Commit Graph

18583 Commits

Author SHA1 Message Date
Daniel Stenberg
9d64ab7d5a pinning: minor code style policing 2014-10-13 22:22:49 +02:00
Patrick Monnerat
357ff4d1dc Factorize pinned public key code into generic file handling and backend specific 2014-10-13 18:34:51 +02:00
Patrick Monnerat
265b9a2e49 vtls: remove QsoSSL 2014-10-13 16:33:47 +02:00
Patrick Monnerat
ec8330b21d gskit: supply dummy randomization function 2014-10-13 15:02:58 +02:00
Patrick Monnerat
8fdf832e5f vtls/*: deprecate have_curlssl_md5sum and set-up default md5sum implementation 2014-10-13 14:39:50 +02:00
Peter Wu
476499c75c tests: move TESTCASES to Makefile.inc, add show for cmake
This change allows runtests.pl to be run from the CMake builddir:

    export srcdir=/tmp/curl/tests;
    perl -I$srcdir $srcdir/runtests.pl -l

In order to make this possible, all test cases have been moved from
Makefile.am to Makefile.inc.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-13 11:50:21 +02:00
Peter Wu
aec7c5a87c cmake: enable IPv6 by default if available
ENABLE_IPV6 depends on HAVE_GETADDRINFO or you will get a
Curl_getaddrinfo_ex error. Enable IPv6 by default, disabling it if
struct sockaddr_in6 is not found in netinet/in.h.

Note that HAVE_GETADDRINFO_THREADSAFE is still not set as it needs more
platform checks even though POSIX requires a thread-safe getaddrinfo.

Verified on Arch Linux x86_64 with glibc 2.20-2 and Linux 3.16-rc7.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-13 11:21:03 +02:00
Peter Wu
b55502cdae cmake: build tool_hugehelp (ENABLE_MANUAL)
Rather than always outputting an empty manual page for the '-M' option,
generate a full manual page as done by autotools. For simplicity in
CMake, always generate the gzipped page as it will not be used anyway
when zlib is not available.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-12 14:11:42 +02:00
Peter Wu
87a3a924ce tests/http_pipe.py: Python 3 support
The 2to3 tool converted socketserver (which I manually fixed up with an
import fallback) and the print(e) line. The xrange option was converted
to range, but it seems better to use the '*' operator here for
simplicity.

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-10-10 16:58:20 +02:00
Daniel Stenberg
c6c22aeb44 SECURITY: slightly nicer markdown format 2014-10-10 10:50:23 +02:00
Daniel Stenberg
4f3ba55ed1 RELEASE-PROCEDURE: better markdown, more content 2014-10-10 10:39:01 +02:00
Daniel Stenberg
734fdb0842 RELEASE-NOTES: synced with 6637b237e6
... and bumped the planned release version.
2014-10-09 23:55:17 +02:00
Daniel Stenberg
6637b237e6 vtls: have vtls.h include the backend header files
It turned out some features were not enabled in the build since for
example url.c #ifdefs on features that are defined on a per-backend
basis but vtls.h didn't include the backend headers.

CURLOPT_CERTINFO was one such feature that was accidentally disabled.
2014-10-09 22:34:34 +02:00
Daniel Stenberg
bf7023d165 test2036: verify -O with no slash at all in the URL
Similar to test 76 but that test's URL has a slash just no file name
part.
2014-10-09 16:50:26 +02:00
Daniel Stenberg
b546c7c926 get_url_file_name: make no slash equal empty string 2014-10-09 16:42:17 +02:00
Daniel Stenberg
199b3e46f9 get_url_file_name: never return a NULL string *and* OK
Change 987a4a73 assumes that as it simplifies life in the calling
function.

Reported-by: Fabian Keil
2014-10-09 16:37:11 +02:00
Jakub Zakrzewski
558814e16d Cmake: Build with GSSAPI (MIT or Heimdal)
It tries hard to recognise SDK's on different platforms. On windows MIT
Kerberos installs SDK with other things and puts path into registry.
Heimdal have separate zip archive. On linux pkg-config is tried, then
krb5-config script and finally old-style libs and headers detection.

