Commit Graph

14823 Commits

Author SHA1 Message Date
Steve Holme
5c409d03ec SMTP: Code policing and tidy up 2012-02-16 13:20:34 +01:00
Steve Holme
a053560cfa curl: Added support for --mail-auth
Added an extra command-line argument to support the optional AUTH
parameter in SMTPs MAIL FROM command.
2012-02-16 13:19:47 +01:00
Kamil Dudka
674699b212 docs: mention that NTLM works with NSS, too 2012-02-16 12:20:57 +01:00
Steve Holme
154c0d4b93 DOCS: Added information for CURLOPT_MAIL_AUTH.
Added information relating to the new CURLOPT_MAIL_AUTH parameter and
reworked CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT to be a clearer.

Fixed inconsistencies of "vocalisation of the abbreviation" versus
"vocalisation of the first word" for all abbreviations.

Corrected a typo in CURLOPT_NOPROXY.
2012-02-15 21:51:48 +01:00
Steve Holme
b685481d52 smtp.c: Fixed use of angled brackets in AUTH parameter.
Fixed the use of angled brackets "<>" in the optional AUTH parameter as
per RFC-2554 section 5. The address should not include them but an
empty address should be replaced by them.
2012-02-15 21:51:45 +01:00
Steve Holme
0cf0ab6f30 smtp_mail: Added support to MAIL FROM for the optional AUTH parameter
Added a new CURLOPT_MAIL_AUTH option that allows the calling program to
set the optional AUTH parameter in the MAIL FROM command.

When this option is specified and an authentication mechanism is used
to communicate with the mail server then the AUTH parameter will be
included in the MAIL FROM command. This is particularly useful when the
calling program is acting as a relay in a trusted environment and
performing server to server communication, as it allows the relaying
server to specify the address of the mailbox that was used to
authenticate and send the original email.
2012-02-14 22:50:49 +01:00
toddouska
ee7e4fc1d1 cyassl: update to CyaSSL 2.0.x API
Modify configure.ac to test for new CyaSSL Init function and remove
default install path to system.  Change to CyaSSL OpenSSL header and
proper Init in code as well.

Note that this no longer detects or works with CyaSSL before v2
2012-02-14 19:49:54 +01:00
Daniel Stenberg
0201280533 LIBCURL_VERSION_NUM: 0x071900
I accidentally left the lowest bits 01 before
2012-02-14 19:24:03 +01:00
Steve Holme
69406f0be7 SMTP: Fixed error when using CURLOPT_CONNECT_ONLY
Fixed incorrect behavior in smtp_done() which would cause the end of
block data to be sent to the SMTP server if libcurl was operating in
connect only mode. This would cause the server to return an error as
data would not be expected which in turn caused libcurl to return
CURLE_RECV_ERROR.
2012-02-14 19:12:28 +01:00
Daniel Stenberg
ea4ceca222 s/7.24.1/7.25.0
We will go straight to 7.25.0 due to the new additions
2012-02-13 23:57:18 +01:00
Daniel Stenberg
714accd090 curlver.h: bumped to 7.25.0
and updated the end year in the generic copyright string
2012-02-13 23:28:26 +01:00
Daniel Stenberg
35e965c9a0 RELEASE-NOTES: synced with 2b26eb985
9 bug fixes, 4 changes and numerous contributors

Bumped release version and option counters
2012-02-13 23:26:48 +01:00
Colin Hogben
2b26eb9857 configure: add option disable --libcurl output 2012-02-13 22:36:10 +01:00
Alessandro Ghedini
e71ac0c6fa curl tool: allow negative numbers as option values
Fix the str2num() function to not check if the input string starts with a
digit, since strtol() supports numbers prepended with '-' (and '+') too.
This makes the --max-redirs option work as documented.
2012-02-13 19:58:23 +01:00
Daniel Stenberg
7ed25fcc5c parse_proxy: simply memory handling
... by making sure that the string is always freed after the invoke as
parse_proxy will always copy the data and this way there's a single
free() instead of multiple ones.
2012-02-10 17:00:55 +01:00
Daniel Stenberg
ecc93caaeb parse_proxy: bail out on zero-length proxy names!
The proxy parser function strips off trailing slashes off the proxy name
which could lead to a mistaken zero length proxy name which would be
treated as no proxy at all by subsequent functions!

This is now detected and an error is returned. Verified by the new test
1329.

