Compare commits

..

371 Commits

Author SHA1 Message Date
Guenter Knauf
11a7ac0d6a Fixed compiler warning 'unused parameter'. 2012-07-27 03:54:58 +02:00
Guenter Knauf
b13106339e Added prototypes to kill compiler warning. 2012-07-27 03:27:51 +02:00
Guenter Knauf
1b1c43a9fe Added --with-winidn to configure.
This needs another look from the configure experts. I tested that
it works so far with MinGW64 cross-compiler; libcurl builds and
links fine, but curl not yet ...
2012-07-27 03:19:21 +02:00
Ant Bryan
7b5c411f5c Update man page info on --metalink and typo. 2012-07-27 01:01:45 +02:00
Daniel Stenberg
7f9f94a1df RELEASE-NOTES: remove mentioned of bug never in a release
The --silent bug came with 7561a0fc83 which was never in a release.
Pointed out by Kamil Dudka
2012-07-27 00:31:15 +02:00
Daniel Stenberg
3b4d430cd8 RELEASE-NOTES: synced with 33b815e894
4 more bugfixes, 3 more contributors
2012-07-27 00:15:17 +02:00
Guenter Knauf
33b815e894 Changed Windows IDN text to 'WinIDN'.
Synced the output to the same short form as we now use for
Windows SSL (WinSSL).
2012-07-26 02:49:39 +02:00
Nick Zitzmann
f92779198d darwinssl: fixed freeze involving the multi interface
Previously the curl_multi interface would freeze if darwinssl was
enabled and at least one of the handles tried to connect to a Web site
using HTTPS. Removed the "wouldblock" state darwinssl was using because
I figured out a solution for our "would block but in which direction?"
dilemma.
2012-07-25 23:22:11 +02:00
Guenter Knauf
9ac5cdfc2f Added support for tls-srp to MinGW builds. 2012-07-25 13:16:22 +02:00
Daniel Stenberg
8a279d2275 curl_easy_setopt: fix typo
Reported by: Santhana Todatry
2012-07-24 00:29:39 +02:00
Daniel Stenberg
c0f8340c7c keepalive: multiply value for OS-specific units
DragonFly uses milliseconds, while our API and Linux use full seconds.

Reported by: John Marino
Bug: http://curl.haxx.se/bug/view.cgi?id=3546257
2012-07-22 22:42:42 +02:00
Kamil Dudka
d317ca50ae http: print reason phrase from HTTP status line on error
Bug: https://bugzilla.redhat.com/676596
2012-07-22 02:12:43 +02:00
Kamil Dudka
487406c3c0 tool_operate: fix misplaced initialization of orig_noprogress
... and orig_isatty which caused --silent to be entirely ignored in case
the standard output was redirected to a file!
2012-07-22 02:06:22 +02:00
Anton Yabchinskiy
2c7cfd2926 Client's "qop" value should not be quoted (RFC2617, section 3.2.2). 2012-07-21 22:21:17 +02:00
Guenter Knauf
c66f6e60fc Fixed typo. 2012-07-21 09:02:03 +02:00
Daniel Stenberg
b0735f3165 make: make distclean work again
The clean-local hook needed some polish to make sure make distclean
works. Added comment describing why.
2012-07-20 21:56:27 +02:00
Daniel Stenberg
1fc5a41447 test Makefile: only feature 'unit' once in the list of dirs 2012-07-20 21:56:27 +02:00
Dan Fandrich
cb787b70bf Fixed some typos in documentation 2012-07-20 21:02:58 +02:00
Guenter Knauf
0f15ed1617 Fixed CR issue with Win32 version on MSYS.
Previous fix didnt work on Linux ...
2012-07-20 17:22:10 +02:00
Guenter Knauf
5d80017fd6 Fixed CR issue with Win32 version on MSYS. 2012-07-20 15:39:28 +02:00
Guenter Knauf
e1711b0e9a Fixed MSYS <-> Windows path convertion.
Replaced the Windows real path from mount hack with a more
reliable and simpler hack: the MSYS shell has a builtin pwd
which understands a -W option which does convertion to Windows
paths. Tested and confirmed that this works on all MSYS versions
I have back to a 3 year old one.
2012-07-20 15:30:41 +02:00
Guenter Knauf
c27cc4cfe0 Follow-up fix to detect SSL libs with MinGW.
1) the check for winssl needs to come before nss check
2) the SSL checks must begin with a new if or else we will
never find any SSL lib with MinGW.
2012-07-19 16:31:08 +02:00
Guenter Knauf
dc470723b1 Tell git to not convert configure-related files. 2012-07-17 20:35:23 +02:00
Guenter Knauf
da2bde9d62 Trial to teach runtests.pl about WinSSL. 2012-07-17 07:13:58 +02:00
Guenter Knauf
13abfd997e Fixed warning 'uninitialized value in numeric gt'.
This is a MSYS/MinGW-only warning; full warning text is:
Use of uninitialized value in numeric gt (>) at ../../curl/tests/runtests.pl line 2227.
2012-07-17 06:55:38 +02:00
Daniel Stenberg
8276791749 RELEASE-NOTES: synced with 9d11716933
Fixed 6 bugs, added 3 contributors
2012-07-15 22:39:06 +02:00
Daniel Stenberg
9d11716933 multi_runsingle: added precaution against easy_conn NULL pointer
In many states the easy_conn pointer is referenced and just assumed to
be working. This is an added extra check since analyzing indicates
there's a risk we can end up in these states with a NULL pointer there.
2012-07-15 20:33:11 +02:00
Daniel Stenberg
ff318a6302 getparam: fix the GetStr() macro
It should return PARAM_NO_MEM if the strdup fails. Spotted by
clang-analyzer
2012-07-15 20:33:11 +02:00
Guenter Knauf
0e24c1e921 Tell git to not convert configure-related files. 2012-07-15 18:25:55 +02:00
Daniel Stenberg
9ca3137987 parse_proxy: remove dead assignment
Spotted by clang-analyzer
2012-07-13 14:28:12 +02:00
Daniel Stenberg
20ff8a0988 ftp_do_more: add missing check of return code
Spotted by clang-analyzer. The return code was never checked, just
stored.
2012-07-13 14:12:39 +02:00
Daniel Stenberg
771e91374b getinfo: use va_end and cut off Curl_ from static funcs
va_end() needs to be used after va_start() and we don't normally use
Curl_ prefixes for purely static functions.
2012-07-13 13:47:34 +02:00
Philip Craig
1a74e54e8b Split up Curl_getinfo
This avoids false positives from clang's scan-build.
2012-07-13 13:20:32 +02:00
Guenter Knauf
6e3802a2cf Added error checking for curl_global_init(). 2012-07-12 15:18:00 +02:00
Guenter Knauf
df5a47b819 Added curl_global_* functions. 2012-07-12 15:01:18 +02:00
Guenter Knauf
a39789c85c Minor fixes to MinGW makefiles. 2012-07-12 14:15:58 +02:00
Daniel Stenberg
b7298e49ae docs: mention CURL_GLOBAL_DEFAULT 2012-07-12 08:41:07 +02:00
Guenter Knauf
be795f90da Added curl_global_* functions. 2012-07-12 02:02:57 +02:00
Daniel Stenberg
1c4663bc42 tests: verify the stricter numeric option parser
Test 1409 and 1410 verifies the stricter numeric option parser
introduced the other day in commit f2b6ebed7b.
2012-07-12 00:32:23 +02:00
Daniel Stenberg
d759a70db8 SWS: use of uninitialized memory fix
I made "connmon" not get initialized properly before use, and I use the
big hammer and make sure we always clear the entire struct to avoid any
problem like this in the future.
2012-07-12 00:08:38 +02:00
Daniel Stenberg
1dcf4418ba test48: verify that HEAD doesn't close extra
Two commits ago, we fixed a bug where the connction would be closed
prematurely after a HEAD. Now I added connection-monitor to test 48 and
added a second HEAD and make sure that both are sent over the same
connection.

This triggered a failure before the bug fix and now works. Will help us
avoid a future regression of this kind.
2012-07-12 00:08:37 +02:00
Daniel Stenberg
685366006c connection-monitor: always log disconnect when enabled
This makes verifying easier and makes us more sure curl closes the
connection only at the correct point in time. Adjusted test 206 and 1008
accordingly and updated the docs for it.
2012-07-12 00:08:37 +02:00
Daniel Stenberg
85ce195f75 HEAD: don't force-close after response-headers
A HEAD response has no body length and gets the headers like the
corresponding GET would so it should not get closed after the response
based on the same rules. This mistake caused connections that did HEAD
to get closed too often without a valid reason.

Bug: http://curl.haxx.se/bug/view.cgi?id=3542731
Reported by: Eelco Dolstra
2012-07-12 00:08:37 +02:00
Guenter Knauf
18f8b7eb72 Removed trailing empty strings from awk script. 2012-07-12 00:07:01 +02:00
Guenter Knauf
0dc1e1e92e Cleaned up version awk script. 2012-07-11 23:23:19 +02:00
Guenter Knauf
0e1f107f83 Added project copyright header. 2012-07-11 21:59:20 +02:00
Guenter Knauf
dfe405076e Removed libcurl.imp from Makefile.am.
Updated .gitignore for NetWare created files.
2012-07-11 17:40:09 +02:00
Guenter Knauf
dce2e1aa0f Added missing dependency to export list. 2012-07-11 16:52:48 +02:00
Guenter Knauf
d8ce83e73a Fixed export list path. 2012-07-11 16:01:48 +02:00
Guenter Knauf
33eac5f7fd Changed NetWare build to generate export list. 2012-07-11 15:48:02 +02:00
Guenter Knauf
0025770a99 Added pointer to FAQ for linkage errors. 2012-07-11 12:58:54 +02:00
Guenter Knauf
d4bade7a4e Small NetWare makefile tweak. 2012-07-11 11:54:49 +02:00
Guenter Knauf
f9dfd7e4b7 Changed MinGW makefiles to use WINSSL now. 2012-07-11 11:33:08 +02:00
Daniel Stenberg
c7106b3eb7 test231: fix wrong -C use! 2012-07-10 23:20:05 +02:00
Daniel Stenberg
f2b6ebed7b cmdline: parse numerical options stricter
1 - str2offset() no longer accepts negative numbers since offsets are by
nature positive.

2 - introduced str2unum() for the command line parser that accepts
numericals which are not supposed to be negative, so that it will
properly complain on apparent bad uses and mistakes.

Bug: http://curl.haxx.se/mail/archive-2012-07/0013.html
2012-07-10 23:11:30 +02:00
Daniel Stenberg
e5843470e8 docs: switch to proper UTF-8 for text file encoding 2012-07-09 19:28:51 +02:00
Yang Tse
4ab2d26cb8 Make Curl_schannel_version() return "WinSSL"
Modification based on voting result:

http://curl.haxx.se/mail/lib-2012-07/0104.html
2012-07-09 15:28:16 +02:00
Daniel Stenberg
40cd996cc0 test 46: use different path lengths to get reliable sort order
Since the order of the cookies is sorted by the length of the paths,
having them on the same path length will make the test depend on what
order the qsort() implementation will put them. As seen in the
windows/msys output posted by Guenter in this posting:
http://curl.haxx.se/mail/lib-2012-07/0105.html
2012-07-09 15:25:54 +02:00
Daniel Stenberg
904346bf88 cookie: fixed typo in comment 2012-07-09 15:25:34 +02:00
Christian Hägele
c42ca3e73a https_getsock: provided for schannel backend as well
The function https_getsock was only implemented properly when USE_SSLEAY
or USE_GNUTLS is defined, but it is also necessary for USE_SCHANNEL.

The problem occurs when Curl_read_plain or Curl_write_plain returns
CURLE_AGAIN. In that case CURL_OK is returned to the multi-interface an
the used socket is set to state CURL_POLL_REMOVE and the easy-state is
set to CURLM_STATE_PROTOCONNECT. This is fine, because later the socket
should be set to CURL_POLL_IN or CURL_POLL_OUT via multi_getsock. That's
where https_getsock is called and doesn't return any sockets.
2012-07-09 13:55:23 +02:00
Daniel Stenberg
329be28d69 RELEASE-NOTES: added a URL reference to cookie docs 2012-07-09 13:11:44 +02:00
Guenter Knauf
9a158f1ef0 Removed obsolete include path to project root. 2012-07-08 18:06:15 +02:00
Daniel Stenberg
61c7af92f2 TODO-RELEASE: issue 316 NTLM over proxy is fixed 2012-07-08 15:48:46 +02:00
Nick Zitzmann
59c88da74d darwinssl: don't use arc4random_buf
Re-wrote Curl_darwinssl_random() to not use arc4random_buf() because the
function is not available prior to iOS 4.3 and OS X 10.7.
2012-07-08 15:42:36 +02:00
Daniel Stenberg
bce8bc203f KNOWN_BUGS: #80 Curl doesn't recognize certs in DER format 2012-07-08 15:37:52 +02:00
Daniel Stenberg
24af69a411 KNOWN_BUGS: #79 - any RCPT TO failure makes and error 2012-07-08 15:34:58 +02:00
Marc Hoersken
d7c9f2f63a winbuild: Aligned BUILD.WINDOWS.txt and Makefile.vc usage help 2012-07-08 10:41:53 +02:00
Marc Hoersken
d39bbcfa8d winbuild: Make USE_WINSSL depend on USE_SSPI
Since WinSSL cannot be build without SSPI being enabled,
USE_WINSSL now defaults to the value of USE_SSPI.

The makefile does now raise an error if WinSSL is enabled
while SSPI is disabled.
2012-07-07 23:30:37 +02:00
Marc Hoersken
86871577d9 winbuild: Aligned USE_SSPI with other USE_x defines
Renamed external parameter USE_SSPI = yes/no to ENABLE_SSPI = yes/no.
Backwards compatible change: USE_SSPI can still be passed as external
parameter with yes/no value as long as ENABLE_SSPI is not given.

USE_x defines are passed around with true/false values internally,
USE_SSPI is now aligned to this approach, but still accepts external
values yes/no being passed, just like the other defines.
2012-07-07 23:30:37 +02:00
Marc Hoersken
aeca33f96c winbuild: Clean up formatting and variable naming
- Changed space usage to line up with the whole file
- Renamed CFLAGS_SSPI/IPV6 to SSPI/IPV6_CFLAGS to be
  consistent with the other CFLAGS_x variables
- Make use of existing CFLAGS_IPV6 (previously IPV6_CFLAGS)
  instead of appending directly to CFLAGS
2012-07-07 23:30:36 +02:00
Nick Zitzmann
825fff880e darwinssl: output cipher with text, remove SNI warning
The code was printing a warning when SNI was set up successfully. Oops.

Printing the cipher number in verbose mode was something only TLS/SSL
programmers might understand, so I had it print the name of the cipher,
just like in the OpenSSL code. That'll be at least a little bit easier
to understand. The SecureTransport API doesn't have a method of getting
a string from a cipher like OpenSSL does, so I had to generate the
strings manually.
2012-07-07 22:37:52 +02:00
Daniel Stenberg
68e6b56a2a RELEASE-NOTES: synced with 5a99bce07d 2012-07-07 14:47:46 +02:00
Daniel Stenberg
5a99bce07d KNOWN_BUGS: NTLM with unicode works with schannel/winssl!
Bug #75 updated with additional info, still remains for builds with
other backends.
2012-07-07 14:38:50 +02:00
Daniel Stenberg
4ac56b9d9f code police: narrow source to < 80 columns 2012-07-06 00:19:41 +02:00
Yang Tse
b1f64d3a2a unicode NTLM SSPI: cleanup follow-up 2012-07-05 23:41:47 +02:00
Yang Tse
e77d867068 unicode NTLM SSPI: cleanup
Reduce the number of #ifdef UNICODE directives used in source files.
2012-07-05 22:18:11 +02:00
Daniel Stenberg
1b27bb446f tests: use connection-monitor and verify results
Test 1008 and 206 don't show the disconnect since it happens when SWS
awaits a new request, but 503 does and so the verify section needs that
string added.
2012-07-05 11:24:23 +02:00
Daniel Stenberg
ed7bfeee7a http-proxy: keep CONNECT connections alive (for NTLM)
When doing CONNECT requests, libcurl must make sure the connection is
alive as much as possible. NTLM requires it and it is generally good for
other cases as well.

NTLM over CONNECT requests has been broken since this regression I
introduced in my CONNECT cleanup commits that started with 41b0237834,
included since 7.25.0.

Bug: http://curl.haxx.se/bug/view.cgi?id=3538625
Reported by: Marcel Raad
2012-07-05 11:24:23 +02:00
Daniel Stenberg
176f7ea3bb sws: support <servercmd> for CONNECT requests
I moved out the servercmd parsing into a its own function called
parse_servercmd() and made sure it gets used also when the test number
is extracted from CONNECT requests. It turned out sws didn't do that
previously!
2012-07-05 11:24:23 +02:00
Daniel Stenberg
6398c8bba8 FILEFORMAT: provided a full description of connection-monitor 2012-07-05 11:24:23 +02:00
Daniel Stenberg
c5de48b56c lib503: enable verbose to ease debugging this 2012-07-05 11:24:23 +02:00
Daniel Stenberg
28dc509dde sws: add 'connection-monitor' command support
Using this, the server will output in the protocol log when the
connection gets disconnected and thus we will verify correctly in the
test cases that the connection doesn't get closed prematurely. This is
important for example NTLM to work.

Documentation added to FILEFORMAT, test 503 updated to use this.
2012-07-05 11:24:23 +02:00
Guenter Knauf
897cf5d117 Removed non-used variable. 2012-07-04 22:14:18 +02:00
Guenter Knauf
a3dbbcfd2a Added error checking for samples. 2012-07-04 17:03:52 +02:00
Guenter Knauf
6388ac7dc1 Renamed vars to avoid shadow global declaration. 2012-07-04 12:54:21 +02:00
Daniel Stenberg
304e24e211 docs: clarify how to start with curl_multi_socket_action
Mention the CURL_SOCKET_TIMEOUT argument in step 6 of the typical
application.
2012-07-03 17:18:36 +02:00
Guenter Knauf
6fb0ed88d6 Moved some patterns to subfolder's .gitignore. 2012-07-03 14:31:50 +02:00
Guenter Knauf
98ca62c2d6 Merge branch 'master' of ssh://github.com/bagder/curl 2012-07-03 13:01:17 +02:00
Guenter Knauf
1ba5712f88 MinGW makefile tweaks for running from sh.
Added function macros to make path converting easier.
Added CROSSPREFIX to all compile tools.
2012-07-03 12:56:41 +02:00
Marc Hoersken
1a97fd7b63 curl_ntlm_msgs.c: Removed unused variable passwd 2012-07-03 11:41:00 +02:00
Guenter Knauf
32b4896107 Added files generated by mingw32, eclipse and VC.
Posted by Marc Hoersken.
2012-07-03 11:36:24 +02:00
Daniel Stenberg
c75ece4442 cookies: change the URL in the cookie jar file header 2012-07-03 11:27:45 +02:00
Daniel Stenberg
016dabcf04 HTTP-COOKIES: clarified and modified layout 2012-07-03 11:10:41 +02:00
Daniel Stenberg
ae8f08ee59 HTTP-COOKIES: use the FAQ document layout 2012-07-03 10:54:46 +02:00
Daniel Stenberg
33ee67112f HTTP-COOKIES: added cookie documentation 2012-07-03 09:03:08 +02:00
Yang Tse
e0b9d3b2c9 curl_ntlm_msgs.c: include <tchar.h> for prototypes 2012-07-03 00:14:14 +02:00
Neil Bowers
33e19f881e testcurl.pl: fix missing semicolon 2012-07-02 23:25:30 +02:00
Christian Hägele
dd302206ad unicode NTLM SSPI: heap corruption fixed
When compiling libcurl with UNICODE defined and using unicode characters
in username.
2012-07-02 22:59:54 +02:00
Yang Tse
b3ebfc2b74 testcurl.pl: allow non in-tree c-ares enabled autobuild 2012-07-02 20:21:48 +02:00
Yang Tse
069b280f63 configure.ac: verify that libmetalink is new enough
Enabling test2017 to test2022.
2012-07-02 16:42:54 +02:00
Tatsuhiro Tsujikawa
89b431f60f curl: Added runtime version check for libmetalink 2012-07-02 16:28:01 +02:00
Tatsuhiro Tsujikawa
4e3320a679 Include metalink/metalink.h for libmetalink functions 2012-07-02 03:39:21 +02:00
Daniel Stenberg
39a72bbcd1 errors: CURLM_CALL_MULTI_PERFORM is not returned anymore 2012-07-02 00:10:59 +02:00
Daniel Stenberg
696ddf6f0a release: cleaned up plans for this and coming release 2012-07-01 20:09:35 +02:00
Yang Tse
60d5a16b99 curl-compilers.m4: remove -Wstrict-aliasing=3 from clang
Currently it is unknown if there is any version of clang that
actually supports -Wstrict-aliasing. What is known is that there
are several that don't support it.
2012-06-29 16:40:23 +02:00
Yang Tse
febd598597 test2017 to test2022: more metalink tests
With this commit, checks done in previous test2017 are now done in test2018.

Whole range test2017 to test2022 DISABLED until configure is capable of
requiring a new-enough metalink library.

Don't try these without mentioned check in place!
2012-06-29 16:09:55 +02:00
Yang Tse
7747136421 test2005 to test2016: improve failure detection 2012-06-29 15:44:50 +02:00
Yang Tse
dd707b746f lib582.c: fix conversion warning 2012-06-28 17:14:41 +02:00
Yang Tse
ac6111aeb0 nss.c: #include warnless.h for curlx_uztosi and curlx_uztoui prototypes 2012-06-28 16:58:07 +02:00
Marc Hoersken
c0f2bfb2c7 nss.c: Fixed size_t conversion warnings 2012-06-28 16:52:17 +02:00
Yang Tse
74552acaea sslgen.c: cleanup temporary compile-time SSL-backend check 2012-06-28 12:49:12 +02:00
Daniel Stenberg
5600879a1d schannel: provide two additional (dummy) API defines 2012-06-28 08:40:17 +02:00
Tatsuhiro Tsujikawa
bf4580d5fd Metalink: message updates
Print "parsing (...) OK" only when no warnings are generated.  If
no file is found in Metalink, treat it FAILED.

If no digest is provided, print WARNING in parse_metalink().
Also print validating FAILED after download.

These changes make tests 2012 to 2016 pass.
2012-06-28 00:26:16 +02:00
Daniel Stenberg
5439849246 sslgen: avoid compiler error in SSPI builds 2012-06-27 23:16:14 +02:00
Yang Tse
3bda1cef92 ssluse.c: fix compiler warning: conversion to 'int' from 'size_t'
Reported by Tatsuhiro Tsujikawa

http://curl.haxx.se/mail/lib-2012-06/0371.html
2012-06-27 19:06:43 +02:00
Yang Tse
e3014dcc01 sslgen.c: add compile-time check for SSL-backend completeness 2012-06-27 17:14:59 +02:00
Yang Tse
57d2732ccb build: add our standard includes to curl_darwinssl.c and curl_multibyte.c 2012-06-27 17:13:16 +02:00
Yang Tse
e6b2eb78a2 build: add curl_schannel and curl_darwinssl files to other build systems 2012-06-27 14:05:32 +02:00
Yang Tse
6c09ffaf46 tests: add five more Metalink test cases 2012-06-27 13:16:01 +02:00
Yang Tse
5ce9e7a0b7 tests: update Metalink message format 2012-06-27 13:16:00 +02:00
Tatsuhiro Tsujikawa
3e6dfe138a Metalink: updated message format 2012-06-27 13:15:59 +02:00
Nick Zitzmann
7aa95afadd DarwinSSL: allow using NTLM authentication
Allow NTLM authentication when building using SecureTransport (Darwin) for SSL.

This uses CommonCrypto, a cryptography library that ships with all versions of
iOS and Mac OS X. It's like OpenSSL's libcrypto, except that it's missing a few
less-common cyphers and doesn't have a big number data structure.
2012-06-27 11:57:31 +02:00
Yang Tse
dc7dc9786f curl_darwinssl.h: add newline at end of file 2012-06-27 10:55:54 +02:00
Daniel Stenberg
aed6db2cb9 ossl_seed: remove leftover RAND_screen check
Before commit 2dded8fedb (dec 2010) there was logic that used
RAND_screen() at times and now I remove the leftover #ifdef check for
it.

The seeding code that uses Curl_FormBoundary() in ossl_seed() is dubious
to keep since it hardly increases randomness but I fear I'll break
something if I remove it now...
2012-06-26 22:18:53 +02:00
Nick Zitzmann
3a4b28d473 DarwinSSL: several adjustments
- Renamed st_ function prefix to darwinssl_
- Renamed Curl_st_ function prefix to Curl_darwinssl_
- Moved the duplicated ssl_connect_done out of the #ifdef in lib/urldata.h
- Fixed a teensy little bug that made non-blocking connection attempts block
- Made it so that it builds cleanly against the iOS 5.1 SDK
2012-06-26 21:39:48 +02:00
Yang Tse
f1474db360 curl-compilers.m4: -Wstrict-aliasing=3 for warning enabled gcc and clang builds 2012-06-26 21:24:30 +02:00
Marc Hoersken
a8478fc8d3 sockaddr.h: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union inside the struct Curl_sockaddr_storage declaration.
2012-06-26 21:24:29 +02:00
Daniel Stenberg
849179ba27 SSL cleanup: use crypto functions through the sslgen layer
curl_ntlm_msgs.c would previously use an #ifdef maze and direct
SSL-library calls instead of using the SSL layer we have for this
purpose.
2012-06-26 19:40:36 +02:00
Nick Zitzmann
6d1ea388cb darwinssl: add support for native Mac OS X/iOS SSL 2012-06-26 14:04:15 +02:00
Daniel Stenberg
07e3ea7f26 RELEASE-NOTES: link to more metalink info 2012-06-25 23:03:52 +02:00
Daniel Stenberg
4afc33db8d RELEASE-NOTES: synced with d025af9bb5 2012-06-25 23:02:32 +02:00
Yang Tse
d025af9bb5 curl_schannel.c: Remove redundant NULL assignments following Curl_safefree() 2012-06-25 21:48:20 +02:00
Marc Hoersken
f99f02bb05 curl_schannel.c: Replace free() with Curl_safefree() 2012-06-25 21:34:31 +02:00
Tatsuhiro Tsujikawa
92c40ce190 curl.1: Updated Metalink description in man page
Documented that --include will be ignored if both --metalink
and --include are specified.
Also documented that a Metalink file in the local file system
cannot be used if FILE protocol is disabled.
2012-06-25 19:22:17 +02:00
Steve Holme
1eb74f94c4 DOCS: Added clarification to CURLOPT_CUSTOMREQUEST for the POP3 protocol
Bug: http://curl.haxx.se/mail/lib-2012-06/0302.html
Reported by: Nagai H
2012-06-24 23:23:30 +01:00
Steve Holme
a28cda3653 smtp: Corrected result code for MAIL, RCPT and DATA commands
Bug: http://curl.haxx.se/mail/lib-2012-06/0094.html
Reported by: Dan
2012-06-24 22:40:17 +01:00
Ghennadi Procopciuc
861e1ba604 test: Added test HTTP receive cookies over IPv6 2012-06-24 22:59:15 +02:00
Yang Tse
7731c34d79 tests: add another Metalink test case 2012-06-22 20:14:30 +02:00
Tatsuhiro Tsujikawa
14dc361433 tests: Enable test2010 and fixed hash value 2012-06-22 19:06:10 +02:00
Tatsuhiro Tsujikawa
7f59577fdd Metalink: ignore --include if --metalink is used.
Including headers in response body will break Metalink XML parser.
If it is included in the file described in Metalink XML, hash check
will fail. Therefore, --include should be ignored if --metalink is
used.
2012-06-22 18:58:30 +02:00
Yang Tse
b193ba8a02 tests: add six Metalink test cases 2012-06-21 18:32:31 +02:00
Yang Tse
53423673ca test 2005: add verification of hash checking outcome 2012-06-21 18:32:31 +02:00
Yang Tse
2f738c7f40 getpart.pm: remove misleading comment 2012-06-21 18:32:30 +02:00
Tatsuhiro Tsujikawa
aefb9196cf curl: Prefixed all Metalink related messages with "Metalink: " 2012-06-21 17:34:54 +02:00
Tatsuhiro Tsujikawa
7292486ec3 tests: Added Metalink test case # 2005 2012-06-21 04:16:53 +02:00
Tatsuhiro Tsujikawa
7561a0fc83 curl: Restore noprogress and isatty config values.
The noprogress and isatty in Configurable are global, in a sense
that they persist in one curl invocation. Currently once one
download writes its response data to tty, they are set to FALSE
and they are not restored on successive downloads.  This change
first backups the current noprogress and isatty, and restores
them when download does not write its data to tty.
2012-06-21 03:35:52 +02:00
Tatsuhiro Tsujikawa
196c8242ca curl: Made --metalink option toggle Metalink functionality
In this change, --metalink option no longer takes argument.  If
it is specified, given URIs are processed as Metalink XML file.
If given URIs are remote (e.g., http URI), curl downloads it
first. Regardless URI is local file (e.g., file URI scheme) or
remote, Metalink XML file is not written to local file system and
the received data is fed into Metalink XML parser directly.  This
means with --metalink option, filename related options like -O
and -o are ignored.

Usage examples:

$ curl --metalink http://example.org/foo.metalink

This will download foo.metalink and parse it and then download
the URI described there.

$ curl --metalink file://foo.metalink

This will parse local file foo.metalink and then download the URI
described there.
2012-06-21 03:35:23 +02:00
Tatsuhiro Tsujikawa
424bb35877 curl: Refactored metalink_checksum
When creating metalink_checksum from metalink_checksum_t, first
check hex digest is valid for the given hash function.  We do
this check in the order of digest_aliases so that first good
match will be chosen (strongest hash function available).  As a
result, the metalinkfile now only contains at most one
metalink_checksum because other entries are just redundant.
2012-06-21 03:34:37 +02:00
Gisle Vanem
08e0ad7b39 tool_doswin.c: fix djgpp function _use_lfn() used without a prototype
http://curl.haxx.se/mail/archive-2012-06/0028.html
2012-06-20 23:40:42 +02:00
Yang Tse
2ebb87f047 build: fix RESOURCE bug in lib/Makefile.vc*
Removed two, not intended to exist, RESOURCE declarations.

Bug: http://curl.haxx.se/bug/view.cgi?id=3535977

And sorted configuration hunks to reflect same internal order
as the one shown in the usage message.
2012-06-20 23:32:24 +02:00
Marc Hoersken
006b83798e schannel: Implement new buffer size strategy
Increase decrypted and encrypted cache buffers using limitted
doubling strategy. More information on the mailinglist:
http://curl.haxx.se/mail/lib-2012-06/0255.html

It updates the two remaining reallocations that have already been there
and fixes the other one to use the same "do we need to increase the
buffer"-condition as the other two.  CURL_SCHANNEL_BUFFER_STEP_SIZE was
renamed to CURL_SCHANNEL_BUFFER_FREE_SIZE since that is actually what it
is now.  Since we don't know how much more data we are going to read
during the handshake, CURL_SCHANNEL_BUFFER_FREE_SIZE is used as the
minimum free space required in the buffer for the next operation.
CURL_SCHANNEL_BUFFER_STEP_SIZE was used for that before, too, but since
we don't have a step size now, the define was renamed.
2012-06-20 22:59:03 +02:00
Yang Tse
293c9288b3 schannel SSL: fix compiler warning 2012-06-20 22:26:51 +02:00
Mark Salisbury
8f92e8be12 schannel SSL: fix for renegotiate problem
In schannel_connect_step2() doread should be initialized based
on connssl->connecting_state.
2012-06-20 20:32:14 +02:00
Tatsuhiro Tsujikawa
a3e3f8ffa0 runtests.pl: make it support metalink feature 2012-06-20 20:15:42 +02:00
Yang Tse
07086c9487 getpart.pm: make test definition section/part parser more robust
Test definition section parts which needed to include xml-lingo as contents
of that part required that the xml-blurb was written as a single line. Now the
xml-data inside the part can be written multiline making it more readable.

Tested with <client><file> part which is written to disk before <command> runs.
2012-06-20 20:14:53 +02:00
Daniel Stenberg
066811592d schannel_connect_step2: checksrc whitespace fix 2012-06-20 00:51:03 +02:00
Mark Salisbury
72a5813192 schannel SSL: changes in schannel_connect_step2
Process extra data buffer before returning from schannel_connect_step2.
Without this change I've seen WinCE hang when schannel_connect_step2
returns and calls Curl_socket_ready.

If the encrypted handshake does not fit in the intial buffer (seen with
large certificate chain), increasing the encrypted data buffer is necessary.

Fixed warning in curl_schannel.c line 1215.
2012-06-20 00:51:03 +02:00
Mark Salisbury
99b13f2741 config-win32ce.h: WinCE config adjustment
process.h is not present on WinCE
2012-06-20 00:49:49 +02:00
Mark Salisbury
a15378e073 schannel SSL: Made send method handle unexpected cases better
Implemented timeout loop in schannel_send while sending data.  This
is as close as I think we can get to write buffering; I put a big
comment in to explain my thinking.

With some committer adjustments
2012-06-20 00:16:40 +02:00
Marc Hoersken
7d2abe27dd curl_schannel.c: Avoid unnecessary realloc calls to reduce buffer size 2012-06-19 22:54:58 +02:00
Mark Salisbury
64962b0218 schannel SSL: Use standard Curl read/write methods
Replaced calls to swrite with Curl_write_plain and calls to sread
with Curl_read_plain.

With some committer adjustments
2012-06-19 20:32:35 +02:00
Yang Tse
75dd191bdf schannel SSL: make wording of some trace messages better reflect reality 2012-06-19 20:32:19 +02:00
Marc Hoersken
e93e3bcb82 curl_schannel.h: Use BUFSIZE as the initial buffer size if available
Make the Schannel implementation use libcurl's default buffer size
for the initial received encrypted and decrypted data cache buffers.
The implementation still needs to handle more data since more data
might have already been received or decrypted during the handshake
or a read operation which needs to be cached for the next read.
2012-06-19 14:41:43 +02:00
Guenter Knauf
feaf8f9590 Fixed NetWare makefile broken from last commit. 2012-06-19 11:55:06 +02:00
Mark Salisbury
8a8829499d schannel SSL: Implemented SSL shutdown
curl_schannel.c - implemented graceful SSL shutdown.  If we fail to
shutdown the connection gracefully, I've seen schannel try to use a
session ID for future connects and the server aborts the connection
during the handshake.
2012-06-19 04:39:46 +02:00
Mark Salisbury
1e4c57fa64 schannel SSL: certificate validation on WinCE
curl_schannel.c - auto certificate validation doesn't seem to work
right on CE.  I added a method to perform the certificate validation
which uses CertGetCertificateChain and manually handles the result.
2012-06-19 04:39:45 +02:00
Mark Salisbury
29dd7192e6 schannel SSL: Added helper methods to simplify code
Added helper methods InitSecBuffer() and InitSecBufferDesc() to make it
easier to set up SecBuffer & SecBufferDesc structs.
2012-06-19 04:39:44 +02:00
Guenter Knauf
705330c750 Some more NetWare makefile tweaks for metalink. 2012-06-18 23:19:35 +02:00
Yang Tse
599a2c1f1a tool_cb_see.c: WinCE build adjustment 2012-06-18 18:52:29 +02:00
Mark Salisbury
5a8649863c setup.h: WinCE build adjustment 2012-06-18 18:52:28 +02:00
Mark Salisbury
05f6f2497a ftplistparser.c: do not compile if FTP protocol is not enabled 2012-06-18 18:51:30 +02:00
Yang Tse
d56e8bcc8a Win32: downplay MS bazillion type synonyms game
Avoid usage of some MS type synonyms to allow compilation with
compiler headers that don't define these, using simpler synonyms.
2012-06-16 19:20:50 +02:00
Daniel Stenberg
220776de6b Curl_rtsp_parseheader: avoid useless malloc/free
Coverity actually pointed out flawed logic in the previous call to
Curl_strntoupper() where the code used sizeof() of a pointer to pass in
a size argument. That code still worked since it only needed to
uppercase 4 letters. Still, the entire malloc/uppercase/free sequence
was pointless since the code has already matched the string once in the
condition that starts the block of code.
2012-06-15 22:51:45 +02:00
Daniel Stenberg
3da2c0f6d2 curl_share_setopt: use va_end()
As spotted by Coverity, va_end() was not used previously. To make it
used I took away a bunch of return statements and made them into
assignments instead.
2012-06-15 22:37:19 +02:00
Yang Tse
ac3e356c95 SSPI related code: Unicode support for WinCE - kill compiler warnings 2012-06-15 21:50:57 +02:00
Mark Salisbury
a96fa00f38 SSPI related code: Unicode support for WinCE - commit 46480bb9 follow-up 2012-06-15 19:39:18 +02:00
Yang Tse
a5e0583cd3 build: add curl_multibyte files to build systems 2012-06-15 18:41:50 +02:00
Mark Salisbury
46480bb9a1 SSPI related code: Unicode support for WinCE
SSPI related code now compiles with ANSI and WCHAR versions of security
methods (WinCE requires WCHAR versions of methods).

Pulled UTF8 to WCHAR conversion methods out of idn_win32.c into their own file.

curl_sasl.c - include curl_memory.h to use correct memory functions.

getenv.c and telnet.c - WinCE compatibility fix

With some committer adjustments
2012-06-15 18:41:49 +02:00
Guenter Knauf
16c725dbc7 Fixed typo. 2012-06-15 02:25:09 +02:00
Yang Tse
0fd5dda99d winbuild/MakefileBuild.vc: convert line endings to DOS style
As per request on mailing list: http://curl.haxx.se/mail/lib-2012-06/0222.html
2012-06-14 19:19:18 +02:00
Marc Hoersken
9d8375c29b winbuild: Allow SSPI build with or without Schannel
The changes introduced in commit 2bfa57bc32 are not enough
to make it actually possible to use the USE_WINSSL option.
Makefile.vc was not updated and the configuration name which is
used in the build path did not match between both build files.

This patch fixes those issues and introduces the following changes:

- Replaced the -schannel name with -winssl in order to be consistent
with the other options
- Added ENABLE_WINSSL option to winbuild/Makefile.vc (default yes)
- Changed winbuild/MakefileBuild.vc to set USE_WINSSL to true if
USE_SSL is false and USE_WINSSL was not specified as a parameter
- Separated WINSSL handling from SSPI handling to be consistent with
the other options and their corresponding code path
2012-06-14 18:16:47 +02:00
Yang Tse
508dbb99aa curl.1: 7.27.0 seems next release 2012-06-14 18:10:29 +02:00
Yang Tse
42f0588ea8 schannel: fix printf-style format strings 2012-06-14 16:55:26 +02:00
Yang Tse
6085ca2aed Fix bad failf() and info() usage
Calls to failf() are not supposed to provide trailing newline.
Calls to infof() must provide trailing newline.

Fixed 30 or so strings.
2012-06-14 13:32:05 +02:00
Yang Tse
a8259945c4 schannel: fix unused parameter warnings 2012-06-14 12:12:54 +02:00
Yang Tse
3af5023a20 schannel: fix comparisons between signed and unsigned 2012-06-14 12:10:51 +02:00
Yang Tse
2bac074f08 schannel: fix discarding qualifier from pointer type 2012-06-14 12:05:48 +02:00
Yang Tse
d098cfd8c0 schannel: fix shadowing of global declarations 2012-06-14 11:53:46 +02:00
Yang Tse
b4b7f6828c schannel: fix Curl_schannel_init() and Curl_schannel_cleanup() declarations 2012-06-14 11:34:12 +02:00
Gisle Vanem
0d0893f2b9 urldata.h: fix cyassl/openssl/ssl.h build clash with wincrypt.h
Building with CyaSSL failed compilation. Reason being that OCSP_REQUEST and
OCSP_RESPONSE are enum values in CyaSSL and defines in <wincrypt.h> included
via <winldap.h> in ldap.c.

http://curl.haxx.se/mail/lib-2012-06/0196.html
2012-06-14 01:51:51 +02:00
Yang Tse
2bfa57bc32 MakefileBuild.vc: Allow building without SSL
In order to use Windows native SSL support define 'USE_WINSSL'
2012-06-13 21:15:41 +02:00
Yang Tse
b276ac7691 configure: new option --with-winssl
This option may be used to build curl/libcurl using SSL/TLS support provided
by MS windows system libraries. Option is mutually exclusive with any other
SSL library. Default value is --without-winssl.

--with-winssl option implies --with-sspi option.

Option meaningful only for Windows builds.
2012-06-13 20:54:42 +02:00
Guenter Knauf
32ce7f19b2 Changed Schannel string to SSL-Windows-native.
This is more descriptive for the user who might
not even know what schannnel is at all.
2012-06-13 19:29:45 +02:00
Yang Tse
819afe46ee schannel: remove version number and identify its use with 'schannel' literal
Version number is removed in order to make this info consistent with
how we do it with other MS and Linux system libraries for which we don't
provide this info.

Identifier changed from 'WinSSPI' to 'schannel' given that this is the
actual provider of the SSL/TLS support. libcurl can still be built with
SSPI and without SCHANNEL support.
2012-06-13 16:42:48 +02:00
Daniel Stenberg
c13af84372 singlesocket: remove dead code
No need to check if 'entry' is non-NULL in a spot where it is already checked
and guaranteed to be non-NULL.

(Spotted by a Coverity scan)
2012-06-12 23:04:04 +02:00
Daniel Stenberg
47c1bf9e43 netrc: remove dead code
Remove two states from the enum and the corresponding code for them as
these states were never reached or used.

(Spotted by a Coverity scan)
2012-06-12 22:46:14 +02:00
Yang Tse
d95b8e0627 Revert "connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing"
This reverts commit 9c94236e6c.

It didn't server its purpose, so lets go back to long-time working code.
2012-06-12 13:12:09 +02:00
Yang Tse
1e8e6057ea socks_sspi.c: further cleanup 2012-06-12 12:34:52 +02:00
Marc Hoersken
38f05cea46 socks_sspi.c: Clean up and removal of obsolete minor status
Removed obsolete minor status variable and parameter of status function
which was never used or set at all. Also Curl_sspi_strerror does support
only one status and there is no need for a second sub status.
2012-06-12 11:52:42 +02:00
Guenter Knauf
7bf910482e Removed trailing whitespaces. 2012-06-12 05:36:08 +02:00
Yang Tse
b8edf5bbe9 strerror.c: make Curl_sspi_strerror() always return code for errors 2012-06-12 03:57:15 +02:00
Yang Tse
5e7a0fe73b curl_sspi.h: provide sspi status definitions missing in old headers 2012-06-12 03:56:24 +02:00
Yang Tse
746b80a210 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:11:10 +02:00
Yang Tse
764a5e4a50 sspi: make Curl_sspi_strerror() libcurl's sspi status code string function 2012-06-12 01:06:48 +02:00
Daniel Stenberg
af0888aaf6 Revert: 634f7cfee4 partially
Make sure CURL_VERSION_SSPI is present and works as in previous releases
for ABI and API compatibility reasons.
2012-06-11 22:58:39 +02:00
Daniel Stenberg
9c18bb3702 checksrc: shorten a few lines to comply 2012-06-11 19:08:46 +02:00
Daniel Stenberg
c7cc914961 cleanup: remove trailing whitespace 2012-06-11 19:06:43 +02:00
Marc Hoersken
c45069bfbe winbuild: Removed WITH_SSL=schannel and tie schannel to SSPI
Removed specific WITH_SSL=schannel paramter that did not fit the general
schema and complicated the parameters. For now Schannel will be enabled
if SSPI is enabled and OpenSSL is disabled.
2012-06-11 19:04:49 +02:00
Steve Holme
9a51c11074 Makefile.vc6: Added version.lib if built with SSPI 2012-06-11 19:04:16 +02:00
Marc Hoersken
cb142cf217 winbuild: Updated winbuild scripts to add schannel 2012-06-11 19:03:14 +02:00
Marc Hoersken
7da6a9128b mingw32: Fixed warning of USE_SSL being redefined 2012-06-11 19:00:37 +02:00
Marc Hoersken
61d152384e sspi: Fixed incompatible parameter pointer type in Curl_sspi_version 2012-06-11 19:00:37 +02:00
Marc Hoersken
0c86ccc647 sspi: Updated RELEASE-NOTES, FEATURES and THANKS 2012-06-11 19:00:37 +02:00
Marc Hoersken
a92df2e007 setup.h: Automatically define USE_SSL if USE_SCHANNEL is defined 2012-06-11 19:00:36 +02:00
Marc Hoersken
634f7cfee4 version: Replaced SSPI feature information with version string details
Added Windows SSPI version information to the curl version string when
SCHANNEL SSL is not enabled, as the version of the library should also
be included when SSPI is used to generate security contexts.

