Commit Graph

13768 Commits

Author SHA1 Message Date
Kamil Dudka
806dbb022b nss: do not ignore value of CURLOPT_SSL_VERIFYPEER
When NSS-powered libcurl connected to a SSL server with
CURLOPT_SSL_VERIFYPEER equal to zero, NSS remembered that the peer
certificate was accepted by libcurl and did not ask the second time when
connecting to the same server with CURLOPT_SSL_VERIFYPEER equal to one.

This patch turns off the SSL session cache for the particular SSL socket
if peer verification is disabled.  In order to avoid any performance
impact, the peer verification is completely skipped in that case, which
makes it even faster than before.

Bug: https://bugzilla.redhat.com/678580
2011-03-15 15:48:24 +01:00
Guenter Knauf
5a433a033f Removed unused var. 2011-03-15 12:21:58 +01:00
Daniel Stenberg
511f491cf2 configure: stop using the deprecated AM_INIT_AUTOMAKE syntax 2011-03-15 11:27:44 +01:00
Daniel Stenberg
cc228ea6f6 protocol handler cleanup: SSL awareness
As a follow-up to commit 8831000bc0: don't assume that the SSL powered
protocol alternatives are available.
2011-03-15 10:02:05 +01:00
Daniel Stenberg
211504ba8a ldap: use the new protocol handler setup
Use the new flags field and stop using the old protocol defines.
2011-03-15 09:13:11 +01:00
Daniel Stenberg
2bbaddb05a TODO-RELEASE: add and remove issues
Removed a fixed issue, added five new existing ones and clarified one of
the previous ones.
2011-03-15 09:04:52 +01:00
Daniel Stenberg
13b64d7558 protocols: use CURLPROTO_ internally
The PROT_* set of internal defines for the protocols is no longer
used. We now use the same bits internally as we have defined in the
public header using the CURLPROTO_ prefix. This is for simplicity and
because the PROT_* prefix was already used duplicated internally for a
set of KRB4 values.

The PROTOPT_* defines were moved up to just below the struct definition
within which they are used.
2011-03-14 22:52:14 +01:00
Daniel Stenberg
8831000bc0 protocol handler: added flags field
The protocol handler struct got a 'flags' field for special information
and characteristics of the given protocol.

This now enables us to move away central protocol information such as
CLOSEACTION and DUALCHANNEL from single defines in a central place, out
to each protocol's definition. It also made us stop abusing the protocol
field for other info than the protocol, and we could start cleaning up
other protocol-specific things by adding flags bits to set in the
handler struct.

The "protocol" field connectdata struct was removed as well and the code
now refers directly to the conn->handler->protocol field instead. To
make things work properly, the code now always store a conn->given
pointer that points out the original handler struct so that the code can
learn details from the original protocol even if conn->handler is
modified along the way - for example when switching to go over a HTTP
proxy.
2011-03-14 22:22:22 +01:00
Patrick Monnerat
ed8749e308 - Take new char * options into account in OS400 curl_easy_setopt_ccsid().
- Keep RPG binding, STRING_* table end check and OS400 README up to date.
2011-03-14 17:54:57 +01:00
Daniel Stenberg
7711086536 FAQ: indent tables
Lines that are indented with at least 5 spaces get special treatment by
the script that converts it to HTML on the site.
2011-03-14 13:31:05 +01:00
Daniel Stenberg
fdaa8da75d sslgen: define Curl_ssl_connect_nonblocking for non-SSL
The non-blocking connect improvement for IMAP showed that we didn't
properly define the Curl_ssl_connect_nonblocking function for non-SSL
builds.

Reported by: Tor Arntsen
2011-03-14 11:13:12 +01:00
Daniel Stenberg
c40ae2cbd2 configure: removed wrongly claimed default paths
Several --with-XXX options claimed the wrong default path in their help
outputs.

Reported by: Vincent Torri
2011-03-14 10:42:15 +01:00
Ask Bjørn Hansen
3e00af34c8 mk-ca-bundle.pl: Only download if modified
Only download and convert the certdata to the ca-bundle.crt if Mozilla
changed the data

The Perl LWP module (which in a bit of a circular reference is used by
mk-ca-bundle.pl) is now indirectly using this script. I made this small
tweak to make it easier to automatically maintain the generated
ca-bundle.crt file in version control.
2011-03-14 10:20:21 +01:00
Daniel Stenberg
3eac14b43c SSH: add protocol lock direction
Some protocols have to call the underlying functions without regard to
what exact state the socket signals. For example even if the socket says
"readable", the send function might need to be called while uploading,
or vice versa. This is the case for libssh2 based protocols: SCP and
SFTP and we now introduce a define to set those protocols and we make
the multi interface code aware of this concept.

