From: seonah moon Date: Thu, 7 Apr 2016 02:31:17 +0000 (-0700) Subject: Revert "Imported Upstream version 7.44.0" X-Git-Tag: upstream/7.48.0~3 X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcurl.git;a=commitdiff_plain;h=f7bbc1c9b6a8e2c815d09612b53f453c90d962e0 Revert "Imported Upstream version 7.44.0" This reverts commit 31368b6eac8092a307849518e912b4c475c0238a. Change-Id: I3428294b4931a00ba9684528d3ffb326f92ed4e8 --- diff --git a/CHANGES b/CHANGES index 056e274..ddcd07e 100644 --- a/CHANGES +++ b/CHANGES @@ -6,5159 +6,5321 @@ Changelog -Version 7.44.0 (11 Aug 2015) - -Daniel Stenberg (11 Aug 2015) -- RELEASE-NOTES: synced with c75a1e775061 +Version 7.40.0 (7 Jan 2015) -- [Svyatoslav Mishyn brought this change] +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: version 7.40.0 - curl_formget.3: correct return code +- darwinssl: fix session ID keys to only reuse identical sessions - Closes #375 - -- [Svyatoslav Mishyn brought this change] + ...to avoid a session ID getting cached without certificate checking and + then after a subsequent _enabling_ of the check libcurl could still + re-use the session done without cert checks. + + Bug: http://curl.haxx.se/docs/adv_20150108A.html + Reported-by: Marc Hesse - libcurl-tutorial.3: fix formatting +- tests: make sure CRLFs can't be used in URLs passed to proxy - Closes #374 + Bug: http://curl.haxx.se/docs/adv_20150108B.html -- [Svyatoslav Mishyn brought this change] +- url-parsing: reject CRLFs within URLs + + Bug: http://curl.haxx.se/docs/adv_20150108B.html + Reported-by: Andrey Labunets - curl_easy_recv.3: fix formatting +Steve Holme (7 Jan 2015) +- ldap: Convert attribute output to UTF-8 when Unicode -- [Anders Bakken brought this change] +- ldap: Convert DN output to UTF-8 when Unicode - http2: discard frames with no SessionHandle - - Return 0 instead of NGHTTP2_ERR_CALLBACK_FAILURE if we can't locate the - SessionHandle. Apparently mod_h2 will sometimes send a frame for a - stream_id we're finished with. +Daniel Stenberg (7 Jan 2015) +- hostip: remove 'stale' argument from Curl_fetch_addr proto - Use nghttp2_session_get_stream_user_data and - nghttp2_session_set_stream_user_data to identify SessionHandles instead - of a hash. + Also, remove the log output of the resolved name is NOT in the cache in + the spirit of only telling when something is actually happening. + +Steve Holme (7 Jan 2015) +- ldap/imap: Fixed spelling mistake in comments and variable names - Closes #372 + Reported-by: Michael Osipov + +Daniel Stenberg (7 Jan 2015) +- RELEASE-NOTES: updated with ./contributors.sh output -- RELEASE-NOTES: synced with 9ee40ce2aba +Dan Fandrich (5 Jan 2015) +- curl_multibyte.h: Eliminated some trailing whitespace -- [Viktor Szakats brought this change] +Steve Holme (4 Jan 2015) +- RELEASE-NOTES: Synced with ea93252ef1 - build: refer to fixed libidn versions +- ldap: Fixed Unicode usage for all Win32 builds - closes #371 + Otherwise, the fixes in the previous commits would only be applicable + to IDN and SSPI based builds and not others such as OpenSSL with LDAP + enabled. -- Revert "configure: disable libidn by default" - - This reverts commit e6749055d65398315fd77f5b5b8234c5552ac2d3. - - ... since libidn has since been fixed. +- ldap: Fixed memory leak from commit efb64fdf80 -- [Jakub Zakrzewski brought this change] +- ldap: Fix memory leak from commit 3a805c5cc1 - CMake: s/HAVE_GSS_API/HAVE_GSSAPI/ to match header define - - Otherwise the build only pretended to use GSS-API +- ldap: Fixed attribute variable warnings when Unicode is enabled - Closes #370 + Use 'TCHAR *' for local attribute variable rather than 'char *'. -- SFTP: fix range request off-by-one in size check +- ldap: Fixed DN variable warnings when Unicode is enabled - Reported-by: Tim Stack + Use 'TCHAR *' for local DN variable rather than 'char *'. + +- ldap: Remove the unescape_elements() function - Closes #359 + Due to the recent modifications this function is no longer used. -- test46: update cookie expire time +- ldap.c: Fixed compilation warning - ... since it went old and thus was expired and caused the test to fail! + ldap.c:98: warning: extra tokens at end of #endif directive -Steve Holme (9 Aug 2015) -- generate.bat: Use buildconf.bat for prerequisite file generation +- ldap: Fixed support for Unicode filter in Win32 search call + +- ldap.c: Fixed compilation warning + + ldap.c:802: warning: comparison between signed and unsigned integer + expressions -- buildconf.bat: Tidy up of comments after recent commits +- ldap: Fixed support for Unicode attributes in Win32 search call -- buildconf.bat: Added full generation of src\tool_hugehelp.c +- ldap: Fixed memory leak from commit efb64fdf80 - Added support for generating the full man page based on code from - generate.bat. + The unescapped DN was not freed after a successful character conversion. -- buildconf.bat: Added detection of groff, nroff, perl and gzip +- ldap.c: Fixed compilation error - To allow for the full generation of tool_hugehelp.c added detection of - the required programs - based on code from generate.bat. + ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes + just 1 -- buildconf.bat: Move DOS variable clean-up code to separate function +- ldap.c: Fixed compilation warning - Rather than duplicate future variables, during clean-up of both success - and error conditions, use a common function that can be called by both. + ldap.c:89: warning: extra tokens at end of #endif directive -- RELEASE-NOTES: Synced with 39dcf352d2 +- ldap: Fixed support for Unicode DN in Win32 search call -- buildconf.bat: Added error messages on failure +- ldap: Fixed Unicode user and password in Win32 bind calls -- buildconf.bat: Generate and clean files in the same order +- ldap: Fixed Unicode host name in Win32 initialisation calls -- buildconf.bat: Maintain compatibility with DOS based systems +- ldap: Use host.dispname for infof() connection failure messages - Commit f08e30d7bc broke compatibility with DOS and non Windows NT based - versions of Windows due to the use of the setlocal command. + As host.name may be encoded use dispname for infof() failure messages. -Jay Satiro (9 Aug 2015) -- CURLOPT_RESOLVE.3: Note removal support was added in 7.42 - - Bug: http://curl.haxx.se/mail/lib-2015-08/0019.html - Reported-by: Inca R +- ldap: Prefer 'CURLcode result' for curl result codes -Steve Holme (8 Aug 2015) -- checksrc.bat: Fixed error when missing *.c and *.h files +- ldap: Pass write length in all Curl_client_write() calls - File Not Found - -- checksrc.bat: Fixed incorrect 'lib\vtls' path check in commit 333c36b276 + As we get the length for the DN and attribute variables, and we know + the length for the line terminator, pass the length values rather than + zero as this will save Curl_client_write() from having to perform an + additional strlen() call. -- checksrc.bat: Fixed error when [directory] isn't a curl source directory +- ldap: Fixed attribute memory leaks on failed client write - The system cannot find the file specified. - -- checksrc.bat: Added check for unknown arguments + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -- scripts: Added missing comments +- ldap: Fixed DN memory leaks on failed client write + + Fixed memory leaks from commit 086ad79970 as was noted in the commit + comments. -- scripts: Always perform setlocal and endlocal calls in pairs +- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d - Ensure that there isn't a mismatch between setlocal and endlocal calls, - which could have happened due to setlocal being called after certain - error conditions were checked for. + curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char + [8]') to parameter of type 'char *' converts + between pointers to integer types with different + sign -- scripts: Allow -help to be specified in any argument +- ntlm: Use extend_key_56_to_64() for all cryptography engines - Allow the -help command line argument to be specified in any argument - and not just as the first. + Rather than duplicate the code in setup_des_key() for OpenSSL and in + extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is + the same, use extend_key_56_to_64() for all engines. -Daniel Stenberg (6 Aug 2015) -- [juef brought this change] +- RELEASE-NOTES: Synced with 34f0bd110f - curl_multi_remove_handle.3: fix formatting +- curl_ntlm_core.c: Fixed compilation warning - closes #366 + curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined + but not used -Steve Holme (6 Aug 2015) -- README: Added notes about 'Running DLL based configurations' +- endian: Fixed bit-shift in 64-bit integer read functions - ...as well as a TODO for a future enhancement to the project files. + From commit 43792592ca and 4bb5a351b2. - Thanks-to: Jay Satiro + Reported-by: Michael Osipov -- RELEASE-NOTES: Synced with cf8975387f +- smb: Use endian functions for reading NBT and message size values -- buildconf.bat: Synchronise no repository error with generate.bat +- endian: Added big endian read functions -- generate.bat: Added a check for the presence of a git repository +- endian: Added 64-bit integer read function -- [Jay Satiro brought this change] +- COPYING: Bumped copyright year to 2015 - build: Added wolfSSL configurations to VC10+ project files +- version: Bump copyright year to 2015 + +- smb.c: Fixed compilation warnings - URL: https://github.com/bagder/curl/pull/174 + smb.c:780: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:781: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign + smb.c:804: warning: passing 'char *' to parameter of type 'unsigned + char *' converts between pointers to integer types with + different sign -- [Jay Satiro brought this change] +- smb: Use endian functions for reading length and offset values - build: Added wolfSSL build script for Visual Studio projects - - Added the wolfSSL build script, based on build-openssl.bat, as well as - the property sheet and header file required for the upcoming additions - to the Visual Studio project files. +- endian: Added 16-bit integer write function -Daniel Stenberg (6 Aug 2015) -- CHANGES: refer to the online changelog +- endian: Fixed Linux compilation issues - Suggested-by: mc0e + Having files named endian.[c|h] seemed to cause issues under Linux so + renamed them both to have the curl_ prefix in the filenames. -- [Isaac Boukris brought this change] +- [Julien Nabet brought this change] - NTLM: handle auth for only a single request - - Currently when the server responds with 401 on NTLM authenticated - connection (re-used) we consider it to have failed. However this is - legitimate and may happen when for example IIS is set configured to - 'authPersistSingleRequest' or when the request goes thru a proxy (with - 'via' header). + lib1900.c: Fixed cppcheck error - Implemented by imploying an additional state once a connection is - re-used to indicate that if we receive 401 we need to restart - authentication. + lib1900.c:182: (style) Array index 'handlenum' is used before limits + check - Closes #363 - -Steve Holme (5 Aug 2015) -- RELEASE-NOTES: Synced with 473807b95f - -- generate.bat: Use buildconf.bat for prerequisite file clean-up - -- buildconf.bat: Added support for file clean-up via -clean - -- buildconf.bat: Added progress output - -- buildconf.bat: Avoid using goto for file not in repository + Bug: https://github.com/bagder/curl/pull/133 -Daniel Stenberg (5 Aug 2015) -- curl_slist_append.3: add error checking to the example +- endian: Added standard function descriptions -Steve Holme (5 Aug 2015) -- buildconf.bat: Added display of usage text with -help +- endian: Renamed functions for curl API naming convention -- buildconf.bat: Added exit codes for error handling +- endian: Moved write functions to new module -- buildconf.bat: Added our standard copyright header +- endian: Moved read functions to new module -- buildconf.bat: Use lower-case for commands and reserved keywords +- endian: Introduced endian module + + To allow the little endian functions, currently used in two of the NTLM + source files, to be used by other modules such as the SMB module. -- generate.bat: Only clean prerequisite files when in ALL mode +- sepheaders.c: Applied curl oding standards -- generate.bat: Moved error messages out of sub-routines +- [Julien Nabet brought this change] -- generate.bat: More use of lower-case for commands and reserved keywords + sepheaders.c: Fixed resource leak on failure -Daniel Stenberg (3 Aug 2015) -- libcurl.3: fix a single typo +- vtls: Use '(void) arg' for unused parameters - Closes #361 - -- RELEASE-NOTES: synced with c4eb10e2f06f + Prefer void for unused parameters, rather than assigning an argument to + itself as a) unintelligent compilers won't optimize it out, b) it can't + be used for const parameters, c) it will cause compilation warnings for + clang with -Wself-assign and d) is inconsistent with other areas of the + curl source code. -- SSH: three state machine fixups - - The SSH state machine didn't clear the 'rc' variable appropriately in a - two places which prevented it from looping the way it should. And it - lacked an 'else' statement that made it possible to erroneously get - stuck in the SSH_AUTH_AGENT state. - - Reported-by: Tim Stack +- smb.c: Fixed compilation warning - Closes #357 + smb.c:586: warning: conversion to 'short unsigned int' from 'int' may + alter its value -- curl_gssapi: remove 'const' to fix compiler warnings - - initialization discards 'const' qualifier from pointer target type +- [Bill Nagel brought this change] -- docs: formpost needs the full size at start of upload + smb: Use the connection's upload buffer - Closes #360 + Use the connection's upload buffer instead of allocating our own send + buffer. -Steve Holme (1 Aug 2015) -- sspi: Fix typo from left over from old code which referenced NTLM - - References to NTLM in the identity generation should have been removed - in commit c469941293 but not all were. +- RELEASE-NOTES: Synced with 1933f9d33c -- win32: Fix compilation warnings from commit 40c921f8b8 +- schannel: Moved the ISC return flag definitions to the SSPI module - connect.c:953:5: warning: initializer element is not computable at load - time - connect.c:953:5: warning: missing initializer for field 'dwMinorVersion' - of 'OSVERSIONINFOEX' - curl_sspi.c:97:5: warning: initializer element is not computable at load - time - curl_sspi.c:97:5: warning: missing initializer for field 'szCSDVersion' - of 'OSVERSIONINFOEX' + Moved our Initialize Security Context return attribute definitions to + the SSPI module, as a) these can be used by other SSPI based providers + and b) the ISC required attributes are defined there. -- schannel: Fix compilation warning from commit 7a8e861a56 - - schannel.c:1125:5: warning: missing initializer for field 'dwMinorVersion' - of 'OSVERSIONINFOEX' [-Wmissing-field-initializers +- [Bill Nagel brought this change] -Daniel Stenberg (31 Jul 2015) -- libcurl-thread.3: minor reformatting + smb: Close the connection after a failed client write -Jay Satiro (31 Jul 2015) -- curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs +- darwinssl: Fixed compilation warning - Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html - Reported-by: Eric Ridge + vtls.c:683:43: warning: unused parameter 'data' -- libcurl-thread.3: Warn memory functions must be thread safe +- sockfilt.c: Fixed compilation warnings - Bug: http://curl.haxx.se/mail/lib-2015-07/0149.html - Reported-by: Eric Ridge - -Steve Holme (31 Jul 2015) -- RELEASE-NOTES: Synced with 8b1d00ac1a + sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter + its value + sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter + its value -- INSTALL: Minor formatting correction in 'Legacy Windows and SSL' section +- test1509: Fixed compilation warning - ...as well as some rewording. + lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may + alter its value -Kamil Dudka (30 Jul 2015) -- http: move HTTP/2 cleanup code off http_disconnect() - - Otherwise it would never be called for an HTTP/2 connection, which has - its own disconnect handler. - - I spotted this while debugging - where the http_disconnect() handler was called on an FTP session handle - causing 'dnf' to crash. conn->data->req.protop of type (struct FTP *) - was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in - Curl_add_buffer_free() after printing the "Connection cache is full, - closing the oldest one." message. - - A previously working version of libcurl started to crash after it was - recompiled with the HTTP/2 support despite the HTTP/2 protocol was not - actually used. This commit makes it work again although I suspect the - root cause (reinterpreting session handle data of incompatible protocol) - still has to be fixed. Otherwise the same will happen when mixing FTP - and HTTP/2 connections and exceeding the connection cache limit. +- test556: Fixed compilation warning - Reported-by: Tomas Tomecek - Bug: https://bugzilla.redhat.com/1248389 - -Daniel Stenberg (30 Jul 2015) -- [Viktor Szakats brought this change] - - ABI doc: use secure URL + lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may + alter its value -- ABI: remove the ascii logo - - and made the indent level to 1 +- sasl_gssapi: Fixed use of dummy username with real username -- libcurl-multi.3: mention curl_multi_wait +- vtls: Fixed compilation warning and an ignored return code - ... and some general rewordings to improve this docs. + curl_schannel.h:123: warning: right-hand operand of comma expression + has no effect - Reported-by: Tim Stack + Some instances of the curlssl_close_all() function were declared with a + void return type whilst others as int. The schannel version returned + CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the + return code was ignored by the calling function Curl_ssl_close_all(). - Closes #356 - -Steve Holme (30 Jul 2015) -- maketgz: Fixed some VC makefiles missing from the release tarball + For the time being and to keep the internal API consistent, changed all + declarations to use a void return type. - VC7, VC11, VC12 and VC14 makefiles were missing from the release - tarball. - -- RELEASE-NOTES: Synced with 2d7e165761 + To reduce code we might want to consider removing the unimplemented + versions and use a void #define like schannel does. -- build: Added VC14 project files to Makefile.am +Daniel Stenberg (28 Dec 2014) +- TODO: 2.3 Better support for same name resolves -- build: Added VC14 project files +Steve Holme (28 Dec 2014) +- test1520: Fixed initial teething problems - Updates to Makefile.am for the generation of the project files in - the tarball to follow. + * Missing initialisation of upload status caused a seg fault + * Missing data termination caused corrupt data to be uploaded + * Data verification should be performed in element + * Added missing recipient list cleanup -Jay Satiro (29 Jul 2015) -- libcurl-thread.3: Clarify CURLOPT_NOSIGNAL takes long value 1L +- test1520: Fixed compilation errors -Steve Holme (28 Jul 2015) -- generate.bat: Use lower-case for commands and reserved keywords - - Whilst there are no coding standards for the batch files used in curl, - most tend to use lower-case for keywords and upper-case for variables. +- tests: Added test for bug #1456 -- build: Added initial VC14 support to generate.bat - - Visual Studio project files and updates to makefile.am to follow. +- checksrc.bat: Fixed a problem opening files with spaces in the filename -- build: Fixed missing .opensdf files from VC10+ .gitignore files +- openldap: Prefer use of 'CURLcode result' -- build: Use $(ProjectName) macro for curl.exe and curld.exe filenames +- openldap: Use 'LDAPMessage *msg' for messages - This wasn't possible with the old curlsrc project filenames, but like - commit 2a615a2b64 and 11397eb6dd for libcurl use the built in Visual - Studio macros for the output filenames. + This frees up the 'result' variable for CURLcode based result codes. -- build: Renamed curl src Visual Studio project files - - Following commit 957fcd9049 and in preparation for adding the VC14 - project files renamed the curl source project files. +- nss: Don't ignore Curl_extract_certinfo() OOM failure -Daniel Stenberg (28 Jul 2015) -- [Jay Satiro brought this change] +- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure - libcurl-thread.3: Revert to stricter handle wording +- nss: Use 'CURLcode result' for curl result codes - .. also update formatting and add WinSSL and wolfSSL to the SSL/TLS - handlers list. - -- [Jay Satiro brought this change] + ...and don't use CURLE_OK in failure/success comparisons. - libcurl-thread.3: Consolidate thread safety info - - This is a new document to consolidate our thread safety information from - several documents (curl-www:features, libcurl.3, libcurl-tutorial.3). - Each document's section on multi-threading will now point to this one. +- getinfo: Code style policing -Steve Holme (27 Jul 2015) -- README: Corrected formatting for 'Legacy Windows and SSL' section - - ...as well as some wording. +- getinfo: Use 'CURLcode result' for curl result codes -- build-openssl.bat: Added support for VC14 +- darwinssl: Use 'CURLcode result' for curl result codes -Daniel Stenberg (26 Jul 2015) -- RELEASE-NOTES: synced with 0f645adc95390e8 +- polarssl: Use 'CURLcode result' for curl result codes -- test1902: attempt to make the test more reliable +- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries - Closes #355 - -- comment: fix comment about adding new option support - -Jay Satiro (25 Jul 2015) -- build-openssl.bat: Show syntax if required args are missing + As this feature has been implemented for 7.40.0. -Daniel Stenberg (26 Jul 2015) -- TODO: improve how curl works in a windows console window +- asiohiper.cpp: No need to initialise members of ConnInfo - Closes #322 for now + ...as calloc() automatically clears the area of memory with zeros. -- 1.11 minimize dependencies with dynamicly loaded modules +- asiohiper.cpp: Updated for curl coding standards - Closes #349 for now + ...with the exception of the start of block statement curly brackets. -Jay Satiro (25 Jul 2015) -- tool_operate: Fix CURLOPT_SSL_OPTIONS for builds without HTTPS +- code/docs: Use correct case for IPv4 and IPv6 - - Set CURLOPT_SSL_OPTIONS only if the tool enabled an SSL option. + For consistency, as we seem to have a bit of a mixed bag, changed all + instances of ipv4 and ipv6 in comments and documentations to use the + correct case. + +- runtests: Fixed detection of Unix Sockets feature - Broken by me several days ago in 172b2be. - https://github.com/bagder/curl/commit/172b2be#diff-70b44ee478e58d4e1ddcf9c9a73d257b + ...following change in curl --version output. + +- code/docs: Use Unix rather than UNIX to avoid use of the trademark - Bug: http://curl.haxx.se/mail/lib-2015-07/0119.html - Reported-by: Dan Fandrich + Use Unix when generically writing about Unix based systems as UNIX is + the trademark and should only be used in a particular product's name. -Daniel Stenberg (25 Jul 2015) -- configure: check if OpenSSL linking wants -ldl +- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported - To make it easier to link with static versions of OpenSSL, the configure - script now checks if -ldl is needed for linking. + if2ip.c:119: warning: unused parameter 'remote_scope_id' - Help-by: TJ Saunders - -- [Michael Kaufmann brought this change] + ...and some minor code style policing in the same function. - HTTP: ignore "Content-Encoding: compress" +- vtls: Don't set cert info count until memory allocation is successful - Currently, libcurl rejects responses with "Content-Encoding: compress" - when CURLOPT_ACCEPT_ENCODING is set to "". I think that libcurl should - treat the Content-Encoding "compress" the same as other - Content-Encodings that it does not support, e.g. "bzip2". That means - just ignoring it. - -- [Marcel Raad brought this change] + Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs + member variable to the requested count, which could then be used + incorrectly as libcurl closes down. - openssl: work around MSVC warning +- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type - MSVC 12 complains: + The return type for this function was 0 on success and 1 on error. This + was then examined by the calling functions and, in most cases, used to + return CURLE_OUT_OF_MEMORY. - lib\vtls\openssl.c(1554): warning C4701: potentially uninitialized local - variable 'verstr' used It's a false positive, but as it's normally not, - I have enabled warning-as-error for that warning. - -- [Michał Fita brought this change] + Instead use CURLcode for the return type and return the out of memory + error directly, propagating it up the call stack. - configure: add --disable-rt option - - This option disables any attempts in configure to create dependency on - stuff requiring linking to librt.so and libpthread.so, in this case this - means clock_gettime(CLOCK_MONOTONIC, &mt). +- configure: Use camel case for UNIX sockets feature output - We were in need to build curl which doesn't link libpthread.so to avoid - the following bug: - https://sourceware.org/bugzilla/show_bug.cgi?id=16628. + To match the curl --version output. -Kamil Dudka (23 Jul 2015) -- http2: verify success of strchr() in http2_send() +Marc Hoersken (26 Dec 2014) +- sockfilt.c: Reduce the number of individual memory allocations - Detected by Coverity. + Merge multiple internal arrays into one, even if some variables + will not not be used. They are all created with the number of + file descriptors as their size. - Error: NULL_RETURNS: - lib/http2.c:1301: returned_null: "strchr" returns null (checked 103 out of 109 times). - lib/http2.c:1301: var_assigned: Assigning: "hdbuf" = null return value from "strchr". - lib/http2.c:1302: dereference: Incrementing a pointer which might be null: "hdbuf". - 1300| - 1301| hdbuf = strchr(hdbuf, 0x0a); - 1302|-> ++hdbuf; - 1303| - 1304| authority_idx = 0; + Also fix possible thread handle leak in CloseHandle-loop. -Jay Satiro (22 Jul 2015) -- Windows: Fix VerifyVersionInfo calls - - - Fix the VerifyVersionInfo calls, which we use to test for the OS major - version, to also test for the minor version as well as the service pack - major and minor versions. +- sockfilt.c: Replace 100ms sleep with thread throttle - MSDN: "If you are testing the major version, you must also test the - minor version and the service pack major and minor versions." + Improves performance of test cases 574 and 575 by 50%. - https://msdn.microsoft.com/en-us/library/windows/desktop/ms725492.aspx + A value of zero causes the thread to relinquish the remainder + of its time slice to any other thread of equal priority that is + ready to run. If there are no other threads of equal priority + ready to run, the function returns immediately, and the thread + continues execution. - Bug: https://github.com/bagder/curl/pull/353#issuecomment-123493098 - Reported-by: Marcel Raad + http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx -- [Marcel Raad brought this change] +Steve Holme (25 Dec 2014) +- tool_help: Use camel case for UNIX sockets feature output + + In line with the other features listed in the --version output, + capitalise the UNIX socket feature. - schannel: Replace deprecated GetVersion with VerifyVersionInfo +- vtls: Use bool for Curl_ssl_getsessionid() return type + + The return type of this function is a boolean value, and even uses a + bool internally, so use bool in the function declaration as well as + the variables that store the return value, to avoid any confusion. -Steve Holme (21 Jul 2015) -- makefile: Added support for VC14 +- schannel: Minor code style policing for casts -Patrick Monnerat (21 Jul 2015) -- os400: ebcdic wrappers for new functions. Upgrade ILE/RPG bindings. +- schannel: Prefer 'CURLcode result' for curl result codes -- libcurl: VERSIONINFO update - Addition of new procedures curl_pushheader_bynum and curl_pushheader_byname - requires VERSIONINFO updating. +- cyassl: Prefer 'CURLcode result' for curl result codes -- http2: satisfy external references even if http2 is not compiled in. +- tool_xattr: Use 'CURLcode result' for curl result codes -Daniel Stenberg (20 Jul 2015) -- http2: add stream != NULL checks for reliability +- curl_ntlm_core.c: Fixed compilation warnings - They should not trigger, but in case of internal problems we at least - avoid crashes this way. + curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of + 'CryptImportKey' differ in signedness + curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from + incompatible pointer type + curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' + from incompatible pointer type + +- RELEASE-NOTES: Synced with 8830df8b66 -Jay Satiro (18 Jul 2015) -- symbols-in-versions: Add new CURLSSLOPT_NO_REVOKE symbol +- gtls: Use preferred 'CURLcode result' -- SSL: Add an option to disable certificate revocation checks - - New tool option --ssl-no-revoke. - New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS. +- openldap: Use standard naming for setup connection function - Currently this option applies only to WinSSL where we have automatic - certificate revocation checking by default. According to the - ssl-compared chart there are other backends that have automatic checking - (NSS, wolfSSL and DarwinSSL) so we could possibly accommodate them at - some later point. + Renamed ldap_setup() to ldap_setup_connection() to follow more widely + used function naming. + +- rtmp: Use standard naming for setup connection function - Bug: https://github.com/bagder/curl/issues/264 - Reported-by: zenden2k + Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely + used function naming. -- runtests: Allow for spaces in curl custom path +- smb: Use standard naming for setup connection function - .. also fix some typos in test's FILEFORMAT spec. + Renamed smb_setup() to smb_setup_connection() to follow more widely + used function naming. -- [David Woodhouse brought this change] +- config-win32.h: Fixed line length > 79 columns - ntlm_wb: Fix theoretical memory leak - - Static analysis indicated that my commit 9008f3d564 ("ntlm_wb: Fix - hard-coded limit on NTLM auth packet size") introduced a potential - memory leak on an error path, because we forget to free the buffer - before returning an error. - - Fix this. - - Although actually, it never happens in practice because we never *get* - here with state == NTLMSTATE_TYPE1. The state is always zero. That - might want cleaning up in a separate patch. - - Reported-by: Terri Oda +- openssl: Prefer we don't use NULL in comparisons -- strerror: Add CRYPT_E_REVOKED to SSPI error strings +- build: Removed WIN32 definition from the Visual Studio projects + + As this pre-processor definition is defined in curl_setup.h there is no + need to include it in the Visual Studio project files. -Kamil Dudka (14 Jul 2015) -- libtest: call PR_Cleanup() on exit if NSPR is used +- build: Removed WIN64 definition from the libcurl Visual Studio projects - This prevents valgrind from reporting possibly lost memory that NSPR - uses for file descriptor cache and other globally allocated internal - data structures. + Removed the WIN64 pre-processor definition from the libcurl project + files as: - Reported-by: Å tefan Kremeň - -Jay Satiro (14 Jul 2015) -- [John Malmberg brought this change] - - openssl: VMS support for SHA256 + * WIN64 is not used in our source code + * The curl projects files don't define it + * It isn't required by or used in the platform SDK + * For backwards compatability curl_setup.h defines WIN32 + * The compiler automatically defines _WIN64 for x64 builds - setup-vms.h: More symbols for SHA256, hacks for older VAX + Historically Visual Studio projects have defined WIN32, in addition to + the compiler defined _WIN32 definition, and I had incorrectly changed + that to WIN64 for the x64 libcurl builds but not in the curl projects. - openssl.h: Use OpenSSL OPENSSL_NO_SHA256 macro to allow building on VAX. + As such, it is questionable whether this should be defined or not. For + more information see the following cache of a discussion that took + place on the microsoft.public.vc.mfc newsgroup: - openssl.c: Use OpenSSL version checks and OPENSSL_NO_SHA256 macro to - allow building on VAX and 64 bit VMS. - -- examples: Fix typo in multi-single.c - -Daniel Stenberg (7 Jul 2015) -- [Tatsuhiro Tsujikawa brought this change] + http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html - http2: Fix memory leak in push header array +- openssl.c Fix for compilation errors with older versions of OpenSSL + + openssl.c:1408: error: 'TLS1_1_VERSION' undeclared + openssl.c:1411: error: 'TLS1_2_VERSION' undeclared -Dan Fandrich (2 Jul 2015) -- test2041: fixed line endings in protocol part +Daniel Stenberg (22 Dec 2014) +- [John Malmberg brought this change] -- cyassl: fixed mismatched sha256sum function prototype + Fix comment edit in vms/backup_gnv_curl_src.com + + packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. -Daniel Stenberg (1 Jul 2015) -- [moparisthebest brought this change] +- curl: show size of inhibited data when using -v + + To offer some more info and yet it doesn't use more lines. - SSL: Pinned public key hash support +- openssl: fix SSL/TLS versions in verbose output -- examples: provide sections +- openssl: make it compile against openssl 1.1.0-DEV master branch -- [John Malmberg brought this change] +Marc Hoersken (22 Dec 2014) +- sshserver.pl: clarify and streamline variable names - OpenVMS: VMS Software, Inc now the supplier. - - setup-vms.h: Symbol case fixups submitted by Michael Steve +Daniel Stenberg (21 Dec 2014) +- openssl: warn for SRP set if SSLv3 is used, not for TLS version - build_gnv_curl_pcsi_desc.com: VSI aka as VMS Software, is now the - supplier of new versions of VMS. The install kit needs to accept - VSI as a producer. + ... as it requires TLS and it was was left to warn on the default from + when default was SSL... -Jay Satiro (30 Jun 2015) -- multi: Move http2 push function declarations to header end - - This change necessary for binary compatibility. +- smb: use memcpy() instead of strncpy() - Prior to this change test 1135 failed due to the order of functions. - -- symbols-in-versions: Add new http2 push symbols + ... as it never copies the trailing zero anyway and always just the four + bytes so let's not mislead anyone into thinking it is actually treated + as a string. - Prior to this change test 1119 failed due to the missing symbols. + Coverity CID: 1260214 -Daniel Stenberg (30 Jun 2015) -- RELEASE-NOTES: synced with e6749055d653 +- [John E. Malmberg brought this change] -- configure: disable libidn by default + VMS: Updates for 0740-0D1220 - For security reasons, until there is a fix. + lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. + More defines to set symbols to uppercase. - Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html - Reported-by: Gustavo Grieco, Feist Josselin - -- SSL-PROBLEMS: mention WinSSL problems in WinXP - -- CODE_OF_CONDUCT.md: added + src/tool_main.c : Fix parameter to vms_special_exit() call. - Just to underscore how we treat each other in this project. Nothing new - really, but could be useful for newcomers and outsiders to see our - values. - -- tool_header_cb: fflush the header stream + packages/vms/ : + backup_gnv_curl_src.com : Fix the error message to have the correct package. - Flush the header stream when -D is used so that they are sent off - earlier. + build_curl-config_script.com : Rewrite to be more accurate. - Bug: https://github.com/bagder/curl/issues/324 - Reported-by: Cédric Connes - -- [Roger Leigh brought this change] - - tests: Distribute CMakeLists.txt files in subdirectories - -- CURLOPT_FAILONERROR.3: mention that it closes the connection + build_libcurl_pc.com : Use tool_version.h now. - Reported-by: bemoody - Bug: https://github.com/bagder/curl/issues/325 - -- curl_multi_setopt.3: alpha sort the options - -- curl_multi_setopt.3: add the new push options - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Use nghttp2 library error code for error return value - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Harden header validation for curl_pushheader_byname + build_vms.com : Fix to handle lib/vtls directory. - Since we do prefix match using given header by application code - against header name pair in format "NAME:VALUE", and VALUE part can - contain ":", we have to careful about existence of ":" in header - parameter. ":" should be allowed to match HTTP/2 pseudo-header field, - and other use of ":" in header must be treated as error, and - curl_pushheader_byname should return NULL. This commit implements - this behaviour. - -- [Tatsuhiro Tsujikawa brought this change] - - CURLMOPT_PUSHFUNCTION.3: Remove unused variable - -- CURLMOPT_PUSHFUNCTION.3: added example - -- http2: curl_pushheader_byname now takes a const char * - -- http2-serverpush.c: example code - -- http2: free all header memory after the push callback - -- http2: init the pushed transfer properly - -- http2: fixed the header accessor functions for the push callback - -- http2: setup the new pushed stream properly - -- http2: initial implementation of the push callback - -- http2: initial HTTP/2 server push types/docs - -- test1531: verify POSTFIELDSIZE set after add_handle + curl_gnv_build_steps.txt : Updated build procedure documentation. - Following the fix made in 903b6e05565bf. - -- pretransfer: init state.infilesize here, not in add_handle + generate_config_vms_h_curl.com : + * VAX does not support 64 bit ints, so no NTLM support for now. + * VAX HP SSL port is ancient, needs some help. + * Disable NGHTTP2 for now, not ported to VMS. + * Disable UNIX_SOCKETS, not available on VMS yet. + * HP GSSAPI port does not have gss_nt_service_name. - ... to properly support that options are set to the handle after it is - added to the multi handle. + gnv_link_curl.com : Update for new curl structure. - Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html - Reported-by: Stefan Bühler - -Jay Satiro (21 Jun 2015) -- [Lior Kaplan brought this change] + pcsi_product_gnv_curl.com : Set up to optionally do a complete build. - tool_help: fix --tlsv1 help text to use >= for TLSv1 +Marc Hoersken (21 Dec 2014) +- sockfilt.c: use non-Ex functions that are available before WinXP + + It was initially reported by Guenter that GetFileSizeEx + requires (_WIN32_WINNT >= 0x0500) to be true. -- INSTALL: Advise use of non-native SSL for Windows <= XP +- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files - Advise that WinSSL in versions <= XP will not be able to connect to - servers that no longer support the legacy handshakes and algorithms used - by those versions, and to use an alternate backend like OpenSSL instead. + Second patch to enable Windows support using Cygwin-based OpenSSH. - Bug: https://github.com/bagder/curl/issues/253 - Reported-by: zenden2k + Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. -Kamil Dudka (19 Jun 2015) -- curl_easy_setopt.3: restore contents removed by mistake +- tests: support spaces in paths to SSH, SSHD and SFTP binaries - ... in commit curl-7_43_0-18-g570076e - -Daniel Stenberg (19 Jun 2015) -- curl_easy_setopt.3: mention CURLOPT_PIPEWAIT + First patch to enable Windows support using Cygwin-based OpenSSH. -Jay Satiro (18 Jun 2015) -- cookie: Fix bug in export if any-domain cookie is present +Steve Holme (20 Dec 2014) +- non-ascii: Reduce variable usage - In 3013bb6 I had changed cookie export to ignore any-domain cookies, - however the logic I used to do so was incorrect, and would lead to a - busy loop in the case of exporting a cookie list that contained - any-domain cookies. The result of that is worse though, because in that - case the other cookies would not be written resulting in an empty file - once the application is terminated to stop the busy loop. - -Dan Fandrich (18 Jun 2015) -- FTP: fixed compiling with --disable-proxy, broken in b88f980a + Removed 'next' variable in Curl_convert_form(). Rather than setting it + from 'form->next' and using that to set 'form' after the conversion + just use 'form = form->next' instead. -Daniel Stenberg (18 Jun 2015) -- tool: always provide negotiate/kerberos options +- non-ascii: Prefer while loop rather than a do loop - libcurl can still be built with it, even if the tool is not. Maintain - independence! - -- TODO: Support IDNA2008 - -- [Viktor Szakats brought this change] + This also removes the need to check that the 'form' argument is valid. - Makefile.m32: add support for CURL_LDFLAG_EXTRAS +- non-ascii: Reduce variable scope - It is similar to existing CURL_CFLAG_EXTRAS, but for - extra linker option. + As 'result' isn't used out side the conversion callback code and + previously caused variable shadowing in the libiconv based code. -- RTSP: removed another piece of dead code +- non-ascii: We prefer 'CURLcode result' - Coverity CID 1306668 + This also fixes a variable shadowing issue when HAVE_ICONV is defined + as rc was declared for the result code of libiconv based functions. -- openssl: fix use of uninitialized buffer - - Make sure that the error buffer is always initialized and simplify the - use of it to make the logic easier. +Marc Hoersken (19 Dec 2014) +- secureserver.pl: clean up formatting of config and fix verbose output - Bug: https://github.com/bagder/curl/issues/318 - Reported-by: sneis + Verbose output was not matching the actual configuration file, + because FIPS and Windows conditions were ignored. -- examples: more descriptions +- secureserver.pl: update Windows detection and fix path conversion -- examples: add descriptions with +- secureserver.pl: make OpenSSL CApath and cert absolute path values - Using this fixed format for example descriptions, we can generate a - better list on the web site. + Recent stunnel versions (5.08) seem to have trouble with relative + paths on Windows. This turns the relative paths into absolute ones. + +Patrick Monnerat (18 Dec 2014) +- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. -- libcurl-errors.3: fix typo +- [Kyle J. McKay brought this change] -- curl_easy_setopt.3: option order doesn't matter + parseurlandfillconn(): fix improper non-numeric scope_id stripping. + Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ -- openssl: fix build with BoringSSL +- IPV6: address scope != scope id + There was a confusion between these: this commit tries to disambiguate them. + - Scope can be computed from the address itself. + - Scope id is scope dependent: it is currently defined as 1-based local + interface index for link-local scoped addresses, and as a site index(?) for + (obsolete) site-local addresses. Linux only supports it for link-local + addresses. + The URL parser properly parses a scope id as an interface index, but stores it + in a field named "scope": confusion. The field has been renamed into "scope_id". + Curl_if2ip() used the scope id as it was a scope. This caused failures + to bind to an interface. + Scope is now computed from the addresses and Curl_if2ip() matches them. + If redundantly specified in the URL, scope id is check for mismatch with + the interface index. - OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression - from cae43a1 + This commit should fix SF bug #1451. -- [Paul Howarth brought this change] +- connect: singleipconnect(): properly try other address families after failure - openssl: Fix build with openssl < ~ 0.9.8f +Daniel Stenberg (16 Dec 2014) +- SFTP: work-around servers that return zero size on STAT - The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at - around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks - builds with older openssls (certainly with 0.9.8b, which is the latest - older version I have to try with). + Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html + Pathed-by: Marc Renault -- FTP: do the HTTP CONNECT for data connection blocking - - ** WORK-AROUND ** - - The introduced non-blocking general behaviour for Curl_proxyCONNECT() - didn't work for the data connection establishment unless it was very - fast. The newly introduced function argument makes it operate in a more - blocking manner, more like it used to work in the past. This blocking - approach is only used when the FTP data connecting through HTTP proxy. - - Blocking like this is bad. A better fix would make it work more - asynchronously. +- glob_next_url: make the loop count upwards - Bug: https://github.com/bagder/curl/issues/278 - -- bump: start the journey toward 7.44.0 - -Jay Satiro (17 Jun 2015) -- CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes + As the former contruct apparently caused a compiler warning, mentioned + in d8efde07e556c. -- CURLOPT_ERRORBUFFER.3: Improve example +- tool_operate: we prefer 'CURLcode result' -Version 7.43.0 (17 Jun 2015) +- tool_urlglob: unify return codes to use CURLcode + + There was a mix of GlobCode, CURLcode and ints and they were mostly + passing around CURLcode errors. This change makes the functions use only + CURLcode and removes the GlobCode type completely. -Daniel Stenberg (17 Jun 2015) -- RELEASE-NOTES: 7.43.0 release +- tool_urlglob.c: partly reverse dc19789444 + + The loop in glob_next_url() needs to be done backwards to maintain the + logic. dc19789444 caused test 1235 to fail. -- THANKS: updated with 7.43.0 names +- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME -- [Kamil Dudka brought this change] +- [Jay Satiro brought this change] - http: do not leak basic auth credentials on re-used connections - - CVE-2015-3236 + opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS - This partially reverts commit curl-7_39_0-237-g87c4abb + Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and + CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one + that will be used. - Reported-by: Tomas Tomecek, Kamil Dudka - Bug: http://curl.haxx.se/docs/adv_20150617A.html + Prior to this change that behavior was only noted in the + CURLOPT_TIMEOUT_MS doc. -- [Kamil Dudka brought this change] +Nick Zitzmann (15 Dec 2014) +- darwinssl: fix incorrect usage of aprintf() + + Commit b13923f changed an snprintf() to use aprintf(), but the API usage + wasn't correct, and was causing a crash to occur. This fixes it. - test2040: verify basic auth on re-used connections +Steve Holme (14 Dec 2014) +- copyright: Updated the copyright year following recent updates -- SMB: rangecheck values read off incoming packet - - CVE-2015-3237 - - Detected by Coverity. CID 1299430. +Daniel Stenberg (14 Dec 2014) +- tool_urlglob.c: reverse two loops - Bug: http://curl.haxx.se/docs/adv_20150617B.html + By counting from 0 and up instead of backwards like before, we remove + the need for the "funny" check of the unsigned variable when decreased + passed zero. Easier to read and less risk for compiler warnings. -Jay Satiro (17 Jun 2015) -- schannel: schannel_recv overhaul - - This commit is several drafts squashed together. The changes from each - draft are noted below. If any changes are similar and possibly - contradictory the change in the latest draft takes precedence. - - Bug: https://github.com/bagder/curl/issues/244 - Reported-by: Chris Araman - - %% - %% Draft 1 - %% - - return 0 if len == 0. that will have to be documented. - - continue on and process the caches regardless of raw recv - - if decrypted data will be returned then set the error code to CURLE_OK - and return its count - - if decrypted data will not be returned and the connection has closed - (eg nread == 0) then return 0 and CURLE_OK - - if decrypted data will not be returned and the connection *hasn't* - closed then set the error code to CURLE_AGAIN --only if an error code - isn't already set-- and return -1 - - narrow the Win2k workaround to only Win2k - - %% - %% Draft 2 - %% - - Trying out a change in flow to handle corner cases. - - %% - %% Draft 3 - %% - - Back out the lazier decryption change made in draft2. - - %% - %% Draft 4 - %% - - Some formatting and branching changes - - Decrypt all encrypted cached data when len == 0 - - Save connection closed state - - Change special Win2k check to use connection closed state - - %% - %% Draft 5 - %% - - Default to CURLE_AGAIN in cleanup if an error code wasn't set and the - connection isn't closed. - - %% - %% Draft 6 - %% - - Save the last error only if it is an unrecoverable error. - - Prior to this I saved the last error state in all cases; unfortunately - the logic to cover that in all cases would lead to some muddle and I'm - concerned that could then lead to a bug in the future so I've replaced - it by only recording an unrecoverable error and that state will persist. - - - Do not recurse on renegotiation. - - Instead we'll continue on to process any trailing encrypted data - received during the renegotiation only. +Marc Hoersken (14 Dec 2014) +- tool_urlglob.c: Added braces to clarify the conditions + +- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop - - Move the err checks in cleanup after the check for decrypted data. + The >= 0 is actually not required, since i underflows and + the for-loop is stopped using the < condition, but this + makes the VS2012 compiler and code analysis happy. + +- tool_binmode.c: Explicitly ignore the return code of setmode - In either case decrypted data is always returned but I think it's easier - to understand when those err checks come after the decrypted data check. + Fixes code analysis warning C6031: + return value ignored: could return unexpected value + +- lib: Fixed multiple code analysis warnings if SAL are available - %% - %% Draft 7 - %% - - Regardless of len value go directly to cleanup if there is an - unrecoverable error or a close_notify was already received. Prior to - this change we only acknowledged those two states if len != 0. + warning C28252: Inconsistent annotation for function: + parameter has another annotation on this instance + +Steve Holme (14 Dec 2014) +- smb.c: Fixed code analysis warning - - Fix a bug in connection closed behavior: Set the error state in the - cleanup, because we don't know for sure it's an error until that time. + smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, + then cast to 64-bit value. Result may not be an expected + value + +Marc Hoersken (14 Dec 2014) +- tool_util.c: Use GetTickCount64 if it is available + +Steve Holme (14 Dec 2014) +- smb: Use HAVE_PROCESS_H for process.h inclusion - - (Related to above) In the case the connection is closed go "greedy" - with the decryption to make sure all remaining encrypted data has been - decrypted even if it is not needed at that time by the caller. This is - necessary because we can only tell if the connection closed gracefully - (close_notify) once all encrypted data has been decrypted. + Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H + pre-processor define when including process.h. + +Daniel Stenberg (14 Dec 2014) +- darwinssl: aprintf() to allocate the session key - - Do not renegotiate when an unrecoverable error is pending. + ... to avoid using a fixed memory size that risks being too large or too + small. + +Marc Hoersken (14 Dec 2014) +- curl_schannel: Improvements to memory re-allocation strategy - %% - %% Draft 8 - %% - - Don't show 'server closed the connection' info message twice. + - do not grow memory by doubling its size + - do not leak previously allocated memory if reallocation fails + - replace while-loop with a single check to make sure + that the requested amount of data fits into the buffer - - Show an info message if server closed abruptly (missing close_notify). + Bug: http://curl.haxx.se/bug/view.cgi?id=1450 + Reported-by: Warren Menzer -Daniel Stenberg (16 Jun 2015) -- [Paul Oliver brought this change] +Steve Holme (14 Dec 2014) +- asyn-ares: We prefer use of 'CURLcode result' - Fix typo in docs - - s/curret/current/ +Marc Hoersken (14 Dec 2014) +- curl_schannel.c: Data may be available before connection shutdown -- [Viktor Szakats brought this change] +Steve Holme (14 Dec 2014) +- http2: Use 'CURLcode result' for curl result codes - docs: update URLs +- asyn-thread: We prefer 'CURLcode result' -- RELEASE-NOTES: synced with f29f2cbd00dbe5f +- smb: Fixed unnecessary initialisation of struct member variables + + There is no need to set the 'state' and 'result' member variables to + SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() + as calloc() initialises the contents to zero. -- [Viktor Szakats brought this change] +- ntlm: Fixed return code for bad type-2 Target Info + + Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security + buffers just like we do for bad decodes. - README: use secure protocol for Git repository +- ntlm: Remove unnecessary casts in readshort_le() + + I don't think both of my fix ups from yesterday were needed to fix the + compilation warning, so remove the one that I think is unnecessary and + let the next Android autobuild prove/disprove it. -- [Viktor Szakats brought this change] +- curl_ntlm_msgs.c: Another attempt to fix compilation warning + + curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from + 'int' may alter its value - HTTP2.md: use SSL/TLS IETF URLs +Guenter Knauf (13 Dec 2014) +- synctime.c: added own user-agent string. -- [Viktor Szakats brought this change] +Steve Holme (13 Dec 2014) +- smb.c: Fixed line longer than 79 columns - LICENSE-MIXING: update URLs +- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 - * use SSL/TLS where available - * follow permanent redirects - -- LICENSE-MIXING: refreshed + curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from + 'int' may alter its value -- curl_easy_duphandle: see also *reset +Guenter Knauf (13 Dec 2014) +- mk-ca-bundle.pl: restored forced run again. -- rtsp_do: fix DEAD CODE +- synctime.c: removed another timeserver URL. - "At condition p_request, the value of p_request cannot be NULL." + worldtimeserver.com seems also no longer available. + +- synctime.c: fixed timeserver URLs. - Coverity CID 1306668. + For getting the date header its not necessary to access special + pages or even CGI scripts - all pages including the main index + reply with the date header, therefore shortened URLs to domain. + Removed worldtime.com; added pool.ntp.org. -- security:choose_mech fix DEAD CODE warning +Steve Holme (13 Dec 2014) +- ftp.c: Fixed compilation warning when no verbose string support - ... by removing the "do {} while (0)" block. + ftp.c:819: warning: unused parameter 'lineno' + +- smb: Added state change functions to assist with debugging - Coverity CID 1306669 + For debugging purposes, and as per other protocols within curl, added + state change functions rather than changing the states directly. + +- ntlm: Use short integer when decoding 16-bit values -- curl.1: netrc is in man section 5 +- RELEASE-NOTES: Synced with 6291a16b20 -- curl.1: small format fix +- smtp.c: Fixed compilation warnings - use \fI-style instead of .BR for references + smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string + does not append to the string + + Used array index notation instead. -- urldata: store POST size in state.infilesize too +- smb: Disable SMB when 64-bit integers are not supported - ... to simplify checking when PUT _or_ POST have completed. + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64. + +- ntlm: Disable NTLM v2 when 64-bit integers are not supported - Reported-by: Frank Meier - Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html + This fixes compilation issues with compilers that don't support 64-bit + integers through long long or __int64 which was introduced in commit + 07b66cbfa4. -Dan Fandrich (14 Jun 2015) -- test1530: added http to required features +- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined + + Previously USE_NTLM2SESSION would only be defined automatically when + USE_NTRESPONSES wasn't already defined. Separated the two definitions + so that the user can manually set USE_NTRESPONSES themselves but + USE_NTLM2SESSION is defined automatically if they don't define it. -Jay Satiro (14 Jun 2015) -- [Drake Arconis brought this change] +- smtp.c: Fixed line longer than 79 columns - build: Fix typo from OpenSSL 1.0.2 version detection fix +- config-win32.h: Don't enable Windows Crypt API if using OpenSSL + + As the OpenSSL and NSS Crypto engines are prefered by the core NTLM + routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT + automatically when either OpenSSL or NSS are in use - doing so would + disable NTLM2Session responses in NTLM type-3 messages. -- [Drake Arconis brought this change] +- smtp: Fixed inappropriate free of the scratch buffer + + If the scratch buffer was allocated in a previous call to + Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent + call and no action taken by that call, then an attempt would be made to + try and free the buffer which, by now, would be part of the data->state + structure. + + This bug was introduced in commit 4bd860a001. - build: Properly detect OpenSSL 1.0.2 when using configure +- smtp: Fixed dot stuffing when EOL characters were at end of input buffers + + Fixed a problem with the CRLF. detection when multiple buffers were + used to upload an email to libcurl and the line ending character(s) + appeared at the end of each buffer. This meant any lines which started + with . would not be escaped into .. and could be interpreted as the end + of transmission string instead. + + This only affected libcurl based applications that used a read function + and wasn't reproducible with the curl command-line tool. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1456 + Assisted-by: Patrick Monnerat -- curl_multi_info_read.3: fix example formatting +Daniel Stenberg (11 Dec 2014) +- telnet: fix "cast increases required alignment of target type" -Daniel Stenberg (13 Jun 2015) -- BINDINGS: there's a new R binding in town! +- ntlm_wb_response: fix "statement not reached" + + ... and I could use a break instead of a goto to end the loop. + + Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html + Reported-by: Tor Arntsen -- BINDINGS: added the Xojo binding +Steve Holme (10 Dec 2014) +- RELEASE-NOTES: Synced with 1cc5194337 + + Added some bug fixes that I had missed in previous synchronisations. -Jay Satiro (11 Jun 2015) -- [Joel Depooter brought this change] +Daniel Stenberg (10 Dec 2014) +- Curl_unix2addr: avoid using the variable name 'sun' + + I suspect this causes compile failures on Solaris: + + Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html - schannel: Add support for optional client certificates +Steve Holme (10 Dec 2014) +- url.c: Fixed compilation warning when USE_NTLM is not defined - Some servers will request a client certificate, but not require one. - This change allows libcurl to connect to such servers when using - schannel as its ssl/tls backend. When a server requests a client - certificate, libcurl will now continue the handshake without one, - rather than terminating the handshake. The server can then decide - if that is acceptable or not. Prior to this change, libcurl would - terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS - error. + url.c:3078: warning: variable 'credentialsMatch' set but not used -Daniel Stenberg (11 Jun 2015) -- curl_easy_cleanup.3: provide more SEE ALSO +- parsedate.c: Fixed compilation warning + + parsedate.c:548: warning: 'parsed' may be used uninitialized in this + function + + As curl_getdate() returns -1 when parsedate() fails we can initialise + parsed to -1. -- debug: remove http2 debug leftovers +Daniel Stenberg (10 Dec 2014) +- TODO: Cache negative name resolves + + Worth exploring -- VERSIONS: now using markdown +- ldap: check Curl_client_write() return codes + + There might be one or two memory leaks left in the error paths. -- RELEASE-PROCEDURE: remove ascii logo at the top of file +- ldap: rename variables to comply to curl standards -- INTERNALS: absorbed docs/LIBCURL-STRUCTS +Dan Fandrich (10 Dec 2014) +- sws.c: Fixed 'rc' may be used uninitialized warning -- INTERNALS: cat lib/README* >> INTERNALS - - and a conversion to markdown. Removed the lib/README.* files. The idea - being to move toward having INTERNALS as the one and only "book" of - internals documentation. +- cookies: Improved OOM handling in cookies - Added a TOC to top of the document. + This fixes the test 506 torture test. The internal cookie API really + ought to be improved to separate cookie parsing errors (which may be + ignored) with OOM errors (which should be fatal). -Jay Satiro (8 Jun 2015) -- openssl: LibreSSL and BoringSSL do not use TLS_client_method - - Although OpenSSL 1.1.0+ deprecated SSLv23_client_method in favor of - TLS_client_method LibreSSL and BoringSSL didn't and still use - SSLv23_client_method. +Guenter Knauf (9 Dec 2014) +- synctime.c: fixed user-agent setting. - Bug: https://github.com/bagder/curl/commit/49a6642#commitcomment-11578009 - Reported-by: asavah@users.noreply.github.com + Some websites meanwhile refuse to reply to requests from ancient + browsers like IE6, therefore I've comment out this setting, but + also fixed the string to now fake IE8 if someone enables it. -Daniel Stenberg (9 Jun 2015) -- RELEASE-NOTES: synced with 20ac3458068 +Daniel Stenberg (9 Dec 2014) +- smb: fix unused return code warning -- CURLOPT_OPENSOCKETFUNCTION: return error at once - - When CURL_SOCKET_BAD is returned in the callback, it should be treated - as an error (CURLE_COULDNT_CONNECT) if no other socket is subsequently - created when trying to connect to a server. +Patrick Monnerat (9 Dec 2014) +- Curl_client_write() & al.: chop long data, convert data only once. + +Guenter Knauf (9 Dec 2014) +- VC build: added sspi define for winssl-zlib builds. + +Daniel Stenberg (9 Dec 2014) +- schannel_recv: return the correct code - Bug: http://curl.haxx.se/mail/lib-2015-06/0047.html + Bug: http://curl.haxx.se/bug/view.cgi?id=1462 + Reported-by: Tae Hyoung Ahn -- fopen.c: fix a few compiler warnings +- http2: avoid logging neg "failure" if h2 was not requested -- [Ville Skyttä brought this change] +- openldap: do not ignore Curl_client_write() return codes - docs: Spelling fixes +- compile: warn on unused return code from Curl_client_write() -- [Ville Skyttä brought this change] +Patrick Monnerat (8 Dec 2014) +- SMB: Fix a data size mismatch that broke SMB on big-endian platforms - docs: man page indentation and syntax fixes +Steve Holme (7 Dec 2014) +- smb: Fixed Windows autoconf builds following commit eb88d778e7 + + As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO + either explicitly through --enable-win32-cypto or automatically on + _WIN32 based platforms, subsequent builds broke with the following + error message: + + "Can't compile NTLM support without a crypto library." -Linus Nielsen (8 Jun 2015) -- help: Add --proxy-service-name and --service-name to the --help output +- RELEASE-NOTES: Synced with 526603ff05 -Jay Satiro (7 Jun 2015) -- openssl: Fix verification of server-sent legacy intermediates - - - Try building a chain using issuers in the trusted store first to avoid - problems with server-sent legacy intermediates. - - Prior to this change server-sent legacy intermediates with missing - legacy issuers would cause verification to fail even if the client's CA - bundle contained a valid replacement for the intermediate and an - alternate chain could be constructed that would verify successfully. - - https://rt.openssl.org/Ticket/Display.html?id=3621&user=guest&pass=guest +- [Bill Nagel brought this change] -Daniel Stenberg (5 Jun 2015) -- BINDINGS: update several URLs + smb: Build with SSPI enabled - Stop linking to the curl.haxx.se anchor pages, they are usually only - themselves pointers to the real page so better point there directly - instead. + Build SMB/CIFS protocol support when SSPI is enabled. -- BINDINGS: the curl-rust binding +- [Bill Nagel brought this change] -- curl.h: add CURL_HTTP_VERSION_2 + ntlm: Use Windows Crypt API - The protocol is named "HTTP/2" after all. It is an alias for the - existing CURL_HTTP_VERSION_2_0 enum. + Allow the use of the Windows Crypt API for NTLMv1 functions. -- openssl: removed error string #ifdef +Dan Fandrich (7 Dec 2014) +- cookie.c: Refactored cleanup code to simplify - ERR_error_string_n() was introduced in 0.9.6, no need to #ifdef anymore + Also, fixed the outdated comments on the cookie API. -- openssl: removed USERDATA_IN_PWD_CALLBACK kludge +- get_url_file_name: Fixed crash on OOM on debug build - Code for OpenSSL 0.9.4 serves no purpose anymore! + This caused a null-pointer dereference which caused a few dozen + torture tests to fail. -- openssl: remove SSL_get_session()-using code +Steve Holme (6 Dec 2014) +- sws.c: Fixed compilation warning - It was present for OpenSSL 0.9.5 code but we only support 0.9.7 or - later. + sws.c:2191 warning: 'rc' may be used uninitialized in this function -- openssl: remove dummy callback use from SSL_CTX_set_verify() +- ftp.c: Fixed compilation warnings when proxy support disabled - The existing callback served no purpose. - -- LIBCURL-STRUCTS: clarify for multiplexing + ftp.c:1827 warning: unused parameter 'newhost' + ftp.c:1827 warning: unused parameter 'newport' -Jay Satiro (3 Jun 2015) -- cookie: Stop exporting any-domain cookies - - Prior to this change any-domain cookies (cookies without a domain that - are sent to any domain) were exported with domain name "unknown". +- smb: Fixed a problem with large file transfers - Bug: https://github.com/bagder/curl/issues/292 - -Daniel Stenberg (3 Jun 2015) -- RELEASE-PROCEDURE: refreshed 'coming dates' - -Jay Satiro (2 Jun 2015) -- curl_setup: Change fopen text macros to use 't' for MSDOS + Fixed an issue with the message size calculation where the raw bytes + from the buffer were interpreted as signed values rather than unsigned + values. - Bug: https://github.com/bagder/curl/pull/258#issuecomment-107915198 Reported-by: Gisle Vanem + Assisted-by: Bill Nagel -Daniel Stenberg (2 Jun 2015) -- curl_multi_timeout.3: added example +- smb: Moved the URL decoding into a separate function -- curl_multi_perform.3: added example +- smb: Fixed URL encoded URLs not working -- curl_multi_info_read.3: added example +- Makefile.inc: Added our standard header and updated file formatting -- checksrc: detect fopen() for text without the FOPEN_* macros - - Follow-up to e8423f9ce150 with discussionis in - https://github.com/bagder/curl/pull/258 +- Makefile.inc: Updated file formatting - This check scans for fopen() with a mode string without 'b' present, as - it may indicate that an FOPEN_* define should rather be used. - -- curl_getdate.3: update RFC reference + Aligned continuation character and used space as the separator + character as per other makefile files. -Jay Satiro (1 Jun 2015) -- curl_setup: Add macros for FOPEN_READTEXT, FOPEN_WRITETEXT - - - Change fopen calls to use FOPEN_READTEXT instead of "r" or "rt" - - Change fopen calls to use FOPEN_WRITETEXT instead of "w" or "wt" - - This change is to explicitly specify when we need to read/write text. - Unfortunately 't' is not part of POSIX fopen so we can't specify it - directly. Instead we now have FOPEN_READTEXT, FOPEN_WRITETEXT. - - Prior to this change we had an issue on Windows if an application that - uses libcurl overrides the default file mode to binary. The default file - mode in Windows is normally text mode (translation mode) and that's what - libcurl expects. +- curl_md4.h: Updated copyright year following recent edit - Bug: https://github.com/bagder/curl/pull/258#issuecomment-107093055 - Reported-by: Orgad Shaneh - -Daniel Stenberg (1 Jun 2015) -- http2-upload.c: use PIPEWAIT for playing HTTP/2 better + ...and minor layout adjustment. -- http2-download: check for CURLPIPE_MULTIPLEX properly - - Bug: http://curl.haxx.se/mail/lib-2015-06/0001.html - Reported-by: Rafayel Mkrtchyan +Patrick Monnerat (5 Dec 2014) +- SMB: Fix big endian problems. Make it OS/400 aware. -- [Isaac Boukris brought this change] +- OS400: enable NTLM authentication - HTTP-NTLM: fail auth on connection close instead of looping +Steve Holme (5 Dec 2014) +- multi.c: Fixed compilation warning - Bug: https://github.com/bagder/curl/issues/256 - -- 5.6 Refuse "downgrade" redirects - -- README.pingpong: removed - -- ROADMAP: remove HTTP/2 multiplexing - its here now + multi.c:2695: warning: declaration of `exp' shadows a global declaration -- HTTP2.md: formatted properly +Guenter Knauf (5 Dec 2014) +- build: updated dependencies in makefiles. -- HTTP2: moved docs into docs/ and make it markdown +Steve Holme (5 Dec 2014) +- sasl: Corrected formatting of function descriptions -- README.http2: refreshed and added multiplexing info +- sasl_gssapi: Added missing function description -- dist: add the http2 examples +- RELEASE-NOTES: Provided better descriptions + + As it is often difficult to choose the best description for a single + feature when it spans many commits, updated the descriptions for the + recent SMB/CIFS protocol and GSS-API additions. -- http2 examples: clean up some comments +- sasl_sspi: Corrected some typos -- examples: added two programs doing multiplexed HTTP/2 +- sasl_sspi: Don't use hard coded sizes in Kerberos V5 security data + + Don't use a hard coded size of 4 for the security layer and buffer size + in Curl_sasl_create_gssapi_security_message(), instead, use sizeof() as + we have done in the sasl_gssapi module. -- scripts: moved contributors.sh and contrithanks.sh into subdir +- sasl_sspi: Free the Kerberos V5 challenge as soon as we're done with it + + Reduced the amount of free's required for the decoded challenge message + in Curl_sasl_create_gssapi_security_message() as a result of coding it + differently in the sasl_gssapi module. -- RELEASE-NOTES: synced with c005790ff1c0a +- gssapi: Corrected typo in comments -- [Daniel Melani brought this change] +- sasl_gssapi: Added body to Curl_sasl_create_gssapi_security_message() - openssl: typo in comment +Daniel Stenberg (4 Dec 2014) +- [Stefan Bühler brought this change] -Jay Satiro (27 May 2015) -- openssl: Use TLS_client_method for OpenSSL 1.1.0+ - - SSLv23_client_method is deprecated starting in OpenSSL 1.1.0. The - equivalent is TLS_client_method. + http_perhapsrewind: don't abort CONNECT requests - https://github.com/openssl/openssl/commit/13c9bb3#diff-708d3ae0f2c2973b272b811315381557 + ...they never have a body -Daniel Stenberg (26 May 2015) -- FAQ: How do I port libcurl to my OS? +- [Stefan Bühler brought this change] -Jay Satiro (25 May 2015) -- CURLOPT_COOKIELIST.3: Explain Set-Cookie without a domain - - Document that if Set-Cookie is used without a domain then the cookie is - sent for any domain and will not be modified. + HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request - Bug: http://curl.haxx.se/mail/lib-2015-05/0137.html - Reported-by: Alexander Dyagilev - -Daniel Stenberg (25 May 2015) -- [Tatsuhiro Tsujikawa brought this change] + Sending NTLM/Negotiate header again after successful authentication + breaks the connection with certain Proxies and request types (POST to MS + Forefront). - http2: Copy data passed in Curl_http2_switched into HTTP/2 connection buffer - - Previously, after seeing upgrade to HTTP/2, we feed data followed by - upgrade response headers directly to nghttp2_session_mem_recv() in - Curl_http2_switched(). But it turns out that passed buffer, mem, is - part of stream->mem, and callbacks called by - nghttp2_session_mem_recv() will write stream specific data into - stream->mem, overwriting input data. This will corrupt input, and - most likely frame length error is detected by nghttp2 library. The - fix is first copy the passed data to HTTP/2 connection buffer, - httpc->inbuf, and call nghttp2_session_mem_recv(). +- [Stefan Bühler brought this change] -Jay Satiro (24 May 2015) -- CURLOPT_COOKIE.3: Explain that the cookies won't be modified + HTTP: don't abort connections with pending Negotiate authentication - The CURLOPT_COOKIE doc says it "sets the cookie header explicitly in the - outgoing request(s)." However there seems to be some user confusion - about cookie modification. Document that the cookies set by this option - are not modified by the cookie engine. - - Bug: http://curl.haxx.se/mail/lib-2015-05/0115.html - Reported-by: Alexander Dyagilev - -- CURLOPT_COOKIELIST.3: Add example + ... similarly to how NTLM works as Negotiate is in fact often NTLM with + another name. -Dan Fandrich (24 May 2015) -- testcurl.pl: use rel2abs to make the source directory absolute - - This function makes a platform-specific absolute path which uses - backslashes on Windows. This form works when passing it on the - command-line, as well as if the source is on another drive. +- [Stefan Bühler brought this change] -- conncache: fixed memory leak on OOM (torture tests) + fix gdb libtool invocation path -Daniel Stenberg (24 May 2015) -- perl: remove subdir, not touched in 9 years +Steve Holme (4 Dec 2014) +- sasl_gssapi: Fixed missing include from commit d3cca934ee -- log2changes.pl: moved to scripts/ +Daniel Stenberg (4 Dec 2014) +- [Jay Satiro brought this change] -- [Alessandro Ghedini brought this change] + examples: remove sony.com from 10-at-a-time + + Prior to this change the 10-at-a-time example showed CURLE_RECV_ERROR + for the sony website because it ends the connection when the request is + missing a user agent. - scripts: add zsh.pl for generating zsh completion +Steve Holme (4 Dec 2014) +- sasl_gssapi: Fixed missing decoding debug failure message -Dan Fandrich (23 May 2015) -- test1510: another flaky test +- sasl_gssapi: Fixed honouring of no mutual authentication -Daniel Stenberg (22 May 2015) -- security: fix "Unchecked return value" from sscanf() - - By (void) prefixing it and adding a comment. Did some minor related - cleanups. - - Coverity CID 1299423. +- sasl_sspi: Added more Kerberos V5 decoding debug failure messages -- security: simplify choose_mech - - Coverity CID 1299424 identified dead code because of checks that could - never equal true (if the mechanism's name was NULL). - - Simplified the function by removing a level of pointers and removing the - loop and array that weren't used. +Daniel Stenberg (4 Dec 2014) +- [Anthon Pang brought this change] -- RTSP: catch attempted unsupported requests better + docs: Fix FAILONERROR typos - Replace use of assert with code that properly catches bad input at - run-time even in non-debug builds. + It returns error for >= 400 HTTP responses. - This flaw was sort of detected by Coverity CID 1299425 which claimed the - "case RTSPREQ_NONE" was dead code. + Bug: https://github.com/bagder/curl/pull/129 -- share_init: fix OOM crash - - A failed calloc() would lead to NULL pointer use. - - Coverity CID 1299427. +- [Peter Wu brought this change] -- parse_proxy: switch off tunneling if non-HTTP proxy - - non-HTTP proxy implies not using CURLOPT_HTTPPROXYTUNNEL + tool: fix CURLOPT_UNIX_SOCKET_PATH in --libcurl output - Bug: http://curl.haxx.se/mail/lib-2015-05/0056.html - Reported-by: Sean Boudreau - -- curl: fix potential NULL dereference + Mark CURLOPT_UNIX_SOCKET_PATH as string to ensure that it ends up as + option in the file generated by --libcurl. - Coverity CID 1299428: Dereference after null check (FORWARD_NULL) + Signed-off-by: Peter Wu -- http2: on_frame_recv: return early on stream 0 - - Coverity CID 1299426 warned about possible NULL dereference otherwise, - but that would only ever happen if we get invalid HTTP/2 data with - frames for stream 0. Avoid this risk by returning early when stream 0 is - used. +- [Peter Wu brought this change] -- http: removed self assignment + opts: fix CURLOPT_UNIX_SOCKET_PATH formatting - Follow-up fix from b0143a2a33f0 + Add .nf and .fi such that the code gets wrapped in a pre on the web. + Fixed grammar, fixed formatting of the "See also" items. - Detected by coverity. CID 1299429 + Signed-off-by: Peter Wu -- [Tatsuhiro Tsujikawa brought this change] +Patrick Monnerat (4 Dec 2014) +- OS400: enable Unix sockets. - http2: Make HTTP Upgrade work - - This commit just add implicitly opened stream 1 to streams hash. +Daniel Stenberg (3 Dec 2014) +- RELEASE-NOTES: synced with b216427e73b5e9 -Jay Satiro (22 May 2015) -- strerror: Change SEC_E_ILLEGAL_MESSAGE description - - Prior to this change the description for SEC_E_ILLEGAL_MESSAGE was OS - and language specific, and invariably translated to something not very - helpful like: "The message received was unexpected or badly formatted." - - Bug: https://github.com/bagder/curl/issues/267 - Reported-by: Michael Osipov +- opts: added CURLOPT_UNIX_SOCKET_PATH to Makefile.am -- telnet: Fix read-callback change for Windows builds +- updateconninfo: clear destination struct before getsockname() - Refer to b0143a2 for more information on the read-callback change. - -Daniel Stenberg (21 May 2015) -- CURLOPT_HTTPPROXYTUNNEL.3: only works with a HTTP proxy! + Otherwise we may read uninitialized bytes later in the unix-domain + sockets case. -Dan Fandrich (21 May 2015) -- testcurl.pl: allow source to be in an arbitrary directory - - This way, the build directory can be located on an entirely different - filesystem from the source code (e.g. a tmpfs). +- curl.1: added --unix-socket -Daniel Stenberg (20 May 2015) -- read_callback: move to SessionHandle from connectdata - - With many easy handles using the same connection for multiplexing, it is - important we store and keep the transfer-oriented stuff in the - SessionHandle so that callbacks and callback data work fine even when - many easy handles share the same physical connection. +- [Peter Wu brought this change] -- http2: show stream IDs in decimal + tool: add --unix-socket option - It makes them easier to match output from the nghttpd test server. + Signed-off-by: Peter Wu -- [Tatsuhiro Tsujikawa brought this change] +- [Peter Wu brought this change] - http2: Faster http2 upload + libcurl: add UNIX domain sockets support - Previously, when we send all given buffer in data_source_callback, we - return NGHTTP2_ERR_DEFERRED, and nghttp2 library removes this stream - temporarily for writing. This itself is good. If this is the sole - stream in the session, nghttp2_session_want_write() returns zero, - which means that libcurl does not check writeability of the underlying - socket. This leads to very slow upload, because it seems curl only - upload 16k something per 1 second. To fix this, if we still have data - to send, call nghttp2_session_resume_data after nghttp2_session_send. - This makes nghttp2_session_want_write() returns nonzero (if connection - window still opens), and as a result, socket writeability is checked, - and upload speed becomes normal. - -- [Dmitry Eremin-Solenikov brought this change] - - gtls: don't fail on non-fatal alerts during handshake + The ability to do HTTP requests over a UNIX domain socket has been + requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a + discussion happened, no patch seems to get through. I decided to give it + a go since I need to test a nginx HTTP server which listens on a UNIX + domain socket. - Stop curl from failing when non-fatal alert is received during - handshake. This e.g. fixes lots of problems when working with https - sites through proxies. - -- curl_easy_unescape.3: update RFC reference + One patch [3] seems to make it possible to use the + CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket. + Another person wrote a Go program which can do HTTP over a UNIX socket + for Docker[4] which uses a special URL scheme (though the name contains + cURL, it has no relation to the cURL library). - Reported-by: bsammon - Bug: https://github.com/bagder/curl/issues/282 - -Jay Satiro (20 May 2015) -- CURLOPT_POSTFIELDS.3: Mention curl_easy_escape + This patch considers support for UNIX domain sockets at the same level + as HTTP proxies / IPv6, it acts as an intermediate socket provider and + not as a separate protocol. Since this feature affects network + operations, a new feature flag was added ("unix-sockets") with a + corresponding CURL_VERSION_UNIX_SOCKETS macro. - .. also correct some variable naming in curl_easy_escape.3 + A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This + option enables UNIX domain sockets support for all requests on the + handle (replacing IP sockets and skipping proxies). - Bug: https://github.com/bagder/curl/issues/281 - Reported-by: bsammon@users.noreply.github.com - -Daniel Stenberg (19 May 2015) -- [Brian Prodoehl brought this change] - - openssl: Use SSL_CTX_set_msg_callback and SSL_CTX_set_msg_callback_arg + A new configure option (--enable-unix-sockets) and CMake option + (ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I + deliberately did not mark this feature as advanced, this is a + feature/component that should easily be available. - BoringSSL removed support for direct callers of SSL_CTX_callback_ctrl - and SSL_CTX_ctrl, so move to a way that should work on BoringSSL and - OpenSSL. + [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html + [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/ + [2]: http://sourceforge.net/p/curl/feature-requests/53/ + [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html + [4]: https://github.com/Soulou/curl-unix-socket - re #275 - -Jay Satiro (19 May 2015) -- curl.1: fix missing space in section --data + Signed-off-by: Peter Wu -Daniel Stenberg (19 May 2015) -- transfer: remove erroneous and misleading comment - -Kamil Dudka (19 May 2015) -- http: silence compile-time warnings without USE_NGHTTP2 - - Error: CLANG_WARNING: - lib/http.c:173:16: warning: Value stored to 'http' during its initialization is never read - - Error: COMPILER_WARNING: - lib/http.c: scope_hint: In function ‘http_disconnect’ - lib/http.c:173:16: warning: unused variable ‘http’ [-Wunused-variable] +- [Peter Wu brought this change] -Jay Satiro (19 May 2015) -- transfer: Replace __func__ instances with function name + tests: add two HTTP over UNIX socket tests - .. also make __func__ replacement in multi. + test1435: a simple test that checks whether a HTTP request can be + performed over the UNIX socket. The hostname/port are interpreted + by sws and should be ignored by cURL. - Prior to this change debug builds would fail to build if the compiler - was building pre-c99 and didn't support __func__. - -Daniel Stenberg (19 May 2015) -- [Viktor Szakats brought this change] - - build: bump version in default nghttp2 paths - -- INTERNALS: we require nghttp2 1.0.0+ now - -Jay Satiro (18 May 2015) -- http: Add some include guards for the new HTTP/2 stuff - -Daniel Stenberg (18 May 2015) -- http2: store upload state per stream + test1436: test for the ability to do two requests to the same host, + interleaved with one to a different hostname. - Use a curl_off_t for upload left + Signed-off-by: Peter Wu -- http2: fix build when NOT h2-enabled +- [Peter Wu brought this change] -- http2: switch to use Curl_hash_destroy() + tests: add HTTP UNIX socket server testing support - as after 4883f7019d3, the *_clean() function only flushes the hash. - -- curlver: restore LIBCURL_VERSION_NUM defined as a full number + The variable `$ipvnum` can now contain "unix" besides the integers 4 + and 6 since the variable. Functions which receive this parameter + have their `$port` parameter renamed to `$port_or_path` to support a + path to the UNIX domain socket (as a "port" is only meaningful for TCP). - As it breaks configure, curl-config and test 1023 if not. + Signed-off-by: Peter Wu -- [Anthony Avina brought this change] +- [Peter Wu brought this change] - hostip: fix unintended destruction of hash table + sws: try to remove socket and retry bind - .. and added unit1602 for hash.c - -- curlver: introducing new version number (checking) macros - -- runtests.pl: use 'h2c' now, no -14 anymore - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Ignore if we have stream ID not in hash in on_stream_close + If sws is killed it might leave a stale socket file on the filesystem + which would cause an EADDRINUSE error. After this patch, it is checked + whether the socket is really stale and if so, the socket file gets + removed and another bind is executed. - We could get stream ID not in the hash in on_stream_close. For - example, if we decided to reject stream (e.g., PUSH_PROMISE), then we - don't create stream and store it in hash with its stream ID. + Signed-off-by: Peter Wu -- [Tatsuhiro Tsujikawa brought this change] +- [Peter Wu brought this change] - Require nghttp2 v1.0.0 - - This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0, - and utilize recent version of nghttp2 to simplify the code, + sws: add UNIX domain socket support - First we use nghttp2_option_set_no_recv_client_magic function to - detect nghttp2 v1.0.0. That function only exists since v1.0.0. + This extends sws with a --unix-socket option which causes the port to + be ignored (as the server now listens on the path specified by + --unix-socket). This feature will be available in the following patch + that enables checking for UNIX domain socket support. - Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and - validates received header field. If it found error, RST_STREAM with - PROTOCOL_ERROR is issued. Since we require v1.0.0, we can utilize - this feature to simplify libcurl code. This commit does this. + Proxy support (CONNECT) is not considered nor tested. It does not make + sense anyway, first connecting through a TCP proxy, then let that TCP + proxy connect to a UNIX socket. - Migration from 0.7 series are done based on nghttp2 migration - document. For libcurl, we removed the code sending first 24 bytes - client magic. It is now done by nghttp2 library. - on_invalid_frame_recv callback signature changed, and is updated - accordingly. + Signed-off-by: Peter Wu -- http2: infof length in on_frame_send() +- [Peter Wu brought this change] -- pipeline: switch some code over to functions + sws: restrict TCP_NODELAY to IP sockets - ... to "compartmentalize" a bit and make it easier to change behavior - when multiplexing is used instead of good old pipelining. - -- symbols-in-versions: add CURLOPT_PIPEWAIT - -- CURLOPT_PIPEWAIT: added + TCP_NODELAY does not make sense for Unix sockets, so enable it only if + the socket is using IP. - By setting this option to 1 libcurl will wait for a connection to reveal - if it is possible to pipeline/multiplex on before it continues. + Signed-off-by: Peter Wu -- Curl_http_readwrite_headers: minor code simplification +Dan Fandrich (3 Dec 2014) +- [Dave Reisner brought this change] -- IsPipeliningPossible: fixed for http2 + curl.1: fix trivial typo -- http2: bump the h2 buffer size to 32K for speed +Steve Holme (3 Dec 2014) +- sasl_gssapi: Added body to Curl_sasl_create_gssapi_user_message() -- http2: remove the stream from the hash in stream_close callback - - ... and suddenly things work much better! - -- http2: if there is paused data, do not clear the drain field +- sasl_gssapi: Added body to Curl_sasl_gssapi_cleanup() -- http2: rename s/data/pausedata - -- http2: "stream %x" in all outputs to make it easier to search for +- sasl_gssapi: Added Curl_sasl_build_gssapi_spn() function + + Added helper function for returning a GSS-API compatible SPN. -- http2: Curl_expire() all handles with incoming traffic +Daniel Stenberg (3 Dec 2014) +- NSS: enable the CAPATH option - ... so that they'll get handled next in the multi loop. + Bug: http://curl.haxx.se/bug/view.cgi?id=1457 + Patch-by: Tomasz Kojm -- http2: don't signal settings change for same values +Steve Holme (3 Dec 2014) +- sasl_gssapi: Enable USE_KERBEROS5 for GSS-API based builds -- http2: set default concurrency, fix ConnectionExists for multiplex +- sasl_gssapi: Added GSS-API based Kerberos V5 variables -- bundles: store no/default/pipeline/multiplex +- sws.c: Fixed compilation warning when IPv6 is disabled - to allow code to act differently on the situation. - - Also added some more info message for the connection re-use function to - make it clearer when connections are not re-used. + sws.c:69: warning: comma at end of enumerator list -- http2: lazy init header_recvbuf +- sasl_gssapi: Made log_gss_error() a common GSS-API function - It makes us use less memory when not doing HTTP/2 and subsequently also - makes us not have to cleanup HTTP/2 related data when not using HTTP/2! - -- http2: separate multiplex/pipelining + cleanup memory leaks - -- CURLMOPT_PIPELINE: bit 1 is for multiplexing - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Fix bug that data to be drained are overwritten by pending "paused" data - -- [Tatsuhiro Tsujikawa brought this change] + Made log_gss_error() a common function so that it can be used in both + the http_negotiate code as well as the curl_sasl_gssapi code. - http2: Don't call nghttp2_session_mem_recv while it is paused by a stream - -- [Tatsuhiro Tsujikawa brought this change] - - http2: Read data left in connection buffer after pause +- sasl_gssapi: Introduced GSS-API based SASL module - Previously when we do pause because of out of buffer, we just throw - away unread data in connection buffer. This just broke protocol - framing, and I saw occasional FRAME_SIZE_ERROR. This commit fix this - issue by remembering how much data read, and in the next iteration, we - process remaining data. - -- [Tatsuhiro Tsujikawa brought this change] + Added the initial version of curl_sasl_gssapi.c and updated the project + files in preparation for adding GSS-API based Kerberos V5 support. - http2: Fix streams get stuck +- smb: Don't try to connect with empty credentials - This commit fixes the bug that streams get stuck if stream gets some - DATA, and stream->closed becomes true at the same time. Previously, - in this condition, after we processed DATA, we are going to try to - read data from underlying transport, but there is no data, and gets - EAGAIN. There was no code path to evaludate stream->closed. - -- http2: store incoming h2 SETTINGS - -- pipeline: move function to pipeline.c and make static + On some platforms curl would crash if no credentials were used. As such + added detection of such a use case to prevent this from happening. - ... as it was only used from there. + Reported-by: Gisle Vanem -- IsPipeliningPossible: http2 can always "pipeline" (multiplex) +- smb.c: Coding policing of pointer usage -- http2: remove debug logging from on_frame_recv +- configure: Fixed inclusion of SMB when no crypto engines available -- http2: remove the closed check in http2_recv - - With the "drained" functionality we can get here slightly asynchronously - so the stream have have been closed but there is pending data left to - read. +Guenter Knauf (1 Dec 2014) +- build: in Makefile.m32 simplified autodetection. -- http2: bump the h2 buffer to 8K +Daniel Stenberg (30 Nov 2014) +- [Peter Wu brought this change] -- http2: Curl_read should not use the single buffer + sws: move away from IPv4/IPv4-only assumption - ... as it does for pipelining when we're multiplexing, as we need the - different buffers to store incoming data correctly for all streams. - -- http2: more debug outputs - -- http2: leave WAITPERFORM when conn is multiplexed + Instead of depending the socket domain type on use_ipv6, specify the + domain type (AF_INET / AF_INET6) as variable. An enum is used here with + switch to avoid compiler warnings in connect_to, complaining that rc + is possibly undefined (which is not possible as socket_domain is + always set). - No need to wait for our "spot" like for pipelining - -- http2: force "drainage" of streams + Besides abstracting the socket type, make the debugging messages be + independent on IP (introduce location_str which points to "port XXXXX"). + Rename "ipv_inuse" to "socket_type" and tighten the scope (main). - ... which is necessary since the socket won't be readable but there is - data waiting in the buffer. + Signed-off-by: Peter Wu -- http2: move the mem+len pair to the stream struct +- [Peter Wu brought this change] -- http2: more stream-oriented data, stream ID 0 is for connections - -- http2: move lots of state data to the 'stream' struct + lib/connect: restrict IP/TCP options to said sockets - ... from the connection struct. The stream one being the 'struct HTTP' - which is kept in the SessionHandle struct (easy handle). + This patch prepares for adding UNIX domain sockets support. - lookup streams for incoming frames in