Removed SSPI from the feature list as the features are GSS-Negotiate,
NTLM and SSL depending on the usage of the SSPI library.
2012-06-11 19:00:36 +02:00
Steve Holme
70d56bfe3c sspi.c: Post Curl_sspi_version() rework code tidy up
Removed duplicate blank lines.
Removed spaces between the not and test in various if statements.
Removed explicit test of NULL in an if statement.
Placed function returns on same line as function declarations.
Replaced the use of curl_maprintf() with aprintf() as it is the
preprocessor job to do this substitution if ENABLE_CURLX_PRINTF
is set.
2012-06-11 19:00:36 +02:00
Steve Holme
bd38ebc697 sspi: Reworked Curl_sspi_version() to return version components
Reworked the version function to return four version components rather
than a string that has to be freed by the caller.
2012-06-11 19:00:36 +02:00
Guenter Knauf
b15434e749 configure.ac: Added -lversion if built with SSPI 2012-06-11 19:00:36 +02:00
Marc Hoersken
7047e2ed72 schannel: Code cleanup and bug fixes
curl_sspi.c: Fixed mingw32-gcc compiler warnings
curl_sspi.c: Fixed length of error code hex output

The hex value was printed as signed 64-bit value on 64-bit systems:
SEC_E_WRONG_PRINCIPAL (0xFFFFFFFF80090322)

It is now correctly printed as the following:
SEC_E_WRONG_PRINCIPAL (0x80090322)

curl_sspi.c: Fallback to security function table version number
Instead of reporting an unknown version, the interface version is used.

curl_sspi.c: Removed SSPI/ version prefix from Curl_sspi_version
curl_schannel: Replaced static buffer sizes with defined names
curl_schannel.c: First brace when declaring functions on column 0
curl_schannel.c: Put the pointer sign directly at variable name
curl_schannel.c: Use structs directly instead of typedef'ed structs
curl_schannel.c: Removed space before opening brace
curl_schannel.c: Fixed lines being longer than 80 chars
2012-06-11 19:00:35 +02:00
Marc Hoersken
c1311c2b8f curl_sspi: Added Curl_sspi_version function
Added new function to get SSPI version as string.
Added required library version.lib to makefiles.
Changed curl_schannel.c to use Curl_sspi_version.
2012-06-11 19:00:35 +02:00
Guenter Knauf
0bb5ff5d1a schannel: Updated mingw32 makefiles 2012-06-11 19:00:35 +02:00
Marc Hoersken
64dc957a41 schannel: Replace ASCII specific code with general defines 2012-06-11 19:00:35 +02:00
Marc Hoersken
3d3a3f9e7c schannel: Added definitions which are missing in mingw32 2012-06-11 19:00:34 +02:00
Marc Hoersken
8d78848a39 schannel: Moved interal struct types to urldata.h
Moved type definitions in order to avoid inclusion loop
2012-06-11 19:00:34 +02:00
Marc Hoersken
90412c8613 schannel: Fixed compiler warnings about pointer type assignments 2012-06-11 19:00:34 +02:00
Marc Hoersken
78729e76da schannel: Fixed critical typo in conditions and added buffer length checks 2012-06-11 19:00:34 +02:00
Marc Hoersken
f858bb0d1f sspi: Refactored socks_sspi and schannel to use same error message functions
Moved the error constant switch to curl_sspi.c and added two new helper
functions to curl_sspi.[ch] which either return the constant or a fully
translated message representing the SSPI security status.
Updated socks_sspi.c and curl_schannel.c to use the new functions.
2012-06-11 19:00:34 +02:00
Marc Hoersken
15ca80c831 schannel: Added special shutdown check for Windows 2000 Professional
Windows 2000 Professional:  Schannel returns SEC_E_OK instead
of SEC_I_CONTEXT_EXPIRED. If the length of the output buffer
is zero and the first byte of the encrypted packet is 0x15,
the application can safely assume that the message was a
close_notify message and change the return value to
SEC_I_CONTEXT_EXPIRED.

Connection shutdown does not mean that there is no data to read
Correctly handle incomplete message and ask curl to re-read
Fixed buffer for decrypted being to small
Re-structured read condition to be more effective
Removed obsolete verbose messages
Changed memory reduction method to keep a minimum buffer of size 4096
2012-06-11 19:00:34 +02:00
Marc Hoersken
ec9e9f38b1 schannel: Implemented SSL/TLS renegotiation
Updated TODO information and added related MSDN articles
2012-06-11 19:00:34 +02:00
Marc Hoersken
46792af733 schannel: Save session credential handles in session cache 2012-06-11 19:00:34 +02:00
Marc Hoersken
445245ca85 schannel: Code cleanup 2012-06-11 19:00:34 +02:00
Marc Hoersken
f96f1f3165 schannel: Check for required context attributes 2012-06-11 19:00:34 +02:00
Marc Hoersken
bead90a837 schannel: Allow certificate and revocation checks being deactivated 2012-06-11 19:00:34 +02:00
Marc Hoersken
aaa42aa0d5 schannel: Added SSL/TLS support with Microsoft Windows Schannel SSPI 2012-06-11 19:00:29 +02:00
Marc Hoersken
1f635608bb http: Replaced specific SSL libraries list in https_getsock fallback 2012-06-11 19:00:29 +02:00
Marc Hoersken
9c94236e6c connect.c/ftp.c: Fixed dereferencing pointer breakin strict-aliasing
Fixed warning: dereferencing pointer does break strict-aliasing rules
by using a union instead of separate pointer variables.
Internal union sockaddr_u could probably be moved to generic header.
Thanks to Paul Howarth for the hint about using unions for this.

Important for winbuild: Separate declaration of sockaddr_u pointer.
The pointer variable *sock cannot be declared and initialized right
after the union declaration. Therefore it has to be a separate statement.
2012-06-11 15:26:30 +02:00
Marc Hoersken
3f9ab7cf5d curl_ntlm_msgs.c: Fixed passwdlen not being used and recalculated 2012-06-11 14:47:23 +02:00
Yang Tse
63e9685470 tests: fix test definitions # 1355, 1363, 1385 and 1393
-i without HTTP protocol shall not include headers in the output
2012-06-11 13:56:40 +02:00
Daniel Stenberg
6cd084a3b5 Curl_pgrsDone: return int and acknowledge return code
Since Curl_pgrsDone() itself calls Curl_pgrsUpdate() which may return an
abort instruction or similar we need to return that info back and
subsequently properly handle return codes from Curl_pgrsDone() where
used.

(Spotted by a Coverity scan)
2012-06-10 23:40:35 +02:00
Marc Hoersken
72c7c1d64e winbuild: Fixed environment variables being lost
Fixed USE_IPV6 and USE_IDN not being passed
from Makefile.vc to MakefileBuild.vc
Fixed whitespace and formatting issues
Fixed typo and format in help message
2012-06-10 16:12:48 +01:00
Guenter Knauf
6ea32b8b76 Added metalink support to NetWare builds. 2012-06-09 23:10:47 +02:00
Steve Holme
1aaf86a596 smtp.c: Removed unused variable 2012-06-09 19:49:59 +01:00
Steve Holme
6188855b67 smtp: Post apop feature code tidy up 2012-06-09 19:22:29 +01:00
Steve Holme
a3660127a4 pop3: Post apop feature code tidy up 2012-06-09 19:21:44 +01:00
Steve Holme
c09c621af7 pop3: Added support for apop authentication 2012-06-09 13:49:37 +01:00
Steve Holme
4e430a8a16 pop3: Enhanced the extended authentication mechanism detection
Enhanced the authentication type / mechanism detection in preparation
for the introduction of APOP support.
2012-06-09 11:48:44 +01:00
Steve Holme
6478e1d7e5 pop3.c: Fixed length of SASL check 2012-06-09 11:08:08 +01:00
Yang Tse
a884ffe430 Fixes allowing 26 more test cases in 1334 to 1393 range to succeed 2012-06-09 05:49:49 +02:00
Yang Tse
c29d1f4e3a tests: fix test definitions # 1370 and 1371
-J without -O shall not honor C-D filename
2012-06-09 05:49:48 +02:00
Daniel Stenberg
674e53f40e OpenSSL: support longer certificate subject names
Previously it would use a 256 byte buffer and thus cut off very long
subject names. The limit is now upped to the receive buffer size, 16K.

Bug: http://curl.haxx.se/bug/view.cgi?id=3533045
Reported by: Anthony G. Basile
2012-06-09 00:06:54 +02:00
Kamil Dudka
68857e40d6 ssl: fix duplicated SSL handshake with multi interface and proxy
Bug: https://bugzilla.redhat.com/788526
Reported by: Enrico Scholz
2012-06-08 23:27:11 +02:00
Daniel Stenberg
dd576194ce tool_getparam.h: fix compiler error
forward declare the Configurable struct
2012-06-08 23:14:30 +02:00
Daniel Stenberg
870c99b7e7 metalink: restore some includes
Commit eeeba1496c removed them and thus broke my Linux build
2012-06-08 23:13:32 +02:00
Daniel Stenberg
e3f5e04cf0 openldap: OOM fixes
when calloc fails, return error! (Detected by Fortify)

Reported by: Robert B. Harris
2012-06-08 20:57:11 +02:00
Steve Holme
0cd8c287a4 sasl: Re-factored mechanism constants in preparation for APOP work 2012-06-08 19:52:28 +01:00
Yang Tse
eeeba1496c metalink: build fixes and adjustments II
Additionally, make hash checking ability mandatory in order to allow metalink
support in curl.

A command line option could be introduced to skip hash checking at runtime,
but the ability to check hashes should always be built-in when providing
metalink support.
2012-06-08 14:27:45 +02:00
Guenter Knauf
186b101deb Added metalink support to MinGW builds. 2012-06-08 14:16:43 +02:00
Daniel Stenberg
d2fc8b4a5f log2changes.pl: fix the Version output
Previously it could easily wrongly get repeated
2012-06-07 23:50:00 +02:00
Yang Tse
04ca9aecd1 metalink: build fixes and adjustments I 2012-06-07 23:50:12 +02:00
Daniel Stenberg
2e48139fbf lib554.c: use curl_formadd() properly
The length/size options take longs so make sure to pass on such types.

Reported by: Neil Bowers
Bug: http://curl.haxx.se/mail/lib-2012-06/0001.html
2012-06-07 23:10:40 +02:00
Steve Holme
0636af6131 smtp.c: Re-factored the smtp_state_*_resp() functions
Re-factored the smtp_state_*_resp() functions to 1) Match the constants
that were refactored in commit 00fddba672, 2) To be more readable and
3) To match their counterparties in pop3.c.
2012-06-07 22:06:01 +01:00
Yang Tse
7352ac408b Fixes allowing HTTP test cases 1338, 1339, 1368 and 1369 to succeed 2012-06-07 21:57:53 +02:00
Yang Tse
c41d959ee6 tests 1364 to 1393: several -o filename -J -i -D combinations for HTTP and FTP 2012-06-07 17:45:37 +02:00
Yang Tse
430791616b tests 1348 to 1363: test definition polishing
Verify that the "Saved to filename 'blabla'" message is only displayed when
the 'blabla' filename being used _actually_ has been specified by the server
in the Content-Disposition header.

Use relative path for unintended file creation postcheck.
2012-06-07 15:29:46 +02:00
Steve Holme
00fddba672 smtp: Re-factored the SMTP_AUTH* state machine constants
Re-factored the SMTP_AUTH* constants, that are used by the state
machine, to be clearer to read.
2012-06-06 20:14:52 +01:00
Guenter Knauf
eef4b3fcfc Added hint for pkg-config wrapper script. 2012-06-06 17:22:17 +02:00
Guenter Knauf
aaa1e7f9d4 Updated Android section with recent NDK.
The r7b had some bugs, and shouldnt be used.
2012-06-06 16:16:52 +02:00
Yang Tse
37550c16f9 Disable non-HTTP header related tests
These now detect incompleate header data and fail
2012-06-06 13:04:18 +02:00
Yang Tse
b1f2a680bd tests 1348 to 1363: compleate header data part of test definition 2012-06-06 12:59:52 +02:00
Yang Tse
2b56e4c1bb tests 1334 to 1363 revisited.
Add a postcheck section to verify unintended file creation.

Remove needless <file> checks in verify section. Renumbering where appropriate.
2012-06-05 20:20:40 +02:00
Yang Tse
62f374b19e tests: adjust file part behavior in test verify section.
When a <file> part is now specified with no contents at all, this
will actually verify that the specified file has no contents at all.
Previously file contents would be ignored.
2012-06-05 20:20:39 +02:00
Steve Holme
89b5680d81 smtp.c: Removed whitespace 2012-06-05 14:34:17 +01:00
Steve Holme
0f3c330ad8 pop3: Another small code tidy up
Missed some comments that we identified during the SMTP tidy up earlier.
2012-06-05 13:49:50 +01:00
Steve Holme
7157363ab4 smtp: Post authentication code tidy up
Corrected lines longer than 78 characters.

Removed unnecessary braces in smtp_state_helo_resp().

Introduced some comments in data sending functions.

Tidied up comments to match changes made in pop3.c.
2012-06-05 12:23:01 +01:00
Yang Tse
c5b66836a5 tests 1348 to 1363: add a comma in test description 2012-06-05 13:16:35 +02:00
Steve Holme
57e6336794 email: Removed duplicated header file 2012-06-05 11:18:07 +01:00
Steve Holme
64510fe917 sasl: Renamed Curl_sasl_decode_ntlm_type2_message()
For consistency with other SASL based functions renamed this function
to Curl_sasl_create_ntlm_type3_message() which better describes its
usage.
2012-06-04 22:25:45 +01:00
Steve Holme
38dfe52559 pop3: Post authentication code tidy up
Corrected lines longer than 78 characters.

Changed POP3_AUTH_FINAL to POP3_AUTH to match SMTP code now that the
AUTH command is no longer sent on its own.

Introduced some comments in data sending functions.

Another attempt at trying to rational code and comment style.
2012-06-04 22:15:51 +01:00
Steve Holme
7759d10f36 pop3: Added support for sasl digest-md5 authentication 2012-06-04 21:50:16 +01:00
Yang Tse
32ab3276ee sasl: add reference for curl_sasl 2012-06-04 22:51:00 +02:00
Yang Tse
74a7ee9973 Makefile.inc: tab adjustment 2012-06-04 22:50:59 +02:00
Daniel Stenberg
0c460e80ed pop3 tests: CAPA instead of AUTH
After Steve's commit e336bc7c42 test 1319 and 1407 need to check
for CAPA instead of AUTH.
2012-06-04 22:34:06 +02:00
Steve Holme
bf51b8c07a sasl: Added service parameter to Curl_sasl_create_digest_md5_message()
Added a service type parameter to Curl_sasl_create_digest_md5_message()
to allow the function to be used by different services rather than being
hard coded to "smtp".
2012-06-04 20:22:06 +01:00
Yang Tse
04a6f0a1a4 tests 1356 to 1363: several -O -J -i -D combinations with FTP protocol
Currently 1356 to 1362 succeed but a write failure is logged in traceNNNN.

Currently 1363 fails, so disabled for now.
2012-06-04 20:59:45 +02:00
Steve Holme
1fc89eb87f tests: Updated pop3 tests for change in auth mechanism detection 2012-06-04 19:41:56 +01:00
Steve Holme
e336bc7c42 pop3: Changed the sasl mechanism detection from auth to capa
Not all SASL enabled POP3 servers support the AUTH command on its own
when trying to detect the supported mechanisms. As such changed the
mechanism detection to use the CAPA command instead.
2012-06-04 19:09:45 +01:00
Daniel Stenberg
b511486fcd curl_easy_setopt.3: proto updates + cleanups
- For all *FUNCTION options, they now all show the complete prototype in
  the description. Previously some of them would just refer to a
  typedef'ed function pointer in the curl.h header.

- I made the phrasing of that "Pass a pointer to a function that matches
  the following prototype" the same for all *FUNCTION option descriptions.

- I removed some uses of 'should'. I think I sometimes over-use this
  word as in many places I actually mean MUST or otherwise more specific
  and not-so-optional synonyms.
2012-06-04 20:03:13 +02:00
Yang Tse
3bfff57e1f tests 1348 to 1355: several -O -J -i -D combinations with FTP protocol
Currently 1348 to 1354 succeed but a write failure is logged in traceNNNN.

Currently 1355 fails, so disabled for now.
2012-06-04 19:40:04 +02:00
Yang Tse
628e62a966 tests 1346 to 1347: several -O -J -i -D combinations with HTTP protocol 2012-06-04 18:56:28 +02:00
Steve Holme
f087211566 sasl: Small code tidy up
Reworked variable names in Curl_sasl_create_cram_md5_message() to match
those in Curl_sasl_create_digest_md5_message() as they are more
appropriate.
2012-06-04 11:02:03 +01:00
Steve Holme
665e16899c sasl: Moved digest-md5 authentication message creation from smtp.c
Moved the digest-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-04 10:53:18 +01:00
Steve Holme
58987556d5 sasl: Small code tidy up before moving digest-md5 over
Correction of comments and variable names.
2012-06-04 10:49:55 +01:00
Steve Holme
79c2af3082 RELEASE-NOTES: Added missing addition of sasl login support 2012-06-03 19:28:08 +01:00
Steve Holme
8c0bfd3e0c pop3: Added support for sasl cram-md5 authentication 2012-06-03 19:13:16 +01:00
Daniel Stenberg
24f127027b Curl_sasl_create_plain_message: remove TAB 2012-06-03 19:42:47 +02:00
Steve Holme
2b9ca12edf sasl: Small code tidy up
Added some comments and removed an unreferenced variable.
2012-06-03 18:24:35 +01:00
Steve Holme
3b8cf5bd14 pop3.c: Added conditional compilation for NTLM function calls
Added USE_NTLM condition compilation around the NTLM functions called
from pop3_statemach_act() introduced in commit 69f7156ad9.
2012-06-03 17:40:05 +01:00
Steve Holme
c12a414b21 sasl: Moved cram-md5 authentication message creation from smtp.c
Moved the cram-md5 message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-06-03 17:21:49 +01:00
Steve Holme
b5bb61ee69 pop3: Fixed an issue with changes introduced in commit c267c53017
Because pop3_endofresp() is called for each line of data yet is not
passed the line and line length, so we have to use the data pointed to
by pp->linestart_resp which contains the whole packet, the mechanisms
were being detected in one call yet the function would be called for
each line of data.

Using curl with verbose mode enabled would show that one line of data
would be received in response to the AUTH command, before the AUTH
<mechanism> command was sent to the server and then the next few lines
of the original AUTH command would be displayed before the response from
the AUTH <mechanism> command. This would then cause problems when
parsing the CRAM-MD5 challenge data as extra data was contained in the
buffer.

Changed the parsing so that each line is checked for the mechanisms
and the function returns FALSE until the whole of the AUTH response has
been processed.
2012-06-03 17:06:48 +01:00
Daniel Stenberg
69f01ec2d1 version: bump to 7.27.0 for next release
Due to new features
2012-06-03 13:52:25 +02:00
Daniel Stenberg
4cff10af69 RELEASE-NOTES: synced with c4e3578e4b
Also bumped the contributor number and next release is to become 7.27.0
2012-06-03 13:51:54 +02:00
Daniel Stenberg
c4e3578e4b THANKS: 16 new contributors from the 7.26.0 release 2012-06-03 13:43:44 +02:00
Steve Holme
797315044d DOCS: Fixed list in Section 18.2 not displaying correctly on web site 2012-06-03 01:17:21 +01:00
Steve Holme
08c128bd93 DOCS: Corrected missed heading renumbering from commit 530675a1ad 2012-06-03 01:13:36 +01:00
Steve Holme
530675a1ad DOCS: Added IMAP and LDAP sections
Added new sections 11. IMAP and 12. LDAP to document adding SASL based
authentication.

Renumbered current sections 11 to 17 as 13 to 19.

Additionally added 19.10 Add CURLOPT_MAIL_CLIENT option.
2012-06-03 01:00:45 +01:00
Steve Holme
273e9afcc8 sasl.c: Fix to avoid warnings introduced in commit d9ca9e9869
Applied a fix to avoid warnings on systems where Curl_ntlm_sspi_cleanup()
is just a nop.
2012-06-03 00:00:34 +01:00
Steve Holme
9c7016f560 pop3.c:Corrected typo in commit 69ba0da827 2012-06-02 23:12:07 +01:00
Steve Holme
69ba0da827 pop3: Fixed the issue of having to supply the user name for all requests
Previously it wasn't possible to connect to POP3 and not specify the
user name as a CURLE_ACCESS_DENIED error would be returned. This error
occurred because USER would be sent to the server with a blank user name
if no mailbox user was specified as the server would reply with -ERR.

This wasn't a problem prior to the 7.26.0 release but with the
introduction of custom commands the user and/or application developer
might want to issue a CAPA command without having to log in as a
specific mailbox user.

Additionally this fix won't send the newly introduced AUTH command if no
user name is specified.
2012-06-02 22:11:37 +01:00
Steve Holme
1fa2af5136 pop3.c: Small code tidy up
Corrected lines exceeding 78 characters.

Repositioned some comments and added extra clarity.
2012-06-02 21:38:55 +01:00
Steve Holme
cfa81b8fb0 sasl: Corrected variable names in comments and parameters 2012-06-02 14:03:55 +01:00
Steve Holme
69f7156ad9 pop3: Added support for sasl ntlm authentication 2012-06-02 11:55:58 +01:00
Steve Holme
6f964e4f06 sasl: Small comment style tidy up following ntlm commit 2012-06-02 11:09:59 +01:00
Steve Holme
d9ca9e9869 sasl: Moved ntlm authentication message handling from smtp.c
Moved the ntlm message creation and decoding from smtp.c into the sasl
module to allow for use by other modules such as pop3.
2012-06-02 11:07:58 +01:00
Steve Holme
2df6e6d9f8 pop3: Added support for sasl login authentication 2012-06-01 15:59:29 +01:00
Yang Tse
379efd62aa tests 1334 to 1345: several -O -J -i -D combinations with HTTP protocol 2012-06-01 05:48:26 +02:00
Yang Tse
00dd45720e tests: support test definitions with up to 5 file checks in <verify> section
This is done introducing tags <file1> to <file4> besides existing <file> one,
as well as corresponding <stripfile1> to <stripfile4> ones, that can be used
in the <verify> section in the same way as the non-numbered ones.
2012-06-01 05:37:00 +02:00
Steve Holme
54d484e136 sasl: Moved login authentication message creation from smtp.c
Moved the login message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-31 23:11:54 +01:00
Steve Holme
cb3d0ce2cb smtp.c: Reworked message encoding in smtp_state_authpasswd_resp()
Rather than encoding the password message itself the
smtp_state_authpasswd_resp() function now delegates the work to the same
function that smtp_state_authlogin_resp() and smtp_authenticate() use
when constructing the encoded user name.
2012-05-31 22:58:07 +01:00
Steve Holme
f86432b119 smtp.c: Re-factored smtp_auth_login_user() for use with passwords
In preparation for moving to the SASL module re-factored the
smtp_auth_login_user() function to smtp_auth_login() so that it can be
used for both user names and passwords as sending both of these under
the login authentication mechanism is the same.
2012-05-31 22:49:14 +01:00
Steve Holme
2c6d32b864 pop3: Added support for sasl plain text authentication 2012-05-31 20:45:53 +01:00
Steve Holme
3c14c524c5 curl_ntlm_msgs.c: Corrected small spelling mistake in comments 2012-05-30 20:56:37 +01:00
Steve Holme
8e860c1662 sasl: Moved plain text authentication message creation from smtp.c
Moved the plain text message creation from smtp.c into the sasl module
to allow for use by other modules such as pop3.
2012-05-30 20:52:52 +01:00
Yang Tse
c90acaa77a configure: fix LDAPS disabling related misplaced closing parenthesis 2012-05-30 17:40:13 +02:00
Yang Tse
b420f60a06 pop3 test server: allow pop3 test server verification to succeed again
Introduce SUPPORTCAPA and SUPPORTAUTH config commands to allow further
pop3 test server expansion for tests that require CAPA or AUTH support,
although this will need some extra work to make it fully functional.
2012-05-30 17:39:14 +02:00
Steve Holme
7291c1f565 pop3: Introduced the continue response in pop3_endofresp() 2012-05-28 21:29:01 +01:00
Steve Holme
3fa0fbb816 pop3: Changed response code from O and E to + and -
The POP3 protocol doesn't really have the concept of error codes and
uses +, +OK and -ERR in response to commands to indicate continue,
success and error.

The AUTH command is one of those commands that requires multiple pieces
of data to be sent to the server where the server will respond with + as
part of the handshaking. This meant changing the values before
continuing with the next stage of adding authentication support.
2012-05-28 20:59:10 +01:00
Steve Holme
a9d798c4d5 pop3: Small code tidy up following authentication work so far
Changed the order of the state machine to match the order of actual
events.

Reworked some comments and function parameter positioning that I missed
the other day.
2012-05-28 20:21:52 +01:00
Kamil Dudka
72f4b534c4 nss: use human-readable error messages provided by NSS
Bug: http://lists.baseurl.org/pipermail/yum-devel/2012-January/009002.html
2012-05-28 11:24:24 +02:00
Daniel Stenberg
a03100c357 test1013.pl: filter out Metalink
Since it isn't a feature supported by curl-config we can't compare that
with the --version output
2012-05-27 23:43:23 +02:00
Daniel Stenberg
a7731673d0 pop3: remove variable-not-used warnings 2012-05-27 23:29:15 +02:00
Steve Holme
3124a8df93 DOCS: Corrected the "Added in" version number for CURLOPT_MAIL_AUTH
Additionally corrected another RFC link that I missed yesterday.
2012-05-27 20:04:36 +01:00
Steve Holme
c267c53017 pop3: Added support for SASL based authentication mechanism detection
Added support for detecting the supported SASL authentication mechanisms
via the AUTH command. There are two ways of detecting them, either by
using the AUTH command, that will return -ERR if not supported or by
using the CAPA command which will return SASL and the list of mechanisms
if supported, not include SASL if SASL authentication is not supported
or -ERR if the CAPA command is not supported. As such it seems simpler
to use the AUTH command and fallback to normal clear text authentication
if the the command is not supported.

Additionally updated the test cases to return -ERR when the AUTH command
is encountered. Additional test cases will be added when support for the
individual authentication mechanisms is added.
2012-05-27 19:09:38 +01:00
Daniel Stenberg
dc454bd16b pop3: remove trailing whitespace 2012-05-27 14:08:46 +02:00
Steve Holme
c6495bccbf pop3: Code tidy up before the introduction of authentication code
Moved EOB definition into header file.

Switched the logic around in pop3_endofresp() to allow for the
introduction of auth-mechanism detection.

Repositioned second and third function variables where they will fit
within the 78 character line limit.

Tidied up some comments.
2012-05-27 10:54:13 +01:00
Guenter Knauf
f95f19e854 Enabled OpenSSL static linkage. 2012-05-27 07:26:48 +02:00
Guenter Knauf
ca8b4e9742 Enabled OpenSSL static linkage. 2012-05-27 07:16:45 +02:00
Guenter Knauf
cd4cf989bb Try to detect OpenSSL build type automatically. 2012-05-27 03:28:43 +02:00
Daniel Stenberg
6015b71c4e metalink: fix build errors when disabled 2012-05-26 23:20:23 +02:00
Tatsuhiro Tsujikawa
1bfd750f3f Reduced #ifdef HAVE_METALINK 2012-05-26 23:12:09 +02:00
Tatsuhiro Tsujikawa
7bdb9fba95 Disable hash check if neither OpenSSL nor GNUTLS is installed. 2012-05-26 23:12:02 +02:00
Tatsuhiro Tsujikawa
6927153703 Format GETOUT_METALINK nicely 2012-05-26 23:11:58 +02:00
Tatsuhiro Tsujikawa
6a655ca192 Minimize usage of structs from libmetalink 2012-05-26 23:11:52 +02:00
Tatsuhiro Tsujikawa
9f7f7925da Check checksum of downloaded file if checksum is available
Metalink file contains several hash types of checksums, such as
md5, sha-1, sha-256, etc. To deal with these checksums, I created
abstraction layer based on lib/curl_md5.h and
lib/md5.c. Basically, they are almost the same but I changed the
code so that it is not hash type dependent. Currently,
GNUTLS(nettle or gcrypt) and OpenSSL functions are supported.

Checksum checking is done by reopening download file.  If there
is an I/O error, the current implementation just prints error
message and does not try next resource.

In this patch, the supported hash types are: md5, sha-1 and sha-256.
2012-05-26 23:11:46 +02:00
Tatsuhiro Tsujikawa
c3ef63f167 Always create directory hierarchy for Metalink.
Filenames contained in Metalink file can include directory information.
Filenames are unique in Metalink file, taking into account the directory
information. So we need to create the directory hierarchy.

Curl has --create-dirs option, but we create directory hierarchy for
Metalink downloads regardless of the option value.

This patch also put metalink int variable outside of HAVE_LIBMETALINK
guard. This reduces the number of #ifdefs.
2012-05-26 23:11:40 +02:00
Tatsuhiro Tsujikawa
94eb132896 Fixed segmentation fault when Metalink has no valid file or no resource. 2012-05-26 23:11:14 +02:00
Tatsuhiro Tsujikawa
383641d70a Support media-type parameter in Content-Type 2012-05-26 23:11:06 +02:00
Tatsuhiro Tsujikawa
963bcde476 Print "Metalink" in Features if Metalink support is enabled. 2012-05-26 23:11:01 +02:00
Tatsuhiro Tsujikawa
dde279ed31 Removed trailing space 2012-05-26 23:10:56 +02:00
ant
89747794fe Add --metalink to --help 2012-05-26 23:10:53 +02:00
ant
462f10f824 Add Metalink information and --metalink option to man page 2012-05-26 23:10:25 +02:00
ant
8834448cc1 Add Metalink information and --metalink option to man page 2012-05-26 23:10:15 +02:00
ant
ee483aeca2 Adds Metalink information to INSTALL 2012-05-26 23:10:07 +02:00
Tatsuhiro Tsujikawa
fd17cd4d9c --metalink option is available regardless of Metalink support. 2012-05-26 23:09:57 +02:00
Tatsuhiro Tsujikawa
53f2c02ac7 metalink: parse downloaded Metalink file
Parse downloaded Metalink file and add downloads described there. Fixed
compile error without metalink support.
2012-05-26 23:09:37 +02:00
Tatsuhiro Tsujikawa
1919352a10 Fixed HAVE_LIBMETALINK conditional is always true 2012-05-26 23:09:24 +02:00
Tatsuhiro Tsujikawa
9f9f9ed1b2 metalink: minor metalinkfile fix
Don't update config->metalinkfile_last in operate(). Use local variable
to point to the current metalinkfile.
2012-05-26 23:08:56 +02:00
Tatsuhiro Tsujikawa
a0d7a26e32 metalink: show help message even if disabled
Print message if --metalink is used while metalink support is not
enabled. Migrated Metalink support in tool_operate.c and removed
operatemetalink().
2012-05-26 23:08:13 +02:00
Tatsuhiro Tsujikawa
bb1ce6cc0b Applied patches from Daniel 2012-05-26 23:07:53 +02:00
Tatsuhiro Tsujikawa
b5fdbe848b Support Metalink.
This change adds experimental Metalink support to curl.
To enable Metalink support, run configure with --with-libmetalink.
To feed Metalink file to curl, use --metalink option like this:

  $ curl -O --metalink foo.metalink

We use libmetalink to parse Metalink files.
2012-05-26 23:07:42 +02:00
Steve Holme
efb8471a69 DOCS: Fixed line spacing of authentication examples in CURLOPT_URL 2012-05-26 14:15:33 +01:00
Steve Holme
25c1b29226 DOCS: Changed domain names in various examples to example.com
Updated various references of real domain names to example.com as per
RFC-2606.
2012-05-26 14:05:45 +01:00
Steve Holme
2839c059b1 DOCS: Fixed meaning of bit 2 in CURLOPT_POSTREDIR
Setting bit 2 for this value was documented as having a constant value
defined as CURL_REDIR_POST_303 yet referenced a 302 request.

Additionally corrected the meaning of CURL_REDIR_POST_ALL for all three
bits and fixed problems with the bolding of keywords in this section.
2012-05-26 13:08:37 +01:00
Steve Holme
cb9e2e8466 DOCS: Standardised how RFCs are referenced.
Standardised how RFCs are referenced so that the website may autolink to
the correct documentation on ietf.org. Additionally removed the one link
to RFC3986 on curl.haxx.se.
2012-05-26 12:26:35 +01:00
Yang Tse
a379a4c163 Fix libcurl.pc and curl-config generation for static MingW* cross builds 2012-05-26 00:01:00 +02:00
Tatsuhiro Tsujikawa
b061fed981 Made -D option work with -O and -J.
To achieve this, first new structure HeaderData is defined to hold
necessary data to perform header-related work.  Then tool_header_cb now
receives HeaderData pointer as userdata.  All header-related work
(currently, dumping header and Content-Disposition inspection) are done
in this callback function.  HeaderData.outs->config is used to determine
whether each work is done.

Unit tests were also updated because after this change, curl code always
sets CURLOPT_HEADERFUNCTION and CURLOPT_HEADERDATA.

Tested with -O -J -D, -O -J -i and -O -J -D -i and all worked fine.
2012-05-25 23:06:08 +02:00
Steve Holme
9c480490f7 sasl: Re-factored auth-mechanism constants to be more generic 2012-05-25 21:58:17 +01:00
Steve Holme
978b808f7d smtp: Moved auth-mechanism constants into a separate header file
Move the SMTP_AUTH constants into a separate header file in
preparation for adding SASL based authentication to POP3 as the two
protocols will need to share them.
2012-05-25 21:49:25 +01:00
Kamil Dudka
74be993576 nss: avoid using explicit casts of code pointers 2012-05-25 13:35:23 +02:00
Steve Holme
4f3ec68dc7 DOCS: Added LDAP to the CURLOPT_URL section 2012-05-24 21:17:00 +01:00
Steve Holme
d220834f80 TODO: Removed DIGEST-MD5 authentication from SMTP to do list
Removed DIGEST-MD5 from Section 9.1 Other authentication mechanisms as
the feature was added to SMTP in 7.26.0.

Also corrected small spelling mistake.
2012-05-24 18:55:00 +01:00
Daniel Stenberg
244e966138 bump to 7.26.1: start working towards next release 2012-05-24 18:32:34 +02:00
280 changed files with 15888 additions and 2826 deletions

4
.gitattributes vendored
View File

@@ -1 +1,5 @@
*.dsw -crlf *.dsw -crlf
buildconf eol=lf
configure.ac eol=lf
*.m4 eol=lf
*.in eol=lf

3
.gitignore vendored
View File

@@ -42,3 +42,6 @@ TAGS
*~ *~
aclocal.m4.bak aclocal.m4.bak
CHANGES.dist CHANGES.dist
.project
.cproject
.settings

View File

@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@@ -86,9 +86,13 @@ endif
examples: examples:
@(cd docs/examples; $(MAKE) check) @(cd docs/examples; $(MAKE) check)
# This is a hook to have 'make clean' also clean up the dosc and the tests
# dir. The extra check for the Makefiles being present is necessary because
# 'make distcheck' will make clean first in these directories _before_ it runs
# this hook.
clean-local: clean-local:
@(cd tests; $(MAKE) clean) @(if test -f tests/Makefile; then cd tests; $(MAKE) clean; fi)
@(cd docs; $(MAKE) clean) @(if test -f docs/Makefile; then cd docs; $(MAKE) clean; fi)
# #
# Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros # Build source and binary rpms. For rpm-3.0 and above, the ~/.rpmmacros

View File

@@ -1,54 +1,52 @@
Curl and libcurl 7.26.0 Curl and libcurl 7.27.0
Public curl releases: 127 Public curl releases: 128
Command line options: 151 Command line options: 152
curl_easy_setopt() options: 199 curl_easy_setopt() options: 199
Public functions in libcurl: 58 Public functions in libcurl: 58
Known libcurl bindings: 39 Known libcurl bindings: 39
Contributors: 929 Contributors: 953
This release includes the following changes: This release includes the following changes:
o nss: the minimal supported version of NSS bumped to 3.12.x o nss: use human-readable error messages provided by NSS
o nss: human-readable names are now provided for NSS errors if available o added --metalink for metalink download support [5]
o add a manual page for mk-ca-bundle o pop3: Added support for sasl plain text authentication
o added --post303 and the CURL_REDIR_POST_303 option for CURLOPT_POSTREDIR o pop3: Added support for sasl login authentication
o smtp: Add support for DIGEST-MD5 authentication o pop3: Added support for sasl ntlm authentication
o pop3: Added support for additional pop3 commands o pop3: Added support for sasl cram-md5 authentication
o pop3: Added support for sasl digest-md5 authentication
o pop3: Added support for apop authentication
o Added support for Schannel (Native Windows) SSL/TLS encryption [2]
o Added support for Darwin SSL (Native Mac OS X and iOS) [6]
o http: print reason phrase from HTTP status line on error [8]
This release includes the following bugfixes: This release includes the following bugfixes:
o nss: libcurl now uses NSS_InitContext() to prevent collisions if available o pop3: Fixed the issue of having to supply the user name for all requests
[1] o configure: fix LDAPS disabling related misplaced closing parenthesis
o URL parse: reject numerical IPv6 addresses outside brackets [4] o cmdline: made -D option work with -O and -J
o MD5: fix OOM memory leak [5] o configure: Fix libcurl.pc and curl-config generation for static MingW*
o OpenSSL cert: provide more details when cert check fails cross builds
o HTTP: empty chunked POST ended up in two zero size chunks [6] o ssl: fix duplicated SSL handshake with multi interface and proxy [1]
o fixed a regression when curl resolved to multiple addresses and the first o winbuild: Fix Makefile.vc ignoring USE_IPV6 and USE_IDN flags
isn't supported [7] o OpenSSL: support longer certificate subject names [3]
o -# progress meter: avoid superfluous updates and duplicate lines [8] o openldap: OOM fixes
o headers: surround GCC attribute names with double underscores [9] o log2changes.pl: fix the Version output
o PolarSSL: correct return code for CRL matches o lib554.c: use curl_formadd() properly [4]
o PolarSSL: include version number in version string o urldata.h: fix cyassl build clash with wincrypt.h
o PolarSSL: add support for asynchronous connect o cookies: changed the URL in the cookiejar headers [7]
o mk-ca-bundle: revert the LWP usage [12] o http-proxy: keep CONNECT connections alive (for NTLM)
o IPv6 cookie domain: get rid of the first bracket before the second o NTLM SSPI: fixed to work with unicode user names and passwords
o connect.c: return changed to CURLE_COULDNT_CONNECT when opensocket fails o OOM fix in the curl tool when cloning cmdline options
o OpenSSL: Made cert hostname check conform to RFC 6125 [10] o fixed some examples to use curl_global_init() properly
o HTTP: reset expected DL/UL sizes on redirects [11] o cmdline: stricter numerical option parser
o CMake: fix Windows LDAP/LDAPS option handling [2] o HTTP HEAD: don't force-close after response-headers
o CMake: fix MS Visual Studio x64 unsigned long long literal suffix [3] o test231: fix wrong -C use
o configure: update detection logic of getaddrinfo() thread-safeness o docs: switch to proper UTF-8 for text file encoding
o configure: check for gethostbyname in the watt lib o keepalive: DragonFly uses milliseconds [9]
o curl-config.1: fix curl-config usage in example [13] o HTTP Digest: Client's "qop" value should not be quoted
o smtp: Fixed non-escaping of dot character at beginning of line o make distclean works again
o MakefileBuild.vc: use the correct IDN variable
o autoconf: improve handling of versioned symbols
o curl.1: clarify -x usage
o curl: shorten user-agent
o smtp: issue with the multi-interface always sending postdata [14]
o compile error with GnuTLS+Nettle fixed
o winbuild: fix IPv6 enabled build
This release includes the following known bugs: This release includes the following known bugs:
@@ -57,29 +55,22 @@ This release includes the following known bugs:
This release would not have looked like this without help, code, reports and This release would not have looked like this without help, code, reports and
advice from friends like these: advice from friends like these:
Andrei Cipu, Armel Asselin, Benjamin Johnson, Dag Ekengren, Dave Reisner, Anthony Bryan, Guenter Knauf, Kamil Dudka, Steve Holme, Tatsuhiro Tsujikawa,
Gokhan Sengun, Guenter Knauf, Jan Schaumann, Jonathan Nieder, Kamil Dudka, Yang Tse, Gokhan Sengun, Marc Hoersken, Ghennadi Procopciuc, Gisle Vanem,
Lijo Antony, Olaf Flebbe, Rodrigo Silva, Steve Holme, Tatsuhiro Tsujikawa, Mark Salisbury, Anthony G. Basile, Enrico Scholz, Robert B. Harris,
Tim Heckman, Yang Tse, Arnaud Compan, Blaise Potard, Daniel Theron, Neil Bowers, Marcel Raad, Christian Hägele, Philip Craig, Nick Zitzmann,
Michael Mueller, Michael Wallner, Tim Heckman, Roman Mamedov, Julian Taylor, Eelco Dolstra, Anton Yabchinskiy, Santhana Todatry, John Marino
Claes Jakobsson, Pierre Chapuis, Jan Ehrhardt
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)
References to bug reports and discussions on issues: References to bug reports and discussions on issues:
[1] = https://bugzilla.redhat.com/738456 [1] = https://bugzilla.redhat.com/788526
[2] = http://curl.haxx.se/mail/lib-2012-03/0278.html [2] = http://daniel.haxx.se/blog/2012/06/12/schannel-support-in-libcurl/
[3] = http://curl.haxx.se/mail/lib-2012-03/0255.html [3] = http://curl.haxx.se/bug/view.cgi?id=3533045
[4] = http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670126 [4] = http://curl.haxx.se/mail/lib-2012-06/0001.html
[5] = http://curl.haxx.se/mail/lib-2012-04/0246.html [5] = http://daniel.haxx.se/blog/2012/06/03/curling-the-metalink/
[6] = http://curl.haxx.se/mail/archive-2012-04/0060.html [6] = http://daniel.haxx.se/blog/2012/06/28/darwin-native-ssl-for-curl/
[7] = http://curl.haxx.se/bug/view.cgi?id=3516508 [7] = http://daniel.haxx.se/blog/2012/07/08/curls-new-http-cookies-docs/
[8] = http://curl.haxx.se/bug/view.cgi?id=3517418 [8] = https://bugzilla.redhat.com/676596
[9] = http://curl.haxx.se/mail/lib-2012-04/0127.html [9] = http://curl.haxx.se/bug/view.cgi?id=3546257
[10] = http://tools.ietf.org/html/rfc6125#section-6.4.3
[11] = http://curl.haxx.se/bug/view.cgi?id=3510057
[12] = http://curl.haxx.se/mail/lib-2012-03/0238.html
[13] = http://curl.haxx.se/bug/view.cgi?id=3528241
[14] = http://curl.haxx.se/mail/lib-2012-05/0108.html

View File

@@ -1,10 +1,21 @@
To be addressed in 7.27 Try to fix in 7.27
======================= ==================
309 - metalink support for the curl tool 313 - host.name vs. host.dispname and "(nil)" outputs
To be addressed in 7.28
=======================
310 - a new authentication callback 310 - a new authentication callback
311 - support for SSPI schannel for SSL on windows 312 - custom Content-Length appears in CONNECT, solve it by offering a separate
option to provide headers for the CONNECT request
314 - CURL_SOCKOPTFUNCTION for accept()ed connection
315 - multiple receivers with SMTP and one fails
317 - CURLINFO_SSL_TRUST to return SSL-specific data for a darwinssl build
318 -
312 -

