generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:HTTPS-proxy
Branches Tags
generic-library:main generic-library:HTTPS-proxy generic-library:issue-346 generic-library:http2-push generic-library:7_42
generic-library:curl-7_48_0 generic-library:curl-7_47_1 generic-library:curl-7_47_0 generic-library:curl-7_46_0 generic-library:curl-7_45_0 generic-library:curl-7_44_0 generic-library:curl-7_43_0 generic-library:curl-7_42_1 generic-library:curl-7_42_0 generic-library:curl-7_41_0 generic-library:curl-7_40_0 generic-library:curl-7_39_0 generic-library:curl-7_38_0 generic-library:curl-7_37_1 generic-library:curl-7_37_0-annotated generic-library:curl-7_37_0 generic-library:curl-7_36_0 generic-library:curl-7_35_0 generic-library:curl-7_34_0 generic-library:curl-7_33_0 generic-library:curl-7_32_0 generic-library:curl-7_31_0 generic-library:curl-7_30_0 generic-library:curl-7_29_0 generic-library:curl-7_28_1 generic-library:curl-7_28_0 generic-library:curl-7_27_0 generic-library:curl-7_26_0 generic-library:curl-7_25_0 generic-library:curl-7_24_0 generic-library:curl-7_23_1 generic-library:curl-7_23_0 generic-library:curl-7_22_0 generic-library:curl-7_21_7 generic-library:curl-7_21_6 generic-library:curl-7_21_5 generic-library:curl-7_21_4 generic-library:curl-7_21_3 generic-library:curl-7_21_2 generic-library:curl-7_21_1 generic-library:curl-7_21_0 generic-library:curl-7_20_1 generic-library:curl-7_20_0 generic-library:cares-1_7_0 generic-library:curl-7_19_7 generic-library:curl-7_19_6 generic-library:curl-7_19_5 generic-library:curl-7_19_4 generic-library:curl-7_19_3 generic-library:cares-1_6_0 generic-library:curl-7_19_2 generic-library:curl-7_19_1 generic-library:curl-7_19_0 generic-library:cares-1_5_3 generic-library:curl-7_18_2 generic-library:cares-1_5_2 generic-library:curl-7_18_1 generic-library:curl-7_18_0 generic-library:cares-1_5_1 generic-library:cares-1_5_0 generic-library:curl-7_17_1 generic-library:curl-7_17_0 generic-library:curl-7_17_0-preldapfix generic-library:curl-7_16_4 generic-library:curl-7_16_3 generic-library:cares-1_4_0 generic-library:curl-7_16_2 generic-library:curl-7_16_1 generic-library:cares-1_3_2 generic-library:curl-7_16_0 generic-library:curl-7_15_6-prepipeline generic-library:curl-7_15_5 generic-library:cares-1_3_1 generic-library:curl-7_15_4 generic-library:curl-7_15_3 generic-library:curl-7_15_2 generic-library:curl-7_15_1 generic-library:curl-7_15_0 generic-library:curl-7_14_1 generic-library:c-ares-1_3_0 generic-library:curl-7_14_0 generic-library:pre-sockfilt generic-library:curl-7_13_2 generic-library:curl-7_13_1 generic-library:before_ftp_statemachine generic-library:curl-7_13_0 generic-library:curl-7_12_3 generic-library:cares-1_2_1 generic-library:curl-7_12_2 generic-library:curl-7_12_1 generic-library:pre-aifix generic-library:curl-7_12_0 generic-library:curl-7_11_2 generic-library:c-ares-1_2_0 generic-library:curl-7_11_1 generic-library:cares-1_1_0 generic-library:curl-7_11_0 generic-library:curl-7_10_8 generic-library:curl-7_10_7 generic-library:pre-ares generic-library:curl-7_10_6 generic-library:curl-7_10_5 generic-library:curl-7_10_4 generic-library:curl-7_10_3 generic-library:curl-7_10_2 generic-library:curl-7_10_1 generic-library:curl-7_10 generic-library:curl-7_9_8 generic-library:curl-7_9_7 generic-library:curl-7_9_7-pre2 generic-library:curl-7_9_6 generic-library:curl-7_9_5 generic-library:curl-7_9_5-pre4 generic-library:curl-7_9_5-pre2 generic-library:curl-7_9_4 generic-library:curl-7_9_3 generic-library:curl-7_9_3-pre3 generic-library:curl-7_9_3-pre2 generic-library:curl-7_9_3-pre1 generic-library:pre-host-cache generic-library:curl-7_9_2 generic-library:curl-7_9_1 generic-library:curl-7_9 generic-library:Curl_easy_1-1-8 generic-library:Curl_easy_1-1-7 generic-library:before_urldata_rename generic-library:curl-7_8_1 generic-library:curl-7_8_1-pre3 generic-library:curl-7_8 generic-library:curl-7_8-pre2 generic-library:curl-7_7_3 generic-library:curl-7_7_2 generic-library:curl-7_7_1 generic-library:curl-7_7 generic-library:curl-7_7-beta5 generic-library:curl-7_7-beta3 generic-library:curl-7_7-beta2 generic-library:curl-7_7-beta1 generic-library:curl-7_7_alpha2 generic-library:curl-7_6_1 generic-library:curl-7_6_1-pre3 generic-library:curl-7_6_1-pre2 generic-library:curl-7_6_1-pre1 generic-library:curl-7_6 generic-library:curl-7_6-pre4 generic-library:curl_7_6-pre3 generic-library:curl-7_5_2 generic-library:pre-header-change generic-library:curl-7_5 generic-library:curl-7_4_1 generic-library:curl-7_3 generic-library:curl-7_2 generic-library:curl-7_1_1 generic-library:v7_0_2beta generic-library:curl-6_5_2 generic-library:curl-6_5_1 generic-library:curl-6_5
..
compare: generic-library:issue-346
Branches Tags
generic-library:main generic-library:HTTPS-proxy generic-library:issue-346 generic-library:http2-push generic-library:7_42
generic-library:curl-7_48_0 generic-library:curl-7_47_1 generic-library:curl-7_47_0 generic-library:curl-7_46_0 generic-library:curl-7_45_0 generic-library:curl-7_44_0 generic-library:curl-7_43_0 generic-library:curl-7_42_1 generic-library:curl-7_42_0 generic-library:curl-7_41_0 generic-library:curl-7_40_0 generic-library:curl-7_39_0 generic-library:curl-7_38_0 generic-library:curl-7_37_1 generic-library:curl-7_37_0-annotated generic-library:curl-7_37_0 generic-library:curl-7_36_0 generic-library:curl-7_35_0 generic-library:curl-7_34_0 generic-library:curl-7_33_0 generic-library:curl-7_32_0 generic-library:curl-7_31_0 generic-library:curl-7_30_0 generic-library:curl-7_29_0 generic-library:curl-7_28_1 generic-library:curl-7_28_0 generic-library:curl-7_27_0 generic-library:curl-7_26_0 generic-library:curl-7_25_0 generic-library:curl-7_24_0 generic-library:curl-7_23_1 generic-library:curl-7_23_0 generic-library:curl-7_22_0 generic-library:curl-7_21_7 generic-library:curl-7_21_6 generic-library:curl-7_21_5 generic-library:curl-7_21_4 generic-library:curl-7_21_3 generic-library:curl-7_21_2 generic-library:curl-7_21_1 generic-library:curl-7_21_0 generic-library:curl-7_20_1 generic-library:curl-7_20_0 generic-library:cares-1_7_0 generic-library:curl-7_19_7 generic-library:curl-7_19_6 generic-library:curl-7_19_5 generic-library:curl-7_19_4 generic-library:curl-7_19_3 generic-library:cares-1_6_0 generic-library:curl-7_19_2 generic-library:curl-7_19_1 generic-library:curl-7_19_0 generic-library:cares-1_5_3 generic-library:curl-7_18_2 generic-library:cares-1_5_2 generic-library:curl-7_18_1 generic-library:curl-7_18_0 generic-library:cares-1_5_1 generic-library:cares-1_5_0 generic-library:curl-7_17_1 generic-library:curl-7_17_0 generic-library:curl-7_17_0-preldapfix generic-library:curl-7_16_4 generic-library:curl-7_16_3 generic-library:cares-1_4_0 generic-library:curl-7_16_2 generic-library:curl-7_16_1 generic-library:cares-1_3_2 generic-library:curl-7_16_0 generic-library:curl-7_15_6-prepipeline generic-library:curl-7_15_5 generic-library:cares-1_3_1 generic-library:curl-7_15_4 generic-library:curl-7_15_3 generic-library:curl-7_15_2 generic-library:curl-7_15_1 generic-library:curl-7_15_0 generic-library:curl-7_14_1 generic-library:c-ares-1_3_0 generic-library:curl-7_14_0 generic-library:pre-sockfilt generic-library:curl-7_13_2 generic-library:curl-7_13_1 generic-library:before_ftp_statemachine generic-library:curl-7_13_0 generic-library:curl-7_12_3 generic-library:cares-1_2_1 generic-library:curl-7_12_2 generic-library:curl-7_12_1 generic-library:pre-aifix generic-library:curl-7_12_0 generic-library:curl-7_11_2 generic-library:c-ares-1_2_0 generic-library:curl-7_11_1 generic-library:cares-1_1_0 generic-library:curl-7_11_0 generic-library:curl-7_10_8 generic-library:curl-7_10_7 generic-library:pre-ares generic-library:curl-7_10_6 generic-library:curl-7_10_5 generic-library:curl-7_10_4 generic-library:curl-7_10_3 generic-library:curl-7_10_2 generic-library:curl-7_10_1 generic-library:curl-7_10 generic-library:curl-7_9_8 generic-library:curl-7_9_7 generic-library:curl-7_9_7-pre2 generic-library:curl-7_9_6 generic-library:curl-7_9_5 generic-library:curl-7_9_5-pre4 generic-library:curl-7_9_5-pre2 generic-library:curl-7_9_4 generic-library:curl-7_9_3 generic-library:curl-7_9_3-pre3 generic-library:curl-7_9_3-pre2 generic-library:curl-7_9_3-pre1 generic-library:pre-host-cache generic-library:curl-7_9_2 generic-library:curl-7_9_1 generic-library:curl-7_9 generic-library:Curl_easy_1-1-8 generic-library:Curl_easy_1-1-7 generic-library:before_urldata_rename generic-library:curl-7_8_1 generic-library:curl-7_8_1-pre3 generic-library:curl-7_8 generic-library:curl-7_8-pre2 generic-library:curl-7_7_3 generic-library:curl-7_7_2 generic-library:curl-7_7_1 generic-library:curl-7_7 generic-library:curl-7_7-beta5 generic-library:curl-7_7-beta3 generic-library:curl-7_7-beta2 generic-library:curl-7_7-beta1 generic-library:curl-7_7_alpha2 generic-library:curl-7_6_1 generic-library:curl-7_6_1-pre3 generic-library:curl-7_6_1-pre2 generic-library:curl-7_6_1-pre1 generic-library:curl-7_6 generic-library:curl-7_6-pre4 generic-library:curl_7_6-pre3 generic-library:curl-7_5_2 generic-library:pre-header-change generic-library:curl-7_5 generic-library:curl-7_4_1 generic-library:curl-7_3 generic-library:curl-7_2 generic-library:curl-7_1_1 generic-library:v7_0_2beta generic-library:curl-6_5_2 generic-library:curl-6_5_1 generic-library:curl-6_5

1 Commits
HTTPS-prox ... issue-346

Author SHA1 Message Date
Daniel Stenberg
d363db6ee8 fread_func: move callback pointer from set to state struct 
... and assign it from the set.fread_func_set pointer in the
Curl_init_CONNECT function. This A) avoids that we have code that
assigns fields in the 'set' struct (which we always knew was bad) and
more importantly B) it makes it impossibly to accidentally leave the
wrong value for when the handle is re-used etc.

Introducing a state-init functionality in multi.c, so that we can set a
specific function to get called when we enter a state. The
Curl_init_CONNECT is thus called when switching to the CONNECT state.

Bug: https://github.com/bagder/curl/issues/346
 2015-10-15 23:22:21 +02:00
189 changed files with 2032 additions and 5991 deletions
Expand all files Collapse all files

4
CMakeLists.txt
View File

@@ -1153,7 +1153,7 @@ set(VERSIONNUM "${CURL_VERSION_NUM}")
# Finally generate a "curl-config" matching this config
configure_file("${CURL_SOURCE_DIR}/curl-config.in"
"${CURL_BINARY_DIR}/curl-config" @ONLY)
install(FILES "${CURL_BINARY_DIR}/curl-config"
install(FILES "${CMAKE_BINARY_DIR}/curl-config"
DESTINATION bin
PERMISSIONS
OWNER_READ OWNER_WRITE OWNER_EXECUTE
@@ -1163,7 +1163,7 @@ install(FILES "${CURL_BINARY_DIR}/curl-config"
# Finally generate a pkg-config file matching this config
configure_file("${CURL_SOURCE_DIR}/libcurl.pc.in"
"${CURL_BINARY_DIR}/libcurl.pc" @ONLY)
install(FILES "${CURL_BINARY_DIR}/libcurl.pc"
install(FILES "${CMAKE_BINARY_DIR}/libcurl.pc"
DESTINATION lib/pkgconfig)
# This needs to be run very last so other parts of the scripts can take advantage of this.

2
MacOSX-Framework
View File

@@ -65,7 +65,7 @@ else
ARCHES64='-arch x86_64'
#We "know" that 10.4 and earlier do not support 64bit
OLD_SDK64=`ls $SDK_PATH|egrep -v "10.[0-4]"|head -1`
NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4][^0-9]" | head -1`
NEW_SDK64=`ls -r $SDK_PATH|egrep -v "10.[0-4]"|head -1`
if test $USE_OLD -gt 0
then
SDK64=$OLD_SDK64

89
RELEASE-NOTES
View File

@@ -2,72 +2,17 @@ Curl and libcurl 7.46.0
Public curl releases: 150
Command line options: 177
curl_easy_setopt() options: 221
curl_easy_setopt() options: 219
Public functions in libcurl: 61
Contributors: 1322
This release includes the following changes:
o configure: build silently by default
o cookies: Add support for Publix Suffix List with libpsl
o vtls: added support for mbedTLS [7]
o Added CURLOPT_STREAM_DEPENDS [8]
o Added CURLOPT_STREAM_DEPENDS_E [9]
o Added CURLOPT_STREAM_WEIGHT [10]
o Added CURLFORM_CONTENTLEN [14]
o oauth2: Added support for OAUTHBEARER SASL mechanism to IMAP, POP3 and SNMP
o
This release includes the following bugfixes:
o des: Fix header conditional for Curl_des_set_odd_parity
o ntlm: get rid of unconditional use of long long [1]
o CURLOPT_CERTINFO.3: fix reference to CURLINFO_CERTINFO
o docs: CURLINFO_LASTSOCKET => CURLINFO_ACTIVESOCKET [2]
o http2: Fix http2_recv to return -1 if recv returned -1
o curl_global_init_mem: set function pointers before doing init
o ntlm: error out without 64bit support as the code needs it [1]
o openssl: Fix set up of pkcs12 certificate verification chain
o acinclude: remove PKGCONFIG override [3]
o test1531: case the size to fix the test on non-largefile builds
o fread_func: move callback pointer from set to state struct [4]
o test1601: fix compilation with --enable-debug and --disable-crypto-auth
o http2: Don't pass unitialized name+len pairs to nghttp2_submit_request [5]
o curlbuild.h: Fix non-configure compiling to mips and sh4 targets
o tool: Generate easysrc with last cache linked-list [6]
o cmake: Fix for add_subdirectory(curl) use-case
o vtls: fix compiler warning for TLS backends without sha256
o build: fix for MSDOS/djgpp
o checksrc: add crude // detection
o http2: on_frame_recv: trust the conn/data input
o ftp: allow CURLOPT_IGNORE_CONTENT_LENGTH to ignore size [11]
o polarssl/mbedtls: fix name space pollution
o build: Fix mingw ssl gdi32 order [12]
o build: Fix support for PKG_CONFIG
o MacOSX-Framework: sdk regex fix for sdk 10.10 and later
o socks: Fix incorrect port numbers in failed connect messages
o curl.1: -E: s/private certificate/client certificate
o curl.h: s/HTTPPOST_/CURL_HTTPOST_ [13]
o curl_formadd: support >2GB files on windows [14]
o http redirects: %-encode bytes outside of ascii range [15]
o rawstr: Speed up Curl_raw_toupper by 40%
o curl_ntlm_core: fix 2 curl_off_t constant overflows.
o getinfo: CURLINFO_ACTIVESOCKET: fix bad socket value
o tftp tests: verify sent options too
o imap: Don't call imap_atom() when no mailbox specified in LIST command
o imap: Fixed double quote in LIST command when mailbox contains spaces
o imap: Don't check for continuation when executing a CUSTOMREQUEST [16]
o acinclude: Remove check for 16-bit curl_off_t
o BoringSSL: Work with stricter BIO_get_mem_data() [17]
o cmake: Add missing feature macros in config header [18]
o sasl_sspi: fixed unicode build for digest authentication [19]
o sasl_sspi: fix identity memory leak in digest authentication
o unit1602: Fixed failure in torture test
o unit1603: Added unit tests for hash functions
o vtls/openssl: remove unused traces of yassl ifdefs
o openssl: remove #ifdefs for < 0.9.7 support
o typecheck-gcc.h: add some missing options
o curl: mark two more options strings for --libcurl output
o openssl: Free modules on cleanup [20]
o
This release includes the following known bugs:
@@ -76,35 +21,9 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and
advice from friends like these:
Anders Bakken, Dan Fandrich, Daniel Hwang, Daniel Stenberg, Dmitry S. Baikov,
Douglas Creager, Erik Johansson, Gisle Vanem, Javier G. Sogo, John Levon,
Jonas Minnberg, Justin Ehlert, Kamil Dudka, Kang Lin, Kurt Fankhauser,
Lauri Kasanen, Marcel Raad, Patrick Monnerat, Rainer Jung, Ray Satiro,
Richard Hosking, Sebastian Pohlschmidt, Stefan Bühler, Steve Holme,
Svyatoslav Mishyn, Tatsuhiro Tsujikawa, Tim Rühsen, xiangbin li,
(28 contributors)
Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues:
[1] = http://curl.haxx.se/bug/?i=478
[2] = http://curl.haxx.se/bug/?i=479
[3] = http://curl.haxx.se/mail/lib-2015-10/0035.html
[4] = http://curl.haxx.se/bug/?i=346
[5] = http://curl.haxx.se/bug/?i=493
[6] = http://curl.haxx.se/bug/?i=452
[7] = http://curl.haxx.se/bug/?i=496
[8] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS.html
[9] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_DEPENDS_E.html
[10] = http://curl.haxx.se/libcurl/c/CURLOPT_STREAM_WEIGHT.html
[11] = http://curl.haxx.se/bug/?i=480
[12] = https://github.com/bagder/curl/pull/501
[13] = http://curl.haxx.se/bug/?i=506
[14] = http://curl.haxx.se/bug/?i=425
[15] = http://curl.haxx.se/bug/?i=473
[16] = http://curl.haxx.se/bug/?i=486
[17] = http://curl.haxx.se/bug/?i=524
[18] = http://curl.haxx.se/bug/?i=523
[19] = http://curl.haxx.se/bug/?i=525
[20] = http://curl.haxx.se/bug/?i=526
[1] =

24
acinclude.m4
View File

@@ -2837,6 +2837,7 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
#
x_LP64_long=""
x_LP32_long=""
x_LP16_long=""
#
if test "$ac_cv_sizeof_long" -eq "8" &&
test "$ac_cv_sizeof_voidp" -ge "8"; then
@@ -2844,6 +2845,9 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
elif test "$ac_cv_sizeof_long" -eq "4" &&
test "$ac_cv_sizeof_voidp" -ge "4"; then
x_LP32_long="long"
elif test "$ac_cv_sizeof_long" -eq "2" &&
test "$ac_cv_sizeof_voidp" -ge "2"; then
x_LP16_long="long"
fi
#
dnl DO_CURL_OFF_T_CHECK results are stored in next 3 vars
@@ -2877,6 +2881,17 @@ AC_DEFUN([CURL_CONFIGURE_CURL_OFF_T], [
done
AC_MSG_RESULT([$curl_typeof_curl_off_t])
fi
if test "$curl_typeof_curl_off_t" = "unknown"; then
AC_MSG_CHECKING([for 16-bit curl_off_t data type])
for t2 in \
"$x_LP16_long" \
'int16_t' \
'__int16' \
'int' ; do
DO_CURL_OFF_T_CHECK([$t2], [2])
done
AC_MSG_RESULT([$curl_typeof_curl_off_t])
fi
if test "$curl_typeof_curl_off_t" = "unknown"; then
AC_MSG_ERROR([cannot find data type for curl_off_t.])
fi
@@ -3037,14 +3052,9 @@ dnl Optionally PKG_CONFIG_LIBDIR may be given as $pcdir.
dnl
AC_DEFUN([CURL_CHECK_PKGCONFIG], [
if test -n "$PKG_CONFIG"; then
PKGCONFIG="$PKG_CONFIG"
else
AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no],
[$PATH:/usr/bin:/usr/local/bin])
fi
AC_PATH_TOOL( PKGCONFIG, pkg-config, no, $PATH:/usr/bin:/usr/local/bin)
if test "x$PKGCONFIG" != "xno"; then
if test x$PKGCONFIG != xno; then
AC_MSG_CHECKING([for $1 options with pkg-config])
dnl ask pkg-config about $1
itexists=`CURL_EXPORT_PCDIR([$2]) dnl

154
configure.ac
View File

@@ -149,7 +149,7 @@ AC_SUBST(PKGADD_VENDOR)
dnl
dnl initialize all the info variables
curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,axtls,winssl,darwinssl} )"
curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl,darwinssl} )"
curl_ssh_msg="no (--with-libssh2)"
curl_zlib_msg="no (--with-zlib)"
curl_gss_msg="no (--with-gssapi)"
@@ -167,7 +167,6 @@ curl_verbose_msg="enabled (--disable-verbose)"
curl_rtsp_msg="no (--enable-rtsp)"
curl_rtmp_msg="no (--with-librtmp)"
curl_mtlnk_msg="no (--with-libmetalink)"
curl_psl_msg="no (--with-libpsl)"
init_ssl_msg=${curl_ssl_msg}
@@ -1399,24 +1398,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
CLEANCPPFLAGS="$CPPFLAGS"
CLEANLIBS="$LIBS"
dnl This is for Msys/Mingw
case $host in
*-*-msys* | *-*-mingw*)
AC_MSG_CHECKING([for gdi32])
my_ac_save_LIBS=$LIBS
LIBS="-lgdi32 $LIBS"
AC_TRY_LINK([#include <windef.h>
#include <wingdi.h>],
[GdiFlush();],
[ dnl worked!
AC_MSG_RESULT([yes])],
[ dnl failed, restore LIBS
LIBS=$my_ac_save_LIBS
AC_MSG_RESULT(no)]
)
;;
esac
case "$OPT_SSL" in
yes)
dnl --with-ssl (without path) used
@@ -1495,6 +1476,24 @@ if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
CPPFLAGS="$CPPFLAGS $SSL_CPPFLAGS"
LDFLAGS="$LDFLAGS $SSL_LDFLAGS"
dnl This is for Msys/Mingw
case $host in
*-*-msys* | *-*-mingw*)
AC_MSG_CHECKING([for gdi32])
my_ac_save_LIBS=$LIBS
LIBS="-lgdi32 $LIBS"
AC_TRY_LINK([#include <windef.h>
#include <wingdi.h>],
[GdiFlush();],
[ dnl worked!
AC_MSG_RESULT([yes])],
[ dnl failed, restore LIBS
LIBS=$my_ac_save_LIBS
AC_MSG_RESULT(no)]
)
;;
esac
AC_CHECK_LIB(crypto, HMAC_Update,[
HAVECRYPTO="yes"
LIBS="-lcrypto $LIBS"
@@ -1976,93 +1975,6 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi
dnl ----------------------------------------------------
dnl check for mbedTLS
dnl ----------------------------------------------------
OPT_MBEDTLS=no
_cppflags=$CPPFLAGS
_ldflags=$LDFLAGS
AC_ARG_WITH(mbedtls,dnl
AC_HELP_STRING([--with-mbedtls=PATH],[where to look for mbedTLS, PATH points to the installation root])
AC_HELP_STRING([--without-mbedtls], [disable mbedTLS detection]),
OPT_MBEDTLS=$withval)
if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test X"$OPT_MBEDTLS" != Xno; then
if test "$OPT_MBEDTLS" = "yes"; then
OPT_MBEDTLS=""
fi
if test -z "$OPT_MBEDTLS" ; then
dnl check for lib first without setting any new path
AC_CHECK_LIB(mbedtls, mbedtls_havege_init,
dnl libmbedtls found, set the variable
[
AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
AC_SUBST(USE_MBEDTLS, [1])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
curl_ssl_msg="enabled (mbedTLS)"
], [], -lmbedx509 -lmbedcrypto)
fi
addld=""
addlib=""
addcflags=""
mbedtlslib=""
if test "x$USE_MBEDTLS" != "xyes"; then
dnl add the path and test again
addld=-L$OPT_MBEDTLS/lib$libsuff
addcflags=-I$OPT_MBEDTLS/include
mbedtlslib=$OPT_MBEDTLS/lib$libsuff
LDFLAGS="$LDFLAGS $addld"
if test "$addcflags" != "-I/usr/include"; then
CPPFLAGS="$CPPFLAGS $addcflags"
fi
AC_CHECK_LIB(mbedtls, mbedtls_ssl_init,
[
AC_DEFINE(USE_MBEDTLS, 1, [if mbedTLS is enabled])
AC_SUBST(USE_MBEDTLS, [1])
MBEDTLS_ENABLED=1
USE_MBEDTLS="yes"
curl_ssl_msg="enabled (mbedTLS)"
],
[
CPPFLAGS=$_cppflags
LDFLAGS=$_ldflags
], -lmbedx509 -lmbedcrypto)
fi
if test "x$USE_MBEDTLS" = "xyes"; then
AC_MSG_NOTICE([detected mbedTLS])
LIBS="-lmbedtls -lmbedx509 -lmbedcrypto $LIBS"
if test -n "$mbedtlslib"; then
dnl when shared libs were found in a path that the run-time
dnl linker doesn't search through, we need to add it to
dnl LD_LIBRARY_PATH to prevent further configure tests to fail
dnl due to this
if test "x$cross_compiling" != "xyes"; then
LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$mbedtlslib"
export LD_LIBRARY_PATH
AC_MSG_NOTICE([Added $mbedtlslib to LD_LIBRARY_PATH])
fi
fi
fi
fi dnl mbedTLS not disabled
fi
dnl ----------------------------------------------------
dnl check for CyaSSL
dnl ----------------------------------------------------
@@ -2387,7 +2299,7 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi
fi
if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls, --with-winssl, or --with-darwinssl to address this.])
else
@@ -2402,27 +2314,6 @@ dnl **********************************************************************
CURL_CHECK_CA_BUNDLE
dnl **********************************************************************
dnl Check for libpsl
dnl **********************************************************************
AC_ARG_WITH(libpsl,
AS_HELP_STRING([--without-libpsl],
[disable support for libpsl cookie checking]),
with_libpsl=$withval,
with_libpsl=yes)
if test $with_libpsl != "no"; then
AC_SEARCH_LIBS(psl_builtin, psl,
[curl_psl_msg="yes";
AC_DEFINE([USE_LIBPSL], [1], [PSL support enabled])
],
[curl_psl_msg="no (libpsl not found)";
AC_MSG_WARN([libpsl was not found])
]
)
fi
AM_CONDITIONAL([USE_LIBPSL], [test "$curl_psl_msg" = "yes"])
dnl **********************************************************************
dnl Check for libmetalink
dnl **********************************************************************
@@ -3646,10 +3537,6 @@ if test "x$HAVE_GSSAPI" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES GSS-API"
fi
if test "x$curl_psl_msg" = "xyes"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES PSL"
fi
if test "x$CURL_DISABLE_CRYPTO_AUTH" != "x1" -a \
\( "x$HAVE_GSSAPI" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \); then
SUPPORT_FEATURES="$SUPPORT_FEATURES SPNEGO"
@@ -3855,7 +3742,6 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
RTSP support: ${curl_rtsp_msg}
RTMP support: ${curl_rtmp_msg}
metalink support: ${curl_mtlnk_msg}
PSL support: ${curl_psl_msg}
HTTP2 support: ${curl_h2_msg}
Protocols: ${SUPPORT_PROTOCOLS}
])

