Commit Graph

19882 Commits

Author SHA1 Message Date
Daniel Stenberg
903b6e0556 pretransfer: init state.infilesize here, not in add_handle
... to properly support that options are set to the handle after it is
added to the multi handle.

Bug: http://curl.haxx.se/mail/lib-2015-06/0122.html
Reported-by: Stefan Bühler
2015-06-23 17:48:37 -07:00
Lior Kaplan
f44b803f16 tool_help: fix --tlsv1 help text to use >= for TLSv1 2015-06-21 13:33:11 -04:00
Jay Satiro
6842afbf44 INSTALL: Advise use of non-native SSL for Windows <= XP
Advise that WinSSL in versions <= XP will not be able to connect to
servers that no longer support the legacy handshakes and algorithms used
by those versions, and to use an alternate backend like OpenSSL instead.

Bug: https://github.com/bagder/curl/issues/253
Reported-by: zenden2k <zenden2k@gmail.com>
2015-06-20 18:45:25 -04:00
Kamil Dudka
ea1eec8ea8 curl_easy_setopt.3: restore contents removed by mistake
... in commit curl-7_43_0-18-g570076e
2015-06-19 10:07:32 -04:00
Daniel Stenberg
570076e82c curl_easy_setopt.3: mention CURLOPT_PIPEWAIT 2015-06-19 15:47:27 +02:00
Jay Satiro
ef0fdb83b8 cookie: Fix bug in export if any-domain cookie is present
In 3013bb6 I had changed cookie export to ignore any-domain cookies,
however the logic I used to do so was incorrect, and would lead to a
busy loop in the case of exporting a cookie list that contained
any-domain cookies. The result of that is worse though, because in that
case the other cookies would not be written resulting in an empty file
once the application is terminated to stop the busy loop.
2015-06-18 19:37:20 -04:00
Dan Fandrich
1c3811f4fd FTP: fixed compiling with --disable-proxy, broken in b88f980a 2015-06-18 23:20:10 +02:00
Daniel Stenberg
afbee791d5 tool: always provide negotiate/kerberos options
libcurl can still be built with it, even if the tool is not. Maintain
independence!
2015-06-18 16:57:38 +02:00
Daniel Stenberg
2546134b97 TODO: Support IDNA2008 2015-06-18 16:32:47 +02:00
Viktor Szakats
93aacc3050 Makefile.m32: add support for CURL_LDFLAG_EXTRAS
It is similar to existing CURL_CFLAG_EXTRAS, but for
extra linker option.
2015-06-18 14:43:26 +02:00
Daniel Stenberg
307f212379 RTSP: removed another piece of dead code
Coverity CID 1306668
2015-06-18 14:29:57 +02:00
Daniel Stenberg
26ddc536b0 openssl: fix use of uninitialized buffer
Make sure that the error buffer is always initialized and simplify the
use of it to make the logic easier.

Bug: https://github.com/bagder/curl/issues/318
Reported-by: sneis
2015-06-18 14:20:31 +02:00
Daniel Stenberg
0e7d76d6a8 examples: more descriptions 2015-06-18 11:38:54 +02:00
Daniel Stenberg
26583a62ab examples: add descriptions with <DESC>
Using this fixed format for example descriptions, we can generate a
better list on the web site.
2015-06-18 10:17:02 +02:00
Daniel Stenberg
cf6ef2dc92 libcurl-errors.3: fix typo 2015-06-18 00:17:47 +02:00
Daniel Stenberg
3b93f1a3ec curl_easy_setopt.3: option order doesn't matter 2015-06-18 00:09:46 +02:00
Daniel Stenberg
46d0eba2e9 openssl: fix build with BoringSSL
OPENSSL_load_builtin_modules does not exist in BoringSSL. Regression
from cae43a1
2015-06-18 00:06:46 +02:00
Paul Howarth
4a2398627c openssl: Fix build with openssl < ~ 0.9.8f
The symbol SSL3_MT_NEWSESSION_TICKET appears to have been introduced at
around openssl 0.9.8f, and the use of it in lib/vtls/openssl.c breaks
builds with older openssls (certainly with 0.9.8b, which is the latest
older version I have to try with).
2015-06-17 16:53:34 +02:00
Daniel Stenberg
b88f980a74 FTP: do the HTTP CONNECT for data connection blocking
** WORK-AROUND **

The introduced non-blocking general behaviour for Curl_proxyCONNECT()
didn't work for the data connection establishment unless it was very
fast. The newly introduced function argument makes it operate in a more
blocking manner, more like it used to work in the past. This blocking
approach is only used when the FTP data connecting through HTTP proxy.