Reported by: Chandrakant Bagul
Bug: http://curl.haxx.se/mail/lib-2012-02/0000.html
2012-02-10 16:26:20 +01:00
Kamil Dudka
ebf3138992 nss: add support for the CURLSSLOPT_ALLOW_BEAST option
... and fix some typos from the 62d15f1 commit.
2012-02-09 23:25:55 +01:00
Rob Ward
8ef8a2b5ac configure: don't modify LD_LIBRARY_PATH for cross compiles 2012-02-09 23:02:26 +01:00
Daniel Stenberg
62d15f159e --ssl-allow-beast added
This new option tells curl to not work around a security flaw in the
SSL3 and TLS1.0 protocols. It uses the new libcurl option
CURLOPT_SSL_OPTIONS with the CURLSSLOPT_ALLOW_BEAST bit set.
2012-02-09 22:28:58 +01:00
Daniel Stenberg
2a699bc6e9 CURLOPT_SSL_OPTIONS: added
Allow an appliction to set libcurl specific SSL options. The first and
only options supported right now is CURLSSLOPT_ALLOW_BEAST.

It will make libcurl to disable any work-arounds the underlying SSL
library may have to address a known security flaw in the SSL3 and TLS1.0
protocol versions.

This is a reaction to us unconditionally removing that behavior after
this security advisory:

http://curl.haxx.se/docs/adv_20120124B.html

... it did however cause a lot of programs to fail because of old
servers not liking this work-around. Now programs can opt to decrease
the security in order to interoperate with old servers better.
2012-02-09 22:22:54 +01:00
Dave Reisner
2a266c1c7c curl: use new library-side TCP_KEEPALIVE options
Use the new library CURLOPT_TCP_KEEPALIVE rather than disabling this via
the sockopt callback. If --keepalive-time is used, apply the value to
CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL.
2012-02-09 19:05:40 +01:00
Dave Reisner
705f0f7a5b add library support for tuning TCP_KEEPALIVE
This adds three new options to control the behavior of TCP keepalives:

- CURLOPT_TCP_KEEPALIVE: enable/disable probes
- CURLOPT_TCP_KEEPIDLE: idle time before sending first probe
- CURLOPT_TCP_KEEPINTVL: delay between successive probes

While not all operating systems support the TCP_KEEPIDLE and
TCP_KEEPINTVL knobs, the library will still allow these options to be
set by clients, silently ignoring the values.
2012-02-09 18:53:51 +01:00
Daniel Stenberg
ea055407fa curl_easy_reset: reset the referer string
When CURLOPT_REFERER has been used, curl_easy_reset() did not properly
clear it.

Verified with the new test 598

Bug: http://curl.haxx.se/bug/view.cgi?id=3481551
Reported by: Michael Day
2012-02-07 23:07:43 +01:00
Yang Tse
4405039fdc curl tool: allow glob-loops to abort again upon critical errors
This prevents clobbering of non recoverable error return codes while
retaining intended functionality of commit 65103efe
2012-02-07 22:10:01 +01:00
Daniel Stenberg
65103efe49 curl tool: don't abort glob-loop due to failures
We want to continue to the next URL to try even on failures returned
from libcurl. This makes -f with ranges still get subsequent URLs even
if occasional ones return error. This was a regression as it used to
work and broke in the 7.23.0 release.

Added test case 1328 to verify the fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3481223
Reported by: Juan Barreto
2012-02-06 16:52:17 +01:00
Daniel Stenberg
466150bc64 CONNECT: send correct Host: with IPv6 numerical address
When the target host was given as a IPv6 numerical address, it was not
properly put within square brackets for the Host: header in the CONNECT
request. The "normal" request did fine.

Reported by: "zooloo"
Bug: http://curl.haxx.se/bug/view.cgi?id=3482093
2012-01-31 22:52:10 +01:00
Martin Storsjo
f710aa40b3 Explicitly link to the nettle/gcrypt libraries
When support for nettle was added in 64f328c787, I overlooked
the fact that AC_CHECK_LIB doesn't add the tested lib to LIBS
if the check succeeded, if a custom success code block was present.
(The previous version of the check had an empty block for
successful checks, adding the lib to LIBS implicitly.)

Therefore, explicitly add either nettle or gcrypt to LIBS, after
deciding which one to use. Even if they can be linked in
transitively, it is safer to actually link explicitly to them.