176
docs/DISTRO-DILEMMA Normal file
View File

@@ -0,0 +1,176 @@
Date: February 11, 2007
Author: Daniel Stenberg <daniel@haxx.se>
URL: http://curl.haxx.se/legal/distro-dilemma.html
Condition
This document is written to describe the situation as it is right now.
libcurl 7.16.1 is currently the latest version available. Things may of
course change in the future.
This document reflects my view and understanding of these things. Please tell
me where and how you think I'm wrong, and I'll try to correct my mistakes.
Background
The Free Software Foundation has deemed the Original BSD license[1] to be
"incompatible"[2] with GPL[3]. I'd rather say it is the other way around, but
the point is the same: if you distribute a binary version of a GPL program,
it MUST NOT be linked with any Original BSD-licensed parts or libraries.
Doing so will violate the GPL license. For a long time, very many GPL
licensed programs have avoided this license mess by adding an exception[8] to
their license. And many others have just closed their eyes for this problem.
libcurl is MIT-style[4] licensed - how on earth did this dilemma fall onto
our plates?
libcurl is only a little library. libcurl can be built to use OpenSSL for its
SSL/TLS capabilities. OpenSSL is basically Original BSD licensed[5].
If libcurl built to use OpenSSL is used by a GPL-licensed application and you
decide to distribute a binary version of it (Linux distros - for example -
tend to), you have a clash. GPL vs Original BSD.
This dilemma is not libcurl-specific nor is it specific to any particular
Linux distro. (This article mentions and refers to Debian several times, but
only because Debian seems to be the only Linux distro to have faced this
issue yet since no other distro is shipping libcurl built with two SSL
libraries.)
Part of the Operating System
This would not be a problem if the used lib would be considered part of the
underlying operating system, as then the GPL license has an exception
clause[6] that allows applications to use such libs without having to be
allowed to distribute it or its sources. Possibly some distros will claim
that OpenSSL is part of their operating system.
Debian does however not take this stance and has officially(?) claimed that
OpenSSL is not a required part of the Debian operating system
Some people claim that this paragraph cannot be exploited this way by a Linux
distro, but I am not a lawyer and that is a discussion left outside of this
document.
GnuTLS
Since May 2005 libcurl can get built to use GnuTLS instead of OpenSSL. GnuTLS
is an LGPL[7] licensed library that offers a matching set of features as
OpenSSL does. Now, you can build and distribute an TLS/SSL capable libcurl
without including any Original BSD licensed code.
I believe Debian is the first (only?) distro that provides libcurl/GnuTLS
packages.
yassl
libcurl can get also get built to use yassl for the TLS/SSL layer. yassl is a
GPL[3] licensed library.
GnuTLS vs OpenSSL vs yassl
While these three libraries offer similar features, they are not equal.
libcurl does not (yet) offer a standardized stable ABI if you decide to
switch from using libcurl-openssl to libcurl-gnutls or vice-versa. The GnuTLS
and yassl support is very recent in libcurl and it has not been tested nor
used very extensively, while the OpenSSL equivalent code has been used and
thus matured since 1999.
GnuTLS
- LGPL licensed
- supports SRP
- lacks SSLv2 support
- lacks MD2 support (used by at least some CA certs)
- lacks the crypto functions libcurl uses for NTLM
OpenSSL
- Original BSD licensed
- lacks SRP
- supports SSLv2
- older and more widely used
- provides crypto functions libcurl uses for NTLM
- libcurl can do non-blocking connects with it in 7.15.4 and later
yassl
- GPL licensed
- much untested and unproven in the real work by (lib)curl users so we don't
know a lot about restrictions or benefits from using this
The Better License, Original BSD, GPL or LGPL?
It isn't obvious or without debate to any objective interested party that
either of these licenses are the "better" or even the "preferred" one in a
generic situation.
Instead, I think we should accept the fact that the SSL/TLS libraries and
their different licenses will fit different applications and their authors
differently depending on the applications' licenses and their general usage
pattern (considering how GPL and LGPL libraries for example can be burdensome
for embedded systems usage).
In Debian land, there seems to be a common opinion that LGPL is "maximally
compatible" with apps while Original BSD is not. Like this:
https://lists.debian.org/debian-devel/2005/09/msg01417.html
More SSL Libraries
In libcurl, there's no stopping us here. There are more Open Source/Free
SSL/TLS libraries out there and we would very much like to support them as
well, to offer application authors an even wider scope of choice.
Application Angle of this Problem
libcurl is built to use one SSL/TLS library. It uses a single fixed name (by
default) on the built/created lib file, and applications are built/linked to
use that single lib. Replacing one libcurl instance with another one that
uses the other SSL/TLS library might break one or more applications (due to
ABI differences and/or different feature set). You want your application to
use the libcurl it was built for.
Project cURL Angle of this Problem
We distribute libcurl and everyone may build libcurl with either library at
their choice. This problem is not directly a problem of ours. It merely
affects users - GPL application authors only - of our lib as it comes
included and delivered on some distros.
libcurl has different ABI when built with different SSL/TLS libraries due to
these reasons:
1. No one has worked on fixing this. The mutex/lock callbacks should be set
with a generic libcurl function that should use the proper underlying
functions.
2. The CURLOPT_SSL_CTX_FUNCTION option is not possible to "emulate" on GnuTLS
but simply requires OpenSSL.
3. There might be some other subtle differences just because nobody has yet
tried to make a fixed ABI like this.
Distro Angle of this Problem
To my knowledge there is only one distro that ships libcurl built with either
OpenSSL or GnuTLS.
Debian Linux is now (since mid September 2005) providing two different
libcurl packages, one for libcurl built with OpenSSL and one built with
GnuTLS. They use different .so names and can this both be installed in a
single system simultaneously. This has been said to be a transitional system
not desired to keep in the long run.
Footnotes
[1] = http://www.xfree86.org/3.3.6/COPYRIGHT2.html#6
[2] = https://www.gnu.org/philosophy/bsd.html
[3] = https://www.gnu.org/licenses/gpl.html
[4] = http://curl.haxx.se/docs/copyright.html
[5] = https://www.openssl.org/source/license.html
[6] = https://www.gnu.org/licenses/gpl.html end of section 3
[7] = https://www.gnu.org/licenses/lgpl.html
[8] = https://en.wikipedia.org/wiki/OpenSSL_exception
Feedback/Updates provided by
Eric Cooper

12
docs/FAQ
View File

@@ -1536,7 +1536,9 @@ FAQ
7.2 Who wrote PHP/CURL?
PHP/CURL was initially written by Sterling Hughes.
PHP/CURL is a module that comes with the regular PHP package. It depends and
uses libcurl, so you need to have libcurl installed properly first before
PHP/CURL can be used. PHP/CURL was initially written by Sterling Hughes.
7.3 Can I perform multiple requests using the same handle?
@@ -1545,10 +1547,4 @@ FAQ
unknown to me).
After a transfer, you just set new options in the handle and make another
transfer. This will make libcurl re-use the same connection if it can.
7.4 Does PHP/CURL have dependencies?
PHP/CURL is a module that comes with the regular PHP package. It depends on
and uses libcurl, so you need to have libcurl installed properly before
PHP/CURL can be used.
transfer. This will make libcurl to re-use the same connection if it can.

6
docs/Makefile.am
View File

@@ -36,9 +36,9 @@ CLEANFILES = $(GENHTMLPAGES) $(PDFPAGES)
EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \
README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \
KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \
$(PDFPAGES) LICENSE-MIXING README.netware INSTALL.devcpp \
MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE SSL-PROBLEMS \
HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md
$(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
MAIL-ETIQUETTE HTTP-COOKIES SECURITY RELEASE-PROCEDURE \
SSL-PROBLEMS HTTP2.md ROADMAP.md CODE_OF_CONDUCT.md
MAN2HTML= roffit < $< >$@

16
docs/ROADMAP.md
View File

@@ -18,6 +18,20 @@ HTTP/2
To decide: if we need to bundle parts of the nghttp2 stuff that probably
won't be shipped by many distros.
- stream properties API
Provide options for setting priorities and dependencies among the streams
(easy handles). They are mostly information set for the stream and sent to
the server so we don't have to add much logic for this.
- server push
Not exactly clear exactly how to support this API-wise, but by adding
handles without asking for a resource it could be a way to be prepared to
receive pushes in case such are sent. We probably need it to still specify
a URL with host name, port etc but we probably need a special option to
tell libcurl it is for server push purposes.
- provide option for HTTP/2 "prior knowledge" over clear text
As it would avoid the roundtrip-heavy Upgrade: procedures when you _know_
@@ -103,7 +117,7 @@ Improve
2. curl -h output (considered overwhelming to users)
3. we have > 170 command line options, is there a way to redo things to
3. we have > 160 command line options, is there a way to redo things to
simplify or improve the situation as we are likely to keep adding
features/options in the future too

25
docs/curl.1
View File

@@ -488,10 +488,10 @@ If this option is used several times, the last one will be used.
(SSL) Tells curl to use the specified client certificate file when getting a
file with HTTPS, FTPS or another SSL-based protocol. The certificate must be
in PKCS#12 format if using Secure Transport, or PEM format if using any other
engine. If the optional password isn't specified, it will be queried for on
the terminal. Note that this option assumes a \&"certificate" file that is the
private key and the client certificate concatenated! See \fI--cert\fP and
\fI--key\fP to specify them independently.
engine. If the optional password isn't specified, it will be queried
for on the terminal. Note that this option assumes a \&"certificate" file that
is the private key and the private certificate concatenated! See \fI--cert\fP
and \fI--key\fP to specify them independently.
If curl is built against the NSS SSL library then this option can tell
curl the nickname of the certificate to use within the NSS database defined
@@ -789,12 +789,10 @@ This option can be used multiple times to add/replace/remove multiple headers.
be the 128 bit MD5 checksum of the remote host's public key, curl will refuse
the connection with the host unless the md5sums match. (Added in 7.17.1)
.IP "--ignore-content-length"
For HTTP, Ignore the Content-Length header. This is particularly useful for
servers running Apache 1.x, which will report incorrect Content-Length for
files larger than 2 gigabytes.
For FTP (since 7.46.0), skip the RETR command to figure out the size before
downloading a file.
(HTTP)
Ignore the Content-Length header. This is particularly useful for servers
running Apache 1.x, which will report incorrect Content-Length for files
larger than 2 gigabytes.
.IP "-i, --include"
(HTTP) Include the HTTP-header in the output. The HTTP-header includes things
like server-name, date of the document, HTTP-version and more...
@@ -1474,10 +1472,13 @@ specifies the last 500 bytes
specifies the bytes from offset 9500 and forward
.TP
.B 0-0,-1
specifies the first and last byte only(*)(HTTP)
specifies the first and last byte only(*)(H)
.TP
.B 500-700,600-799
specifies 300 bytes from offset 500(H)
.TP
.B 100-199,500-599
specifies two separate 100-byte ranges(*) (HTTP)
specifies two separate 100-byte ranges(*)(H)
.RE
.IP
(*) = NOTE that this will cause the server to reply with a multipart

4
docs/examples/makefile.dj
View File

@@ -19,6 +19,10 @@
# KIND, either express or implied.
#
###########################################################################
#
# Adapted for djgpp / Watt-32 / DOS by
# Gisle Vanem <gvanem@broadpark.no>
#
TOPDIR = ../..

7
docs/libcurl/curl_easy_setopt.3
View File

@@ -297,13 +297,6 @@ Disable Transfer decoding. See \fICURLOPT_HTTP_TRANSFER_DECODING(3)\fP
100-continue timeout. See \fICURLOPT_EXPECT_100_TIMEOUT_MS(3)\fP
.IP CURLOPT_PIPEWAIT
Wait on connection to pipeline on it. See \fICURLOPT_PIPEWAIT(3)\fP
.IP CURLOPT_STREAM_DEPENDS
This HTTP/2 stream depends on another. See \fICURLOPT_STREAM_DEPENDS(3)\fP
.IP CURLOPT_STREAM_DEPENDS_E
This HTTP/2 stream depends on another exclusively. See
\fICURLOPT_STREAM_DEPENDS_E(3)\fP
.IP CURLOPT_STREAM_WEIGHT
Set this HTTP/2 stream's weight. See \fICURLOPT_STREAM_WEIGHT(3)\fP
.SH SMTP OPTIONS
.IP CURLOPT_MAIL_FROM
Address of the sender. See \fICURLOPT_MAIL_FROM(3)\fP

11
docs/libcurl/curl_formadd.3
View File

@@ -83,18 +83,7 @@ to send away. libcurl will use the pointer and refer to the data in your
application, so you must make sure it remains until curl no longer needs it.
If the data isn't NUL-terminated, or if you'd like it to contain zero bytes,
you must set its length with \fBCURLFORM_CONTENTSLENGTH\fP.
.IP CURLFORM_CONTENTLEN
followed by a curl_off_t value giving the length of the contents. Note that
for \fICURLFORM_STREAM\fP contents, this option is mandatory.
If you pass a 0 (zero) for this option, libcurl will instead do a strlen() on
the contents to figure out the size. If you really want to send a zero byte
content then you must make sure strlen() on the data pointer returns zero.
(Option added in 7.46.0)
.IP CURLFORM_CONTENTSLENGTH
(This option is deprecated. Use \fICURLFORM_CONTENTLEN\fP instead!)
followed by a long giving the length of the contents. Note that for
\fICURLFORM_STREAM\fP contents, this option is mandatory.

3
docs/libcurl/opts/CURLMOPT_PUSHFUNCTION.3
View File

@@ -77,8 +77,7 @@ Returns the header at index 'num' (or NULL). The returned pointer points to a
Returns the value for the given header name (or NULL). This is a shortcut so
that the application doesn't have to loop through all headers to find the one
it is interested in. The data pointed will be freed when this callback
returns. If more than one header field use the same name, this returns only
the first one.
returns.
.SH CALLBACK RETURN VALUE
.IP "CURL_PUSH_OK (0)"
The application has accepted the stream and it can now start receiving data,

4
docs/libcurl/opts/CURLOPT_CAINFO.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -43,7 +43,7 @@ If curl is built against the NSS SSL library, the NSS PEM PKCS#11 module
.SH DEFAULT
Built-in system specific
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_CAPATH.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@ to some limitation in openssl.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_EGDSOCKET.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -33,7 +33,7 @@ socket. It will be used to seed the random engine for SSL.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

14
docs/libcurl/opts/CURLOPT_IGNORE_CONTENT_LENGTH.3
View File

@@ -22,7 +22,7 @@
.\"
.TH CURLOPT_IGNORE_CONTENT_LENGTH 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options"
.SH NAME
CURLOPT_IGNORE_CONTENT_LENGTH \- ignore content length
CURLOPT_IGNORE_CONTENT_LENGTH \- ignore Content-Length in HTTP response
.SH SYNOPSIS
.nf
#include <curl/curl.h>
@@ -30,18 +30,12 @@ CURLOPT_IGNORE_CONTENT_LENGTH \- ignore content length
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_IGNORE_CONTENT_LENGTH,
long ignore);
.SH DESCRIPTION
If \fIignore\fP is set to 1L, ignore the Content-Length header in the HTTP
response and ignore asking for or relying on it for FTP transfers.
This is useful for HTTP with Apache 1.x (and similar servers) which will
If \fIignore\fP is set to 1, ignore the Content-Length header in the HTTP
response. This is useful for Apache 1.x (and similar servers) which will
report incorrect content length for files over 2 gigabytes. If this option is
used, curl will not be able to accurately report progress, and will simply
stop the download when the server ends the connection.
It is also useful with FTP when for example the file is growing while the
transfer is in progress which otherwise will unconditionally cause libcurl to
report error.
Only use this option if strictly necessary.
.SH DEFAULT
0
@@ -60,7 +54,7 @@ if(curl) {
}
.fi
.SH AVAILABILITY
Added in 7.14.1. Support for FTP added in 7.46.0.
Added in 7.14.1
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"

4
docs/libcurl/opts/CURLOPT_KEYPASSWD.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -35,7 +35,7 @@ phrase to load a certificate but you need one to load your private key.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

2
docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3
View File

@@ -42,7 +42,7 @@ On mismatch, \fICURLE_SSL_PINNEDPUBKEYNOTMATCH\fP is returned.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
.nf
CURL *curl = curl_easy_init();

4
docs/libcurl/opts/CURLOPT_SSLCERT.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -43,7 +43,7 @@ private key with \fICURLOPT_SSLKEY(3)\fP.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSLCERTTYPE.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ PKCS#12-encoded files.
.SH DEFAULT
"PEM"
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSLENGINE.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ returned.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSLENGINE_DEFAULT.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ returned.
.SH DEFAULT
None
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSLKEY.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@ present in the keychain or PKCS#12 file containing the certificate.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSLKEYTYPE.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -38,7 +38,7 @@ engine. You have to set the crypto engine with \fICURLOPT_SSLENGINE(3)\fP.
.SH DEFAULT
"PEM"
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSLVERSION.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -52,7 +52,7 @@ TLSv1.2 (Added in 7.34.0)
.SH DEFAULT
CURL_SSLVERSION_DEFAULT
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
.nf
CURL *curl = curl_easy_init();

4
docs/libcurl/opts/CURLOPT_SSL_CIPHER_LIST.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -53,7 +53,7 @@ You'll find more details about the NSS cipher lists on this URL:
.SH DEFAULT
NULL, use internal default
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -34,7 +34,7 @@ parameter.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

4
docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3
View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@@ -59,7 +59,7 @@ and trust file settings.
.SH DEFAULT
NULL
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

2
docs/libcurl/opts/CURLOPT_SSL_FALSESTART.3
View File

@@ -37,7 +37,7 @@ round trip when performing a full handshake.
.SH DEFAULT
0
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

2
docs/libcurl/opts/CURLOPT_SSL_VERIFYHOST.3
View File

@@ -64,7 +64,7 @@ also set to zero and cannot be overridden.
.SH DEFAULT
2
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
.nf
CURL *curl = curl_easy_init();

2
docs/libcurl/opts/CURLOPT_SSL_VERIFYPEER.3
View File

@@ -60,7 +60,7 @@ the correct end-point.
.SH DEFAULT
By default, curl assumes a value of 1.
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
.nf
CURL *curl = curl_easy_init();

2
docs/libcurl/opts/CURLOPT_SSL_VERIFYSTATUS.3
View File

@@ -38,7 +38,7 @@ extension, the verification will fail.
.SH DEFAULT
0
.SH PROTOCOLS
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc.
All TLS based protocols: HTTPS, FTPS, IMAPS, POP3, SMTPS etc.
.SH EXAMPLE
TODO
.SH AVAILABILITY

56
docs/libcurl/opts/CURLOPT_STREAM_DEPENDS.3
View File

@@ -1,56 +0,0 @@
.\" **************************************************************************
.\" * _ _ ____ _
.\" * Project ___| | | | _ \| |
.\" * / __| | | | |_) | |
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at http://curl.haxx.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" **************************************************************************
.\"
.TH CURLOPT_STREAM_DEPENDS 3 "13 Sep 2015" "libcurl 7.46.0" "curl_easy_setopt options"
.SH NAME
CURLOPT_STREAM_DEPENDS \- set stream this transfer depends on
.SH SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_DEPENDS, CURL *dephandle);
.SH DESCRIPTION
Pass a CURL * pointer in \fIdephandle\fP to identify the stream within the
same connection that this stream is depending upon. This option clears the
exclusive it and is mutually exclusive to the
\fICURLOPT_STREAM_DEPENDS_E(3)\fP option.
The spec says "Including a dependency expresses a preference to allocate
resources to the identified stream rather than to the dependent stream."
This option can be set during transfer.
\fIdephandle\fP must not be the same as \fIhandle\fP, that will cause this
function to return an error. It must be another easy handle, and it also needs
to be a handle of a transfer that will be sent over the same HTTP/2 connection
for this option to have an actual effect.
.SH DEFAULT
NULL
.SH PROTOCOLS
HTTP/2
.SH EXAMPLE
TODO
.SH AVAILABILITY
Added in 7.46.0
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
.BR CURLOPT_STREAM_WEIGHT "(3), " CURLOPT_STREAM_DEPENDS_E "(3), "

59
docs/libcurl/opts/CURLOPT_STREAM_DEPENDS_E.3
View File

@@ -1,59 +0,0 @@
.\" **************************************************************************
.\" * _ _ ____ _
.\" * Project ___| | | | _ \| |
.\" * / __| | | | |_) | |
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at http://curl.haxx.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" **************************************************************************
.\"
.TH CURLOPT_STREAM_DEPENDS_E 3 "13 Sep 2015" "libcurl 7.46.0" "curl_easy_setopt options"
.SH NAME
CURLOPT_STREAM_DEPENDS_E \- set stream this transfer depends on execlusively
.SH SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_DEPENDS_E, CURL *dephandle);
.SH DESCRIPTION
Pass a CURL * pointer in \fIdephandle\fP to identify the stream within the
same connection that this stream is depending upon exclusively. That means it
depends on it and sets the Exclusive bit.
The spec says "Including a dependency expresses a preference to allocate
resources to the identified stream rather than to the dependent stream."
Setting a dependency with the exclusive flag for a reprioritized stream causes
all the dependencies of the new parent stream to become dependent on the
reprioritized stream.
This option can be set during transfer.
\fIdephandle\fP must not be the same as \fIhandle\fP, that will cause this
function to return an error. It must be another easy handle, and it also needs
to be a handle of a transfer that will be sent over the same HTTP/2 connection
for this option to have an actual effect.
.SH DEFAULT
NULL
.SH PROTOCOLS
HTTP/2
.SH EXAMPLE
TODO
.SH AVAILABILITY
Added in 7.46.0
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
.BR CURLOPT_STREAM_WEIGHT "(3), " CURLOPT_STREAM_DEPENDS "(3), "

63
docs/libcurl/opts/CURLOPT_STREAM_WEIGHT.3
View File

@@ -1,63 +0,0 @@
.\" **************************************************************************
.\" * _ _ ____ _
.\" * Project ___| | | | _ \| |
.\" * / __| | | | |_) | |
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
.\" * are also available at http://curl.haxx.se/docs/copyright.html.
.\" *
.\" * You may opt to use, copy, modify, merge, publish, distribute and/or sell
.\" * copies of the Software, and permit persons to whom the Software is
.\" * furnished to do so, under the terms of the COPYING file.
.\" *
.\" * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
.\" * KIND, either express or implied.
.\" *
.\" **************************************************************************
.\"
.TH CURLOPT_STREAM_WEIGHT 3 "13 Sep 2015" "libcurl 7.46.0" "curl_easy_setopt options"
.SH NAME
CURLOPT_STREAM_WEIGHT \- set numerical stream weight
.SH SYNOPSIS
#include <curl/curl.h>
CURLcode curl_easy_setopt(CURL *handle, CURLOPT_STREAM_WEIGHT, long weight);
.SH DESCRIPTION
Set the long \fIweight\fP to a number between 1 and 256.
When using HTTP/2, this option sets the individual weight for this particular
stream used by the easy \fIhandle\fP. Setting and using weights only makes
sense and is only usable when doing multiple streams over the same
connections, which thus implies that you use \fICURLMOPT_PIPELINING(3)\fP.
This option can be set during transfer and will then cause the updated weight
info get sent to the server the next time a HTTP/2 frame is sent to the
server.
See section 5.3 of RFC 7540 for protocol details:
https://httpwg.github.io/specs/rfc7540.html#StreamPriority
Streams with the same parent should be allocated resources proportionally
based on their weight. So if you have two streams going, stream A with weight
16 and stream B with weight 32, stream B will get two thirds (32/48) of the
available bandwidth (assuming the server can send off the data equally for
both streams).
.SH DEFAULT
If nothing is set, the HTTP/2 protocol itself will use its own default which
is 16.
.SH PROTOCOLS
HTTP/2
.SH EXAMPLE
TODO
.SH AVAILABILITY
Added in 7.46.0
.SH RETURN VALUE
Returns CURLE_OK if the option is supported, and CURLE_UNKNOWN_OPTION if not.
.SH "SEE ALSO"
.BR CURLOPT_STREAM_DEPENDS "(3), " CURLOPT_STREAM_DEPENDS_E "(3), "
.BR CURLOPT_PIPEWAIT "(3), " CURLMOPT_PIPELINING "(3), "

