Commit Graph

15104 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa
ebf315e6f3 OpenSSL: Made cert hostname check conform to RFC 6125
This change replaces RFC 2818 based hostname check in OpenSSL build with
RFC 6125 [1] based one.

The hostname check in RFC 2818 is ambiguous and each project implements
it in the their own way and they are slightly different. I check curl,
gnutls, Firefox and Chrome and they are all different.

I don't think there is a bug in current implementation of hostname
check. But it is not as strict as the modern browsers do. Currently,
curl allows multiple wildcard character '*' and it matches '.'. (as
described in the comment in ssluse.c).

Firefox implementation is also based on RFC 2818 but it only allows at
most one wildcard character and it must be in the left-most label in the
pattern and the wildcard must not be followed by any character in the
label.[2] Chromium implementation is based on RFC 6125 as my patch does.
Firefox and Chromium both require wildcard in the left-most label in the
presented identifier.

This patch is more strict than the current implementation, so there may
be some cases where old curl works but new one does not. But at the same
time I think it is good practice to follow the modern browsers do and
follow the newer RFC.

[1] http://tools.ietf.org/html/rfc6125#section-6.4.3
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=159483
2012-04-01 20:10:37 +02:00
Daniel Stenberg
c44d45db86 HTTP: reset expected DL/UL sizes on redirects
With FOLLOWLOCATION enabled. When a 3xx page is downloaded and the
download size was known (like with a Content-Length header), but the
subsequent URL (transfered after the 3xx page) was chunked encoded, then
the previous "known download size" would linger and cause the progress
meter to get incorrect information, ie the former value would remain
being sent in. This could easily result in downloads that were WAY
larger than "expected" and would cause >100% outputs with the curl
command line tool.

Test case 599 was created and it was used to repeat the bug and then
verify the fix.

Bug: http://curl.haxx.se/bug/view.cgi?id=3510057
Reported by: Michael Wallner
2012-04-01 00:07:24 +02:00
Gökhan Şengün
7a2647e162 smtp: Add support for DIGEST-MD5 authentication 2012-03-31 22:31:19 +01:00
Gökhan Şengün
9bae9ddad9 smtp: Cody tidy up of md5 digest length
Replaced the hard coded md5 digest length (16) with a preprocessor
constant
2012-03-31 22:31:18 +01:00
Gökhan Şengün
004d7251ab md5: Add support for calculating the md5 sum of buffers incrementally
It is now possible to calculate the md5 sum as the stream of buffers
becomes known where as previously it was only possible to calculate the
md5 sum of a pre-prepared buffer.
2012-03-31 22:31:16 +01:00
Daniel Stenberg
33d044a862 Revert "mk-ca-bundle.pl: use LWP::UserAgent for https"
This reverts commit 9f0e1689f1.

It turned out that "improvement" instead made the fetching of the
certificates unreliable

Bug: http://curl.haxx.se/mail/lib-2012-03/0238.html
Reported by: Tim Heckman
2012-03-31 19:51:36 +02:00
Steve Holme
a9086e8a4b DOCS: Added information regarding POP3 commands to CURLOPT_CUSTOMREQUEST 2012-03-31 18:50:04 +01:00
Steve Holme
761c3c5446 pop3: Added support for additional pop3 commands
This feature allows the user to specify and use additional POP3
commands such as UIDL and DELE via libcurl's CURLOPT_CUSTOMREQUEST or
curl's -X command line option.
2012-03-31 18:46:22 +01:00
tetetest tetetest
66c0e26e28 CMakeLists.txt: fix Windows LDAP/LDAPS option handling
bug: http://curl.haxx.se/mail/lib-2012-03/0278.html
2012-03-30 19:03:12 +02:00
tetetest tetetest
7d1b715605 CMakeLists.txt: fix MS Visual Studio x64 unsigned long long literal suffix
bug: http://curl.haxx.se/mail/lib-2012-03/0255.html
2012-03-29 21:18:55 +02:00
Steve Holme
9f494fe423 TODO: Corrected POP3 section heading 2012-03-28 22:23:17 +01:00
Yang Tse
809c809281 curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
Take in account that h_errno might be a modifiable lvalue not defined as
a C preprocessor macro
2012-03-28 18:48:38 +02:00
Steve Holme
0580b60622 TODO: Added SMTP and POP3 specific features 2012-03-27 21:58:59 +01:00
Olaf Flebbe
4bdb664c33 tool_cb_dbg.c: fix tool_cb_dbg() to behave properly even for size 0
curl segfault in debug callback triggered with CURLINFO_HEADER_OUT and size 0

