CURLAUTH_NTLM +

Introduced in 7.10.6 +

CURLAUTH_NTLM_WB +

Introduced in 7.22.0 +

CURLAUTH_ONLY +

Introduced in 7.21.3 +

CURLCLOSEPOLICY_CALLBACK +

Introduced in 7.7 +

CURLCLOSEPOLICY_LEAST_RECENTLY_USED +

Introduced in 7.7 +

CURLCLOSEPOLICY_LEAST_TRAFFIC +

Introduced in 7.7 +

CURLCLOSEPOLICY_NONE +

Introduced in 7.7 +

CURLCLOSEPOLICY_OLDEST +

Introduced in 7.7 +

CURLCLOSEPOLICY_SLOWEST +

Introduced in 7.7 +

CURLE_ABORTED_BY_CALLBACK +

Introduced in 7.1 +

CURLE_AGAIN +

Introduced in 7.18.2 +

CURLE_ALREADY_COMPLETE +

Introduced in 7.7.2 +

CURLE_BAD_CALLING_ORDER +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_BAD_CONTENT_ENCODING +

Introduced in 7.10 +

CURLE_BAD_DOWNLOAD_RESUME +

Introduced in 7.10 +

CURLE_BAD_FUNCTION_ARGUMENT +

Introduced in 7.1 +

CURLE_BAD_PASSWORD_ENTERED +

Introduced in 7.4.2 Deprecated since 7.17.0 +

CURLE_CHUNK_FAILED +

Introduced in 7.21.0 +

CURLE_CONV_FAILED +

Introduced in 7.15.4 +

CURLE_CONV_REQD +

Introduced in 7.15.4 +

CURLE_COULDNT_CONNECT +

Introduced in 7.1 +

CURLE_COULDNT_RESOLVE_HOST +

Introduced in 7.1 +

CURLE_COULDNT_RESOLVE_PROXY +

Introduced in 7.1 +

CURLE_FAILED_INIT +

Introduced in 7.1 +

CURLE_FILESIZE_EXCEEDED +

Introduced in 7.10.8 +

CURLE_FILE_COULDNT_READ_FILE +

Introduced in 7.1 +

CURLE_FTP_ACCEPT_FAILED +

Introduced in 7.24.0 +

CURLE_FTP_ACCEPT_TIMEOUT +

Introduced in 7.24.0 +

CURLE_FTP_ACCESS_DENIED +

Introduced in 7.1 +

CURLE_FTP_BAD_DOWNLOAD_RESUME +

Introduced in 7.1 Deprecated since 7.1 +

CURLE_FTP_BAD_FILE_LIST +

Introduced in 7.21.0 +

CURLE_FTP_CANT_GET_HOST +

Introduced in 7.1 +

CURLE_FTP_CANT_RECONNECT +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_GET_SIZE +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_RETR_FILE +

Introduced in 7.1 +

CURLE_FTP_COULDNT_SET_ASCII +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_SET_BINARY +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_COULDNT_SET_TYPE +

Introduced in 7.17.0 +

CURLE_FTP_COULDNT_STOR_FILE +

Introduced in 7.1 +

CURLE_FTP_COULDNT_USE_REST +

Introduced in 7.1 +

CURLE_FTP_PARTIAL_FILE +

Introduced in 7.1 Deprecated since 7.1 +

CURLE_FTP_PORT_FAILED +

Introduced in 7.1 +

CURLE_FTP_PRET_FAILED +

Introduced in 7.20.0 +

CURLE_FTP_QUOTE_ERROR +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_SSL_FAILED +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLE_FTP_USER_PASSWORD_INCORRECT +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_WEIRD_227_FORMAT +

Introduced in 7.1 +

CURLE_FTP_WEIRD_PASS_REPLY +

Introduced in 7.1 +

CURLE_FTP_WEIRD_PASV_REPLY +

Introduced in 7.1 +

CURLE_FTP_WEIRD_SERVER_REPLY +

Introduced in 7.1 +

CURLE_FTP_WEIRD_USER_REPLY +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FTP_WRITE_ERROR +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_FUNCTION_NOT_FOUND +

Introduced in 7.1 +

CURLE_GOT_NOTHING +

Introduced in 7.9.1 +

CURLE_HTTP2 +

Introduced in 7.38.0 +

CURLE_HTTP_NOT_FOUND +

Introduced in 7.1 +

CURLE_HTTP_PORT_FAILED +

Introduced in 7.3 Deprecated since 7.12.0 +

CURLE_HTTP_POST_ERROR +

Introduced in 7.1 +

CURLE_HTTP_RANGE_ERROR +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_HTTP_RETURNED_ERROR +

Introduced in 7.10.3 +

CURLE_INTERFACE_FAILED +

Introduced in 7.12.0 +

CURLE_LDAP_CANNOT_BIND +

Introduced in 7.1 +

CURLE_LDAP_INVALID_URL +

Introduced in 7.10.8 +

CURLE_LDAP_SEARCH_FAILED +

Introduced in 7.1 +

CURLE_LIBRARY_NOT_FOUND +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_LOGIN_DENIED +

Introduced in 7.13.1 +

CURLE_MALFORMAT_USER +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_NOT_BUILT_IN +

Introduced in 7.21.5 +

CURLE_NO_CONNECTION_AVAILABLE +

Introduced in 7.30.0 +

CURLE_OK +

Introduced in 7.1 +

CURLE_OPERATION_TIMEDOUT +

Introduced in 7.10.2 +

CURLE_OPERATION_TIMEOUTED +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_OUT_OF_MEMORY +

Introduced in 7.1 +

CURLE_PARTIAL_FILE +

Introduced in 7.1 +

CURLE_PEER_FAILED_VERIFICATION +

Introduced in 7.17.1 +

CURLE_QUOTE_ERROR +

Introduced in 7.17.0 +

CURLE_RANGE_ERROR +

Introduced in 7.17.0 +

CURLE_READ_ERROR +

Introduced in 7.1 +

CURLE_RECV_ERROR +

Introduced in 7.10 +

CURLE_REMOTE_ACCESS_DENIED +

Introduced in 7.17.0 +

CURLE_REMOTE_DISK_FULL +

Introduced in 7.17.0 +

CURLE_REMOTE_FILE_EXISTS +

Introduced in 7.17.0 +

CURLE_REMOTE_FILE_NOT_FOUND +

Introduced in 7.16.1 +

CURLE_RTSP_CSEQ_ERROR +

Introduced in 7.20.0 +

CURLE_RTSP_SESSION_ERROR +

Introduced in 7.20.0 +

CURLE_SEND_ERROR +

Introduced in 7.10 +

CURLE_SEND_FAIL_REWIND +

Introduced in 7.12.3 +

CURLE_SHARE_IN_USE +

Introduced in 7.9.6 Deprecated since 7.17.0 +

CURLE_SSH +

Introduced in 7.16.1 +

CURLE_SSL_CACERT +

Introduced in 7.10 +

CURLE_SSL_CACERT_BADFILE +

Introduced in 7.16.0 +

CURLE_SSL_CERTPROBLEM +

Introduced in 7.10 +

CURLE_SSL_CIPHER +

Introduced in 7.10 +

CURLE_SSL_CONNECT_ERROR +

Introduced in 7.1 +

CURLE_SSL_CRL_BADFILE +

Introduced in 7.19.0 +

CURLE_SSL_ENGINE_INITFAILED +

Introduced in 7.12.3 +

CURLE_SSL_ENGINE_NOTFOUND +

Introduced in 7.9.3 +

CURLE_SSL_ENGINE_SETFAILED +

Introduced in 7.9.3 +

CURLE_SSL_INVALIDCERTSTATUS +

Introduced in 7.41.0 +

CURLE_SSL_ISSUER_ERROR +

Introduced in 7.19.0 +

CURLE_SSL_PEER_CERTIFICATE +

Introduced in 7.8 Deprecated since 7.17.1 +

CURLE_SSL_PINNEDPUBKEYNOTMATCH +

Introduced in 7.39.0 +

CURLE_SSL_SHUTDOWN_FAILED +

Introduced in 7.16.1 +

CURLE_TELNET_OPTION_SYNTAX +

Introduced in 7.7 +

CURLE_TFTP_DISKFULL +

Introduced in 7.15.0 Deprecated since 7.17.0 +

CURLE_TFTP_EXISTS +

Introduced in 7.15.0 Deprecated since 7.17.0 +

CURLE_TFTP_ILLEGAL +

Introduced in 7.15.0 +

CURLE_TFTP_NOSUCHUSER +

Introduced in 7.15.0 +

CURLE_TFTP_NOTFOUND +

Introduced in 7.15.0 +

CURLE_TFTP_PERM +

Introduced in 7.15.0 +

CURLE_TFTP_UNKNOWNID +

Introduced in 7.15.0 +

CURLE_TOO_MANY_REDIRECTS +

Introduced in 7.5 +

CURLE_UNKNOWN_OPTION +

Introduced in 7.21.5 +

CURLE_UNKNOWN_TELNET_OPTION +

Introduced in 7.7 +

CURLE_UNSUPPORTED_PROTOCOL +

Introduced in 7.1 +

CURLE_UPLOAD_FAILED +

Introduced in 7.16.3 +

CURLE_URL_MALFORMAT +

Introduced in 7.1 +

CURLE_URL_MALFORMAT_USER +

Introduced in 7.1 Deprecated since 7.17.0 +

CURLE_USE_SSL_FAILED +

Introduced in 7.17.0 +

CURLE_WRITE_ERROR +

Introduced in 7.1 +

CURLFILETYPE_DEVICE_BLOCK +

Introduced in 7.21.0 +

CURLFILETYPE_DEVICE_CHAR +

Introduced in 7.21.0 +

CURLFILETYPE_DIRECTORY +

Introduced in 7.21.0 +

CURLFILETYPE_DOOR +

Introduced in 7.21.0 +

CURLFILETYPE_FILE +

Introduced in 7.21.0 +

CURLFILETYPE_NAMEDPIPE +

Introduced in 7.21.0 +

CURLFILETYPE_SOCKET +

Introduced in 7.21.0 +

CURLFILETYPE_SYMLINK +

Introduced in 7.21.0 +

CURLFILETYPE_UNKNOWN +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_FILENAME +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_FILETYPE +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_GID +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_HLINKCOUNT +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_PERM +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_SIZE +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_TIME +

Introduced in 7.21.0 +

CURLFINFOFLAG_KNOWN_UID +

Introduced in 7.21.0 +

CURLFORM_ARRAY +

Introduced in 7.9.1 +

CURLFORM_ARRAY_END +

Introduced in 7.9.1 Deprecated since 7.9.5 Last used in 7.9.5 +

CURLFORM_ARRAY_START +

Introduced in 7.9.1 Deprecated since 7.9.5 Last used in 7.9.5 +

CURLFORM_BUFFER +

Introduced in 7.9.8 +

CURLFORM_BUFFERLENGTH +

Introduced in 7.9.8 +

CURLFORM_BUFFERPTR +

Introduced in 7.9.8 +

CURLFORM_CONTENTHEADER +

Introduced in 7.9.3 +

CURLFORM_CONTENTSLENGTH +

Introduced in 7.9 +

CURLFORM_CONTENTTYPE +

Introduced in 7.9 +

CURLFORM_COPYCONTENTS +

Introduced in 7.9 +

CURLFORM_COPYNAME +

Introduced in 7.9 +

CURLFORM_END +

Introduced in 7.9 +

CURLFORM_FILE +

Introduced in 7.9 +

CURLFORM_FILECONTENT +

Introduced in 7.9.1 +

CURLFORM_FILENAME +

Introduced in 7.9.6 +

CURLFORM_NAMELENGTH +

Introduced in 7.9 +

CURLFORM_NOTHING +

Introduced in 7.9 +

CURLFORM_PTRCONTENTS +

Introduced in 7.9 +

CURLFORM_PTRNAME +

Introduced in 7.9 +

CURLFORM_STREAM +

Introduced in 7.18.2 +

CURLFTPAUTH_DEFAULT +

Introduced in 7.12.2 +

CURLFTPAUTH_SSL +

Introduced in 7.12.2 +

CURLFTPAUTH_TLS +

Introduced in 7.12.2 +

CURLFTPMETHOD_DEFAULT +

Introduced in 7.15.3 +

CURLFTPMETHOD_MULTICWD +

Introduced in 7.15.3 +

CURLFTPMETHOD_NOCWD +

Introduced in 7.15.3 +

CURLFTPMETHOD_SINGLECWD +

Introduced in 7.15.3 +

CURLFTPSSL_ALL +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTPSSL_CCC_ACTIVE +