9
docs/libcurl/opts/Makefile.am
View File

@@ -106,8 +106,7 @@ man_MANS = CURLOPT_ACCEPT_ENCODING.3 CURLOPT_ACCEPTTIMEOUT_MS.3 \
CURLOPT_USE_SSL.3 CURLOPT_VERBOSE.3 CURLOPT_WILDCARDMATCH.3 \
CURLOPT_WRITEDATA.3 CURLOPT_WRITEFUNCTION.3 CURLOPT_XFERINFODATA.3 \
CURLOPT_XFERINFOFUNCTION.3 CURLOPT_XOAUTH2_BEARER.3 \
CURLOPT_STREAM_DEPENDS.3 CURLOPT_STREAM_DEPENDS_E.3 \
CURLOPT_STREAM_WEIGHT.3 CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 \
CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.3 \
CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.3 CURLMOPT_MAXCONNECTS.3 \
CURLMOPT_MAX_HOST_CONNECTIONS.3 CURLMOPT_MAX_PIPELINE_LENGTH.3 \
CURLMOPT_MAX_TOTAL_CONNECTIONS.3 CURLMOPT_PIPELINING.3 \
@@ -234,8 +233,7 @@ HTMLPAGES = CURLOPT_ACCEPT_ENCODING.html CURLOPT_ACCEPTTIMEOUT_MS.html \
CURLOPT_VERBOSE.html CURLOPT_WILDCARDMATCH.html CURLOPT_WRITEDATA.html \
CURLOPT_WRITEFUNCTION.html CURLOPT_XFERINFODATA.html \
CURLOPT_XFERINFOFUNCTION.html CURLOPT_XOAUTH2_BEARER.html \
CURLOPT_STREAM_DEPENDS.html CURLOPT_STREAM_DEPENDS_E.html \
CURLOPT_STREAM_WEIGHT.html CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.html \
CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.html \
CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.html CURLMOPT_MAXCONNECTS.html \
CURLMOPT_MAX_HOST_CONNECTIONS.html CURLMOPT_MAX_PIPELINE_LENGTH.html \
CURLMOPT_MAX_TOTAL_CONNECTIONS.html CURLMOPT_PIPELINING.html \
@@ -364,8 +362,7 @@ PDFPAGES = CURLOPT_ACCEPT_ENCODING.pdf CURLOPT_ACCEPTTIMEOUT_MS.pdf \
CURLOPT_VERBOSE.pdf CURLOPT_WILDCARDMATCH.pdf CURLOPT_WRITEDATA.pdf \
CURLOPT_WRITEFUNCTION.pdf CURLOPT_XFERINFODATA.pdf \
CURLOPT_XFERINFOFUNCTION.pdf CURLOPT_XOAUTH2_BEARER.pdf \
CURLOPT_STREAM_DEPENDS.pdf CURLOPT_STREAM_DEPENDS_E.pdf \
CURLOPT_STREAM_WEIGHT.pdf CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf \
CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.pdf \
CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.pdf CURLMOPT_MAXCONNECTS.pdf \
CURLMOPT_MAX_HOST_CONNECTIONS.pdf CURLMOPT_MAX_PIPELINE_LENGTH.pdf \
CURLMOPT_MAX_TOTAL_CONNECTIONS.pdf CURLMOPT_PIPELINING.pdf \

36
docs/libcurl/symbols-in-versions
View File

@@ -164,7 +164,6 @@ CURLFORM_BUFFER 7.9.8
CURLFORM_BUFFERLENGTH 7.9.8
CURLFORM_BUFFERPTR 7.9.8
CURLFORM_CONTENTHEADER 7.9.3
CURLFORM_CONTENTLEN 7.46.0
CURLFORM_CONTENTSLENGTH 7.9
CURLFORM_CONTENTTYPE 7.9
CURLFORM_COPYCONTENTS 7.9
@@ -237,7 +236,6 @@ CURLINFO_PRIMARY_IP 7.19.0
CURLINFO_PRIMARY_PORT 7.21.0
CURLINFO_PRIVATE 7.10.3
CURLINFO_PROXYAUTH_AVAIL 7.10.8
CURLINFO_PROXY_SSL_VERIFYRESULT 7.44.0
CURLINFO_REDIRECT_COUNT 7.9.7
CURLINFO_REDIRECT_TIME 7.9.7
CURLINFO_REDIRECT_URL 7.18.2
@@ -310,7 +308,6 @@ CURLOPTTYPE_FUNCTIONPOINT 7.1
CURLOPTTYPE_LONG 7.1
CURLOPTTYPE_OBJECTPOINT 7.1
CURLOPTTYPE_OFF_T 7.11.0
CURLOPTTYPE_STRINGPOINT 7.46.0
CURLOPT_ACCEPTTIMEOUT_MS 7.24.0
CURLOPT_ACCEPT_ENCODING 7.21.6
CURLOPT_ADDRESS_SCOPE 7.19.0
@@ -463,23 +460,7 @@ CURLOPT_PROXYPORT 7.1
CURLOPT_PROXYTYPE 7.10
CURLOPT_PROXYUSERNAME 7.19.1
CURLOPT_PROXYUSERPWD 7.1
CURLOPT_PROXY_CAINFO 7.44.0
CURLOPT_PROXY_CAPATH 7.44.0
CURLOPT_PROXY_CRLFILE 7.44.0
CURLOPT_PROXY_KEYPASSWD 7.44.0
CURLOPT_PROXY_SERVICE_NAME 7.43.0
CURLOPT_PROXY_SSLCERT 7.44.0
CURLOPT_PROXY_SSLCERTTYPE 7.44.0
CURLOPT_PROXY_SSLKEY 7.44.0
CURLOPT_PROXY_SSLKEYTYPE 7.44.0
CURLOPT_PROXY_SSLVERSION 7.44.0
CURLOPT_PROXY_SSL_CIPHER_LIST 7.44.0
CURLOPT_PROXY_SSL_OPTIONS 7.44.0
CURLOPT_PROXY_SSL_VERIFYHOST 7.44.0
CURLOPT_PROXY_SSL_VERIFYPEER 7.44.0
CURLOPT_PROXY_TLSAUTH_PASSWORD 7.44.0
CURLOPT_PROXY_TLSAUTH_TYPE 7.44.0
CURLOPT_PROXY_TLSAUTH_USERNAME 7.44.0
CURLOPT_PROXY_TRANSFER_MODE 7.18.0
CURLOPT_PUT 7.1
CURLOPT_QUOTE 7.1
@@ -509,8 +490,6 @@ CURLOPT_SOCKOPTDATA 7.16.0
CURLOPT_SOCKOPTFUNCTION 7.16.0
CURLOPT_SOCKS5_GSSAPI_NEC 7.19.4
CURLOPT_SOCKS5_GSSAPI_SERVICE 7.19.4
CURLOPT_SOCKS_PROXY 7.44.0
CURLOPT_SOCKS_PROXYTYPE 7.44.0
CURLOPT_SOURCE_HOST 7.12.1 - 7.15.5
CURLOPT_SOURCE_PATH 7.12.1 - 7.15.5
CURLOPT_SOURCE_PORT 7.12.1 - 7.15.5
@@ -547,9 +526,6 @@ CURLOPT_SSL_VERIFYHOST 7.8.1
CURLOPT_SSL_VERIFYPEER 7.4.2
CURLOPT_SSL_VERIFYSTATUS 7.41.0
CURLOPT_STDERR 7.1
CURLOPT_STREAM_DEPENDS 7.46.0
CURLOPT_STREAM_DEPENDS_E 7.46.0
CURLOPT_STREAM_WEIGHT 7.46.0
CURLOPT_TCP_KEEPALIVE 7.25.0
CURLOPT_TCP_KEEPIDLE 7.25.0
CURLOPT_TCP_KEEPINTVL 7.25.0
@@ -622,7 +598,6 @@ CURLPROTO_TELNET 7.19.4
CURLPROTO_TFTP 7.19.4
CURLPROXY_HTTP 7.10
CURLPROXY_HTTP_1_0 7.19.4
CURLPROXY_HTTPS 7.44.0
CURLPROXY_SOCKS4 7.10
CURLPROXY_SOCKS4A 7.18.0
CURLPROXY_SOCKS5 7.10
@@ -654,7 +629,6 @@ CURLSSLBACKEND_CYASSL 7.34.0
CURLSSLBACKEND_DARWINSSL 7.34.0
CURLSSLBACKEND_GNUTLS 7.34.0
CURLSSLBACKEND_GSKIT 7.34.0
CURLSSLBACKEND_MBEDTLS 7.46.0
CURLSSLBACKEND_NONE 7.34.0
CURLSSLBACKEND_NSS 7.34.0
CURLSSLBACKEND_OPENSSL 7.34.0
@@ -700,18 +674,10 @@ CURL_GLOBAL_DEFAULT 7.8
CURL_GLOBAL_NOTHING 7.8
CURL_GLOBAL_SSL 7.8
CURL_GLOBAL_WIN32 7.8.1
CURL_HTTPPOST_BUFFER 7.46.0
CURL_HTTPPOST_CALLBACK 7.46.0
CURL_HTTPPOST_FILENAME 7.46.0
CURL_HTTPPOST_LARGE 7.46.0
CURL_HTTPPOST_PTRBUFFER 7.46.0
CURL_HTTPPOST_PTRCONTENTS 7.46.0
CURL_HTTPPOST_PTRNAME 7.46.0
CURL_HTTPPOST_READFILE 7.46.0
CURL_HTTP_VERSION_1_0 7.9.1
CURL_HTTP_VERSION_1_1 7.9.1
CURL_HTTP_VERSION_2 7.43.0
CURL_HTTP_VERSION_2_0 7.33.0
CURL_HTTP_VERSION_2 7.43.0
CURL_HTTP_VERSION_NONE 7.9.1
CURL_IPRESOLVE_V4 7.10.8
CURL_IPRESOLVE_V6 7.10.8

253
include/curl/curl.h
View File

@@ -127,8 +127,7 @@ struct curl_httppost {
char *name; /* pointer to allocated name */
long namelength; /* length of name length */
char *contents; /* pointer to allocated data contents */
long contentslength; /* length of contents field, see also
CURL_HTTPPOST_LARGE */
long contentslength; /* length of contents field */
char *buffer; /* pointer to allocated buffer contents */
long bufferlength; /* length of buffer field */
char *contenttype; /* Content-Type */
@@ -137,33 +136,24 @@ struct curl_httppost {
file, this link should link to following
files */
long flags; /* as defined below */
/* specified content is a file name */
#define CURL_HTTPPOST_FILENAME (1<<0)
/* specified content is a file name */
#define CURL_HTTPPOST_READFILE (1<<1)
/* name is only stored pointer do not free in formfree */
#define CURL_HTTPPOST_PTRNAME (1<<2)
/* contents is only stored pointer do not free in formfree */
#define CURL_HTTPPOST_PTRCONTENTS (1<<3)
/* upload file from buffer */
#define CURL_HTTPPOST_BUFFER (1<<4)
/* upload file from pointer contents */
#define CURL_HTTPPOST_PTRBUFFER (1<<5)
/* upload file contents by using the regular read callback to get the data and
pass the given pointer as custom pointer */
#define CURL_HTTPPOST_CALLBACK (1<<6)
/* use size in 'contentlen', added in 7.46.0 */
#define CURL_HTTPPOST_LARGE (1<<7)
#define HTTPPOST_FILENAME (1<<0) /* specified content is a file name */
#define HTTPPOST_READFILE (1<<1) /* specified content is a file name */
#define HTTPPOST_PTRNAME (1<<2) /* name is only stored pointer
do not free in formfree */
#define HTTPPOST_PTRCONTENTS (1<<3) /* contents is only stored pointer
do not free in formfree */
#define HTTPPOST_BUFFER (1<<4) /* upload file from buffer */
#define HTTPPOST_PTRBUFFER (1<<5) /* upload file from pointer contents */
#define HTTPPOST_CALLBACK (1<<6) /* upload file contents by using the
regular read callback to get the data
and pass the given pointer as custom
pointer */
char *showfilename; /* The file name to show. If not set, the
actual file name will be used (if this
is a file part) */
void *userp; /* custom pointer used for
HTTPPOST_CALLBACK posts */
curl_off_t contentlen; /* alternative length of contents
field. Used if CURL_HTTPPOST_LARGE is
set. Added in 7.46.0 */
};
/* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered
@@ -622,7 +612,6 @@ typedef enum {
CONNECT HTTP/1.1 */
CURLPROXY_HTTP_1_0 = 1, /* added in 7.19.4, force to use CONNECT
HTTP/1.0 */
CURLPROXY_HTTPS = 2, /* added in TBD */
CURLPROXY_SOCKS4 = 4, /* support added in 7.15.2, enum existed already
in 7.10 */
CURLPROXY_SOCKS5 = 5, /* added in 7.10 */
@@ -829,13 +818,9 @@ typedef enum {
but 32 */
#define CURLOPTTYPE_LONG 0
#define CURLOPTTYPE_OBJECTPOINT 10000
#define CURLOPTTYPE_STRINGPOINT 10000
#define CURLOPTTYPE_FUNCTIONPOINT 20000
#define CURLOPTTYPE_OFF_T 30000
/* *STRINGPOINT is an alias for OBJECTPOINT to allow tools to extract the
string options from the header file */
/* name is uppercase CURLOPT_<name>,
type is one of the defined CURLOPTTYPE_<type>
number is unique identifier */
@@ -849,7 +834,6 @@ typedef enum {
/* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */
#define LONG CURLOPTTYPE_LONG
#define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT
#define STRINGPOINT CURLOPTTYPE_OBJECTPOINT
#define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT
#define OFF_T CURLOPTTYPE_OFF_T
#define CINIT(name,type,number) CURLOPT_/**/name = type + number
@@ -866,22 +850,22 @@ typedef enum {
CINIT(WRITEDATA, OBJECTPOINT, 1),
/* The full URL to get/put */
CINIT(URL, STRINGPOINT, 2),
CINIT(URL, OBJECTPOINT, 2),
/* Port number to connect to, if other than default. */
CINIT(PORT, LONG, 3),
/* Name of proxy to use. */
CINIT(PROXY, STRINGPOINT, 4),
CINIT(PROXY, OBJECTPOINT, 4),
/* "user:password;options" to use when fetching. */
CINIT(USERPWD, STRINGPOINT, 5),
CINIT(USERPWD, OBJECTPOINT, 5),
/* "user:password" to use with proxy. */
CINIT(PROXYUSERPWD, STRINGPOINT, 6),
CINIT(PROXYUSERPWD, OBJECTPOINT, 6),
/* Range to get, specified as an ASCII string. */
CINIT(RANGE, STRINGPOINT, 7),
CINIT(RANGE, OBJECTPOINT, 7),
/* not used */
@@ -918,14 +902,14 @@ typedef enum {
CINIT(POSTFIELDS, OBJECTPOINT, 15),
/* Set the referrer page (needed by some CGIs) */
CINIT(REFERER, STRINGPOINT, 16),
CINIT(REFERER, OBJECTPOINT, 16),
/* Set the FTP PORT string (interface name, named or numerical IP address)
Use i.e '-' to use default address. */
CINIT(FTPPORT, STRINGPOINT, 17),
CINIT(FTPPORT, OBJECTPOINT, 17),
/* Set the User-Agent string (examined by some CGIs) */
CINIT(USERAGENT, STRINGPOINT, 18),
CINIT(USERAGENT, OBJECTPOINT, 18),
/* If the download receives less than "low speed limit" bytes/second
* during "low speed time" seconds, the operations is aborted.
@@ -948,7 +932,7 @@ typedef enum {
CINIT(RESUME_FROM, LONG, 21),
/* Set cookie in request: */
CINIT(COOKIE, STRINGPOINT, 22),
CINIT(COOKIE, OBJECTPOINT, 22),
/* This points to a linked list of headers, struct curl_slist kind. This
list is also used for RTSP (in spite of its name) */
@@ -958,10 +942,10 @@ typedef enum {
CINIT(HTTPPOST, OBJECTPOINT, 24),
/* name of the file keeping your private SSL-certificate */
CINIT(SSLCERT, STRINGPOINT, 25),
CINIT(SSLCERT, OBJECTPOINT, 25),
/* password for the SSL or SSH private key */
CINIT(KEYPASSWD, STRINGPOINT, 26),
CINIT(KEYPASSWD, OBJECTPOINT, 26),
/* send TYPE parameter? */
CINIT(CRLF, LONG, 27),
@@ -975,7 +959,7 @@ typedef enum {
/* point to a file to read the initial cookies from, also enables
"cookie awareness" */
CINIT(COOKIEFILE, STRINGPOINT, 31),
CINIT(COOKIEFILE, OBJECTPOINT, 31),
/* What version to specifically try to use.
See CURL_SSLVERSION defines below. */
@@ -994,9 +978,9 @@ typedef enum {
HTTP: DELETE, TRACE and others
FTP: to use a different list command
*/
CINIT(CUSTOMREQUEST, STRINGPOINT, 36),
CINIT(CUSTOMREQUEST, OBJECTPOINT, 36),
/* FILE handle to use instead of stderr */
/* HTTP request, for odd commands like DELETE, TRACE and others */
CINIT(STDERR, OBJECTPOINT, 37),
/* 38 is not used */
@@ -1053,19 +1037,19 @@ typedef enum {
CINIT(HTTPPROXYTUNNEL, LONG, 61),
/* Set the interface string to use as outgoing network interface */
CINIT(INTERFACE, STRINGPOINT, 62),
CINIT(INTERFACE, OBJECTPOINT, 62),
/* Set the krb4/5 security level, this also enables krb4/5 awareness. This
* is a string, 'clear', 'safe', 'confidential' or 'private'. If the string
* is set but doesn't match one of these, 'private' will be used. */
CINIT(KRBLEVEL, STRINGPOINT, 63),
CINIT(KRBLEVEL, OBJECTPOINT, 63),
/* Set if we should verify the peer in ssl handshake, set 1 to verify. */
CINIT(SSL_VERIFYPEER, LONG, 64),
/* The CApath or CAfile used to validate the peer certificate
this option is used only if SSL_VERIFYPEER is true */
CINIT(CAINFO, STRINGPOINT, 65),
CINIT(CAINFO, OBJECTPOINT, 65),
/* 66 = OBSOLETE */
/* 67 = OBSOLETE */
@@ -1099,10 +1083,10 @@ typedef enum {
/* Set to a file name that contains random data for libcurl to use to
seed the random engine when doing SSL connects. */
CINIT(RANDOM_FILE, STRINGPOINT, 76),
CINIT(RANDOM_FILE, OBJECTPOINT, 76),
/* Set to the Entropy Gathering Daemon socket pathname */
CINIT(EGDSOCKET, STRINGPOINT, 77),
CINIT(EGDSOCKET, OBJECTPOINT, 77),
/* Time-out connect operations after this amount of seconds, if connects are
OK within this time, then fine... This only aborts the connect phase. */
@@ -1124,10 +1108,10 @@ typedef enum {
/* Specify which file name to write all known cookies in after completed
operation. Set file name to "-" (dash) to make it go to stdout. */
CINIT(COOKIEJAR, STRINGPOINT, 82),
CINIT(COOKIEJAR, OBJECTPOINT, 82),
/* Specify which SSL ciphers to use */
CINIT(SSL_CIPHER_LIST, STRINGPOINT, 83),
CINIT(SSL_CIPHER_LIST, OBJECTPOINT, 83),
/* Specify which HTTP version to use! This must be set to one of the
CURL_HTTP_VERSION* enums set below. */
@@ -1139,16 +1123,16 @@ typedef enum {
CINIT(FTP_USE_EPSV, LONG, 85),
/* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") */
CINIT(SSLCERTTYPE, STRINGPOINT, 86),
CINIT(SSLCERTTYPE, OBJECTPOINT, 86),
/* name of the file keeping your private SSL-key */
CINIT(SSLKEY, STRINGPOINT, 87),
CINIT(SSLKEY, OBJECTPOINT, 87),
/* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") */
CINIT(SSLKEYTYPE, STRINGPOINT, 88),
CINIT(SSLKEYTYPE, OBJECTPOINT, 88),
/* crypto engine for the SSL-sub system */
CINIT(SSLENGINE, STRINGPOINT, 89),
CINIT(SSLENGINE, OBJECTPOINT, 89),
/* set the crypto engine for the SSL-sub system as default
the param has no meaning...
@@ -1175,7 +1159,7 @@ typedef enum {
/* The CApath directory used to validate the peer certificate
this option is used only if SSL_VERIFYPEER is true */
CINIT(CAPATH, STRINGPOINT, 97),
CINIT(CAPATH, OBJECTPOINT, 97),
/* Instruct libcurl to use a smaller receive buffer */
CINIT(BUFFERSIZE, LONG, 98),
@@ -1189,14 +1173,13 @@ typedef enum {
CINIT(SHARE, OBJECTPOINT, 100),
/* indicates type of proxy. accepted values are CURLPROXY_HTTP (default),
CURLPROXY_HTTPS, CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and
CURLPROXY_SOCKS5. */
CURLPROXY_SOCKS4, CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */
CINIT(PROXYTYPE, LONG, 101),
/* Set the Accept-Encoding string. Use this to tell a server you would like
the response to be compressed. Before 7.21.6, this was known as
CURLOPT_ENCODING */
CINIT(ACCEPT_ENCODING, STRINGPOINT, 102),
CINIT(ACCEPT_ENCODING, OBJECTPOINT, 102),
/* Set pointer to private data */
CINIT(PRIVATE, OBJECTPOINT, 103),
@@ -1277,7 +1260,7 @@ typedef enum {
to parse (using the CURLOPT_NETRC option). If not set, libcurl will do
a poor attempt to find the user's home directory and check for a .netrc
file in there. */
CINIT(NETRC_FILE, STRINGPOINT, 118),
CINIT(NETRC_FILE, OBJECTPOINT, 118),
/* Enable SSL/TLS for FTP, pick one of:
CURLUSESSL_TRY - try using SSL, proceed anyway otherwise
@@ -1320,10 +1303,10 @@ typedef enum {
/* zero terminated string for pass on to the FTP server when asked for
"account" info */
CINIT(FTP_ACCOUNT, STRINGPOINT, 134),
CINIT(FTP_ACCOUNT, OBJECTPOINT, 134),
/* feed cookie into cookie engine */
CINIT(COOKIELIST, STRINGPOINT, 135),
/* feed cookies into cookie engine */
CINIT(COOKIELIST, OBJECTPOINT, 135),
/* ignore Content-Length */
CINIT(IGNORE_CONTENT_LENGTH, LONG, 136),
@@ -1369,7 +1352,7 @@ typedef enum {
CINIT(MAX_RECV_SPEED_LARGE, OFF_T, 146),
/* Pointer to command string to send if USER/PASS fails. */
CINIT(FTP_ALTERNATIVE_TO_USER, STRINGPOINT, 147),
CINIT(FTP_ALTERNATIVE_TO_USER, OBJECTPOINT, 147),
/* callback function for setting socket options */
CINIT(SOCKOPTFUNCTION, FUNCTIONPOINT, 148),
@@ -1383,8 +1366,8 @@ typedef enum {
CINIT(SSH_AUTH_TYPES, LONG, 151),
/* Used by scp/sftp to do public/private key authentication */
CINIT(SSH_PUBLIC_KEYFILE, STRINGPOINT, 152),
CINIT(SSH_PRIVATE_KEYFILE, STRINGPOINT, 153),
CINIT(SSH_PUBLIC_KEYFILE, OBJECTPOINT, 152),
CINIT(SSH_PRIVATE_KEYFILE, OBJECTPOINT, 153),
/* Send CCC (Clear Command Channel) after authentication */
CINIT(FTP_SSL_CCC, LONG, 154),
@@ -1408,7 +1391,7 @@ typedef enum {
CINIT(POSTREDIR, LONG, 161),
/* used by scp/sftp to verify the host's public key */
CINIT(SSH_HOST_PUBLIC_KEY_MD5, STRINGPOINT, 162),
CINIT(SSH_HOST_PUBLIC_KEY_MD5, OBJECTPOINT, 162),
/* Callback function for opening socket (instead of socket(2)). Optionally,
callback is able change the address or refuse to connect returning
@@ -1428,10 +1411,10 @@ typedef enum {
CINIT(SEEKDATA, OBJECTPOINT, 168),
/* CRL file */
CINIT(CRLFILE, STRINGPOINT, 169),
CINIT(CRLFILE, OBJECTPOINT, 169),
/* Issuer certificate */
CINIT(ISSUERCERT, STRINGPOINT, 170),
CINIT(ISSUERCERT, OBJECTPOINT, 170),
/* (IPv6) Address scope */
CINIT(ADDRESS_SCOPE, LONG, 171),
@@ -1441,12 +1424,12 @@ typedef enum {
CINIT(CERTINFO, LONG, 172),
/* "name" and "pwd" to use when fetching. */
CINIT(USERNAME, STRINGPOINT, 173),
CINIT(PASSWORD, STRINGPOINT, 174),
CINIT(USERNAME, OBJECTPOINT, 173),
CINIT(PASSWORD, OBJECTPOINT, 174),
/* "name" and "pwd" to use with Proxy when fetching. */
CINIT(PROXYUSERNAME, STRINGPOINT, 175),
CINIT(PROXYPASSWORD, STRINGPOINT, 176),
CINIT(PROXYUSERNAME, OBJECTPOINT, 175),
CINIT(PROXYPASSWORD, OBJECTPOINT, 176),
/* Comma separated list of hostnames defining no-proxy zones. These should
match both hostnames directly, and hostnames within a domain. For
@@ -1455,13 +1438,13 @@ typedef enum {
implementations of this, .local.com will be considered to be the same as
local.com. A single * is the only valid wildcard, and effectively
disables the use of proxy. */
CINIT(NOPROXY, STRINGPOINT, 177),
CINIT(NOPROXY, OBJECTPOINT, 177),
/* block size for TFTP transfers */
CINIT(TFTP_BLKSIZE, LONG, 178),
/* Socks Service */
CINIT(SOCKS5_GSSAPI_SERVICE, STRINGPOINT, 179),
CINIT(SOCKS5_GSSAPI_SERVICE, OBJECTPOINT, 179),
/* Socks Service */
CINIT(SOCKS5_GSSAPI_NEC, LONG, 180),
@@ -1479,7 +1462,7 @@ typedef enum {
CINIT(REDIR_PROTOCOLS, LONG, 182),
/* set the SSH knownhost file name to use */
CINIT(SSH_KNOWNHOSTS, STRINGPOINT, 183),
CINIT(SSH_KNOWNHOSTS, OBJECTPOINT, 183),
/* set the SSH host key callback, must point to a curl_sshkeycallback
function */
@@ -1489,9 +1472,9 @@ typedef enum {
CINIT(SSH_KEYDATA, OBJECTPOINT, 185),
/* set the SMTP mail originator */
CINIT(MAIL_FROM, STRINGPOINT, 186),
CINIT(MAIL_FROM, OBJECTPOINT, 186),
/* set the list of SMTP mail receiver(s) */
/* set the SMTP mail receiver(s) */
CINIT(MAIL_RCPT, OBJECTPOINT, 187),
/* FTP: send PRET before PASV */
@@ -1501,13 +1484,13 @@ typedef enum {
CINIT(RTSP_REQUEST, LONG, 189),
/* The RTSP session identifier */
CINIT(RTSP_SESSION_ID, STRINGPOINT, 190),
CINIT(RTSP_SESSION_ID, OBJECTPOINT, 190),
/* The RTSP stream URI */
CINIT(RTSP_STREAM_URI, STRINGPOINT, 191),
CINIT(RTSP_STREAM_URI, OBJECTPOINT, 191),
/* The Transport: header to use in RTSP requests */
CINIT(RTSP_TRANSPORT, STRINGPOINT, 192),
CINIT(RTSP_TRANSPORT, OBJECTPOINT, 192),
/* Manually initialize the client RTSP CSeq for this handle */
CINIT(RTSP_CLIENT_CSEQ, LONG, 193),
@@ -1545,13 +1528,13 @@ typedef enum {
CINIT(RESOLVE, OBJECTPOINT, 203),
/* Set a username for authenticated TLS */
CINIT(TLSAUTH_USERNAME, STRINGPOINT, 204),
CINIT(TLSAUTH_USERNAME, OBJECTPOINT, 204),
/* Set a password for authenticated TLS */
CINIT(TLSAUTH_PASSWORD, STRINGPOINT, 205),
CINIT(TLSAUTH_PASSWORD, OBJECTPOINT, 205),
/* Set authentication type for authenticated TLS */
CINIT(TLSAUTH_TYPE, STRINGPOINT, 206),
CINIT(TLSAUTH_TYPE, OBJECTPOINT, 206),
/* Set to 1 to enable the "TE:" header in HTTP requests to ask for
compressed transfer-encoded responses. Set to 0 to disable the use of TE:
@@ -1574,7 +1557,7 @@ typedef enum {
CINIT(GSSAPI_DELEGATION, LONG, 210),
/* Set the name servers to use for DNS resolution */
CINIT(DNS_SERVERS, STRINGPOINT, 211),
CINIT(DNS_SERVERS, OBJECTPOINT, 211),
/* Time-out accept operations (currently for FTP only) after this amount
of miliseconds. */
@@ -1591,7 +1574,7 @@ typedef enum {
CINIT(SSL_OPTIONS, LONG, 216),
/* Set the SMTP auth originator */
CINIT(MAIL_AUTH, STRINGPOINT, 217),
CINIT(MAIL_AUTH, OBJECTPOINT, 217),
/* Enable/disable SASL initial response */
CINIT(SASL_IR, LONG, 218),
@@ -1602,23 +1585,23 @@ typedef enum {
CINIT(XFERINFOFUNCTION, FUNCTIONPOINT, 219),
/* The XOAUTH2 bearer token */
CINIT(XOAUTH2_BEARER, STRINGPOINT, 220),
CINIT(XOAUTH2_BEARER, OBJECTPOINT, 220),
/* Set the interface string to use as outgoing network
* interface for DNS requests.
* Only supported by the c-ares DNS backend */
CINIT(DNS_INTERFACE, STRINGPOINT, 221),
CINIT(DNS_INTERFACE, OBJECTPOINT, 221),
/* Set the local IPv4 address to use for outgoing DNS requests.
* Only supported by the c-ares DNS backend */
CINIT(DNS_LOCAL_IP4, STRINGPOINT, 222),
CINIT(DNS_LOCAL_IP4, OBJECTPOINT, 222),
/* Set the local IPv4 address to use for outgoing DNS requests.
* Only supported by the c-ares DNS backend */
CINIT(DNS_LOCAL_IP6, STRINGPOINT, 223),
CINIT(DNS_LOCAL_IP6, OBJECTPOINT, 223),
/* Set authentication options directly */
CINIT(LOGIN_OPTIONS, STRINGPOINT, 224),
CINIT(LOGIN_OPTIONS, OBJECTPOINT, 224),
/* Enable/disable TLS NPN extension (http2 over ssl might fail without) */
CINIT(SSL_ENABLE_NPN, LONG, 225),
@@ -1639,10 +1622,10 @@ typedef enum {
/* The public key in DER form used to validate the peer public key
this option is used only if SSL_VERIFYPEER is true */
CINIT(PINNEDPUBLICKEY, STRINGPOINT, 230),
CINIT(PINNEDPUBLICKEY, OBJECTPOINT, 230),
/* Path to Unix domain socket */
CINIT(UNIX_SOCKET_PATH, STRINGPOINT, 231),
CINIT(UNIX_SOCKET_PATH, OBJECTPOINT, 231),
/* Set if we should verify the certificate status. */
CINIT(SSL_VERIFYSTATUS, LONG, 232),
@@ -1654,89 +1637,16 @@ typedef enum {
CINIT(PATH_AS_IS, LONG, 234),
/* Proxy Service Name */
CINIT(PROXY_SERVICE_NAME, STRINGPOINT, 235),
CINIT(PROXY_SERVICE_NAME, OBJECTPOINT, 235),
/* Service Name */
CINIT(SERVICE_NAME, STRINGPOINT, 236),
CINIT(SERVICE_NAME, OBJECTPOINT, 236),
/* Wait/don't wait for pipe/mutex to clarify */
CINIT(PIPEWAIT, LONG, 237),
/* Set the protocol used when curl is given a URL without a protocol */
CINIT(DEFAULT_PROTOCOL, STRINGPOINT, 238),
/* Set stream weight, 1 - 256 (default is 16) */
CINIT(STREAM_WEIGHT, LONG, 239),
/* Set stream dependency on another CURL handle */
CINIT(STREAM_DEPENDS, OBJECTPOINT, 240),
/* Set E-xclusive stream dependency on another CURL handle */
CINIT(STREAM_DEPENDS_E, OBJECTPOINT, 241),
/* The CApath or CAfile used to validate the proxy certificate
this option is used only if PROXY_SSL_VERIFYPEER is true */
CINIT(PROXY_CAINFO, STRINGPOINT, 242),
/* The CApath directory used to validate the proxy certificate
this option is used only if PROXY_SSL_VERIFYPEER is true */
CINIT(PROXY_CAPATH, STRINGPOINT, 243),
/* Set if we should verify the proxy in ssl handshake,
set 1 to verify. */
CINIT(PROXY_SSL_VERIFYPEER, LONG, 244),
/* Set if we should verify the Common name from the proxy certificate in ssl
* handshake, set 1 to check existence, 2 to ensure that it matches
* the provided hostname. */
CINIT(PROXY_SSL_VERIFYHOST, LONG, 245),
/* What version to specifically try to use for proxy.
See CURL_SSLVERSION defines below. */
CINIT(PROXY_SSLVERSION, LONG, 246),
/* Set a username for authenticated TLS for proxy */
CINIT(PROXY_TLSAUTH_USERNAME, STRINGPOINT, 247),
/* Set a password for authenticated TLS for proxy */
CINIT(PROXY_TLSAUTH_PASSWORD, STRINGPOINT, 248),
/* Set authentication type for authenticated TLS for proxy */
CINIT(PROXY_TLSAUTH_TYPE, STRINGPOINT, 249),
/* name of the file keeping your private SSL-certificate for proxy */
CINIT(PROXY_SSLCERT, STRINGPOINT, 250),
/* type of the file keeping your SSL-certificate ("DER", "PEM", "ENG") for
proxy */
CINIT(PROXY_SSLCERTTYPE, STRINGPOINT, 251),
/* name of the file keeping your private SSL-key for proxy */
CINIT(PROXY_SSLKEY, STRINGPOINT, 252),
/* type of the file keeping your private SSL-key ("DER", "PEM", "ENG") for
proxy */
CINIT(PROXY_SSLKEYTYPE, STRINGPOINT, 253),
/* password for the SSL private key for proxy */
CINIT(PROXY_KEYPASSWD, STRINGPOINT, 254),
/* Specify which SSL ciphers to use for proxy */
CINIT(PROXY_SSL_CIPHER_LIST, STRINGPOINT, 255),
/* CRL file for proxy */
CINIT(PROXY_CRLFILE, STRINGPOINT, 256),
/* Enable/disable specific SSL features with a bitmask for proxy, see
CURLSSLOPT_* */
CINIT(PROXY_SSL_OPTIONS, LONG, 257),
/* Name of socks proxy to use. */
CINIT(SOCKS_PROXY, STRINGPOINT, 258),
/* indicates type of proxy. accepted values are CURLPROXY_SOCKS4,
CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5. */
CINIT(SOCKS_PROXYTYPE, LONG, 259),
CINIT(DEFAULT_PROTOCOL, OBJECTPOINT, 238),
CURLOPT_LASTENTRY /* the last unused */
} CURLoption;
@@ -1912,7 +1822,6 @@ typedef enum {
CFINIT(OBSOLETE2),
CFINIT(STREAM),
CFINIT(CONTENTLEN), /* added in 7.46.0, provide a curl_off_t length */
CURLFORM_LASTENTRY /* the last unused */
} CURLformoption;
@@ -2167,8 +2076,7 @@ typedef enum {
CURLSSLBACKEND_CYASSL = 7,
CURLSSLBACKEND_SCHANNEL = 8,
CURLSSLBACKEND_DARWINSSL = 9,
CURLSSLBACKEND_AXTLS = 10,
CURLSSLBACKEND_MBEDTLS = 11
CURLSSLBACKEND_AXTLS = 10
} curl_sslbackend;
/* Information about the SSL library used and the respective internal SSL
@@ -2233,10 +2141,9 @@ typedef enum {
CURLINFO_LOCAL_PORT = CURLINFO_LONG + 42,
CURLINFO_TLS_SESSION = CURLINFO_SLIST + 43,
CURLINFO_ACTIVESOCKET = CURLINFO_SOCKET + 44,
CURLINFO_PROXY_SSL_VERIFYRESULT = CURLINFO_LONG + 45,
/* Fill in new entries below here! */
CURLINFO_LASTONE = 45
CURLINFO_LASTONE = 44
} CURLINFO;
/* CURLINFO_RESPONSE_CODE is the new name for the option previously known as