Blocking like this is bad. A better fix would make it work more
asynchronously.

Bug: https://github.com/bagder/curl/issues/278
2015-06-17 14:00:12 +02:00
Daniel Stenberg
85739723ba bump: start the journey toward 7.44.0 2015-06-17 13:59:33 +02:00
Jay Satiro
f72b30e6fb CURLOPT_ERRORBUFFER.3: Fix example, escape backslashes 2015-06-17 02:49:14 -04:00
Jay Satiro
52d83cb0c6 CURLOPT_ERRORBUFFER.3: Improve example 2015-06-17 02:25:51 -04:00
Daniel Stenberg
38e07886ed RELEASE-NOTES: 7.43.0 release 2015-06-17 07:44:53 +02:00
Daniel Stenberg
bdf89d80ca THANKS: updated with 7.43.0 names 2015-06-17 07:43:13 +02:00
Kamil Dudka
24a8359b25 http: do not leak basic auth credentials on re-used connections
CVE-2015-3236

This partially reverts commit curl-7_39_0-237-g87c4abb

Reported-by: Tomas Tomecek, Kamil Dudka
Bug: http://curl.haxx.se/docs/adv_20150617A.html
2015-06-17 07:43:13 +02:00
Kamil Dudka
24f0b6ebf7 test2040: verify basic auth on re-used connections 2015-06-17 07:43:13 +02:00
Daniel Stenberg
50c7f17e50 SMB: rangecheck values read off incoming packet
CVE-2015-3237

Detected by Coverity. CID 1299430.

Bug: http://curl.haxx.se/docs/adv_20150617B.html
2015-06-17 07:43:13 +02:00
Jay Satiro
3e7ec1e849 schannel: schannel_recv overhaul
This commit is several drafts squashed together. The changes from each
draft are noted below. If any changes are similar and possibly
contradictory the change in the latest draft takes precedence.

Bug: https://github.com/bagder/curl/issues/244
Reported-by: Chris Araman

%%
%% Draft 1
%%
- return 0 if len == 0. that will have to be documented.
- continue on and process the caches regardless of raw recv
- if decrypted data will be returned then set the error code to CURLE_OK
and return its count
- if decrypted data will not be returned and the connection has closed
(eg nread == 0) then return 0 and CURLE_OK
- if decrypted data will not be returned and the connection *hasn't*
closed then set the error code to CURLE_AGAIN --only if an error code
isn't already set-- and return -1
- narrow the Win2k workaround to only Win2k

%%
%% Draft 2
%%
- Trying out a change in flow to handle corner cases.

%%
%% Draft 3
%%
- Back out the lazier decryption change made in draft2.

%%
%% Draft 4
%%
- Some formatting and branching changes
- Decrypt all encrypted cached data when len == 0
- Save connection closed state
- Change special Win2k check to use connection closed state

%%
%% Draft 5
%%
- Default to CURLE_AGAIN in cleanup if an error code wasn't set and the
connection isn't closed.

%%
%% Draft 6
%%
- Save the last error only if it is an unrecoverable error.

Prior to this I saved the last error state in all cases; unfortunately
the logic to cover that in all cases would lead to some muddle and I'm
concerned that could then lead to a bug in the future so I've replaced
it by only recording an unrecoverable error and that state will persist.

- Do not recurse on renegotiation.

Instead we'll continue on to process any trailing encrypted data
received during the renegotiation only.

- Move the err checks in cleanup after the check for decrypted data.

In either case decrypted data is always returned but I think it's easier
to understand when those err checks come after the decrypted data check.

%%
%% Draft 7
%%
- Regardless of len value go directly to cleanup if there is an
unrecoverable error or a close_notify was already received. Prior to
this change we only acknowledged those two states if len != 0.

- Fix a bug in connection closed behavior: Set the error state in the
cleanup, because we don't know for sure it's an error until that time.