View File

@@ -145,7 +145,7 @@ AC_SUBST(PKGADD_VENDOR)
dnl dnl
dnl initialize all the info variables dnl initialize all the info variables
curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls} )" curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,cyassl,axtls,winssl} )"
curl_ssh_msg="no (--with-libssh2)" curl_ssh_msg="no (--with-libssh2)"
curl_zlib_msg="no (--with-zlib)" curl_zlib_msg="no (--with-zlib)"
curl_krb4_msg="no (--with-krb4*)" curl_krb4_msg="no (--with-krb4*)"
@@ -154,7 +154,7 @@ dnl initialize all the info variables
curl_tls_srp_msg="no (--enable-tls-srp)" curl_tls_srp_msg="no (--enable-tls-srp)"
curl_res_msg="default (--enable-ares / --enable-threaded-resolver)" curl_res_msg="default (--enable-ares / --enable-threaded-resolver)"
curl_ipv6_msg="no (--enable-ipv6)" curl_ipv6_msg="no (--enable-ipv6)"
curl_idn_msg="no (--with-libidn)" curl_idn_msg="no (--with-{libidn,winidn})"
curl_manual_msg="no (--enable-manual)" curl_manual_msg="no (--enable-manual)"
curl_libcurl_msg="enabled (--disable-libcurl-option)" curl_libcurl_msg="enabled (--disable-libcurl-option)"
curl_verbose_msg="enabled (--disable-verbose)" curl_verbose_msg="enabled (--disable-verbose)"
@@ -163,6 +163,8 @@ curl_verbose_msg="enabled (--disable-verbose)"
curl_ldaps_msg="no (--enable-ldaps)" curl_ldaps_msg="no (--enable-ldaps)"
curl_rtsp_msg="no (--enable-rtsp)" curl_rtsp_msg="no (--enable-rtsp)"
curl_rtmp_msg="no (--with-librtmp)" curl_rtmp_msg="no (--with-librtmp)"
curl_mtlnk_msg="no (--with-libmetalink)"
init_ssl_msg=${curl_ssl_msg} init_ssl_msg=${curl_ssl_msg}
dnl dnl
@@ -240,6 +242,7 @@ AM_CONDITIONAL(MIMPURE, test x$mimpure = xyes)
AC_MSG_CHECKING([if we need BUILDING_LIBCURL]) AC_MSG_CHECKING([if we need BUILDING_LIBCURL])
use_cppflag_building_libcurl="no" use_cppflag_building_libcurl="no"
use_cppflag_curl_staticlib="no" use_cppflag_curl_staticlib="no"
CPPFLAG_CURL_STATICLIB=""
case $host in case $host in
*-*-mingw*) *-*-mingw*)
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
@@ -249,6 +252,7 @@ case $host in
then then
AC_MSG_RESULT(yes) AC_MSG_RESULT(yes)
use_cppflag_curl_staticlib="yes" use_cppflag_curl_staticlib="yes"
CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB"
else else
AC_MSG_RESULT(no) AC_MSG_RESULT(no)
fi fi
@@ -259,6 +263,7 @@ case $host in
esac esac
AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes) AM_CONDITIONAL(USE_CPPFLAG_BUILDING_LIBCURL, test x$use_cppflag_building_libcurl = xyes)
AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes) AM_CONDITIONAL(USE_CPPFLAG_CURL_STATICLIB, test x$use_cppflag_curl_staticlib = xyes)
AC_SUBST(CPPFLAG_CURL_STATICLIB)
# Determine whether all dependent libraries must be specified when linking # Determine whether all dependent libraries must be specified when linking
if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno" if test "X$enable_shared" = "Xyes" -a "X$link_all_deplibs" = "Xno"
@@ -917,9 +922,9 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [ AC_CHECK_LIB("$LDAPLIBNAME", ldap_init,, [
AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled]) AC_MSG_WARN(["$LDAPLIBNAME" is not an LDAP library: LDAP disabled])
AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
AC_SUBST(CURL_DISABLE_LDAP, [1])]) AC_SUBST(CURL_DISABLE_LDAP, [1])
AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
AC_SUBST(CURL_DISABLE_LDAPS, [1]) AC_SUBST(CURL_DISABLE_LDAPS, [1])])
else else
dnl Try to find the right ldap libraries for this system dnl Try to find the right ldap libraries for this system
CURL_CHECK_LIBS_LDAP CURL_CHECK_LIBS_LDAP
@@ -944,9 +949,9 @@ if test x$CURL_DISABLE_LDAP != x1 ; then
AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [ AC_CHECK_LIB("$LBERLIBNAME", ber_free,, [
AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled]) AC_MSG_WARN(["$LBERLIBNAME" is not an LBER library: LDAP disabled])
AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP]) AC_DEFINE(CURL_DISABLE_LDAP, 1, [to disable LDAP])
AC_SUBST(CURL_DISABLE_LDAP, [1])]) AC_SUBST(CURL_DISABLE_LDAP, [1])
AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS]) AC_DEFINE(CURL_DISABLE_LDAPS, 1, [to disable LDAPS])
AC_SUBST(CURL_DISABLE_LDAPS, [1]) AC_SUBST(CURL_DISABLE_LDAPS, [1])])
fi fi
fi fi
fi fi
@@ -1336,6 +1341,59 @@ else
CPPFLAGS="$save_CPPFLAGS" CPPFLAGS="$save_CPPFLAGS"
fi fi
dnl -------------------------------------------------
dnl check winssl option before other SSL libraries
dnl -------------------------------------------------
OPT_WINSSL=no
AC_ARG_WITH(winssl,dnl
AC_HELP_STRING([--with-winssl],[enable Windows native SSL/TLS])
AC_HELP_STRING([--without-winssl], [disable Windows native SSL/TLS]),
OPT_WINSSL=$withval)
AC_MSG_CHECKING([whether to enable Windows native SSL/TLS (Windows native builds only)])
if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test "x$OPT_WINSSL" != "xno" &&
test "x$ac_cv_native_windows" = "xyes"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_SCHANNEL, 1, [to enable Windows native SSL/TLS support])
AC_SUBST(USE_SCHANNEL, [1])
curl_ssl_msg="enabled (Windows-native)"
WINSSL_ENABLED=1
# --with-winssl implies --enable-sspi
AC_DEFINE(USE_WINDOWS_SSPI, 1, [to enable SSPI support])
AC_SUBST(USE_WINDOWS_SSPI, [1])
curl_sspi_msg="enabled"
else
AC_MSG_RESULT(no)
fi
else
AC_MSG_RESULT(no)
fi
OPT_DARWINSSL=no
AC_ARG_WITH(darwinssl,dnl
AC_HELP_STRING([--with-darwinssl],[enable iOS/Mac OS X native SSL/TLS])
AC_HELP_STRING([--without-darwinssl], [disable iOS/Mac OS X native SSL/TLS]),
OPT_DARWINSSL=$withval)
AC_MSG_CHECKING([whether to enable iOS/Mac OS X native SSL/TLS])
if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test "x$OPT_DARWINSSL" != "xno" &&
test -d "/System/Library/Frameworks/Security.framework"; then
AC_MSG_RESULT(yes)
AC_DEFINE(USE_DARWINSSL, 1, [to enable iOS/Mac OS X native SSL/TLS support])
AC_SUBST(USE_DARWINSSL, [1])
curl_ssl_msg="enabled (iOS/Mac OS X-native)"
DARWINSSL_ENABLED=1
LDFLAGS="$LDFLAGS -framework CoreFoundation -framework Security"
else
AC_MSG_RESULT(no)
fi
else
AC_MSG_RESULT(no)
fi
dnl ********************************************************************** dnl **********************************************************************
dnl Check for the presence of SSL libraries and headers dnl Check for the presence of SSL libraries and headers
dnl ********************************************************************** dnl **********************************************************************
@@ -1349,7 +1407,7 @@ AC_HELP_STRING([--with-ssl=PATH],[Where to look for OpenSSL, PATH points to the
AC_HELP_STRING([--without-ssl], [disable OpenSSL]), AC_HELP_STRING([--without-ssl], [disable OpenSSL]),
OPT_SSL=$withval) OPT_SSL=$withval)
if test X"$OPT_SSL" != Xno; then if test "$curl_ssl_msg" = "$init_ssl_msg" && test X"$OPT_SSL" != Xno; then
dnl backup the pre-ssl variables dnl backup the pre-ssl variables
CLEANLDFLAGS="$LDFLAGS" CLEANLDFLAGS="$LDFLAGS"
CLEANCPPFLAGS="$CPPFLAGS" CLEANCPPFLAGS="$CPPFLAGS"
@@ -1736,7 +1794,7 @@ AC_HELP_STRING([--with-gnutls=PATH],[where to look for GnuTLS, PATH points to th
AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]), AC_HELP_STRING([--without-gnutls], [disable GnuTLS detection]),
OPT_GNUTLS=$withval) OPT_GNUTLS=$withval)
if test "$OPENSSL_ENABLED" != "1"; then if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test X"$OPT_GNUTLS" != Xno; then if test X"$OPT_GNUTLS" != Xno; then
@@ -1832,7 +1890,7 @@ if test "$OPENSSL_ENABLED" != "1"; then
fi dnl GNUTLS not disabled fi dnl GNUTLS not disabled
fi dnl OPENSSL != 1 fi
dnl --- dnl ---
dnl Check which crypto backend GnuTLS uses dnl Check which crypto backend GnuTLS uses
@@ -1889,7 +1947,7 @@ AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points t
AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]), AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]),
OPT_POLARSSL=$withval) OPT_POLARSSL=$withval)
if test "$OPENSSL_ENABLED" != "1"; then if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test X"$OPT_POLARSSL" != Xno; then if test X"$OPT_POLARSSL" != Xno; then
@@ -1957,7 +2015,7 @@ if test "$OPENSSL_ENABLED" != "1"; then
fi dnl PolarSSL not disabled fi dnl PolarSSL not disabled
fi dnl OPENSSL != 1 fi
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl check for CyaSSL dnl check for CyaSSL
@@ -1973,7 +2031,7 @@ AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to th
AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]), AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]),
OPT_CYASSL=$withval) OPT_CYASSL=$withval)
if test "$OPENSSL_ENABLED" != "1"; then if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test X"$OPT_CYASSL" != Xno; then if test X"$OPT_CYASSL" != Xno; then
@@ -2042,7 +2100,7 @@ if test "$OPENSSL_ENABLED" != "1"; then
fi dnl CyaSSL not disabled fi dnl CyaSSL not disabled
fi dnl OPENSSL != 1 fi
dnl ---------------------------------------------------- dnl ----------------------------------------------------
dnl NSS. Only check if GnuTLS and OpenSSL are not enabled dnl NSS. Only check if GnuTLS and OpenSSL are not enabled
@@ -2056,7 +2114,7 @@ AC_HELP_STRING([--with-nss=PATH],[where to look for NSS, PATH points to the inst
AC_HELP_STRING([--without-nss], [disable NSS detection]), AC_HELP_STRING([--without-nss], [disable NSS detection]),
OPT_NSS=$withval) OPT_NSS=$withval)
if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then if test "$curl_ssl_msg" = "$init_ssl_msg"; then
if test X"$OPT_NSS" != Xno; then if test X"$OPT_NSS" != Xno; then
if test "x$OPT_NSS" = "xyes"; then if test "x$OPT_NSS" = "xyes"; then
@@ -2141,7 +2199,7 @@ if test "$OPENSSL_ENABLED" != "1" -a "$GNUTLS_ENABLED" != "1"; then
fi dnl NSS not disabled fi dnl NSS not disabled
fi dnl OPENSSL != 1 -a GNUTLS_ENABLED != 1 fi dnl curl_ssl_msg = init_ssl_msg
OPT_AXTLS=off OPT_AXTLS=off
@@ -2198,9 +2256,9 @@ if test "$curl_ssl_msg" = "$init_ssl_msg"; then
fi fi
fi fi
if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED" = "x"; then if test "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$AXTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$DARWINSSL_ENABLED" = "x"; then
AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.])
AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss or --with-axtls to address this.]) AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-axtls or --with-winssl to address this.])
else else
# SSL is enabled, genericly # SSL is enabled, genericly
AC_SUBST(SSL_ENABLED) AC_SUBST(SSL_ENABLED)
@@ -2213,6 +2271,93 @@ dnl **********************************************************************
CURL_CHECK_CA_BUNDLE CURL_CHECK_CA_BUNDLE
dnl **********************************************************************
dnl Check for libmetalink
dnl **********************************************************************
OPT_LIBMETALINK=no
AC_ARG_WITH(libmetalink,dnl
AC_HELP_STRING([--with-libmetalink=PATH],[where to look for libmetalink, PATH points to the installation root])
AC_HELP_STRING([--without-libmetalink], [disable libmetalink detection]),
OPT_LIBMETALINK=$withval)
if test X"$OPT_LIBMETALINK" != Xno; then
addlib=""
addld=""
addcflags=""
version=""
libmetalinklib=""
PKGTEST="no"
if test "x$OPT_LIBMETALINK" = "xyes"; then
dnl this is with no partiular path given
PKGTEST="yes"
CURL_CHECK_PKGCONFIG(libmetalink)
else
dnl When particular path is given, set PKG_CONFIG_LIBDIR using the path.
LIBMETALINK_PCDIR="$OPT_LIBMETALINK/lib/pkgconfig"
AC_MSG_NOTICE([PKG_CONFIG_LIBDIR will be set to "$LIBMETALINK_PCDIR"])
if test -f "$LIBMETALINK_PCDIR/libmetalink.pc"; then
PKGTEST="yes"
fi
if test "$PKGTEST" = "yes"; then
CURL_CHECK_PKGCONFIG(libmetalink, [$LIBMETALINK_PCDIR])
fi
fi
if test "$PKGTEST" = "yes" && test "$PKGCONFIG" != "no"; then
addlib=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
$PKGCONFIG --libs-only-l libmetalink`
addld=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
$PKGCONFIG --libs-only-L libmetalink`
addcflags=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
$PKGCONFIG --cflags-only-I libmetalink`
version=`CURL_EXPORT_PCDIR([$LIBMETALINK_PCDIR]) dnl
$PKGCONFIG --modversion libmetalink`
libmetalinklib=`echo $addld | $SED -e 's/-L//'`
fi
if test -n "$addlib"; then
clean_CPPFLAGS="$CPPFLAGS"
clean_LDFLAGS="$LDFLAGS"
clean_LIBS="$LIBS"
CPPFLAGS="$addcflags $clean_CPPFLAGS"
LDFLAGS="$addld $clean_LDFLAGS"
LIBS="$addlib $clean_LIBS"
AC_MSG_CHECKING([if libmetalink is recent enough])
AC_LINK_IFELSE([
AC_LANG_PROGRAM([[
# include <metalink/metalink.h>
]],[[
if(0 != metalink_strerror(0)) /* added in 0.1.0 */
return 1;
]])
],[
AC_MSG_RESULT([yes ($version)])
want_metalink="yes"
],[
AC_MSG_RESULT([no ($version)])
AC_MSG_NOTICE([libmetalink library defective or too old])
want_metalink="no"
])
CPPFLAGS="$clean_CPPFLAGS"
LDFLAGS="$clean_LDFLAGS"
LIBS="$clean_LIBS"
if test "$want_metalink" = "yes"; then
dnl finally libmetalink will be used
AC_DEFINE(USE_METALINK, 1, [Define to enable metalink support])
LIBMETALINK_LIBS=$addlib
LIBMETALINK_LDFLAGS=$addld
LIBMETALINK_CFLAGS=$addcflags
AC_SUBST([LIBMETALINK_LIBS])
AC_SUBST([LIBMETALINK_LDFLAGS])
AC_SUBST([LIBMETALINK_CFLAGS])
curl_mtlnk_msg="enabled"
fi
fi
fi
dnl ********************************************************************** dnl **********************************************************************
dnl Check for the presence of LIBSSH2 libraries and headers dnl Check for the presence of LIBSSH2 libraries and headers
dnl ********************************************************************** dnl **********************************************************************
@@ -2413,6 +2558,10 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar
versioned_symbols_flavour="CYASSL_" versioned_symbols_flavour="CYASSL_"
elif test "x$AXTLS_ENABLED" == "x1"; then elif test "x$AXTLS_ENABLED" == "x1"; then
versioned_symbols_flavour="AXTLS_" versioned_symbols_flavour="AXTLS_"
elif test "x$WINSSL_ENABLED" == "x1"; then
versioned_symbols_flavour="WINSSL_"
elif test "x$DARWINSSL_ENABLED" == "x1"; then
versioned_symbols_flavour="DARWINSSL_"
else else
versioned_symbols_flavour="" versioned_symbols_flavour=""
fi fi
@@ -2431,6 +2580,78 @@ AC_MSG_RESULT(no)
AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"]) AC_SUBST(VERSIONED_FLAVOUR, ["$versioned_symbols_flavour"])
AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes") AM_CONDITIONAL(VERSIONED_SYMBOLS, test "x$versioned_symbols" = "xyes")
dnl -------------------------------------------------
dnl check winidn option before other IDN libraries
dnl -------------------------------------------------
AC_MSG_CHECKING([whether to enable Windows native IDN (Windows native builds only)])
OPT_WINIDN="default"
AC_ARG_WITH(winidn,
AC_HELP_STRING([--with-winidn=PATH],[enable Windows native IDN])
AC_HELP_STRING([--without-winidn], [disable Windows native IDN]),
OPT_WINIDN=$withval)
case "$OPT_WINIDN" in
no|default)
dnl --without-winidn option used or configure option not specified
want_winidn="no"
AC_MSG_RESULT([no])
;;
yes)
dnl --with-winidn option used without path
want_winidn="yes"
want_winidn_path="default"
AC_MSG_RESULT([yes])
;;
*)
dnl --with-winidn option used with path
want_winidn="yes"
want_winidn_path="$withval"
AC_MSG_RESULT([yes ($withval)])
;;
esac
if test "$want_winidn" = "yes"; then
dnl winidn library support has been requested
clean_CPPFLAGS="$CPPFLAGS"
clean_LDFLAGS="$LDFLAGS"
clean_LIBS="$LIBS"
WINIDN_LIBS="-lnormaliz"
#
if test "$want_winidn_path" != "default"; then
dnl path has been specified
dnl pkg-config not available or provides no info
WINIDN_LDFLAGS="-L$want_winidn_path/lib$libsuff"
WINIDN_CPPFLAGS="-I$want_winidn_path/include"
WINIDN_DIR="$want_winidn_path/lib$libsuff"
fi
#
CPPFLAGS="$WINIDN_CPPFLAGS $CPPFLAGS"
LDFLAGS="$WINIDN_LDFLAGS $LDFLAGS"
LIBS="$WINIDN_LIBS $LIBS"
#
AC_MSG_CHECKING([if IdnToUnicode can be linked])
AC_LINK_IFELSE([
AC_LANG_FUNC_LINK_TRY([IdnToUnicode])
],[
AC_MSG_RESULT([yes])
tst_links_winidn="yes"
],[
AC_MSG_RESULT([no])
tst_links_winidn="no"
])
#
if test "$tst_links_winidn" = "yes"; then
AC_DEFINE(USE_WIN32_IDN, 1, [Define to 1 if you have the `normaliz' (WinIDN) library (-lnormaliz).])
AC_DEFINE(WANT_IDN_PROTOTYPES, 1, [Define to 1 to provide own prototypes.])
AC_SUBST([IDN_ENABLED], [1])
curl_idn_msg="enabled (Windows-native)"
else
AC_MSG_WARN([Cannot find libraries for IDN support: IDN disabled])
CPPFLAGS="$clean_CPPFLAGS"
LDFLAGS="$clean_LDFLAGS"
LIBS="$clean_LIBS"
fi
fi
dnl ********************************************************************** dnl **********************************************************************
dnl Check for the presence of IDN libraries and headers dnl Check for the presence of IDN libraries and headers
@@ -2985,10 +3206,20 @@ AC_HELP_STRING([--disable-sspi],[Disable SSPI]),
fi fi
;; ;;
*) *)
AC_MSG_RESULT(no) if test "x$WINSSL_ENABLED" = "x1"; then
# --with-winssl implies --enable-sspi
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
;; ;;
esac ], esac ],
AC_MSG_RESULT(no) if test "x$WINSSL_ENABLED" = "x1"; then
# --with-winssl implies --enable-sspi
AC_MSG_RESULT(yes)
else
AC_MSG_RESULT(no)
fi
) )
dnl ************************************************************ dnl ************************************************************
@@ -3119,7 +3350,7 @@ AC_SUBST(ENABLE_SHARED)
dnl dnl
dnl For keeping supported features and protocols also in pkg-config file dnl For keeping supported features and protocols also in pkg-config file
dnl since it is more cross-compile frient than curl-config dnl since it is more cross-compile friendly than curl-config
dnl dnl
if test "x$USE_SSLEAY" = "x1"; then if test "x$USE_SSLEAY" = "x1"; then
@@ -3147,7 +3378,8 @@ if test "x$USE_WINDOWS_SSPI" = "x1"; then
fi fi
if test "x$CURL_DISABLE_HTTP" != "x1"; then if test "x$CURL_DISABLE_HTTP" != "x1"; then
if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \ if test "x$USE_SSLEAY" = "x1" -o "x$USE_WINDOWS_SSPI" = "x1" \
-o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1"; then -o "x$GNUTLS_ENABLED" = "x1" -o "x$NSS_ENABLED" = "x1" \
-o "x$DARWINSSL_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM" SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM"
if test "x$NTLM_WB_ENABLED" = "x1"; then if test "x$NTLM_WB_ENABLED" = "x1"; then
SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB" SUPPORT_FEATURES="$SUPPORT_FEATURES NTLM_WB"
@@ -3316,6 +3548,7 @@ AC_MSG_NOTICE([Configured to build curl/libcurl:
LDAPS support: ${curl_ldaps_msg} LDAPS support: ${curl_ldaps_msg}
RTSP support: ${curl_rtsp_msg} RTSP support: ${curl_rtsp_msg}
RTMP support: ${curl_rtmp_msg} RTMP support: ${curl_rtmp_msg}
metalink support: ${curl_mtlnk_msg}
Protocols: ${SUPPORT_PROTOCOLS} Protocols: ${SUPPORT_PROTOCOLS}
]) ])

View File

@@ -6,7 +6,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 2001 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 2001 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@@ -24,6 +24,7 @@
prefix=@prefix@ prefix=@prefix@
exec_prefix=@exec_prefix@ exec_prefix=@exec_prefix@
includedir=@includedir@ includedir=@includedir@
cppflag_curl_staticlib=@CPPFLAG_CURL_STATICLIB@
usage() usage()
{ {
@@ -128,10 +129,15 @@ while test $# -gt 0; do
;; ;;
--cflags) --cflags)
if test "X@includedir@" = "X/usr/include"; then if test "X$cppflag_curl_staticlib" = "X-DCURL_STATICLIB"; then
echo "" CPPFLAG_CURL_STATICLIB="-DCURL_STATICLIB "
else else
echo "-I@includedir@" CPPFLAG_CURL_STATICLIB=""
fi
if test "X@includedir@" = "X/usr/include"; then
echo "$(CPPFLAG_CURL_STATICLIB)"
else
echo "$(CPPFLAG_CURL_STATICLIB)-I@includedir@"
fi fi
;; ;;

View File

@@ -91,7 +91,7 @@ BUGS
your problem and to work on a fix (if we agree it truly is a problem). your problem and to work on a fix (if we agree it truly is a problem).
Lots of problems that appear to be libcurl problems are actually just abuses Lots of problems that appear to be libcurl problems are actually just abuses
of the libcurl API or other malfunctions in your applications. It is adviced of the libcurl API or other malfunctions in your applications. It is advised
that you run your problematic program using a memory debug tool like that you run your problematic program using a memory debug tool like
valgrind or similar before you post memory-related or "crashing" problems to valgrind or similar before you post memory-related or "crashing" problems to
us. us.

View File

@@ -279,7 +279,7 @@
3.6 Please don't send pull requests 3.6 Please don't send pull requests
With git (and expecially github) it is easy and tempting to send a pull With git (and especially github) it is easy and tempting to send a pull
request to one or more people in the curl project to have changes merged this request to one or more people in the curl project to have changes merged this
way instead of mailing patches to the curl-library mailing list. way instead of mailing patches to the curl-library mailing list.
@@ -294,7 +294,7 @@
- Commit messages can be tweaked and changed if merged locally instead of - Commit messages can be tweaked and changed if merged locally instead of
using github. Merges directly on github requires the changes to be perfect using github. Merges directly on github requires the changes to be perfect
already, which they seldomly are. already, which they seldom are.
- Merges on github prevents rebases and even enforces --no-ff which is a git - Merges on github prevents rebases and even enforces --no-ff which is a git
style we don't otherwise use in the project style we don't otherwise use in the project

View File

@@ -138,7 +138,7 @@ FAQ
libcurl is highly portable, it builds and works identically on numerous libcurl is highly portable, it builds and works identically on numerous
platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX, platforms, including Solaris, NetBSD, FreeBSD, OpenBSD, Darwin, HPUX,
IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOs, Mac IRIX, AIX, Tru64, Linux, UnixWare, HURD, Windows, Amiga, OS/2, BeOS, Mac
OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF, OS X, Ultrix, QNX, OpenVMS, RISC OS, Novell NetWare, DOS, Symbian, OSF,
Android, Minix, IBM TPF and more... Android, Minix, IBM TPF and more...
@@ -807,7 +807,7 @@ FAQ
4.5.3 "403 Forbidden" 4.5.3 "403 Forbidden"
The server understood the request, but is refusing to fulfill it. The server understood the request, but is refusing to fulfil it.
Authorization will not help and the request SHOULD NOT be repeated. Authorization will not help and the request SHOULD NOT be repeated.
4.5.4 "404 Not Found" 4.5.4 "404 Not Found"

View File

@@ -26,12 +26,12 @@ libcurl supports
- compiles on win32 (reported builds on 40+ operating systems) - compiles on win32 (reported builds on 40+ operating systems)
- selectable network interface for outgoing traffic - selectable network interface for outgoing traffic
- IPv6 support on unix and Windows - IPv6 support on unix and Windows
- persistant connections - persistent connections
- socks5 support - socks5 support
- supports user name + password in proxy environment variables - supports user name + password in proxy environment variables
- operations through proxy "tunnel" (using CONNECT) - operations through proxy "tunnel" (using CONNECT)
- supports large files (>2GB and >4GB) both upload/download - supports large files (>2GB and >4GB) both upload/download
- replacable memory functions (malloc, free, realloc, etc) - replaceable memory functions (malloc, free, realloc, etc)
- asynchronous name resolving (*6) - asynchronous name resolving (*6)
- both a push and a pull style interface - both a push and a pull style interface
@@ -125,7 +125,7 @@ FILE
FOOTNOTES FOOTNOTES
========= =========
*1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS or PolarSSL *1 = requires OpenSSL, GnuTLS, NSS, yassl, axTLS, PolarSSL or schannel
*2 = requires OpenLDAP *2 = requires OpenLDAP
*3 = requires a GSSAPI-compliant library, such as Heimdal or similar. *3 = requires a GSSAPI-compliant library, such as Heimdal or similar.
*4 = requires FBopenssl *4 = requires FBopenssl

123
docs/HTTP-COOKIES Normal file
View File

@@ -0,0 +1,123 @@
Updated: July 3, 2012 (http://curl.haxx.se/docs/http-cookies.html)
_ _ ____ _
___| | | | _ \| |
/ __| | | | |_) | |
| (__| |_| | _ <| |___
\___|\___/|_| \_\_____|
HTTP Cookies
1. HTTP Cookies
1.1 Cookie overview
1.2 Cookies saved to disk
1.3 Cookies with curl the command line tool
1.4 Cookies with libcurl
1.5 Cookies with javascript
==============================================================================
1. HTTP Cookies
1.1 Cookie overview
HTTP cookies are pieces of 'name=contents' snippets that a server tells the
client to hold and then the client sends back those the server on subsequent
requests to the same domains/paths for which the cookies were set.
Cookies are either "session cookies" which typically are forgotten when the
session is over which is often translated to equal when browser quits, or
the cookies aren't session cookies they have expiration dates after which
the client will throw them away.
Cookies are set to the client with the Set-Cookie: header and are sent to
servers with the Cookie: header.
For a very long time, the only spec explaining how to use cookies was the
original Netscape spec from 1994: http://curl.haxx.se/rfc/cookie_spec.html
In 2011, RFC6265 (http://www.ietf.org/rfc/rfc6265.txt) was finally published
and details how cookies work within HTTP.
1.2 Cookies saved to disk
Netscape once created a file format for storing cookies on disk so that they
would survive browser restarts. curl adopted that file format to allow
sharing the cookies with browsers, only to see browsers move away from that
format. Modern browsers no longer use it, while curl still does.
The netscape cookie file format stores one cookie per physical line in the
file with a bunch of associated meta data, each field separated with
TAB. That file is called the cookiejar in curl terminology.
When libcurl saves a cookiejar, it creates a file header of its own in which
there is a URL mention that will link to the web version of this document.
1.3 Cookies with curl the command line tool
curl has a full cookie "engine" built in. If you just activate it, you can
have curl receive and send cookies exactly as mandated in the specs.
Command line options:
-b, --cookie
tell curl a file to read cookies from and start the cookie engine, or if
it isn't a file it will pass on the given string. -b name=var works and so
does -b cookiefile.
-j, --junk-session-cookies
when used in combination with -b, it will skip all "session cookies" on
load so as to appear to start a new cookie session.
-c, --cookie-jar
tell curl to start the cookie engine and write cookies to the given file
after the request(s)
1.4 Cookies with libcurl
libcurl offers several ways to enable and interface the cookie engine. These
options are the ones provided by the native API. libcurl bindings may offer
access to them using other means.
CURLOPT_COOKIE
Is used when you want to specify the exact contents of a cookie header to
send to the server.
CURLOPT_COOKIEFILE
Tell libcurl to activate the cookie engine, and to read the initial set of
cookies from the given file. Read-only.
CURLOPT_COOKIEJAR
Tell libcurl to activate the cookie engine, and when the easy handle is
closed save all known cookies to the given cookiejar file. Write-only.
CURLOPT_COOKIELIST
Provide detailed information about a single cookie to add to the internal
storage of cookies. Pass in the cookie as a HTTP header with all the
details set, or pass in a line from a netscape cookie file. This option
can also be used to flush the cookies etc.
CURLINFO_COOKIELIST
Extract cookie information from the internal cookie storage as a linked
list.
1.5 Cookies with javascript
These days a lot of the web is built up by javascript. The webbrowser loads
complete programs that render the page you see. These javascript programs
can also set and access cookies.
Since curl and libcurl are plain HTTP clients without any knowledge of or
capability to handle javascript, such cookies will not be detected or used.
Often, if you want to mimic what a browser does on such web sites, you can
record web browser HTTP traffic when using such a site and then repeat the
cookie operations using curl or libcurl.

View File

@@ -157,6 +157,9 @@ UNIX
To get support for SCP and SFTP, build with --with-libssh2 and have To get support for SCP and SFTP, build with --with-libssh2 and have
libssh2 0.16 or later installed. libssh2 0.16 or later installed.
To get Metalink support, build with --with-libmetalink and have the
libmetalink packages installed.
SPECIAL CASES SPECIAL CASES
------------- -------------
Some versions of uClibc require configuring with CPPFLAGS=-D_GNU_SOURCE=1 Some versions of uClibc require configuring with CPPFLAGS=-D_GNU_SOURCE=1
@@ -197,6 +200,9 @@ Win32
first to rebuild every single library your app uses as well as your first to rebuild every single library your app uses as well as your
app using the debug multithreaded dynamic C runtime. app using the debug multithreaded dynamic C runtime.
If you get linkage errors read section 5.7 of the FAQ document.
MingW32 MingW32
------- -------
@@ -540,7 +546,7 @@ VMS
Curl seems to work with FTP & HTTP other protocols are not tested. (the Curl seems to work with FTP & HTTP other protocols are not tested. (the
perl http/ftp testing server supplied as testing too cannot work on VMS perl http/ftp testing server supplied as testing too cannot work on VMS
because vms has no concept of fork(). [ I tried to give it a whack, but because vms has no concept of fork(). [ I tried to give it a whack, but
thats of no use. that's of no use.
SSL stuff has not been ported. SSL stuff has not been ported.
@@ -673,7 +679,7 @@ NetWare
you can find precompiled packages at: you can find precompiled packages at:
http://www.gknw.net/development/ossl/netware/ http://www.gknw.net/development/ossl/netware/
for CLIB-based builds OpenSSL 0.9.8h or later is required - earlier versions for CLIB-based builds OpenSSL 0.9.8h or later is required - earlier versions
dont support buildunf with CLIB BSD sockets. don't support building with CLIB BSD sockets.
- optional SSH2 sources (version 0.17 or later); - optional SSH2 sources (version 0.17 or later);
Set a search path to your compiler, linker and tools; on Linux make Set a search path to your compiler, linker and tools; on Linux make
@@ -843,10 +849,10 @@ Android
Method using the static makefile: Method using the static makefile:
- see the build notes in the Android.mk file. - see the build notes in the Android.mk file.
Method using a configure cross-compile (tested with Android NDK r7b): Method using a configure cross-compile (tested with Android NDK r7c, r8):
- prepare the toolchain of the Android NDK for standalone use; this can - prepare the toolchain of the Android NDK for standalone use; this can
be done by invoking the script: be done by invoking the script:
./tools/make-standalone-toolchain.sh ./build/tools/make-standalone-toolchain.sh
which creates a usual cross-compile toolchain. Lets assume that you put which creates a usual cross-compile toolchain. Lets assume that you put
this toolchain below /opt then invoke configure with something like: this toolchain below /opt then invoke configure with something like:
export PATH=/opt/arm-linux-androideabi-4.4.3/bin:$PATH export PATH=/opt/arm-linux-androideabi-4.4.3/bin:$PATH
@@ -865,6 +871,20 @@ Android
found in your automake folder: found in your automake folder:
find /usr -name config.sub find /usr -name config.sub
Wrapper for pkg-config
- In order to make proper use of pkg-config so that configure is able to
find all dependencies you should create a wrapper script for pkg-config;
file /opt/arm-linux-androideabi-4.4.3/bin/arm-linux-androideabi-pkg-config:
#!/bin/sh
SYSROOT=$(dirname ${0%/*})/sysroot
export PKG_CONFIG_DIR=
export PKG_CONFIG_LIBDIR=${SYSROOT}/usr/local/lib/pkgconfig:${SYSROOT}/usr/share/pkgconfig
export PKG_CONFIG_SYSROOT_DIR=${SYSROOT}
exec pkg-config "$@"
also create a copy or symlink with name arm-unknown-linux-androideabi-pkg-config.
CROSS COMPILE CROSS COMPILE
============= =============

View File

@@ -11,7 +11,7 @@ Building with CMake
This document describes how to compile, build and install curl and libcurl This document describes how to compile, build and install curl and libcurl
from source code using the CMake build tool. To build with CMake, you will from source code using the CMake build tool. To build with CMake, you will
of course have to first install CMake. The minimum required version of of course have to first install CMake. The minimum required version of
CMake is specifed in the file CMakeLists.txt found in the top of the curl CMake is specified in the file CMakeLists.txt found in the top of the curl
source tree. Once the correct version of CMake is installed you can follow source tree. Once the correct version of CMake is installed you can follow
the instructions below for the platform you are building on. the instructions below for the platform you are building on.
@@ -39,7 +39,7 @@ Command Line CMake
cd curl-build cd curl-build
# now run CMake from the build tree, giving it the path to the top of # now run CMake from the build tree, giving it the path to the top of
# the Curl source tree. CMake will pick a compiler for you. If you # the Curl source tree. CMake will pick a compiler for you. If you
# want to specifiy the compile, you can set the CC environment # want to specify the compile, you can set the CC environment
# variable prior to running CMake. # variable prior to running CMake.
cmake ../curl cmake ../curl
make make
@@ -51,7 +51,7 @@ Command Line CMake
ccmake ccmake
========= =========
CMake comes with a curses based interface called ccmake. To run ccmake on CMake comes with a curses based interface called ccmake. To run ccmake on
a curl use the instructions for the command line cmake, but substitue a curl use the instructions for the command line cmake, but substitute
ccmake ../curl for cmake ../curl. This will bring up a curses interface ccmake ../curl for cmake ../curl. This will bring up a curses interface
with instructions on the bottom of the screen. You can press the "c" key with instructions on the bottom of the screen. You can press the "c" key
to configure the project, and the "g" key to generate the project. After to configure the project, and the "g" key to generate the project. After
@@ -65,7 +65,7 @@ cmake-gui
the curl source tree. the curl source tree.
2. Fill in the "Where to build the binaries" combo box with the path 2. Fill in the "Where to build the binaries" combo box with the path
to the directory for your build tree, ideally this should not be the to the directory for your build tree, ideally this should not be the
same as the source tree, but a parallel diretory called curl-build or same as the source tree, but a parallel directory called curl-build or
something similar. something similar.
3. Once the source and binary directories are specified, press the 3. Once the source and binary directories are specified, press the
"Configure" button. "Configure" button.
@@ -73,5 +73,5 @@ cmake-gui
5. At this point you can change any of the options presented in the 5. At this point you can change any of the options presented in the
GUI. Once you have selected all the options you want, click the GUI. Once you have selected all the options you want, click the
"Generate" button. "Generate" button.
6. Run the native build tool that you used CMake to genratate. 6. Run the native build tool that you used CMake to generate.

View File

@@ -26,7 +26,7 @@ exists for a Unix/linux command line environments. This is of little help when
it comes to Windows O/S. it comes to Windows O/S.
Secondly the help that does exist for the Windows O/S focused around mingw Secondly the help that does exist for the Windows O/S focused around mingw
thru a command line argument environment. through a command line argument environment.
You may ask "Why is this a problem?" You may ask "Why is this a problem?"

View File

@@ -220,7 +220,7 @@ Library
done" loop. It loops if there's a Location: to follow. done" loop. It loops if there's a Location: to follow.
When completed, the curl_easy_cleanup() should be called to free up used When completed, the curl_easy_cleanup() should be called to free up used
resources. It runs Curl_disconnect() on all open connectons. resources. It runs Curl_disconnect() on all open connections.
A quick roundup on internal function sequences (many of these call A quick roundup on internal function sequences (many of these call
protocol-specific function-pointers): protocol-specific function-pointers):

View File

@@ -3,13 +3,23 @@ join in and help us correct one or more of these! Also be sure to check the
changelog of the current development status, as one or more of these problems changelog of the current development status, as one or more of these problems
may have been fixed since this was written! may have been fixed since this was written!
80. Curl doesn't recognize certificates in DER format in keychain, but it
works with PEM.
http://curl.haxx.se/bug/view.cgi?id=3439999
79. SMTP. When sending data to multiple recipients, curl will abort and return
failure if one of the recipients indicate failure (on the "RCPT TO"
command). Ordinary mail programs would proceed and still send to the ones
that can receive data. This is subject for change in the future.
http://curl.haxx.se/bug/view.cgi?id=3438362
78. curl and libcurl don't always signal the client properly when "sending" 78. curl and libcurl don't always signal the client properly when "sending"
zero bytes files - it makes for example the command line client not creating zero bytes files - it makes for example the command line client not creating
any file at all. Like when using FTP. any file at all. Like when using FTP.
http://curl.haxx.se/bug/view.cgi?id=3438362 http://curl.haxx.se/bug/view.cgi?id=3438362
77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it 77. CURLOPT_FORBID_REUSE on a handle prevents NTLM from working since it
"absuses" the underlying connection re-use system and if connections are "abuses" the underlying connection re-use system and if connections are
forced to close they break the NTLM support. forced to close they break the NTLM support.
76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on 76. The SOCKET type in Win64 is 64 bits large (and thus so is curl_socket_t on
@@ -17,10 +27,15 @@ may have been fixed since this was written!
curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET curl_easy_getinfo() to return a socket properly with the CURLINFO_LASTSOCKET
option as for all other operating systems. option as for all other operating systems.
75. NTLM authentication involving unicode user name or password. 75. NTLM authentication involving unicode user name or password only works
properly if built with UNICODE defined together with the schannel/winssl
backend. The original problem was mentioned in:
http://curl.haxx.se/mail/lib-2009-10/0024.html http://curl.haxx.se/mail/lib-2009-10/0024.html
http://curl.haxx.se/bug/view.cgi?id=2944325 http://curl.haxx.se/bug/view.cgi?id=2944325
The schannel version verified to work as mentioned in
http://curl.haxx.se/mail/lib-2012-07/0073.html
73. if a connection is made to a FTP server but the server then just never 73. if a connection is made to a FTP server but the server then just never
sends the 220 response or otherwise is dead slow, libcurl will not sends the 220 response or otherwise is dead slow, libcurl will not
acknowledge the connection timeout during that phase but only the "real" acknowledge the connection timeout during that phase but only the "real"

View File

@@ -59,7 +59,7 @@ MAIL ETIQUETTE
no way to read the reply, but to ask the one person the question. The one no way to read the reply, but to ask the one person the question. The one
person consequently gets overloaded with mail. person consequently gets overloaded with mail.
If you really want to contact an individual and perhaps pay for his or her's If you really want to contact an individual and perhaps pay for his or her
services, by all means go ahead, but if it's just another curl question, services, by all means go ahead, but if it's just another curl question,
take it to a suitable list instead. take it to a suitable list instead.
@@ -92,7 +92,7 @@ MAIL ETIQUETTE
1.6 Handling trolls and spam 1.6 Handling trolls and spam
Despite our good intensions and hard work to keep spam off the lists and to Despite our good intentions and hard work to keep spam off the lists and to
maintain a friendly and positive atmosphere, there will be times when spam maintain a friendly and positive atmosphere, there will be times when spam
and or trolls get through. and or trolls get through.
@@ -170,8 +170,8 @@ MAIL ETIQUETTE
Q: What is the most annoying thing in e-mail? Q: What is the most annoying thing in e-mail?
Apart from the screwed up read order (especially when mixed together in a Apart from the screwed up read order (especially when mixed together in a
thread when some responds doing the mandaded bottom-posting style), it also thread when someone responds using the mandated bottom-posting style), it
makes it impossible to quote only parts of the original mail. also makes it impossible to quote only parts of the original mail.
When you reply to a mail. You let the mail client insert the previous mail When you reply to a mail. You let the mail client insert the previous mail
quoted. Then you put the cursor on the first line of the mail and you move quoted. Then you put the cursor on the first line of the mail and you move

View File

@@ -613,7 +613,7 @@ SFTP and SCP and PATH NAMES
FTP and firewalls FTP and firewalls
The FTP protocol requires one of the involved parties to open a second The FTP protocol requires one of the involved parties to open a second
connection as soon as data is about to get transfered. There are two ways to connection as soon as data is about to get transferred. There are two ways to
do this. do this.
The default way for curl is to issue the PASV command which causes the The default way for curl is to issue the PASV command which causes the

View File

@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@@ -36,7 +36,7 @@ EXTRA_DIST = MANUAL BUGS CONTRIBUTE FAQ FEATURES INTERNALS SSLCERTS \
README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \ README.win32 RESOURCES TODO TheArtOfHttpScripting THANKS VERSIONS \
KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \ KNOWN_BUGS BINDINGS $(man_MANS) $(HTMLPAGES) HISTORY INSTALL \
$(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \ $(PDFPAGES) LICENSE-MIXING README.netware DISTRO-DILEMMA INSTALL.devcpp \
MAIL-ETIQUETTE MAIL-ETIQUETTE HTTP-COOKIES
MAN2HTML= roffit < $< >$@ MAN2HTML= roffit < $< >$@

View File

@@ -65,7 +65,7 @@ Andrew Fuller
Andrew Moise Andrew Moise
Andrew Wansink Andrew Wansink
Andrew de los Reyes Andrew de los Reyes
Andr<EFBFBD>s Garc<EFBFBD>a Andrés García
Andy Cedilnik Andy Cedilnik
Andy Serpa Andy Serpa
Andy Tsouladze Andy Tsouladze
@@ -76,6 +76,7 @@ Anton Bychkov
Anton Kalmykov Anton Kalmykov
Arkadiusz Miskiewicz Arkadiusz Miskiewicz
Armel Asselin Armel Asselin
Arnaud Compan
Arnaud Ebalard Arnaud Ebalard
Arthur Murray Arthur Murray
Arve Knudsen Arve Knudsen
@@ -94,6 +95,7 @@ Ben Van Hof
Ben Winslow Ben Winslow
Benbuck Nason Benbuck Nason
Benjamin Gerard Benjamin Gerard
Benjamin Johnson
Bernard Leak Bernard Leak
Bernhard Reutner-Fischer Bernhard Reutner-Fischer
Bertrand Demiddelaer Bertrand Demiddelaer
@@ -102,7 +104,8 @@ Bill Hoffman
Bjoern Sikora Bjoern Sikora
Bjorn Augustsson Bjorn Augustsson
Bjorn Reese Bjorn Reese
Bj<EFBFBD>rn Stenberg Björn Stenberg
Blaise Potard
Bob Richmond Bob Richmond
Bob Schader Bob Schader
Bogdan Nicula Bogdan Nicula
@@ -171,6 +174,7 @@ Cris Bailiff
Cristian Rodriguez Cristian Rodriguez
Curt Bogmine Curt Bogmine
Cyrill Osterwalder Cyrill Osterwalder
Dag Ekengren
Dagobert Michelsen Dagobert Michelsen
Damien Adant Damien Adant
Dan Becker Dan Becker
@@ -184,11 +188,11 @@ Dan Zitter
Daniel Black Daniel Black
Daniel Cater Daniel Cater
Daniel Egger Daniel Egger
Daniel Fandrich
Daniel Johnson Daniel Johnson
Daniel Mentz Daniel Mentz
Daniel Steinberg Daniel Steinberg
Daniel Stenberg Daniel Stenberg
Daniel Theron
Daniel at touchtunes Daniel at touchtunes
Darryl House Darryl House
Darshan Mody Darshan Mody
@@ -311,7 +315,7 @@ Georg Lippitsch
Georg Wicherski Georg Wicherski
Gerd v. Egidy Gerd v. Egidy
Gerhard Herre Gerhard Herre
Gerrit Bruchh<EFBFBD>user Gerrit Bruchhäuser
Giancarlo Formicuccia Giancarlo Formicuccia
Giaslas Georgios Giaslas Georgios
Gil Weber Gil Weber
@@ -335,7 +339,7 @@ Guenter Knauf
Guillaume Arluison Guillaume Arluison
Gustaf Hui Gustaf Hui
Gwenole Beauchesne Gwenole Beauchesne
G<EFBFBD>tz Babin-Ebell Götz Babin-Ebell
Hamish Mackenzie Hamish Mackenzie
Hang Kin Lau Hang Kin Lau
Hanno Kranzhoff Hanno Kranzhoff
@@ -387,7 +391,9 @@ James MacMillan
Jamie Lokier Jamie Lokier
Jamie Newton Jamie Newton
Jamie Wilkinson Jamie Wilkinson
Jan Ehrhardt
Jan Kunder Jan Kunder
Jan Schaumann
Jan Van Boghout Jan Van Boghout
Jared Lundell Jared Lundell
Jari Sundell Jari Sundell
@@ -453,6 +459,7 @@ Jonas Forsman
Jonas Schnelli Jonas Schnelli
Jonatan Lander Jonatan Lander
Jonathan Hseu Jonathan Hseu
Jonathan Nieder
Jongki Suwandi Jongki Suwandi
Jose Kahan Jose Kahan
Josef Wolf Josef Wolf
@@ -461,18 +468,19 @@ Joshua Kwan
Josue Andrade Gomes Josue Andrade Gomes
Juan Barreto Juan Barreto
Juan F. Codagnone Juan F. Codagnone
Juan Ignacio Herv<EFBFBD>s Juan Ignacio Hervás
Judson Bishop Judson Bishop
Juergen Wilke Juergen Wilke
Jukka Pihl Jukka Pihl
Julian Noble Julian Noble
Julian Taylor
Julien Chaffraix Julien Chaffraix
Julien Royer Julien Royer
Jun-ichiro itojun Hagino Jun-ichiro itojun Hagino
Jurij Smakov Jurij Smakov
Justin Fletcher Justin Fletcher
J<EFBFBD>rg Mueller-Tolk Jörg Mueller-Tolk
J<EFBFBD>rn Hartroth Jörn Hartroth
Kai Sommerfeld Kai Sommerfeld
Kai-Uwe Rommel Kai-Uwe Rommel
Kalle Vahlman Kalle Vahlman
@@ -506,7 +514,7 @@ Kris Kennaway
Krishnendu Majumdar Krishnendu Majumdar
Krister Johansen Krister Johansen
Kristian Gunstone Kristian Gunstone
Kristian K<EFBFBD>hntopp Kristian Köhntopp
Kyle Sallee Kyle Sallee
Lachlan O'Dea Lachlan O'Dea
Larry Campbell Larry Campbell
@@ -523,6 +531,7 @@ Len Krause
Lenaic Lefever Lenaic Lefever
Lenny Rachitsky Lenny Rachitsky
Liam Healy Liam Healy
Lijo Antony
Linas Vepstas Linas Vepstas
Ling Thio Ling Thio
Linus Nielsen Feltzing Linus Nielsen Feltzing
@@ -544,6 +553,7 @@ Mandy Wu
Manfred Schwarb Manfred Schwarb
Manuel Massing Manuel Massing
Marc Boucher Marc Boucher
Marc Hoersken
Marc Kleine-Budde Marc Kleine-Budde
Marcel Roelofs Marcel Roelofs
Marcelo Juchem Marcelo Juchem
@@ -644,7 +654,7 @@ Nick Zitzmann
Nico Baggus Nico Baggus
Nicolas Berloquin Nicolas Berloquin
Nicolas Croiset Nicolas Croiset
Nicolas Fran<EFBFBD>ois Nicolas François
Niels van Tongeren Niels van Tongeren
Nikita Schmidt Nikita Schmidt
Nikitinskit Dmitriy Nikitinskit Dmitriy
@@ -658,8 +668,9 @@ Nodak Sodak
Norbert Frese Norbert Frese
Norbert Novotny Norbert Novotny
Ofer Ofer
Olaf Flebbe
Olaf Stueben Olaf Stueben
Olaf St<EFBFBD>ben Olaf Stüben
Oren Tirosh Oren Tirosh
Ori Avtalion Ori Avtalion
P R Schaffner P R Schaffner
@@ -714,6 +725,7 @@ Philippe Raoult
Philippe Vaucher Philippe Vaucher
Pierre Pierre
Pierre Brico Pierre Brico
Pierre Chapuis
Pierre Joye Pierre Joye
Pierre Ynard Pierre Ynard
Pooyan McSporran Pooyan McSporran
@@ -772,11 +784,13 @@ Robin Johnson
Robin Kay Robin Kay
Robson Braga Araujo Robson Braga Araujo
Rodney Simmons Rodney Simmons
Rodrigo Silva
Roland Blom Roland Blom
Roland Krikava Roland Krikava
Roland Zimmermann Roland Zimmermann
Rolland Dudemaine Rolland Dudemaine
Roman Koifman Roman Koifman
Roman Mamedov
Ron Zapp Ron Zapp
Rosimildo da Silva Rosimildo da Silva
Roy Shan Roy Shan
@@ -787,11 +801,11 @@ Ryan Chan
Ryan Nelson Ryan Nelson
Ryan Schmidt Ryan Schmidt
S. Moonesamy S. Moonesamy
Salvador D<EFBFBD>vila Salvador Dávila
Salvatore Sorrentino Salvatore Sorrentino
Sam Listopad Sam Listopad
Sampo Kellomaki Sampo Kellomaki
Samuel D<EFBFBD>az Garc<EFBFBD>a Samuel Díaz García
Samuel Listopad Samuel Listopad
Samuel Thibault Samuel Thibault
Sander Gates Sander Gates
@@ -849,11 +863,12 @@ Stoned Elipot
Sven Anders Sven Anders
Sven Neuhaus Sven Neuhaus
Sven Wegener Sven Wegener
S<EFBFBD>bastien Willemijns Sébastien Willemijns
T. Bharath T. Bharath
T. Yamada T. Yamada
Taneli Vahakangas Taneli Vahakangas
Tanguy Fautre Tanguy Fautre
Tatsuhiro Tsujikawa
Temprimus Temprimus
Thomas J. Moore Thomas J. Moore
Thomas Klausner Thomas Klausner
@@ -867,10 +882,11 @@ Tim Bartley
Tim Chen Tim Chen
Tim Costello Tim Costello
Tim Harder Tim Harder
Tim Heckman
Tim Newsome Tim Newsome
Tim Sneddon Tim Sneddon
Tinus van den Berg Tinus van den Berg
Tobias Rundstr<EFBFBD>m Tobias Rundström
Toby Peterson Toby Peterson
Todd A Ouska Todd A Ouska
Todd Kulesza Todd Kulesza
@@ -901,7 +917,7 @@ Traian Nicolescu
Troels Walsted Hansen Troels Walsted Hansen
Troy Engel Troy Engel
Tupone Alfredo Tupone Alfredo
Ulf H<EFBFBD>rnhammar Ulf Härnhammar
Ulrich Zadow Ulrich Zadow
Venkat Akella Venkat Akella
Victor Snezhko Victor Snezhko

