Commit Graph

1720 Commits

Author SHA1 Message Date
Dan Fandrich
66f5baa16e Fixed some memory leaks in the command-line tool that caused most of the
torture tests to fail.
2009-08-09 23:15:20 +00:00
Daniel Stenberg
aabf62e7d2 clarify the description of the null byte in cert name fix 2009-08-01 22:18:37 +00:00
Daniel Stenberg
6d891d2a3b - Curt Bogmine reported a problem with SNI enabled on a particular server. We
should introduce an option to disable SNI, but as we're in feature freeze
  now I've addressed the obvious bug here (pointed out by Peter Sylvester): we
  shouldn't try to enable SNI when SSLv2 or SSLv3 is explicitly selected.
  Code for OpenSSL and GnuTLS was fixed. NSS doesn't seem to have a particular
  option for SNI, or are we simply not using it?
2009-08-01 22:11:58 +00:00
Daniel Stenberg
c0e8bed5bf - Scott Cantor posted the bug report #2829955
(http://curl.haxx.se/bug/view.cgi?id=2829955) mentioning the recent SSL cert
  verification flaw found and exploited by Moxie Marlinspike. The presentation
  he did at Black Hat is available here:
  https://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Marlinspike

  Apparently at least one CA allowed a subjectAltName or CN that contain a
  zero byte, and thus clients that assumed they would never have zero bytes
  were exploited to OK a certificate that didn't actually match the site. Like
  if the name in the cert was "example.com\0theatualsite.com", libcurl would
  happily verify that cert for example.com.

  libcurl now better use the length of the extracted name, not assuming it is
  zero terminated.
2009-08-01 21:56:59 +00:00
Daniel Stenberg
0dce2ff8a0 - Tanguy Fautre pointed out that OpenSSL's function RAND_screen() (present
only in some OpenSSL installs - like on Windows) isn't thread-safe and we
  agreed that moving it to the global_init() function is a decent way to deal
  with this situation.
2009-08-01 11:09:02 +00:00
Daniel Stenberg
2642638fca - Alexander Beedie provided the patch for a noproxy problem: If I have set
CURLOPT_NOPROXY to "*", or to a host that should not use a proxy, I actually
  could still end up using a proxy if a proxy environment variable was set.
2009-08-01 11:02:10 +00:00
Daniel Stenberg
0684128209 - All the quote options (CURLOPT_QUOTE, CURLOPT_POSTQUOTE and
CURLOPT_PREQUOTE) now accept a preceeding asterisk before the command to
  send when using FTP, as a sign that libcurl shall simply ignore the response
  from the server instead of treating it as an error. Not treating a 400+ FTP
  response code as an error means that failed commands will not abort the
  chain of commands, nor will they cause the connection to get disconnected.
2009-07-27 18:36:56 +00:00
Daniel Stenberg
b347a7a96e - Bug report #2825989 (http://curl.haxx.se/bug/view.cgi?id=2825989) pointed
out that OpenSSL-powered libcurl didn't support the SHA-2 digest algorithm,
  and provided the solution too: to use OpenSSL_add_all_algorithms() instead
  of the older SSLeay_* alternative. OpenSSL_add_all_algorithms was added in
  OpenSSL 0.9.5
2009-07-26 17:33:36 +00:00
Daniel Stenberg
47c392e135 - Added CURLOPT_SSH_KNOWNHOSTS, CURLOPT_SSH_KEYFUNCTION, CURLOPT_SSH_KEYDATA.
They introduce known_host support for SSH keys to libcurl. See docs for
  details.
2009-07-22 22:49:01 +00:00
Michal Marek
4c207a004c - David Binderman found a memory and fd leak in lib/gtls.c:load_file()
(https://bugzilla.novell.com/523919). When looking at the code, I found
  that also the ptr pointer can leak.
2009-07-22 09:48:32 +00:00
Kamil Dudka
5f0cae8037 - Claes Jakobsson improved the support for client certificates handling
in NSS-powered libcurl. Now the client certificates can be selected
  automatically by a NSS built-in hook. Additionally pre-login to all PKCS11
  slots is no more performed. It used to cause problems with HW tokens.