- (Related to above) In the case the connection is closed go "greedy"
with the decryption to make sure all remaining encrypted data has been
decrypted even if it is not needed at that time by the caller. This is
necessary because we can only tell if the connection closed gracefully
(close_notify) once all encrypted data has been decrypted.

- Do not renegotiate when an unrecoverable error is pending.

%%
%% Draft 8
%%
- Don't show 'server closed the connection' info message twice.

- Show an info message if server closed abruptly (missing close_notify).
2015-06-17 00:17:03 -04:00
Paul Oliver
28f4fc5272 Fix typo in docs
s/curret/current/
2015-06-16 12:16:55 +02:00
Viktor Szakats
45f21e0f37 docs: update URLs 2015-06-16 09:08:00 +02:00
Daniel Stenberg
f93da27756 RELEASE-NOTES: synced with f29f2cbd00 2015-06-16 09:07:37 +02:00
Viktor Szakats
f29f2cbd00 README: use secure protocol for Git repository 2015-06-15 23:45:34 +02:00
Viktor Szakats
4fd187c677 HTTP2.md: use SSL/TLS IETF URLs 2015-06-15 11:39:41 +02:00
Viktor Szakats
496e96c242 LICENSE-MIXING: update URLs
* use SSL/TLS where available
* follow permanent redirects
2015-06-15 11:37:55 +02:00
Daniel Stenberg
bb5b29ec14 LICENSE-MIXING: refreshed 2015-06-15 10:57:43 +02:00
Daniel Stenberg
75ba107767 curl_easy_duphandle: see also *reset 2015-06-15 10:37:38 +02:00
Daniel Stenberg
b430cb2a58 rtsp_do: fix DEAD CODE
"At condition p_request, the value of p_request cannot be NULL."

Coverity CID 1306668.
2015-06-15 09:05:07 +02:00
Daniel Stenberg
99eafc49bb security:choose_mech fix DEAD CODE warning
... by removing the "do {} while (0)" block.

Coverity CID 1306669
2015-06-15 09:02:46 +02:00
Daniel Stenberg
45bad4ac97 curl.1: netrc is in man section 5 2015-06-15 08:28:42 +02:00
Daniel Stenberg
f3288196ff curl.1: small format fix
use \fI-style instead of .BR for references
2015-06-15 08:26:37 +02:00
Daniel Stenberg
ff7097f72c urldata: store POST size in state.infilesize too
... to simplify checking when PUT _or_ POST have completed.

Reported-by: Frank Meier
Bug: http://curl.haxx.se/mail/lib-2015-06/0019.html
2015-06-14 23:31:01 +02:00
Dan Fandrich
55fc47a401 test1530: added http to required features 2015-06-14 22:38:39 +02:00
Drake Arconis
d186be9510 build: Fix typo from OpenSSL 1.0.2 version detection fix 2015-06-14 16:01:18 -04:00
Drake Arconis
878c5757c0 build: Properly detect OpenSSL 1.0.2 when using configure 2015-06-14 15:15:36 -04:00
Jay Satiro
dd39a67101 curl_multi_info_read.3: fix example formatting 2015-06-13 23:25:53 -04:00
Daniel Stenberg
da08a204c2 BINDINGS: there's a new R binding in town! 2015-06-13 23:10:23 +02:00
Daniel Stenberg
a9ed0fd6cb BINDINGS: added the Xojo binding 2015-06-11 23:33:49 +02:00
Joel Depooter
a3e5a4371b schannel: Add support for optional client certificates
Some servers will request a client certificate, but not require one.
This change allows libcurl to connect to such servers when using
schannel as its ssl/tls backend. When a server requests a client
certificate, libcurl will now continue the handshake without one,
rather than terminating the handshake. The server can then decide
if that is acceptable or not. Prior to this change, libcurl would
terminate the handshake, reporting a SEC_I_INCOMPLETE_CREDENTIALS
error.
2015-06-11 15:53:01 -04:00
Daniel Stenberg
4a7feea31a curl_easy_cleanup.3: provide more SEE ALSO 2015-06-11 08:32:11 +02:00
Daniel Stenberg
8d0d688296 debug: remove http2 debug leftovers 2015-06-10 23:16:37 +02:00