210
docs/TODO
View File

@@ -62,56 +62,63 @@
8.4 non-gcrypt 8.4 non-gcrypt
9. SMTP 9. SMTP
9.1 Other authentication mechanims 9.1 Other authentication mechanisms
9.2 Specify the preferred authentication mechanism 9.2 Specify the preferred authentication mechanism
9.3 Initial response 9.3 Initial response
9.4 Pipelining 9.4 Pipelining
10. POP3 10. POP3
10.1 APOP Authentication 10.1 APOP Authentication
10.2 Other authentication mechanims 10.2 SASL based authentication mechanisms
10.3 auth= in URLs 10.3 auth= in URLs
11. Other protocols 11. IMAP
11.1 SASL based authentication mechanisms
12. LDAP
12.1 SASL based authentication mechanisms
13. Other protocols
12. New protocols 14. New protocols
12.1 RSYNC 14.1 RSYNC
13. Client 15. Client
13.1 sync 15.1 sync
13.2 glob posts 15.2 glob posts
13.3 prevent file overwriting 15.3 prevent file overwriting
13.4 simultaneous parallel transfers 15.4 simultaneous parallel transfers
13.5 provide formpost headers 15.5 provide formpost headers
13.6 url-specific options 15.6 url-specific options
13.7 metalink support 15.7 metalink support
13.8 warning when setting an option 15.8 warning when setting an option
13.9 IPv6 addresses with globbing 15.9 IPv6 addresses with globbing
14. Build 16. Build
14.1 roffit 16.1 roffit
15. Test suite 17. Test suite
15.1 SSL tunnel 17.1 SSL tunnel
15.2 nicer lacking perl message 17.2 nicer lacking perl message
15.3 more protocols supported 17.3 more protocols supported
15.4 more platforms supported 17.4 more platforms supported
16. Next SONAME bump 18. Next SONAME bump
16.1 http-style HEAD output for ftp 18.1 http-style HEAD output for ftp
16.2 combine error codes 18.2 combine error codes
16.3 extend CURLOPT_SOCKOPTFUNCTION prototype 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
17. Next major release 19. Next major release
17.1 cleanup return codes 19.1 cleanup return codes
17.2 remove obsolete defines 19.2 remove obsolete defines
17.3 size_t 19.3 size_t
17.4 remove several functions 19.4 remove several functions
17.5 remove CURLOPT_FAILONERROR 19.5 remove CURLOPT_FAILONERROR
17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
17.7 remove progress meter from libcurl 19.7 remove progress meter from libcurl
17.8 remove 'curl_httppost' from public 19.8 remove 'curl_httppost' from public
17.9 have form functions use CURL handle argument 19.9 have form functions use CURL handle argument
19.10 Add CURLOPT_MAIL_CLIENT option
============================================================================== ==============================================================================
@@ -373,30 +380,29 @@ to provide the data to send.
9. SMTP 9. SMTP
9.1 Other authentication mechanims 9.1 Other authentication mechanisms
Add support for other authentication mechanisms such as digest-md5 and Add support for gssapi.
gssapi.
9.2 Specify the preferred authentication mechanism 9.2 Specify the preferred authentication mechanism
Add the ability to specify the preferred authentication mechanism or a list Add the ability to specify the preferred authentication mechanism or a list
of mechanims that should be used. Not only that, but the order that is of mechanisms that should be used. Not only that, but the order that is
returned by the server during the EHLO response should be honored by curl. returned by the server during the EHLO response should be honored by curl.
9.3 Initial response 9.3 Initial response
Add the ability for the user to specify whether the initial response is Add the ability for the user to specify whether the initial response is
included in the AUTH command. Some email servers, such as Microsoft included in the AUTH command. Some email servers, such as Microsoft
Exchange, can work with either whilst others need to have the initial Exchange, can work with either whilst others need to have the initial
response sent separately: response sent separately:
http://curl.haxx.se/mail/lib-2012-03/0114.html http://curl.haxx.se/mail/lib-2012-03/0114.html
9.4 Pipelining 9.4 Pipelining
Add support for pipelining emails. Add support for pipelining emails.
10. POP3 10. POP3
10.1 APOP Authentication 10.1 APOP Authentication
@@ -405,31 +411,49 @@ to provide the data to send.
(USER and PASS) as this is very week security wise. Note: The APOP command (USER and PASS) as this is very week security wise. Note: The APOP command
is specified as "APOP <username> <md5 password>", however, it isn't is specified as "APOP <username> <md5 password>", however, it isn't
supported by all mail servers. supported by all mail servers.
10.2 Other authentication mechanims 10.2 SASL authentication mechanisms
SASL offers support for additional authentication mechanisms via the AUTH SASL offers support for additional authentication mechanisms via the AUTH
command. Detection of an email server's support for SASL authentication command. Detection of an email server's support for SASL authentication
can be detected via the CAPA command whilst a list of supported mechanisms can be detected via the CAPA command whilst a list of supported mechanisms
can be retrieved with an empty AUTH command. can be retrieved with an empty AUTH command.
10.3 auth= in URLs 10.3 auth= in URLs
Being able to specify the preferred authentication mechanim in the URL as Being able to specify the preferred authentication mechanism in the URL as
per RFC-2384 (http://tools.ietf.org/html/rfc2384). per RFC2384.
11. Other protocols
12. New protocols 11. IMAP
12.1 RSYNC 11.1 SASL based authentication mechanisms
Like POP3 curl currently sends usernames and passwords as clear text.
Support should also be added to support SASL based authentication mechanisms
as these are more secure.
12. LDAP
12.1 SASL based authentication mechansims
Currently the LDAP module only supports ldap_simple_bind_s() in order to bind
to an LDAP server. However, this function sends username and password details
using the simple authentication mechanism (as clear text). However, it should
be possible to use ldap_bind_s() instead specifing the security context
information ourselves.
13. Other protocols
14. New protocols
14.1 RSYNC
There's no RFC for the protocol or an URI/URL format. An implementation There's no RFC for the protocol or an URI/URL format. An implementation
should most probably use an existing rsync library, such as librsync. should most probably use an existing rsync library, such as librsync.
13. Client 15. Client
13.1 sync 15.1 sync
"curl --sync http://example.com/feed[1-100].rss" or "curl --sync http://example.com/feed[1-100].rss" or
"curl --sync http://example.net/{index,calendar,history}.html" "curl --sync http://example.net/{index,calendar,history}.html"
@@ -438,12 +462,12 @@ to provide the data to send.
remote file is newer than the local file. A Last-Modified HTTP date header remote file is newer than the local file. A Last-Modified HTTP date header
should also be used to set the mod date on the downloaded file. should also be used to set the mod date on the downloaded file.
13.2 glob posts 15.2 glob posts
Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'. Globbing support for -d and -F, as in 'curl -d "name=foo[0-9]" URL'.
This is easily scripted though. This is easily scripted though.
13.3 prevent file overwriting 15.3 prevent file overwriting
Add an option that prevents cURL from overwriting existing local files. When Add an option that prevents cURL from overwriting existing local files. When
used, and there already is an existing file with the target file name used, and there already is an existing file with the target file name
@@ -451,14 +475,14 @@ to provide the data to send.
existing). So that index.html becomes first index.html.1 and then existing). So that index.html becomes first index.html.1 and then
index.html.2 etc. index.html.2 etc.
13.4 simultaneous parallel transfers 15.4 simultaneous parallel transfers
The client could be told to use maximum N simultaneous parallel transfers and The client could be told to use maximum N simultaneous parallel transfers and
then just make sure that happens. It should of course not make more than one then just make sure that happens. It should of course not make more than one
connection to the same remote host. This would require the client to use the connection to the same remote host. This would require the client to use the
multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595 multi interface. http://curl.haxx.se/bug/feature.cgi?id=1558595
13.5 provide formpost headers 15.5 provide formpost headers
Extending the capabilities of the multipart formposting. How about leaving Extending the capabilities of the multipart formposting. How about leaving
the ';type=foo' syntax as it is and adding an extra tag (headers) which the ';type=foo' syntax as it is and adding an extra tag (headers) which
@@ -472,7 +496,7 @@ to provide the data to send.
which should overwrite the program reasonable defaults (plain/text, which should overwrite the program reasonable defaults (plain/text,
8bit...) 8bit...)
13.6 url-specific options 15.6 url-specific options
Provide a way to make options bound to a specific URL among several on the Provide a way to make options bound to a specific URL among several on the
command line. Possibly by letting ':' separate options between URLs, command line. Possibly by letting ':' separate options between URLs,
@@ -486,62 +510,62 @@ to provide the data to send.
The example would do a POST-GET-POST combination on a single command line. The example would do a POST-GET-POST combination on a single command line.
13.7 metalink support 15.7 metalink support
Add metalink support to curl (http://www.metalinker.org/). This is most useful Add metalink support to curl (http://www.metalinker.org/). This is most useful
with simultaneous parallel transfers (11.6) but not necessary. with simultaneous parallel transfers (11.6) but not necessary.
13.8 warning when setting an option 15.8 warning when setting an option
Display a warning when libcurl returns an error when setting an option. Display a warning when libcurl returns an error when setting an option.
This can be useful to tell when support for a particular feature hasn't been This can be useful to tell when support for a particular feature hasn't been
compiled into the library. compiled into the library.
13.9 IPv6 addresses with globbing 15.9 IPv6 addresses with globbing
Currently the command line client needs to get url globbing disabled (with Currently the command line client needs to get url globbing disabled (with
-g) for it to support IPv6 numerical addresses. This is a rather silly flaw -g) for it to support IPv6 numerical addresses. This is a rather silly flaw
that should be corrected. It probably involves a smarter detection of the that should be corrected. It probably involves a smarter detection of the
'[' and ']' letters. '[' and ']' letters.
14. Build 16. Build
14.1 roffit 16.1 roffit
Consider extending 'roffit' to produce decent ASCII output, and use that Consider extending 'roffit' to produce decent ASCII output, and use that
instead of (g)nroff when building src/hugehelp.c instead of (g)nroff when building src/hugehelp.c
15. Test suite 17. Test suite
15.1 SSL tunnel 17.1 SSL tunnel
Make our own version of stunnel for simple port forwarding to enable HTTPS Make our own version of stunnel for simple port forwarding to enable HTTPS
and FTP-SSL tests without the stunnel dependency, and it could allow us to and FTP-SSL tests without the stunnel dependency, and it could allow us to
provide test tools built with either OpenSSL or GnuTLS provide test tools built with either OpenSSL or GnuTLS
15.2 nicer lacking perl message 17.2 nicer lacking perl message
If perl wasn't found by the configure script, don't attempt to run the tests If perl wasn't found by the configure script, don't attempt to run the tests
but explain something nice why it doesn't. but explain something nice why it doesn't.
15.3 more protocols supported 17.3 more protocols supported
Extend the test suite to include more protocols. The telnet could just do ftp Extend the test suite to include more protocols. The telnet could just do ftp
or http operations (for which we have test servers). or http operations (for which we have test servers).
15.4 more platforms supported 17.4 more platforms supported
Make the test suite work on more platforms. OpenBSD and Mac OS. Remove Make the test suite work on more platforms. OpenBSD and Mac OS. Remove
fork()s and it should become even more portable. fork()s and it should become even more portable.
16. Next SONAME bump 18. Next SONAME bump
16.1 http-style HEAD output for ftp 18.1 http-style HEAD output for ftp
#undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers #undef CURL_FTP_HTTPSTYLE_HEAD in lib/ftp.c to remove the HTTP-style headers
from being output in NOBODY requests over ftp from being output in NOBODY requests over ftp
16.2 combine error codes 18.2 combine error codes
Combine some of the error codes to remove duplicates. The original Combine some of the error codes to remove duplicates. The original
numbering should not be changed, and the old identifiers would be numbering should not be changed, and the old identifiers would be
@@ -551,37 +575,44 @@ to provide the data to send.
Candidates for removal and their replacements: Candidates for removal and their replacements:
CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND CURLE_FILE_COULDNT_READ_FILE => CURLE_REMOTE_FILE_NOT_FOUND
CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND CURLE_FTP_COULDNT_RETR_FILE => CURLE_REMOTE_FILE_NOT_FOUND
CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR CURLE_FTP_COULDNT_USE_REST => CURLE_RANGE_ERROR
CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT CURLE_FUNCTION_NOT_FOUND => CURLE_FAILED_INIT
CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT CURLE_LDAP_INVALID_URL => CURLE_URL_MALFORMAT
CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL CURLE_TFTP_NOSUCHUSER => CURLE_TFTP_ILLEGAL
CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND CURLE_TFTP_NOTFOUND => CURLE_REMOTE_FILE_NOT_FOUND
CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED CURLE_TFTP_PERM => CURLE_REMOTE_ACCESS_DENIED
16.3 extend CURLOPT_SOCKOPTFUNCTION prototype 18.3 extend CURLOPT_SOCKOPTFUNCTION prototype
The current prototype only provides 'purpose' that tells what the The current prototype only provides 'purpose' that tells what the
connection/socket is for, but not any protocol or similar. It makes it hard connection/socket is for, but not any protocol or similar. It makes it hard
for applications to differentiate on TCP vs UDP and even HTTP vs FTP and for applications to differentiate on TCP vs UDP and even HTTP vs FTP and
similar. similar.
17. Next major release 19. Next major release
17.1 cleanup return codes 19.1 cleanup return codes
curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a curl_easy_cleanup() returns void, but curl_multi_cleanup() returns a
CURLMcode. These should be changed to be the same. CURLMcode. These should be changed to be the same.
17.2 remove obsolete defines 19.2 remove obsolete defines
remove obsolete defines from curl/curl.h remove obsolete defines from curl/curl.h
17.3 size_t 19.3 size_t
make several functions use size_t instead of int in their APIs make several functions use size_t instead of int in their APIs
17.4 remove several functions 19.4 remove several functions
remove the following functions from the public API: remove the following functions from the public API:
@@ -602,18 +633,18 @@ to provide the data to send.
curl_multi_socket_all curl_multi_socket_all
17.5 remove CURLOPT_FAILONERROR 19.5 remove CURLOPT_FAILONERROR
Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird Remove support for CURLOPT_FAILONERROR, it has gotten too kludgy and weird
internally. Let the app judge success or not for itself. internally. Let the app judge success or not for itself.
17.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE 19.6 remove CURLOPT_DNS_USE_GLOBAL_CACHE
Remove support for a global DNS cache. Anything global is silly, and we Remove support for a global DNS cache. Anything global is silly, and we
already offer the share interface for the same functionality but done already offer the share interface for the same functionality but done
"right". "right".
17.7 remove progress meter from libcurl 19.7 remove progress meter from libcurl
The internally provided progress meter output doesn't belong in the library. The internally provided progress meter output doesn't belong in the library.
Basically no application wants it (apart from curl) but instead applications Basically no application wants it (apart from curl) but instead applications
@@ -623,7 +654,7 @@ to provide the data to send.
variable types passed to it instead of doubles so that big files work variable types passed to it instead of doubles so that big files work
correctly. correctly.
17.8 remove 'curl_httppost' from public 19.8 remove 'curl_httppost' from public
curl_formadd() was made to fill in a public struct, but the fact that the curl_formadd() was made to fill in a public struct, but the fact that the
struct is public is never really used by application for their own advantage struct is public is never really used by application for their own advantage
@@ -632,10 +663,21 @@ to provide the data to send.
Changing them to return a private handle will benefit the implementation and Changing them to return a private handle will benefit the implementation and
allow us much greater freedoms while still maintining a solid API and ABI. allow us much greater freedoms while still maintining a solid API and ABI.
17.9 have form functions use CURL handle argument 19.9 have form functions use CURL handle argument
curl_formadd() and curl_formget() both currently have no CURL handle curl_formadd() and curl_formget() both currently have no CURL handle
argument, but both can use a callback that is set in the easy handle, and argument, but both can use a callback that is set in the easy handle, and
thus curl_formget() with callback cannot function without first having thus curl_formget() with callback cannot function without first having
curl_easy_perform() (or similar) called - which is hard to grasp and a design curl_easy_perform() (or similar) called - which is hard to grasp and a design
mistake. mistake.
19.10 Add CURLOPT_MAIL_CLIENT option
Rather than use the URL to specify the mail client string to present in the
HELO and EHLO commands, libcurl should support a new CURLOPT specifically for
specifing this data as the URL is non-standard and to be honest a bit of a
hack ;-)
Please see the following thread for more information:
http://curl.haxx.se/mail/lib-2012-05/0178.html

View File

@@ -35,8 +35,8 @@ command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user curl offers a busload of useful tricks like proxy support, user
authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer
resume and more. As you will see below, the number of features will make your resume, Metalink, and more. As you will see below, the number of features will
head spin! make your head spin!
curl is powered by libcurl for all transfer-related features. See curl is powered by libcurl for all transfer-related features. See
.BR libcurl (3) .BR libcurl (3)
@@ -832,6 +832,31 @@ is used, this option can be used to prevent curl from following redirections
option to -1 to make it limitless. option to -1 to make it limitless.
If this option is used several times, the last one will be used. If this option is used several times, the last one will be used.
.IP "--metalink"
This option can tell curl to parse and process a given URI as Metalink file (both
version 3 and 4 (RFC 5854) are supported) and make use of the mirrors
listed within for failover if there are errors (such as the file or
server not being available). It will also verify the hashe of the file
after the download completes. The Metalink file itself is downloaded
and processed in memory and not stored in the local file system.
Example to use a remote Metalink file:
\fBcurl\fP --metalink http://www.example.com/example.metalink
To use a Metalink file in the local file system, use FILE protocol
(file://):
\fBcurl\fP --metalink file://example.metalink
Please note that if FILE protocol is disabled, there is no way to use
a local Metalink file at the time of this writing. Also note that If
--metalink and --include are used together, --include will be
ignored. This is because including headers in the response will break
Metalink parser and if the headers are included in the file described
in Metalink file, hash check will fail.
(Added in 7.27.0, if built against the libmetalink library.)
.IP "-n, --netrc" .IP "-n, --netrc"
Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's Makes curl scan the \fI.netrc\fP (\fI_netrc\fP on Windows) file in the user's
home directory for login name and password. This is typically used for FTP on home directory for login name and password. This is typically used for FTP on
@@ -1223,7 +1248,7 @@ using \fI--retry-delay\fP you disable this exponential backoff algorithm. See
also \fI--retry-max-time\fP to limit the total time allowed for also \fI--retry-max-time\fP to limit the total time allowed for
retries. (Added in 7.12.3) retries. (Added in 7.12.3)
If this option is used multiple times, the last occurrence decide the amount. If this option is used multiple times, the last occurrence determines the amount.
.IP "--retry-delay <seconds>" .IP "--retry-delay <seconds>"
Make curl sleep this amount of time before each retry when a transfer has Make curl sleep this amount of time before each retry when a transfer has
failed with a transient error (it changes the default backoff time algorithm failed with a transient error (it changes the default backoff time algorithm
@@ -1693,6 +1718,10 @@ SSPI is supported. If you use NTLM and set a blank user name, curl will
authenticate with your current user and password. authenticate with your current user and password.
.IP "TLS-SRP" .IP "TLS-SRP"
SRP (Secure Remote Password) authentication is supported for TLS. SRP (Secure Remote Password) authentication is supported for TLS.
.IP "Metalink"
This curl supports Metalink (both version 3 and 4 (RFC 5854)), which
describes mirrors and hashes. curl will use mirrors for failover if
there are errors (such as the file or server not being available).
.RE .RE
.SH FILES .SH FILES
.I ~/.curlrc .I ~/.curlrc

View File

@@ -40,12 +40,6 @@ endif
ifndef OPENSSL_PATH ifndef OPENSSL_PATH
OPENSSL_PATH = ../../../openssl-0.9.8x OPENSSL_PATH = ../../../openssl-0.9.8x
endif endif
ifndef OPENSSL_LIBPATH
OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
endif
ifndef OPENSSL_LIBS
OPENSSL_LIBS = -leay32 -lssl32
endif
# Edit the path below to point to the base of your LibSSH2 package. # Edit the path below to point to the base of your LibSSH2 package.
ifndef LIBSSH2_PATH ifndef LIBSSH2_PATH
LIBSSH2_PATH = ../../../libssh2-1.4.2 LIBSSH2_PATH = ../../../libssh2-1.4.2
@@ -81,19 +75,44 @@ ifndef ARCH
ARCH = w32 ARCH = w32
endif endif
CC = gcc CC = $(CROSSPREFIX)gcc
CFLAGS = -g -O2 -Wall CFLAGS = -g -O2 -Wall
CFLAGS += -fno-strict-aliasing CFLAGS += -fno-strict-aliasing
ifeq ($(ARCH),w64) ifeq ($(ARCH),w64)
CFLAGS += -D_AMD64_ CFLAGS += -D_AMD64_
endif endif
# comment LDFLAGS below to keep debug info # comment LDFLAGS below to keep debug info
LDFLAGS = -s LDFLAGS = -s
RC = windres RC = $(CROSSPREFIX)windres
RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i RCFLAGS = --include-dir=$(PROOT)/include -O COFF -i
RM = del /q /f 2>NUL # Platform-dependent helper tool macros
CP = copy ifeq ($(findstring /sh,$(SHELL)),/sh)
DEL = rm -f $1
RMDIR = rm -fr $1
MKDIR = mkdir -p $1
COPY = -cp -afv $1 $2
#COPYR = -cp -afr $1/* $2
COPYR = -rsync -aC $1/* $2
TOUCH = touch $1
CAT = cat
ECHONL = echo ""
DL = '
else
ifeq "$(OS)" "Windows_NT"
DEL = -del 2>NUL /q /f $(subst /,\,$1)
RMDIR = -rd 2>NUL /q /s $(subst /,\,$1)
else
DEL = -del 2>NUL $(subst /,\,$1)
RMDIR = -deltree 2>NUL /y $(subst /,\,$1)
endif
MKDIR = -md 2>NUL $(subst /,\,$1)
COPY = -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
COPYR = -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
TOUCH = copy 2>&1>NUL /b $(subst /,\,$1) +,,
CAT = type
ECHONL = $(ComSpec) /c echo.
endif
######################################################## ########################################################
## Nothing more to do below this line! ## Nothing more to do below this line!
@@ -138,6 +157,13 @@ endif
ifeq ($(findstring -ipv6,$(CFG)),-ipv6) ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
IPV6 = 1 IPV6 = 1
endif endif
ifeq ($(findstring -metalink,$(CFG)),-metalink)
METALINK = 1
endif
ifeq ($(findstring -winssl,$(CFG)),-winssl)
SCHANNEL = 1
SSPI = 1
endif
INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib INCLUDES = -I. -I$(PROOT) -I$(PROOT)/include -I$(PROOT)/lib
@@ -148,6 +174,7 @@ else
curl_DEPENDENCIES = $(PROOT)/lib/libcurl.a curl_DEPENDENCIES = $(PROOT)/lib/libcurl.a
curl_LDADD = -L$(PROOT)/lib -lcurl curl_LDADD = -L$(PROOT)/lib -lcurl
CFLAGS += -DCURL_STATICLIB CFLAGS += -DCURL_STATICLIB
LDFLAGS += -static
endif endif
ifdef ARES ifdef ARES
ifndef DYN ifndef DYN
@@ -165,7 +192,22 @@ ifdef SSH2
curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2 curl_LDADD += -L"$(LIBSSH2_PATH)/win32" -lssh2
endif endif
ifdef SSL ifdef SSL
CFLAGS += -DUSE_SSLEAY -DHAVE_OPENSSL_ENGINE_H ifndef OPENSSL_LIBPATH
OPENSSL_LIBS = -lssl -lcrypto
ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
ifdef DYN
OPENSSL_LIBS = -lssl32 -leay32
endif
endif
ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
endif
endif
ifndef DYN
OPENSSL_LIBS += -lgdi32 -lcrypt32
endif
CFLAGS += -DUSE_SSLEAY
curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS) curl_LDADD += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
endif endif
ifdef ZLIB ifdef ZLIB
@@ -184,6 +226,9 @@ endif
endif endif
ifdef SSPI ifdef SSPI
CFLAGS += -DUSE_WINDOWS_SSPI CFLAGS += -DUSE_WINDOWS_SSPI
ifdef SCHANNEL
CFLAGS += -DUSE_SCHANNEL
endif
endif endif
ifdef SPNEGO ifdef SPNEGO
CFLAGS += -DHAVE_SPNEGO CFLAGS += -DHAVE_SPNEGO
@@ -215,6 +260,8 @@ include Makefile.inc
check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS))) check_PROGRAMS := $(patsubst %,%.exe,$(strip $(check_PROGRAMS)))
check_PROGRAMS += ftpuploadresume.exe synctime.exe check_PROGRAMS += ftpuploadresume.exe synctime.exe
.PRECIOUS: %.o
all: $(check_PROGRAMS) all: $(check_PROGRAMS)
@@ -228,8 +275,8 @@ all: $(check_PROGRAMS)
$(RC) $(RCFLAGS) $< -o $@ $(RC) $(RCFLAGS) $< -o $@
clean: clean:
-$(RM) $(check_PROGRAMS:.exe=.o) @$(call DEL, $(check_PROGRAMS:.exe=.o))
distclean vclean: clean distclean vclean: clean
-$(RM) $(check_PROGRAMS) @$(call DEL, $(check_PROGRAMS))

View File

@@ -162,6 +162,10 @@ int main(int argc, char **argv)
/* Now run off and do what you've been told! */ /* Now run off and do what you've been told! */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -132,6 +132,10 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/"); curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -64,14 +64,21 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK) {
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* now extract transfer info */ }
curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed_upload); else {
curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total_time); /* now extract transfer info */
curl_easy_getinfo(curl, CURLINFO_SPEED_UPLOAD, &speed_upload);
curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &total_time);
fprintf(stderr, "Speed: %.3f bytes/sec during %.3f seconds\n", fprintf(stderr, "Speed: %.3f bytes/sec during %.3f seconds\n",
speed_upload, total_time); speed_upload, total_time);
}
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
} }

View File

@@ -60,6 +60,10 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response); curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, write_response);
curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile); curl_easy_setopt(curl, CURLOPT_WRITEHEADER, respfile);
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -122,6 +122,10 @@ int main(void)
/* Now run off and do what you've been told! */ /* Now run off and do what you've been told! */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* clean up the FTP commands list */ /* clean up the FTP commands list */
curl_slist_free_all (headerlist); curl_slist_free_all (headerlist);

View File

@@ -27,6 +27,10 @@ int main(void)
CURL *curl; CURL *curl;
CURLcode res; CURLcode res;
/* In windows, this will init the winsock stuff */
curl_global_init(CURL_GLOBAL_ALL);
/* get a curl handle */
curl = curl_easy_init(); curl = curl_easy_init();
if(curl) { if(curl) {
/* First set the URL that is about to receive our POST. This URL can /* First set the URL that is about to receive our POST. This URL can
@@ -38,9 +42,14 @@ int main(void)
/* Perform the request, res will get the return code */ /* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
} }
curl_global_cleanup();
return 0; return 0;
} }

View File

@@ -38,10 +38,18 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_URL, "localhost"); curl_easy_setopt(curl, CURLOPT_URL, "localhost");
curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L);
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* redo request with our own custom Accept: */ /* redo request with our own custom Accept: */
res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk); res = curl_easy_setopt(curl, CURLOPT_HTTPHEADER, chunk);
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -110,6 +110,10 @@ int main(int argc, char **argv)
/* Now run off and do what you've been told! */ /* Now run off and do what you've been told! */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -55,7 +55,12 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
#endif #endif
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -37,12 +37,24 @@ int main(void)
/* get the first document */ /* get the first document */
curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/"); curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/");
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* get another document from the same server using the same /* get another document from the same server using the same
connection */ connection */
curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/docs/"); curl_easy_setopt(curl, CURLOPT_URL, "http://example.com/docs/");
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -59,7 +59,12 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
#endif #endif
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -59,7 +59,12 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L);
#endif #endif
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -60,6 +60,16 @@ int main(void)
pooh.readptr = data; pooh.readptr = data;
pooh.sizeleft = strlen(data); pooh.sizeleft = strlen(data);
/* In windows, this will init the winsock stuff */
res = curl_global_init(CURL_GLOBAL_DEFAULT);
/* Check for errors */
if(res != CURLE_OK) {
fprintf(stderr, "curl_global_init() failed: %s\n",
curl_easy_strerror(res));
return 1;
}
/* get a curl handle */
curl = curl_easy_init(); curl = curl_easy_init();
if(curl) { if(curl) {
/* First set the URL that is about to receive our POST. */ /* First set the URL that is about to receive our POST. */
@@ -120,9 +130,14 @@ int main(void)
/* Perform the request, res will get the return code */ /* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);
} }
curl_global_cleanup();
return 0; return 0;
} }

View File

@@ -83,7 +83,13 @@ int main(int argc, char *argv[])
/* only disable 100-continue header if explicitly requested */ /* only disable 100-continue header if explicitly requested */
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headerlist);
curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost); curl_easy_setopt(curl, CURLOPT_HTTPPOST, formpost);
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -30,7 +30,13 @@ int main(void)
curl = curl_easy_init(); curl = curl_easy_init();
if(curl) { if(curl) {
curl_easy_setopt(curl, CURLOPT_URL, "http://example.com"); curl_easy_setopt(curl, CURLOPT_URL, "http://example.com");
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -39,7 +39,12 @@ int main(void)
itself */ itself */
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis)); curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, (long)strlen(postthis));
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* always cleanup */ /* always cleanup */
curl_easy_cleanup(curl); curl_easy_cleanup(curl);

View File

@@ -65,6 +65,10 @@ int main(void)
/* send the message (including headers) */ /* send the message (including headers) */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* free the list of recipients */ /* free the list of recipients */
curl_slist_free_all(recipients); curl_slist_free_all(recipients);

View File

@@ -118,7 +118,13 @@ int main(void)
/* disconnect if we can't validate server's cert */ /* disconnect if we can't validate server's cert */
curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L); curl_easy_setopt(curl,CURLOPT_SSL_VERIFYPEER,1L);
/* Perform the request, res will get the return code */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
break; /* we are done... */ break; /* we are done... */
} }
/* always cleanup */ /* always cleanup */

View File

@@ -96,7 +96,6 @@ int main(void)
CURLM *mcurl; CURLM *mcurl;
int still_running = 1; int still_running = 1;
struct timeval mp_start; struct timeval mp_start;
char mp_timedout = 0;
struct WriteThis pooh; struct WriteThis pooh;
struct curl_slist* rcpt_list = NULL; struct curl_slist* rcpt_list = NULL;
@@ -132,7 +131,6 @@ int main(void)
curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L); curl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
curl_multi_add_handle(mcurl, curl); curl_multi_add_handle(mcurl, curl);
mp_timedout = 0;
mp_start = tvnow(); mp_start = tvnow();
/* we start some action by calling perform right away */ /* we start some action by calling perform right away */

View File

@@ -139,6 +139,10 @@ int main(void)
/* send the message (including headers) */ /* send the message (including headers) */
res = curl_easy_perform(curl); res = curl_easy_perform(curl);
/* Check for errors */
if(res != CURLE_OK)
fprintf(stderr, "curl_easy_perform() failed: %s\n",
curl_easy_strerror(res));
/* free the list of recipients and clean up */ /* free the list of recipients and clean up */
curl_slist_free_all(recipients); curl_slist_free_all(recipients);