This is another fix to make test 582 run properly.
2011-03-13 23:21:03 +01:00
Daniel Stenberg
60406ff7f8 state: add missing state to debug table
As a new state recently was added to the IMAP state machine it has to be
in the array of names as well as otherwise libcurl crashes when a debug
version runs...
2011-03-13 14:19:16 +01:00
Daniel Stenberg
6c5448d59f test 582: enabled again
Commit ca37692bf4 should now hopefully make it run
2011-03-13 14:11:48 +01:00
Daniel Stenberg
ca37692bf4 ssh_statemach_act: set cselect for sftp upload
For uploads we want to use the _sending_ function even when the socket
turns out readable as the underlying libssh2 sftp send function will
deal with both accordingly. This is what the cselect_bits magic is for.

Fixes test 582.
2011-03-13 14:10:27 +01:00
Daniel Stenberg
176092d760 RELEASE-NOTES: synced with e649a7baae 2011-03-13 01:06:23 +01:00
Daniel Stenberg
e649a7baae Revert "test582: enabled"
This reverts commit b847818740.
2011-03-13 00:55:27 +01:00
Daniel Stenberg
c8fba59731 Merge branch 'imap' of https://github.com/bnoordhuis/curl into bnoordhuis-imap 2011-03-13 00:36:38 +01:00
Daniel Stenberg
4d1d1b8518 TODO-RELEASE: fixed four isues
These issues are now addressed:

276 - Karl M's vc makefile patch
277 - The "Stall when uploading to sftp using multi interface"  bug
279 - curl_multi_remove_handle() crashes
280 - Marcus Sundberg's gss patch
2011-03-13 00:28:31 +01:00
Karl M
05ebc6f0cc VC: add missing file
http_negotiate_sspi.c was added to the source tree recently
2011-03-13 00:23:04 +01:00
Marcus Sundberg
6f0ee717c3 GSS: handle reuse fix
Make GSS authentication work when a curl handle is reused for multiple
authenticated requests, by always setting negdata->state in
output_auth_headers().

Signed-off-by: Marcus Sundberg <marcus.sundberg@aptilo.com>
2011-03-13 00:21:07 +01:00
Daniel Stenberg
0718b7e31e test583: verify early SSH multi remove handle
This test case is meant to verify that the logic in commit
60172a0446 actually works. This test failed for me before that
change and it works after it.
2011-03-13 00:18:04 +01:00
Daniel Stenberg
60172a0446 SFTP: gracefully handle shutdown early
When using the multi interface and a handle using SFTP was removed very
early on, we would get a segfault due to the code assumed data was there
that hadn't yet been setup.

Bug: http://curl.haxx.se/mail/lib-2011-03/0066.html
Reported by: Saqib Ali
2011-03-13 00:15:59 +01:00
Manuel Massing
c042340b2a CURL_CHECK_FUNC_RECVFROM: android/bionic fix
recvfrom in bionic (the android libc) deviates from POSIX and uses a
const in the 5th argument ("const struct sockaddr *") so the check now
tests for that as well.
2011-03-12 23:38:10 +01:00
Daniel Stenberg
b847818740 test582: enabled 2011-03-12 23:10:58 +01:00
Daniel Stenberg
bec9692a77 PROT_CLOSEACTION: added SFTP and SCP
Both SFTP and SCP are protocols that need to shut down stuff properly
when the connection is about to get torned down. The primary effect of
not doing this shows up as memory leaks (when using SCP or SFTP with the
multi interface).

This is one of the problems detected by test 582.
2011-03-12 23:08:10 +01:00
Daniel Stenberg
a07a865d5d readwrite_upload: stop upload at file size
As we know how much to send, we can and should stop once we've sent that
much data as it avoids having to rely on other mechanisms to detect the
end.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:05:11 +01:00
Daniel Stenberg
cccba72920 sftp upload: expire to advance state machine
When using the multi_socket API to do SFTP upload, it is important that
we set a quick expire when leaving the SSH_SFTP_UPLOAD_INIT state as
there's nothing happening on the socket so there's no read or write to
wait for, but the next libssh2 API function needs to be called to get
the ball rolling.

