Commit Graph

7340 Commits

Author SHA1 Message Date
Steve Holme
537b571c90 sasl: Fixed compilation warning
warning: no previous prototype for 'Curl_sasl_create_digest_md5_message'
2014-04-06 16:32:28 +01:00
Steve Holme
fe15ea67cc sasl: Added curl_memory.h include as per test 1132 2014-04-06 16:09:19 +01:00
Steve Holme
2af28a147b sasl: Fixed compilation warning in SSPI builds
warning: 'sasl_digest_get_key_value' defined but not used
2014-04-06 16:01:55 +01:00
Steve Holme
f700eb7d9a sasl: Corrected missing free of decoded challenge message from 607883f13c 2014-04-06 14:18:31 +01:00
Steve Holme
175b605331 sasl: Corrected add of Curl_sasl_decode_digest_md5_message() from 2c49e96092 2014-04-06 14:02:10 +01:00
Steve Holme
ee40136f6c sasl: Post DIGEST-MD5 SSPI code tidy up
* Added comments to SSPI NTLM message generation
* Added comments to native DIGEST-MD5 code
* Removed redundant identity pointer
2014-04-06 13:30:52 +01:00
Steve Holme
19a514237d sasl: Corrected pre-processor inclusion of SSPI based DIGEST-MD5 code
When CURL_DISABLE_CRYPTO_AUTH is defined the DIGEST-MD5 code should not
be included, regardless of whether USE__WINDOWS_SSPI is defined or not.
This is indicated by the definition of USE_HTTP_NEGOTIATE and USE_NTLM
in curl_setup.h.
2014-04-06 13:01:14 +01:00
Steve Holme
607883f13c sasl: Added support for DIGEST-MD5 via Windows SSPI 2014-04-06 12:49:32 +01:00
Steve Holme
d4150c317c http_negotiate_sspi: Fixed compilation when USE_HTTP_NEGOTIATE not defined 2014-04-06 01:46:53 +01:00
Steve Holme
0bc14c9faf Makefile.vc6: Added curl_sasl_sspi.c 2014-04-06 00:57:23 +01:00
Steve Holme
c469941293 ntlm: Moved the identity generation into shared SSPI code 2014-04-06 00:35:22 +01:00
Steve Holme
ff853960bd sasl: Renamed SSPI module following short name clash 2014-04-06 00:35:01 +01:00
Steve Holme
2c49e96092 sasl: Added initial stub functions for SSPI DIGEST-MD support 2014-04-05 23:16:51 +01:00
Steve Holme
3a92de5636 sasl: Combined DIGEST-MD5 message decoding and generation 2014-04-05 23:09:04 +01:00
Tatsuhiro Tsujikawa
9e86209d04 http2: Compile with current nghttp2, which supports h2-11 2014-04-05 19:30:12 +02:00
Daniel Stenberg
74851340bd PROXYHEADER: send these headers in "normal" proxy requests too
Updated the docs to clarify and the code accordingly, with test 1528 to
verify:

When CURLHEADER_SEPARATE is set and libcurl is asked to send a request
to a proxy but it isn't CONNECT, then _both_ header lists
(CURLOPT_HTTPHEADER and CURLOPT_PROXYHEADER) will be used since the
single request is then made for both the proxy and the server.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ef6be35bae CURLOPT_HEADEROPT: added
Modified the logic so that CURLOPT_HEADEROPT now controls if PROXYHEADER
is actually used or not.
2014-04-04 17:03:43 +02:00
Daniel Stenberg
ac887eedbc CURLOPT_PROXYHEADER: set headers for proxy-only
Includes docs and new test cases: 1525, 1526 and 1527

Co-written-by: Vijay Panghal
2014-04-04 17:03:43 +02:00
Daniel Stenberg
42937f87e6 HTTP: don't send Content-Length: 0 _and_ Expect: 100-continue
Without request body there's no point in asking for 100-continue.

Bug: http://curl.haxx.se/bug/view.cgi?id=1349
Reported-by: JimS
2014-04-04 15:46:35 +02:00
Daniel Stenberg
c81021f747 ftp: in passive data connect wait for happy eyeballs sockets
When doing passive FTP, the multi state function needs to extract and
use the happy eyeballs sockets to wait for to check for completion!

Bug: http://curl.haxx.se/mail/lib-2014-02/0135.html (ruined)
Reported-by: Alan
2014-04-03 20:38:19 +02:00
Daniel Stenberg
97f214d0c9 http2+openssl: fix compiler warnings in ALPN using code 2014-04-03 17:03:02 +02:00
Steve Holme
dd9ce1b86c smtp: Fixed login denied with a RFC-821 based server
In addition to commit fe260b75e7 fixed the same issue for RFC-821 based
SMTP servers and allow the credientials to be given to curl even though
they are not used with the server.
2014-04-01 07:20:19 +01:00
Daniel Stenberg
8a0385c1ad urldata: spellfix comment
Reported-by: Melissa
2014-04-01 08:00:34 +02:00
Daniel Stenberg
13682d1a24 ipv6: strip off zone identifiers in redirects too
Follow up to 9317eced98 makes test 1056 work again.
2014-03-31 09:35:32 +02:00
Daniel Stenberg
6448946ac3 http2: let openssl mention the exact protocol negotiated
Remove a superfluous "negotiated http2" info line
2014-03-31 09:00:58 +02:00
Daniel Stenberg
ef813c7097 http2: remove _DRAFT09 from the NPN_HTTP2 enum
We're progressing throught drafts so there's no point in having a fixed
one in a symbol that'll survive.
2014-03-31 08:40:24 +02:00
Till Maas
9317eced98 URL parser: IPv6 zone identifiers are now supported 2014-03-31 07:58:25 +02:00
Steve Holme
fe260b75e7 smtp: Fixed login denied when server doesn't support AUTH capability
Specifying user credentials when the SMTP server doesn't support
authentication would cause curl to display "No known authentication
mechanisms supported!" and return CURLE_LOGIN_DENIED.