- Fixed reference counting for NSS client certificates. Now the PEM reader
  module should be always properly unloaded on Curl_nss_cleanup(). If the unload
  fails though, libcurl will try to reuse the already loaded instance.
2009-07-20 21:50:21 +00:00
Dan Fandrich
b74b5e0602 Added nonblock.c to the non-automake makefiles (note that the dependencies
in the Watcom makefiles aren't quite correct).
2009-07-15 21:49:47 +00:00
Michal Marek
08d95bff5e - Changed the description of CURLINFO_OS_ERRNO to make it clear that the
errno is not reset on success.
2009-07-15 11:49:12 +00:00
Gunter Knauf
18b3833f90 renamed generated config.h to curl_config.h in order to avoid clashes when libcurl is used with other projects which also have a config.h. 2009-07-14 13:30:24 +00:00
Daniel Stenberg
d709cb2ae3 - Eric Wong introduced curlx_nonblock() that the curl tool now (re-)uses for
setting a file descriptor non-blocking. Used by the functionality Eric
  himself brough on June 15th.
2009-07-09 21:47:24 +00:00
Daniel Stenberg
5cf78472e1 - Constantine Sapuntzakis posted bug report #2813123
(http://curl.haxx.se/bug/view.cgi?id=2813123) and an a patch that fixes the
  problem:

  Url A is accessed using auth. Url A redirects to Url B (on a different
  server0. Url B reuses a persistent connection. Url B has auth, even though
  it's on a different server.

  Note: if Url B does not reuse a persistent connection, auth is not sent.
2009-07-08 07:00:40 +00:00
Gunter Knauf
83fb285d40 Markus Koetter provided a patch to avoid getnameinfo() usage which broke a couple of both IPv4 and IPv6 autobuilds. 2009-07-04 01:04:23 +00:00
Daniel Stenberg
4f551259dd - Markus Koetter made CURLOPT_FTPPORT (and curl's -P/--ftpport) support a port
range if given colon-separated after the host name/address part. Like
  "192.168.0.1:2000-10000"
2009-06-29 20:46:01 +00:00
Dan Fandrich
d3e35d49ae Added a few more compiler warning options for gcc. 2009-06-17 02:26:39 +00:00
Daniel Stenberg
a0474685c1 - Reuven Wachtfogel made curl -o - properly produce a binary output on windows
(no newline translations). Use -B/--use-ascii if you rather get the ascii
  approach.
2009-06-16 18:03:28 +00:00
Michal Marek
0b317b72ae - When doing non-anonymous ftp via http proxies and the password is not
provided in the url, add it there (squid needs this).
2009-06-16 13:16:28 +00:00
Daniel Stenberg
4b6d3a2bfd - Eric Wong's patch:
This allows curl(1) to be used as a client-side tunnel for arbitrary stream
  protocols by abusing chunked transfer encoding in both the HTTP request and
  HTTP response.  This requires server support for sending a response while a
  request is still being read, of course.