3
include/curl/curlbuild.h.dist
View File

@@ -528,8 +528,7 @@
#elif defined(__GNUC__)
# if defined(__ILP32__) || \
defined(__i386__) || defined(__ppc__) || defined(__arm__) || \
defined(__sparc__) || defined(__mips__) || defined(__sh__)
defined(__i386__) || defined(__ppc__) || defined(__arm__) || defined(__sparc__)
# define CURL_SIZEOF_LONG 4
# define CURL_TYPEOF_CURL_OFF_T long long
# define CURL_FORMAT_CURL_OFF_T "lld"

130
include/curl/typecheck-gcc.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2014, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -218,67 +218,60 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* evaluates to true if option takes a char* argument */
#define _curl_is_string_option(option) \
((option) == CURLOPT_ACCEPT_ENCODING || \
(option) == CURLOPT_CAINFO || \
(option) == CURLOPT_CAPATH || \
((option) == CURLOPT_URL || \
(option) == CURLOPT_PROXY || \
(option) == CURLOPT_INTERFACE || \
(option) == CURLOPT_NETRC_FILE || \
(option) == CURLOPT_USERPWD || \
(option) == CURLOPT_USERNAME || \
(option) == CURLOPT_PASSWORD || \
(option) == CURLOPT_PROXYUSERPWD || \
(option) == CURLOPT_PROXYUSERNAME || \
(option) == CURLOPT_PROXYPASSWORD || \
(option) == CURLOPT_NOPROXY || \
(option) == CURLOPT_ACCEPT_ENCODING || \
(option) == CURLOPT_REFERER || \
(option) == CURLOPT_USERAGENT || \
(option) == CURLOPT_COOKIE || \
(option) == CURLOPT_COOKIEFILE || \
(option) == CURLOPT_COOKIEJAR || \
(option) == CURLOPT_COOKIELIST || \
(option) == CURLOPT_CRLFILE || \
(option) == CURLOPT_CUSTOMREQUEST || \
(option) == CURLOPT_DEFAULT_PROTOCOL || \
(option) == CURLOPT_DNS_INTERFACE || \
(option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \
(option) == CURLOPT_DNS_SERVERS || \
(option) == CURLOPT_EGDSOCKET || \
(option) == CURLOPT_FTPPORT || \
(option) == CURLOPT_FTP_ACCOUNT || \
(option) == CURLOPT_FTP_ALTERNATIVE_TO_USER || \
(option) == CURLOPT_INTERFACE || \
(option) == CURLOPT_ISSUERCERT || \
(option) == CURLOPT_KEYPASSWD || \
(option) == CURLOPT_KRBLEVEL || \
(option) == CURLOPT_LOGIN_OPTIONS || \
(option) == CURLOPT_MAIL_AUTH || \
(option) == CURLOPT_MAIL_FROM || \
(option) == CURLOPT_NETRC_FILE || \
(option) == CURLOPT_NOPROXY || \
(option) == CURLOPT_PASSWORD || \
(option) == CURLOPT_PINNEDPUBLICKEY || \
(option) == CURLOPT_PROXY || \
(option) == CURLOPT_PROXYPASSWORD || \
(option) == CURLOPT_PROXYUSERNAME || \
(option) == CURLOPT_PROXYUSERPWD || \
(option) == CURLOPT_PROXY_SERVICE_NAME || \
(option) == CURLOPT_RANDOM_FILE || \
(option) == CURLOPT_FTP_ACCOUNT || \
(option) == CURLOPT_RANGE || \
(option) == CURLOPT_REFERER || \
(option) == CURLOPT_CUSTOMREQUEST || \
(option) == CURLOPT_SSLCERT || \
(option) == CURLOPT_SSLCERTTYPE || \
(option) == CURLOPT_SSLKEY || \
(option) == CURLOPT_SSLKEYTYPE || \
(option) == CURLOPT_KEYPASSWD || \
(option) == CURLOPT_SSLENGINE || \
(option) == CURLOPT_CAINFO || \
(option) == CURLOPT_CAPATH || \
(option) == CURLOPT_RANDOM_FILE || \
(option) == CURLOPT_EGDSOCKET || \
(option) == CURLOPT_SSL_CIPHER_LIST || \
(option) == CURLOPT_KRBLEVEL || \
(option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \
(option) == CURLOPT_SSH_PUBLIC_KEYFILE || \
(option) == CURLOPT_SSH_PRIVATE_KEYFILE || \
(option) == CURLOPT_CRLFILE || \
(option) == CURLOPT_ISSUERCERT || \
(option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
(option) == CURLOPT_SSH_KNOWNHOSTS || \
(option) == CURLOPT_MAIL_FROM || \
(option) == CURLOPT_RTSP_SESSION_ID || \
(option) == CURLOPT_RTSP_STREAM_URI || \
(option) == CURLOPT_RTSP_TRANSPORT || \
(option) == CURLOPT_SERVICE_NAME || \
(option) == CURLOPT_SOCKS5_GSSAPI_SERVICE || \
(option) == CURLOPT_SSH_HOST_PUBLIC_KEY_MD5 || \
(option) == CURLOPT_SSH_KNOWNHOSTS || \
(option) == CURLOPT_SSH_PRIVATE_KEYFILE || \
(option) == CURLOPT_SSH_PUBLIC_KEYFILE || \
(option) == CURLOPT_SSLCERT || \
(option) == CURLOPT_SSLCERTTYPE || \
(option) == CURLOPT_SSLENGINE || \
(option) == CURLOPT_SSLKEY || \
(option) == CURLOPT_SSLKEYTYPE || \
(option) == CURLOPT_SSL_CIPHER_LIST || \
(option) == CURLOPT_TLSAUTH_PASSWORD || \
(option) == CURLOPT_TLSAUTH_TYPE || \
(option) == CURLOPT_TLSAUTH_USERNAME || \
(option) == CURLOPT_UNIX_SOCKET_PATH || \
(option) == CURLOPT_URL || \
(option) == CURLOPT_USERAGENT || \
(option) == CURLOPT_USERNAME || \
(option) == CURLOPT_USERPWD || \
(option) == CURLOPT_XOAUTH2_BEARER || \
(option) == CURLOPT_DNS_SERVERS || \
(option) == CURLOPT_DNS_INTERFACE || \
(option) == CURLOPT_DNS_LOCAL_IP4 || \
(option) == CURLOPT_DNS_LOCAL_IP6 || \
(option) == CURLOPT_LOGIN_OPTIONS || \
(option) == CURLOPT_PROXY_SERVICE_NAME || \
(option) == CURLOPT_SERVICE_NAME || \
0)
/* evaluates to true if option takes a curl_write_callback argument */
@@ -294,22 +287,21 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* evaluates to true if option takes a data argument to pass to a callback */
#define _curl_is_cb_data_option(option) \
((option) == CURLOPT_CHUNK_DATA || \
(option) == CURLOPT_CLOSESOCKETDATA || \
(option) == CURLOPT_DEBUGDATA || \
(option) == CURLOPT_FNMATCH_DATA || \
(option) == CURLOPT_HEADERDATA || \
(option) == CURLOPT_INTERLEAVEDATA || \
(option) == CURLOPT_IOCTLDATA || \
(option) == CURLOPT_OPENSOCKETDATA || \
(option) == CURLOPT_PRIVATE || \
(option) == CURLOPT_PROGRESSDATA || \
((option) == CURLOPT_WRITEDATA || \
(option) == CURLOPT_READDATA || \
(option) == CURLOPT_SEEKDATA || \
(option) == CURLOPT_IOCTLDATA || \
(option) == CURLOPT_SOCKOPTDATA || \
(option) == CURLOPT_SSH_KEYDATA || \
(option) == CURLOPT_OPENSOCKETDATA || \
(option) == CURLOPT_PROGRESSDATA || \
(option) == CURLOPT_HEADERDATA || \
(option) == CURLOPT_DEBUGDATA || \
(option) == CURLOPT_SSL_CTX_DATA || \
(option) == CURLOPT_WRITEDATA || \
(option) == CURLOPT_SEEKDATA || \
(option) == CURLOPT_PRIVATE || \
(option) == CURLOPT_SSH_KEYDATA || \
(option) == CURLOPT_INTERLEAVEDATA || \
(option) == CURLOPT_CHUNK_DATA || \
(option) == CURLOPT_FNMATCH_DATA || \
0)
/* evaluates to true if option takes a POST data argument (void* or char*) */
@@ -320,15 +312,13 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_slist,
/* evaluates to true if option takes a struct curl_slist * argument */
#define _curl_is_slist_option(option) \
((option) == CURLOPT_HTTP200ALIASES || \
(option) == CURLOPT_HTTPHEADER || \
(option) == CURLOPT_MAIL_RCPT || \
((option) == CURLOPT_HTTPHEADER || \
(option) == CURLOPT_HTTP200ALIASES || \
(option) == CURLOPT_QUOTE || \
(option) == CURLOPT_POSTQUOTE || \
(option) == CURLOPT_PREQUOTE || \
(option) == CURLOPT_PROXYHEADER || \
(option) == CURLOPT_QUOTE || \
(option) == CURLOPT_RESOLVE || \
(option) == CURLOPT_TELNETOPTIONS || \
(option) == CURLOPT_MAIL_RCPT || \
0)
/* groups of curl_easy_getinfo infos that take the same type of argument */

2
lib/Makefile.Watcom
View File

@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) 2005 - 2009, Gisle Vanem <gvanem@yahoo.no>.
# Copyright (C) 2005 - 2009, Gisle Vanem <gvanem@broadpark.no>.
# Copyright (C) 2005 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which

6
lib/Makefile.inc
View File

@@ -22,13 +22,11 @@
LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \
vtls/polarssl.c vtls/polarssl_threadlock.c vtls/axtls.c \
vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c \
vtls/mbedtls.c
vtls/cyassl.c vtls/schannel.c vtls/darwinssl.c vtls/gskit.c
LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \
vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h vtls/axtls.h \
vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h \
vtls/mbedtls.h
vtls/cyassl.h vtls/schannel.h vtls/darwinssl.h vtls/gskit.h
LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
cookie.c http.c sendf.c ftp.c url.c dict.c if2ip.c speedcheck.c \

1
lib/asyn-ares.c
View File

@@ -416,6 +416,7 @@ CURLcode Curl_resolver_wait_resolv(struct connectdata *conn,
if(result)
/* close the connection, since we can't return failure here without
cleaning up this connection properly.
TODO: remove this action from here, it is not a name resolver decision.
*/
connclose(conn, "c-ares resolve failed");

5
lib/checksrc.pl
View File

@@ -143,11 +143,6 @@ sub scanfile {
checkwarn($line, length($1), $file, $l, "Trailing whitespace");
}
# crude attempt to detect // comments without too many false
# positives
if($l =~ /^([^"\*]*)[^:"]\/\//) {
checkwarn($line, length($1), $file, $l, "\/\/ comment");
}
# check spaces after for/if/while
if($l =~ /^(.*)(for|if|while) \(/) {
if($1 =~ / *\#/) {

2
lib/checksrc.whitelist
View File

@@ -8,5 +8,3 @@
return fopen(file, "r"); /* VMS */
return fopen(file, "r", "rfm=stmlf", "ctx=stm");
curl_memlog("FILE %s:%d fopen(\"%s\",\"%s\") = %p\n",
a URL as file://localhost//foo must be valid as well, to refer to
const char atom_specials[] = "(){ %*]";

4
lib/conncache.c
View File

@@ -133,9 +133,7 @@ void Curl_conncache_destroy(struct conncache *connc)
static char *hashkey(struct connectdata *conn)
{
return aprintf("%s:%d",
conn->bits.socksproxy ? conn->socks_proxy.host.name :
conn->bits.httpproxy ? conn->http_proxy.host.name :
conn->host.name,
conn->bits.proxy?conn->proxy.name:conn->host.name,
conn->localport);
}

7
lib/connect.c
View File

@@ -850,8 +850,7 @@ CURLcode Curl_is_connected(struct connectdata *conn,
}
failf(data, "Failed to connect to %s port %ld: %s",
conn->bits.socksproxy ? conn->socks_proxy.host.name :
conn->bits.httpproxy ? conn->http_proxy.host.name : conn->host.name,
conn->bits.proxy?conn->proxy.name:conn->host.name,
conn->port, Curl_strerror(conn, error));
}
@@ -1243,10 +1242,10 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
}
/* Minix 3.1 doesn't support any flags on recv; just assume socket is OK */
#ifdef MSG_PEEK
else if(sockfd != CURL_SOCKET_BAD) {
else {
/* use the socket */
char buf;
if(recv((RECV_TYPE_ARG1)sockfd, (RECV_TYPE_ARG2)&buf,
if(recv((RECV_TYPE_ARG1)c->sock[FIRSTSOCKET], (RECV_TYPE_ARG2)&buf,
(RECV_TYPE_ARG3)1, (RECV_TYPE_ARG4)MSG_PEEK) == 0) {
return CURL_SOCKET_BAD; /* FIN received */
}

21
lib/cookie.c
View File

@@ -84,10 +84,6 @@ Example set of cookies:
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES)
#ifdef USE_LIBPSL
# include <libpsl.h>
#endif
#include "curl_printf.h"
#include "urldata.h"
#include "cookie.h"
@@ -383,10 +379,6 @@ Curl_cookie_add(struct SessionHandle *data,
bool replace_old = FALSE;
bool badcookie = FALSE; /* cookies are good by default. mmmmm yummy */
#ifdef USE_LIBPSL
const psl_ctx_t *psl;
#endif
#ifdef CURL_DISABLE_VERBOSE_STRINGS
(void)data;
#endif
@@ -785,19 +777,6 @@ Curl_cookie_add(struct SessionHandle *data,
/* at first, remove expired cookies */
remove_expired(c);
#ifdef USE_LIBPSL
/* Check if the domain is a Public Suffix and if yes, ignore the cookie.
This needs a libpsl compiled with builtin data. */
if(co->domain && !isip(co->domain) && (psl = psl_builtin()) != NULL) {
if(psl_is_public_suffix(psl, co->domain)) {
infof(data, "cookie '%s' dropped, domain '%s' is a public suffix\n",
co->name, co->domain);
freecookie(co);
return NULL;
}
}
#endif
clist = c->cookies;
replace_old = FALSE;
while(clist) {

21
lib/curl_config.h.cmake
View File

@@ -24,12 +24,6 @@
/* to disable FTP */
#cmakedefine CURL_DISABLE_FTP 1
/* to disable GOPHER */
#cmakedefine CURL_DISABLE_GOPHER 1
/* to disable IMAP */
#cmakedefine CURL_DISABLE_IMAP 1
/* to disable HTTP */
#cmakedefine CURL_DISABLE_HTTP 1
@@ -39,24 +33,9 @@
/* to disable LDAPS */
#cmakedefine CURL_DISABLE_LDAPS 1
/* to disable POP3 */
#cmakedefine CURL_DISABLE_POP3 1
/* to disable proxies */
#cmakedefine CURL_DISABLE_PROXY 1
/* to disable RTSP */
#cmakedefine CURL_DISABLE_RTSP 1
/* to disable RTMP */
#cmakedefine CURL_DISABLE_RTMP 1
/* to disable SMB */
#cmakedefine CURL_DISABLE_SMB 1
/* to disable SMTP */
#cmakedefine CURL_DISABLE_SMTP 1
/* to disable TELNET */
#cmakedefine CURL_DISABLE_TELNET 1

4
lib/curl_memory.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2013, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -39,7 +39,7 @@
*
* File lib/strdup.c is an exception, given that it provides a strdup
* clone implementation while using malloc. Extra care needed inside
* this one.
* this one. TODO: revisit this paragraph and related code.
*
* The need for curl_memory.h inclusion is due to libcurl's feature
* of allowing library user to provide memory replacement functions,

4
lib/curl_ntlm.c
View File

@@ -137,8 +137,8 @@ CURLcode Curl_output_ntlm(struct connectdata *conn, bool proxy)
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
passwdp = conn->http_proxy.passwd;
userp = conn->proxyuser;
passwdp = conn->proxypasswd;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}

4
lib/curl_ntlm_core.c
View File

@@ -676,10 +676,10 @@ CURLcode Curl_ntlm_core_mk_ntlmv2_resp(unsigned char *ntlmv2hash,
#ifdef DEBUGBUILD
char *force_timestamp = getenv("CURL_FORCETIME");
if(force_timestamp)
tw = CURL_OFF_T_C(11644473600) * 10000000;
tw = (curl_off_t)11644473600 * 10000000;
else
#endif
tw = ((curl_off_t)time(NULL) + CURL_OFF_T_C(11644473600)) * 10000000;
tw = ((curl_off_t)time(NULL) + 11644473600) * 10000000;
/* Calculate the response len */
len = NTLM_HMAC_MD5_LEN + NTLMv2_BLOB_LEN;

2
lib/curl_ntlm_wb.c
View File

@@ -350,7 +350,7 @@ CURLcode Curl_output_ntlm_wb(struct connectdata *conn,
if(proxy) {
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
userp = conn->proxyuser;
ntlm = &conn->proxyntlm;
authp = &conn->data->state.authproxy;
}