Introduced in 7.16.2 +

CURLFTPSSL_CCC_NONE +

Introduced in 7.16.2 +

CURLFTPSSL_CCC_PASSIVE +

Introduced in 7.16.1 +

CURLFTPSSL_CONTROL +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTPSSL_NONE +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTPSSL_TRY +

Introduced in 7.11.0 Deprecated since 7.17.0 +

CURLFTP_CREATE_DIR +

Introduced in 7.19.4 +

CURLFTP_CREATE_DIR_NONE +

Introduced in 7.19.4 +

CURLFTP_CREATE_DIR_RETRY +

Introduced in 7.19.4 +

CURLGSSAPI_DELEGATION_FLAG +

Introduced in 7.22.0 +

CURLGSSAPI_DELEGATION_NONE +

Introduced in 7.22.0 +

CURLGSSAPI_DELEGATION_POLICY_FLAG +

Introduced in 7.22.0 +

CURLHEADER_SEPARATE +

Introduced in 7.37.0 +

CURLHEADER_UNIFIED +

Introduced in 7.37.0 +

CURLINFO_APPCONNECT_TIME +

Introduced in 7.19.0 +

CURLINFO_CERTINFO +

Introduced in 7.19.1 +

CURLINFO_CONDITION_UNMET +

Introduced in 7.19.4 +

CURLINFO_CONNECT_TIME +

Introduced in 7.4.1 +

CURLINFO_CONTENT_LENGTH_DOWNLOAD +

Introduced in 7.6.1 +

CURLINFO_CONTENT_LENGTH_UPLOAD +

Introduced in 7.6.1 +

CURLINFO_CONTENT_TYPE +

Introduced in 7.9.4 +

CURLINFO_COOKIELIST +

Introduced in 7.14.1 +

CURLINFO_DATA_IN +

Introduced in 7.9.6 +

CURLINFO_DATA_OUT +

Introduced in 7.9.6 +

CURLINFO_DOUBLE +

Introduced in 7.4.1 +

CURLINFO_EFFECTIVE_URL +

Introduced in 7.4 +

CURLINFO_END +

Introduced in 7.9.6 +

CURLINFO_FILETIME +

Introduced in 7.5 +

CURLINFO_FTP_ENTRY_PATH +

Introduced in 7.15.4 +

CURLINFO_HEADER_IN +

Introduced in 7.9.6 +

CURLINFO_HEADER_OUT +

Introduced in 7.9.6 +

CURLINFO_HEADER_SIZE +

Introduced in 7.4.1 +

CURLINFO_HTTPAUTH_AVAIL +

Introduced in 7.10.8 +

CURLINFO_HTTP_CODE +

Introduced in 7.4.1 Deprecated since 7.10.8 +

CURLINFO_HTTP_CONNECTCODE +

Introduced in 7.10.7 +

CURLINFO_LASTONE +

Introduced in 7.4.1 +

CURLINFO_LASTSOCKET +

Introduced in 7.15.2 +

CURLINFO_LOCAL_IP +

Introduced in 7.21.0 +

CURLINFO_LOCAL_PORT +

Introduced in 7.21.0 +

CURLINFO_LONG +

Introduced in 7.4.1 +

CURLINFO_MASK +

Introduced in 7.4.1 +

CURLINFO_NAMELOOKUP_TIME +

Introduced in 7.4.1 +

CURLINFO_NONE +

Introduced in 7.4.1 +

CURLINFO_NUM_CONNECTS +

Introduced in 7.12.3 +

CURLINFO_OS_ERRNO +

Introduced in 7.12.2 +

CURLINFO_PRETRANSFER_TIME +

Introduced in 7.4.1 +

CURLINFO_PRIMARY_IP +

Introduced in 7.19.0 +

CURLINFO_PRIMARY_PORT +

Introduced in 7.21.0 +

CURLINFO_PRIVATE +

Introduced in 7.10.3 +

CURLINFO_PROXYAUTH_AVAIL +

Introduced in 7.10.8 +

CURLINFO_REDIRECT_COUNT +

Introduced in 7.9.7 +

CURLINFO_REDIRECT_TIME +

Introduced in 7.9.7 +

CURLINFO_REDIRECT_URL +

Introduced in 7.18.2 +

CURLINFO_REQUEST_SIZE +

Introduced in 7.4.1 +

CURLINFO_RESPONSE_CODE +

Introduced in 7.10.8 +

CURLINFO_RTSP_CLIENT_CSEQ +

Introduced in 7.20.0 +

CURLINFO_RTSP_CSEQ_RECV +

Introduced in 7.20.0 +

CURLINFO_RTSP_SERVER_CSEQ +

Introduced in 7.20.0 +

CURLINFO_RTSP_SESSION_ID +

Introduced in 7.20.0 +

CURLINFO_SIZE_DOWNLOAD +

Introduced in 7.4.1 +

CURLINFO_SIZE_UPLOAD +

Introduced in 7.4.1 +

CURLINFO_SLIST +

Introduced in 7.12.3 +

CURLINFO_SPEED_DOWNLOAD +

Introduced in 7.4.1 +

CURLINFO_SPEED_UPLOAD +

Introduced in 7.4.1 +

CURLINFO_SSL_DATA_IN +

Introduced in 7.12.1 +

CURLINFO_SSL_DATA_OUT +

Introduced in 7.12.1 +

CURLINFO_SSL_ENGINES +

Introduced in 7.12.3 +

CURLINFO_SSL_VERIFYRESULT +

Introduced in 7.5 +

CURLINFO_STARTTRANSFER_TIME +

Introduced in 7.9.2 +

CURLINFO_STRING +

Introduced in 7.4.1 +

CURLINFO_TEXT +

Introduced in 7.9.6 +

CURLINFO_TLS_SESSION +

Introduced in 7.34.0 +

CURLINFO_TOTAL_TIME +

Introduced in 7.4.1 +

CURLINFO_TYPEMASK +

Introduced in 7.4.1 +

CURLIOCMD_NOP +

Introduced in 7.12.3 +

CURLIOCMD_RESTARTREAD +

Introduced in 7.12.3 +

CURLIOE_FAILRESTART +

Introduced in 7.12.3 +

CURLIOE_OK +

Introduced in 7.12.3 +

CURLIOE_UNKNOWNCMD +

Introduced in 7.12.3 +

CURLKHMATCH_MISMATCH +

Introduced in 7.19.6 +

CURLKHMATCH_MISSING +

Introduced in 7.19.6 +

CURLKHMATCH_OK +

Introduced in 7.19.6 +

CURLKHSTAT_DEFER +

Introduced in 7.19.6 +

CURLKHSTAT_FINE +

Introduced in 7.19.6 +

CURLKHSTAT_FINE_ADD_TO_FILE +

Introduced in 7.19.6 +

CURLKHSTAT_REJECT +

Introduced in 7.19.6 +

CURLKHTYPE_DSS +

Introduced in 7.19.6 +

CURLKHTYPE_RSA +

Introduced in 7.19.6 +

CURLKHTYPE_RSA1 +

Introduced in 7.19.6 +

CURLKHTYPE_UNKNOWN +

Introduced in 7.19.6 +

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE +

Introduced in 7.30.0 +

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE +

Introduced in 7.30.0 +

CURLMOPT_MAXCONNECTS +

Introduced in 7.16.3 +

CURLMOPT_MAX_HOST_CONNECTIONS +

Introduced in 7.30.0 +

CURLMOPT_MAX_PIPELINE_LENGTH +

Introduced in 7.30.0 +

CURLMOPT_MAX_TOTAL_CONNECTIONS +

Introduced in 7.30.0 +

CURLMOPT_PIPELINING +

Introduced in 7.16.0 +

CURLMOPT_PIPELINING_SERVER_BL +

Introduced in 7.30.0 +

CURLMOPT_PIPELINING_SITE_BL +

Introduced in 7.30.0 +

CURLMOPT_PUSHDATA +

Introduced in 7.44.0 +

CURLMOPT_PUSHFUNCTION +

Introduced in 7.44.0 +

CURLMOPT_SOCKETDATA +

Introduced in 7.15.4 +

CURLMOPT_SOCKETFUNCTION +

Introduced in 7.15.4 +

CURLMOPT_TIMERDATA +

Introduced in 7.16.0 +

CURLMOPT_TIMERFUNCTION +

Introduced in 7.16.0 +

CURLMSG_DONE +

Introduced in 7.9.6 +

CURLMSG_NONE +

Introduced in 7.9.6 +

CURLM_ADDED_ALREADY +

Introduced in 7.32.1 +

CURLM_BAD_EASY_HANDLE +

Introduced in 7.9.6 +

CURLM_BAD_HANDLE +

Introduced in 7.9.6 +

CURLM_BAD_SOCKET +

Introduced in 7.15.4 +

CURLM_CALL_MULTI_PERFORM +

Introduced in 7.9.6 +

CURLM_CALL_MULTI_SOCKET +

Introduced in 7.15.5 +

CURLM_INTERNAL_ERROR +

Introduced in 7.9.6 +

CURLM_OK +

Introduced in 7.9.6 +

CURLM_OUT_OF_MEMORY +

Introduced in 7.9.6 +

CURLM_UNKNOWN_OPTION +

Introduced in 7.15.4 +

CURLOPTTYPE_FUNCTIONPOINT +

Introduced in 7.1 +

CURLOPTTYPE_LONG +

Introduced in 7.1 +

CURLOPTTYPE_OBJECTPOINT +

Introduced in 7.1 +

CURLOPTTYPE_OFF_T +

Introduced in 7.11.0 +

CURLOPT_ACCEPTTIMEOUT_MS +

Introduced in 7.24.0 +

CURLOPT_ACCEPT_ENCODING +

Introduced in 7.21.6 +

CURLOPT_ADDRESS_SCOPE +

Introduced in 7.19.0 +

CURLOPT_APPEND +

Introduced in 7.17.0 +

CURLOPT_AUTOREFERER +

Introduced in 7.1 +

CURLOPT_BUFFERSIZE +

Introduced in 7.10 +

CURLOPT_CAINFO +

Introduced in 7.4.2 +

CURLOPT_CAPATH +

Introduced in 7.9.8 +

CURLOPT_CERTINFO +

Introduced in 7.19.1 +

CURLOPT_CHUNK_BGN_FUNCTION +

Introduced in 7.21.0 +

CURLOPT_CHUNK_DATA +

Introduced in 7.21.0 +

CURLOPT_CHUNK_END_FUNCTION +

Introduced in 7.21.0 +

CURLOPT_CLOSEFUNCTION +

Introduced in 7.7 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_CLOSEPOLICY +