bug: http://curl.haxx.se/bug/view.cgi?id=3511794
2012-03-27 22:16:25 +02:00
Yang Tse
459435dca1 test #1405: support HTTP disabled builds 2012-03-26 23:54:27 +02:00
Steve Holme
3fdb7808ef test #809: Updated error code to match recent pop3 changes 2012-03-26 21:08:16 +01:00
Yang Tse
97ff646fc1 ssh.c: code cleanup, Curl_safefree() already nullifies pointer 2012-03-25 18:30:17 +02:00
Yang Tse
9801596fb3 fix some compiler warnings 2012-03-25 18:30:16 +02:00
Steve Holme
982315573c pop3.c: Corrected problem with state() introduced in 01690ed2bc 2012-03-25 12:47:39 +01:00
Steve Holme
9f96e6da28 pop.c: Small code tidy up 2012-03-25 11:28:59 +01:00
Steve Holme
01690ed2bc pop3: Removed the need for the single message LIST command handler
Simplified the code to remove the need for a separate "LIST <msg id>"
command handler and state machine and instead use the LIST command
handler for both operations.
2012-03-25 11:21:59 +01:00
Steve Holme
2da89708ec pop3.c: Code policing and tidy up
Corrected character and line spacing and re-ordered list and retr
functions based on the order of their state machines.
2012-03-24 12:28:11 +00:00
Steve Holme
5c62a551c4 email: Moved server greeting responses into separate functions
Moved the server greeting response handling code from the statemach_act
functions to separate response functions. This makes the code simpler
to follow and provides consistency with the other responses that are
handled here.
2012-03-24 11:55:34 +00:00
Steve Holme
602a8a565c pop3.c: Fixed body data being written when CURLOPT_NOBODY is specified
Body data would be forwarded to the client application in both the RETR
and LIST commands even if CURLOPT_NOBODY was specified.
2012-03-24 00:09:38 +00:00
Rodrigo Silva (MestreLion)
c4a8446c70 docs: clarify -z/--time-cond with filename (mention mtime)
Original wording could lead users in thinking it tries to
somehow parse the filename for a date expression (like
news_2012_03_05.html). It never mentions that it actually
reads the mtime of the file in filesystem.
2012-03-23 23:13:27 +01:00
Yang Tse
456d8db35e tests #1316 #1319 #1320 #1321: add missing keywords 2012-03-23 18:31:29 +01:00
Yang Tse
e952a7e710 test #598: add missing keywords 2012-03-23 18:15:34 +01:00
Yang Tse
682f0840e7 version: start working on 7.25.1-DEV 2012-03-23 16:59:03 +01:00
Benjamin Johnson
f85ec43f24 configure: check for gethostbyname in the watt lib
This allows building of libcurl on DOS using DJGPP 2.04 and Watt-32
sockets. I know there's already Makefile.djgpp, but I find this more
convenient since I'm used to using the ./configure script from other
platforms
2012-03-22 23:33:33 +01:00
Daniel Stenberg
b5713887ae THANKS: 8 new contributors from 7.25.0 2012-03-22 22:22:08 +01:00
Daniel Stenberg
c1babfad8a RELEASE-NOTES: synced with b8b2cf612b 2012-03-22 19:40:25 +01:00
Yang Tse
b8b2cf612b tests #1400 #1401: add missing keywords 2012-03-22 18:32:19 +01:00
Yang Tse
fe93b0a874 http_proxy.h: fix builds with proxy or http disabled 2012-03-22 17:27:14 +01:00
Yang Tse
e8a32438c2 parsedate.c: fix a numeric overflow 2012-03-22 15:54:34 +01:00
Andrei Cipu
97b66ebefe cookies: strip the numerical ipv6 host properly
The commit e650dbde86 that stripped off [brackets] from ipv6-only host
headers for the sake of cookie parsing wrongly incremented the host
pointer which would cause a bad free() call later on.
2012-03-22 08:56:33 +01:00
Yang Tse
d2e5222ebc test #598: add to Makefile.am 2012-03-22 04:59:16 +01:00
Yang Tse
3aab542e77 test #598: OOM handling fixes 2012-03-22 04:58:38 +01:00
Yang Tse
3c80309c27 fix several compiler warnings 2012-03-22 04:54:04 +01:00
Daniel Stenberg
c83de6d076 CONNECT: fix multi interface regression
The refactoring of HTTP CONNECT handling in commit 41b0237834 that
made it protocol independent broke it for the multi interface. This fix
now introduce a better state handling and moved some logic to the
http_proxy.c source file.