97
lib/curl_sasl.c
View File

@@ -24,7 +24,6 @@
* RFC4422 Simple Authentication and Security Layer (SASL)
* RFC4616 PLAIN authentication
* RFC6749 OAuth 2.0 Authorization Framework
* RFC7628 A Set of SASL Mechanisms for OAuth
* Draft LOGIN SASL Mechanism <draft-murchison-sasl-login-00.txt>
*
***************************************************************************/
@@ -65,7 +64,6 @@ const struct {
{ "EXTERNAL", 8, SASL_MECH_EXTERNAL },
{ "NTLM", 4, SASL_MECH_NTLM },
{ "XOAUTH2", 7, SASL_MECH_XOAUTH2 },
{ "OAUTHBEARER", 11, SASL_MECH_OAUTHBEARER },
{ ZERO_NULL, 0, 0 }
};
@@ -1155,7 +1153,7 @@ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
#endif /* USE_NTLM && !USE_WINDOWS_SSPI*/
/*
* sasl_create_oauth_bearer_message()
* sasl_create_xoauth2_message()
*
* This is used to generate an already encoded OAuth 2.0 message ready for
* sending to the recipient.
@@ -1164,8 +1162,6 @@ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
*
* data [in] - The session handle.
* user [in] - The user name.
* host [in] - The host name (for OAUTHBEARER).
* port [in] - The port (for OAUTHBEARER when not Port 80).
* bearer [in] - The bearer token.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
@@ -1173,32 +1169,23 @@ void Curl_sasl_ntlm_cleanup(struct ntlmdata *ntlm)
*
* Returns CURLE_OK on success.
*/
static CURLcode sasl_create_oauth_bearer_message(struct SessionHandle *data,
static CURLcode sasl_create_xoauth2_message(struct SessionHandle *data,
const char *user,
const char *host,
const long port,
const char *bearer,
char **outptr, size_t *outlen)
{
CURLcode result = CURLE_OK;
char *oauth = NULL;
char *xoauth = NULL;
/* Generate the message */
if(host == NULL && (port == 0 || port == 80))
oauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
else if(port == 0 || port == 80)
oauth = aprintf("user=%s\1host=%s\1auth=Bearer %s\1\1", user, host,
bearer);
else
oauth = aprintf("user=%s\1host=%s\1port=%ld\1auth=Bearer %s\1\1", user,
host, port, bearer);
if(!oauth)
xoauth = aprintf("user=%s\1auth=Bearer %s\1\1", user, bearer);
if(!xoauth)
return CURLE_OUT_OF_MEMORY;
/* Base64 encode the reply */
result = Curl_base64_encode(data, oauth, strlen(oauth), outptr, outlen);
result = Curl_base64_encode(data, xoauth, strlen(xoauth), outptr, outlen);
free(oauth);
free(xoauth);
return result;
}
@@ -1345,8 +1332,7 @@ static void state(struct SASL *sasl, struct connectdata *conn,
"GSSAPI",
"GSSAPI_TOKEN",
"GSSAPI_NO_DATA",
"OAUTH2",
"OAUTH2_RESP",
"XOAUTH2",
"CANCEL",
"FINAL",
/* LAST */
@@ -1457,28 +1443,14 @@ CURLcode Curl_sasl_start(struct SASL *sasl, struct connectdata *conn,
}
else
#endif
if((enabledmechs & SASL_MECH_OAUTHBEARER) && conn->oauth_bearer) {
mech = SASL_MECH_STRING_OAUTHBEARER;
state1 = SASL_OAUTH2;
state2 = SASL_OAUTH2_RESP;
sasl->authused = SASL_MECH_OAUTHBEARER;
if(force_ir || data->set.sasl_ir)
result = sasl_create_oauth_bearer_message(data, conn->user,
conn->host.name,
conn->port,
conn->oauth_bearer,
&resp, &len);
}
else if((enabledmechs & SASL_MECH_XOAUTH2) && conn->oauth_bearer) {
if((enabledmechs & SASL_MECH_XOAUTH2) || conn->xoauth2_bearer) {
mech = SASL_MECH_STRING_XOAUTH2;
state1 = SASL_OAUTH2;
state1 = SASL_XOAUTH2;
sasl->authused = SASL_MECH_XOAUTH2;
if(force_ir || data->set.sasl_ir)
result = sasl_create_oauth_bearer_message(data, conn->user,
NULL, 0,
conn->oauth_bearer,
result = sasl_create_xoauth2_message(data, conn->user,
conn->xoauth2_bearer,
&resp, &len);
}
else if(enabledmechs & SASL_MECH_LOGIN) {
@@ -1551,8 +1523,7 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
return result;
}
if(sasl->state != SASL_CANCEL && sasl->state != SASL_OAUTH2_RESP &&
code != sasl->params->contcode) {
if(sasl->state != SASL_CANCEL && code != sasl->params->contcode) {
*progress = SASL_DONE;
state(sasl, conn, SASL_STOP);
return CURLE_LOGIN_DENIED;
@@ -1655,47 +1626,11 @@ CURLcode Curl_sasl_continue(struct SASL *sasl, struct connectdata *conn,
break;
#endif
case SASL_OAUTH2:
case SASL_XOAUTH2:
/* Create the authorisation message */
if(sasl->authused == SASL_MECH_OAUTHBEARER) {
result = sasl_create_oauth_bearer_message(data, conn->user,
conn->host.name,
conn->port,
conn->oauth_bearer,
&resp, &len);
/* Failures maybe sent by the server as continuations for OAUTHBEARER */
newstate = SASL_OAUTH2_RESP;
}
else
result = sasl_create_oauth_bearer_message(data, conn->user,
NULL, 0,
conn->oauth_bearer,
&resp, &len);
result = sasl_create_xoauth2_message(data, conn->user,
conn->xoauth2_bearer, &resp, &len);
break;
case SASL_OAUTH2_RESP:
/* The continuation is optional so check the response code */
if(code == sasl->params->finalcode) {
/* Final response was received so we are done */
*progress = SASL_DONE;
state(sasl, conn, SASL_STOP);
return result;
}
else if(code == sasl->params->contcode) {
/* Acknowledge the continuation by sending a 0x01 response base64
encoded */
resp = strdup("AQ==");
if(!resp)
result = CURLE_OUT_OF_MEMORY;
break;
}
else {
*progress = SASL_DONE;
state(sasl, conn, SASL_STOP);
return CURLE_LOGIN_DENIED;
}
case SASL_CANCEL:
/* Remove the offending mechanism from the supported list */
sasl->authmechs ^= sasl->authused;

8
lib/curl_sasl.h
View File

@@ -48,12 +48,12 @@ struct kerberos5data;
#define SASL_MECH_EXTERNAL (1 << 5)
#define SASL_MECH_NTLM (1 << 6)
#define SASL_MECH_XOAUTH2 (1 << 7)
#define SASL_MECH_OAUTHBEARER (1 << 8)
/* Authentication mechanism values */
#define SASL_AUTH_NONE 0
#define SASL_AUTH_ANY ~0U
#define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & ~SASL_MECH_EXTERNAL)
#define SASL_AUTH_DEFAULT (SASL_AUTH_ANY & \
~(SASL_MECH_EXTERNAL | SASL_MECH_XOAUTH2))
/* Authentication mechanism strings */
#define SASL_MECH_STRING_LOGIN "LOGIN"
@@ -64,7 +64,6 @@ struct kerberos5data;
#define SASL_MECH_STRING_EXTERNAL "EXTERNAL"
#define SASL_MECH_STRING_NTLM "NTLM"
#define SASL_MECH_STRING_XOAUTH2 "XOAUTH2"
#define SASL_MECH_STRING_OAUTHBEARER "OAUTHBEARER"
#if !defined(CURL_DISABLE_CRYPTO_AUTH)
#define DIGEST_MAX_VALUE_LENGTH 256
@@ -91,8 +90,7 @@ typedef enum {
SASL_GSSAPI,
SASL_GSSAPI_TOKEN,
SASL_GSSAPI_NO_DATA,
SASL_OAUTH2,
SASL_OAUTH2_RESP,
SASL_XOAUTH2,
SASL_CANCEL,
SASL_FINAL
} saslstate;

15
lib/curl_sasl_sspi.c
View File

@@ -418,7 +418,6 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
SECURITY_STATUS status;
unsigned long attrs;
TimeStamp expiry; /* For Windows 9x compatibility of SSPI calls */
TCHAR *spn;
(void) data;
@@ -463,7 +462,6 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
p_identity, NULL, NULL,
&credentials, &expiry);
if(status != SEC_E_OK) {
Curl_sspi_free_identity(p_identity);
free(output_token);
return CURLE_LOGIN_DENIED;
@@ -491,21 +489,12 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
resp_buf.pvBuffer = output_token;
resp_buf.cbBuffer = curlx_uztoul(token_max);
spn = Curl_convert_UTF8_to_tchar((char *) uripath);
if(!spn) {
Curl_sspi_free_identity(p_identity);
free(output_token);
return CURLE_OUT_OF_MEMORY;
}
/* Generate our reponse message */
status = s_pSecFn->InitializeSecurityContext(&credentials, NULL,
spn,
(TCHAR *) uripath,
ISC_REQ_USE_HTTP_STYLE, 0, 0,
&chlg_desc, 0, &context,
&resp_desc, &attrs, &expiry);
Curl_unicodefree(spn);
if(status == SEC_I_COMPLETE_NEEDED ||
status == SEC_I_COMPLETE_AND_CONTINUE)
@@ -513,7 +502,6 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
else if(status != SEC_E_OK && status != SEC_I_CONTINUE_NEEDED) {
s_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
free(output_token);
return CURLE_OUT_OF_MEMORY;
@@ -524,7 +512,6 @@ CURLcode Curl_sasl_create_digest_http_message(struct SessionHandle *data,
s_pSecFn->DeleteSecurityContext(&context);
s_pSecFn->FreeCredentialsHandle(&credentials);
Curl_sspi_free_identity(p_identity);
free(output_token);
return CURLE_OUT_OF_MEMORY;

5
lib/curl_setup.h
View File

@@ -181,6 +181,9 @@
# ifndef CURL_DISABLE_SMTP
# define CURL_DISABLE_SMTP
# endif
# ifndef CURL_DISABLE_RTSP
# define CURL_DISABLE_RTSP
# endif
# ifndef CURL_DISABLE_RTMP
# define CURL_DISABLE_RTMP
# endif
@@ -602,7 +605,7 @@ int netware_init(void);
#define LIBIDN_REQUIRED_VERSION "0.4.1"
#if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \
defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_MBEDTLS) || \
defined(USE_POLARSSL) || defined(USE_AXTLS) || \
defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_GSKIT)
#define USE_SSL /* SSL support has been enabled */

2
lib/easy.c
View File

@@ -646,7 +646,7 @@ static CURLcode wait_or_timeout(struct Curl_multi *multi, struct events *ev)
return CURLE_RECV_ERROR;
if(mcode)
return CURLE_URL_MALFORMAT;
return CURLE_URL_MALFORMAT; /* TODO: return a proper error! */
/* we don't really care about the "msgs_in_queue" value returned in the
second argument */

45
lib/formdata.c
View File

@@ -57,14 +57,6 @@ static char *formboundary(struct SessionHandle *data);
#define FORM_FILE_SEPARATOR ','
#define FORM_TYPE_SEPARATOR ';'
#define HTTPPOST_PTRNAME CURL_HTTPPOST_PTRNAME
#define HTTPPOST_FILENAME CURL_HTTPPOST_FILENAME
#define HTTPPOST_PTRCONTENTS CURL_HTTPPOST_PTRCONTENTS
#define HTTPPOST_READFILE CURL_HTTPPOST_READFILE
#define HTTPPOST_PTRBUFFER CURL_HTTPPOST_PTRBUFFER
#define HTTPPOST_CALLBACK CURL_HTTPPOST_CALLBACK
#define HTTPPOST_BUFFER CURL_HTTPPOST_BUFFER
/***************************************************************************
*
* AddHttpPost()
@@ -77,7 +69,7 @@ static char *formboundary(struct SessionHandle *data);
***************************************************************************/
static struct curl_httppost *
AddHttpPost(char *name, size_t namelength,
char *value, curl_off_t contentslength,
char *value, size_t contentslength,
char *buffer, size_t bufferlength,
char *contenttype,
long flags,
@@ -93,14 +85,14 @@ AddHttpPost(char *name, size_t namelength,
post->name = name;
post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
post->contents = value;
post->contentlen = contentslength;
post->contentslength = (long)contentslength;
post->buffer = buffer;
post->bufferlength = (long)bufferlength;
post->contenttype = contenttype;
post->contentheader = contentHeader;
post->showfilename = showfilename;
post->userp = userp,
post->flags = flags | CURL_HTTPPOST_LARGE;
post->flags = flags;
}
else
return NULL;
@@ -380,16 +372,13 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
}
break;
case CURLFORM_CONTENTSLENGTH:
if(current_form->contentslength)
return_value = CURL_FORMADD_OPTION_TWICE;
else
current_form->contentslength =
array_state?(size_t)array_value:(size_t)va_arg(params, long);
break;
case CURLFORM_CONTENTLEN:
current_form->flags |= CURL_HTTPPOST_LARGE;
current_form->contentslength =
array_state?(curl_off_t)array_value:va_arg(params, curl_off_t);
break;
/* Get contents from a given file name */
case CURLFORM_FILECONTENT:
if(current_form->flags & (HTTPPOST_PTRCONTENTS|HTTPPOST_READFILE))
@@ -664,12 +653,9 @@ CURLFORMcode FormAdd(struct curl_httppost **httppost,
HTTPPOST_PTRCONTENTS | HTTPPOST_PTRBUFFER |
HTTPPOST_CALLBACK)) && form->value) {
/* copy value (without strdup; possibly contains null characters) */
size_t clen = (size_t) form->contentslength;
if(!clen)
clen = strlen(form->value)+1;
form->value = Curl_memdup(form->value, clen);
form->value = Curl_memdup(form->value, form->contentslength?
form->contentslength:
strlen(form->value)+1);
if(!form->value) {
return_value = CURL_FORMADD_MEMORY;
break;
@@ -822,7 +808,7 @@ static curl_off_t VmsSpecialSize(const char * name,
static CURLcode AddFormData(struct FormData **formp,
enum formtype type,
const void *line,
curl_off_t length,
size_t length,
curl_off_t *size)
{
struct FormData *newform = malloc(sizeof(struct FormData));
@@ -1312,16 +1298,15 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
result = AddFormData(&form, FORM_CONTENT, post->buffer,
post->bufferlength, &size);
else if(post->flags & HTTPPOST_CALLBACK)
/* the contents should be read with the callback and the size is set
with the contentslength */
/* the contents should be read with the callback and the size
is set with the contentslength */
result = AddFormData(&form, FORM_CALLBACK, post->userp,
post->flags&CURL_HTTPPOST_LARGE?
post->contentlen:post->contentslength, &size);
post->contentslength, &size);
else
/* include the contents we got */
result = AddFormData(&form, FORM_CONTENT, post->contents,
post->flags&CURL_HTTPPOST_LARGE?
post->contentlen:post->contentslength, &size);
post->contentslength, &size);
file = file->more;
} while(file && !result); /* for each specified file for this field */

4
lib/formdata.h
View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -54,7 +54,7 @@ typedef struct FormInfo {
size_t namelength;
char *value;
bool value_alloc;
curl_off_t contentslength;
size_t contentslength;
char *contenttype;
bool contenttype_alloc;
long flags;

142
lib/ftp.c
View File

@@ -491,7 +491,7 @@ static CURLcode InitiateTransfer(struct connectdata *conn)
struct FTP *ftp = data->req.protop;
CURLcode result = CURLE_OK;
if(conn->bits.ftp_use_data_ssl) {
if(conn->ssl[SECONDARYSOCKET].use) {
/* since we only have a plaintext TCP connection here, we must now
* do the TLS stuff */
infof(data, "Doing the SSL/TLS handshake on the data stream\n");
@@ -732,7 +732,7 @@ CURLcode Curl_GetFTPResponse(ssize_t *nreadp, /* return number of bytes read */
* wait for more data anyway.
*/
}
else if(!Curl_ssl_data_pending(conn, FIRSTSOCKET)) {
else {
switch (Curl_socket_ready(sockfd, CURL_SOCKET_BAD, interval_ms)) {
case -1: /* select() error, stop reading */
failf(data, "FTP response aborted due to select/poll error: %d",
@@ -1789,23 +1789,11 @@ static CURLcode ftp_state_quote(struct connectdata *conn,
Curl_pgrsSetDownloadSize(data, ftpc->known_filesize);
result = ftp_state_retr(conn, ftpc->known_filesize);
}
else {
if(data->set.ignorecl) {
/* This code is to support download of growing files. It prevents
the state machine from requesting the file size from the
server. With an unknown file size the download continues until
the server terminates it, otherwise the client stops if the
received byte count exceeds the reported file size. Set option
CURLOPT_IGNORE_CONTENT_LENGTH to 1 to enable this behavior.*/
PPSENDF(&ftpc->pp, "RETR %s", ftpc->file);
state(conn, FTP_RETR);
}
else {
PPSENDF(&ftpc->pp, "SIZE %s", ftpc->file);
state(conn, FTP_RETR_SIZE);
}
}
}
break;
case FTP_STOR_PREQUOTE:
result = ftp_state_ul_setup(conn, FALSE);
@@ -1842,6 +1830,84 @@ static CURLcode ftp_epsv_disable(struct connectdata *conn)
return result;
}
/*
* Perform the necessary magic that needs to be done once the TCP connection
* to the proxy has completed.
*/
static CURLcode proxy_magic(struct connectdata *conn,
char *newhost, unsigned short newport,
bool *magicdone)
{
CURLcode result = CURLE_OK;
struct SessionHandle *data = conn->data;
#if defined(CURL_DISABLE_PROXY)
(void) newhost;
(void) newport;
#endif
*magicdone = FALSE;
switch(conn->proxytype) {
case CURLPROXY_SOCKS5:
case CURLPROXY_SOCKS5_HOSTNAME:
result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd, newhost,
newport, SECONDARYSOCKET, conn);
*magicdone = TRUE;
break;
case CURLPROXY_SOCKS4:
result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
SECONDARYSOCKET, conn, FALSE);
*magicdone = TRUE;
break;
case CURLPROXY_SOCKS4A:
result = Curl_SOCKS4(conn->proxyuser, newhost, newport,
SECONDARYSOCKET, conn, TRUE);
*magicdone = TRUE;
break;
case CURLPROXY_HTTP:
case CURLPROXY_HTTP_1_0:
/* do nothing here. handled later. */
break;
default:
failf(data, "unknown proxytype option given");
result = CURLE_COULDNT_CONNECT;
break;
}
if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
/* BLOCKING */
/* We want "seamless" FTP operations through HTTP proxy tunnel */
/* Curl_proxyCONNECT is based on a pointer to a struct HTTP at the
* member conn->proto.http; we want FTP through HTTP and we have to
* change the member temporarily for connecting to the HTTP proxy. After
* Curl_proxyCONNECT we have to set back the member to the original
* struct FTP pointer
*/
struct HTTP http_proxy;
struct FTP *ftp_save = data->req.protop;
memset(&http_proxy, 0, sizeof(http_proxy));
data->req.protop = &http_proxy;
result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, newhost, newport, TRUE);
data->req.protop = ftp_save;
if(result)
return result;
if(conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE) {
/* the CONNECT procedure is not complete, the tunnel is not yet up */
state(conn, FTP_STOP); /* this phase is completed */
return result;
}
else
*magicdone = TRUE;
}
return result;
}
static char *control_address(struct connectdata *conn)
{
@@ -1849,7 +1915,11 @@ static char *control_address(struct connectdata *conn)
If a proxy tunnel is used, returns the original host name instead, because
the effective control connection address is the proxy address,
not the ftp host. */
if(conn->bits.tunnel_proxy || conn->bits.socksproxy)
if(conn->bits.tunnel_proxy ||
conn->proxytype == CURLPROXY_SOCKS5 ||
conn->proxytype == CURLPROXY_SOCKS5_HOSTNAME ||
conn->proxytype == CURLPROXY_SOCKS4 ||
conn->proxytype == CURLPROXY_SOCKS4A)
return conn->host.name;
return conn->ip_addr_str;
@@ -1973,9 +2043,7 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
* here. We don't want to rely on a former host lookup that might've
* expired now, instead we remake the lookup here and now!
*/
const char * const host_name = conn->bits.socksproxy ?
conn->socks_proxy.host.name : conn->http_proxy.host.name;
rc = Curl_resolv(conn, host_name, (int)conn->port, &addr);
rc = Curl_resolv(conn, conn->proxy.name, (int)conn->port, &addr);
if(rc == CURLRESOLV_PENDING)
/* BLOCKING, ignores the return code but 'addr' will be NULL in
case of failure */
@@ -1985,7 +2053,8 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
(unsigned short)conn->port; /* we connect to the proxy's port */
if(!addr) {
failf(data, "Can't resolve proxy host %s:%hu", host_name, connectport);
failf(data, "Can't resolve proxy host %s:%hu",
conn->proxy.name, connectport);
return CURLE_FTP_CANT_GET_HOST;
}
}
@@ -2026,10 +2095,6 @@ static CURLcode ftp_state_pasv_resp(struct connectdata *conn,
/* this just dumps information about this second connection */
ftp_pasv_verbose(conn, addr->addr, ftpc->newhost, connectport);
Curl_safefree(conn->secondaryhostname);
conn->secondaryhostname = strdup(ftpc->newhost);
conn->secondary_port = ftpc->newport;
Curl_resolv_unlock(data, addr); /* we're done using this address */
conn->bits.do_more = TRUE;
state(conn, FTP_STOP); /* this phase is completed */
@@ -2678,10 +2743,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
}
#endif
if(data->set.use_ssl &&
(!conn->ssl[FIRSTSOCKET].use ||
(conn->bits.proxy_ssl_connected[FIRSTSOCKET] &&
!conn->proxy_ssl[FIRSTSOCKET].use))) {
if(data->set.use_ssl && !conn->ssl[FIRSTSOCKET].use) {
/* We don't have a SSL/TLS connection yet, but FTPS is
requested. Try a FTPS connection now */
@@ -2726,7 +2788,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
/* Curl_ssl_connect is BLOCKING */
result = Curl_ssl_connect(conn, FIRSTSOCKET);
if(!result) {
conn->bits.ftp_use_data_ssl = FALSE; /* clear-text data */
conn->ssl[SECONDARYSOCKET].use = FALSE; /* clear-text data */
result = ftp_state_user(conn);
}
}
@@ -2768,7 +2830,7 @@ static CURLcode ftp_statemach_act(struct connectdata *conn)
case FTP_PROT:
if(ftpcode/100 == 2)
/* We have enabled SSL for the data connection! */
conn->bits.ftp_use_data_ssl =
conn->ssl[SECONDARYSOCKET].use =
(data->set.use_ssl != CURLUSESSL_CONTROL) ? TRUE : FALSE;
/* FTP servers typically responds with 500 if they decide to reject
our 'P' request */
@@ -3585,7 +3647,7 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
if(!conn->bits.tcpconnect[SECONDARYSOCKET]) {
if(conn->tunnel_state[SECONDARYSOCKET] == TUNNEL_CONNECT) {
/* As we're in TUNNEL_CONNECT state now, we know the proxy name and port
aren't used so we blank their arguments. */
aren't used so we blank their arguments. TODO: make this nicer */
result = Curl_proxyCONNECT(conn, SECONDARYSOCKET, NULL, 0, FALSE);
return result;
@@ -3596,6 +3658,10 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
/* Ready to do more? */
if(connected) {
DEBUGF(infof(data, "DO-MORE connected phase starts\n"));
if(conn->bits.proxy) {
infof(data, "Connection to proxy confirmed\n");
result = proxy_magic(conn, ftpc->newhost, ftpc->newport, &connected);
}
}
else {
if(result && (ftpc->count1 == 0)) {
@@ -3607,18 +3673,6 @@ static CURLcode ftp_do_more(struct connectdata *conn, int *completep)
}
}
result = Curl_proxy_connect(conn, SECONDARYSOCKET);
if(result)
return result;
if(CONNECT_SECONDARYSOCKET_PROXY_SSL())
return result;
if(conn->bits.tunnel_proxy && conn->bits.httpproxy &&
conn->tunnel_state[SECONDARYSOCKET] != TUNNEL_COMPLETE)
return result;
if(ftpc->state) {
/* already in a state so skip the intial commands.
They are only done to kickstart the do_more state */
@@ -4186,8 +4240,8 @@ CURLcode ftp_parse_url_path(struct connectdata *conn)
const char *cur_pos;
const char *filename = NULL;
cur_pos = path_to_use; /* current position in path. point at the begin of
next path component */
cur_pos = path_to_use; /* current position in path. point at the begin
of next path component */
ftpc->ctl_valid = FALSE;
ftpc->cwdfail = FALSE;

22
lib/ftplistparser.c
View File

@@ -275,6 +275,26 @@ static void PL_ERROR(struct connectdata *conn, CURLcode err)
parser->error = err;
}
static bool ftp_pl_gettime(struct ftp_parselist_data *parser, char *string)
{
(void)parser;
(void)string;
/* TODO
* There could be possible parse timestamp from server. Leaving unimplemented
* for now.
* If you want implement this, please add CURLFINFOFLAG_KNOWN_TIME flag to
* parser->file_data->flags
*
* Ftp servers are giving usually these formats:
* Apr 11 1998 (unknown time.. set it to 00:00:00?)
* Apr 11 12:21 (unknown year -> set it to NOW() time?)
* 08-05-09 02:49PM (ms-dos format)
* 20100421092538 -> for MLST/MLSD response
*/
return FALSE;
}
static CURLcode ftp_pl_insert_finfo(struct connectdata *conn,
struct curl_fileinfo *finfo)
{
@@ -695,11 +715,9 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
if(c == ' ') {
finfo->b_data[parser->item_offset + parser->item_length -1] = 0;
parser->offsets.time = parser->item_offset;
/*
if(ftp_pl_gettime(parser, finfo->b_data + parser->item_offset)) {
parser->file_data->flags |= CURLFINFOFLAG_KNOWN_TIME;
}
*/
if(finfo->filetype == CURLFILETYPE_SYMLINK) {
parser->state.UNIX.main = PL_UNIX_SYMLINK;
parser->state.UNIX.sub.symlink = PL_UNIX_SYMLINK_PRESPACE;

16
lib/getinfo.c
View File

@@ -148,9 +148,6 @@ static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
case CURLINFO_SSL_VERIFYRESULT:
*param_longp = data->set.ssl.certverifyresult;
break;
case CURLINFO_PROXY_SSL_VERIFYRESULT:
*param_longp = data->set.proxy_ssl.certverifyresult;
break;
case CURLINFO_REDIRECT_COUNT:
*param_longp = data->set.followlocation;
break;
@@ -338,9 +335,20 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
static CURLcode getinfo_socket(struct SessionHandle *data, CURLINFO info,
curl_socket_t *param_socketp)
{
curl_socket_t sockfd;
switch(info) {
case CURLINFO_ACTIVESOCKET:
*param_socketp = Curl_getconnectinfo(data, NULL);
sockfd = Curl_getconnectinfo(data, NULL);
/* note: this is not a good conversion for systems with 64 bit sockets and
32 bit longs */
if(sockfd != CURL_SOCKET_BAD)
*param_socketp = sockfd;
else
/* this interface is documented to return -1 in case of badness, which
may not be the same as the CURL_SOCKET_BAD value */
*param_socketp = -1;
break;
default:
return CURLE_UNKNOWN_OPTION;