Command line args:
* CMAKE_USE_GSSAPI - enables GSSAPI detection
* GSS_ROOT_DIR - if set, should point to the root of GSSAPI installation
                 (the one with include and lib directories)
2014-10-09 13:48:31 +02:00
Jakub Zakrzewski
a3154295c5 Cmake: Got rid of setup_curl_dependencies
There is no need for such function. Include_directories propagate by
themselves and having a function with one simple link statement makes
little sense.
2014-10-09 13:48:30 +02:00
Jakub Zakrzewski
2257deb502 Cmake: Avoid cycle directory dependencies.
Because we prepended libraries to list, CMake had troubles resolving
link directory order as it detected some cycles. Appending to list ensures
that dependencies will preceed dependees.
2014-10-09 13:48:30 +02:00
Jakub Zakrzewski
fc61870a1c Cmake: Fix library list provided to cURL tests.
The list must be set after those nice CMake tests as we mess with
CMAKE_REQUIRED_LIBRARIES there.
2014-10-09 13:48:30 +02:00
Jakub Zakrzewski
cb2438ae52 Cmake: Check for OpenSSL before OpenLDAP.
OpenLDAP might have been build with OpenSSL. Checking for OpenLDAP first
may result in undefined symbols. Of course, the found OpenSSL libraries
must also be linked whenever OpenLDAP is.
2014-10-09 13:48:30 +02:00
Daniel Stenberg
51f6702fe1 curl_multi_fdset.3: improved the formatting slightly 2014-10-09 13:41:13 +02:00
Daniel Stenberg
93b268ade0 curl_multi_fdset: explain the fd_set arguments 2014-10-09 13:17:27 +02:00
Kamil Dudka
9e37a7f9a5 nss: do not fail if a CRL is already cached
This fixes a copy-paste mistake from commit 2968f957.
2014-10-08 17:31:04 +02:00
Patrick Monnerat
548811cb19 OS400: upgrade interface for pinned public key (no implementation yet) 2014-10-08 15:47:04 +02:00
Daniel Stenberg
b74205d022 FormAdd: precaution against memdup() of NULL pointer
Coverity CID 252518. This function is in general far too complicated for
its own good and really should be broken down into several smaller
funcitons instead - but I'm adding this protection here now since it
seems there's a risk the code flow can end up here and dereference a
NULL pointer.
2014-10-08 13:53:41 +02:00
Daniel Stenberg
eb1e3a3985 operate: avoid NULL dereference
Coverity CID 1241948. dumpeasysrc() would get called with
config->current set to NULL which could be dereferenced by a warnf()
call.
2014-10-08 13:18:55 +02:00
Daniel Stenberg
87c8e00b7a do_sec_send: remove dead code
Coverity CID 1241951. The condition 'len >= 0' would always be true at
that point and thus not necessary to check for.
2014-10-08 12:48:06 +02:00
Daniel Stenberg
b90f6e87cf krb5_encode: remove unused argument
Coverity CID 1241957. Removed the unused argument. As this struct and
pointer now are used only for krb5, there's no need to keep unused
function arguments around.
2014-10-08 12:25:07 +02:00
Daniel Stenberg
987a4a7367 operate_do: skip superfluous check for NULL pointer
Coverity CID 1243583. get_url_file_name() cannot fail and return a NULL
file name pointer so skip the check for that - it tricks coverity into
believing it can happen and it then warns later on when we use 'outfile'
without checking for NULL.
2014-10-08 12:21:39 +02:00
Daniel Stenberg
e0d269c0d8 curl_easy_getinfo.3: spell-fix
Reported-By: Luan Cestari
2014-10-07 15:48:37 +02:00
moparisthebest
e644866caf GnuTLS: Implement public key pinning 2014-10-07 14:55:39 +02:00
moparisthebest
93e450793c SSL: implement public key pinning
Option --pinnedpubkey takes a path to a public key in DER format and
only connect if it matches (currently only implemented with OpenSSL).