Reported by: Yang Tse
Bug: http://curl.haxx.se/mail/lib-2012-03/0162.html
2012-03-22 00:12:37 +01:00
Daniel Stenberg
805788e043 SWS: refuse to serve CONNECT unless running as proxy 2012-03-22 00:12:37 +01:00
Yang Tse
dddcd3b042 curl-functions.m4: update detection logic of getaddrinfo() thread-safeness
Take in account that POSIX standard Issue 7 drops h_errno support. Now, we also
consider getaddrinfo() to be thread-safe when (_POSIX_C_SOURCE >= 200809L) or
(_XOPEN_SOURCE >= 700) independently of whether h_errno exists or not.
2012-03-21 01:02:58 +01:00
Yang Tse
c6825b7a6b fix several compiler warnings 2012-03-20 18:28:24 +01:00
Yang Tse
e6a89cb6c4 tests 140X: fix --libcurl generated source file reading mode for MSYS builds 2012-03-18 05:56:07 +01:00
Yang Tse
fe7613932e tool_easysrc.c: fix --libcurl option output file text translation mode
Use fopen() with "w" mode instead of "wt" to fix cygwin builds.
2012-03-18 05:54:10 +01:00
Yang Tse
ffb67599b3 build: remove tool_cb_skt.[ch] references 2012-03-18 05:35:30 +01:00
Daniel Stenberg
47236d89c0 RELEASE-NOTES: synced with ad77420ac7
3 more bugs, 1 more contributor
2012-03-18 00:26:56 +01:00
Daniel Stenberg
ad77420ac7 lwip: basic checks and macros for compatiblity 2012-03-17 23:02:21 +01:00
Yang Tse
804da995c5 tool_setopt.c: more OOM handling fixes 2012-03-17 20:55:15 +01:00
Daniel Stenberg
ede9ad43fc cmake: list_spaces_append_once fails with spaces in filename
Windows standard libraries are located in C:/Program Files/Microsoft
SDKs/[...]. They are already included in the default MSVC
LIBPATH. Hence, find_library(WSOCK32_LIBRARY wsock32) and
find_library(WS2_32_LIBRARY ws2_32) are not needed. They return the full
path to the libraries including spaces. Of course,
list_spaces_append_once will mangle the result and the build fails.

Bug: http://curl.haxx.se/bug/view.cgi?id=3494968
2012-03-16 22:42:17 +01:00
Yang Tse
0c8e36c18a http_proxy.c: fix OOM handling 2012-03-16 20:11:22 +01:00