  If attempting to read from stdin returns EAGAIN, then we pause our sender.
  This leaves curl to attempt to read from the socket while reading from stdin
  (and thus sending) is paused.
2009-06-15 21:13:00 +00:00
Patrick Monnerat
c32cf33a16 Replaced use of standard C library rand()/srand() by our own pseudo-random number generator. 2009-06-15 10:15:28 +00:00
Yang Tse
065a51d2e1 mention configure --enable-curldebug decoupled from --enable-debug 2009-06-11 01:51:45 +00:00
Yang Tse
7edcc22136 changed testcurl script to allow building test harness
programs when cross-compiling for a *-*-mingw* host.
2009-06-11 01:22:35 +00:00
Daniel Stenberg
352177090f - Fabian Keil ran clang on the (lib)curl code, found a bunch of warnings and
contributed a range of patches to fix them.
2009-06-10 21:26:11 +00:00
Yang Tse
16ae283fb4 initialize fread callback pointer to avoid compiler warning 2009-06-09 00:49:34 +00:00
Daniel Stenberg
3e0c067e43 - Claes Jakobsson provided a patch for libcurl-NSS that fixed a bad refcount
issue with client certs that caused issues like segfaults.
  http://curl.haxx.se/mail/lib-2009-05/0316.html
2009-06-08 21:25:16 +00:00
Daniel Stenberg
f90551ff41 - Triggered by bug report #2798852 and the patch in there, I fixed configure
to detect gnutls build options with pkg-config only and not libgnutls-config
  anymore since GnuTLS has stopped distributing that tool. If an explicit path
  is given to configure, we will instead guess on how to link and use that
  lib. I did not use the patch from the bug report.
2009-06-08 21:12:59 +00:00
Yang Tse
dbb93a2718 mention last changes 2009-06-08 16:18:04 +00:00
Yang Tse
242cf423f8 mention last changes 2009-06-08 15:50:15 +00:00
Daniel Stenberg
e08f81c891 Bill Hoffman (6 June 2009)
- Added some cmake docs and fixed socklen_t in the build.
2009-06-07 22:26:44 +00:00
Daniel Stenberg
9324f1c29f - Eric Wong fixed --no-buffer to actually switch off output buffering. Been
broken since 7.19.0
2009-06-07 22:21:22 +00:00
Yang Tse
16a5649670 mention last changes 2009-06-05 18:42:50 +00:00
Yang Tse
027cb376f3 mention last changes 2009-06-05 16:32:37 +00:00
Daniel Stenberg
ce1a58414a remove conflict markers 2009-06-05 06:19:29 +00:00
Daniel Stenberg
1012c5705a - Setting the Content-Length: header from your app when you do a POST or PUT
is almost always a VERY BAD IDEA. Yet there are still apps out there doing
  this, and now recently it triggered a bug/side-effect in libcurl as when
  libcurl sends a POST or PUT with NTLM, it sends an empty post first when it
  knows it will just get a 401/407 back. If the app then replaced the
  Content-Length header, it caused the server to wait for input that libcurl
  wouldn't send. Aaron Oneal reported this problem in bug report #2799008
  http://curl.haxx.se/bug/view.cgi?id=2799008) and helped us verify the fix.
2009-06-05 06:18:42 +00:00
Yang Tse
00883822be allow building libcurl for VxWorks 2009-06-04 19:11:11 +00:00
Dan Fandrich
e1270928a3 Created a basic Android make file for curl and libcurl. A config.h
is also needed before curl can be built in Android, but it's not clear
what the best way is to provide one.
2009-06-02 19:02:02 +00:00
Daniel Stenberg
9dcc1b3370 - Claes Jakobsson fixed the configure script to better find and use NSS
without pkg-config.
2009-06-01 09:40:09 +00:00
Yang Tse
e3c37aac28 credit John E. Malmberg 2009-06-01 09:20:49 +00:00
Daniel Stenberg
0bf9c1e881 - Claes Jakobsson fixed libcurl-NSS to build fine even without the
PK11_CreateGenericObject() function.
2009-05-27 22:01:03 +00:00
Daniel Stenberg
bf07d37737 - Mike Crowe pointed out that setting CURLOPT_USERPWD to NULL used to clear
the auth credentials back in 7.19.0 and earlier while now you have to set ""
  to get the same effect. His patch brings back the ability to use NULL.
2009-05-27 21:45:12 +00:00
Daniel Stenberg
eecb713616 - Andre Guibert de Bruet found a call to a OpenSSL function that didn't check
for a failure properly.
2009-05-27 21:15:38 +00:00
Daniel Stenberg
bf085e2c4b - Frank McGeough provided a small OpenSSL #include fix to make libcurl compile
fine with Nokia 5th edition 1.0 SDK for Symbian.
2009-05-27 21:11:11 +00:00
Daniel Stenberg
1cf6c15ab4 - bug report #2796358 (http://curl.haxx.se/bug/view.cgi?id=2796358) pointed
out that the cookie parser would leak memory when it parses cookies that are
  received with domain, path etc set multiple times in the same header. While
  such a cookie is questionable, they occur in the wild and libcurl no longer
  leaks memory for them. I added such a header to test case 8.
2009-05-25 12:23:22 +00:00
Dan Fandrich
8519682564 Removed some obsolete digest code that caused a valgrind error in test 551. 2009-05-22 17:26:49 +00:00
Dan Fandrich
7071dd0162 Added "non-existing host" test keywords to make it easy to skip those
tests on machines that have broken DNS configurations (such as
those configured to use OpenDNS).
2009-05-20 19:30:06 +00:00
Daniel Stenberg
de7a14003c - Kamil Dudka brought the patch from the Redhat bug entry
https://bugzilla.redhat.com/show_bug.cgi?id=427966 which was libcurl closing
  a bad file descriptor when closing down the FTP data connection.  Caolan
  McNamara seems to be the original author of it.
2009-05-19 20:54:31 +00:00
Daniel Stenberg
1b6c683ca6 7.19.5 coming up 2009-05-18 07:07:05 +00:00