This is one of the problems detected by test 582.

Reported by: Henry Ludemann <misc@hl.id.au>
2011-03-12 23:02:04 +01:00
Daniel Stenberg
7612ca2a7e test582: improved info messages 2011-03-12 23:01:16 +01:00
Daniel Stenberg
029136da60 source header: added to more files 2011-03-12 00:14:32 +01:00
Daniel Stenberg
1aeb635cdd sources: update source headers
All C and H files now (should) feature the proper project curl source
code header, which includes basic info, a copyright statement and some
basic disclaimers.
2011-03-10 12:04:33 +01:00
Daniel Stenberg
70cb3f204d TODO-RELEASE: add 10 pending issues 2011-03-10 11:47:40 +01:00
Daniel Stenberg
9da4698fd2 TODO-RELEASE: fix the IPv6-working probing 2011-03-10 11:41:59 +01:00
Daniel Stenberg
08221e738d tests: phase out haxx.se
Instead of using haxx.se as a fixed magic host name in lots of tests,
this is a first step to move toward the generic example.com host
instead.
2011-03-09 23:05:44 +01:00
Daniel Stenberg
16dcd13a2a test523: avoid using haxx.se
... since search engines find what they think is a URL in this, they
hammer www.haxx.se on this port!
2011-03-09 23:05:44 +01:00
Daniel Stenberg
8a26a8d833 configure: update the copyright year in the output 2011-03-09 23:05:44 +01:00
Dan Fandrich
a9aeedcdbe Force setopt constants written by --libcurl to be long 2011-03-09 14:02:42 -08:00
Daniel Stenberg
d6b9f76943 cyassl: fix compiler warnings 2011-03-08 14:09:20 +01:00
Todd A Ouska
9e60d8fd9e SSL: (part 2) Added CyaSSL to SSL abstraction layer
This is the modified existing files commit.
2011-03-08 13:54:58 +01:00
Todd A Ouska
a8f30fa555 SSL: Added CyaSSL to SSL abstraction layer
CyaSSL (available from git@github.com:cyassl/cyassl.git) has been
added to the SSL abstraction layer.

To test:
1) git CyaSSL sources
2) autoreconf -i
3) ./configure --disable-static
4) make
5) sudo make install
6) autoreconf -i
7) git curl sources (and this patch)
8) ./configure --disable-shared --with-cyassl --without-ssl --enable-debug
9) make
10) normal testing

Please send questions or comments to todd@yassl.com .
2011-03-08 13:06:38 +01:00
Daniel Stenberg
0354cd5f77 curl.1: clarify -E
Stress that it is for client certificates and then mention that it also
works for all other SSL-based protocols apart from HTTPS and
FTPS. Namely POP3S, IMAPS and SMTPS for now.
2011-03-08 11:43:42 +01:00
Daniel Stenberg
0d0f8084e3 FAQ: Protocol xxx not supported or disabled in libcurl 2011-03-08 11:15:59 +01:00
Daniel Stenberg
3d3735d9a1 lib582: used for test 582
Accidentally not included in commit 0e74e1d8d8
2011-03-08 08:22:06 +01:00
Dan Fandrich
29f0898525 Fixed libcurl to honour the --disable-ldaps configure option 2011-03-07 17:45:33 -08:00
Henry Ludemann
0e74e1d8d8 sftp-multi: test 582 added
Add test 582 for uploading a file using sftp and the multi interface.

(Patch and test slightly tweaked by Daniel Stenberg)

Initially marked as disabled until it is fixed in the source.
2011-03-08 00:20:48 +01:00
Daniel Stenberg
3f7b7dea1e FAQ: How to SFTP from my user's home directory? 2011-03-07 22:27:26 +01:00
Daniel Stenberg
c9ee341bfb cpp: correct #endif placement
The end-of-file #endif in rawstr.h was not correcly positioned after all
prototypes.

Reported by: Boris
Bug: http://curl.haxx.se/bug/view.cgi?id=3195205
2011-03-06 23:00:28 +01:00
Dan Fandrich
c60a6153be Moved test 577 into the unit test framework as test 1307 2011-03-04 15:56:40 -08:00