23
lib/hash.c
View File

@@ -46,12 +46,7 @@ hash_element_dtor(void *user, void *element)
free(e);
}
/* Initializes a hash structure.
* Return 1 on error, 0 is fine.
*
* @unittest: 1602
* @unittest: 1603
*/
/* return 1 on error, 0 is fine */
int
Curl_hash_init(struct curl_hash *h,
int slots,
@@ -124,8 +119,6 @@ mk_hash_element(const void *key, size_t key_len, const void *p)
* that data is replaced.
*
* @unittest: 1305
* @unittest: 1602
* @unittest: 1603
*/
void *
Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
@@ -162,11 +155,7 @@ Curl_hash_add(struct curl_hash *h, void *key, size_t key_len, void *p)
return NULL; /* failure */
}
/* Remove the identified hash entry.
* Returns non-zero on failure.
*
* @unittest: 1603
*/
/* remove the identified hash entry, returns non-zero on failure */
int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
{
struct curl_llist_element *le;
@@ -184,10 +173,6 @@ int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len)
return 1;
}
/* Retrieves a hash element.
*
* @unittest: 1603
*/
void *
Curl_hash_pick(struct curl_hash *h, void *key, size_t key_len)
{
@@ -229,10 +214,6 @@ Curl_hash_apply(curl_hash *h, void *user,
/* Destroys all the entries in the given hash and resets its attributes,
* prepping the given hash for [static|dynamic] deallocation.
*
* @unittest: 1305
* @unittest: 1602
* @unittest: 1603
*/
void
Curl_hash_destroy(struct curl_hash *h)

61
lib/http.c
View File

@@ -287,8 +287,8 @@ static CURLcode http_output_basic(struct connectdata *conn, bool proxy)
if(proxy) {
userp = &conn->allocptr.proxyuserpwd;
user = conn->http_proxy.user;
pwd = conn->http_proxy.passwd;
user = conn->proxyuser;
pwd = conn->proxypasswd;
}
else {
userp = &conn->allocptr.userpwd;
@@ -642,7 +642,7 @@ output_auth_headers(struct connectdata *conn,
if(auth) {
infof(data, "%s auth using %s with user '%s'\n",
proxy?"Proxy":"Server", auth,
proxy?(conn->http_proxy.user?conn->http_proxy.user:""):
proxy?(conn->proxyuser?conn->proxyuser:""):
(conn->user?conn->user:""));
authstatus->multi = (!authstatus->done) ? TRUE : FALSE;
}
@@ -1092,8 +1092,8 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer *in,
return result;
}
if(conn->handler->flags & PROTOPT_SSL ||
conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
if(conn->handler->flags & PROTOPT_SSL) {
/* We never send more than CURL_MAX_WRITE_SIZE bytes in one single chunk
when we speak HTTPS, as if only a fraction of it is sent now, this data
needs to fit into the normal read-callback buffer later on and that
@@ -1345,13 +1345,10 @@ CURLcode Curl_http_connect(struct connectdata *conn, bool *done)
connkeep(conn, "HTTP default");
/* the CONNECT procedure might not have been completed */
result = Curl_proxy_connect(conn, FIRSTSOCKET);
result = Curl_proxy_connect(conn);
if(result)
return result;
if(CONNECT_FIRSTSOCKET_PROXY_SSL())
return CURLE_OK; /* wait for HTTPS proxy SSL initialization to complete */
if(conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)
/* nothing else to do except wait right now - we're not done here. */
return CURLE_OK;
@@ -1394,16 +1391,48 @@ static CURLcode https_connecting(struct connectdata *conn, bool *done)
return result;
}
#endif
#if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL) || defined(USE_POLARSSL) || defined(USE_NSS)
/* This function is for OpenSSL, GnuTLS, darwinssl, schannel and polarssl only.
It should be made to query the generic SSL layer instead. */
static int https_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks)
{
if(conn->handler->flags & PROTOPT_SSL)
return Curl_ssl_getsock(conn, socks, numsocks);
if(conn->handler->flags & PROTOPT_SSL) {
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
if(!numsocks)
return GETSOCK_BLANK;
if(connssl->connecting_state == ssl_connect_2_writing) {
/* write mode */
socks[0] = conn->sock[FIRSTSOCKET];
return GETSOCK_WRITESOCK(0);
}
else if(connssl->connecting_state == ssl_connect_2_reading) {
/* read mode */
socks[0] = conn->sock[FIRSTSOCKET];
return GETSOCK_READSOCK(0);
}
}
return CURLE_OK;
}
#else
#ifdef USE_SSL
static int https_getsock(struct connectdata *conn,
curl_socket_t *socks,
int numsocks)
{
(void)conn;
(void)socks;
(void)numsocks;
return GETSOCK_BLANK;
}
#endif /* USE_SSL */
#endif /* USE_OPENSSL || USE_GNUTLS || USE_SCHANNEL */
/*
* Curl_http_done() gets called from Curl_done() after a single HTTP request
@@ -1450,15 +1479,12 @@ CURLcode Curl_http_done(struct connectdata *conn,
DEBUGF(infof(data, "free header_recvbuf!!\n"));
Curl_add_buffer_free(http->header_recvbuf);
http->header_recvbuf = NULL; /* clear the pointer */
if(http->push_headers) {
/* if they weren't used and then freed before */
for(; http->push_headers_used > 0; --http->push_headers_used) {
free(http->push_headers[http->push_headers_used - 1]);
}
free(http->push_headers);
http->push_headers = NULL;
}
}
if(http->stream_id) {
nghttp2_session_set_stream_user_data(httpc->h2, http->stream_id, 0);
http->stream_id = 0;
@@ -2017,7 +2043,10 @@ CURLcode Curl_http(struct connectdata *conn, bool *done)
ptr = strstr(url, conn->host.dispname);
if(ptr) {
/* This is where the display name starts in the URL, now replace this
part with the encoded name. */
part with the encoded name. TODO: This method of replacing the host
name is rather crude as I believe there's a slight risk that the
user has entered a user name or password that contain the host name
string. */
size_t currlen = strlen(conn->host.dispname);
size_t newlen = strlen(conn->host.name);
size_t urllen = strlen(url);
@@ -3299,6 +3328,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
conn->httpversion = 11; /* For us, RTSP acts like HTTP 1.1 */
}
else {
/* TODO: do we care about the other cases here? */
nc = 0;
}
}
@@ -3529,6 +3559,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
}
if(k->auto_decoding)
/* TODO: we only support the first mentioned compression for now */
break;
if(checkprefix("identity", start)) {

112
lib/http2.c
View File

@@ -42,28 +42,10 @@
#define MIN(x,y) ((x)<(y)?(x):(y))
#if (NGHTTP2_VERSION_NUM < 0x010000)
#if (NGHTTP2_VERSION_NUM < 0x000600)
#error too old nghttp2 version, upgrade!
#endif
/*
* Curl_http2_init_state() is called when the easy handle is created and
* allows for HTTP/2 specific init of state.
*/
void Curl_http2_init_state(struct UrlState *state)
{
state->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
}
/*
* Curl_http2_init_userset() is called when the easy handle is created and
* allows for HTTP/2 specific user-set fields.
*/
void Curl_http2_init_userset(struct UserDefined *set)
{
set->stream_weight = NGHTTP2_DEFAULT_WEIGHT;
}
static int http2_perform_getsock(const struct connectdata *conn,
curl_socket_t *sock, /* points to
numsocks
@@ -75,6 +57,8 @@ static int http2_perform_getsock(const struct connectdata *conn,
int bitmap = GETSOCK_BLANK;
(void)numsocks;
/* TODO We should check underlying socket state if it is SSL socket
because of renegotiation. */
sock[0] = conn->sock[FIRSTSOCKET];
if(nghttp2_session_want_read(c->h2))
@@ -280,7 +264,7 @@ char *curl_pushheader_byname(struct curl_pushheaders *h, const char *header)
size_t i;
for(i=0; i<stream->push_headers_used; i++) {
if(!strncmp(header, stream->push_headers[i], len)) {
/* sub-match, make sure that it is followed by a colon */
/* sub-match, make sure that it us followed by a colon */
if(stream->push_headers[i][len] != ':')
continue;
return &stream->push_headers[i][len+1];
@@ -422,6 +406,9 @@ static int on_frame_recv(nghttp2_session *session, const nghttp2_frame *frame,
DEBUGF(infof(data_s, "on_frame_recv() header %x stream %x\n",
frame->hd.type, stream_id));
conn = data_s->easy_conn;
assert(conn);
assert(conn->data == data_s);
httpc = &conn->proto.httpc;
switch(frame->hd.type) {
case NGHTTP2_DATA:
@@ -574,7 +561,8 @@ static int on_data_chunk_recv(nghttp2_session *session, uint8_t flags,
/* if we receive data for another handle, wake that up */
if(conn->data != data_s)
Curl_expire(data_s, 1);
Curl_expire(data_s, 1); /* TODO: fix so that this can be set to 0 for
immediately? */
DEBUGF(infof(data_s, "%zu data received for stream %u "
"(%zu left in buffer %p, total %zu)\n",
@@ -998,54 +986,6 @@ static ssize_t http2_handle_stream_close(struct http_conn *httpc,
return 0;
}
/*
* h2_pri_spec() fills in the pri_spec struct, used by nghttp2 to send weight
* and dependency to the peer. It also stores the updated values in the state
* struct.
*/
static void h2_pri_spec(struct SessionHandle *data,
nghttp2_priority_spec *pri_spec)
{
struct HTTP *depstream = (data->set.stream_depends_on?
data->set.stream_depends_on->req.protop:NULL);
int32_t depstream_id = depstream? depstream->stream_id:0;
nghttp2_priority_spec_init(pri_spec, depstream_id, data->set.stream_weight,
data->set.stream_depends_e);
data->state.stream_weight = data->set.stream_weight;
data->state.stream_depends_e = data->set.stream_depends_e;
data->state.stream_depends_on = data->set.stream_depends_on;
}
/*
* h2_session_send() checks if there's been an update in the priority /
* dependency settings and if so it submits a PRIORITY frame with the updated
* info.
*/
static int h2_session_send(struct SessionHandle *data,
nghttp2_session *h2)
{
struct HTTP *stream = data->req.protop;
if((data->set.stream_weight != data->state.stream_weight) ||
(data->set.stream_depends_e != data->state.stream_depends_e) ||
(data->set.stream_depends_on != data->state.stream_depends_on) ) {
/* send new weight and/or dependency */
nghttp2_priority_spec pri_spec;
int rv;
h2_pri_spec(data, &pri_spec);
DEBUGF(infof(data, "Queuing HTTP/2 PRIORITY frame on stream %u!\n",
stream->stream_id));
rv = nghttp2_submit_priority(h2, NGHTTP2_FLAG_NONE, stream->stream_id,
&pri_spec);
if(rv)
return rv;
}
return nghttp2_session_send(h2);
}
/*
* If the read would block (EWOULDBLOCK) we return -1. Otherwise we return
* a regular CURLcode value.
@@ -1200,7 +1140,7 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
}
/* Always send pending frames in nghttp2 session, because
nghttp2_session_mem_recv() may queue new frame */
rv = h2_session_send(data, httpc->h2);
rv = nghttp2_session_send(httpc->h2);
if(rv != 0) {
*err = CURLE_SEND_ERROR;
return 0;
@@ -1259,7 +1199,6 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
nghttp2_data_provider data_prd;
int32_t stream_id;
nghttp2_session *h2 = httpc->h2;
nghttp2_priority_spec pri_spec;
(void)sockindex;
@@ -1271,7 +1210,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
stream->upload_mem = mem;
stream->upload_len = len;
nghttp2_session_resume_data(h2, stream->stream_id);
rv = h2_session_send(conn->data, h2);
rv = nghttp2_session_send(h2);
if(nghttp2_is_fatal(rv)) {
*err = CURLE_SEND_ERROR;
return -1;
@@ -1351,19 +1290,14 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
authority_idx = 0;
i = 3;
while(i < nheader) {
for(i = 3; i < nheader; ++i) {
size_t hlen;
int skip = 0;
end = strchr(hdbuf, ':');
if(!end)
goto fail;
hlen = end - hdbuf;
if(hlen == 10 && Curl_raw_nequal("connection", hdbuf, 10)) {
/* skip Connection: headers! */
skip = 1;
--nheader;
}
if(hlen == 10 && Curl_raw_nequal("connection", hdbuf, 10))
; /* skip Connection: headers! */
else if(hlen == 4 && Curl_raw_nequal("host", hdbuf, 4)) {
authority_idx = i;
nva[i].name = (unsigned char *)":authority";
@@ -1378,10 +1312,11 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
end = strchr(hdbuf, 0x0d);
if(!end)
goto fail;
if(!skip) {
nva[i].value = (unsigned char *)hdbuf;
nva[i].valuelen = (uint16_t)(end - hdbuf);
nva[i].flags = NGHTTP2_NV_FLAG_NONE;
hdbuf = end + 2;
/* Inspect Content-Length header field and retrieve the request
entity length so that we can set END_STREAM to the last DATA
frame. */
@@ -1398,9 +1333,6 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
CURL_FORMAT_CURL_OFF_T
"\n", stream->upload_left));
}
++i;
}
hdbuf = end + 2;
}
/* :authority must come before non-pseudo header fields */
@@ -1412,19 +1344,17 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
nva[i] = authority;
}
h2_pri_spec(conn->data, &pri_spec);
switch(conn->data->set.httpreq) {
case HTTPREQ_POST:
case HTTPREQ_POST_FORM:
case HTTPREQ_PUT:
data_prd.read_callback = data_source_read_callback;
data_prd.source.ptr = NULL;
stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
stream_id = nghttp2_submit_request(h2, NULL, nva, nheader,
&data_prd, conn->data);
break;
default:
stream_id = nghttp2_submit_request(h2, &pri_spec, nva, nheader,
stream_id = nghttp2_submit_request(h2, NULL, nva, nheader,
NULL, conn->data);
}
@@ -1440,8 +1370,6 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
stream_id, conn->data);
stream->stream_id = stream_id;
/* this does not call h2_session_send() since there can not have been any
* priority upodate since the nghttp2_submit_request() call above */
rv = nghttp2_session_send(h2);
if(rv != 0) {
@@ -1463,7 +1391,7 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex,
return len;
fail:
fail:
free(nva);
*err = CURLE_SEND_ERROR;
return -1;
@@ -1601,7 +1529,7 @@ CURLcode Curl_http2_switched(struct connectdata *conn,
}
/* Try to send some frames since we may read SETTINGS already. */
rv = h2_session_send(data, httpc->h2);
rv = nghttp2_session_send(httpc->h2);
if(rv != 0) {
failf(data, "nghttp2_session_send() failed: %s(%d)",

4
lib/http2.h
View File

@@ -38,8 +38,6 @@
int Curl_http2_ver(char *p, size_t len);
CURLcode Curl_http2_init(struct connectdata *conn);
void Curl_http2_init_state(struct UrlState *state);
void Curl_http2_init_userset(struct UserDefined *set);
CURLcode Curl_http2_send_request(struct connectdata *conn);
CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req,
struct connectdata *conn);
@@ -57,8 +55,6 @@ void Curl_http2_setup_req(struct SessionHandle *data);
#define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL
#define Curl_http2_setup_conn(x)
#define Curl_http2_setup_req(x)
#define Curl_http2_init_state(x)
#define Curl_http2_init_userset(x)
#endif
#endif /* HEADER_CURL_HTTP2_H */

4
lib/http_digest.c
View File

@@ -96,8 +96,8 @@ CURLcode Curl_output_digest(struct connectdata *conn,
if(proxy) {
digest = &data->state.proxydigest;
allocuserpwd = &conn->allocptr.proxyuserpwd;
userp = conn->http_proxy.user;
passwdp = conn->http_proxy.passwd;
userp = conn->proxyuser;
passwdp = conn->proxypasswd;
authp = &data->state.authproxy;
}
else {

2
lib/http_negotiate.c
View File

@@ -65,7 +65,7 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
char *spn = Curl_sasl_build_gssapi_spn(
proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
data->set.str[STRING_SERVICE_NAME],
proxy ? conn->http_proxy.host.name : conn->host.name);
proxy ? conn->proxy.name : conn->host.name);
if(!spn)
return CURLE_OUT_OF_MEMORY;

4
lib/http_negotiate_sspi.c
View File

@@ -90,14 +90,14 @@ CURLcode Curl_input_negotiate(struct connectdata *conn, bool proxy,
if(!neg_ctx->server_name) {
/* Check proxy auth requested but no given proxy name */
if(proxy && !conn->http_proxy.host.name)
if(proxy && !conn->proxy.name)
return CURLE_BAD_FUNCTION_ARGUMENT;
/* Generate our SPN */
neg_ctx->server_name = Curl_sasl_build_spn(
proxy ? data->set.str[STRING_PROXY_SERVICE_NAME] :
data->set.str[STRING_SERVICE_NAME],
proxy ? conn->http_proxy.host.name : conn->host.name);
proxy ? conn->proxy.name : conn->host.name);
if(!neg_ctx->server_name)
return CURLE_OUT_OF_MEMORY;
}

45
lib/http_proxy.c
View File

@@ -37,57 +37,19 @@
#include "connect.h"
#include "curl_printf.h"
#include "curlx.h"
#include "vtls/vtls.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
/*
* Perform SSL initialization for HTTPS proxy. Sets
* proxy_ssl_connected connection bit when complete. Can be
* called multiple times.
*/
static CURLcode https_proxy_connect(struct connectdata *conn, int sockindex)
CURLcode Curl_proxy_connect(struct connectdata *conn)
{
#ifdef USE_SSL
CURLcode result = CURLE_OK;
DEBUGASSERT(conn->http_proxy.proxytype == CURLPROXY_HTTPS);
if(!conn->bits.proxy_ssl_connected[sockindex]) {
/* perform SSL initialization for this socket */
result =
Curl_ssl_connect_nonblocking(conn, sockindex,
&conn->bits.proxy_ssl_connected[sockindex]);
if(result)
conn->bits.close = TRUE; /* a failed connection is marked for closure to
prevent (bad) re-use or similar */
}
return result;
#else
return CURLE_NOT_BUILT_IN;
#endif
}
CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
{
if(conn->http_proxy.proxytype == CURLPROXY_HTTPS) {
const CURLcode result = https_proxy_connect(conn, sockindex);
if(result)
return result;
if(!conn->bits.proxy_ssl_connected[sockindex])
return result; /* wait for HTTPS proxy SSL initialization to complete */
}
if(conn->bits.tunnel_proxy && conn->bits.httpproxy) {
#ifndef CURL_DISABLE_PROXY
/* for [protocol] tunneled through HTTP proxy */
struct HTTP http_proxy;
void *prot_save;
CURLcode result;
const char * const host = sockindex == SECONDARYSOCKET ?
conn->secondaryhostname : conn->host.name;
const int port = sockindex == SECONDARYSOCKET ? conn->secondary_port :
conn->remote_port;
/* BLOCKING */
/* We want "seamless" operations through HTTP proxy tunnel */
@@ -105,7 +67,8 @@ CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex)
memset(&http_proxy, 0, sizeof(http_proxy));
conn->data->req.protop = &http_proxy;
connkeep(conn, "HTTP proxy CONNECT");
result = Curl_proxyCONNECT(conn, sockindex, host, port, FALSE);
result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
conn->host.name, conn->remote_port, FALSE);
conn->data->req.protop = prot_save;
if(CURLE_OK != result)
return result;
@@ -189,7 +152,7 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
char *host=(char *)"";
const char *proxyconn="";
const char *useragent="";
const char *http = (conn->http_proxy.proxytype == CURLPROXY_HTTP_1_0) ?
const char *http = (conn->proxytype == CURLPROXY_HTTP_1_0) ?
"1.0" : "1.1";
char *hostheader= /* host:port with IPv6 support */
aprintf("%s%s%s:%hu", conn->bits.ipv6_ip?"[":"",

4
lib/http_proxy.h
View File

@@ -32,11 +32,11 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
/* Default proxy timeout in milliseconds */
#define PROXY_TIMEOUT (3600*1000)
CURLcode Curl_proxy_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_proxy_connect(struct connectdata *conn);
#else
#define Curl_proxyCONNECT(x,y,z,w,v) CURLE_NOT_BUILT_IN
#define Curl_proxy_connect(x,y) CURLE_OK
#define Curl_proxy_connect(x) CURLE_OK
#endif
#endif /* HEADER_CURL_HTTP_PROXY_H */

66
lib/imap.c
View File

@@ -98,7 +98,7 @@ static int imap_getsock(struct connectdata *conn, curl_socket_t *socks,
int numsocks);
static CURLcode imap_doing(struct connectdata *conn, bool *dophase_done);
static CURLcode imap_setup_connection(struct connectdata *conn);
static char *imap_atom(const char *str, bool escape_only);
static char *imap_atom(const char *str);
static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...);
static CURLcode imap_parse_url_options(struct connectdata *conn);
static CURLcode imap_parse_url_path(struct connectdata *conn);
@@ -360,8 +360,8 @@ static bool imap_endofresp(struct connectdata *conn, char *line, size_t len,
a space and optionally some text as per RFC-3501 for the AUTHENTICATE and
APPEND commands and as outlined in Section 4. Examples of RFC-4959 but
some e-mail servers ignore this and only send a single + instead. */
if(!imap->custom && ((len == 3 && !memcmp("+", line, 1)) ||
(len >= 2 && !memcmp("+ ", line, 2)))) {
if((len == 3 && !memcmp("+", line, 1)) ||
(len >= 2 && !memcmp("+ ", line, 2))) {
switch(imapc->state) {
/* States which are interested in continuation responses */
case IMAP_AUTHENTICATE:
@@ -540,8 +540,8 @@ static CURLcode imap_perform_login(struct connectdata *conn)
}
/* Make sure the username and password are in the correct atom format */
user = imap_atom(conn->user, false);
passwd = imap_atom(conn->passwd, false);
user = imap_atom(conn->user);
passwd = imap_atom(conn->passwd);
/* Send the LOGIN command */
result = imap_sendf(conn, "LOGIN %s %s", user ? user : "",
@@ -653,8 +653,8 @@ static CURLcode imap_perform_list(struct connectdata *conn)
result = imap_sendf(conn, "%s%s", imap->custom,
imap->custom_params ? imap->custom_params : "");
else {
/* Make sure the mailbox is in the correct atom format if necessary */
mailbox = imap->mailbox ? imap_atom(imap->mailbox, true) : strdup("");
/* Make sure the mailbox is in the correct atom format */
mailbox = imap_atom(imap->mailbox ? imap->mailbox : "");
if(!mailbox)
return CURLE_OUT_OF_MEMORY;
@@ -695,7 +695,7 @@ static CURLcode imap_perform_select(struct connectdata *conn)
}
/* Make sure the mailbox is in the correct atom format */
mailbox = imap_atom(imap->mailbox, false);
mailbox = imap_atom(imap->mailbox);
if(!mailbox)
return CURLE_OUT_OF_MEMORY;
@@ -769,7 +769,7 @@ static CURLcode imap_perform_append(struct connectdata *conn)
}
/* Make sure the mailbox is in the correct atom format */
mailbox = imap_atom(imap->mailbox, false);
mailbox = imap_atom(imap->mailbox);
if(!mailbox)
return CURLE_OUT_OF_MEMORY;
@@ -842,7 +842,7 @@ static CURLcode imap_state_servergreet_resp(struct connectdata *conn,
if(imapcode != 'O') {
failf(data, "Got unexpected imap-server response");
result = CURLE_FTP_WEIRD_SERVER_REPLY;
result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
}
else
result = imap_perform_capability(conn);
@@ -1033,7 +1033,7 @@ static CURLcode imap_state_list_resp(struct connectdata *conn, int imapcode,
line[len] = '\0';
}
else if(imapcode != 'O')
result = CURLE_QUOTE_ERROR;
result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
else
/* End of DO phase */
state(conn, IMAP_STOP);
@@ -1105,7 +1105,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
if(imapcode != '*') {
Curl_pgrsSetDownloadSize(data, -1);
state(conn, IMAP_STOP);
return CURLE_REMOTE_FILE_NOT_FOUND;
return CURLE_REMOTE_FILE_NOT_FOUND; /* TODO: Fix error code */
}
/* Something like this is received "* 1 FETCH (BODY[TEXT] {2021}\r" so parse
@@ -1174,7 +1174,7 @@ static CURLcode imap_state_fetch_resp(struct connectdata *conn, int imapcode,
else {
/* We don't know how to parse this line */
failf(pp->conn->data, "Failed to parse FETCH response.");
result = CURLE_FTP_WEIRD_SERVER_REPLY;
result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: fix this code */
}
/* End of DO phase */
@@ -1193,7 +1193,7 @@ static CURLcode imap_state_fetch_final_resp(struct connectdata *conn,
(void)instate; /* No use for this yet */
if(imapcode != 'O')
result = CURLE_FTP_WEIRD_SERVER_REPLY;
result = CURLE_FTP_WEIRD_SERVER_REPLY; /* TODO: Fix error code */
else
/* End of DONE phase */
state(conn, IMAP_STOP);
@@ -1262,7 +1262,7 @@ static CURLcode imap_state_search_resp(struct connectdata *conn, int imapcode,
line[len] = '\0';
}
else if(imapcode != 'O')
result = CURLE_QUOTE_ERROR;
result = CURLE_QUOTE_ERROR; /* TODO: Fix error code */
else
/* End of DO phase */
state(conn, IMAP_STOP);
@@ -1506,10 +1506,10 @@ static CURLcode imap_done(struct connectdata *conn, CURLcode status,
/* Run the state-machine
This _really_ should be using the imap_multi_statemach function but we
have no general support for non-blocking DONE operations. Neither in
the multi state machine and there are Curl_done() invokes on several
places in the code!
TODO: when the multi interface is used, this _really_ should be using
the imap_multi_statemach function but we have no general support for
non-blocking DONE operations, not in the multi state machine and with
Curl_done() invokes on several places in the code!
*/
if(!result)
result = imap_block_statemach(conn);
@@ -1815,48 +1815,38 @@ static CURLcode imap_sendf(struct connectdata *conn, const char *fmt, ...)
* The returned string needs to be freed.
*
*/
static char *imap_atom(const char *str, bool escape_only)
static char *imap_atom(const char *str)
{
const char atom_specials[] = "(){ %*]";
const char *p1;
char *p2;
size_t backsp_count = 0;
size_t quote_count = 0;
bool others_exists = FALSE;
bool space_exists = FALSE;
size_t newlen = 0;
char *newstr = NULL;
if(!str)
return NULL;
/* Look for "atom-specials", counting the backslash and quote characters as
these will need escapping */
/* Count any unescaped characters */
p1 = str;
while(*p1) {
if(*p1 == '\\')
backsp_count++;
else if(*p1 == '"')
quote_count++;
else if(!escape_only) {
const char *p3 = atom_specials;
while(*p3 && !others_exists) {
if(*p1 == *p3)
others_exists = TRUE;
p3++;
}
}
else if(*p1 == ' ')
space_exists = TRUE;
p1++;
}
/* Does the input contain any "atom-special" characters? */
if(!backsp_count && !quote_count && !others_exists)
/* Does the input contain any unescaped characters? */
if(!backsp_count && !quote_count && !space_exists)
return strdup(str);
/* Calculate the new string length */
newlen = strlen(str) + backsp_count + quote_count + (others_exists ? 2 : 0);
newlen = strlen(str) + backsp_count + quote_count + (space_exists ? 2 : 0);
/* Allocate the new string */
newstr = (char *) malloc((newlen + 1) * sizeof(char));
@@ -1865,7 +1855,7 @@ static char *imap_atom(const char *str, bool escape_only)
/* Surround the string in quotes if necessary */
p2 = newstr;
if(others_exists) {
if(space_exists) {
newstr[0] = '"';
newstr[newlen - 1] = '"';
p2++;