Introduced in 7.7 Deprecated since 7.16.1 +

CURLOPT_CLOSESOCKETDATA +

Introduced in 7.21.7 +

CURLOPT_CLOSESOCKETFUNCTION +

Introduced in 7.21.7 +

CURLOPT_CONNECTTIMEOUT +

Introduced in 7.7 +

CURLOPT_CONNECTTIMEOUT_MS +

Introduced in 7.16.2 +

CURLOPT_CONNECT_ONLY +

Introduced in 7.15.2 +

CURLOPT_CONV_FROM_NETWORK_FUNCTION +

Introduced in 7.15.4 +

CURLOPT_CONV_FROM_UTF8_FUNCTION +

Introduced in 7.15.4 +

CURLOPT_CONV_TO_NETWORK_FUNCTION +

Introduced in 7.15.4 +

CURLOPT_COOKIE +

Introduced in 7.1 +

CURLOPT_COOKIEFILE +

Introduced in 7.1 +

CURLOPT_COOKIEJAR +

Introduced in 7.9 +

CURLOPT_COOKIELIST +

Introduced in 7.14.1 +

CURLOPT_COOKIESESSION +

Introduced in 7.9.7 +

CURLOPT_COPYPOSTFIELDS +

Introduced in 7.17.1 +

CURLOPT_CRLF +

Introduced in 7.1 +

CURLOPT_CRLFILE +

Introduced in 7.19.0 +

CURLOPT_CUSTOMREQUEST +

Introduced in 7.1 +

CURLOPT_DEBUGDATA +

Introduced in 7.9.6 +

CURLOPT_DEBUGFUNCTION +

Introduced in 7.9.6 +

CURLOPT_DIRLISTONLY +

Introduced in 7.17.0 +

CURLOPT_DNS_CACHE_TIMEOUT +

Introduced in 7.9.3 +

CURLOPT_DNS_INTERFACE +

Introduced in 7.33.0 +

CURLOPT_DNS_LOCAL_IP4 +

Introduced in 7.33.0 +

CURLOPT_DNS_LOCAL_IP6 +

Introduced in 7.33.0 +

CURLOPT_DNS_SERVERS +

Introduced in 7.24.0 +

CURLOPT_DNS_USE_GLOBAL_CACHE +

Introduced in 7.9.3 Deprecated since 7.11.1 +

CURLOPT_EGDSOCKET +

Introduced in 7.7 +

CURLOPT_ENCODING +

Introduced in 7.10 +

CURLOPT_ERRORBUFFER +

Introduced in 7.1 +

CURLOPT_EXPECT_100_TIMEOUT_MS +

Introduced in 7.36.0 +

CURLOPT_FAILONERROR +

Introduced in 7.1 +

CURLOPT_FILE +

Introduced in 7.1 Deprecated since 7.9.7 +

CURLOPT_FILETIME +

Introduced in 7.5 +

CURLOPT_FNMATCH_DATA +

Introduced in 7.21.0 +

CURLOPT_FNMATCH_FUNCTION +

Introduced in 7.21.0 +

CURLOPT_FOLLOWLOCATION +

Introduced in 7.1 +

CURLOPT_FORBID_REUSE +

Introduced in 7.7 +

CURLOPT_FRESH_CONNECT +

Introduced in 7.7 +

CURLOPT_FTPAPPEND +

Introduced in 7.1 Deprecated since 7.16.4 +

CURLOPT_FTPASCII +

Introduced in 7.1 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_FTPLISTONLY +

Introduced in 7.1 Deprecated since 7.16.4 +

CURLOPT_FTPPORT +

Introduced in 7.1 +

CURLOPT_FTPSSLAUTH +

Introduced in 7.12.2 +

CURLOPT_FTP_ACCOUNT +

Introduced in 7.13.0 +

CURLOPT_FTP_ALTERNATIVE_TO_USER +

Introduced in 7.15.5 +

CURLOPT_FTP_CREATE_MISSING_DIRS +

Introduced in 7.10.7 +

CURLOPT_FTP_FILEMETHOD +

Introduced in 7.15.1 +

CURLOPT_FTP_RESPONSE_TIMEOUT +

Introduced in 7.10.8 +

CURLOPT_FTP_SKIP_PASV_IP +

Introduced in 7.15.0 +

CURLOPT_FTP_SSL +

Introduced in 7.11.0 Deprecated since 7.16.4 +

CURLOPT_FTP_SSL_CCC +

Introduced in 7.16.1 +

CURLOPT_FTP_USE_EPRT +

Introduced in 7.10.5 +

CURLOPT_FTP_USE_EPSV +

Introduced in 7.9.2 +

CURLOPT_FTP_USE_PRET +

Introduced in 7.20.0 +

CURLOPT_GSSAPI_DELEGATION +

Introduced in 7.22.0 +

CURLOPT_HEADER +

Introduced in 7.1 +

CURLOPT_HEADERDATA +

Introduced in 7.10 +

CURLOPT_HEADERFUNCTION +

Introduced in 7.7.2 +

CURLOPT_HEADEROPT +

Introduced in 7.37.0 +

CURLOPT_HTTP200ALIASES +

Introduced in 7.10.3 +

CURLOPT_HTTPAUTH +

Introduced in 7.10.6 +

CURLOPT_HTTPGET +

Introduced in 7.8.1 +

CURLOPT_HTTPHEADER +

Introduced in 7.1 +

CURLOPT_HTTPPOST +

Introduced in 7.1 +

CURLOPT_HTTPPROXYTUNNEL +

Introduced in 7.3 +

CURLOPT_HTTPREQUEST +

Introduced in 7.1 +

CURLOPT_HTTP_CONTENT_DECODING +

Introduced in 7.16.2 +

CURLOPT_HTTP_TRANSFER_DECODING +

Introduced in 7.16.2 +

CURLOPT_HTTP_VERSION +

Introduced in 7.9.1 +

CURLOPT_IGNORE_CONTENT_LENGTH +

Introduced in 7.14.1 +

CURLOPT_INFILE +

Introduced in 7.1 Deprecated since 7.9.7 +

CURLOPT_INFILESIZE +

Introduced in 7.1 +

CURLOPT_INFILESIZE_LARGE +

Introduced in 7.11.0 +

CURLOPT_INTERFACE +

Introduced in 7.3 +

CURLOPT_INTERLEAVEDATA +

Introduced in 7.20.0 +

CURLOPT_INTERLEAVEFUNCTION +

Introduced in 7.20.0 +

CURLOPT_IOCTLDATA +

Introduced in 7.12.3 +

CURLOPT_IOCTLFUNCTION +

Introduced in 7.12.3 +

CURLOPT_IPRESOLVE +

Introduced in 7.10.8 +

CURLOPT_ISSUERCERT +

Introduced in 7.19.0 +

CURLOPT_KEYPASSWD +

Introduced in 7.17.0 +

CURLOPT_KRB4LEVEL +

Introduced in 7.3 Deprecated since 7.17.0 +

CURLOPT_KRBLEVEL +

Introduced in 7.16.4 +

CURLOPT_LOCALPORT +

Introduced in 7.15.2 +

CURLOPT_LOCALPORTRANGE +

Introduced in 7.15.2 +

CURLOPT_LOGIN_OPTIONS +

Introduced in 7.34.0 +

CURLOPT_LOW_SPEED_LIMIT +

Introduced in 7.1 +

CURLOPT_LOW_SPEED_TIME +

Introduced in 7.1 +

CURLOPT_MAIL_AUTH +

Introduced in 7.25.0 +

CURLOPT_MAIL_FROM +

Introduced in 7.20.0 +

CURLOPT_MAIL_RCPT +

Introduced in 7.20.0 +

CURLOPT_MAXCONNECTS +

Introduced in 7.7 +

CURLOPT_MAXFILESIZE +

Introduced in 7.10.8 +

CURLOPT_MAXFILESIZE_LARGE +

Introduced in 7.11.0 +

CURLOPT_MAXREDIRS +

Introduced in 7.5 +

CURLOPT_MAX_RECV_SPEED_LARGE +

Introduced in 7.15.5 +

CURLOPT_MAX_SEND_SPEED_LARGE +

Introduced in 7.15.5 +

CURLOPT_MUTE +

Introduced in 7.1 Deprecated since 7.8 Last used in 7.8 +

CURLOPT_NETRC +

Introduced in 7.1 +

CURLOPT_NETRC_FILE +

Introduced in 7.11.0 +

CURLOPT_NEW_DIRECTORY_PERMS +

Introduced in 7.16.4 +

CURLOPT_NEW_FILE_PERMS +

Introduced in 7.16.4 +

CURLOPT_NOBODY +

Introduced in 7.1 +

CURLOPT_NOPROGRESS +

Introduced in 7.1 +

CURLOPT_NOPROXY +

Introduced in 7.19.4 +

CURLOPT_NOSIGNAL +

Introduced in 7.10 +

CURLOPT_NOTHING +

Introduced in 7.1.1 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_OPENSOCKETDATA +

Introduced in 7.17.1 +

CURLOPT_OPENSOCKETFUNCTION +

Introduced in 7.17.1 +

CURLOPT_PASSWDDATA +

Introduced in 7.4.2 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_PASSWDFUNCTION +