This fixes building with gnutls with linkers that don't allow
linking transitively, such as for windows.
2012-01-28 14:09:51 +01:00
Pierre Ynard
f4d3c0cbfb more resilient connection times among IP addresses
When connecting to a domain with multiple IP addresses, allow different,
decreasing connection timeout values. This should guarantee some
connections attempts with sufficiently long timeouts, while still
providing fallback.
2012-01-28 14:00:52 +01:00
Pierre Ynard
4d2737bcb2 remove write-only variable 2012-01-28 13:58:49 +01:00
Pierre Joye
8ee2576b6f Merge branch 'master' of github.com:bagder/curl 2012-01-26 16:39:53 +01:00
Pierre Joye
575f3c30ed - fix IPV6 and IDN options 2012-01-26 16:39:26 +01:00
Yang Tse
cf9fb08ca4 TODO-RELEASE: added item #308 2012-01-25 23:35:42 +01:00
Daniel Stenberg
5a53409e2c THANKS: imported contributors from 7.24.0 RELEASE-NOTES 2012-01-25 13:53:10 +01:00
Yang Tse
e277d3b52b test harness: update stunnel.pem Diffie-Hellman parameters from 512 to 1024 bit 2012-01-25 11:50:44 +01:00
Yang Tse
93e344bbf4 version: start working on 7.24.1-DEV 2012-01-25 11:27:39 +01:00
Dan Fandrich
75b6f7d9ef curl_easy_setopt.3: Fixed SEEKDATA & CLOSESOCKETDATA descriptions 2012-01-24 21:31:57 -08:00
Daniel Stenberg
a8e063b087 RELEASE-NOTES: synced with 70f71bb99f
Synced and prepared for 7.24.0 release. Two security problems, one bug fix,
two more contributors.
2012-01-24 09:24:37 +01:00
Daniel Stenberg
70f71bb99f gnutls: enforced use of SSLv3
With advice from Nikos Mavrogiannopoulos, changed the priority string to
add "actual priorities" and favour ARCFOUR. This makes libcurl work
better when enforcing SSLv3 with GnuTLS. Both in the sense that the
libmicrohttpd test is now working again but also that it mitigates a
weakness in the older SSL/TLS protocols.

Bug: http://curl.haxx.se/mail/lib-2012-01/0225.html
Reported by: Christian Grothoff
2012-01-24 08:54:26 +01:00
Daniel Stenberg
c11c30a8c8 tests: test CRLF in URLs
Related to the security vulnerability: CVE-2012-0036

Bug: http://curl.haxx.se/docs/adv_20120124.html
2012-01-24 08:54:26 +01:00
Daniel Stenberg
75ca568fa1 URL sanitize: reject URLs containing bad data
Protocols (IMAP, POP3 and SMTP) that use the path part of a URL in a
decoded manner now use the new Curl_urldecode() function to reject URLs
with embedded control codes (anything that is or decodes to a byte value
less than 32).

URLs containing such codes could easily otherwise be used to do harm and
allow users to do unintended actions with otherwise innocent tools and
applications. Like for example using a URL like
pop3://pop3.example.com/1%0d%0aDELE%201 when the app wants a URL to get
a mail and instead this would delete one.

This flaw is considered a security vulnerability: CVE-2012-0036

Security advisory at: http://curl.haxx.se/docs/adv_20120124.html

Reported by: Dan Fandrich
2012-01-24 08:54:26 +01:00
Daniel Stenberg
db1a856b4f OpenSSL: don't disable security work-around
OpenSSL added a work-around for a SSL 3.0/TLS 1.0 CBC vulnerability
(http://www.openssl.org/~bodo/tls-cbc.txt). In 0.9.6e they added a bit
to SSL_OP_ALL that _disables_ that work-around despite the fact that
SSL_OP_ALL is documented to do "rather harmless" workarounds.

The libcurl code uses the SSL_OP_ALL define and thus logically always
disables the OpenSSL fix.

In order to keep the secure work-around workding, the
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit must not be set and this change
makes sure of this.

Reported by: product-security at Apple
2012-01-24 08:54:26 +01:00
Daniel Stenberg
ee57e9dea6 RELEASE-NOTES: synced with 6e2fd2c9ea
3 more bugfixes, 3 more contributors
2012-01-22 23:44:51 +01:00
Daniel Stenberg
6e2fd2c9ea CURLOPT_ACCEPTTIMEOUT_MS: spellfix 2012-01-22 00:00:55 +01:00
Dan Fandrich
5d7a319a55 examples: updated README with two new example programs 2012-01-20 22:44:59 -08:00
Daniel Stenberg
7883cd5af3 URL parse: user name with ipv6 numerical address
Using a URL with embedded user name and password didn't work if the host
was given as a numerical IPv6 string, like ftp://user:password@[::1]/

Reported by: Brandon Wang
Bug: http://curl.haxx.se/mail/archive-2012-01/0047.html
2012-01-20 23:32:43 +01:00
Yang Tse
d7af7de5b2 telnet.c: fix OOM triggered segfault 2012-01-20 00:11:15 +01:00
Yang Tse
a7e8f4aabc testtrace.c: fix compiler warning 2012-01-19 22:54:57 +01:00
Yang Tse
e64d332e79 OpenSSL: follow-up for commit a20daf90e3
avoid checking preprocessor definition official value
2012-01-19 22:29:00 +01:00
Pierre Joye
00e615de7e - s, use, enable, for options name, avoiding conflicts with the names used in the makefile 2012-01-19 14:08:24 +01:00
Daniel Stenberg
b2aaf3c2ad curl.1: improve --stderr wording
As is pointed out in this bug report, there can indeed be situation
where --stderr has a point even when the "real" stderr can be
redirected. Remove the superfluous and wrong comment.

bug: http://curl.haxx.se/bug/view.cgi?id=3476020
2012-01-19 13:42:56 +01:00