the stream hash, hashing is based - on the stream id and we get the SessionHandle for the incoming stream - that way. - -- HTTP: partial start at fixing up hash-lookups on http2 frame receival - -- http: a stream hash for h2 multiplexing + TCP_NODELAY and TCP_KEEPALIVE are specific to TCP/IP sockets, so do not + apply these to other socket types. bindlocal only works for IP sockets + (independent of TCP/UDP), so filter that out too for other types. + + Signed-off-by: Peter Wu -- http: a stream hash for h2 multiplexing +- smb.c: use size_t as input argument types for msg sizes + + This fixes warnings about conversions to int -- http2: debug log when receiving unexpected stream_id +Steve Holme (30 Nov 2014) +- version: The next release will become 7.40.0 -- http2: move stream_id to the HTTP struct (per-stream) +- [Bill Nagel brought this change] -- Curl_http2_setup: only do it once and enable multiplex on the server + docs: Updated for the SMB protocol - Once we know we are HTTP/2 enabled we know the server can multiplex. + This patch updates the documentation for the SMB/CIFS protocol. -- http: switch on "pipelining" (multiplexing) for HTTP/2 servers +- curl tool: Exclude SMB from the protocol redirect - ... and do not blacklist any. + As local files could be accessed through \\localhost\c$. + +- [Bill Nagel brought this change] -- README.pipelining: removed + curl tool: Enable support for the SMB protocol - All the details mentioned here are better documented in man pages + This patch enables SMB/CIFS support in the curl command-line tool. -Dan Fandrich (14 May 2015) -- build: removed bundles.c from make files +- smb.c: Fixed compilation warnings - This file was removed in commit fd137786 + smb.c:398: warning: comparison of integers of different signs: + 'ssize_t' (aka 'long') and 'unsigned long' + smb.c:443: warning: comparison of integers of different signs: + 'ssize_t' (aka 'long') and 'unsigned long' -Daniel Stenberg (14 May 2015) -- Curl_conncache_add_conn: fix memory leak on OOM +- libcurl: Exclude SMB from the protocol redirect + + As local files could be accessed through \\localhost\c$. -- CURLMOPT_MAX_HOST_CONNECTIONS: host = host name + port number +- [Bill Nagel brought this change] -- conncache: keep bundles on host+port bases, not only host names + libcurl: Enable support for the SMB protocol - Previously we counted all connections to a specific host name and that - would be used for the CURLMOPT_MAX_HOST_CONNECTIONS check for example, - while servers on different port numbers are normally considered - different "origins" on the web and should thus be considered different - hosts. + This patch enables SMB/CIFS support in libcurl. -- bundles: merged into conncache.c +- smb.c: Fixed compilation warnings - All the existing Curl_bundle* functions were only ever used from within - the conncache.c file, so I moved them over and made them static (and - removed the Curl_ prefix). + smb.c:322: warning: conversion to 'short unsigned int' from 'unsigned + int' may alter its value + smb.c:323: warning: conversion to 'short unsigned int' from 'unsigned + int' may alter its value + smb.c:482: warning: conversion to 'short unsigned int' from 'int' may + alter its value + smb.c:521: warning: conversion to 'unsigned int' from 'curl_off_t' may + alter its value + smb.c:549: warning: conversion to 'unsigned int' from 'curl_off_t' may + alter its value + smb.c:550: warning: conversion to 'short unsigned int' from 'int' may + alter its value -- hostcache: made all host caches use structs, not pointers +- smb.c: Renamed SMB command message variables to avoid compiler warnings - This avoids unnecessary dynamic allocs and as this also removed the last - users of *hash_alloc() and *hash_destroy(), those two functions are now - removed. + smb.c:489: warning: declaration of 'close' shadows a global declaration + smb.c:511: warning: declaration of 'read' shadows a global declaration + smb.c:528: warning: declaration of 'write' shadows a global declaration -- multi: converted socket hash into non-allocated struct +- smb.c: Fixed compilation warnings - avoids extra dynamic allocation + smb.c:212: warning: unused parameter 'done' + smb.c:380: warning: ISO C does not allow extra ';' outside of a function + smb.c:812: warning: unused parameter 'premature' + smb.c:822: warning: unused parameter 'dead' -- connection cache: avoid Curl_hash_alloc() +- smb.c: Fixed compilation warnings - ... by using plain structs instead of pointers for the connection cache, - we can avoid several dynamic allocations that weren't necessary. - -- proxy: add newline to info message - -Patrick Monnerat (8 May 2015) -- FTP: fix dangling conn->ip_addr dereference on verbose EPSV. - -- FTP: Make EPSV use the control IP address rather than the original host. - This ensures an alternate address is not used. - Does not apply to proxy tunnel. - -Daniel Stenberg (8 May 2015) -- [Alessandro Ghedini brought this change] - - tool_help: fix formatting for --next option + smb.c:311: warning: conversion from 'unsigned __int64' to 'u_short', + possible loss of data + smb.c:425: warning: conversion from '__int64' to 'unsigned short', + possible loss of data + smb.c:452: warning: conversion from '__int64' to 'unsigned short', + possible loss of data -- [Egon Eckert brought this change] - - opts: improved the TCP keepalive examples - -Jay Satiro (8 May 2015) -- winbuild: Document the option used to statically link the CRT - - - Document option RTLIBCFG (runtime library configuration). +- smb.c: Fixed compilation warnings - Bug: https://github.com/bagder/curl/issues/254 - Reported-by: Bert Huijben + smb.c:162: error: comma at end of enumerator list + smb.c:469: warning: conversion from 'size_t' to 'unsigned short', + possible loss of data + smb.c:517: warning: conversion from 'curl_off_t' to 'unsigned int', + possible loss of data + smb.c:545: warning: conversion from 'curl_off_t' to 'unsigned int', + possible loss of data -- [Orgad Shaneh brought this change] +- [Bill Nagel brought this change] - netrc: Read in text mode when cygwin - - Use text mode when cygwin to eliminate trailing carriage returns. + smb: Added initial SMB functionality - Bug: https://github.com/bagder/curl/pull/258 + Initial implementation of the SMB/CIFS protocol. -Patrick Monnerat (5 May 2015) -- OS400: Add SPNEGO service name options to ILE/RPG binding. +- [Bill Nagel brought this change] -Daniel Stenberg (4 May 2015) -- curl_multi_info_read.3: fix typo + smb: Added SMB handler interfaces - Reported-by: Liviu Chircu + Added the SMB and SMBS handler interface structures and associated + functions required for SMB/CIFS operation. -- MANUAL: language fix +- transfer: Code style policing - Reported-by: Fred Stluka - Bug: https://github.com/bagder/curl/issues/255 - -- [Alessandro Ghedini brought this change] + Prefer ! rather than NULL in if statements, added comments and updated + function spacing, argument spacing and line spacing to be more readble. - gtls: properly retrieve certificate status +- transfer: Fixed existing scratch buffer being checked for NULL twice - Also print the revocation reason if appropriate. + If the scratch buffer already existed when the CRLF conversion was + performed then the buffer pointer would be checked twice for NULL. This + second check is only necessary if the call to malloc() was performed by + the first check. -- OpenSSL: conditional check for SSL3_RT_HEADER +- smtp: Fixed dot stuffing being performed when no new data read - The symbol is fairly new. + Whilst I had moved the dot stuffing code from being performed before + CRLF conversion takes place to after it, in commit 4bd860a001, I had + moved it outside the 'when something read' block of code when meant + it could perform the dot stuffing twice on partial send if nread + happened to contain the right values. It also meant the function could + potentially read past the end of buffer. This was highlighted by the + following warning: - Reported-by: Kamil Dudka + warning: `nread' might be used uninitialized in this function -- openssl: skip trace outputs for ssl_ver == 0 - - The OpenSSL trace callback is wonderfully undocumented but given a - journey in the source code, it seems the cases were ssl_ver is zero - doesn't follow the same pattern and thus turned out confusing and - misleading. For now, we skip doing any CURLINFO_TEXT logging on those - but keep sending them as CURLINFO_SSL_DATA_OUT/IN. +Daniel Stenberg (29 Nov 2014) +- smb.h: fixed picky compiler warning - Also, I added direction to the text info and I edited some functions - slightly. - - Bug: https://github.com/bagder/curl/issues/219 - Reported-by: Jay Satiro, Ashish Shukla - -Marc Hoersken (2 May 2015) -- schannel.c: Small changes + smb.h:30:16: error: comma at end of enumerator list [-Werror=pedantic] -- schannel.c: Improve code path and readability +Steve Holme (29 Nov 2014) +- tests: Disable test 1013 until SMB is fully added -- schannel.c: Improve error and return code handling upon aa99a63f03 - -- [Chris Araman brought this change] +- [Bill Nagel brought this change] - schannel: fix regression in schannel_recv + smb: Added SMB protocol and port definitions - https://github.com/bagder/curl/issues/244 - - Commit 145c263 changed the behavior when Curl_read_plain returns - CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED - correctly. + Added the necessary protocol and port definitions in order to support + SMB/CIFS. + +- [Bill Nagel brought this change] -- Bug born in changes made several days ago 9a91e80. + smb: Added internal SMB definitions and structures - Commit: https://github.com/bagder/curl/commit/926cb9f - Reported-by: Ray Satiro + Added the internal definitions and structures necessary for SMB/CIFS + support. -Daniel Stenberg (30 Apr 2015) -- [Michael Osipov brought this change] +- [Bill Nagel brought this change] - configure: remove missing and make it autogenerate + smb: Added SMB connection structure - The missing file has not been autogenerated because a temporary fix was - employed in acinclude.m4 which blocked update. Removed that fix and a recent - version of missing is copied to build root. + Added the connection structure that will be required in urldata.h for + SMB/CIFS based connections. -- [Michael Osipov brought this change] +- [Bill Nagel brought this change] - acinclude.m4: fix test for default CA cert bundle/path + smb: Added initial source files for SMB - test(1) on HP-UX requires a single equals sign and fails with two. - Let's use one and make every OS happy. + Added the initial source files and updated the relevant project files in + order to support SMB/CIFS. -- CONTRIBUTING.md: remove the sourceforge mention - - Reported-By: Michael Osipov +- [Bill Nagel brought this change] -Dan Fandrich (30 Apr 2015) -- http_negotiate_sspi: added missing data variable + smb: Added configuration options for SMB + + Added --enable-smb and --disable-smb configuration options for the + upcoming SMB/CIFS protocol support. -Daniel Stenberg (30 Apr 2015) -- [Michael Osipov brought this change] +Daniel Stenberg (28 Nov 2014) +- [Peter Wu brought this change] - configure: remove --automake from libtoolize call + runtests.pl: fix startup of IPv6 servers - That option is not mentioned in the man page of libtoolize 2.4.4.19-fda4. - Moveover, a comment in line 2623 says "--automake is for 1.5 compatibility". + Commit curl-7_23_1-143-g8218064 changed the parameter of + responsive_http_server to accept types other than IPv6 (converting + from a boolean to a string), but only considered the lower-case "ipv6" + and not the "IPv6" variant. This caused all servers to start in IPv4 + mode instead. - This option is redundant now. - -- [Viktor Szakats brought this change] - - build: update depedency versions, urls, example makefiles + This patch converts the remaining cases to "ipv6". While not strictly + necessary for the run*server variants, these got also converted for + consistency and to prevent future errors. - - update default versions of dependencies (except for rare/old platforms) - - update urls - - sync examples makefiles with main ones - - remove line ending space + Signed-off-by: Peter Wu -- [Michael Osipov brought this change] +- [Peter Wu brought this change] - configure: remove autogenerated files by autoconf + runtests.pl: fix warning message, remove duplicate value - * install-sh is always regenerated - * mkinstalldirs was already redudant years ago. Automake uses install for - that. See: http://lists.gnu.org/archive/html/automake/2007-03/msg00015.html + Signed-off-by: Peter Wu -- [Anders Bakken brought this change] - - curl_multi_add_handle: next is already NULL - -Jay Satiro (30 Apr 2015) -- schannel: Fix out of bounds array +Steve Holme (27 Nov 2014) +- http.c: Fixed compilation warnings from features being disabled - Bug born in changes made several days ago 9a91e80. + warning: unused variable 'data' + warning: variable 'addcookies' set but not used - Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html - Reported-by: Brian Chrisman + ...and some very minor coding style policing. -- docs/libcurl: gitignore libcurl-symbols.3 - - Bug: http://curl.haxx.se/mail/lib-2015-04/0191.html - Reported-by: Michael Osipov +- RELEASE-NOTES: Synced with c5399c827d -- [Viktor Szakats brought this change] +- tests: Added SMTP with --crlf test case - lib/makefile.m32: add arch -m32/-m64 to LDFLAGS - - This fixes using a multi-target mingw distro to build curl .dll for the - non-default target. - (mirroring the same patch present in src/makefile.m32) +- docs: Updated for commit 4bd860a001 and SMTP Unix line ending conversion -Daniel Stenberg (29 Apr 2015) -- RELEASE-NOTES: synced with cd39b944afc +- smtp: Fixed const'ness of nread parameter in Curl_smtp_escape_eob() - I've not mentioned the bug fixes that were shipped in 7.42.1 from the - 7_42 branch. - -- THANKS: merged from the 7.42.1 release + ...and some comment typos! -- CURLOPT_HEADEROPT: default to separate +- smtp: Added support for the conversion of Unix newlines during mail send - Make the HTTP headers separated by default for improved security and - reduced risk for information leakage. + Added support for the automatic conversion of Unix newlines to CRLF + during mail uploads. - Bug: http://curl.haxx.se/docs/adv_20150429.html - Reported-by: Yehezkel Horowitz, Oren Souroujon - -Linus Nielsen (28 Apr 2015) -- docs/libcurl: Corrected a typo in the CURLOPT_PROXY_SERVICE_NAME documentation - -Daniel Stenberg (28 Apr 2015) -- hash: simplify Curl_str_key_compare() + Feature: http://curl.haxx.se/bug/view.cgi?id=1456 -- dist: ship CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME +- CURLOPT_CRLF.3: Fixed inclusion of SMTP in listed protocols -- [Linus Nielsen brought this change] - - Negotiate: custom service names for SPNEGO. +Daniel Stenberg (25 Nov 2014) +- curl*3: added small examples - * Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME. - * Add new curl options, --proxy-service-name and --service-name. - -- http2: unify http_conn variable names to 'c' + and some minor edits -- ConnectionExists: call it multi-use instead of pipelining +- libcurl.3: fix formatting - So that it fits HTTP/2 as well + refer to functions with the man page section properly -Kamil Dudka (27 Apr 2015) -- [Paul Howarth brought this change] +- man pages: SEE ALSO curl_multi_wait - nss: fix compilation failure with old versions of NSS - - Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html +- curl_multi_wait.3: clarify numfds being used if not NULL -Daniel Stenberg (27 Apr 2015) -- sws: init http2 state properly +- multi-single.c: switch to use curl_multi_wait - It would otherwise cause problems when running tests after 1801 etc. + Makes the example much easier and straight-forward! -- curl_easy_getinfo.3: document 'internals' in CURLINFO_TLS_SESSION - - ... as it was previouly undocumented what the pointer was. +- testcurl: bump the version of this script! -- runtests: use a DISABLED.local file too +- testcurl: skip reading the setup file if given enough cmdline info - ... and have git ignore that. Allows for a dev to add tests to ignore in - local tests and yet don't obstruct a normal git work flow. - -Marc Hoersken (26 Apr 2015) -- schannel.c: Fix typo introduced with 3447c973d0 + This makes it much easier to run multiple tests in the same directory, + just altering the command lines used. -- schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error +- select.c: fix compilation for VxWorks - Reported-by: Brian Chrisman + Reported-by: Brian + Bug: http://curl.haxx.se/bug/view.cgi?id=1455 -Daniel Stenberg (26 Apr 2015) -- schannel: re-indented file to follow curl style better - - white space changes only +Patrick Monnerat (24 Nov 2014) +- [moparisthebest brought this change] -- Curl_ossl_init: load builtin modules - - To have engine modules work, we must tell openssl to load builtin - modules first. - - Bug: https://github.com/bagder/curl/pull/206 + SSL: Add PEM format support for public key pinning -- configure: follow-up fix for krb5-config +Kamil Dudka (24 Nov 2014) +- Revert "repository: ignore patch files generated by git" - commit 5b66860652 was incomplete so here's a follow-up fix + This reverts commit 217024a687ce86eb6d2317822ed81c7e5abc4b61. - Reported-by: Dagobert Michelsen - Bug: https://github.com/bagder/curl/commit/5b668606527613179d0349f21b4ab0df2971e3d2#commitcomment-10473445 + Bug: https://github.com/bagder/curl/commit/217024a6#commitcomment-8693738 -- openssl: fix serial number output +Steve Holme (23 Nov 2014) +- multi.c: Fixed compilation warnings when no verbose string support - The code extracting the cert serial number was broken and didn't display - it properly. - - Bug: https://github.com/bagder/curl/issues/235 - Reported-by: dkjjr89 + warning: variable 'connection_id' set but not used + warning: unused parameter 'lineno' -- [Grant Pannell brought this change] +- RELEASE-NOTES: Synced with 1450712e76 - sasl_sspi: Populate domain from the realm in the challenge - - Without this, SSPI based digest auth was broken. - - Bug: https://github.com/bagder/curl/pull/141.patch +- sasl: Tidied up some parameter comments -Jay Satiro (25 Apr 2015) -- [Anthony Avina brought this change] +- sasl: Reduced the need for two sets of NTLM functions - tool: New option --data-raw to HTTP POST data, '@' allowed. - - Add new option --data-raw which is almost the same as --data but does - not have a special interpretation of the @ character. - - Prior to this change there was no (easy) way to pass the @ character as - the first character in POST data without it being interpreted as a - special character. - - Bug: https://github.com/bagder/curl/issues/198 - Reported-by: Jens Rantil +- ntlm: Moved NSS initialisation to base decode function -Dan Fandrich (25 Apr 2015) -- test2039: fixed line endings that caused a test failure +- http_ntlm: Fixed additional NSS initialisation call when decoding type-2 + + After commit 48d19acb7c the HTTP code would call Curl_nss_force_init() + twice when decoding a NTLM type-2 message, once directly and the other + through the call to Curl_sasl_decode_ntlm_type2_message(). -Daniel Stenberg (24 Apr 2015) -- [Viktor Szakats brought this change] +- ntlm: Fixed static'ness of local decode function - netrc: add unit tests for 'default' support +- ntlm: Corrected some parameter names and comments -- [Viktor Szakats brought this change] +- runtests.pl: Re-aligned feature support comments - netrc: support 'default' token +- runtests.pl: Use Kerberos and SPNEGO as proxies for the crypto feature - The 'default' token has no argument and means to match _any_ domain. - It must be placed last if there are 'machine ' tokens in the same file. + In addition to NTLM, use Kerberos and SPNEGO as proxies to the crypto + feature. - See full description here: - https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html + ...and converted tab characters, from commit 4b4e8a5853, to spaces. -- ROADMAP.md: extended the HTTP/2 section, reformatted - - Elaborated on several of the remaining HTTP/2 parts and made document - use a format that ends up nicer on the web page: - http://curl.haxx.se/dev/roadmap.html +- runtests.pl: Added support for SPNEGO -Kamil Dudka (23 Apr 2015) -- curl -z: do not write empty file on unmet condition - - This commit fixes a regression introduced in curl-7_41_0-186-g261a0fe. - It also introduces a regression test 1424 based on tests 78 and 1423. - - Reported-by: Viktor Szakats - Bug: https://github.com/bagder/curl/issues/237 +- runtests.pl: Added Kerberos detection -Dan Fandrich (23 Apr 2015) -- tool: fixed a comment typo +- runtests.pl: Added GSS-API detection -- README: convert to UTF-8 +- FILEFORMAT: Added SSPI, GSS-API and Kerberos to the features list -Jay Satiro (22 Apr 2015) -- cyassl: Implement public key pinning +- FILEFORMAT: Added test requires feature not present information - Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc. + Such as !SSPI as we do for the NTLM and Digest tests. -Dan Fandrich (22 Apr 2015) -- [Alessandro Ghedini brought this change] - - curl.1: fix typo +Daniel Stenberg (20 Nov 2014) +- http.c: log if it notices HTTP 1.1 after a upgrade to http2 -Kamil Dudka (22 Apr 2015) -- docs: distribute the CURLOPT_PINNEDPUBLICKEY(3) man page, too +- test1801: first real http2 test case -- tests/unit/.gitignore: hide unit1601 and above, too +- sws: initial tiny steps toward http2 support -Daniel Stenberg (22 Apr 2015) -- connectionexists: follow-up to fd9d3a1ef1f - - PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not - enabled. - - Mistake-caught-by: Kamil Dudka +- FILEFORMAT: mention the new upgrade support -- connectionexists: fix build without NTLM - - Do not access NTLM-specific struct fields when built without NTLM - enabled! +- test1800: first plain-text http2 test case - bug: http://curl.haxx.se/?i=231 - Reported-by: Patrick Rapin + Verifies the upgrade request, but gets a plain 1.1 response -- bump: start working toward 7.43.0 +- [Tatsuhiro Tsujikawa brought this change] -Kamil Dudka (22 Apr 2015) -- nss: implement public key pinning for NSS backend + http: Disable pipelining for HTTP/2 and upgraded connections - Bug: https://bugzilla.redhat.com/1195771 - -Daniel Stenberg (22 Apr 2015) -- dist: include {src,lib}/checksrc.whitelist + This commit disables pipelining for HTTP/2 or upgraded connections. For + HTTP/2, we do not support multiplexing. In general, requests cannot be + pipelined in an upgraded connection, since it is now different protocol. -Version 7.42.0 (22 Apr 2015) +- [Brad Harder brought this change] -Daniel Stenberg (22 Apr 2015) -- RELEASE-NOTES: updated for 7.42.0 + CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option -- THANKS: added contributors from 7.42.0 release notes +Steve Holme (19 Nov 2014) +- multi-uv.c: Updated for curl coding standards -- THANKS-filter: a few more alterations to squash - -- contrithanks.sh: helper script for maintaining THANKS - -- http_done: close Negotiate connections when done - - When doing HTTP requests Negotiate authenticated, the entire connnection - may become authenticated and not just the specific HTTP request which is - otherwise how HTTP works, as Negotiate can basically use NTLM under the - hood. curl was not adhering to this fact but would assume that such - requests would also be authenticated per request. - - CVE-2015-3148 - - Bug: http://curl.haxx.se/docs/adv_20150422B.html - Reported-by: Isaac Boukris - -- fix_hostname: zero length host name caused -1 index offset - - If a URL is given with a zero-length host name, like in "http://:80" or - just ":80", `fix_hostname()` will index the host name pointer with a -1 - offset (as it blindly assumes a non-zero length) and both read and - assign that address. - - CVE-2015-3144 - - Bug: http://curl.haxx.se/docs/adv_20150422D.html - Reported-by: Hanno Böck +- conncache: Fixed specifiers in infof() for long and size_t variables -- cookie: cookie parser out of boundary memory access - - The internal libcurl function called sanitize_cookie_path() that cleans - up the path element as given to it from a remote site or when read from - a file, did not properly validate the input. If given a path that - consisted of a single double-quote, libcurl would index a newly - allocated memory area with index -1 and assign a zero to it, thus - destroying heap memory it wasn't supposed to. - - CVE-2015-3145 - - Bug: http://curl.haxx.se/docs/adv_20150422C.html - Reported-by: Hanno Böck +- [Peter Wu brought this change] -- ConnectionExists: for NTLM re-use, require credentials to match + cmake: add Kerberos to the supported features - CVE-2015-3143 + Updated following commit eda919f and a4b7f71. - Bug: http://curl.haxx.se/docs/adv_20150422A.html - Reported-by: Paras Sethia + Acked-by: Brad King + Signed-off-by: Peter Wu -Jay Satiro (21 Apr 2015) -- [byronhe brought this change] +- [Peter Wu brought this change] - openssl: add OPENSSL_NO_SSL3_METHOD check - -Daniel Stenberg (20 Apr 2015) -- CURLOPT_HEADERFUNCTION.3: match parameter name in synopsis and desc + cmake: fix NTLM detection when CURL_DISABLE_HTTP defined - Bug: https://github.com/bagder/curl/issues/229 - Reported-by: bsammon - -Kamil Dudka (20 Apr 2015) -- [Mostyn Bramley-Moore brought this change] - - configure --with-nss: remove unneeded libs from the fallback - -Daniel Stenberg (20 Apr 2015) -- contributors.sh: fix help output, filter out (-prefix from names - -- RELEASE-NOTES: synced with cc0e7ebc3be0 - -- [Michael Stapelberg brought this change] - - CURLMOPT_TIMERFUNCTION.3: Clarify, add an example - -- [Viktor Szakáts brought this change] - - vtls/openssl: use https in URLs and a comment typo fixed - -- curl_version_info.3: fixed the 'protocols' variable type + Updated following changes in commit f0d860d. - Reported-by: John Marshall - Bug: https://github.com/bagder/curl/issues/225 + Acked-by: Brad King + Signed-off-by: Peter Wu -Dan Fandrich (18 Apr 2015) -- test1423: added missing "file" to server section +Daniel Stenberg (19 Nov 2014) +- RELEASE-NOTES: synced with cb13fad733e -Daniel Stenberg (17 Apr 2015) -- TheArtOfHttpScripting: Multiple URLs + Multiple HTTP methods - - ... and some minor edits +- [Jay Satiro brought this change] -- Revert "HTTP: don't abort connections with pending Negotiate authentication" + examples: Wait recommended 100ms when no file descriptors are ready - This reverts commit 5dc68dd6092a789bb5e0a67a1c1356ba87fdcbc6. + Prior to this change when no file descriptors were ready on platforms + other than Windows the multi examples would sleep whatever was in + timeout, which may or may not have been less than the minimum + recommended value [1] of 100ms. - Bug: https://github.com/bagder/curl/issues/223 - Reported-by: Michael Osipov + [1]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html -Jay Satiro (17 Apr 2015) -- cyassl: Fix include order - - Prior to this change CyaSSL's build options could redefine some generic - build symbols. - - http://curl.haxx.se/mail/lib-2015-04/0069.html +- [Waldek Kozba brought this change] -Kamil Dudka (17 Apr 2015) -- configure --with-nss: drop redundant if statement + multi-uv.c: close the file handle after download -- configure --with-nss=PATH: query pkg-config if available - - Bug: https://github.com/bagder/curl/pull/171 +- [Jon Spencer brought this change] -Daniel Stenberg (17 Apr 2015) -- parsecfg: do not continue past a zero termination + multi: inform about closed sockets before they are closed - When a config file line ends without newline, the parsing function could - continue reading beyond that point in memory. + When the connection code decides to close a socket it informs the multi + system via the Curl_multi_closed function. The multi system may, in + turn, invoke the CURLMOPT_SOCKETFUNCTION function with + CURL_POLL_REMOVE. This happens after the socket has already been + closed. Reorder the code so that CURL_POLL_REMOVE is called before the + socket is closed. + +Guenter Knauf (19 Nov 2014) +- build: in Makefile.m32 moved target autodetection. - Reported-by: Hanno Böck + Moved target autodetection block after defining CC macro. -Jay Satiro (16 Apr 2015) -- gitignore: Ignore Windows build output directories +- build: in Makefile.m32 simplify platform flags. -Daniel Stenberg (15 Apr 2015) -- RELEASE-NOTES: synced with 1ba6e4c88e0 +- build: in Makefile.m32 try to detect 64bit target. -- TODO: 17.9 Choose the name of file in braces for complex URLs +Daniel Stenberg (19 Nov 2014) +- [Brad King brought this change] -- TODO: a little caution that maybe not all ideas are still good + CMake: Simplify if() conditions on check result variables + + Remove use of an old hack that takes advantage of the auto-dereference + behavior of the if() command to detect if a variable is defined. The + hack has the form: + + if("${VAR} MATCHES "^${VAR}$") + + where "${VAR}" is a macro argument reference. Use if(DEFINED) instead. + This also avoids warnings for CMake Policy CMP0054 in CMake 3.1. -- TODO: 17.8 offer color-coded HTTP header output +- TODO-RELEASE: removed -- TODO: 17.7 warning when sending binary output to terminal +- [Carlo Wood brought this change] -- KNOWN_BUGS: #90 IMAP "SEARCH ALL" truncates output on large boxes + debug: added new connection cache output, plus fixups + + Debug output 'typo' fix. + + Don't print an extra "0x" in + * Pipe broke: handle 0x0x2546d88, url = / + + Add debug output. + Print the number of connections in the connection cache when + adding one, and not only when one is removed. + + Fix typos in comments. -Jay Satiro (14 Apr 2015) -- cyassl: Add support for TLS extension SNI +- multi: move the ending condition into the loop as well + + ... as it was before I changed the loop in commit e04ccbd50. It caused + test 2030 and 2032 to fail. -Daniel Stenberg (13 Apr 2015) -- [Matthew Hall brought this change] +Steve Holme (18 Nov 2014) +- multi: Prefer we don't use CURLE_OK and NULL in comparisons - gitignore: ignore test-driver file +Daniel Stenberg (18 Nov 2014) +- multi_runsingle: use 'result' for local CURLcode storage + + ... and assign data->result only at the end. Makes the code more compact + (easier to read) and more similar to other code. -- [Matthew Hall brought this change] +- multi_runsingle: rename result to rc + + save 'result' for CURLcode types - vtls_openssl: improve PKCS#12 load failure error message +- multi: make multi_runsingle loop internally + + simplifies the use of this function at little cost. -- [Matthew Hall brought this change] +- [Carlo Wood brought this change] - vtls_openssl: fix minor typo in PKCS#12 load routine + multi: when leaving for timeout, close accordingly + + Fixes the problem when a transfer in a pipeline times out. -- [Matthew Hall brought this change] +Guenter Knauf (18 Nov 2014) +- build: in Makefile.m32 add -m32 flag for 32bit. - vtls_openssl: improve client certificate load failure error messages +- mk-ca-bundle.vbs: update copyright year. -- [Matthew Hall brought this change] +- build: in Makefile.m32 pass -F flag to windres. - vtls_openssl: remove ambiguous SSL_CLIENT_CERT_ERR constant +Steve Holme (17 Nov 2014) +- config-win32: Fixed build targets for the VS2012+ Windows XP toolset + + Even though commit 23e70e1cc6 mentioned the v110_xp toolset, I had + forgotten to include the relevant pre-processor definitions. -- BUGS: refer to the github issue tracker now as primary +- sasl_sspi: Removed note about the NTLM functions being a wrapper -- firefox-db2pem: fix wildcard to find Firefox default profile - - At some point, Firefox has changed and generates different directory - names for the default profile that made this script fail to find them. +- connect.c: Fixed compilation warning when no verbose string support - Bug: https://github.com/bagder/curl/issues/207 - Reported-by: sneakyimp + warning: unused parameter 'reason' -Jay Satiro (11 Apr 2015) -- cyassl: Include the CyaSSL build config +- easy.c: Fixed compilation warning when no verbose string support - CyaSSL >= 2.6.0 may have an options.h that was generated during - its build by configure. + warning: unused parameter 'easy' -- build: Generate source prerequisites for Visual Studio in generate.bat +- win32: Updated some legacy APIs to use the newer extended versions - Prior to this change Visual Studio builds could fail due to missing - prerequisites src/tool_hugehelp.c and include/curl/curlbuild.h. + Updated the usage of some legacy APIs, that are preventing curl from + compiling for Windows Store and Windows Phone build targets. - http://curl.haxx.se/mail/lib-2015-04/0034.html + Suggested-by: Stefan Neis + Feature: http://sourceforge.net/p/curl/feature-requests/82/ -Daniel Stenberg (9 Apr 2015) -- [Viktor Szakats brought this change] - - lib/makefile.m32: add missing libs to build libcurl.dll +- config-win32: Introduce build targets for VS2012+ - Add 'gdi32' and 'crypt32' Windows implibs to avoid failure - while building libcurl.dll using the mingw compiler. - The same logic is used in 'src/makefile.m32' when - building curl.exe. + Visual Studio 2012 introduced support for Windows Store apps as well as + supporting Windows Phone 8. Introduced build targets that allow more + modern APIs to be used as certain legacy ones are not available on these + new platforms. -Kamil Dudka (8 Apr 2015) -- test142[23]: verify that an empty file is stored on success +- sasl_sspi: Fixed compilation warnings when no verbose string support -- src/tool_operate: create output file on successful download - - ... of an empty file +- sasl_sspi: Added base64 decoding debug failure messages - Bug: https://github.com/bagder/curl/issues/183 + Just like in the NTLM code, added infof() failure messages for + DIGEST-MD5 and GSSAPI authentication when base64 decoding fails. -- src/tool_cb_wrt: separate fnc for output file creation +- ntlm: Moved the SSPI based Type-3 message generation into the SASL module -Daniel Stenberg (7 Apr 2015) -- [Da-Yoon Chung brought this change] +- ntlm: Moved the SSPI based Type-2 message decoding into the SASL module - lib/transfer.c: Remove factor of 8 from sleep time calculation - - The factor of 8 is a bytes-to-bits conversion factor, but pkt_size and - rate_bps are both in bytes. When using the rate limiting option, curl - waits 8 times too long, and then transfers very quickly until the - average rate reaches the limit. The average rate follows the limit over - time, but the actual traffic is bursty. - - Thanks-to: Benjamin Gilbert +- ntlm: Moved the SSPI based Type-1 message generation into the SASL module -- [Jay Satiro brought this change] +- [Michael Osipov brought this change] - x509asn1: Silence x64 loss-of-data warning on RSA key length assignment + kerberos: Use symbol qualified with _KERBEROS5 - The key length in bits will always fit in an unsigned long so the - loss-of-data warning assigning the result of x64 pointer arithmetic to - an unsigned long is unnecessary. + For consistency renamed USE_KRB5 to USE_KERBEROS5. +Daniel Stenberg (15 Nov 2014) - [Jay Satiro brought this change] - cyassl: Use CYASSL_MAX_ERROR_SZ for error buffer size + examples: Don't call select() to sleep on windows - Also fix it so that all ERR_error_string calls use an error buffer. - CyaSSL's implementation of ERR_error_string only writes the error when - an error buffer is passed. + Windows does not support using select() for sleeping without a dummy + socket. Instead use Windows' Sleep() and sleep for 100ms which is the + minimum suggested value in the curl_multi_fdset() doc. - http://www.yassl.com/forums/topic599-openssl-compatibility-and-errerrorstring.html - -- [Jay Satiro brought this change] - - cyassl: Remove 'Connecting to' message from cyassl_connect_step2 + Prior to this change the multi examples would exit prematurely since + select() would error instead of sleeping when called without an fd. - Prior to this change libcurl could show multiple 'CyaSSL: Connecting to' - messages since cyassl_connect_step2 is called multiple times, typically. - The message is superfluous even once since libcurl already informs the - user elsewhere in code that it is connecting. + Reported-by: Johan Lantz + Bug: http://curl.haxx.se/mail/lib-2014-11/0221.html -- [Viktor Szakats brought this change] +- [Tatsuhiro Tsujikawa brought this change] - checksrc.bat: quotes to support an SRC_DIR with spaces + http2: Don't send Upgrade headers when we already do HTTP/2 -- hostip: fix compiler warnings +Steve Holme (15 Nov 2014) +- sasl: Corrected Curl_sasl_build_spn() function description - introduced in the previous mini-series of 3 commits - -- [Stefan Bühler brought this change] + There was a mismatch in function parameter names. - actually implement CURLOPT_RESOLVE removals +- tool: Removed krb4 from the supported features - - also log when a CURLOPT_RESOLVE entry couldn't get parsed + Although libcurl would never return CURL_VERSION_KERBEROS4 after 7.33, + so would not be output with --version, removed krb4 from the supported + features output. -- [Stefan Bühler brought this change] - - move Curl_share_lock and ref counting into Curl_fetch_addr +- [Michael Osipov brought this change] -- [Stefan Bühler brought this change] + tool: Use Kerberos for supported features - fix refreshing of obsolete dns cache entries +- urldata: Don't define sec_complete when no GSS-API support present - - cache entries must be also refreshed when they are in use - - have the cache count as inuse reference too, freeing timestamp == 0 special - value - - use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed - - remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh) - - fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special - reference anymore, and it would also release non CURLOPT_RESOLVE references - - fix locking in Curl_hostcache_clean - - fix unit1305.c: hash now keeps a reference, need to set inuse = 1 + This variable is only used with HAVE_GSSAPI is defined by the FTP code + so let's place the definition with the other GSS-API based variables. -- RELEASE-NOTES: synced with abf6bddc14a +- [Michael Osipov brought this change] -- [Jay Satiro brought this change] + docs: Use consistent naming for Kerberos - checksrc.bat: Check lib\vtls source +- TODO: Lets support QOP options in GSSAPI authentication -- [Jay Satiro brought this change] +- sasl_sspi: Corrected a couple of comment typos - cyassl: Set minimum protocol version before CTX callback +- sasl: Moved Curl_sasl_gssapi_cleanup() definition into header file + + Rather than define the function as extern in the source files that use + it, moved the function declaration into the SASL header file just like + the Digest and NTLM clean-up functions. - This change is to allow the user's CTX callback to change the minimum - protocol version in the CTX without us later overriding it, as we did - prior to this change. + Additionally, added a function description comment block. -- [Jay Satiro brought this change] +- sasl_sspi: Added missing RFC reference for HTTP Digest authentication - build-openssl.bat: Fix mixed line endings - - Use LF not CRLF, throughout. msysgit will only convert a file to CRLF - on checkout if it's not mixed. +- ntlm: Clean-up and standardisation of base64 decoding -- [Jay Satiro brought this change] +- ntlm: We prefer 'CURLcode result' + +Daniel Stenberg (13 Nov 2014) +- [Brad King brought this change] - cyassl: Fix certificate load check + CMake: Restore order-dependent library checks - SSL_CTX_load_verify_locations can return negative values on fail, - therefore to check for failure we check if load is != 1 (success) - instead of if load is == 0 (failure), the latter being incorrect given - that behavior. + Revert commit 2257deb502 (Cmake: Avoid cycle directory dependencies, + 2014-08-22) and add a comment explaining the purpose of the original + code. + + The check_library_exists_concat macro is intended to be called multiple + times on a sequence of possibly dependent libraries. Later libraries + may depend on earlier libraries when they are static. They cannot be + safely linked in reverse order on some platforms. + + Signed-off-by: Brad King -- [Tatsuhiro Tsujikawa brought this change] +- [Brad King brought this change] - http2: Fix missing nghttp2_session_send call in Curl_http2_switched + CMake: Restore order-dependent header checks + + Revert commit 1269df2e3b (Cmake: Don't check for all headers each + time, 2014-08-15) and add a comment explaining the purpose of the + original code. - Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to - parse incoming data which were already received while curl was handling - upgrade. But we didn't call nghttp2_session_send, and it led to make - curl not send any response to the received frames. Most likely, we - received SETTINGS from server at this point, so we missed opportunity to - send SETTINGS + ACK. This commit adds missing nghttp2_session_send call - in Curl_http2_switched to fix this issue. + The check_include_file_concat macro is intended to be called multiple + times on a sequence of possibly dependent headers. Later headers + may depend on earlier headers to provide declarations. They cannot + be safely included independently on some platforms. - Bug: https://github.com/bagder/curl/issues/192 - Reported-by: Stefan Eissing + For example, many POSIX APIs document including sys/types.h before some + other headers. Also on some OS X versions sys/socket.h must be included + before net/if.h or the check for the latter will fail. + + Signed-off-by: Brad King + +- [Peter Wu brought this change] -- cookie: handle spaces after the name in Set-Cookie + test22: expand a backtick command - "name =value" is fine and the space should just be skipped. + This is the only user of the backtick operator in the command. As the + commands will soon not be executed by a shell anymore (but by perl), + replace the command with its output. - Updated test 31 to also test for this. + Signed-off-by: Peter Wu + +- RELEASE-NOTES: synced with 2ee3c63b13 + +- http2: fix switched macro when http2 is not enabled + +- [Tatsuhiro Tsujikawa brought this change] + + http2: Deal with HTTP/2 data inside response header buffer - Bug: https://github.com/bagder/curl/issues/195 - Reported-by: cromestant - Help-by: Frank Gevaerts + Previously if HTTP/2 traffic is appended to HTTP Upgrade response header + (thus they are in the same buffer), the trailing HTTP/2 traffic is not + processed and lost. The appended data is most likely SETTINGS frame. + If it is lost, nghttp2 library complains server does not obey the HTTP/2 + protocol and issues GOAWAY frame and curl eventually drops connection. + This commit fixes this problem and now trailing data is processed. -- [Jay Satiro brought this change] +Steve Holme (11 Nov 2014) +- configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined + + Commit fe0f8967bf fixed a problem with krb5 not being defined as a + supported feature when HAVE_GSSAPI is defined, however, it should + only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when + SPNEGO is listed as a feature. - cyassl: Fix library initialization return value +Daniel Stenberg (10 Nov 2014) +- multi: removed Curl_multi_set_easy_connection - (Curl_cyassl_init) - - Return 1 on success, 0 in failure. + It isn't used anywhere! - Prior to this change the fail path returned an incorrect value and the - evaluation to determine whether CyaSSL_Init had succeeded was incorrect. - Ironically that combined with the way curl_global_init tests SSL library - initialization (!Curl_ssl_init()) meant that CyaSSL having been - successfully initialized would be seen as that even though the code path - and return value in Curl_cyassl_init were wrong. + Reported-by: Carlo Wood -- [Thomas Ruecker brought this change] +- [Peter Wu brought this change] - CURLOPT_HTTP200ALIASES.3: Mainly SHOUTcast servers use "ICY 200" - - Icecast versions 1.3.0 through 1.3.12 would reply with "ICY 200" - under certain conditions: + symbol-scan.pl: do not require autotools - client_wants_icy_headers (connection_t *con) - { - const char *val; + Makes test1119 pass when building with cmake. - if (!con) - return 1; + configurehelp.pm is generated by configure (autotools). As cmake does + not provide a separate variable for the C preprocessor, default to cpp. + Before commit ef24ecde68a5f577a7f0f423a767620f09a0ab16 ("symbol-scan: + use configure script knowledge about how to run the C preprocessor"), + this tool would also use 'cpp'. - val = get_user_agent (con); - if (!val || !val[0] || strcmp (val, "(null)") == 0) - return 1; + Signed-off-by: Peter Wu + +- [Peter Wu brought this change] + + cmake: add ENABLE_THREADED_RESOLVER, rename ARES - if (con->food.client->use_icy) - return 1; - if (strncasecmp (val, "winamp", 6) == 0) - return 1; - if (strncasecmp (val, "Shoutcast", 9) == 0) - return 1; + Fix detection of the AsynchDNS feature which not just depends on + pthreads support, but also on whether USE_POSIX_THREADS is set or not. + Caught by test 1014. - return 0; - } + This patch adds a new ENABLE_THREADED_RESOLVER option (corresponding to + --enable-threaded-resolver of autotools) which also needs a check for + HAVE_PTHREAD_H. - So mainly if there is no 'user agent' or it is '(null)' or contains - 'winamp' or 'Shoutcast'. + For symmetry with autotools, CURL_USE_ARES is renamed to ENABLE_ARES + (--enable-ares). Checks that test for the availability actually use + USE_ARES instead as that is the result of whether a-res is available or + not (in practice this does not matter as CARES is marked as required + package, but nevertheless it is better to write the intent). - No mainstream distribution carries Icecast 1.3.x anymore, after all - it was released in 2002 and superseded by Icecast 2.x. + Signed-off-by: Peter Wu -Dan Fandrich (31 Mar 2015) -- axtls: add timeout within Curl_axtls_connect +- [Peter Wu brought this change] + + cmake: build libhostname for test suite + + Used by some test cases via LD_PRELOAD in order to fake the host name. - This allows test 405 to pass on axTLS. + Signed-off-by: Peter Wu -Daniel Stenberg (30 Mar 2015) -- [Jay Satiro brought this change] +- [Peter Wu brought this change] - checksrc: Windows-specific input fixes - - lib/config-win32ce.h - - Fix whitespace for checksrc compliance. + cmake: fix HAVE_GETHOSTNAME definition - lib/checksrc.pl - - Remove trailing carriage returns from input. + Otherwise Curl_gethostname always fails. Windows has gethostname + since Vista according to + http://msdn.microsoft.com/en-us/library/ms738527%28VS.85%29.aspx, but + accordings to byte_bucket's VC 2005 documentation, it is available even + in Windows 95. (possibly after installing a Platform SDK, the + Windows Server 2003 SP1 Platform SDK should be sufficient). - projects/checksrc.bat - - Ignore tool_hugehelp.c. + Signed-off-by: Peter Wu -- [Dagobert Michelsen brought this change] +- [Peter Wu brought this change] - configure: Use KRB5CONFIG for krb5-config + tests: fix libhostname visibility - Allows the user to easier override its path. + I noticed that a patched cmake build would pass tests with a fake local + hostname, but the autotools build skips them: - Bug: http://curl.haxx.se/bug/view.cgi?id=1486 - -- multi: remove_handle: move pending connections + got unexpected host name back, LD_PRELOAD failed - If the handle removed from the multi handle happens to be the one - "owning" the pipeline other transfers will be waiting indefinitely. Now - we move such handles back to connect to have them race (again) for - getting the connection and thus avoid hanging. + It turns out that -fvisibility=hidden hides the symbol, and since the + tests are not part of libcurl, it fails too. Just remove the LIBCURL + guard. - Bug: http://curl.haxx.se/bug/view.cgi?id=1465 - Reported-by: Jiri Dvorak - -- KNOWN_BUGS: 89 is bug #1411 + Broken since cURL 7.30 (commit 83a42ee20ea7fc25abb61c0b7ef56ebe712d7093, + "curl.h: stricter CURL_EXTERN linkage decorations logic"). - Disabling pipelining on multi handle with in-progress pipelined requests - leads to heap corruption and crash + Signed-off-by: Peter Wu -- [Jay Satiro brought this change] +- [Peter Wu brought this change] - cyassl: CTX callback cosmetic changes and doc fix + tests: fix memleak in server/resolve.c - - More descriptive fail message for NO_FILESYSTEM builds. - - Cosmetic changes. - - Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific. - -- RELEASE-NOTES: synced with d2feb71752f - -Dan Fandrich (28 Mar 2015) -- tool_operate: only set SSL options if SSL is enabled - -- runtests.pl: detect WolfSSL as yassl + This makes LeakSanitizer happy. + + Signed-off-by: Peter Wu -Daniel Stenberg (27 Mar 2015) -- [Kyle L. Huff brought this change] +- configure: assume krb5 when gss-api works + + To please test 1014 while we work out if this is truly the a correct + assumption. - cyassl: add SSL context callback support for CyaSSL +Steve Holme (9 Nov 2014) +- vtls.h: Fixed compiler warning when compiled without SSL - Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better - handles CyaSSL instances using NO_FILESYSTEM. + vtls.c:185:46: warning: unused parameter 'data' -- [Kyle L. Huff brought this change] +- RELEASE-NOTES: Synced with 2fbf23875f - cyassl: remove undefined reference to CyaSSL_no_filesystem_verify +- ntlm: Added separate SSPI based functions - CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or - CyaSSL. This reference causes build errors when compiling with - NO_FILESYSTEM. + In preparation for moving the NTLM message code into the SASL module, + and separating the native code from the SSPI code, added functions that + simply call the functions in curl_ntlm_msg.c. -- [Jay Satiro brought this change] +- http_ntlm: Use the SASL functions instead + + In preparation for moving the NTLM message code into the SASL module + use the SASL functions in the HTTP code instead. - build: Fix libcurl.sln erroneous mixed configurations +Daniel Stenberg (9 Nov 2014) +- libssh2: detect features based on version, not configure checks - Prior to this change some Release configurations had an active - configuration assignment to their Debug counterpart. + ... so that non-configure builds get the correct functions too based on + the libssh2 version used. -- [Jay Satiro brought this change] +- [Nobuhiro Ban brought this change] - vtls: Don't accept unknown CURLOPT_SSLVERSION values + SSH: use the port number as well for known_known checks + + ... if the libssh2 version is new enough. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1448 -- [Jay Satiro brought this change] +Steve Holme (9 Nov 2014) +- INSTALL: Updated pre-processor references to the old VC6 project files + + Reworked the two sections that discuss modifying the Visual Studio pre- + processor settings, and vc6libcurl.dsw/vc6libcurl.dsp, to remove the + project files references as they have been superseded by a more thorough + set of project files for VC6 through VC12, but to also give the correct + reference to this setting in later versions of Visual Studio. - url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined +- INSTALL: Added email protocols to the "Disabling in Win32 builds" section -- [Paul Howarth brought this change] +- configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined - build: link curl to openssl libraries when openssl support is enabled +- build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined - This fixes a build failure where openssl and libmetalink are used - together and the system linker does not do implicit linking (e.g. - Fedora 13 and later releases). The MD5 functions required for - metalink support must be pulled in from the openssl crypto library. + USE_NTLM would only be defined if: HTTP support was enabled, NTLM and + cryptography weren't disabled, and either a supporting cryptography + library or Windows SSPI was being compiled against. - This is similar to commit c6e7cbb94e669b85d3eb8e015ec51d0072112133, - which fixes the same sort of problem for NSS builds. - -- multi: on a request completion, check all CONNECT_PEND transfers + This means it was not possible to build libcurl without HTTP support + and use NTLM for other protocols such as IMAP, POP3 and SMTP. Rather + than introduce a new SASL pre-processor definition, removed the HTTP + prerequisite just like USE_SPNEGO and USE_KRB5. - ... even if they don't have an associated connection anymore. It could - leave the waiting transfers pending with no active one on the - connection. + Note: Winbind support still needs to be dependent on CURL_DISABLE_HTTP + as it is only available to HTTP at present. - Bug: http://curl.haxx.se/bug/view.cgi?id=1465 - Reported-by: Jiri Dvorak - -- [Emil Lerner brought this change] + This bug dates back to August 2011 when I started to add support for + NTLM to SMTP. - globbing: fix url number calculation when using range with step +- ntlm: Removed an unnecessary free of native Target Info - In function glob_range, the number of urls was multiplied by (max - min - + 1), regardless of step. The correct formula is (max - min) / step + 1 + Due to commit 40ee1ba0dc the free in Curl_ntlm_decode_type2_target() is + longer required. -- README.http2: refreshed and added TODO items +- ntlm: Moved the native Target Info clean-up from HTTP specific function -- [Emil Lerner brought this change] - - globbing: fix step parsing for character globbing ranges - - The glob_range function used wrong offset (3 instead of 4) for parsing - integer step inside character range specification, which led to 'bad - range' error when using character ranges with explicitly specified step - (such as '[a-z:2]') +- ntlm: Moved SSPI clean-up code into SASL module -- polarssl: called mbedTLS in 1.3.10 and later +- Makefile.dist: Added support for WinIDN -- polarssl: remove dead code - - and simplify code by changing if-elses to a switch() - - CID 1291706: Logically dead code. Execution cannot reach this statement +- Makefile.vc6: Added support for WinIDN -- polarssl: remove superfluous for(;;) loop - - "unreachable: Since the loop increment is unreachable, the loop body - will never execute more than once." - - Coverity CID 1291707 +- Makefile.dist: Added some missing SSPI configurations -- Curl_ssl_md5sum: return CURLcode - - ... since the funciton can fail on OOM. Check this return code. - - Coverity CID 1291705. +- Makefile.dist: Separated the groups of SSL configurations from each other -- [Jay Satiro brought this change] +- Makefile.dist: Grouped the x64 configurations next to their x86 counterparts - cyassl: default to highest possible TLS version - - (cyassl_connect_step1) - - Use TLS 1.0-1.2 by default when available. +- curl.h: Tidy up of CURL_VERSION_* flags - CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade - version. - - cyassl/cyassl@322f79f + As the list has gotten a little messy and hard to read, especially with + the introduction of deprecated items, aligned the values and comments + into clean columns and reworked some of the comments in the process. -- [Jay Satiro brought this change] +- curl_tool: Added krb5 to the supported features - cyassl: Check for invalid length parameter in Curl_cyassl_random +- configure: Added krb5 to the supported features -- [Jay Satiro brought this change] +- version info: Added Kerberos V5 to the supported features - cyassl: If wolfSSL then identify as such in version string +Guenter Knauf (7 Nov 2014) +- mk-ca-bundle.vbs: switch to new certdata.txt url. -Dan Fandrich (24 Mar 2015) -- symbols-in-versions: added CURLOPT_PATH_AS_IS +Steve Holme (7 Nov 2014) +- RELEASE-NOTES: Synced with dcad09e125 -- testcurl.pl: add the --notes option to supply more info about a build +- http_digest: Fixed some memory leaks introduced in commit 6f8d8131b1 - Support for notes has been in place for a while, but it required - being added to the setup file manually. + Fixed a couple of memory leaks as a result of moving code that used to + populate allocuserpwd and relied on it's clean up. + +- docs: Updated following the addition of SSPI based HTTP digest auth -- curl_memory: make curl_memory.h the second-last header file loaded +- sasl_sspi: Tidy up of the existing digest code - This header file must be included after all header files except - memdebug.h, as it does similar memory function redefinitions and can be - similarly affected by conflicting definitions in system or dependent - library headers. + Following the addition of SSPI support for HTTP digest, synchronised + elements of the email digest code with that of the new HTTP code. -Daniel Stenberg (24 Mar 2015) -- openssl: do the OCSP work-around for libressl too +- http_digest: Post SSPI support tidy up - I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to - still require the work-around for stapling to work. + Post tidy up to ensure commonality of code style and variable names. -- openssl: verifystatus: only use the OCSP work-around <= 1.0.2a +Dan Fandrich (6 Nov 2014) +- test552: Don't run HTTP digest tests for SSPI based builds - URL: http://curl.haxx.se/mail/lib-2015-03/0205.html - Reported-by: Alessandro Ghedini + Technical difficulties prevented this from going into the + previous commit. -- openssl: adapt to ASN1/X509 things gone opaque in 1.1 +Steve Holme (6 Nov 2014) +- tests: Don't run HTTP digest tests for SSPI based builds + + Added !SSPI to the features list of the HTTP digest tests, as SSPI + based builds now use the Windows SSPI messaging API rather than the + internal functions, and we can't control the random numbers that get + used as part of the digest. -Dan Fandrich (24 Mar 2015) -- [Jay Satiro brought this change] +Daniel Stenberg (6 Nov 2014) +- curl.1: show zone index use in a URL - curl_easy_setopt.3: Fix misspelling in CURLOPT_PATH_AS_IS description +Steve Holme (6 Nov 2014) +- http_digest: Fixed auth retry loop when SSPI based authentication fails -- [Viktor Szakáts brought this change] +- http_digest: Reworked the SSPI based input token storage + + Reworked the input token (challenge message) storage as what is passed + to the buf and desc in the response generation are typically blobs of + data rather than strings, so this is more in keeping with other areas + of the SSPI code, such as the NTLM message functions. - CURLOPT_HTTPHEADER.3: fix typo in recent commit +- sasl_sspi: Fixed compilation warning from commit 2d2a62e3d9 + + Added void reference to unused 'data' parameter back to fix compilation + warning. -- [Viktor Szakáts brought this change] +- sspi: Align definition values to even columns as we use 2 char spacing - CURLOPT_PATH_AS_IS.3: add type 'long' to prototype +- sspi: Fixed missing definition of ISC_REQ_USE_HTTP_STYLE + + Some versions of Microsoft's sspi.h don't define this. -- vtls: fix compile with --disable-crypto-auth but with SSL +- sasl: Removed non-SSPI Digest functions and defines from SSPI based builds - This is a strange combination of options, but is allowed. + Introduced in commit 7e6d51a73c these functions and definitions are only + required by the internal challenge-response functions now. -Patrick Monnerat (24 Mar 2015) -- os400: define new options in ILE/RPG binding. +- sasl_sspi: Added HTTP digest response generation code -Daniel Stenberg (24 Mar 2015) -- RELEASE-NOTES: synced with f6878609361 +- http_digest: Added SSPI based challenge decoding code -- curl_easy_setopt.3: Add CURLOPT_PATH_AS_IS +- http_digest: Added SSPI based clean-up code -- CURLOPT_PATH_AS_IS: added - - --path-as-is is the command line option +- http_digest: Added SSPI based authentication functions - Added docs in curl.1 and CURLOPT_PATH_AS_IS.3 + This temporarily breaks HTTP digest authentication in SSPI based builds, + causing CURLE_NOT_BUILT_IN to be returned. A follow up commit will + resume normal operation. + +- http_digest: Added required SSPI based variables to digest structure + +Daniel Stenberg (6 Nov 2014) +- [Frank Gevaerts brought this change] + + contributors.sh: --releasenotes reads in names from RELEASE-NOTES - Added test in test 1241 + This is very handy when updating the RELEASE-NOTES as then we sometimes + have names added manually in the existing list and we use this script to + update the set. -- [Yamada Yasuharu brought this change] +- RELEASE-NOTES: synced with 68542e72a9 - curl_easy_recv/send: make them work with the multi interface +- curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY - By making sure Curl_getconnectinfo() uses the correct connection cache - to find the last connection. + Reported-by: Christian Hägele + Bug: http://curl.haxx.se/mail/lib-2014-11/0078.html -- http2: move the init too for when its actually needed +Steve Holme (5 Nov 2014) +- build: Fixed Visual Studio project file generation of strdup.[c|h] - ... it would otherwise lead to memory leakage if we never actually do - the switch. + As the curl command-line tool now includes it's own version of strdup(), + for platforms that don't have it, fixed up the git respository Visual + Studio project file generator to not include the version from lib in the + tool project files, rather than having both lib\strdup.[c|h] and + src\tool_strdup.[c|h] present. -Dan Fandrich (23 Mar 2015) -- dict: rename byte to avoid compiler shadowed declaration warning +Daniel Stenberg (5 Nov 2014) +- tool_strdup.c: include the tool strdup.h - This conflicted with a WolfSSL typedef. + ... not the lib/ one that the tool no longer uses! -- cyassl: include version.h to ensure the version macros are defined +- THANKS-filter: added another Michał Górny version we've used -- test1513: eliminated race condition in test run +- contributors.sh: split lists using " and " - It seems that some systems (e.g. fairly consistently in some recent - Solaris autobuilds) would manage to get to the connect phase before the - progress callback was called, resulting in a CURLE_COULDNT_CONNECT - error. Reworked the test to point at a test server that never returns a - full result so the progress callback always gets a chance to be called - before the transfer can complete in some other way. + ... and require the space after the filtering to make the filter able to + remove names. -Nick Zitzmann (21 Mar 2015) -- darwinsssl: add support for TLS False Start - - TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later. +Steve Holme (5 Nov 2014) +- http_digest: Fixed memory leaks from commit 6f8d8131b1 -Daniel Stenberg (21 Mar 2015) -- gtls: add check of return code +- sasl: Fixed compilation warning from commit 25264131e2 - Coverity CID 1291167 pointed out that 'rc' was received but never used when - gnutls_credentials_set() was used. Added return code check now. - -- gtls: dereferencing NULL pointer + Added forward declaration of digestdata to overcome the following + compilation warning: - Coverity CID 1291165 pointed out 'chainp' could be dereferenced when - NULL if gnutls_certificate_get_peers() had previously failed. - -- gtls: avoid uninitialized variable. + warning: 'struct digestdata' declared inside parameter list - Coverity CID 1291166 pointed out that we could read this variable - uninitialized. + Additionally made the ntlmdata forward declaration dependent on + USE_NTLM similar to how digestdata and kerberosdata are. -Dan Fandrich (21 Mar 2015) -- tests/certs: rebuild certificates with modified key usage bits +- sasl: Fixed HTTP digest challenges with spaces between auth parameters - The certificates were missing the digitalSignature and keyAgreement - usage types, of which at least digitalSignature was checked by CyaSSL. - This caused the test server in test 310 (among others) to fail the - startup verification and therefore run (see - http://curl.haxx.se/mail/lib-2014-07/0303.html). + Broken as part of the rework, in commit 7e6d51a73c, to assist with the + addition of HTTP digest via Windows SSPI. -- tests/certs: added make target to rebuild certificates +- http_digest: Fixed compilation errors from commit 6f8d8131b1 - The certificate generation scripts were also updated to better match the - format of the certificates currently checked in. + error: invalid operands to binary + warning: pointer targets in assignment differ in signedness -Daniel Stenberg (21 Mar 2015) -- x509asn1: add /* fallthrough */ in switch() case +- http_digest: Moved response generation into SASL module -- x509asn1: minor edit to unconfuse Coverity - - CID 1202732 warns on the previous use, although I cannot fine any - problems with it. I'm doing this change only to make the code use a more - familiar approach to accomplish the same thing. +- http_digest: Moved challenge decoding into SASL module -- [Dagobert Michelsen brought this change] +- http_digest: Moved clean-up function into SASL module - testcurl: Allow '=' in values given on command line +- http_digest: Moved algorithm definitions to SASL module -- nss: error: unused variable 'connssl' +- [Gisle Vanem brought this change] -Dan Fandrich (21 Mar 2015) -- test938: added missing closing tags + ssh: Fixed build on platforms where R_OK is not defined + + Bug: http://curl.haxx.se/mail/lib-2014-11/0035.html + Reported-by: Jan Ehrhardt -- cyassl: use new library version macro when available +- strdup: Removed irrelevant comment + + ...as Curl_memdup() duplicates an area of fix size memory, that may be + binary, and not a null terminated string. -Kamil Dudka (20 Mar 2015) -- [Alessandro Ghedini brought this change] +- url.c: Fixed compilation warning + + conversion from 'curl_off_t' to 'size_t', possible loss of data - curl: add --false-start option +- http_digest: Use CURLcode instead of CURLdigest + + To provide consistent behaviour between the various HTTP authentication + functions use CURLcode based error codes for Curl_input_digest() + especially as the calling code doesn't use the specific error code just + that it failed. -- [Alessandro Ghedini brought this change] +Daniel Stenberg (5 Nov 2014) +- contributors.sh: filter common alternative name spellings + + docs/THANKS-filter is a new filter file for converting contributor names + we get or have recorded in alternative formats to the one we already use + in THANKS. To help us show individual contributors using a single + presentation of their names. - nss: add support for TLS False Start +- THANKS: added missing contributor from 2012 -- [Alessandro Ghedini brought this change] +- [Frank Gevaerts brought this change] - url: add CURLOPT_SSL_FALSESTART option + Remove duplicate names. - This option can be used to enable/disable TLS False Start defined in the RFC - draft-bmoeller-tls-falsestart. + The removed names also appear as: + Andrés García, François Charlier, Gökhan Şengün, Michał Górny, Sébastien + Willemijns, Christopher Conroy, John E. Malmberg, Luca Altea, Peter Su, + S. Moonesamy, Samuel Listopad, Yasuharu Yamada, Karl Moerder -Patrick Monnerat (20 Mar 2015) -- [Alessandro Ghedini brought this change] - - gtls: implement CURLOPT_CERTINFO - -Daniel Stenberg (20 Mar 2015) -- [Alessandro Ghedini brought this change] +Steve Holme (5 Nov 2014) +- sspi: Define authentication package name constants + + These were previously hard coded, and whilst defined in security.h, + they may or may not be present in old header files given that these + defines were never used in the original code. + + Not only that, but there appears to be some ambiguity between the ANSI + and UNICODE NTLM definition name in security.h. - openssl: try to avoid accessing OCSP structs when possible +Patrick Monnerat (5 Nov 2014) +- Adjust OS400-specific support to last release -- CURLOPT_URL.3: spelling! +Daniel Stenberg (5 Nov 2014) +- THANKS: added two missing names and removed a duplicate + + ./contributors.sh found these extra ones that somehow had fallen + through the cracks and never gotten added here. Reported-by: Frank Gevaerts -- CURLOPT_URL.3: Added "SECURITY CONCERNS" +- bump: towards next release -- CURLOPT_HTTPHEADER.3: add a "SECURITY CONCERNS" section +- THANKS: added names from 7.39.0 release notes -Dan Fandrich (19 Mar 2015) -- cyassl: detect the library as renamed wolfssl - - This change was made in CyaSSL/WolfSSL ver. 3.4.0 +Version 7.39.0 (5 Nov 2014) -Daniel Stenberg (19 Mar 2015) -- HTTP: don't switch to HTTP/2 from 1.1 until we get the 101 +Daniel Stenberg (5 Nov 2014) +- RELEASE-NOTES: 7.39.0 release (commit b3875606925) + +- curl_easy_duphandle: CURLOPT_COPYPOSTFIELDS read out of bounds - We prematurely changed protocol handler to HTTP/2 which made things very - slow (and wrong). + When duplicating a handle, the data to post was duplicated using + strdup() when it could be binary and contain zeroes and it was not even + zero terminated! This caused read out of bounds crashes/segfaults. - Reported-by: Stefan Eissing - Bug: https://github.com/bagder/curl/issues/169 - -Dan Fandrich (19 Mar 2015) -- axtls: version 1.5.2 now requires that config.h be manually included - -Daniel Stenberg (19 Mar 2015) -- metalink: fix resource leak in OOM + Since the lib/strdup.c file no longer is easily shared with the curl + tool with this change, it now uses its own version instead. - Coverity CID 1288826 + Bug: http://curl.haxx.se/docs/adv_20141105.html + CVE: CVE-2014-3707 + Reported-By: Symeon Paraschoudis -Dan Fandrich (18 Mar 2015) -- docs/libcurl: clean up libcurl-symbols.3 +- lib544.c: use duphandle for test 545 + + To verify that curl_easy_duphandle() works fine on a handle that has + gotten data stored with *_COPYPOSTFIELDS. -- docs/libcurl: check that all options with man pages are referenced +- tests: add new feature 'SSLpinning' - If a man page exists in the opts/ directory, it must also be referenced - either in curl_easy_setopt.3 or curl_multi_setopt.3 + ... and make test 2034 and 2035 require it, and have it set when built + with OpenSSL or GnuTLS. -- curl_easy_setopt.3: added a few missing options +- buildconf: update copyright year -Kamil Dudka (18 Mar 2015) -- nss: explicitly tell NSS to disable NPN/ALPN +Steve Holme (4 Nov 2014) +- INSTALL: Consistent spacing in section headings, paragraphs and examples + +Daniel Stenberg (4 Nov 2014) +- buildconf: stop checking for libtool - ... if disabled at libcurl level. Otherwise, we would allow to - negotiate NPN despite curl was invoked with the --no-npn option. + As we only use libtoolize, only check for that! -Daniel Stenberg (18 Mar 2015) -- [Jay Satiro brought this change] +Steve Holme (4 Nov 2014) +- INSTALL: Corrected MIT Kerberos and Heimdal package names - mkhelp: Remove trailing carriage return from every line of input +- README: Corrected inconsistent use of --help + +- INSTALL: Use GSS-API rather than GSSAPI - - Get rid of this flood of warnings in Windows mingw build: - warning: missing terminating " character + As implementations are refereed to GSS-API libraries as per the RFC and + GSSAPI typically refers to the SASL authentication mechanism. - The warning is due to the carriage return. When msysgit checks out files - from the repo by default it converts the line endings to CRLF. Prior to - this change when mkhelp.pl processed the MANUAL and curl.1 in CRLF - format the trailing carriage returns caused unnecessary CR in the - output. + ...and minor rewording on the same paragraph. -- RELEASE-NOTES: synced with e539f01567 +- README: Added note about using Visual Studio projects out of git repository -- [Christian Weisgerber brought this change] +Daniel Stenberg (4 Nov 2014) +- [K. R. Walker brought this change] - docs/libcurl: make portability fix + cmake: fix ZLIB_INCLUDE_DIRS use - Using $< in a non-suffix rule context is a GNU make idiom. This bug was - introduced in 7.41.0. - -Dan Fandrich (17 Mar 2015) -- checksrc: Fix whitelist on out-of-tree builds - -Daniel Stenberg (17 Mar 2015) -- [Stefan Bühler brought this change] + CMake 2.8's FindZLIB.cmake documents ZLIB_INCLUDE_DIRS, see + http://www.cmake.org/cmake/help/v2.8.0/cmake.html#module:FindZLIB + + Bug: https://github.com/bagder/curl/pull/123 - Curl_sh_entry: remove unused 'timestamp' +- [Jay Satiro brought this change] -- HTTP: don't use Expect: headers when on HTTP/2 + SSL: PolarSSL default min SSL version TLS 1.0 - Reported-by: Stefan Eissing - Bug: https://github.com/bagder/curl/issues/169 + - Prior to this change no SSL minimum version was set by default at + runtime for PolarSSL. Therefore in most cases PolarSSL would probably + have defaulted to a minimum version of SSLv3 which is no longer secure. -- checksrc: detect and remove space before trailing semicolons +- opts-Makefile: put more man pages into dist and make hmtl+pdf -- checksrc: introduce a whitelisting concept +- curl_multi_setopt.3: refer to stand-alone pages + + ... instead of duplicating info. -- checksrc: use space after comma +- opts: more multi options as stand-alone man pages -- checksrc: use space before paren in "return (expr);" +- Makefile.am: two cmake files are gone + + 8cb010144 removed the CurlCheckCSourceCompiles.cmake and + CurlCheckCSourceRuns.cmake files -- CONTRIBUTE: refer to git log instead of deprecated CHANGES file +- opts: made stand-alone man-pages for several multi options -- CURLOPT_*.3: more examples and edits +- [Carlo Wood brought this change] -- CURLOPT_*.3: added lots of small example sections + Curl_single_getsock: fix hold/pause sock handling + + The previous condition that checked if the socket was marked as readable + when also adding a writable one, was incorrect and didn't take the pause + bits properly into account. -- CURLOPT_PRIVATE.3: provide an example +- [Peter Wu brought this change] -- CURLOPT_*TIMEOUT.3: provide examples + cmake: fix struct sockaddr_storage check + + CHECK_TYPE_SIZE_PREINCLUDE is an internal, undocumented variable which + was removed in cmake 2.8.1. According to the MSDN docs[1], inclusion + of winsock2.h is sufficient. WIN32_LEAN_AND_MEAN does not really seem + to affect the tests, so remove it too[2]. + + For the non-windows case, remove inet headers as POSIX only requires + sys/socket.h. + + [1]: http://msdn.microsoft.com/en-us/library/windows/desktop/ms740504%28v=vs.85%29.aspx + [2]: http://stackoverflow.com/questions/11040133/what-does-defining-win32-lean-and-mean-exclude-exactly + + Signed-off-by: Peter Wu -- CURLOPT_USERAGENT.3: added an example +- [Peter Wu brought this change] -- CURLOPT_STDERR.3: added an example + cmake: clean OtherTests, fixing -Werror + + There were several -Wunused warnings and one duplicate macro definition. + The EXTRA_DEFINES variable of the CurlCheckCSources macro was being + abused ("__unused1\n#undef inline\n#define __unused2", seriously?) to + insert extra C code. Avoid this broken abstraction and use cmake's + check_c_source_compiles directly (works fine with CMake 2.8, maybe + even cmake 2.6). + + After cleaning up all related variables (EXTRA_DEFINES, + HEADER_INCLUDES, auxiliary headers_hack), also remove a duplicate + add_headers_include macro and remove duplicate header additions before + the struct timeval check. + + Oh, and now the code is converted to use CheckCSourceRuns and + CheckCSourceCompiles, the two curl-specific helpers can be removed. + Unfortunately, the cmake output is now slightly more verbose. Before: + + Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) + Performing Test int send(int, const void *, size_t, int) (curl_cv_func_send_test) - Failed + + Since check_c_source_compiles prints the varname, now you see: + + Performing Test curl_cv_func_send_test + Performing Test curl_cv_func_send_test - Failed + Tested: int send(int, const void *, size_t, int) + + Compared cmake output with each other using vimdiff, no functional + differences were found. Tested with GCC 4.9.1 and Clang 3.5.0. + + Signed-off-by: Peter Wu -- curl_easy_perform.3: remove superfluous close brace from example +- [Peter Wu brought this change] -- free: instead of Curl_safefree() + cmake: fix gethostby{addr,name}_r in CurlTests + + This patch cleans up the automatically-generated (?) code and fixes one + case that will always fail due to syntax error. - Since we just started make use of free(NULL) in order to simplify code, - this change takes it a step further and: + HAVE_GETHOSTBYADDR_R_5_REENTRANT always failed because of a trailing + character ("int length;q"). Several parameter type and unused variable + warnings popped up. This causes a detection failure with -Werror. - - converts lots of Curl_safefree() calls to good old free() - - makes Curl_safefree() not check the pointer before free() + Observe that the REENTRANT cases are exactly the same as their + non-REENTRANT cases except for a `_REENTRANT` macro definition. + Merge all these pieces and build one big main function with different + cases, but reusing variables where logical. - The (new) rule of thumb is: if you really want a function call that - frees a pointer and then assigns it to NULL, then use Curl_safefree(). - But we will prefer just using free() from now on. + For the cases where the parameters where NULL, I looked at + lib/hostip4.c to get an idea of the parameters types. + + void-cast variables such as 'rc' to avoid -Wuninitialized errors. + + Signed-off-by: Peter Wu -- [Markus Elfring brought this change] +- [Peter Wu brought this change] - Bug #149: Deletion of unnecessary checks before a few calls of cURL functions + cmake: drop _BSD_SOURCE macro usage - The following functions return immediately if a null pointer was passed. - * Curl_cookie_cleanup - * curl_formfree + autotools does not use features.h nor _BSD_SOURCE. As this macro + triggers warnings since glibc 2.20, remove it. It should not have + functional differences. - It is therefore not needed that a function caller repeats a corresponding check. + Signed-off-by: Peter Wu + +Steve Holme (2 Nov 2014) +- RELEASE-NOTES: Synced with d71ea7c01e - This issue was fixed by using the software Coccinelle 1.0.0-rc24. + Additionally, updated "GSSAPI" to "GSS-API" for a Cmake related change + as GSSAPI can be confused with the authentication mechanism rather than + a GSS-API implementation library such as MIT or Heimdal. + +- build: Added WinIDN build configuration options - Signed-off-by: Markus Elfring + Added support for WinIDN build configurations to the VC6 project files. -- [Markus Elfring brought this change] +- build: Added WinIDN build configuration options + + Added support for WinIDN build configurations to the VC7 and VC7.1 + project files. - Bug #149: Deletion of unnecessary checks before calls of the function "free" +- build: Fixed the pre-processor separator in Visual Studio project files + + A left over from the VC6 project files, so mainly cosmetic in Visual + Studio .NET as it can handle both comma and semi-colon characters for + separating multiple pre-processor definitions. - The function "free" is documented in the way that no action shall occur for - a passed null pointer. It is therefore not needed that a function caller - repeats a corresponding check. - http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first + However, the IDE uses semi-colons if the value is edited, and as such, + this may cause problems in future for anyone updating the files or + merging patches. - This issue was fixed by using the software Coccinelle 1.0.0-rc24. + Used the Visual Studio IDE to correct the separator character. + +- build: Added optional specific version generation of VC project files - Signed-off-by: Markus Elfring + ..when working from the git repository. This is particularly useful + for single development environments where the project files for all + supported versions of Visual Studio may not be required. - [Jay Satiro brought this change] - connect: Fix happy eyeballs logic for IPv4-only builds - - Bug: https://github.com/bagder/curl/pull/168 - - (trynextip) - - Don't try the "other" protocol family unless IPv6 is available. In an - IPv4-only build the other family can only be IPv6 which is unavailable. - - This change essentially stops IPv4-only builds from attempting the - "happy eyeballs" secondary parallel connection that is supposed to be - used by the "other" address family. - - Prior to this change in IPv4-only builds that secondary parallel - connection attempt could be erroneously used by the same family (IPv4) - which caused a bug where every address after the first for a host could - be tried twice, often in parallel. This change fixes that bug. An - example of the bug is shown below. - - Assume MTEST resolves to 3 addresses 127.0.0.2, 127.0.0.3 and 127.0.0.4: - - * STATE: INIT => CONNECT handle 0x64f4b0; line 1046 (connection #-5000) - * Rebuilt URL to: http://MTEST/ - * Added connection 0. The cache now contains 1 members - * STATE: CONNECT => WAITRESOLVE handle 0x64f4b0; line 1083 - (connection #0) - * Trying 127.0.0.2... - * STATE: WAITRESOLVE => WAITCONNECT handle 0x64f4b0; line 1163 - (connection #0) - * Trying 127.0.0.3... - * connect to 127.0.0.2 port 80 failed: Connection refused - * Trying 127.0.0.3... - * connect to 127.0.0.3 port 80 failed: Connection refused - * Trying 127.0.0.4... - * connect to 127.0.0.3 port 80 failed: Connection refused - * Trying 127.0.0.4... - * connect to 127.0.0.4 port 80 failed: Connection refused - * connect to 127.0.0.4 port 80 failed: Connection refused - * Failed to connect to MTEST port 80: Connection refused - * Closing connection 0 - * The cache now contains 0 members - * Expire cleared - curl: (7) Failed to connect to MTEST port 80: Connection refused - - The bug was born in commit bagder/curl@2d435c7. - -- mksymbolsmanpage.pl: use std header and generate better nroff header + build-openssl.bat: Fix x64 release build + + Prior to this change if x64 release was specified a failed attempt was + made to build x86 release instead. -- [Frank Meier brought this change] +- CURLOPT_XOAUTH2_BEARER.3: Corrected the OAuth version number - closesocket: call multi socket cb on close even with custom close - - In function Curl_closesocket() in connect.c the call to - Curl_multi_closed() was wrongly omitted if a socket close function - (CURLOPT_CLOSESOCKETFUNCTION) is registered. +- CURLOPT_SASL_IR.3: Added supported mechanism information - That would lead to not removing the socket from the internal hash table - and not calling the multi socket callback appropriately. - - Bug: http://curl.haxx.se/bug/view.cgi?id=1493 + ...and removed duplication of what protocols are supported from the + description text. -- [Tobias Stoeckmann brought this change] +- opts: Use common wording for MAIL related names - hostip: Fix signal race in Curl_resolv_timeout. +- opts: Use common wording for TLS user/password option names - A signal handler for SIGALRM is installed in Curl_resolv_timeout. It is - configured to interrupt system calls and uses siglongjmp to return into - the function if alarm() goes off. + ...and revised the proxy wording a little as well. + +- CURLOPT_MAXCONNECTS.3: Reworked the description to be less confusing - The signal handler is installed before curl_jmpenv is initialized. - This means that an already installed alarm timer could trigger the - newly installed signal handler, leading to undefined behavior when it - accesses the uninitialized curl_jmpenv. + ...and corrected a related typo in curl_easy_setopt.3. + +Guenter Knauf (2 Nov 2014) +- RELEASE-NOTES: removed obsolete entry; fixed entry. + +Steve Holme (2 Nov 2014) +- RELEASE-NOTES: Synced with e7da67f5d3 + +- docs: Added mention of Kerberos for CURL_VERSION_SSPI - Even if there is no previously installed alarm available, the code in - Curl_resolv_timeout itself installs an alarm before the environment is - fully set up. If the process is sent into suspend right after that, the - signal handler could be called too early as in previous scenario. + As this has been present for SOCKSv5 proxy since v7.19.4 and for IMAP, + POP3 and SMTP authentication since v7.38.0. + +- CURL_VERSION_KERBEROS4: Mark as deprecated - To fix this, the signal handler should only be installed and the alarm - timer only be set after sigsetjmp has been called. + Support for Kerberos V4 was removed in v7.33.0. -- http2: detect prematures close without data transfered +- sasl: Fixed Kerberos V5 inclusion when CURL_DISABLE_CRYPTO_AUTH is used - ... by using the regular Curl_http_done() method which checks for - that. This makes test 1801 fail consistently with error 56 (which seems - fine) to that test is also updated here. + Typically the USE_WINDOWS_SSPI definition would not be used when the + CURL_DISABLE_CRYPTO_AUTH define is, however, it is still a valid build + configuration and, as such, the SASL Kerberos V5 (GSSAPI) authentication + data structures and functions would incorrectly be used when they + shouldn't be. - Reported-by: Ben Darnell - Bug: https://github.com/bagder/curl/issues/166 + Introduced a new USE_KRB5 definition that takes into account the use of + CURL_DISABLE_CRYPTO_AUTH like USE_SPNEGO and USE_NTLM do. -Dan Fandrich (13 Mar 2015) -- test320: Expect the Host header to be the first header +- openssl: Use 'CURLcode result' - Required for the test to work after a5d994941c2b. + More CURLcode fixes. -Daniel Stenberg (12 Mar 2015) -- RELEASE-NOTES: synced with 186e46d88dd - -- openssl: use colons properly in the ciphers list - - While the previous string worked, this is the documented format. +Daniel Stenberg (1 Nov 2014) +- resume: consider a resume from [content-length] to be OK - Reported-by: Richard Moore - -- openssl: sort the ciphers on strength + Basically since servers often then don't respond well to this and + instead send the full contents and then libcurl would instead error out + with the assumption that the server doesn't support resume. As the data + is then already transfered, this is now considered fine. - This makes curl pick better (stronger) ciphers by default. The strongest - available ciphers are fine according to the HTTP/2 spec so an OpenSSL - built curl is no longer rejected by string HTTP/2 servers. + Test case 1434 added to verify this. Test case 1042 slightly modified. - Bug: http://curl.haxx.se/bug/view.cgi?id=1487 + Reported-by: hugo + Bug: http://curl.haxx.se/bug/view.cgi?id=1443 -- [Fabian Keil brought this change] +Steve Holme (1 Nov 2014) +- openssl: Use 'CURLcode result' + + More standardisation of CURLcode usage and coding style. - test203[0-3]: Expect the Host header to be the first header +- openssl: Use 'CURLcode result' - Required for the tests to work after a5d994941c2b. + ...and some minor code style changes. + +- ftplistparser: We prefer 'CURLcode result' -- openssl: show the cipher selection to use +- opts: Use common wording for user/password option names -- http: always send Host: header as first header +- CURLOPT_CONNECT_ONLY.3: Removed "This option is implemented for..." text - ...after the method line: + As this is covered by the PROTOCOLS section and saves having to update + two parts of the document with the same information in future. + +- CURLOPT_GSSAPI_DELEGATION.3: Use GSS-API rather than GSSAPI - "Since the Host field-value is critical information for handling a - request, a user agent SHOULD generate Host as the first header field - following the request-line." / RFC 7230 section 5.4 + As implementations are refereed to GSS-API libraries as per the RFC and + GSSAPI typically refers to an authentication mechanism. + +- CURLOPT_CONNECT_ONLY.3: Fixed incomplete protocol list - Additionally, this will also make libcurl ignore multiple specified - custom Host: headers and only use the first one. Test 1121 has been - updated accordingly + Added missing IMAP to the protocol list. + +- code cleanup: Use 'CURLcode result' + +- curl_easy_setopt.3: Fixed lots of typos + +- curl_easy_setopt.3: Moved CURLOPT_DIRLISTONLY into PROTOCOL OPTIONS - Bug: http://curl.haxx.se/bug/view.cgi?id=1491 - Reported-by: Rainer Canavan + ...as this option affects more that just FTP. + +Guenter Knauf (30 Oct 2014) +- build: added Watcom support to build with WinSSL. -- [Alexander Pepper brought this change] +Daniel Stenberg (30 Oct 2014) +- CURLOPT_PINNEDPUBLICKEY.3: added details - mk-ca-bundle bugfix: Don't report SHA1 numbers with "-q". +Steve Holme (30 Oct 2014) +- CURLOPT_CUSTOMREQUEST.3: Fixed incomplete protocol list - Also unified printing to STDERR by creating the helper method "report". + Whilst the description included information about SMTP, the protocol + list only showed "TTP, FTP, IMAP, POP3". -- proxy: re-use proxy connections (regression) +- CURLOPT_DIRLISTONLY.3: Added information about the usage in POP3 + +Daniel Stenberg (29 Oct 2014) +- openssl: enable NPN separately from ALPN - When checking for a connection to re-use, a proxy-using request must - check for and use a proxy connection and not one based on the host - name! + ... and allow building with nghttp2 but completely without NPN and ALPN, + as nghttp2 can still be used for plain-text HTTP. - Added test 1421 to verify + Reported-by: Lucas Pardue + +- configure.ac: remove checks for OpenSSL NPN/ALPN funcs again - Bug: http://curl.haxx.se/bug/view.cgi?id=1492 + ... since the conditional in the code are now based on OpenSSL versions + instead to better support non-configure builds. -- [Jay Satiro brought this change] +- opts: added some "SEE ALSO" references - memanalyze.pl: handle free(NULL) +Steve Holme (29 Oct 2014) +- RELEASE-NOTES: Synced with 32913182dc -- [Jay Satiro brought this change] +- vtls.c: Fixed compilation warning + + conversion from 'size_t' to 'unsigned int', possible loss of data - .travis.yml: Change CI make test to make test-full +- sspi: Return CURLE_LOGIN_DENIED on AcquireCredentialsHandle() failure - - Change the continuous integration script to use 'make test-full' - instead of just 'make test' so that the diagnostic log output is - printed to stdout when a test fails. + Return a more appropriate error, rather than CURLE_OUT_OF_MEMORY when + acquiring the credentials handle fails. This is then consistent with + the code prior to commit f7e24683c4 when log-in credentials were empty. + +- sasl_sspi: Allow DIGEST-MD5 to use current windows credentials - - Change the continuous integration script to use - './configure --enable-debug' instead of just './configure' so that the - memory analyzer will work during testing. + Fixed the ability to use the current log-in credentials with DIGEST-MD5. + I had previously disabled this functionality in commit 607883f13c as I + couldn't get this to work under Windows 8, however, from testing HTTP + Digest authentication through Windows SSPI and then further testing of + this code I have found it works in Windows 7. - Prior to this change Travis used its default C test script: - ./configure && make && make test + Some further investigation is required to see what the differences are + between Windows 7 and 8, but for now enable this functionality as the + code will return an error when AcquireCredentialsHandle() fails. -- [Alessandro Ghedini brought this change] +Kamil Dudka (29 Oct 2014) +- transfer: drop the code handling the ssl_connect_retry flag + + Its last use has been removed by the previous commit. - gtls: correctly align certificate status verification messages +- nss: drop the code for libcurl-level downgrade to SSLv3 + + This code was already deactivated by commit + ec783dc142129d3860e542b443caaa78a6172d56. -- [Alessandro Ghedini brought this change] +- openssl: fix a line length warning - gtls: don't print double newline after certificate dates +Guenter Knauf (29 Oct 2014) +- Added NetWare support to build with nghttp2. -- [Alessandro Ghedini brought this change] +- Fixed error message since we require ALPN support. - gtls: print negotiated TLS version and full cipher suite name +- Check for ALPN via OpenSSL version number. - Instead of priting cipher and MAC algorithms names separately, print the - whole cipher suite string which also includes the key exchange algorithm, - along with the negotiated TLS version. + This check works also with to non-configure platforms. -- gtls: fix compiler warnings +Steve Holme (28 Oct 2014) +- sasl_sspi: Fixed typo in comment -- [Alessandro Ghedini brought this change] +- code cleanup: We prefer 'CURLcode result' - gtls: add support for CURLOPT_CAPATH +Daniel Stenberg (28 Oct 2014) +- TODO: consider supporting STAT -- [stopiccot brought this change] +- mk-ca-bundle: spell fix "version" - MacOSX-Framework: use @rpath instead of @executable_path +- HTTP: return larger than 3 digit response codes too - Bug: https://github.com/bagder/curl/pull/157 - -- RELEASE-NOTES: synced with c19349951 - -- multi: fix *getsock() with CONNECT + HTTP 1.1 is clearly specified to only allow three digit response codes, + and libcurl used sscanf("%3d") for that purpose. This made libcurl + support smaller numbers but not larger. It does now, but we will not + make any specific promises nor document this further since it is going + outside of what HTTP is. - The code used some happy eyeballs logic even _after_ CONNECT has been - sent to a proxy, while the happy eyeball phase is already (should be) - over by then. + Bug: http://curl.haxx.se/bug/view.cgi?id=1441 + Reported-by: Balaji + +- src/: remove version.h.dist from gitignore - This is solved by splitting the multi state into two separate states - introducing the new SENDPROTOCONNECT state. + It has not been used since commit f7bfdbab in 2011 + +Steve Holme (26 Oct 2014) +- ntlm: We prefer 'CURLcode result' - Bug: http://curl.haxx.se/mail/lib-2015-01/0170.html - Reported-by: Peter Laser + Continuing commit 0eb3d15ccb more return code variable name changes. -- conncontrol: only log changes to the connection bit +Guenter Knauf (26 Oct 2014) +- Cosmetics: lowercase non-special subroutine names. -- http2: use CURL_HTTP_VERSION_* symbols instead of NPN_* +Steve Holme (26 Oct 2014) +- RELEASE-NOTES: Synced with 07ac29a058 + +- http_negotiate: We prefer 'CURLcode result' - Since they already exist and will make comparing easier + Continuing commit 0eb3d15ccb more return code variable name changes. -- http2: make the info-message about receiving HTTP2 headers debug-only +- http_negotiate: Fixed missing check for USE_SPNEGO -- [Alessandro Ghedini brought this change] +- sspi: Synchronization of cleanup code between auth mechanisms - urldata: remove unused asked_for_h2 field +- sspi: Renamed max token length variables + + Code cleanup to try and synchronise code between the different SSPI + based authentication mechanisms. -- [Alessandro Ghedini brought this change] +- sspi: Renamed expiry time stamp variables + + Code cleanup to try and synchronise code between the different SSPI + based authentication mechanisms. - polarssl: make it possible to enable ALPN/NPN without HTTP2 +- sspi: Only call CompleteAuthToken() when complete is needed + + Don't call CompleteAuthToken() after InitializeSecurityContext() has + returned SEC_I_CONTINUE_NEEDED as this return code only indicates the + function should be called again after receiving a response back from + the server. + + This only affected the Digest and NTLM authentication code. -- [Alessandro Ghedini brought this change] +Dan Fandrich (26 Oct 2014) +- Added the "flaky" keyword to a number of tests + + Each shows evidence of flakiness on at least one platform on + the autobuilds. Users can use this keyword to skip these tests + if desired. - nss: make it possible to enable ALPN/NPN without HTTP2 +Steve Holme (26 Oct 2014) +- ntlm: Return all errors from Curl_ntlm_core_mk_nt_hash() + + For consistency with other areas of the NTLM code propagate all errors + from Curl_ntlm_core_mk_nt_hash() up the call stack rather than just + CURLE_OUT_OF_MEMORY. -- [Alessandro Ghedini brought this change] +- ntlm: Return CURLcode from Curl_ntlm_core_mk_lm_hash() - gtls: make it possible to enable ALPN/NPN without HTTP2 +- ntlm: Use 'CURLcode result' + + Continuing commit 0eb3d15ccb more return code variable name changes. -- [Alessandro Ghedini brought this change] +- ntlm: Only define ntlm data structure when USE_NTLM is defined - openssl: make it possible to enable ALPN/NPN without HTTP2 +- ntlm: Changed handles to be dynamic like other SSPI handles + + Code cleanup to try and synchronise code between the different SSPI + based authentication mechanisms. -- metalink: add some error checks +- ntlm: Renamed handle variables to match other SSPI structures - malloc() and strdup() calls without checking return codes. + Code cleanup to try and synchronise code between the different SSPI + based authentication mechanisms. + +- ntlm: Renamed SSPI based input token variables - Reported-by: Markus Elfring - Bug: https://github.com/bagder/curl/issues/150 + Code cleanup to try and synchronise code between the different SSPI + based authentication mechanisms. -- curl_easy_setopt.3: added CURLOPT_SSL_VERIFYSTATUS +- ntlm: We prefer 'CURLcode result' - Reported-by: Jonathan Cardoso + Continuing commit 0eb3d15ccb more return code variable name changes. -- urldata: fix gnutls build +- build: Added WinIDN build configuration options + + Added support for WinIDN build configurations to the VC8 and VC9 + project files. -Steve Holme (5 Mar 2015) -- openssl: Removed use of USE_SSLEAY from the Visual Studio project files +Nick Zitzmann (24 Oct 2014) +- darwinssl: detect possible future removal of SSLv3 from the framework - In addition to commit 709cf76f6b, removed the USE_SSLEAY preprocessor - variable from the Visual Studio project files as it isn't required - anymore. + If Apple ever drops SSLv3 support from the Security framework, we'll fail with an error if the user insists on using SSLv3. -Daniel Stenberg (5 Mar 2015) -- multi: fix memory-leak on timeout (regression) +Patrick Monnerat (24 Oct 2014) +- gskit.c: remove SSLv3 from SSL default. + +- gskit.c: use 'CURLcode result' + +Daniel Stenberg (24 Oct 2014) +- [Jay Satiro brought this change] + + SSL: Remove SSLv3 from SSL default due to POODLE attack - Since 1342a96ecfe0d44, a timeout detected in the multi state machine didn't - necesarily clear everything up, like formpost data. + - Remove SSLv3 from SSL default in darwinssl, schannel, cyassl, nss, + openssl effectively making the default TLS 1.x. axTLS is not affected + since it supports only TLS, and gnutls is not affected since it already + defaults to TLS 1.x. - Bug: https://github.com/bagder/curl/issues/147 - Reported-by: Michel Promonet - Patched-by: Michel Promonet + - Update CURLOPT_SSLVERSION doc -- configure: follow-up fix from 709cf76f6 - - OpenSSL handling was a little broken. +- pipelining: only output "is not blacklisted" in debug builds -- openssl: remove all uses of USE_SSLEAY - - SSLeay was the name of the library that was subsequently turned into - OpenSSL many moons ago (1999). curl does not work with the old SSLeay - library since years. This is now reflected by only using USE_OPENSSL in - code that depends on OpenSSL. +- *.3: add/extend "SEE ALSO" sections -- [Sergei Nikulov brought this change] +- curl_easy_pause.3: minor wording edit - cmake: handle build definitions CURLDEBUG/DEBUGBUILD - - Acked-by: Brad King +- curl_getdate.3: provide a "SEE ALSO" section + +- curl_global_init.3: minor formatting fix, add version info -- FAQ: 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? +- url.c: use 'CURLcode result' -- symbols.pl: handle '-' in the deprecated field +- code cleanup: we prefer 'CURLcode result' - ... which otherwise made the script skip the _LAST define for some - symbols. + ... for the local variable name in functions holding the return + code. Using the same name universally makes code easier to read and + follow. - Reported-by: Jeroen Ooms - Bug: http://curl.haxx.se/mail/lib-2015-03/0052.html + Also, unify code for checking for CURLcode errors with: + + if(result) or if(!result) + + instead of + + if(result == CURLE_OK), if(CURLE_OK == result) or if(result != CURLE_OK) -- curl.1: fix "The the" typo +- Curl_add_timecondition: skip superfluous varible assignment - Reported-by: Jon Seymour + Detected by cppcheck. -- vtls: use curl_printf.h all over +- Curl_pp_flushsend: skip superfluous assignment - No need to use _MPRINTF_REPLACE internally. + Detected by cppcheck. -- tool: use ENABLE_CURLX_PRINTF instead of _MPRINTF_REPLACE +- Curl_pp_readresp: remove superfluous assignment + + Variable already assigned a few lines up. + + Detected by cppcheck. -- tool_writeenv: remove _MPRINTF_REPLACE define, it wasn't used +- Curl_proxyCONNECT: remove superfluous statement + + The variable is already assigned, skip the duplicate assignment. + + Pointed out by cppcheck. -- [Sergei Nikulov brought this change] +Guenter Knauf (24 Oct 2014) +- Added MinGW support to build with nghttp2. - libtest: fixed linker errors on msvc - - Bug: https://github.com/bagder/curl/pull/144 +- Added VC ssh2 target to main Makefile. -- mprintf.h: remove #ifdef CURLDEBUG - - ... and as a consequence, introduce curl_printf.h with that re-define - magic instead and make all libcurl code use that instead. +- Some cosmetics and simplifies. -- tool_getpass: remove unused curl/mprintf.h include +- Remove dependency on openssl and cut. + + Prefer usage of Perl modules for sha1 calculation since there + might be systems where openssl is not installed or not in path. + If openssl is used for sha1 calculation then dont rely on cut + since it is usually not available on other systems than Linux. -- CONTRIBUTING.md: file for advice on github +Daniel Stenberg (23 Oct 2014) +- RELEASE-NOTES: synced with e116d0a62 -- [Viktor Szakáts brought this change] +- CURLOPT_RESOLVE.3: add an example - BINDINGS: add link to Harbour bindings +- gnutls: removed dead code - And UTF8-fix a few names + Bug: http://curl.haxx.se/bug/view.cgi?id=1437 + Reported-by: Julien -- CURLOPT_HEADERFUNCTION.3: typo in error code name +- Curl_rand: Uninitialized variable: r + + This is not actually used uninitialized but we silence warnings. - Reported-by: Jonathan Cardoso + Bug: http://curl.haxx.se/bug/view.cgi?id=1437 + Reported-by: Julien -- BINDINGS: tclcurl moved +- opts: provide more and updated examples + +- CURLOPT_RANGE.3: works for SFTP as well - Reporte-by: Steve Havelka + ... and added a small example -- [Jay Satiro brought this change] +- curl.1: edited for clarity - opts: Fix pipelining examples +- CURLOPT_SSLVERSION.3: provide an example -- [Jay Satiro brought this change] +- docs/libcurl/ABI: more markdown friendly - curl_multi_setopt.3: Link to CURLMOPT_MAXCONNECTS +- docs: edited lots of libcurl docs for clarity -- CONTRIBUTE: the new more github-friendly attitude! +- opts: added examples -Steve Holme (28 Feb 2015) -- RELEASE-NOTES: Synced with 921d195187 +- HISTORY: two glimpses in 2014 -Kamil Dudka (28 Feb 2015) -- tool: wrap lines longer than 79 columns +Kamil Dudka (20 Oct 2014) +- nss: reset SSL handshake state machine + + ... when the handshake succeeds - ... to avoid a build failure when configured with --enable-debug + This fixes a connection failure when FTPS handle is reused. -Steve Holme (27 Feb 2015) -- [Tatsuhiro Tsujikawa brought this change] +Daniel Stenberg (20 Oct 2014) +- [Peter Wu brought this change] - http2: Return error if stream was closed with other than NO_ERROR + cmake: generate pkg-config and curl-config - Previously, we just ignored error code passed to - on_stream_close_callback and just return 0 (success) after stream - closure even if stream was reset with error. This patch records error - code in on_stream_close_callback, and return -1 and use CURLE_HTTP2 - error code on abnormal stream closure. - -- tool: Updated the warnf() function to use the GlobalConfig structure + Initial work to generate a pkg-config and curl-config script. Static + linking (`curl-config --static-libs` and `pkg-config --shared --libs + libcurl`) is broken and therefore disabled. + + CONFIGURE_OPTIONS does not make sense for CMake, use an empty string + for now. + + At least `curl-config --features` and `curl-config --protocols` work + which is needed by runtests.pl. - As the 'error' and 'mute' options are now part of the GlobalConfig, - rather than per Operation, updated the warnf() function to use this - structure rather than the OperationConfig. + Signed-off-by: Peter Wu -- build: Removed DataExecutionPrevention directive from VC9+ project files +- [Peter Wu brought this change] + + cmake: use LIBCURL_VERSION from curlver.h + + This matches the behavior from autotools. The auxiliary major, minor + and patch components are not needed anymore and therefore removed. - Removed the DataExecutionPrevention directive from the project files for - Visual Studio 2008 and above. The XML value in the VC9 project files was - set to "0" (Default) whilst the VC10+ project files contained an empty - XML element. + Signed-off-by: Peter Wu -- build: Use default RandomizedBaseAddress directive in VC9+ project files +- [Peter Wu brought this change] + + cmake: add SUPPORT_FEATURES and SUPPORT_PROTOCOLS + + For compatibility with autoconf, it will be used later for curl-config + and pkg-config. Not all features and or protocols can be enabled as + these are missing additional checks (see new TODOs). - Visual Studio 2008 introduced support for the address space layout - randomization (ASLR) feature of Windows Vista. However, upgrading the - VC8 project files to VC9 and above disabled this feature. + SUPPORT_PROTOCOLS is partially scripted (grep for SUPPORT_PROTOCOLS=) + and manually verified/modified. SUPPORT_FEATURES is manually added. - Removed the RandomizedBaseAddress directive to enabled the default - setting (/DYNAMICBASE). Note: This doesn't appear to have any negative - impact when compiled and ran on Windows XP. + Signed-off-by: Peter Wu -- build: Added support to Generate.bat for files in the upcoming vauth folder +- cmake: add CMake/Macros.cmake to the release tarball -Daniel Stenberg (25 Feb 2015) -- http2: return recv error on unexpected EOF +- test545: make it not use a trailing zero - Pointed-out-by: Tatsuhiro Tsujikawa - Bug: http://curl.haxx.se/bug/view.cgi?id=1487 + CURLOPT_COPYPOSTFIELDS with a given CURLOPT_POSTFIELDSIZE does not + require a trailing zero of the data and by making sure this test doesn't + use one we know it works (combined with valgrind). -Kamil Dudka (25 Feb 2015) -- dist: add symbol-scan.pl to the tarball +Steve Holme (16 Oct 2014) +- ntlm: Fixed empty type-2 decoded message info text - ... in order to make test1135 succeed + Updated the info text when the base-64 decode of the type-2 message + returns a null buffer to be more specific. -Daniel Stenberg (25 Feb 2015) -- http2: move lots of verbose output to be debug-only +- ntlm: Fixed empty/bad base-64 decoded buffer return codes -Kamil Dudka (25 Feb 2015) -- curl-config.in: eliminate double quotes around CURL_CA_BUNDLE +- ntlm: Avoid unnecessary buffer allocation for SSPI based type-2 token + +Daniel Stenberg (16 Oct 2014) +- httpcustomheader.c: make use of more CURLOPT_HTTPHEADER features - Otherwise it expands to: + ... and only do a single request for clarity. + +Steve Holme (15 Oct 2014) +- sasl_sspi: Fixed some typos + +- sasl_sspi: Fixed Kerberos response buffer not being allocated when using SSO + +Daniel Stenberg (15 Oct 2014) +- [Bruno Thomsen brought this change] + + mk-ca-bundle: added SHA-384 signature algorithm - echo ""/etc/pki/tls/certs/ca-bundle.crt"" + Certificates based on SHA-1 are being phased out[1]. + So we should expect a rise in certificates based on SHA-2. + Adding SHA-384 as a valid signature algorithm. - Detected by ShellCheck: + [1] https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/ - curl-config:74:16: warning: The double quotes around this do - nothing. Remove or escape them. [SC2140] + Signed-off-by: Bruno Thomsen + +Patrick Monnerat (14 Oct 2014) +- OS400: fix bugs in curl_*escape_ccsid() and reduce variables scope + +- Implement pinned public key in GSKit backend + +Daniel Stenberg (14 Oct 2014) +- CURLOPT_TLSAUTH_*.3: fix reference typos -- nss: do not skip Curl_nss_seed() if data is NULL +- cleanups: reduce variable scope - In that case, we only skip writing the error message for failed NSS - initialization (while still returning the correct error code). + cppcheck pointed these out. -- nss: improve error handling in Curl_nss_random() +- singleipconnect: remove dead assignment never used - The vtls layer now checks the return value, so it is no longer necessary - to abort if a random number cannot be provided by NSS. This also fixes - the following Coverity report: - - Error: FORWARD_NULL (CWE-476): - lib/vtls/nss.c:1918: var_compare_op: Comparing "data" to null implies that "data" might be null. - lib/vtls/nss.c:1923: var_deref_model: Passing null pointer "data" to "Curl_failf", which dereferences it. - lib/sendf.c:154:3: deref_parm: Directly dereferencing parameter "data". + cppcheck pointed this out. -Daniel Stenberg (25 Feb 2015) -- RELEASE-PROCEDURE: add some more future release dates - - ... and remove some old ones +- pinning: minor code style policing -- sws: timeout idle CONNECT connections +Patrick Monnerat (13 Oct 2014) +- Factorize pinned public key code into generic file handling and backend specific -- bump: start working toward 7.42.0 +- vtls: remove QsoSSL -Version 7.41.0 (25 Feb 2015) +- gskit: supply dummy randomization function -Daniel Stenberg (25 Feb 2015) -- THANKS: added contributors from the 7.41.0 RELEASE-NOTES +- vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation -- RELEASE-NOTES: sync with ffc2aeec6e (7.41.0 release time!) +Daniel Stenberg (13 Oct 2014) +- [Peter Wu brought this change] -Marc Hoersken (25 Feb 2015) -- Revert "telnet.c: fix handling of 0 being returned from custom read function" + tests: move TESTCASES to Makefile.inc, add show for cmake - This reverts commit 03fa576833643c67579ae216c4e7350fa9b5f2fe. - -- telnet.c: fix invalid use of custom read function if not being set + This change allows runtests.pl to be run from the CMake builddir: - obj_count can be 1 if the custom read function is set or the stdin - handle is a reference to a pipe. Since the pipe should be handled - using the PeekNamedPipe-check below, the custom read function should - only be used if it is actually enabled. - -- telnet.c: fix handling of 0 being returned from custom read function + export srcdir=/tmp/curl/tests; + perl -I$srcdir $srcdir/runtests.pl -l - According to [1]: "Returning 0 will signal end-of-file to the library - and cause it to stop the current transfer." - This change makes the Windows telnet code handle this case accordingly. + In order to make this possible, all test cases have been moved from + Makefile.am to Makefile.inc. - [1] http://curl.haxx.se/libcurl/c/CURLOPT_READFUNCTION.html + Signed-off-by: Peter Wu -Daniel Stenberg (24 Feb 2015) -- sws: stop logging about TPC_NODELAY nonsense +- [Peter Wu brought this change] -- lib530: make it less timing sensible + cmake: enable IPv6 by default if available - ... by making sure the first request is completed before doing the - remainder. - -Kamil Dudka (23 Feb 2015) -- connect: wait for IPv4 connection attempts - - ... even if the last IPv6 connection attempt has failed. + ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a + Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if + struct sockaddr_in6 is not found in netinet/in.h. - Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c4 - -- connect: avoid skipping an IPv4 address + Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more + platform checks even though POSIX requires a thread-safe getaddrinfo. - ... in case the protocol versions are mixed in a DNS response - (IPv6 -> IPv4 -> IPv6). + Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7. - Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1187531#c3 + Signed-off-by: Peter Wu -Daniel Stenberg (23 Feb 2015) -- RELEASE-NOTES: synced with 5e4395eab839d +- [Peter Wu brought this change] -- ROADMAP: curl_easy_setopt.3 has already been split up + cmake: build tool_hugehelp (ENABLE_MANUAL) - Remove cmake as marked for removal. It is in much better state now. - -- ROADMAP: extend the HTTP/2 stuff, remove SPDY + Rather than always outputting an empty manual page for the '-M' option, + generate a full manual page as done by autotools. For simplicity in + CMake, always generate the gzipped page as it will not be used anyway + when zlib is not available. + + Signed-off-by: Peter Wu -- [Julian Ospald brought this change] +- [Peter Wu brought this change] - configure: allow both --with-ca-bundle and --with-ca-path - - SSL_CTX_load_verify_locations by default (and if given non-Null - parameters) searches the CAfile first and falls back to CApath. This - allows for CAfile to be a basis (e.g. installed by the package manager) - and CApath to be a user configured directory. + tests/http_pipe.py: Python 3 support - This wasn't reflected by the previous configure constraint which this - patch fixes. + The 2to3 tool converted socketserver (which I manually fixed up with an + import fallback) and the print(e) line. The xrange option was converted + to range, but it seems better to use the '*' operator here for + simplicity. - Bug: https://github.com/bagder/curl/pull/139 + Signed-off-by: Peter Wu -- [Ben Boeckel brought this change] +- SECURITY: slightly nicer markdown format - cmake: install the dll file to the correct directory +- RELEASE-PROCEDURE: better markdown, more content -- [Alessandro Ghedini brought this change] +- RELEASE-NOTES: synced with 6637b237e6eb + + ... and bumped the planned release version. - nss: fix NPN/ALPN protocol negotiation +- vtls: have vtls.h include the backend header files - Correctly check for memcmp() return value (it returns 0 if the strings match). + It turned out some features were not enabled in the build since for + example url.c #ifdefs on features that are defined on a per-backend + basis but vtls.h didn't include the backend headers. - This is not really important, since curl is going to use http/1.1 anyway, but - it's still a bug I guess. + CURLOPT_CERTINFO was one such feature that was accidentally disabled. -- [Alessandro Ghedini brought this change] - - polarssl: fix ALPN protocol negotiation +- test2036: verify -O with no slash at all in the URL - Correctly check for strncmp() return value (it returns 0 if the strings - match). + Similar to test 76 but that test's URL has a slash just no file name + part. -- [Sergei Nikulov brought this change] +- get_url_file_name: make no slash equal empty string - CMake: Fix generation of tool_hugehelp.c on windows +- get_url_file_name: never return a NULL string *and* OK - Use "cmake -E echo" instead of "echo". + Change 987a4a73 assumes that as it simplifies life in the calling + function. - Reviewed-by: Brad King + Reported-by: Fabian Keil -- [Sergei Nikulov brought this change] +- [Jakub Zakrzewski brought this change] - CMake: fix winsock2 detection on windows - - Set CMAKE_REQUIRED_DEFINITIONS to include definitions needed to get - the winsock2 API from windows.h. Simplify the order of checks to - avoid extra conditions. + Cmake: Build with GSSAPI (MIT or Heimdal) - Use check_include_file instead of check_include_file_concat to look - for OpenSSL headers. They do not need to participate in a sequence - of dependent system headers. Also they may cause winsock.h to be - included before ws2tcpip.h, causing the latter to not be detected - in the sequence. + It tries hard to recognise SDK's on different platforms. On windows MIT + Kerberos installs SDK with other things and puts path into registry. + Heimdal have separate zip archive. On linux pkg-config is tried, then + krb5-config script and finally old-style libs and headers detection. - Reviewed-by: Brad King + Command line args: + * CMAKE_USE_GSSAPI - enables GSSAPI detection + * GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation + (the one with include and lib directories) -- [Alessandro Ghedini brought this change] - - gtls: fix build with HTTP2 - -Steve Holme (16 Feb 2015) -- Makefile.vc6: Corrected typos in rename of darwinssl.obj - -Nick Zitzmann (15 Feb 2015) -- By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" - -Steve Holme (14 Feb 2015) -- RELEASE-NOTES: Synced with 6f89f86c3d - -- tests/README: Updated to reflect email test ranges +- [Jakub Zakrzewski brought this change] -- [Alessandro Ghedini brought this change] + Cmake: Got rid of setup_curl_dependencies + + There is no need for such function. Include_directories propagate by + themselves and having a function with one simple link statement makes + little sense. - curl.1: --cert-status is also supported by OpenSSL now +- [Jakub Zakrzewski brought this change] -- build: Removed Visual Studio SuppressStartupBanner directive for VC8+ + Cmake: Avoid cycle directory dependencies. - Visual Studio 2005 and above defaults to disabling the startup banner - for the Compiler, Linker and MIDL tools (with /NOLOGO). As such there - is no need to explicitly set the SuppressStartupBanner directive, as - this is a leftover from the VC7 and VC7.1 projects being upgraded to - VC8 and above. + Because we prepended libraries to list, CMake had troubles resolving + link directory order as it detected some cycles. Appending to list ensures + that dependencies will preceed dependees. -Kamil Dudka (12 Feb 2015) -- openssl: fix a compile-time warning - - lib/vtls/openssl.c:1450:7: warning: extra tokens at end of #endif directive +- [Jakub Zakrzewski brought this change] -Steve Holme (11 Feb 2015) -- openssl: Use OPENSSL_IS_BORINGSSL for BoringSSL detection + Cmake: Fix library list provided to cURL tests. - For consistency with other conditionally compiled code in openssl.c, - use OPENSSL_IS_BORINGSSL rather than HAVE_BORINGSSL and try to use - HAVE_BORINGSSL outside of openssl.c when the OpenSSL header files are - not included. + The list must be set after those nice CMake tests as we mess with + CMAKE_REQUIRED_LIBRARIES there. -Patrick Monnerat (11 Feb 2015) -- ftp: accept all 2xx responses to the PORT command +- [Jakub Zakrzewski brought this change] -Steve Holme (9 Feb 2015) -- openssl: Disable OCSP in old versions of OpenSSL + Cmake: Check for OpenSSL before OpenLDAP. - Versions of OpenSSL prior to v0.9.8h do not support the necessary - functions for OCSP stapling. + OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first + may result in undefined symbols. Of course, the found OpenSSL libraries + must also be linked whenever OpenLDAP is. -Daniel Stenberg (9 Feb 2015) -- [Tatsuhiro Tsujikawa brought this change] +- curl_multi_fdset.3: improved the formatting slightly - http2: Fix bug that associated stream canceled on PUSH_PROMISE +- curl_multi_fdset: explain the fd_set arguments + +Kamil Dudka (8 Oct 2014) +- nss: do not fail if a CRL is already cached - Previously we don't ignore PUSH_PROMISE header fields in on_header - callback. It makes header values mixed with following HEADERS, - resulting protocol error. + This fixes a copy-paste mistake from commit 2968f957. -- [Jay Satiro brought this change] +Patrick Monnerat (8 Oct 2014) +- OS400: upgrade interface for pinned public key (no implementation yet) - polarssl: Fix exclusive SSL protocol version options +Daniel Stenberg (8 Oct 2014) +- FormAdd: precaution against memdup() of NULL pointer - Prior to this change the options for exclusive SSL protocol versions did - not actually set the protocol exclusive. - - http://curl.haxx.se/mail/lib-2015-01/0002.html - Reported-by: Dan Fandrich - -- [Jay Satiro brought this change] + Coverity CID 252518. This function is in general far too complicated for + its own good and really should be broken down into several smaller + funcitons instead - but I'm adding this protection here now since it + seems there's a risk the code flow can end up here and dereference a + NULL pointer. - gskit: Fix exclusive SSLv3 option +- operate: avoid NULL dereference + + Coverity CID 1241948. dumpeasysrc() would get called with + config->current set to NULL which could be dereferenced by a warnf() + call. -- curl.1: clarify that -X is used for all requests +- do_sec_send: remove dead code - Reported-by: Jon Seymour + Coverity CID 1241951. The condition 'len >= 0' would always be true at + that point and thus not necessary to check for. -- curl.1: add warning when using -H and redirects +- krb5_encode: remove unused argument + + Coverity CID 1241957. Removed the unused argument. As this struct and + pointer now are used only for krb5, there's no need to keep unused + function arguments around. -Steve Holme (7 Feb 2015) -- schannel: Removed curl_ prefix from source files +- operate_do: skip superfluous check for NULL pointer - Removed the curl_ prefix from the schannel source files as discussed - with Marc and Daniel at FOSDEM. + Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL + file name pointer so skip the check for that - it tricks coverity into + believing it can happen and it then warns later on when we use 'outfile' + without checking for NULL. -Daniel Stenberg (6 Feb 2015) -- md5: use axTLS's own MD5 functions when available +- curl_easy_getinfo.3: spell-fix + + Reported-By: Luan Cestari -- MD(4|5): make the MD4_* and MD5_* functions static +- [moparisthebest brought this change] -- axtls: fix conversion from size_t to int warning + GnuTLS: Implement public key pinning -Steve Holme (5 Feb 2015) -- ftp: Use 'CURLcode result' for curl result codes +- [moparisthebest brought this change] -Daniel Stenberg (5 Feb 2015) -- openssl: SSL_SESSION->ssl_version no longer exist + SSL: implement public key pinning - The struct went private in 1.0.2 so we cannot read the version number - from there anymore. Use SSL_version() instead! + Option --pinnedpubkey takes a path to a public key in DER format and + only connect if it matches (currently only implemented with OpenSSL). - Reported-by: Gisle Vanem - Bug: http://curl.haxx.se/mail/lib-2015-02/0034.html - -Dan Fandrich (4 Feb 2015) -- unit1600: Fix compilation when NTLM is disabled + Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt(). + + Extract a public RSA key from a website like so: + openssl s_client -connect google.com:443 2>&1 < /dev/null | \ + sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \ + | openssl rsa -pubin -outform DER > google.com.der -Daniel Stenberg (4 Feb 2015) -- MD5: fix compiler warnings and code style nits +- multi_runsingle: fix possible memory leak + + Coverity CID 1202837. 'newurl' can in fact be allocated even when + Curl_retry_request() returns failure so free it if need be. -- MD5: replace implementation +- ares::Curl_resolver_cancel: skip checking for NULL conn - The previous one was "encumbered" by RSA Inc - to avoid the licensing - restrictions it has being replaced. This is the initial import, - inserting the md5.c and md5.h files from - http://openwall.info/wiki/people/solar/software/public-domain-source-code/md5 + Coverity CID 1243581. 'conn' will never be NULL here, and if it would be + the subsequent statement would dereference it! + +- parseconfig: skip a NULL check - Code-by: Alexander Peslyak + Coverity CID 1154198. This NULL check implies that the pointer _can_ be + NULL at this point, which it can't. Thus it is dead code. It tricks + static analyzers to warn about dereferencing the pointer since the code + seems to imply it can be NULL. -- MD4: fix compiler warnings and code style nits +- [Waldek Kozba brought this change] -- MD4: replace implementation + multi-uv.c: call curl_multi_info_read() better - The previous one was "encumbered" by RSA Inc - to avoid the licensing - restrictions it has being replaced. This is the initial import, - inserting the md4.c and md4.h files from - http://openwall.info/wiki/people/solar/software/public-domain-source-code/md4 + Improves it for low-latency cases (like the communication with + localhost) + +- tool_go_sleep: use (void) to spell out we ignore the return value - Code-by: Alexander Peslyak + Coverity CID 1222080. -Steve Holme (4 Feb 2015) -- telnet: Prefer 'CURLcode result' for curl result codes +- ssh_statemach_act: split out assignment from check + + just a minor code style thing to make the code clearer -- hostasyn: Prefer 'CURLcode result' for curl result codes +Marc Hoersken (4 Oct 2014) +- curl_schannel.c: Fixed possible memory or handle leak + + First try to fix possible memory leaks, in this case: + Only connssl->ctxt xor onnssl->cred being initialized. -- schannel: Prefer 'CURLcode result' for curl result codes +Daniel Stenberg (4 Oct 2014) +- getparameter: remove dead code + + Coverity CID 1061126. 'parse' will always be non-NULL here. -Daniel Stenberg (3 Feb 2015) -- unit1601: MD5 unit tests +- getparameter: comment a switch FALLTHROUGH + + Coverity CID 1061118. Point out that it is on purpose. -- unit1600: unit test for Curl_ntlm_core_mk_nt_hash +- choose_mech: fix return code + + Coverity CID 1241950. The pointer is never NULL but it might point to + NULL. -- unit1600: NTLM unit test +- Curl_sec_read_msg: spell out that we ignore return code + + Coverity CID 1241947. Since if sscanf() fails, the previously set value + remains set. -- tests/README: add a new range, clean up some language +- nonblock: call with (void) to show we ignore the return code + + Coverity pointed out several of these. -- [Jay Satiro brought this change] +- parse_proxy: remove dead code. + + Coverity CID 982331. - opts: CURLOPT_CAINFO availability depends on SSL engine +- Curl_debug: document switch fallthroughs -- getpass: protect include with proper #ifdef +- curl_multi_remove_handle: remove dead code - Reported-by: Tamir + Coverify CID 1157776. Removed a superfluous if() that always evaluated + true (and an else clause that never ran), and then re-indented the + function accordingly. -- getpass_r: read from stdin, not stdout! +- Curl_pipeline_server_blacklisted: handle a NULL server name - The file number used was wrong. This bug was introduced over 10 years - ago, proving this function isn't used much... - - Bug: http://curl.haxx.se/bug/view.cgi?id=1476 - Reported-by: Tamir + Coverity CID 1215284. The server name is extracted with + Curl_copy_header_value() and passed in to this function, and + copy_header_value can actually can fail and return NULL. + +- ssh: comment "fallthrough" in switch statement -- test1135: verify the CURL_EXTERN order in header files +- [Jeremy Lin brought this change] -- Makefile.am: fix 'make distcheck' + ssh: improve key file search - ... by removing generated files from the *_DIST variable [*] and instead - generate them with a .dist suffix, since that is then handled and put - into the release archive by our generic dist-hook. + For private keys, use the first match from: user-specified key file + (if provided), ~/.ssh/id_rsa, ~/.ssh/id_dsa, ./id_rsa, ./id_dsa - [*] = 'make distcheck' fails with non-existing files listed there + Note that the previous code only looked for id_dsa files. id_rsa is + now generally preferred, as it supports larger key sizes. + + For public keys, use the user-specified key file, if provided. + Otherwise, try to extract the public key from the private key file. + This means that passing --pubkey is typically no longer required, + and makes the key-handling behavior more like OpenSSH. + +- CURLOPT_HTTPHEADER.3: libcurl doesn't copy the whole list -Steve Holme (2 Feb 2015) -- curl_sasl.c: More code policing +- detect_proxy: fix possible single-byte memory leak - Better use of 80 character line limit, comment corrections and line - spacing preferences. + Coverity CID 1202836. If the proxy environment variable returned an empty + string, it would be leaked. While an empty string is not really a proxy, other + logic in this function already allows a blank string to be returned so allow + that here to avoid the leak. -Daniel Stenberg (2 Feb 2015) -- libcurl-symbols: first basic shot for autogenerated docs +- multi_runsingle: fix memory leak + + Coverity CID 1202837. There's a potential risk that 'newurl' gets + overwritten when it was already pointing to allocated memory. -- FAQ: minor edit of 3.22 +- pop3_perform_authentication: fix memory leak + + Coverity CID 1215287. There's a potential risk for a memory leak in + here, and moving the free call to be unconditional seems like a cheap + price to remove the risk. -Steve Holme (2 Feb 2015) -- build: Added removal of Visual Studio project files +- imap_perform_authentication: fix memory leak - Added the removal of the locally generated project files so one - may revert to a clean repository. + Coverity CID 1215296. There's a potential risk for a memory leak in + here, and moving the free call to be unconditional seems like a cheap + price to remove the risk. -- build: Renamed top level Visual Studio solution files +- wait_or_timeout: return failure when Curl_poll() fails - In preparation for adding the test suite and examples projects renamed - the top level "all" solution files to better describe what they are. + Coverity detected this. CID 1241954. When Curl_poll() returns a negative value + 'mcode' was uninitialized. Pretty harmless since this is debug code only and + would at worst cause an error to _not_ be returned... + +- curl.1: mention quoting in the URL section - This will also enable us to use "curl" rather than "curlsrc" for the - command line tool solution and project files, which will simplify some - of the configuration. + and separate the example URLs with newlines + +Steve Holme (30 Sep 2014) +- [Bill Nagel brought this change] -- build: Enabled DEBUGBUILD in Visual Studio debug builds + smtp: Fixed intermittent "SSL3_WRITE_PENDING: bad write retry" error - Defined the DEBUGBUILD pre-processor variable to allow extra logging, - which is particularly useful in debug builds, as we use this and Visual - Studio typically uses _DEBUG. + This patch fixes the "SSL3_WRITE_PENDING: bad write retry" error that + sometimes occurs when sending an email over SMTPS with OpenSSL. OpenSSL + appears to require the same pointer on a write that follows a retry + (CURLE_AGAIN) as discussed here: - We could define DEBUBBUILD, in curl_setup.h, when _MSC_VER and _DEBUG is - defined but that would also affect the makefile based builds which we - probably don't want to do. + http://stackoverflow.com/questions/2997218/why-am-i-getting-error1409f07fssl-routinesssl3-write-pending-bad-write-retr -- build: Removed unused Visual Studio bscmake settings +Daniel Stenberg (30 Sep 2014) +- RELEASE-NOTES: synced with 53cbea22310f15 -Daniel Stenberg (2 Feb 2015) -- CURLOPT_HTTP_VERSION.3: CURL_HTTP_VERSION_2_0 added in 7.33.0 +- file: reject paths using embedded %00 - And modify the text to refer to HTTP 2 as it isn't called "2.0". + Mostly because we use C strings and they end at a binary zero so we know + we can't open a file name using an embedded binary zero. - Reported-By: Michael Wallner + Reported-by: research@g0blin.co.uk + +Dan Fandrich (26 Sep 2014) +- test506: Fixed a couple of memory leaks in test -Marc Hoersken (31 Jan 2015) -- TODO: moved WinSSL/SChannel todo items into docs +Daniel Stenberg (25 Sep 2014) +- [Yousuke Kimoto brought this change] -Daniel Stenberg (29 Jan 2015) -- [Michael Kaufmann brought this change] + CURLOPT_COOKIELIST: Added "RELOAD" command - CURLOPT_SEEKFUNCTION.3: also when server closes a connection +- [Michael Wallner brought this change] -Steve Holme (29 Jan 2015) -- curl_sasl.c: Fixed compilation warning when cryptography is disabled + CURLOPT_POSTREDIR.3: Added availability for CURL_REDIR_POST_303 + +- threaded-resolver: revert Curl_expire_latest() switch + + The switch to using Curl_expire_latest() in commit cacdc27f52b was a + mistake and was against the advice even mentioned in that commit. The + comparison in asyn-thread.c:Curl_resolver_is_resolved() makes + Curl_expire() the suitable function to use. - curl_sasl.c:1506: warning: unused variable 'chlg' + Bug: http://curl.haxx.se/bug/view.cgi?id=1426 + Reported-By: graysky -- curl_sasl.c: Fixed compilation warning when verbose debug output disabled +- libcurl docs: improvements all over + +Steve Holme (19 Sep 2014) +- build: Added WinIDN build configuration options - curl_sasl.c:1317: warning: unused parameter 'conn' + Added initial support for WinIDN build configurations to the VC10+ + project files. -- ntlm_core: Use own odd parity function when crypto engine doesn't have one +Daniel Stenberg (19 Sep 2014) +- tutorial: signals aren't used for the threaded resolver -- ntlm_core: Prefer sizeof(key) rather than hard coded sizes +- FAQ: update the pronunciation section + + As we weren't using the correct phonetic description and doing it correctly + involves funny letters that I'm sure will cause problems for people in a text + document so I instead rephrased it and link to a WAV file with a person + actually saying 'curl'. + + Reported-By: Dimitar Boevski -- ntlm_core: Added consistent comments to DES functions +- CURLOPT_COOKIE*: added more cross-references -- des: Added Curl_des_set_odd_parity() +- BINDINGS: add node-libcurl - Added Curl_des_set_odd_parity() for use when cryptography engines - don't include this functionality. + Reported-By: Jonathan Cardoso Machado + URL: http://curl.haxx.se/mail/lib-2014-09/0102.html -- tests: Grouped SMTP SASL EXTERNAL tests with other SMTP tests +- README.http2: updated to reflect current status -- tests: Grouped POP3 SASL EXTERNAL tests with other POP3 tests +- formdata: removed unnecessary USE_SSLEAY use -- tests: Grouped IMAP SASL EXTERNAL tests with other IMAP tests +- curlssl: make tls backend symbols use curlssl in the name -- sasl: Minor code policing and grammar corrections +- url: let the backend decide CURLOPT_SSL_CTX_ support + + ... to further remove specific TLS backend knowledge from url.c -Daniel Stenberg (28 Jan 2015) -- [Gisle Vanem brought this change] +- vtls: have the backend tell if it supports CERTINFO - ldap: build with BoringSSL +- [Catalin Patulea brought this change] -- security: avoid compiler warning + configure: allow --with-ca-path with PolarSSL too - Possible access to uninitialised memory '&nread' at line 140 of - lib/security.c in function 'ftp_send_command'. + Missed this in af45542c. - Reported-by: Rich Burridge + Signed-off-by: Catalin Patulea -- runtests: identify BoringSSL and libressl +- CURLOPT_CAPATH: return failure if set without backend support -Patrick Monnerat (27 Jan 2015) -- docs: cite SASL external authentication. +- [Tatsuhiro Tsujikawa brought this change] -- sasl: remove XOAUTH2 from default enabled authentication mechanism. + http2: Fix busy loop when EOF is encountered + + Previously we did not handle EOF from underlying transport socket and + wrongly just returned error code CURL_AGAIN from http2_recv, which + caused busy loop since socket has been closed. This patch adds the + code to handle EOF situation and tells the upper layer that we got + EOF. -- test: add test cases for sasl external authentication (imap/pop3/smtp). +Steve Holme (13 Sep 2014) +- build: Added batch wrapper to checksrc.pl -- imap: remove automatic password setting: it breaks external sasl authentication +- RELEASE-NOTES: Synced with bd3df5ec6d -- sasl: implement EXTERNAL authentication mechanism. - Its use is only enabled by explicit requirement in URL (;AUTH=EXTERNAL) and - by not setting the password. +- [Marcel Raad brought this change] -Steve Holme (27 Jan 2015) -- openssl: Fixed Curl_ossl_cert_status_request() not returning FALSE + sasl_sspi: Fixed Unicode build - Modified the Curl_ossl_cert_status_request() function to return FALSE - when built with BoringSSL or when OpenSSL is missing the necessary TLS - extensions. + Bug: http://curl.haxx.se/bug/view.cgi?id=1422 + Verified-by: Steve Holme -- openssl: Fixed compilation errors when OpenSSL built with 'no-tlsext' +Daniel Stenberg (12 Sep 2014) +- libcurl-tutorial.3: fix GnuTLS link to thread-safety guidelines - Fixed the build of openssl.c when OpenSSL is built without the necessary - TLS extensions for OCSP stapling. + The former link was turned into a 404 at some point. - Reported-by: John E. Malmberg + Reported-By: Askar Safin -- [Brad Spencer brought this change] - - curl_setup: Disable SMB/CIFS support when HTTP only - -- RELEASE-NOTES: Synced with 37824498a3 - -Daniel Stenberg (22 Jan 2015) -- configure: remove detection of the old yassl emulation API +- contributors.sh: split list of names at comma - ... as that is ancient history and not used. - -- OCSP stapling: disabled when build with BoringSSL + ... to support a list of names provided in a commit message. -- [Alessandro Ghedini brought this change] +Steve Holme (12 Sep 2014) +- [Ulrich Telle brought this change] - openssl: add support for the Certificate Status Request TLS extension + ntlm: Fixed HTTP proxy authentication when using Windows SSPI - Also known as "status_request" or OCSP stapling, defined in RFC6066 - section 8. + Removed ISC_REQ_* flags from calls to InitializeSecurityContext to fix + bug in NTLM handshake for HTTP proxy authentication. - Thanks-to: Joe Mason - - for the work-around for the OpenSSL bug. - -- BoringSSL: fix build for non-configure builds + NTLM handshake for HTTP proxy authentication failed with error + SEC_E_INVALID_TOKEN from InitializeSecurityContext for certain proxy + servers on generating the NTLM Type-3 message. + + The flag ISC_REQ_CONFIDENTIALITY seems to cause the problem according + to the observations and suggestions made in a bug report for the + QT project (https://bugreports.qt-project.org/browse/QTBUG-17322). + + Removing all the flags solved the problem. - HAVE_BORINGSSL gets defined now by configure and should be defined by - other build systems in case a BoringSSL build is desired. + Bug: http://curl.haxx.se/mail/lib-2014-08/0273.html + Reported-by: Ulrich Telle + Assisted-by: Steve Holme, Daniel Stenberg -- configure: fix BoringSSL detection and detect libresssl +Daniel Stenberg (12 Sep 2014) +- [Ray Satiro brought this change] -Steve Holme (22 Jan 2015) -- curl_sasl: Reinstate the sasl_ prefix for locally scoped functions + newlines: fix mixed newlines to LF-only - Commit 7a8b2885e2 made some functions static and removed the public - Curl_ prefix. Unfortunately, it also removed the sasl_ prefix, which - is the naming convention we use in this source file. + I use the curl repo mainly on Windows with the typical Windows git + checkout which converts the LF line endings in the curl repo to CRLF + automatically on checkout. The automatic conversion is not done on files + in the repo with mixed line endings. I recently noticed some weird + output with projects/build-openssl.bat that I traced back to mixed line + endings, so I scanned the repo and there are files (excluding the + test data) that have mixed line endings. + + I used this command below to do the scan. Unfortunately it's not as easy + as git grep, at least not on Windows. This gets the names of all the + files in the repo's HEAD, gets each of those files raw from HEAD, checks + for mixed line endings of both LF and CRLF, and prints the name if + mixed. I excluded path tests/data/test* because those can have mixed + line endings if I understand correctly. + + for f in `git ls-tree --name-only --full-tree -r HEAD`; + do if [ -n "${f##tests/data/test*}" ]; + then git show "HEAD:$f" | \ + perl -0777 -ne 'exit 1 if /([^\r]\n.*\r\n)|(\r\n.*[^\r]\n)/'; + if [ $? -ne 0 ]; + then echo "$f"; + fi; + fi; + done -- curl_sasl: Minor code policing following recent commits +- [Viktor Szakáts brought this change] -Daniel Stenberg (22 Jan 2015) -- [John Malmberg brought this change] + mk-ca-bundle.pl: converted tabs to spaces, deleted trailing spaces - openvms: Handle openssl/0.8.9zb version parsing +- ROADMAP: markdown eats underscores - packages/vms/gnv_link_curl.com was assuming only a single letter suffix - in the openssl version. That assumption has been fixed for 7.40. + It interprets them as italic indictors unless we backtick the word. -- BoringSSL: detected by configure, switches off NTLM +- ROADMAP: tiny formatting edit for nicer web output -- BoringSSL: no PKCS12 support nor ERR_remove_state +Steve Holme (10 Sep 2014) +- ROADMAP.md: Updated GSSAPI authentication following 7.38.0 additions -- [Leith Bade brought this change] +- INTERNALS: Added email and updated Kerberos details - BoringSSL: fix build +- FEATURES: Updated Kerberos details + + Added support for Kerberos 5 to the email protocols following the recent + additions in 7.38.0. + + Removed Kerberos 4 as this has been gone for a while now. -Steve Holme (20 Jan 2015) -- curl_sasl.c: chlglen is not used when cryptography is disabled +Daniel Stenberg (10 Sep 2014) +- [Paul Howarth brought this change] -- curl_sasl.c: Fixed compilation warning when cyptography is disabled + openssl: build fix for versions < 0.9.8e - curl_sasl.c:1453: warning C4101: 'serverdata' : unreferenced local - variable + Bug: http://curl.haxx.se/mail/lib-2014-09/0064.html -- curl_sasl.c: Fixed compilation error when USE_WINDOWS_SSPI defined +- mk-ca-bundle.pl: first, try downloading HTTPS with curl + + As a sort of step forward, this script will now first try to get the + data from the HTTPS URL using curl, and only if that fails it will + switch back to the HTTP transfer using perl's native LWP functionality. + To reduce the risk of this script being tricked. - curl_sasl.c:1221: error C2065: 'mechtable' : undeclared identifier + Using HTTPS to get a cert bundle introduces a chicken-and-egg problem so + we can't really ever completely disable HTTP, but chances are that most + users already have a ca cert bundle that trusts the mozilla.org site + that this script downloads from. - This error could also happen for non-SSPI builds when cryptography is - disabled (CURL_DISABLE_CRYPTO_AUTH is defined). + A future version of this script will probably switch to require a + dedicated "insecure" command line option to allow downloading over HTTP + (or unverified HTTPS). -Patrick Monnerat (20 Jan 2015) -- SASL: make some procedures local-scoped +- LICENSE-MIXING: removed krb4 info + + krb4 has been dropped since a while now -- SASL: common state engine for imap/pop3/smtp +- bump: on the 7.38.1-DEV train now! -- SASL: common URL option and auth capabilities decoders for all protocols +- SSLCERTS: minor updates + + Edited format to look better on the web, added a "it is about trust" + section. -- IMAP/POP3/SMTP: use a per-connection sub-structure for SASL parameters. +Version 7.38.0 (10 Sep 2014) -Daniel Stenberg (20 Jan 2015) -- ipv6: enclose AF_INET6 uses with proper #ifdefs for ipv6 +Daniel Stenberg (10 Sep 2014) +- dist: two cmake files are no more - Reported-by: Chris Young + CMake/FindOpenSSL.cmake and FindZLIB.cmake are gone since 14aa8f0c117b -- [Chris Young brought this change] +- RELEASE-NOTES: final update for 7.38.0 - timeval: typecast for better type (on Amiga) +- cookies: reject incoming cookies set for TLDs - There is an issue with conflicting "struct timeval" definitions with - certain AmigaOS releases and C libraries, depending on what gets - included when. It's a minor difference - the OS one is unsigned, - whereas the common structure has signed elements. If the OS one ends up - getting defined, this causes a timing calculation error in curl. - - It's easy enough to resolve this at the curl end, by casting the - potentially errorneous calculation to a signed long. - -- openssl: do public key pinning check independently + Test 61 was modified to verify this. - ... of the other cert verification checks so that you can set verifyhost - and verifypeer to FALSE and still check the public key. + CVE-2014-3620 - Bug: http://curl.haxx.se/bug/view.cgi?id=1471 - Reported-by: Kyle J. McKay + Reported-by: Tim Ruehsen + URL: http://curl.haxx.se/docs/adv_20140910B.html -Patrick Monnerat (19 Jan 2015) -- OS400: CURLOPT_SSL_VERIFYSTATUS for ILE/RPG too. +- [Tim Ruehsen brought this change] -Steve Holme (18 Jan 2015) -- ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP + cookies: only use full host matches for hosts used as IP address - For consistency with other USE_WIN32_ defines as well as the - USE_OPENLDAP define. - -- http_negotiate: Use dynamic buffer for SPN generation + By not detecting and rejecting domain names for partial literal IP + addresses properly when parsing received HTTP cookies, libcurl can be + fooled to both send cookies to wrong sites and to allow arbitrary sites + to set cookies for others. - Use a dynamicly allocated buffer for the temporary SPN variable similar - to how the SASL GSS-API code does, rather than using a fixed buffer of - 2048 characters. - -- sasl_gssapi: Make Curl_sasl_build_gssapi_spn() public - -- sasl_gssapi: Fixed memory leak with local SPN variable + CVE-2014-3613 + + Bug: http://curl.haxx.se/docs/adv_20140910A.html -Daniel Stenberg (17 Jan 2015) -- http_negotiate.c: unused variable 'ret' +- HISTORY: fix the 1998 title position -Steve Holme (17 Jan 2015) -- gskit.h: Code policing of function pointer arguments +- HISTORY: extended and now markdown -- vtls: Removed unimplemented overrides of curlssl_close_all() +- SSLCERTS: converted to markdown - Carrying on from commit 037cd0d991, removed the following unimplemented - instances of curlssl_close_all(): + Only minor edits to make it generate nice HTML output using markdown, as + this document serves both in source release tarballs as on the web site. - Curl_axtls_close_all() - Curl_darwinssl_close_all() - Curl_cyassl_close_all() - Curl_gskit_close_all() - Curl_gtls_close_all() - Curl_nss_close_all() - Curl_polarssl_close_all() + URL: http://curl.haxx.se/docs/sslcerts.html -- vtls: Separate the SSL backend definition from the API setup +- ftp-wildcard.c: spell fix - Slight code cleanup as the SSL backend #define is mixed up with the API - function setup. + Reported-By: Frank Gevaerts -- vtls: Fixed compilation errors when SSL not used - - Fixed the following warning and error from commit 3af90a6e19 when SSL - is not being used: - - url.c:2004: warning C4013: 'Curl_ssl_cert_status_request' undefined; - assuming extern returning int - - error LNK2019: unresolved external symbol Curl_ssl_cert_status_request - referenced in function Curl_setopt +- RELEASE-NOTES: synced with 921a0c22a6f -- http_negotiate: Added empty decoded challenge message info text +- THANKS: synced with RELEASE-NOTES for 921a0c22a6f -- http_negotiate: Return CURLcode in Curl_input_negotiate() instead of int +- polarassl: avoid memset() when clearing the first byte is enough -- http_negotiate_sspi: Prefer use of 'attrs' for context attributes - - Use the same variable name as other areas of SSPI code. +- [Catalin Patulea brought this change] -- http_negotiate_sspi: Use correct return type for QuerySecurityPackageInfo() + polarssl: support CURLOPT_CAPATH / --capath - Use the SECURITY_STATUS typedef rather than a unsigned long for the - QuerySecurityPackageInfo() return and rename the variable as per other - areas of SSPI code. + Signed-off-by: Catalin Patulea -- http_negotiate_sspi: Use 'CURLcode result' for CURL result code +- SECURITY: eh, make more sense! -- curl_endian: Fixed build when 64-bit integers are not supported (Part 2) - - Missed Curl_read64_be() in commit bb12d44471 :( +- SECURITY: how to join the curl-security list -Daniel Stenberg (16 Jan 2015) -- CURLOPT_SSL_VERIFYSTATUS.3: mention it is added in version 7.41.0 +- RELEASE-NOTES: fix the required nghttp2 version typo -- curlver.h: next release is 7.41.0 due to the changes +- [Brandon Casey brought this change] -- RELEASE-NOTES: mention the new OCSP stapling options, bump version + Ensure progress.size_dl/progress.size_ul are always >= 0 + + Historically the default "unknown" value for progress.size_dl and + progress.size_ul has been zero, since these values are initialized + implicitly by the calloc that allocates the curl handle that these + variables are a part of. Users of curl that install progress + callbacks may expect these values to always be >= 0. + + Currently it is possible for progress.size_dl and progress.size_ul + to by set to a value of -1, if Curl_pgrsSetDownloadSize() or + Curl_pgrsSetUploadSize() are passed a "size" of -1 (which a few + places currently do, and a following patch will add more). So + lets update Curl_pgrsSetDownloadSize() and Curl_pgrsSetUploadSize() + so they make sure that these variables always contain a value that + is >= 0. + + Updates test579 and test599. + + Signed-off-by: Brandon Casey -- opts: add CURLOPT_SSL_VERIFYSTATUS* to docs/Makefile +Steve Holme (7 Sep 2014) +- tests: Added test1420 to the makefile -- help: add --cert-status to --help output +- test1420: Removed unnecessary CURLOPT setting -- copyright years: after OCSP stapling changes +- tests: Added more "Clear Text" authentication keywords -- [Alessandro Ghedini brought this change] +- tests: Updated "based on" text due to email test renumbering - curl: add --cert-status option - - This enables the CURLOPT_SSL_VERIFYSTATUS functionality. +- tests: For consistency added --libcurl to test name -- [Alessandro Ghedini brought this change] +- tests: Added --libcurl for IMAP test case - nss: add support for the Certificate Status Request TLS extension +- multi.c: Avoid invalid memory read after free() from commit 3c8c873252 - Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. - - This requires NSS 3.15 or higher. - -- [Alessandro Ghedini brought this change] + As the current element in the list is free()d by Curl_llist_remove(), + when the associated connection is pending, reworked the loop to avoid + accessing the next element through e->next afterward. - gtls: add support for the Certificate Status Request TLS extension - - Also known as "status_request" or OCSP stapling, defined in RFC6066 section 8. +- multi.c: Fixed compilation warning from commit 3c8c873252 - This requires GnuTLS 3.1.3 or higher to build, however it's recommended to use - at least GnuTLS 3.3.11 since previous versions had a bug that caused the OCSP - response verfication to fail even on valid responses. + warning: implicit conversion from enumeration type 'CURLMcode' to + different enumeration type 'CURLcode' -- [Alessandro Ghedini brought this change] - - url: add CURLOPT_SSL_VERIFYSTATUS option +- url.c: Use CURLAUTH_NONE constant rather than 0 - This option can be used to enable/disable certificate status verification using - the "Certificate Status Request" TLS extension defined in RFC6066 section 8. - - This also adds the CURLE_SSL_INVALIDCERTSTATUS error, to be used when the - certificate status verification fails, and the Curl_ssl_cert_status_request() - function, used to check whether the SSL backend supports the status_request - extension. - -- TheArtOfHttpScripting: skip the date at the top, we have git + Small follow up to commit 898808fa8c to use auth constants rather than + hard code value when clearing picked authentication mechanism. -- TheArtOfHttpScripting: phrase it TLS lib agnostic +- RELEASE-NOTES: Synced with fd1ce3856a -Steve Holme (16 Jan 2015) -- TODO: Added some SMB ideas +Nick Zitzmann (4 Sep 2014) +- [Vilmos Nebehaj brought this change] -- RELEASE-NOTES: Synced with 5f09947d28 + darwinssl: Use CopyCertSubject() to check CA cert. + + SecCertificateCopyPublicKey() is not available on iPhone. Use + CopyCertSubject() instead to see if the certificate returned by + SecCertificateCreateWithData() is valid. + + Reported-by: Toby Peterson -- build-openssl.bat: Added check for Perl installation +Steve Holme (4 Sep 2014) +- RELEASE-NOTES: Clarify email Kerberos support is currently via Windows SSPI -- checksrc.bat: Better detection of Perl installation +Daniel Stenberg (4 Sep 2014) +- MAIL-ETIQUETTE: "1.8 I posted, now what?" -- curl_endian: Fixed build when 64-bit integers are not supported +- CURLOPT_CA*: better refering between *CAINFO and *CAPATH - Bug: http://curl.haxx.se/mail/lib-2015-01/0094.html - Reported-by: John E. Malmberg + ... and a minor wording edit -Daniel Stenberg (15 Jan 2015) -- [Yun SangHo brought this change] - - curl.h: remove extra space +- THANKS: added Dennis Clarke + + Dennis Clarke from Blastwave.org for ensuring that nightly builds run + smooth on Solaris! -- Curl_pretransfer: reset expected transfer sizes +- curl_multi_cleanup: remove superfluous NULL assigns - Reported-by: Mohammad AlSaleh - Bug: http://curl.haxx.se/mail/lib-2015-01/0065.html + ... as the struct is free()d in the end anyway. It was first pointed out + to me that one of the ->msglist assignments were supposed to have been + ->pending but was a copy and paste mistake when I realized none of the + clearing of pointers had to be there. -Marc Hoersken (12 Jan 2015) -- curl_schannel.c: mark session as removed from cache if not freed +- multi: convert CURLM_STATE_CONNECT_PEND handling to a list - If the session is still used by active SSL/TLS connections, it - cannot be closed yet. Thus we mark the session as not being cached - any longer so that the reference counting mechanism in - Curl_schannel_shutdown is used to close and free the session. + ... instead of scanning through all handles, stash only the actual + handles that are in that state in the new ->pending list and scan that + list only. It should be mostly empty or very short. And only used for + pipelining. - Reported-by: Jean-Francois Durand + This avoids a rather hefty slow-down especially notable if you add many + handles to the same multi handle. Regression introduced in commit + 0f147887 (version 7.30.0). + + Bug: http://curl.haxx.se/mail/lib-2014-07/0206.html + Reported-by: David Meyer -Steve Holme (9 Jan 2015) -- RELEASE-NOTES: Synced with d21b66835f +- RELEASE-NOTES: synced with e608324f9f9 -Guenter Knauf (9 Jan 2015) -- Merge pull request #134 from vszakats/mingw-m64 - - add -m64 CFLAGS when targeting mingw64, add -m32/-m64 to LDFLAGS +- [Andre Heinecke brought this change] -- Merge pull request #136 from vszakats/mingw-allow-custom-cflags + polarssl: implement CURLOPT_SSLVERSION - mingw build: allow to pass custom CFLAGS - -Daniel Stenberg (9 Jan 2015) -- NSS: fix compiler error when built http2-enabled + Forwards the setting as minimum ssl version (if set) to polarssl. If + the server does not support the requested version the SSL Handshake will + fail. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1419 -Steve Holme (9 Jan 2015) -- gssapi: Remove need for duplicated GSS_C_NT_HOSTBASED_SERVICE definitions +nickzman (1 Sep 2014) +- Merge pull request #115 from ldx/darwinsslfixpr - Better code reuse and consistency in calls to gss_import_name(). + darwinssl: now accepts cacert bundles in PEM format in addition to single certs -Viktor Szakats (9 Jan 2015) -- mingw build: allow to pass custom CFLAGS +Vilmos Nebehaj (1 Sep 2014) +- Check CA certificate in curl_darwinssl.c. + + SecCertificateCreateWithData() returns a non-NULL SecCertificateRef even + if the buffer holds an invalid or corrupt certificate. Call + SecCertificateCopyPublicKey() to make sure cacert is a valid + certificate. -Daniel Stenberg (8 Jan 2015) -- FTP: if EPSV fails on IPV6 connections, bail out +Daniel Stenberg (31 Aug 2014) +- low-speed-limit: avoid timeout flood - ... instead of trying PASV, since PASV can't work with IPv6. + Introducing Curl_expire_latest(). To be used when we the code flow only + wants to get called at a later time that is "no later than X" so that + something can be checked (and another timeout be added). - Reported-by: Vojtěch Král - -- FTP: fix IPv6 host using link-local address + The low-speed logic for example could easily be made to set very many + expire timeouts if it would be called faster or sooner than what it had + set its own timer and this goes for a few other timers too that aren't + explictiy checked for timer expiration in the code. - ... and make sure we can connect the data connection to a host name that - is longer than 48 bytes. + If there's no condition the code that says if(time-passed >= TIME), then + Curl_expire_latest() is preferred to Curl_expire(). - Also simplifies the code somewhat by re-using the original host name - more, as it is likely still in the DNS cache. + If there exists such a condition, it is on the other hand important that + Curl_expire() is used and not the other. - Original-Patch-by: Vojtěch Král - Bug: http://curl.haxx.se/bug/view.cgi?id=1468 + Bug: http://curl.haxx.se/mail/lib-2014-06/0235.html + Reported-by: Florian Weimer -Steve Holme (8 Jan 2015) -- [Sam Schanken brought this change] +- [Michael Wallner brought this change] - winbuild: Added option to build with c-ares + resolve: cache lookup for async resolvers - Added support for a WITH_CARES option to be used when invoking nmake - via Makefile.vc. This option enables linking against both the DLL and - static versions of the c-ares libraries, as well as the debug and - release varients, depending on the value of DEBUG. The USE_ARES - preprocessor symbol is also defined. - -Guenter Knauf (8 Jan 2015) -- NetWare build: added TLS-SRP enabled build. + While waiting for a host resolve, check if the host cache may have + gotten the name already (by someone else), for when the same name is + resolved by several simultanoues requests. + + The resolver thread occasionally gets stuck in getaddrinfo() when the + DNS or anything else is crappy or slow, so when a host is found in the + DNS cache, leave the thread alone and let itself cleanup the mess. -Steve Holme (8 Jan 2015) -- sasl_gssapi: Fixed build on NetBSD with built-in GSS-API +Vilmos Nebehaj (30 Aug 2014) +- Fix CA certificate bundle handling in darwinssl. - Bug: http://curl.haxx.se/bug/view.cgi?id=1469 - Reported-by: Thomas Klausner + If the --cacert option is used with a CA certificate bundle that + contains multiple CA certificates, iterate through it, adding each + certificate as a trusted root CA. -Viktor Szakats (8 Jan 2015) -- add -m64 clags when targeting mingw64, add -m32/-m64 to LDFLAGS +Daniel Stenberg (29 Aug 2014) +- [Askar Safin brought this change] -Daniel Stenberg (8 Jan 2015) -- bump: start working towards 7.40.1 + getinfo-times: Typo fixed -- THANKS: 14 new contributors from the 7.40.0 release notes +- [Askar Safin brought this change] -Version 7.40.0 (7 Jan 2015) + libcurl.3: Typo fixed -Daniel Stenberg (7 Jan 2015) -- RELEASE-NOTES: version 7.40.0 +- curl_formadd.3: setting CURLFORM_CONTENTSLENGTH 0 zero means strlen -- darwinssl: fix session ID keys to only reuse identical sessions +- curl.1: add an example for -H + +- FAQ: mention -w in the 4.20 answer as well + +- FAQ: 4.20 curl doesn't return error for HTTP non-200 responses + +- CURLOPT_NOBODY.3: clarify this option is for downloads - ...to avoid a session ID getting cached without certificate checking and - then after a subsequent _enabling_ of the check libcurl could still - re-use the session done without cert checks. + When enabling CURLOPT_NOBODY, libcurl effectively switches off upload + mode and will do a download (without a body). This is now better + explained in this man page. - Bug: http://curl.haxx.se/docs/adv_20150108A.html - Reported-by: Marc Hesse + Bug: http://curl.haxx.se/mail/lib-2014-08/0236.html + Reported-by: John Coffey -- tests: make sure CRLFs can't be used in URLs passed to proxy - - Bug: http://curl.haxx.se/docs/adv_20150108B.html +- INTERNALS: nghttp2 must be 0.6.0 or later -- url-parsing: reject CRLFs within URLs - - Bug: http://curl.haxx.se/docs/adv_20150108B.html - Reported-by: Andrey Labunets +- [Tatsuhiro Tsujikawa brought this change] -Steve Holme (7 Jan 2015) -- ldap: Convert attribute output to UTF-8 when Unicode + Compile with latest nghttp2 -- ldap: Convert DN output to UTF-8 when Unicode +Dan Fandrich (26 Aug 2014) +- THANKS: removed a few more duplicates -Daniel Stenberg (7 Jan 2015) -- hostip: remove 'stale' argument from Curl_fetch_addr proto +Daniel Stenberg (26 Aug 2014) +- RELEASE-NOTES: synced with 007242257683a - Also, remove the log output of the resolved name is NOT in the cache in - the spirit of only telling when something is actually happening. + ... and bumped the contributor amount after recount -Steve Holme (7 Jan 2015) -- ldap/imap: Fixed spelling mistake in comments and variable names +- THANKS: added 52 missing contributors - Reported-by: Michael Osipov + I re-ran contributors.sh on all changes since 7.10 and I found these + contributors who are mentioned in the commits but never were added to + THANKS before! + + I also removed a couple of duplicates (mostly due to different + spellings). -Daniel Stenberg (7 Jan 2015) -- RELEASE-NOTES: updated with ./contributors.sh output +- contributors: grep and sort case insensitively -Dan Fandrich (5 Jan 2015) -- curl_multibyte.h: Eliminated some trailing whitespace +- [Michael Osipov brought this change] -Steve Holme (4 Jan 2015) -- RELEASE-NOTES: Synced with ea93252ef1 + configure.ac: Add support for recent GSS-API implementations for HP-UX + + By default, configure script assumes that libcurl will use the + HP-supplied GSS-API implementation which does not have krb5-config. + If a dev needs a more recent version which has that config script, + the change will allow to pass an appropriate GSSAPI_ROOT. -- ldap: Fixed Unicode usage for all Win32 builds +- CONNECT: close proxy connections that fail to CONNECT - Otherwise, the fixes in the previous commits would only be applicable - to IDN and SSPI based builds and not others such as OpenSSL with LDAP - enabled. + This is usually due to failed auth. There's no point in us keeping such + a connection alive since it shouldn't be re-used anyway. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1381 + Reported-by: Marcel Raad -- ldap: Fixed memory leak from commit efb64fdf80 +- RELEASE-NOTES: added two missing HTTP/2 bug fixes + + And renamed all http2 references to HTTP/2 in this file -- ldap: Fix memory leak from commit 3a805c5cc1 +- RELEASE-NOTES: synced with f646e9075f47 -- ldap: Fixed attribute variable warnings when Unicode is enabled - - Use 'TCHAR *' for local attribute variable rather than 'char *'. +- [Jakub Zakrzewski brought this change] -- ldap: Fixed DN variable warnings when Unicode is enabled + Cmake: Possibility to use OpenLDAP, OpenSSL, LibSSH2 on windows - Use 'TCHAR *' for local DN variable rather than 'char *'. + At this point I can build libcurl on windows. It provides at least the same + list of protocols as for linux build and works with our software. -- ldap: Remove the unescape_elements() function - - Due to the recent modifications this function is no longer used. +- [Jakub Zakrzewski brought this change] -- ldap.c: Fixed compilation warning + Cmake: Removed repeated content from ending blocks - ldap.c:98: warning: extra tokens at end of #endif directive + They are unnecesary in modern CMake and removing them improves readability. -- ldap: Fixed support for Unicode filter in Win32 search call +- [Jakub Zakrzewski brought this change] -- ldap.c: Fixed compilation warning + Cmake: Removed some useless empty SET statements. - ldap.c:802: warning: comparison between signed and unsigned integer - expressions + Undefined variables resolve to empty strings and we do not ever test if + the variable is defined thus those SETs are superfluous. -- ldap: Fixed support for Unicode attributes in Win32 search call +- [Jakub Zakrzewski brought this change] -- ldap: Fixed memory leak from commit efb64fdf80 + Cmake: Removed useless comments from CMakeLists.txt - The unescapped DN was not freed after a successful character conversion. + They look like some relics after changes. -- ldap.c: Fixed compilation error - - ldap.c:738: error: macro "LDAP_TRACE" passed 2 arguments, but takes - just 1 +- [Jakub Zakrzewski brought this change] -- ldap.c: Fixed compilation warning + Cmake: Don't check for all headers each time + + One header at a time is the right way. Apart from that the output on + windows goes from: + ... + -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h + -- Looking for include files I:/src/libssh2-1.4.3/include/libssh2.h, ws2tcpip.h + - found + -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins + ock2.h + -- Looking for 3 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins + ock2.h - found + -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi + o.h + -- Looking for 4 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., stdi + o.h - found + -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind + ows.h + -- Looking for 5 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wind + ows.h - found + -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins + ock.h + -- Looking for 6 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., wins + ock.h - found + -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ + filio.h + -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ + filio.h - not found + -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ + ioctl.h + -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ + ioctl.h - not found + -- Looking for 7 include files I:/src/libssh2-1.4.3/include/libssh2.h, ..., sys/ + resource.h + ... + + To much nicer: + ... + -- Looking for ws2tcpip.h + -- Looking for ws2tcpip.h - found + -- Looking for winsock2.h + -- Looking for winsock2.h - found + -- Looking for stdio.h + -- Looking for stdio.h - found + -- Looking for windows.h + -- Looking for windows.h - found + -- Looking for winsock.h + -- Looking for winsock.h - found + -- Looking for sys/filio.h + -- Looking for sys/filio.h - not found + -- Looking for sys/ioctl.h + -- Looking for sys/ioctl.h - not found + -- Looking for sys/resource.h + +- [Jakub Zakrzewski brought this change] + + Cmake: Append OpenSSL include directory to search path - ldap.c:89: warning: extra tokens at end of #endif directive + At this point I can build libcurl with OpenSSL, OpenLDAP and LibSSH2. + Supported protocols are at least: + HTTP, HTTPS, FTP, SFTP, TFTP, LDAP, LDAPS, POP3, SMTP + (those are the ones we have regression tests for + in our product's testsuite) -- ldap: Fixed support for Unicode DN in Win32 search call +- [Jakub Zakrzewski brought this change] -- ldap: Fixed Unicode user and password in Win32 bind calls + Cmake: Search for liblber, LDAP SSL headers, swith for using OpenLDAP code. -- ldap: Fixed Unicode host name in Win32 initialisation calls +- [Jakub Zakrzewski brought this change] -- ldap: Use host.dispname for infof() connection failure messages + Cmake: LibSSH2 detection and use. + +- [Jakub Zakrzewski brought this change] + + Cmake: Moved macros out of the main CMakeLists.txt + +- [Jakub Zakrzewski brought this change] + + Cmake: Added missing protocol-disable switches - As host.name may be encoded use dispname for infof() failure messages. + They already have their defines in config.h. This makes it possible to + disable the protocols from command line during configure step. -- ldap: Prefer 'CURLcode result' for curl result codes +- [Jakub Zakrzewski brought this change] -- ldap: Pass write length in all Curl_client_write() calls + Cmake: Made boolean defines be defined to "1" instead of "ON" - As we get the length for the DN and attribute variables, and we know - the length for the line terminator, pass the length values rather than - zero as this will save Curl_client_write() from having to perform an - additional strlen() call. + It's by convention, for compatibility and because the comments say so. + Just mabe someone have written a test like "#if HAVE_XX==1" -- ldap: Fixed attribute memory leaks on failed client write +- [Jakub Zakrzewski brought this change] + + Cmake: Require at least CMake 2.8. - Fixed memory leaks from commit 086ad79970 as was noted in the commit - comments. + CMake 2.6 is already a bit old. Many bugs have been fixed since + its release. We use 2.8 in our company and we have no intention + of polluting our environment with old software, so 2.6 would + not be tested. This shouldn't be a problem since all one need + to build CMake from source is C and C++ compiler. -- ldap: Fixed DN memory leaks on failed client write +- disconnect: don't touch easy-related state on disconnects - Fixed memory leaks from commit 086ad79970 as was noted in the commit - comments. + This was done to make sure NTLM state that is bound to a connection + doesn't survive and gets used for the subsequent request - but + disconnects can also be done to for example make room in the connection + cache and thus that connection is not strictly related to the easy + handle's current operation. + + The http authentication state is still kept in the easy handle since all + http auth _except_ NTLM is connection independent and thus survive over + multiple connections. + + Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html + Reported-by: Paras S -- curl_ntlm_core.c: Fixed compilation warning from commit 1cb17b2a5d +- curl.1: clarify --limit-rate's effect on both directions - curl_ntlm_core.c:146: warning: passing 'DES_cblock' (aka 'unsigned char - [8]') to parameter of type 'char *' converts - between pointers to integer types with different - sign + Bug: http://curl.haxx.se/bug/view.cgi?id=1414 + Reported-by: teo8976 -- ntlm: Use extend_key_56_to_64() for all cryptography engines +- curl.1: mention the --post30x options within the --location desc + +Dan Fandrich (22 Aug 2014) +- sasl: Fixed a memory leak on OOM + +Daniel Stenberg (22 Aug 2014) +- [Frank Meier brought this change] + + NTLM: ignore CURLOPT_FORBID_REUSE during NTLM HTTP auth - Rather than duplicate the code in setup_des_key() for OpenSSL and in - extend_key_56_to_64() for non-OpenSSL based crypto engines, as it is - the same, use extend_key_56_to_64() for all engines. + Problem: if CURLOPT_FORBID_REUSE is set, requests using NTLM failed + since NTLM requires multiple requests that re-use the same connection + for the authentication to work + + Solution: Ignore the forbid reuse flag in case the NTLM authentication + handshake is in progress, according to the NTLM state flag. + + Fixed known bug #77. + +Steve Holme (22 Aug 2014) +- openssl.c: Fixed longer than 79 columns -- RELEASE-NOTES: Synced with 34f0bd110f +- openssl.c: Fixed compilation warning + + warning: declaration of 'minor' shadows a global declaration -- curl_ntlm_core.c: Fixed compilation warning +Daniel Stenberg (21 Aug 2014) +- [Haris Okanovic brought this change] + + win32: Fixed WinSock 2 #if - curl_ntlm_core.c:458: warning: 'ascii_uppercase_to_unicode_le' defined - but not used + A conditionally compiled block in connect.c references WinSock 2 + symbols, but used `#ifdef HAVE_WINSOCK_H` instead of `#ifdef + HAVE_WINSOCK2_H`. + + Bug: http://curl.haxx.se/mail/lib-2014-08/0155.html -- endian: Fixed bit-shift in 64-bit integer read functions +- Curl_disconnect: don't free the URL - From commit 43792592ca and 4bb5a351b2. + The URL is not a property of the connection so it should not be freed in + the connection disconnect but in the Curl_close() that frees the easy + handle. - Reported-by: Michael Osipov + Bug: http://curl.haxx.se/mail/lib-2014-08/0148.html + Reported-by: Paras S -- smb: Use endian functions for reading NBT and message size values +- help output: minor whitespace edits + + Should've been amended in the previous commit but wasn't due to a + mistake. -- endian: Added big endian read functions +- [Zearin brought this change] -- endian: Added 64-bit integer read function + help output: use ≥2 spaces between option and description + + ... and some other cleanups -- COPYING: Bumped copyright year to 2015 +- FAQ: some actually sometimes get paid... -- version: Bump copyright year to 2015 +Steve Holme (17 Aug 2014) +- sasl_sspi: Fixed a memory leak with the GSSAPI base-64 decoded challenge -- smb.c: Fixed compilation warnings +- sasl_sspi: Renamed GSSAPI mutual authentication parameter - smb.c:780: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - smb.c:781: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign - smb.c:804: warning: passing 'char *' to parameter of type 'unsigned - char *' converts between pointers to integer types with - different sign + ...From "mutual" to "mutual_auth" which better describes what it is. -- smb: Use endian functions for reading length and offset values +- sasl_sspi: Corrected some of the GSSAPI security message error codes + + Corrected a number of the error codes that can be returned from the + Curl_sasl_create_gssapi_security_message() function when things go + wrong. + + It makes more sense to return CURLE_BAD_CONTENT_ENCODING when the + inbound security challenge can't be decoded correctly or doesn't + contain the KERB_WRAP_NO_ENCRYPT flag and CURLE_OUT_OF_MEMORY when + EncryptMessage() fails. Unfortunately the previous error code of + CURLE_RECV_ERROR was a copy and paste mistakes on my part and should + have been correct in commit 4b491c675f :( -- endian: Added 16-bit integer write function +- docs: Escaped single backslash -- endian: Fixed Linux compilation issues +- TODO: Updated following GSSAPI (Kerberos V5) additions - Having files named endian.