Introduced in 7.4.2 Deprecated since 7.11.1 Last used in 7.11.1 +

CURLOPT_PASSWORD +

Introduced in 7.19.1 +

CURLOPT_PASV_HOST +

Introduced in 7.12.1 Deprecated since 7.16.0 Last used in 7.16.0 +

CURLOPT_PATH_AS_IS +

Introduced in 7.42.0 +

CURLOPT_PINNEDPUBLICKEY +

Introduced in 7.39.0 +

CURLOPT_PIPEWAIT +

Introduced in 7.43.0 +

CURLOPT_PORT +

Introduced in 7.1 +

CURLOPT_POST +

Introduced in 7.1 +

CURLOPT_POST301 +

Introduced in 7.17.1 Deprecated since 7.19.1 +

CURLOPT_POSTFIELDS +

Introduced in 7.1 +

CURLOPT_POSTFIELDSIZE +

Introduced in 7.2 +

CURLOPT_POSTFIELDSIZE_LARGE +

Introduced in 7.11.1 +

CURLOPT_POSTQUOTE +

Introduced in 7.1 +

CURLOPT_POSTREDIR +

Introduced in 7.19.1 +

CURLOPT_PREQUOTE +

Introduced in 7.9.5 +

CURLOPT_PRIVATE +

Introduced in 7.10.3 +

CURLOPT_PROGRESSDATA +

Introduced in 7.1 +

CURLOPT_PROGRESSFUNCTION +

Introduced in 7.1 Deprecated since 7.32.0 +

CURLOPT_PROTOCOLS +

Introduced in 7.19.4 +

CURLOPT_PROXY +

Introduced in 7.1 +

CURLOPT_PROXYAUTH +

Introduced in 7.10.7 +

CURLOPT_PROXYHEADER +

Introduced in 7.37.0 +

CURLOPT_PROXYPASSWORD +

Introduced in 7.19.1 +

CURLOPT_PROXYPORT +

Introduced in 7.1 +

CURLOPT_PROXYTYPE +

Introduced in 7.10 +

CURLOPT_PROXYUSERNAME +

Introduced in 7.19.1 +

CURLOPT_PROXYUSERPWD +

Introduced in 7.1 +

CURLOPT_PROXY_SERVICE_NAME +

Introduced in 7.43.0 +

CURLOPT_PROXY_TRANSFER_MODE +

Introduced in 7.18.0 +

CURLOPT_PUT +

Introduced in 7.1 +

CURLOPT_QUOTE +

Introduced in 7.1 +

CURLOPT_RANDOM_FILE +

Introduced in 7.7 +

CURLOPT_RANGE +

Introduced in 7.1 +

CURLOPT_READDATA +

Introduced in 7.9.7 +

CURLOPT_READFUNCTION +

Introduced in 7.1 +

CURLOPT_REDIR_PROTOCOLS +

Introduced in 7.19.4 +

CURLOPT_REFERER +

Introduced in 7.1 +

CURLOPT_RESOLVE +

Introduced in 7.21.3 +

CURLOPT_RESUME_FROM +

Introduced in 7.1 +

CURLOPT_RESUME_FROM_LARGE +

Introduced in 7.11.0 +

CURLOPT_RTSPHEADER +

Introduced in 7.20.0 +

CURLOPT_RTSP_CLIENT_CSEQ +

Introduced in 7.20.0 +

CURLOPT_RTSP_REQUEST +

Introduced in 7.20.0 +

CURLOPT_RTSP_SERVER_CSEQ +

Introduced in 7.20.0 +

CURLOPT_RTSP_SESSION_ID +

Introduced in 7.20.0 +

CURLOPT_RTSP_STREAM_URI +

Introduced in 7.20.0 +

CURLOPT_RTSP_TRANSPORT +

Introduced in 7.20.0 +

CURLOPT_SASL_IR +

Introduced in 7.31.0 +

CURLOPT_SEEKDATA +

Introduced in 7.18.0 +

CURLOPT_SEEKFUNCTION +

Introduced in 7.18.0 +

CURLOPT_SERVER_RESPONSE_TIMEOUT +

Introduced in 7.20.0 +

CURLOPT_SERVICE_NAME +

Introduced in 7.43.0 +

CURLOPT_SHARE +

Introduced in 7.10 +

CURLOPT_SOCKOPTDATA +

Introduced in 7.16.0 +

CURLOPT_SOCKOPTFUNCTION +

Introduced in 7.16.0 +

CURLOPT_SOCKS5_GSSAPI_NEC +

Introduced in 7.19.4 +

CURLOPT_SOCKS5_GSSAPI_SERVICE +

Introduced in 7.19.4 +

CURLOPT_SOURCE_HOST +

Introduced in 7.12.1 +

CURLOPT_SOURCE_PATH +

Introduced in 7.12.1 +

CURLOPT_SOURCE_PORT +

Introduced in 7.12.1 +

CURLOPT_SOURCE_POSTQUOTE +

Introduced in 7.12.1 +

CURLOPT_SOURCE_PREQUOTE +

Introduced in 7.12.1 +

CURLOPT_SOURCE_QUOTE +

Introduced in 7.13.0 +

CURLOPT_SOURCE_URL +

Introduced in 7.13.0 +

CURLOPT_SOURCE_USERPWD +

Introduced in 7.12.1 +

CURLOPT_SSH_AUTH_TYPES +

Introduced in 7.16.1 +

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 +

Introduced in 7.17.1 +

CURLOPT_SSH_KEYDATA +

Introduced in 7.19.6 +

CURLOPT_SSH_KEYFUNCTION +

Introduced in 7.19.6 +

CURLOPT_SSH_KNOWNHOSTS +

Introduced in 7.19.6 +

CURLOPT_SSH_PRIVATE_KEYFILE +

Introduced in 7.16.1 +

CURLOPT_SSH_PUBLIC_KEYFILE +

Introduced in 7.16.1 +

CURLOPT_SSLCERT +

Introduced in 7.1 +

CURLOPT_SSLCERTPASSWD +

Introduced in 7.1.1 Deprecated since 7.17.0 +

CURLOPT_SSLCERTTYPE +

Introduced in 7.9.3 +

CURLOPT_SSLENGINE +

Introduced in 7.9.3 +

CURLOPT_SSLENGINE_DEFAULT +

Introduced in 7.9.3 +

CURLOPT_SSLKEY +

Introduced in 7.9.3 +

CURLOPT_SSLKEYPASSWD +

Introduced in 7.9.3 Deprecated since 7.17.0 +

CURLOPT_SSLKEYTYPE +

Introduced in 7.9.3 +

CURLOPT_SSLVERSION +

Introduced in 7.1 +

CURLOPT_SSL_CIPHER_LIST +

Introduced in 7.9 +

CURLOPT_SSL_CTX_DATA +

Introduced in 7.10.6 +

CURLOPT_SSL_CTX_FUNCTION +

Introduced in 7.10.6 +

CURLOPT_SSL_ENABLE_ALPN +

Introduced in 7.36.0 +

CURLOPT_SSL_ENABLE_NPN +

Introduced in 7.36.0 +

CURLOPT_SSL_FALSESTART +

Introduced in 7.42.0 +

CURLOPT_SSL_OPTIONS +

Introduced in 7.25.0 +

CURLOPT_SSL_SESSIONID_CACHE +

Introduced in 7.16.0 +

CURLOPT_SSL_VERIFYHOST +

Introduced in 7.8.1 +

CURLOPT_SSL_VERIFYPEER +

Introduced in 7.4.2 +

CURLOPT_SSL_VERIFYSTATUS +

Introduced in 7.41.0 +

CURLOPT_STDERR +

Introduced in 7.1 +

CURLOPT_TCP_KEEPALIVE +

Introduced in 7.25.0 +

CURLOPT_TCP_KEEPIDLE +

Introduced in 7.25.0 +

CURLOPT_TCP_KEEPINTVL +

Introduced in 7.25.0 +

CURLOPT_TCP_NODELAY +

Introduced in 7.11.2 +

CURLOPT_TELNETOPTIONS +

Introduced in 7.7 +

CURLOPT_TFTP_BLKSIZE +

Introduced in 7.19.4 +

CURLOPT_TIMECONDITION +

Introduced in 7.1 +

CURLOPT_TIMEOUT +

Introduced in 7.1 +

CURLOPT_TIMEOUT_MS +

Introduced in 7.16.2 +

CURLOPT_TIMEVALUE +

Introduced in 7.1 +

CURLOPT_TLSAUTH_PASSWORD +

Introduced in 7.21.4 +

CURLOPT_TLSAUTH_TYPE +

Introduced in 7.21.4 +

CURLOPT_TLSAUTH_USERNAME +

Introduced in 7.21.4 +

CURLOPT_TRANSFERTEXT +

Introduced in 7.1.1 +

CURLOPT_TRANSFER_ENCODING +

Introduced in 7.21.6 +

CURLOPT_UNIX_SOCKET_PATH +

Introduced in 7.40.0 +

CURLOPT_UNRESTRICTED_AUTH +

Introduced in 7.10.4 +

CURLOPT_UPLOAD +

Introduced in 7.1 +

CURLOPT_URL +

Introduced in 7.1 +

CURLOPT_USERAGENT +

Introduced in 7.1 +

CURLOPT_USERNAME +

Introduced in 7.19.1 +

CURLOPT_USERPWD +

Introduced in 7.1 +

CURLOPT_USE_SSL +

Introduced in 7.17.0 +

CURLOPT_VERBOSE +

Introduced in 7.1 +

CURLOPT_WILDCARDMATCH +

Introduced in 7.21.0 +

CURLOPT_WRITEDATA +

Introduced in 7.9.7 +

CURLOPT_WRITEFUNCTION +

Introduced in 7.1 +

CURLOPT_WRITEHEADER +

Introduced in 7.1 +

CURLOPT_WRITEINFO +

Introduced in 7.1 +

CURLOPT_XFERINFODATA +

Introduced in 7.32.0 +

CURLOPT_XFERINFOFUNCTION +

Introduced in 7.32.0 +

CURLOPT_XOAUTH2_BEARER +

Introduced in 7.33.0 +

CURLPAUSE_ALL +

Introduced in 7.18.0 +

CURLPAUSE_CONT +

Introduced in 7.18.0 +

CURLPAUSE_RECV +

Introduced in 7.18.0 +

CURLPAUSE_RECV_CONT +

Introduced in 7.18.0 +

CURLPAUSE_SEND +

Introduced in 7.18.0 +

CURLPAUSE_SEND_CONT +

Introduced in 7.18.0 +

CURLPIPE_HTTP1 +

Introduced in 7.43.0 +

CURLPIPE_MULTIPLEX +

Introduced in 7.43.0 +

CURLPIPE_NOTHING +

Introduced in 7.43.0 +

CURLPROTO_ALL +

Introduced in 7.19.4 +

CURLPROTO_DICT +

Introduced in 7.19.4 +

CURLPROTO_FILE +

Introduced in 7.19.4 +

CURLPROTO_FTP +

Introduced in 7.19.4 +

CURLPROTO_FTPS +

Introduced in 7.19.4 +

CURLPROTO_GOPHER +

Introduced in 7.21.2 +

CURLPROTO_HTTP +

Introduced in 7.19.4 +

CURLPROTO_HTTPS +

Introduced in 7.19.4 +

CURLPROTO_IMAP +

Introduced in 7.20.0 +

CURLPROTO_IMAPS +

Introduced in 7.20.0 +

CURLPROTO_LDAP +

Introduced in 7.19.4 +

CURLPROTO_LDAPS +

Introduced in 7.19.4 +

CURLPROTO_POP3 +

Introduced in 7.20.0 +

CURLPROTO_POP3S +

Introduced in 7.20.0 +

CURLPROTO_RTMP +

Introduced in 7.21.0 +

CURLPROTO_RTMPE +

Introduced in 7.21.0 +

CURLPROTO_RTMPS +

Introduced in 7.21.0 +

CURLPROTO_RTMPT +

Introduced in 7.21.0 +

CURLPROTO_RTMPTE +

Introduced in 7.21.0 +

CURLPROTO_RTMPTS +

Introduced in 7.21.0 +

CURLPROTO_RTSP +

Introduced in 7.20.0 +

CURLPROTO_SCP +

Introduced in 7.19.4 +

CURLPROTO_SFTP +

Introduced in 7.19.4 +

CURLPROTO_SMB +

Introduced in 7.40.0 +

CURLPROTO_SMBS +

Introduced in 7.40.0 +

CURLPROTO_SMTP +

Introduced in 7.20.0 +

CURLPROTO_SMTPS +

Introduced in 7.20.0 +

CURLPROTO_TELNET +

Introduced in 7.19.4 +

CURLPROTO_TFTP +

Introduced in 7.19.4 +

CURLPROXY_HTTP +

Introduced in 7.10 +

CURLPROXY_HTTP_1_0 +

Introduced in 7.19.4 +

CURLPROXY_SOCKS4 +

Introduced in 7.10 +

CURLPROXY_SOCKS4A +

Introduced in 7.18.0 +

CURLPROXY_SOCKS5 +

Introduced in 7.10 +

CURLPROXY_SOCKS5_HOSTNAME +

Introduced in 7.18.0 +

CURLSHE_BAD_OPTION +

Introduced in 7.10.3 +

CURLSHE_INVALID +

Introduced in 7.10.3 +

CURLSHE_IN_USE +

Introduced in 7.10.3 +

CURLSHE_NOMEM +

Introduced in 7.12.0 +

CURLSHE_NOT_BUILT_IN +

Introduced in 7.23.0 +

CURLSHE_OK +

Introduced in 7.10.3 +

CURLSHOPT_LOCKFUNC +

Introduced in 7.10.3 +

CURLSHOPT_NONE +

Introduced in 7.10.3 +

CURLSHOPT_SHARE +

Introduced in 7.10.3 +

CURLSHOPT_UNLOCKFUNC +

Introduced in 7.10.3 +

CURLSHOPT_UNSHARE +

Introduced in 7.10.3 +

CURLSHOPT_USERDATA +

Introduced in 7.10.3 +

CURLSOCKTYPE_ACCEPT +

Introduced in 7.28.0 +

CURLSOCKTYPE_IPCXN +

Introduced in 7.16.0 +

CURLSSH_AUTH_AGENT +

Introduced in 7.28.0 +

CURLSSH_AUTH_ANY +

Introduced in 7.16.1 +

CURLSSH_AUTH_DEFAULT +

Introduced in 7.16.1 +

CURLSSH_AUTH_HOST +

Introduced in 7.16.1 +

CURLSSH_AUTH_KEYBOARD +

Introduced in 7.16.1 +

CURLSSH_AUTH_NONE +

Introduced in 7.16.1 +

CURLSSH_AUTH_PASSWORD +

Introduced in 7.16.1 +

CURLSSH_AUTH_PUBLICKEY +

Introduced in 7.16.1 +

CURLSSLBACKEND_AXTLS +

Introduced in 7.38.0 +

CURLSSLBACKEND_CYASSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_DARWINSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_GNUTLS +

Introduced in 7.34.0 +

CURLSSLBACKEND_GSKIT +

Introduced in 7.34.0 +

CURLSSLBACKEND_NONE +

Introduced in 7.34.0 +

CURLSSLBACKEND_NSS +

Introduced in 7.34.0 +

CURLSSLBACKEND_OPENSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_POLARSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_QSOSSL +

