Commit Graph

1323 Commits

Author SHA1 Message Date
Daniel Stenberg
67f28662e1 bump release: start working towards 7.21.8 2011-06-23 13:51:53 +02:00
Daniel Stenberg
42c6b7577f RELEASE-NOTES: mention security issue 20110623
libcurl inappropriate GSSAPI delegation. Full details at
http://curl.haxx.se/docs/adv_20110623.html
2011-06-22 23:12:39 +02:00
Daniel Stenberg
e5010ec3ff RELEASE-NOTES: synced with 9016958aa8 2011-06-22 23:04:26 +02:00
Daniel Stenberg
8fc4be9e7b RELEASE-NOTES: add more contributors for this release 2011-06-14 19:17:41 +02:00
Daniel Stenberg
70eee054f2 RELEASE-NOTES: synced with 0aedccc18a 2011-06-14 14:45:44 +02:00
Kamil Dudka
f551aa5c16 disconnect: wipe out the keeps_speed time stamp
When closing a connection, the speedchecker's timestamp is now deleted
so that it cannot accidentally be used by a fresh connection on the same
handle when examining the transfer speed.

Bug: https://bugzilla.redhat.com/679709
2011-06-08 00:23:41 +02:00
Daniel Stenberg
6aff805942 RELEASE-NOTES: synced with b772f3a321 2011-06-07 13:15:50 +02:00
Daniel Stenberg
b996b202c4 RELEASE-NOTES: synced with 32001ac414 2011-05-06 11:26:37 +02:00
Daniel Stenberg
f83c36934f RELEASE-NOTES: synced with c4bc1d473f 2011-04-28 22:23:11 +02:00
Daniel Stenberg
c985a8df51 bump version: work towards 7.21.7 2011-04-22 22:02:55 +02:00
Daniel Stenberg
2a05025510 RELEASE-NOTES: two more contributors 2011-04-22 19:17:26 +02:00
Daniel Stenberg
37b9fe104a RELEASE-NOTES: synced with 3242abd87a 2011-04-20 23:59:36 +02:00
Daniel Stenberg
a5db4a46ac RELEASE-NOTES: synced with 5aae3c13e2 2011-04-19 16:40:24 +02:00
Daniel Stenberg
84f809e7a8 RELEASE-NOTES: updated contributor amount 2011-04-17 23:48:50 +02:00
Daniel Stenberg
909acfbbba 7.21.6: next planned release number 2011-04-17 23:44:24 +02:00
Daniel Stenberg
714215f283 RELEASE-NOTES: synced with c246f63a71 2011-04-16 00:16:25 +02:00
Daniel Stenberg
6710970bce RELEASE-NOTES: synced with f01df19798 2011-04-11 22:38:07 +02:00
Kamil Dudka
1a6e7da13d nss: allow to use multiple client certificates for a single host
In case a client certificate is used, invalidate SSL session cache
at the end of a session.  This forces NSS to ask for a new client
certificate when connecting second time to the same host.

Bug: https://bugzilla.redhat.com/689031
2011-04-08 13:35:26 +02:00
Daniel Stenberg
8e9e19b0d5 RELEASE-NOTES: synced with db59b6202d 2011-04-05 13:42:39 +02:00
Daniel Stenberg
40256ec4d3 RELEASE-NOTES: synced with 11c2db2aa2 2011-03-25 21:56:50 +01:00
Daniel Stenberg
92774ac1f3 RELEASE-NOTES: synced with 0c05ee3a33 2011-03-18 09:30:53 +01:00
Kamil Dudka
806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00
Daniel Stenberg
176092d760 RELEASE-NOTES: synced with e649a7baae 2011-03-13 01:06:23 +01:00
Daniel Stenberg
386afdf607 RELEASE-NOTES: synced with 2345c1dd66 2011-02-23 12:59:06 +01:00
Kamil Dudka
7aa2d10e0d nss: do not ignore failure of SSL handshake
Flaw introduced in fc77790 and present in curl-7.21.4.
Bug: https://bugzilla.redhat.com/669702#c16
2011-02-22 13:19:57 +01:00
Daniel Stenberg
1c3c0162c6 SOCKOPTFUNCTION: callback can say already-connected
Introducing a few CURL_SOCKOPT* defines for conveniance. The new
CURL_SOCKOPT_ALREADY_CONNECTED signals to libcurl that the socket is to
be treated as already connected and thus it will skip the connect()
call.
2011-02-17 22:32:01 +01:00
Kamil Dudka
a40f58d2ef nss: avoid memory leak on SSL connection failure 2011-02-17 17:57:16 +01:00
Daniel Stenberg
66582c04b1 RELEASE-NOTES: fresh start towards 7.21.5 2011-02-17 14:00:25 +01:00
Daniel Stenberg
b66eeb8bf8 RELEASE-NOTES: credits since 7.21.3
I went through all the names mentioned as authors and in commit messages
since 7.21.3, and this list inserted now is sorted on first name.
2011-02-17 10:14:55 +01:00
Daniel Stenberg
96ea650ec7 RELEASE-NOTES: synced with 3bb1291fbd 2011-02-10 22:33:12 +01:00
Daniel Stenberg
ce24fdaa2c RELEASE-NOTES: mention contributors 2011-01-18 23:41:57 +01:00
Daniel Stenberg
02c99899a2 RELEASE-NOTES: synced with 7fcbdd68b9 2011-01-18 23:40:48 +01:00
Kamil Dudka
fc77790bcd nss: fix a bug in handling of CURLOPT_CAPATH
... and update the curl.1 and curl_easy_setopt.3 man pages such that
they do not suggest to use an OpenSSL utility if curl is not built
against OpenSSL.