Provides CURLOPT_PINNEDPUBLICKEY for curl_easy_setopt().

Extract a public RSA key from a website like so:
openssl s_client -connect google.com:443 2>&1 < /dev/null | \
sed -n '/-----BEGIN/,/-----END/p' | openssl x509 -noout -pubkey \
| openssl rsa -pubin -outform DER > google.com.der
2014-10-07 14:44:19 +02:00
Daniel Stenberg
d1b56d0043 multi_runsingle: fix possible memory leak
Coverity CID 1202837. 'newurl' can in fact be allocated even when
Curl_retry_request() returns failure so free it if need be.
2014-10-07 13:57:13 +02:00
Daniel Stenberg
6352df87b1 ares::Curl_resolver_cancel: skip checking for NULL conn
Coverity CID 1243581. 'conn' will never be NULL here, and if it would be
the subsequent statement would dereference it!
2014-10-07 13:33:43 +02:00
Daniel Stenberg
dddb2aab8d parseconfig: skip a NULL check
Coverity CID 1154198. This NULL check implies that the pointer _can_ be
NULL at this point, which it can't. Thus it is dead code. It tricks
static analyzers to warn about dereferencing the pointer since the code
seems to imply it can be NULL.
2014-10-07 10:29:06 +02:00
Waldek Kozba
b7d3338df2 multi-uv.c: call curl_multi_info_read() better
Improves it for low-latency cases (like the communication with
localhost)
2014-10-07 10:20:41 +02:00
Daniel Stenberg
061cea1cf3 tool_go_sleep: use (void) to spell out we ignore the return value
Coverity CID 1222080.
2014-10-06 08:53:35 +02:00
Daniel Stenberg
4bc31df3e4 ssh_statemach_act: split out assignment from check
just a minor code style thing to make the code clearer
2014-10-06 08:49:43 +02:00
Marc Hoersken
330346d51c curl_schannel.c: Fixed possible memory or handle leak
First try to fix possible memory leaks, in this case:
Only connssl->ctxt xor onnssl->cred being initialized.
2014-10-04 18:24:23 +02:00
Daniel Stenberg
8128db9ec1 getparameter: remove dead code
Coverity CID 1061126. 'parse' will always be non-NULL here.
2014-10-04 16:16:12 +02:00
Daniel Stenberg
55678c6951 getparameter: comment a switch FALLTHROUGH
Coverity CID 1061118. Point out that it is on purpose.
2014-10-04 16:15:47 +02:00
Daniel Stenberg
793ac8035c choose_mech: fix return code
Coverity CID 1241950. The pointer is never NULL but it might point to
NULL.
2014-10-04 15:37:42 +02:00
Daniel Stenberg
c2791caf53 Curl_sec_read_msg: spell out that we ignore return code
Coverity CID 1241947. Since if sscanf() fails, the previously set value
remains set.
2014-10-04 15:21:39 +02:00
Daniel Stenberg
d94717e099 nonblock: call with (void) to show we ignore the return code
Coverity pointed out several of these.
2014-10-04 15:14:27 +02:00
Daniel Stenberg
a60825fa96 parse_proxy: remove dead code.
Coverity CID 982331.
2014-10-03 23:51:19 +02:00
Daniel Stenberg
3aa899929d Curl_debug: document switch fallthroughs 2014-10-03 23:49:39 +02:00
Daniel Stenberg
b0bfae1963 curl_multi_remove_handle: remove dead code
Coverify CID 1157776. Removed a superfluous if() that always evaluated
true (and an else clause that never ran), and then re-indented the
function accordingly.
2014-10-03 23:46:10 +02:00
Daniel Stenberg
b9a34e818e Curl_pipeline_server_blacklisted: handle a NULL server name
Coverity CID 1215284. The server name is extracted with
Curl_copy_header_value() and passed in to this function, and
copy_header_value can actually can fail and return NULL.
2014-10-03 23:40:57 +02:00
Daniel Stenberg
d57f7d586b ssh: comment "fallthrough" in switch statement 2014-10-03 23:30:05 +02:00