Introduced in 7.34.0 +

CURLSSLBACKEND_SCHANNEL +

Introduced in 7.34.0 +

CURLSSLOPT_ALLOW_BEAST +

Introduced in 7.25.0 +

CURLSSLOPT_NO_REVOKE +

Introduced in 7.44.0 +

CURLUSESSL_ALL +

Introduced in 7.17.0 +

CURLUSESSL_CONTROL +

Introduced in 7.17.0 +

CURLUSESSL_NONE +

Introduced in 7.17.0 +

CURLUSESSL_TRY +

Introduced in 7.17.0 +

CURLVERSION_FIRST +

Introduced in 7.10 +

CURLVERSION_FOURTH +

Introduced in 7.16.1 +

CURLVERSION_NOW +

Introduced in 7.10 +

CURLVERSION_SECOND +

Introduced in 7.11.1 +

CURLVERSION_THIRD +

Introduced in 7.12.0 +

CURL_CHUNK_BGN_FUNC_FAIL +

Introduced in 7.21.0 +

CURL_CHUNK_BGN_FUNC_OK +

Introduced in 7.21.0 +

CURL_CHUNK_BGN_FUNC_SKIP +

Introduced in 7.21.0 +

CURL_CHUNK_END_FUNC_FAIL +

Introduced in 7.21.0 +

CURL_CHUNK_END_FUNC_OK +

Introduced in 7.21.0 +

CURL_CSELECT_ERR +

Introduced in 7.16.3 +

CURL_CSELECT_IN +

Introduced in 7.16.3 +

CURL_CSELECT_OUT +

Introduced in 7.16.3 +

CURL_EASY_NONE +

Introduced in 7.14.0 +

CURL_EASY_TIMEOUT +

Introduced in 7.14.0 +

CURL_ERROR_SIZE +

Introduced in 7.1 +

CURL_FNMATCHFUNC_FAIL +

Introduced in 7.21.0 +

CURL_FNMATCHFUNC_MATCH +

Introduced in 7.21.0 +

CURL_FNMATCHFUNC_NOMATCH +

Introduced in 7.21.0 +

CURL_FORMADD_DISABLED +

Introduced in 7.12.1 +

CURL_FORMADD_ILLEGAL_ARRAY +

Introduced in 7.9.8 +

CURL_FORMADD_INCOMPLETE +

Introduced in 7.9.8 +

CURL_FORMADD_MEMORY +

Introduced in 7.9.8 +

CURL_FORMADD_NULL +

Introduced in 7.9.8 +

CURL_FORMADD_OK +

Introduced in 7.9.8 +

CURL_FORMADD_OPTION_TWICE +

Introduced in 7.9.8 +

CURL_FORMADD_UNKNOWN_OPTION +

Introduced in 7.9.8 +

CURL_GLOBAL_ACK_EINTR +

Introduced in 7.30.0 +

CURL_GLOBAL_ALL +

Introduced in 7.8 +

CURL_GLOBAL_DEFAULT +

Introduced in 7.8 +

CURL_GLOBAL_NOTHING +

Introduced in 7.8 +

CURL_GLOBAL_SSL +

Introduced in 7.8 +

CURL_GLOBAL_WIN32 +

Introduced in 7.8.1 +

CURL_HTTP_VERSION_1_0 +

Introduced in 7.9.1 +

CURL_HTTP_VERSION_1_1 +

Introduced in 7.9.1 +

CURL_HTTP_VERSION_2_0 +

Introduced in 7.33.0 +

CURL_HTTP_VERSION_2 +

Introduced in 7.43.0 +

CURL_HTTP_VERSION_NONE +

Introduced in 7.9.1 +

CURL_IPRESOLVE_V4 +

Introduced in 7.10.8 +

CURL_IPRESOLVE_V6 +

Introduced in 7.10.8 +

CURL_IPRESOLVE_WHATEVER +

Introduced in 7.10.8 +

CURL_LOCK_ACCESS_NONE +

Introduced in 7.10.3 +

CURL_LOCK_ACCESS_SHARED +

Introduced in 7.10.3 +

CURL_LOCK_ACCESS_SINGLE +

Introduced in 7.10.3 +

CURL_LOCK_DATA_CONNECT +

Introduced in 7.10.3 +

CURL_LOCK_DATA_COOKIE +

Introduced in 7.10.3 +

CURL_LOCK_DATA_DNS +

Introduced in 7.10.3 +

CURL_LOCK_DATA_NONE +

Introduced in 7.10.3 +

CURL_LOCK_DATA_SHARE +

Introduced in 7.10.4 +

CURL_LOCK_DATA_SSL_SESSION +

Introduced in 7.10.3 +

CURL_LOCK_TYPE_CONNECT +

Introduced in 7.10 +

CURL_LOCK_TYPE_COOKIE +

Introduced in 7.10 +

CURL_LOCK_TYPE_DNS +

Introduced in 7.10 +

CURL_LOCK_TYPE_NONE +

Introduced in 7.10 +

CURL_LOCK_TYPE_SSL_SESSION +

Introduced in 7.10 +

CURL_MAX_HTTP_HEADER +

Introduced in 7.19.7 +

CURL_MAX_WRITE_SIZE +

Introduced in 7.9.7 +

CURL_NETRC_IGNORED +

Introduced in 7.9.8 +

CURL_NETRC_OPTIONAL +

Introduced in 7.9.8 +

CURL_NETRC_REQUIRED +

Introduced in 7.9.8 +

CURL_POLL_IN +

Introduced in 7.14.0 +

CURL_POLL_INOUT +

Introduced in 7.14.0 +

CURL_POLL_NONE +

Introduced in 7.14.0 +

CURL_POLL_OUT +

Introduced in 7.14.0 +

CURL_POLL_REMOVE +

Introduced in 7.14.0 +

CURL_PROGRESS_BAR +

Introduced in 7.1.1 +

CURL_PROGRESS_STATS +

Introduced in 7.1.1 +

CURL_PUSH_DENY +

Introduced in 7.44.0 +

CURL_PUSH_OK +

Introduced in 7.44.0 +

CURL_READFUNC_ABORT +

Introduced in 7.12.1 +

CURL_READFUNC_PAUSE +

Introduced in 7.18.0 +

CURL_REDIR_GET_ALL +

Introduced in 7.19.1 +

CURL_REDIR_POST_301 +

Introduced in 7.19.1 +

CURL_REDIR_POST_302 +

Introduced in 7.19.1 +

CURL_REDIR_POST_303 +

Introduced in 7.25.1 +

CURL_REDIR_POST_ALL +

Introduced in 7.19.1 +

CURL_RTSPREQ_ANNOUNCE +

Introduced in 7.20.0 +

CURL_RTSPREQ_DESCRIBE +

Introduced in 7.20.0 +

CURL_RTSPREQ_GET_PARAMETER +

Introduced in 7.20.0 +

CURL_RTSPREQ_NONE +

Introduced in 7.20.0 +

CURL_RTSPREQ_OPTIONS +

Introduced in 7.20.0 +

CURL_RTSPREQ_PAUSE +

Introduced in 7.20.0 +

CURL_RTSPREQ_PLAY +

Introduced in 7.20.0 +

CURL_RTSPREQ_RECEIVE +

Introduced in 7.20.0 +

CURL_RTSPREQ_RECORD +

Introduced in 7.20.0 +

CURL_RTSPREQ_SETUP +

Introduced in 7.20.0 +

CURL_RTSPREQ_SET_PARAMETER +

Introduced in 7.20.0 +

CURL_RTSPREQ_TEARDOWN +

Introduced in 7.20.0 +

CURL_SEEKFUNC_CANTSEEK +

Introduced in 7.19.5 +

CURL_SEEKFUNC_FAIL +

Introduced in 7.19.5 +

CURL_SEEKFUNC_OK +

Introduced in 7.19.5 +

CURL_SOCKET_BAD +

Introduced in 7.14.0 +

CURL_SOCKET_TIMEOUT +

Introduced in 7.14.0 +

CURL_SOCKOPT_ALREADY_CONNECTED +

Introduced in 7.21.5 +

CURL_SOCKOPT_ERROR +

Introduced in 7.21.5 +

CURL_SOCKOPT_OK +

Introduced in 7.21.5 +

CURL_SSLVERSION_DEFAULT +

Introduced in 7.9.2 +

CURL_SSLVERSION_SSL +

Introduced in +

CURL_SSLVERSION_SSL +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_SSLVERSION_TLS +