Bug: https://bugzilla.redhat.com/669702
2011-01-18 14:30:49 +01:00
Kamil Dudka
d8f6d1c334 nss: avoid CURLE_OUT_OF_MEMORY given a file name without any slash
Bug: https://bugzilla.redhat.com/623663
2011-01-04 17:20:43 +01:00
Daniel Stenberg
6cf35852ad RELEASE-NOTES: synced with 83e9fb21aa 2011-01-04 00:07:30 +01:00
Daniel Stenberg
5e37689a1a 7.21.4: version bump 2010-12-15 16:05:17 +01:00
Daniel Stenberg
6d7d0eba6d RELEASE-NOTES: synced with a865bd9fba 2010-12-15 15:06:12 +01:00
Daniel Stenberg
573a2900cd RELEASE-NOTES: synced with c28443c551 2010-12-09 11:23:33 +01:00
Matthias Bolte
a83870ef9d Detect socket errors in GnuTLS on Windows
On Windows, translate WSAGetLastError() to errno values as GNU
TLS does it internally, too. This is necessary because send() and
recv() on Windows don't set errno when they fail but GNU TLS
expects a proper errno value.

Bug: http://curl.haxx.se/bug/view.cgi?id=3110991
2010-11-19 13:34:07 -08:00
Daniel Stenberg
4d6c0bdf74 RELEASE-NOTES: synced with cbf4961bf3 2010-11-15 00:07:55 +01:00
Kamil Dudka
12b2412c52 ftp: treat server's response 421 as CURLE_OPERATION_TIMEDOUT
Bug: https://bugzilla.redhat.com/650255
Reported by: Simon H.
2010-11-09 18:13:20 +01:00
Daniel Stenberg
f96a2641fc RELEASE-NOTES: synced with fc6c4c10f9
I also recounted and updated the command line and libcurl options.
2010-11-08 11:20:39 +01:00
Daniel Stenberg
68a485b00a RELEASE-NOTES: synced with 7b823badbc 2010-11-04 22:55:45 +01:00
Daniel Stenberg
295496fa34 RELEASE-NOTES: sync with 09a2d93a0f 2010-10-17 18:55:36 +02:00
Daniel Stenberg
e3df610ada RELEASE-NOTES: start over towards 7.21.3 2010-10-13 00:21:00 +02:00
Daniel Stenberg
d371458348 RELEASE-NOTES: synced with ecd624b8e7 2010-10-12 23:30:35 +02:00
Daniel Stenberg
1998de9993 RELEASE-NOTES: synced with 61f4cdb73a 2010-10-08 23:20:26 +02:00
Daniel Stenberg
488f9545a2 RELEASE-NOTES: synced up to 588402585b 2010-10-01 00:03:17 +02:00
Dan Fandrich
7e1a45e224 Changed the TPF make file to get source files from Makefile.inc
Patch was fixed and validated by David McCreedy.
2010-09-27 17:47:20 -07:00
Daniel Stenberg
e991a3536d RELEASE-NOTES: sync with 8665d4e5 and c-ares >= 1.6.0 note 2010-09-21 22:29:21 +02:00
Daniel Stenberg
0e36bb71f2 RELEASE-NOTES: in sync with 19f45eaa79 2010-09-21 16:53:30 +02:00
Daniel Stenberg
95e230c591 RELEASE-NOTES: synced with 5fcc4332d6
Removed the duplicate entry of Kamil in the credits.
2010-09-21 00:02:10 +02:00
Daniel Stenberg
c47148f142 RELEASE-NOTES: sync from d2a7fd2fe6 to HEAD 2010-09-18 23:16:07 +02:00
Dan Fandrich
8e2f16e66f Link curl and the test apps with -lrt explicitly when necessary
When curl calls a function from that library then it needs to
explicitly link to the library instead of piggybacking on
libcurl's own dependency.  Without this, GNU ld with the
--no-add-needed flag fails when linking (which Fedora now does
by default).