Reported-by: Tom Sparrow
Bug: http://curl.haxx.se/mail/lib-2014-03/0173.html
2014-03-28 18:21:27 +00:00
Dan Fandrich
a8c7cf6281 hostcheck: added a system include to define struct in_addr 2014-03-26 22:29:00 +01:00
Daniel Stenberg
965690f67e Curl_cert_hostcheck: strip trailing dots in host name and wildcard
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Daniel Stenberg
5019c78095 Curl_cert_hostcheck: reject IP address wildcard matches
There are server certificates used with IP address in the CN field, but
we MUST not allow wild cart certs for hostnames given as IP addresses
only. Therefore we must make Curl_cert_hostcheck() fail such attempts.

Bug: http://curl.haxx.se/docs/adv_20140326B.html
Reported-by: Richard Moore
2014-03-25 23:01:37 +01:00
Steve Holme
517b06d657 url: Fixed connection re-use when using different log-in credentials
In addition to FTP, other connection based protocols such as IMAP, POP3,
SMTP, SCP, SFTP and LDAP require a new connection when different log-in
credentials are specified. Fixed the detection logic to include these
other protocols.

Bug: http://curl.haxx.se/docs/adv_20140326A.html
2014-03-25 23:01:37 +01:00
Gisle Vanem
196140dcaf polarssl: avoid extra newlines in debug messages
The debug messages printed inside PolarSSL always seems to end with a
newline. So 'infof()' should not add one. Besides the trace 'line'
should be 'const'.
2014-03-22 16:55:39 +01:00
Daniel Stenberg
4ff71183b9 rtsp: parse "Session:" header properly
The parser skipped the initial letter, which presumably often is
whitespace but doesn't have to be.

Reported-by: Mike Hasselberg
Bug: http://curl.haxx.se/mail/lib-2014-03/0134.html
2014-03-20 11:52:27 +01:00
Daniel Stenberg
930b81387b trynextip: don't store 'ai' on failed connects...
It leads to the "next family" tries starting from the wrong point and thus
fails!

Bug: http://curl.haxx.se/bug/view.cgi?id=1337
Reported-by: ricker
2014-03-19 16:34:12 +01:00
Gaël PORTAY
47f8e99e78 polarssl: fix possible handshake timeout issue in multi.
Because of the socket is unblocking, PolarSSL does need call to getsock to
get the action to perform in multi environment.

In some cases, it might happen we have not received yet all data to perform
the handshake. ssh_handshake returns POLARSSL_ERR_NET_WANT_READ, the state
is updated but because of the getsock has not the proper #define macro to,
the library never prevents to select socket for input thus the socket will
never be awaken when last data is available. Thus it leads to timeout.
2014-03-19 16:10:18 +01:00
Gaël PORTAY
ff25f437a5 polarssl: break compatibility with version older than 1.3.
Remove all #ifdef/else/endif macros that ensure compatibility with polarssl
version previous than 1.3.
2014-03-18 21:01:11 +01:00
Gaël PORTAY
31265376bc polarssl: drop use of 1.2 compatibility header.
API has changed since version 1.3. A compatibility header has been created
to ensure forward compatibility for code using old API:
 * x509 certificate structure has been renamed to from x509_cert to
   x509_crt
 * new dedicated setter for RSA certificates ssl_set_own_cert_rsa,
   ssl_set_own_cert is for generic keys
 * ssl_default_ciphersuites has been replaced by function
   ssl_list_ciphersuites()

This patch drops the use of the compatibly header.
2014-03-18 21:01:11 +01:00
Daniel Stenberg
7a1fb8e816 polarssl: added missing end-of-comment from previous commit 2014-03-18 08:03:45 +01:00
Daniel Stenberg
5017d5ada8 polarssl: now require 1.3.0+
Also fixed a function name change in the version requirement bump
2014-03-17 20:48:06 +01:00
hasufell
4d6108315b polarssl: fix compilation
Rename x509_cert to x509_crt and add "compat-1.2.h"
include.
This would still need some more thorough conversion
in order to drop "compat-1.2.h" include.
2014-03-17 20:08:45 +01:00
Kamil Dudka
67061e3f4e nss: allow to enable/disable new AES GCM cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
c864d81289 nss: allow to enable/disable new HMAC-SHA256 cipher-suites
... if built against a new enough version of NSS
2014-03-15 13:07:55 +01:00
Kamil Dudka
b4f6cd46eb nss: do not enable AES cipher-suites by default
... but allow them to be enabled/disabled explicitly.  The default
policy should be maintained at the NSS level.
2014-03-15 13:07:55 +01:00
Dan Fandrich
9b5b6a2b1a ssh: prevent a logic error that could result in an infinite loop 2014-03-15 10:26:29 +01:00
Dan Fandrich
596800378d ssh: removed a redundant close state transition 2014-03-14 23:38:00 +01:00
Dan Fandrich
8c4d6ceec0 ssh: abort immediately on a header callback error 2014-03-14 23:37:59 +01:00
Daniel Stenberg
891ef341b3 chunked-encoding: provide a readable error string for chunked errors 2014-03-14 15:44:18 +01:00
Tatsuhiro Tsujikawa
9787b8e9d4 http2: free resources on disconnect
... and use Curl_safefree() instead of free()
2014-03-10 18:35:59 +01:00
Daniel Stenberg
dcdbac2568 openssl: info massage with SSL version used
Patch-by: byte_bucket
2014-03-10 17:13:11 +01:00