Introduced in +

CURL_TIMECOND_IFMODSINCE +

Introduced in 7.9.7 +

CURL_TIMECOND_IFUNMODSINCE +

Introduced in 7.9.7 +

CURL_TIMECOND_LASTMOD +

Introduced in 7.9.7 +

CURL_TIMECOND_NONE +

Introduced in 7.9.7 +

CURL_TLSAUTH_NONE +

Introduced in 7.21.4 +

CURL_TLSAUTH_SRP +

Introduced in 7.21.4 +

CURL_VERSION_ASYNCHDNS +

Introduced in 7.10.7 +

CURL_VERSION_CONV +

Introduced in 7.15.4 +

CURL_VERSION_CURLDEBUG +

Introduced in 7.19.6 +

CURL_VERSION_DEBUG +

Introduced in 7.10.6 +

CURL_VERSION_GSSAPI +

Introduced in 7.38.0 +

CURL_VERSION_GSSNEGOTIATE +

Introduced in 7.10.6 Deprecated since 7.38.0 +

CURL_VERSION_HTTP2 +

Introduced in 7.33.0 +

CURL_VERSION_IDN +

Introduced in 7.12.0 +

CURL_VERSION_IPV6 +

Introduced in 7.10 +

CURL_VERSION_KERBEROS4 +

Introduced in 7.10 Deprecated since 7.33.0 +

CURL_VERSION_KERBEROS5 +

Introduced in 7.40.0 +

CURL_VERSION_LARGEFILE +

Introduced in 7.11.1 +

CURL_VERSION_LIBZ +

Introduced in 7.10 +

CURL_VERSION_NTLM +

Introduced in 7.10.6 +

CURL_VERSION_NTLM_WB +

Introduced in 7.22.0 +

CURL_VERSION_SPNEGO +

Introduced in 7.10.8 +

CURL_VERSION_SSL +

Introduced in 7.10 +

CURL_VERSION_SSPI +

Introduced in 7.13.2 +

CURL_VERSION_TLSAUTH_SRP +

Introduced in 7.21.4 +

CURL_VERSION_UNIX_SOCKETS +

Introduced in 7.40.0 +

CURL_WAIT_POLLIN +

Introduced in 7.28.0 +

CURL_WAIT_POLLOUT +

Introduced in 7.28.0 +

CURL_WAIT_POLLPRI +

Introduced in 7.28.0 +

CURL_WRITEFUNC_PAUSE +

Introduced in 7.18.0

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/libcurl-symbols.pdf b/docs/libcurl/libcurl-symbols.pdf new file mode 100644 index 0000000..c353e1f Binary files /dev/null and b/docs/libcurl/libcurl-symbols.pdf differ diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3 new file mode 100644 index 0000000..fd5b0e4 --- /dev/null +++ b/docs/libcurl/libcurl-thread.3 @@ -0,0 +1,95 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH libcurl-thread 3 "13 Jul 2015" "libcurl" "libcurl thread safety" +.SH NAME +libcurl-thread \- libcurl thread safety +.SH "Multi-threading with libcurl" +libcurl is thread safe but has no internal thread synchronization. You may have +to provide your own locking should you meet any of the thread safety exceptions +below. + +\fBHandles.\fP You must \fBnever\fP share the same handle in multiple threads. +You can pass the handles around among threads, but you must never use a single +handle from more than one thread at any given time. + +\fBShared objects.\fP You can share certain data between multiple handles by +using the share interface but you must provide your own locking and set +\fIcurl_share_setopt(3)\fP CURLSHOPT_LOCKFUNC and CURLSHOPT_UNLOCKFUNC. +.SH TLS +If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are +then of course using the underlying SSL library multi-threaded and those libs +might have their own requirements on this issue. You may need to provide one +or two functions to allow it to function properly: +.IP OpenSSL +http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION + +http://curl.haxx.se/libcurl/c/opensslthreadlock.html +.IP GnuTLS +http://gnutls.org/manual/html_node/Thread-safety.html +.IP NSS +thread-safe already without anything required. +.IP PolarSSL +Required actions unknown. +.IP yassl +Required actions unknown. +.IP axTLS +Required actions unknown. +.IP Secure-Transport +The engine is used by libcurl in a way that is fully thread-safe. +.IP WinSSL +The engine is used by libcurl in a way that is fully thread-safe. +.IP wolfSSL +The engine is used by libcurl in a way that is fully thread-safe. +.SH "Other areas of caution" +.IP Signals +Signals are used for timing out name resolves (during DNS lookup) - when built +without using either the c-ares or threaded resolver backends. When using +multiple threads you should set the \fICURLOPT_NOSIGNAL(3)\fP option to 1L for +all handles. Everything will or might work fine except that timeouts are not +honored during the DNS lookup - which you can work around by building libcurl +with c-ares support. c-ares is a library that provides asynchronous name +resolves. On some platforms, libcurl simply will not function properly +multi-threaded unless this option is set. +.IP "Name resolving" +\fBgethostby* functions and other system calls.\fP These functions, provided +by your operating system, must be thread safe. It is very important that +libcurl can find and use thread safe versions of these and other system calls, +as otherwise it can't function fully thread safe. Some operating systems are +known to have faulty thread implementations. We have previously received +problem reports on *BSD (at least in the past, they may be working fine these +days). Some operating systems that are known to have solid and working thread +support are Linux, Solaris and Windows. +.IP "curl_global_* functions" +These functions are not thread safe. If you are using libcurl with multiple +threads it is especially important that before use you call +\fIcurl_global_init(3)\fP or \fIcurl_global_init_mem(3)\fP to explicitly +initialize the library and its dependents, rather than rely on the "lazy" +fail-safe initialization that takes place the first time +\fIcurl_easy_init(3)\fP is called. For an in-depth explanation refer to +\fIlibcurl(3)\fP section \fBGLOBAL CONSTANTS\fP. +.IP "Memory functions" +These functions, provided either by your operating system or your own +replacements, must be thread safe. You can use \fIcurl_global_init_mem(3)\fP +to set your own replacement memory functions. +.IP Non-safe functions +\fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP is not thread-safe. diff --git a/docs/libcurl/libcurl-thread.html b/docs/libcurl/libcurl-thread.html new file mode 100644 index 0000000..9690bab --- /dev/null +++ b/docs/libcurl/libcurl-thread.html @@ -0,0 +1,90 @@ + + +libcurl-thread man page + + + + +

NAME

+

libcurl-thread - libcurl thread safety

Multi-threading with libcurl

+

libcurl is thread safe but has no internal thread synchronization. You may have to provide your own locking should you meet any of the thread safety exceptions below. +

Handles. You must never share the same handle in multiple threads. You can pass the handles around among threads, but you must never use a single handle from more than one thread at any given time. +

Shared objects. You can share certain data between multiple handles by using the share interface but you must provide your own locking and set curl_share_setopt CURLSHOPT_LOCKFUNC and CURLSHOPT_UNLOCKFUNC.

TLS

+

If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are then of course using the underlying SSL library multi-threaded and those libs might have their own requirements on this issue. You may need to provide one or two functions to allow it to function properly: +

OpenSSL +

http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION +

http://curl.haxx.se/libcurl/c/opensslthreadlock.html +

GnuTLS +

http://gnutls.org/manual/html_node/Thread-safety.html +

NSS +

thread-safe already without anything required. +

PolarSSL +

Required actions unknown. +

yassl +

Required actions unknown. +

axTLS +

Required actions unknown. +

Secure-Transport +

The engine is used by libcurl in a way that is fully thread-safe. +

WinSSL +

The engine is used by libcurl in a way that is fully thread-safe. +

wolfSSL +

The engine is used by libcurl in a way that is fully thread-safe.

Other areas of caution

+

+

Signals +

Signals are used for timing out name resolves (during DNS lookup) - when built without using either the c-ares or threaded resolver backends. When using multiple threads you should set the CURLOPT_NOSIGNAL(3) option to 1L for all handles. Everything will or might work fine except that timeouts are not honored during the DNS lookup - which you can work around by building libcurl with c-ares support. c-ares is a library that provides asynchronous name resolves. On some platforms, libcurl simply will not function properly multi-threaded unless this option is set. +

Name resolving +

gethostby* functions and other system calls. These functions, provided by your operating system, must be thread safe. It is very important that libcurl can find and use thread safe versions of these and other system calls, as otherwise it can't function fully thread safe. Some operating systems are known to have faulty thread implementations. We have previously received problem reports on *BSD (at least in the past, they may be working fine these days). Some operating systems that are known to have solid and working thread support are Linux, Solaris and Windows. +

curl_global_* functions +

These functions are not thread safe. If you are using libcurl with multiple threads it is especially important that before use you call curl_global_init or curl_global_init_mem to explicitly initialize the library and its dependents, rather than rely on the "lazy" fail-safe initialization that takes place the first time curl_easy_init is called. For an in-depth explanation refer to libcurl section GLOBAL CONSTANTS. +

Memory functions +

These functions, provided either by your operating system or your own replacements, must be thread safe. You can use curl_global_init_mem to set your own replacement memory functions. +

Non-safe functions +

CURLOPT_DNS_USE_GLOBAL_CACHE(3) is not thread-safe.

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/libcurl-thread.pdf b/docs/libcurl/libcurl-thread.pdf new file mode 100644 index 0000000..8656f21 Binary files /dev/null and b/docs/libcurl/libcurl-thread.pdf differ diff --git a/docs/libcurl/libcurl-tutorial.3 b/docs/libcurl/libcurl-tutorial.3 index 11b0190..558652c 100644 --- a/docs/libcurl/libcurl-tutorial.3 +++ b/docs/libcurl/libcurl-tutorial.3 @@ -256,58 +256,8 @@ complication for you. Given simply the URL to a file, libcurl will take care of all the details needed to get the file moved from one machine to another. .SH "Multi-threading Issues" -The first basic rule is that you must \fBnever\fP simultaneously share a -libcurl handle (be it easy or multi or whatever) between multiple -threads. Only use one handle in one thread at any time. You can pass the -handles around among threads, but you must never use a single handle from more -than one thread at any given time. - -libcurl is completely thread safe, except for two issues: signals and SSL/TLS -handlers. Signals are used for timing out name resolves (during DNS lookup) - -when built without using either the c-ares or threaded resolver backends. - -If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are -then of course using the underlying SSL library multi-threaded and those libs -might have their own requirements on this issue. Basically, you need to -provide one or two functions to allow it to function properly. For all -details, see this: - -OpenSSL - - http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION - -GnuTLS - - http://gnutls.org/manual/html_node/Thread-safety.html - -NSS - - is claimed to be thread-safe already without anything required. - -PolarSSL - - Required actions unknown. - -yassl - - Required actions unknown. - -axTLS - - Required actions unknown. - -Secure Transport - - The engine is fully thread-safe, and no additional steps are required. - -When using multiple threads you should set the \fICURLOPT_NOSIGNAL(3)\fP -option to 1 for all handles. Everything will or might work fine except that -timeouts are not honored during the DNS lookup - which you can work around by -building libcurl with c-ares support. c-ares is a library that provides -asynchronous name resolves. On some platforms, libcurl simply will not -function properly multi-threaded unless this option is set. - -Also, note that \fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP is not thread-safe. +libcurl is thread safe but there are a few exceptions. Refer to +\fIlibcurl-thread(3)\fP for more information. .SH "When It Doesn't Work" There will always be times when the transfer fails for some reason. You might @@ -1005,7 +955,7 @@ or understand incoming cookies and they will just be ignored. However, when the parser is enabled the cookies will be understood and the cookies will be kept in memory and used properly in subsequent requests when the same handle is used. Many times this is enough, and you may not have to save the cookies -to disk at all. Note that the file you specify to \ICURLOPT_COOKIEFILE(3)\fP +to disk at all. Note that the file you specify to \fICURLOPT_COOKIEFILE(3)\fP doesn't have to exist to enable the parser, so a common way to just enable the parser and not read any cookies is to use the name of a file you know doesn't exist. diff --git a/docs/libcurl/libcurl-tutorial.html b/docs/libcurl/libcurl-tutorial.html index 43bfc24..70e34aa 100644 --- a/docs/libcurl/libcurl-tutorial.html +++ b/docs/libcurl/libcurl-tutorial.html @@ -4,15 +4,20 @@ libcurl-tutorial man page + + +

NAME

+

CURLMOPT_PUSHDATA - pointer to pass to push callback

SYNOPSIS

+

+#include <curl/curl.h>
+ 
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHDATA, void *pointer);
+
+ +

DESCRIPTION

+

Set pointer to pass as the last argument to the CURLMOPT_PUSHFUNCTION callback. The pointer will not be touched or used by libcurl itself, only passed on to the callback function.

DEFAULT

+

NULL

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.44.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PUSHFUNCTION, CURLMOPT_PIPELINING, CURLOPT_PIPEWAIT, RFC 7540

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf b/docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf new file mode 100644 index 0000000..200136b Binary files /dev/null and b/docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf differ diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 new file mode 100644 index 0000000..fb5e4e4 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 @@ -0,0 +1,132 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLMOPT_PUSHFUNCTION 3 "1 Jun 2015" "libcurl 7.44.0" "curl_multi_setopt options" +.SH NAME +CURLMOPT_PUSHFUNCTION \- callback that approves or denies server pushes +.SH SYNOPSIS +.nf +#include + +char *curl_pushheader_bynum(push_headers, int num); +char *curl_pushheader_byname(push_headers, const char *name); + +int curl_push_callback(CURL *parent, + CURL *easy, + size_t num_headers, + struct curl_pushheaders *headers, + void *userp); + +CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHFUNCTION, + curl_push_callback func); +.fi +.SH DESCRIPTION +This callback gets called when a new HTTP/2 stream is being pushed by the +server (using the PUSH_PROMISE frame). If no push callback is set, all offered +pushes will be denied automatically. +.SH CALLBACK DESCRIPTION +The callback gets its arguments like this: + +\fIparent\fP is the handle of the stream on which this push arrives. The new +handle has been duphandle()d from the parent, meaning that it has gotten all +its options inherited. It is then up to the application to alter any options +if desired. + +\fIeasy\fP is a newly created handle that represents this upcoming transfer. + +\fInum_headers\fP is the number of name+value pairs that was received and can +be accessed + +\fIheaders\fP is a handle used to access push headers using the accessor +functions described below. This only accesses and provides the PUSH_PROMISE +headers, the normal response headers will be provided in the header callback +as usual. + +\fIuserp\fP is the pointer set with \fICURLMOPT_PUSHDATA(3)\fP + +If the callback returns CURL_PUSH_OK, the 'easy' handle will be added to the +multi handle, the callback must not do that by itself. + +The callback can access PUSH_PROMISE headers with two accessor +functions. These functions can only be used from within this callback and they +can only access the PUSH_PROMISE headers. The normal response headers will be +pased to the header callback for pushed streams just as for normal streams. +.IP curl_pushheader_bynum +Returns the header at index 'num' (or NULL). The returned pointer points to a +"name:value" string that will be freed when this callback returns. +.IP curl_pushheader_byname +Returns the value for the given header name (or NULL). This is a shortcut so +that the application doesn't have to loop through all headers to find the one +it is interested in. The data pointed will be freed when this callback +returns. +.SH CALLBACK RETURN VALUE +.IP "CURL_PUSH_OK (0)" +The application has accepted the stream and it can now start receiving data, +the ownership of the CURL handle has been taken over by the application. +.IP "CURL_PUSH_DENY (1)" +The callback denies the stream and no data for this will reach the +application, the easy handle will be destroyed by libcurl. +.IP * +All other return codes are reserved for future use. +.SH DEFAULT +NULL, no callback +.SH PROTOCOLS +HTTP(S) (HTTP/2 only) +.SH EXAMPLE +.nf +/* only allow pushes for file names starting with "push-" */ +int push_callback(CURL *parent, + CURL *easy, + size_t num_headers, + struct curl_pushheaders *headers, + void *userp) +{ + char *headp; + int *transfers = (int *)userp; + FILE *out; + headp = curl_pushheader_byname(headers, ":path"); + if(headp && !strncmp(headp, "/push-", 6)) { + fprintf(stderr, "The PATH is %s\n", headp); + + /* save the push here */ + out = fopen("pushed-stream", "wb"); + + /* write to this file */ + curl_easy_setopt(easy, CURLOPT_WRITEDATA, out); + + (*transfers)++; /* one more */ + + return CURL_PUSH_OK; + } + return CURL_PUSH_DENY; +} + +curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback); +curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter); +.fi +.SH AVAILABILITY +Added in 7.44.0 +.SH RETURN VALUE +Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLMOPT_PUSHDATA "(3), " CURLMOPT_PIPELINING "(3), " CURLOPT_PIPEWAIT "(3), " +.BR RFC 7540 diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.html b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.html new file mode 100644 index 0000000..17680a0 --- /dev/null +++ b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.html @@ -0,0 +1,131 @@ + + +CURLMOPT_PUSHFUNCTION man page + + + + +