View File

@@ -69,7 +69,7 @@ output. This is only relevant for protocols that actually have headers
preceding the data (like HTTP). preceding the data (like HTTP).
.IP CURLOPT_NOPROGRESS .IP CURLOPT_NOPROGRESS
Pass a long. If set to 1, it tells the library to shut off the progress meter Pass a long. If set to 1, it tells the library to shut off the progress meter
completely. It will also present the \fICURLOPT_PROGRESSFUNCTION\fP from completely. It will also prevent the \fICURLOPT_PROGRESSFUNCTION\fP from
getting called. getting called.
Future versions of libcurl are likely to not have any built-in progress meter Future versions of libcurl are likely to not have any built-in progress meter
@@ -147,10 +147,10 @@ Using the rules above, a file name pattern can be constructed:
(This was added in 7.21.0) (This was added in 7.21.0)
.SH CALLBACK OPTIONS .SH CALLBACK OPTIONS
.IP CURLOPT_WRITEFUNCTION .IP CURLOPT_WRITEFUNCTION
Function pointer that should match the following prototype: \fBsize_t Pass a pointer to a function that matches the following prototype:
function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP This \fBsize_t function( char *ptr, size_t size, size_t nmemb, void *userdata);\fP
function gets called by libcurl as soon as there is data received that needs This function gets called by libcurl as soon as there is data received that
to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP needs to be saved. The size of the data pointed to by \fIptr\fP is \fIsize\fP
multiplied with \fInmemb\fP, it will not be zero terminated. Return the number multiplied with \fInmemb\fP, it will not be zero terminated. Return the number
of bytes actually taken care of. If that amount differs from the amount passed of bytes actually taken care of. If that amount differs from the amount passed
to your function, it'll signal an error to the library. This will abort the to your function, it'll signal an error to the library. This will abort the
@@ -193,11 +193,11 @@ crashes.
This option is also known with the older name \fICURLOPT_FILE\fP, the name This option is also known with the older name \fICURLOPT_FILE\fP, the name
\fICURLOPT_WRITEDATA\fP was introduced in 7.9.7. \fICURLOPT_WRITEDATA\fP was introduced in 7.9.7.
.IP CURLOPT_READFUNCTION .IP CURLOPT_READFUNCTION
Function pointer that should match the following prototype: \fBsize_t Pass a pointer to a function that matches the following prototype:
function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP This \fBsize_t function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP
function gets called by libcurl as soon as it needs to read data in order to This function gets called by libcurl as soon as it needs to read data in order
send it to the peer. The data area pointed at by the pointer \fIptr\fP may be to send it to the peer. The data area pointed at by the pointer \fIptr\fP may
filled with at most \fIsize\fP multiplied with \fInmemb\fP number of be filled with at most \fIsize\fP multiplied with \fInmemb\fP number of
bytes. Your function must return the actual number of bytes that you stored in bytes. Your function must return the actual number of bytes that you stored in
that memory area. Returning 0 will signal end-of-file to the library and cause that memory area. Returning 0 will signal end-of-file to the library and cause
it to stop the current transfer. it to stop the current transfer.
@@ -234,13 +234,13 @@ If you're using libcurl as a win32 DLL, you MUST use a
This option was also known by the older name \fICURLOPT_INFILE\fP, the name This option was also known by the older name \fICURLOPT_INFILE\fP, the name
\fICURLOPT_READDATA\fP was introduced in 7.9.7. \fICURLOPT_READDATA\fP was introduced in 7.9.7.
.IP CURLOPT_IOCTLFUNCTION .IP CURLOPT_IOCTLFUNCTION
Function pointer that should match the \fIcurl_ioctl_callback\fP prototype Pass a pointer to a function that matches the following prototype:
found in \fI<curl/curl.h>\fP. This function gets called by libcurl when \fBcurlioerr function(CURL *handle, int cmd, void *clientp);\fP. This function
something special I/O-related needs to be done that the library can't do by gets called by libcurl when something special I/O-related needs to be done
itself. For now, rewinding the read data stream is the only action it can that the library can't do by itself. For now, rewinding the read data stream
request. The rewinding of the read data stream may be necessary when doing a is the only action it can request. The rewinding of the read data stream may
HTTP PUT or POST with a multi-pass authentication method. (Option added in be necessary when doing a HTTP PUT or POST with a multi-pass authentication
7.12.3). method. (Option added in 7.12.3).
Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking! Use \fICURLOPT_SEEKFUNCTION\fP instead to provide seeking!
.IP CURLOPT_IOCTLDATA .IP CURLOPT_IOCTLDATA
@@ -248,7 +248,7 @@ Pass a pointer that will be untouched by libcurl and passed as the 3rd
argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP. (Option argument in the ioctl callback set with \fICURLOPT_IOCTLFUNCTION\fP. (Option
added in 7.12.3) added in 7.12.3)
.IP CURLOPT_SEEKFUNCTION .IP CURLOPT_SEEKFUNCTION
Function pointer that should match the following prototype: \fIint Pass a pointer to a function that matches the following prototype: \fBint
function(void *instream, curl_off_t offset, int origin);\fP This function gets function(void *instream, curl_off_t offset, int origin);\fP This function gets
called by libcurl to seek to a certain position in the input stream and can be called by libcurl to seek to a certain position in the input stream and can be
used to fast forward a file in a resumed upload (instead of reading all used to fast forward a file in a resumed upload (instead of reading all
@@ -270,18 +270,18 @@ Data pointer to pass to the file seek function. If you use the
\fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If \fICURLOPT_SEEKFUNCTION\fP option, this is the pointer you'll get as input. If
you don't specify a seek callback, NULL is passed. (Option added in 7.18.0) you don't specify a seek callback, NULL is passed. (Option added in 7.18.0)
.IP CURLOPT_SOCKOPTFUNCTION .IP CURLOPT_SOCKOPTFUNCTION
Function pointer that should match the \fIcurl_sockopt_callback\fP prototype Pass a pointer to a function that matches the following prototype: \fBint
found in \fI<curl/curl.h>\fP. This function gets called by libcurl after the function(void *clientp, curl_socket_t curlfd, curlsocktype purpose);\fP. This
socket() call but before the connect() call. The callback's \fIpurpose\fP function gets called by libcurl after the socket() call but before the
argument identifies the exact purpose for this particular socket, and connect() call. The callback's \fIpurpose\fP argument identifies the exact
currently only one value is supported: \fICURLSOCKTYPE_IPCXN\fP for the purpose for this particular socket, and currently only one value is supported:
primary connection (meaning the control connection in the FTP case). Future \fICURLSOCKTYPE_IPCXN\fP for the primary connection (meaning the control
versions of libcurl may support more purposes. It passes the newly created connection in the FTP case). Future versions of libcurl may support more
socket descriptor so additional setsockopt() calls can be done at the user's purposes. It passes the newly created socket descriptor so additional
discretion. Return 0 (zero) from the callback on success. Return 1 from the setsockopt() calls can be done at the user's discretion. Return 0 (zero) from
callback function to signal an unrecoverable error to the library and it will the callback on success. Return 1 from the callback function to signal an
close the socket and return \fICURLE_COULDNT_CONNECT\fP. (Option added in unrecoverable error to the library and it will close the socket and return
7.16.0) \fICURLE_COULDNT_CONNECT\fP. (Option added in 7.16.0)
Added in 7.21.5, the callback function may return Added in 7.21.5, the callback function may return
\fICURL_SOCKOPT_ALREADY_CONNECTED\fP, which tells libcurl that the socket is \fICURL_SOCKOPT_ALREADY_CONNECTED\fP, which tells libcurl that the socket is
@@ -291,20 +291,21 @@ Pass a pointer that will be untouched by libcurl and passed as the first
argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP. argument in the sockopt callback set with \fICURLOPT_SOCKOPTFUNCTION\fP.
(Option added in 7.16.0) (Option added in 7.16.0)
.IP CURLOPT_OPENSOCKETFUNCTION .IP CURLOPT_OPENSOCKETFUNCTION
Function pointer that should match the \fIcurl_opensocket_callback\fP Pass a pointer to a function that matches the following prototype:
prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl \fBcurl_socket_t function(void *clientp, curlsocktype purpose, struct
instead of the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument curl_sockaddr *address);\fP. This function gets called by libcurl instead of
identifies the exact purpose for this particular socket: the \fIsocket(2)\fP call. The callback's \fIpurpose\fP argument identifies the
\fICURLSOCKTYPE_IPCXN\fP is for IP based connections. Future versions of exact purpose for this particular socket: \fICURLSOCKTYPE_IPCXN\fP is for IP
libcurl may support more purposes. It passes the resolved peer address as a based connections. Future versions of libcurl may support more purposes. It
\fIaddress\fP argument so the callback can modify the address or refuse to passes the resolved peer address as a \fIaddress\fP argument so the callback
connect at all. The callback function should return the socket or can modify the address or refuse to connect at all. The callback function
\fICURL_SOCKET_BAD\fP in case no connection should be established or any error should return the socket or \fICURL_SOCKET_BAD\fP in case no connection could
detected. Any additional \fIsetsockopt(2)\fP calls can be done on the socket be established or another error was detected. Any additional
at the user's discretion. \fICURL_SOCKET_BAD\fP return value from the \fIsetsockopt(2)\fP calls can be done on the socket at the user's discretion.
callback function will signal an unrecoverable error to the library and it \fICURL_SOCKET_BAD\fP return value from the callback function will signal an
will return \fICURLE_COULDNT_CONNECT\fP. This return code can be used for IP unrecoverable error to the library and it will return
address blacklisting. The default behavior is: \fICURLE_COULDNT_CONNECT\fP. This return code can be used for IP address
blacklisting. The default behavior is:
.nf .nf
return socket(addr->family, addr->socktype, addr->protocol); return socket(addr->family, addr->socktype, addr->protocol);
.fi .fi
@@ -314,25 +315,26 @@ Pass a pointer that will be untouched by libcurl and passed as the first
argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP. argument in the opensocket callback set with \fICURLOPT_OPENSOCKETFUNCTION\fP.
(Option added in 7.17.1.) (Option added in 7.17.1.)
.IP CURLOPT_CLOSESOCKETFUNCTION .IP CURLOPT_CLOSESOCKETFUNCTION
Function pointer that should match the \fIcurl_closesocket_callback\fP Pass a pointer to a function that matches the following prototype: \fBint
prototype found in \fI<curl/curl.h>\fP. This function gets called by libcurl function(void *clientp, curl_socket_t item);\fP. This function gets called by
instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when sockets are libcurl instead of the \fIclose(3)\fP or \fIclosesocket(3)\fP call when
closed (not for any other file descriptors). This is pretty much the reverse sockets are closed (not for any other file descriptors). This is pretty much
to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal success and the reverse to the \fICURLOPT_OPENSOCKETFUNCTION\fP option. Return 0 to signal
1 if there was an error. (Option added in 7.21.7) success and 1 if there was an error. (Option added in 7.21.7)
.IP CURLOPT_CLOSESOCKETDATA .IP CURLOPT_CLOSESOCKETDATA
Pass a pointer that will be untouched by libcurl and passed as the first Pass a pointer that will be untouched by libcurl and passed as the first
argument in the closesocket callback set with argument in the closesocket callback set with
\fICURLOPT_CLOSESOCKETFUNCTION\fP. (Option added in 7.21.7) \fICURLOPT_CLOSESOCKETFUNCTION\fP. (Option added in 7.21.7)
.IP CURLOPT_PROGRESSFUNCTION .IP CURLOPT_PROGRESSFUNCTION
Function pointer that should match the \fIcurl_progress_callback\fP prototype Pass a pointer to a function that matches the following prototype: \fBint
found in \fI<curl/curl.h>\fP. This function gets called by libcurl instead of function(void *clientp, double dltotal, double dlnow, double ultotal, double
its internal equivalent with a frequent interval during operation (roughly ulnow); \fP. This function gets called by libcurl instead of its internal
once per second or sooner) no matter if data is being transfered or not. equivalent with a frequent interval during operation (roughly once per second
Unknown/unused argument values passed to the callback will be set to zero or sooner) no matter if data is being transferred or not. Unknown/unused
(like if you only download data, the upload size will remain 0). Returning a argument values passed to the callback will be set to zero (like if you only
non-zero value from this callback will cause libcurl to abort the transfer and download data, the upload size will remain 0). Returning a non-zero value from
return \fICURLE_ABORTED_BY_CALLBACK\fP. this callback will cause libcurl to abort the transfer and return
\fICURLE_ABORTED_BY_CALLBACK\fP.
If you transfer data with the multi interface, this function will not be If you transfer data with the multi interface, this function will not be
called during periods of idleness unless you call the appropriate libcurl called during periods of idleness unless you call the appropriate libcurl
@@ -344,14 +346,14 @@ get called.
Pass a pointer that will be untouched by libcurl and passed as the first Pass a pointer that will be untouched by libcurl and passed as the first
argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP. argument in the progress callback set with \fICURLOPT_PROGRESSFUNCTION\fP.
.IP CURLOPT_HEADERFUNCTION .IP CURLOPT_HEADERFUNCTION
Function pointer that should match the following prototype: \fIsize_t Pass a pointer to a function that matches the following prototype:
function( void *ptr, size_t size, size_t nmemb, void *userdata);\fP. This \fBsize_t function( void *ptr, size_t size, size_t nmemb, void
function gets called by libcurl as soon as it has received header data. The *userdata);\fP. This function gets called by libcurl as soon as it has
header callback will be called once for each header and only complete header received header data. The header callback will be called once for each header
lines are passed on to the callback. Parsing headers is very easy using and only complete header lines are passed on to the callback. Parsing headers
this. The size of the data pointed to by \fIptr\fP is \fIsize\fP multiplied is very easy using this. The size of the data pointed to by \fIptr\fP is
with \fInmemb\fP. Do not assume that the header line is zero terminated! The \fIsize\fP multiplied with \fInmemb\fP. Do not assume that the header line is
pointer named \fIuserdata\fP is the one you set with the zero terminated! The pointer named \fIuserdata\fP is the one you set with the
\fICURLOPT_WRITEHEADER\fP option. The callback function must return the number \fICURLOPT_WRITEHEADER\fP option. The callback function must return the number
of bytes actually taken care of. If that amount differs from the amount passed of bytes actually taken care of. If that amount differs from the amount passed
to your function, it'll signal an error to the library. This will abort the to your function, it'll signal an error to the library. This will abort the
@@ -391,7 +393,7 @@ the writing, this must be a valid FILE * as the internal default will then be
a plain fwrite(). See also the \fICURLOPT_HEADERFUNCTION\fP option above on a plain fwrite(). See also the \fICURLOPT_HEADERFUNCTION\fP option above on
how to set a custom get-all-headers callback. how to set a custom get-all-headers callback.
.IP CURLOPT_DEBUGFUNCTION .IP CURLOPT_DEBUGFUNCTION
Function pointer that should match the following prototype: \fIint Pass a pointer to a function that matches the following prototype: \fBint
curl_debug_callback (CURL *, curl_infotype, char *, size_t, void *);\fP curl_debug_callback (CURL *, curl_infotype, char *, size_t, void *);\fP
\fICURLOPT_DEBUGFUNCTION\fP replaces the standard debug function used when \fICURLOPT_DEBUGFUNCTION\fP replaces the standard debug function used when
\fICURLOPT_VERBOSE \fP is in effect. This callback receives debug information, \fICURLOPT_VERBOSE \fP is in effect. This callback receives debug information,
@@ -420,11 +422,11 @@ used by libcurl, it is only passed to the callback.
This option does only function for libcurl powered by OpenSSL. If libcurl was This option does only function for libcurl powered by OpenSSL. If libcurl was
built against another SSL library, this functionality is absent. built against another SSL library, this functionality is absent.
Function pointer that should match the following prototype: \fBCURLcode Pass a pointer to a function that matches the following prototype:
sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function gets called \fBCURLcode sslctxfun(CURL *curl, void *sslctx, void *parm);\fP This function
by libcurl just before the initialization of a SSL connection after having gets called by libcurl just before the initialization of a SSL connection
processed all other SSL related options to give a last chance to an after having processed all other SSL related options to give a last chance to
application to modify the behaviour of openssl's ssl initialization. The an application to modify the behaviour of openssl's ssl initialization. The
\fIsslctx\fP parameter is actually a pointer to an openssl \fISSL_CTX\fP. If \fIsslctx\fP parameter is actually a pointer to an openssl \fISSL_CTX\fP. If
an error is returned no attempt to establish a connection is made and the an error is returned no attempt to establish a connection is made and the
perform operation will return the error code from this callback function. Set perform operation will return the error code from this callback function. Set
@@ -447,8 +449,8 @@ parameter, otherwise \fBNULL\fP. (Added in 7.11.0)
.IP CURLOPT_CONV_TO_NETWORK_FUNCTION .IP CURLOPT_CONV_TO_NETWORK_FUNCTION
.IP CURLOPT_CONV_FROM_NETWORK_FUNCTION .IP CURLOPT_CONV_FROM_NETWORK_FUNCTION
.IP CURLOPT_CONV_FROM_UTF8_FUNCTION .IP CURLOPT_CONV_FROM_UTF8_FUNCTION
Function pointers that should match the following prototype: CURLcode Pass a pointer to a function that matches the following prototype:
function(char *ptr, size_t length); \fBCURLcode function(char *ptr, size_t length);\fP
These three options apply to non-ASCII platforms only. They are available These three options apply to non-ASCII platforms only. They are available
only if \fBCURL_DOES_CONVERSIONS\fP was defined when libcurl was built. When only if \fBCURL_DOES_CONVERSIONS\fP was defined when libcurl was built. When
@@ -490,18 +492,19 @@ follows:
You will need to override these definitions if they are different on your You will need to override these definitions if they are different on your
system. system.
.IP CURLOPT_INTERLEAVEFUNCTION .IP CURLOPT_INTERLEAVEFUNCTION
Function pointer that should match the following prototype: \fIsize_t Pass a pointer to a function that matches the following prototype:
function( void *ptr, size_t size, size_t nmemb, void *userdata)\fP. This \fBsize_t function( void *ptr, size_t size, size_t nmemb, void
function gets called by libcurl as soon as it has received interleaved RTP *userdata)\fP. This function gets called by libcurl as soon as it has received
data. This function gets called for each $ block and therefore contains interleaved RTP data. This function gets called for each $ block and therefore
exactly one upper-layer protocol unit (e.g. one RTP packet). Curl writes the contains exactly one upper-layer protocol unit (e.g. one RTP packet). Curl
interleaved header as well as the included data for each call. The first byte writes the interleaved header as well as the included data for each call. The
is always an ASCII dollar sign. The dollar sign is followed by a one byte first byte is always an ASCII dollar sign. The dollar sign is followed by a
channel identifier and then a 2 byte integer length in network byte order. See one byte channel identifier and then a 2 byte integer length in network byte
\fIRFC 2326 Section 10.12\fP for more information on how RTP interleaving order. See \fIRFC2326 Section 10.12\fP for more information on how RTP
behaves. If unset or set to NULL, curl will use the default write function. interleaving behaves. If unset or set to NULL, curl will use the default write
function.
Interleaved RTP poses some challeneges for the client application. Since the Interleaved RTP poses some challenges for the client application. Since the
stream data is sharing the RTSP control connection, it is critical to service stream data is sharing the RTSP control connection, it is critical to service
the RTP in a timely fashion. If the RTP data is not handled quickly, the RTP in a timely fashion. If the RTP data is not handled quickly,
subsequent response processing may become unreasonably delayed and the subsequent response processing may become unreasonably delayed and the
@@ -515,10 +518,10 @@ This is the userdata pointer that will be passed to
\fICURLOPT_INTERLEAVEFUNCTION\fP when interleaved RTP data is received. (Added \fICURLOPT_INTERLEAVEFUNCTION\fP when interleaved RTP data is received. (Added
in 7.20.0) in 7.20.0)
.IP CURLOPT_CHUNK_BGN_FUNCTION .IP CURLOPT_CHUNK_BGN_FUNCTION
Function pointer that should match the following prototype: \fBlong function Pass a pointer to a function that matches the following prototype:
(const void *transfer_info, void *ptr, int remains)\fP. This function gets \fBlong function (const void *transfer_info, void *ptr, int remains)\fP. This
called by libcurl before a part of the stream is going to be transferred (if function gets called by libcurl before a part of the stream is going to be
the transfer supports chunks). transferred (if the transfer supports chunks).
This callback makes sense only when using the \fICURLOPT_WILDCARDMATCH\fP This callback makes sense only when using the \fICURLOPT_WILDCARDMATCH\fP
option for now. option for now.
@@ -535,9 +538,9 @@ Return \fICURL_CHUNK_BGN_FUNC_OK\fP if everything is fine,
\fICURL_CHUNK_BGN_FUNC_FAIL\fP to tell libcurl to stop if some error occurred. \fICURL_CHUNK_BGN_FUNC_FAIL\fP to tell libcurl to stop if some error occurred.
(This was added in 7.21.0) (This was added in 7.21.0)
.IP CURLOPT_CHUNK_END_FUNCTION .IP CURLOPT_CHUNK_END_FUNCTION
Function pointer that should match the following prototype: \fBlong Pass a pointer to a function that matches the following prototype:
function(void *ptr)\fP. This function gets called by libcurl as soon as a part \fBlong function(void *ptr)\fP. This function gets called by libcurl as soon
of the stream has been transferred (or skipped). as a part of the stream has been transferred (or skipped).
Return \fICURL_CHUNK_END_FUNC_OK\fP if everything is fine or Return \fICURL_CHUNK_END_FUNC_OK\fP if everything is fine or
\fBCURL_CHUNK_END_FUNC_FAIL\fP to tell the lib to stop if some error occurred. \fBCURL_CHUNK_END_FUNC_FAIL\fP to tell the lib to stop if some error occurred.
@@ -547,9 +550,9 @@ Pass a pointer that will be untouched by libcurl and passed as the ptr
argument to the \fICURL_CHUNK_BGN_FUNTION\fP and \fICURL_CHUNK_END_FUNTION\fP. argument to the \fICURL_CHUNK_BGN_FUNTION\fP and \fICURL_CHUNK_END_FUNTION\fP.
(This was added in 7.21.0) (This was added in 7.21.0)
.IP CURLOPT_FNMATCH_FUNCTION .IP CURLOPT_FNMATCH_FUNCTION
Function pointer that should match \fBint function(void *ptr, const char Pass a pointer to a function that matches the following prototype: \fBint
*pattern, const char *string)\fP prototype (see \fIcurl/curl.h\fP). It is used function(void *ptr, const char *pattern, const char *string)\fP prototype (see
internally for the wildcard matching feature. \fIcurl/curl.h\fP). It is used internally for the wildcard matching feature.
Return \fICURL_FNMATCHFUNC_MATCH\fP if pattern matches the string, Return \fICURL_FNMATCHFUNC_MATCH\fP if pattern matches the string,
\fICURL_FNMATCHFUNC_NOMATCH\fP if not or \fICURL_FNMATCHFUNC_FAIL\fP if an \fICURL_FNMATCHFUNC_NOMATCH\fP if not or \fICURL_FNMATCHFUNC_FAIL\fP if an
@@ -563,11 +566,11 @@ Pass a char * to a buffer that the libcurl may store human readable error
messages in. This may be more helpful than just the return code from messages in. This may be more helpful than just the return code from
\fIcurl_easy_perform\fP. The buffer must be at least CURL_ERROR_SIZE big. \fIcurl_easy_perform\fP. The buffer must be at least CURL_ERROR_SIZE big.
Although this argument is a 'char *', it does not describe an input string. Although this argument is a 'char *', it does not describe an input string.
Therefore the (probably undefined) contents of the buffer is NOT copied Therefore the (probably undefined) contents of the buffer is NOT copied by the
by the library. You should keep the associated storage available until library. You must keep the associated storage available until libcurl no
libcurl no longer needs it. Failing to do so will cause very odd behavior longer needs it. Failing to do so will cause very odd behavior or even
or even crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP crashes. libcurl will need it until you call \fIcurl_easy_cleanup(3)\fP or you
or you set the same option again to use a different pointer. set the same option again to use a different pointer.
Use \fICURLOPT_VERBOSE\fP and \fICURLOPT_DEBUGFUNCTION\fP to better Use \fICURLOPT_VERBOSE\fP and \fICURLOPT_DEBUGFUNCTION\fP to better
debug/trace why errors happen. debug/trace why errors happen.
@@ -592,13 +595,13 @@ detected, like when a "100-continue" is received as a response to a
POST/PUT and a 401 or 407 is received immediately afterwards. POST/PUT and a 401 or 407 is received immediately afterwards.
.SH NETWORK OPTIONS .SH NETWORK OPTIONS
.IP CURLOPT_URL .IP CURLOPT_URL
The actual URL to deal with. The parameter should be a char * to a zero Pass in a pointer to the actual URL to deal with. The parameter should be a
terminated string which must be URL-encoded in the following format: char * to a zero terminated string which must be URL-encoded in the following
format:
scheme://host:port/path scheme://host:port/path
For a greater explanation of the format please see RFC 3986 For a greater explanation of the format please see RFC3986.
(http://curl.haxx.se/rfc/rfc3986.txt).
If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://" If the given URL lacks the scheme, or protocol, part ("http://" or "ftp://"
etc), libcurl will attempt to resolve which protocol to use based on the etc), libcurl will attempt to resolve which protocol to use based on the
@@ -626,18 +629,20 @@ authentication.
For example the following types of authentication support this: For example the following types of authentication support this:
http://user:password@www.domain.com http://user:password@www.example.com
ftp://user:password@ftp.domain.com
pop3://user:password@mail.domain.com ftp://user:password@ftp.example.com
pop3://user:password@mail.example.com
The port is optional and when not specified libcurl will use the default port The port is optional and when not specified libcurl will use the default port
based on the determined or specified protocol: 80 for http, 21 for ftp and 25 based on the determined or specified protocol: 80 for HTTP, 21 for FTP and 25
for smtp, etc. The following examples show how to specify the port: for SMTP, etc. The following examples show how to specify the port:
http://www.weirdserver.com:8080/ - This will connect to a web server using http://www.example.com:8080/ - This will connect to a web server using port
port 8080. 8080 rather than 80.
smtp://mail.domain.com:587/ - This will connect to a smtp server on the smtp://mail.example.com:587/ - This will connect to a SMTP server on the
alternative mail port. alternative mail port.
The path part of the URL is protocol specific and whilst some examples are The path part of the URL is protocol specific and whilst some examples are
@@ -652,13 +657,12 @@ retrieved for either the directory specified or the root directory. The
exact resource returned for each URL is entirely dependent on the server's exact resource returned for each URL is entirely dependent on the server's
configuration. configuration.
http://www.netscape.com - This gets the main page (index.html in this http://www.example.com - This gets the main page from the web server.
example) from Netscape's web server.
http://www.netscape.com/index.html - This returns the main page from Netscape http://www.example.com/index.html - This returns the main page by explicitly
by specifying the page to get. requesting it.
http://www.netscape.com/contactus/ - This returns the default document from http://www.example.com/contactus/ - This returns the default document from
the contactus directory. the contactus directory.
.B FTP .B FTP
@@ -668,15 +672,16 @@ directory. If the file part is omitted then libcurl downloads the directory
listing for the directory specified. If the directory is omitted then listing for the directory specified. If the directory is omitted then
the directory listing for the root / home directory will be returned. the directory listing for the root / home directory will be returned.
ftp://cool.haxx.se - This retrieves the directory listing for our FTP server. ftp://ftp.example.com - This retrieves the directory listing for the root
directory.
ftp://cool.haxx.se/readme.txt - This downloads the file readme.txt from the ftp://ftp.example.com/readme.txt - This downloads the file readme.txt from the
root directory. root directory.
ftp://cool.haxx.se/libcurl/readme.txt - This downloads readme.txt from the ftp://ftp.example.com/libcurl/readme.txt - This downloads readme.txt from the
libcurl directory. libcurl directory.
ftp://user:password@my.example.com/readme.txt - This retrieves the readme.txt ftp://user:password@ftp.example.com/readme.txt - This retrieves the readme.txt
file from the user's home directory. When a username and password is file from the user's home directory. When a username and password is
specified, everything that is specified in the path part is relative to the specified, everything that is specified in the path part is relative to the
user's home directory. To retrieve files from the root directory or a user's home directory. To retrieve files from the root directory or a
@@ -684,7 +689,7 @@ directory underneath the root directory then the absolute path must be
specified by prepending an additional forward slash to the beginning of the specified by prepending an additional forward slash to the beginning of the
path. path.
ftp://user:password@my.example.com//readme.txt - This retrieves the readme.txt ftp://user:password@ftp.example.com//readme.txt - This retrieves the readme.txt
from the root directory when logging in as a specified user. from the root directory when logging in as a specified user.
.B SMTP .B SMTP
@@ -697,11 +702,11 @@ and specifying this path allows you to set an alternative name, such as
your machine's fully qualified domain name, which you might have obtained your machine's fully qualified domain name, which you might have obtained
from an external function such as gethostname or getaddrinfo. from an external function such as gethostname or getaddrinfo.
smtp://mail.domain.com - This connects to the mail server at domain.com and smtp://mail.example.com - This connects to the mail server at example.com and
sends your local computer's host name in the HELO / EHLO command. sends your local computer's host name in the HELO / EHLO command.
smtp://mail.domain.com/client.domain.com - This will send client.domain.com in smtp://mail.example.com/client.example.com - This will send client.example.com in
the HELO / EHLO command to the mail server at domain.com. the HELO / EHLO command to the mail server at example.com.
.B POP3 .B POP3
@@ -709,8 +714,8 @@ The path part of a POP3 request specifies the mailbox (message) to retrieve.
If the mailbox is not specified then a list of waiting messages is returned If the mailbox is not specified then a list of waiting messages is returned
instead. instead.
pop3://user:password@mail.domain.com - This lists the available messages pop3://user:password@mail.example.com - This lists the available messages
pop3://user:password@mail.domain.com/1 - This retrieves the first message pop3://user:password@mail.example.com/1 - This retrieves the first message
.B SCP .B SCP
@@ -745,6 +750,26 @@ user's home directory
sftp://ssh.example.com/~/Documents/ - This requests a directory listing sftp://ssh.example.com/~/Documents/ - This requests a directory listing
of the Documents directory under the user's home directory of the Documents directory under the user's home directory
.B LDAP
The path part of a LDAP request can be used to specify the: Distinguished
Name, Attributes, Scope, Filter and Extension for a LDAP search. Each field
is separated by a question mark and when that field is not required an empty
string with the question mark separator should be included.
ldap://ldap.example.com/o=My%20Organisation - This will perform a LDAP search
with the DN as My Organisation.
ldap://ldap.example.com/o=My%20Organisation?postalAddress - This will perform
the same search but will only return postalAddress attributes.
ldap://ldap.example.com/?rootDomainNamingContext - This specifies an empty DN
and requests information about the rootDomainNamingContext attribute for an
Active Directory server.
For more information about the individual components of a LDAP URL please
see RFC4516.
.B NOTES .B NOTES
Starting with version 7.20.0, the fragment part of the URI will not be sent as Starting with version 7.20.0, the fragment part of the URI will not be sent as
@@ -820,13 +845,14 @@ affect how libcurl speaks to a proxy when CONNECT is used. The HTTP version
used for "regular" HTTP requests is instead controlled with used for "regular" HTTP requests is instead controlled with
\fICURLOPT_HTTP_VERSION\fP. \fICURLOPT_HTTP_VERSION\fP.
.IP CURLOPT_NOPROXY .IP CURLOPT_NOPROXY
Pass a pointer to a zero terminated string. This should be a comma separated Pass a pointer to a zero terminated string. The string consists of a comma
list of hosts which do not use a proxy, if one is specified. The only separated list of host names that do not require a proxy to get reached, even
wildcard is a single * character, which matches all hosts, and effectively if one is specified. The only wildcard available is a single * character,
disables the proxy. Each name in this list is matched as either a domain which which matches all hosts, and effectively disables the proxy. Each name in this
contains the hostname, or the hostname itself. For example, local.com would list is matched as either a domain which contains the hostname, or the
match local.com, local.com:80, and www.local.com, but not www.notlocal.com. hostname itself. For example, example.com would match example.com,
(Added in 7.19.4) example.com:80, and www.example.com, but not www.notanexample.com. (Added in
7.19.4)
.IP CURLOPT_HTTPPROXYTUNNEL .IP CURLOPT_HTTPPROXYTUNNEL
Set the parameter to 1 to make the library tunnel all operations through a Set the parameter to 1 to make the library tunnel all operations through a
given HTTP proxy. There is a big difference between using a proxy and to given HTTP proxy. There is a big difference between using a proxy and to
@@ -838,7 +864,7 @@ default service name for a SOCKS5 server is rcmd/server-fqdn. This option
allows you to change it. (Added in 7.19.4) allows you to change it. (Added in 7.19.4)
.IP CURLOPT_SOCKS5_GSSAPI_NEC .IP CURLOPT_SOCKS5_GSSAPI_NEC
Pass a long set to 1 to enable or 0 to disable. As part of the gssapi Pass a long set to 1 to enable or 0 to disable. As part of the gssapi
negotiation a protection mode is negotiated. The rfc1961 says in section negotiation a protection mode is negotiated. The RFC1961 says in section
4.3/4.4 it should be protected, but the NEC reference implementation does not. 4.3/4.4 it should be protected, but the NEC reference implementation does not.
If enabled, this option allows the unprotected exchange of the protection mode If enabled, this option allows the unprotected exchange of the protection mode
negotiation. (Added in 7.19.4). negotiation. (Added in 7.19.4).
@@ -861,7 +887,7 @@ connection. This can be used in combination with \fICURLOPT_INTERFACE\fP and
you are recommended to use \fICURLOPT_LOCALPORTRANGE\fP as well when this is you are recommended to use \fICURLOPT_LOCALPORTRANGE\fP as well when this is
set. Valid port numbers are 1 - 65535. (Added in 7.15.2) set. Valid port numbers are 1 - 65535. (Added in 7.15.2)
.IP CURLOPT_LOCALPORTRANGE .IP CURLOPT_LOCALPORTRANGE
Pass a long. This is the number of attempts libcurl should make to find a Pass a long. This is the number of attempts libcurl will make to find a
working local port number. It starts with the given \fICURLOPT_LOCALPORT\fP working local port number. It starts with the given \fICURLOPT_LOCALPORT\fP
and adds one to the number for each retry. Setting this to 1 or below will and adds one to the number for each retry. Setting this to 1 or below will
make libcurl do only one try for the exact port number. Port numbers by nature make libcurl do only one try for the exact port number. Port numbers by nature
@@ -900,21 +926,20 @@ only makes sense to use this option if you want it smaller.
Pass a long specifying what remote port number to connect to, instead of the Pass a long specifying what remote port number to connect to, instead of the
one specified in the URL or the default port for the used protocol. one specified in the URL or the default port for the used protocol.
.IP CURLOPT_TCP_NODELAY .IP CURLOPT_TCP_NODELAY
Pass a long specifying whether the TCP_NODELAY option should be set or Pass a long specifying whether the TCP_NODELAY option is to be set or cleared
cleared (1 = set, 0 = clear). The option is cleared by default. This (1 = set, 0 = clear). The option is cleared by default. This will have no
will have no effect after the connection has been established. effect after the connection has been established.
Setting this option will disable TCP's Nagle algorithm. The purpose of Setting this option will disable TCP's Nagle algorithm. The purpose of this
this algorithm is to try to minimize the number of small packets on algorithm is to try to minimize the number of small packets on the network
the network (where "small packets" means TCP segments less than the (where "small packets" means TCP segments less than the Maximum Segment Size
Maximum Segment Size (MSS) for the network). (MSS) for the network).
Maximizing the amount of data sent per TCP segment is good because it Maximizing the amount of data sent per TCP segment is good because it
amortizes the overhead of the send. However, in some cases (most amortizes the overhead of the send. However, in some cases (most notably
notably telnet or rlogin) small segments may need to be sent telnet or rlogin) small segments may need to be sent without delay. This is
without delay. This is less efficient than sending larger amounts of less efficient than sending larger amounts of data at a time, and can
data at a time, and can contribute to congestion on the network if contribute to congestion on the network if overdone.
overdone.
.IP CURLOPT_ADDRESS_SCOPE .IP CURLOPT_ADDRESS_SCOPE
Pass a long specifying the scope_id value to use when connecting to IPv6 Pass a long specifying the scope_id value to use when connecting to IPv6
link-local or site-local addresses. (Added in 7.19.0) link-local or site-local addresses. (Added in 7.19.0)
@@ -1099,7 +1124,7 @@ authentication method(s) you want it to use for TLS authentication.
.RS .RS
.IP CURLOPT_TLSAUTH_SRP .IP CURLOPT_TLSAUTH_SRP
TLS-SRP authentication. Secure Remote Password authentication for TLS is TLS-SRP authentication. Secure Remote Password authentication for TLS is
defined in RFC 5054 and provides mutual authentication if both sides have a defined in RFC5054 and provides mutual authentication if both sides have a
shared secret. To use TLS-SRP, you must also set the shared secret. To use TLS-SRP, you must also set the
\fICURLOPT_TLSAUTH_USERNAME\fP and \fICURLOPT_TLSAUTH_PASSWORD\fP options. \fICURLOPT_TLSAUTH_USERNAME\fP and \fICURLOPT_TLSAUTH_PASSWORD\fP options.
@@ -1148,8 +1173,8 @@ the server is ignored. See the special file lib/README.encoding for details.
.IP CURLOPT_TRANSFER_ENCODING .IP CURLOPT_TRANSFER_ENCODING
Adds a request for compressed Transfer Encoding in the outgoing HTTP Adds a request for compressed Transfer Encoding in the outgoing HTTP
request. If the server supports this and so desires, it can respond with the request. If the server supports this and so desires, it can respond with the
HTTP resonse sent using a compressed Transfer-Encoding that will be HTTP response sent using a compressed Transfer-Encoding that will be
automatically uncompressed by libcurl on receival. automatically uncompressed by libcurl on reception.
Transfer-Encoding differs slightly from the Content-Encoding you ask for with Transfer-Encoding differs slightly from the Content-Encoding you ask for with
\fBCURLOPT_ACCEPT_ENCODING\fP in that a Transfer-Encoding is strictly meant to \fBCURLOPT_ACCEPT_ENCODING\fP in that a Transfer-Encoding is strictly meant to
@@ -1184,19 +1209,19 @@ an infinite number of redirects (which is the default)
.IP CURLOPT_POSTREDIR .IP CURLOPT_POSTREDIR
Pass a bitmask to control how libcurl acts on redirects after POSTs that get a Pass a bitmask to control how libcurl acts on redirects after POSTs that get a
301, 302 or 303 response back. A parameter with bit 0 set (value 301, 302 or 303 response back. A parameter with bit 0 set (value
\fBCURL_REDIR_POST_301\fP) tells the library to respect RFC 2616/10.3.2 and \fBCURL_REDIR_POST_301\fP) tells the library to respect RFC2616/10.3.2 and not
not convert POST requests into GET requests when following a 301 convert POST requests into GET requests when following a 301 redirection.
redirection. Setting bit 1 (value CURL_REDIR_POST_302) makes libcurl maintain Setting bit 1 (value \fBCURL_REDIR_POST_302\fP) makes libcurl maintain the
the request method after a 302 redirect. Setting bit 2 (value request method after a 302 redirect whilst setting bit 2 (value
\fBCURL_REDIR_POST_303) makes libcurl maintain the request method after a 302 \fBCURL_REDIR_POST_303\fP) makes libcurl maintain the request method after a
redirect. CURL_REDIR_POST_ALL is a convenience define that sets both bits. 303 redirect. The value \fBCURL_REDIR_POST_ALL\fP is a convenience define that
sets all three bits.
The non-RFC behaviour is ubiquitous in web browsers, so the library does the The non-RFC behaviour is ubiquitous in web browsers, so the library does the
conversion by default to maintain consistency. However, a server may require a conversion by default to maintain consistency. However, a server may require a
POST to remain a POST after such a redirection. This option is meaningful only POST to remain a POST after such a redirection. This option is meaningful only
when setting \fICURLOPT_FOLLOWLOCATION\fP. (Added in 7.17.1) (This option was when setting \fICURLOPT_FOLLOWLOCATION\fP. (Added in 7.17.1) (This option was
known as CURLOPT_POST301 up to 7.19.0 as it only supported the 301 way before known as CURLOPT_POST301 up to 7.19.0 as it only supported the 301 then)
then)
.IP CURLOPT_PUT .IP CURLOPT_PUT
A parameter set to 1 tells the library to use HTTP PUT to transfer data. The A parameter set to 1 tells the library to use HTTP PUT to transfer data. The
data should be set with \fICURLOPT_READDATA\fP and \fICURLOPT_INFILESIZE\fP. data should be set with \fICURLOPT_READDATA\fP and \fICURLOPT_INFILESIZE\fP.
@@ -1487,16 +1512,16 @@ should be used for this parameter.
Unlike CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT, the address should not be Unlike CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT, the address should not be
specified within a pair of angled brackets (<>). However, if an empty string specified within a pair of angled brackets (<>). However, if an empty string
is used then a pair of brackets will be sent by libcurl as required by is used then a pair of brackets will be sent by libcurl as required by
RFC-2554. RFC2554.
(Added in 7.24.0) (Added in 7.25.0)
.SH TFTP OPTIONS .SH TFTP OPTIONS
.IP CURLOPT_TFTP_BLKSIZE .IP CURLOPT_TFTP_BLKSIZE
Specify block size to use for TFTP data transmission. Valid range as per RFC Specify block size to use for TFTP data transmission. Valid range as per
2348 is 8-65464 bytes. The default of 512 bytes will be used if this option is RFC2348 is 8-65464 bytes. The default of 512 bytes will be used if this option
not specified. The specified block size will only be used pending support by is not specified. The specified block size will only be used pending support
the remote server. If the server does not return an option acknowledgement or by the remote server. If the server does not return an option acknowledgement
returns an option acknowledgement with no blksize, the default of 512 bytes or returns an option acknowledgement with no blksize, the default of 512 bytes
will be used. (added in 7.19.4) will be used. (added in 7.19.4)
.SH FTP OPTIONS .SH FTP OPTIONS
.IP CURLOPT_FTPPORT .IP CURLOPT_FTPPORT
@@ -1611,7 +1636,7 @@ already exists or lack of permissions prevents creation. (Added in 7.16.3)
Starting with 7.19.4, you can also set this value to 2, which will make Starting with 7.19.4, you can also set this value to 2, which will make
libcurl retry the CWD command again if the subsequent MKD command fails. This libcurl retry the CWD command again if the subsequent MKD command fails. This
is especially useful if you're doing many simultanoes connections against the is especially useful if you're doing many simultaneous connections against the
same server and they all have this option enabled, as then CWD may first fail same server and they all have this option enabled, as then CWD may first fail
but then another connection does MKD before this connection and thus MKD fails but then another connection does MKD before this connection and thus MKD fails
but trying CWD works! 7.19.4 also introduced the \fICURLFTP_CREATE_DIR\fP and but trying CWD works! 7.19.4 also introduced the \fICURLFTP_CREATE_DIR\fP and
@@ -1698,7 +1723,7 @@ initialized. (Added in 7.20.0)
.RS .RS
.IP CURL_RTSPREQ_OPTIONS .IP CURL_RTSPREQ_OPTIONS
Used to retrieve the available methods of the server. The application is Used to retrieve the available methods of the server. The application is
responsbile for parsing and obeying the response. \fB(The session ID is not responsible for parsing and obeying the response. \fB(The session ID is not
needed for this method.)\fP (Added in 7.20.0) needed for this method.)\fP (Added in 7.20.0)
.IP CURL_RTSPREQ_DESCRIBE .IP CURL_RTSPREQ_DESCRIBE
Used to get the low level description of a stream. The application should note Used to get the low level description of a stream. The application should note
@@ -1821,7 +1846,7 @@ want. It should be in the format "X-Y", where X or Y may be left out. HTTP
transfers also support several intervals, separated with commas as in transfers also support several intervals, separated with commas as in
\fI"X-Y,N-M"\fP. Using this kind of multiple intervals will cause the HTTP \fI"X-Y,N-M"\fP. Using this kind of multiple intervals will cause the HTTP
server to send the response document in pieces (using standard MIME separation server to send the response document in pieces (using standard MIME separation
techniques). For RTSP, the formatting of a range should follow RFC 2326 techniques). For RTSP, the formatting of a range should follow RFC2326
Section 12.29. For RTSP, byte ranges are \fBnot\fP permitted. Instead, ranges Section 12.29. For RTSP, byte ranges are \fBnot\fP permitted. Instead, ranges
should be given in npt, utc, or smpte formats. should be given in npt, utc, or smpte formats.
@@ -1858,12 +1883,18 @@ something, you don't actually change how libcurl behaves or acts in regards
to the particular request method, it will only change the actual string sent to the particular request method, it will only change the actual string sent
in the request. in the request.
For example: if you tell libcurl to do a HEAD request, but then change the For example:
request to a "GET" with \fBCURLOPT_CUSTOMREQUEST\fP you'll still see libcurl
act as if it sent a HEAD even when it does send a GET.
To switch to a proper HEAD, use \fICURLOPT_NOBODY\fP, to switch to a proper With the HTTP protocol when you tell libcurl to do a HEAD request, but then
POST, use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and so on. specify a GET though a custom request libcurl will still act as if it sent a
HEAD. To switch to a proper HEAD use \fICURLOPT_NOBODY\fP, to switch to a
proper POST use \fICURLOPT_POST\fP or \fICURLOPT_POSTFIELDS\fP and to switch
to a proper GET use CURLOPT_HTTPGET.
With the POP3 protocol when you tell libcurl to use a custom request it will
behave like a LIST or RETR command was sent where it expects data to be
returned by the server. As such \fICURLOPT_NOBODY\fP should be used when
specifying commands such as DELE and NOOP for example.
Restore to the internal default by setting this to NULL. Restore to the internal default by setting this to NULL.
@@ -2348,7 +2379,7 @@ require you to disable this in order for you to succeed. (Added in 7.16.0)
Pass a long with a bitmask to tell libcurl about specific SSL behaviors. Pass a long with a bitmask to tell libcurl about specific SSL behaviors.
CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user CURLSSLOPT_ALLOW_BEAST is the only supported bit and by setting this the user
will tell libcurl to not attempt to use any work-arounds for a security flaw will tell libcurl to not attempt to use any workarounds for a security flaw
in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is in the SSL3 and TLS1.0 protocols. If this option isn't used or this bit is
set to 0, the SSL layer libcurl uses may use a work-around for this flaw set to 0, the SSL layer libcurl uses may use a work-around for this flaw
although it might cause interoperability problems with some (older) SSL although it might cause interoperability problems with some (older) SSL

View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@@ -66,6 +66,10 @@ Initialize the Win32 socket libraries.
.TP .TP
.B CURL_GLOBAL_NOTHING .B CURL_GLOBAL_NOTHING
Initialise nothing extra. This sets no bit. Initialise nothing extra. This sets no bit.
.TP
.B CURL_GLOBAL_DEFAULT
A sensible default. It will init both SSL and Win32. Right now, this equals
the functionality of the \fBCURL_GLOBAL_ALL\fP mask.
.SH RETURN VALUE .SH RETURN VALUE
If this function returns non-zero, something went wrong and you cannot use the If this function returns non-zero, something went wrong and you cannot use the
other curl functions. other curl functions.

View File

@@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___ .\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____| .\" * \___|\___/|_| \_\_____|
.\" * .\" *
.\" * Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * .\" *
.\" * This software is licensed as described in the file COPYING, which .\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms .\" * you should have received as part of this distribution. The terms
@@ -132,8 +132,8 @@ timeout value to use when waiting for socket activities.
them for activity. This can be done through your application code, or by way them for activity. This can be done through your application code, or by way
of an external library such as libevent or glib. of an external library such as libevent or glib.
6. Call curl_multi_socket_action() to kickstart everything. To get one or more 6. Call curl_multi_socket_action(...CURL_SOCKET_TIMEOUT...) to kickstart
callbacks called. everything. To get one or more callbacks called.
7. Wait for activity on any of libcurl's sockets, use the timeout value your 7. Wait for activity on any of libcurl's sockets, use the timeout value your
callback has been told callback has been told

View File

@@ -65,7 +65,7 @@ object. Note that when you use the multi interface, all easy handles added to
the same multi handle will share DNS cache by default without this having to the same multi handle will share DNS cache by default without this having to
be used! be used!
.IP CURL_LOCK_DATA_SSL_SESSION .IP CURL_LOCK_DATA_SSL_SESSION
SSL session IDs will be shared accross the easy handles using this shared SSL session IDs will be shared across the easy handles using this shared
object. This will reduce the time spent in the SSL handshake when reconnecting object. This will reduce the time spent in the SSL handshake when reconnecting
to the same server. Note SSL session IDs are reused within the same easy handle to the same server. Note SSL session IDs are reused within the same easy handle
by default. by default.

View File

@@ -248,7 +248,10 @@ This is the generic return code used by functions in the libcurl multi
interface. Also consider \fIcurl_multi_strerror(3)\fP. interface. Also consider \fIcurl_multi_strerror(3)\fP.
.IP "CURLM_CALL_MULTI_PERFORM (-1)" .IP "CURLM_CALL_MULTI_PERFORM (-1)"
This is not really an error. It means you should call This is not really an error. It means you should call
\fIcurl_multi_perform(3)\fP again without doing select() or similar in between. \fIcurl_multi_perform(3)\fP again without doing select() or similar in
between. Before version 7.20.0 this could be returned by
\fIcurl_multi_perform(3)\fP, but in later versions this return code is never
used.
.IP "CURLM_OK (0)" .IP "CURLM_OK (0)"
Things are fine. Things are fine.
.IP "CURLM_BAD_HANDLE (1)" .IP "CURLM_BAD_HANDLE (1)"
@@ -282,5 +285,5 @@ An invalid share object was passed to the function.
Not enough memory was available. Not enough memory was available.
(Added in 7.12.0) (Added in 7.12.0)
.IP "CURLSHE_NOT_BUILT_IN (5)" .IP "CURLSHE_NOT_BUILT_IN (5)"
The requsted sharing could not be done because the library you use don't have The requested sharing could not be done because the library you use don't have
that particular feature enabled. (Added in 7.23.0) that particular feature enabled. (Added in 7.23.0)

View File

@@ -30,12 +30,12 @@
/* This is the version number of the libcurl package from which this header /* This is the version number of the libcurl package from which this header
file origins: */ file origins: */
#define LIBCURL_VERSION "7.26.0-DEV" #define LIBCURL_VERSION "7.27.0-DEV"
/* The numeric version number is also available "in parts" by using these /* The numeric version number is also available "in parts" by using these
defines: */ defines: */
#define LIBCURL_VERSION_MAJOR 7 #define LIBCURL_VERSION_MAJOR 7
#define LIBCURL_VERSION_MINOR 26 #define LIBCURL_VERSION_MINOR 27
#define LIBCURL_VERSION_PATCH 0 #define LIBCURL_VERSION_PATCH 0
/* This is the numeric version of the libcurl version number, meant for easier /* This is the numeric version of the libcurl version number, meant for easier
@@ -53,7 +53,7 @@
and it is always a greater number in a more recent release. It makes and it is always a greater number in a more recent release. It makes
comparisons with greater than and less than work. comparisons with greater than and less than work.
*/ */
#define LIBCURL_VERSION_NUM 0x071A00 #define LIBCURL_VERSION_NUM 0x071B00
/* /*
* This is the date and time when the full source package was created. The * This is the date and time when the full source package was created. The

4
lib/.gitignore vendored
View File

@@ -11,3 +11,7 @@ libcurl.vcproj
vc6libcurl.dsp vc6libcurl.dsp
Makefile.vc10.dist Makefile.vc10.dist
libcurl.vers libcurl.vers
*.a
*.res
*.imp
*.nlm

View File

@@ -30,14 +30,14 @@ DOCS = README.encoding README.memoryleak README.ares README.curlx \
CMAKE_DIST = CMakeLists.txt curl_config.h.cmake CMAKE_DIST = CMakeLists.txt curl_config.h.cmake
EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP) \ EXTRA_DIST = Makefile.b32 Makefile.m32 Makefile.vc6 $(DSP) \
vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h \ vc6libcurl.dsw config-win32.h config-win32ce.h config-riscos.h \
config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist \ config-mac.h curl_config.h.in makefile.dj config-dos.h libcurl.plist \
libcurl.rc config-amigaos.h makefile.amiga \ libcurl.rc config-amigaos.h makefile.amiga \
Makefile.netware nwlib.c nwos.c libcurl.imp msvcproj.head msvcproj.foot \ Makefile.netware nwlib.c nwos.c msvcproj.head msvcproj.foot \
config-win32ce.h config-os400.h setup-os400.h config-symbian.h \ config-win32ce.h config-os400.h setup-os400.h config-symbian.h \
Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl \ Makefile.Watcom config-tpf.h $(DOCS) $(VCPROJ) mk-ca-bundle.pl \
mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h \ mk-ca-bundle.vbs firefox-db2pem.sh $(CMAKE_DIST) config-vxworks.h \
Makefile.vxworks config-vms.h checksrc.pl Makefile.vxworks config-vms.h checksrc.pl
CLEANFILES = $(DSP) $(VCPROJ) CLEANFILES = $(DSP) $(VCPROJ)

View File

@@ -23,7 +23,8 @@ CSOURCES = file.c timeval.c base64.c hostip.c progress.c formdata.c \
curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \ curl_rtmp.c openldap.c curl_gethostname.c gopher.c axtls.c \
idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \ idn_win32.c http_negotiate_sspi.c cyassl.c http_proxy.c non-ascii.c \
asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \ asyn-ares.c asyn-thread.c curl_gssapi.c curl_ntlm.c curl_ntlm_wb.c \
curl_ntlm_core.c curl_ntlm_msgs.c curl_ntlm_core.c curl_ntlm_msgs.c curl_sasl.c curl_schannel.c \
curl_multibyte.c curl_darwinssl.c
HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \ progress.h formdata.h cookie.h http.h sendf.h ftp.h url.h dict.h \
@@ -38,5 +39,6 @@ HHEADERS = arpa_telnet.h netrc.h file.h timeval.h qssl.h hostip.h \
curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \ curl_base64.h rawstr.h curl_addrinfo.h curl_sspi.h slist.h nonblock.h \
curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \ curl_memrchr.h imap.h pop3.h smtp.h pingpong.h rtsp.h curl_threads.h \
warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \ warnless.h curl_hmac.h polarssl.h curl_rtmp.h curl_gethostname.h \
gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \ gopher.h axtls.h cyassl.h http_proxy.h non-ascii.h asyn.h curl_ntlm.h \
curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h curl_gssapi.h curl_ntlm_wb.h curl_ntlm_core.h curl_ntlm_msgs.h \
curl_sasl.h curl_schannel.h curl_multibyte.h curl_darwinssl.h