14
lib/ldap.c
View File

@@ -273,7 +273,7 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
ldap_set_option(server, LDAP_OPT_SSL, LDAP_OPT_ON);
#else
int ldap_option;
char* ldap_ca = conn->ssl_config.CAfile;
char* ldap_ca = data->set.str[STRING_SSL_CAFILE];
#if defined(CURL_HAS_NOVELL_LDAPSDK)
rc = ldapssl_client_init(NULL, NULL);
if(rc != LDAP_SUCCESS) {
@@ -281,11 +281,11 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
result = CURLE_SSL_CERTPROBLEM;
goto quit;
}
if(conn->ssl_config.verifypeer) {
if(data->set.ssl.verifypeer) {
/* Novell SDK supports DER or BASE64 files. */
int cert_type = LDAPSSL_CERT_FILETYPE_B64;
if((data->set.ssl.cert_type) &&
(Curl_raw_equal(data->set.ssl.cert_type, "DER")))
if((data->set.str[STRING_CERT_TYPE]) &&
(Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "DER")))
cert_type = LDAPSSL_CERT_FILETYPE_DER;
if(!ldap_ca) {
failf(data, "LDAP local: ERROR %s CA cert not set!",
@@ -323,10 +323,10 @@ static CURLcode Curl_ldap(struct connectdata *conn, bool *done)
goto quit;
}
#elif defined(LDAP_OPT_X_TLS)
if(conn->ssl_config.verifypeer) {
if(data->set.ssl.verifypeer) {
/* OpenLDAP SDK supports BASE64 files. */
if((data->set.ssl.cert_type) &&
(!Curl_raw_equal(data->set.ssl.cert_type, "PEM"))) {
if((data->set.str[STRING_CERT_TYPE]) &&
(!Curl_raw_equal(data->set.str[STRING_CERT_TYPE], "PEM"))) {
failf(data, "LDAP local: ERROR OpenLDAP only supports PEM cert-type!");
result = CURLE_SSL_CERTPROBLEM;
goto quit;

6
lib/makefile.dj
View File

@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____|
#
# Copyright (C) 2003 - 2008, Gisle Vanem <gvanem@yahoo.no>.
# Copyright (C) 2003 - 2008, Gisle Vanem <gvanem@broadpark.no>.
# Copyright (C) 2003 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
#
# This software is licensed as described in the file COPYING, which
@@ -26,14 +26,12 @@
#
DEPEND_PREREQ = curl_config.h
VPATH = vtls
TOPDIR = ..
include ../packages/DOS/common.dj
include Makefile.inc
SOURCES = $(sort $(CSOURCES))
OBJECTS = $(addprefix $(OBJ_DIR)/, $(notdir $(SOURCES:.c=.o)))
OBJECTS := $(patsubst %.c,$(OBJ_DIR)/%.o,$(strip $(CSOURCES)))
CURL_LIB = libcurl.a

20
lib/multi.c
View File

@@ -42,8 +42,7 @@
#include "multihandle.h"
#include "pipeline.h"
#include "sigpipe.h"
#include "vtls/vtls.h"
#include "curl_printf.h"
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
@@ -111,7 +110,7 @@ static void mstate(struct SessionHandle *data, CURLMstate state
)
{
CURLMstate oldstate = data->mstate;
static const init_multistate_func finit[CURLM_STATE_LAST] = {
static const init_multistate_func finit[CURLM_STATE_LAST-1] = {
NULL,
NULL,
Curl_init_CONNECT, /* CONNECT */
@@ -643,9 +642,6 @@ static int waitconnect_getsock(struct connectdata *conn,
if(!numsocks)
return GETSOCK_BLANK;
if(CONNECT_FIRSTSOCKET_PROXY_SSL())
return Curl_ssl_getsock(conn, sock, numsocks);
for(i=0; i<2; i++) {
if(conn->tempsock[i] != CURL_SOCKET_BAD) {
sock[s] = conn->tempsock[i];
@@ -1240,9 +1236,7 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
multistate(data, CURLM_STATE_CONNECT);
}
else if(!result) {
if((data->easy_conn->http_proxy.proxytype != CURLPROXY_HTTPS ||
data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) &&
(data->easy_conn->tunnel_state[FIRSTSOCKET] != TUNNEL_CONNECT))
if(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_COMPLETE)
/* initiate protocol connect phase */
multistate(data, CURLM_STATE_SENDPROTOCONNECT);
}
@@ -1253,14 +1247,6 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
/* awaiting a completion of an asynch TCP connect */
result = Curl_is_connected(data->easy_conn, FIRSTSOCKET, &connected);
if(connected && !result) {
#ifndef CURL_DISABLE_HTTP
if((data->easy_conn->http_proxy.proxytype == CURLPROXY_HTTPS &&
!data->easy_conn->bits.proxy_ssl_connected[FIRSTSOCKET]) ||
(data->easy_conn->tunnel_state[FIRSTSOCKET] == TUNNEL_CONNECT)) {
multistate(data, CURLM_STATE_WAITPROXYCONNECT);
break;
}
#endif
rc = CURLM_CALL_MULTI_PERFORM;
multistate(data, data->easy_conn->bits.tunnel_proxy?
CURLM_STATE_WAITPROXYCONNECT:

4
lib/multihandle.h
View File

@@ -38,9 +38,7 @@ typedef enum {
CURLM_STATE_CONNECT, /* 2 - resolve/connect has been sent off */
CURLM_STATE_WAITRESOLVE, /* 3 - awaiting the resolve to finalize */
CURLM_STATE_WAITCONNECT, /* 4 - awaiting the TCP connect to finalize */
CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting HTTPS proxy SSL initialization
to complete and/or proxy CONNECT to
finalize */
CURLM_STATE_WAITPROXYCONNECT, /* 5 - awaiting proxy CONNECT to finalize */
CURLM_STATE_SENDPROTOCONNECT, /* 6 - initiate protocol connect procedure */
CURLM_STATE_PROTOCONNECT, /* 7 - completing the protocol-specific connect
phase */

6
lib/openldap.c
View File

@@ -176,7 +176,9 @@ static CURLcode ldap_setup_connection(struct connectdata *conn)
li->proto = proto;
conn->proto.generic = li;
connkeep(conn, "OpenLDAP default");
/* TODO:
* - provide option to choose SASL Binds instead of Simple
*/
return CURLE_OK;
}
@@ -479,6 +481,8 @@ static ssize_t ldap_recv(struct connectdata *conn, int sockindex, char *buf,
lr->nument++;
rc = ldap_get_dn_ber(li->ld, ent, &ber, &bv);
if(rc < 0) {
/* TODO: verify that this is really how this return code should be
handled */
*err = CURLE_RECV_ERROR;
return -1;
}

4
lib/pingpong.c
View File

@@ -101,9 +101,7 @@ CURLcode Curl_pp_statemach(struct pingpong *pp, bool block)
else
interval_ms = 0; /* immediate */
if(Curl_ssl_data_pending(conn, FIRSTSOCKET))
rc = 1;
else if(Curl_pp_moredata(pp))
if(Curl_pp_moredata(pp))
/* We are receiving and there is data in the cache so just read it */
rc = 1;
else if(!pp->sendleft && Curl_ssl_data_pending(conn, FIRSTSOCKET))

18
lib/rawstr.c
View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -28,10 +28,6 @@
its behavior is altered by the current locale. */
char Curl_raw_toupper(char in)
{
#if !defined(CURL_DOES_CONVERSIONS)
if(in >= 'a' && in <= 'z')
return (char)('A' + in - 'a');
#else
switch (in) {
case 'a':
return 'A';
@@ -86,8 +82,6 @@ char Curl_raw_toupper(char in)
case 'z':
return 'Z';
}
#endif
return in;
}
@@ -116,16 +110,6 @@ int Curl_raw_equal(const char *first, const char *second)
return (Curl_raw_toupper(*first) == Curl_raw_toupper(*second));
}
bool Curl_safe_strequal(const char *str1, const char *str2)
{
if(str1 && str2)
/* both pointers point to something then compare them */
return (0 != Curl_raw_equal(str1, str2)) ? TRUE : FALSE;
else
/* if both pointers are NULL then treat them as equal */
return (!str1 && !str2) ? TRUE : FALSE;
}
int Curl_raw_nequal(const char *first, const char *second, size_t max)
{
while(*first && *second && max) {

1
lib/rawstr.h
View File

@@ -34,7 +34,6 @@
*/
int Curl_raw_equal(const char *first, const char *second);
int Curl_raw_nequal(const char *first, const char *second, size_t max);
bool Curl_safe_strequal(const char *str1, const char *str2);
char Curl_raw_toupper(char in);

13
lib/rtsp.c
View File

@@ -42,6 +42,16 @@
#include "curl_memory.h"
#include "memdebug.h"
/*
* TODO (general)
* -incoming server requests
* -server CSeq counter
* -digest authentication
* -connect thru proxy
* -pipelining?
*/
#define RTP_PKT_CHANNEL(p) ((int)((unsigned char)((p)[1])))
#define RTP_PKT_LENGTH(p) ((((int)((unsigned char)((p)[2]))) << 8) | \
@@ -212,6 +222,7 @@ static CURLcode rtsp_done(struct connectdata *conn,
else if(data->set.rtspreq == RTSPREQ_RECEIVE &&
(conn->proto.rtspc.rtp_channel == -1)) {
infof(data, "Got an RTP Receive with a CSeq of %ld\n", CSeq_recv);
/* TODO CPC: Server -> Client logic here */
}
}
@@ -317,6 +328,8 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done)
return CURLE_BAD_FUNCTION_ARGUMENT;
}
/* TODO: proxy? */
/* Stream URI. Default to server '*' if not specified */
if(data->set.str[STRING_RTSP_STREAM_URI]) {
p_stream_uri = data->set.str[STRING_RTSP_STREAM_URI];

6
lib/smtp.c
View File

@@ -1256,8 +1256,10 @@ static CURLcode smtp_done(struct connectdata *conn, CURLcode status,
/* Run the state-machine
this should be using the smtp_multi_statemach function but we have no
support for non-blocking DONE operations!
TODO: when the multi interface is used, this _really_ should be using
the smtp_multi_statemach function but we have no general support for
non-blocking DONE operations, not in the multi state machine and with
Curl_done() invokes on several places in the code!
*/
result = smtp_block_statemach(conn);
}

44
lib/socks.c
View File

@@ -110,10 +110,9 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
const char *hostname,
int remote_port,
int sockindex,
struct connectdata *conn)
struct connectdata *conn,
bool protocol4a)
{
const bool protocol4a =
(conn->socks_proxy.proxytype == CURLPROXY_SOCKS4A) ? TRUE : FALSE;
#define SOCKS4REQLEN 262
unsigned char socksreq[SOCKS4REQLEN]; /* room for SOCKS4 request incl. user
id */
@@ -128,10 +127,6 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
return CURLE_OPERATION_TIMEDOUT;
}
if(conn->bits.httpproxy)
infof(conn->data, "SOCKS4%s: connecting to HTTP proxy %s port %d\n",
protocol4a ? "a" : "", hostname, remote_port);
(void)curlx_nonblock(sock, FALSE);
infof(data, "SOCKS4 communication to %s:%d\n", hostname, remote_port);
@@ -305,8 +300,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
", request rejected or failed.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
return CURLE_COULDNT_CONNECT;
case 92:
failf(data,
@@ -315,8 +310,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
"identd on the client.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
return CURLE_COULDNT_CONNECT;
case 93:
failf(data,
@@ -325,8 +320,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
"report different user-ids.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
return CURLE_COULDNT_CONNECT;
default:
failf(data,
@@ -334,8 +329,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
", Unknown.",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
return CURLE_COULDNT_CONNECT;
}
}
@@ -381,15 +376,10 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
curl_socket_t sock = conn->sock[sockindex];
struct SessionHandle *data = conn->data;
long timeout;
bool socks5_resolve_local =
(conn->socks_proxy.proxytype == CURLPROXY_SOCKS5) ? TRUE : FALSE;
bool socks5_resolve_local = (conn->proxytype == CURLPROXY_SOCKS5)?TRUE:FALSE;
const size_t hostname_len = strlen(hostname);
ssize_t len = 0;
if(conn->bits.httpproxy)
infof(conn->data, "SOCKS5: connecting to HTTP proxy %s port %d\n",
hostname, remote_port);
/* RFC1928 chapter 5 specifies max 255 chars for domain name in packet */
if(!socks5_resolve_local && hostname_len > 255) {
infof(conn->data, "SOCKS5: server resolving disabled for hostnames of "
@@ -684,15 +674,15 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
"Can't complete SOCKS5 connection to %d.%d.%d.%d:%d. (%d)",
(unsigned char)socksreq[4], (unsigned char)socksreq[5],
(unsigned char)socksreq[6], (unsigned char)socksreq[7],
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
}
else if(socksreq[3] == 3) {
failf(data,
"Can't complete SOCKS5 connection to %s:%d. (%d)",
hostname,
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
}
else if(socksreq[3] == 4) {
failf(data,
@@ -706,8 +696,8 @@ CURLcode Curl_SOCKS5(const char *proxy_name,
(unsigned char)socksreq[14], (unsigned char)socksreq[15],
(unsigned char)socksreq[16], (unsigned char)socksreq[17],
(unsigned char)socksreq[18], (unsigned char)socksreq[19],
(((unsigned char)socksreq[8] << 8) | (unsigned char)socksreq[9]),
(unsigned char)socksreq[1]);
((socksreq[8] << 8) | socksreq[9]),
socksreq[1]);
}
return CURLE_COULDNT_CONNECT;
}

5
lib/socks.h
View File

@@ -25,7 +25,7 @@
#include "curl_setup.h"
#ifdef CURL_DISABLE_PROXY
#define Curl_SOCKS4(a,b,c,d,e) CURLE_NOT_BUILT_IN
#define Curl_SOCKS4(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
#define Curl_SOCKS5(a,b,c,d,e,f) CURLE_NOT_BUILT_IN
#else
/*
@@ -49,7 +49,8 @@ CURLcode Curl_SOCKS4(const char *proxy_name,
const char *hostname,
int remote_port,
int sockindex,
struct connectdata *conn);
struct connectdata *conn,
bool protocol4a);
/*
* This function logs in to a SOCKS5 proxy and sends the specifics to the

12
lib/socks_gssapi.c
View File

@@ -121,7 +121,6 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
char *user=NULL;
unsigned char socksreq[4]; /* room for GSS-API exchange header only */
char *serviceptr = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
const size_t serviceptr_length = strlen(serviceptr);
/* GSS-API request looks like
* +----+------+-----+----------------+
@@ -133,23 +132,22 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
/* prepare service name */
if(strchr(serviceptr, '/')) {
service.length = serviceptr_length;
service.value = malloc(service.length);
service.value = malloc(strlen(serviceptr));
if(!service.value)
return CURLE_OUT_OF_MEMORY;
service.length = strlen(serviceptr);
memcpy(service.value, serviceptr, service.length);
gss_major_status = gss_import_name(&gss_minor_status, &service,
(gss_OID) GSS_C_NULL_OID, &server);
}
else {
service.value = malloc(serviceptr_length +
strlen(conn->socks_proxy.host.name)+2);
service.value = malloc(strlen(serviceptr) +strlen(conn->proxy.name)+2);
if(!service.value)
return CURLE_OUT_OF_MEMORY;
service.length = serviceptr_length + strlen(conn->socks_proxy.host.name)+1;
service.length = strlen(serviceptr) +strlen(conn->proxy.name)+1;
snprintf(service.value, service.length+1, "%s@%s",
serviceptr, conn->socks_proxy.host.name);
serviceptr, conn->proxy.name);
gss_major_status = gss_import_name(&gss_minor_status, &service,
GSS_C_NT_HOSTBASED_SERVICE, &server);

13
lib/socks_sspi.c
View File

@@ -84,7 +84,6 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
unsigned long qop;
unsigned char socksreq[4]; /* room for GSS-API exchange header only */
char *service = data->set.str[STRING_SOCKS5_GSSAPI_SERVICE];
const size_t service_length = strlen(service);
/* GSS-API request looks like
* +----+------+-----+----------------+
@@ -96,19 +95,17 @@ CURLcode Curl_SOCKS5_gssapi_negotiate(int sockindex,
/* prepare service name */
if(strchr(service, '/')) {
service_name = malloc(service_length);
service_name = malloc(strlen(service));
if(!service_name)
return CURLE_OUT_OF_MEMORY;
memcpy(service_name, service, service_length);
memcpy(service_name, service, strlen(service));
}
else {
service_name = malloc(service_length +
strlen(conn->socks_proxy.host.name) + 2);
service_name = malloc(strlen(service) + strlen(conn->proxy.name) + 2);
if(!service_name)
return CURLE_OUT_OF_MEMORY;
snprintf(service_name, service_length +
strlen(conn->socks_proxy.host.name)+2, "%s/%s",
service, conn->socks_proxy.host.name);
snprintf(service_name, strlen(service) +strlen(conn->proxy.name)+2,
"%s/%s", service, conn->proxy.name);
}
input_desc.cBuffers = 1;

2
lib/splay.c
View File

@@ -211,7 +211,7 @@ struct Curl_tree *Curl_splaygetbest(struct timeval i,
/* Deletes the very node we point out from the tree if it's there. Stores a
* pointer to the new resulting tree in 'newroot'.
*
* Returns zero on success and non-zero on errors!
* Returns zero on success and non-zero on errors! TODO: document error codes.
* When returning error, it does not touch the 'newroot' pointer.
*
* NOTE: when the last node of the tree is removed, there's no tree left so

16
lib/ssh.c
View File

@@ -296,6 +296,10 @@ static CURLcode libssh2_session_error_to_CURLE(int err)
return CURLE_AGAIN;
}
/* TODO: map some more of the libssh2 errors to the more appropriate CURLcode
error code, and possibly add a few new SSH-related one. We must however
not return or even depend on libssh2 errors in the public libcurl API */
return CURLE_SSH;
}
@@ -859,7 +863,7 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block)
break;
}
sshc->passphrase = data->set.ssl.key_passwd;
sshc->passphrase = data->set.str[STRING_KEY_PASSWD];
if(!sshc->passphrase)
sshc->passphrase = "";
@@ -2820,8 +2824,10 @@ static CURLcode ssh_connect(struct connectdata *conn, bool *done)
if(data->set.str[STRING_SSH_KNOWNHOSTS]) {
int rc;
ssh->kh = libssh2_knownhost_init(ssh->ssh_session);
if(!ssh->kh)
if(!ssh->kh) {
/* eeek. TODO: free the ssh_session! */
return CURLE_FAILED_INIT;
}
/* read all known hosts from there */
rc = libssh2_knownhost_readfile(ssh->kh,
@@ -2958,8 +2964,10 @@ static CURLcode ssh_done(struct connectdata *conn, CURLcode status)
if(!status) {
/* run the state-machine
This should be using the ssh_multi_statemach function but we have no
support for non-blocking DONE operations!
TODO: when the multi interface is used, this _really_ should be using
the ssh_multi_statemach function but we have no general support for
non-blocking DONE operations, not in the multi state machine and with
Curl_done() invokes on several places in the code!
*/
result = ssh_block_statemach(conn, FALSE);
}

1
lib/telnet.c
View File

@@ -1220,6 +1220,7 @@ CURLcode telrcv(struct connectdata *conn,
}
/* Escape and send a telnet data block */
/* TODO: write large chunks of data instead of one byte at a time */
static CURLcode send_telnet_data(struct connectdata *conn,
char *buffer, ssize_t nread)
{

29
lib/transfer.c
View File

@@ -1311,7 +1311,7 @@ CURLcode Curl_pretransfer(struct SessionHandle *data)
/* Init the SSL session ID cache here. We do it here since we want to do it
after the *_setopt() calls (that could specify the size of the cache) but
before any transfer takes place. */
result = Curl_ssl_initsessions(data, data->set.general_ssl.max_ssl_sessions);
result = Curl_ssl_initsessions(data, data->set.ssl.max_ssl_sessions);
if(result)
return result;
@@ -1396,18 +1396,16 @@ CURLcode Curl_posttransfer(struct SessionHandle *data)
*/
static size_t strlen_url(const char *url)
{
const unsigned char *ptr;
const char *ptr;
size_t newlen=0;
bool left=TRUE; /* left side of the ? */
for(ptr=(unsigned char *)url; *ptr; ptr++) {
for(ptr=url; *ptr; ptr++) {
switch(*ptr) {
case '?':
left=FALSE;
/* fall through */
default:
if(*ptr >= 0x80)
newlen += 2;
newlen++;
break;
case ' ':
@@ -1428,9 +1426,9 @@ static void strcpy_url(char *output, const char *url)
{
/* we must add this with whitespace-replacing */
bool left=TRUE;
const unsigned char *iptr;
const char *iptr;
char *optr = output;
for(iptr = (unsigned char *)url; /* read from here */
for(iptr = url; /* read from here */
*iptr; /* until zero byte */
iptr++) {
switch(*iptr) {
@@ -1438,11 +1436,6 @@ static void strcpy_url(char *output, const char *url)
left=FALSE;
/* fall through */
default:
if(*iptr >= 0x80) {
snprintf(optr, 4, "%%%02x", *iptr);
optr += 3;
}
else
*optr++=*iptr;
break;
case ' ':
@@ -1691,14 +1684,15 @@ CURLcode Curl_follow(struct SessionHandle *data,
newurl = absolute;
}
else {
/* The new URL MAY contain space or high byte values, that means a mighty
stupid redirect URL but we still make an effort to do "right". */
char *newest;
size_t newlen = strlen_url(newurl);
/* This is an absolute URL, don't allow the custom port number */
disallowport = TRUE;
if(strchr(newurl, ' ')) {
/* This new URL contains at least one space, this is a mighty stupid
redirect but we still make an effort to do "right". */
char *newest;
size_t newlen = strlen_url(newurl);
newest = malloc(newlen+1); /* get memory for this */
if(!newest)
return CURLE_OUT_OF_MEMORY;
@@ -1706,6 +1700,7 @@ CURLcode Curl_follow(struct SessionHandle *data,
free(newurl); /* that was no good */
newurl = newest; /* use this instead now */
}
}

725
lib/url.c
View File

File diff suppressed because it is too large Load Diff

11
lib/url.h
View File

@@ -82,16 +82,5 @@ CURLcode Curl_connected_proxy(struct connectdata *conn, int sockindex);
void Curl_verboseconnect(struct connectdata *conn);
#endif
#define CONNECT_PROXY_SSL()\
(conn->http_proxy.proxytype == CURLPROXY_HTTPS &&\
!conn->bits.proxy_ssl_connected[sockindex])
#define CONNECT_FIRSTSOCKET_PROXY_SSL()\
(conn->http_proxy.proxytype == CURLPROXY_HTTPS &&\
!conn->bits.proxy_ssl_connected[FIRSTSOCKET])
#define CONNECT_SECONDARYSOCKET_PROXY_SSL()\
(conn->http_proxy.proxytype == CURLPROXY_HTTPS &&\
!conn->bits.proxy_ssl_connected[SECONDARYSOCKET])
#endif /* HEADER_CURL_URL_H */