Reported by: Quanah Gibson-Mount
Bug: http://curl.haxx.se/mail/lib-2010-09/0085.html
2010-09-11 17:08:23 -07:00
Daniel Stenberg
d2a7fd2fe6 RELEASE-NOTES: sync from b980c9a02 to HEAD 2010-08-25 17:17:12 +02:00
Daniel Stenberg
b980c9a027 multi: two fixes done 2010-08-15 13:56:00 +02:00
Kamil Dudka
5907777153 curl -T: ignore file size of special files
original bug report at https://bugzilla.redhat.com/622520
2010-08-15 11:26:13 +02:00
Daniel Stenberg
4342a2087a release cycle loop: start over toward 7.21.2 2010-08-11 23:57:44 +02:00
Daniel Stenberg
8249b0522d RELEASE-NOTES: mention the runtests fix as well 2010-08-11 23:35:02 +02:00
Daniel Stenberg
2596eb6d19 RELEASE-NOTES: synced, 3 additional bugfixes 2010-08-10 23:34:03 +02:00
Daniel Stenberg
15201da4ca RELEASE-NOTES: synced with recent changes 2010-08-07 00:24:04 +02:00
Daniel Stenberg
52beeb2c9f RELEASE-NOTES: synced with recent changes 2010-08-03 00:00:01 +02:00
Daniel Stenberg
c8d42b2f1c --retry: access violation with URL part sets continued
When getting multiple URLs, curl didn't properly reset the byte counter
after a successful transfer so if the subsequent transfer failed it
would wrongly use the previous byte counter and behave badly (segfault)
because of that. The code assumes that the byte counter and the 'stream'
pointer is well in synch.

Reported by: Jon Sargeant
Bug: http://curl.haxx.se/bug/view.cgi?id=3028241
2010-07-14 23:50:01 +02:00
Daniel Stenberg
84332b60b9 releasnote: synch up with commit f3b77e5611 2010-07-14 00:40:20 +02:00
Kamil Dudka
f3b77e5611 http_ntlm: add support for NSS
When configured with '--without-ssl --with-nss', NTLM authentication
now uses NSS crypto library for MD5 and DES.  For MD4 we have a local
implementation in that case.  More details are available at
https://bugzilla.redhat.com/603783

In order to get it working, curl_global_init() must be called with
CURL_GLOBAL_SSL or CURL_GLOBAL_ALL.  That's necessary because NSS needs
to be initialized globally and we do so only when the NSS library is
actually required by protocol.  The mentioned call of curl_global_init()
is responsible for creating of the initialization mutex.

There was also slightly changed the NSS initialization scenario, in
particular, loading of the NSS PEM module.  It used to be loaded always
right after the NSS library was initialized.  Now the library is
initialized as soon as any SSL or NTLM is required, while the PEM module
is prevented from being loaded until the SSL is actually required.
2010-06-30 13:12:25 +02:00
Daniel Stenberg
89924a897d glob: backslash escaping bug
curl didn't properly handle escaping characters in a URL with the use of
backslash. It did an attempt, but that failed as reported in bug
3022551. The described example was using the URL
"http://example.com?{AB,C\,D}".

I've now removed the special-handling of letters following the backslash
and I also removed the bad extra check that triggered this particular
bug.

Bug: http://curl.haxx.se/bug/view.cgi?id=3022551
Reported by: Jon Sargeant
2010-06-29 00:22:11 +02:00
Daniel Stenberg
bcefe839c7 release-notes: sync up with recent commits 2010-06-29 00:13:04 +02:00
Daniel Stenberg
7eecfb536a release: start on 7.21.1, bump contributor count 2010-06-16 14:29:16 +02:00
Constantine Sapuntzakis
a0dd9df9ab OpenSSL: fix spurious SSL connection aborts
Was seeing spurious SSL connection aborts using libcurl and
OpenSSL. I tracked it down to uncleared error state on the
OpenSSL error stack - patch attached deals with that.