View File

@@ -20,15 +20,6 @@ endif
ifndef OPENSSL_PATH ifndef OPENSSL_PATH
OPENSSL_PATH = ../../openssl-0.9.8x OPENSSL_PATH = ../../openssl-0.9.8x
endif endif
ifndef OPENSSL_INCLUDE
OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
endif
ifndef OPENSSL_LIBPATH
OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
endif
ifndef OPENSSL_LIBS
OPENSSL_LIBS = -leay32 -lssl32
endif
# Edit the path below to point to the base of your LibSSH2 package. # Edit the path below to point to the base of your LibSSH2 package.
ifndef LIBSSH2_PATH ifndef LIBSSH2_PATH
LIBSSH2_PATH = ../../libssh2-1.4.2 LIBSSH2_PATH = ../../libssh2-1.4.2
@@ -64,22 +55,47 @@ ifndef ARCH
ARCH = w32 ARCH = w32
endif endif
CC = gcc CC = $(CROSSPREFIX)gcc
CFLAGS = -g -O2 -Wall CFLAGS = -g -O2 -Wall
CFLAGS += -fno-strict-aliasing CFLAGS += -fno-strict-aliasing
ifeq ($(ARCH),w64) ifeq ($(ARCH),w64)
CFLAGS += -D_AMD64_ CFLAGS += -D_AMD64_
endif endif
# comment LDFLAGS below to keep debug info # comment LDFLAGS below to keep debug info
LDFLAGS = -s LDFLAGS = -s
AR = ar AR = $(CROSSPREFIX)ar
RANLIB = ranlib RANLIB = $(CROSSPREFIX)ranlib
RC = windres RC = $(CROSSPREFIX)windres
RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i RCFLAGS = --include-dir=$(PROOT)/include -DDEBUGBUILD=0 -O COFF -i
STRIP = strip -g STRIP = $(CROSSPREFIX)strip -g
RM = del /q /f 2>NUL # Platform-dependent helper tool macros
CP = copy ifeq ($(findstring /sh,$(SHELL)),/sh)
DEL = rm -f $1
RMDIR = rm -fr $1
MKDIR = mkdir -p $1
COPY = -cp -afv $1 $2
#COPYR = -cp -afr $1/* $2
COPYR = -rsync -aC $1/* $2
TOUCH = touch $1
CAT = cat
ECHONL = echo ""
DL = '
else
ifeq "$(OS)" "Windows_NT"
DEL = -del 2>NUL /q /f $(subst /,\,$1)
RMDIR = -rd 2>NUL /q /s $(subst /,\,$1)
else
DEL = -del 2>NUL $(subst /,\,$1)
RMDIR = -deltree 2>NUL /y $(subst /,\,$1)
endif
MKDIR = -md 2>NUL $(subst /,\,$1)
COPY = -copy 2>NUL /y $(subst /,\,$1) $(subst /,\,$2)
COPYR = -xcopy 2>NUL /q /y /e $(subst /,\,$1) $(subst /,\,$2)
TOUCH = copy 2>&1>NUL /b $(subst /,\,$1) +,,
CAT = type
ECHONL = $(ComSpec) /c echo.
endif
######################################################## ########################################################
## Nothing more to do below this line! ## Nothing more to do below this line!
@@ -103,6 +119,9 @@ endif
ifeq ($(findstring -ssl,$(CFG)),-ssl) ifeq ($(findstring -ssl,$(CFG)),-ssl)
SSL = 1 SSL = 1
endif endif
ifeq ($(findstring -srp,$(CFG)),-srp)
SRP = 1
endif
ifeq ($(findstring -zlib,$(CFG)),-zlib) ifeq ($(findstring -zlib,$(CFG)),-zlib)
ZLIB = 1 ZLIB = 1
endif endif
@@ -124,6 +143,10 @@ endif
ifeq ($(findstring -ipv6,$(CFG)),-ipv6) ifeq ($(findstring -ipv6,$(CFG)),-ipv6)
IPV6 = 1 IPV6 = 1
endif endif
ifeq ($(findstring -winssl,$(CFG)),-winssl)
WINSSL = 1
SSPI = 1
endif
INCLUDES = -I. -I../include INCLUDES = -I. -I../include
CFLAGS += -DBUILDING_LIBCURL CFLAGS += -DBUILDING_LIBCURL
@@ -145,11 +168,37 @@ ifdef SSH2
DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2 DLL_LIBS += -L"$(LIBSSH2_PATH)/win32" -lssh2
endif endif
ifdef SSL ifdef SSL
ifndef OPENSSL_INCLUDE
ifeq "$(wildcard $(OPENSSL_PATH)/outinc)" "$(OPENSSL_PATH)/outinc"
OPENSSL_INCLUDE = $(OPENSSL_PATH)/outinc
endif
ifeq "$(wildcard $(OPENSSL_PATH)/include)" "$(OPENSSL_PATH)/include"
OPENSSL_INCLUDE = $(OPENSSL_PATH)/include
endif
endif
ifneq "$(wildcard $(OPENSSL_INCLUDE)/openssl/opensslv.h)" "$(OPENSSL_INCLUDE)/openssl/opensslv.h"
$(error Invalid path to OpenSSL package: $(OPENSSL_PATH))
endif
ifndef OPENSSL_LIBPATH
ifeq "$(wildcard $(OPENSSL_PATH)/out)" "$(OPENSSL_PATH)/out"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/out
OPENSSL_LIBS = -leay32 -lssl32
endif
ifeq "$(wildcard $(OPENSSL_PATH)/lib)" "$(OPENSSL_PATH)/lib"
OPENSSL_LIBPATH = $(OPENSSL_PATH)/lib
OPENSSL_LIBS = -lcrypto -lssl
endif
endif
INCLUDES += -I"$(OPENSSL_INCLUDE)" INCLUDES += -I"$(OPENSSL_INCLUDE)"
CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \ CFLAGS += -DUSE_SSLEAY -DUSE_OPENSSL -DHAVE_OPENSSL_ENGINE_H -DHAVE_OPENSSL_PKCS12_H \
-DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \ -DHAVE_ENGINE_LOAD_BUILTIN_ENGINES -DOPENSSL_NO_KRB5 \
-DCURL_WANTS_CA_BUNDLE_ENV -DCURL_WANTS_CA_BUNDLE_ENV
DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS) DLL_LIBS += -L"$(OPENSSL_LIBPATH)" $(OPENSSL_LIBS)
ifdef SRP
ifeq "$(wildcard $(OPENSSL_INCLUDE)/openssl/srp.h)" "$(OPENSSL_INCLUDE)/openssl/srp.h"
CFLAGS += -DHAVE_SSLEAY_SRP -DUSE_TLS_SRP
endif
endif
endif endif
ifdef ZLIB ifdef ZLIB
INCLUDES += -I"$(ZLIB_PATH)" INCLUDES += -I"$(ZLIB_PATH)"
@@ -169,6 +218,9 @@ endif
endif endif
ifdef SSPI ifdef SSPI
CFLAGS += -DUSE_WINDOWS_SSPI CFLAGS += -DUSE_WINDOWS_SSPI
ifdef WINSSL
CFLAGS += -DUSE_SCHANNEL
endif
endif endif
ifdef SPNEGO ifdef SPNEGO
CFLAGS += -DHAVE_SPNEGO CFLAGS += -DHAVE_SPNEGO
@@ -212,7 +264,7 @@ RESOURCE = libcurl.res
all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) all: $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY)
$(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES) $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
-$(RM) $@ @$(call DEL, $@)
$(AR) cru $@ $(libcurl_a_OBJECTS) $(AR) cru $@ $(libcurl_a_OBJECTS)
$(RANLIB) $@ $(RANLIB) $@
$(STRIP) $@ $(STRIP) $@
@@ -220,7 +272,7 @@ $(libcurl_a_LIBRARY): $(libcurl_a_OBJECTS) $(libcurl_a_DEPENDENCIES)
# remove the last line above to keep debug info # remove the last line above to keep debug info
$(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENCIES) $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENCIES)
-$(RM) $@ @$(call DEL, $@)
$(CC) $(LDFLAGS) -shared -Wl,--out-implib,$(libcurl_dll_a_LIBRARY) \ $(CC) $(LDFLAGS) -shared -Wl,--out-implib,$(libcurl_dll_a_LIBRARY) \
-o $@ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS) -o $@ $(libcurl_a_OBJECTS) $(RESOURCE) $(DLL_LIBS)
@@ -232,17 +284,18 @@ $(libcurl_dll_LIBRARY): $(libcurl_a_OBJECTS) $(RESOURCE) $(libcurl_dll_DEPENDENC
clean: clean:
ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist" ifeq "$(wildcard $(PROOT)/include/curl/curlbuild.h.dist)" "$(PROOT)/include/curl/curlbuild.h.dist"
-$(RM) $(subst /,\,$(PROOT)/include/curl/curlbuild.h) @$(call DEL, $(PROOT)/include/curl/curlbuild.h)
endif endif
-$(RM) $(libcurl_a_OBJECTS) $(RESOURCE) @$(call DEL, $(libcurl_a_OBJECTS) $(RESOURCE))
distclean vclean: clean distclean vclean: clean
-$(RM) $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY) @$(call DEL, $(libcurl_a_LIBRARY) $(libcurl_dll_LIBRARY) $(libcurl_dll_a_LIBRARY))
$(PROOT)/include/curl/curlbuild.h:
@echo Creating $@
@$(call COPY, $@.dist, $@)
$(LIBCARES_PATH)/libcares.a: $(LIBCARES_PATH)/libcares.a:
$(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32 $(MAKE) -C $(LIBCARES_PATH) -f Makefile.m32
$(PROOT)/include/curl/curlbuild.h:
@echo Creating $@
@$(CP) $(subst /,\,$@).dist $(subst /,\,$@)

View File

@@ -64,7 +64,8 @@ DESCR = cURL libcurl $(LIBCURL_VERSION_STR) ($(LIBARCH)) - http://curl.haxx.se
MTSAFE = YES MTSAFE = YES
STACK = 64000 STACK = 64000
SCREEN = none SCREEN = none
EXPORTS = @libcurl.imp EXPORTF = $(TARGET).imp
EXPORTS = @$(EXPORTF)
# Uncomment the next line to enable linking with POSIX semantics. # Uncomment the next line to enable linking with POSIX semantics.
# POSIXFL = 1 # POSIXFL = 1
@@ -330,7 +331,7 @@ $(OBJDIR)/%.o: %.c
# @echo Compiling $< # @echo Compiling $<
$(CC) $(CFLAGS) -c $< -o $@ $(CC) $(CFLAGS) -c $< -o $@
$(OBJDIR)/version.inc: ../include/curl/curlver.h $(OBJDIR) $(OBJDIR)/version.inc: $(CURL_INC)/curl/curlver.h $(OBJDIR)
@echo Creating $@ @echo Creating $@
@$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@ @$(AWK) -f ../packages/NetWare/get_ver.awk $< > $@
@@ -350,7 +351,7 @@ clean:
-$(RM) -r $(OBJDIR) -$(RM) -r $(OBJDIR)
distclean vclean: clean distclean vclean: clean
-$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm -$(RM) $(TARGET).$(LIBEXT) $(TARGET).nlm $(TARGET).imp
-$(RM) certdata.txt ca-bundle.crt -$(RM) certdata.txt ca-bundle.crt
$(OBJDIR) $(INSTDIR): $(OBJDIR) $(INSTDIR):
@@ -364,7 +365,7 @@ ifdef RANLIB
@$(RANLIB) $@ @$(RANLIB) $@
endif endif
$(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(XDCDATA) $(TARGET).nlm: $(OBJDIR)/$(TARGET).def $(OBJL) $(EXPORTF) $(XDCDATA)
@echo Linking $@ @echo Linking $@
@-$(RM) $@ @-$(RM) $@
@$(LD) $(LDFLAGS) $< @$(LD) $(LDFLAGS) $<
@@ -660,6 +661,10 @@ else
@echo $(DL)#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")$(DL) >> $@ @echo $(DL)#define CURL_CA_BUNDLE getenv("CURL_CA_BUNDLE")$(DL) >> $@
endif endif
$(EXPORTF): $(CURL_INC)/curl/curl.h $(CURL_INC)/curl/easy.h $(CURL_INC)/curl/multi.h $(CURL_INC)/curl/mprintf.h
@echo Creating $@
@$(AWK) -f ../packages/NetWare/get_exp.awk $^ > $@
FORCE: ; FORCE: ;
info: $(OBJDIR)/version.inc info: $(OBJDIR)/version.inc
@@ -696,13 +701,6 @@ else
@echo ipv6 support: no @echo ipv6 support: no
endif endif
$(LIBCARES_PATH)/libcares.$(LIBEXT):
$(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
ca-bundle.crt: mk-ca-bundle.pl
@echo Creating $@
@-$(PERL) $< -b -n $@
$(CURL_INC)/curl/curlbuild.h: Makefile.netware FORCE $(CURL_INC)/curl/curlbuild.h: Makefile.netware FORCE
@echo Creating $@ @echo Creating $@
@echo $(DL)/* $@ intended for NetWare target.$(DL) > $@ @echo $(DL)/* $@ intended for NetWare target.$(DL) > $@
@@ -741,3 +739,10 @@ endif
@echo $(DL)typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;$(DL) >> $@ @echo $(DL)typedef CURL_TYPEOF_CURL_OFF_T curl_off_t;$(DL) >> $@
@echo $(DL)#endif /* __CURL_CURLBUILD_H */$(DL) >> $@ @echo $(DL)#endif /* __CURL_CURLBUILD_H */$(DL) >> $@
$(LIBCARES_PATH)/libcares.$(LIBEXT):
$(MAKE) -C $(LIBCARES_PATH) -f Makefile.netware lib
ca-bundle.crt: mk-ca-bundle.pl
@echo Creating $@
@-$(PERL) $< -b -n $@

View File

@@ -5,7 +5,7 @@
# | (__| |_| | _ <| |___ # | (__| |_| | _ <| |___
# \___|\___/|_| \_\_____| # \___|\___/|_| \_\_____|
# #
# Copyright (C) 1999 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. # Copyright (C) 1999 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
# #
# This software is licensed as described in the file COPYING, which # This software is licensed as described in the file COPYING, which
# you should have received as part of this distribution. The terms # you should have received as part of this distribution. The terms
@@ -22,7 +22,7 @@
# All files in the Makefile.vc* series are generated automatically from the # All files in the Makefile.vc* series are generated automatically from the
# one made for MSVC version 6. Alas, if you want to do changes to any of the # one made for MSVC version 6. Alas, if you want to do changes to any of the
# fiels and send back to the project, edit the version six, make your diff and # files and send back to the project, edit the version six, make your diff and
# mail curl-library. # mail curl-library.
########################################################################### ###########################################################################
@@ -189,6 +189,20 @@ CC = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE CFGSET = TRUE
!ENDIF !ENDIF
######################
# release-ssl-ssh2-zlib
!IF "$(CFG)" == "release-ssl-ssh2-zlib"
TARGET = $(LIBCURL_STA_LIB_REL)
DIROBJ = $(CFG)
LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
LNK = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
CC = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE
!ENDIF
###################### ######################
# release-ssl-dll # release-ssl-dll
@@ -226,36 +240,6 @@ CC = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE CFGSET = TRUE
!ENDIF !ENDIF
######################
# release-ssl-ssh2-zlib
!IF "$(CFG)" == "release-ssl-ssh2-zlib"
TARGET = $(LIB_NAME).lib
DIROBJ = $(CFG)
LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
LNK = $(LNKLIB) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
CC = $(CCNODBG) $(RTLIB) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE
RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
!ENDIF
######################
# debug-ssl-ssh2-zlib
!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
TARGET = $(LIB_NAME_DEBUG).lib
DIROBJ = $(CFG)
LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
LNK = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE
RESOURCE = $(LIBSSH2_PATH)/Release/src/libssh2.lib $(ZLIB_PATH)/zlib.lib
!ENDIF
###################### ######################
# release-dll # release-dll
@@ -356,6 +340,20 @@ CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE CFGSET = TRUE
!ENDIF !ENDIF
######################
# debug-ssl-ssh2-zlib
!IF "$(CFG)" == "debug-ssl-ssh2-zlib"
TARGET = $(LIBCURL_STA_LIB_DBG)
DIROBJ = $(CFG)
LFLAGSZLIB = "/LIBPATH:$(ZLIB_PATH)"
LFLAGSSSH2 = "/LIBPATH:$(LIBSSH2_PATH)"
LFLAGSSSL = "/LIBPATH:$(OPENSSL_PATH)\out32"
LNK = $(LNKLIB) $(ZLIBLIBS) $(LFLAGSSSL) $(LFLAGSSSH2) $(LFLAGSZLIB) /out:$(DIROBJ)\$(TARGET)
CC = $(CCDEBUG) $(RTLIBD) $(CFLAGSSSL) $(CFLAGSSSH2) $(CFLAGSZLIB) $(CFLAGSLIB)
CFGSET = TRUE
!ENDIF
###################### ######################
# debug-ssl-dll # debug-ssl-dll
@@ -463,11 +461,11 @@ RESOURCE = $(DIROBJ)\libcurl.res
!MESSAGE release-dll-ssl-dll - release dynamic library with dynamic ssl !MESSAGE release-dll-ssl-dll - release dynamic library with dynamic ssl
!MESSAGE release-dll-zlib-dll - release dynamic library with dynamic zlib !MESSAGE release-dll-zlib-dll - release dynamic library with dynamic zlib
!MESSAGE release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib !MESSAGE release-dll-ssl-dll-zlib-dll - release dynamic library with dynamic ssl and dynamic zlib
!MESSAGE debug-ssl-ssh2-zlib - debug static library with ssl, ssh2 and zlib
!MESSAGE debug - debug static library !MESSAGE debug - debug static library
!MESSAGE debug-ssl - debug static library with ssl !MESSAGE debug-ssl - debug static library with ssl
!MESSAGE debug-zlib - debug static library with zlib !MESSAGE debug-zlib - debug static library with zlib
!MESSAGE debug-ssl-zlib - debug static library with ssl and zlib !MESSAGE debug-ssl-zlib - debug static library with ssl and zlib
!MESSAGE debug-ssl-ssh2-zlib - debug static library with ssl, ssh2 and zlib
!MESSAGE debug-ssl-dll - debug static library with dynamic ssl !MESSAGE debug-ssl-dll - debug static library with dynamic ssl
!MESSAGE debug-zlib-dll - debug static library with dynamic zlib !MESSAGE debug-zlib-dll - debug static library with dynamic zlib
!MESSAGE debug-ssl-dll-zlib-dll - debug static library with dynamic ssl and dynamic zlib !MESSAGE debug-ssl-dll-zlib-dll - debug static library with dynamic ssl and dynamic zlib
@@ -503,25 +501,29 @@ X_OBJS= \
$(DIROBJ)\content_encoding.obj \ $(DIROBJ)\content_encoding.obj \
$(DIROBJ)\cookie.obj \ $(DIROBJ)\cookie.obj \
$(DIROBJ)\curl_addrinfo.obj \ $(DIROBJ)\curl_addrinfo.obj \
$(DIROBJ)\curl_darwinssl.obj \
$(DIROBJ)\curl_fnmatch.obj \ $(DIROBJ)\curl_fnmatch.obj \
$(DIROBJ)\curl_gethostname.obj \ $(DIROBJ)\curl_gethostname.obj \
$(DIROBJ)\curl_memrchr.obj \ $(DIROBJ)\curl_memrchr.obj \
$(DIROBJ)\curl_multibyte.obj \
$(DIROBJ)\curl_ntlm.obj \ $(DIROBJ)\curl_ntlm.obj \
$(DIROBJ)\curl_ntlm_core.obj \ $(DIROBJ)\curl_ntlm_core.obj \
$(DIROBJ)\curl_ntlm_msgs.obj \ $(DIROBJ)\curl_ntlm_msgs.obj \
$(DIROBJ)\curl_ntlm_wb.obj \ $(DIROBJ)\curl_ntlm_wb.obj \
$(DIROBJ)\curl_rand.obj \ $(DIROBJ)\curl_rand.obj \
$(DIROBJ)\curl_rtmp.obj \ $(DIROBJ)\curl_rtmp.obj \
$(DIROBJ)\curl_sasl.obj \
$(DIROBJ)\curl_schannel.obj \
$(DIROBJ)\curl_sspi.obj \ $(DIROBJ)\curl_sspi.obj \
$(DIROBJ)\curl_threads.obj \ $(DIROBJ)\curl_threads.obj \
$(DIROBJ)\dict.obj \ $(DIROBJ)\dict.obj \
$(DIROBJ)\easy.obj \ $(DIROBJ)\easy.obj \
$(DIROBJ)\escape.obj \ $(DIROBJ)\escape.obj \
$(DIROBJ)\fileinfo.obj \
$(DIROBJ)\file.obj \ $(DIROBJ)\file.obj \
$(DIROBJ)\fileinfo.obj \
$(DIROBJ)\formdata.obj \ $(DIROBJ)\formdata.obj \
$(DIROBJ)\ftplistparser.obj \
$(DIROBJ)\ftp.obj \ $(DIROBJ)\ftp.obj \
$(DIROBJ)\ftplistparser.obj \
$(DIROBJ)\getenv.obj \ $(DIROBJ)\getenv.obj \
$(DIROBJ)\getinfo.obj \ $(DIROBJ)\getinfo.obj \
$(DIROBJ)\gopher.obj \ $(DIROBJ)\gopher.obj \
@@ -529,15 +531,15 @@ X_OBJS= \
$(DIROBJ)\hash.obj \ $(DIROBJ)\hash.obj \
$(DIROBJ)\hmac.obj \ $(DIROBJ)\hmac.obj \
$(DIROBJ)\hostasyn.obj \ $(DIROBJ)\hostasyn.obj \
$(DIROBJ)\hostip.obj \
$(DIROBJ)\hostip4.obj \ $(DIROBJ)\hostip4.obj \
$(DIROBJ)\hostip6.obj \ $(DIROBJ)\hostip6.obj \
$(DIROBJ)\hostip.obj \
$(DIROBJ)\hostsyn.obj \ $(DIROBJ)\hostsyn.obj \
$(DIROBJ)\http.obj \
$(DIROBJ)\http_chunks.obj \ $(DIROBJ)\http_chunks.obj \
$(DIROBJ)\http_digest.obj \ $(DIROBJ)\http_digest.obj \
$(DIROBJ)\http_negotiate.obj \ $(DIROBJ)\http_negotiate.obj \
$(DIROBJ)\http_negotiate_sspi.obj \ $(DIROBJ)\http_negotiate_sspi.obj \
$(DIROBJ)\http.obj \
$(DIROBJ)\http_proxy.obj \ $(DIROBJ)\http_proxy.obj \
$(DIROBJ)\if2ip.obj \ $(DIROBJ)\if2ip.obj \
$(DIROBJ)\imap.obj \ $(DIROBJ)\imap.obj \
@@ -565,8 +567,8 @@ X_OBJS= \
$(DIROBJ)\share.obj \ $(DIROBJ)\share.obj \
$(DIROBJ)\slist.obj \ $(DIROBJ)\slist.obj \
$(DIROBJ)\smtp.obj \ $(DIROBJ)\smtp.obj \
$(DIROBJ)\socks_gssapi.obj \
$(DIROBJ)\socks.obj \ $(DIROBJ)\socks.obj \
$(DIROBJ)\socks_gssapi.obj \
$(DIROBJ)\socks_sspi.obj \ $(DIROBJ)\socks_sspi.obj \
$(DIROBJ)\speedcheck.obj \ $(DIROBJ)\speedcheck.obj \
$(DIROBJ)\splay.obj \ $(DIROBJ)\splay.obj \

View File

@@ -1,5 +1,5 @@
#ifndef __LIB_CONFIG_WIN32CE_H #ifndef HEADER_CURL_CONFIG_WIN32CE_H
#define __LIB_CONFIG_WIN32CE_H #define HEADER_CURL_CONFIG_WIN32CE_H
/*************************************************************************** /***************************************************************************
* _ _ ____ _ * _ _ ____ _
* Project ___| | | | _ \| | * Project ___| | | | _ \| |
@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -79,7 +79,7 @@
#define HAVE_STDLIB_H 1 #define HAVE_STDLIB_H 1
/* Define if you have the <process.h> header file. */ /* Define if you have the <process.h> header file. */
#define HAVE_PROCESS_H 1 /* #define HAVE_PROCESS_H 1 */
/* Define if you have the <sys/param.h> header file. */ /* Define if you have the <sys/param.h> header file. */
/* #define HAVE_SYS_PARAM_H 1 */ /* #define HAVE_SYS_PARAM_H 1 */
@@ -427,6 +427,14 @@
/* WinCE */ /* WinCE */
/* ---------------------------------------------------------------- */ /* ---------------------------------------------------------------- */
#ifndef UNICODE
# define UNICODE
#endif
#ifndef _UNICODE
# define _UNICODE
#endif
#define CURL_DISABLE_FILE 1 #define CURL_DISABLE_FILE 1
#define CURL_DISABLE_TELNET 1 #define CURL_DISABLE_TELNET 1
#define CURL_DISABLE_LDAP 1 #define CURL_DISABLE_LDAP 1
@@ -437,4 +445,4 @@
extern int stat(const char *path,struct stat *buffer ); extern int stat(const char *path,struct stat *buffer );
#endif /* __LIB_CONFIG_WIN32CE_H */ #endif /* HEADER_CURL_CONFIG_WIN32CE_H */

View File

@@ -91,6 +91,13 @@
static bool verifyconnect(curl_socket_t sockfd, int *error); static bool verifyconnect(curl_socket_t sockfd, int *error);
#ifdef __DragonFly__
/* DragonFlyBSD uses millisecond as KEEPIDLE and KEEPINTVL units */
#define KEEPALIVE_FACTOR(x) (x *= 1000)
#else
#define KEEPALIVE_FACTOR(x)
#endif
static void static void
tcpkeepalive(struct SessionHandle *data, tcpkeepalive(struct SessionHandle *data,
curl_socket_t sockfd) curl_socket_t sockfd)
@@ -105,6 +112,7 @@ tcpkeepalive(struct SessionHandle *data,
else { else {
#ifdef TCP_KEEPIDLE #ifdef TCP_KEEPIDLE
optval = curlx_sltosi(data->set.tcp_keepidle); optval = curlx_sltosi(data->set.tcp_keepidle);
KEEPALIVE_FACTOR(optval);
if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPIDLE,
(void *)&optval, sizeof(optval)) < 0) { (void *)&optval, sizeof(optval)) < 0) {
infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd); infof(data, "Failed to set TCP_KEEPIDLE on fd %d\n", sockfd);
@@ -112,6 +120,7 @@ tcpkeepalive(struct SessionHandle *data,
#endif #endif
#ifdef TCP_KEEPINTVL #ifdef TCP_KEEPINTVL
optval = curlx_sltosi(data->set.tcp_keepintvl); optval = curlx_sltosi(data->set.tcp_keepintvl);
KEEPALIVE_FACTOR(optval);
if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL, if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPINTVL,
(void *)&optval, sizeof(optval)) < 0) { (void *)&optval, sizeof(optval)) < 0) {
infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd); infof(data, "Failed to set TCP_KEEPINTVL on fd %d\n", sockfd);

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -882,7 +882,7 @@ struct Cookie *Curl_cookie_getlist(struct CookieInfo *c,
for(i=0; co; co = co->next) for(i=0; co; co = co->next)
array[i++] = co; array[i++] = co;
/* now sort the cookie pointers in path lenth order */ /* now sort the cookie pointers in path length order */
qsort(array, matches, sizeof(struct Cookie *), cookie_sort); qsort(array, matches, sizeof(struct Cookie *), cookie_sort);
/* remake the linked list order according to the new order */ /* remake the linked list order according to the new order */
@@ -1069,7 +1069,7 @@ static int cookie_output(struct CookieInfo *c, const char *dumphere)
char *format_ptr; char *format_ptr;
fputs("# Netscape HTTP Cookie File\n" fputs("# Netscape HTTP Cookie File\n"
"# http://curl.haxx.se/rfc/cookie_spec.html\n" "# http://curl.haxx.se/docs/http-cookies.html\n"
"# This file was generated by libcurl! Edit at your own risk.\n\n", "# This file was generated by libcurl! Edit at your own risk.\n\n",
out); out);
co = c->cookies; co = c->cookies;

920
lib/curl_darwinssl.c Normal file
View File

@@ -0,0 +1,920 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
* Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
/*
* Source file for all iOS and Mac OS X SecureTransport-specific code for the
* TLS/SSL layer. No code but sslgen.c should ever call or use these functions.
*/
#include "setup.h"
#ifdef USE_DARWINSSL
#ifdef HAVE_LIMITS_H
#include <limits.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#include <Security/Security.h>
#include <Security/SecureTransport.h>
#include <CoreFoundation/CoreFoundation.h>
#include <CommonCrypto/CommonDigest.h>
#include "urldata.h"
#include "sendf.h"
#include "inet_pton.h"
#include "connect.h"
#include "select.h"
#include "sslgen.h"
#include "curl_darwinssl.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
/* From MacTypes.h (which we can't include because it isn't present in iOS: */
#define ioErr -36
/* The following two functions were ripped from Apple sample code,
* with some modifications: */
static OSStatus SocketRead(SSLConnectionRef connection,
void *data, /* owned by
* caller, data
* RETURNED */
size_t *dataLength) /* IN/OUT */
{
UInt32 bytesToGo = *dataLength;
UInt32 initLen = bytesToGo;
UInt8 *currData = (UInt8 *)data;
/*int sock = *(int *)connection;*/
struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
int sock = connssl->ssl_sockfd;
OSStatus rtn = noErr;
UInt32 bytesRead;
int rrtn;
int theErr;
*dataLength = 0;
for(;;) {
bytesRead = 0;
rrtn = read(sock, currData, bytesToGo);
if(rrtn <= 0) {
/* this is guesswork... */
theErr = errno;
if((rrtn == 0) && (theErr == 0)) {
/* try fix for iSync */
rtn = errSSLClosedGraceful;
}
else /* do the switch */
switch(theErr) {
case ENOENT:
/* connection closed */
rtn = errSSLClosedGraceful;
break;
case ECONNRESET:
rtn = errSSLClosedAbort;
break;
case EAGAIN:
rtn = errSSLWouldBlock;
connssl->ssl_direction = false;
break;
default:
rtn = ioErr;
break;
}
break;
}
else {
bytesRead = rrtn;
}
bytesToGo -= bytesRead;
currData += bytesRead;
if(bytesToGo == 0) {
/* filled buffer with incoming data, done */
break;
}
}
*dataLength = initLen - bytesToGo;
return rtn;
}
static OSStatus SocketWrite(SSLConnectionRef connection,
const void *data,
size_t *dataLength) /* IN/OUT */
{
UInt32 bytesSent = 0;
/*int sock = *(int *)connection;*/
struct ssl_connect_data *connssl = (struct ssl_connect_data *)connection;
int sock = connssl->ssl_sockfd;
int length;
UInt32 dataLen = *dataLength;
const UInt8 *dataPtr = (UInt8 *)data;
OSStatus ortn;
int theErr;
*dataLength = 0;
do {
length = write(sock,
(char*)dataPtr + bytesSent,
dataLen - bytesSent);
} while((length > 0) &&
( (bytesSent += length) < dataLen) );
if(length <= 0) {
theErr = errno;
if(theErr == EAGAIN) {
ortn = errSSLWouldBlock;
connssl->ssl_direction = true;
}
else {
ortn = ioErr;
}
}
else {
ortn = noErr;
}
*dataLength = bytesSent;
return ortn;
}
CF_INLINE const char *CipherNameForNumber(SSLCipherSuite cipher) {
switch (cipher) {
case SSL_RSA_WITH_NULL_MD5:
return "SSL_RSA_WITH_NULL_MD5";
break;
case SSL_RSA_WITH_NULL_SHA:
return "SSL_RSA_WITH_NULL_SHA";
break;
case SSL_RSA_EXPORT_WITH_RC4_40_MD5:
return "SSL_RSA_EXPORT_WITH_RC4_40_MD5";
break;
case SSL_RSA_WITH_RC4_128_MD5:
return "SSL_RSA_WITH_RC4_128_MD5";
break;
case SSL_RSA_WITH_RC4_128_SHA:
return "SSL_RSA_WITH_RC4_128_SHA";
break;
case SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5:
return "SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5";
break;
case SSL_RSA_WITH_IDEA_CBC_SHA:
return "SSL_RSA_WITH_IDEA_CBC_SHA";
break;
case SSL_RSA_EXPORT_WITH_DES40_CBC_SHA:
return "SSL_RSA_EXPORT_WITH_DES40_CBC_SHA";
break;
case SSL_RSA_WITH_DES_CBC_SHA:
return "SSL_RSA_WITH_DES_CBC_SHA";
break;
case SSL_RSA_WITH_3DES_EDE_CBC_SHA:
return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
break;
case SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA:
return "SSL_DH_DSS_EXPORT_WITH_DES40_CBC_SHA";
break;
case SSL_DH_DSS_WITH_DES_CBC_SHA:
return "SSL_DH_DSS_WITH_DES_CBC_SHA";
break;
case SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA:
return "SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA";
break;
case SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA:
return "SSL_DH_RSA_EXPORT_WITH_DES40_CBC_SHA";
break;
case SSL_DH_RSA_WITH_DES_CBC_SHA:
return "SSL_DH_RSA_WITH_DES_CBC_SHA";
break;
case SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA:
return "SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA";
break;
case SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA:
return "SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA";
break;
case SSL_DHE_DSS_WITH_DES_CBC_SHA:
return "SSL_DHE_DSS_WITH_DES_CBC_SHA";
break;
case SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA:
return "SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA";
break;
case SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA:
return "SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA";
break;
case SSL_DHE_RSA_WITH_DES_CBC_SHA:
return "SSL_DHE_RSA_WITH_DES_CBC_SHA";
break;
case SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
return "SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
break;
case SSL_DH_anon_EXPORT_WITH_RC4_40_MD5:
return "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5";
break;
case SSL_DH_anon_WITH_RC4_128_MD5:
return "SSL_DH_anon_WITH_RC4_128_MD5";
break;
case SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA:
return "SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA";
break;
case SSL_DH_anon_WITH_DES_CBC_SHA:
return "SSL_DH_anon_WITH_DES_CBC_SHA";
break;
case SSL_DH_anon_WITH_3DES_EDE_CBC_SHA:
return "SSL_DH_anon_WITH_3DES_EDE_CBC_SHA";
break;
case SSL_FORTEZZA_DMS_WITH_NULL_SHA:
return "SSL_FORTEZZA_DMS_WITH_NULL_SHA";
break;
case SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA:
return "SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA";
break;
case TLS_RSA_WITH_AES_128_CBC_SHA:
return "TLS_RSA_WITH_AES_128_CBC_SHA";
break;
case TLS_DH_DSS_WITH_AES_128_CBC_SHA:
return "TLS_DH_DSS_WITH_AES_128_CBC_SHA";
break;
case TLS_DH_RSA_WITH_AES_128_CBC_SHA:
return "TLS_DH_RSA_WITH_AES_128_CBC_SHA";
break;
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA:
return "TLS_DHE_DSS_WITH_AES_128_CBC_SHA";
break;
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA:
return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
break;
case TLS_DH_anon_WITH_AES_128_CBC_SHA:
return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
break;
case TLS_RSA_WITH_AES_256_CBC_SHA:
return "TLS_RSA_WITH_AES_256_CBC_SHA";
break;
case TLS_DH_DSS_WITH_AES_256_CBC_SHA:
return "TLS_DH_DSS_WITH_AES_256_CBC_SHA";
break;
case TLS_DH_RSA_WITH_AES_256_CBC_SHA:
return "TLS_DH_RSA_WITH_AES_256_CBC_SHA";
break;
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA:
return "TLS_DHE_DSS_WITH_AES_256_CBC_SHA";
break;
case TLS_DHE_RSA_WITH_AES_256_CBC_SHA:
return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
break;
case TLS_DH_anon_WITH_AES_256_CBC_SHA:
return "TLS_DH_anon_WITH_AES_256_CBC_SHA";
break;
case TLS_ECDH_ECDSA_WITH_NULL_SHA:
return "TLS_ECDH_ECDSA_WITH_NULL_SHA";
break;
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA:
return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
break;
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
break;
case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA:
return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
break;
case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA:
return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
break;
case TLS_ECDHE_ECDSA_WITH_NULL_SHA:
return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
break;
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
break;
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
break;
case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA:
return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA:
return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
break;
case TLS_ECDH_RSA_WITH_NULL_SHA:
return "TLS_ECDH_RSA_WITH_NULL_SHA";
break;
case TLS_ECDH_RSA_WITH_RC4_128_SHA:
return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
break;
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
break;
case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA:
return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
break;
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA:
return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
break;
case TLS_ECDHE_RSA_WITH_NULL_SHA:
return "TLS_ECDHE_RSA_WITH_NULL_SHA";
break;
case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
break;
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA:
return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
break;
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA:
return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
break;
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA:
return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
break;
case TLS_ECDH_anon_WITH_NULL_SHA:
return "TLS_ECDH_anon_WITH_NULL_SHA";
break;
case TLS_ECDH_anon_WITH_RC4_128_SHA:
return "TLS_ECDH_anon_WITH_RC4_128_SHA";
break;
case TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA:
return "TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA";
break;
case TLS_ECDH_anon_WITH_AES_128_CBC_SHA:
return "TLS_ECDH_anon_WITH_AES_128_CBC_SHA";
break;
case TLS_ECDH_anon_WITH_AES_256_CBC_SHA:
return "TLS_ECDH_anon_WITH_AES_256_CBC_SHA";
break;
case SSL_RSA_WITH_RC2_CBC_MD5:
return "SSL_RSA_WITH_RC2_CBC_MD5";
break;
case SSL_RSA_WITH_IDEA_CBC_MD5:
return "SSL_RSA_WITH_IDEA_CBC_MD5";
break;
case SSL_RSA_WITH_DES_CBC_MD5:
return "SSL_RSA_WITH_DES_CBC_MD5";
break;
case SSL_RSA_WITH_3DES_EDE_CBC_MD5:
return "SSL_RSA_WITH_3DES_EDE_CBC_MD5";
break;
}
return "(NONE)";
}
static CURLcode darwinssl_connect_step1(struct connectdata *conn,
int sockindex)
{
struct SessionHandle *data = conn->data;
curl_socket_t sockfd = conn->sock[sockindex];
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
bool sni = true;
#ifdef ENABLE_IPV6
struct in6_addr addr;
#else
struct in_addr addr;
#endif
/*SSLConnectionRef ssl_connection;*/
OSStatus err = noErr;
if(connssl->ssl_ctx)
(void)SSLDisposeContext(connssl->ssl_ctx);
err = SSLNewContext(false, &(connssl->ssl_ctx));
if(err != noErr) {
failf(data, "SSL: couldn't create a context: OSStatus %d", err);
return CURLE_OUT_OF_MEMORY;
}
/* check to see if we've been told to use an explicit SSL/TLS version */
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx, kSSLProtocolAll, false);
switch(data->set.ssl.version) {
default:
case CURL_SSLVERSION_DEFAULT:
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kSSLProtocol3,
true);
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kTLSProtocol1,
true);
break;
case CURL_SSLVERSION_TLSv1:
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kTLSProtocol1,
true);
break;
case CURL_SSLVERSION_SSLv2:
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kSSLProtocol2,
true);
break;
case CURL_SSLVERSION_SSLv3:
(void)SSLSetProtocolVersionEnabled(connssl->ssl_ctx,
kSSLProtocol3,
true);
break;
}
/* No need to load certificates here. SecureTransport uses the Keychain
* (which is also part of the Security framework) to evaluate trust. */
/* SSL always tries to verify the peer, this only says whether it should
* fail to connect if the verification fails, or if it should continue
* anyway. In the latter case the result of the verification is checked with
* SSL_get_verify_result() below. */
err = SSLSetEnableCertVerify(connssl->ssl_ctx,
data->set.ssl.verifypeer?true:false);
if(err != noErr) {
failf(data, "SSL: SSLSetEnableCertVerify() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
}
/* If this is a domain name and not an IP address, then configure SNI: */
if((0 == Curl_inet_pton(AF_INET, conn->host.name, &addr)) &&
#ifdef ENABLE_IPV6
(0 == Curl_inet_pton(AF_INET6, conn->host.name, &addr)) &&
#endif
sni) {
err = SSLSetPeerDomainName(connssl->ssl_ctx, conn->host.name,
strlen(conn->host.name));
if(err != noErr) {
infof(data, "WARNING: SSL: SSLSetPeerDomainName() failed: OSStatus %d",
err);
}
}
err = SSLSetIOFuncs(connssl->ssl_ctx, SocketRead, SocketWrite);
if(err != noErr) {
failf(data, "SSL: SSLSetIOFuncs() failed: OSStatus %d", err);
return CURLE_SSL_CONNECT_ERROR;
}
/* pass the raw socket into the SSL layers */
/* We need to store the FD in a constant memory address, because
* SSLSetConnection() will not copy that address. I've found that
* conn->sock[sockindex] may change on its own. */
connssl->ssl_sockfd = sockfd;
/*ssl_connection = &(connssl->ssl_sockfd);
err = SSLSetConnection(connssl->ssl_ctx, ssl_connection);*/
err = SSLSetConnection(connssl->ssl_ctx, connssl);
if(err != noErr) {
failf(data, "SSL: SSLSetConnection() failed: %d", err);
return CURLE_SSL_CONNECT_ERROR;
}
connssl->connecting_state = ssl_connect_2;
return CURLE_OK;
}
static CURLcode
darwinssl_connect_step2(struct connectdata *conn, int sockindex)
{
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
OSStatus err;
SSLCipherSuite cipher;
DEBUGASSERT(ssl_connect_2 == connssl->connecting_state
|| ssl_connect_2_reading == connssl->connecting_state
|| ssl_connect_2_writing == connssl->connecting_state);
/* Here goes nothing: */
err = SSLHandshake(connssl->ssl_ctx);
if(err != noErr) {
switch (err) {
case errSSLWouldBlock: /* they're not done with us yet */
connssl->connecting_state = connssl->ssl_direction ?
ssl_connect_2_writing : ssl_connect_2_reading;
return CURLE_OK;
break;
case errSSLServerAuthCompleted:
/* the documentation says we need to call SSLHandshake() again */
return darwinssl_connect_step2(conn, sockindex);
case errSSLXCertChainInvalid:
case errSSLUnknownRootCert:
case errSSLNoRootCert:
case errSSLCertExpired:
failf(data, "SSL certificate problem: OSStatus %d", err);
return CURLE_SSL_CACERT;
break;
default:
failf(data, "Unknown SSL protocol error in connection to %s:%d",
conn->host.name, err);
return CURLE_SSL_CONNECT_ERROR;
break;
}
}
else {
/* we have been connected fine, we're not waiting for anything else. */
connssl->connecting_state = ssl_connect_3;
/* Informational message */
(void)SSLGetNegotiatedCipher(connssl->ssl_ctx, &cipher);
infof (data, "SSL connection using %s\n", CipherNameForNumber(cipher));
return CURLE_OK;
}
}
static CURLcode
darwinssl_connect_step3(struct connectdata *conn,
int sockindex)
{
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
CFStringRef server_cert_summary;
char server_cert_summary_c[128];
CFArrayRef server_certs;
SecCertificateRef server_cert;
OSStatus err;
CFIndex i, count;
/* There is no step 3!
* Well, okay, if verbose mode is on, let's print the details of the
* server certificates. */
err = SSLCopyPeerCertificates(connssl->ssl_ctx, &server_certs);
if(err == noErr) {
count = CFArrayGetCount(server_certs);
for(i = 0L ; i < count ; i++) {
server_cert = (SecCertificateRef)CFArrayGetValueAtIndex(server_certs, i);
server_cert_summary = SecCertificateCopySubjectSummary(server_cert);
memset(server_cert_summary_c, 0, 128);
if(CFStringGetCString(server_cert_summary,
server_cert_summary_c,
128,
kCFStringEncodingUTF8)) {
infof(data, "Server certificate: %s\n", server_cert_summary_c);
}
CFRelease(server_cert_summary);
}
CFRelease(server_certs);
}
connssl->connecting_state = ssl_connect_done;
return CURLE_OK;
}
static Curl_recv darwinssl_recv;
static Curl_send darwinssl_send;
static CURLcode
darwinssl_connect_common(struct connectdata *conn,
int sockindex,
bool nonblocking,
bool *done)
{
CURLcode retcode;
struct SessionHandle *data = conn->data;
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
curl_socket_t sockfd = conn->sock[sockindex];
long timeout_ms;
int what;
/* check if the connection has already been established */
if(ssl_connection_complete == connssl->state) {
*done = TRUE;
return CURLE_OK;
}
if(ssl_connect_1==connssl->connecting_state) {
/* Find out how much more time we're allowed */
timeout_ms = Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0) {
/* no need to continue if time already is up */
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
retcode = darwinssl_connect_step1(conn, sockindex);
if(retcode)
return retcode;
}
while(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
ssl_connect_2_writing == connssl->connecting_state) {
/* check allowed time left */
timeout_ms = Curl_timeleft(data, NULL, TRUE);
if(timeout_ms < 0) {
/* no need to continue if time already is up */
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
/* if ssl is expecting something, check if it's available. */
if(connssl->connecting_state == ssl_connect_2_reading
|| connssl->connecting_state == ssl_connect_2_writing) {
curl_socket_t writefd = ssl_connect_2_writing ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
curl_socket_t readfd = ssl_connect_2_reading ==
connssl->connecting_state?sockfd:CURL_SOCKET_BAD;
what = Curl_socket_ready(readfd, writefd, nonblocking?0:timeout_ms);
if(what < 0) {
/* fatal error */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
return CURLE_SSL_CONNECT_ERROR;
}
else if(0 == what) {
if(nonblocking) {
*done = FALSE;
return CURLE_OK;
}
else {
/* timeout */
failf(data, "SSL connection timeout");
return CURLE_OPERATION_TIMEDOUT;
}
}
/* socket is readable or writable */
}
/* Run transaction, and return to the caller if it failed or if this
* connection is done nonblocking and this loop would execute again. This
* permits the owner of a multi handle to abort a connection attempt
* before step2 has completed while ensuring that a client using select()
* or epoll() will always have a valid fdset to wait on.
*/
retcode = darwinssl_connect_step2(conn, sockindex);
if(retcode || (nonblocking &&
(ssl_connect_2 == connssl->connecting_state ||
ssl_connect_2_reading == connssl->connecting_state ||
ssl_connect_2_writing == connssl->connecting_state)))
return retcode;
} /* repeat step2 until all transactions are done. */
if(ssl_connect_3==connssl->connecting_state) {
retcode = darwinssl_connect_step3(conn, sockindex);
if(retcode)
return retcode;
}
if(ssl_connect_done==connssl->connecting_state) {
connssl->state = ssl_connection_complete;
conn->recv[sockindex] = darwinssl_recv;
conn->send[sockindex] = darwinssl_send;
*done = TRUE;
}
else
*done = FALSE;
/* Reset our connect state machine */
connssl->connecting_state = ssl_connect_1;
return CURLE_OK;
}
CURLcode
Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done)
{
return darwinssl_connect_common(conn, sockindex, TRUE, done);
}
CURLcode
Curl_darwinssl_connect(struct connectdata *conn,
int sockindex)
{
CURLcode retcode;
bool done = FALSE;
retcode = darwinssl_connect_common(conn, sockindex, FALSE, &done);
if(retcode)
return retcode;
DEBUGASSERT(done);
return CURLE_OK;
}
void Curl_darwinssl_close(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
(void)SSLClose(connssl->ssl_ctx);
(void)SSLDisposeContext(connssl->ssl_ctx);
connssl->ssl_ctx = NULL;
connssl->ssl_sockfd = 0;
}
void Curl_darwinssl_close_all(struct SessionHandle *data)
{
/* SecureTransport doesn't separate sessions from contexts, so... */
(void)data;
}
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex)
{
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
struct SessionHandle *data = conn->data;
ssize_t nread;
int what;
int rc;
char buf[120];
if(!connssl->ssl_ctx)
return 0;
if(data->set.ftp_ccc != CURLFTPSSL_CCC_ACTIVE)
return 0;
Curl_darwinssl_close(conn, sockindex);
rc = 0;
what = Curl_socket_ready(conn->sock[sockindex],
CURL_SOCKET_BAD, SSL_SHUTDOWN_TIMEOUT);
for(;;) {
if(what < 0) {
/* anything that gets here is fatally bad */
failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO);
rc = -1;
break;
}
if(!what) { /* timeout */
failf(data, "SSL shutdown timeout");
break;
}
/* Something to read, let's do it and hope that it is the close
notify alert from the server. No way to SSL_Read now, so use read(). */
nread = read(conn->sock[sockindex], buf, sizeof(buf));
if(nread < 0) {
failf(data, "read: %s", strerror(errno));
rc = -1;
}
if(nread <= 0)
break;
what = Curl_socket_ready(conn->sock[sockindex], CURL_SOCKET_BAD, 0);
}
return rc;
}
size_t Curl_darwinssl_version(char *buffer, size_t size)
{
return snprintf(buffer, size, "SecureTransport");
}
/*
* This function uses SSLGetSessionState to determine connection status.
*
* Return codes:
* 1 means the connection is still in place
* 0 means the connection has been closed
* -1 means the connection status is unknown
*/
int Curl_darwinssl_check_cxn(struct connectdata *conn)
{
struct ssl_connect_data *connssl = &conn->ssl[FIRSTSOCKET];
OSStatus err;
SSLSessionState state;
if(connssl->ssl_ctx) {
err = SSLGetSessionState(connssl->ssl_ctx, &state);
if(err == noErr)
return state == kSSLConnected || state == kSSLHandshake;
return -1;
}
return 0;
}
bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex)
{
const struct ssl_connect_data *connssl = &conn->ssl[connindex];
OSStatus err;
size_t buffer;
if(connssl->ssl_ctx) { /* SSL is in use */
err = SSLGetBufferedReadSize(connssl->ssl_ctx, &buffer);
if(err == noErr)
return buffer > 0UL;
return false;
}
else
return false;
}
void Curl_darwinssl_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
/* arc4random_buf() isn't available on cats older than Lion, so let's
do this manually for the benefit of the older cats. */
size_t i;
u_int32_t random = 0;
for(i = 0 ; i < length ; i++) {
if(i % sizeof(u_int32_t) == 0)
random = arc4random();
entropy[i] = random & 0xFF;
random >>= 8;
}
i = random = 0;
(void)data;
}
void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len)
{
(void)md5len;
(void)CC_MD5(tmp, tmplen, md5sum);
}
static ssize_t darwinssl_send(struct connectdata *conn,
int sockindex,
const void *mem,
size_t len,
CURLcode *curlcode)
{
/*struct SessionHandle *data = conn->data;*/
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
size_t processed;
OSStatus err = SSLWrite(connssl->ssl_ctx, mem, len, &processed);
if(err != noErr) {
switch (err) {
case errSSLWouldBlock: /* we're not done yet; keep sending */
*curlcode = CURLE_AGAIN;
return -1;
break;
default:
failf(conn->data, "SSLWrite() return error %d", err);
*curlcode = CURLE_SEND_ERROR;
return -1;
break;
}
}
return (ssize_t)processed;
}
static ssize_t darwinssl_recv(struct connectdata *conn,
int num,
char *buf,
size_t buffersize,
CURLcode *curlcode)
{
/*struct SessionHandle *data = conn->data;*/
struct ssl_connect_data *connssl = &conn->ssl[num];
size_t processed;
OSStatus err = SSLRead(connssl->ssl_ctx, buf, buffersize, &processed);
if(err != noErr) {
switch (err) {
case errSSLWouldBlock: /* we're not done yet; keep reading */
*curlcode = CURLE_AGAIN;
return -1;
break;
default:
failf(conn->data, "SSLRead() return error %d", err);
*curlcode = CURLE_RECV_ERROR;
return -1;
break;
}
}
return (ssize_t)processed;
}
#endif /* USE_DARWINSSL */