[c|h] seemed to cause issues under Linux so - renamed them both to have the curl_ prefix in the filenames. + Updated "FTP 4.6 GSSAPI via Windows SSPI" and "SASL 14.1 Other + authentication mechanisms" following recent additions. + + Added SASL 14.2 GSSAPI via GSS-API libraries. -- [Julien Nabet brought this change] +- CURLOPT_USERNAME.3: Added Kerberos V5 and NTLM domain information + + This repeats what has already been documented in both the curl manpage + and CURLOPT_USERPWD documentation but is provided here for completeness + as someone may not especially read the latter when using libcurl. - lib1900.c: Fixed cppcheck error +- CURLOPT_USERPWD.3: Updated following Kerberos V5 SSPI changes - lib1900.c:182: (style) Array index 'handlenum' is used before limits - check + Added information about Kerberos V5 requiring the domain part in the + user name. - Bug: https://github.com/bagder/curl/pull/133 + Mentioned that the user name can be specified in UPN format, and not + just in Down-Level Logon Name format, following the information + added in commit 7679cb3fa8 reworking the exisitng information in the + process. -- endian: Added standard function descriptions +- docs: Added Kerberos V5 and NTLM domain information to --user -- endian: Renamed functions for curl API naming convention +- docs: Added Kerberos V5 to the --user SSPI current credentials usage -- endian: Moved write functions to new module +- sasl_sspi: Tell the server we don't support a GSSAPI receive buffer -- endian: Moved read functions to new module +- smtp: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI -- endian: Introduced endian module - - To allow the little endian functions, currently used in two of the NTLM - source files, to be used by other modules such as the SMB module. +- pop3: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI -- sepheaders.c: Applied curl oding standards +- imap: Added support for GSSAPI (Kerberos V5) authentication via Windows SSPI -- [Julien Nabet brought this change] +- email: Added mutual authentication flag - sepheaders.c: Fixed resource leak on failure +Daniel Stenberg (15 Aug 2014) +- RELEASE-NOTES: synced with 0187c9e11d079 -- vtls: Use '(void) arg' for unused parameters +- http: fix the Content-Range: parser - Prefer void for unused parameters, rather than assigning an argument to - itself as a) unintelligent compilers won't optimize it out, b) it can't - be used for const parameters, c) it will cause compilation warnings for - clang with -Wself-assign and d) is inconsistent with other areas of the - curl source code. - -- smb.c: Fixed compilation warning + ... to handle "*/[total]". Also, removed the strange hack that made + CURLOPT_FAILONERROR on a 416 response after a *RESUME_FROM return + CURLE_OK. - smb.c:586: warning: conversion to 'short unsigned int' from 'int' may - alter its value + Reported-by: Dimitrios Siganos + Bug: http://curl.haxx.se/mail/lib-2014-06/0221.html -- [Bill Nagel brought this change] +Steve Holme (14 Aug 2014) +- email: Introduced the GSSAPI states - smb: Use the connection's upload buffer +- curl_sasl_sspi.c: Fixed more compilation warnings from commit 4b491c675f - Use the connection's upload buffer instead of allocating our own send - buffer. + warning: unused variable 'resp' + + warning: no previous prototype for 'Curl_sasl_gssapi_cleanup' -- RELEASE-NOTES: Synced with 1933f9d33c +- SHA-1: 61c93383b7f6cf79d12ff99e9dced1d1cc2a7064 + + * curl_sasl_sspi.c: Fixed compilation warning from commit 4b491c675f + + warning: declaration of 'result' shadows a previous local -- schannel: Moved the ISC return flag definitions to the SSPI module +- curl_sasl.h: Fixed compilation error from commit 4b491c675f - Moved our Initialize Security Context return attribute definitions to - the SSPI module, as a) these can be used by other SSPI based providers - and b) the ISC required attributes are defined there. + warning: 'struct kerberos5data' declared inside parameter list + + Due to missing forward declaration. -- [Bill Nagel brought this change] +- urldata.h: Fixed compilation warnings from commit 3ec253532e + + warning: extra tokens at end of #endif directive - smb: Close the connection after a failed client write +- sasl_sspi: Added GSSAPI message functions -- darwinssl: Fixed compilation warning +- urldata: Introduced a GSSAPI (Kerberos V5) data structure - vtls.c:683:43: warning: unused parameter 'data' + Added a kerberos5data structure which is similar in nature to the + ntlmdata and negotiatedata structures. -- sockfilt.c: Fixed compilation warnings +- sspi: Moved KERB_WRAP_NO_ENCRYPT from socks_sspi module - sockfilt.c:288: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:291: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:323: warning: conversion to 'DWORD' from 'size_t' may alter - its value - sockfilt.c:326: warning: conversion to 'DWORD' from 'size_t' may alter - its value + In preparation for the upcoming SSPI implementation of GSSAPI + authentication, moved the definition of KERB_WRAP_NO_ENCRYPT from + socks_sspi.c to curl_sspi.h allowing it to be shared amongst other + SSPI based code. -- test1509: Fixed compilation warning +Daniel Stenberg (13 Aug 2014) +- mk-ca-bundle.pl: add missing $ + +- mk-ca-bundle.pl: switched to using hg.mozilla.org - lib1509.c:93:18: warning: conversion to 'long int' from 'size_t' may - alter its value + ... as mxr.mozilla.org is due to be retired. + + The new host doesn't support If-Modified-Since nor ETags, meaning that + the script will now defer to download and do a post-transfer checksum + check to see if a new output is to be generated. The new output format + will hold the SHA1 checksum of the source file for that purpose. + + We call this version 1.22 + + Reported-by: Ed Morley + Bug: http://curl.haxx.se/bug/view.cgi?id=1409 -- test556: Fixed compilation warning +- [Jose Alf brought this change] + + openssl: fix version report for the 0.9.8 branch - lib556.c:90: warning: conversion to 'unsigned int' from 'size_t' may - alter its value + Fixed libcurl to correctly output the newer versions of OpenSSL 0.9.8, + starting from openssl-0.9.8za. -- sasl_gssapi: Fixed use of dummy username with real username +- [Frank Meier brought this change] -- vtls: Fixed compilation warning and an ignored return code + create_conn: prune dead connections - curl_schannel.h:123: warning: right-hand operand of comma expression - has no effect + Bringing back the old functionality that was mistakenly removed when the + connection cache was remade. When creating a new connection, all the + existing ones are checked and those that are known to be dead get + disconnected for real and removed from the connection cache. It helps + the cache from holding on to very many stale connections and aids in + keeping down the number of system sockets in wait states. - Some instances of the curlssl_close_all() function were declared with a - void return type whilst others as int. The schannel version returned - CURLE_NOT_BUILT_IN and others simply returned zero, but in all cases the - return code was ignored by the calling function Curl_ssl_close_all(). + Help-by: Jonatan Vela - For the time being and to keep the internal API consistent, changed all - declarations to use a void return type. + Bug: http://curl.haxx.se/mail/lib-2014-06/0189.html + +Kamil Dudka (11 Aug 2014) +- docs/SSLCERTS: update the section about NSS database - To reduce code we might want to consider removing the unimplemented - versions and use a void #define like schannel does. + Bug: http://curl.haxx.se/mail/lib-2014-07/0335.html + Reported-by: David Shaw -Daniel Stenberg (28 Dec 2014) -- TODO: 2.3 Better support for same name resolves +Daniel Stenberg (11 Aug 2014) +- [Peter Wang brought this change] -Steve Holme (28 Dec 2014) -- test1520: Fixed initial teething problems + Curl_poll + Curl_wait_ms: fix timeout return value - * Missing initialisation of upload status caused a seg fault - * Missing data termination caused corrupt data to be uploaded - * Data verification should be performed in element - * Added missing recipient list cleanup + Curl_poll and Curl_wait_ms require the fix applied to Curl_socket_check + in commits b61e8b8 and c771968: + + When poll or select are interrupted and coincides with the timeout + elapsing, the functions return -1 indicating an error instead of 0 for + the timeout. -- test1520: Fixed compilation errors +Steve Holme (10 Aug 2014) +- config-tpf.h: Fixed up line lengths > 79 characters -- tests: Added test for bug #1456 +- config-symbian.h: Fixed up line lengths > 79 characters -- checksrc.bat: Fixed a problem opening files with spaces in the filename +- tool_hugehelp.c.cvs: Added copyright + + Added copyright due to warning from checksrc.pl. -- openldap: Prefer use of 'CURLcode result' +- RELEASE-NOTES: Synced with cd6ecf6a89 -- openldap: Use 'LDAPMessage *msg' for messages +- sasl_sspi: Fixed hard coded buffer for response generation - This frees up the 'result' variable for CURLcode based result codes. - -- nss: Don't ignore Curl_extract_certinfo() OOM failure + Given the SSPI package info query indicates a token size of 4096 bytes, + updated to use a dynamic buffer for the response message generation + rather than a fixed buffer of 1024 bytes. -- nss: Don't ignore Curl_ssl_init_certinfo() OOM failure +- sasl_sspi: Fixed missing free of challenge buffer on SPN failure -- nss: Use 'CURLcode result' for curl result codes +- http_negotiate_sspi: Tidy up to remove the get_gss_name() function - ...and don't use CURLE_OK in failure/success comparisons. - -- getinfo: Code style policing + Due to the reduction of code in commit 3b924b29 of get_gss_name() the + function isn't necessary anymore. -- getinfo: Use 'CURLcode result' for curl result codes +- http_negotiate_sspi: Use a dynamic buffer for SPN generation + + Updated to use a dynamic buffer for the SPN generation via the recently + introduced Curl_sasl_build_spn() function rather than a fixed buffer of + 1024 characters, which should have been more than enough, but by using + the new function removes the need for another variable sname to do the + wide character conversion in Unicode builds. -- darwinssl: Use 'CURLcode result' for curl result codes +- sasl: Tidy up to rename SPN variable from URI -- polarssl: Use 'CURLcode result' for curl result codes +- sasl: Use a dynamic buffer for SPN generation + + Updated Curl_sasl_create_digest_md5_message() to use a dynamic buffer + for the SPN generation via the recently introduced Curl_sasl_build_spn() + function rather than a fixed buffer of 128 characters. -- docs: Updated following the addition of SASL GSSAPI via GSS-API libraries +- sasl_sspi: Fixed SPN not being converted to wchar under Unicode builds - As this feature has been implemented for 7.40.0. + Curl_sasl_create_digest_md5_message() would simply cast the SPN variable + to a TCHAR when calling InitializeSecurityContext(). This meant that, + under Unicode builds, it would not be valid wide character string. + + Updated to use the recently introduced Curl_sasl_build_spn() function + which performs the correct conversion for us. -- asiohiper.cpp: No need to initialise members of ConnInfo +- sasl: Introduced Curl_sasl_build_spn() for building a SPN - ...as calloc() automatically clears the area of memory with zeros. + Various parts of the libcurl source code build a SPN for inclusion in + authentication data. This information is either used by our own native + generation routines or passed to authentication functions in third-party + libraries such as SSPI. However, some of these instances use fixed + buffers rather than dynamically allocated ones and not all of those that + should, convert to wide character strings in Unicode builds. + + Implemented a common function that generates a SPN and performs the + wide character conversion where necessary. -- asiohiper.cpp: Updated for curl coding standards +- sasl_sspi: Fixed memory leak with not releasing Package Info struct - ...with the exception of the start of block statement curly brackets. + Curl_sasl_create_digest_md5_message() wouldn't free the Package Info + structure after QuerySecurityPackageInfo() had allocated it. -- code/docs: Use correct case for IPv4 and IPv6 +- [Michael Osipov brought this change] + + docs: Update SPNEGO and GSS-API related doc sections - For consistency, as we seem to have a bit of a mixed bag, changed all - instances of ipv4 and ipv6 in comments and documentations to use the - correct case. + Reflect recent changes in SPNEGO and GSS-API code in the docs. + Update them with appropriate namings and remove visible spots for + GSS-Negotiate. -- runtests: Fixed detection of Unix Sockets feature +- sspi: Minor code tidy up to standardise coding style - ...following change in curl --version output. + Following the recent changes and in attempt to align the SSPI based + authentication code performed the following: + + * Use NULL and SECBUFFVERSION rather than hard coded constants. + * Avoid comparison of zero in if statements. + * Standardised the buf and desc setup code. -- code/docs: Use Unix rather than UNIX to avoid use of the trademark +- schannel: Fixed compilation warning in vtls.c - Use Unix when generically writing about Unix based systems as UNIX is - the trademark and should only be used in a particular product's name. + vtls.c:688:43: warning: unused parameter 'data' -- ip2ip.c: Fixed compilation warning when IPv6 Scope ID not supported +- tool_getparam.c: Fixed compilation warning - if2ip.c:119: warning: unused parameter 'remote_scope_id' + warning: `orig_opt' might be used uninitialized in this function + +- RELEASE-NOTES: Synced with 159c3aafd8 + +Daniel Stenberg (8 Aug 2014) +- curl_ntlm_msgs: make < 80 columns wide + +Steve Holme (8 Aug 2014) +- ntlm: Fixed hard coded buffer for SSPI based auth packet generation - ...and some minor code style policing in the same function. + Given the SSPI package info query indicates a token size of 2888 bytes, + and as with the Winbind code and commit 9008f3d56, use a dynamic buffer + for the Type-1 and Type-3 message generation rather than a fixed buffer + of 1024 bytes. -- vtls: Don't set cert info count until memory allocation is successful +- ntlm: Added support for SSPI package info query - Otherwise Curl_ssl_init_certinfo() can fail and set the num_of_certs - member variable to the requested count, which could then be used - incorrectly as libcurl closes down. + Just as with the SSPI implementations of Digest and Negotiate added a + package info query so that libcurl can a) return a more appropriate + error code when the NTLM package is not supported and b) it can be of + use later to allocate a dynamic buffer for the Type-1 and Type-3 + output tokens rather than use a fixed buffer of 1024 bytes. -- vtls: Use CURLcode for Curl_ssl_init_certinfo() return type +Daniel Stenberg (7 Aug 2014) +- http2: added some more logging for debugging stream problems + +- [Tatsuhiro Tsujikawa brought this change] + + HTTP/2: Reset promised stream, not its associated stream. + +- [Tatsuhiro Tsujikawa brought this change] + + HTTP/2: Move :authority before non-pseudo header fields + +- http2: show the received header for better debugging + +- openssl: replace call to OPENSSL_config - The return type for this function was 0 on success and 1 on error. This - was then examined by the calling functions and, in most cases, used to - return CURLE_OUT_OF_MEMORY. + OPENSSL_config() is "strongly recommended" to use but unfortunately that + function makes an exit() call on wrongly formatted config files which + makes it hard to use in some situations. OPENSSL_config() itself calls + CONF_modules_load_file() and we use that instead and we ignore its + return code! - Instead use CURLcode for the return type and return the out of memory - error directly, propagating it up the call stack. + Reported-by: Jan Ehrhardt + Bug: http://curl.haxx.se/bug/view.cgi?id=1401 -- configure: Use camel case for UNIX sockets feature output +Dan Fandrich (7 Aug 2014) +- [Fabian Keil brought this change] + + runtests.pl: Pad test case numbers with up to three zeroes - To match the curl --version output. + Test case numbers with four digits have been available for a + while now. -Marc Hoersken (26 Dec 2014) -- sockfilt.c: Reduce the number of individual memory allocations +Steve Holme (7 Aug 2014) +- docs: Added Negotiate to the SSPI current credentials usage description + +- TODO: HTTP Digest via Windows SSPI + +- TODO: FTP GSSAPI via Windows SSPI + +- http_negotiate_sspi: Fixed specific username and password not working - Merge multiple internal arrays into one, even if some variables - will not not be used. They are all created with the number of - file descriptors as their size. + Bug: http://curl.haxx.se/mail/lib-2014-06/0224.html + Reported-by: Leonardo Rosati + +- http_negotiate_sspi: Fixed endless unauthorized loop in commit 6bc76194e8 - Also fix possible thread handle leak in CloseHandle-loop. + If the server rejects our authentication attempt and curl hasn't + called CompleteAuthToken() then the status variable will be + SEC_I_CONTINUE_NEEDED and not SEC_E_OK. + + As such the existing detection mechanism for determining whether or not + the authentication process has finished is not sufficient. + + However, the WWW-Authenticate: Negotiate header line will not contain + any data when the server has exhausted the negotiation, so we can use + that coupled with the already allocated context pointer. -- sockfilt.c: Replace 100ms sleep with thread throttle +Daniel Stenberg (5 Aug 2014) +- RELEASE-NOTES: synced with 5b37db44a3eb + +Dan Fandrich (5 Aug 2014) +- parsedate.c: fix the return code for an overflow edge condition + +Daniel Stenberg (5 Aug 2014) +- [Toby Peterson brought this change] + + darwinssl: don't use strtok() - Improves performance of test cases 574 and 575 by 50%. + The GetDarwinVersionNumber() function uses strtok, which is not + thread-safe. + +- Curl_ossl_version: adapted to detect BoringSSL - A value of zero causes the thread to relinquish the remainder - of its time slice to any other thread of equal priority that is - ready to run. If there are no other threads of equal priority - ready to run, the function returns immediately, and the thread - continues execution. + This seems to be the way it should work. Right now we can't build with + BoringSSL and try this out properly due to a minor API breakage. + +- Curl_ossl_version: detect and show libressl - http://msdn.microsoft.com/library/windows/desktop/ms686307.aspx + LibreSSL is otherwise OpenSSL API compliant (so far) -Steve Holme (25 Dec 2014) -- tool_help: Use camel case for UNIX sockets feature output +- [Tatsuhiro Tsujikawa brought this change] + + HTTP/2: Fix infinite loop in readwrite_data() - In line with the other features listed in the --version output, - capitalise the UNIX socket feature. + To prevent infinite loop in readwrite_data() function when stream is + reset before any response body comes, reset closed flag to false once + it is evaluated to true. -- vtls: Use bool for Curl_ssl_getsessionid() return type +Dan Fandrich (3 Aug 2014) +- gtls: only define Curl_gtls_seed if Nettle is not being used + +- ssl: provide Curl_ssl_backend even if no SSL library is available + +Daniel Stenberg (2 Aug 2014) +- [Tatsuhiro Tsujikawa brought this change] + + HTTP2: Support expect: 100-continue - The return type of this function is a boolean value, and even uses a - bool internally, so use bool in the function declaration as well as - the variables that store the return value, to avoid any confusion. + "Expect: 100-continue", which was once deprecated in HTTP/2, is now + resurrected in HTTP/2 draft 14. This change adds its support to + HTTP/2 code. This change also includes stricter header field + checking. -- schannel: Minor code style policing for casts +- CURLOPT_SSL_VERIFYPEER.3. add a warning about disabling it -- schannel: Prefer 'CURLcode result' for curl result codes +- FEATURES: minor update -- cyassl: Prefer 'CURLcode result' for curl result codes +- openssl: make ossl_send return CURLE_OK better + + Previously it only returned a CURLcode for errors, which is when it + returns a different size than what was passed in to it. + + The http2 code only checked the curlcode and thus failed. -- tool_xattr: Use 'CURLcode result' for curl result codes +- RELEASE-NOTES: synced with 7bb4c8cadb5d0 -- curl_ntlm_core.c: Fixed compilation warnings +- [Michael Wallner brought this change] + + CURLOPT_HEADEROPT.3: typo: do -> to + +- [Marcel Raad brought this change] + + schannel: use CryptGenRandom for random numbers - curl_ntlm_core.c:301: warning: pointer targets in passing argument 2 of - 'CryptImportKey' differ in signedness - curl_ntlm_core.c:310: warning: passing argument 6 of 'CryptEncrypt' from - incompatible pointer type - curl_ntlm_core.c:540: warning: passing argument 4 of 'CryptGetHashParam' - from incompatible pointer type + This function is available for every Windows version since Windows 95/NT. + + reference: + http://msdn.microsoft.com/en-us/library/windows/desktop/aa379942.aspx -- RELEASE-NOTES: Synced with 8830df8b66 +- curl_version_info.3: 'ssl_version_num' is always 0 + + ... and has been so since 2005 -- gtls: Use preferred 'CURLcode result' +- ssl: generalize how the ssl backend identifier is set + + Each backend now defines CURL_SSL_BACKEND accordingly. Added the *AXTLS + one which was missing previously. + +Dan Fandrich (31 Jul 2014) +- axtls: define curlssl_random using axTLS's PRNG + +- cyassl: fix the test for ASN_NO_SIGNER_E + + It's an enum so a macro test won't work. The CyaSSL changelog doesn't + say exactly when this error code was introduced, but it's likely + to be 2.7.0. + +- cyassl: use RNG_GenerateBlock to generate a good random number + +- opts: fixed some typos -- openldap: Use standard naming for setup connection function +- smtp: fixed a segfault during test 1320 torture test - Renamed ldap_setup() to ldap_setup_connection() to follow more widely - used function naming. + Under these circumstances, the connection hasn't been fully established + and smtp_connect hasn't been called, yet smtp_done still calls the state + machine which dereferences the NULL conn pointer in struct pingpong. -- rtmp: Use standard naming for setup connection function +Daniel Stenberg (30 Jul 2014) +- vtls: repair build without TLS support - Renamed rtmp_setup() to rtmp_setup_connection() to follow more widely - used function naming. + ... by defining Curl_ssl_random() properly -- smb: Use standard naming for setup connection function +- polarssl: provide a (weak) random function - Renamed smb_setup() to smb_setup_connection() to follow more widely - used function naming. + This now provides a weak random function since PolarSSL doesn't have a + quick and easy way to provide a good one. It does however provide the + framework to make one so it _can_ and _should_ be done... -- config-win32.h: Fixed line length > 79 columns +- [Michael Wallner brought this change] -- openssl: Prefer we don't use NULL in comparisons + curl_tlsinfo -> curl_tlssessioninfo -- build: Removed WIN32 definition from the Visual Studio projects +- cyassl: use the default (weeker) random - As this pre-processor definition is defined in curl_setup.h there is no - need to include it in the Visual Studio project files. + I couldn't find any dedicated function in its API to get a "good" random + with. -- build: Removed WIN64 definition from the libcurl Visual Studio projects - - Removed the WIN64 pre-processor definition from the libcurl project - files as: +- cyassl: made it compile with version 2.0.6 again - * WIN64 is not used in our source code - * The curl projects files don't define it - * It isn't required by or used in the platform SDK - * For backwards compatability curl_setup.h defines WIN32 - * The compiler automatically defines _WIN64 for x64 builds + ASN_NO_SIGNER_E didn't exist back then! + +- vtls: make the random function mandatory in the TLS backend - Historically Visual Studio projects have defined WIN32, in addition to - the compiler defined _WIN32 definition, and I had incorrectly changed - that to WIN64 for the x64 libcurl builds but not in the curl projects. + To force each backend implementation to really attempt to provide proper + random. If a proper random function is missing, then we can explicitly + make use of the default one we use when TLS support is missing. - As such, it is questionable whether this should be defined or not. For - more information see the following cache of a discussion that took - place on the microsoft.public.vc.mfc newsgroup: + This commit makes sure it works for darwinssl, gnutls, nss and openssl. + +- libcurl.m4: include the standard source header - http://www.tech-archive.net/Archive/VC/microsoft.public.vc.mfc/2008-06/msg00074.html + ... with permission from David Shaw -- openssl.c Fix for compilation errors with older versions of OpenSSL +Kamil Dudka (28 Jul 2014) +- nss: do not check the version of NSS at run time - openssl.c:1408: error: 'TLS1_1_VERSION' undeclared - openssl.c:1411: error: 'TLS1_2_VERSION' undeclared + The minimal required version of NSS is 3.14.x so it does not make sense + to check for NSS 3.12.0+ at run time. -Daniel Stenberg (22 Dec 2014) -- [John Malmberg brought this change] +Daniel Stenberg (28 Jul 2014) +- [Anthon Pang brought this change] - Fix comment edit in vms/backup_gnv_curl_src.com + curl.h: bring back CURLE_OBSOLETE16 - packages/vms/backup_gnv_curl_src.com: Originally copied from Bash port. - -- curl: show size of inhibited data when using -v + Removing defines, even obsolete ones that haven't been used for a very + long time, still break a lot of applications. - To offer some more info and yet it doesn't use more lines. + Bug: https://github.com/bagder/curl/pull/106 -- openssl: fix SSL/TLS versions in verbose output +Dan Fandrich (26 Jul 2014) +- [Fabian Keil brought this change] -- openssl: make it compile against openssl 1.1.0-DEV master branch + tests: Fix a couple of incomplete response lines -Marc Hoersken (22 Dec 2014) -- sshserver.pl: clarify and streamline variable names +- [Fabian Keil brought this change] -Daniel Stenberg (21 Dec 2014) -- openssl: warn for SRP set if SSLv3 is used, not for TLS version - - ... as it requires TLS and it was was left to warn on the default from - when default was SSL... + runtests.pl: Remove filteroff() which hasn't been used since 2001 -- smb: use memcpy() instead of strncpy() +- [Fabian Keil brought this change] + + runtests.pl: Don't expect $TESTDIR/DISABLED to exist - ... as it never copies the trailing zero anyway and always just the four - bytes so let's not mislead anyone into thinking it is actually treated - as a string. + If a non-standard $TESTDIR is used the file may not be necessary. - Coverity CID: 1260214 + Previously a "missing" file resulted in the warning: + readline() on closed filehandle D at ./runtests.pl line 4940. -- [John E. Malmberg brought this change] +- [Fabian Keil brought this change] - VMS: Updates for 0740-0D1220 + getpart.pm: Fix a comment typo + +Daniel Stenberg (25 Jul 2014) +- c-ares: fix build without IPv6 support - lib/setup-vms.h : VAX HP OpenSSL port is ancient, needs help. - More defines to set symbols to uppercase. + Bug: http://curl.haxx.se/mail/lib-2014-07/0337.html + Reported-by: Spork Schivago + +- Curl_base64url_encode: unit-tested in 1302 + +- base64: added Curl_base64url_encode() - src/tool_main.c : Fix parameter to vms_special_exit() call. + This is now used by the http2 code. It has two different symbols at the + end of the base64 table to make the output "url safe". - packages/vms/ : - backup_gnv_curl_src.com : Fix the error message to have the correct package. + Bug: https://github.com/tatsuhiro-t/nghttp2/issues/62 + +- [Marcel Raad brought this change] + + SSPI Negotiate: Fix 3 memory leaks - build_curl-config_script.com : Rewrite to be more accurate. + Curl_base64_decode allocates the output string by itself and two other + strings were not freed either. + +- symbols: CURL_VERSION_GSSNEGOTIATE is deprecated + +- test1013.pl: GSS-Negotiate doesn't exist as a feature anymore + +- [Sergey Nikulov brought this change] + + libtest: fixed duplicated line in Makefile - build_libcurl_pc.com : Use tool_version.h now. + Bug: https://github.com/bagder/curl/pull/105 + +Patrick Monnerat (23 Jul 2014) +- GSSAPI: remove useless *_MECHANISM defines. + +Daniel Stenberg (23 Jul 2014) +- findprotocol: show unsupported protocol within quotes - build_vms.com : Fix to handle lib/vtls directory. + ... to aid when for example prefixed with a space or other weird + character. + +Patrick Monnerat (23 Jul 2014) +- GSSAPI: private export mechanisms OIDs. OS400: Make RPG binding up to date. + +Daniel Stenberg (23 Jul 2014) +- [Marcel Raad brought this change] + + conncache: fix compiler warning - curl_gnv_build_steps.txt : Updated build procedure documentation. + warning C4267: '=' : conversion from 'size_t' to 'long', possible loss + of data - generate_config_vms_h_curl.com : - * VAX does not support 64 bit ints, so no NTLM support for now. - * VAX HP SSL port is ancient, needs some help. - * Disable NGHTTP2 for now, not ported to VMS. - * Disable UNIX_SOCKETS, not available on VMS yet. - * HP GSSAPI port does not have gss_nt_service_name. + The member connection_id of struct connectdata is a long (always a + 32-bit signed integer on Visual C++) and the member next_connection_id + of struct conncache is a size_t, so one of them should be changed to + match the other. - gnv_link_curl.com : Update for new curl structure. + This patch the size_t in struct conncache to long (the less invasive + change as that variable is only ever used in a single code line). - pcsi_product_gnv_curl.com : Set up to optionally do a complete build. + Bug: http://curl.haxx.se/bug/view.cgi?id=1399 -Marc Hoersken (21 Dec 2014) -- sockfilt.c: use non-Ex functions that are available before WinXP - - It was initially reported by Guenter that GetFileSizeEx - requires (_WIN32_WINNT >= 0x0500) to be true. +- RELEASE-NOTES: synced with 81cd24adb8b -- tests: use Cygwin-style paths in SSH, SSHD and SFTP config files +- http2: more and better error checking - Second patch to enable Windows support using Cygwin-based OpenSSH. + 1 - fixes the warnings when built without http2 support - Tested with CopSSH 5.0.0 free edition using an msys shell on Windows 7. + 2 - adds CURLE_HTTP2, a new error code for errors detected by nghttp2 + basically when they are about http2 specific things. -- tests: support spaces in paths to SSH, SSHD and SFTP binaries +Dan Fandrich (23 Jul 2014) +- cyassl.c: return the correct error code on no CA cert - First patch to enable Windows support using Cygwin-based OpenSSH. + CyaSSL 3.0.0 returns a unique error code if no CA cert is available, + so translate that into CURLE_SSL_CACERT_BADFILE when peer verification + is requested. -Steve Holme (20 Dec 2014) -- non-ascii: Reduce variable usage - - Removed 'next' variable in Curl_convert_form(). Rather than setting it - from 'form->next' and using that to set 'form' after the conversion - just use 'form = form->next' instead. +Daniel Stenberg (23 Jul 2014) +- symbols-in-versions: new SPNEGO/GSS-API symbols in 7.38.0 -- non-ascii: Prefer while loop rather than a do loop +- test1013.pl: remove SPNEGO/GSS-API tweaks - This also removes the need to check that the 'form' argument is valid. + No longer necessary after Michael Osipov's rework -- non-ascii: Reduce variable scope - - As 'result' isn't used out side the conversion callback code and - previously caused variable shadowing in the libiconv based code. +- http_negotiate: remove unused variable -- non-ascii: We prefer 'CURLcode result' - - This also fixes a variable shadowing issue when HAVE_ICONV is defined - as rc was declared for the result code of libiconv based functions. +- [Michael Osipov brought this change] -Marc Hoersken (19 Dec 2014) -- secureserver.pl: clean up formatting of config and fix verbose output - - Verbose output was not matching the actual configuration file, - because FIPS and Windows conditions were ignored. + docs: Improve inline GSS-API naming in code documentation -- secureserver.pl: update Windows detection and fix path conversion +- [Michael Osipov brought this change] -- secureserver.pl: make OpenSSL CApath and cert absolute path values + curl.h/features: Deprecate GSS-Negotiate macros due to bad naming - Recent stunnel versions (5.08) seem to have trouble with relative - paths on Windows. This turns the relative paths into absolute ones. + - Replace CURLAUTH_GSSNEGOTIATE with CURLAUTH_NEGOTIATE + - CURL_VERSION_GSSNEGOTIATE is deprecated which + is served by CURL_VERSION_SSPI, CURL_VERSION_GSSAPI and + CURUL_VERSION_SPNEGO now. + - Remove display of feature 'GSS-Negotiate' -Patrick Monnerat (18 Dec 2014) -- if2ip: dummy scope parameter for Curl_if2ip() call in SIOCGIFADDR-enabled code. +- [Michael Osipov brought this change] -- [Kyle J. McKay brought this change] + configure/features: Add feature and version info for GSS-API and SPNEGO - parseurlandfillconn(): fix improper non-numeric scope_id stripping. - Fixes SF bug 1149: http://sourceforge.net/p/curl/bugs/1449/ +- [Michael Osipov brought this change] -- IPV6: address scope != scope id - There was a confusion between these: this commit tries to disambiguate them. - - Scope can be computed from the address itself. - - Scope id is scope dependent: it is currently defined as 1-based local - interface index for link-local scoped addresses, and as a site index(?) for - (obsolete) site-local addresses. Linux only supports it for link-local - addresses. - The URL parser properly parses a scope id as an interface index, but stores it - in a field named "scope": confusion. The field has been renamed into "scope_id". - Curl_if2ip() used the scope id as it was a scope. This caused failures - to bind to an interface. - Scope is now computed from the addresses and Curl_if2ip() matches them. - If redundantly specified in the URL, scope id is check for mismatch with - the interface index. + HTTP: Remove checkprefix("GSS-Negotiate") - This commit should fix SF bug #1451. + That auth mech has never existed neither on MS nor on Unix side. + There is only Negotiate over SPNEGO. -- connect: singleipconnect(): properly try other address families after failure +- [Michael Osipov brought this change] -Daniel Stenberg (16 Dec 2014) -- SFTP: work-around servers that return zero size on STAT + curl_gssapi: Add macros for common mechs and pass them appropriately - Bug: http://curl.haxx.se/mail/lib-2014-12/0103.html - Pathed-by: Marc Renault + Macros defined: KRB5_MECHANISM and SPNEGO_MECHANISM called from + HTTP, FTP and SOCKS on Unix -- glob_next_url: make the loop count upwards +- CONNECT: Revert Curl_proxyCONNECT back to 7.29.0 design - As the former contruct apparently caused a compiler warning, mentioned - in d8efde07e556c. + This reverts commit cb3e6dfa3511 and instead fixes the problem + differently. + + The reverted commit addressed a test failure in test 1021 by simplifying + and generalizing the code flow in a way that damaged the + performance. Now we modify the flow so that Curl_proxyCONNECT() again + does as much as possible in one go, yet still do test 1021 with and + without valgrind. It failed due to mistakes in the multi state machine. + + Bug: http://curl.haxx.se/bug/view.cgi?id=1397 + Reported-by: Paul Saab -- tool_operate: we prefer 'CURLcode result' +- [Marcel Raad brought this change] -- tool_urlglob: unify return codes to use CURLcode + url.c: use the preferred symbol name: *READDATA - There was a mix of GlobCode, CURLcode and ints and they were mostly - passing around CURLcode errors. This change makes the functions use only - CURLcode and removes the GlobCode type completely. - -- tool_urlglob.c: partly reverse dc19789444 + with CURL_NO_OLDIES defined, it doesn't compile because this deprecated + symbol (*INFILE) is used - The loop in glob_next_url() needs to be done backwards to maintain the - logic. dc19789444 caused test 1235 to fail. + Bug: http://curl.haxx.se/bug/view.cgi?id=1398 -- KNOWN_BUGS: the SFTP code doesn't support CURLINFO_FILETIME +Dan Fandrich (19 Jul 2014) +- [Alessandro Ghedini brought this change] -- [Jay Satiro brought this change] + CURLOPT_CHUNK_BGN_FUNCTION: fix typo - opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS +Kamil Dudka (18 Jul 2014) +- [Alessandro Ghedini brought this change] + + build: link curl to NSS libraries when NSS support is enabled - Change CURLOPT_TIMEOUT doc to warn that if CURLOPT_TIMEOUT and - CURLOPT_TIMEOUT_MS are both set whichever one is set last is the one - that will be used. + This fixes a build failure on Debian caused by commit + 24c3cdce88f39731506c287cb276e8bf4a1ce393. - Prior to this change that behavior was only noted in the - CURLOPT_TIMEOUT_MS doc. + Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html -Nick Zitzmann (15 Dec 2014) -- darwinssl: fix incorrect usage of aprintf() +Steve Holme (17 Jul 2014) +- build: Removed unnecessary XML Documentation file directive from VC8 to VC12 - Commit b13923f changed an snprintf() to use aprintf(), but the API usage - wasn't correct, and was causing a crash to occur. This fixes it. + The curl tool project files for VC8 to VC12 would set this setting to + $(IntDir) which is the Visual Studio default value. To avoid confusion + when viewing settings from within Visual Studio and for consistency + with the libcurl project files removed this setting. + + Conflicts: + projects/Windows/VC10/src/curlsrc.tmpl + projects/Windows/VC11/src/curlsrc.tmpl + projects/Windows/VC12/src/curlsrc.tmpl + projects/Windows/VC8/src/curlsrc.tmpl + projects/Windows/VC9/src/curlsrc.tmpl -Steve Holme (14 Dec 2014) -- copyright: Updated the copyright year following recent updates +- build: Removed unnecessary Precompiled Header file directive in VC7 to VC12 + + The curl tool project files for VC7 to VC12 would set this settings to + $(IntDir)$(TargetName).pch which is the Visual Studio default value. To + avoid confusion when viewing settings from within Visual Studio and for + consistency with the libcurl project files removed this setting. + + Conflicts: + projects/Windows/VC10/src/curlsrc.tmpl + projects/Windows/VC11/src/curlsrc.tmpl + projects/Windows/VC12/src/curlsrc.tmpl + projects/Windows/VC8/src/curlsrc.tmpl + projects/Windows/VC9/src/curlsrc.tmpl -Daniel Stenberg (14 Dec 2014) -- tool_urlglob.c: reverse two loops +- build: Removed unnecessary ASM and Object file directives in VC7 to VC12 - By counting from 0 and up instead of backwards like before, we remove - the need for the "funny" check of the unsigned variable when decreased - passed zero. Easier to read and less risk for compiler warnings. + The curl tool project files for VC7 to VC12 would set these settings to + $(IntDir) which is the Visual Studio default value. To avoid confusion + when viewing settings from within Visual Studio and for consistency + with the libcurl project files removed these two settings. -Marc Hoersken (14 Dec 2014) -- tool_urlglob.c: Added braces to clarify the conditions +Daniel Stenberg (17 Jul 2014) +- [Dave Reisner brought this change] -- tool_urlglob.c: Silence warning C6293: Ill-defined for-loop + src/Makefile.am: add .DELETE_ON_ERROR - The >= 0 is actually not required, since i underflows and - the for-loop is stopped using the < condition, but this - makes the VS2012 compiler and code analysis happy. - -- tool_binmode.c: Explicitly ignore the return code of setmode + This prevents targets like tool_hugehelp.c from leaving around + half-constructed files if the rule fails with GNU make. - Fixes code analysis warning C6031: - return value ignored: could return unexpected value + Reported-by: Rafaël Carré -- lib: Fixed multiple code analysis warnings if SAL are available - - warning C28252: Inconsistent annotation for function: - parameter has another annotation on this instance +- THANKS: added new contributors from 7.37.1 announcement -Steve Holme (14 Dec 2014) -- smb.c: Fixed code analysis warning +Dan Fandrich (17 Jul 2014) +- testcurl.pl: log the value of --runtestopts in the test header + +Daniel Stenberg (16 Jul 2014) +- RELEASE-NOTES: cleared, working towards next release + +- curl_gssapi.c: make line shorter than 80 columns + +- [David Woodhouse brought this change] + + Fix negotiate auth to proxies to track correct state + +- [David Woodhouse brought this change] + + Don't abort Negotiate auth when the server has a response for us - smb.c:320: warning C6297: Arithmetic overflow: 32-bit value is shifted, - then cast to 64-bit value. Result may not be an expected - value + It's wrong to assume that we can send a single SPNEGO packet which will + complete the authentication. It's a *negotiation* — the clue is in the + name. So make sure we handle responses from the server. + + Curl_input_negotiate() will already handle bailing out if it thinks the + state is GSS_S_COMPLETE (or SEC_E_OK on Windows) and the server keeps + talking to us, so we should avoid endless loops that way. -Marc Hoersken (14 Dec 2014) -- tool_util.c: Use GetTickCount64 if it is available +- [David Woodhouse brought this change] -Steve Holme (14 Dec 2014) -- smb: Use HAVE_PROCESS_H for process.h inclusion + Don't clear GSSAPI state between each exchange in the negotiation - Rather than testing against _WIN32 use the preferred HAVE_PROCESS_H - pre-processor define when including process.h. + GSSAPI doesn't work very well if we forget everything ever time. + + XX: Is Curl_http_done() the right place to do the final cleanup? -Daniel Stenberg (14 Dec 2014) -- darwinssl: aprintf() to allocate the session key +- [David Woodhouse brought this change] + + Use SPNEGO for HTTP Negotiate - ... to avoid using a fixed memory size that risks being too large or too - small. + This is the correct way to do SPNEGO. Just ask for it + + Now I correctly see it trying NTLMSSP authentication when a Kerberos ticket + isn't available. Of course, we bail out when the server responds with the + challenge packet, since we don't expect that. But I'll fix that bug next... -Marc Hoersken (14 Dec 2014) -- curl_schannel: Improvements to memory re-allocation strategy +- [David Woodhouse brought this change] + + Remove all traces of FBOpenSSL SPNEGO support - - do not grow memory by doubling its size - - do not leak previously allocated memory if reallocation fails - - replace while-loop with a single check to make sure - that the requested amount of data fits into the buffer + This is just fundamentally broken. SPNEGO (RFC4178) is a protocol which + allows client and server to negotiate the underlying mechanism which will + actually be used to authenticate. This is *often* Kerberos, and can also + be NTLM and other things. And to complicate matters, there are various + different OIDs which can be used to specify the Kerberos mechanism too. + + A SPNEGO exchange will identify *which* GSSAPI mechanism is being used, + and will exchange GSSAPI tokens which are appropriate for that mechanism. + + But this SPNEGO implementation just strips the incoming SPNEGO packet + and extracts the token, if any. And completely discards the information + about *which* mechanism is being used. Then we *assume* it was Kerberos, + and feed the token into gss_init_sec_context() with the default + mechanism (GSS_S_NO_OID for the mech_type argument). + + Furthermore... broken as this code is, it was never even *used* for input + tokens anyway, because higher layers of curl would just bail out if the + server actually said anything *back* to us in the negotiation. We assume + that we send a single token to the server, and it accepts it. If the server + wants to continue the exchange (as is required for NTLM and for SPNEGO + to do anything useful), then curl was broken anyway. + + So the only bit which actually did anything was the bit in + Curl_output_negotiate(), which always generates an *initial* SPNEGO + token saying "Hey, I support only the Kerberos mechanism and this is its + token". - Bug: http://curl.haxx.se/bug/view.cgi?id=1450 - Reported-by: Warren Menzer + You could have done that by manually just prefixing the Kerberos token + with the appropriate bytes, if you weren't going to do any proper SPNEGO + handling. There's no need for the FBOpenSSL library at all. + + The sane way to do SPNEGO is just to *ask* the GSSAPI library to do + SPNEGO. That's what the 'mech_type' argument to gss_init_sec_context() + is for. And then it should all Just Work™. + + That 'sane way' will be added in a subsequent patch, as will bug fixes + for our failure to handle any exchange other than a single outbound + token to the server which results in immediate success. -Steve Holme (14 Dec 2014) -- asyn-ares: We prefer use of 'CURLcode result' +- [David Woodhouse brought this change] -Marc Hoersken (14 Dec 2014) -- curl_schannel.c: Data may be available before connection shutdown + ntlm_wb: Avoid invoking ntlm_auth helper with empty username -Steve Holme (14 Dec 2014) -- http2: Use 'CURLcode result' for curl result codes +- [David Woodhouse brought this change] -- asyn-thread: We prefer 'CURLcode result' + ntlm_wb: Fix hard-coded limit on NTLM auth packet size + + Bumping it to 1KiB in commit aaaf9e50ec is all very well, but having hit + a hard limit once let's just make it cope by reallocating as necessary. -- smb: Fixed unnecessary initialisation of struct member variables +Version 7.37.1 (16 Jul 2014) + +Daniel Stenberg (16 Jul 2014) +- RELEASE-NOTES: synced with 4cb2521595 + +- test506: verify aa6884845168 - There is no need to set the 'state' and 'result' member variables to - SMB_REQUESTING (0) and CURLE_OK (0) after the allocation via calloc() - as calloc() initialises the contents to zero. + After the fixed cookie lock deadlock, this test now passes and it + detects double-locking and double-unlocking of mutexes. -- ntlm: Fixed return code for bad type-2 Target Info +- [Yousuke Kimoto brought this change] + + cookie: avoid mutex deadlock - Use CURLE_BAD_CONTENT_ENCODING for bad type-2 Target Info security - buffers just like we do for bad decodes. + ... by removing the extra mutex locks around th call to + Curl_flush_cookies() which takes care of the locking itself already. + + Bug: http://curl.haxx.se/mail/lib-2014-02/0184.html -- ntlm: Remove unnecessary casts in readshort_le() +- gnutls: fix compiler warning - I don't think both of my fix ups from yesterday were needed to fix the - compilation warning, so remove the one that I think is unnecessary and - let the next Android autobuild prove/disprove it. + conversion to 'int' from 'long int' may alter its value -- curl_ntlm_msgs.c: Another attempt to fix compilation warning +Dan Fandrich (15 Jul 2014) +- test320: strip off the actual negotiated cipher width - curl_ntlm_msgs.c:170: warning: conversion to 'short unsigned int' from - 'int' may alter its value + It's irrelevant to the test, and will change depending on which SSL + library is being used by libcurl. -Guenter Knauf (13 Dec 2014) -- synctime.c: added own user-agent string. +- gnutls: detect lack of SRP support in GnuTLS at run-time and try without + + Reported-by: David Woodhouse -Steve Holme (13 Dec 2014) -- smb.c: Fixed line longer than 79 columns +Daniel Stenberg (14 Jul 2014) +- [Michał Górny brought this change] -- curl_ntlm_msgs.c: Fixed compilation warning from commit 783b5c3b11 + configure: respect host tool prefix for krb5-config - curl_ntlm_msgs.c:169: warning: conversion to 'short unsigned int' from - 'int' may alter its value + Use ${host_alias}-krb5-config if available. This improves cross- + compilation support and fixes multilib on Gentoo (at least). -Guenter Knauf (13 Dec 2014) -- mk-ca-bundle.pl: restored forced run again. +- [David Woodhouse brought this change] -- synctime.c: removed another timeserver URL. + gnutls: handle IP address in cert name check - worldtimeserver.com seems also no longer available. + Before GnuTLS 3.3.6, the gnutls_x509_crt_check_hostname() function + didn't actually check IP addresses in SubjectAltName, even though it was + explicitly documented as doing so. So do it ourselves... -- synctime.c: fixed timeserver URLs. - - For getting the date header its not necessary to access special - pages or even CGI scripts - all pages including the main index - reply with the date header, therefore shortened URLs to domain. - Removed worldtime.com; added pool.ntp.org. +Dan Fandrich (14 Jul 2014) +- build: set _POSIX_PTHREAD_SEMANTICS on Solaris to get proper getpwuid_r -Steve Holme (13 Dec 2014) -- ftp.c: Fixed compilation warning when no verbose string support - - ftp.c:819: warning: unused parameter 'lineno' +Daniel Stenberg (14 Jul 2014) +- RELEASE-NOTES: next one is called 7.37.1 -- smb: Added state change functions to assist with debugging +Dan Fandrich (13 Jul 2014) +- gnutls: improved error message if setting cipher list fails - For debugging purposes, and as per other protocols within curl, added - state change functions rather than changing the states directly. + Reported-by: David Woodhouse -- ntlm: Use short integer when decoding 16-bit values +- netrc: fixed thread safety problem by using getpwuid_r if available + + The old way using getpwuid could cause problems in programs that enable + reading from netrc files simultaneously in multiple threads. + + Reported-by: David Woodhouse -- RELEASE-NOTES: Synced with 6291a16b20 +- RELEASE-NOTES: add the reporter of the previous bug fix -- smtp.c: Fixed compilation warnings +- netrc: treat failure to find home dir same as missing netrc file - smtp.c:2357 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - smtp.c:2375 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string - smtp.c:2386 warning: adding 'size_t' (aka 'unsigned long') to a string - does not append to the string + This previously caused a fatal error (with a confusing error code, at + that). - Used array index notation instead. + Reported by: Glen A Johnson Jr. -- smb: Disable SMB when 64-bit integers are not supported - - This fixes compilation issues with compilers that don't support 64-bit - integers through long long or __int64. +Steve Holme (12 Jul 2014) +- RELEASE-NOTES: Synced with aaaf9e50ec -- ntlm: Disable NTLM v2 when 64-bit integers are not supported +- ntlm_wb: Fixed buffer size not being large enough for NTLMv2 sessions - This fixes compilation issues with compilers that don't support 64-bit - integers through long long or __int64 which was introduced in commit - 07b66cbfa4. + Bug: http://curl.haxx.se/mail/lib-2014-07/0103.html + Reported-by: David Woodhouse -- ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined +- build: Fixed overridden compiler PDB settings in VC7 to VC12 - Previously USE_NTLM2SESSION would only be defined automatically when - USE_NTRESPONSES wasn't already defined. Separated the two definitions - so that the user can manually set USE_NTRESPONSES themselves but - USE_NTLM2SESSION is defined automatically if they don't define it. + The curl tool project files for VC7 to VC12 would override the default + setting with the output filename being the same as the linker PDB file. + As such the compiler file would be overwritten with the linker file + for all debug builds. + + To avoid this overwrite and for consistency with the libcurl project + files, removed the setting to force the default filename to be used. -- smtp.c: Fixed line longer than 79 columns +Dan Fandrich (12 Jul 2014) +- tests: added globbing keyword to URL globbing tests -- config-win32.h: Don't enable Windows Crypt API if using OpenSSL +- Fixed some "statement not reached" warnings + +- gnutls: fixed a couple of uninitialized variable references + +- gnutls: fixed compilation against versions < 2.12.0 - As the OpenSSL and NSS Crypto engines are prefered by the core NTLM - routines, to the Windows Crypt API, don't define USE_WIN32_CRYPT - automatically when either OpenSSL or NSS are in use - doing so would - disable NTLM2Session responses in NTLM type-3 messages. + The AES-GCM ciphers were added to GnuTLS as late as ver. 3.0.1 but + the code path in which they're referenced here is only ever used for + somewhat older GnuTLS versions. This caused undeclared identifier errors + when compiling against those. -- smtp: Fixed inappropriate free of the scratch buffer +- gnutls: explicitly added SRP to the priority string - If the scratch buffer was allocated in a previous call to - Curl_smtp_escape_eob(), a new buffer not allocated in the subsequent - call and no action taken by that call, then an attempt would be made to - try and free the buffer which, by now, would be part of the data->state - structure. + This seems to have become necessary for SRP support to work starting + with GnuTLS ver. 2.99.0. Since support for SRP was added to GnuTLS + before the function that takes this priority string, there should be no + issue with backward compatibility. + +- tests: adjust for capitalization differences in newer gnutls-serv + +- test320/1/2/4: fix the port number substitution variables - This bug was introduced in commit 4bd860a001. + These tests have been broken since commit 1958fe57 in Oct. 2011 -- smtp: Fixed dot stuffing when EOL characters were at end of input buffers +- tests: document more test identifiers and variables + +- gnutls: ignore invalid certificate dates with VERIFYPEER disabled - Fixed a problem with the CRLF. detection when multiple buffers were - used to upload an email to libcurl and the line ending character(s) - appeared at the end of each buffer. This meant any lines which started - with . would not be escaped into .. and could be interpreted as the end - of transmission string instead. + This makes the behaviour consistent with what happens if a date can + be extracted from the certificate but is expired. + +Steve Holme (10 Jul 2014) +- CURLOPT_UPLOAD: Corrected argument type + +Daniel Stenberg (9 Jul 2014) +- FAQ: expand the thread-safe section - This only affected libcurl based applications that used a read function - and wasn't reproducible with the curl command-line tool. + ... with a mention of *NOSIGNAL, based on talk in bug #1386 + +Dan Fandrich (9 Jul 2014) +- url.c: Fixed memory leak on OOM - Bug: http://curl.haxx.se/bug/view.cgi?id=1456 - Assisted-by: Patrick Monnerat + This showed itself on some systems with torture failures + in tests 1060 and 1061 -Daniel Stenberg (11 Dec 2014) -- telnet: fix "cast increases required alignment of target type" +- Update instances of some obsolete CURLOPTs to their new names -- ntlm_wb_response: fix "statement not reached" +Daniel Stenberg (5 Jul 2014) +- [Marcel Raad brought this change] + + compiler warnings: potentially uninitialized variables - ... and I could use a break instead of a goto to end the loop. + ... pointed out by MSVC2013 - Bug: http://curl.haxx.se/mail/lib-2014-12/0089.html - Reported-by: Tor Arntsen + Bug: http://curl.haxx.se/bug/view.cgi?id=1391 -Steve Holme (10 Dec 2014) -- RELEASE-NOTES: Synced with 1cc5194337 +Kamil Dudka (4 Jul 2014) +- nss: make the list of CRL items global - Added some bug fixes that I had missed in previous synchronisations. + Otherwise NSS could use an already freed item for another connection. -Daniel Stenberg (10 Dec 2014) -- Curl_unix2addr: avoid using the variable name 'sun' - - I suspect this causes compile failures on Solaris: +- nss: fix a memory leak when CURLOPT_CRLFILE is used + +- nss: make crl_der allocated on heap - Bug: http://curl.haxx.se/mail/lib-2014-12/0081.html + ... and spell it as crl_der instead of crlDER -Steve Holme (10 Dec 2014) -- url.c: Fixed compilation warning when USE_NTLM is not defined +- nss: let nss_{cache,load}_crl return CURLcode + +- tool: oops, forgot to include - url.c:3078: warning: variable 'credentialsMatch' set but not used + ... that contains the declaration of PL_ArenaFinish() -- parsedate.c: Fixed compilation warning +- tool: call PL_ArenaFinish() on exit if NSPR is used - parsedate.c:548: warning: 'parsed' may be used uninitialized in this - function + This prevents valgrind from reporting still reachable memory allocated + by NSPR arenas (mainly the freelist). - As curl_getdate() returns -1 when parsedate() fails we can initialise - parsed to -1. + Reported-by: Hubert Kario -Daniel Stenberg (10 Dec 2014) -- TODO: Cache negative name resolves - - Worth exploring +Daniel Stenberg (3 Jul 2014) +- [Dimitrios Siganos brought this change] -- ldap: check Curl_client_write() return codes - - There might be one or two memory leaks left in the error paths. + example: use correct type (long) for CURLOPT_FOLLOWLOCATION -- ldap: rename variables to comply to curl standards +- [Dimitrios Siganos brought this change] -Dan Fandrich (10 Dec 2014) -- sws.c: Fixed 'rc' may be used uninitialized warning + Document type of argument for CURLOPT_FOLLOWLOCATION. -- cookies: Improved OOM handling in cookies - - This fixes the test 506 torture test. The internal cookie API really - ought to be improved to separate cookie parsing errors (which may be - ignored) with OOM errors (which should be fatal). +- [Dimitrios Siganos brought this change] -Guenter Knauf (9 Dec 2014) -- synctime.c: fixed user-agent setting. - - Some websites meanwhile refuse to reply to requests from ancient - browsers like IE6, therefore I've comment out this setting, but - also fixed the string to now fake IE8 if someone enables it. + Document type of argument for CURLOPT_ERRORBUFFER. -Daniel Stenberg (9 Dec 2014) -- smb: fix unused return code warning +- [Dimitrios Siganos brought this change] -Patrick Monnerat (9 Dec 2014) -- Curl_client_write() & al.: chop long data, convert data only once. + Document type of argument for CURLOPT_COPYPOSTFIELDS. -Guenter Knauf (9 Dec 2014) -- VC build: added sspi define for winssl-zlib builds. +- [Dimitrios Siganos brought this change] -Daniel Stenberg (9 Dec 2014) -- schannel_recv: return the correct code + Document type of argument for CURLOPT_ADDRESS_SCOPE. + +- curl.1: minor language fix - Bug: http://curl.haxx.se/bug/view.cgi?id=1462 - Reported-by: Tae Hyoung Ahn + Bug: http://curl.haxx.se/mail/archive-2014-07/0006.html -- http2: avoid logging neg "failure" if h2 was not requested +- [Ray Satiro brought this change] -- openldap: do not ignore Curl_client_write() return codes + progress callback: skip last callback update on errors + + When an error has been detected, skip the final forced call to the + progress callback by making sure to pass the current return code + variable in the Curl_done() call in the CURLM_STATE_DONE state. + + This avoids the "extra" callback that could occur even if you returned + error from the progress callback. + + Bug: http://curl.haxx.se/mail/lib-2014-06/0062.html + Reported by: Jonathan Cardoso Machado -- compile: warn on unused return code from Curl_client_write() +Dan Fandrich (2 Jul 2014) +- opts: fixed some CURLOPT references so they get turned into links -Patrick Monnerat (8 Dec 2014) -- SMB: Fix a data size mismatch that broke SMB on big-endian platforms +Kamil Dudka (2 Jul 2014) +- tool: call PR_Cleanup() on exit if NSPR is used + + This prevents valgrind from reporting possibly lost memory that NSPR + uses for file descriptor cache and other globally allocated internal + data structures. -Steve Holme (7 Dec 2014) -- smb: Fixed Windows autoconf builds following commit eb88d778e7 +- nss: make the fallback to SSLv3 work again - As Windows based autoconf builds don't yet define USE_WIN32_CRYPTO - either explicitly through --enable-win32-cypto or automatically on - _WIN32 based platforms, subsequent builds broke with the following - error message: + This feature was unintentionally disabled by commit ff92fcfb. + +- nss: do not abort on connection failure - "Can't compile NTLM support without a crypto library." + ... due to calling SSL_VersionRangeGet() with NULL file descriptor + + reported-by: upstream tests 305 and 404 -- RELEASE-NOTES: Synced with 526603ff05 +Dan Fandrich (1 Jul 2014) +- opts: Document the socket callback function parameters -- [Bill Nagel brought this change] +Steve Holme (28 Jun 2014) +- opts: Fixed some typos - smb: Build with SSPI enabled - - Build SMB/CIFS protocol support when SSPI is enabled. +Dan Fandrich (25 Jun 2014) +- curl_easy_setopt.3: fixed the error code for an unsupported option -- [Bill Nagel brought this change] +- opts: added some DEFAULT and RETURN VALUE sections - ntlm: Use Windows Crypt API +Daniel Stenberg (21 Jun 2014) +- libcurl docs: man page edits - Allow the use of the Windows Crypt API for NTLMv1 functions. + mainly to improve how the web versions render -Dan Fandrich (7 Dec 2014) -- cookie.c: Refactored cleanup code to simplify - - Also, fixed the outdated comments on the cookie API. +Dan Fandrich (21 Jun 2014) +- curl_easy_setopt.3: fixed some typos -- get_url_file_name: Fixed crash on OOM on debug build +Daniel Stenberg (21 Jun 2014) +- lib man pages: update easy setopt option references - This caused a null-pointer dereference which caused a few dozen - torture tests to fail. + ... by using the "\fIopt(3)\fP" syntax they will be linked properly when + the web version of the page is generated. -Steve Holme (6 Dec 2014) -- sws.c: Fixed compilation warning +- opts: the CURLOPT_SSL_ENABLE_*PN options are enabled by default + +- [Colin Hogben brought this change] + + lib: documentation updates in README.hostip - sws.c:2191 warning: 'rc' may be used uninitialized in this function + c-ares now does support IPv6; + avoid implying threaded resolver is Windows-only; + two referenced source files were renamed in 7de2f92 -- ftp.c: Fixed compilation warnings when proxy support disabled +- curl_easy_setopt.3: CURLOPT_POSTFIELDS is the exception - ftp.c:1827 warning: unused parameter 'newhost' - ftp.c:1827 warning: unused parameter 'newport' + ... to the always-copy-char *-argument. + + And fix some minor mistakes. -- smb: Fixed a problem with large file transfers +- curl_easy_setopt.3: refer to the individual man pages - Fixed an issue with the message size calculation where the raw bytes - from the buffer were interpreted as signed values rather than unsigned - values. + With all the new individual option man pages created, this now refers to + each separate one instead of duplicaing the info. Also makes this page + easier to overview. + +Dan Fandrich (21 Jun 2014) +- opts: fixed mancheck for out-of-tree builds + +Daniel Stenberg (21 Jun 2014) +- curl_easy_setopt.3: shorten - Reported-by: Gisle Vanem - Assisted-by: Bill Nagel + shorten descriptions, mostly refer to the separate descriptions -- smb: Moved the URL decoding into a separate function +- CURLOPT_DNS_LOCAL_IP4.3: better short desc -- smb: Fixed URL encoded URLs not working +Dan Fandrich (20 Jun 2014) +- opts: document CURLE_OUT_OF_MEMORY among other return values -- Makefile.inc: Added our standard header and updated file formatting +- opts: fixed some typos -- Makefile.inc: Updated file formatting +Daniel Stenberg (20 Jun 2014) +- opts: various corrections + +- opts: add the rest of the options - Aligned continuation character and used space as the separator - character as per other makefile files. + ... and fixed mancheck to ignore obsolete options -- curl_md4.h: Updated copyright year following recent edit +- opts: the final bunch of options as man pages - ...and minor layout adjustment. + Now all current options have their own man pages. -Patrick Monnerat (5 Dec 2014) -- SMB: Fix big endian problems. Make it OS/400 aware. +- opts: 37 additional man pages -- OS400: enable NTLM authentication +- CURLOPT_URL: move up the text from "Notes" -Steve Holme (5 Dec 2014) -- multi.c: Fixed compilation warning +- ROADMAP: removed, now ROADMAP.md + +- ROADMAP.md: make it markdown formatted + +- ROADMAP: initial commit of "curl the next few years" - multi.c:2695: warning: declaration of `exp' shadows a global declaration + To be further discussed, debated and edited -Guenter Knauf (5 Dec 2014) -- build: updated dependencies in makefiles. +- opts: more man pages -Steve Holme (5 Dec 2014) -- sasl: Corrected formatting of function descriptions +- CURLOPT_UNRESTRICTED_AUTH.3: added missing 'T' + +- opts: makefile now includes all current man pages + +- opts: 11 more man pages + +Dan Fandrich (18 Jun 2014) +- opts: document CURLE_OUT_OF_MEMORY as RETURN VALUE + +- opts: fixed a couple of typos + +Patrick Monnerat (18 Jun 2014) +- OS400: make it compilable again. Make RPG binding up to date. + +- buildconf: do not search tools in current directory. + +Dan Fandrich (18 Jun 2014) +- curl.h: renamed CURLOPT_DEPRECATEDx to CURLOPT_OBSOLETEx + + This is consistent with the existing obsolete error code naming + convention. + +Daniel Stenberg (18 Jun 2014) +- opts: 16 more man pages diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake index dfaeaf3..4986a8e 100644 --- a/CMake/FindGSS.cmake +++ b/CMake/FindGSS.cmake @@ -155,7 +155,7 @@ message(STATUS "LDFLAGS: ${_GSS_LIB_FLAGS}") set(GSS_FLAVOUR "MIT") else() # prevent compiling the header - just check if we can include it - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D__ROKEN_H__") + set(CMAKE_REQUIRED_DEFINITIONS "-D__ROKEN_H__") check_include_file( "roken.h" _GSS_HAVE_ROKEN_H) check_include_file( "heimdal/roken.h" _GSS_HAVE_HEIMDAL_ROKEN_H) diff --git a/CMakeLists.txt b/CMakeLists.txt index 9a42cc7..fc75d59 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -76,24 +76,6 @@ option(BUILD_CURL_TESTS "Set to ON to build cURL tests." ON) option(CURL_STATICLIB "Set to ON to build libcurl with static linking." OFF) option(ENABLE_ARES "Set to ON to enable c-ares support" OFF) option(ENABLE_THREADED_RESOLVER "Set to ON to enable POSIX threaded DNS lookup" OFF) - -option(ENABLE_DEBUG "Set to ON to enable curl debug features" OFF) -option(ENABLE_CURLDEBUG "Set to ON to build with TrackMemory feature enabled" OFF) - -if (ENABLE_DEBUG) - # DEBUGBUILD will be defined only for Debug builds - if(NOT CMAKE_VERSION VERSION_LESS 3.0) - set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS $<$:DEBUGBUILD>) - else() - set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS_DEBUG DEBUGBUILD) - endif() - set(ENABLE_CURLDEBUG ON) -endif() - -if (ENABLE_CURLDEBUG) - set_property(DIRECTORY APPEND PROPERTY COMPILE_DEFINITIONS CURLDEBUG) -endif() - # initialize CURL_LIBS set(CURL_LIBS "") @@ -256,7 +238,6 @@ include (CheckCSourceCompiles) # On windows preload settings if(WIN32) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -D_WINSOCKAPI_") include(${CMAKE_CURRENT_SOURCE_DIR}/CMake/Platforms/WindowsCache.cmake) endif(WIN32) @@ -298,6 +279,7 @@ endif() option(CMAKE_USE_OPENSSL "Use OpenSSL code. Experimental" ON) mark_as_advanced(CMAKE_USE_OPENSSL) +set(USE_SSLEAY OFF) set(USE_OPENSSL OFF) set(HAVE_LIBCRYPTO OFF) set(HAVE_LIBSSL OFF) @@ -306,31 +288,32 @@ if(CMAKE_USE_OPENSSL) find_package(OpenSSL) if(OPENSSL_FOUND) list(APPEND CURL_LIBS ${OPENSSL_LIBRARIES}) + set(USE_SSLEAY ON) set(USE_OPENSSL ON) set(HAVE_LIBCRYPTO ON) set(HAVE_LIBSSL ON) include_directories(${OPENSSL_INCLUDE_DIR}) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) - check_include_file("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) - check_include_file("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) - check_include_file("openssl/err.h" HAVE_OPENSSL_ERR_H) - check_include_file("openssl/pem.h" HAVE_OPENSSL_PEM_H) - check_include_file("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) - check_include_file("openssl/rsa.h" HAVE_OPENSSL_RSA_H) - check_include_file("openssl/ssl.h" HAVE_OPENSSL_SSL_H) - check_include_file("openssl/x509.h" HAVE_OPENSSL_X509_H) - check_include_file("openssl/rand.h" HAVE_OPENSSL_RAND_H) + check_include_file_concat("openssl/crypto.h" HAVE_OPENSSL_CRYPTO_H) + check_include_file_concat("openssl/engine.h" HAVE_OPENSSL_ENGINE_H) + check_include_file_concat("openssl/err.h" HAVE_OPENSSL_ERR_H) + check_include_file_concat("openssl/pem.h" HAVE_OPENSSL_PEM_H) + check_include_file_concat("openssl/pkcs12.h" HAVE_OPENSSL_PKCS12_H) + check_include_file_concat("openssl/rsa.h" HAVE_OPENSSL_RSA_H) + check_include_file_concat("openssl/ssl.h" HAVE_OPENSSL_SSL_H) + check_include_file_concat("openssl/x509.h" HAVE_OPENSSL_X509_H) + check_include_file_concat("openssl/rand.h" HAVE_OPENSSL_RAND_H) endif() endif() if(NOT CURL_DISABLE_LDAP) if(WIN32) - option(USE_WIN32_LDAP "Use Windows LDAP implementation" ON) - if(USE_WIN32_LDAP) + option(CURL_LDAP_WIN "Use Windows LDAP implementation" ON) + if(CURL_LDAP_WIN) check_library_exists("wldap32" cldap_open "" HAVE_WLDAP32) if(NOT HAVE_WLDAP32) - set(USE_WIN32_LDAP OFF) + set(CURL_LDAP_WIN OFF) endif() endif() endif() @@ -340,12 +323,12 @@ if(NOT CURL_DISABLE_LDAP) set(CMAKE_LDAP_LIB "ldap" CACHE STRING "Name or full path to ldap library") set(CMAKE_LBER_LIB "lber" CACHE STRING "Name or full path to lber library") - if(CMAKE_USE_OPENLDAP AND USE_WIN32_LDAP) - message(FATAL_ERROR "Cannot use USE_WIN32_LDAP and CMAKE_USE_OPENLDAP at the same time") + if(CMAKE_USE_OPENLDAP AND CURL_LDAP_WIN) + message(FATAL_ERROR "Cannot use CURL_LDAP_WIN and CMAKE_USE_OPENLDAP at the same time") endif() # Now that we know, we're not using windows LDAP... - if(NOT USE_WIN32_LDAP) + if(NOT CURL_LDAP_WIN) # Check for LDAP set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_LIBRARIES}) check_library_exists_concat(${CMAKE_LDAP_LIB} ldap_init HAVE_LIBLDAP) @@ -401,7 +384,7 @@ if(NOT CURL_DISABLE_LDAP) return 0; }" ) - set(CMAKE_REQUIRED_DEFINITIONS "${CMAKE_REQUIRED_DEFINITIONS} -DLDAP_DEPRECATED=1") + set(CMAKE_REQUIRED_DEFINITIONS "-DLDAP_DEPRECATED=1" "-DWIN32_LEAN_AND_MEAN") list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LDAP_LIB}) if(HAVE_LIBLBER) list(APPEND CMAKE_REQUIRED_LIBRARIES ${CMAKE_LBER_LIB}) @@ -491,7 +474,7 @@ mark_as_advanced(CMAKE_USE_GSSAPI) if(CMAKE_USE_GSSAPI) find_package(GSS) - set(HAVE_GSSAPI ${GSS_FOUND}) + set(HAVE_GSS_API ${GSS_FOUND}) if(GSS_FOUND) message(STATUS "Found ${GSS_FLAVOUR} GSSAPI version: \"${GSS_VERSION}\"") @@ -554,13 +537,15 @@ endif() # Check for header files if(NOT UNIX) - check_include_file_concat("windows.h" HAVE_WINDOWS_H) - check_include_file_concat("winsock.h" HAVE_WINSOCK_H) check_include_file_concat("ws2tcpip.h" HAVE_WS2TCPIP_H) check_include_file_concat("winsock2.h" HAVE_WINSOCK2_H) endif(NOT UNIX) - check_include_file_concat("stdio.h" HAVE_STDIO_H) +if(NOT UNIX) + check_include_file_concat("windows.h" HAVE_WINDOWS_H) + check_include_file_concat("winsock.h" HAVE_WINSOCK_H) +endif(NOT UNIX) + check_include_file_concat("inttypes.h" HAVE_INTTYPES_H) check_include_file_concat("sys/filio.h" HAVE_SYS_FILIO_H) check_include_file_concat("sys/ioctl.h" HAVE_SYS_IOCTL_H) @@ -752,6 +737,7 @@ if(CMAKE_USE_OPENSSL) HAVE_CRYPTO_CLEANUP_ALL_EX_DATA) if(HAVE_LIBCRYPTO AND HAVE_LIBSSL) set(USE_OPENSSL 1) + set(USE_SSLEAY 1) endif(HAVE_LIBCRYPTO AND HAVE_LIBSSL) endif(CMAKE_USE_OPENSSL) check_symbol_exists(gmtime_r "${CURL_INCLUDES}" HAVE_GMTIME_R) @@ -1046,12 +1032,12 @@ _add_if("AsynchDNS" USE_ARES OR USE_THREADS_POSIX) _add_if("IDN" HAVE_LIBIDN) # TODO SSP1 (WinSSL) check is missing _add_if("SSPI" USE_WINDOWS_SSPI) -_add_if("GSS-API" HAVE_GSSAPI) +_add_if("GSS-API" HAVE_GSS_API) # TODO SSP1 missing for SPNEGO _add_if("SPNEGO" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) + (HAVE_GSS_API OR USE_WINDOWS_SSPI)) _add_if("Kerberos" NOT CURL_DISABLE_CRYPTO_AUTH AND - (HAVE_GSSAPI OR USE_WINDOWS_SSPI)) + (HAVE_GSS_API OR USE_WINDOWS_SSPI)) # NTLM support requires crypto function adaptions from various SSL libs # TODO alternative SSL libs tests for SSP1, GNUTLS, NSS, DARWINSSL if(NOT CURL_DISABLE_CRYPTO_AUTH AND (USE_OPENSSL OR diff --git a/MacOSX-Framework b/MacOSX-Framework index 6251bff..9863b78 100755 --- a/MacOSX-Framework +++ b/MacOSX-Framework @@ -94,7 +94,7 @@ if test ! -z $SDK32; then rm -r libcurl.framework mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Resources cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl + install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl /usr/bin/sed -e "s/7\.12\.3/$VERSION/" lib/libcurl.plist >libcurl.framework/${FRAMEWORK_VERSION}/Resources/Info.plist mkdir -p libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl cp include/curl/*.h libcurl.framework/${FRAMEWORK_VERSION}/Headers/curl @@ -121,7 +121,7 @@ if test ! -z $SDK32; then echo "----Appending 64 bit framework to 32 bit framework..." cp lib/.libs/libcurl.dylib libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 - install_name_tool -id @rpath/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 + install_name_tool -id @executable_path/../Frameworks/libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 cp libcurl.framework/${FRAMEWORK_VERSION}/libcurl libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 pwd lipo libcurl.framework/${FRAMEWORK_VERSION}/libcurl32 libcurl.framework/${FRAMEWORK_VERSION}/libcurl64 -create -output libcurl.framework/${FRAMEWORK_VERSION}/libcurl diff --git a/Makefile b/Makefile index 393a09d..f0f50d8 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -566,17 +566,6 @@ src/Makefile.vc12: src/Makefile.vc6 @echo "generate $@" @sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc12/g" -e "s/VC6/VC12/g" src/Makefile.vc6 > src/Makefile.vc12 -# VC14 makefiles are for use with VS2015 -vc14: lib/Makefile.vc14 src/Makefile.vc14 - -lib/Makefile.vc14: lib/Makefile.vc6 - @echo "generate $@" - @sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" lib/Makefile.vc6 > lib/Makefile.vc14 - -src/Makefile.vc14: src/Makefile.vc6 - @echo "generate $@" - @sed -e "s#/GX /DWIN32 /YX#/EHsc /DWIN32#" -e "s#/GZ#/RTC1#" -e "s/ws2_32.lib/ws2_32.lib/g" -e "s/vc6/vc14/g" -e "s/VC6/VC14/g" src/Makefile.vc6 > src/Makefile.vc14 - ca-bundle: lib/mk-ca-bundle.pl @echo "generate a fresh ca-bundle.crt" @perl $< -b -l -u lib/ca-bundle.crt diff --git a/Makefile.am b/Makefile.am index 5f1c881..3b91e83 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -30,113 +30,101 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in \ include/curl/curlbuild.h.cmake CMake/Macros.cmake VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl -VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist +VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc -VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl -VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist +VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl +VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl -VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist +VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc -VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl -VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist +VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl +VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl -VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist +VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc -VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl -VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist +VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl +VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl -VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist +VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc -VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl -VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist +VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl +VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl -VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist +VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc -VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl -VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist +VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl +VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist +VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist +VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl +VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist +VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist +VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl +VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist +VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist +VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl +VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc -VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl -VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist -VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc -VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl -VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist -VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc - VC_DIST = projects/README \ projects/build-openssl.bat \ - projects/build-wolfssl.bat \ projects/checksrc.bat \ - projects/Windows/VC6/curl-all.dsw \ - projects/Windows/VC6/lib/libcurl.dsw \ - projects/Windows/VC6/src/curl.dsw \ - projects/Windows/VC7/curl-all.sln \ - projects/Windows/VC7/lib/libcurl.sln \ - projects/Windows/VC7/src/curl.sln \ - projects/Windows/VC7.1/curl-all.sln \ - projects/Windows/VC7.1/lib/libcurl.sln \ - projects/Windows/VC7.1/src/curl.sln \ - projects/Windows/VC8/curl-all.sln \ - projects/Windows/VC8/lib/libcurl.sln \ - projects/Windows/VC8/src/curl.sln \ - projects/Windows/VC9/curl-all.sln \ - projects/Windows/VC9/lib/libcurl.sln \ - projects/Windows/VC9/src/curl.sln \ - projects/Windows/VC10/curl-all.sln \ - projects/Windows/VC10/lib/libcurl.sln \ - projects/Windows/VC10/src/curl.sln \ - projects/Windows/VC11/curl-all.sln \ - projects/Windows/VC11/lib/libcurl.sln \ - projects/Windows/VC11/src/curl.sln \ - projects/Windows/VC12/curl-all.sln \ - projects/Windows/VC12/lib/libcurl.sln \ - projects/Windows/VC12/src/curl.sln \ - projects/Windows/VC14/curl-all.sln \ - projects/Windows/VC14/lib/libcurl.sln \ - projects/Windows/VC14/src/curl.sln + projects/Windows/VC6/curl.dsw \ + projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP) \ + projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP) \ + projects/Windows/VC7/curl.sln \ + projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ) \ + projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ) \ + projects/Windows/VC7.1/curl.sln \ + projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ) \ + projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ) \ + projects/Windows/VC8/curl.sln \ + projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ) \ + projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ) \ + projects/Windows/VC9/curl.sln \ + projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ) \ + projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ) \ + projects/Windows/VC10/curl.sln \ + projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ) \ + projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ) \ + projects/Windows/VC11/curl.sln \ + projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ) \ + projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ) \ + projects/Windows/VC12/curl.sln \ + projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ) \ + projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ) WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \ winbuild/MakefileBuild.vc winbuild/Makefile.vc \ winbuild/Makefile.msvc.names EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ - $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ - $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) + $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) bin_SCRIPTS = curl-config @@ -165,7 +153,7 @@ html: pdf: cd docs; make pdf -check: test examples check-docs +check: test examples if CROSSCOMPILING test-full: test @@ -193,9 +181,6 @@ endif examples: @(cd docs/examples; $(MAKE) check) -check-docs: - @(cd docs/libcurl; $(MAKE) check) - # This is a hook to have 'make clean' also clean up the docs and the tests # dir. The extra check for the Makefiles being present is necessary because # 'make distcheck' will make clean first in these directories _before_ it runs @@ -281,7 +266,7 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) + $(VC12_SRCVCXPROJ_DEPS) @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ win32_lib_rc='$(LIB_RCFILES)'; \ @@ -542,22 +527,4 @@ function gen_element(type, dir, file)\ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; };) + "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };) diff --git a/Makefile.in b/Makefile.in index a86901d..51c490e 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -43,7 +43,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -69,17 +69,7 @@ VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -142,6 +132,12 @@ PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ +DIST_COMMON = $(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc \ + $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/configure $(am__configure_deps) mkinstalldirs \ + $(srcdir)/curl-config.in $(srcdir)/libcurl.pc.in COPYING \ + README compile config.guess config.sub depcomp install-sh \ + missing ltmain.sh subdir = . ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ @@ -163,11 +159,9 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ - $(am__configure_deps) $(am__DIST_COMMON) am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ configure.lineno config.status.lineno -mkinstalldirs = $(install_sh) -d +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = curl-config libcurl.pc @@ -257,10 +251,6 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags CSCOPE = cscope -am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/curl-config.in \ - $(srcdir)/lib/Makefile.inc $(srcdir)/libcurl.pc.in \ - $(srcdir)/src/Makefile.inc COPYING README compile config.guess \ - config.sub depcomp install-sh ltmain.sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) distdir = $(PACKAGE)-$(VERSION) top_distdir = $(distdir) @@ -360,7 +350,7 @@ GREP = @GREP@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ -HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ +HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@ IDN_ENABLED = @IDN_ENABLED@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -413,7 +403,6 @@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SSL_ENABLED = @SSL_ENABLED@ -SSL_LIBS = @SSL_LIBS@ STRIP = @STRIP@ SUPPORT_FEATURES = @SUPPORT_FEATURES@ SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@ @@ -430,6 +419,7 @@ USE_NSS = @USE_NSS@ USE_OPENLDAP = @USE_OPENLDAP@ USE_POLARSSL = @USE_POLARSSL@ USE_SCHANNEL = @USE_SCHANNEL@ +USE_SSLEAY = @USE_SSLEAY@ USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@ USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@ VERSION = @VERSION@ @@ -497,104 +487,93 @@ CMAKE_DIST = CMakeLists.txt CMake/CMakeConfigurableFile.in \ include/curl/curlbuild.h.cmake CMake/Macros.cmake VC6_LIBTMPL = projects/Windows/VC6/lib/libcurl.tmpl -VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp.dist +VC6_LIBDSP = projects/Windows/VC6/lib/libcurl.dsp VC6_LIBDSP_DEPS = $(VC6_LIBTMPL) Makefile.am lib/Makefile.inc -VC6_SRCTMPL = projects/Windows/VC6/src/curl.tmpl -VC6_SRCDSP = projects/Windows/VC6/src/curl.dsp.dist +VC6_SRCTMPL = projects/Windows/VC6/src/curlsrc.tmpl +VC6_SRCDSP = projects/Windows/VC6/src/curlsrc.dsp VC6_SRCDSP_DEPS = $(VC6_SRCTMPL) Makefile.am src/Makefile.inc VC7_LIBTMPL = projects/Windows/VC7/lib/libcurl.tmpl -VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj.dist +VC7_LIBVCPROJ = projects/Windows/VC7/lib/libcurl.vcproj VC7_LIBVCPROJ_DEPS = $(VC7_LIBTMPL) Makefile.am lib/Makefile.inc -VC7_SRCTMPL = projects/Windows/VC7/src/curl.tmpl -VC7_SRCVCPROJ = projects/Windows/VC7/src/curl.vcproj.dist +VC7_SRCTMPL = projects/Windows/VC7/src/curlsrc.tmpl +VC7_SRCVCPROJ = projects/Windows/VC7/src/curlsrc.vcproj VC7_SRCVCPROJ_DEPS = $(VC7_SRCTMPL) Makefile.am src/Makefile.inc VC71_LIBTMPL = projects/Windows/VC7.1/lib/libcurl.tmpl -VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj.dist +VC71_LIBVCPROJ = projects/Windows/VC7.1/lib/libcurl.vcproj VC71_LIBVCPROJ_DEPS = $(VC71_LIBTMPL) Makefile.am lib/Makefile.inc -VC71_SRCTMPL = projects/Windows/VC7.1/src/curl.tmpl -VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curl.vcproj.dist +VC71_SRCTMPL = projects/Windows/VC7.1/src/curlsrc.tmpl +VC71_SRCVCPROJ = projects/Windows/VC7.1/src/curlsrc.vcproj VC71_SRCVCPROJ_DEPS = $(VC71_SRCTMPL) Makefile.am src/Makefile.inc VC8_LIBTMPL = projects/Windows/VC8/lib/libcurl.tmpl -VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj.dist +VC8_LIBVCPROJ = projects/Windows/VC8/lib/libcurl.vcproj VC8_LIBVCPROJ_DEPS = $(VC8_LIBTMPL) Makefile.am lib/Makefile.inc -VC8_SRCTMPL = projects/Windows/VC8/src/curl.tmpl -VC8_SRCVCPROJ = projects/Windows/VC8/src/curl.vcproj.dist +VC8_SRCTMPL = projects/Windows/VC8/src/curlsrc.tmpl +VC8_SRCVCPROJ = projects/Windows/VC8/src/curlsrc.vcproj VC8_SRCVCPROJ_DEPS = $(VC8_SRCTMPL) Makefile.am src/Makefile.inc VC9_LIBTMPL = projects/Windows/VC9/lib/libcurl.tmpl -VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj.dist +VC9_LIBVCPROJ = projects/Windows/VC9/lib/libcurl.vcproj VC9_LIBVCPROJ_DEPS = $(VC9_LIBTMPL) Makefile.am lib/Makefile.inc -VC9_SRCTMPL = projects/Windows/VC9/src/curl.tmpl -VC9_SRCVCPROJ = projects/Windows/VC9/src/curl.vcproj.dist +VC9_SRCTMPL = projects/Windows/VC9/src/curlsrc.tmpl +VC9_SRCVCPROJ = projects/Windows/VC9/src/curlsrc.vcproj VC9_SRCVCPROJ_DEPS = $(VC9_SRCTMPL) Makefile.am src/Makefile.inc VC10_LIBTMPL = projects/Windows/VC10/lib/libcurl.tmpl -VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj.dist +VC10_LIBVCXPROJ = projects/Windows/VC10/lib/libcurl.vcxproj VC10_LIBVCXPROJ_DEPS = $(VC10_LIBTMPL) Makefile.am lib/Makefile.inc -VC10_SRCTMPL = projects/Windows/VC10/src/curl.tmpl -VC10_SRCVCXPROJ = projects/Windows/VC10/src/curl.vcxproj.dist +VC10_SRCTMPL = projects/Windows/VC10/src/curlsrc.tmpl +VC10_SRCVCXPROJ = projects/Windows/VC10/src/curlsrc.vcxproj VC10_SRCVCXPROJ_DEPS = $(VC10_SRCTMPL) Makefile.am src/Makefile.inc VC11_LIBTMPL = projects/Windows/VC11/lib/libcurl.tmpl -VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj.dist +VC11_LIBVCXPROJ = projects/Windows/VC11/lib/libcurl.vcxproj VC11_LIBVCXPROJ_DEPS = $(VC11_LIBTMPL) Makefile.am lib/Makefile.inc -VC11_SRCTMPL = projects/Windows/VC11/src/curl.tmpl -VC11_SRCVCXPROJ = projects/Windows/VC11/src/curl.vcxproj.dist +VC11_SRCTMPL = projects/Windows/VC11/src/curlsrc.tmpl +VC11_SRCVCXPROJ = projects/Windows/VC11/src/curlsrc.vcxproj VC11_SRCVCXPROJ_DEPS = $(VC11_SRCTMPL) Makefile.am src/Makefile.inc VC12_LIBTMPL = projects/Windows/VC12/lib/libcurl.tmpl -VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj.dist +VC12_LIBVCXPROJ = projects/Windows/VC12/lib/libcurl.vcxproj VC12_LIBVCXPROJ_DEPS = $(VC12_LIBTMPL) Makefile.am lib/Makefile.inc -VC12_SRCTMPL = projects/Windows/VC12/src/curl.tmpl -VC12_SRCVCXPROJ = projects/Windows/VC12/src/curl.vcxproj.dist +VC12_SRCTMPL = projects/Windows/VC12/src/curlsrc.tmpl +VC12_SRCVCXPROJ = projects/Windows/VC12/src/curlsrc.vcxproj VC12_SRCVCXPROJ_DEPS = $(VC12_SRCTMPL) Makefile.am src/Makefile.inc -VC14_LIBTMPL = projects/Windows/VC14/lib/libcurl.tmpl -VC14_LIBVCXPROJ = projects/Windows/VC14/lib/libcurl.vcxproj.dist -VC14_LIBVCXPROJ_DEPS = $(VC14_LIBTMPL) Makefile.am lib/Makefile.inc -VC14_SRCTMPL = projects/Windows/VC14/src/curl.tmpl -VC14_SRCVCXPROJ = projects/Windows/VC14/src/curl.vcxproj.dist -VC14_SRCVCXPROJ_DEPS = $(VC14_SRCTMPL) Makefile.am src/Makefile.inc VC_DIST = projects/README \ projects/build-openssl.bat \ - projects/build-wolfssl.bat \ projects/checksrc.bat \ - projects/Windows/VC6/curl-all.dsw \ - projects/Windows/VC6/lib/libcurl.dsw \ - projects/Windows/VC6/src/curl.dsw \ - projects/Windows/VC7/curl-all.sln \ - projects/Windows/VC7/lib/libcurl.sln \ - projects/Windows/VC7/src/curl.sln \ - projects/Windows/VC7.1/curl-all.sln \ - projects/Windows/VC7.1/lib/libcurl.sln \ - projects/Windows/VC7.1/src/curl.sln \ - projects/Windows/VC8/curl-all.sln \ - projects/Windows/VC8/lib/libcurl.sln \ - projects/Windows/VC8/src/curl.sln \ - projects/Windows/VC9/curl-all.sln \ - projects/Windows/VC9/lib/libcurl.sln \ - projects/Windows/VC9/src/curl.sln \ - projects/Windows/VC10/curl-all.sln \ - projects/Windows/VC10/lib/libcurl.sln \ - projects/Windows/VC10/src/curl.sln \ - projects/Windows/VC11/curl-all.sln \ - projects/Windows/VC11/lib/libcurl.sln \ - projects/Windows/VC11/src/curl.sln \ - projects/Windows/VC12/curl-all.sln \ - projects/Windows/VC12/lib/libcurl.sln \ - projects/Windows/VC12/src/curl.sln \ - projects/Windows/VC14/curl-all.sln \ - projects/Windows/VC14/lib/libcurl.sln \ - projects/Windows/VC14/src/curl.sln + projects/Windows/VC6/curl.dsw \ + projects/Windows/VC6/lib/libcurl.dsw $(VC6_LIBDSP) \ + projects/Windows/VC6/src/curlsrc.dsw $(VC6_SRCDSP) \ + projects/Windows/VC7/curl.sln \ + projects/Windows/VC7/lib/libcurl.sln $(VC7_LIBVCPROJ) \ + projects/Windows/VC7/src/curlsrc.sln $(VC7_SRCVCPROJ) \ + projects/Windows/VC7.1/curl.sln \ + projects/Windows/VC7.1/lib/libcurl.sln $(VC71_LIBVCPROJ) \ + projects/Windows/VC7.1/src/curlsrc.sln $(VC71_SRCVCPROJ) \ + projects/Windows/VC8/curl.sln \ + projects/Windows/VC8/lib/libcurl.sln $(VC8_LIBVCPROJ) \ + projects/Windows/VC8/src/curlsrc.sln $(VC8_SRCVCPROJ) \ + projects/Windows/VC9/curl.sln \ + projects/Windows/VC9/lib/libcurl.sln $(VC9_LIBVCPROJ) \ + projects/Windows/VC9/src/curlsrc.sln $(VC9_SRCVCPROJ) \ + projects/Windows/VC10/curl.sln \ + projects/Windows/VC10/lib/libcurl.sln $(VC10_LIBVCXPROJ) \ + projects/Windows/VC10/src/curlsrc.sln $(VC10_SRCVCXPROJ) \ + projects/Windows/VC11/curl.sln \ + projects/Windows/VC11/lib/libcurl.sln $(VC11_LIBVCXPROJ) \ + projects/Windows/VC11/src/curlsrc.sln $(VC11_SRCVCXPROJ) \ + projects/Windows/VC12/curl.sln \ + projects/Windows/VC12/lib/libcurl.sln $(VC12_LIBVCXPROJ) \ + projects/Windows/VC12/src/curlsrc.sln $(VC12_SRCVCXPROJ) WINBUILD_DIST = winbuild/BUILD.WINDOWS.txt winbuild/gen_resp_file.bat \ winbuild/MakefileBuild.vc winbuild/Makefile.vc \ winbuild/Makefile.msvc.names EXTRA_DIST = CHANGES COPYING maketgz Makefile.dist curl-config.in \ - RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework scripts/zsh.pl \ + RELEASE-NOTES buildconf libcurl.pc.in MacOSX-Framework \ $(CMAKE_DIST) $(VC_DIST) $(WINBUILD_DIST) lib/libcurl.vers.in CLEANFILES = $(VC6_LIBDSP) $(VC6_SRCDSP) $(VC7_LIBVCPROJ) $(VC7_SRCVCPROJ) \ $(VC71_LIBVCPROJ) $(VC71_SRCVCPROJ) $(VC8_LIBVCPROJ) $(VC8_SRCVCPROJ) \ $(VC9_LIBVCPROJ) $(VC9_SRCVCPROJ) $(VC10_LIBVCXPROJ) $(VC10_SRCVCXPROJ) \ - $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) \ - $(VC14_LIBVCXPROJ) $(VC14_SRCVCXPROJ) + $(VC11_LIBVCXPROJ) $(VC11_SRCVCXPROJ) $(VC12_LIBVCXPROJ) $(VC12_SRCVCXPROJ) bin_SCRIPTS = curl-config SUBDIRS = lib src include @@ -603,11 +582,11 @@ pkgconfigdir = $(libdir)/pkgconfig pkgconfig_DATA = libcurl.pc LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \ - vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c + vtls/cyassl.c vtls/curl_schannel.c vtls/curl_darwinssl.c vtls/gskit.c LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \ - vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h + vtls/cyassl.h vtls/curl_schannel.h vtls/curl_darwinssl.h vtls/gskit.h LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \ @@ -625,9 +604,8 @@ LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ http_negotiate_sspi.c http_proxy.c non-ascii.c asyn-ares.c \ asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_multibyte.c \ - hostcheck.c conncache.c pipeline.c dotdot.c x509asn1.c \ - http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c \ - curl_des.c + hostcheck.c bundles.c conncache.c pipeline.c dotdot.c x509asn1.c \ + http2.c curl_sasl_sspi.c smb.c curl_sasl_gssapi.c curl_endian.c LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h if2ip.h \ @@ -643,10 +621,9 @@ LIB_HFILES = arpa_telnet.h netrc.h file.h timeval.h hostip.h progress.h \ rtsp.h curl_threads.h warnless.h curl_hmac.h curl_rtmp.h \ curl_gethostname.h gopher.h http_proxy.h non-ascii.h asyn.h \ curl_ntlm.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h \ - curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h \ + curl_ntlm_msgs.h curl_sasl.h curl_multibyte.h hostcheck.h bundles.h \ conncache.h curl_setup_once.h multihandle.h setup-vms.h pipeline.h \ - dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h curl_des.h \ - curl_printf.h + dotdot.h x509asn1.h http2.h sigpipe.h smb.h curl_endian.h LIB_RCFILES = libcurl.rc CSOURCES = $(LIB_CFILES) $(LIB_VTLS_CFILES) @@ -772,6 +749,7 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(srcdir)/li echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -781,7 +759,7 @@ Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \ cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \ esac; -$(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc $(am__empty): +$(srcdir)/lib/Makefile.inc $(srcdir)/src/Makefile.inc: $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) $(SHELL) ./config.status --recheck @@ -1051,15 +1029,15 @@ dist-xz: distdir $(am__post_remove_distdir) dist-tarZ: distdir - @echo WARNING: "Support for distribution archives compressed with" \ - "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z $(am__post_remove_distdir) dist-shar: distdir - @echo WARNING: "Support for shar distribution archives is" \ - "deprecated." >&2 + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz $(am__post_remove_distdir) @@ -1095,17 +1073,17 @@ distcheck: dist esac chmod -R a-w $(distdir) chmod u+w $(distdir) - mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst + mkdir $(distdir)/_build $(distdir)/_inst chmod a-w $(distdir) test -d $(distdir)/_build || exit 0; \ dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ && am__cwd=`pwd` \ - && $(am__cd) $(distdir)/_build/sub \ - && ../../configure \ + && $(am__cd) $(distdir)/_build \ + && ../configure \ $(AM_DISTCHECK_CONFIGURE_FLAGS) \ $(DISTCHECK_CONFIGURE_FLAGS) \ - --srcdir=../.. --prefix="$$dc_install_base" \ + --srcdir=.. --prefix="$$dc_install_base" \ && $(MAKE) $(AM_MAKEFLAGS) \ && $(MAKE) $(AM_MAKEFLAGS) dvi \ && $(MAKE) $(AM_MAKEFLAGS) check \ @@ -1287,8 +1265,6 @@ uninstall-am: uninstall-binSCRIPTS uninstall-pkgconfigDATA uninstall-am uninstall-binSCRIPTS uninstall-hook \ uninstall-pkgconfigDATA -.PRECIOUS: Makefile - # List of files required to generate VC IDE .dsp, .vcproj and .vcxproj files @@ -1307,7 +1283,7 @@ html: pdf: cd docs; make pdf -check: test examples check-docs +check: test examples @CROSSCOMPILING_TRUE@test-full: test @CROSSCOMPILING_TRUE@test-torture: test @@ -1330,9 +1306,6 @@ check: test examples check-docs examples: @(cd docs/examples; $(MAKE) check) -check-docs: - @(cd docs/libcurl; $(MAKE) check) - # This is a hook to have 'make clean' also clean up the docs and the tests # dir. The extra check for the Makefiles being present is necessary because # 'make distcheck' will make clean first in these directories _before_ it runs @@ -1418,7 +1391,7 @@ vc-ide: $(VC6_LIBDSP_DEPS) $(VC6_SRCDSP_DEPS) $(VC7_LIBVCPROJ_DEPS) \ $(VC8_LIBVCPROJ_DEPS) $(VC8_SRCVCPROJ_DEPS) $(VC9_LIBVCPROJ_DEPS) \ $(VC9_SRCVCPROJ_DEPS) $(VC10_LIBVCXPROJ_DEPS) $(VC10_SRCVCXPROJ_DEPS) \ $(VC11_LIBVCXPROJ_DEPS) $(VC11_SRCVCXPROJ_DEPS) $(VC12_LIBVCXPROJ_DEPS) \ - $(VC12_SRCVCXPROJ_DEPS) $(VC14_LIBVCXPROJ_DEPS) $(VC14_SRCVCXPROJ_DEPS) + $(VC12_SRCVCXPROJ_DEPS) @(win32_lib_srcs='$(LIB_CFILES)'; \ win32_lib_hdrs='$(LIB_HFILES) config-win32.h'; \ win32_lib_rc='$(LIB_RCFILES)'; \ @@ -1679,25 +1652,7 @@ function gen_element(type, dir, file)\ -v src_rc="$$win32_src_rc" \ -v src_x_srcs="$$sorted_src_x_srcs" \ -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_LIBVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v lib_srcs="$$sorted_lib_srcs" \ - -v lib_hdrs="$$sorted_lib_hdrs" \ - -v lib_rc="$$win32_lib_rc" \ - -v lib_vtls_srcs="$$sorted_lib_vtls_srcs" \ - -v lib_vtls_hdrs="$$sorted_lib_vtls_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_LIBTMPL) > $(VC14_LIBVCXPROJ) || { exit 1; }; \ - \ - echo "generating '$(VC14_SRCVCXPROJ)'"; \ - awk -v proj_type=vcxproj \ - -v src_srcs="$$sorted_src_srcs" \ - -v src_hdrs="$$sorted_src_hdrs" \ - -v src_rc="$$win32_src_rc" \ - -v src_x_srcs="$$sorted_src_x_srcs" \ - -v src_x_hdrs="$$sorted_src_x_hdrs" \ - "$$awk_code" $(srcdir)/$(VC14_SRCTMPL) > $(VC14_SRCVCXPROJ) || { exit 1; };) + "$$awk_code" $(srcdir)/$(VC12_SRCTMPL) > $(VC12_SRCVCXPROJ) || { exit 1; };) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/README b/README index d92c7f8..2ffacc3 100644 --- a/README +++ b/README @@ -38,12 +38,12 @@ GIT To download the very latest source off the GIT server do this: - git clone https://github.com/bagder/curl.git + git clone git://github.com/bagder/curl.git (you'll get a directory named curl created, filled with the source code) NOTICE Curl contains pieces of source code that is Copyright (c) 1998, 1999 - Kungliga Tekniska Högskolan. This notice is included here to comply with the + Kungliga Tekniska Högskolan. This notice is included here to comply with the distribution terms. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index f122978..123088f 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,81 +1,146 @@ -Curl and libcurl 7.44.0 +Curl and libcurl 7.40.0 - Public curl releases: 148 - Command line options: 176 - curl_easy_setopt() options: 219 + Public curl releases: 143 + Command line options: 162 + curl_easy_setopt() options: 208 Public functions in libcurl: 58 - Contributors: 1291 + Contributors: 1219 This release includes the following changes: - o http2: added CURLMOPT_PUSHFUNCTION and CURLMOPT_PUSHDATA [6] - o examples: added http2-serverpush.c [7] - o http2: added curl_pushheader_byname() and curl_pushheader_bynum() - o docs: added CODE_OF_CONDUCT.md [8] - o curl: Add --ssl-no-revoke to disable certificate revocation checks [5] - o libcurl: New value CURLSSLOPT_NO_REVOKE for CURLOPT_SSL_OPTIONS [9] - o makefile: Added support for VC14 - o build: Added Visual Studio 2015 (VC14) project files - o build: Added wolfSSL configurations to VC10+ project files [18] + o http_digest: Added support for Windows SSPI based authentication + o version info: Added Kerberos V5 to the supported features + o Makefile: Added VC targets for WinIDN + o config-win32: Introduce build targets for VS2012+ + o SSL: Add PEM format support for public key pinning + o smtp: Added support for the conversion of Unix newlines during mail send [8] + o smb: Added initial support for the SMB/CIFS protocol + o Added support for HTTP over unix domain sockets, via + CURLOPT_UNIX_SOCKET_PATH and --unix-socket + o sasl: Added support for GSS-API based Kerberos V5 authentication This release includes the following bugfixes: - o FTP: fix HTTP CONNECT logic regression [1] - o openssl: Fix build with openssl < ~ 0.9.8f - o openssl: fix build with BoringSSL - o curl_easy_setopt.3: option order doesn't matter - o openssl: fix use of uninitialized buffer [2] - o RTSP: removed dead code - o Makefile.m32: add support for CURL_LDFLAG_EXTRAS - o curl: always provide negotiate/kerberos options - o cookie: Fix bug in export if any-domain cookie is present - o curl_easy_setopt.3: mention CURLOPT_PIPEWAIT - o INSTALL: Advise use of non-native SSL for Windows <= XP - o tool_help: fix --tlsv1 help text to use >= for TLSv1 - o HTTP: POSTFIELDSIZE set after added to multi handle [3] - o SSL-PROBLEMS: mention WinSSL problems in WinXP - o setup-vms.h: Symbol case fixups - o SSL: Pinned public key hash support - o libtest: call PR_Cleanup() on exit if NSPR is used - o ntlm_wb: Fix theoretical memory leak - o runtests: Allow for spaces in curl custom path - o http2: add stream != NULL checks for reliability - o schannel: Replace deprecated GetVersion with VerifyVersionInfo - o http2: verify success of strchr() in http2_send() - o configure: add --disable-rt option - o openssl: work around MSVC warning - o HTTP: ignore "Content-Encoding: compress" - o configure: check if OpenSSL linking wants -ldl - o build-openssl.bat: Show syntax if required args are missing - o test1902: attempt to make the test more reliable - o libcurl-thread.3: Consolidate thread safety info - o maketgz: Fixed some VC makefiles missing from the release tarball - o libcurl-multi.3: mention curl_multi_wait [10] - o ABI doc: use secure URL - o http: move HTTP/2 cleanup code off http_disconnect() [11] - o libcurl-thread.3: Warn memory functions must be thread safe [12] - o curl_global_init_mem.3: Warn threaded resolver needs thread safe funcs [13] - o docs: formpost needs the full size at start of upload [14] - o curl_gssapi: remove 'const' to fix compiler warnings - o SSH: three state machine fixups [15] - o libcurl.3: fix a single typo [16] - o generate.bat: Only clean prerequisite files when in ALL mode - o curl_slist_append.3: add error checking to the example - o buildconf.bat: Added support for file clean-up via -clean - o generate.bat: Use buildconf.bat for prerequisite file clean-up - o NTLM: handle auth for only a single request [17] - o curl_multi_remove_handle.3: fix formatting [19] - o checksrc.bat: Fixed error when [directory] isn't a curl source directory - o checksrc.bat: Fixed error when missing *.c and *.h files - o CURLOPT_RESOLVE.3: Note removal support was added in 7.42 [20] - o test46: update cookie expire time - o SFTP: fix range request off-by-one in size check [21] - o CMake: fix GSSAPI builds [22] - o build: refer to fixed libidn versions [4] - o http2: discard frames with no SessionHandle [23] - o curl_easy_recv.3: fix formatting - o libcurl-tutorial.3: fix formatting [24] - o curl_formget.3: correct return code [25] + o darwinssl: fix session ID keys to only reuse identical sessions [18] + o url-parsing: reject CRLFs within URLs [19] + o OS400: Adjust specific support to last release + o THANKS: Remove duplicate names + o url.c: Fixed compilation warning + o ssh: Fixed build on platforms where R_OK is not defined [1] + o tool_strdup.c: include the tool strdup.h + o build: Fixed Visual Studio project file generation of strdup.