Rough idea of problem:

Code that uses libcurl calls some library that uses OpenSSL but
don't clear the OpenSSL error stack after an error.

ssluse.c calls SSL_read which eventually gets an EWOULDBLOCK from
the OS. Returns -1 to indicate an error

ssluse.c calls SSL_get_error. First thing, SSL_get_error calls
ERR_get_error to check the OpenSSL error stack, finds an old
error and returns SSL_ERROR_SSL instead of SSL_ERROR_WANT_READ or
SSL_ERROR_WANT_WRITE.

ssluse.c returns an error and aborts the connection

Solution:

Clear the openssl error stack before calling SSL_* operation if
we're going to call SSL_get_error afterwards.

Notes:

This is much more likely to happen with multi because it's easier
to intersperse other calls to the OpenSSL library in the same
thread.
2010-06-05 23:41:58 +02:00
Frank Meier
8098d9417c getinfo: added *_PRIMARY_PORT, *_LOCAL_IP and *_LOCAL_PORT 2010-06-05 00:31:36 +02:00
Daniel Stenberg
605207a3a6 RELEASE-NOTES: add contributors not mentioned 2010-06-04 16:13:05 +02:00
Yang Tse
43d20d81a5 Enable OpenLDAP support for cygwin builds.
Enable OpenLDAP support for cygwin builds. This support was disabled back
in 2008 due to incompatibilities between OpenSSL and OpenLDAP headers.
cygwin's OpenSSL 0.9.8l and OpenLDAP 2.3.43 versions on cygwin 1.5.25
allow building an OpenLDAP enabled libcurl supporting back to Windows 95.

Remove non-functional CURL_LDAP_HYBRID code and references.
2010-06-04 15:14:31 +02:00
Daniel Stenberg
684830cb2a SSH: corrected the inability to respect the timeout
Jason McDonald posted bug report #3006786 when he found that the
SFTP code didn't timeout properly in several places in the code
even if a timeout was set properly.

Based on his suggested patch, I wrote a different implementation
that I think addressed the issue better and also uses the connect
timeout for the initial part of the SSH/SFTP done during the
"protocol connect" phase.

(http://curl.haxx.se/bug/view.cgi?id=3006786)
2010-06-02 23:33:51 +02:00
Daniel Stenberg
2c72732ebf multi_socket: handles timer inaccuracy better for timeouts
Igor Novoseltsev reported a problem with the multi socket API and
using timeouts and timers. It boiled down to a problem with
libcurl's use of GetTickCount() interally to figure out the
current time, while Igor's own application code used another
function call.

It made his app call the socket API timeout function a bit
_before_ libcurl would consider the timeout to trigger, and that
could easily lead to timeouts or stalls in the app. It seems
GetTickCount() in general often has no better resolution than
16ms and switching to the alternative function
QueryPerformanceCounter has its share of problems:
http://www.virtualdub.org/blog/pivot/entry.php?id=106

We address this problem by simply having libcurl treat timers
that already has occured or will occur within 40ms subject for
treatment. I'm confident that there are other implementations and
operating systems with similarly in accurate timer functions so
it makes sense to have applied generically and I don't believe we
sacrifice much by adding a 40ms inaccuracy on these timeouts.
2010-06-01 23:20:16 +02:00
Howard Chu
2e056353b0 LDAP: properly implemented as a curl_handler
makes the LDAP code much cleaner, nicer and in general being a
better libcurl citizen. If a new enough OpenLDAP version is
detect, the new and shiny lib/openldap.c code is then used
instead of the old cruft

Code by Howard, minor cleanups by Daniel.
2010-05-25 00:44:42 +02:00
Daniel Stenberg
0a29e2445c TFTP: block id wrap bug fix
In a normal expression, doing [unsigned short] + 1 will not wrap
at 16 bits so the comparisons and outputs were done wrong. I
added a macro do make sure it gets done right.

Douglas Kilpatrick filed bug report #3004787 about it:
http://curl.haxx.se/bug/view.cgi?id=3004787
2010-05-21 23:04:15 +02:00
Tor Arntsen
5f53c9d94a lib: Fix AIX build failure 2010-05-19 22:09:35 +02:00
Daniel Stenberg
aabd27d9aa TFTP: send timeout option correctly
Eric Mertens posted bug report #3003005 pointing out that the
libcurl TFTP code was not sending the timeout option properly to
the server, and suggested a fix.

(http://curl.haxx.se/bug/view.cgi?id=3003005)
2010-05-18 23:14:00 +02:00
Kamil Dudka
2ffe834bff ftp wildcard: a new option CURLOPT_FNMATCH_DATA 2010-05-16 02:52:33 +02:00
Daniel Stenberg
77cfeadfa6 OpenSSL: multi interface handshake could hang
John-Mark Bell filed bug #3000052 that identified a problem (with
an associated patch) with the OpenSSL handshake state machine
when the multi interface is used:

Performing an https request using a curl multi handle and using
select or epoll to wait for events results in a hang. It appears
that the cause is the fix for bug #2958179, which makes
ossl_connect_common unconditionally return from the step 2 loop
when fetching from a multi handle.