73
lib/curl_darwinssl.h Normal file
View File

@@ -0,0 +1,73 @@
#ifndef HEADER_CURL_DARWINSSL_H
#define HEADER_CURL_DARWINSSL_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012, Nick Zitzmann, <nickzman@gmail.com>.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "setup.h"
#ifdef USE_DARWINSSL
CURLcode Curl_darwinssl_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_darwinssl_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
/* this function doesn't actually do anything */
void Curl_darwinssl_close_all(struct SessionHandle *data);
/* close a SSL connection */
void Curl_darwinssl_close(struct connectdata *conn, int sockindex);
size_t Curl_darwinssl_version(char *buffer, size_t size);
int Curl_darwinssl_shutdown(struct connectdata *conn, int sockindex);
int Curl_darwinssl_check_cxn(struct connectdata *conn);
bool Curl_darwinssl_data_pending(const struct connectdata *conn,
int connindex);
void Curl_darwinssl_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length);
void Curl_darwinssl_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len);
/* API setup for SecureTransport */
#define curlssl_init() (1)
#define curlssl_cleanup() Curl_nop_stmt
#define curlssl_connect Curl_darwinssl_connect
#define curlssl_connect_nonblocking Curl_darwinssl_connect_nonblocking
#define curlssl_session_free(x) Curl_nop_stmt
#define curlssl_close_all Curl_darwinssl_close_all
#define curlssl_close Curl_darwinssl_close
#define curlssl_shutdown(x,y) 0
#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
#define curlssl_version Curl_darwinssl_version
#define curlssl_check_cxn Curl_darwinssl_check_cxn
#define curlssl_data_pending(x,y) Curl_darwinssl_data_pending(x, y)
#define curlssl_random(x,y,z) Curl_darwinssl_random(x,y,z)
#define curlssl_md5sum(a,b,c,d) Curl_darwinssl_md5sum(a,b,c,d)
#endif /* USE_DARWINSSL */
#endif /* HEADER_CURL_DARWINSSL_H */

82
lib/curl_multibyte.c Normal file
View File

@@ -0,0 +1,82 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "setup.h"
#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
/*
* MultiByte conversions using Windows kernel32 library.
*/
#include "curl_multibyte.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
#include "curl_memory.h"
/* The last #include file should be: */
#include "memdebug.h"
wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8)
{
wchar_t *str_w = NULL;
if(str_utf8) {
int str_w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS,
str_utf8, -1, NULL, 0);
if(str_w_len > 0) {
str_w = malloc(str_w_len * sizeof(wchar_t));
if(str_w) {
if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
str_w_len) == 0) {
Curl_safefree(str_w);
}
}
}
}
return str_w;
}
char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w)
{
char *str_utf8 = NULL;
if(str_w) {
int str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL,
0, NULL, NULL);
if(str_utf8_len > 0) {
str_utf8 = malloc(str_utf8_len * sizeof(wchar_t));
if(str_utf8) {
if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
NULL, FALSE) == 0) {
Curl_safefree(str_utf8);
}
}
}
}
return str_utf8;
}
#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */

90
lib/curl_multibyte.h Normal file
View File

@@ -0,0 +1,90 @@
#ifndef HEADER_CURL_MULTIBYTE_H
#define HEADER_CURL_MULTIBYTE_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "setup.h"
#if defined(USE_WIN32_IDN) || (defined(USE_WINDOWS_SSPI) && defined(UNICODE))
/*
* MultiByte conversions using Windows kernel32 library.
*/
wchar_t *Curl_convert_UTF8_to_wchar(const char *str_utf8);
char *Curl_convert_wchar_to_UTF8(const wchar_t *str_w);
#endif /* USE_WIN32_IDN || (USE_WINDOWS_SSPI && UNICODE) */
#if defined(USE_WIN32_IDN) || defined(USE_WINDOWS_SSPI)
/*
* Macros Curl_convert_UTF8_to_tchar(), Curl_convert_tchar_to_UTF8()
* and Curl_unicodefree() main purpose is to minimize the number of
* preprocessor conditional directives needed by code using these
* to differentiate UNICODE from non-UNICODE builds.
*
* When building with UNICODE defined, this two macros
* Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
* return a pointer to a newly allocated memory area holding result.
* When the result is no longer needed, allocated memory is intended
* to be free'ed with Curl_unicodefree().
*
* When building without UNICODE defined, this macros
* Curl_convert_UTF8_to_tchar() and Curl_convert_tchar_to_UTF8()
* return the pointer received as argument. Curl_unicodefree() does
* no actual free'ing of this pointer it is simply set to NULL.
*/
#ifdef UNICODE
#define Curl_convert_UTF8_to_tchar(ptr) Curl_convert_UTF8_to_wchar((ptr))
#define Curl_convert_tchar_to_UTF8(ptr) Curl_convert_wchar_to_UTF8((ptr))
#define Curl_unicodefree(ptr) \
do {if((ptr)) {free((ptr)); (ptr) = NULL;}} WHILE_FALSE
typedef union {
unsigned short *tchar_ptr;
const unsigned short *const_tchar_ptr;
unsigned short *tbyte_ptr;
const unsigned short *const_tbyte_ptr;
} xcharp_u;
#else
#define Curl_convert_UTF8_to_tchar(ptr) (ptr)
#define Curl_convert_tchar_to_UTF8(ptr) (ptr)
#define Curl_unicodefree(ptr) \
do {(ptr) = NULL;} WHILE_FALSE
typedef union {
char *tchar_ptr;
const char *const_tchar_ptr;
unsigned char *tbyte_ptr;
const unsigned char *const_tbyte_ptr;
} xcharp_u;
#endif /* UNICODE */
#endif /* USE_WIN32_IDN || USE_WINDOWS_SSPI */
#endif /* HEADER_CURL_MULTIBYTE_H */

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -82,6 +82,11 @@
# include "curl_md4.h" # include "curl_md4.h"
# define MD5_DIGEST_LENGTH MD5_LENGTH # define MD5_DIGEST_LENGTH MD5_LENGTH
#elif defined(USE_DARWINSSL)
# include <CommonCrypto/CommonCryptor.h>
# include <CommonCrypto/CommonDigest.h>
#else #else
# error "Can't compile NTLM support without a crypto library." # error "Can't compile NTLM support without a crypto library."
#endif #endif
@@ -221,7 +226,23 @@ fail:
return rv; return rv;
} }
#endif /* defined(USE_NSS) */ #elif defined(USE_DARWINSSL)
static bool encrypt_des(const unsigned char *in, unsigned char *out,
const unsigned char *key_56)
{
char key[8];
size_t out_len;
CCCryptorStatus err;
extend_key_56_to_64(key_56, key);
err = CCCrypt(kCCEncrypt, kCCAlgorithmDES, kCCOptionECBMode, key,
kCCKeySizeDES, NULL, in, 8 /* inbuflen */, out,
8 /* outbuflen */, &out_len);
return err == kCCSuccess;
}
#endif /* defined(USE_DARWINSSL) */
#endif /* defined(USE_SSLEAY) */ #endif /* defined(USE_SSLEAY) */
@@ -273,7 +294,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys,
setup_des_key(keys + 14, &des); setup_des_key(keys + 14, &des);
gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8); gcry_cipher_encrypt(des, results + 16, 8, plaintext, 8);
gcry_cipher_close(des); gcry_cipher_close(des);
#elif defined(USE_NSS) #elif defined(USE_NSS) || defined(USE_DARWINSSL)
encrypt_des(plaintext, results, keys); encrypt_des(plaintext, results, keys);
encrypt_des(plaintext, results + 8, keys + 7); encrypt_des(plaintext, results + 8, keys + 7);
encrypt_des(plaintext, results + 16, keys + 14); encrypt_des(plaintext, results + 16, keys + 14);
@@ -336,7 +357,7 @@ void Curl_ntlm_core_mk_lm_hash(struct SessionHandle *data,
setup_des_key(pw + 7, &des); setup_des_key(pw + 7, &des);
gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8); gcry_cipher_encrypt(des, lmbuffer + 8, 8, magic, 8);
gcry_cipher_close(des); gcry_cipher_close(des);
#elif defined(USE_NSS) #elif defined(USE_NSS) || defined(USE_DARWINSSL)
encrypt_des(magic, lmbuffer, pw); encrypt_des(magic, lmbuffer, pw);
encrypt_des(magic, lmbuffer + 8, pw + 7); encrypt_des(magic, lmbuffer + 8, pw + 7);
#endif #endif
@@ -399,6 +420,8 @@ CURLcode Curl_ntlm_core_mk_nt_hash(struct SessionHandle *data,
gcry_md_close(MD4pw); gcry_md_close(MD4pw);
#elif defined(USE_NSS) #elif defined(USE_NSS)
Curl_md4it(ntbuffer, pw, 2 * len); Curl_md4it(ntbuffer, pw, 2 * len);
#elif defined(USE_DARWINSSL)
(void)CC_MD4(pw, 2 * len, ntbuffer);
#endif #endif
memset(ntbuffer + 16, 0, 21 - 16); memset(ntbuffer + 16, 0, 21 - 16);

View File

@@ -33,64 +33,22 @@
#define DEBUG_ME 0 #define DEBUG_ME 0
#ifdef USE_SSLEAY
# ifdef USE_OPENSSL
# include <openssl/des.h>
# ifndef OPENSSL_NO_MD4
# include <openssl/md4.h>
# endif
# include <openssl/md5.h>
# include <openssl/ssl.h>
# include <openssl/rand.h>
# else
# include <des.h>
# ifndef OPENSSL_NO_MD4
# include <md4.h>
# endif
# include <md5.h>
# include <ssl.h>
# include <rand.h>
# endif
# include "ssluse.h"
#elif defined(USE_GNUTLS_NETTLE)
# include <nettle/md5.h>
# include <gnutls/gnutls.h>
# include <gnutls/crypto.h>
# define MD5_DIGEST_LENGTH 16
#elif defined(USE_GNUTLS)
# include <gcrypt.h>
# include "gtls.h"
# define MD5_DIGEST_LENGTH 16
# define MD4_DIGEST_LENGTH 16
#elif defined(USE_NSS)
# include <nss.h>
# include <pk11pub.h>
# include <hasht.h>
# include "nssg.h"
# include "curl_md4.h"
# define MD5_DIGEST_LENGTH MD5_LENGTH
#elif defined(USE_WINDOWS_SSPI)
# include "curl_sspi.h"
#else
# error "Can't compile NTLM support without a crypto library."
#endif
#include "urldata.h" #include "urldata.h"
#include "non-ascii.h" #include "non-ascii.h"
#include "sendf.h" #include "sendf.h"
#include "curl_base64.h" #include "curl_base64.h"
#include "curl_ntlm_core.h" #include "curl_ntlm_core.h"
#include "curl_gethostname.h" #include "curl_gethostname.h"
#include "curl_multibyte.h"
#include "warnless.h"
#include "curl_memory.h" #include "curl_memory.h"
#ifdef USE_WINDOWS_SSPI
# include "curl_sspi.h"
#endif
#include "sslgen.h"
#define BUILDING_CURL_NTLM_MSGS_C #define BUILDING_CURL_NTLM_MSGS_C
#include "curl_ntlm_msgs.h" #include "curl_ntlm_msgs.h"
@@ -281,7 +239,7 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
free(buffer); free(buffer);
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
} }
ntlm->n_type_2 = (unsigned long)size; ntlm->n_type_2 = curlx_uztoul(size);
memcpy(ntlm->type_2, buffer, size); memcpy(ntlm->type_2, buffer, size);
#else #else
ntlm->flags = 0; ntlm->flags = 0;
@@ -315,19 +273,16 @@ CURLcode Curl_ntlm_decode_type2_message(struct SessionHandle *data,
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm) void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm)
{ {
if(ntlm->type_2) { Curl_safefree(ntlm->type_2);
free(ntlm->type_2);
ntlm->type_2 = NULL;
}
if(ntlm->has_handles) { if(ntlm->has_handles) {
s_pSecFn->DeleteSecurityContext(&ntlm->c_handle); s_pSecFn->DeleteSecurityContext(&ntlm->c_handle);
s_pSecFn->FreeCredentialsHandle(&ntlm->handle); s_pSecFn->FreeCredentialsHandle(&ntlm->handle);
ntlm->has_handles = 0; ntlm->has_handles = 0;
} }
if(ntlm->p_identity) { if(ntlm->p_identity) {
if(ntlm->identity.User) free(ntlm->identity.User); Curl_safefree(ntlm->identity.User);
if(ntlm->identity.Password) free(ntlm->identity.Password); Curl_safefree(ntlm->identity.Password);
if(ntlm->identity.Domain) free(ntlm->identity.Domain); Curl_safefree(ntlm->identity.Domain);
ntlm->p_identity = NULL; ntlm->p_identity = NULL;
} }
} }
@@ -359,7 +314,7 @@ static void unicodecpy(unsigned char *dest,
* userp [in] - The user name in the format User or Domain\User. * userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password. * passdwp [in] - The user's password.
* ntlm [in/out] - The ntlm data struct being used and modified. * ntlm [in/out] - The ntlm data struct being used and modified.
* outptr [in/out] - The adress where a pointer to newly allocated memory * outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion. * holding the result will be stored upon completion.
* outlen [out] - The length of the output message. * outlen [out] - The length of the output message.
* *
@@ -393,67 +348,94 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
SecBuffer buf; SecBuffer buf;
SecBufferDesc desc; SecBufferDesc desc;
SECURITY_STATUS status; SECURITY_STATUS status;
ULONG attrs; unsigned long attrs;
const char *dest = ""; xcharp_u useranddomain;
const char *user; xcharp_u user, dup_user;
const char *domain = ""; xcharp_u domain, dup_domain;
size_t userlen = 0; xcharp_u passwd, dup_passwd;
size_t domlen = 0; size_t domlen = 0;
size_t passwdlen = 0;
TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */ TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
domain.const_tchar_ptr = TEXT("");
Curl_ntlm_sspi_cleanup(ntlm); Curl_ntlm_sspi_cleanup(ntlm);
user = strchr(userp, '\\'); if(userp && *userp) {
if(!user)
user = strchr(userp, '/');
if(user) { /* null initialize ntlm identity's data to allow proper cleanup */
domain = userp;
domlen = user - userp;
user++;
}
else {
user = userp;
domain = "";
domlen = 0;
}
if(user)
userlen = strlen(user);
if(passwdp)
passwdlen = strlen(passwdp);
if(userlen > 0) {
/* note: initialize all of this before doing the mallocs so that
* it can be cleaned up later without leaking memory.
*/
ntlm->p_identity = &ntlm->identity; ntlm->p_identity = &ntlm->identity;
memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity)); memset(ntlm->p_identity, 0, sizeof(*ntlm->p_identity));
if((ntlm->identity.User = (unsigned char *)strdup(user)) == NULL)
useranddomain.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)userp);
if(!useranddomain.tchar_ptr)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
ntlm->identity.UserLength = (unsigned long)userlen; user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('\\'));
if((ntlm->identity.Password = (unsigned char *)strdup(passwdp)) == NULL) if(!user.const_tchar_ptr)
return CURLE_OUT_OF_MEMORY; user.const_tchar_ptr = _tcschr(useranddomain.const_tchar_ptr, TEXT('/'));
ntlm->identity.PasswordLength = (unsigned long)strlen(passwdp); if(user.tchar_ptr) {
if((ntlm->identity.Domain = malloc(domlen + 1)) == NULL) domain.tchar_ptr = useranddomain.tchar_ptr;
return CURLE_OUT_OF_MEMORY; domlen = user.tchar_ptr - useranddomain.tchar_ptr;
user.tchar_ptr++;
}
else {
user.tchar_ptr = useranddomain.tchar_ptr;
domain.const_tchar_ptr = TEXT("");
domlen = 0;
}
strncpy((char *)ntlm->identity.Domain, domain, domlen); /* setup ntlm identity's user and length */
ntlm->identity.Domain[domlen] = '\0'; dup_user.tchar_ptr = _tcsdup(user.tchar_ptr);
ntlm->identity.DomainLength = (unsigned long)domlen; if(!dup_user.tchar_ptr) {
ntlm->identity.Flags = SEC_WINNT_AUTH_IDENTITY_ANSI; Curl_unicodefree(useranddomain.tchar_ptr);
return CURLE_OUT_OF_MEMORY;
}
ntlm->identity.User = dup_user.tbyte_ptr;
ntlm->identity.UserLength = curlx_uztoul(_tcslen(dup_user.tchar_ptr));
dup_user.tchar_ptr = NULL;
/* setup ntlm identity's domain and length */
dup_domain.tchar_ptr = malloc(sizeof(TCHAR) * (domlen + 1));
if(!dup_domain.tchar_ptr) {
Curl_unicodefree(useranddomain.tchar_ptr);
return CURLE_OUT_OF_MEMORY;
}
_tcsncpy(dup_domain.tchar_ptr, domain.tchar_ptr, domlen);
*(dup_domain.tchar_ptr + domlen) = TEXT('\0');
ntlm->identity.Domain = dup_domain.tbyte_ptr;
ntlm->identity.DomainLength = curlx_uztoul(domlen);
dup_domain.tchar_ptr = NULL;
Curl_unicodefree(useranddomain.tchar_ptr);
/* setup ntlm identity's password and length */
passwd.tchar_ptr = Curl_convert_UTF8_to_tchar((char *)passwdp);
if(!passwd.tchar_ptr)
return CURLE_OUT_OF_MEMORY;
dup_passwd.tchar_ptr = _tcsdup(passwd.tchar_ptr);
if(!dup_passwd.tchar_ptr) {
Curl_unicodefree(passwd.tchar_ptr);
return CURLE_OUT_OF_MEMORY;
}
ntlm->identity.Password = dup_passwd.tbyte_ptr;
ntlm->identity.PasswordLength =
curlx_uztoul(_tcslen(dup_passwd.tchar_ptr));
dup_passwd.tchar_ptr = NULL;
Curl_unicodefree(passwd.tchar_ptr);
/* setup ntlm identity's flags */
ntlm->identity.Flags = SECFLAG_WINNT_AUTH_IDENTITY;
} }
else else
ntlm->p_identity = NULL; ntlm->p_identity = NULL;
status = s_pSecFn->AcquireCredentialsHandleA(NULL, (void *)"NTLM", status = s_pSecFn->AcquireCredentialsHandle(NULL,
SECPKG_CRED_OUTBOUND, NULL, (TCHAR *) TEXT("NTLM"),
ntlm->p_identity, NULL, NULL, SECPKG_CRED_OUTBOUND, NULL,
&ntlm->handle, &tsDummy); ntlm->p_identity, NULL, NULL,
&ntlm->handle, &tsDummy);
if(status != SEC_E_OK) if(status != SEC_E_OK)
return CURLE_OUT_OF_MEMORY; return CURLE_OUT_OF_MEMORY;
@@ -464,15 +446,15 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
buf.BufferType = SECBUFFER_TOKEN; buf.BufferType = SECBUFFER_TOKEN;
buf.pvBuffer = ntlmbuf; buf.pvBuffer = ntlmbuf;
status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, NULL, status = s_pSecFn->InitializeSecurityContext(&ntlm->handle, NULL,
(void *)dest, (TCHAR *) TEXT(""),
ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONFIDENTIALITY |
ISC_REQ_REPLAY_DETECT | ISC_REQ_REPLAY_DETECT |
ISC_REQ_CONNECTION, ISC_REQ_CONNECTION,
0, SECURITY_NETWORK_DREP, 0, SECURITY_NETWORK_DREP,
NULL, 0, NULL, 0,
&ntlm->c_handle, &desc, &ntlm->c_handle, &desc,
&attrs, &tsDummy); &attrs, &tsDummy);
if(status == SEC_I_COMPLETE_AND_CONTINUE || if(status == SEC_I_COMPLETE_AND_CONTINUE ||
status == SEC_I_CONTINUE_NEEDED) status == SEC_I_CONTINUE_NEEDED)
@@ -580,7 +562,7 @@ CURLcode Curl_ntlm_create_type1_message(const char *userp,
* userp [in] - The user name in the format User or Domain\User. * userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password. * passdwp [in] - The user's password.
* ntlm [in/out] - The ntlm data struct being used and modified. * ntlm [in/out] - The ntlm data struct being used and modified.
* outptr [in/out] - The adress where a pointer to newly allocated memory * outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion. * holding the result will be stored upon completion.
* outlen [out] - The length of the output message. * outlen [out] - The length of the output message.
* *
@@ -615,13 +597,12 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
size_t size; size_t size;
#ifdef USE_WINDOWS_SSPI #ifdef USE_WINDOWS_SSPI
const char *dest = "";
SecBuffer type_2; SecBuffer type_2;
SecBuffer type_3; SecBuffer type_3;
SecBufferDesc type_2_desc; SecBufferDesc type_2_desc;
SecBufferDesc type_3_desc; SecBufferDesc type_3_desc;
SECURITY_STATUS status; SECURITY_STATUS status;
ULONG attrs; unsigned long attrs;
TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */ TimeStamp tsDummy; /* For Windows 9x compatibility of SSPI calls */
(void)passwdp; (void)passwdp;
@@ -640,17 +621,17 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
type_3.pvBuffer = ntlmbuf; type_3.pvBuffer = ntlmbuf;
type_3.cbBuffer = NTLM_BUFSIZE; type_3.cbBuffer = NTLM_BUFSIZE;
status = s_pSecFn->InitializeSecurityContextA(&ntlm->handle, status = s_pSecFn->InitializeSecurityContext(&ntlm->handle,
&ntlm->c_handle, &ntlm->c_handle,
(void *)dest, (TCHAR *) TEXT(""),
ISC_REQ_CONFIDENTIALITY | ISC_REQ_CONFIDENTIALITY |
ISC_REQ_REPLAY_DETECT | ISC_REQ_REPLAY_DETECT |
ISC_REQ_CONNECTION, ISC_REQ_CONNECTION,
0, SECURITY_NETWORK_DREP, 0, SECURITY_NETWORK_DREP,
&type_2_desc, &type_2_desc,
0, &ntlm->c_handle, 0, &ntlm->c_handle,
&type_3_desc, &type_3_desc,
&attrs, &tsDummy); &attrs, &tsDummy);
if(status != SEC_E_OK) if(status != SEC_E_OK)
return CURLE_RECV_ERROR; return CURLE_RECV_ERROR;
@@ -717,23 +698,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
unsigned char entropy[8]; unsigned char entropy[8];
/* Need to create 8 bytes random data */ /* Need to create 8 bytes random data */
#ifdef USE_SSLEAY Curl_ssl_random(data, entropy, sizeof(entropy));
MD5_CTX MD5pw;
Curl_ossl_seed(data); /* Initiate the seed if not already done */
RAND_bytes(entropy, 8);
#elif defined(USE_GNUTLS_NETTLE)
struct md5_ctx MD5pw;
gnutls_rnd(GNUTLS_RND_RANDOM, entropy, 8);
#elif defined(USE_GNUTLS)
gcry_md_hd_t MD5pw;
Curl_gtls_seed(data); /* Initiate the seed if not already done */
gcry_randomize(entropy, 8, GCRY_STRONG_RANDOM);
#elif defined(USE_NSS)
PK11Context *MD5pw;
unsigned int MD5len;
Curl_nss_seed(data); /* Initiate the seed if not already done */
PK11_GenerateRandom(entropy, 8);
#endif
/* 8 bytes random data as challenge in lmresp */ /* 8 bytes random data as challenge in lmresp */
memcpy(lmresp, entropy, 8); memcpy(lmresp, entropy, 8);
@@ -745,25 +710,7 @@ CURLcode Curl_ntlm_create_type3_message(struct SessionHandle *data,
memcpy(tmp, &ntlm->nonce[0], 8); memcpy(tmp, &ntlm->nonce[0], 8);
memcpy(tmp + 8, entropy, 8); memcpy(tmp + 8, entropy, 8);
#ifdef USE_SSLEAY Curl_ssl_md5sum(tmp, 16, md5sum, MD5_DIGEST_LENGTH);
MD5_Init(&MD5pw);
MD5_Update(&MD5pw, tmp, 16);
MD5_Final(md5sum, &MD5pw);
#elif defined(USE_GNUTLS_NETTLE)
md5_init(&MD5pw);
md5_update(&MD5pw, 16, tmp);
md5_digest(&MD5pw, 16, md5sum);
#elif defined(USE_GNUTLS)
gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
gcry_md_write(MD5pw, tmp, MD5_DIGEST_LENGTH);
memcpy(md5sum, gcry_md_read (MD5pw, 0), MD5_DIGEST_LENGTH);
gcry_md_close(MD5pw);
#elif defined(USE_NSS)
MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
PK11_DigestOp(MD5pw, tmp, 16);
PK11_DigestFinal(MD5pw, md5sum, &MD5len, MD5_DIGEST_LENGTH);
PK11_DestroyContext(MD5pw, PR_TRUE);
#endif
/* We shall only use the first 8 bytes of md5sum, but the des /* We shall only use the first 8 bytes of md5sum, but the des
code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */ code in Curl_ntlm_core_lm_resp only encrypt the first 8 bytes */

View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -163,6 +163,14 @@ void Curl_ntlm_sspi_cleanup(struct ntlmdata *ntlm);
#define NTLMFLAG_NEGOTIATE_56 (1<<31) #define NTLMFLAG_NEGOTIATE_56 (1<<31)
/* Indicates that 56-bit encryption is supported. */ /* Indicates that 56-bit encryption is supported. */
#ifdef UNICODE
# define SECFLAG_WINNT_AUTH_IDENTITY \
(unsigned long)SEC_WINNT_AUTH_IDENTITY_UNICODE
#else
# define SECFLAG_WINNT_AUTH_IDENTITY \
(unsigned long)SEC_WINNT_AUTH_IDENTITY_ANSI
#endif
#endif /* BUILDING_CURL_NTLM_MSGS_C */ #endif /* BUILDING_CURL_NTLM_MSGS_C */
#endif /* USE_NTLM */ #endif /* USE_NTLM */

504
lib/curl_sasl.c Normal file
View File

@@ -0,0 +1,504 @@
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
* RFC2195 CRAM-MD5 authentication
* RFC2831 DIGEST-MD5 authentication
* RFC4616 PLAIN authentication
*
***************************************************************************/
#include "setup.h"
#include <curl/curl.h>
#include "urldata.h"
#include "curl_base64.h"
#include "curl_md5.h"
#include "curl_rand.h"
#include "curl_hmac.h"
#include "curl_ntlm_msgs.h"
#include "curl_sasl.h"
#include "warnless.h"
#include "curl_memory.h"
#define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h>
/* The last #include file should be: */
#include "memdebug.h"
#ifndef CURL_DISABLE_CRYPTO_AUTH
/* Retrieves the value for a corresponding key from the challenge string
* returns TRUE if the key could be found, FALSE if it does not exists
*/
static bool sasl_digest_get_key_value(const unsigned char *chlg,
const char *key,
char *value,
size_t max_val_len,
char end_char)
{
char *find_pos;
size_t i;
find_pos = strstr((const char *) chlg, key);
if(!find_pos)
return FALSE;
find_pos += strlen(key);
for(i = 0; *find_pos && *find_pos != end_char && i < max_val_len - 1; ++i)
value[i] = *find_pos++;
value[i] = '\0';
return TRUE;
}
#endif
/*
* Curl_sasl_create_plain_message()
*
* This is used to generate an already encoded PLAIN message ready
* for sending to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
const char* userp,
const char* passwdp,
char **outptr, size_t *outlen)
{
char plainauth[2 * MAX_CURL_USER_LENGTH + MAX_CURL_PASSWORD_LENGTH];
size_t ulen;
size_t plen;
ulen = strlen(userp);
plen = strlen(passwdp);
if(2 * ulen + plen + 2 > sizeof(plainauth)) {
*outlen = 0;
*outptr = NULL;
/* Plainauth too small */
return CURLE_OUT_OF_MEMORY;
}
/* Calculate the reply */
memcpy(plainauth, userp, ulen);
plainauth[ulen] = '\0';
memcpy(plainauth + ulen + 1, userp, ulen);
plainauth[2 * ulen + 1] = '\0';
memcpy(plainauth + 2 * ulen + 2, passwdp, plen);
/* Base64 encode the reply */
return Curl_base64_encode(data, plainauth, 2 * ulen + plen + 2, outptr,
outlen);
}
/*
* Curl_sasl_create_login_message()
*
* This is used to generate an already encoded LOGIN message containing the
* user name or password ready for sending to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* valuep [in] - The user name or user's password.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
const char* valuep, char **outptr,
size_t *outlen)
{
size_t vlen = strlen(valuep);
if(!vlen) {
/* Calculate an empty reply */
*outptr = strdup("=");
if(*outptr) {
*outlen = (size_t) 1;
return CURLE_OK;
}
*outlen = 0;
return CURLE_OUT_OF_MEMORY;
}
/* Base64 encode the value */
return Curl_base64_encode(data, valuep, vlen, outptr, outlen);
}
#ifndef CURL_DISABLE_CRYPTO_AUTH
/*
* Curl_sasl_create_cram_md5_message()
*
* This is used to generate an already encoded CRAM-MD5 response message ready
* for sending to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* chlg64 [in] - Pointer to the base64 encoded challenge buffer.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
const char* chlg64,
const char* userp,
const char* passwdp,
char **outptr, size_t *outlen)
{
CURLcode result = CURLE_OK;
size_t chlg64len = strlen(chlg64);
unsigned char *chlg = (unsigned char *) NULL;
size_t chlglen = 0;
HMAC_context *ctxt;
unsigned char digest[MD5_DIGEST_LEN];
char response[MAX_CURL_USER_LENGTH + 2 * MD5_DIGEST_LEN + 1];
/* Decode the challenge if necessary */
if(chlg64len && *chlg64 != '=') {
result = Curl_base64_decode(chlg64, &chlg, &chlglen);
if(result)
return result;
}
/* Compute the digest using the password as the key */
ctxt = Curl_HMAC_init(Curl_HMAC_MD5,
(const unsigned char *) passwdp,
curlx_uztoui(strlen(passwdp)));
if(!ctxt) {
Curl_safefree(chlg);
return CURLE_OUT_OF_MEMORY;
}
/* Update the digest with the given challenge */
if(chlglen > 0)
Curl_HMAC_update(ctxt, chlg, curlx_uztoui(chlglen));
Curl_safefree(chlg);
/* Finalise the digest */
Curl_HMAC_final(ctxt, digest);
/* Prepare the response */
snprintf(response, sizeof(response),
"%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
userp, digest[0], digest[1], digest[2], digest[3], digest[4],
digest[5], digest[6], digest[7], digest[8], digest[9], digest[10],
digest[11], digest[12], digest[13], digest[14], digest[15]);
/* Base64 encode the reply */
return Curl_base64_encode(data, response, 0, outptr, outlen);
}
/*
* Curl_sasl_create_digest_md5_message()
*
* This is used to generate an already encoded DIGEST-MD5 response message
* ready for sending to the recipient.
*
* Parameters:
*
* data [in] - The session handle.
* chlg64 [in] - Pointer to the base64 encoded challenge buffer.
* userp [in] - The user name.
* passdwp [in] - The user's password.
* service [in] - The service type such as www, smtp or pop
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
const char* chlg64,
const char* userp,
const char* passwdp,
const char* service,
char **outptr, size_t *outlen)
{
static const char table16[] = "0123456789abcdef";
CURLcode result = CURLE_OK;
unsigned char *chlg = (unsigned char *) NULL;
size_t chlglen = 0;
size_t i;
MD5_context *ctxt;
unsigned char digest[MD5_DIGEST_LEN];
char HA1_hex[2 * MD5_DIGEST_LEN + 1];
char HA2_hex[2 * MD5_DIGEST_LEN + 1];
char resp_hash_hex[2 * MD5_DIGEST_LEN + 1];
char nonce[64];
char realm[128];
char alg[64];
char nonceCount[] = "00000001";
char cnonce[] = "12345678"; /* will be changed */
char method[] = "AUTHENTICATE";
char qop[] = "auth";
char uri[128];
char response[512];
result = Curl_base64_decode(chlg64, &chlg, &chlglen);
if(result)
return result;
/* Retrieve nonce string from the challenge */
if(!sasl_digest_get_key_value(chlg, "nonce=\"", nonce,
sizeof(nonce), '\"')) {
Curl_safefree(chlg);
return CURLE_LOGIN_DENIED;
}
/* Retrieve realm string from the challenge */
if(!sasl_digest_get_key_value(chlg, "realm=\"", realm,
sizeof(realm), '\"')) {
/* Challenge does not have a realm, set empty string [RFC2831] page 6 */
strcpy(realm, "");
}
/* Retrieve algorithm string from the challenge */
if(!sasl_digest_get_key_value(chlg, "algorithm=", alg, sizeof(alg), ',')) {
Curl_safefree(chlg);
return CURLE_LOGIN_DENIED;
}
Curl_safefree(chlg);
/* We do not support other algorithms */
if(strcmp(alg, "md5-sess") != 0)
return CURLE_LOGIN_DENIED;
/* Generate 64 bits of random data */
for(i = 0; i < 8; i++)
cnonce[i] = table16[Curl_rand()%16];
/* So far so good, now calculate A1 and H(A1) according to RFC 2831 */
ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) userp,
curlx_uztoui(strlen(userp)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) realm,
curlx_uztoui(strlen(realm)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) passwdp,
curlx_uztoui(strlen(passwdp)));
Curl_MD5_final(ctxt, digest);
ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) digest, MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) nonce,
curlx_uztoui(strlen(nonce)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
curlx_uztoui(strlen(cnonce)));
Curl_MD5_final(ctxt, digest);
/* Convert calculated 16 octet hex into 32 bytes string */
for(i = 0; i < MD5_DIGEST_LEN; i++)
snprintf(&HA1_hex[2 * i], 3, "%02x", digest[i]);
/* Prepare the URL string */
strcpy(uri, service);
strcat(uri, "/");
strcat(uri, realm);
/* Calculate H(A2) */
ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) method,
curlx_uztoui(strlen(method)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) uri,
curlx_uztoui(strlen(uri)));
Curl_MD5_final(ctxt, digest);
for(i = 0; i < MD5_DIGEST_LEN; i++)
snprintf(&HA2_hex[2 * i], 3, "%02x", digest[i]);
/* Now calculate the response hash */
ctxt = Curl_MD5_init(Curl_DIGEST_MD5);
if(!ctxt)
return CURLE_OUT_OF_MEMORY;
Curl_MD5_update(ctxt, (const unsigned char *) HA1_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) nonce,
curlx_uztoui(strlen(nonce)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) nonceCount,
curlx_uztoui(strlen(nonceCount)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) cnonce,
curlx_uztoui(strlen(cnonce)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) qop,
curlx_uztoui(strlen(qop)));
Curl_MD5_update(ctxt, (const unsigned char *) ":", 1);
Curl_MD5_update(ctxt, (const unsigned char *) HA2_hex, 2 * MD5_DIGEST_LEN);
Curl_MD5_final(ctxt, digest);
for(i = 0; i < MD5_DIGEST_LEN; i++)
snprintf(&resp_hash_hex[2 * i], 3, "%02x", digest[i]);
strcpy(response, "username=\"");
strcat(response, userp);
strcat(response, "\",realm=\"");
strcat(response, realm);
strcat(response, "\",nonce=\"");
strcat(response, nonce);
strcat(response, "\",cnonce=\"");
strcat(response, cnonce);
strcat(response, "\",nc=");
strcat(response, nonceCount);
strcat(response, ",digest-uri=\"");
strcat(response, uri);
strcat(response, "\",response=");
strcat(response, resp_hash_hex);
/* Base64 encode the reply */
return Curl_base64_encode(data, response, 0, outptr, outlen);
}
#endif
#ifdef USE_NTLM
/*
* Curl_sasl_create_ntlm_type1_message()
*
* This is used to generate an already encoded NTLM type-1 message ready for
* sending to the recipient.
*
* Note: This is a simple wrapper of the NTLM function which means that any
* SASL based protocols don't have to include the NTLM functions directly.
*
* Parameters:
*
* userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password.
* ntlm [in/out] - The ntlm data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
char **outptr, size_t *outlen)
{
return Curl_ntlm_create_type1_message(userp, passwdp, ntlm, outptr,
outlen);
}
/*
* Curl_sasl_create_ntlm_type3_message()
*
* This is used to generate an already encoded NTLM type-3 message ready for
* sending to the recipient.
*
* Parameters:
*
* data [in] - Pointer to session handle.
* header [in] - Pointer to the base64 encoded type-2 message buffer.
* userp [in] - The user name in the format User or Domain\User.
* passdwp [in] - The user's password.
* ntlm [in/out] - The ntlm data struct being used and modified.
* outptr [in/out] - The address where a pointer to newly allocated memory
* holding the result will be stored upon completion.
* outlen [out] - The length of the output message.
*
* Returns CURLE_OK on success.
*/
CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
const char *header,
const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
char **outptr, size_t *outlen)
{
CURLcode result = Curl_ntlm_decode_type2_message(data, header, ntlm);
if(!result)
result = Curl_ntlm_create_type3_message(data, userp, passwdp, ntlm,
outptr, outlen);
return result;
}
#endif /* USE_NTLM */
/*
* Curl_sasl_cleanup()
*
* This is used to cleanup any libraries or curl modules used by the sasl
* functions.
*
* Parameters:
*
* conn [in] - Pointer to the connection data.
* authused [in] - The authentication mechanism used.
*/
void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused)
{
#ifdef USE_NTLM
/* Cleanup the ntlm structure */
if(authused == SASL_MECH_NTLM) {
Curl_ntlm_sspi_cleanup(&conn->ntlm);
}
(void)conn;
#else
/* Reserved for future use */
(void)conn;
(void)authused;
#endif
}

88
lib/curl_sasl.h Normal file
View File

@@ -0,0 +1,88 @@
#ifndef HEADER_CURL_SASL_H
#define HEADER_CURL_SASL_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "pingpong.h"
/* Authentication mechanism flags */
#define SASL_MECH_LOGIN 0x0001
#define SASL_MECH_PLAIN 0x0002
#define SASL_MECH_CRAM_MD5 0x0004
#define SASL_MECH_DIGEST_MD5 0x0008
#define SASL_MECH_GSSAPI 0x0010
#define SASL_MECH_EXTERNAL 0x0020
#define SASL_MECH_NTLM 0x0040
/* This is used to generate a base64 encoded PLAIN authentication message */
CURLcode Curl_sasl_create_plain_message(struct SessionHandle *data,
const char* userp,
const char* passwdp,
char **outptr, size_t *outlen);
/* This is used to generate a base64 encoded LOGIN authentication message
containing either the user name or password details */
CURLcode Curl_sasl_create_login_message(struct SessionHandle *data,
const char* valuep, char **outptr,
size_t *outlen);
#ifndef CURL_DISABLE_CRYPTO_AUTH
/* This is used to generate a base64 encoded CRAM-MD5 response message */
CURLcode Curl_sasl_create_cram_md5_message(struct SessionHandle *data,
const char* chlg64,
const char* user,
const char* passwdp,
char **outptr, size_t *outlen);
/* This is used to generate a base64 encoded DIGEST-MD5 response message */
CURLcode Curl_sasl_create_digest_md5_message(struct SessionHandle *data,
const char* chlg64,
const char* user,
const char* passwdp,
const char* service,
char **outptr, size_t *outlen);
#endif
#ifdef USE_NTLM
/* This is used to generate a base64 encoded NTLM type-1 message */
CURLcode Curl_sasl_create_ntlm_type1_message(const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
char **outptr,
size_t *outlen);
/* This is used to decode an incoming NTLM type-2 message and generate a
base64 encoded type-3 response */
CURLcode Curl_sasl_create_ntlm_type3_message(struct SessionHandle *data,
const char *header,
const char *userp,
const char *passwdp,
struct ntlmdata *ntlm,
char **outptr, size_t *outlen);
#endif /* USE_NTLM */
/* This is used to cleanup any libraries or curl modules used by the sasl
functions */
void Curl_sasl_cleanup(struct connectdata *conn, unsigned int authused);
#endif /* HEADER_CURL_SASL_H */

1288
lib/curl_schannel.c Normal file

File diff suppressed because it is too large Load Diff

139
lib/curl_schannel.h Normal file
View File

@@ -0,0 +1,139 @@
#ifndef HEADER_CURL_SCHANNEL_H
#define HEADER_CURL_SCHANNEL_H
/***************************************************************************
* _ _ ____ _
* Project ___| | | | _ \| |
* / __| | | | |_) | |
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012, Marc Hoersken, <info@marc-hoersken.de>, et al.
* Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
* are also available at http://curl.haxx.se/docs/copyright.html.
*
* You may opt to use, copy, modify, merge, publish, distribute and/or sell
* copies of the Software, and permit persons to whom the Software is
* furnished to do so, under the terms of the COPYING file.
*
* This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY
* KIND, either express or implied.
*
***************************************************************************/
#include "setup.h"
#ifdef USE_SCHANNEL
#include "urldata.h"
#ifndef UNISP_NAME_A
#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
#endif
#ifndef UNISP_NAME_W
#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
#endif
#ifndef UNISP_NAME
#ifdef UNICODE
#define UNISP_NAME UNISP_NAME_W
#else
#define UNISP_NAME UNISP_NAME_A
#endif
#endif
#ifndef SP_PROT_SSL2_CLIENT
#define SP_PROT_SSL2_CLIENT 0x00000008
#endif
#ifndef SP_PROT_SSL3_CLIENT
#define SP_PROT_SSL3_CLIENT 0x00000008
#endif
#ifndef SP_PROT_TLS1_CLIENT
#define SP_PROT_TLS1_CLIENT 0x00000080
#endif
#ifndef SP_PROT_TLS1_0_CLIENT
#define SP_PROT_TLS1_0_CLIENT SP_PROT_TLS1_CLIENT
#endif
#ifndef SP_PROT_TLS1_1_CLIENT
#define SP_PROT_TLS1_1_CLIENT 0x00000200
#endif
#ifndef SP_PROT_TLS1_2_CLIENT
#define SP_PROT_TLS1_2_CLIENT 0x00000800
#endif
#ifndef SECBUFFER_ALERT
#define SECBUFFER_ALERT 17
#endif
#ifndef ISC_RET_REPLAY_DETECT
#define ISC_RET_REPLAY_DETECT 0x00000004
#endif
#ifndef ISC_RET_SEQUENCE_DETECT
#define ISC_RET_SEQUENCE_DETECT 0x00000008
#endif
#ifndef ISC_RET_CONFIDENTIALITY
#define ISC_RET_CONFIDENTIALITY 0x00000010
#endif
#ifndef ISC_RET_ALLOCATED_MEMORY
#define ISC_RET_ALLOCATED_MEMORY 0x00000100
#endif
#ifndef ISC_RET_STREAM
#define ISC_RET_STREAM 0x00008000
#endif
#ifdef BUFSIZE
#define CURL_SCHANNEL_BUFFER_INIT_SIZE BUFSIZE
#define CURL_SCHANNEL_BUFFER_FREE_SIZE BUFSIZE/2
#else
#define CURL_SCHANNEL_BUFFER_INIT_SIZE 4096
#define CURL_SCHANNEL_BUFFER_FREE_SIZE 2048
#endif
#define CURL_SCHANNEL_BUFFER_MAX_SIZE CURL_SCHANNEL_BUFFER_INIT_SIZE*16
#define CURL_SCHANNEL_BUFFER_STEP_FACTOR 2
CURLcode Curl_schannel_connect(struct connectdata *conn, int sockindex);
CURLcode Curl_schannel_connect_nonblocking(struct connectdata *conn,
int sockindex,
bool *done);
bool Curl_schannel_data_pending(const struct connectdata *conn, int sockindex);
void Curl_schannel_close(struct connectdata *conn, int sockindex);
int Curl_schannel_shutdown(struct connectdata *conn, int sockindex);
void Curl_schannel_session_free(void *ptr);
int Curl_schannel_init(void);
void Curl_schannel_cleanup(void);
size_t Curl_schannel_version(char *buffer, size_t size);
/* API setup for Schannel */
#define curlssl_init Curl_schannel_init
#define curlssl_cleanup Curl_schannel_cleanup
#define curlssl_connect Curl_schannel_connect
#define curlssl_connect_nonblocking Curl_schannel_connect_nonblocking
#define curlssl_session_free Curl_schannel_session_free
#define curlssl_close_all(x) (x=x, CURLE_NOT_BUILT_IN)
#define curlssl_close Curl_schannel_close
#define curlssl_shutdown Curl_schannel_shutdown
#define curlssl_set_engine(x,y) (x=x, y=y, CURLE_NOT_BUILT_IN)
#define curlssl_set_engine_default(x) (x=x, CURLE_NOT_BUILT_IN)
#define curlssl_engines_list(x) (x=x, (struct curl_slist *)NULL)
#define curlssl_version Curl_schannel_version
#define curlssl_check_cxn(x) (x=x, -1)
#define curlssl_data_pending Curl_schannel_data_pending
#endif /* USE_SCHANNEL */
#endif /* HEADER_CURL_SCHANNEL_H */