[c|h] + o curl_easy_setopt.3: add CURLOPT_PINNEDPUBLICKEY [2] + o curl.1: show zone index use in a URL + o mk-ca-bundle.vbs: switch to new certdata.txt url + o Makefile.dist: Added some missing SSPI configurations + o build: Fixed no NTLM support for email when CURL_DISABLE_HTTP is defined + o SSH: use the port number as well for known_known checks [3] + o libssh2: detect features based on version, not configure checks + o http2: Deal with HTTP/2 data inside Upgrade response header buffer [4] + o multi: removed Curl_multi_set_easy_connection + o symbol-scan.pl: do not require autotools + o cmake: add ENABLE_THREADED_RESOLVER, rename ARES + o cmake: build libhostname for test suite + o cmake: fix HAVE_GETHOSTNAME definition + o tests: fix libhostname visibility + o tests: fix memleak in server/resolve.c + o vtls.h: Fixed compiler warning when compiled without SSL + o CMake: Restore order-dependent header checks + o CMake: Restore order-dependent library checks + o tool: Removed krb4 from the supported features + o http2: Don't send Upgrade headers when we already do HTTP/2 + o examples: Don't call select() to sleep on windows [6] + o win32: Updated some legacy APIs to use the newer extended versions [5] + o easy.c: Fixed compilation warning when no verbose string support + o connect.c: Fixed compilation warning when no verbose string support + o build: in Makefile.m32 pass -F flag to windres + o build: in Makefile.m32 add -m32 flag for 32bit + o multi: when leaving for timeout, close accordingly + o CMake: Simplify if() conditions on check result variables + o build: in Makefile.m32 try to detect 64bit target + o multi: inform about closed sockets before they are closed + o multi-uv.c: close the file handle after download + o examples: Wait recommended 100ms when no file descriptors are ready + o ntlm: Split the SSPI based messaging code from the native messaging code + o cmake: fix NTLM detection when CURL_DISABLE_HTTP defined + o cmake: add Kerberos to the supported feature + o CURLOPT_POSTFIELDS.3: mention the COPYPOSTFIELDS option + o http: Disable pipelining for HTTP/2 and upgraded connections + o ntlm: Fixed static'ness of local decode function + o sasl: Reduced the need for two sets of NTLM messaging functions + o multi.c: Fixed compilation warnings when no verbose string support + o select.c: fix compilation for VxWorks [7] + o multi-single.c: switch to use curl_multi_wait + o curl_multi_wait.3: clarify numfds being used if not NULL + o http.c: Fixed compilation warnings from features being disabled + o NSS: enable the CAPATH option [9] + o docs: Fix FAILONERROR typos + o HTTP: don't abort connections with pending Negotiate authentication + o HTTP: Free (proxy)userpwd for NTLM/Negotiate after sending a request + o http_perhapsrewind: don't abort CONNECT requests + o build: updated dependencies in makefiles + o multi.c: Fixed compilation warning + o ftp.c: Fixed compilation warnings when proxy support disabled + o get_url_file_name: Fixed crash on OOM on debug build + o cookie.c: Refactored cleanup code to simplify + o OS400: enable NTLM authentication + o ntlm: Use Windows Crypt API + o http2: avoid logging neg "failure" if h2 was not requested + o schannel_recv: return the correct code [10] + o VC build: added sspi define for winssl-zlib builds + o Curl_client_write(): chop long data, convert data only once + o openldap: do not ignore Curl_client_write() return code + o ldap: check Curl_client_write() return codes + o parsedate.c: Fixed compilation warning + o url.c: Fixed compilation warning when USE_NTLM is not defined + o ntlm_wb_response: fix "statement not reached" [11] + o telnet: fix "cast increases required alignment of target type" + o smtp: Fixed dot stuffing when EOL characters at end of input buffers [12] + o ntlm: Allow NTLM2Session messages when USE_NTRESPONSES manually defined + o ntlm: Disable NTLM v2 when 64-bit integers are not supported + o ntlm: Use short integer when decoding 16-bit values + o ftp.c: Fixed compilation warning when no verbose string support + o synctime.c: fixed timeserver URLs + o mk-ca-bundle.pl: restored forced run again + o ntlm: Fixed return code for bad type-2 Target Info + o curl_schannel.c: Data may be available before connection shutdown + o curl_schannel: Improvements to memory re-allocation strategy [13] + o darwinssl: aprintf() to allocate the session key + o tool_util.c: Use GetTickCount64 if it is available + o lib: Fixed multiple code analysis warnings if SAL are available + o tool_binmode.c: Explicitly ignore the return code of setmode + o tool_urlglob.c: Silence warning C6293: Ill-defined for-loop + o opts: Warn CURLOPT_TIMEOUT overrides when set after CURLOPT_TIMEOUT_MS + o SFTP: work-around servers that return zero size on STAT [14] + o connect: singleipconnect(): properly try other address families after failure + o IPV6: address scope != scope id [15] + o parseurlandfillconn(): fix improper non-numeric scope_id stripping [16] + o secureserver.pl: make OpenSSL CApath and cert absolute path values + o secureserver.pl: update Windows detection and fix path conversion + o secureserver.pl: clean up formatting of config and fix verbose output + o tests: Added Windows support using Cygwin-based OpenSSH + o sockfilt.c: use non-Ex functions that are available before WinXP + o VMS: Updates for 0740-0D1220 + o openssl: warn for SRP set if SSLv3 is used, not for TLS version + o openssl: make it compile against openssl 1.1.0-DEV master branch + o openssl: fix SSL/TLS versions in verbose output + o curl: show size of inhibited data when using -v + o build: Removed WIN32 definition from the Visual Studio projects + o build: Removed WIN64 definition from the libcurl Visual Studio projects + o vtls: Use bool for Curl_ssl_getsessionid() return type + o sockfilt.c: Replace 100ms sleep with thread throttle + o sockfilt.c: Reduce the number of individual memory allocations + o vtls: Don't set cert info count until memory allocation is successful + o nss: Don't ignore Curl_ssl_init_certinfo() OOM failure + o nss: Don't ignore Curl_extract_certinfo() OOM failure + o vtls: Fixed compilation warning and an ignored return code + o sockfilt.c: Fixed compilation warnings + o darwinssl: Fixed compilation warning + o vtls: Use '(void) arg' for unused parameters + o sepheaders.c: Fixed resource leak on failure + o lib1900.c: Fixed cppcheck error [17] + o ldap: Fixed Unicode connection details in Win32 initialsation / bind calls + o ldap: Fixed Unicode DN, attributes and filter in Win32 search calls This release includes the following known bugs: @@ -84,41 +149,35 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Anders Bakken, Cédric Connes, Dan Fandrich, Daniel Stenberg, David Woodhouse, - Eric Ridge, Feist Josselin, Gustavo Grieco, Inca R, Isaac Boukris, - Jakub Zakrzewski, John E. Malmberg, Kamil Dudka, Lior Kaplan, Marcel Raad, - Michael Kaufmann, Michał Fita, Patrick Monnerat, Paul Howarth, Ray Satiro, - Roger Leigh, Stefan Bühler, Å tefan Kremeň, Steve Holme, Svyatoslav Mishyn, - Tatsuhiro Tsujikawa, Terri Oda, Tim Stack, TJ Saunders, Tomas Tomecek, - Viktor Szakáts, - (31 contributors) + Andrey Labunets, Anthon Pang, Bill Nagel, Brad Harder, Brad King, Carlo Wood, + Christian Hägele, Dan Fandrich, Daniel Stenberg, Dave Reisner, Frank Gevaerts, + Gisle Vanem, Guenter Knauf, Jan Ehrhardt, Johan Lantz, John E. Malmberg, + Jon Spencer, Julien Nabet, Kamil Dudka, Kyle J. McKay, Lucas Pardue, + Marc Hesse, Marc Hoersken, Marc Renault, Michael Osipov, Nick Zitzmann, + Nobuhiro Ban, Patrick Monnerat, Peter Wu, Ray Satiro, Sam Hurst, + Stefan Bühler, Stefan Neis, Steve Holme, Tae Hyoung Ahn, Tatsuhiro Tsujikawa, + Tomasz Kojm, Tor Arntsen, Waldek Kozba, Warren Menzer Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://github.com/bagder/curl/issues/278 - [2] = https://github.com/bagder/curl/issues/318 - [3] = http://curl.haxx.se/mail/lib-2015-06/0122.html - [4] = http://curl.haxx.se/bug/?i=371 - [5] = https://github.com/bagder/curl/issues/264 - [6] = http://curl.haxx.se/libcurl/c/CURLMOPT_PUSHFUNCTION.html - [7] = http://curl.haxx.se/libcurl/c/http2-serverpush.html - [8] = https://github.com/bagder/curl/blob/master/docs/CODE_OF_CONDUCT.md - [9] = http://curl.haxx.se/libcurl/c/CURLOPT_SSL_OPTIONS.html - [10] = https://github.com/bagder/curl/issues/356 - [11] = https://bugzilla.redhat.com/1248389 - [12] = http://curl.haxx.se/mail/lib-2015-07/0149.html - [13] = http://curl.haxx.se/mail/lib-2015-07/0149.html - [14] = http://curl.haxx.se/bug/?i=360 - [15] = http://curl.haxx.se/bug/?i=357 - [16] = https://github.com/bagder/curl/issues/361 - [17] = https://github.com/bagder/curl/issues/363 - [18] = https://github.com/bagder/curl/pull/174 - [19] = https://github.com/bagder/curl/issues/366 - [20] = http://curl.haxx.se/mail/lib-2015-08/0019.html - [21] = http://curl.haxx.se/bug/?i=359 - [22] = http://curl.haxx.se/bug/?i=370 - [23] = http://curl.haxx.se/bug/?i=372 - [24] = http://curl.haxx.se/bug/?i=374 - [25] = http://curl.haxx.se/bug/?i=375 + [1] = http://curl.haxx.se/mail/lib-2014-11/0035.html + [2] = http://curl.haxx.se/mail/lib-2014-11/0078.html + [3] = http://curl.haxx.se/bug/view.cgi?id=1448 + [4] = https://github.com/tatsuhiro-t/nghttp2/issues/103 + [5] = http://sourceforge.net/p/curl/feature-requests/82/ + [6] = http://curl.haxx.se/mail/lib-2014-11/0221.html + [7] = http://curl.haxx.se/bug/view.cgi?id=1455 + [8] = http://curl.haxx.se/bug/view.cgi?id=1456 + [9] = http://curl.haxx.se/bug/view.cgi?id=1457 + [10] = http://curl.haxx.se/bug/view.cgi?id=1462 + [11] = http://curl.haxx.se/mail/lib-2014-12/0089.html + [12] = http://curl.haxx.se/bug/view.cgi?id=1456 + [13] = http://curl.haxx.se/bug/view.cgi?id=1450 + [14] = http://curl.haxx.se/mail/lib-2014-12/0103.html + [15] = http://curl.haxx.se/bug/view.cgi?id=1451 + [16] = http://curl.haxx.se/bug/view.cgi?id=1449 + [17] = https://github.com/bagder/curl/pull/133 + [18] = http://curl.haxx.se/docs/adv_20150108A.html + [19] = http://curl.haxx.se/docs/adv_20150108B.html diff --git a/acinclude.m4 b/acinclude.m4 index 782f32d..453358d 100644 --- a/acinclude.m4 +++ b/acinclude.m4 @@ -1851,10 +1851,8 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ AC_REQUIRE([AC_HEADER_TIME])dnl AC_CHECK_HEADERS(sys/types.h sys/time.h time.h) AC_MSG_CHECKING([for monotonic clock_gettime]) - # - if test "x$dontwant_rt" == "xno" ; then - AC_COMPILE_IFELSE([ - AC_LANG_PROGRAM([[ + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ #ifdef HAVE_SYS_TYPES_H #include #endif @@ -1868,18 +1866,17 @@ AC_DEFUN([CURL_CHECK_FUNC_CLOCK_GETTIME_MONOTONIC], [ #include #endif #endif - ]],[[ - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); - ]]) - ],[ - AC_MSG_RESULT([yes]) - ac_cv_func_clock_gettime="yes" - ],[ - AC_MSG_RESULT([no]) - ac_cv_func_clock_gettime="no" - ]) - fi + ]],[[ + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); + ]]) + ],[ + AC_MSG_RESULT([yes]) + ac_cv_func_clock_gettime="yes" + ],[ + AC_MSG_RESULT([no]) + ac_cv_func_clock_gettime="no" + ]) dnl Definition of HAVE_CLOCK_GETTIME_MONOTONIC is intentionally postponed dnl until library linking and run-time checks for clock_gettime succeed. ]) @@ -2455,6 +2452,23 @@ AC_DEFUN([CURL_CHECK_FUNC_SELECT], [ ]) +# This is only a temporary fix. This macro is here to replace the broken one +# delivered by the automake project (including the 1.9.6 release). As soon as +# they ship a working version we SHOULD remove this work-around. + +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" +# Use eval to expand $SHELL +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " +else + am_missing_run= + AC_MSG_WARN([`missing' script is too old or missing]) +fi +]) + + dnl CURL_VERIFY_RUNTIMELIBS dnl ------------------------------------------------- dnl Verify that the shared libs found so far can be used when running @@ -2593,16 +2607,15 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl both given - ca="$want_ca" - capath="$want_capath" + AC_MSG_ERROR([Can't specify both --with-ca-bundle and --with-ca-path.]) elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then dnl --with-ca-bundle given ca="$want_ca" capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then dnl --with-ca-path given - if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then - AC_MSG_ERROR([--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL]) + if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then + AC_MSG_ERROR([--with-ca-path only works with openSSL or PolarSSL]) fi capath="$want_capath" ca="no" @@ -2656,13 +2669,11 @@ AC_HELP_STRING([--without-ca-path], [Don't use a default CA path]), AC_DEFINE_UNQUOTED(CURL_CA_BUNDLE, "$ca", [Location of default ca bundle]) AC_SUBST(CURL_CA_BUNDLE) AC_MSG_RESULT([$ca]) - fi - if test "x$capath" != "xno"; then + elif test "x$capath" != "xno"; then CURL_CA_PATH="\"$capath\"" AC_DEFINE_UNQUOTED(CURL_CA_PATH, "$capath", [Location of default ca path]) AC_MSG_RESULT([$capath (capath)]) - fi - if test "x$ca" = "xno" && test "x$capath" = "xno"; then + else AC_MSG_RESULT([no]) fi ]) diff --git a/aclocal.m4 b/aclocal.m4 index 32d8994..fd841ca 100644 --- a/aclocal.m4 +++ b/aclocal.m4 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.15 -*- Autoconf -*- +# generated automatically by aclocal 1.14.1 -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,7 +20,7 @@ You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# Copyright (C) 2002-2014 Free Software Foundation, Inc. +# Copyright (C) 2002-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -32,10 +32,10 @@ To do so, use the procedure documented by the package, typically 'autoreconf'.]) # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.15' +[am__api_version='1.14' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.15], [], +m4_if([$1], [1.14.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -51,14 +51,14 @@ m4_define([_AM_AUTOCONF_VERSION], []) # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.15])dnl +[AM_AUTOMAKE_VERSION([1.14.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -110,7 +110,7 @@ am_aux_dir=`cd "$ac_aux_dir" && pwd` # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -141,7 +141,7 @@ AC_CONFIG_COMMANDS_PRE( Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -332,7 +332,7 @@ _AM_SUBST_NOTMAKE([am__nodep])dnl # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -408,7 +408,7 @@ AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -498,8 +498,8 @@ AC_REQUIRE([AC_PROG_MKDIR_P])dnl # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target (and possibly the TAP driver). The -# system "awk" is bad on some platforms. +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -573,9 +573,6 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi -dnl The trailing newline in this macro's definition is deliberate, for -dnl backward compatibility and to allow trailing 'dnl'-style comments -dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not @@ -605,7 +602,7 @@ for _am_header in $config_headers :; do done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -616,7 +613,7 @@ echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_co # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh+set}" != xset; then +if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -626,7 +623,7 @@ if test x"${install_sh+set}" != xset; then fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2014 Free Software Foundation, Inc. +# Copyright (C) 2003-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -648,7 +645,7 @@ AC_SUBST([am__leading_dot])]) # Add --enable-maintainer-mode option to configure. -*- Autoconf -*- # From Jim Meyering -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -683,7 +680,7 @@ AC_MSG_CHECKING([whether to enable maintainer-specific portions of Makefiles]) # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -733,7 +730,7 @@ rm -f confinc confmf # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2014 Free Software Foundation, Inc. +# Copyright (C) 1997-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -772,7 +769,7 @@ fi # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -801,7 +798,7 @@ AC_DEFUN([_AM_SET_OPTIONS], AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -848,7 +845,7 @@ AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -867,7 +864,7 @@ AC_DEFUN([AM_RUN_LOG], # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2014 Free Software Foundation, Inc. +# Copyright (C) 1996-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -948,7 +945,7 @@ AC_CONFIG_COMMANDS_PRE( rm -f conftest.file ]) -# Copyright (C) 2009-2014 Free Software Foundation, Inc. +# Copyright (C) 2009-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1008,7 +1005,7 @@ AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2014 Free Software Foundation, Inc. +# Copyright (C) 2001-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1036,7 +1033,7 @@ fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2014 Free Software Foundation, Inc. +# Copyright (C) 2006-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1055,7 +1052,7 @@ AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2014 Free Software Foundation, Inc. +# Copyright (C) 2004-2013 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff --git a/buildconf b/buildconf index 705f0d3..f3f0bd5 100755 --- a/buildconf +++ b/buildconf @@ -318,8 +318,6 @@ for fname in .deps \ ltsugar.m4 \ ltversion.m4 \ lt~obsolete.m4 \ - missing \ - install-sh \ stamp-h1 \ stamp-h2 \ stamp-h3 ; do @@ -331,7 +329,7 @@ done # echo "buildconf: running libtoolize" -${libtoolize} --copy --force || die "libtoolize command failed" +${libtoolize} --copy --automake --force || die "libtoolize command failed" # When using libtool 1.5.X (X < 26) we copy libtool.m4 to our local m4 # subdirectory and this local copy is patched to fix some warnings that diff --git a/compile b/compile index a85b723..531136b 100755 --- a/compile +++ b/compile @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff --git a/configure b/configure index 34cbe8c..bbdf846 100755 --- a/configure +++ b/configure @@ -923,9 +923,9 @@ USE_POLARSSL HAVE_GNUTLS_SRP USE_GNUTLS_NETTLE USE_GNUTLS -HAVE_OPENSSL_SRP +HAVE_SSLEAY_SRP RANDOM_FILE -SSL_LIBS +USE_SSLEAY PKGCONFIG USE_DARWINSSL USE_WINDOWS_SSPI @@ -1105,7 +1105,6 @@ enable_curldebug enable_symbol_hiding enable_hidden_symbols enable_ares -enable_rt enable_dependency_tracking enable_silent_rules enable_largefile @@ -1817,7 +1816,6 @@ Optional Features: To be deprecated, use --disable-symbol-hiding --enable-ares[=PATH] Enable c-ares for DNS lookups --disable-ares Disable c-ares for DNS lookups - --disable-rt disable dependency on -lrt --enable-dependency-tracking do not reject slow dependency extractors --disable-dependency-tracking @@ -3261,38 +3259,6 @@ fi $as_echo "$want_ares" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to disable dependency on -lrt" >&5 -$as_echo_n "checking whether to disable dependency on -lrt... " >&6; } - OPT_RT="default" - # Check whether --enable-rt was given. -if test "${enable_rt+set}" = set; then : - enableval=$enable_rt; OPT_RT=$enableval -fi - - case "$OPT_RT" in - no) - dontwant_rt="yes" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - ;; - default) - dontwant_rt="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: (assumed no) - ;; - *" >&5 -$as_echo "(assumed no) - ;; - *" >&6; } - dontwant_rt="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - ;; - esac - if test "$dontwant_rt" = "yes" && test "$want_thres" = "yes" ; then - as_fn_error $? "options --disable-rt and --enable-thread-resolver are mutually exclusive, at most one can be selected." "$LINENO" 5 - fi - - # # Check that 'XC_CONFIGURE_PREAMBLE' has already run. # @@ -4892,7 +4858,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu -am__api_version='1.15' +am__api_version='1.14' { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 $as_echo_n "checking whether build environment is sane... " >&6; } @@ -4971,24 +4937,17 @@ test "$program_suffix" != NONE && ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -if test x"${MISSING+set}" != xset; then - case $am_aux_dir in - *\ * | *\ *) - MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; - *) - MISSING="\${SHELL} $am_aux_dir/missing" ;; - esac -fi +test x"${MISSING+set}" = xset || MISSING="\${SHELL} \"$am_aux_dir/missing\"" # Use eval to expand $SHELL -if eval "$MISSING --is-lightweight"; then - am_missing_run="$MISSING " +if eval "$MISSING --run true"; then + am_missing_run="$MISSING --run " else am_missing_run= - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 -$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;} fi -if test x"${install_sh+set}" != xset; then +if test x"${install_sh}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -5383,8 +5342,8 @@ MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} # mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target (and possibly the TAP driver). The -# system "awk" is bad on some platforms. +# We need awk for the "check" target. The system "awk" is bad on +# some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -19970,9 +19929,7 @@ done { $as_echo "$as_me:${as_lineno-$LINENO}: checking for monotonic clock_gettime" >&5 $as_echo_n "checking for monotonic clock_gettime... " >&6; } - # - if test "x$dontwant_rt" == "xno" ; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext + cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -19993,8 +19950,8 @@ $as_echo_n "checking for monotonic clock_gettime... " >&6; } int main (void) { - struct timespec ts; - (void)clock_gettime(CLOCK_MONOTONIC, &ts); + struct timespec ts; + (void)clock_gettime(CLOCK_MONOTONIC, &ts); ; return 0; @@ -20003,19 +19960,18 @@ int main (void) _ACEOF if ac_fn_c_try_compile "$LINENO"; then : - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 $as_echo "yes" >&6; } - ac_cv_func_clock_gettime="yes" + ac_cv_func_clock_gettime="yes" else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - ac_cv_func_clock_gettime="no" + ac_cv_func_clock_gettime="no" fi rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext - fi # @@ -20965,7 +20921,7 @@ done if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" -$as_echo "#define USE_WIN32_LDAP 1" >>confdefs.h +$as_echo "#define CURL_LDAP_WIN 1" >>confdefs.h else curl_ldap_msg="enabled (OpenLDAP)" @@ -21161,8 +21117,6 @@ if test "${with_gssapi+set}" = set; then : fi -: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} - save_CPPFLAGS="$CPPFLAGS" { $as_echo "$as_me:${as_lineno-$LINENO}: checking if GSS-API support is requested" >&5 $as_echo_n "checking if GSS-API support is requested... " >&6; } @@ -21173,8 +21127,8 @@ $as_echo "yes" >&6; } if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$KRB5CONFIG"; then - GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` + elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -21318,8 +21272,8 @@ $as_echo "#define HAVE_GSSAPI 1" >>confdefs.h if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" - elif test -f "$KRB5CONFIG"; then - gss_libs=`$KRB5CONFIG --libs gssapi` + elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then + gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" else case $host in @@ -21625,7 +21579,6 @@ $as_echo "found" >&6; } fi $PKGCONFIG --cflags-only-I openssl 2>/dev/null` - { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: SSL_LIBS: \"$SSL_LIBS\"" >&5 $as_echo "$as_me: pkg-config: SSL_LIBS: \"$SSL_LIBS\"" >&6;} { $as_echo "$as_me:${as_lineno-$LINENO}: pkg-config: SSL_LDFLAGS: \"$SSL_LDFLAGS\"" >&5 @@ -21766,76 +21719,6 @@ fi if test X"$HAVECRYPTO" = X"yes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL linking without -ldl" >&5 -$as_echo_n "checking OpenSSL linking without -ldl... " >&6; } - saved_libs=$LIBS - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - -int main (void) -{ - - SSLeay_add_all_algorithms(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - LIBS="$saved_libs" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - { $as_echo "$as_me:${as_lineno-$LINENO}: checking OpenSSL linking with -ldl" >&5 -$as_echo_n "checking OpenSSL linking with -ldl... " >&6; } - LIBS="-ldl $LIBS" - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #include - -int main (void) -{ - - SSLeay_add_all_algorithms(); - - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - LIBS="$saved_libs -ldl" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - LIBS="$saved_libs" - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - - fi - - if test X"$HAVECRYPTO" = X"yes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_connect in -lssl" >&5 $as_echo_n "checking for SSL_connect in -lssl... " >&6; } @@ -21982,6 +21865,10 @@ done fi if test X"$OPENSSL_ENABLED" = X"1"; then + +$as_echo "#define USE_SSLEAY 1" >>confdefs.h + + for ac_header in openssl/pkcs12.h do : ac_fn_c_check_header_mongrel "$LINENO" "openssl/pkcs12.h" "ac_cv_header_openssl_pkcs12_h" "$ac_includes_default" @@ -21997,6 +21884,8 @@ done else LIBS="$CLEANLIBS" fi + USE_SSLEAY="$OPENSSL_ENABLED" + if test X"$OPT_SSL" != Xoff && test "$OPENSSL_ENABLED" != "1"; then @@ -22043,8 +21932,7 @@ fi ENGINE_cleanup \ CRYPTO_cleanup_all_ex_data \ SSL_get_shutdown \ - SSLv2_client_method \ - DES_set_odd_parity + SSLv2_client_method do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -22057,33 +21945,23 @@ fi done - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for BoringSSL" >&5 -$as_echo_n "checking for BoringSSL... " >&6; } - if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then - curl_ssl_msg="enabled (BoringSSL)" - -cat >>confdefs.h <<_ACEOF -#define HAVE_BORINGSSL 1 -_ACEOF - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for libressl" >&5 -$as_echo_n "checking for libressl... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for yaSSL using OpenSSL compatibility mode" >&5 +$as_echo_n "checking for yaSSL using OpenSSL compatibility mode... " >&6; } cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ -#include +#include int main (void) { - int dummy = LIBRESSL_VERSION_NUMBER; +#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER) + int dummy = SSL_ERROR_NONE; +#else + Not the yaSSL OpenSSL compatibility header. +#endif ; return 0; @@ -22096,10 +21974,10 @@ if ac_fn_c_try_compile "$LINENO"; then : $as_echo "yes" >&6; } cat >>confdefs.h <<_ACEOF -#define HAVE_LIBRESSL 1 +#define USE_YASSLEMUL 1 _ACEOF - curl_ssl_msg="enabled (libressl)" + curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)" else @@ -22194,7 +22072,6 @@ rm -f conftest.err conftest.i conftest.$ac_ext esac case $tst_api in 0x110) tst_show="1.1.0" ;; - 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22304,42 +22181,6 @@ rm -f core conftest.err conftest.$ac_objext \ /* end confdefs.h. */ -#define SSL_CONF_CTX_new innocuous_SSL_CONF_CTX_new -#ifdef __STDC__ -# include -#else -# include -#endif -#undef SSL_CONF_CTX_new -#ifdef __cplusplus -extern "C" -#endif -char SSL_CONF_CTX_new (); -#if defined __stub_SSL_CONF_CTX_new || defined __stub___SSL_CONF_CTX_new -choke me -#endif - -int main (void) -{ -return SSL_CONF_CTX_new (); - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - tst_api="0x102" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - fi - if test "$tst_api" = "unknown"; then - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - #define SSL_renegotiate_abbreviated innocuous_SSL_renegotiate_abbreviated #ifdef __STDC__ # include @@ -22697,7 +22538,6 @@ rm -f core conftest.err conftest.$ac_objext \ fi case $tst_api in 0x110) tst_show="1.1.0" ;; - 0x102) tst_show="1.0.2" ;; 0x101) tst_show="1.0.1" ;; 0x100) tst_show="1.0.0" ;; 0x099) tst_show="0.9.9" ;; @@ -22840,9 +22680,9 @@ $as_echo "$ac_cv_lib_crypto_SRP_Calc_client_key" >&6; } if test "x$ac_cv_lib_crypto_SRP_Calc_client_key" = xyes; then : -$as_echo "#define HAVE_OPENSSL_SRP 1" >>confdefs.h +$as_echo "#define HAVE_SSLEAY_SRP 1" >>confdefs.h - HAVE_OPENSSL_SRP=1 + HAVE_SSLEAY_SRP=1 fi @@ -23512,9 +23352,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then OPT_CYASSL="" fi - - cyassllibname=cyassl - if test -z "$OPT_CYASSL" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CyaSSL_Init in -lcyassl" >&5 @@ -23628,79 +23465,11 @@ else CPPFLAGS=$_cppflags LDFLAGS=$_ldflags - cyassllib="" fi fi - addld="" - addlib="" - addcflags="" - - if test "x$USE_CYASSL" != "xyes"; then - addld=-L$OPT_CYASSL/lib$libsuff - addcflags=-I$OPT_CYASSL/include - cyassllib=$OPT_CYASSL/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - cyassllibname=wolfssl - my_ac_save_LIBS="$LIBS" - LIBS="-l$cyassllibname -lm $LIBS" - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for CyaSSL_Init in -lwolfssl" >&5 -$as_echo_n "checking for CyaSSL_Init in -lwolfssl... " >&6; } - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - - -/* These aren't needed for detection and confuse WolfSSL. - They are set up properly later if it is detected. */ -#undef SIZEOF_LONG -#undef SIZEOF_LONG_LONG -#include - -int main (void) -{ - - return CyaSSL_Init(); - - ; - return 0; -} - -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - -$as_echo "#define USE_CYASSL 1" >>confdefs.h - - USE_CYASSL=1 - - CYASSL_ENABLED=1 - USE_CYASSL="yes" - curl_ssl_msg="enabled (CyaSSL)" - -else - - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - cyassllib="" - -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext - LIBS="$my_ac_save_LIBS" - fi - if test "x$USE_CYASSL" = "xyes"; then { $as_echo "$as_me:${as_lineno-$LINENO}: detected CyaSSL" >&5 $as_echo "$as_me: detected CyaSSL" >&6;} @@ -23739,19 +23508,6 @@ _ACEOF - for ac_header in cyassl/options.h -do : - ac_fn_c_check_header_mongrel "$LINENO" "cyassl/options.h" "ac_cv_header_cyassl_options_h" "$ac_includes_default" -if test "x$ac_cv_header_cyassl_options_h" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_CYASSL_OPTIONS_H 1 -_ACEOF - -fi - -done - - for ac_header in cyassl/error-ssl.h do : ac_fn_c_check_header_mongrel "$LINENO" "cyassl/error-ssl.h" "ac_cv_header_cyassl_error_ssl_h" "$ac_includes_default" @@ -23765,7 +23521,7 @@ fi done - LIBS="-l$cyassllibname -lm $LIBS" + LIBS="-lcyassl -lm $LIBS" if test -n "$cyassllib"; then if test "x$cross_compiling" != "xyes"; then @@ -23949,190 +23705,24 @@ $as_echo "found" >&6; } fi fi else - NSS_PCDIR="$OPT_NSS/lib/pkgconfig" - if test -f "$NSS_PCDIR/nss.pc"; then - - - PKGCONFIG="no" - - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKGCONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $PKGCONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKGCONFIG="$PKGCONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_dummy="$PATH:/usr/bin:/usr/local/bin" -for as_dir in $as_dummy -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -PKGCONFIG=$ac_cv_path_PKGCONFIG -if test -n "$PKGCONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKGCONFIG" >&5 -$as_echo "$PKGCONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - -fi -if test -z "$ac_cv_path_PKGCONFIG"; then - ac_pt_PKGCONFIG=$PKGCONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKGCONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKGCONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKGCONFIG="$ac_pt_PKGCONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -as_dummy="$PATH:/usr/bin:/usr/local/bin" -for as_dir in $as_dummy -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKGCONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac -fi -ac_pt_PKGCONFIG=$ac_cv_path_ac_pt_PKGCONFIG -if test -n "$ac_pt_PKGCONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKGCONFIG" >&5 -$as_echo "$ac_pt_PKGCONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } -fi - - if test "x$ac_pt_PKGCONFIG" = x; then - PKGCONFIG="no" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKGCONFIG=$ac_pt_PKGCONFIG - fi -else - PKGCONFIG="$ac_cv_path_PKGCONFIG" -fi - - - if test x$PKGCONFIG != xno; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss options with pkg-config" >&5 -$as_echo_n "checking for nss options with pkg-config... " >&6; } - itexists=` - if test -n "$NSS_PCDIR"; then - PKG_CONFIG_LIBDIR="$NSS_PCDIR" - export PKG_CONFIG_LIBDIR + # Without pkg-config, we'll kludge in some defaults + addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS fi - $PKGCONFIG --exists nss >/dev/null 2>&1 && echo 1` - if test -z "$itexists"; then - PKGCONFIG="no" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: found" >&5 -$as_echo "found" >&6; } - fi - fi - - if test "$PKGCONFIG" != "no" ; then - addld=` - if test -n "$NSS_PCDIR"; then - PKG_CONFIG_LIBDIR="$NSS_PCDIR" - export PKG_CONFIG_LIBDIR - fi - $PKGCONFIG --libs-only-L nss` - addlib=` - if test -n "$NSS_PCDIR"; then - PKG_CONFIG_LIBDIR="$NSS_PCDIR" - export PKG_CONFIG_LIBDIR - fi - $PKGCONFIG --libs-only-l nss` - addcflags=` - if test -n "$NSS_PCDIR"; then - PKG_CONFIG_LIBDIR="$NSS_PCDIR" - export PKG_CONFIG_LIBDIR - fi - $PKGCONFIG --cflags nss` - version=` - if test -n "$NSS_PCDIR"; then - PKG_CONFIG_LIBDIR="$NSS_PCDIR" - export PKG_CONFIG_LIBDIR - fi - $PKGCONFIG --modversion nss` - nssprefix=` - if test -n "$NSS_PCDIR"; then - PKG_CONFIG_LIBDIR="$NSS_PCDIR" - export PKG_CONFIG_LIBDIR - fi - $PKGCONFIG --variable=prefix nss` - fi - fi - fi - - if test -z "$addlib"; then - # Without pkg-config, we'll kludge in some defaults - { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Using hard-wired libraries and compilation flags for NSS." >&5 -$as_echo "$as_me: WARNING: Using hard-wired libraries and compilation flags for NSS." >&2;} - addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS - fi + if test -n "$addlib"; then - CLEANLDFLAGS="$LDFLAGS" - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" - LDFLAGS="$addld $LDFLAGS" - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SSL_VersionRangeSet in -lnss3" >&5 $as_echo_n "checking for SSL_VersionRangeSet in -lnss3... " >&6; } if ${ac_cv_lib_nss3_SSL_VersionRangeSet+:} false; then : $as_echo_n "(cached) " >&6 @@ -24170,36 +23760,37 @@ if test "x$ac_cv_lib_nss3_SSL_VersionRangeSet" = xyes; then : $as_echo "#define USE_NSS 1" >>confdefs.h - USE_NSS=1 + USE_NSS=1 - USE_NSS="yes" - NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" + USE_NSS="yes" + NSS_ENABLED=1 + curl_ssl_msg="enabled (NSS)" else - LDFLAGS="$CLEANLDFLAGS" - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" fi - if test "x$USE_NSS" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 + if test "x$USE_NSS" = "xyes"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: detected NSS version $version" >&5 $as_echo "$as_me: detected NSS version $version" >&6;} - NSS_LIBS=$addlib + NSS_LIBS=$addlib - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH - { $as_echo "$as_me:${as_lineno-$LINENO}: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&5 + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" + export LD_LIBRARY_PATH + { $as_echo "$as_me:${as_lineno-$LINENO}: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&5 $as_echo "$as_me: Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH" >&6;} + fi fi fi + fi fi OPT_AXTLS=off @@ -24344,14 +23935,13 @@ fi if test "x$want_ca" != "xno" -a "x$want_ca" != "xunset" -a \ "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - ca="$want_ca" - capath="$want_capath" + as_fn_error $? "Can't specify both --with-ca-bundle and --with-ca-path." "$LINENO" 5 elif test "x$want_ca" != "xno" -a "x$want_ca" != "xunset"; then ca="$want_ca" capath="no" elif test "x$want_capath" != "xno" -a "x$want_capath" != "xunset"; then - if test "x$OPENSSL_ENABLED" != "x1" -a "x$GNUTLS_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then - as_fn_error $? "--with-ca-path only works with OpenSSL, GnuTLS or PolarSSL" "$LINENO" 5 + if test "x$OPENSSL_ENABLED" != "x1" -a "x$POLARSSL_ENABLED" != "x1"; then + as_fn_error $? "--with-ca-path only works with openSSL or PolarSSL" "$LINENO" 5 fi capath="$want_capath" ca="no" @@ -24403,8 +23993,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ca" >&5 $as_echo "$ca" >&6; } - fi - if test "x$capath" != "xno"; then + elif test "x$capath" != "xno"; then CURL_CA_PATH="\"$capath\"" cat >>confdefs.h <<_ACEOF @@ -24413,8 +24002,7 @@ _ACEOF { $as_echo "$as_me:${as_lineno-$LINENO}: result: $capath (capath)" >&5 $as_echo "$capath (capath)" >&6; } - fi - if test "x$ca" = "xno" && test "x$capath" = "xno"; then + else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } fi @@ -26156,11 +25744,9 @@ $as_echo "$as_me: -L is $LD_H2" >&6;} CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - # use nghttp2_option_set_no_recv_client_magic to require nghttp2 - # >= 1.0.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2" >&5 -$as_echo_n "checking for nghttp2_option_set_no_recv_client_magic in -lnghttp2... " >&6; } -if ${ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2" >&5 +$as_echo_n "checking for nghttp2_session_callbacks_set_send_callback in -lnghttp2... " >&6; } +if ${ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS @@ -26172,26 +25758,26 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext #ifdef __cplusplus extern "C" #endif -char nghttp2_option_set_no_recv_client_magic (); +char nghttp2_session_callbacks_set_send_callback (); int main (void) { -return nghttp2_option_set_no_recv_client_magic (); +return nghttp2_session_callbacks_set_send_callback (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=yes + ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=yes else - ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic=no + ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&5 -$as_echo "$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" >&6; } -if test "x$ac_cv_lib_nghttp2_nghttp2_option_set_no_recv_client_magic" = xyes; then : +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&5 +$as_echo "$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" >&6; } +if test "x$ac_cv_lib_nghttp2_nghttp2_session_callbacks_set_send_callback" = xyes; then : for ac_header in nghttp2/nghttp2.h do : @@ -39172,7 +38758,7 @@ if test "x$want_thres" = xyes && test "x$want_ares" = xyes; then as_fn_error $? "Options --enable-threaded-resolver and --enable-ares are mutually exclusive" "$LINENO" 5 fi -if test "$want_thres" = "yes" && test "$dontwant_rt" = "no"; then +if test "$want_thres" = "yes"; then ac_fn_c_check_header_mongrel "$LINENO" "pthread.h" "ac_cv_header_pthread_h" "$ac_includes_default" if test "x$ac_cv_header_pthread_h" = xyes; then : @@ -39412,7 +38998,7 @@ $as_echo "yes" >&6; } fi -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then $as_echo "#define USE_TLS_SRP 1" >>confdefs.h @@ -39578,7 +39164,7 @@ ENABLE_STATIC="$enable_static" -if test "x$OPENSSL_ENABLED" = "x1"; then +if test "x$USE_SSLEAY" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" @@ -39617,7 +39203,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then - if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" @@ -39689,7 +39275,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then fi if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ - -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" diff --git a/configure.ac b/configure.ac index 683299d..a1b560c 100644 --- a/configure.ac +++ b/configure.ac @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -47,7 +47,6 @@ CURL_CHECK_OPTION_WERROR CURL_CHECK_OPTION_CURLDEBUG CURL_CHECK_OPTION_SYMBOL_HIDING CURL_CHECK_OPTION_ARES -CURL_CHECK_OPTION_RT XC_CHECK_PATH_SEPARATOR @@ -1047,7 +1046,7 @@ if test x$CURL_DISABLE_LDAP != x1 ; then if test "$LDAPLIBNAME" = "wldap32"; then curl_ldap_msg="enabled (winldap)" - AC_DEFINE(USE_WIN32_LDAP, 1, [Use Windows LDAP implementation]) + AC_DEFINE(CURL_LDAP_WIN, 1, [Use Windows LDAP implementation]) else curl_ldap_msg="enabled (OpenLDAP)" if test "x$ac_cv_func_ldap_init_fd" = "xyes"; then @@ -1185,8 +1184,6 @@ AC_ARG_WITH(gssapi, fi ]) -: ${KRB5CONFIG:="$GSSAPI_ROOT/bin/krb5-config"} - save_CPPFLAGS="$CPPFLAGS" AC_MSG_CHECKING([if GSS-API support is requested]) if test x"$want_gss" = xyes; then @@ -1195,8 +1192,8 @@ if test x"$want_gss" = xyes; then if test -z "$GSSAPI_INCS"; then if test -n "$host_alias" -a -f "$GSSAPI_ROOT/bin/$host_alias-krb5-config"; then GSSAPI_INCS=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --cflags gssapi` - elif test -f "$KRB5CONFIG"; then - GSSAPI_INCS=`$KRB5CONFIG --cflags gssapi` + elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then + GSSAPI_INCS=`$GSSAPI_ROOT/bin/krb5-config --cflags gssapi` elif test "$GSSAPI_ROOT" != "yes"; then GSSAPI_INCS="-I$GSSAPI_ROOT/include" fi @@ -1286,10 +1283,10 @@ if test x"$want_gss" = xyes; then dnl into LIBS gss_libs=`$GSSAPI_ROOT/bin/$host_alias-krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" - elif test -f "$KRB5CONFIG"; then + elif test -f "$GSSAPI_ROOT/bin/krb5-config"; then dnl krb5-config doesn't have --libs-only-L or similar, put everything dnl into LIBS - gss_libs=`$KRB5CONFIG --libs gssapi` + gss_libs=`$GSSAPI_ROOT/bin/krb5-config --libs gssapi` LIBS="$gss_libs $LIBS" else case $host in @@ -1454,7 +1451,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then SSL_CPPFLAGS=`CURL_EXPORT_PCDIR([$OPENSSL_PCDIR]) dnl $PKGCONFIG --cflags-only-I openssl 2>/dev/null` - AC_SUBST(SSL_LIBS) AC_MSG_NOTICE([pkg-config: SSL_LIBS: "$SSL_LIBS"]) AC_MSG_NOTICE([pkg-config: SSL_LDFLAGS: "$SSL_LDFLAGS"]) AC_MSG_NOTICE([pkg-config: SSL_CPPFLAGS: "$SSL_CPPFLAGS"]) @@ -1510,46 +1506,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then if test X"$HAVECRYPTO" = X"yes"; then - AC_MSG_CHECKING([OpenSSL linking without -ldl]) - saved_libs=$LIBS - AC_TRY_LINK( - [ - #include - ], - [ - SSLeay_add_all_algorithms(); - ], - [ - AC_MSG_RESULT(yes) - LIBS="$saved_libs" - ], - [ - AC_MSG_RESULT(no) - AC_MSG_CHECKING([OpenSSL linking with -ldl]) - LIBS="-ldl $LIBS" - AC_TRY_LINK( - [ - #include - ], - [ - SSLeay_add_all_algorithms(); - ], - [ - AC_MSG_RESULT(yes) - LIBS="$saved_libs -ldl" - ], - [ - AC_MSG_RESULT(no) - LIBS="$saved_libs" - ] - ) - - ] - ) - - fi - - if test X"$HAVECRYPTO" = X"yes"; then dnl This is only reasonable to do if crypto actually is there: check for dnl SSL libs NOTE: it is important to do this AFTER the crypto lib @@ -1571,7 +1527,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then else - dnl Have the libraries--check for OpenSSL headers + dnl Have the libraries--check for SSLeay/OpenSSL headers AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ openssl/pem.h openssl/ssl.h openssl/err.h, curl_ssl_msg="enabled (OpenSSL)" @@ -1595,11 +1551,17 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then fi if test X"$OPENSSL_ENABLED" = X"1"; then + AC_DEFINE(USE_SSLEAY, 1, [if SSL is enabled]) + dnl is there a pkcs12.h header present? AC_CHECK_HEADERS(openssl/pkcs12.h) else LIBS="$CLEANLIBS" fi + dnl USE_SSLEAY is the historical name for what configure calls + dnl OPENSSL_ENABLED; the names should really be unified + USE_SSLEAY="$OPENSSL_ENABLED" + AC_SUBST(USE_SSLEAY) if test X"$OPT_SSL" != Xoff && test "$OPENSSL_ENABLED" != "1"; then @@ -1616,11 +1578,8 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then AC_CHECK_FUNCS( ENGINE_load_builtin_engines ) ]) - dnl These can only exist if OpenSSL exists - dnl Older versions of Cyassl (some time before 2.9.4) don't have - dnl SSL_get_shutdown (but this check won't actually detect it there - dnl as it's a macro that needs the header files be included) - dnl BoringSSL doesn't have DES_set_odd_parity + dnl these can only exist if openssl exists + dnl yassl doesn't have SSL_get_shutdown AC_CHECK_FUNCS( RAND_status \ RAND_screen \ @@ -1628,30 +1587,28 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then ENGINE_cleanup \ CRYPTO_cleanup_all_ex_data \ SSL_get_shutdown \ - SSLv2_client_method \ - DES_set_odd_parity ) - - AC_MSG_CHECKING([for BoringSSL]) - if test "x$ac_cv_func_DES_set_odd_parity" != "xyes"; then - curl_ssl_msg="enabled (BoringSSL)" - AC_DEFINE_UNQUOTED(HAVE_BORINGSSL, 1, - [Define to 1 if using BoringSSL.]) - AC_MSG_RESULT([yes]) - else - AC_MSG_RESULT([no]) - fi - AC_MSG_CHECKING([for libressl]) + SSLv2_client_method ) + + dnl Make an attempt to detect if this is actually yassl's headers and + dnl OpenSSL emulation layer. We still leave everything else believing + dnl and acting like OpenSSL. + + AC_MSG_CHECKING([for yaSSL using OpenSSL compatibility mode]) AC_COMPILE_IFELSE([ AC_LANG_PROGRAM([[ -#include +#include ]],[[ - int dummy = LIBRESSL_VERSION_NUMBER; +#if defined(YASSL_VERSION) && defined(OPENSSL_VERSION_NUMBER) + int dummy = SSL_ERROR_NONE; +#else + Not the yaSSL OpenSSL compatibility header. +#endif ]]) ],[ AC_MSG_RESULT([yes]) - AC_DEFINE_UNQUOTED(HAVE_LIBRESSL, 1, - [Define to 1 if using libressl.]) - curl_ssl_msg="enabled (libressl)" + AC_DEFINE_UNQUOTED(USE_YASSLEMUL, 1, + [Define to 1 if using yaSSL in OpenSSL compatibility mode.]) + curl_ssl_msg="enabled (OpenSSL emulation by yaSSL)" ],[ AC_MSG_RESULT([no]) ]) @@ -1715,8 +1672,8 @@ dnl --- if test "$OPENSSL_ENABLED" = "1"; then AC_CHECK_LIB(crypto, SRP_Calc_client_key, [ - AC_DEFINE(HAVE_OPENSSL_SRP, 1, [if you have the function SRP_Calc_client_key]) - AC_SUBST(HAVE_OPENSSL_SRP, [1]) + AC_DEFINE(HAVE_SSLEAY_SRP, 1, [if you have the function SRP_Calc_client_key]) + AC_SUBST(HAVE_SSLEAY_SRP, [1]) ]) fi @@ -1986,10 +1943,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then OPT_CYASSL="" fi - dnl This should be reworked to use pkg-config instead - - cyassllibname=cyassl - if test -z "$OPT_CYASSL" ; then dnl check for lib in system default first @@ -2031,70 +1984,19 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then [ CPPFLAGS=$_cppflags LDFLAGS=$_ldflags - cyassllib="" ]) fi - addld="" - addlib="" - addcflags="" - - if test "x$USE_CYASSL" != "xyes"; then - dnl libcyassl renamed to libwolfssl as of 3.4.0 - addld=-L$OPT_CYASSL/lib$libsuff - addcflags=-I$OPT_CYASSL/include - cyassllib=$OPT_CYASSL/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - cyassllibname=wolfssl - my_ac_save_LIBS="$LIBS" - LIBS="-l$cyassllibname -lm $LIBS" - - AC_MSG_CHECKING([for CyaSSL_Init in -lwolfssl]) - AC_LINK_IFELSE([ - AC_LANG_PROGRAM([[ -/* These aren't needed for detection and confuse WolfSSL. - They are set up properly later if it is detected. */ -#undef SIZEOF_LONG -#undef SIZEOF_LONG_LONG -#include - ]],[[ - return CyaSSL_Init(); - ]]) - ],[ - AC_MSG_RESULT(yes) - AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled]) - AC_SUBST(USE_CYASSL, [1]) - CYASSL_ENABLED=1 - USE_CYASSL="yes" - curl_ssl_msg="enabled (CyaSSL)" - ], - [ - AC_MSG_RESULT(no) - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - cyassllib="" - ]) - LIBS="$my_ac_save_LIBS" - fi - if test "x$USE_CYASSL" = "xyes"; then AC_MSG_NOTICE([detected CyaSSL]) dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! AC_CHECK_SIZEOF(long long) - dnl Versions since at least 2.6.0 may have options.h - AC_CHECK_HEADERS(cyassl/options.h) - dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h AC_CHECK_HEADERS(cyassl/error-ssl.h) - LIBS="-l$cyassllibname -lm $LIBS" + LIBS="-lcyassl -lm $LIBS" if test -n "$cyassllib"; then dnl when shared libs were found in a path that the run-time @@ -2161,72 +2063,56 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then fi fi else - NSS_PCDIR="$OPT_NSS/lib/pkgconfig" - if test -f "$NSS_PCDIR/nss.pc"; then - CURL_CHECK_PKGCONFIG(nss, [$NSS_PCDIR]) - if test "$PKGCONFIG" != "no" ; then - addld=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-L nss` - addlib=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --libs-only-l nss` - addcflags=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --cflags nss` - version=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --modversion nss` - nssprefix=`CURL_EXPORT_PCDIR([$NSS_PCDIR]) $PKGCONFIG --variable=prefix nss` - fi - fi + # Without pkg-config, we'll kludge in some defaults + addlib="-L$OPT_NSS/lib -lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4 -lpthread -ldl" + addcflags="-I$OPT_NSS/include" + version="unknown" + nssprefix=$OPT_NSS fi - if test -z "$addlib"; then - # Without pkg-config, we'll kludge in some defaults - AC_MSG_WARN([Using hard-wired libraries and compilation flags for NSS.]) - addld="-L$OPT_NSS/lib" - addlib="-lssl3 -lsmime3 -lnss3 -lplds4 -lplc4 -lnspr4" - addcflags="-I$OPT_NSS/include" - version="unknown" - nssprefix=$OPT_NSS - fi + if test -n "$addlib"; then - CLEANLDFLAGS="$LDFLAGS" - CLEANLIBS="$LIBS" - CLEANCPPFLAGS="$CPPFLAGS" + CLEANLIBS="$LIBS" + CLEANCPPFLAGS="$CPPFLAGS" - LDFLAGS="$addld $LDFLAGS" - LIBS="$addlib $LIBS" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi + LIBS="$addlib $LIBS" + if test "$addcflags" != "-I/usr/include"; then + CPPFLAGS="$CPPFLAGS $addcflags" + fi - dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 - AC_CHECK_LIB(nss3, SSL_VersionRangeSet, - [ - AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) - AC_SUBST(USE_NSS, [1]) - USE_NSS="yes" - NSS_ENABLED=1 - curl_ssl_msg="enabled (NSS)" - ], - [ - LDFLAGS="$CLEANLDFLAGS" - LIBS="$CLEANLIBS" - CPPFLAGS="$CLEANCPPFLAGS" - ]) + dnl The function SSL_VersionRangeSet() is needed to enable TLS > 1.0 + AC_CHECK_LIB(nss3, SSL_VersionRangeSet, + [ + AC_DEFINE(USE_NSS, 1, [if NSS is enabled]) + AC_SUBST(USE_NSS, [1]) + USE_NSS="yes" + NSS_ENABLED=1 + curl_ssl_msg="enabled (NSS)" + ], + [ + LIBS="$CLEANLIBS" + CPPFLAGS="$CLEANCPPFLAGS" + ]) - if test "x$USE_NSS" = "xyes"; then - AC_MSG_NOTICE([detected NSS version $version]) + if test "x$USE_NSS" = "xyes"; then + AC_MSG_NOTICE([detected NSS version $version]) - dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS - NSS_LIBS=$addlib - AC_SUBST([NSS_LIBS]) + dnl needed when linking the curl tool without USE_EXPLICIT_LIB_DEPS + NSS_LIBS=$addlib + AC_SUBST([NSS_LIBS]) - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl LD_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" - export LD_LIBRARY_PATH - AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH]) + dnl when shared libs were found in a path that the run-time + dnl linker doesn't search through, we need to add it to + dnl LD_LIBRARY_PATH to prevent further configure tests to fail + dnl due to this + if test "x$cross_compiling" != "xyes"; then + LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$nssprefix/lib$libsuff" + export LD_LIBRARY_PATH + AC_MSG_NOTICE([Added $nssprefix/lib$libsuff to LD_LIBRARY_PATH]) + fi fi - fi dnl NSS found + fi fi dnl NSS not disabled @@ -2882,9 +2768,7 @@ if test X"$want_h2" != Xno; then CPPFLAGS="$CPPFLAGS $CPP_H2" LIBS="$LIB_H2 $LIBS" - # use nghttp2_option_set_no_recv_client_magic to require nghttp2 - # >= 1.0.0 - AC_CHECK_LIB(nghttp2, nghttp2_option_set_no_recv_client_magic, + AC_CHECK_LIB(nghttp2, nghttp2_session_callbacks_set_send_callback, [ AC_CHECK_HEADERS(nghttp2/nghttp2.h, curl_h2_msg="enabled (nghttp2)" @@ -3258,7 +3142,7 @@ if test "x$want_thres" = xyes && test "x$want_ares" = xyes; then [Options --enable-threaded-resolver and --enable-ares are mutually exclusive]) fi -if test "$want_thres" = "yes" && test "$dontwant_rt" = "no"; then +if test "$want_thres" = "yes"; then AC_CHECK_HEADER(pthread.h, [ AC_DEFINE(HAVE_PTHREAD_H, 1, [if you have ]) save_CFLAGS="$CFLAGS" @@ -3384,7 +3268,7 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]), want_tls_srp=yes ) -if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_OPENSSL_SRP" = "x1") ; then +if test "$want_tls_srp" = "yes" && ( test "x$HAVE_GNUTLS_SRP" = "x1" || test "x$HAVE_SSLEAY_SRP" = "x1") ; then AC_DEFINE(USE_TLS_SRP, 1, [Use TLS-SRP authentication]) USE_TLS_SRP=1 curl_tls_srp_msg="enabled" @@ -3498,7 +3382,7 @@ dnl For keeping supported features and protocols also in pkg-config file dnl since it is more cross-compile friendly than curl-config dnl -if test "x$OPENSSL_ENABLED" = "x1"; then +if test "x$USE_SSLEAY" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" elif test -n "$SSL_ENABLED"; then SUPPORT_FEATURES="$SUPPORT_FEATURES SSL" @@ -3537,7 +3421,7 @@ if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \ fi if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1"; then - if test "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1"; then SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" @@ -3610,7 +3494,7 @@ if test "x$CURL_DISABLE_IMAP" != "x1"; then fi if test "x$CURL_DISABLE_SMB" != "x1" \ -a "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" \ - -a \( "x$OPENSSL_ENABLED" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ + -a \( "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \ -o "x$DARWINSSL_ENABLED" = "x1" \); then SUPPORT_PROTOCOLS="$SUPPORT_PROTOCOLS SMB" diff --git a/curl-config.in b/curl-config.in index 9398722..1ddf4c2 100644 --- a/curl-config.in +++ b/curl-config.in @@ -71,7 +71,7 @@ while test $# -gt 0; do ;; --ca) - echo @CURL_CA_BUNDLE@ + echo "@CURL_CA_BUNDLE@" ;; --cc) diff --git a/depcomp b/depcomp index fc98710..4ebd5b3 100755 --- a/depcomp +++ b/depcomp @@ -3,7 +3,7 @@ scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999-2014 Free Software Foundation, Inc. +# Copyright (C) 1999-2013 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff --git a/docs/BINDINGS b/docs/BINDINGS index fed16e9..d4cf488 100644 --- a/docs/BINDINGS +++ b/docs/BINDINGS @@ -50,7 +50,7 @@ Cocoa D Written by Kenneth Bogert - http://dlang.org/library/std/net/curl.html + http://curl.haxx.se/libcurl/d/ Dylan @@ -60,7 +60,7 @@ Dylan Eiffel Written by Eiffel Software - https://room.eiffel.com/library/curl + http://curl.haxx.se/libcurl/eiffel/ Euphoria @@ -78,7 +78,7 @@ Ferite Gambas - http://gambas.sourceforge.net/ + http://gambas.sourceforge.net glib/GTK+ @@ -90,11 +90,6 @@ Guile: Written by Michael L. Gran http://www.lonelycactus.com/guile-curl.html -Harbour - - Written by Viktor Szakáts - https://github.com/vszakats/harbour-core/tree/master/contrib/hbcurl - Haskell Written by Galois, Inc @@ -102,7 +97,8 @@ Haskell Java - https://github.com/pjlegato/curl-java + Maintained by [blank] + http://curl.haxx.se/libcurl/java/ Julia @@ -119,7 +115,7 @@ Lua luacurl by Alexander Marinov http://luacurl.luaforge.net/ - Lua-cURL by Jürgen Hötzel + Lua-cURL by Jürgen Hötzel http://luaforge.net/projects/lua-curl/ Mono @@ -130,7 +126,7 @@ Mono .NET libcurl-net by Jeffrey Phillips - https://sourceforge.net/projects/libcurl-net/ + http://sourceforge.net/projects/libcurl-net/ node.js @@ -145,7 +141,7 @@ Object-Pascal O'Caml Written by Lars Nilsson - https://sourceforge.net/projects/ocurl/ + http://sourceforge.net/projects/ocurl/ Pascal @@ -154,13 +150,13 @@ Pascal Perl - Maintained by Cris Bailiff and Bálint Szilakszi - https://github.com/szbalint/WWW--Curl + Maintained by Cris Bailiff + http://curl.haxx.se/libcurl/perl/ PHP Written by Sterling Hughes - https://php.net/curl + http://curl.haxx.se/libcurl/php/ PostgreSQL @@ -174,7 +170,8 @@ Python R - http://cran.r-project.org/package=curl + RCurl by Duncan Temple Lang + http://www.omegahat.org/RCurl/ Rexx @@ -195,15 +192,10 @@ Ruby ruby-curl-multi - written by Kristjan Petursson and Keith Rarick http://curl-multi.rubyforge.org/ -Rust - - curl-rust - by Carl Lerche - https://github.com/carllerche/curl-rust - Scheme Bigloo binding by Kirill Lisovsky - http://www.metapaper.net/lisovsky/web/curl/ + http://curl.haxx.se/libcurl/scheme/ S-Lang @@ -227,13 +219,13 @@ SPL Tcl - Tclcurl by Andrés García - http://mirror.yellow5.com/tclcurl/ + Tclcurl by Andrés García + http://personal1.iddeo.es/andresgarci/tclcurl/english/docs.html Visual Basic libcurl-vb by Jeffrey Phillips - https://sourceforge.net/projects/libcurl-vb/ + http://sourceforge.net/projects/libcurl-vb/ Visual Foxpro @@ -253,8 +245,3 @@ XBLite Written by David Szafranski http://perso.wanadoo.fr/xblite/libraries.html - -Xojo - - Written by Andrew Lambert - https://github.com/charonn0/RB-libcURL diff --git a/docs/BUGS b/docs/BUGS index 36686ef..c0c6fa8 100644 --- a/docs/BUGS +++ b/docs/BUGS @@ -35,9 +35,11 @@ BUGS have a go at a solution. You can optionally also post your bug/problem at curl's bug tracking system over at - https://github.com/bagder/curl/issues + https://sourceforge.net/p/curl/bugs/ - Please read the rest of this document below first before doing that! + Please read the rest of this document below first before doing that! Also, + you need to login to your sourceforge account before being able to submit a + bug report (necessary evil done to avoid spam). If you feel you need to ask around first, find a suitable mailing list and post there. The lists are available on http://curl.haxx.se/mail/ diff --git a/docs/CODE_OF_CONDUCT.md b/docs/CODE_OF_CONDUCT.md deleted file mode 100644 index 04ea66e..0000000 --- a/docs/CODE_OF_CONDUCT.md +++ /dev/null @@ -1,32 +0,0 @@ -Contributor Code of Conduct -=========================== - -As contributors and maintainers of this project, we pledge to respect all -people who contribute through reporting issues, posting feature requests, -updating documentation, submitting pull requests or patches, and other -activities. - -We are committed to making participation in this project a harassment-free -experience for everyone, regardless of level of experience, gender, gender -identity and expression, sexual orientation, disability, personal appearance, -body size, race, ethnicity, age, or religion. - -Examples of unacceptable behavior by participants include the use of sexual -language or imagery, derogatory comments or personal attacks, trolling, public -or private harassment, insults, or other unprofessional conduct. - -Project maintainers have the right and responsibility to remove, edit, or -reject comments, commits, code, wiki edits, issues, and other contributions -that are not aligned to this Code of Conduct. Project maintainers who do not -follow the Code of Conduct may be removed from the project team. - -This code of conduct applies both within project spaces and in public spaces -when an individual is representing the project or its community. - -Instances of abusive, harassing, or otherwise unacceptable behavior may be -reported by opening an issue or contacting one or more of the project -maintainers. - -This Code of Conduct is adapted from the [Contributor -Covenant](http://contributor-covenant.org), version 1.1.0, available at -[http://contributor-covenant.org/version/1/1/0/](http://contributor-covenant.org/version/1/1/0/) diff --git a/docs/CONTRIBUTE b/docs/CONTRIBUTE index c6ea977..83fa420 100644 --- a/docs/CONTRIBUTE +++ b/docs/CONTRIBUTE @@ -34,7 +34,7 @@ 3.3 How To Make a Patch without git 3.4 How to get your changes into the main sources 3.5 Write good commit messages - 3.6 About pull requests + 3.6 Please don't send pull requests ============================================================================== @@ -52,10 +52,6 @@ We also hang out on IRC in #curl on irc.freenode.net - If you're at all interested in the code side of things, consider clicking - 'watch' on the curl repo at github to get notified on pull requests and new - issues posted there. - 1.2. License When contributing with code, you agree to put your changes and new code under @@ -82,10 +78,10 @@ 1.3 What To Read - Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS and the - most recent changes in the git log. Just lurking on the curl-library mailing - list is gonna give you a lot of insights on what's going on right now. Asking - there is a good idea too. + Source code, the man pages, the INTERNALS document, TODO, KNOWN_BUGS, the + most recent CHANGES. Just lurking on the curl-library mailing list is gonna + give you a lot of insights on what's going on right now. Asking there is a + good idea too. 2. cURL Coding Standards @@ -203,7 +199,7 @@ You need to first checkout the repository: - git clone https://github.com/bagder/curl.git + git clone git://github.com/bagder/curl.git You then proceed and edit all the files you like and you commit them to your local repository: @@ -245,8 +241,8 @@ For unix-like operating systems: - https://savannah.gnu.org/projects/patch/ - https://www.gnu.org/software/diffutils/ + http://www.gnu.org/software/patch/patch.html + http://www.gnu.org/directory/diffutils.html For Windows: @@ -292,15 +288,27 @@ and make sure that you have your own user and email setup correctly in git before you commit -3.6 About pull requests +3.6 Please don't send pull requests With git (and especially github) it is easy and tempting to send a pull - request to the curl project to have changes merged this way instead of - mailing patches to the curl-library mailing list. + request to one or more people in the curl project to have changes merged this + way instead of mailing patches to the curl-library mailing list. + + We don't like that. We want them mailed for these reasons: + + - Peer review. Anyone and everyone on the list can review, comment and + improve on the patch. Pull requests limit this ability. + + - Anyone can merge the patch into their own trees for testing and those who + have push rights can push it to the main repo. It doesn't have to be anyone + the patch author knows beforehand. + + - Commit messages can be tweaked and changed if merged locally instead of + using github. Merges directly on github requires the changes to be perfect + already, which they seldom are. - We used to dislike this but we're trying to change that and accept that this - is a frictionless way for people to contribute to the project. We now welcome - pull requests! + - Merges on github prevents rebases and even enforces --no-ff which is a git + style we don't otherwise use in the project - We will continue to avoid using github's merge tools to make the history - linear and to make sure commits follow our style guidelines. + However: once patches have been reviewed and deemed fine on list they are + perfectly OK to be pulled from a published git tree. diff --git a/docs/DISTRO-DILEMMA b/docs/DISTRO-DILEMMA index 2d317fd..71186a2 100644 --- a/docs/DISTRO-DILEMMA +++ b/docs/DISTRO-DILEMMA @@ -112,7 +112,7 @@ The Better License, Original BSD, GPL or LGPL? In Debian land, there seems to be a common opinion that LGPL is "maximally compatible" with apps while Original BSD is not. Like this: - https://lists.debian.org/debian-devel/2005/09/msg01417.html + http://lists.debian.org/debian-devel/2005/09/msg01417.html More SSL Libraries @@ -163,13 +163,13 @@ Distro Angle of this Problem Footnotes [1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6 - [2] = https://www.gnu.org/philosophy/bsd.html - [3] = https://www.gnu.org/licenses/gpl.html + [2] = http://www.fsf.org/licensing/essays/bsd.html + [3] = http://www.fsf.org/licensing/licenses/gpl.html [4] = http://curl.haxx.se/docs/copyright.html - [5] = https://www.openssl.org/source/license.html - [6] = https://www.gnu.org/licenses/gpl.html end of section 3 - [7] = https://www.gnu.org/licenses/lgpl.html - [8] = https://en.wikipedia.org/wiki/OpenSSL_exception + [5] = http://www.openssl.org/source/license.html + [6] = http://www.fsf.org/licensing/licenses/gpl.html end of section 3 + [7] = http://www.fsf.org/licensing/licenses/lgpl.html + [8] = http://en.wikipedia.org/wiki/OpenSSL_exception Feedback/Updates provided by diff --git a/docs/FAQ b/docs/FAQ index 06a306d..043b7bb 100644 --- a/docs/FAQ +++ b/docs/FAQ @@ -21,7 +21,6 @@ FAQ 1.12 I have a problem who can I chat with? 1.13 curl's ECCN number? 1.14 How do I submit my patch? - 1.15 How do I port libcurl to my OS? 2. Install Related Problems 2.1 configure doesn't find OpenSSL even when it is installed @@ -82,7 +81,6 @@ FAQ 4.18 file:// URLs containing drive letters (Windows, NetWare) 4.19 Why doesn't cURL return an error when the network cable is unplugged? 4.20 curl doesn't return error for HTTP non-200 responses! - 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? 5. libcurl Issues 5.1 Is libcurl thread-safe? @@ -352,7 +350,7 @@ FAQ cryptography. When doing so, the Export Control Classification Number (ECCN) is used to identify the level of export control etc. - ASF gives a good explanation at https://www.apache.org/dev/crypto.html + ASF gives a good explanation at http://www.apache.org/dev/crypto.html We believe curl's number might be ECCN 5D002, another possibility is 5D992. It seems necessary to write them, asking to confirm. @@ -381,19 +379,6 @@ FAQ Lots of more details are found in the CONTRIBUTE and INTERNALS docs. - 1.15 How do I port libcurl to my OS? - - Here's a rough step-by-step: - - 1. copy a suitable lib/config-*.h file as a start to lib/config-[youros].h - - 2. edit lib/config-[youros].h to match your OS and setup - - 3. edit lib/curl_setup.h to include config-[youros].h when your OS is - detected by the preprocessor, in the style others already exist - - 4. compile lib/*.c and make them into a library - 2. Install Related Problems @@ -779,9 +764,8 @@ FAQ request-body in a GET request with something like "curl -X GET -d data [URL]" - Note that -X doesn't actually change curl's behavior as it only modifies the - actual string sent in the request, but that may of course trigger a - different set of events. + Note that -X doesn't change curl's behavior. It only modifies the actual + string sent in the request. Accordingly, by using -XPOST on a command line that for example would follow a 303 redirect, you will effectively prevent curl from behaving @@ -1042,7 +1026,7 @@ FAQ timeout is set. See option TcpMaxConnectRetransmissions on this page: - https://support.microsoft.com/en-us/kb/175523/en-us + http://support.microsoft.com/?scid=kb%3Ben-us%3B175523&x=6&y=7 Also, even on non-Windows systems there may run a firewall or anti-virus software or similar that accepts the connection but does not actually do @@ -1059,7 +1043,7 @@ FAQ You'll find that even if D:\blah.txt does exist, cURL returns a 'file not found' error. - According to RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt), + According to RFC 1738 (http://www.faqs.org/rfcs/rfc1738.html), file:// URLs must contain a host component, but it is ignored by most implementations. In the above example, 'D:' is treated as the host component, and is taken away. Thus, cURL tries to open '/blah.txt'. @@ -1131,16 +1115,6 @@ FAQ You can also use the -w option and the variable %{response_code} to extract the exact response code that was return in the response. - 4.21 Why is there a HTTP/1.1 in my HTTP/2 request? - - If you use verbose to see the HTTP request when you send off a HTTP/2 - request, it will still say 1.1. - - The reason for this is that we first generate the request to send using the - old 1.1 style and show that request in the verbose output, and then we - convert it over to the binary header-compressed HTTP/2 style. The actual - "1.1" part from that request is then not actually used in the transfer. The - binary HTTP/2 headers are not human readable. 5. libcurl Issues @@ -1163,13 +1137,13 @@ FAQ If you use a OpenSSL-powered libcurl in a multi-threaded environment, you need to provide one or two locking functions: - https://www.openssl.org/docs/crypto/threads.html + http://www.openssl.org/docs/crypto/threads.html If you use a GnuTLS-powered libcurl in a multi-threaded environment, you need to provide locking function(s) for libgcrypt (which is used by GnuTLS for the crypto functions). - https://web.archive.org/web/20111103083330/http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html + http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html No special locking is needed with a NSS-powered libcurl. NSS is thread-safe. @@ -1345,7 +1319,7 @@ FAQ Also note that on many networks NATs or other IP-munging techniques are used that makes you see and use a different IP address locally than what the remote server will see you coming from. You may also consider using - https://www.torproject.org/ . + http://www.torproject.org . 5.13 How do I stop an ongoing transfer? diff --git a/docs/FEATURES b/docs/FEATURES index 10fbdd5..a674002 100644 --- a/docs/FEATURES +++ b/docs/FEATURES @@ -134,8 +134,8 @@ SMB - authentication with NTLMv1 SMTP - - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), Kerberos 5 - (*4) and External. + - authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and Kerberos 5 + (*4) - send e-mails - mail from support - mail size support @@ -150,8 +150,8 @@ SMTPS (*1) POP3 - authentication: Clear Text, APOP and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), - Kerberos 5 (*4) and External. + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and + Kerberos 5 (*4) - list e-mails - retrieve e-mails - enhanced command support for: CAPA, DELE, TOP, STAT, UIDL and NOOP via @@ -165,8 +165,8 @@ POP3S (*1) IMAP - authentication: Clear Text and SASL - - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9), - Kerberos 5 (*4) and External. + - SASL based authentication: Plain, Login, CRAM-MD5, Digest-MD5, NTLM (*9) and + Kerberos 5 (*4) - list the folders of a mailbox - select a mailbox with support for verifying the UIDVALIDITY - fetch e-mails with support for specifying the UID and SECTION diff --git a/docs/HTTP-COOKIES b/docs/HTTP-COOKIES index b5abddf..818e161 100644 --- a/docs/HTTP-COOKIES +++ b/docs/HTTP-COOKIES @@ -36,7 +36,7 @@ HTTP Cookies For a very long time, the only spec explaining how to use cookies was the original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html - In 2011, RFC6265 (https://www.ietf.org/rfc/rfc6265.txt) was finally published + In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published and details how cookies work within HTTP. 1.2 Cookies saved to disk diff --git a/docs/HTTP2.md b/docs/HTTP2.md deleted file mode 100644 index b4e2983..0000000 --- a/docs/HTTP2.md +++ /dev/null @@ -1,107 +0,0 @@ -HTTP/2 with curl -================ - -[HTTP/2 Spec](https://www.rfc-editor.org/rfc/rfc7540.txt) -[http2 explained](http://daniel.haxx.se/http2/) - -Build prerequisites -------------------- - - nghttp2 - - OpenSSL, NSS, GnutTLS or PolarSSL with a new enough version - -[nghttp2](https://nghttp2.org/) -------------------------------- - -libcurl uses this 3rd party library for the low level protocol handling -parts. The reason for this is that HTTP/2 is much more complex at that layer -than HTTP/1.1 (which we implement on our own) and that nghttp2 is an already -existing and well functional library. - -We require at least version 1.0.0. - -Over an http:// URL -------------------- - -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will -include an upgrade header in the initial request to the host to allow -upgrading to HTTP/2. - -Possibly we can later introduce an option that will cause libcurl to fail if -not possible to upgrade. Possibly we introduce an option that makes libcurl -use HTTP/2 at once over http:// - -Over an https:// URL --------------------- - -If `CURLOPT_HTTP_VERSION` is set to `CURL_HTTP_VERSION_2_0`, libcurl will use -ALPN (or NPN) to negotiate which protocol to continue with. Possibly introduce -an option that will cause libcurl to fail if not possible to use HTTP/2. -Consider options to explicitly disable ALPN and/or NPN. - -ALPN is the TLS extension that HTTP/2 is expected to use. The NPN extension is -for a similar purpose, was made prior to ALPN and is used for SPDY so early -HTTP/2 servers are implemented using NPN before ALPN support is widespread. - -SSL libs --------- - -The challenge is the ALPN and NPN support and all our different SSL -backends. You may need a fairly updated SSL library version for it to -provide the necessary TLS features. Right now we support: - - - OpenSSL: ALPN and NPN - - NSS: ALPN and NPN - - GnuTLS: ALPN - - PolarSSL: ALPN - -Multiplexing ------------- - -Starting in 7.43.0, libcurl fully supports HTTP/2 multiplexing, which is the -term for doing multiple independent transfers over the same physical TCP -connection. - -To take advantage of multiplexing, you need to use the multi interface and set -`CURLMOPT_PIPELINING` to `CURLPIPE_MULTIPLEX`. With that bit set, libcurl will -attempt to re-use existing HTTP/2 connections and just add a new stream over -that when doing subsequent parallel requests. - -While libcurl sets up a connection to a HTTP server there is a period during -which it doesn't know if it can pipeline or do multiplexing and if you add new -transfers in that period, libcurl will default to start new connections for -those transfers. With the new option `CURLOPT_PIPEWAIT` (added in 7.43.0), you -can ask that a transfer should rather wait and see in case there's a -connection for the same host in progress that might end up being possible to -multiplex on. It favours keeping the number of connections low to the cost of -slightly longer time to first byte transferred. - -Applications ------------- - -We hide HTTP/2's binary nature and convert received HTTP/2 traffic to headers -in HTTP 1.1 style. This allows applications to work unmodified. - -curl tool ---------- - -curl offers the `--http2` command line option to enable use of HTTP/2 - -HTTP Alternative Services -------------------------- - -Alt-Svc is a suggested extension with a corresponding frame (ALTSVC) in HTTP/2 -that tells the client about an alternative "route" to the same content for the -same origin server that you get the response from. A browser or long-living -client can use that hint to create a new connection asynchronously. For -libcurl, we may introduce a way to bring such clues to the applicaton and/or -let a subsequent request use the alternate route -automatically. [Spec](https://tools.ietf.org/html/draft-ietf-httpbis-alt-svc-05) - -TODO ----- - - - Provide API to set priorities / dependencies of individual streams - - - Implement "prior-knowledge" HTTP/2 connecitons over clear text so that - curl can connect with HTTP/2 at once without 1.1+Upgrade. - diff --git a/docs/INSTALL b/docs/INSTALL index 67cd489..30dec53 100644 --- a/docs/INSTALL +++ b/docs/INSTALL @@ -173,13 +173,13 @@ Win32 advice given above. KB94248 - How To Use the C Run-Time - https://support.microsoft.com/kb/94248/en-us + http://support.microsoft.com/kb/94248/en-us KB140584 - How to link with the correct C Run-Time (CRT) library - https://support.microsoft.com/kb/140584/en-us + http://support.microsoft.com/kb/140584/en-us KB190799 - Potential Errors Passing CRT Objects Across DLL Boundaries - https://msdn.microsoft.com/en-us/library/ms235460 + http://msdn.microsoft.com/en-us/library/ms235460 If your app is misbehaving in some strange way, or it is suffering from memory corruption, before asking for further help, please try @@ -209,8 +209,8 @@ Win32 environment variables, for example: set ZLIB_PATH=c:\zlib-1.2.8 - set OPENSSL_PATH=c:\openssl-1.0.2c - set LIBSSH2_PATH=c:\libssh2-1.6.0 + set OPENSSL_PATH=c:\openssl-0.9.8zc + set LIBSSH2_PATH=c:\libssh2-1.4.3 ATTENTION: if you want to build with libssh2 support you have to use latest version 0.17 - previous versions will NOT work with 7.17.0 and later! @@ -232,7 +232,7 @@ Win32 - optional MingW32-built OpenLDAP SDK available from: http://www.gknw.net/mirror/openldap/ - optional recent Novell CLDAP SDK available from: - https://www.novell.com/developer/ndk/ldap_libraries_for_c.html + http://developer.novell.com/ndk/cldap.htm Cygwin ------ @@ -254,7 +254,7 @@ Win32 If you use MSVC 6 it is required that you use the February 2003 edition of the 'Platform SDK' which can be downloaded from: - https://www.microsoft.com/en-us/download/details.aspx?id=12261 + http://www.microsoft.com/en-us/download/details.aspx?id=12261 Building any software with MSVC 6 without having PSDK installed is just asking for trouble down the road once you have released it, you might notice @@ -263,7 +263,7 @@ Win32 software built in such way will at some point regret having done so. If the compiler has been updated with the installation of a service pack as - those mentioned in https://support.microsoft.com/kb/194022 the compiler can be + those mentioned in http://support.microsoft.com/kb/194022 the compiler can be safely used to read source code, translate and make it object code. But, even with the service packs mentioned above installed, the resulting @@ -299,7 +299,7 @@ Win32 Then run 'nmake vc' in curl's root directory. If you want to compile with zlib support, you will need to build - zlib (http://www.zlib.net/) as well. Please read the zlib + zlib (http://www.gzip.org/zlib/) as well. Please read the zlib documentation on how to compile zlib. Define the ZLIB_PATH environment variable to the location of zlib.h and zlib.lib, for example: @@ -471,15 +471,6 @@ Win32 add '-DCURL_STATICLIB' to your CFLAGS. Otherwise the linker will look for dynamic import symbols. - Legacy Windows and SSL - ---------------------- - - WinSSL (specifically SChannel from Windows SSPI), is the native SSL library - in Windows. However, WinSSL in Windows <= XP is unable to connect to servers - that no longer support the legacy handshakes and algorithms used by those - versions. If you will be using curl in one of those earlier versions of - Windows you should choose another SSL backend such as OpenSSL. - Apple iOS and Mac OS X ====================== @@ -674,10 +665,12 @@ NetWare - gnu make and awk running on the platform you compile on; native Win32 versions can be downloaded from: http://www.gknw.net/development/prgtools/ - - recent Novell LibC or Novell CLib SDK available from: - https://www.novell.com/developer/ndk/ + - recent Novell LibC SDK available from: + http://developer.novell.com/ndk/libc.htm + - or recent Novell CLib SDK available from: + http://developer.novell.com/ndk/clib.htm - optional recent Novell CLDAP SDK available from: - https://www.novell.com/developer/ndk/ldap_libraries_for_c.html + http://developer.novell.com/ndk/cldap.htm - optional zlib sources (static or dynamic linking with zlib.imp); sources with NetWare Makefile can be obtained from: http://www.gknw.net/mirror/zlib/ @@ -832,7 +825,7 @@ VxWorks To build libcurl for VxWorks you need: - - CYGWIN (free, https://cygwin.com/) + - CYGWIN (free, http://cygwin.com/) - Wind River Workbench (commercial) If you have CYGWIN and Workbench installed on you machine @@ -1093,18 +1086,18 @@ Useful URLs axTLS http://axtls.sourceforge.net/ c-ares http://c-ares.haxx.se/ -GNU GSS https://www.gnu.org/software/gss/ -GnuTLS https://www.gnu.org/software/gnutls/ -Heimdal http://www.h5l.org/ -libidn https://www.gnu.org/software/libidn/ +GNU GSS http://www.gnu.org/software/gss/ +GnuTLS http://www.gnu.org/software/gnutls/ +Heimdal http://www.pdc.kth.se/heimdal/ +libidn http://www.gnu.org/software/libidn/ libmetalink https://launchpad.net/libmetalink/ libssh2 http://www.libssh2.org/ MIT Kerberos http://web.mit.edu/kerberos/www/dist/ -NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS +NSS http://www.mozilla.org/projects/security/pki/nss/ OpenLDAP http://www.openldap.org/ -OpenSSL https://www.openssl.org/ -PolarSSL https://tls.mbed.org/ -wolfSSL https://www.wolfssl.com/wolfSSL/ +OpenSSL http://www.openssl.org/ +PolarSSL http://polarssl.org/ +yassl http://www.yassl.com/ Zlib http://www.zlib.net/ MingW http://www.mingw.org/ diff --git a/docs/INSTALL.devcpp b/docs/INSTALL.devcpp index ee2d703..46d1836 100644 --- a/docs/INSTALL.devcpp +++ b/docs/INSTALL.devcpp @@ -95,7 +95,7 @@ install instructions may produce erratic behaviour in DevCpp. For further info check the following sites http://aditsu.freeunixhost.com/dev-cpp-faq.html -https://sourceforge.net/p/dev-cpp/discussion/48211/thread/2a85ea46 +http://sourceforge.net/forum/message.php?msg_id=3252213 As I have mentioned before I will confine this to the SSL Library compilations but the process is very similar for compilation of the executable - curl.exe; diff --git a/docs/INTERNALS b/docs/INTERNALS index 4cd63b4..f8b1b47 100644 --- a/docs/INTERNALS +++ b/docs/INTERNALS @@ -1,57 +1,18 @@ -Table of Contents -================= + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| - - [Intro](#intro) - - [git](#git) - - [Portability](#Portability) - - [Windows vs Unix](#winvsunix) - - [Library](#Library) - - [`Curl_connect`](#Curl_connect) - - [`Curl_do`](#Curl_do) - - [`Curl_readwrite`](#Curl_readwrite) - - [`Curl_done`](#Curl_done) - - [`Curl_disconnect`](#Curl_disconnect) - - [HTTP(S)](#http) - - [FTP](#ftp) - - [Kerberos](#kerberos) - - [TELNET](#telnet) - - [FILE](#file) - - [SMB](#smb) - - [LDAP](#ldap) - - [E-mail](#email) - - [General](#general) - - [Persistent Connections](#persistent) - - [multi interface/non-blocking](#multi) - - [SSL libraries](#ssl) - - [Library Symbols](#symbols) - - [Return Codes and Informationals](#returncodes) - - [AP/ABI](#abi) - - [Client](#client) - - [Memory Debugging](#memorydebug) - - [Test Suite](#test) - - [Asynchronous name resolves](#asyncdns) - - [c-ares](#cares) - - [`curl_off_t`](#curl_off_t) - - [curlx](#curlx) - - [Content Encoding](#contentencoding) - - [hostip.c explained](#hostip) - - [Track Down Memory Leaks](#memoryleak) - - [`multi_socket`](#multi_socket) - - [Structs in libcurl](#structs) - - -curl internals -============== - - This project is split in two. The library and the client. The client part - uses the library, but the library is designed to allow other applications to - use it. +INTERNALS - The largest amount of code and complexity is in the library part. + The project is split in two. The library and the client. The client part uses + the library, but the library is designed to allow other applications to use + it. + The largest amount of code and complexity is in the library part. - -git +GIT === All changes to the sources are committed to the git repository as soon as @@ -62,7 +23,6 @@ git Tagging shall be used extensively, and by the time we release new archives we should tag the sources with a name similar to the released version number. - Portability =========== @@ -74,55 +34,45 @@ Portability want it to remain functional and buildable with these and later versions (older versions may still work but is not what we work hard to maintain): -Dependencies ------------- - - - OpenSSL 0.9.7 - - GnuTLS 1.2 - - zlib 1.1.4 - - libssh2 0.16 - - c-ares 1.6.0 - - libidn 0.4.1 - - cyassl 2.0.0 - - openldap 2.0 - - MIT Kerberos 1.2.4 - - GSKit V5R3M0 - - NSS 3.14.x - - axTLS 1.2.7 - - PolarSSL 1.3.0 - - Heimdal ? - - nghttp2 1.0.0 - -Operating Systems ------------------ + OpenSSL 0.9.7 + GnuTLS 1.2 + zlib 1.1.4 + libssh2 0.16 + c-ares 1.6.0 + libidn 0.4.1 + cyassl 2.0.0 + openldap 2.0 + MIT Kerberos 1.2.4 + GSKit V5R3M0 + NSS 3.14.x + axTLS 1.2.7 + PolarSSL 1.3.0 + Heimdal ? + nghttp2 0.6.0 On systems where configure runs, we aim at working on them all - if they have a suitable C compiler. On systems that don't run configure, we strive to keep curl running fine on: - - Windows 98 - - AS/400 V5R3M0 - - Symbian 9.1 - - Windows CE ? - - TPF ? - -Build tools ------------ + Windows 98 + AS/400 V5R3M0 + Symbian 9.1 + Windows CE ? + TPF ? When writing code (mostly for generating stuff included in release tarballs) we use a few "build tools" and we make sure that we remain functional with these versions: - - GNU Libtool 1.4.2 - - GNU Autoconf 2.57 - - GNU Automake 1.7 - - GNU M4 1.4 - - perl 5.004 - - roffit 0.5 - - groff ? (any version that supports "groff -Tps -man [in] [out]") - - ps2pdf (gs) ? + GNU Libtool 1.4.2 + GNU Autoconf 2.57 + GNU Automake 1.7 (we currently avoid 1.10 due to Solaris-related bugs) + GNU M4 1.4 + perl 5.004 + roffit 0.5 + groff ? (any version that supports "groff -Tps -man [in] [out]") + ps2pdf (gs) ? - Windows vs Unix =============== @@ -137,9 +87,8 @@ Windows vs Unix 2. Windows requires a couple of init calls for the socket stuff. - That's taken care of by the `curl_global_init()` call, but if other libs - also do it etc there might be reasons for applications to alter that - behaviour. + That's taken care of by the curl_global_init() call, but if other libs also + do it etc there might be reasons for applications to alter that behaviour. 3. The file descriptors for network communication and file operations are not easily interchangeable as in unix. @@ -152,29 +101,28 @@ Windows vs Unix We set stdout to binary under windows - Inside the source code, We make an effort to avoid `#ifdef [Your OS]`. All + Inside the source code, We make an effort to avoid '#ifdef [Your OS]'. All conditionals that deal with features *should* instead be in the format - `#ifdef HAVE_THAT_WEIRD_FUNCTION`. Since Windows can't run configure scripts, - we maintain a `curl_config-win32.h` file in lib directory that is supposed to - look exactly as a `curl_config.h` file would have looked like on a Windows + '#ifdef HAVE_THAT_WEIRD_FUNCTION'. Since Windows can't run configure scripts, + we maintain a curl_config-win32.h file in lib directory that is supposed to + look exactly as a curl_config.h file would have looked like on a Windows machine! Generally speaking: always remember that this will be compiled on dozens of operating systems. Don't walk on the edge. - Library ======= - (See `LIBCURL-STRUCTS` for a separate document describing all major internal + (See LIBCURL-STRUCTS for a separate document describing all major internal structs and their purposes.) There are plenty of entry points to the library, namely each publicly defined function that libcurl offers to applications. All of those functions are - rather small and easy-to-follow. All the ones prefixed with `curl_easy` are + rather small and easy-to-follow. All the ones prefixed with 'curl_easy' are put in the lib/easy.c file. - `curl_global_init_()` and `curl_global_cleanup()` should be called by the + curl_global_init_() and curl_global_cleanup() should be called by the application to initialize and clean up global stuff in the library. As of today, it can handle the global SSL initing if SSL is enabled and it can init the socket layer on windows machines. libcurl itself has no "global" scope. @@ -182,56 +130,51 @@ Library All printf()-style functions use the supplied clones in lib/mprintf.c. This makes sure we stay absolutely platform independent. - [ `curl_easy_init()`][2] allocates an internal struct and makes some - initializations. The returned handle does not reveal internals. This is the - 'SessionHandle' struct which works as an "anchor" struct for all `curl_easy` - functions. All connections performed will get connect-specific data allocated - that should be used for things related to particular connections/requests. + curl_easy_init() allocates an internal struct and makes some initializations. + The returned handle does not reveal internals. This is the 'SessionHandle' + struct which works as an "anchor" struct for all curl_easy functions. All + connections performed will get connect-specific data allocated that should be + used for things related to particular connections/requests. - [`curl_easy_setopt()`][1] takes three arguments, where the option stuff must - be passed in pairs: the parameter-ID and the parameter-value. The list of + curl_easy_setopt() takes three arguments, where the option stuff must be + passed in pairs: the parameter-ID and the parameter-value. The list of options is documented in the man page. This function mainly sets things in the 'SessionHandle' struct. - `curl_easy_perform()` is just a wrapper function that makes use of the multi - API. It basically calls `curl_multi_init()`, `curl_multi_add_handle()`, - `curl_multi_wait()`, and `curl_multi_perform()` until the transfer is done - and then returns. + curl_easy_perform() is just a wrapper function that makes use of the multi + API. It basically curl_multi_init(), curl_multi_add_handle(), + curl_multi_wait(), and curl_multi_perform() until the transfer is done and + then returns. Some of the most important key functions in url.c are called from multi.c when certain key steps are to be made in the transfer operation. - -Curl_connect() --------------- + o Curl_connect() Analyzes the URL, it separates the different components and connects to the remote host. This may involve using a proxy and/or using SSL. The - `Curl_resolv()` function in lib/hostip.c is used for looking up host names + Curl_resolv() function in lib/hostip.c is used for looking up host names (it does then use the proper underlying method, which may vary between platforms and builds). - When `Curl_connect` is done, we are connected to the remote site. Then it - is time to tell the server to get a document/file. `Curl_do()` arranges - this. + When Curl_connect is done, we are connected to the remote site. Then it is + time to tell the server to get a document/file. Curl_do() arranges this. This function makes sure there's an allocated and initiated 'connectdata' struct that is used for this particular connection only (although there may be several requests performed on the same connect). A bunch of things are inited/inherited from the SessionHandle struct. - -Curl_do() ---------- + o Curl_do() - `Curl_do()` makes sure the proper protocol-specific function is called. The + Curl_do() makes sure the proper protocol-specific function is called. The functions are named after the protocols they handle. The protocol-specific functions of course deal with protocol-specific - negotiations and setup. They have access to the `Curl_sendf()` (from + negotiations and setup. They have access to the Curl_sendf() (from lib/sendf.c) function to send printf-style formatted data to the remote host and when they're ready to make the actual file transfer they call the - `Curl_Transfer()` function (in lib/transfer.c) to setup the transfer and + Curl_Transfer() function (in lib/transfer.c) to setup the transfer and returns. If this DO function fails and the connection is being re-used, libcurl will @@ -240,13 +183,11 @@ Curl_do() we have discovered a dead connection before the DO function and thus we might wrongly be re-using a connection that was closed by the remote peer. - Some time during the DO function, the `Curl_setup_transfer()` function must + Some time during the DO function, the Curl_setup_transfer() function must be called with some basic info about the upcoming transfer: what socket(s) to read/write and the expected file transfer sizes (if known). - -Curl_readwrite() ----------------- + o Curl_readwrite() Called during the transfer of the actual protocol payload. @@ -255,22 +196,18 @@ Curl_readwrite() called). The speedcheck functions in lib/speedcheck.c are also used to verify that the transfer is as fast as required. - -Curl_done() ------------ + o Curl_done() Called after a transfer is done. This function takes care of everything that has to be done after a transfer. This function attempts to leave - matters in a state so that `Curl_do()` should be possible to call again on + matters in a state so that Curl_do() should be possible to call again on the same connection (in a persistent connection case). It might also soon - be closed with `Curl_disconnect()`. + be closed with Curl_disconnect(). - -Curl_disconnect() ------------------ + o Curl_disconnect() When doing normal connections and transfers, no one ever tries to close any - connections so this is not normally called when `curl_easy_perform()` is + connections so this is not normally called when curl_easy_perform() is used. This function is only used when we are certain that no more transfers is going to be made on the connection. It can be also closed by force, or it can be called to make sure that libcurl doesn't keep too many @@ -279,9 +216,8 @@ Curl_disconnect() This function cleans up all resources that are associated with a single connection. - -HTTP(S) -======= + + HTTP(S) HTTP offers a lot and is the protocol in curl that uses the most lines of code. There is a special file (lib/formdata.c) that offers all the multipart @@ -293,123 +229,100 @@ HTTP(S) HTTPS uses in almost every means the same procedure as HTTP, with only two exceptions: the connect procedure is different and the function used to read or write from the socket is different, although the latter fact is hidden in - the source by the use of `Curl_read()` for reading and `Curl_write()` for - writing data to the remote server. + the source by the use of Curl_read() for reading and Curl_write() for writing + data to the remote server. - `http_chunks.c` contains functions that understands HTTP 1.1 chunked transfer + http_chunks.c contains functions that understands HTTP 1.1 chunked transfer encoding. - An interesting detail with the HTTP(S) request, is the `Curl_add_buffer()` + An interesting detail with the HTTP(S) request, is the Curl_add_buffer() series of functions we use. They append data to one single buffer, and when the building is done the entire request is sent off in one single write. This is done this way to overcome problems with flawed firewalls and lame servers. - -FTP -=== + FTP - The `Curl_if2ip()` function can be used for getting the IP number of a + The Curl_if2ip() function can be used for getting the IP number of a specified network interface, and it resides in lib/if2ip.c. - `Curl_ftpsendf()` is used for sending FTP commands to the remote server. It - was made a separate function to prevent us programmers from forgetting that - they must be CRLF terminated. They must also be sent in one single write() to - make firewalls and similar happy. + Curl_ftpsendf() is used for sending FTP commands to the remote server. It was + made a separate function to prevent us programmers from forgetting that they + must be CRLF terminated. They must also be sent in one single write() to make + firewalls and similar happy. - -Kerberos --------- + Kerberos Kerberos support is mainly in lib/krb5.c and lib/security.c but also - `curl_sasl_sspi.c` and `curl_sasl_gssapi.c` for the email protocols and - `socks_gssapi.c` and `socks_sspi.c` for SOCKS5 proxy specifics. + curl_sasl_sspi.c and curl_sasl_gssapi.c for the email protocols and + socks_gssapi.c & socks_sspi.c for SOCKS5 proxy specifics. - -TELNET -====== + TELNET Telnet is implemented in lib/telnet.c. - -FILE -==== + FILE The file:// protocol is dealt with in lib/file.c. - -SMB -=== + SMB The smb:// protocol is dealt with in lib/smb.c. - -LDAP -==== + LDAP Everything LDAP is in lib/ldap.c and lib/openldap.c - -E-mail -====== + E-mail The e-mail related source code is in lib/imap.c, lib/pop3.c and lib/smtp.c. - -General -======= + GENERAL URL encoding and decoding, called escaping and unescaping in the source code, is found in lib/escape.c. While transferring data in Transfer() a few functions might get used. - `curl_getdate()` in lib/parsedate.c is for HTTP date comparisons (and more). + curl_getdate() in lib/parsedate.c is for HTTP date comparisons (and more). - lib/getenv.c offers `curl_getenv()` which is for reading environment - variables in a neat platform independent way. That's used in the client, but - also in lib/url.c when checking the proxy environment variables. Note that - contrary to the normal unix getenv(), this returns an allocated buffer that - must be free()ed after use. + lib/getenv.c offers curl_getenv() which is for reading environment variables + in a neat platform independent way. That's used in the client, but also in + lib/url.c when checking the proxy environment variables. Note that contrary + to the normal unix getenv(), this returns an allocated buffer that must be + free()ed after use. lib/netrc.c holds the .netrc parser lib/timeval.c features replacement functions for systems that don't have gettimeofday() and a few support functions for timeval conversions. - A function named `curl_version()` that returns the full curl version string - is found in lib/version.c. + A function named curl_version() that returns the full curl version string is + found in lib/version.c. - Persistent Connections ====================== The persistent connection support in libcurl requires some considerations on how to do things inside of the library. - - The 'SessionHandle' struct returned in the [`curl_easy_init()`][2] call - must never hold connection-oriented data. It is meant to hold the root data - as well as all the options etc that the library-user may choose. - - - The 'SessionHandle' struct holds the "connection cache" (an array of + o The 'SessionHandle' struct returned in the curl_easy_init() call must never + hold connection-oriented data. It is meant to hold the root data as well as + all the options etc that the library-user may choose. + o The 'SessionHandle' struct holds the "connection cache" (an array of pointers to 'connectdata' structs). - - - This enables the 'curl handle' to be reused on subsequent transfers. - - - When libcurl is told to perform a transfer, it first checks for an already + o This enables the 'curl handle' to be reused on subsequent transfers. + o When libcurl is told to perform a transfer, it first checks for an already existing connection in the cache that we can use. Otherwise it creates a new one and adds that the cache. If the cache is full already when a new connection is added added, it will first close the oldest unused one. - - - When the transfer operation is complete, the connection is left + o When the transfer operation is complete, the connection is left open. Particular options may tell libcurl not to, and protocols may signal closure on connections and then they won't be kept open of course. - - - When `curl_easy_cleanup()` is called, we close all still opened connections, + o When curl_easy_cleanup() is called, we close all still opened connections, unless of course the multi interface "owns" the connections. The curl handle must be re-used in order for the persistent connections to work. - multi interface/non-blocking ============================ @@ -428,7 +341,6 @@ multi interface/non-blocking protocols are crappy examples and they are subject for rewrite in the future to better fit the libcurl protocol family. - SSL libraries ============= @@ -438,39 +350,36 @@ SSL libraries in future libcurl versions. To deal with this internally in the best way possible, we have a generic SSL - function API as provided by the vtls/vtls.