NAME

+

CURLMOPT_PUSHFUNCTION - callback that approves or denies server pushes

SYNOPSIS

+

+#include <curl/curl.h>
+ 
+char *curl_pushheader_bynum(push_headers, int num);
+char *curl_pushheader_byname(push_headers, const char *name);
+ 
+int curl_push_callback(CURL *parent,
+                       CURL *easy,
+                       size_t num_headers,
+                       struct curl_pushheaders *headers,
+                       void *userp);
+ 
+CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHFUNCTION,
+                            curl_push_callback func);
+
+ +

DESCRIPTION

+

This callback gets called when a new HTTP/2 stream is being pushed by the server (using the PUSH_PROMISE frame). If no push callback is set, all offered pushes will be denied automatically.

CALLBACK DESCRIPTION

+

The callback gets its arguments like this: +

parent is the handle of the stream on which this push arrives. The new handle has been duphandle()d from the parent, meaning that it has gotten all its options inherited. It is then up to the application to alter any options if desired. +

easy is a newly created handle that represents this upcoming transfer. +

num_headers is the number of name+value pairs that was received and can be accessed +

headers is a handle used to access push headers using the accessor functions described below. This only accesses and provides the PUSH_PROMISE headers, the normal response headers will be provided in the header callback as usual. +

userp is the pointer set with CURLMOPT_PUSHDATA +

If the callback returns CURL_PUSH_OK, the 'easy' handle will be added to the multi handle, the callback must not do that by itself. +

The callback can access PUSH_PROMISE headers with two accessor functions. These functions can only be used from within this callback and they can only access the PUSH_PROMISE headers. The normal response headers will be pased to the header callback for pushed streams just as for normal streams. +

curl_pushheader_bynum +

Returns the header at index 'num' (or NULL). The returned pointer points to a "name:value" string that will be freed when this callback returns. +

curl_pushheader_byname +

Returns the value for the given header name (or NULL). This is a shortcut so that the application doesn't have to loop through all headers to find the one it is interested in. The data pointed will be freed when this callback returns.

CALLBACK RETURN VALUE

+

+

CURL_PUSH_OK (0) +

The application has accepted the stream and it can now start receiving data, the ownership of the CURL handle has been taken over by the application. +

CURL_PUSH_DENY (1) +

The callback denies the stream and no data for this will reach the application, the easy handle will be destroyed by libcurl. +

* +

All other return codes are reserved for future use.

DEFAULT

+

NULL, no callback

PROTOCOLS

+

HTTP(S) (HTTP/2 only)

EXAMPLE

+

+/* only allow pushes for file names starting with "push-" */
+int push_callback(CURL *parent,
+                  CURL *easy,
+                  size_t num_headers,
+                  struct curl_pushheaders *headers,
+                  void *userp)
+{
+  char *headp;
+  int *transfers = (int *)userp;
+  FILE *out;
+  headp = curl_pushheader_byname(headers, ":path");
+  if(headp && !strncmp(headp, "/push-", 6)) {
+    fprintf(stderr, "The PATH is %sn", headp);
+ 
+    /* save the push here */
+    out = fopen("pushed-stream", "wb");
+ 
+    /* write to this file */
+    curl_easy_setopt(easy, CURLOPT_WRITEDATA, out);
+ 
+    (*transfers)++; /* one more */
+ 
+    return CURL_PUSH_OK;
+  }
+  return CURL_PUSH_DENY;
+}
+ 
+curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback);
+curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter);
+
+ +

AVAILABILITY

+

Added in 7.44.0

RETURN VALUE

+

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLMOPT_PUSHDATA, CURLMOPT_PIPELINING, CURLOPT_PIPEWAIT, RFC 7540

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf new file mode 100644 index 0000000..d6431ed Binary files /dev/null and b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf differ diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html index dd2da96..5cea2c1 100644 --- a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html +++ b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html @@ -4,15 +4,20 @@ CURLMOPT_SOCKETDATA man page + + +

NAME

+

CURLOPT_PATH_AS_IS - do not handle dot dot sequences

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit);

DESCRIPTION

+

By setting the long leavit to 1, to explicitly tell libcurl to not alter the given path before passing it on to the server. +

This tells libcurl to NOT squash sequences of "/../" or "/./" that may exist in the URL's path part and that is supposed to be removed according to RFC 3986 section 5.2.4. +

Some server implementations are known to (erroneously) require the dot dot sequences to remain in the path and some clients want to pass these on in order to try out server implementations. +

By default libcurl will merge such sequences before using the path.

DEFAULT

+

0

PROTOCOLS

+

All

EXAMPLE

+

+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/../../etc/password");
+ 
+  curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L);
+ 
+  curl_easy_perform(curl);
+}
+
+ +

AVAILABILITY

+

Aded in 7.42.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLOPT_STDERR, CURLOPT_DEBUGFUNCTION,

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf new file mode 100644 index 0000000..2e6c2d6 Binary files /dev/null and b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf differ diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 new file mode 100644 index 0000000..0d4357a --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 @@ -0,0 +1,87 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_PINNEDPUBLICKEY 3 "27 Aug 2014" "libcurl 7.38.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_PINNEDPUBLICKEY \- set pinned public key +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey); +.SH DESCRIPTION +Pass a pointer to a zero terminated string as parameter. The string can be the +file name of your pinned public key. The file format expected is "PEM" or "DER". +The string can also be any number of base64 encoded sha256 hashes preceded by +"sha256//" and seperated by ";" + +When negotiating a TLS or SSL connection, the server sends a certificate +indicating its identity. A public key is extracted from this certificate and +if it does not exactly match the public key provided to this option, curl will +abort the connection before sending or receiving any data. +.SH DEFAULT +NULL +.SH PROTOCOLS +All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. +.SH EXAMPLE +.nf +CURL *curl = curl_easy_init(); +if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); + curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der"); + /* OR + curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno="); + */ + + /* Perform the request */ + curl_easy_perform(curl); +} +.fi +.SH PUBLIC KEY EXTRACTION +If you do not have the server's public key file you can extract it from the +server's certificate. +.nf +# extract public key in pem format from certificate +openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem +# convert public key from pem to der +openssl asn1parse -noout -inform pem -in www.test.com.pubkey.pem -out www.test.com.pubkey.der +# sha256 hash and base64 encode der to string for use +openssl dgst -sha256 -binary www.test.com.pubkey.der | openssl base64 +.fi +The public key in PEM format contains a header, base64 data and a +footer: +.nf +-----BEGIN PUBLIC KEY----- +[BASE 64 DATA] +-----END PUBLIC KEY----- +.fi +.SH AVAILABILITY +Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for +NSS and wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL, +GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported. +.SH RETURN VALUE +Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or +CURLE_OUT_OF_MEMORY if there was insufficient heap space. +.SH "SEE ALSO" +.BR CURLOPT_SSL_VERIFYPEER "(3), " +.BR CURLOPT_SSL_VERIFYHOST "(3), " +.BR CURLOPT_CAINFO "(3), " +.BR CURLOPT_CAPATH "(3), " diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html new file mode 100644 index 0000000..b0f5e63 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html @@ -0,0 +1,96 @@ + + +CURLOPT_PINNEDPUBLICKEY man page + + + + +

NAME

+

CURLOPT_PINNEDPUBLICKEY - set pinned public key

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey);

DESCRIPTION

+

Pass a pointer to a zero terminated string as parameter. The string can be the file name of your pinned public key. The file format expected is "PEM" or "DER". The string can also be any number of base64 encoded sha256 hashes preceded by "sha256//" and seperated by ";" +

When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data.

DEFAULT

+

NULL

PROTOCOLS

+

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

+

+CURL *curl = curl_easy_init();
+if(curl) {
+  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
+  curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der");
+  /* OR
+  curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno=");
+  */
+ 
+  /* Perform the request */
+  curl_easy_perform(curl);
+}
+
+ +

PUBLIC KEY EXTRACTION

+

If you do not have the server's public key file you can extract it from the server's certificate. 

+# extract public key in pem format from certificate
+openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem
+# convert public key from pem to der
+openssl asn1parse -noout -inform pem -in www.test.com.pubkey.pem -out www.test.com.pubkey.der
+# sha256 hash and base64 encode der to string for use
+openssl dgst -sha256 -binary www.test.com.pubkey.der | openssl base64
+
+ +

The public key in PEM format contains a header, base64 data and a footer: 

+-----BEGIN PUBLIC KEY-----
+[BASE 64 DATA]
+-----END PUBLIC KEY-----
+
+ +

AVAILABILITY

+

Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported.

RETURN VALUE

+

Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_SSL_VERIFYPEER, CURLOPT_SSL_VERIFYHOST, CURLOPT_CAINFO, CURLOPT_CAPATH,

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf new file mode 100644 index 0000000..3b77059 Binary files /dev/null and b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf differ diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 b/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 new file mode 100644 index 0000000..5f64195 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 @@ -0,0 +1,63 @@ +.\" ************************************************************************** +.\" * _ _ ____ _ +.\" * Project ___| | | | _ \| | +.\" * / __| | | | |_) | | +.\" * | (__| |_| | _ <| |___ +.\" * \___|\___/|_| \_\_____| +.\" * +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * +.\" * This software is licensed as described in the file COPYING, which +.\" * you should have received as part of this distribution. The terms +.\" * are also available at http://curl.haxx.se/docs/copyright.html. +.\" * +.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell +.\" * copies of the Software, and permit persons to whom the Software is +.\" * furnished to do so, under the terms of the COPYING file. +.\" * +.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +.\" * KIND, either express or implied. +.\" * +.\" ************************************************************************** +.\" +.TH CURLOPT_PIPEWAIT 3 "12 May 2015" "libcurl 7.43.0" "curl_easy_setopt options" +.SH NAME +CURLOPT_PIPEWAIT \- wait for pipelining/multiplexing +.SH SYNOPSIS +#include + +CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait); +.SH DESCRIPTION +Set \fIwait\fP to 1L to tell libcurl to prefer to wait for a connection to +confirm or deny that it can do pipelining or multiplexing before continuing. + +When about to perform a new transfer that allows pipelining or multiplexing, +libcurl will check for existing connections to re-use and pipeline on. If no +such connection exists it will immediately continue and create a fresh new +connection to use. + +By setting this option to 1 - and having \fICURLMOPT_PIPELINE\fP enabled for +the multi handle this transfer is associated with - libcurl will instead wait +for the connection to reveal if it is possible to pipeline/multiplex on before +it continues. This enables libcurl to much better keep the number of +connections to a minimum when using pipelining or multiplexing protocols. + +The effect thus becomes that with this option set, libcurl prefers to wait and +re-use an existing connection for pipelining rather than the opposite: prefer +to open a new connection rather than waiting. + +The waiting time is as long as it takes for the connection to get up and for +libcurl to get the necessary response back that informs it about its protocol +and support level. +.SH DEFAULT +0 (off) +.SH PROTOCOLS +HTTP(S) +.SH EXAMPLE +.SH AVAILABILITY +Added in 7.43.0 +.SH RETURN VALUE +Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. +.SH "SEE ALSO" +.BR CURLOPT_FORBID_REUSE "(3), " CURLOPT_FRESH_CONNECT "(3), " +.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.html b/docs/libcurl/opts/CURLOPT_PIPEWAIT.html new file mode 100644 index 0000000..b266c5e --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_PIPEWAIT.html @@ -0,0 +1,69 @@ + + +CURLOPT_PIPEWAIT man page + + + + +

NAME

+

CURLOPT_PIPEWAIT - wait for pipelining/multiplexing

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait);

DESCRIPTION

+

Set wait to 1L to tell libcurl to prefer to wait for a connection to confirm or deny that it can do pipelining or multiplexing before continuing. +

When about to perform a new transfer that allows pipelining or multiplexing, libcurl will check for existing connections to re-use and pipeline on. If no such connection exists it will immediately continue and create a fresh new connection to use. +

By setting this option to 1 - and having CURLMOPT_PIPELINE enabled for the multi handle this transfer is associated with - libcurl will instead wait for the connection to reveal if it is possible to pipeline/multiplex on before it continues. This enables libcurl to much better keep the number of connections to a minimum when using pipelining or multiplexing protocols. +

The effect thus becomes that with this option set, libcurl prefers to wait and re-use an existing connection for pipelining rather than the opposite: prefer to open a new connection rather than waiting. +

The waiting time is as long as it takes for the connection to get up and for libcurl to get the necessary response back that informs it about its protocol and support level.