121
lib/urldata.h
View File

@@ -93,15 +93,7 @@
#include <gnutls/gnutls.h>
#endif
#ifdef USE_MBEDTLS
#include <mbedtls/ssl.h>
#include <mbedtls/version.h>
#include <mbedtls/entropy.h>
#include <mbedtls/ctr_drbg.h>
#elif defined USE_POLARSSL
#ifdef USE_POLARSSL
#include <polarssl/ssl.h>
#include <polarssl/version.h>
#if POLARSSL_VERSION_NUMBER<0x01010000
@@ -110,7 +102,6 @@
#include <polarssl/entropy.h>
#include <polarssl/ctr_drbg.h>
#endif /* POLARSSL_VERSION_NUMBER<0x01010000 */
#endif /* USE_POLARSSL */
#ifdef USE_CYASSL
@@ -289,19 +280,6 @@ struct ssl_connect_data {
#endif
ssl_connect_state connecting_state;
#endif /* USE_GNUTLS */
#ifdef USE_MBEDTLS
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_ssl_context ssl;
mbedtls_ssl_session ssn;
int server_fd;
mbedtls_x509_crt cacert;
mbedtls_x509_crt clicert;
mbedtls_x509_crl crl;
mbedtls_pk_context pk;
ssl_connect_state connecting_state;
mbedtls_ssl_config config;
#endif /* USE_MBEDTLS */
#ifdef USE_POLARSSL
ctr_drbg_context ctr_drbg;
entropy_context entropy;
@@ -331,8 +309,6 @@ struct ssl_connect_data {
gsk_handle handle;
int iocport;
ssl_connect_state connecting_state;
int localfd;
int remotefd;
#endif
#ifdef USE_AXTLS
SSL_CTX* ssl_ctx;
@@ -361,37 +337,27 @@ struct ssl_connect_data {
#endif /* USE_DARWINSSL */
};
struct ssl_primary_config {
struct ssl_config_data {
long version; /* what version the client wants to use */
long certverifyresult; /* result from the certificate verification */
bool verifypeer; /* set TRUE if this is desired */
bool verifyhost; /* set TRUE if CN/SAN must match hostname */
bool verifystatus; /* set TRUE if certificate status must be checked */
char *CApath; /* certificate dir (doesn't work on windows) */
char *CAfile; /* certificate to verify peer against */
const char *CRLfile; /* CRL to check certificate revocation */
const char *issuercert;/* optional issuer certificate filename */
char *random_file; /* path to file containing "random" data */
char *egdsocket; /* path to file containing the EGD daemon socket */
char *cipher_list; /* list of ciphers to use */
};
struct ssl_config_data {
struct ssl_primary_config primary;
bool enable_beast; /* especially allow this flaw for interoperability's
sake*/
bool no_revoke; /* disable SSL certificate revocation checks */
long certverifyresult; /* result from the certificate verification */
char *CRLfile; /* CRL to check certificate revocation */
char *issuercert;/* optional issuer certificate filename */
size_t max_ssl_sessions; /* SSL session id cache size */
curl_ssl_ctx_callback fsslctx; /* function to initialize ssl ctx */
void *fsslctxp; /* parameter for call back */
bool sessionid; /* cache session IDs or not */
bool certinfo; /* gather lots of certificate info */
bool falsestart;
char *cert; /* client certificate file name */
char *cert_type; /* format for certificate (default: PEM)*/
char *key; /* private key file name */
char *key_type; /* format for private key (default: PEM) */
char *key_passwd; /* plain text private key password */
#ifdef USE_TLS_SRP
char *username; /* TLS username (for, e.g., SRP) */
char *password; /* TLS password (for, e.g., SRP) */
@@ -399,11 +365,6 @@ struct ssl_config_data {
#endif
};
struct ssl_general_config {
bool sessionid; /* cache session IDs or not */
size_t max_ssl_sessions; /* SSL session id cache size */
};
/* information stored about one single SSL session */
struct curl_ssl_session {
char *name; /* host name for which this ID was used */
@@ -411,7 +372,7 @@ struct curl_ssl_session {
size_t idsize; /* if known, otherwise 0 */
long age; /* just a number, the higher the more recent */
int remote_port; /* remote port to connect to */
struct ssl_primary_config ssl_config; /* setup for this session */
struct ssl_config_data ssl_config; /* setup for this session */
};
/* Struct used for Digest challenge-response authentication */
@@ -524,7 +485,6 @@ struct ConnectBits {
bool reuse; /* if set, this is a re-used connection */
bool proxy; /* if set, this transfer is done through a proxy - any type */
bool httpproxy; /* if set, this transfer is done through a http proxy */
bool socksproxy; /* if set, this transfer is done through a socks proxy */
bool user_passwd; /* do we use user+password for this connection? */
bool proxy_user_passwd; /* user+password for the proxy? */
bool ipv6_ip; /* we communicate with a remote site specified with pure IPv6
@@ -559,7 +519,6 @@ struct ConnectBits {
bool ftp_use_eprt; /* As set with CURLOPT_FTP_USE_EPRT, but if we find out
EPRT doesn't work we disable it for the forthcoming
requests */
bool ftp_use_data_ssl; /* Enabled SSL for the data connection */
bool netrc; /* name+password provided by netrc */
bool userpwd_in_url; /* name+password found in url */
bool stream_was_rewound; /* Indicates that the stream was rewound after a
@@ -572,9 +531,6 @@ struct ConnectBits {
connection */
bool type_set; /* type= was used in the URL */
bool multiplex; /* connection is multiplexed */
bool proxy_ssl_connected[2]; /* TRUE when SSL initialization for HTTPS proxy
is complete */
bool socksproxy_connecting; /* connecting through a socks proxy */
};
struct hostname {
@@ -862,14 +818,6 @@ typedef ssize_t (Curl_recv)(struct connectdata *conn, /* connection data */
size_t len, /* max amount to read */
CURLcode *err); /* error to return */
struct proxy_info {
struct hostname host;
long port;
curl_proxytype proxytype; /* what kind of proxy that is in use */
char *user; /* proxy user name string, allocated */
char *passwd; /* proxy password string, allocated */
};
/*
* The connectdata struct contains all fields and variables that should be
* unique for an entire connection.
@@ -919,15 +867,10 @@ struct connectdata {
int socktype; /* SOCK_STREAM or SOCK_DGRAM */
struct hostname host;
char *secondaryhostname; /* secondary socket host name (ftp) */
struct proxy_info socks_proxy;
struct proxy_info http_proxy;
struct hostname proxy;
long port; /* which port to use locally */
int remote_port; /* what remote port to connect to, not the proxy port! */
unsigned short secondary_port; /* secondary socket remote port to connect to
(ftp) */
/* 'primary_ip' and 'primary_port' get filled with peer's numerical
ip address and port number whenever an outgoing connection is
@@ -950,7 +893,11 @@ struct connectdata {
char *passwd; /* password string, allocated */
char *options; /* options string, allocated */
char *oauth_bearer; /* bearer token for OAuth 2.0, allocated */
char *xoauth2_bearer; /* bearer token for xoauth2, allocated */
char *proxyuser; /* proxy user name string, allocated */
char *proxypasswd; /* proxy password string, allocated */
curl_proxytype proxytype; /* what kind of proxy that is in use */
int httpversion; /* the HTTP version*10 reported by the server */
int rtspversion; /* the RTSP version*10 reported by the server */
@@ -966,9 +913,7 @@ struct connectdata {
Curl_send *send[2];
struct ssl_connect_data ssl[2]; /* this is for ssl-stuff */
struct ssl_connect_data proxy_ssl[2]; /* this is for proxy ssl-stuff */
struct ssl_primary_config ssl_config;
struct ssl_primary_config proxy_ssl_config;
struct ssl_config_data ssl_config;
struct ConnectBits bits; /* various state-flags for this connection */
@@ -1094,6 +1039,9 @@ struct connectdata {
int socks5_gssapi_enctype;
#endif
bool verifypeer;
bool verifyhost;
/* When this connection is created, store the conditions for the local end
bind. This is stored before the actual bind and before any connection is
made and will serve the purpose of being used for comparison reasons so
@@ -1367,10 +1315,6 @@ struct UrlState {
curl_read_callback fread_func; /* read callback/function */
void *in; /* CURLOPT_READDATA */
struct SessionHandle *stream_depends_on;
bool stream_depends_e; /* set or don't set the Exclusive bit */
int stream_weight;
};
@@ -1404,6 +1348,8 @@ struct DynamicStatic {
struct Curl_multi; /* declared and used only in multi.c */
enum dupstring {
STRING_CERT, /* client certificate file name */
STRING_CERT_TYPE, /* format for certificate (default: PEM)*/
STRING_COOKIE, /* HTTP cookie string to send */
STRING_COOKIEJAR, /* dump all cookies to this file */
STRING_CUSTOMREQUEST, /* HTTP/FTP/RTSP request/method to use */
@@ -1413,16 +1359,25 @@ enum dupstring {
STRING_FTP_ACCOUNT, /* ftp account data */
STRING_FTP_ALTERNATIVE_TO_USER, /* command to send if USER/PASS fails */
STRING_FTPPORT, /* port to send with the FTP PORT command */
STRING_KEY, /* private key file name */
STRING_KEY_PASSWD, /* plain text private key password */
STRING_KEY_TYPE, /* format for private key (default: PEM) */
STRING_KRB_LEVEL, /* krb security level */
STRING_NETRC_FILE, /* if not NULL, use this instead of trying to find
$HOME/.netrc */
STRING_PROXY, /* proxy to use */
STRING_SOCKS_PROXY, /* socks proxy to use */
STRING_SET_RANGE, /* range, if used */
STRING_SET_REFERER, /* custom string for the HTTP referer field */
STRING_SET_URL, /* what original URL to work on */
STRING_SSL_CAPATH, /* CA directory name (doesn't work on windows) */
STRING_SSL_CAFILE, /* certificate file to verify peer against */
STRING_SSL_PINNEDPUBLICKEY, /* public key file to verify peer against */
STRING_SSL_CIPHER_LIST, /* list of ciphers to use */
STRING_SSL_EGDSOCKET, /* path to file containing the EGD daemon socket */
STRING_SSL_RANDOM_FILE, /* path to file containing "random" data */
STRING_USERAGENT, /* User-Agent string */
STRING_SSL_CRLFILE, /* crl file to check certificate */
STRING_SSL_ISSUERCERT, /* issuer cert file to check certificate */
STRING_USERNAME, /* <username>, if used */
STRING_PASSWORD, /* <password>, if used */
STRING_OPTIONS, /* <options>, if used */
@@ -1447,6 +1402,10 @@ enum dupstring {
STRING_MAIL_FROM,
STRING_MAIL_AUTH,
#ifdef USE_TLS_SRP
STRING_TLSAUTH_USERNAME, /* TLS auth <username> */
STRING_TLSAUTH_PASSWORD, /* TLS auth <password> */
#endif
STRING_BEARER, /* <bearer>, if used */
#ifdef USE_UNIX_SOCKETS
STRING_UNIX_SOCKET_PATH, /* path to Unix socket, if used */
@@ -1560,10 +1519,7 @@ struct UserDefined {
long httpversion; /* when non-zero, a specific HTTP version requested to
be used in the library's request(s) */
struct ssl_config_data ssl; /* user defined SSL stuff */
struct ssl_config_data proxy_ssl; /* user defined SSL stuff for proxy */
struct ssl_general_config general_ssl; /* general user defined SSL stuff */
curl_proxytype proxytype; /* what kind of proxy that is in use */
curl_proxytype socks_proxytype; /* what kind of socks proxy that is in use */
long dns_cache_timeout; /* DNS cache timeout */
long buffer_size; /* size of receive buffer to use */
void *private_data; /* application-private data */
@@ -1627,6 +1583,9 @@ struct UserDefined {
bool ftp_skip_ip; /* skip the IP address the FTP server passes on to
us */
bool connect_only; /* make connection, let application use the socket */
bool ssl_enable_beast; /* especially allow this flaw for interoperability's
sake*/
bool ssl_no_revoke; /* disable SSL certificate revocation checks */
long ssh_auth_types; /* allowed SSH auth types */
bool http_te_skip; /* pass the raw body data to the user, even when
transfer-encoded (chunked, compressed) */
@@ -1672,10 +1631,6 @@ struct UserDefined {
bool pipewait; /* wait for pipe/multiplex status before starting a
new connection */
long expect_100_timeout; /* in milliseconds */
struct SessionHandle *stream_depends_on;
bool stream_depends_e; /* set or don't set the Exclusive bit */
int stream_weight;
};
struct Names {

9
lib/version.c
View File

@@ -40,10 +40,6 @@
#include <stringprep.h>
#endif
#ifdef USE_LIBPSL
#include <libpsl.h>
#endif
#if defined(HAVE_ICONV) && defined(CURL_DOES_CONVERSIONS)
#include <iconv.h>
#endif
@@ -104,11 +100,6 @@ char *curl_version(void)
ptr += len;
}
#endif
#ifdef USE_LIBPSL
len = snprintf(ptr, left, " libpsl/%s", psl_get_version());
left -= len;
ptr += len;
#endif
#ifdef USE_WIN32_IDN
len = snprintf(ptr, left, " WinIDN");
left -= len;

63
lib/vtls/axtls.c
View File

@@ -160,7 +160,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* axTLS only supports TLSv1 */
/* check to see if we've been told to use an explicit SSL/TLS version */
switch(SSL_CONN_CONFIG(version)) {
switch(data->set.ssl.version) {
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
break;
@@ -185,17 +185,17 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
conn->ssl[sockindex].ssl = NULL;
/* Load the trusted CA cert bundle file */
if(SSL_CONN_CONFIG(CAfile)) {
if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT,
SSL_CONN_CONFIG(CAfile), NULL) != SSL_OK) {
if(data->set.ssl.CAfile) {
if(ssl_obj_load(ssl_ctx, SSL_OBJ_X509_CACERT, data->set.ssl.CAfile, NULL)
!= SSL_OK) {
infof(data, "error reading ca cert file %s \n",
SSL_CONN_CONFIG(CAfile));
if(SSL_CONN_CONFIG(verifypeer)) {
data->set.ssl.CAfile);
if(data->set.ssl.verifypeer) {
return CURLE_SSL_CACERT_BADFILE;
}
}
else
infof(data, "found certificates in %s\n", SSL_CONN_CONFIG(CAfile));
infof(data, "found certificates in %s\n", data->set.ssl.CAfile);
}
/* gtls.c tasks we're skipping for now:
@@ -207,15 +207,15 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
*/
/* Load client certificate */
if(SSL_SET_OPTION(cert)) {
if(data->set.str[STRING_CERT]) {
i=0;
/* Instead of trying to analyze cert type here, let axTLS try them all. */
while(cert_types[i] != 0) {
ssl_fcn_return = ssl_obj_load(ssl_ctx, cert_types[i],
SSL_SET_OPTION(cert), NULL);
data->set.str[STRING_CERT], NULL);
if(ssl_fcn_return == SSL_OK) {
infof(data, "successfully read cert file %s \n",
SSL_SET_OPTION(cert));
data->set.str[STRING_CERT]);
break;
}
i++;
@@ -223,7 +223,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* Tried all cert types, none worked. */
if(cert_types[i] == 0) {
failf(data, "%s is not x509 or pkcs12 format",
SSL_SET_OPTION(cert));
data->set.str[STRING_CERT]);
return CURLE_SSL_CERTPROBLEM;
}
}
@@ -231,15 +231,15 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* Load client key.
If a pkcs12 file successfully loaded a cert, then there's nothing to do
because the key has already been loaded. */
if(SSL_SET_OPTION(key) && cert_types[i] != SSL_OBJ_PKCS12) {
if(data->set.str[STRING_KEY] && cert_types[i] != SSL_OBJ_PKCS12) {
i=0;
/* Instead of trying to analyze key type here, let axTLS try them all. */
while(key_types[i] != 0) {
ssl_fcn_return = ssl_obj_load(ssl_ctx, key_types[i],
SSL_SET_OPTION(key), NULL);
data->set.str[STRING_KEY], NULL);
if(ssl_fcn_return == SSL_OK) {
infof(data, "successfully read key file %s \n",
SSL_SET_OPTION(key));
data->set.str[STRING_KEY]);
break;
}
i++;
@@ -247,7 +247,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
/* Tried all key types, none worked. */
if(key_types[i] == 0) {
failf(data, "Failure: %s is not a supported key file",
SSL_SET_OPTION(key));
data->set.str[STRING_KEY]);
return CURLE_SSL_CONNECT_ERROR;
}
}
@@ -259,8 +259,7 @@ static CURLcode connect_prep(struct connectdata *conn, int sockindex)
*/
/* In axTLS, handshaking happens inside ssl_client_new. */
if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize,
sockindex)) {
if(!Curl_ssl_getsessionid(conn, (void **) &ssl_sessionid, &ssl_idsize)) {
/* we got a session id, use it! */
infof (data, "SSL re-using session ID\n");
ssl = ssl_client_new(ssl_ctx, conn->sock[sockindex],
@@ -288,17 +287,13 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
const char *dns_altname;
int8_t found_subject_alt_names = 0;
int8_t found_subject_alt_name_matching_conn = 0;
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
conn->host.name;
const char * const dispname = SSL_IS_PROXY() ?
conn->http_proxy.host.dispname : conn->host.dispname;
/* Here, gtls.c gets the peer certificates and fails out depending on
* settings in "data." axTLS api doesn't have get cert chain fcn, so omit?
*/
/* Verify server's certificate */
if(SSL_CONN_CONFIG(verifypeer)) {
if(data->set.ssl.verifypeer) {
if(ssl_verify_cert(ssl) != SSL_OK) {
Curl_axtls_close(conn, sockindex);
failf(data, "server cert verify failed");
@@ -329,8 +324,8 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
found_subject_alt_names = 1;
infof(data, "\tComparing subject alt name DNS with hostname: %s <-> %s\n",
dns_altname, hostname);
if(Curl_cert_hostcheck(dns_altname, hostname)) {
dns_altname, conn->host.name);
if(Curl_cert_hostcheck(dns_altname, conn->host.name)) {
found_subject_alt_name_matching_conn = 1;
break;
}
@@ -338,21 +333,23 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
/* RFC2818 checks */
if(found_subject_alt_names && !found_subject_alt_name_matching_conn) {
if(SSL_CONN_CONFIG(verifyhost)) {
if(data->set.ssl.verifyhost) {
/* Break connection ! */
Curl_axtls_close(conn, sockindex);
failf(data, "\tsubjectAltName(s) do not match %s\n", dispname);
failf(data, "\tsubjectAltName(s) do not match %s\n",
conn->host.dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "\tsubjectAltName(s) do not match %s\n", dispname);
infof(data, "\tsubjectAltName(s) do not match %s\n",
conn->host.dispname);
}
else if(found_subject_alt_names == 0) {
/* Per RFC2818, when no Subject Alt Names were available, examine the peer
CN as a legacy fallback */
peer_CN = ssl_get_cert_dn(ssl, SSL_X509_CERT_COMMON_NAME);
if(peer_CN == NULL) {
if(SSL_CONN_CONFIG(verifyhost)) {
if(data->set.ssl.verifyhost) {
Curl_axtls_close(conn, sockindex);
failf(data, "unable to obtain common name from peer certificate");
return CURLE_PEER_FAILED_VERIFICATION;
@@ -361,17 +358,17 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
infof(data, "unable to obtain common name from peer certificate");
}
else {
if(!Curl_cert_hostcheck((const char *)peer_CN, hostname)) {
if(SSL_CONN_CONFIG(verifyhost)) {
if(!Curl_cert_hostcheck((const char *)peer_CN, conn->host.name)) {
if(data->set.ssl.verifyhost) {
/* Break connection ! */
Curl_axtls_close(conn, sockindex);
failf(data, "\tcommon name \"%s\" does not match \"%s\"\n",
peer_CN, dispname);
peer_CN, conn->host.dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
else
infof(data, "\tcommon name \"%s\" does not match \"%s\"\n",
peer_CN, dispname);
peer_CN, conn->host.dispname);
}
}
}
@@ -384,7 +381,7 @@ static CURLcode connect_finish(struct connectdata *conn, int sockindex)
/* Put our freshly minted SSL session in cache */
ssl_idsize = ssl_get_session_id_size(ssl);
ssl_sessionid = ssl_get_session_id(ssl);
if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize, sockindex)
if(Curl_ssl_addsessionid(conn, (void *) ssl_sessionid, ssl_idsize)
!= CURLE_OK)
infof (data, "failed to add session to cache\n");

78
lib/vtls/cyassl.c
View File

@@ -117,7 +117,7 @@ cyassl_connect_step1(struct connectdata *conn,
return CURLE_OK;
/* check to see if we've been told to use an explicit SSL/TLS version */
switch(SSL_CONN_CONFIG(version)) {
switch(data->set.ssl.version) {
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
#if LIBCYASSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */
@@ -168,7 +168,7 @@ cyassl_connect_step1(struct connectdata *conn,
return CURLE_OUT_OF_MEMORY;
}
switch(SSL_CONN_CONFIG(version)) {
switch(data->set.ssl.version) {
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
#if LIBCYASSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */
@@ -191,18 +191,18 @@ cyassl_connect_step1(struct connectdata *conn,
#ifndef NO_FILESYSTEM
/* load trusted cacert */
if(SSL_CONN_CONFIG(CAfile)) {
if(data->set.str[STRING_SSL_CAFILE]) {
if(1 != SSL_CTX_load_verify_locations(conssl->ctx,
SSL_CONN_CONFIG(CAfile),
SSL_CONN_CONFIG(CApath))) {
if(SSL_CONN_CONFIG(verifypeer)) {
data->set.str[STRING_SSL_CAFILE],
data->set.str[STRING_SSL_CAPATH])) {
if(data->set.ssl.verifypeer) {
/* Fail if we insist on successfully verifying the server. */
failf(data, "error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s",
SSL_CONN_CONFIG(CAfile)?
SSL_CONN_CONFIG(CAfile): "none",
SSL_CONN_CONFIG(CApath)?
SSL_CONN_CONFIG(CApath) : "none");
data->set.str[STRING_SSL_CAFILE]?
data->set.str[STRING_SSL_CAFILE]: "none",
data->set.str[STRING_SSL_CAPATH]?
data->set.str[STRING_SSL_CAPATH] : "none");
return CURLE_SSL_CACERT_BADFILE;
}
else {
@@ -219,25 +219,25 @@ cyassl_connect_step1(struct connectdata *conn,
infof(data,
" CAfile: %s\n"
" CApath: %s\n",
SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile):
data->set.str[STRING_SSL_CAFILE] ? data->set.str[STRING_SSL_CAFILE]:
"none",
SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath):
data->set.str[STRING_SSL_CAPATH] ? data->set.str[STRING_SSL_CAPATH]:
"none");
}
/* Load the client certificate, and private key */
if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) {
int file_type = do_file_type(SSL_SET_OPTION(cert_type));
if(data->set.str[STRING_CERT] && data->set.str[STRING_KEY]) {
int file_type = do_file_type(data->set.str[STRING_CERT_TYPE]);
if(SSL_CTX_use_certificate_file(conssl->ctx, SSL_SET_OPTION(cert),
if(SSL_CTX_use_certificate_file(conssl->ctx, data->set.str[STRING_CERT],
file_type) != 1) {
failf(data, "unable to use client certificate (no key or wrong pass"
" phrase?)");
return CURLE_SSL_CONNECT_ERROR;
}
file_type = do_file_type(SSL_SET_OPTION(key_type));
if(SSL_CTX_use_PrivateKey_file(conssl->ctx, SSL_SET_OPTION(key),
file_type = do_file_type(data->set.str[STRING_KEY_TYPE]);
if(SSL_CTX_use_PrivateKey_file(conssl->ctx, data->set.str[STRING_KEY],
file_type) != 1) {
failf(data, "unable to set private key");
return CURLE_SSL_CONNECT_ERROR;
@@ -250,8 +250,7 @@ cyassl_connect_step1(struct connectdata *conn,
* anyway. In the latter case the result of the verification is checked with
* SSL_get_verify_result() below. */
SSL_CTX_set_verify(conssl->ctx,
SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER:
SSL_VERIFY_NONE,
data->set.ssl.verifypeer?SSL_VERIFY_PEER:SSL_VERIFY_NONE,
NULL);
#ifdef HAVE_SNI
@@ -260,15 +259,13 @@ cyassl_connect_step1(struct connectdata *conn,
#ifdef ENABLE_IPV6
struct in6_addr addr6;
#endif
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
conn->host.name;
size_t hostname_len = strlen(hostname);
size_t hostname_len = strlen(conn->host.name);
if((hostname_len < USHRT_MAX) &&
(0 == Curl_inet_pton(AF_INET, hostname, &addr4)) &&
(0 == Curl_inet_pton(AF_INET, conn->host.name, &addr4)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) &&
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr6)) &&
#endif
(CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, hostname,
(CyaSSL_CTX_UseSNI(conssl->ctx, CYASSL_SNI_HOST_NAME, conn->host.name,
(unsigned short)hostname_len) != 1)) {
infof(data, "WARNING: failed to configure server name indication (SNI) "
"TLS extension\n");
@@ -287,7 +284,7 @@ cyassl_connect_step1(struct connectdata *conn,
}
}
#ifdef NO_FILESYSTEM
else if(SSL_CONN_CONFIG(verifypeer)) {
else if(data->set.ssl.verifypeer) {
failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built"
" with \"no filesystem\". Either disable peer verification"
" (insecure) or if you are building an application with libcurl you"
@@ -306,7 +303,7 @@ cyassl_connect_step1(struct connectdata *conn,
}
/* Check if there's a cached ID we can/should use here! */
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) {
if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL)) {
/* we got a session id, use it! */
if(!SSL_set_session(conssl->handle, ssl_sessionid)) {
failf(data, "SSL: SSL_set_session failed: %s",
@@ -335,17 +332,13 @@ cyassl_connect_step2(struct connectdata *conn,
int ret = -1;
struct SessionHandle *data = conn->data;
struct ssl_connect_data* conssl = &conn->ssl[sockindex];
const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
conn->host.name;
const char * const dispname = SSL_IS_PROXY() ?
conn->http_proxy.host.dispname : conn->host.dispname;
conn->recv[sockindex] = cyassl_recv;
conn->send[sockindex] = cyassl_send;
/* Enable RFC2818 checks */
if(SSL_CONN_CONFIG(verifyhost)) {
ret = CyaSSL_check_domain_name(conssl->handle, hostname);
if(data->set.ssl.verifyhost) {
ret = CyaSSL_check_domain_name(conssl->handle, conn->host.name);
if(ret == SSL_FAILURE)
return CURLE_OUT_OF_MEMORY;
}
@@ -369,31 +362,31 @@ cyassl_connect_step2(struct connectdata *conn,
else if(DOMAIN_NAME_MISMATCH == detail) {
#if 1
failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n",
dispname);
conn->host.dispname);
return CURLE_PEER_FAILED_VERIFICATION;
#else
/* When the CyaSSL_check_domain_name() is used and you desire to continue
* on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost == 0',
* on a DOMAIN_NAME_MISMATCH, i.e. 'data->set.ssl.verifyhost == 0',
* CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only
* way to do this is currently to switch the CyaSSL_check_domain_name()
* in and out based on the 'conn->ssl_config.verifyhost' value. */
if(SSL_CONN_CONFIG(verifyhost)) {
* in and out based on the 'data->set.ssl.verifyhost' value. */
if(data->set.ssl.verifyhost) {
failf(data,
"\tsubject alt name(s) or common name do not match \"%s\"\n",
dispname);
conn->host.dispname);
return CURLE_PEER_FAILED_VERIFICATION;
}
else {
infof(data,
"\tsubject alt name(s) and/or common name do not match \"%s\"\n",
dispname);
conn->host.dispname);
return CURLE_OK;
}
#endif
}
#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */
else if(ASN_NO_SIGNER_E == detail) {
if(SSL_CONN_CONFIG(verifypeer)) {
if(data->set.ssl.verifypeer) {
failf(data, "\tCA signer not available for verification\n");
return CURLE_SSL_CACERT_BADFILE;
}
@@ -473,8 +466,7 @@ cyassl_connect_step3(struct connectdata *conn,
our_ssl_sessionid = SSL_get_session(connssl->handle);
incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL,
sockindex));
incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL));
if(incache) {
if(old_ssl_sessionid != our_ssl_sessionid) {
infof(data, "old SSL session ID is stale, removing\n");
@@ -485,7 +477,7 @@ cyassl_connect_step3(struct connectdata *conn,
if(!incache) {
result = Curl_ssl_addsessionid(conn, our_ssl_sessionid,
0 /* unknown size */, sockindex);
0 /* unknown size */);
if(result) {
failf(data, "failed to store ssl session");
return result;

14
lib/vtls/darwinssl.c
View File

@@ -1055,7 +1055,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
/* check to see if we've been told to use an explicit SSL/TLS version */
#if CURL_BUILD_MAC_10_8 || CURL_BUILD_IOS
if(SSLSetProtocolVersionMax != NULL) {
switch(conn->ssl_config.version) {
switch(data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
@@ -1096,7 +1096,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kSSLProtocolAll,
false);
switch (conn->ssl_config.version) {
switch (data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
@@ -1148,7 +1148,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
#else
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
switch(conn->ssl_config.version) {
switch(data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
case CURL_SSLVERSION_TLSv1:
@@ -1293,7 +1293,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
#else
if(SSLSetSessionOption != NULL) {
#endif /* CURL_BUILD_MAC */
bool break_on_auth = !conn->ssl_config.verifypeer ||
bool break_on_auth = !data->set.ssl.verifypeer ||
data->set.str[STRING_SSL_CAFILE];
err = SSLSetSessionOption(connssl->ssl_ctx,
kSSLSessionOptionBreakOnServerAuth,
@@ -1306,7 +1306,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
else {
#if CURL_SUPPORT_MAC_10_8
err = SSLSetEnableCertVerify(connssl->ssl_ctx,
conn->ssl_config.verifypeer?true:false);
data->set.ssl.verifypeer?true:false);
if(err != noErr) {
failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1315,7 +1315,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
}
#else
err = SSLSetEnableCertVerify(connssl->ssl_ctx,
conn->ssl_config.verifypeer?true:false);
data->set.ssl.verifypeer?true:false);
if(err != noErr) {
failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
@@ -1340,7 +1340,7 @@ static CURLcode darwinssl_connect_step1(struct connectdata *conn,
/* Configure hostname check. SNI is used if available.
* Both hostname check and SNI require SSLSetPeerDomainName().
* Also: the verifyhost setting influences SNI usage */
if(conn->ssl_config.verifyhost) {
if(data->set.ssl.verifyhost) {
err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name,
strlen(conn->host.name));

Some files were not shown because too many files have changed in this diff Show More