[ch] system, and they are the only - SSL functions we must use from within libcurl. vtls is then crafted to use - the appropriate lower-level function calls to whatever SSL library that is in + function API as provided by the vtls.[ch] system, and they are the only SSL + functions we must use from within libcurl. vtls is then crafted to use the + appropriate lower-level function calls to whatever SSL library that is in use. For example vtls/openssl.[ch] for the OpenSSL library. - Library Symbols =============== - All symbols used internally in libcurl must use a `Curl_` prefix if they're + All symbols used internally in libcurl must use a 'Curl_' prefix if they're used in more than a single file. Single-file symbols must be made static. - Public ("exported") symbols must use a `curl_` prefix. (There are exceptions, + Public ("exported") symbols must use a 'curl_' prefix. (There are exceptions, but they are to be changed to follow this pattern in future versions.) Public - API functions are marked with `CURL_EXTERN` in the public header files so - that all others can be hidden on platforms where this is possible. + API functions are marked with CURL_EXTERN in the public header files so that + all others can be hidden on platforms where this is possible. - Return Codes and Informationals =============================== I've made things simple. Almost every function in libcurl returns a CURLcode, - that must be `CURLE_OK` if everything is OK or otherwise a suitable error - code as the curl/curl.h include file defines. The very spot that detects an - error must use the `Curl_failf()` function to set the human-readable error + that must be CURLE_OK if everything is OK or otherwise a suitable error code + as the curl/curl.h include file defines. The very spot that detects an error + must use the Curl_failf() function to set the human-readable error description. In aiding the user to understand what's happening and to debug curl usage, we - must supply a fair amount of informational messages by using the - `Curl_infof()` function. Those messages are only displayed when the user - explicitly asks for them. They are best used when revealing information that - isn't otherwise obvious. + must supply a fair amount of informational messages by using the Curl_infof() + function. Those messages are only displayed when the user explicitly asks for + them. They are best used when revealing information that isn't otherwise + obvious. - API/ABI ======= @@ -478,31 +387,29 @@ API/ABI that makes it easier to keep a solid API/ABI over time. See docs/libcurl/ABI for our promise to users. - Client ====== - main() resides in `src/tool_main.c`. + main() resides in src/tool_main.c. - `src/tool_hugehelp.c` is automatically generated by the mkhelp.pl perl script + src/tool_hugehelp.c is automatically generated by the mkhelp.pl perl script to display the complete "manual" and the src/tool_urlglob.c file holds the functions used for the URL-"globbing" support. Globbing in the sense that the {} and [] expansion stuff is there. The client mostly messes around to setup its 'config' struct properly, then - it calls the `curl_easy_*()` functions of the library and when it gets back - control after the `curl_easy_perform()` it cleans up the library, checks - status and exits. + it calls the curl_easy_*() functions of the library and when it gets back + control after the curl_easy_perform() it cleans up the library, checks status + and exits. When the operation is done, the ourWriteOut() function in src/writeout.c may be called to report about the operation. That function is using the - `curl_easy_getinfo()` function to extract useful information from the curl + curl_easy_getinfo() function to extract useful information from the curl session. It may loop and do all this several times if many URLs were specified on the command line or config file. - Memory Debugging ================ @@ -532,7 +439,6 @@ Memory Debugging the configure script. When --enable-debug is given both features will be enabled, unless some restriction prevents memory tracking from being used. - Test Suite ========== @@ -550,546 +456,29 @@ Test Suite The test suite automatically detects if curl was built with the memory debugging enabled, and if it was it will detect memory leaks, too. - -Asynchronous name resolves -========================== - - libcurl can be built to do name resolves asynchronously, using either the - normal resolver in a threaded manner or by using c-ares. - - -[c-ares][3] ------- - -### Build libcurl to use a c-ares - -1. ./configure --enable-ares=/path/to/ares/install -2. make - -### c-ares on win32 - - First I compiled c-ares. I changed the default C runtime library to be the - single-threaded rather than the multi-threaded (this seems to be required to - prevent linking errors later on). Then I simply build the areslib project - (the other projects adig/ahost seem to fail under MSVC). - - Next was libcurl. I opened lib/config-win32.h and I added a: - `#define USE_ARES 1` - - Next thing I did was I added the path for the ares includes to the include - path, and the libares.lib to the libraries. - - Lastly, I also changed libcurl to be single-threaded rather than - multi-threaded, again this was to prevent some duplicate symbol errors. I'm - not sure why I needed to change everything to single-threaded, but when I - didn't I got redefinition errors for several CRT functions (malloc, stricmp, - etc.) - - -`curl_off_t` -========== - - curl_off_t is a data type provided by the external libcurl include - headers. It is the type meant to be used for the [`curl_easy_setopt()`][1] - options that end with LARGE. The type is 64bit large on most modern - platforms. - -curlx -===== - - The libcurl source code offers a few functions by source only. They are not - part of the official libcurl API, but the source files might be useful for - others so apps can optionally compile/build with these sources to gain - additional functions. - - We provide them through a single header file for easy access for apps: - "curlx.h" - -`curlx_strtoofft()` -------------------- - A macro that converts a string containing a number to a curl_off_t number. - This might use the curlx_strtoll() function which is provided as source - code in strtoofft.c. Note that the function is only provided if no - strtoll() (or equivalent) function exist on your platform. If curl_off_t - is only a 32 bit number on your platform, this macro uses strtol(). - -`curlx_tvnow()` ---------------- - returns a struct timeval for the current time. - -`curlx_tvdiff()` --------------- - returns the difference between two timeval structs, in number of - milliseconds. - -`curlx_tvdiff_secs()` ---------------------- - returns the same as curlx_tvdiff but with full usec resolution (as a - double) - -Future ------- - - Several functions will be removed from the public curl_ name space in a - future libcurl release. They will then only become available as curlx_ - functions instead. To make the transition easier, we already today provide - these functions with the curlx_ prefix to allow sources to get built properly - with the new function names. The functions this concerns are: - - - `curlx_getenv` - - `curlx_strequal` - - `curlx_strnequal` - - `curlx_mvsnprintf` - - `curlx_msnprintf` - - `curlx_maprintf` - - `curlx_mvaprintf` - - `curlx_msprintf` - - `curlx_mprintf` - - `curlx_mfprintf` - - `curlx_mvsprintf` - - `curlx_mvprintf` - - `curlx_mvfprintf` - - -Content Encoding -================ - -## About content encodings - - [HTTP/1.1][4] specifies that a client may request that a server encode its - response. This is usually used to compress a response using one of a set of - commonly available compression techniques. These schemes are 'deflate' (the - zlib algorithm), 'gzip' and 'compress'. A client requests that the sever - perform an encoding by including an Accept-Encoding header in the request - document. The value of the header should be one of the recognized tokens - 'deflate', ... (there's a way to register new schemes/tokens, see sec 3.5 of - the spec). A server MAY honor the client's encoding request. When a response - is encoded, the server includes a Content-Encoding header in the - response. The value of the Content-Encoding header indicates which scheme was - used to encode the data. - - A client may tell a server that it can understand several different encoding - schemes. In this case the server may choose any one of those and use it to - encode the response (indicating which one using the Content-Encoding header). - It's also possible for a client to attach priorities to different schemes so - that the server knows which it prefers. See sec 14.3 of RFC 2616 for more - information on the Accept-Encoding header. - -## Supported content encodings - - The 'deflate' and 'gzip' content encoding are supported by libcurl. Both - regular and chunked transfers work fine. The zlib library is required for - this feature. - -## The libcurl interface - - To cause libcurl to request a content encoding use: - - [`curl_easy_setopt`][1](curl, [`CURLOPT_ACCEPT_ENCODING`][5], string) - - where string is the intended value of the Accept-Encoding header. - - Currently, libcurl only understands how to process responses that use the - "deflate" or "gzip" Content-Encoding, so the only values for - [`CURLOPT_ACCEPT_ENCODING`][5] that will work (besides "identity," which does - nothing) are "deflate" and "gzip" If a response is encoded using the - "compress" or methods, libcurl will return an error indicating that the - response could not be decoded. If is NULL no Accept-Encoding header - is generated. If is a zero-length string, then an Accept-Encoding - header containing all supported encodings will be generated. - - The [`CURLOPT_ACCEPT_ENCODING`][5] must be set to any non-NULL value for - content to be automatically decoded. If it is not set and the server still - sends encoded content (despite not having been asked), the data is returned - in its raw form and the Content-Encoding type is not checked. - -## The curl interface - - Use the [--compressed][6] option with curl to cause it to ask servers to - compress responses using any format supported by curl. - - -hostip.c explained -================== - - The main compile-time defines to keep in mind when reading the host*.c source - file are these: - -## `CURLRES_IPV6` - - this host has getaddrinfo() and family, and thus we use that. The host may - not be able to resolve IPv6, but we don't really have to take that into - account. Hosts that aren't IPv6-enabled have CURLRES_IPV4 defined. - -## `CURLRES_ARES` - - is defined if libcurl is built to use c-ares for asynchronous name - resolves. This can be Windows or *nix. - -## `CURLRES_THREADED` - - is defined if libcurl is built to use threading for asynchronous name - resolves. The name resolve will be done in a new thread, and the supported - asynch API will be the same as for ares-builds. This is the default under - (native) Windows. - - If any of the two previous are defined, `CURLRES_ASYNCH` is defined too. If - libcurl is not built to use an asynchronous resolver, `CURLRES_SYNCH` is - defined. - -## host*.c sources - - The host*.c sources files are split up like this: - - - hostip.c - method-independent resolver functions and utility functions - - hostasyn.c - functions for asynchronous name resolves - - hostsyn.c - functions for synchronous name resolves - - asyn-ares.c - functions for asynchronous name resolves using c-ares - - asyn-thread.c - functions for asynchronous name resolves using threads - - hostip4.c - IPv4 specific functions - - hostip6.c - IPv6 specific functions - - The hostip.h is the single united header file for all this. It defines the - `CURLRES_*` defines based on the config*.h and curl_setup.h defines. - - -Track Down Memory Leaks -======================= - -## Single-threaded - - Please note that this memory leak system is not adjusted to work in more - than one thread. If you want/need to use it in a multi-threaded app. Please - adjust accordingly. - - -## Build - - Rebuild libcurl with -DCURLDEBUG (usually, rerunning configure with - --enable-debug fixes this). 'make clean' first, then 'make' so that all - files actually are rebuilt properly. It will also make sense to build - libcurl with the debug option (usually -g to the compiler) so that debugging - it will be easier if you actually do find a leak in the library. - - This will create a library that has memory debugging enabled. - -## Modify Your Application - - Add a line in your application code: - - `curl_memdebug("dump");` - - This will make the malloc debug system output a full trace of all resource - using functions to the given file name. Make sure you rebuild your program - and that you link with the same libcurl you built for this purpose as - described above. - -## Run Your Application - - Run your program as usual. Watch the specified memory trace file grow. - - Make your program exit and use the proper libcurl cleanup functions etc. So - that all non-leaks are returned/freed properly. - -## Analyze the Flow - - Use the tests/memanalyze.pl perl script to analyze the dump file: - - tests/memanalyze.pl dump - - This now outputs a report on what resources that were allocated but never - freed etc. This report is very fine for posting to the list! - - If this doesn't produce any output, no leak was detected in libcurl. Then - the leak is mostly likely to be in your code. - - -`multi_socket` -============== - - Implementation of the `curl_multi_socket` API - - The main ideas of this API are simply: - - 1 - The application can use whatever event system it likes as it gets info - from libcurl about what file descriptors libcurl waits for what action - on. (The previous API returns `fd_sets` which is very select()-centric). - - 2 - When the application discovers action on a single socket, it calls - libcurl and informs that there was action on this particular socket and - libcurl can then act on that socket/transfer only and not care about - any other transfers. (The previous API always had to scan through all - the existing transfers.) - - The idea is that [`curl_multi_socket_action()`][7] calls a given callback - with information about what socket to wait for what action on, and the - callback only gets called if the status of that socket has changed. - - We also added a timer callback that makes libcurl call the application when - the timeout value changes, and you set that with [`curl_multi_setopt()`][9] - and the [`CURLMOPT_TIMERFUNCTION`][10] option. To get this to work, - Internally, there's an added a struct to each easy handle in which we store - an "expire time" (if any). The structs are then "splay sorted" so that we - can add and remove times from the linked list and yet somewhat swiftly - figure out both how long time there is until the next nearest timer expires - and which timer (handle) we should take care of now. Of course, the upside - of all this is that we get a [`curl_multi_timeout()`][8] that should also - work with old-style applications that use [`curl_multi_perform()`][11]. - - We created an internal "socket to easy handles" hash table that given - a socket (file descriptor) return the easy handle that waits for action on - that socket. This hash is made using the already existing hash code - (previously only used for the DNS cache). - - To make libcurl able to report plain sockets in the socket callback, we had - to re-organize the internals of the [`curl_multi_fdset()`][12] etc so that - the conversion from sockets to `fd_sets` for that function is only done in - the last step before the data is returned. I also had to extend c-ares to - get a function that can return plain sockets, as that library too returned - only `fd_sets` and that is no longer good enough. The changes done to c-ares - are available in c-ares 1.3.1 and later. - - -Structs in libcurl -================== - -This section should cover 7.32.0 pretty accurately, but will make sense even -for older and later versions as things don't change drastically that often. - -## SessionHandle - - The SessionHandle handle struct is the one returned to the outside in the - external API as a "CURL *". This is usually known as an easy handle in API - documentations and examples. - - Information and state that is related to the actual connection is in the - 'connectdata' struct. When a transfer is about to be made, libcurl will - either create a new connection or re-use an existing one. The particular - connectdata that is used by this handle is pointed out by - SessionHandle->easy_conn. - - Data and information that regard this particular single transfer is put in - the SingleRequest sub-struct. - - When the SessionHandle struct is added to a multi handle, as it must be in - order to do any transfer, the ->multi member will point to the `Curl_multi` - struct it belongs to. The ->prev and ->next members will then be used by the - multi code to keep a linked list of SessionHandle structs that are added to - that same multi handle. libcurl always uses multi so ->multi *will* point to - a `Curl_multi` when a transfer is in progress. - - ->mstate is the multi state of this particular SessionHandle. When - `multi_runsingle()` is called, it will act on this handle according to which - state it is in. The mstate is also what tells which sockets to return for a - specific SessionHandle when [`curl_multi_fdset()`][12] is called etc. - - The libcurl source code generally use the name 'data' for the variable that - points to the SessionHandle. - - When doing multiplexed HTTP/2 transfers, each SessionHandle is associated - with an individual stream, sharing the same connectdata struct. Multiplexing - makes it even more important to keep things associated with the right thing! - -## connectdata - - A general idea in libcurl is to keep connections around in a connection - "cache" after they have been used in case they will be used again and then - re-use an existing one instead of creating a new as it creates a significant - performance boost. - - Each 'connectdata' identifies a single physical connection to a server. If - the connection can't be kept alive, the connection will be closed after use - and then this struct can be removed from the cache and freed. - - Thus, the same SessionHandle can be used multiple times and each time select - another connectdata struct to use for the connection. Keep this in mind, as - it is then important to consider if options or choices are based on the - connection or the SessionHandle. - - Functions in libcurl will assume that connectdata->data points to the - SessionHandle that uses this connection (for the moment). - - As a special complexity, some protocols supported by libcurl require a - special disconnect procedure that is more than just shutting down the - socket. It can involve sending one or more commands to the server before - doing so. Since connections are kept in the connection cache after use, the - original SessionHandle may no longer be around when the time comes to shut - down a particular connection. For this purpose, libcurl holds a special - dummy `closure_handle` SessionHandle in the `Curl_multi` struct to use when - needed. - - FTP uses two TCP connections for a typical transfer but it keeps both in - this single struct and thus can be considered a single connection for most - internal concerns. - - The libcurl source code generally use the name 'conn' for the variable that - points to the connectdata. - -## Curl_multi - - Internally, the easy interface is implemented as a wrapper around multi - interface functions. This makes everything multi interface. - - `Curl_multi` is the multi handle struct exposed as "CURLM *" in external APIs. - - This struct holds a list of SessionHandle structs that have been added to - this handle with [`curl_multi_add_handle()`][13]. The start of the list is - ->easyp and ->num_easy is a counter of added SessionHandles. - - ->msglist is a linked list of messages to send back when - [`curl_multi_info_read()`][14] is called. Basically a node is added to that - list when an individual SessionHandle's transfer has completed. - - ->hostcache points to the name cache. It is a hash table for looking up name - to IP. The nodes have a limited life time in there and this cache is meant - to reduce the time for when the same name is wanted within a short period of - time. - - ->timetree points to a tree of SessionHandles, sorted by the remaining time - until it should be checked - normally some sort of timeout. Each - SessionHandle has one node in the tree. - - ->sockhash is a hash table to allow fast lookups of socket descriptor to - which SessionHandle that uses that descriptor. This is necessary for the - `multi_socket` API. - - ->conn_cache points to the connection cache. It keeps track of all - connections that are kept after use. The cache has a maximum size. - - ->closure_handle is described in the 'connectdata' section. - - The libcurl source code generally use the name 'multi' for the variable that - points to the Curl_multi struct. - -## Curl_handler - - Each unique protocol that is supported by libcurl needs to provide at least - one `Curl_handler` struct. It defines what the protocol is called and what - functions the main code should call to deal with protocol specific issues. - In general, there's a source file named [protocol].c in which there's a - "struct `Curl_handler` `Curl_handler_[protocol]`" declared. In url.c there's - then the main array with all individual `Curl_handler` structs pointed to - from a single array which is scanned through when a URL is given to libcurl - to work with. - - ->scheme is the URL scheme name, usually spelled out in uppercase. That's - "HTTP" or "FTP" etc. SSL versions of the protcol need its own `Curl_handler` - setup so HTTPS separate from HTTP. - - ->setup_connection is called to allow the protocol code to allocate protocol - specific data that then gets associated with that SessionHandle for the rest - of this transfer. It gets freed again at the end of the transfer. It will be - called before the 'connectdata' for the transfer has been selected/created. - Most protocols will allocate its private 'struct [PROTOCOL]' here and assign - SessionHandle->req.protop to point to it. - - ->connect_it allows a protocol to do some specific actions after the TCP - connect is done, that can still be considered part of the connection phase. - - Some protocols will alter the connectdata->recv[] and connectdata->send[] - function pointers in this function. - - ->connecting is similarly a function that keeps getting called as long as the - protocol considers itself still in the connecting phase. - - ->do_it is the function called to issue the transfer request. What we call - the DO action internally. If the DO is not enough and things need to be kept - getting done for the entire DO sequence to complete, ->doing is then usually - also provided. Each protocol that needs to do multiple commands or similar - for do/doing need to implement their own state machines (see SCP, SFTP, - FTP). Some protocols (only FTP and only due to historical reasons) has a - separate piece of the DO state called `DO_MORE`. - - ->doing keeps getting called while issuing the transfer request command(s) - - ->done gets called when the transfer is complete and DONE. That's after the - main data has been transferred. - - ->do_more gets called during the `DO_MORE` state. The FTP protocol uses this - state when setting up the second connection. - - ->`proto_getsock` - ->`doing_getsock` - ->`domore_getsock` - ->`perform_getsock` - Functions that return socket information. Which socket(s) to wait for which - action(s) during the particular multi state. - - ->disconnect is called immediately before the TCP connection is shutdown. - - ->readwrite gets called during transfer to allow the protocol to do extra - reads/writes - - ->defport is the default report TCP or UDP port this protocol uses - - ->protocol is one or more bits in the `CURLPROTO_*` set. The SSL versions - have their "base" protocol set and then the SSL variation. Like - "HTTP|HTTPS". - - ->flags is a bitmask with additional information about the protocol that will - make it get treated differently by the generic engine: - - - `PROTOPT_SSL` - will make it connect and negotiate SSL - - - `PROTOPT_DUAL` - this protocol uses two connections - - - `PROTOPT_CLOSEACTION` - this protocol has actions to do before closing the - connection. This flag is no longer used by code, yet still set for a bunch - protocol handlers. - - - `PROTOPT_DIRLOCK` - "direction lock". The SSH protocols set this bit to - limit which "direction" of socket actions that the main engine will - concern itself about. - - - `PROTOPT_NONETWORK` - a protocol that doesn't use network (read file:) - - - `PROTOPT_NEEDSPWD` - this protocol needs a password and will use a default - one unless one is provided - - - `PROTOPT_NOURLQUERY` - this protocol can't handle a query part on the URL - (?foo=bar) - -## conncache +Building Releases +================= - Is a hash table with connections for later re-use. Each SessionHandle has - a pointer to its connection cache. Each multi handle sets up a connection - cache that all added SessionHandles share by default. + There's no magic to this. When you consider everything stable enough to be + released, do this: -## Curl_share - - The libcurl share API allocates a `Curl_share` struct, exposed to the - external API as "CURLSH *". + 1. Tag the source code accordingly. - The idea is that the struct can have a set of own versions of caches and - pools and then by providing this struct in the `CURLOPT_SHARE` option, those - specific SessionHandles will use the caches/pools that this share handle - holds. - - Then individual SessionHandle structs can be made to share specific things - that they otherwise wouldn't, such as cookies. + 2. run the 'maketgz' script (using 'make distcheck' will give you a pretty + good view on the status of the current sources). maketgz requires a + version number and creates the release archive. maketgz uses 'make dist' + for the actual archive building, why you need to fill in the Makefile.am + files properly for which files that should be included in the release + archives. - The `Curl_share` struct can currently hold cookies, DNS cache and the SSL - session cache. + 3. When that's complete, sign the output files. -## CookieInfo + 4. Upload - This is the main cookie struct. It holds all known cookies and related - information. Each SessionHandle has its own private CookieInfo even when - they are added to a multi handle. They can be made to share cookies by using - the share API. + 5. Update web site and changelog on site + 6. Send announcement to the mailing lists -[1]: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html -[2]: http://curl.haxx.se/libcurl/c/curl_easy_init.html -[3]: http://c-ares.haxx.se/ -[4]: https://tools.ietf.org/html/rfc7230 "RFC 7230" -[5]: http://curl.haxx.se/libcurl/c/CURLOPT_ACCEPT_ENCODING.html -[6]: http://curl.haxx.se/docs/manpage.html#--compressed -[7]: http://curl.haxx.se/libcurl/c/curl_multi_socket_action.html -[8]: http://curl.haxx.se/libcurl/c/curl_multi_timeout.html -[9]: http://curl.haxx.se/libcurl/c/curl_multi_setopt.html -[10]: http://curl.haxx.se/libcurl/c/CURLMOPT_TIMERFUNCTION.html -[11]: http://curl.haxx.se/libcurl/c/curl_multi_perform.html -[12]: http://curl.haxx.se/libcurl/c/curl_multi_fdset.html -[13]: http://curl.haxx.se/libcurl/c/curl_multi_add_handle.html -[14]: http://curl.haxx.se/libcurl/c/curl_multi_info_read.html + NOTE: you must have curl checked out from git to be able to do a proper + release build. The release tarballs do not have everything setup in order to + do releases properly. diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 345dc45..7788567 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -3,15 +3,6 @@ join in and help us correct one or more of these! Also be sure to check the changelog of the current development status, as one or more of these problems may have been fixed since this was written! -90. IMAP "SEARCH ALL" truncates output on large boxes. "A quick search of the - code reveals that pingpong.c contains some truncation code, at line 408, - when it deems the server response to be too large truncating it to 40 - characters" - http://curl.haxx.se/bug/view.cgi?id=1366 - -89. Disabling HTTP Pipelining when there are ongoing transfers can lead to - heap corruption and crash. http://curl.haxx.se/bug/view.cgi?id=1411 - 88. libcurl doesn't support CURLINFO_FILETIME for SFTP transfers and thus curl's -R option also doesn't work then. @@ -97,7 +88,7 @@ may have been fixed since this was written! something beyond ascii but currently libcurl will only pass in the verbatim string the app provides. There are several browsers that already do this encoding. The key seems to be the updated draft to RFC2231: - https://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 + http://tools.ietf.org/html/draft-reschke-rfc2231-in-http-02 66. When using telnet, the time limitation options don't work. http://curl.haxx.se/bug/view.cgi?id=846 diff --git a/docs/LIBCURL-STRUCTS b/docs/LIBCURL-STRUCTS new file mode 100644 index 0000000..136d17c --- /dev/null +++ b/docs/LIBCURL-STRUCTS @@ -0,0 +1,245 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + +Structs in libcurl + +This document should cover 7.32.0 pretty accurately, but will make sense even +for older and later versions as things don't change drastically that often. + + 1. The main structs in libcurl + 1.1 SessionHandle + 1.2 connectdata + 1.3 Curl_multi + 1.4 Curl_handler + 1.5 conncache + 1.6 Curl_share + 1.7 CookieInfo + +============================================================================== + +1. The main structs in libcurl + + 1.1 SessionHandle + + The SessionHandle handle struct is the one returned to the outside in the + external API as a "CURL *". This is usually known as an easy handle in API + documentations and examples. + + Information and state that is related to the actual connection is in the + 'connectdata' struct. When a transfer is about to be made, libcurl will + either create a new connection or re-use an existing one. The particular + connectdata that is used by this handle is pointed out by + SessionHandle->easy_conn. + + Data and information that regard this particular single transfer is put in + the SingleRequest sub-struct. + + When the SessionHandle struct is added to a multi handle, as it must be in + order to do any transfer, the ->multi member will point to the Curl_multi + struct it belongs to. The ->prev and ->next members will then be used by the + multi code to keep a linked list of SessionHandle structs that are added to + that same multi handle. libcurl always uses multi so ->multi *will* point to + a Curl_multi when a transfer is in progress. + + ->mstate is the multi state of this particular SessionHandle. When + multi_runsingle() is called, it will act on this handle according to which + state it is in. The mstate is also what tells which sockets to return for a + specific SessionHandle when curl_multi_fdset() is called etc. + + The libcurl source code generally use the name 'data' for the variable that + points to the SessionHandle. + + + 1.2 connectdata + + A general idea in libcurl is to keep connections around in a connection + "cache" after they have been used in case they will be used again and then + re-use an existing one instead of creating a new as it creates a significant + performance boost. + + Each 'connectdata' identifies a single physical connection to a server. If + the connection can't be kept alive, the connection will be closed after use + and then this struct can be removed from the cache and freed. + + Thus, the same SessionHandle can be used multiple times and each time select + another connectdata struct to use for the connection. Keep this in mind, as + it is then important to consider if options or choices are based on the + connection or the SessionHandle. + + Functions in libcurl will assume that connectdata->data points to the + SessionHandle that uses this connection. + + As a special complexity, some protocols supported by libcurl require a + special disconnect procedure that is more than just shutting down the + socket. It can involve sending one or more commands to the server before + doing so. Since connections are kept in the connection cache after use, the + original SessionHandle may no longer be around when the time comes to shut + down a particular connection. For this purpose, libcurl holds a special + dummy 'closure_handle' SessionHandle in the Curl_multi struct to + + FTP uses two TCP connections for a typical transfer but it keeps both in + this single struct and thus can be considered a single connection for most + internal concerns. + + The libcurl source code generally use the name 'conn' for the variable that + points to the connectdata. + + + 1.3 Curl_multi + + Internally, the easy interface is implemented as a wrapper around multi + interface functions. This makes everything multi interface. + + Curl_multi is the multi handle struct exposed as "CURLM *" in external APIs. + + This struct holds a list of SessionHandle structs that have been added to + this handle with curl_multi_add_handle(). The start of the list is ->easyp + and ->num_easy is a counter of added SessionHandles. + + ->msglist is a linked list of messages to send back when + curl_multi_info_read() is called. Basically a node is added to that list + when an individual SessionHandle's transfer has completed. + + ->hostcache points to the name cache. It is a hash table for looking up name + to IP. The nodes have a limited life time in there and this cache is meant + to reduce the time for when the same name is wanted within a short period of + time. + + ->timetree points to a tree of SessionHandles, sorted by the remaining time + until it should be checked - normally some sort of timeout. Each + SessionHandle has one node in the tree. + + ->sockhash is a hash table to allow fast lookups of socket descriptor to + which SessionHandle that uses that descriptor. This is necessary for the + multi_socket API. + + ->conn_cache points to the connection cache. It keeps track of all + connections that are kept after use. The cache has a maximum size. + + ->closure_handle is described in the 'connectdata' section. + + The libcurl source code generally use the name 'multi' for the variable that + points to the Curl_multi struct. + + + 1.4 Curl_handler + + Each unique protocol that is supported by libcurl needs to provide at least + one Curl_handler struct. It defines what the protocol is called and what + functions the main code should call to deal with protocol specific issues. + In general, there's a source file named [protocol].c in which there's a + "struct Curl_handler Curl_handler_[protocol]" declared. In url.c there's + then the main array with all individual Curl_handler structs pointed to from + a single array which is scanned through when a URL is given to libcurl to + work with. + + ->scheme is the URL scheme name, usually spelled out in uppercase. That's + "HTTP" or "FTP" etc. SSL versions of the protcol need its own Curl_handler + setup so HTTPS separate from HTTP. + + ->setup_connection is called to allow the protocol code to allocate protocol + specific data that then gets associated with that SessionHandle for the rest + of this transfer. It gets freed again at the end of the transfer. It will be + called before the 'connectdata' for the transfer has been selected/created. + Most protocols will allocate its private 'struct [PROTOCOL]' here and assign + SessionHandle->req.protop to point to it. + + ->connect_it allows a protocol to do some specific actions after the TCP + connect is done, that can still be considered part of the connection phase. + + Some protocols will alter the connectdata->recv[] and connectdata->send[] + function pointers in this function. + + ->connecting is similarly a function that keeps getting called as long as the + protocol considers itself still in the connecting phase. + + ->do_it is the function called to issue the transfer request. What we call + the DO action internally. If the DO is not enough and things need to be kept + getting done for the entire DO sequence to complete, ->doing is then usually + also provided. Each protocol that needs to do multiple commands or similar + for do/doing need to implement their own state machines (see SCP, SFTP, + FTP). Some protocols (only FTP and only due to historical reasons) has a + separate piece of the DO state called DO_MORE. + + ->doing keeps getting called while issuing the transfer request command(s) + + ->done gets called when the transfer is complete and DONE. That's after the + main data has been transferred. + + ->do_more gets called during the DO_MORE state. The FTP protocol uses this + state when setting up the second connection. + + ->proto_getsock + ->doing_getsock + ->domore_getsock + ->perform_getsock + Functions that return socket information. Which socket(s) to wait for which + action(s) during the particular multi state. + + ->disconnect is called immediately before the TCP connection is shutdown. + + ->readwrite gets called during transfer to allow the protocol to do extra + reads/writes + + ->defport is the default report TCP or UDP port this protocol uses + + ->protocol is one or more bits in the CURLPROTO_* set. The SSL versions have + their "base" protocol set and then the SSL variation. Like "HTTP|HTTPS". + + ->flags is a bitmask with additional information about the protocol that will + make it get treated differently by the generic engine: + + PROTOPT_SSL - will make it connect and negotiate SSL + + PROTOPT_DUAL - this protocol uses two connections + + PROTOPT_CLOSEACTION - this protocol has actions to do before closing the + connection. This flag is no longer used by code, yet still set for a bunch + protocol handlers. + + PROTOPT_DIRLOCK - "direction lock". The SSH protocols set this bit to + limit which "direction" of socket actions that the main engine will + concern itself about. + + PROTOPT_NONETWORK - a protocol that doesn't use network (read file:) + + PROTOPT_NEEDSPWD - this protocol needs a password and will use a default + one unless one is provided + + PROTOPT_NOURLQUERY - this protocol can't handle a query part on the URL + (?foo=bar) + + + 1.5 conncache + + Is a hash table with connections for later re-use. Each SessionHandle has + a pointer to its connection cache. Each multi handle sets up a connection + cache that all added SessionHandles share by default. + + + 1.6 Curl_share + + The libcurl share API allocates a Curl_share struct, exposed to the external + API as "CURLSH *". + + The idea is that the struct can have a set of own versions of caches and + pools and then by providing this struct in the CURLOPT_SHARE option, those + specific SessionHandles will use the caches/pools that this share handle + holds. + + Then individual SessionHandle structs can be made to share specific things + that they otherwise wouldn't, such as cookies. + + The Curl_share struct can currently hold cookies, DNS cache and the SSL + session cache. + + + 1.7 CookieInfo + + This is the main cookie struct. It holds all known cookies and related + information. Each SessionHandle has its own private CookieInfo even when + they are added to a multi handle. They can be made to share cookies by using + the share API. diff --git a/docs/LICENSE-MIXING b/docs/LICENSE-MIXING index ccb6ada..a53835c 100644 --- a/docs/LICENSE-MIXING +++ b/docs/LICENSE-MIXING @@ -23,29 +23,29 @@ libcurl http://curl.haxx.se/docs/copyright.html Uses an MIT (or Modified BSD)-style license that is as liberal as possible. -OpenSSL https://www.openssl.org/source/license.html +OpenSSL http://www.openssl.org/source/license.html (May be used for SSL/TLS support) Uses an Original BSD-style license with an announcement clause that makes it "incompatible" with GPL. You are not allowed to ship binaries that link with OpenSSL that includes GPL code (unless that specific GPL code includes an exception for OpenSSL - a habit that is growing more and more common). If OpenSSL's - licensing is a problem for you, consider using another TLS library. + licensing is a problem for you, consider using GnuTLS or yassl + instead. GnuTLS http://www.gnutls.org/ (May be used for SSL/TLS support) Uses the LGPL[3] license. If this is - a problem for you, consider using another TLS library. Also note that + a problem for you, consider using OpenSSL instead. Also note that GnuTLS itself depends on and uses other libs (libgcrypt and libgpg-error) and they too are LGPL- or GPL-licensed. -WolfSSL https://www.wolfssl.com/ +yassl http://www.yassl.com/ - (May be used for SSL/TLS support) Uses the GPL[1] license or a - propietary license. If this is a problem for you, consider using - another TLS library. + (May be used for SSL/TLS support) Uses the GPL[1] license. If this is + a problem for you, consider using OpenSSL or GnuTLS instead. -NSS https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS +NSS http://www.mozilla.org/projects/security/pki/nss/ (May be used for SSL/TLS support) Is covered by the MPL[4] license, the GPL[1] license and the LGPL[3] license. You may choose to license @@ -57,29 +57,13 @@ axTLS http://axtls.sourceforge.net/ (May be used for SSL/TLS support) Uses a Modified BSD-style license. -mbedTLS https://tls.mbed.org/ - - (May be used for SSL/TLS support) Uses the GPL[1] license or a - propietary license. If this is a problem for you, consider using - another TLS library. - -BoringSSL https://boringssl.googlesource.com/ - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - -libressl http://www.libressl.org/ - - (May be used for SSL/TLS support) As an OpenSSL fork, it has the same - license as that. - c-ares http://daniel.haxx.se/projects/c-ares/license.html (Used for asynchronous name resolves) Uses an MIT license that is very liberal and imposes no restrictions on any other library or part you may link with. -zlib http://www.zlib.net/zlib_license.html +zlib http://www.gzip.org/zlib/zlib_license.html (Used for compressed Transfer-Encoding support) Uses an MIT-style license that shouldn't collide with any other library. @@ -89,12 +73,12 @@ MIT Kerberos http://web.mit.edu/kerberos/www/dist/ (May be used for GSS support) MIT licensed, that shouldn't collide with any other parts. -Heimdal http://www.h5l.org +Heimdal http://www.pdc.kth.se/heimdal/ (May be used for GSS support) Heimdal is Original BSD licensed with the announcement clause. -GNU GSS https://www.gnu.org/software/gss/ +GNU GSS http://www.gnu.org/software/gss/ (May be used for GSS support) GNU GSS is GPL licensed. Note that you may not distribute binary curl packages that uses this if you build @@ -121,10 +105,10 @@ libssh2 http://www.libssh2.org/ (Used for scp and sftp support) libssh2 uses a Modified BSD-style license. -[1] = GPL - GNU General Public License: https://www.gnu.org/licenses/gpl.html -[2] = https://www.gnu.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on +[1] = GPL - GNU General Public License: http://www.gnu.org/licenses/gpl.html +[2] = http://www.fsf.org/licenses/gpl-faq.html#GPLIncompatibleLibs details on how to write such an exception to the GPL [3] = LGPL - GNU Lesser General Public License: - https://www.gnu.org/licenses/lgpl.html + http://www.gnu.org/licenses/lgpl.html [4] = MPL - Mozilla Public License: - https://www.mozilla.org/MPL/ + http://www.mozilla.org/MPL/ diff --git a/docs/MAIL-ETIQUETTE b/docs/MAIL-ETIQUETTE index b6c0f45..fb50312 100644 --- a/docs/MAIL-ETIQUETTE +++ b/docs/MAIL-ETIQUETTE @@ -230,7 +230,7 @@ MAIL ETIQUETTE Quote as little as possible. Just enough to provide the context you cannot leave out. A lengthy description can be found here: - https://www.netmeister.org/news/learn2quote.html + http://www.netmeister.org/news/learn2quote.html 2.7 Digest diff --git a/docs/MANUAL b/docs/MANUAL index fb34948..113df20 100644 --- a/docs/MANUAL +++ b/docs/MANUAL @@ -470,8 +470,8 @@ COOKIES stored cookies which match the request as it follows the location. The file "empty.txt" may be a nonexistent file. - To read and write cookies from a netscape cookie file, you can set both -b - and -c to use the same file: + Alas, to both read and write cookies from a netscape cookie file, you can + set both -b and -c to use the same file: curl -b cookies.txt -c cookies.txt www.example.com diff --git a/docs/Makefile.am b/docs/Makefile.am index cfef3e9..1f92911 100644 --- a/docs/Makefile.am +++ b/docs/Makefile.am @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -37,8 +37,8 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \ - SSL-PROBLEMS HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md + MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE \ + SSL-PROBLEMS MAN2HTML= roffit < $< >$@ diff --git a/docs/Makefile.in b/docs/Makefile.in index 9750269..49f9338 100644 --- a/docs/Makefile.in +++ b/docs/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.15 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2014 Free Software Foundation, Inc. +# Copyright (C) 1994-2013 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -21,7 +21,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -36,17 +36,7 @@ # ########################################################################### VPATH = @srcdir@ -am__is_gnu_make = { \ - if test -z '$(MAKELEVEL)'; then \ - false; \ - elif test -n '$(MAKE_HOST)'; then \ - true; \ - elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ - true; \ - else \ - false; \ - fi; \ -} +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -110,6 +100,8 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = docs +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(top_srcdir)/mkinstalldirs INSTALL THANKS TODO ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/m4/curl-confopts.m4 \ @@ -130,8 +122,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/curl-compilers.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) -DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) -mkinstalldirs = $(install_sh) -d +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs CONFIG_HEADER = $(top_builddir)/lib/curl_config.h \ $(top_builddir)/include/curl/curlbuild.h CONFIG_CLEAN_FILES = @@ -223,7 +214,6 @@ am__define_uniq_tagged_files = \ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) -am__DIST_COMMON = $(srcdir)/Makefile.in INSTALL THANKS TODO DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -307,7 +297,7 @@ GREP = @GREP@ HAVE_GNUTLS_SRP = @HAVE_GNUTLS_SRP@ HAVE_LDAP_SSL = @HAVE_LDAP_SSL@ HAVE_LIBZ = @HAVE_LIBZ@ -HAVE_OPENSSL_SRP = @HAVE_OPENSSL_SRP@ +HAVE_SSLEAY_SRP = @HAVE_SSLEAY_SRP@ IDN_ENABLED = @IDN_ENABLED@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -360,7 +350,6 @@ SED = @SED@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ SSL_ENABLED = @SSL_ENABLED@ -SSL_LIBS = @SSL_LIBS@ STRIP = @STRIP@ SUPPORT_FEATURES = @SUPPORT_FEATURES@ SUPPORT_PROTOCOLS = @SUPPORT_PROTOCOLS@ @@ -377,6 +366,7 @@ USE_NSS = @USE_NSS@ USE_OPENLDAP = @USE_OPENLDAP@ USE_POLARSSL = @USE_POLARSSL@ USE_SCHANNEL = @USE_SCHANNEL@ +USE_SSLEAY = @USE_SSLEAY@ USE_UNIX_SOCKETS = @USE_UNIX_SOCKETS@ USE_WINDOWS_SSPI = @USE_WINDOWS_SSPI@ VERSION = @VERSION@ @@ -448,8 +438,8 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ - MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \ - SSL-PROBLEMS HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md + MAIL-ETIQUETTE HTTP-COOKIES LIBCURL-STRUCTS SECURITY RELEASE-PROCEDURE \ + SSL-PROBLEMS MAN2HTML = roffit < $< >$@ SUFFIXES = .1 .html .pdf @@ -469,6 +459,7 @@ $(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am $(am__confi echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign docs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --foreign docs/Makefile +.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -809,8 +800,6 @@ uninstall-man: uninstall-man1 mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 -.PRECIOUS: Makefile - html: $(HTMLPAGES) cd libcurl; make html diff --git a/docs/RELEASE-PROCEDURE b/docs/RELEASE-PROCEDURE index fc31274..2f85b3f 100644 --- a/docs/RELEASE-PROCEDURE +++ b/docs/RELEASE-PROCEDURE @@ -1,3 +1,9 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + curl release procedure - how to do a release ============================================ @@ -78,12 +84,11 @@ Coming dates Based on the description above, here are some planned release dates (at the time of this writing): -- June 17, 2015 (version 7.43.0) +- November 5, 2014 (version 7.39.0) +- December 31, 2014 +- February 25, 2015 +- April 22, 2015 +- June 17, 2015 - August 12, 2015 - October 7, 2015 - December 2, 2015 -- January 27, 2016 -- March 23, 2016 -- May 18, 2016 -- July 13, 2016 -- September 7, 2016 diff --git a/docs/ROADMAP.md b/docs/ROADMAP.md deleted file mode 100644 index eb52d18..0000000 --- a/docs/ROADMAP.md +++ /dev/null @@ -1,139 +0,0 @@ -curl the next few years - perhaps -================================= - -Roadmap of things Daniel Stenberg and Steve Holme want to work on next. It is -intended to serve as a guideline for others for information, feedback and -possible participation. - -HTTP/2 ------- - -- test suite - - Base this on existing nghttp2 server to start with to make functional - tests. Later on we can adopt that code or work with nghttp2 to provide ways - to have the http2 server respond with broken responses to make sure we deal - with that nicely as well. - - To decide: if we need to bundle parts of the nghttp2 stuff that probably - won't be shipped by many distros. - -- stream properties API - - Provide options for setting priorities and dependencies among the streams - (easy handles). They are mostly information set for the stream and sent to - the server so we don't have to add much logic for this. - -- server push - - Not exactly clear exactly how to support this API-wise, but by adding - handles without asking for a resource it could be a way to be prepared to - receive pushes in case such are sent. We probably need it to still specify - a URL with host name, port etc but we probably need a special option to - tell libcurl it is for server push purposes. - -- provide option for HTTP/2 "prior knowledge" over clear text - - As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_ - it speaks HTTP/2. - -- provide option to allow curl to default to HTTP/2 only when using HTTPS - - We could switch on HTTP/2 by-default for HTTPS quite easily and it - shouldn't hurt anyone, while HTTP/2 for HTTP by default could introduce - lots of Upgrade: roundtrips that users won't like. So a separated option - alternative makes sense. - -SRV records ------------ - -How to find services for specific domains/hosts. - -HTTPS to proxy --------------- - -To avoid network traffic to/from the proxy getting snooped on. - -curl_formadd() --------------- - -make sure there's an easy handle passed in to `curl_formadd()`, -`curl_formget()` and `curl_formfree()` by adding replacement functions and -deprecating the old ones to allow custom mallocs and more - -third-party SASL ----------------- - -add support for third-party SASL libraries such as Cyrus SASL - may need to -move existing native and SSPI based authentication into vsasl folder after -reworking HTTP and SASL code - -SASL authentication in LDAP ---------------------------- - -... - -Simplify the SMTP email ------------------------ - -Simplify the SMTP email interface so that programmers don't have to -construct the body of an email that contains all the headers, alternative -content, images and attachments - maintain raw interface so that -programmers that want to do this can - -email capabilities ------------------- - -Allow the email protocols to return the capabilities before -authenticating. This will allow an application to decide on the best -authentication mechanism - -Win32 pthreads --------------- - -Allow Windows threading model to be replaced by Win32 pthreads port - -dynamic buffer size -------------------- - -Implement a dynamic buffer size to allow SFTP to use much larger buffers and -possibly allow the size to be customizable by applications. Use less memory -when handles are not in use? - -New stuff - curl ----------------- - -1. Embed a language interpreter (lua?). For that middle ground where curl - isn’t enough and a libcurl binding feels “too much”. Build-time conditional - of course. - -2. Simplify the SMTP command line so that the headers and multi-part content - don't have to be constructed before calling curl - -Improve -------- - -1. build for windows (considered hard by many users) - -2. curl -h output (considered overwhelming to users) - -3. we have > 160 command line options, is there a way to redo things to - simplify or improve the situation as we are likely to keep adding - features/options in the future too - -4. docs (considered "bad" by users but how do we make it better?) - - - split up curl.1 - -5. authentication framework (consider merging HTTP and SASL authentication to - give one API for protocols to call) - -6. Perform some of the clean up from the TODO document, removing old - definitions and such like that are currently earmarked to be removed years - ago - -Remove ------- - -1. makefile.vc files as there is no point in maintaining two sets of Windows - makefiles. Note: These are currently being used by the Windows autobuilds diff --git a/docs/SSL-PROBLEMS b/docs/SSL-PROBLEMS index 45faa24..7ee4d14 100644 --- a/docs/SSL-PROBLEMS +++ b/docs/SSL-PROBLEMS @@ -26,7 +26,7 @@ CA bundle missing intermediate certificates problems if your CA cert does not have the certificates for the intermediates in the whole trust chain. -Protocol version +SSL version Some broken servers fail to support the protocol negotiation properly that SSL servers are supposed to handle. This may cause the connection to fail @@ -36,9 +36,7 @@ Protocol version An additional complication can be that modern SSL libraries sometimes are built with support for older SSL and TLS versions disabled! - All versions of SSL are considered insecure and should be avoided. Use TLS. - -Ciphers +SSL ciphers Clients give servers a list of ciphers to select from. If the list doesn't include any ciphers the server wants/can use, the connection handshake @@ -53,13 +51,9 @@ Ciphers Note that these weak ciphers are identified as flawed. For example, this includes symmetric ciphers with less than 128 bit keys and RC4. - WinSSL in Windows XP is not able to connect to servers that no longer - support the legacy handshakes and algorithms used by those versions, so we - advice against building curl to use WinSSL on really old Windows versions. - References: - https://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 + http://tools.ietf.org/html/draft-popov-tls-prohibiting-rc4-01 Allow BEAST @@ -71,17 +65,3 @@ Allow BEAST introduced. Exactly as it sounds, it re-introduces the BEAST vulnerability but on the other hand it allows curl to connect to that kind of strange servers. - -Disabling certificate revocation checks - - Some SSL backends may do certificate revocation checks (CRL, OCSP, etc) - depending on the OS or build configuration. The --ssl-no-revoke option was - introduced in 7.44.0 to disable revocation checking but currently is only - supported for WinSSL (the native Windows SSL library), with an exception in - the case of Windows' Untrusted Publishers blacklist which it seems can't be - bypassed. This option may have broader support to accommodate other SSL - backends in the future. - - References: - - http://curl.haxx.se/docs/ssl-compared.html diff --git a/docs/THANKS b/docs/THANKS index 89a738d..0887881 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -36,14 +36,10 @@ Alex Suykov Alex Vinnik Alex aka WindEagle Alexander Beedie -Alexander Dyagilev -Alexander Elgert Alexander Klauer Alexander Kourakos Alexander Krasnostavsky Alexander Lazic -Alexander Pepper -Alexander Peslyak Alexander Zhuravlev Alexey Borzov Alexey Pesternikov @@ -56,7 +52,6 @@ Alona Rossen Amol Pattekar Amr Shahin Anatoli Tubman -Anders Bakken Anders Gustafsson Anders Havn Andi Jahja @@ -84,7 +79,6 @@ Andrew Kurushin Andrew Moise Andrew Wansink Andrew de los Reyes -Andrey Labunets Andrii Moiseiev Andrés García Andy Cedilnik @@ -92,7 +86,6 @@ Andy Serpa Andy Tsouladze Angus Mackay Anthon Pang -Anthony Avina Anthony Bryan Anthony G. Basile Antoine Calando @@ -107,7 +100,6 @@ Arnaud Ebalard Arthur Murray Arve Knudsen Arvid Norberg -Ashish Shukla Ask Bjørn Hansen Askar Safin Ates Goral @@ -120,7 +112,6 @@ Balint Szilakszi Barry Abrahamson Bart Whiteley Bas Mevissen -Ben Boeckel Ben Darnell Ben Greear Ben Madsen @@ -135,7 +126,6 @@ Benoit Neil Benoit Sigoure Bernard Leak Bernhard Reutner-Fischer -Bert Huijben Bertrand Demiddelaer Bill Doyle Bill Egert @@ -152,7 +142,6 @@ Bob Richmond Bob Schader Bogdan Nicula Brad Burdick -Brad Harder Brad Hards Brad King Brad Spencer @@ -162,10 +151,8 @@ Brandon Wang Brendan Jurd Brent Beardsley Brian Akins -Brian Chrisman Brian Dessent Brian J. Murrell -Brian Prodoehl Brian R Duffy Brian Ulm Brock Noland @@ -185,11 +172,9 @@ Catalin Patulea Chad Monroe Chandrakant Bagul Charles Kerr -Charles Romestant Chen Prog Chih-Chung Chang Chris "Bob Bob" -Chris Araman Chris Combes Chris Conlon Chris Deidun @@ -236,7 +221,6 @@ Curt Bogmine Cyrill Osterwalder Cédric Deltheil D. Flinkmann -Da-Yoon Chung Dag Ekengren Dagobert Michelsen Damian Dixon @@ -253,7 +237,6 @@ Daniel Black Daniel Cater Daniel Egger Daniel Johnson -Daniel Melani Daniel Mentz Daniel Steinberg Daniel Stenberg @@ -315,7 +298,6 @@ Dirk Manske Dmitri Shubin Dmitriy Sergeyev Dmitry Bartsevich -Dmitry Eremin-Solenikov Dmitry Falko Dmitry Kurochkin Dmitry Popov @@ -331,7 +313,6 @@ Douglas Kilpatrick Douglas R. Horner Douglas Steinwand Dov Murik -Drake Arconis Duane Cathey Duncan Mac-Vicar Prett Dustin Boswell @@ -346,12 +327,10 @@ Edward Rudd Edward Sheldrake Eelco Dolstra Eetu Ojanen -Egon Eckert Eldar Zaitov Ellis Pritchard Elmira A Semenova Emanuele Bovisio -Emil Lerner Emil Romanus Emiliano Ida Enrico Scholz @@ -402,7 +381,6 @@ François Charlier Fred Machado Fred New Fred Noz -Fred Stluka Frederic Lepied Fredrik Thulin Gabriel Kuri @@ -440,7 +418,6 @@ Glenn Sheridan Gordon Marler Gorilla Maguila Grant Erickson -Grant Pannell Greg Hewgill Greg Morse Greg Onufer @@ -459,7 +436,6 @@ Götz Babin-Ebell Hamish Mackenzie Hang Kin Lau Hang Su -Hanno Böck Hanno Kranzhoff Hans Steegers Hans-Jurgen May @@ -500,7 +476,6 @@ Immanuel Gregoire Ingmar Runge Ingo Ralf Blum Ingo Wilken -Isaac Boukris Ishan SinghLevett Ivo Bellin Salarin Jack Zhang @@ -541,7 +516,6 @@ Jaz Fresh Jean Jacques Drouin Jean-Claude Chauve Jean-Francois Bertrand -Jean-Francois Durand Jean-Louis Lemaire Jean-Marc Ranger Jean-Noël Rouvignac @@ -554,12 +528,10 @@ Jeff Lawson Jeff Phillips Jeff Pohlmeyer Jeff Weber -Jens Rantil Jeremy Friesner Jeremy Huddleston Jeremy Lin Jeroen Koekkoek -Jeroen Ooms Jerome Muffat-Meridol Jerome Robert Jerome Vouillon @@ -573,7 +545,6 @@ Jim Drash Jim Freeman Jim Hollinger Jim Meyering -Jiri Dvorak Jiri Hruska Jiri Jaburek Jiri Malak @@ -582,10 +553,8 @@ Joe Halpin Joe Malicki Joe Mason Joel Chen -Joel Depooter Jofell Gallardo Johan Anderson -Johan Lantz Johan Nilsson Johan van Selst Johannes Bauer @@ -603,7 +572,6 @@ John Kelly John Lask John Lightsey John Marino -John Marshall John McGowan John P. McCaskey John Suprock @@ -613,8 +581,6 @@ Johnny Luong Jon Grubbs Jon Nelson Jon Sargeant -Jon Seymour -Jon Spencer Jon Torrey Jon Travis Jon Turner @@ -623,7 +589,6 @@ Jonas Schnelli Jonatan Lander Jonatan Vela Jonathan Cardoso Machado -Jonathan Cardoso Machado Machado Jonathan Hseu Jonathan Nieder Jongki Suwandi @@ -640,10 +605,8 @@ Judson Bishop Juergen Wilke Jukka Pihl Julian Noble -Julian Ospald Julian Taylor Julien Chaffraix -Julien Nabet Julien Royer Jun-ichiro itojun Hagino Jurij Smakov @@ -689,7 +652,6 @@ Krishnendu Majumdar Krister Johansen Kristian Gunstone Kristian Köhntopp -Kyle J. McKay Kyle L. Huff Kyle Sallee Lachlan O'Dea @@ -708,7 +670,6 @@ Laurent Rabret Legoff Vincent Lehel Bernadt Leif W -Leith Bade Len Krause Lenaic Lefever Lenny Rachitsky @@ -721,7 +682,6 @@ Lindley French Ling Thio Linus Nielsen Feltzing Lisa Xu -Liviu Chircu Liza Alenchery Lluís Batlle i Rossell Loic Dachary @@ -749,10 +709,8 @@ Manuel Massing Marc Boucher Marc Deslauriers Marc Doughty -Marc Hesse Marc Hoersken Marc Kleine-Budde -Marc Renault Marcel Raad Marcel Roelofs Marcelo Juchem @@ -775,7 +733,6 @@ Mark Salisbury Mark Snelling Mark Tully Markus Duft -Markus Elfring Markus Koetter Markus Moeller Markus Oberhumer @@ -804,7 +761,6 @@ Matt Wixson Matteo Rocco Matthew Blain Matthew Clarke -Matthew Hall Matthias Bolte Maurice Barnum Mauro Iorio @@ -825,19 +781,16 @@ Michael Day Michael Goffioul Michael Jahn Michael Jerris -Michael Kaufmann Michael Mealling Michael Mueller Michael Osipov Michael Smith -Michael Stapelberg Michael Stillwell Michael Wallner Michal Bonino Michal Marek Michał Górny Michał Kowalczyk -Michel Promonet Michele Bini Miguel Angel Miguel Diaz @@ -861,7 +814,6 @@ Mitz Wark Mohamed Lrhazi Mohammad AlSaleh Mohun Biswas -Mostyn Bramley-Moore Myk Taylor Nach M. S. Nagai H @@ -891,7 +843,6 @@ Nikos Mavrogiannopoulos Ning Dong Nir Soffer Nis Jorgensen -Nobuhiro Ban Nodak Sodak Norbert Frese Norbert Novotny @@ -903,9 +854,7 @@ Oliver Gondža Oliver Kuckertz Oliver Schindler Olivier Berger -Oren Souroujon Oren Tirosh -Orgad Shaneh Ori Avtalion Oscar Koeroo Oscar Norlander @@ -921,7 +870,6 @@ Patricia Muscalu Patrick Bihan-Faou Patrick McManus Patrick Monnerat -Patrick Rapin Patrick Scott Patrick Smith Patrick Watson @@ -934,7 +882,6 @@ Paul Marks Paul Marquis Paul Moore Paul Nolan -Paul Oliver Paul Querna Paul Saab Pavel Cenek @@ -951,7 +898,6 @@ Peter Heuchert Peter Hjalmarsson Peter Korsgaard Peter Lamberg -Peter Laser Peter O'Gorman Peter Pentchev Peter Silva @@ -992,7 +938,6 @@ Quinn Slack Radu Simionescu Rafa Muyo Rafael Sagula -Rafayel Mkrtchyan Rafaël Carré Rainer Canavan Rainer Jung @@ -1018,7 +963,6 @@ Rene Rebe Reuven Wachtfogel Reza Arbab Ricardo Cadime -Rich Burridge Rich Gray Rich Rauenzahn Richard Archer @@ -1077,8 +1021,6 @@ S. Moonesamy Salvador Dávila Salvatore Sorrentino Sam Deane -Sam Hurst -Sam Schanken Sampo Kellomaki Samuel Díaz García Samuel Listopad @@ -1096,7 +1038,6 @@ Scott Barrett Scott Cantor Scott Davis Scott McCreary -Sean Boudreau Sebastian Rasmussen Senthil Raja Velu Sergei Nikulov @@ -1124,8 +1065,6 @@ Spork Schivago Stadler Stephan Stan van de Burgt Stanislav Ivochkin -Stefan Bühler -Stefan Eissing Stefan Esser Stefan Krause Stefan Neis @@ -1140,7 +1079,6 @@ Stephen More Sterling Hughes Steve Green Steve H Truong -Steve Havelka Steve Holme Steve Lhomme Steve Little @@ -1161,7 +1099,6 @@ Symeon Paraschoudis Sébastien Willemijns T. Bharath T. Yamada -Tae Hyoung Ahn Taneli Vahakangas Tanguy Fautre Tatsuhiro Tsujikawa @@ -1171,7 +1108,6 @@ Thomas J. Moore Thomas Klausner Thomas L. Shinnick Thomas Lopatic -Thomas Ruecker Thomas Schwinge Thomas Tonino Tiit Pikma @@ -1191,7 +1127,6 @@ Timo Sirainen Tinus van den Berg Tobias Markus Tobias Rundström -Tobias Stoeckmann Toby Peterson Todd A Ouska Todd Kulesza @@ -1212,8 +1147,6 @@ Tomas Hoger Tomas Mlcoch Tomas Pospisek Tomas Szepe -Tomas Tomecek -Tomasz Kojm Tomasz Lacki Tommie Gannert Tommy Tam @@ -1240,7 +1173,6 @@ Victor Snezhko Vijay Panghal Vikram Saxena Viktor Szakáts -Ville Skyttä Vilmos Nebehaj Vincent Bronner Vincent Le Normand @@ -1253,12 +1185,10 @@ Vladimir Grishchenko Vladimir Lazarenko Vojtech Janota Vojtech Minarik -Vojtěch Král Vsevolod Novikov Waldek Kozba Walter J. Mack Ward Willats -Warren Menzer Wayne Haigh Werner Koch Wesley Laxton @@ -1273,7 +1203,6 @@ Wouter Van Rooy Wu Yongzheng Xavier Bouchoux Yaakov Selkowitz -Yamada Yasuharu Yang Tse Yarram Sunil Yasuharu Yamada @@ -1283,7 +1212,6 @@ Yi Huang Yingwei Liu Yousuke Kimoto Yukihiro Kawada -Yun SangHo Yuriy Sosov Yves Arrouye Yves Lejeune diff --git a/docs/TODO b/docs/TODO index 9eb6b26..2b5a4c2 100644 --- a/docs/TODO +++ b/docs/TODO @@ -9,11 +9,6 @@ Things to do in project cURL. Please tell us what you think, contribute and send us patches that improve things! - Be aware that these are things that we could do, or have once been considered - things we could do. If you want to work on any of these areas, please - consider bringing it up for discussions first on the mailing list so that we - all agree it is still a good idea for the project! - All bugs documented in the KNOWN_BUGS document are subject for fixing! 1. libcurl @@ -25,8 +20,6 @@ 1.7 Detect when called from within callbacks 1.8 Allow SSL (HTTPS) to proxy 1.9 Cache negative name resolves - 1.10 Support IDNA2008 - 1.11 minimize dependencies with dynamicly loaded modules 2. libcurl - multi interface 2.1 More non-blocking @@ -51,7 +44,6 @@ 5.3 Rearrange request header order 5.4 SPDY 5.5 auth= in URLs - 5.6 Refuse "downgrade" redirects 6. TELNET 6.1 ditch stdin @@ -73,75 +65,61 @@ 10. LDAP 10.1 SASL based authentication mechanisms - 11. SMB - 11.1 File listing support - 11.2 Honor file timestamps - 11.3 Use NTLMv2 - - 12. New protocols - 12.1 RSYNC - - 13. SSL - 13.1 Disable specific versions - 13.2 Provide mutex locking API - 13.3 Evaluate SSL patches - 13.4 Cache OpenSSL contexts - 13.5 Export session ids - 13.6 Provide callback for cert verification - 13.7 improve configure --with-ssl - 13.8 Support DANE - - 14. GnuTLS - 14.1 SSL engine stuff - 14.2 check connection - - 15. WinSSL/SChannel - 15.1 Add support for client certificate authentication - 15.2 Add support for custom server certificate validation - 15.3 Add support for the --ciphers option - - 16. SASL - 16.1 Other authentication mechanisms - 16.2 Add QOP support to GSSAPI authentication + 11. New protocols + 11.1 RSYNC + + 12. SSL + 12.1 Disable specific versions + 12.2 Provide mutex locking API + 12.3 Evaluate SSL patches + 12.4 Cache OpenSSL contexts + 12.5 Export session ids + 12.6 Provide callback for cert verification + 12.7 improve configure --with-ssl + 12.8 Support DANE + + 13. GnuTLS + 13.1 SSL engine stuff + 13.2 check connection + + 14. SASL + 14.1 Other authentication mechanisms + 14.2 Add QOP support to GSSAPI authentication - 17. Client - 17.1 sync - 17.2 glob posts - 17.3 prevent file overwriting - 17.4 simultaneous parallel transfers - 17.5 provide formpost headers - 17.6 warning when setting an option - 17.7 warning when sending binary output to terminal - 17.8 offer color-coded HTTP header output - 17.9 Choose the name of file in braces for complex URLs - 17.10 improve how curl works in a windows console window - - 18. Build - 18.1 roffit - - 19. Test suite - 19.1 SSL tunnel - 19.2 nicer lacking perl message - 19.3 more protocols supported - 19.4 more platforms supported - 19.5 Add support for concurrent connections - - 20. Next SONAME bump - 20.1 http-style HEAD output for FTP - 20.2 combine error codes - 20.3 extend CURLOPT_SOCKOPTFUNCTION prototype - - 21. Next major release - 21.1 cleanup return codes - 21.2 remove obsolete defines - 21.3 size_t - 21.4 remove several functions - 21.5 remove CURLOPT_FAILONERROR - 21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE - 21.7 remove progress meter from libcurl - 21.8 remove 'curl_httppost' from public - 21.9 have form functions use CURL handle argument - 21.10 Add CURLOPT_MAIL_CLIENT option + 15. Client + 15.1 sync + 15.2 glob posts + 15.3 prevent file overwriting + 15.4 simultaneous parallel transfers + 15.5 provide formpost headers + 15.6 warning when setting an option + + 16. Build + 16.1 roffit + + 17. Test suite + 17.1 SSL tunnel + 17.2 nicer lacking perl message + 17.3 more protocols supported + 17.4 more platforms supported + 17.5 Add support for concurrent connections + + 18. Next SONAME bump + 18.1 http-style HEAD output for FTP + 18.2 combine error codes + 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype + + 19. Next major release + 19.1 cleanup return codes + 19.2 remove obsolete defines + 19.3 size_t + 19.4 remove several functions + 19.5 remove CURLOPT_FAILONERROR + 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE + 19.7 remove progress meter from libcurl + 19.8 remove 'curl_httppost' from public + 19.9 have form functions use CURL handle argument + 19.10 Add CURLOPT_MAIL_CLIENT option ============================================================================== @@ -211,7 +189,7 @@ To prevent local users from snooping on your traffic to the proxy. Supported by Chrome already: - https://www.chromium.org/developers/design-documents/secure-web-proxy + http://www.chromium.org/developers/design-documents/secure-web-proxy ...and by Firefox soon: https://bugzilla.mozilla.org/show_bug.cgi?id=378637 @@ -221,19 +199,6 @@ A name resolve that has failed is likely to fail when made again within a short period of time. Currently we only cache positive responses. -1.10 Support IDNA2008 - - International Domain Names are supported in libcurl since years back, powered - by libidn. libidn implements IDNA2003 which has been superseded by IDNA2008. - libidn2 is an existing library offering support for IDNA2008. - -1.11 minimize dependencies with dynamicly loaded modules - - We can create a system with loadable modules/plug-ins, where these modules - would be the ones that link to 3rd party libs. That would allow us to avoid - having to load ALL dependencies since only the necessary ones for this - app/invoke/used protocols would be necessary to load. See - https://github.com/bagder/curl/issues/349 2. libcurl - multi interface @@ -281,7 +246,7 @@ HOST is a command for a client to tell which host name to use, to offer FTP servers named-based virtual hosting: - https://tools.ietf.org/html/rfc7151 + http://tools.ietf.org/html/rfc7151 4.2 Alter passive/active on failure and retry @@ -365,14 +330,6 @@ This is not detailed in any FTP specification. Additionally this should be implemented for proxy base URLs as well. -5.6 Refuse "downgrade" redirects - - See https://github.com/bagder/curl/issues/226 - - Consider a way to tell curl to refuse to "downgrade" protocol with a redirect - and/or possibly a bit that refuses redirect to change protocol completely. - - 6. TELNET 6.1 ditch stdin @@ -436,47 +393,32 @@ to provide the data to send. be possible to use ldap_bind_s() instead specifying the security context information ourselves. -11. SMB - -11.1 File listing support +11. New protocols -Add support for listing the contents of a SMB share. The output should probably -be the same as/similar to FTP. - -11.2 Honor file timestamps - -The timestamp of the transferred file should reflect that of the original file. - -11.3 Use NTLMv2 - -Currently the SMB authentication uses NTLMv1. - -12. New protocols - -12.1 RSYNC +11.1 RSYNC There's no RFC for the protocol or an URI/URL format. An implementation should most probably use an existing rsync library, such as librsync. -13. SSL +12. SSL -13.1 Disable specific versions +12.1 Disable specific versions Provide an option that allows for disabling specific SSL versions, such as SSLv2 http://curl.haxx.se/bug/feature.cgi?id=1767276 -13.2 Provide mutex locking API +12.2 Provide mutex locking API Provide a libcurl API for setting mutex callbacks in the underlying SSL library, so that the same application code can use mutex-locking independently of OpenSSL or GnutTLS being used. -13.3 Evaluate SSL patches +12.3 Evaluate SSL patches Evaluate/apply Gertjan van Wingerde's SSL patches: http://curl.haxx.se/mail/lib-2004-03/0087.html -13.4 Cache OpenSSL contexts +12.4 Cache OpenSSL contexts "Look at SSL cafile - quick traces look to me like these are done on every request as well, when they should only be necessary once per SSL context (or @@ -486,7 +428,7 @@ Currently the SMB authentication uses NTLMv1. style connections are re-used. It will make us use slightly more memory but it will libcurl do less creations and deletions of SSL contexts. -13.5 Export session ids +12.5 Export session ids Add an interface to libcurl that enables "session IDs" to get exported/imported. Cris Bailiff said: "OpenSSL has functions which can @@ -494,22 +436,22 @@ Currently the SMB authentication uses NTLMv1. the state from such a buffer at a later date - this is used by mod_ssl for apache to implement and SSL session ID cache". -13.6 Provide callback for cert verification +12.6 Provide callback for cert verification OpenSSL supports a callback for customised verification of the peer certificate, but this doesn't seem to be exposed in the libcurl APIs. Could it be? There's so much that could be done if it were! -13.7 improve configure --with-ssl +12.7 improve configure --with-ssl make the configure --with-ssl option first check for OpenSSL, then GnuTLS, then NSS... -13.8 Support DANE +12.8 Support DANE DNS-Based Authentication of Named Entities (DANE) is a way to provide SSL keys and certs over DNS using DNSSEC as an alternative to the CA model. - https://www.rfc-editor.org/rfc/rfc6698.txt + http://www.rfc-editor.org/rfc/rfc6698.txt An initial patch was posted by Suresh Krishnaswamy on March 7th 2013 (http://curl.haxx.se/mail/lib-2013-03/0075.html) but it was a too simple @@ -517,69 +459,34 @@ Currently the SMB authentication uses NTLMv1. http://curl.haxx.se/mail/lib-2013-03/0103.html . libunbound may be the correct library to base this development on. -14. GnuTLS +13. GnuTLS -14.1 SSL engine stuff +13.1 SSL engine stuff Is this even possible? -14.2 check connection +13.2 check connection Add a way to check if the connection seems to be alive, to correspond to the SSL_peak() way we use with OpenSSL. -15. WinSSL/SChannel - -15.1 Add support for client certificate authentication - - WinSSL/SChannel currently makes use of the OS-level system and user - certificate and private key stores. This does not allow the application - or the user to supply a custom client certificate using curl or libcurl. - - Therefore support for the existing -E/--cert and --key options should be - implemented by supplying a custom certificate to the SChannel APIs, see: - - Getting a Certificate for Schannel - https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx +14. SASL -15.2 Add support for custom server certificate validation +14.1 Other authentication mechanisms - WinSSL/SChannel currently makes use of the OS-level system and user - certificate trust store. This does not allow the application or user to - customize the server certificate validation process using curl or libcurl. - - Therefore support for the existing --cacert or --capath options should be - implemented by supplying a custom certificate to the SChannel APIs, see: - - Getting a Certificate for Schannel - https://msdn.microsoft.com/en-us/library/windows/desktop/aa375447.aspx - -15.3 Add support for the --ciphers option - - The cipher suites used by WinSSL/SChannel are configured on an OS-level - instead of an application-level. This does not allow the application or - the user to customize the configured cipher suites using curl or libcurl. - - Therefore support for the existing --ciphers option should be implemented - by mapping the OpenSSL/GnuTLS cipher suites to the SChannel APIs, see - - Specifying Schannel Ciphers and Cipher Strengths - https://msdn.microsoft.com/en-us/library/windows/desktop/aa380161.aspx - -16. SASL - -16.1 Other authentication mechanisms - - Add support for other authentication mechanisms such as OLP, + Add support for other authentication mechanisms such as EXTERNAL, OLP, GSS-SPNEGO and others. -16.2 Add QOP support to GSSAPI authentication +14.2 Add QOP support to GSSAPI authentication Currently the GSSAPI authentication only supports the default QOP of auth (Authentication), whilst Kerberos V5 supports both auth-int (Authentication with integrity protection) and auth-conf (Authentication with integrity and privacy protection). -17. Client +15. Client -17.1 sync +15.1 sync "curl --sync http://example.com/feed[1-100].rss" or "curl --sync http://example.net/{index,calendar,history}.html" @@ -588,12 +495,12 @@ Currently the SMB authentication uses NTLMv1. remote file is newer than the local file. A Last-Modified HTTP date header should also be used to set the mod date on the downloaded file. -17.2 glob posts +15.2 glob posts Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. This is easily scripted though. -17.3 prevent file overwriting +15.3 prevent file overwriting Add an option that prevents cURL from overwriting existing local files. When used, and there already is an existing file with the target file name @@ -601,14 +508,14 @@ Currently the SMB authentication uses NTLMv1. existing). So that index.html becomes first index.html.1 and then index.html.2 etc. -17.4 simultaneous parallel transfers +15.4 simultaneous parallel transfers The client could be told to use maximum N simultaneous parallel transfers and then just make sure that happens. It should of course not make more than one connection to the same remote host. This would require the client to use the multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595 -17.5 provide formpost headers +15.5 provide formpost headers Extending the capabilities of the multipart formposting. How about leaving the ';type=foo' syntax as it is and adding an extra tag (headers) which @@ -622,73 +529,43 @@ Currently the SMB authentication uses NTLMv1. which should overwrite the program reasonable defaults (plain/text, 8bit...) -17.6 warning when setting an option - - Display a warning when libcurl returns an error when setting an option. - This can be useful to tell when support for a particular feature hasn't been - compiled into the library. - -17.7 warning when sending binary output to terminal - - Provide a way that prompts the user for confirmation before binary data is - sent to the terminal, much in the style 'less' does it. - -17.8 offer color-coded HTTP header output - - By offering different color output on the header name and the header - contents, they could be made more readable and thus help users working on - HTTP services. - -17.9 Choose the name of file in braces for complex URLs - - When using braces to download a list of URLs and you use complicated names - in the list of alternatives, it could be handy to allow curl to use other - names when saving. - - Consider a way to offer that. Possibly like - {partURL1:name1,partURL2:name2,partURL3:name3} where the name following the - colon is the output name. - - See https://github.com/bagder/curl/issues/221 - -17.10 improve how curl works in a windows console window - - If you pull the scrollbar when transferring with curl in a Windows console - window, the transfer is interrupted and can get disconnected. This can - probably be improved. See https://github.com/bagder/curl/issues/322 +15.6 warning when setting an option + Display a warning when libcurl returns an error when setting an option. + This can be useful to tell when support for a particular feature hasn't been + compiled into the library. -18. Build +16. Build -18.1 roffit +16.1 roffit Consider extending 'roffit' to produce decent ASCII output, and use that instead of (g)nroff when building src/tool_hugehelp.c -19. Test suite +17. Test suite -19.1 SSL tunnel +17.1 SSL tunnel Make our own version of stunnel for simple port forwarding to enable HTTPS and FTP-SSL tests without the stunnel dependency, and it could allow us to provide test tools built with either OpenSSL or GnuTLS -19.2 nicer lacking perl message +17.2 nicer lacking perl message If perl wasn't found by the configure script, don't attempt to run the tests but explain something nice why it doesn't. -19.3 more protocols supported +17.3 more protocols supported Extend the test suite to include more protocols. The telnet could just do FTP or http operations (for which we have test servers). -19.4 more platforms supported +17.4 more platforms supported Make the test suite work on more platforms. OpenBSD and Mac OS. Remove fork()s and it should become even more portable. -19.5 Add support for concurrent connections +17.5 Add support for concurrent connections Tests 836, 882 and 938 were designed to verify that separate connections aren't used when using different login credentials in protocols that shouldn't re-use @@ -702,14 +579,14 @@ Currently the SMB authentication uses NTLMv1. and thus the wait for connections loop is never entered to receive the second connection. -20. Next SONAME bump +18. Next SONAME bump -20.1 http-style HEAD output for FTP +18.1 http-style HEAD output for FTP #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers from being output in NOBODY requests over FTP -20.2 combine error codes +18.2 combine error codes Combine some of the error codes to remove duplicates. The original numbering should not be changed, and the old identifiers would be @@ -734,29 +611,29 @@ Currently the SMB authentication uses NTLMv1. CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED -20.3 extend CURLOPT_SOCKOPTFUNCTION prototype +18.3 extend CURLOPT_SOCKOPTFUNCTION prototype The current prototype only provides 'purpose' that tells what the connection/socket is for, but not any protocol or similar. It makes it hard for applications to differentiate on TCP vs UDP and even HTTP vs FTP and similar. -21. Next major release +19. Next major release -21.1 cleanup return codes +19.1 cleanup return codes curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a CURLMcode. These should be changed to be the same. -21.2 remove obsolete defines +19.2 remove obsolete defines remove obsolete defines from curl/curl.h -21.3 size_t +19.3 size_t make several functions use size_t instead of int in their APIs -21.4 remove several functions +19.4 remove several functions remove the following functions from the public API: @@ -777,18 +654,18 @@ Currently the SMB authentication uses NTLMv1. curl_multi_socket_all -21.5 remove CURLOPT_FAILONERROR +19.5 remove CURLOPT_FAILONERROR Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird internally. Let the app judge success or not for itself. -21.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE +19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE Remove support for a global DNS cache. Anything global is silly, and we already offer the share interface for the same functionality but done "right". -21.7 remove progress meter from libcurl +19.7 remove progress meter from libcurl The internally provided progress meter output doesn't belong in the library. Basically no application wants it (apart from curl) but instead applications @@ -798,7 +675,7 @@ Currently the SMB authentication uses NTLMv1. variable types passed to it instead of doubles so that big files work correctly. -21.8 remove 'curl_httppost' from public +19.8 remove 'curl_httppost' from public curl_formadd() was made to fill in a public struct, but the fact that the struct is public is never really used by application for their own advantage @@ -807,7 +684,7 @@ Currently the SMB authentication uses NTLMv1. Changing them to return a private handle will benefit the implementation and allow us much greater freedoms while still maintaining a solid API and ABI. -21.9 have form functions use CURL handle argument +19.9 have form functions use CURL handle argument curl_formadd() and curl_formget() both currently have no CURL handle argument, but both can use a callback that is set in the easy handle, and @@ -815,7 +692,7 @@ Currently the SMB authentication uses NTLMv1. curl_easy_perform() (or similar) called - which is hard to grasp and a design mistake. -21.10 Add CURLOPT_MAIL_CLIENT option +19.10 Add CURLOPT_MAIL_CLIENT option Rather than use the URL to specify the mail client string to present in the HELO and EHLO commands, libcurl should support a new CURLOPT specifically for diff --git a/docs/TheArtOfHttpScripting b/docs/TheArtOfHttpScripting index 76faee4..7235f12 100644 --- a/docs/TheArtOfHttpScripting +++ b/docs/TheArtOfHttpScripting @@ -1,3 +1,4 @@ +Updated: Dec 24, 2013 (http://curl.haxx.se/docs/httpscripting.html) _ _ ____ _ ___| | | | _ \| | / __| | | | |_) | | @@ -22,8 +23,6 @@ The Art Of Scripting HTTP Requests Using Curl 3. Fetch a page 3.1 GET 3.2 HEAD - 3.3 Multiple URLs in a single command line - 3.4 Multiple HTTP methods in a single command line 4. HTML forms 4.1 Forms explained 4.2 GET @@ -137,7 +136,7 @@ The Art Of Scripting HTTP Requests Using Curl The Uniform Resource Locator format is how you specify the address of a particular resource on the Internet. You know these, you've seen URLs like http://curl.haxx.se or https://yourbank.com a million times. RFC 3986 is the - canonical spec. And yeah, the formal name is not URL, it is URI. + canonical spec. 2.2 Host @@ -194,6 +193,7 @@ The Art Of Scripting HTTP Requests Using Curl the associated response. The path is what is to the right side of the slash that follows the host name and possibly port number. + 3. Fetch a page 3.1 GET @@ -224,46 +224,6 @@ The Art Of Scripting HTTP Requests Using Curl may see a Content-Length: in the response headers, but there must not be an actual body in the HEAD response. - 3.3 Multiple URLs in a single command line - - A single curl command line may involve one or many URLs. The most common case - is probably to just use one, but you can specify any amount of URLs. Yes - any. No limits. You'll then get requests repeated over and over for all the - given URLs. - - Example, send two GETs: - - curl http://url1.example.com http://url2.example.com - - If you use --data to POST to the URL, using multiple URLs means that you send - that same POST to all the given URLs. - - Example, send two POSTs: - - curl --data name=curl http://url1.example.com http://url2.example.com - - - 3.4 Multiple HTTP methods in a single command line - - Sometimes you need to operate on several URLs in a single command line and do - different HTTP methods on each. For this, you'll enjoy the --next option. It - is basically a separator that separates a bunch of options from the next. All - the URLs before --next will get the same method and will get all the POST - data merged into one. - - When curl reaches the --next on the command line, it'll sort of reset the - method and the POST data and allow a new set. - - Perhaps this is best shown with a few examples. To send first a HEAD and then - a GET: - - curl -I http://example.com --next http://example.com - - To first send a POST and then a GET: - - curl -d score=10 http://example.com/post.cgi --next http://example.com/results.html - - 4. HTML forms 4.1 Forms explained @@ -342,10 +302,6 @@ The Art Of Scripting HTTP Requests Using Curl curl --data-urlencode "name=I am Daniel" http://www.example.com - If you repeat --data several times on the command line, curl will - concatenate all the given data pieces - and put a '&' symbol between each - data segment. - 4.4 File Upload POST Back in late 1995 they defined an additional way to post data over HTTP. It @@ -601,10 +557,8 @@ The Art Of Scripting HTTP Requests Using Curl truckload of advanced features to allow all those encryptions and key infrastructure mechanisms encrypted HTTP requires. - Curl supports encrypted fetches when built to use a TLS library and it can be - built to use one out of a fairly large set of libraries - "curl -V" will show - which one your curl was built to use (if any!). To get a page from a HTTPS - server, simply run curl like: + Curl supports encrypted fetches thanks to the freely available OpenSSL + libraries. To get a page from a HTTPS server, simply run curl like: curl https://secure.example.com @@ -630,12 +584,6 @@ The Art Of Scripting HTTP Requests Using Curl http://curl.haxx.se/docs/sslcerts.html - At times you may end up with your own CA cert store and then you can tell - curl to use that to verify the server's certificate: - - curl --cacert ca-bundle.pem https://example.com/ - - 11. Custom Request Elements 11.1 Modify method and headers @@ -744,7 +692,7 @@ The Art Of Scripting HTTP Requests Using Curl 14.1 Standards - RFC 7230 is a must to read if you want in-depth understanding of the HTTP + RFC 2616 is a must to read if you want in-depth understanding of the HTTP protocol RFC 3986 explains the URL syntax diff --git a/docs/VERSIONS b/docs/VERSIONS index 72a4547..0670089 100644 --- a/docs/VERSIONS +++ b/docs/VERSIONS @@ -1,18 +1,22 @@ + _ _ ____ _ + ___| | | | _ \| | + / __| | | | |_) | | + | (__| |_| | _ <| |___ + \___|\___/|_| \_\_____| + Version Numbers and Releases -============================ Curl is not only curl. Curl is also libcurl. They're actually individually versioned, but they mostly follow each other rather closely. The version numbering is always built up using the same system: - X.Y.Z - - - X is main version number - - Y is release number - - Z is patch number + X.Y[.Z] -## Bumping numbers + Where + X is main version number + Y is release number + Z is patch number One of these numbers will get bumped in each new release. The numbers to the right of a bumped number will be reset to zero. If Z is zero, it may not be @@ -53,4 +57,4 @@ Version Numbers and Releases release. It makes comparisons with greater than and less than work. This number is also available as three separate defines: - `LIBCURL_VERSION_MAJOR`, `LIBCURL_VERSION_MINOR` and `LIBCURL_VERSION_PATCH`. + LIBCURL_VERSION_MAJOR, LIBCURL_VERSION_MINOR and LIBCURL_VERSION_PATCH. diff --git a/docs/curl-config.html b/docs/curl-config.html index 015dae8..1563d54 100644 --- a/docs/curl-config.html +++ b/docs/curl-config.html @@ -4,20 +4,15 @@ curl-config man page - - -