DEFAULT

+

0 (off)

PROTOCOLS

+

HTTP(S)

EXAMPLE

+

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

+

CURLOPT_FORBID_REUSE, CURLOPT_FRESH_CONNECT, CURLMOPT_PIPELINING, CURLMOPT_MAX_HOST_CONNECTIONS,

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf b/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf new file mode 100644 index 0000000..0132620 Binary files /dev/null and b/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf differ diff --git a/docs/libcurl/opts/CURLOPT_PORT.html b/docs/libcurl/opts/CURLOPT_PORT.html index 4154014..1358803 100644 --- a/docs/libcurl/opts/CURLOPT_PORT.html +++ b/docs/libcurl/opts/CURLOPT_PORT.html @@ -4,15 +4,20 @@ CURLOPT_PORT man page + + +

NAME

+

CURLOPT_PROXY_SERVICE_NAME - proxy service name

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name);

DESCRIPTION

+

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. +

See above

PROTOCOLS

+

Most

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf new file mode 100644 index 0000000..19a9905 Binary files /dev/null and b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf differ diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html index ae3f30a..65b97dd 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html +++ b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html @@ -4,15 +4,20 @@ CURLOPT_PROXY_TRANSFER_MODE man page + + +

NAME

+

CURLOPT_SERVICE_NAME - SPNEGO service name

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name);

DESCRIPTION

+

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. +

See above

PROTOCOLS

+

Most

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.43.0

RETURN VALUE

+

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

+

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf new file mode 100644 index 0000000..21d32fb Binary files /dev/null and b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf differ diff --git a/docs/libcurl/opts/CURLOPT_SHARE.html b/docs/libcurl/opts/CURLOPT_SHARE.html index ae2082e..8fbe21b 100644 --- a/docs/libcurl/opts/CURLOPT_SHARE.html +++ b/docs/libcurl/opts/CURLOPT_SHARE.html @@ -4,15 +4,20 @@ CURLOPT_SHARE man page + + +

NAME

+

CURLOPT_SSL_FALSESTART - enable TLS false start

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable);

DESCRIPTION

+

Pass a long as parameter set to 1 to enable or 0 to disable. +

This option determines whether libcurl should use false start during the TLS handshake. False start is a mode where a TLS client will start sending application data before verifying the server's Finished message, thus saving a round trip when performing a full handshake.

DEFAULT

+

0

PROTOCOLS

+

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.42.0. This option is currently only supported by the NSS and Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends.

RETURN VALUE

+

Returns CURLE_OK if false start is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN.

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf new file mode 100644 index 0000000..bca982c Binary files /dev/null and b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf differ diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 index 09bcb96..0afd2fb 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 @@ -30,13 +30,25 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask); .SH DESCRIPTION Pass a long with a bitmask to tell libcurl about specific SSL behaviors. -\fICURLSSLOPT_ALLOW_BEAST\fP is the only supported bit and by setting this the -user will tell libcurl to not attempt to use any workarounds for a security -flaw in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit -is set to 0, the SSL layer libcurl uses may use a work-around for this flaw -although it might cause interoperability problems with some (older) SSL -implementations. WARNING: avoiding this work-around lessens the security, and -by setting this option to 1 you ask for exactly that. +\fICURLSSLOPT_ALLOW_BEAST\fP tells libcurl to not attempt to use any +workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this +option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a +work-around for this flaw although it might cause interoperability problems +with some (older) SSL implementations. WARNING: avoiding this work-around +lessens the security, and by setting this option to 1 you ask for exactly that. +This option is only supported for DarwinSSL, NSS and OpenSSL. + +Added in 7.44.0: + +\fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation +checks for those SSL backends where such behavior is present. \fBCurrently this +option is only supported for WinSSL (the native Windows SSL library), with an +exception in the case of Windows' Untrusted Publishers blacklist which it seems +can't be bypassed.\fP This option may have broader support to accommodate other +SSL backends in the future. +http://curl.haxx.se/docs/ssl-compared.html + + .SH DEFAULT 0 .SH PROTOCOLS diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html index f268c59..5b0a4a6 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html +++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html @@ -4,15 +4,20 @@ CURLOPT_SSL_OPTIONS man page + + +

NAME

+

CURLOPT_SSL_VERIFYSTATUS - verify the certificate's status

SYNOPSIS

+

#include <curl/curl.h> +

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYSTATUS, long verify);

DESCRIPTION

+

Pass a long as parameter set to 1 to enable or 0 to disable. +

This option determines whether libcurl verifies the status of the server cert using the "Certificate Status Request" TLS extension (aka. OCSP stapling). +

Note that if this option is enabled but the server does not support the TLS extension, the verification will fail.

DEFAULT

+

0

PROTOCOLS

+

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

+

TODO

AVAILABILITY

+

Added in 7.41.0. This option is currently only supported by the OpenSSL, GnuTLS and NSS TLS backends.

RETURN VALUE

+

Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN.

SEE ALSO

+

CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_VERIFYPEER, CURLOPT_CAINFO,

+ This HTML page was made with roffit. + diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf new file mode 100644 index 0000000..9e02620 --- /dev/null +++ b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf @@ -0,0 +1,111 @@ +%PDF-1.4 +%Ç쏢 +5 0 obj +<> +stream +xœ­Vën£Fþï§8ÚþX¼2†áÚV•œ„tÝ:Æ5$j”T±' »À›æöUúŽ=sÁÄIV«J•%0Ì̹|ç;ßá,BÁ?}_Ý>Ü6 n*AßV÷p˜â†@¼Hoê ß?d$!½Gg‹i˜Ô–ËÿVV‡ü_†èß²|fð:¿y‚öŽÃŠ×mþu•µü½DÃ&®´ayÄí°hšÞ6¦XT/´Y»mTÏó·‡`ÝMê‘@îK.fñ<™$ûù"<]®?äåªØ®9ü, +y .äî±Ýv *0VnxYè+¹î²r]ðÑÛe~߃Æ,‡XÞw@x ¨Ê[™CÂÀufWß$Lû 3OÏ>Ž’£ÅdžNâ™& +uOÞH~ží¢Iàî@‡L…5°Éê잷¼ÌÚ + /¼Ì® UGðq7â™HÒ’)Ð[(aø yÞå ¨–€µ0xŸ—¼Ç;Žd¨¡È¯Àš)ÔñDÖ_qƒ J#Ë ÕzâõŘÀ%¾¦¡ðäOxNR ¶MŽ)ˆïŽvTƒdÇS×`hº.øÖ7í;¬}|GÛ¿[^6"ô+#ûœˆ’¹kS “«!‘ñX$ RÒ—ƬBoí]ÖB.Âî“Ç +¾5\© +Û7¶mŸšôi‹²ÃºBʪ…f»ÙTµÚ¤"rÇéÚ 3•CìHnםP"Š ˆ ó¢P$Dëoj[5nzjøÄó0H͎¼ ¯ûeGìÙãá‰æŸ‹Ê&47S§ëßñ™DW˓í1_¯Nûîèy+"õ}Ÿí*fX¯‘äîb˜/t“!`?ٞ¯1mb¹¡dLœB¼sh3â[^§”Gñô…v`Ì!±Ïc\².×YƒuÝÔU[­ª¢ù>¦é;úD^'§cq›Çs6‚äßoWo๗Fôçøt>ºv¾ÙÎiŸe¢ïUDZÆÚ ‚7FF(v’¨>ŸC?>°zžK;L¦ãÃÉt’^ìCƒEdNìA +àñz¨ä%øÄAûÒý~ÀίyÙOP•xÑd ¢FE¼á%Êê~-·eT\˜%‰F|õÙq§¨×¼\7u÷ۀv¥g‹œ)Cõ¨1žžEZb_ƒ‹ƒ_M~Tˆv[ë±-ãßEïɁÈèU +¾ UDÊrO8a—)Ý*×#¨„>æ ‡Z¹‘¥Ót(—†r=‹‡Ž¥ä)]¥’xq6™CÜOqr¤ËɌ¼56^Âa$Qãi÷\|A®×ãíc¬> žÀ±I7ºå·Êhߺô<«cÑk‹ó(Z¼´H‰÷ßM'³“xß~ 2¶û€èmáG“OP:Mf£/p7¯ˆðÐD,ÇÀÆ8æ+°q> +/Contents 5 0 R +>> +endobj +3 0 obj +<< /Type /Pages /Kids [ +4 0 R +] /Count 1 +>> +endobj +1 0 obj +<> +endobj +7 0 obj +<>endobj +10 0 obj +<> +endobj +11 0 obj +<> +endobj +9 0 obj +<> +endobj +8 0 obj +<> +endobj +12 0 obj +<> +endobj +13 0 obj +<>stream + + + + + +2015-08-12T08:11:31+02:00 +2015-08-12T08:11:31+02:00 +groff version 1.22.3 + +Untitled + + + + + +endstream +endobj +2 0 obj +<>endobj +xref +0 14 +0000000000 65535 f +0000001554 00000 n +0000003365 00000 n +0000001495 00000 n +0000001335 00000 n +0000000015 00000 n +0000001315 00000 n +0000001619 00000 n +0000001794 00000 n +0000001729 00000 n +0000001660 00000 n +0000001690 00000 n +0000001876 00000 n +0000001942 00000 n +trailer +<< /Size 14 /Root 1 0 R /Info 2 0 R +/ID [] +>> +startxref +3519 +%%EOF diff --git a/docs/libcurl/opts/CURLOPT_STDERR.3 b/docs/libcurl/opts/CURLOPT_STDERR.3 index 67e9501..8ef1a32 100644 --- a/docs/libcurl/opts/CURLOPT_STDERR.3 +++ b/docs/libcurl/opts/CURLOPT_STDERR.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -36,7 +36,16 @@ stderr .SH PROTOCOLS All .SH EXAMPLE -TODO +.nf +CURL *curl = curl_easy_init(); +FILE *filep = fopen("dump", "wb"); +if(curl) { + curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); + curl_easy_setopt(curl, CURLOPT_STDERR, filep); + + curl_easy_perform(curl); +} +.fi .SH AVAILABILITY Always .SH RETURN VALUE diff --git a/docs/libcurl/opts/CURLOPT_STDERR.html b/docs/libcurl/opts/CURLOPT_STDERR.html index 50fcd93..52fcb4d 100644 --- a/docs/libcurl/opts/CURLOPT_STDERR.html +++ b/docs/libcurl/opts/CURLOPT_STDERR.html @@ -4,15 +4,20 @@ CURLOPT_STDERR man page