When ossl_connect_step2 has completed, it updates
connssl->connecting_state to ssl_connect_3. ossl_connect_common
will then return to the caller, as a multi handle is in
use. Eventually, the client code will call curl_multi_fdset to
obtain an updated fdset to select or epoll on. For https
requests, curl_multi_fdset will cause https_getsock to be called.
https_getsock will only return a socket handle if the
connecting_state is ssl_connect_2_reading or
ssl_connect_2_writing.  Therefore, the client will never obtain a
valid fdset, and thus not drive the multi handle, resulting in a
hang.

(http://curl.haxx.se/bug/view.cgi?id=3000052)
2010-05-14 22:35:08 +02:00
Daniel Stenberg
7764795c06 follow redirect: ignore response-body on redirect even if compressed
Sebastian V reported bug #3000056 identifying a problem with
redirect following. It showed that when curl followed redirects
it didn't properly ignore the response body of the 30X response
if that response was using compressed Content-Encoding!

(http://curl.haxx.se/bug/view.cgi?id=3000056)
2010-05-14 22:12:07 +02:00
Daniel Stenberg
46b9719bbb changelogs: mention RTMP and the FTP wildcard support 2010-05-13 00:00:55 +02:00
Kamil Dudka
016ce4b1da changelog: fixed CRL support in libcurl-NSS 2010-05-11 14:53:07 +02:00
Daniel Stenberg
adaf87530d multi interface: missed storing connection time
Dirk Manske reported a regression. When connecting with the multi
interface, there were situations where libcurl wouldn't store
connect time correctly as it used to (and is documented to) do.

Using his fine sample program we could repeat it, and I wrote up
test case 573 using that code. The problem does not easily show
itself using the local test suite though.

The fix, also as suggested by Dirk, is a bit on the ugly side as
it adds yet another call to Curl_verboseconnect() and setting the
TIMER_CONNECT time.  That situation is subject for some closer
inspection in the future.
2010-05-07 23:49:29 +02:00
Daniel Stenberg
aca0fff4e1 changelogs: split the I/O handling 2010-05-07 15:53:55 +02:00
Daniel Stenberg
cb6647ce1c changelog: PolarSSL 2010-05-05 22:36:15 +02:00
Daniel Stenberg
16f575ee6c changelog: mention Ben Greear's telnet work 2010-04-29 09:40:48 +02:00
Daniel Stenberg
79dc74e84d new configure option --enable-threaded-resolver 2010-04-25 23:24:05 +02:00
Kamil Dudka
82e9b78a38 nss: fix SSL handshake timeout underflow 2010-04-24 23:23:01 +02:00
Daniel Stenberg
9d6a394c44 RELEASE-NOTES: update top numbers 2010-04-24 12:23:47 +02:00
Daniel Stenberg
d7b82baf97 changelog: added the --proto and -proto-redir options 2010-04-24 12:19:42 +02:00
Daniel Stenberg
71be565cf4 curl: -O crash on windows
The -O option caused curl to crash on windows and DOS due to the
tool writing out of boundary memory.
2010-04-21 23:20:18 +02:00
Ruslan Gazizov
2164b6b463 replaced wsock32.lib usage with ws2_32.lib in MSVC makefiles 2010-04-20 16:30:10 +02:00
Daniel Stenberg
e5b3246d0a changelog: -J/--remote-header-name strips CRLF 2010-04-19 17:08:27 +02:00
Daniel Stenberg
0a4ccce054 changelog: GnuTLS: SSL handshake phase is non-blocking 2010-04-16 22:45:06 +02:00
Daniel Stenberg
0338994c6a changelog: GnuTLS fix, no reverse loopkups and fixed GSS detection 2010-04-16 15:33:10 +02:00
Daniel Stenberg
689b6929c3 changelog: prevent needless reverse name lookups 2010-04-15 13:11:25 +02:00
Daniel Stenberg
72411118ec bumped to start the journey towards 7.20.2 2010-04-14 17:34:26 +02:00
Daniel Stenberg
02892e4fd8 FTP quote commands prefixed with '*' now can fail without aborting
Prefixing the FTP quote commands with an asterisk really only
worked for the postquote actions. This is now fixed and test case
227 has been extended to verify.
2010-04-09 16:54:52 +02:00
Daniel Stenberg
78b284014b updated contributor count 2010-04-02 17:12:58 +02:00