NAME

-

libcurl-symbols - libcurl symbol version information

libcurl symbols

-

This man page details version information for public symbols provided in the libcurl header files. This lists the first version in which the symbol was introduced and for some symbols two additional information pieces: -

The first version in which the symbol is marked "deprecated" - meaning that since that version no new code should be written to use the symbol as it is marked for getting removed in a future. -

The last version that featured the specific symbol. Using the symbol in source code will make it no longer compile error-free after that specified version. -

This man page is automatically generated from the symbols-in-versions file. -

CURLAUTH_ANY -

Introduced in 7.10.6 -

CURLAUTH_ANYSAFE -

Introduced in 7.10.6 -

CURLAUTH_BASIC -

Introduced in 7.10.6 -

CURLAUTH_DIGEST -

Introduced in 7.10.6 -

CURLAUTH_DIGEST_IE -

Introduced in 7.19.3 -

CURLAUTH_GSSNEGOTIATE -

Introduced in 7.10.6 Deprecated since 7.38.0 -

CURLAUTH_NEGOTIATE -

Introduced in 7.38.0 -

CURLAUTH_NONE -

Introduced in 7.10.6 -

CURLAUTH_NTLM -

Introduced in 7.10.6 -

CURLAUTH_NTLM_WB -

Introduced in 7.22.0 -

CURLAUTH_ONLY -

Introduced in 7.21.3 -

CURLCLOSEPOLICY_CALLBACK -

Introduced in 7.7 -

CURLCLOSEPOLICY_LEAST_RECENTLY_USED -

Introduced in 7.7 -

CURLCLOSEPOLICY_LEAST_TRAFFIC -

Introduced in 7.7 -

CURLCLOSEPOLICY_NONE -

Introduced in 7.7 -

CURLCLOSEPOLICY_OLDEST -

Introduced in 7.7 -

CURLCLOSEPOLICY_SLOWEST -

Introduced in 7.7 -

CURLE_ABORTED_BY_CALLBACK -

Introduced in 7.1 -

CURLE_AGAIN -

Introduced in 7.18.2 -

CURLE_ALREADY_COMPLETE -

Introduced in 7.7.2 -

CURLE_BAD_CALLING_ORDER -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_BAD_CONTENT_ENCODING -

Introduced in 7.10 -

CURLE_BAD_DOWNLOAD_RESUME -

Introduced in 7.10 -

CURLE_BAD_FUNCTION_ARGUMENT -

Introduced in 7.1 -

CURLE_BAD_PASSWORD_ENTERED -

Introduced in 7.4.2 Deprecated since 7.17.0 -

CURLE_CHUNK_FAILED -

Introduced in 7.21.0 -

CURLE_CONV_FAILED -

Introduced in 7.15.4 -

CURLE_CONV_REQD -

Introduced in 7.15.4 -

CURLE_COULDNT_CONNECT -

Introduced in 7.1 -

CURLE_COULDNT_RESOLVE_HOST -

Introduced in 7.1 -

CURLE_COULDNT_RESOLVE_PROXY -

Introduced in 7.1 -

CURLE_FAILED_INIT -

Introduced in 7.1 -

CURLE_FILESIZE_EXCEEDED -

Introduced in 7.10.8 -

CURLE_FILE_COULDNT_READ_FILE -

Introduced in 7.1 -

CURLE_FTP_ACCEPT_FAILED -

Introduced in 7.24.0 -

CURLE_FTP_ACCEPT_TIMEOUT -

Introduced in 7.24.0 -

CURLE_FTP_ACCESS_DENIED -

Introduced in 7.1 -

CURLE_FTP_BAD_DOWNLOAD_RESUME -

Introduced in 7.1 Deprecated since 7.1 -

CURLE_FTP_BAD_FILE_LIST -

Introduced in 7.21.0 -

CURLE_FTP_CANT_GET_HOST -

Introduced in 7.1 -

CURLE_FTP_CANT_RECONNECT -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_COULDNT_GET_SIZE -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_COULDNT_RETR_FILE -

Introduced in 7.1 -

CURLE_FTP_COULDNT_SET_ASCII -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_COULDNT_SET_BINARY -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_COULDNT_SET_TYPE -

Introduced in 7.17.0 -

CURLE_FTP_COULDNT_STOR_FILE -

Introduced in 7.1 -

CURLE_FTP_COULDNT_USE_REST -

Introduced in 7.1 -

CURLE_FTP_PARTIAL_FILE -

Introduced in 7.1 Deprecated since 7.1 -

CURLE_FTP_PORT_FAILED -

Introduced in 7.1 -

CURLE_FTP_PRET_FAILED -

Introduced in 7.20.0 -

CURLE_FTP_QUOTE_ERROR -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_SSL_FAILED -

Introduced in 7.11.0 Deprecated since 7.17.0 -

CURLE_FTP_USER_PASSWORD_INCORRECT -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_WEIRD_227_FORMAT -

Introduced in 7.1 -

CURLE_FTP_WEIRD_PASS_REPLY -

Introduced in 7.1 -

CURLE_FTP_WEIRD_PASV_REPLY -

Introduced in 7.1 -

CURLE_FTP_WEIRD_SERVER_REPLY -

Introduced in 7.1 -

CURLE_FTP_WEIRD_USER_REPLY -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FTP_WRITE_ERROR -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_FUNCTION_NOT_FOUND -

Introduced in 7.1 -

CURLE_GOT_NOTHING -

Introduced in 7.9.1 -

CURLE_HTTP2 -

Introduced in 7.38.0 -

CURLE_HTTP_NOT_FOUND -

Introduced in 7.1 -

CURLE_HTTP_PORT_FAILED -

Introduced in 7.3 Deprecated since 7.12.0 -

CURLE_HTTP_POST_ERROR -

Introduced in 7.1 -

CURLE_HTTP_RANGE_ERROR -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_HTTP_RETURNED_ERROR -

Introduced in 7.10.3 -

CURLE_INTERFACE_FAILED -

Introduced in 7.12.0 -

CURLE_LDAP_CANNOT_BIND -

Introduced in 7.1 -

CURLE_LDAP_INVALID_URL -

Introduced in 7.10.8 -

CURLE_LDAP_SEARCH_FAILED -

Introduced in 7.1 -

CURLE_LIBRARY_NOT_FOUND -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_LOGIN_DENIED -

Introduced in 7.13.1 -

CURLE_MALFORMAT_USER -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_NOT_BUILT_IN -

Introduced in 7.21.5 -

CURLE_NO_CONNECTION_AVAILABLE -

Introduced in 7.30.0 -

CURLE_OK -

Introduced in 7.1 -

CURLE_OPERATION_TIMEDOUT -

Introduced in 7.10.2 -

CURLE_OPERATION_TIMEOUTED -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_OUT_OF_MEMORY -

Introduced in 7.1 -

CURLE_PARTIAL_FILE -

Introduced in 7.1 -

CURLE_PEER_FAILED_VERIFICATION -

Introduced in 7.17.1 -

CURLE_QUOTE_ERROR -

Introduced in 7.17.0 -

CURLE_RANGE_ERROR -

Introduced in 7.17.0 -

CURLE_READ_ERROR -

Introduced in 7.1 -

CURLE_RECV_ERROR -

Introduced in 7.10 -

CURLE_REMOTE_ACCESS_DENIED -

Introduced in 7.17.0 -

CURLE_REMOTE_DISK_FULL -

Introduced in 7.17.0 -

CURLE_REMOTE_FILE_EXISTS -

Introduced in 7.17.0 -

CURLE_REMOTE_FILE_NOT_FOUND -

Introduced in 7.16.1 -

CURLE_RTSP_CSEQ_ERROR -

Introduced in 7.20.0 -

CURLE_RTSP_SESSION_ERROR -

Introduced in 7.20.0 -

CURLE_SEND_ERROR -

Introduced in 7.10 -

CURLE_SEND_FAIL_REWIND -

Introduced in 7.12.3 -

CURLE_SHARE_IN_USE -

Introduced in 7.9.6 Deprecated since 7.17.0 -

CURLE_SSH -

Introduced in 7.16.1 -

CURLE_SSL_CACERT -

Introduced in 7.10 -

CURLE_SSL_CACERT_BADFILE -

Introduced in 7.16.0 -

CURLE_SSL_CERTPROBLEM -

Introduced in 7.10 -

CURLE_SSL_CIPHER -

Introduced in 7.10 -

CURLE_SSL_CONNECT_ERROR -

Introduced in 7.1 -

CURLE_SSL_CRL_BADFILE -

Introduced in 7.19.0 -

CURLE_SSL_ENGINE_INITFAILED -

Introduced in 7.12.3 -

CURLE_SSL_ENGINE_NOTFOUND -

Introduced in 7.9.3 -

CURLE_SSL_ENGINE_SETFAILED -

Introduced in 7.9.3 -

CURLE_SSL_INVALIDCERTSTATUS -

Introduced in 7.41.0 -

CURLE_SSL_ISSUER_ERROR -

Introduced in 7.19.0 -

CURLE_SSL_PEER_CERTIFICATE -

Introduced in 7.8 Deprecated since 7.17.1 -

CURLE_SSL_PINNEDPUBKEYNOTMATCH -

Introduced in 7.39.0 -

CURLE_SSL_SHUTDOWN_FAILED -

Introduced in 7.16.1 -

CURLE_TELNET_OPTION_SYNTAX -

Introduced in 7.7 -

CURLE_TFTP_DISKFULL -

Introduced in 7.15.0 Deprecated since 7.17.0 -

CURLE_TFTP_EXISTS -

Introduced in 7.15.0 Deprecated since 7.17.0 -

CURLE_TFTP_ILLEGAL -

Introduced in 7.15.0 -

CURLE_TFTP_NOSUCHUSER -

Introduced in 7.15.0 -

CURLE_TFTP_NOTFOUND -

Introduced in 7.15.0 -

CURLE_TFTP_PERM -

Introduced in 7.15.0 -

CURLE_TFTP_UNKNOWNID -

Introduced in 7.15.0 -

CURLE_TOO_MANY_REDIRECTS -

Introduced in 7.5 -

CURLE_UNKNOWN_OPTION -

Introduced in 7.21.5 -

CURLE_UNKNOWN_TELNET_OPTION -

Introduced in 7.7 -

CURLE_UNSUPPORTED_PROTOCOL -

Introduced in 7.1 -

CURLE_UPLOAD_FAILED -

Introduced in 7.16.3 -

CURLE_URL_MALFORMAT -

Introduced in 7.1 -

CURLE_URL_MALFORMAT_USER -

Introduced in 7.1 Deprecated since 7.17.0 -

CURLE_USE_SSL_FAILED -

Introduced in 7.17.0 -

CURLE_WRITE_ERROR -

Introduced in 7.1 -

CURLFILETYPE_DEVICE_BLOCK -

Introduced in 7.21.0 -

CURLFILETYPE_DEVICE_CHAR -

Introduced in 7.21.0 -

CURLFILETYPE_DIRECTORY -

Introduced in 7.21.0 -

CURLFILETYPE_DOOR -

Introduced in 7.21.0 -

CURLFILETYPE_FILE -

Introduced in 7.21.0 -

CURLFILETYPE_NAMEDPIPE -

Introduced in 7.21.0 -

CURLFILETYPE_SOCKET -

Introduced in 7.21.0 -

CURLFILETYPE_SYMLINK -

Introduced in 7.21.0 -

CURLFILETYPE_UNKNOWN -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_FILENAME -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_FILETYPE -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_GID -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_HLINKCOUNT -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_PERM -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_SIZE -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_TIME -

Introduced in 7.21.0 -

CURLFINFOFLAG_KNOWN_UID -

Introduced in 7.21.0 -

CURLFORM_ARRAY -

Introduced in 7.9.1 -

CURLFORM_ARRAY_END -

Introduced in 7.9.1 Deprecated since 7.9.5 Last used in 7.9.5 -

CURLFORM_ARRAY_START -

Introduced in 7.9.1 Deprecated since 7.9.5 Last used in 7.9.5 -

CURLFORM_BUFFER -

Introduced in 7.9.8 -

CURLFORM_BUFFERLENGTH -

Introduced in 7.9.8 -

CURLFORM_BUFFERPTR -

Introduced in 7.9.8 -

CURLFORM_CONTENTHEADER -

Introduced in 7.9.3 -

CURLFORM_CONTENTSLENGTH -

Introduced in 7.9 -

CURLFORM_CONTENTTYPE -

Introduced in 7.9 -

CURLFORM_COPYCONTENTS -

Introduced in 7.9 -

CURLFORM_COPYNAME -

Introduced in 7.9 -

CURLFORM_END -

Introduced in 7.9 -

CURLFORM_FILE -

Introduced in 7.9 -

CURLFORM_FILECONTENT -

Introduced in 7.9.1 -

CURLFORM_FILENAME -

Introduced in 7.9.6 -

CURLFORM_NAMELENGTH -

Introduced in 7.9 -

CURLFORM_NOTHING -

Introduced in 7.9 -

CURLFORM_PTRCONTENTS -

Introduced in 7.9 -

CURLFORM_PTRNAME -

Introduced in 7.9 -

CURLFORM_STREAM -

Introduced in 7.18.2 -

CURLFTPAUTH_DEFAULT -

Introduced in 7.12.2 -

CURLFTPAUTH_SSL -

Introduced in 7.12.2 -

CURLFTPAUTH_TLS -

Introduced in 7.12.2 -

CURLFTPMETHOD_DEFAULT -

Introduced in 7.15.3 -

CURLFTPMETHOD_MULTICWD -

Introduced in 7.15.3 -

CURLFTPMETHOD_NOCWD -

Introduced in 7.15.3 -

CURLFTPMETHOD_SINGLECWD -

Introduced in 7.15.3 -

CURLFTPSSL_ALL -

Introduced in 7.11.0 Deprecated since 7.17.0 -

CURLFTPSSL_CCC_ACTIVE -

Introduced in 7.16.2 -

CURLFTPSSL_CCC_NONE -

Introduced in 7.16.2 -

CURLFTPSSL_CCC_PASSIVE -

Introduced in 7.16.1 -

CURLFTPSSL_CONTROL -

Introduced in 7.11.0 Deprecated since 7.17.0 -

CURLFTPSSL_NONE -

Introduced in 7.11.0 Deprecated since 7.17.0 -

CURLFTPSSL_TRY -

Introduced in 7.11.0 Deprecated since 7.17.0 -

CURLFTP_CREATE_DIR -

Introduced in 7.19.4 -

CURLFTP_CREATE_DIR_NONE -

Introduced in 7.19.4 -

CURLFTP_CREATE_DIR_RETRY -

Introduced in 7.19.4 -

CURLGSSAPI_DELEGATION_FLAG -

Introduced in 7.22.0 -

CURLGSSAPI_DELEGATION_NONE -

Introduced in 7.22.0 -

CURLGSSAPI_DELEGATION_POLICY_FLAG -

Introduced in 7.22.0 -

CURLHEADER_SEPARATE -

Introduced in 7.37.0 -

CURLHEADER_UNIFIED -

Introduced in 7.37.0 -

CURLINFO_APPCONNECT_TIME -

Introduced in 7.19.0 -

CURLINFO_CERTINFO -

Introduced in 7.19.1 -

CURLINFO_CONDITION_UNMET -

Introduced in 7.19.4 -

CURLINFO_CONNECT_TIME -

Introduced in 7.4.1 -

CURLINFO_CONTENT_LENGTH_DOWNLOAD -

Introduced in 7.6.1 -

CURLINFO_CONTENT_LENGTH_UPLOAD -

Introduced in 7.6.1 -

CURLINFO_CONTENT_TYPE -

Introduced in 7.9.4 -

CURLINFO_COOKIELIST -

Introduced in 7.14.1 -

CURLINFO_DATA_IN -

Introduced in 7.9.6 -

CURLINFO_DATA_OUT -

Introduced in 7.9.6 -

CURLINFO_DOUBLE -

Introduced in 7.4.1 -

CURLINFO_EFFECTIVE_URL -

Introduced in 7.4 -

CURLINFO_END -

Introduced in 7.9.6 -

CURLINFO_FILETIME -

Introduced in 7.5 -

CURLINFO_FTP_ENTRY_PATH -

Introduced in 7.15.4 -

CURLINFO_HEADER_IN -

Introduced in 7.9.6 -

CURLINFO_HEADER_OUT -

Introduced in 7.9.6 -

CURLINFO_HEADER_SIZE -

Introduced in 7.4.1 -

CURLINFO_HTTPAUTH_AVAIL -

Introduced in 7.10.8 -

CURLINFO_HTTP_CODE -

Introduced in 7.4.1 Deprecated since 7.10.8 -

CURLINFO_HTTP_CONNECTCODE -

Introduced in 7.10.7 -

CURLINFO_LASTONE -

Introduced in 7.4.1 -

CURLINFO_LASTSOCKET -

Introduced in 7.15.2 -

CURLINFO_LOCAL_IP -

Introduced in 7.21.0 -

CURLINFO_LOCAL_PORT -

Introduced in 7.21.0 -

CURLINFO_LONG -

Introduced in 7.4.1 -

CURLINFO_MASK -

Introduced in 7.4.1 -

CURLINFO_NAMELOOKUP_TIME -

Introduced in 7.4.1 -

CURLINFO_NONE -

Introduced in 7.4.1 -

CURLINFO_NUM_CONNECTS -

Introduced in 7.12.3 -

CURLINFO_OS_ERRNO -

Introduced in 7.12.2 -

CURLINFO_PRETRANSFER_TIME -

Introduced in 7.4.1 -

CURLINFO_PRIMARY_IP -

Introduced in 7.19.0 -

CURLINFO_PRIMARY_PORT -

Introduced in 7.21.0 -

CURLINFO_PRIVATE -

Introduced in 7.10.3 -

CURLINFO_PROXYAUTH_AVAIL -

Introduced in 7.10.8 -

CURLINFO_REDIRECT_COUNT -

Introduced in 7.9.7 -

CURLINFO_REDIRECT_TIME -

Introduced in 7.9.7 -

CURLINFO_REDIRECT_URL -

Introduced in 7.18.2 -

CURLINFO_REQUEST_SIZE -

Introduced in 7.4.1 -

CURLINFO_RESPONSE_CODE -

Introduced in 7.10.8 -

CURLINFO_RTSP_CLIENT_CSEQ -

Introduced in 7.20.0 -

CURLINFO_RTSP_CSEQ_RECV -

Introduced in 7.20.0 -

CURLINFO_RTSP_SERVER_CSEQ -

Introduced in 7.20.0 -

CURLINFO_RTSP_SESSION_ID -

Introduced in 7.20.0 -

CURLINFO_SIZE_DOWNLOAD -

Introduced in 7.4.1 -

CURLINFO_SIZE_UPLOAD -

Introduced in 7.4.1 -

CURLINFO_SLIST -

Introduced in 7.12.3 -

CURLINFO_SPEED_DOWNLOAD -

Introduced in 7.4.1 -

CURLINFO_SPEED_UPLOAD -

Introduced in 7.4.1 -

CURLINFO_SSL_DATA_IN -

Introduced in 7.12.1 -

CURLINFO_SSL_DATA_OUT -

Introduced in 7.12.1 -

CURLINFO_SSL_ENGINES -

Introduced in 7.12.3 -

CURLINFO_SSL_VERIFYRESULT -

Introduced in 7.5 -

CURLINFO_STARTTRANSFER_TIME -

Introduced in 7.9.2 -

CURLINFO_STRING -

Introduced in 7.4.1 -

CURLINFO_TEXT -

Introduced in 7.9.6 -

CURLINFO_TLS_SESSION -

Introduced in 7.34.0 -

CURLINFO_TOTAL_TIME -

Introduced in 7.4.1 -

CURLINFO_TYPEMASK -

Introduced in 7.4.1 -

CURLIOCMD_NOP -

Introduced in 7.12.3 -

CURLIOCMD_RESTARTREAD -

Introduced in 7.12.3 -

CURLIOE_FAILRESTART -

Introduced in 7.12.3 -

CURLIOE_OK -

Introduced in 7.12.3 -

CURLIOE_UNKNOWNCMD -

Introduced in 7.12.3 -

CURLKHMATCH_MISMATCH -

Introduced in 7.19.6 -

CURLKHMATCH_MISSING -

Introduced in 7.19.6 -

CURLKHMATCH_OK -

Introduced in 7.19.6 -

CURLKHSTAT_DEFER -

Introduced in 7.19.6 -

CURLKHSTAT_FINE -

Introduced in 7.19.6 -

CURLKHSTAT_FINE_ADD_TO_FILE -

Introduced in 7.19.6 -

CURLKHSTAT_REJECT -

Introduced in 7.19.6 -

CURLKHTYPE_DSS -

Introduced in 7.19.6 -

CURLKHTYPE_RSA -

Introduced in 7.19.6 -

CURLKHTYPE_RSA1 -

Introduced in 7.19.6 -

CURLKHTYPE_UNKNOWN -

Introduced in 7.19.6 -

CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE -

Introduced in 7.30.0 -

CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE -

Introduced in 7.30.0 -

CURLMOPT_MAXCONNECTS -

Introduced in 7.16.3 -

CURLMOPT_MAX_HOST_CONNECTIONS -

Introduced in 7.30.0 -

CURLMOPT_MAX_PIPELINE_LENGTH -

Introduced in 7.30.0 -

CURLMOPT_MAX_TOTAL_CONNECTIONS -

Introduced in 7.30.0 -

CURLMOPT_PIPELINING -

Introduced in 7.16.0 -

CURLMOPT_PIPELINING_SERVER_BL -

Introduced in 7.30.0 -

CURLMOPT_PIPELINING_SITE_BL -

Introduced in 7.30.0 -

CURLMOPT_PUSHDATA -

Introduced in 7.44.0 -

CURLMOPT_PUSHFUNCTION -

Introduced in 7.44.0 -

CURLMOPT_SOCKETDATA -

Introduced in 7.15.4 -

CURLMOPT_SOCKETFUNCTION -

Introduced in 7.15.4 -

CURLMOPT_TIMERDATA -

Introduced in 7.16.0 -

CURLMOPT_TIMERFUNCTION -

Introduced in 7.16.0 -

CURLMSG_DONE -

Introduced in 7.9.6 -

CURLMSG_NONE -

Introduced in 7.9.6 -

CURLM_ADDED_ALREADY -

Introduced in 7.32.1 -

CURLM_BAD_EASY_HANDLE -

Introduced in 7.9.6 -

CURLM_BAD_HANDLE -

Introduced in 7.9.6 -

CURLM_BAD_SOCKET -

Introduced in 7.15.4 -

CURLM_CALL_MULTI_PERFORM -

Introduced in 7.9.6 -

CURLM_CALL_MULTI_SOCKET -

Introduced in 7.15.5 -

CURLM_INTERNAL_ERROR -

Introduced in 7.9.6 -

CURLM_OK -

Introduced in 7.9.6 -

CURLM_OUT_OF_MEMORY -

Introduced in 7.9.6 -

CURLM_UNKNOWN_OPTION -

Introduced in 7.15.4 -

CURLOPTTYPE_FUNCTIONPOINT -

Introduced in 7.1 -

CURLOPTTYPE_LONG -

Introduced in 7.1 -

CURLOPTTYPE_OBJECTPOINT -

Introduced in 7.1 -

CURLOPTTYPE_OFF_T -

Introduced in 7.11.0 -

CURLOPT_ACCEPTTIMEOUT_MS -

Introduced in 7.24.0 -

CURLOPT_ACCEPT_ENCODING -

Introduced in 7.21.6 -

CURLOPT_ADDRESS_SCOPE -

Introduced in 7.19.0 -

CURLOPT_APPEND -

Introduced in 7.17.0 -

CURLOPT_AUTOREFERER -

Introduced in 7.1 -

CURLOPT_BUFFERSIZE -

Introduced in 7.10 -

CURLOPT_CAINFO -

Introduced in 7.4.2 -

CURLOPT_CAPATH -

Introduced in 7.9.8 -

CURLOPT_CERTINFO -

Introduced in 7.19.1 -

CURLOPT_CHUNK_BGN_FUNCTION -

Introduced in 7.21.0 -

CURLOPT_CHUNK_DATA -

Introduced in 7.21.0 -

CURLOPT_CHUNK_END_FUNCTION -

Introduced in 7.21.0 -

CURLOPT_CLOSEFUNCTION -

Introduced in 7.7 Deprecated since 7.11.1 Last used in 7.11.1 -

CURLOPT_CLOSEPOLICY -

Introduced in 7.7 Deprecated since 7.16.1 -

CURLOPT_CLOSESOCKETDATA -

Introduced in 7.21.7 -

CURLOPT_CLOSESOCKETFUNCTION -

Introduced in 7.21.7 -

CURLOPT_CONNECTTIMEOUT -

Introduced in 7.7 -

CURLOPT_CONNECTTIMEOUT_MS -

Introduced in 7.16.2 -

CURLOPT_CONNECT_ONLY -

Introduced in 7.15.2 -

CURLOPT_CONV_FROM_NETWORK_FUNCTION -

Introduced in 7.15.4 -

CURLOPT_CONV_FROM_UTF8_FUNCTION -

Introduced in 7.15.4 -

CURLOPT_CONV_TO_NETWORK_FUNCTION -

Introduced in 7.15.4 -

CURLOPT_COOKIE -

Introduced in 7.1 -

CURLOPT_COOKIEFILE -

Introduced in 7.1 -

CURLOPT_COOKIEJAR -

Introduced in 7.9 -

CURLOPT_COOKIELIST -

Introduced in 7.14.1 -

CURLOPT_COOKIESESSION -

Introduced in 7.9.7 -

CURLOPT_COPYPOSTFIELDS -

Introduced in 7.17.1 -

CURLOPT_CRLF -

Introduced in 7.1 -

CURLOPT_CRLFILE -

Introduced in 7.19.0 -

CURLOPT_CUSTOMREQUEST -

Introduced in 7.1 -

CURLOPT_DEBUGDATA -

Introduced in 7.9.6 -

CURLOPT_DEBUGFUNCTION -

Introduced in 7.9.6 -

CURLOPT_DIRLISTONLY -

Introduced in 7.17.0 -

CURLOPT_DNS_CACHE_TIMEOUT -

Introduced in 7.9.3 -

CURLOPT_DNS_INTERFACE -

Introduced in 7.33.0 -

CURLOPT_DNS_LOCAL_IP4 -

Introduced in 7.33.0 -

CURLOPT_DNS_LOCAL_IP6 -

Introduced in 7.33.0 -

CURLOPT_DNS_SERVERS -

Introduced in 7.24.0 -

CURLOPT_DNS_USE_GLOBAL_CACHE -

Introduced in 7.9.3 Deprecated since 7.11.1 -

CURLOPT_EGDSOCKET -

Introduced in 7.7 -

CURLOPT_ENCODING -

Introduced in 7.10 -

CURLOPT_ERRORBUFFER -

Introduced in 7.1 -

CURLOPT_EXPECT_100_TIMEOUT_MS -

Introduced in 7.36.0 -

CURLOPT_FAILONERROR -

Introduced in 7.1 -

CURLOPT_FILE -

Introduced in 7.1 Deprecated since 7.9.7 -

CURLOPT_FILETIME -

Introduced in 7.5 -

CURLOPT_FNMATCH_DATA -

Introduced in 7.21.0 -

CURLOPT_FNMATCH_FUNCTION -

Introduced in 7.21.0 -

CURLOPT_FOLLOWLOCATION -

Introduced in 7.1 -

CURLOPT_FORBID_REUSE -

Introduced in 7.7 -

CURLOPT_FRESH_CONNECT -

Introduced in 7.7 -

CURLOPT_FTPAPPEND -

Introduced in 7.1 Deprecated since 7.16.4 -

CURLOPT_FTPASCII -

Introduced in 7.1 Deprecated since 7.11.1 Last used in 7.11.1 -

CURLOPT_FTPLISTONLY -

Introduced in 7.1 Deprecated since 7.16.4 -

CURLOPT_FTPPORT -

Introduced in 7.1 -

CURLOPT_FTPSSLAUTH -

Introduced in 7.12.2 -

CURLOPT_FTP_ACCOUNT -

Introduced in 7.13.0 -

CURLOPT_FTP_ALTERNATIVE_TO_USER -

Introduced in 7.15.5 -

CURLOPT_FTP_CREATE_MISSING_DIRS -

Introduced in 7.10.7 -

CURLOPT_FTP_FILEMETHOD -

Introduced in 7.15.1 -

CURLOPT_FTP_RESPONSE_TIMEOUT -

Introduced in 7.10.8 -

CURLOPT_FTP_SKIP_PASV_IP -

Introduced in 7.15.0 -

CURLOPT_FTP_SSL -

Introduced in 7.11.0 Deprecated since 7.16.4 -

CURLOPT_FTP_SSL_CCC -

Introduced in 7.16.1 -

CURLOPT_FTP_USE_EPRT -

Introduced in 7.10.5 -

CURLOPT_FTP_USE_EPSV -

Introduced in 7.9.2 -

CURLOPT_FTP_USE_PRET -

Introduced in 7.20.0 -

CURLOPT_GSSAPI_DELEGATION -

Introduced in 7.22.0 -

CURLOPT_HEADER -

Introduced in 7.1 -

CURLOPT_HEADERDATA -

Introduced in 7.10 -

CURLOPT_HEADERFUNCTION -

Introduced in 7.7.2 -

CURLOPT_HEADEROPT -

Introduced in 7.37.0 -

CURLOPT_HTTP200ALIASES -

Introduced in 7.10.3 -

CURLOPT_HTTPAUTH -

Introduced in 7.10.6 -

CURLOPT_HTTPGET -

Introduced in 7.8.1 -

CURLOPT_HTTPHEADER -

Introduced in 7.1 -

CURLOPT_HTTPPOST -

Introduced in 7.1 -

CURLOPT_HTTPPROXYTUNNEL -

Introduced in 7.3 -

CURLOPT_HTTPREQUEST -

Introduced in 7.1 -

CURLOPT_HTTP_CONTENT_DECODING -

Introduced in 7.16.2 -

CURLOPT_HTTP_TRANSFER_DECODING -

Introduced in 7.16.2 -

CURLOPT_HTTP_VERSION -

Introduced in 7.9.1 -

CURLOPT_IGNORE_CONTENT_LENGTH -

Introduced in 7.14.1 -

CURLOPT_INFILE -

Introduced in 7.1 Deprecated since 7.9.7 -

CURLOPT_INFILESIZE -

Introduced in 7.1 -

CURLOPT_INFILESIZE_LARGE -

Introduced in 7.11.0 -

CURLOPT_INTERFACE -

Introduced in 7.3 -

CURLOPT_INTERLEAVEDATA -

Introduced in 7.20.0 -

CURLOPT_INTERLEAVEFUNCTION -

Introduced in 7.20.0 -

CURLOPT_IOCTLDATA -

Introduced in 7.12.3 -

CURLOPT_IOCTLFUNCTION -

Introduced in 7.12.3 -

CURLOPT_IPRESOLVE -

Introduced in 7.10.8 -

CURLOPT_ISSUERCERT -

Introduced in 7.19.0 -

CURLOPT_KEYPASSWD -

Introduced in 7.17.0 -

CURLOPT_KRB4LEVEL -

Introduced in 7.3 Deprecated since 7.17.0 -

CURLOPT_KRBLEVEL -

Introduced in 7.16.4 -

CURLOPT_LOCALPORT -

Introduced in 7.15.2 -

CURLOPT_LOCALPORTRANGE -

Introduced in 7.15.2 -

CURLOPT_LOGIN_OPTIONS -

Introduced in 7.34.0 -

CURLOPT_LOW_SPEED_LIMIT -

Introduced in 7.1 -

CURLOPT_LOW_SPEED_TIME -

Introduced in 7.1 -

CURLOPT_MAIL_AUTH -

Introduced in 7.25.0 -

CURLOPT_MAIL_FROM -

Introduced in 7.20.0 -

CURLOPT_MAIL_RCPT -

Introduced in 7.20.0 -

CURLOPT_MAXCONNECTS -

Introduced in 7.7 -

CURLOPT_MAXFILESIZE -

Introduced in 7.10.8 -

CURLOPT_MAXFILESIZE_LARGE -

Introduced in 7.11.0 -

CURLOPT_MAXREDIRS -

Introduced in 7.5 -

CURLOPT_MAX_RECV_SPEED_LARGE -

Introduced in 7.15.5 -

CURLOPT_MAX_SEND_SPEED_LARGE -

Introduced in 7.15.5 -

CURLOPT_MUTE -

Introduced in 7.1 Deprecated since 7.8 Last used in 7.8 -

CURLOPT_NETRC -

Introduced in 7.1 -

CURLOPT_NETRC_FILE -

Introduced in 7.11.0 -

CURLOPT_NEW_DIRECTORY_PERMS -

Introduced in 7.16.4 -

CURLOPT_NEW_FILE_PERMS -

Introduced in 7.16.4 -

CURLOPT_NOBODY -

Introduced in 7.1 -

CURLOPT_NOPROGRESS -

Introduced in 7.1 -

CURLOPT_NOPROXY -

Introduced in 7.19.4 -

CURLOPT_NOSIGNAL -

Introduced in 7.10 -

CURLOPT_NOTHING -

Introduced in 7.1.1 Deprecated since 7.11.1 Last used in 7.11.1 -

CURLOPT_OPENSOCKETDATA -

Introduced in 7.17.1 -

CURLOPT_OPENSOCKETFUNCTION -

Introduced in 7.17.1 -

CURLOPT_PASSWDDATA -

Introduced in 7.4.2 Deprecated since 7.11.1 Last used in 7.11.1 -

CURLOPT_PASSWDFUNCTION -

Introduced in 7.4.2 Deprecated since 7.11.1 Last used in 7.11.1 -

CURLOPT_PASSWORD -

Introduced in 7.19.1 -

CURLOPT_PASV_HOST -

Introduced in 7.12.1 Deprecated since 7.16.0 Last used in 7.16.0 -

CURLOPT_PATH_AS_IS -

Introduced in 7.42.0 -

CURLOPT_PINNEDPUBLICKEY -

Introduced in 7.39.0 -

CURLOPT_PIPEWAIT -

Introduced in 7.43.0 -

CURLOPT_PORT -

Introduced in 7.1 -

CURLOPT_POST -

Introduced in 7.1 -

CURLOPT_POST301 -

Introduced in 7.17.1 Deprecated since 7.19.1 -

CURLOPT_POSTFIELDS -

Introduced in 7.1 -

CURLOPT_POSTFIELDSIZE -

Introduced in 7.2 -

CURLOPT_POSTFIELDSIZE_LARGE -

Introduced in 7.11.1 -

CURLOPT_POSTQUOTE -

Introduced in 7.1 -

CURLOPT_POSTREDIR -

Introduced in 7.19.1 -

CURLOPT_PREQUOTE -

Introduced in 7.9.5 -

CURLOPT_PRIVATE -

Introduced in 7.10.3 -

CURLOPT_PROGRESSDATA -

Introduced in 7.1 -

CURLOPT_PROGRESSFUNCTION -

Introduced in 7.1 Deprecated since 7.32.0 -

CURLOPT_PROTOCOLS -

Introduced in 7.19.4 -

CURLOPT_PROXY -

Introduced in 7.1 -

CURLOPT_PROXYAUTH -

Introduced in 7.10.7 -

CURLOPT_PROXYHEADER -

Introduced in 7.37.0 -

CURLOPT_PROXYPASSWORD -

Introduced in 7.19.1 -

CURLOPT_PROXYPORT -

Introduced in 7.1 -

CURLOPT_PROXYTYPE -

Introduced in 7.10 -

CURLOPT_PROXYUSERNAME -

Introduced in 7.19.1 -

CURLOPT_PROXYUSERPWD -

Introduced in 7.1 -

CURLOPT_PROXY_SERVICE_NAME -

Introduced in 7.43.0 -

CURLOPT_PROXY_TRANSFER_MODE -

Introduced in 7.18.0 -

CURLOPT_PUT -

Introduced in 7.1 -

CURLOPT_QUOTE -

Introduced in 7.1 -

CURLOPT_RANDOM_FILE -

Introduced in 7.7 -

CURLOPT_RANGE -

Introduced in 7.1 -

CURLOPT_READDATA -

Introduced in 7.9.7 -

CURLOPT_READFUNCTION -

Introduced in 7.1 -

CURLOPT_REDIR_PROTOCOLS -

Introduced in 7.19.4 -

CURLOPT_REFERER -

Introduced in 7.1 -

CURLOPT_RESOLVE -

Introduced in 7.21.3 -

CURLOPT_RESUME_FROM -

Introduced in 7.1 -

CURLOPT_RESUME_FROM_LARGE -

Introduced in 7.11.0 -

CURLOPT_RTSPHEADER -

Introduced in 7.20.0 -

CURLOPT_RTSP_CLIENT_CSEQ -

Introduced in 7.20.0 -

CURLOPT_RTSP_REQUEST -

Introduced in 7.20.0 -

CURLOPT_RTSP_SERVER_CSEQ -

Introduced in 7.20.0 -

CURLOPT_RTSP_SESSION_ID -

Introduced in 7.20.0 -

CURLOPT_RTSP_STREAM_URI -

Introduced in 7.20.0 -

CURLOPT_RTSP_TRANSPORT -

Introduced in 7.20.0 -

CURLOPT_SASL_IR -

Introduced in 7.31.0 -

CURLOPT_SEEKDATA -

Introduced in 7.18.0 -

CURLOPT_SEEKFUNCTION -

Introduced in 7.18.0 -

CURLOPT_SERVER_RESPONSE_TIMEOUT -

Introduced in 7.20.0 -

CURLOPT_SERVICE_NAME -

Introduced in 7.43.0 -

CURLOPT_SHARE -

Introduced in 7.10 -

CURLOPT_SOCKOPTDATA -

Introduced in 7.16.0 -

CURLOPT_SOCKOPTFUNCTION -

Introduced in 7.16.0 -

CURLOPT_SOCKS5_GSSAPI_NEC -

Introduced in 7.19.4 -

CURLOPT_SOCKS5_GSSAPI_SERVICE -

Introduced in 7.19.4 -

CURLOPT_SOURCE_HOST -

Introduced in 7.12.1 -

CURLOPT_SOURCE_PATH -

Introduced in 7.12.1 -

CURLOPT_SOURCE_PORT -

Introduced in 7.12.1 -

CURLOPT_SOURCE_POSTQUOTE -

Introduced in 7.12.1 -

CURLOPT_SOURCE_PREQUOTE -

Introduced in 7.12.1 -

CURLOPT_SOURCE_QUOTE -

Introduced in 7.13.0 -

CURLOPT_SOURCE_URL -

Introduced in 7.13.0 -

CURLOPT_SOURCE_USERPWD -

Introduced in 7.12.1 -

CURLOPT_SSH_AUTH_TYPES -

Introduced in 7.16.1 -

CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 -

Introduced in 7.17.1 -

CURLOPT_SSH_KEYDATA -

Introduced in 7.19.6 -

CURLOPT_SSH_KEYFUNCTION -

Introduced in 7.19.6 -

CURLOPT_SSH_KNOWNHOSTS -

Introduced in 7.19.6 -

CURLOPT_SSH_PRIVATE_KEYFILE -

Introduced in 7.16.1 -

CURLOPT_SSH_PUBLIC_KEYFILE -

Introduced in 7.16.1 -

CURLOPT_SSLCERT -

Introduced in 7.1 -

CURLOPT_SSLCERTPASSWD -

Introduced in 7.1.1 Deprecated since 7.17.0 -

CURLOPT_SSLCERTTYPE -

Introduced in 7.9.3 -

CURLOPT_SSLENGINE -

Introduced in 7.9.3 -

CURLOPT_SSLENGINE_DEFAULT -

Introduced in 7.9.3 -

CURLOPT_SSLKEY -

Introduced in 7.9.3 -

CURLOPT_SSLKEYPASSWD -

Introduced in 7.9.3 Deprecated since 7.17.0 -

CURLOPT_SSLKEYTYPE -

Introduced in 7.9.3 -

CURLOPT_SSLVERSION -

Introduced in 7.1 -

CURLOPT_SSL_CIPHER_LIST -

Introduced in 7.9 -

CURLOPT_SSL_CTX_DATA -

Introduced in 7.10.6 -

CURLOPT_SSL_CTX_FUNCTION -

Introduced in 7.10.6 -

CURLOPT_SSL_ENABLE_ALPN -

Introduced in 7.36.0 -

CURLOPT_SSL_ENABLE_NPN -

Introduced in 7.36.0 -

CURLOPT_SSL_FALSESTART -

Introduced in 7.42.0 -

CURLOPT_SSL_OPTIONS -

Introduced in 7.25.0 -

CURLOPT_SSL_SESSIONID_CACHE -

Introduced in 7.16.0 -

CURLOPT_SSL_VERIFYHOST -

Introduced in 7.8.1 -

CURLOPT_SSL_VERIFYPEER -

Introduced in 7.4.2 -

CURLOPT_SSL_VERIFYSTATUS -

Introduced in 7.41.0 -

CURLOPT_STDERR -

Introduced in 7.1 -

CURLOPT_TCP_KEEPALIVE -

Introduced in 7.25.0 -

CURLOPT_TCP_KEEPIDLE -

Introduced in 7.25.0 -

CURLOPT_TCP_KEEPINTVL -

Introduced in 7.25.0 -

CURLOPT_TCP_NODELAY -

Introduced in 7.11.2 -

CURLOPT_TELNETOPTIONS -

Introduced in 7.7 -

CURLOPT_TFTP_BLKSIZE -

Introduced in 7.19.4 -

CURLOPT_TIMECONDITION -

Introduced in 7.1 -

CURLOPT_TIMEOUT -

Introduced in 7.1 -

CURLOPT_TIMEOUT_MS -

Introduced in 7.16.2 -

CURLOPT_TIMEVALUE -

Introduced in 7.1 -

CURLOPT_TLSAUTH_PASSWORD -

Introduced in 7.21.4 -

CURLOPT_TLSAUTH_TYPE -

Introduced in 7.21.4 -

CURLOPT_TLSAUTH_USERNAME -

Introduced in 7.21.4 -

CURLOPT_TRANSFERTEXT -

Introduced in 7.1.1 -

CURLOPT_TRANSFER_ENCODING -

Introduced in 7.21.6 -

CURLOPT_UNIX_SOCKET_PATH -

Introduced in 7.40.0 -

CURLOPT_UNRESTRICTED_AUTH -

Introduced in 7.10.4 -

CURLOPT_UPLOAD -

Introduced in 7.1 -

CURLOPT_URL -

Introduced in 7.1 -

CURLOPT_USERAGENT -

Introduced in 7.1 -

CURLOPT_USERNAME -

Introduced in 7.19.1 -

CURLOPT_USERPWD -

Introduced in 7.1 -

CURLOPT_USE_SSL -

Introduced in 7.17.0 -

CURLOPT_VERBOSE -

Introduced in 7.1 -

CURLOPT_WILDCARDMATCH -

Introduced in 7.21.0 -

CURLOPT_WRITEDATA -

Introduced in 7.9.7 -

CURLOPT_WRITEFUNCTION -

Introduced in 7.1 -

CURLOPT_WRITEHEADER -

Introduced in 7.1 -

CURLOPT_WRITEINFO -

Introduced in 7.1 -

CURLOPT_XFERINFODATA -

Introduced in 7.32.0 -

CURLOPT_XFERINFOFUNCTION -

Introduced in 7.32.0 -

CURLOPT_XOAUTH2_BEARER -

Introduced in 7.33.0 -

CURLPAUSE_ALL -

Introduced in 7.18.0 -

CURLPAUSE_CONT -

Introduced in 7.18.0 -

CURLPAUSE_RECV -

Introduced in 7.18.0 -

CURLPAUSE_RECV_CONT -

Introduced in 7.18.0 -

CURLPAUSE_SEND -

Introduced in 7.18.0 -

CURLPAUSE_SEND_CONT -

Introduced in 7.18.0 -

CURLPIPE_HTTP1 -

Introduced in 7.43.0 -

CURLPIPE_MULTIPLEX -

Introduced in 7.43.0 -

CURLPIPE_NOTHING -

Introduced in 7.43.0 -

CURLPROTO_ALL -

Introduced in 7.19.4 -

CURLPROTO_DICT -

Introduced in 7.19.4 -

CURLPROTO_FILE -

Introduced in 7.19.4 -

CURLPROTO_FTP -

Introduced in 7.19.4 -

CURLPROTO_FTPS -

Introduced in 7.19.4 -

CURLPROTO_GOPHER -

Introduced in 7.21.2 -

CURLPROTO_HTTP -

Introduced in 7.19.4 -

CURLPROTO_HTTPS -

Introduced in 7.19.4 -

CURLPROTO_IMAP -

Introduced in 7.20.0 -

CURLPROTO_IMAPS -

Introduced in 7.20.0 -

CURLPROTO_LDAP -

Introduced in 7.19.4 -

CURLPROTO_LDAPS -

Introduced in 7.19.4 -

CURLPROTO_POP3 -

Introduced in 7.20.0 -

CURLPROTO_POP3S -

Introduced in 7.20.0 -

CURLPROTO_RTMP -

Introduced in 7.21.0 -

CURLPROTO_RTMPE -

Introduced in 7.21.0 -

CURLPROTO_RTMPS -

Introduced in 7.21.0 -

CURLPROTO_RTMPT -

Introduced in 7.21.0 -

CURLPROTO_RTMPTE -

Introduced in 7.21.0 -

CURLPROTO_RTMPTS -

Introduced in 7.21.0 -

CURLPROTO_RTSP -

Introduced in 7.20.0 -

CURLPROTO_SCP -

Introduced in 7.19.4 -

CURLPROTO_SFTP -

Introduced in 7.19.4 -

CURLPROTO_SMB -

Introduced in 7.40.0 -

CURLPROTO_SMBS -

Introduced in 7.40.0 -

CURLPROTO_SMTP -

Introduced in 7.20.0 -

CURLPROTO_SMTPS -

Introduced in 7.20.0 -

CURLPROTO_TELNET -

Introduced in 7.19.4 -

CURLPROTO_TFTP -

Introduced in 7.19.4 -

CURLPROXY_HTTP -

Introduced in 7.10 -

CURLPROXY_HTTP_1_0 -

Introduced in 7.19.4 -

CURLPROXY_SOCKS4 -

Introduced in 7.10 -

CURLPROXY_SOCKS4A -

Introduced in 7.18.0 -

CURLPROXY_SOCKS5 -

Introduced in 7.10 -

CURLPROXY_SOCKS5_HOSTNAME -

Introduced in 7.18.0 -

CURLSHE_BAD_OPTION -

Introduced in 7.10.3 -

CURLSHE_INVALID -

Introduced in 7.10.3 -

CURLSHE_IN_USE -

Introduced in 7.10.3 -

CURLSHE_NOMEM -

Introduced in 7.12.0 -

CURLSHE_NOT_BUILT_IN -

Introduced in 7.23.0 -

CURLSHE_OK -

Introduced in 7.10.3 -

CURLSHOPT_LOCKFUNC -

Introduced in 7.10.3 -

CURLSHOPT_NONE -

Introduced in 7.10.3 -

CURLSHOPT_SHARE -

Introduced in 7.10.3 -

CURLSHOPT_UNLOCKFUNC -

Introduced in 7.10.3 -

CURLSHOPT_UNSHARE -

Introduced in 7.10.3 -

CURLSHOPT_USERDATA -

Introduced in 7.10.3 -

CURLSOCKTYPE_ACCEPT -

Introduced in 7.28.0 -

CURLSOCKTYPE_IPCXN -

Introduced in 7.16.0 -

CURLSSH_AUTH_AGENT -

Introduced in 7.28.0 -

CURLSSH_AUTH_ANY -

Introduced in 7.16.1 -

CURLSSH_AUTH_DEFAULT -

Introduced in 7.16.1 -

CURLSSH_AUTH_HOST -

Introduced in 7.16.1 -

CURLSSH_AUTH_KEYBOARD -

Introduced in 7.16.1 -

CURLSSH_AUTH_NONE -

Introduced in 7.16.1 -

CURLSSH_AUTH_PASSWORD -

Introduced in 7.16.1 -

CURLSSH_AUTH_PUBLICKEY -

Introduced in 7.16.1 -

CURLSSLBACKEND_AXTLS -

Introduced in 7.38.0 -

CURLSSLBACKEND_CYASSL -

Introduced in 7.34.0 -

CURLSSLBACKEND_DARWINSSL -

Introduced in 7.34.0 -

CURLSSLBACKEND_GNUTLS -

Introduced in 7.34.0 -

CURLSSLBACKEND_GSKIT -

Introduced in 7.34.0 -

CURLSSLBACKEND_NONE -

Introduced in 7.34.0 -

CURLSSLBACKEND_NSS -

Introduced in 7.34.0 -

CURLSSLBACKEND_OPENSSL -

Introduced in 7.34.0 -

CURLSSLBACKEND_POLARSSL -

Introduced in 7.34.0 -

CURLSSLBACKEND_QSOSSL -

Introduced in 7.34.0 -

CURLSSLBACKEND_SCHANNEL -

Introduced in 7.34.0 -

CURLSSLOPT_ALLOW_BEAST -

Introduced in 7.25.0 -

CURLSSLOPT_NO_REVOKE -

Introduced in 7.44.0 -

CURLUSESSL_ALL -

Introduced in 7.17.0 -

CURLUSESSL_CONTROL -

Introduced in 7.17.0 -

CURLUSESSL_NONE -

Introduced in 7.17.0 -

CURLUSESSL_TRY -

Introduced in 7.17.0 -

CURLVERSION_FIRST -

Introduced in 7.10 -

CURLVERSION_FOURTH -

Introduced in 7.16.1 -

CURLVERSION_NOW -

Introduced in 7.10 -

CURLVERSION_SECOND -

Introduced in 7.11.1 -

CURLVERSION_THIRD -

Introduced in 7.12.0 -

CURL_CHUNK_BGN_FUNC_FAIL -

Introduced in 7.21.0 -

CURL_CHUNK_BGN_FUNC_OK -

Introduced in 7.21.0 -

CURL_CHUNK_BGN_FUNC_SKIP -

Introduced in 7.21.0 -

CURL_CHUNK_END_FUNC_FAIL -

Introduced in 7.21.0 -

CURL_CHUNK_END_FUNC_OK -

Introduced in 7.21.0 -

CURL_CSELECT_ERR -

Introduced in 7.16.3 -

CURL_CSELECT_IN -

Introduced in 7.16.3 -

CURL_CSELECT_OUT -

Introduced in 7.16.3 -

CURL_EASY_NONE -

Introduced in 7.14.0 -

CURL_EASY_TIMEOUT -

Introduced in 7.14.0 -

CURL_ERROR_SIZE -

Introduced in 7.1 -

CURL_FNMATCHFUNC_FAIL -

Introduced in 7.21.0 -

CURL_FNMATCHFUNC_MATCH -

Introduced in 7.21.0 -

CURL_FNMATCHFUNC_NOMATCH -

Introduced in 7.21.0 -

CURL_FORMADD_DISABLED -

Introduced in 7.12.1 -

CURL_FORMADD_ILLEGAL_ARRAY -

Introduced in 7.9.8 -

CURL_FORMADD_INCOMPLETE -

Introduced in 7.9.8 -

CURL_FORMADD_MEMORY -

Introduced in 7.9.8 -

CURL_FORMADD_NULL -

Introduced in 7.9.8 -

CURL_FORMADD_OK -

Introduced in 7.9.8 -

CURL_FORMADD_OPTION_TWICE -

Introduced in 7.9.8 -

CURL_FORMADD_UNKNOWN_OPTION -

Introduced in 7.9.8 -

CURL_GLOBAL_ACK_EINTR -

Introduced in 7.30.0 -

CURL_GLOBAL_ALL -

Introduced in 7.8 -

CURL_GLOBAL_DEFAULT -

Introduced in 7.8 -

CURL_GLOBAL_NOTHING -

Introduced in 7.8 -

CURL_GLOBAL_SSL -

Introduced in 7.8 -

CURL_GLOBAL_WIN32 -

Introduced in 7.8.1 -

CURL_HTTP_VERSION_1_0 -

Introduced in 7.9.1 -

CURL_HTTP_VERSION_1_1 -

Introduced in 7.9.1 -

CURL_HTTP_VERSION_2_0 -

Introduced in 7.33.0 -

CURL_HTTP_VERSION_2 -

Introduced in 7.43.0 -

CURL_HTTP_VERSION_NONE -

Introduced in 7.9.1 -

CURL_IPRESOLVE_V4 -

Introduced in 7.10.8 -

CURL_IPRESOLVE_V6 -

Introduced in 7.10.8 -

CURL_IPRESOLVE_WHATEVER -

Introduced in 7.10.8 -

CURL_LOCK_ACCESS_NONE -

Introduced in 7.10.3 -

CURL_LOCK_ACCESS_SHARED -

Introduced in 7.10.3 -

CURL_LOCK_ACCESS_SINGLE -

Introduced in 7.10.3 -

CURL_LOCK_DATA_CONNECT -

Introduced in 7.10.3 -

CURL_LOCK_DATA_COOKIE -

Introduced in 7.10.3 -

CURL_LOCK_DATA_DNS -

Introduced in 7.10.3 -

CURL_LOCK_DATA_NONE -

Introduced in 7.10.3 -

CURL_LOCK_DATA_SHARE -

Introduced in 7.10.4 -

CURL_LOCK_DATA_SSL_SESSION -

Introduced in 7.10.3 -

CURL_LOCK_TYPE_CONNECT -

Introduced in 7.10 -

CURL_LOCK_TYPE_COOKIE -

Introduced in 7.10 -

CURL_LOCK_TYPE_DNS -

Introduced in 7.10 -

CURL_LOCK_TYPE_NONE -

Introduced in 7.10 -

CURL_LOCK_TYPE_SSL_SESSION -

Introduced in 7.10 -

CURL_MAX_HTTP_HEADER -

Introduced in 7.19.7 -

CURL_MAX_WRITE_SIZE -

Introduced in 7.9.7 -

CURL_NETRC_IGNORED -

Introduced in 7.9.8 -

CURL_NETRC_OPTIONAL -

Introduced in 7.9.8 -

CURL_NETRC_REQUIRED -

Introduced in 7.9.8 -

CURL_POLL_IN -

Introduced in 7.14.0 -

CURL_POLL_INOUT -

Introduced in 7.14.0 -

CURL_POLL_NONE -

Introduced in 7.14.0 -

CURL_POLL_OUT -

Introduced in 7.14.0 -

CURL_POLL_REMOVE -

Introduced in 7.14.0 -

CURL_PROGRESS_BAR -

Introduced in 7.1.1 -

CURL_PROGRESS_STATS -

Introduced in 7.1.1 -

CURL_PUSH_DENY -

Introduced in 7.44.0 -

CURL_PUSH_OK -

Introduced in 7.44.0 -

CURL_READFUNC_ABORT -

Introduced in 7.12.1 -

CURL_READFUNC_PAUSE -

Introduced in 7.18.0 -

CURL_REDIR_GET_ALL -

Introduced in 7.19.1 -

CURL_REDIR_POST_301 -

Introduced in 7.19.1 -

CURL_REDIR_POST_302 -

Introduced in 7.19.1 -

CURL_REDIR_POST_303 -

Introduced in 7.25.1 -

CURL_REDIR_POST_ALL -

Introduced in 7.19.1 -

CURL_RTSPREQ_ANNOUNCE -

Introduced in 7.20.0 -

CURL_RTSPREQ_DESCRIBE -

Introduced in 7.20.0 -

CURL_RTSPREQ_GET_PARAMETER -

Introduced in 7.20.0 -

CURL_RTSPREQ_NONE -

Introduced in 7.20.0 -

CURL_RTSPREQ_OPTIONS -

Introduced in 7.20.0 -

CURL_RTSPREQ_PAUSE -

Introduced in 7.20.0 -

CURL_RTSPREQ_PLAY -

Introduced in 7.20.0 -

CURL_RTSPREQ_RECEIVE -

Introduced in 7.20.0 -

CURL_RTSPREQ_RECORD -

Introduced in 7.20.0 -

CURL_RTSPREQ_SETUP -

Introduced in 7.20.0 -

CURL_RTSPREQ_SET_PARAMETER -

Introduced in 7.20.0 -

CURL_RTSPREQ_TEARDOWN -

Introduced in 7.20.0 -

CURL_SEEKFUNC_CANTSEEK -

Introduced in 7.19.5 -

CURL_SEEKFUNC_FAIL -

Introduced in 7.19.5 -

CURL_SEEKFUNC_OK -

Introduced in 7.19.5 -

CURL_SOCKET_BAD -

Introduced in 7.14.0 -

CURL_SOCKET_TIMEOUT -

Introduced in 7.14.0 -

CURL_SOCKOPT_ALREADY_CONNECTED -

Introduced in 7.21.5 -

CURL_SOCKOPT_ERROR -

Introduced in 7.21.5 -

CURL_SOCKOPT_OK -

Introduced in 7.21.5 -

CURL_SSLVERSION_DEFAULT -

Introduced in 7.9.2 -

CURL_SSLVERSION_SSL -

Introduced in -

CURL_SSLVERSION_SSL -

Introduced in -

CURL_SSLVERSION_TLS -

Introduced in -

CURL_SSLVERSION_TLS -

Introduced in -

CURL_SSLVERSION_TLS -

Introduced in -

CURL_SSLVERSION_TLS -

Introduced in -

CURL_TIMECOND_IFMODSINCE -

Introduced in 7.9.7 -

CURL_TIMECOND_IFUNMODSINCE -

Introduced in 7.9.7 -

CURL_TIMECOND_LASTMOD -

Introduced in 7.9.7 -

CURL_TIMECOND_NONE -

Introduced in 7.9.7 -

CURL_TLSAUTH_NONE -

Introduced in 7.21.4 -

CURL_TLSAUTH_SRP -

Introduced in 7.21.4 -

CURL_VERSION_ASYNCHDNS -

Introduced in 7.10.7 -

CURL_VERSION_CONV -

Introduced in 7.15.4 -

CURL_VERSION_CURLDEBUG -

Introduced in 7.19.6 -

CURL_VERSION_DEBUG -

Introduced in 7.10.6 -

CURL_VERSION_GSSAPI -

Introduced in 7.38.0 -

CURL_VERSION_GSSNEGOTIATE -

Introduced in 7.10.6 Deprecated since 7.38.0 -

CURL_VERSION_HTTP2 -

Introduced in 7.33.0 -

CURL_VERSION_IDN -

Introduced in 7.12.0 -

CURL_VERSION_IPV6 -

Introduced in 7.10 -

CURL_VERSION_KERBEROS4 -

Introduced in 7.10 Deprecated since 7.33.0 -

CURL_VERSION_KERBEROS5 -

Introduced in 7.40.0 -

CURL_VERSION_LARGEFILE -

Introduced in 7.11.1 -

CURL_VERSION_LIBZ -

Introduced in 7.10 -

CURL_VERSION_NTLM -

Introduced in 7.10.6 -

CURL_VERSION_NTLM_WB -

Introduced in 7.22.0 -

CURL_VERSION_SPNEGO -

Introduced in 7.10.8 -

CURL_VERSION_SSL -

Introduced in 7.10 -

CURL_VERSION_SSPI -

Introduced in 7.13.2 -

CURL_VERSION_TLSAUTH_SRP -

Introduced in 7.21.4 -

CURL_VERSION_UNIX_SOCKETS -

Introduced in 7.40.0 -

CURL_WAIT_POLLIN -

Introduced in 7.28.0 -

CURL_WAIT_POLLOUT -

Introduced in 7.28.0 -

CURL_WAIT_POLLPRI -

Introduced in 7.28.0 -

CURL_WRITEFUNC_PAUSE -

Introduced in 7.18.0

- This HTML page was made with roffit. - diff --git a/docs/libcurl/libcurl-symbols.pdf b/docs/libcurl/libcurl-symbols.pdf deleted file mode 100644 index c353e1f..0000000 Binary files a/docs/libcurl/libcurl-symbols.pdf and /dev/null differ diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3 deleted file mode 100644 index fd5b0e4..0000000 --- a/docs/libcurl/libcurl-thread.3 +++ /dev/null @@ -1,95 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) 2015, Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at http://curl.haxx.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" ************************************************************************** -.\" -.TH libcurl-thread 3 "13 Jul 2015" "libcurl" "libcurl thread safety" -.SH NAME -libcurl-thread \- libcurl thread safety -.SH "Multi-threading with libcurl" -libcurl is thread safe but has no internal thread synchronization. You may have -to provide your own locking should you meet any of the thread safety exceptions -below. - -\fBHandles.\fP You must \fBnever\fP share the same handle in multiple threads. -You can pass the handles around among threads, but you must never use a single -handle from more than one thread at any given time. - -\fBShared objects.\fP You can share certain data between multiple handles by -using the share interface but you must provide your own locking and set -\fIcurl_share_setopt(3)\fP CURLSHOPT_LOCKFUNC and CURLSHOPT_UNLOCKFUNC. -.SH TLS -If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are -then of course using the underlying SSL library multi-threaded and those libs -might have their own requirements on this issue. You may need to provide one -or two functions to allow it to function properly: -.IP OpenSSL -http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION - -http://curl.haxx.se/libcurl/c/opensslthreadlock.html -.IP GnuTLS -http://gnutls.org/manual/html_node/Thread-safety.html -.IP NSS -thread-safe already without anything required. -.IP PolarSSL -Required actions unknown. -.IP yassl -Required actions unknown. -.IP axTLS -Required actions unknown. -.IP Secure-Transport -The engine is used by libcurl in a way that is fully thread-safe. -.IP WinSSL -The engine is used by libcurl in a way that is fully thread-safe. -.IP wolfSSL -The engine is used by libcurl in a way that is fully thread-safe. -.SH "Other areas of caution" -.IP Signals -Signals are used for timing out name resolves (during DNS lookup) - when built -without using either the c-ares or threaded resolver backends. When using -multiple threads you should set the \fICURLOPT_NOSIGNAL(3)\fP option to 1L for -all handles. Everything will or might work fine except that timeouts are not -honored during the DNS lookup - which you can work around by building libcurl -with c-ares support. c-ares is a library that provides asynchronous name -resolves. On some platforms, libcurl simply will not function properly -multi-threaded unless this option is set. -.IP "Name resolving" -\fBgethostby* functions and other system calls.\fP These functions, provided -by your operating system, must be thread safe. It is very important that -libcurl can find and use thread safe versions of these and other system calls, -as otherwise it can't function fully thread safe. Some operating systems are -known to have faulty thread implementations. We have previously received -problem reports on *BSD (at least in the past, they may be working fine these -days). Some operating systems that are known to have solid and working thread -support are Linux, Solaris and Windows. -.IP "curl_global_* functions" -These functions are not thread safe. If you are using libcurl with multiple -threads it is especially important that before use you call -\fIcurl_global_init(3)\fP or \fIcurl_global_init_mem(3)\fP to explicitly -initialize the library and its dependents, rather than rely on the "lazy" -fail-safe initialization that takes place the first time -\fIcurl_easy_init(3)\fP is called. For an in-depth explanation refer to -\fIlibcurl(3)\fP section \fBGLOBAL CONSTANTS\fP. -.IP "Memory functions" -These functions, provided either by your operating system or your own -replacements, must be thread safe. You can use \fIcurl_global_init_mem(3)\fP -to set your own replacement memory functions. -.IP Non-safe functions -\fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP is not thread-safe. diff --git a/docs/libcurl/libcurl-thread.html b/docs/libcurl/libcurl-thread.html deleted file mode 100644 index 9690bab..0000000 --- a/docs/libcurl/libcurl-thread.html +++ /dev/null @@ -1,90 +0,0 @@ - - -libcurl-thread man page - - - - -

NAME

-

libcurl-thread - libcurl thread safety

Multi-threading with libcurl

-

libcurl is thread safe but has no internal thread synchronization. You may have to provide your own locking should you meet any of the thread safety exceptions below. -

Handles. You must never share the same handle in multiple threads. You can pass the handles around among threads, but you must never use a single handle from more than one thread at any given time. -

Shared objects. You can share certain data between multiple handles by using the share interface but you must provide your own locking and set curl_share_setopt CURLSHOPT_LOCKFUNC and CURLSHOPT_UNLOCKFUNC.

TLS

-

If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are then of course using the underlying SSL library multi-threaded and those libs might have their own requirements on this issue. You may need to provide one or two functions to allow it to function properly: -

OpenSSL -

http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION -

http://curl.haxx.se/libcurl/c/opensslthreadlock.html -

GnuTLS -

http://gnutls.org/manual/html_node/Thread-safety.html -

NSS -

thread-safe already without anything required. -

PolarSSL -

Required actions unknown. -

yassl -

Required actions unknown. -

axTLS -

Required actions unknown. -

Secure-Transport -

The engine is used by libcurl in a way that is fully thread-safe. -

WinSSL -

The engine is used by libcurl in a way that is fully thread-safe. -

wolfSSL -

The engine is used by libcurl in a way that is fully thread-safe.

Other areas of caution

-

-

Signals -

Signals are used for timing out name resolves (during DNS lookup) - when built without using either the c-ares or threaded resolver backends. When using multiple threads you should set the CURLOPT_NOSIGNAL(3) option to 1L for all handles. Everything will or might work fine except that timeouts are not honored during the DNS lookup - which you can work around by building libcurl with c-ares support. c-ares is a library that provides asynchronous name resolves. On some platforms, libcurl simply will not function properly multi-threaded unless this option is set. -

Name resolving -

gethostby* functions and other system calls. These functions, provided by your operating system, must be thread safe. It is very important that libcurl can find and use thread safe versions of these and other system calls, as otherwise it can't function fully thread safe. Some operating systems are known to have faulty thread implementations. We have previously received problem reports on *BSD (at least in the past, they may be working fine these days). Some operating systems that are known to have solid and working thread support are Linux, Solaris and Windows. -

curl_global_* functions -

These functions are not thread safe. If you are using libcurl with multiple threads it is especially important that before use you call curl_global_init or curl_global_init_mem to explicitly initialize the library and its dependents, rather than rely on the "lazy" fail-safe initialization that takes place the first time curl_easy_init is called. For an in-depth explanation refer to libcurl section GLOBAL CONSTANTS. -

Memory functions -

These functions, provided either by your operating system or your own replacements, must be thread safe. You can use curl_global_init_mem to set your own replacement memory functions. -

Non-safe functions -

CURLOPT_DNS_USE_GLOBAL_CACHE(3) is not thread-safe.

- This HTML page was made with roffit. - diff --git a/docs/libcurl/libcurl-thread.pdf b/docs/libcurl/libcurl-thread.pdf deleted file mode 100644 index 8656f21..0000000 Binary files a/docs/libcurl/libcurl-thread.pdf and /dev/null differ diff --git a/docs/libcurl/libcurl-tutorial.3 b/docs/libcurl/libcurl-tutorial.3 index 558652c..11b0190 100644 --- a/docs/libcurl/libcurl-tutorial.3 +++ b/docs/libcurl/libcurl-tutorial.3 @@ -256,8 +256,58 @@ complication for you. Given simply the URL to a file, libcurl will take care of all the details needed to get the file moved from one machine to another. .SH "Multi-threading Issues" -libcurl is thread safe but there are a few exceptions. Refer to -\fIlibcurl-thread(3)\fP for more information. +The first basic rule is that you must \fBnever\fP simultaneously share a +libcurl handle (be it easy or multi or whatever) between multiple +threads. Only use one handle in one thread at any time. You can pass the +handles around among threads, but you must never use a single handle from more +than one thread at any given time. + +libcurl is completely thread safe, except for two issues: signals and SSL/TLS +handlers. Signals are used for timing out name resolves (during DNS lookup) - +when built without using either the c-ares or threaded resolver backends. + +If you are accessing HTTPS or FTPS URLs in a multi-threaded manner, you are +then of course using the underlying SSL library multi-threaded and those libs +might have their own requirements on this issue. Basically, you need to +provide one or two functions to allow it to function properly. For all +details, see this: + +OpenSSL + + http://www.openssl.org/docs/crypto/threads.html#DESCRIPTION + +GnuTLS + + http://gnutls.org/manual/html_node/Thread-safety.html + +NSS + + is claimed to be thread-safe already without anything required. + +PolarSSL + + Required actions unknown. + +yassl + + Required actions unknown. + +axTLS + + Required actions unknown. + +Secure Transport + + The engine is fully thread-safe, and no additional steps are required. + +When using multiple threads you should set the \fICURLOPT_NOSIGNAL(3)\fP +option to 1 for all handles. Everything will or might work fine except that +timeouts are not honored during the DNS lookup - which you can work around by +building libcurl with c-ares support. c-ares is a library that provides +asynchronous name resolves. On some platforms, libcurl simply will not +function properly multi-threaded unless this option is set. + +Also, note that \fICURLOPT_DNS_USE_GLOBAL_CACHE(3)\fP is not thread-safe. .SH "When It Doesn't Work" There will always be times when the transfer fails for some reason. You might @@ -955,7 +1005,7 @@ or understand incoming cookies and they will just be ignored. However, when the parser is enabled the cookies will be understood and the cookies will be kept in memory and used properly in subsequent requests when the same handle is used. Many times this is enough, and you may not have to save the cookies -to disk at all. Note that the file you specify to \fICURLOPT_COOKIEFILE(3)\fP +to disk at all. Note that the file you specify to \ICURLOPT_COOKIEFILE(3)\fP doesn't have to exist to enable the parser, so a common way to just enable the parser and not read any cookies is to use the name of a file you know doesn't exist. diff --git a/docs/libcurl/libcurl-tutorial.html b/docs/libcurl/libcurl-tutorial.html index 70e34aa..43bfc24 100644 --- a/docs/libcurl/libcurl-tutorial.html +++ b/docs/libcurl/libcurl-tutorial.html @@ -4,20 +4,15 @@ libcurl-tutorial man page - - -

NAME

-

CURLMOPT_PUSHDATA - pointer to pass to push callback

SYNOPSIS

-

-#include <curl/curl.h>
- 
-CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHDATA, void *pointer);
-
- -

DESCRIPTION

-

Set pointer to pass as the last argument to the CURLMOPT_PUSHFUNCTION callback. The pointer will not be touched or used by libcurl itself, only passed on to the callback function.

DEFAULT

-

NULL

PROTOCOLS

-

HTTP(S)

EXAMPLE

-

TODO

AVAILABILITY

-

Added in 7.44.0

RETURN VALUE

-

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

-

CURLMOPT_PUSHFUNCTION, CURLMOPT_PIPELINING, CURLOPT_PIPEWAIT, RFC 7540

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf b/docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf deleted file mode 100644 index 200136b..0000000 Binary files a/docs/libcurl/opts/CURLMOPT_PUSHDATA.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 deleted file mode 100644 index fb5e4e4..0000000 --- a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3 +++ /dev/null @@ -1,132 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at http://curl.haxx.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" ************************************************************************** -.\" -.TH CURLMOPT_PUSHFUNCTION 3 "1 Jun 2015" "libcurl 7.44.0" "curl_multi_setopt options" -.SH NAME -CURLMOPT_PUSHFUNCTION \- callback that approves or denies server pushes -.SH SYNOPSIS -.nf -#include - -char *curl_pushheader_bynum(push_headers, int num); -char *curl_pushheader_byname(push_headers, const char *name); - -int curl_push_callback(CURL *parent, - CURL *easy, - size_t num_headers, - struct curl_pushheaders *headers, - void *userp); - -CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHFUNCTION, - curl_push_callback func); -.fi -.SH DESCRIPTION -This callback gets called when a new HTTP/2 stream is being pushed by the -server (using the PUSH_PROMISE frame). If no push callback is set, all offered -pushes will be denied automatically. -.SH CALLBACK DESCRIPTION -The callback gets its arguments like this: - -\fIparent\fP is the handle of the stream on which this push arrives. The new -handle has been duphandle()d from the parent, meaning that it has gotten all -its options inherited. It is then up to the application to alter any options -if desired. - -\fIeasy\fP is a newly created handle that represents this upcoming transfer. - -\fInum_headers\fP is the number of name+value pairs that was received and can -be accessed - -\fIheaders\fP is a handle used to access push headers using the accessor -functions described below. This only accesses and provides the PUSH_PROMISE -headers, the normal response headers will be provided in the header callback -as usual. - -\fIuserp\fP is the pointer set with \fICURLMOPT_PUSHDATA(3)\fP - -If the callback returns CURL_PUSH_OK, the 'easy' handle will be added to the -multi handle, the callback must not do that by itself. - -The callback can access PUSH_PROMISE headers with two accessor -functions. These functions can only be used from within this callback and they -can only access the PUSH_PROMISE headers. The normal response headers will be -pased to the header callback for pushed streams just as for normal streams. -.IP curl_pushheader_bynum -Returns the header at index 'num' (or NULL). The returned pointer points to a -"name:value" string that will be freed when this callback returns. -.IP curl_pushheader_byname -Returns the value for the given header name (or NULL). This is a shortcut so -that the application doesn't have to loop through all headers to find the one -it is interested in. The data pointed will be freed when this callback -returns. -.SH CALLBACK RETURN VALUE -.IP "CURL_PUSH_OK (0)" -The application has accepted the stream and it can now start receiving data, -the ownership of the CURL handle has been taken over by the application. -.IP "CURL_PUSH_DENY (1)" -The callback denies the stream and no data for this will reach the -application, the easy handle will be destroyed by libcurl. -.IP * -All other return codes are reserved for future use. -.SH DEFAULT -NULL, no callback -.SH PROTOCOLS -HTTP(S) (HTTP/2 only) -.SH EXAMPLE -.nf -/* only allow pushes for file names starting with "push-" */ -int push_callback(CURL *parent, - CURL *easy, - size_t num_headers, - struct curl_pushheaders *headers, - void *userp) -{ - char *headp; - int *transfers = (int *)userp; - FILE *out; - headp = curl_pushheader_byname(headers, ":path"); - if(headp && !strncmp(headp, "/push-", 6)) { - fprintf(stderr, "The PATH is %s\n", headp); - - /* save the push here */ - out = fopen("pushed-stream", "wb"); - - /* write to this file */ - curl_easy_setopt(easy, CURLOPT_WRITEDATA, out); - - (*transfers)++; /* one more */ - - return CURL_PUSH_OK; - } - return CURL_PUSH_DENY; -} - -curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback); -curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter); -.fi -.SH AVAILABILITY -Added in 7.44.0 -.SH RETURN VALUE -Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLMOPT_PUSHDATA "(3), " CURLMOPT_PIPELINING "(3), " CURLOPT_PIPEWAIT "(3), " -.BR RFC 7540 diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.html b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.html deleted file mode 100644 index 17680a0..0000000 --- a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.html +++ /dev/null @@ -1,131 +0,0 @@ - - -CURLMOPT_PUSHFUNCTION man page - - - - -

NAME

-

CURLMOPT_PUSHFUNCTION - callback that approves or denies server pushes

SYNOPSIS

-

-#include <curl/curl.h>
- 
-char *curl_pushheader_bynum(push_headers, int num);
-char *curl_pushheader_byname(push_headers, const char *name);
- 
-int curl_push_callback(CURL *parent,
-                       CURL *easy,
-                       size_t num_headers,
-                       struct curl_pushheaders *headers,
-                       void *userp);
- 
-CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_PUSHFUNCTION,
-                            curl_push_callback func);
-
- -

DESCRIPTION

-

This callback gets called when a new HTTP/2 stream is being pushed by the server (using the PUSH_PROMISE frame). If no push callback is set, all offered pushes will be denied automatically.

CALLBACK DESCRIPTION

-

The callback gets its arguments like this: -

parent is the handle of the stream on which this push arrives. The new handle has been duphandle()d from the parent, meaning that it has gotten all its options inherited. It is then up to the application to alter any options if desired. -

easy is a newly created handle that represents this upcoming transfer. -

num_headers is the number of name+value pairs that was received and can be accessed -

headers is a handle used to access push headers using the accessor functions described below. This only accesses and provides the PUSH_PROMISE headers, the normal response headers will be provided in the header callback as usual. -

userp is the pointer set with CURLMOPT_PUSHDATA -

If the callback returns CURL_PUSH_OK, the 'easy' handle will be added to the multi handle, the callback must not do that by itself. -

The callback can access PUSH_PROMISE headers with two accessor functions. These functions can only be used from within this callback and they can only access the PUSH_PROMISE headers. The normal response headers will be pased to the header callback for pushed streams just as for normal streams. -

curl_pushheader_bynum -

Returns the header at index 'num' (or NULL). The returned pointer points to a "name:value" string that will be freed when this callback returns. -

curl_pushheader_byname -

Returns the value for the given header name (or NULL). This is a shortcut so that the application doesn't have to loop through all headers to find the one it is interested in. The data pointed will be freed when this callback returns.

CALLBACK RETURN VALUE

-

-

CURL_PUSH_OK (0) -

The application has accepted the stream and it can now start receiving data, the ownership of the CURL handle has been taken over by the application. -

CURL_PUSH_DENY (1) -

The callback denies the stream and no data for this will reach the application, the easy handle will be destroyed by libcurl. -

* -

All other return codes are reserved for future use.

DEFAULT

-

NULL, no callback

PROTOCOLS

-

HTTP(S) (HTTP/2 only)

EXAMPLE

-

-/* only allow pushes for file names starting with "push-" */
-int push_callback(CURL *parent,
-                  CURL *easy,
-                  size_t num_headers,
-                  struct curl_pushheaders *headers,
-                  void *userp)
-{
-  char *headp;
-  int *transfers = (int *)userp;
-  FILE *out;
-  headp = curl_pushheader_byname(headers, ":path");
-  if(headp && !strncmp(headp, "/push-", 6)) {
-    fprintf(stderr, "The PATH is %sn", headp);
- 
-    /* save the push here */
-    out = fopen("pushed-stream", "wb");
- 
-    /* write to this file */
-    curl_easy_setopt(easy, CURLOPT_WRITEDATA, out);
- 
-    (*transfers)++; /* one more */
- 
-    return CURL_PUSH_OK;
-  }
-  return CURL_PUSH_DENY;
-}
- 
-curl_multi_setopt(multi, CURLMOPT_PUSHFUNCTION, push_callback);
-curl_multi_setopt(multi, CURLMOPT_PUSHDATA, &counter);
-
- -

AVAILABILITY

-

Added in 7.44.0

RETURN VALUE

-

Returns CURLM_OK if the option is supported, and CURLM_UNKNOWN_OPTION if not.

SEE ALSO

-

CURLMOPT_PUSHDATA, CURLMOPT_PIPELINING, CURLOPT_PIPEWAIT, RFC 7540

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf b/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf deleted file mode 100644 index d6431ed..0000000 Binary files a/docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html index 5cea2c1..dd2da96 100644 --- a/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html +++ b/docs/libcurl/opts/CURLMOPT_SOCKETDATA.html @@ -4,20 +4,15 @@ CURLMOPT_SOCKETDATA man page - - -

NAME

-

CURLOPT_PATH_AS_IS - do not handle dot dot sequences

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PATH_AS_IS, long leaveit);

DESCRIPTION

-

By setting the long leavit to 1, to explicitly tell libcurl to not alter the given path before passing it on to the server. -

This tells libcurl to NOT squash sequences of "/../" or "/./" that may exist in the URL's path part and that is supposed to be removed according to RFC 3986 section 5.2.4. -

Some server implementations are known to (erroneously) require the dot dot sequences to remain in the path and some clients want to pass these on in order to try out server implementations. -

By default libcurl will merge such sequences before using the path.

DEFAULT

-

0

PROTOCOLS

-

All

EXAMPLE

-

-CURL *curl = curl_easy_init();
-if(curl) {
-  curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/../../etc/password");
- 
-  curl_easy_setopt(curl, CURLOPT_PATH_AS_IS, 1L);
- 
-  curl_easy_perform(curl);
-}
-
- -

AVAILABILITY

-

Aded in 7.42.0

RETURN VALUE

-

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

-

CURLOPT_STDERR, CURLOPT_DEBUGFUNCTION,

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf b/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf deleted file mode 100644 index 2e6c2d6..0000000 Binary files a/docs/libcurl/opts/CURLOPT_PATH_AS_IS.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 deleted file mode 100644 index 0d4357a..0000000 --- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 +++ /dev/null @@ -1,87 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at http://curl.haxx.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_PINNEDPUBLICKEY 3 "27 Aug 2014" "libcurl 7.38.0" "curl_easy_setopt options" -.SH NAME -CURLOPT_PINNEDPUBLICKEY \- set pinned public key -.SH SYNOPSIS -#include - -CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey); -.SH DESCRIPTION -Pass a pointer to a zero terminated string as parameter. The string can be the -file name of your pinned public key. The file format expected is "PEM" or "DER". -The string can also be any number of base64 encoded sha256 hashes preceded by -"sha256//" and seperated by ";" - -When negotiating a TLS or SSL connection, the server sends a certificate -indicating its identity. A public key is extracted from this certificate and -if it does not exactly match the public key provided to this option, curl will -abort the connection before sending or receiving any data. -.SH DEFAULT -NULL -.SH PROTOCOLS -All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc. -.SH EXAMPLE -.nf -CURL *curl = curl_easy_init(); -if(curl) { - curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); - curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der"); - /* OR - curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno="); - */ - - /* Perform the request */ - curl_easy_perform(curl); -} -.fi -.SH PUBLIC KEY EXTRACTION -If you do not have the server's public key file you can extract it from the -server's certificate. -.nf -# extract public key in pem format from certificate -openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem -# convert public key from pem to der -openssl asn1parse -noout -inform pem -in www.test.com.pubkey.pem -out www.test.com.pubkey.der -# sha256 hash and base64 encode der to string for use -openssl dgst -sha256 -binary www.test.com.pubkey.der | openssl base64 -.fi -The public key in PEM format contains a header, base64 data and a -footer: -.nf ------BEGIN PUBLIC KEY----- -[BASE 64 DATA] ------END PUBLIC KEY----- -.fi -.SH AVAILABILITY -Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for -NSS and wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL, -GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported. -.SH RETURN VALUE -Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or -CURLE_OUT_OF_MEMORY if there was insufficient heap space. -.SH "SEE ALSO" -.BR CURLOPT_SSL_VERIFYPEER "(3), " -.BR CURLOPT_SSL_VERIFYHOST "(3), " -.BR CURLOPT_CAINFO "(3), " -.BR CURLOPT_CAPATH "(3), " diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html deleted file mode 100644 index b0f5e63..0000000 --- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.html +++ /dev/null @@ -1,96 +0,0 @@ - - -CURLOPT_PINNEDPUBLICKEY man page - - - - -

NAME

-

CURLOPT_PINNEDPUBLICKEY - set pinned public key

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PINNEDPUBLICKEY, char *pinnedpubkey);

DESCRIPTION

-

Pass a pointer to a zero terminated string as parameter. The string can be the file name of your pinned public key. The file format expected is "PEM" or "DER". The string can also be any number of base64 encoded sha256 hashes preceded by "sha256//" and seperated by ";" -

When negotiating a TLS or SSL connection, the server sends a certificate indicating its identity. A public key is extracted from this certificate and if it does not exactly match the public key provided to this option, curl will abort the connection before sending or receiving any data.

DEFAULT

-

NULL

PROTOCOLS

-

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

-

-CURL *curl = curl_easy_init();
-if(curl) {
-  curl_easy_setopt(curl, CURLOPT_URL, "https://example.com");
-  curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "/etc/publickey.der");
-  /* OR
-  curl_easy_setopt(curl, CURLOPT_PINNEDPUBLICKEY, "sha256//YhKJKSzoTt2b5FP18fvpHo7fJYqQCjAa3HWY3tvRMwE=;sha256//t62CeU2tQiqkexU74Gxa2eg7fRbEgoChTociMee9wno=");
-  */
- 
-  /* Perform the request */
-  curl_easy_perform(curl);
-}
-
- -

PUBLIC KEY EXTRACTION

-

If you do not have the server's public key file you can extract it from the server's certificate. 

-# extract public key in pem format from certificate
-openssl x509 -in www.test.com.pem -pubkey -noout > www.test.com.pubkey.pem
-# convert public key from pem to der
-openssl asn1parse -noout -inform pem -in www.test.com.pubkey.pem -out www.test.com.pubkey.der
-# sha256 hash and base64 encode der to string for use
-openssl dgst -sha256 -binary www.test.com.pubkey.der | openssl base64
-
- -

The public key in PEM format contains a header, base64 data and a footer: 

------BEGIN PUBLIC KEY-----
-[BASE 64 DATA]
------END PUBLIC KEY-----
-
- -

AVAILABILITY

-

Added in 7.39.0 for OpenSSL, GnuTLS and GSKit. Added in 7.43.0 for NSS and wolfSSL/CyaSSL. sha256 support added in 7.44.0 for OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. Other SSL backends not supported.

RETURN VALUE

-

Returns CURLE_OK if TLS enabled, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

-

CURLOPT_SSL_VERIFYPEER, CURLOPT_SSL_VERIFYHOST, CURLOPT_CAINFO, CURLOPT_CAPATH,

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf deleted file mode 100644 index 3b77059..0000000 Binary files a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 b/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 deleted file mode 100644 index 5f64195..0000000 --- a/docs/libcurl/opts/CURLOPT_PIPEWAIT.3 +++ /dev/null @@ -1,63 +0,0 @@ -.\" ************************************************************************** -.\" * _ _ ____ _ -.\" * Project ___| | | | _ \| | -.\" * / __| | | | |_) | | -.\" * | (__| |_| | _ <| |___ -.\" * \___|\___/|_| \_\_____| -.\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. -.\" * -.\" * This software is licensed as described in the file COPYING, which -.\" * you should have received as part of this distribution. The terms -.\" * are also available at http://curl.haxx.se/docs/copyright.html. -.\" * -.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell -.\" * copies of the Software, and permit persons to whom the Software is -.\" * furnished to do so, under the terms of the COPYING file. -.\" * -.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY -.\" * KIND, either express or implied. -.\" * -.\" ************************************************************************** -.\" -.TH CURLOPT_PIPEWAIT 3 "12 May 2015" "libcurl 7.43.0" "curl_easy_setopt options" -.SH NAME -CURLOPT_PIPEWAIT \- wait for pipelining/multiplexing -.SH SYNOPSIS -#include - -CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait); -.SH DESCRIPTION -Set \fIwait\fP to 1L to tell libcurl to prefer to wait for a connection to -confirm or deny that it can do pipelining or multiplexing before continuing. - -When about to perform a new transfer that allows pipelining or multiplexing, -libcurl will check for existing connections to re-use and pipeline on. If no -such connection exists it will immediately continue and create a fresh new -connection to use. - -By setting this option to 1 - and having \fICURLMOPT_PIPELINE\fP enabled for -the multi handle this transfer is associated with - libcurl will instead wait -for the connection to reveal if it is possible to pipeline/multiplex on before -it continues. This enables libcurl to much better keep the number of -connections to a minimum when using pipelining or multiplexing protocols. - -The effect thus becomes that with this option set, libcurl prefers to wait and -re-use an existing connection for pipelining rather than the opposite: prefer -to open a new connection rather than waiting. - -The waiting time is as long as it takes for the connection to get up and for -libcurl to get the necessary response back that informs it about its protocol -and support level. -.SH DEFAULT -0 (off) -.SH PROTOCOLS -HTTP(S) -.SH EXAMPLE -.SH AVAILABILITY -Added in 7.43.0 -.SH RETURN VALUE -Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not. -.SH "SEE ALSO" -.BR CURLOPT_FORBID_REUSE "(3), " CURLOPT_FRESH_CONNECT "(3), " -.BR CURLMOPT_PIPELINING "(3), " CURLMOPT_MAX_HOST_CONNECTIONS "(3), " diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.html b/docs/libcurl/opts/CURLOPT_PIPEWAIT.html deleted file mode 100644 index b266c5e..0000000 --- a/docs/libcurl/opts/CURLOPT_PIPEWAIT.html +++ /dev/null @@ -1,69 +0,0 @@ - - -CURLOPT_PIPEWAIT man page - - - - -

NAME

-

CURLOPT_PIPEWAIT - wait for pipelining/multiplexing

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PIPEWAIT, long wait);

DESCRIPTION

-

Set wait to 1L to tell libcurl to prefer to wait for a connection to confirm or deny that it can do pipelining or multiplexing before continuing. -

When about to perform a new transfer that allows pipelining or multiplexing, libcurl will check for existing connections to re-use and pipeline on. If no such connection exists it will immediately continue and create a fresh new connection to use. -

By setting this option to 1 - and having CURLMOPT_PIPELINE enabled for the multi handle this transfer is associated with - libcurl will instead wait for the connection to reveal if it is possible to pipeline/multiplex on before it continues. This enables libcurl to much better keep the number of connections to a minimum when using pipelining or multiplexing protocols. -

The effect thus becomes that with this option set, libcurl prefers to wait and re-use an existing connection for pipelining rather than the opposite: prefer to open a new connection rather than waiting. -

The waiting time is as long as it takes for the connection to get up and for libcurl to get the necessary response back that informs it about its protocol and support level.

DEFAULT

-

0 (off)

PROTOCOLS

-

HTTP(S)

EXAMPLE

-

AVAILABILITY

-

Added in 7.43.0

RETURN VALUE

-

Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.

SEE ALSO

-

CURLOPT_FORBID_REUSE, CURLOPT_FRESH_CONNECT, CURLMOPT_PIPELINING, CURLMOPT_MAX_HOST_CONNECTIONS,

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf b/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf deleted file mode 100644 index 0132620..0000000 Binary files a/docs/libcurl/opts/CURLOPT_PIPEWAIT.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLOPT_PORT.html b/docs/libcurl/opts/CURLOPT_PORT.html index 1358803..4154014 100644 --- a/docs/libcurl/opts/CURLOPT_PORT.html +++ b/docs/libcurl/opts/CURLOPT_PORT.html @@ -4,20 +4,15 @@ CURLOPT_PORT man page - - -

NAME

-

CURLOPT_PROXY_SERVICE_NAME - proxy service name

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_PROXY_SERVICE_NAME, char *name);

DESCRIPTION

-

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. -

See above

PROTOCOLS

-

Most

EXAMPLE

-

TODO

AVAILABILITY

-

Added in 7.43.0

RETURN VALUE

-

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

-

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf b/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf deleted file mode 100644 index 19a9905..0000000 Binary files a/docs/libcurl/opts/CURLOPT_PROXY_SERVICE_NAME.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html index 65b97dd..ae3f30a 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html +++ b/docs/libcurl/opts/CURLOPT_PROXY_TRANSFER_MODE.html @@ -4,20 +4,15 @@ CURLOPT_PROXY_TRANSFER_MODE man page - - -

NAME

-

CURLOPT_SERVICE_NAME - SPNEGO service name

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SERVICE_NAME, char *name);

DESCRIPTION

-

Pass a char * as parameter to a string holding the name of the service. The default service name is "HTTP". This option allows you to change it. -

See above

PROTOCOLS

-

Most

EXAMPLE

-

TODO

AVAILABILITY

-

Added in 7.43.0

RETURN VALUE

-

Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space.

SEE ALSO

-

CURLOPT_PROXY, CURLOPT_PROXYTYPE,

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf b/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf deleted file mode 100644 index 21d32fb..0000000 Binary files a/docs/libcurl/opts/CURLOPT_SERVICE_NAME.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLOPT_SHARE.html b/docs/libcurl/opts/CURLOPT_SHARE.html index 8fbe21b..ae2082e 100644 --- a/docs/libcurl/opts/CURLOPT_SHARE.html +++ b/docs/libcurl/opts/CURLOPT_SHARE.html @@ -4,20 +4,15 @@ CURLOPT_SHARE man page - - -

NAME

-

CURLOPT_SSL_FALSESTART - enable TLS false start

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_FALSESTART, long enable);

DESCRIPTION

-

Pass a long as parameter set to 1 to enable or 0 to disable. -

This option determines whether libcurl should use false start during the TLS handshake. False start is a mode where a TLS client will start sending application data before verifying the server's Finished message, thus saving a round trip when performing a full handshake.

DEFAULT

-

0

PROTOCOLS

-

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

-

TODO

AVAILABILITY

-

Added in 7.42.0. This option is currently only supported by the NSS and Secure Transport (on iOS 7.0 or later, or OS X 10.9 or later) TLS backends.

RETURN VALUE

-

Returns CURLE_OK if false start is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN.

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf b/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf deleted file mode 100644 index bca982c..0000000 Binary files a/docs/libcurl/opts/CURLOPT_SSL_FALSESTART.pdf and /dev/null differ diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 index 0afd2fb..09bcb96 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 @@ -30,25 +30,13 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_OPTIONS, long bitmask); .SH DESCRIPTION Pass a long with a bitmask to tell libcurl about specific SSL behaviors. -\fICURLSSLOPT_ALLOW_BEAST\fP tells libcurl to not attempt to use any -workarounds for a security flaw in the SSL3 and TLS1.0 protocols. If this -option isn't used or this bit is set to 0, the SSL layer libcurl uses may use a -work-around for this flaw although it might cause interoperability problems -with some (older) SSL implementations. WARNING: avoiding this work-around -lessens the security, and by setting this option to 1 you ask for exactly that. -This option is only supported for DarwinSSL, NSS and OpenSSL. - -Added in 7.44.0: - -\fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation -checks for those SSL backends where such behavior is present. \fBCurrently this -option is only supported for WinSSL (the native Windows SSL library), with an -exception in the case of Windows' Untrusted Publishers blacklist which it seems -can't be bypassed.\fP This option may have broader support to accommodate other -SSL backends in the future. -http://curl.haxx.se/docs/ssl-compared.html - - +\fICURLSSLOPT_ALLOW_BEAST\fP is the only supported bit and by setting this the +user will tell libcurl to not attempt to use any workarounds for a security +flaw in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit +is set to 0, the SSL layer libcurl uses may use a work-around for this flaw +although it might cause interoperability problems with some (older) SSL +implementations. WARNING: avoiding this work-around lessens the security, and +by setting this option to 1 you ask for exactly that. .SH DEFAULT 0 .SH PROTOCOLS diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html index 5b0a4a6..f268c59 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html +++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.html @@ -4,20 +4,15 @@ CURLOPT_SSL_OPTIONS man page - - -

NAME

-

CURLOPT_SSL_VERIFYSTATUS - verify the certificate's status

SYNOPSIS

-

#include <curl/curl.h> -

CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_VERIFYSTATUS, long verify);

DESCRIPTION

-

Pass a long as parameter set to 1 to enable or 0 to disable. -

This option determines whether libcurl verifies the status of the server cert using the "Certificate Status Request" TLS extension (aka. OCSP stapling). -

Note that if this option is enabled but the server does not support the TLS extension, the verification will fail.

DEFAULT

-

0

PROTOCOLS

-

All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.

EXAMPLE

-

TODO

AVAILABILITY

-

Added in 7.41.0. This option is currently only supported by the OpenSSL, GnuTLS and NSS TLS backends.

RETURN VALUE

-

Returns CURLE_OK if OCSP stapling is supported by the SSL backend, otherwise returns CURLE_NOT_BUILT_IN.

SEE ALSO

-

CURLOPT_SSL_VERIFYHOST, CURLOPT_SSL_VERIFYPEER, CURLOPT_CAINFO,

- This HTML page was made with roffit. - diff --git a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf b/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf deleted file mode 100644 index 9e02620..0000000 --- a/docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.pdf +++ /dev/null @@ -1,111 +0,0 @@ -%PDF-1.4 -%Ç쏢 -5 0 obj -<> -stream -xœ­Vën£Fþï§8ÚþX¼2†áÚV•œ„tÝ:Æ5$j”T±' »À›æöUúŽ=sÁÄIV«J•%0Ì̹|ç;ßá,BÁ?}_Ý>Ü6 n*AßV÷p˜â†@¼Hoê ß?d$!½Gg‹i˜Ô–ËÿVV‡ü_†èß²|fð:¿y‚öŽÃŠ×mþu•µü½DÃ&®´ayÄí°hšÞ6¦XT/´Y»mTÏó·‡`ÝMê‘@îK.fñ<™$ûù"<]®?äåªØ®9ü, -y .äî±Ýv *0VnxYè+¹î²r]ðÑÛe~߃Æ,‡XÞw@x ¨Ê[™CÂÀufWß$Lû 3OÏ>Ž’£ÅdžNâ™& -uOÞH~ží¢Iàî@‡L…5°Éê잷¼ÌÚ - /¼Ì® UGðq7â™HÒ’)Ð[(aø yÞå ¨–€µ0xŸ—¼Ç;Žd¨¡È¯Àš)ÔñDÖ_qƒ J#Ë ÕzâõŘÀ%¾¦¡ðäOxNR ¶MŽ)ˆïŽvTƒdÇS×`hº.øÖ7í;¬}|GÛ¿[^6"ô+#ûœˆ’¹kS “«!‘ñX$ RÒ—ƬBoí]ÖB.Âî“Ç -¾5\© -Û7¶mŸšôi‹²ÃºBʪ…f»ÙTµÚ¤"rÇéÚ 3•CìHnםP"Š ˆ ó¢P$Dëoj[5nzjøÄó0H͎¼ ¯ûeGìÙãá‰æŸ‹Ê&47S§ëßñ™DW˓í1_¯Nûîèy+"õ}Ÿí*fX¯‘äîb˜/t“!`?ٞ¯1mb¹¡dLœB¼sh3â[^§”Gñô…v`Ì!±Ïc\².×YƒuÝÔU[­ª¢ù>¦é;úD^'§cq›Çs6‚äßoWo๗Fôçøt>ºv¾ÙÎiŸe¢ïUDZÆÚ ‚7FF(v’¨>ŸC?>°zžK;L¦ãÃÉt’^ìCƒEdNìA -àñz¨ä%øÄAûÒý~ÀίyÙOP•xÑd ¢FE¼á%Êê~-·eT\˜%‰F|õÙq§¨×¼\7u÷ۀv¥g‹œ)Cõ¨1žžEZb_ƒ‹ƒ_M~Tˆv[ë±-ãßEïɁÈèU -¾ UDÊrO8a—)Ý*×#¨„>æ ‡Z¹‘¥Ót(—†r=‹‡Ž¥ä)]¥’xq6™CÜOqr¤ËɌ¼56^Âa$Qãi÷\|A®×ãíc¬> žÀ±I7ºå·Êhߺô<«cÑk‹ó(Z¼´H‰÷ßM'³“xß~ 2¶û€èmáG“OP:Mf£/p7¯ˆðÐD,ÇÀÆ8æ+°q> -/Contents 5 0 R ->> -endobj -3 0 obj -<< /Type /Pages /Kids [ -4 0 R -] /Count 1 ->> -endobj -1 0 obj -<> -endobj -7 0 obj -<>endobj -10 0 obj -<> -endobj -11 0 obj -<> -endobj -9 0 obj -<> -endobj -8 0 obj -<> -endobj -12 0 obj -<> -endobj -13 0 obj -<>stream - - - - - -2015-08-12T08:11:31+02:00 -2015-08-12T08:11:31+02:00 -groff version 1.22.3 - -Untitled - - - - - -endstream -endobj -2 0 obj -<>endobj -xref -0 14 -0000000000 65535 f -0000001554 00000 n -0000003365 00000 n -0000001495 00000 n -0000001335 00000 n -0000000015 00000 n -0000001315 00000 n -0000001619 00000 n -0000001794 00000 n -0000001729 00000 n -0000001660 00000 n -0000001690 00000 n -0000001876 00000 n -0000001942 00000 n -trailer -<< /Size 14 /Root 1 0 R /Info 2 0 R -/ID [] ->> -startxref -3519 -%%EOF diff --git a/docs/libcurl/opts/CURLOPT_STDERR.3 b/docs/libcurl/opts/CURLOPT_STDERR.3 index 8ef1a32..67e9501 100644 --- a/docs/libcurl/opts/CURLOPT_STDERR.3 +++ b/docs/libcurl/opts/CURLOPT_STDERR.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -36,16 +36,7 @@ stderr .SH PROTOCOLS All .SH EXAMPLE -.nf -CURL *curl = curl_easy_init(); -FILE *filep = fopen("dump", "wb"); -if(curl) { - curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); - curl_easy_setopt(curl, CURLOPT_STDERR, filep); - - curl_easy_perform(curl); -} -.fi +TODO .SH AVAILABILITY Always .SH RETURN VALUE diff --git a/docs/libcurl/opts/CURLOPT_STDERR.html b/docs/libcurl/opts/CURLOPT_STDERR.html index 52fcb4d..50fcd93 100644 --- a/docs/libcurl/opts/CURLOPT_STDERR.html +++ b/docs/libcurl/opts/CURLOPT_STDERR.html @@ -4,20 +4,15 @@ CURLOPT_STDERR man page