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -35,16 +35,25 @@
/* The last #include file should be: */ /* The last #include file should be: */
#include "memdebug.h" #include "memdebug.h"
/* We use our own typedef here since some headers might lack these */ /* We use our own typedef here since some headers might lack these */
typedef PSecurityFunctionTableA (APIENTRY *INITSECURITYINTERFACE_FN_A)(VOID); typedef PSecurityFunctionTable (APIENTRY *INITSECURITYINTERFACE_FN)(VOID);
/* See definition of SECURITY_ENTRYPOINT in sspi.h */
#ifdef UNICODE
# ifdef _WIN32_WCE
# define SECURITYENTRYPOINT L"InitSecurityInterfaceW"
# else
# define SECURITYENTRYPOINT "InitSecurityInterfaceW"
# endif
#else
# define SECURITYENTRYPOINT "InitSecurityInterfaceA"
#endif
/* Handle of security.dll or secur32.dll, depending on Windows version */ /* Handle of security.dll or secur32.dll, depending on Windows version */
HMODULE s_hSecDll = NULL; HMODULE s_hSecDll = NULL;
/* Pointer to SSPI dispatch table */ /* Pointer to SSPI dispatch table */
PSecurityFunctionTableA s_pSecFn = NULL; PSecurityFunctionTable s_pSecFn = NULL;
/* /*
* Curl_sspi_global_init() * Curl_sspi_global_init()
@@ -57,20 +66,18 @@ PSecurityFunctionTableA s_pSecFn = NULL;
* Once this function has been executed, Windows SSPI functions can be * Once this function has been executed, Windows SSPI functions can be
* called through the Security Service Provider Interface dispatch table. * called through the Security Service Provider Interface dispatch table.
*/ */
CURLcode Curl_sspi_global_init(void)
CURLcode
Curl_sspi_global_init(void)
{ {
OSVERSIONINFO osver; OSVERSIONINFO osver;
INITSECURITYINTERFACE_FN_A pInitSecurityInterface; INITSECURITYINTERFACE_FN pInitSecurityInterface;
/* If security interface is not yet initialized try to do this */ /* If security interface is not yet initialized try to do this */
if(s_hSecDll == NULL) { if(!s_hSecDll) {
/* Find out Windows version */ /* Find out Windows version */
memset(&osver, 0, sizeof(osver)); memset(&osver, 0, sizeof(osver));
osver.dwOSVersionInfoSize = sizeof(osver); osver.dwOSVersionInfoSize = sizeof(osver);
if(! GetVersionEx(&osver)) if(!GetVersionEx(&osver))
return CURLE_FAILED_INIT; return CURLE_FAILED_INIT;
/* Security Service Provider Interface (SSPI) functions are located in /* Security Service Provider Interface (SSPI) functions are located in
@@ -80,36 +87,34 @@ Curl_sspi_global_init(void)
/* Load SSPI dll into the address space of the calling process */ /* Load SSPI dll into the address space of the calling process */
if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT if(osver.dwPlatformId == VER_PLATFORM_WIN32_NT
&& osver.dwMajorVersion == 4) && osver.dwMajorVersion == 4)
s_hSecDll = LoadLibrary("security.dll"); s_hSecDll = LoadLibrary(TEXT("security.dll"));
else else
s_hSecDll = LoadLibrary("secur32.dll"); s_hSecDll = LoadLibrary(TEXT("secur32.dll"));
if(! s_hSecDll) if(!s_hSecDll)
return CURLE_FAILED_INIT; return CURLE_FAILED_INIT;
/* Get address of the InitSecurityInterfaceA function from the SSPI dll */ /* Get address of the InitSecurityInterfaceA function from the SSPI dll */
pInitSecurityInterface = (INITSECURITYINTERFACE_FN_A) pInitSecurityInterface = (INITSECURITYINTERFACE_FN)
GetProcAddress(s_hSecDll, "InitSecurityInterfaceA"); GetProcAddress(s_hSecDll, SECURITYENTRYPOINT);
if(! pInitSecurityInterface) if(!pInitSecurityInterface)
return CURLE_FAILED_INIT; return CURLE_FAILED_INIT;
/* Get pointer to Security Service Provider Interface dispatch table */ /* Get pointer to Security Service Provider Interface dispatch table */
s_pSecFn = pInitSecurityInterface(); s_pSecFn = pInitSecurityInterface();
if(! s_pSecFn) if(!s_pSecFn)
return CURLE_FAILED_INIT; return CURLE_FAILED_INIT;
} }
return CURLE_OK; return CURLE_OK;
} }
/* /*
* Curl_sspi_global_cleanup() * Curl_sspi_global_cleanup()
* *
* This deinitializes the Security Service Provider Interface from libcurl. * This deinitializes the Security Service Provider Interface from libcurl.
*/ */
void void Curl_sspi_global_cleanup(void)
Curl_sspi_global_cleanup(void)
{ {
if(s_hSecDll) { if(s_hSecDll) {
FreeLibrary(s_hSecDll); FreeLibrary(s_hSecDll);

View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -40,34 +40,254 @@
#include <sspi.h> #include <sspi.h>
#include <rpc.h> #include <rpc.h>
/* Provide some definitions missing in MinGW's headers */
#ifndef SEC_I_CONTEXT_EXPIRED
# define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L)
#endif
#ifndef SEC_E_BUFFER_TOO_SMALL
# define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L)
#endif
#ifndef SEC_E_CONTEXT_EXPIRED
# define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L)
#endif
#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
# define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L)
#endif
#ifndef SEC_E_MESSAGE_ALTERED
# define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL)
#endif
#ifndef SEC_E_OUT_OF_SEQUENCE
# define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L)
#endif
CURLcode Curl_sspi_global_init(void); CURLcode Curl_sspi_global_init(void);
void Curl_sspi_global_cleanup(void); void Curl_sspi_global_cleanup(void);
/* Forward-declaration of global variables defined in curl_sspi.c */ /* Forward-declaration of global variables defined in curl_sspi.c */
extern HMODULE s_hSecDll; extern HMODULE s_hSecDll;
extern PSecurityFunctionTableA s_pSecFn; extern PSecurityFunctionTable s_pSecFn;
/* Provide some definitions missing in old headers */
#ifndef SEC_E_INSUFFICIENT_MEMORY
# define SEC_E_INSUFFICIENT_MEMORY ((HRESULT)0x80090300L)
#endif
#ifndef SEC_E_INVALID_HANDLE
# define SEC_E_INVALID_HANDLE ((HRESULT)0x80090301L)
#endif
#ifndef SEC_E_UNSUPPORTED_FUNCTION
# define SEC_E_UNSUPPORTED_FUNCTION ((HRESULT)0x80090302L)
#endif
#ifndef SEC_E_TARGET_UNKNOWN
# define SEC_E_TARGET_UNKNOWN ((HRESULT)0x80090303L)
#endif
#ifndef SEC_E_INTERNAL_ERROR
# define SEC_E_INTERNAL_ERROR ((HRESULT)0x80090304L)
#endif
#ifndef SEC_E_SECPKG_NOT_FOUND
# define SEC_E_SECPKG_NOT_FOUND ((HRESULT)0x80090305L)
#endif
#ifndef SEC_E_NOT_OWNER
# define SEC_E_NOT_OWNER ((HRESULT)0x80090306L)
#endif
#ifndef SEC_E_CANNOT_INSTALL
# define SEC_E_CANNOT_INSTALL ((HRESULT)0x80090307L)
#endif
#ifndef SEC_E_INVALID_TOKEN
# define SEC_E_INVALID_TOKEN ((HRESULT)0x80090308L)
#endif
#ifndef SEC_E_CANNOT_PACK
# define SEC_E_CANNOT_PACK ((HRESULT)0x80090309L)
#endif
#ifndef SEC_E_QOP_NOT_SUPPORTED
# define SEC_E_QOP_NOT_SUPPORTED ((HRESULT)0x8009030AL)
#endif
#ifndef SEC_E_NO_IMPERSONATION
# define SEC_E_NO_IMPERSONATION ((HRESULT)0x8009030BL)
#endif
#ifndef SEC_E_LOGON_DENIED
# define SEC_E_LOGON_DENIED ((HRESULT)0x8009030CL)
#endif
#ifndef SEC_E_UNKNOWN_CREDENTIALS
# define SEC_E_UNKNOWN_CREDENTIALS ((HRESULT)0x8009030DL)
#endif
#ifndef SEC_E_NO_CREDENTIALS
# define SEC_E_NO_CREDENTIALS ((HRESULT)0x8009030EL)
#endif
#ifndef SEC_E_MESSAGE_ALTERED
# define SEC_E_MESSAGE_ALTERED ((HRESULT)0x8009030FL)
#endif
#ifndef SEC_E_OUT_OF_SEQUENCE
# define SEC_E_OUT_OF_SEQUENCE ((HRESULT)0x80090310L)
#endif
#ifndef SEC_E_NO_AUTHENTICATING_AUTHORITY
# define SEC_E_NO_AUTHENTICATING_AUTHORITY ((HRESULT)0x80090311L)
#endif
#ifndef SEC_E_BAD_PKGID
# define SEC_E_BAD_PKGID ((HRESULT)0x80090316L)
#endif
#ifndef SEC_E_CONTEXT_EXPIRED
# define SEC_E_CONTEXT_EXPIRED ((HRESULT)0x80090317L)
#endif
#ifndef SEC_E_INCOMPLETE_MESSAGE
# define SEC_E_INCOMPLETE_MESSAGE ((HRESULT)0x80090318L)
#endif
#ifndef SEC_E_INCOMPLETE_CREDENTIALS
# define SEC_E_INCOMPLETE_CREDENTIALS ((HRESULT)0x80090320L)
#endif
#ifndef SEC_E_BUFFER_TOO_SMALL
# define SEC_E_BUFFER_TOO_SMALL ((HRESULT)0x80090321L)
#endif
#ifndef SEC_E_WRONG_PRINCIPAL
# define SEC_E_WRONG_PRINCIPAL ((HRESULT)0x80090322L)
#endif
#ifndef SEC_E_TIME_SKEW
# define SEC_E_TIME_SKEW ((HRESULT)0x80090324L)
#endif
#ifndef SEC_E_UNTRUSTED_ROOT
# define SEC_E_UNTRUSTED_ROOT ((HRESULT)0x80090325L)
#endif
#ifndef SEC_E_ILLEGAL_MESSAGE
# define SEC_E_ILLEGAL_MESSAGE ((HRESULT)0x80090326L)
#endif
#ifndef SEC_E_CERT_UNKNOWN
# define SEC_E_CERT_UNKNOWN ((HRESULT)0x80090327L)
#endif
#ifndef SEC_E_CERT_EXPIRED
# define SEC_E_CERT_EXPIRED ((HRESULT)0x80090328L)
#endif
#ifndef SEC_E_ENCRYPT_FAILURE
# define SEC_E_ENCRYPT_FAILURE ((HRESULT)0x80090329L)
#endif
#ifndef SEC_E_DECRYPT_FAILURE
# define SEC_E_DECRYPT_FAILURE ((HRESULT)0x80090330L)
#endif
#ifndef SEC_E_ALGORITHM_MISMATCH
# define SEC_E_ALGORITHM_MISMATCH ((HRESULT)0x80090331L)
#endif
#ifndef SEC_E_SECURITY_QOS_FAILED
# define SEC_E_SECURITY_QOS_FAILED ((HRESULT)0x80090332L)
#endif
#ifndef SEC_E_UNFINISHED_CONTEXT_DELETED
# define SEC_E_UNFINISHED_CONTEXT_DELETED ((HRESULT)0x80090333L)
#endif
#ifndef SEC_E_NO_TGT_REPLY
# define SEC_E_NO_TGT_REPLY ((HRESULT)0x80090334L)
#endif
#ifndef SEC_E_NO_IP_ADDRESSES
# define SEC_E_NO_IP_ADDRESSES ((HRESULT)0x80090335L)
#endif
#ifndef SEC_E_WRONG_CREDENTIAL_HANDLE
# define SEC_E_WRONG_CREDENTIAL_HANDLE ((HRESULT)0x80090336L)
#endif
#ifndef SEC_E_CRYPTO_SYSTEM_INVALID
# define SEC_E_CRYPTO_SYSTEM_INVALID ((HRESULT)0x80090337L)
#endif
#ifndef SEC_E_MAX_REFERRALS_EXCEEDED
# define SEC_E_MAX_REFERRALS_EXCEEDED ((HRESULT)0x80090338L)
#endif
#ifndef SEC_E_MUST_BE_KDC
# define SEC_E_MUST_BE_KDC ((HRESULT)0x80090339L)
#endif
#ifndef SEC_E_STRONG_CRYPTO_NOT_SUPPORTED
# define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED ((HRESULT)0x8009033AL)
#endif
#ifndef SEC_E_TOO_MANY_PRINCIPALS
# define SEC_E_TOO_MANY_PRINCIPALS ((HRESULT)0x8009033BL)
#endif
#ifndef SEC_E_NO_PA_DATA
# define SEC_E_NO_PA_DATA ((HRESULT)0x8009033CL)
#endif
#ifndef SEC_E_PKINIT_NAME_MISMATCH
# define SEC_E_PKINIT_NAME_MISMATCH ((HRESULT)0x8009033DL)
#endif
#ifndef SEC_E_SMARTCARD_LOGON_REQUIRED
# define SEC_E_SMARTCARD_LOGON_REQUIRED ((HRESULT)0x8009033EL)
#endif
#ifndef SEC_E_SHUTDOWN_IN_PROGRESS
# define SEC_E_SHUTDOWN_IN_PROGRESS ((HRESULT)0x8009033FL)
#endif
#ifndef SEC_E_KDC_INVALID_REQUEST
# define SEC_E_KDC_INVALID_REQUEST ((HRESULT)0x80090340L)
#endif
#ifndef SEC_E_KDC_UNABLE_TO_REFER
# define SEC_E_KDC_UNABLE_TO_REFER ((HRESULT)0x80090341L)
#endif
#ifndef SEC_E_KDC_UNKNOWN_ETYPE
# define SEC_E_KDC_UNKNOWN_ETYPE ((HRESULT)0x80090342L)
#endif
#ifndef SEC_E_UNSUPPORTED_PREAUTH
# define SEC_E_UNSUPPORTED_PREAUTH ((HRESULT)0x80090343L)
#endif
#ifndef SEC_E_DELEGATION_REQUIRED
# define SEC_E_DELEGATION_REQUIRED ((HRESULT)0x80090345L)
#endif
#ifndef SEC_E_BAD_BINDINGS
# define SEC_E_BAD_BINDINGS ((HRESULT)0x80090346L)
#endif
#ifndef SEC_E_MULTIPLE_ACCOUNTS
# define SEC_E_MULTIPLE_ACCOUNTS ((HRESULT)0x80090347L)
#endif
#ifndef SEC_E_NO_KERB_KEY
# define SEC_E_NO_KERB_KEY ((HRESULT)0x80090348L)
#endif
#ifndef SEC_E_CERT_WRONG_USAGE
# define SEC_E_CERT_WRONG_USAGE ((HRESULT)0x80090349L)
#endif
#ifndef SEC_E_DOWNGRADE_DETECTED
# define SEC_E_DOWNGRADE_DETECTED ((HRESULT)0x80090350L)
#endif
#ifndef SEC_E_SMARTCARD_CERT_REVOKED
# define SEC_E_SMARTCARD_CERT_REVOKED ((HRESULT)0x80090351L)
#endif
#ifndef SEC_E_ISSUING_CA_UNTRUSTED
# define SEC_E_ISSUING_CA_UNTRUSTED ((HRESULT)0x80090352L)
#endif
#ifndef SEC_E_REVOCATION_OFFLINE_C
# define SEC_E_REVOCATION_OFFLINE_C ((HRESULT)0x80090353L)
#endif
#ifndef SEC_E_PKINIT_CLIENT_FAILURE
# define SEC_E_PKINIT_CLIENT_FAILURE ((HRESULT)0x80090354L)
#endif
#ifndef SEC_E_SMARTCARD_CERT_EXPIRED
# define SEC_E_SMARTCARD_CERT_EXPIRED ((HRESULT)0x80090355L)
#endif
#ifndef SEC_E_NO_S4U_PROT_SUPPORT
# define SEC_E_NO_S4U_PROT_SUPPORT ((HRESULT)0x80090356L)
#endif
#ifndef SEC_E_CROSSREALM_DELEGATION_FAILURE
# define SEC_E_CROSSREALM_DELEGATION_FAILURE ((HRESULT)0x80090357L)
#endif
#ifndef SEC_E_REVOCATION_OFFLINE_KDC
# define SEC_E_REVOCATION_OFFLINE_KDC ((HRESULT)0x80090358L)
#endif
#ifndef SEC_E_ISSUING_CA_UNTRUSTED_KDC
# define SEC_E_ISSUING_CA_UNTRUSTED_KDC ((HRESULT)0x80090359L)
#endif
#ifndef SEC_E_KDC_CERT_EXPIRED
# define SEC_E_KDC_CERT_EXPIRED ((HRESULT)0x8009035AL)
#endif
#ifndef SEC_E_KDC_CERT_REVOKED
# define SEC_E_KDC_CERT_REVOKED ((HRESULT)0x8009035BL)
#endif
#ifndef SEC_E_INVALID_PARAMETER
# define SEC_E_INVALID_PARAMETER ((HRESULT)0x8009035DL)
#endif
#ifndef SEC_E_DELEGATION_POLICY
# define SEC_E_DELEGATION_POLICY ((HRESULT)0x8009035EL)
#endif
#ifndef SEC_E_POLICY_NLTM_ONLY
# define SEC_E_POLICY_NLTM_ONLY ((HRESULT)0x8009035FL)
#endif
#ifndef SEC_I_CONTINUE_NEEDED
# define SEC_I_CONTINUE_NEEDED ((HRESULT)0x00090312L)
#endif
#ifndef SEC_I_COMPLETE_NEEDED
# define SEC_I_COMPLETE_NEEDED ((HRESULT)0x00090313L)
#endif
#ifndef SEC_I_COMPLETE_AND_CONTINUE
# define SEC_I_COMPLETE_AND_CONTINUE ((HRESULT)0x00090314L)
#endif
#ifndef SEC_I_LOCAL_LOGON
# define SEC_I_LOCAL_LOGON ((HRESULT)0x00090315L)
#endif
#ifndef SEC_I_CONTEXT_EXPIRED
# define SEC_I_CONTEXT_EXPIRED ((HRESULT)0x00090317L)
#endif
#ifndef SEC_I_INCOMPLETE_CREDENTIALS
# define SEC_I_INCOMPLETE_CREDENTIALS ((HRESULT)0x00090320L)
#endif
#ifndef SEC_I_RENEGOTIATE
# define SEC_I_RENEGOTIATE ((HRESULT)0x00090321L)
#endif
#ifndef SEC_I_NO_LSA_CONTEXT
# define SEC_I_NO_LSA_CONTEXT ((HRESULT)0x00090323L)
#endif
#ifndef SEC_I_SIGNATURE_NEEDED
# define SEC_I_SIGNATURE_NEEDED ((HRESULT)0x0009035CL)
#endif
#endif /* USE_WINDOWS_SSPI */ #endif /* USE_WINDOWS_SSPI */
#endif /* HEADER_CURL_SSPI_H */ #endif /* HEADER_CURL_SSPI_H */

View File

@@ -132,7 +132,7 @@ cyassl_connect_step1(struct connectdata *conn,
if(data->set.ssl.verifypeer) { if(data->set.ssl.verifypeer) {
/* Fail if we insiste on successfully verifying the server. */ /* Fail if we insiste on successfully verifying the server. */
failf(data,"error setting certificate verify locations:\n" failf(data,"error setting certificate verify locations:\n"
" CAfile: %s\n CApath: %s\n", " CAfile: %s\n CApath: %s",
data->set.str[STRING_SSL_CAFILE]? data->set.str[STRING_SSL_CAFILE]?
data->set.str[STRING_SSL_CAFILE]: "none", data->set.str[STRING_SSL_CAFILE]: "none",
data->set.str[STRING_SSL_CAPATH]? data->set.str[STRING_SSL_CAPATH]?

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -1239,7 +1239,7 @@ CURLcode Curl_getformdata(struct SessionHandle *data,
} }
else { else {
if(data) if(data)
failf(data, "couldn't open file \"%s\"\n", file->contents); failf(data, "couldn't open file \"%s\"", file->contents);
*finalform = NULL; *finalform = NULL;
result = CURLE_READ_ERROR; result = CURLE_READ_ERROR;
} }

View File

@@ -3674,8 +3674,11 @@ static CURLcode ftp_do_more(struct connectdata *conn, bool *complete)
/* It looks data connection is established */ /* It looks data connection is established */
result = AcceptServerConnect(conn); result = AcceptServerConnect(conn);
ftpc->wait_data_conn = FALSE; ftpc->wait_data_conn = FALSE;
if(result == CURLE_OK) if(!result)
result = InitiateTransfer(conn); result = InitiateTransfer(conn);
if(result)
return result;
} }
} }
else if(data->set.upload) { else if(data->set.upload) {

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -37,16 +37,18 @@
#include "setup.h" #include "setup.h"
#include "ftplistparser.h" #ifndef CURL_DISABLE_FTP
#include "curl_fnmatch.h"
#include <curl/curl.h>
#include "urldata.h" #include "urldata.h"
#include "ftp.h"
#include "fileinfo.h" #include "fileinfo.h"
#include "llist.h" #include "llist.h"
#include "strtoofft.h" #include "strtoofft.h"
#include "rawstr.h" #include "rawstr.h"
#include "ftp.h" #include "ftp.h"
#include "ftplistparser.h"
#include "curl_fnmatch.h"
#define _MPRINTF_REPLACE /* use our functions only */ #define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h> #include <curl/mprintf.h>
@@ -1044,3 +1046,5 @@ size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
return bufflen; return bufflen;
} }
#endif /* CURL_DISABLE_FTP */

View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2010, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -21,8 +21,9 @@
* KIND, either express or implied. * KIND, either express or implied.
* *
***************************************************************************/ ***************************************************************************/
#include "setup.h"
#include <curl/curl.h> #ifndef CURL_DISABLE_FTP
/* WRITEFUNCTION callback for parsing LIST responses */ /* WRITEFUNCTION callback for parsing LIST responses */
size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb, size_t Curl_ftp_parselist(char *buffer, size_t size, size_t nmemb,
@@ -36,4 +37,5 @@ struct ftp_parselist_data *Curl_ftp_parselist_data_alloc(void);
void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data); void Curl_ftp_parselist_data_free(struct ftp_parselist_data **pl_data);
#endif /* CURL_DISABLE_FTP */
#endif /* HEADER_CURL_FTPLISTPARSER_H */ #endif /* HEADER_CURL_FTPLISTPARSER_H */

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2009, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -42,7 +42,7 @@ char *GetEnv(const char *variable)
char *temp = getenv(variable); char *temp = getenv(variable);
env[0] = '\0'; env[0] = '\0';
if(temp != NULL) if(temp != NULL)
ExpandEnvironmentStrings(temp, env, sizeof(env)); ExpandEnvironmentStringsA(temp, env, sizeof(env));
return (env[0] != '\0')?strdup(env):NULL; return (env[0] != '\0')?strdup(env):NULL;
#else #else
char *env = getenv(variable); char *env = getenv(variable);

View File

@@ -72,61 +72,62 @@ CURLcode Curl_initinfo(struct SessionHandle *data)
return CURLE_OK; return CURLE_OK;
} }
CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...) static CURLcode getinfo_char(struct SessionHandle *data, CURLINFO info,
char **param_charp)
{ {
va_list arg; switch(info) {
long *param_longp=NULL; case CURLINFO_EFFECTIVE_URL:
double *param_doublep=NULL; *param_charp = data->change.url?data->change.url:(char *)"";
char **param_charp=NULL; break;
struct curl_slist **param_slistp=NULL; case CURLINFO_CONTENT_TYPE:
int type; *param_charp = data->info.contenttype;
curl_socket_t sockfd; break;
case CURLINFO_PRIVATE:
*param_charp = (char *) data->set.private_data;
break;
case CURLINFO_FTP_ENTRY_PATH:
/* Return the entrypath string from the most recent connection.
This pointer was copied from the connectdata structure by FTP.
The actual string may be free()ed by subsequent libcurl calls so
it must be copied to a safer area before the next libcurl call.
Callers must never free it themselves. */
*param_charp = data->state.most_recent_ftp_entrypath;
break;
case CURLINFO_REDIRECT_URL:
/* Return the URL this request would have been redirected to if that
option had been enabled! */
*param_charp = data->info.wouldredirect;
break;
case CURLINFO_PRIMARY_IP:
/* Return the ip address of the most recent (primary) connection */
*param_charp = data->info.conn_primary_ip;
break;
case CURLINFO_LOCAL_IP:
/* Return the source/local ip address of the most recent (primary)
connection */
*param_charp = data->info.conn_local_ip;
break;
case CURLINFO_RTSP_SESSION_ID:
*param_charp = data->set.str[STRING_RTSP_SESSION_ID];
break;
union { default:
struct curl_certinfo * to_certinfo; return CURLE_BAD_FUNCTION_ARGUMENT;
struct curl_slist * to_slist; }
} ptr; return CURLE_OK;
}
static CURLcode getinfo_long(struct SessionHandle *data, CURLINFO info,
long *param_longp)
{
curl_socket_t sockfd;
union { union {
unsigned long *to_ulong; unsigned long *to_ulong;
long *to_long; long *to_long;
} lptr; } lptr;
if(!data)
return CURLE_BAD_FUNCTION_ARGUMENT;
va_start(arg, info);
type = CURLINFO_TYPEMASK & (int)info;
switch(type) {
case CURLINFO_STRING:
param_charp = va_arg(arg, char **);
if(NULL == param_charp)
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
case CURLINFO_LONG:
param_longp = va_arg(arg, long *);
if(NULL == param_longp)
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
case CURLINFO_DOUBLE:
param_doublep = va_arg(arg, double *);
if(NULL == param_doublep)
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
case CURLINFO_SLIST:
param_slistp = va_arg(arg, struct curl_slist **);
if(NULL == param_slistp)
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
default:
return CURLE_BAD_FUNCTION_ARGUMENT;
}
switch(info) { switch(info) {
case CURLINFO_EFFECTIVE_URL:
*param_charp = data->change.url?data->change.url:(char *)"";
break;
case CURLINFO_RESPONSE_CODE: case CURLINFO_RESPONSE_CODE:
*param_longp = data->info.httpcode; *param_longp = data->info.httpcode;
break; break;
@@ -142,6 +143,70 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
case CURLINFO_REQUEST_SIZE: case CURLINFO_REQUEST_SIZE:
*param_longp = data->info.request_size; *param_longp = data->info.request_size;
break; break;
case CURLINFO_SSL_VERIFYRESULT:
*param_longp = data->set.ssl.certverifyresult;
break;
case CURLINFO_REDIRECT_COUNT:
*param_longp = data->set.followlocation;
break;
case CURLINFO_HTTPAUTH_AVAIL:
lptr.to_long = param_longp;
*lptr.to_ulong = data->info.httpauthavail;
break;
case CURLINFO_PROXYAUTH_AVAIL:
lptr.to_long = param_longp;
*lptr.to_ulong = data->info.proxyauthavail;
break;
case CURLINFO_OS_ERRNO:
*param_longp = data->state.os_errno;
break;
case CURLINFO_NUM_CONNECTS:
*param_longp = data->info.numconnects;
break;
case CURLINFO_LASTSOCKET:
sockfd = Curl_getconnectinfo(data, NULL);
/* note: this is not a good conversion for systems with 64 bit sockets and
32 bit longs */
if(sockfd != CURL_SOCKET_BAD)
*param_longp = (long)sockfd;
else
/* this interface is documented to return -1 in case of badness, which
may not be the same as the CURL_SOCKET_BAD value */
*param_longp = -1;
break;
case CURLINFO_PRIMARY_PORT:
/* Return the (remote) port of the most recent (primary) connection */
*param_longp = data->info.conn_primary_port;
break;
case CURLINFO_LOCAL_PORT:
/* Return the local port of the most recent (primary) connection */
*param_longp = data->info.conn_local_port;
break;
case CURLINFO_CONDITION_UNMET:
/* return if the condition prevented the document to get transferred */
*param_longp = data->info.timecond;
break;
case CURLINFO_RTSP_CLIENT_CSEQ:
*param_longp = data->state.rtsp_next_client_CSeq;
break;
case CURLINFO_RTSP_SERVER_CSEQ:
*param_longp = data->state.rtsp_next_server_CSeq;
break;
case CURLINFO_RTSP_CSEQ_RECV:
*param_longp = data->state.rtsp_CSeq_recv;
break;
default:
return CURLE_BAD_FUNCTION_ARGUMENT;
}
return CURLE_OK;
}
static CURLcode getinfo_double(struct SessionHandle *data, CURLINFO info,
double *param_doublep)
{
switch(info) {
case CURLINFO_TOTAL_TIME: case CURLINFO_TOTAL_TIME:
*param_doublep = data->progress.timespent; *param_doublep = data->progress.timespent;
break; break;
@@ -172,9 +237,6 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
case CURLINFO_SPEED_UPLOAD: case CURLINFO_SPEED_UPLOAD:
*param_doublep = (double)data->progress.ulspeed; *param_doublep = (double)data->progress.ulspeed;
break; break;
case CURLINFO_SSL_VERIFYRESULT:
*param_longp = data->set.ssl.certverifyresult;
break;
case CURLINFO_CONTENT_LENGTH_DOWNLOAD: case CURLINFO_CONTENT_LENGTH_DOWNLOAD:
*param_doublep = (data->progress.flags & PGRS_DL_SIZE_KNOWN)? *param_doublep = (data->progress.flags & PGRS_DL_SIZE_KNOWN)?
(double)data->progress.size_dl:-1; (double)data->progress.size_dl:-1;
@@ -186,102 +248,83 @@ CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
case CURLINFO_REDIRECT_TIME: case CURLINFO_REDIRECT_TIME:
*param_doublep = data->progress.t_redirect; *param_doublep = data->progress.t_redirect;
break; break;
case CURLINFO_REDIRECT_COUNT:
*param_longp = data->set.followlocation; default:
break; return CURLE_BAD_FUNCTION_ARGUMENT;
case CURLINFO_CONTENT_TYPE: }
*param_charp = data->info.contenttype; return CURLE_OK;
break; }
case CURLINFO_PRIVATE:
*param_charp = (char *) data->set.private_data; static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
break; struct curl_slist **param_slistp)
case CURLINFO_HTTPAUTH_AVAIL: {
lptr.to_long = param_longp; union {
*lptr.to_ulong = data->info.httpauthavail; struct curl_certinfo * to_certinfo;
break; struct curl_slist * to_slist;
case CURLINFO_PROXYAUTH_AVAIL: } ptr;
lptr.to_long = param_longp;
*lptr.to_ulong = data->info.proxyauthavail; switch(info) {
break;
case CURLINFO_OS_ERRNO:
*param_longp = data->state.os_errno;
break;
case CURLINFO_NUM_CONNECTS:
*param_longp = data->info.numconnects;
break;
case CURLINFO_SSL_ENGINES: case CURLINFO_SSL_ENGINES:
*param_slistp = Curl_ssl_engines_list(data); *param_slistp = Curl_ssl_engines_list(data);
break; break;
case CURLINFO_COOKIELIST: case CURLINFO_COOKIELIST:
*param_slistp = Curl_cookie_list(data); *param_slistp = Curl_cookie_list(data);
break; break;
case CURLINFO_FTP_ENTRY_PATH:
/* Return the entrypath string from the most recent connection.
This pointer was copied from the connectdata structure by FTP.
The actual string may be free()ed by subsequent libcurl calls so
it must be copied to a safer area before the next libcurl call.
Callers must never free it themselves. */
*param_charp = data->state.most_recent_ftp_entrypath;
break;
case CURLINFO_LASTSOCKET:
sockfd = Curl_getconnectinfo(data, NULL);
/* note: this is not a good conversion for systems with 64 bit sockets and
32 bit longs */
if(sockfd != CURL_SOCKET_BAD)
*param_longp = (long)sockfd;
else
/* this interface is documented to return -1 in case of badness, which
may not be the same as the CURL_SOCKET_BAD value */
*param_longp = -1;
break;
case CURLINFO_REDIRECT_URL:
/* Return the URL this request would have been redirected to if that
option had been enabled! */
*param_charp = data->info.wouldredirect;
break;
case CURLINFO_PRIMARY_IP:
/* Return the ip address of the most recent (primary) connection */
*param_charp = data->info.conn_primary_ip;
break;
case CURLINFO_PRIMARY_PORT:
/* Return the (remote) port of the most recent (primary) connection */
*param_longp = data->info.conn_primary_port;
break;
case CURLINFO_LOCAL_IP:
/* Return the source/local ip address of the most recent (primary)
connection */
*param_charp = data->info.conn_local_ip;
break;
case CURLINFO_LOCAL_PORT:
/* Return the local port of the most recent (primary) connection */
*param_longp = data->info.conn_local_port;
break;
case CURLINFO_CERTINFO: case CURLINFO_CERTINFO:
/* Return the a pointer to the certinfo struct. Not really an slist /* Return the a pointer to the certinfo struct. Not really an slist
pointer but we can pretend it is here */ pointer but we can pretend it is here */
ptr.to_certinfo = &data->info.certs; ptr.to_certinfo = &data->info.certs;
*param_slistp = ptr.to_slist; *param_slistp = ptr.to_slist;
break; break;
case CURLINFO_CONDITION_UNMET:
/* return if the condition prevented the document to get transferred */
*param_longp = data->info.timecond;
break;
case CURLINFO_RTSP_SESSION_ID:
*param_charp = data->set.str[STRING_RTSP_SESSION_ID];
break;
case CURLINFO_RTSP_CLIENT_CSEQ:
*param_longp = data->state.rtsp_next_client_CSeq;
break;
case CURLINFO_RTSP_SERVER_CSEQ:
*param_longp = data->state.rtsp_next_server_CSeq;
break;
case CURLINFO_RTSP_CSEQ_RECV:
*param_longp = data->state.rtsp_CSeq_recv;
break;
default: default:
return CURLE_BAD_FUNCTION_ARGUMENT; return CURLE_BAD_FUNCTION_ARGUMENT;
} }
return CURLE_OK; return CURLE_OK;
} }
CURLcode Curl_getinfo(struct SessionHandle *data, CURLINFO info, ...)
{
va_list arg;
long *param_longp=NULL;
double *param_doublep=NULL;
char **param_charp=NULL;
struct curl_slist **param_slistp=NULL;
int type;
/* default return code is to error out! */
CURLcode ret = CURLE_BAD_FUNCTION_ARGUMENT;
if(!data)
return ret;
va_start(arg, info);
type = CURLINFO_TYPEMASK & (int)info;
switch(type) {
case CURLINFO_STRING:
param_charp = va_arg(arg, char **);
if(NULL != param_charp)
ret = getinfo_char(data, info, param_charp);
break;
case CURLINFO_LONG:
param_longp = va_arg(arg, long *);
if(NULL != param_longp)
ret = getinfo_long(data, info, param_longp);
break;
case CURLINFO_DOUBLE:
param_doublep = va_arg(arg, double *);
if(NULL != param_doublep)
ret = getinfo_double(data, info, param_doublep);
break;
case CURLINFO_SLIST:
param_slistp = va_arg(arg, struct curl_slist **);
if(NULL != param_slistp)
ret = getinfo_slist(data, info, param_slistp);
break;
default:
break;
}
va_end(arg);
return ret;
}

View File

@@ -413,7 +413,7 @@ gtls_connect_step1(struct connectdata *conn,
data->set.ssl.CRLfile, data->set.ssl.CRLfile,
GNUTLS_X509_FMT_PEM); GNUTLS_X509_FMT_PEM);
if(rc < 0) { if(rc < 0) {
failf(data, "error reading crl file %s (%s)\n", failf(data, "error reading crl file %s (%s)",
data->set.ssl.CRLfile, gnutls_strerror(rc)); data->set.ssl.CRLfile, gnutls_strerror(rc));
return CURLE_SSL_CRL_BADFILE; return CURLE_SSL_CRL_BADFILE;
} }
@@ -1060,4 +1060,36 @@ int Curl_gtls_seed(struct SessionHandle *data)
return 0; return 0;
} }
void Curl_gtls_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
#if defined(USE_GNUTLS_NETTLE)
(void)data;
gnutls_rnd(GNUTLS_RND_RANDOM, entropy, length);
#elif defined(USE_GNUTLS)
Curl_gtls_seed(data); /* Initiate the seed if not already done */
gcry_randomize(entropy, length, GCRY_STRONG_RANDOM);
#endif
}
void Curl_gtls_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len)
{
#if defined(USE_GNUTLS_NETTLE)
struct md5_ctx MD5pw;
md5_init(&MD5pw);
md5_update(&MD5pw, tmplen, tmp);
md5_digest(&MD5pw, md5len, md5sum);
#elif defined(USE_GNUTLS)
gcry_md_hd_t MD5pw;
gcry_md_open(&MD5pw, GCRY_MD_MD5, 0);
gcry_md_write(MD5pw, tmp, tmplen);
memcpy(md5sum, gcry_md_read (MD5pw, 0), md5len);
gcry_md_close(MD5pw);
#endif
}
#endif /* USE_GNUTLS */ #endif /* USE_GNUTLS */

View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -47,6 +47,14 @@ size_t Curl_gtls_version(char *buffer, size_t size);
int Curl_gtls_shutdown(struct connectdata *conn, int sockindex); int Curl_gtls_shutdown(struct connectdata *conn, int sockindex);
int Curl_gtls_seed(struct SessionHandle *data); int Curl_gtls_seed(struct SessionHandle *data);
void Curl_gtls_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length);
void Curl_gtls_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len);
/* API setup for GnuTLS */ /* API setup for GnuTLS */
#define curlssl_init Curl_gtls_init #define curlssl_init Curl_gtls_init
#define curlssl_cleanup Curl_gtls_cleanup #define curlssl_cleanup Curl_gtls_cleanup
@@ -62,6 +70,8 @@ int Curl_gtls_seed(struct SessionHandle *data);
#define curlssl_version Curl_gtls_version #define curlssl_version Curl_gtls_version
#define curlssl_check_cxn(x) (x=x, -1) #define curlssl_check_cxn(x) (x=x, -1)
#define curlssl_data_pending(x,y) (x=x, y=y, 0) #define curlssl_data_pending(x,y) (x=x, y=y, 0)
#define curlssl_random(x,y,z) Curl_gtls_random(x,y,z)
#define curlssl_md5sum(a,b,c,d) Curl_gtls_md5sum(a,b,c,d)
#endif /* USE_GNUTLS */ #endif /* USE_GNUTLS */
#endif /* HEADER_CURL_GTLS_H */ #endif /* HEADER_CURL_GTLS_H */

View File

@@ -1371,9 +1371,10 @@ static CURLcode https_connecting(struct connectdata *conn, bool *done)
} }
#endif #endif
#if defined(USE_SSLEAY) || defined(USE_GNUTLS) #if defined(USE_SSLEAY) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \
/* This function is for OpenSSL and GnuTLS only. It should be made to query defined(USE_DARWINSSL)
the generic SSL layer instead. */ /* This function is for OpenSSL, GnuTLS, darwinssl, and schannel only.
It should be made to query the generic SSL layer instead. */
static int https_getsock(struct connectdata *conn, static int https_getsock(struct connectdata *conn,
curl_socket_t *socks, curl_socket_t *socks,
int numsocks) int numsocks)
@@ -1398,8 +1399,7 @@ static int https_getsock(struct connectdata *conn,
return CURLE_OK; return CURLE_OK;
} }
#else #else
#if defined(USE_NSS) || defined(USE_QSOSSL) || \ #ifdef USE_SSL
defined(USE_POLARSSL) || defined(USE_AXTLS) || defined(USE_CYASSL)
static int https_getsock(struct connectdata *conn, static int https_getsock(struct connectdata *conn,
curl_socket_t *socks, curl_socket_t *socks,
int numsocks) int numsocks)
@@ -1409,8 +1409,8 @@ static int https_getsock(struct connectdata *conn,
(void)numsocks; (void)numsocks;
return GETSOCK_BLANK; return GETSOCK_BLANK;
} }
#endif /* USE_AXTLS || USE_POLARSSL || USE_QSOSSL || USE_NSS */ #endif /* USE_SSL */
#endif /* USE_SSLEAY || USE_GNUTLS */ #endif /* USE_SSLEAY || USE_GNUTLS || USE_SCHANNEL */
/* /*
* Curl_http_done() gets called from Curl_done() after a single HTTP request * Curl_http_done() gets called from Curl_done() after a single HTTP request
@@ -1602,7 +1602,7 @@ CURLcode Curl_add_timecondition(struct SessionHandle *data,
result = Curl_gmtime(data->set.timevalue, &keeptime); result = Curl_gmtime(data->set.timevalue, &keeptime);
if(result) { if(result) {
failf(data, "Invalid TIMEVALUE\n"); failf(data, "Invalid TIMEVALUE");
return result; return result;
} }
tm = &keeptime; tm = &keeptime;
@@ -2727,6 +2727,42 @@ static CURLcode header_append(struct SessionHandle *data,
return CURLE_OK; return CURLE_OK;
} }
static void print_http_error(struct SessionHandle *data)
{
struct SingleRequest *k = &data->req;
char *beg = k->p;
/* make sure that data->req.p points to the HTTP status line */
if(!strncmp(beg, "HTTP", 4)) {
/* skip to HTTP status code */
beg = strchr(beg, ' ');
if(beg && *++beg) {
/* find trailing CR */
char end_char = '\r';
char *end = strchr(beg, end_char);
if(!end) {
/* try to find LF (workaround for non-compliant HTTP servers) */
end_char = '\n';
end = strchr(beg, end_char);
}
if(end) {
/* temporarily replace CR or LF by NUL and print the error message */
*end = '\0';
failf(data, "The requested URL returned error: %s", beg);
/* restore the previously replaced CR or LF */
*end = end_char;
return;
}
}
}
/* fall-back to printing the HTTP status code only */
failf(data, "The requested URL returned error: %d", k->httpcode);
}
/* /*
* Read any HTTP header lines from the server and pass them to the client app. * Read any HTTP header lines from the server and pass them to the client app.
@@ -2852,7 +2888,8 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
if((k->size == -1) && !k->chunk && !conn->bits.close && if((k->size == -1) && !k->chunk && !conn->bits.close &&
(conn->httpversion >= 11) && (conn->httpversion >= 11) &&
!(conn->handler->protocol & CURLPROTO_RTSP)) { !(conn->handler->protocol & CURLPROTO_RTSP) &&
data->set.httpreq != HTTPREQ_HEAD) {
/* On HTTP 1.1, when connection is not to get closed, but no /* On HTTP 1.1, when connection is not to get closed, but no
Content-Length nor Content-Encoding chunked have been Content-Length nor Content-Encoding chunked have been
received, according to RFC2616 section 4.4 point 5, we received, according to RFC2616 section 4.4 point 5, we
@@ -3114,8 +3151,7 @@ CURLcode Curl_http_readwrite_headers(struct SessionHandle *data,
} }
else { else {
/* serious error, go home! */ /* serious error, go home! */
failf (data, "The requested URL returned error: %d", print_http_error(data);
k->httpcode);
return CURLE_HTTP_RETURNED_ERROR; return CURLE_HTTP_RETURNED_ERROR;
} }
} }

View File

@@ -477,7 +477,7 @@ CURLcode Curl_output_digest(struct connectdata *conn,
"uri=\"%s\", " "uri=\"%s\", "
"cnonce=\"%s\", " "cnonce=\"%s\", "
"nc=%08x, " "nc=%08x, "
"qop=\"%s\", " "qop=%s, "
"response=\"%s\"", "response=\"%s\"",
proxy?"Proxy-":"", proxy?"Proxy-":"",
userp, userp,

View File

@@ -33,6 +33,7 @@
#include "curl_base64.h" #include "curl_base64.h"
#include "http_negotiate.h" #include "http_negotiate.h"
#include "curl_memory.h" #include "curl_memory.h"
#include "curl_multibyte.h"
#define _MPRINTF_REPLACE /* use our functions only */ #define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h> #include <curl/mprintf.h>
@@ -88,9 +89,9 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
SecBuffer out_sec_buff; SecBuffer out_sec_buff;
SecBufferDesc in_buff_desc; SecBufferDesc in_buff_desc;
SecBuffer in_sec_buff; SecBuffer in_sec_buff;
ULONG context_attributes; unsigned long context_attributes;
TimeStamp lifetime; TimeStamp lifetime;
TCHAR *sname;
int ret; int ret;
size_t len = 0, input_token_len = 0; size_t len = 0, input_token_len = 0;
bool gss = FALSE; bool gss = FALSE;
@@ -137,7 +138,7 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
if(!neg_ctx->output_token) { if(!neg_ctx->output_token) {
PSecPkgInfo SecurityPackage; PSecPkgInfo SecurityPackage;
ret = s_pSecFn->QuerySecurityPackageInfo((SEC_CHAR *)"Negotiate", ret = s_pSecFn->QuerySecurityPackageInfo((TCHAR *) TEXT("Negotiate"),
&SecurityPackage); &SecurityPackage);
if(ret != SEC_E_OK) if(ret != SEC_E_OK)
return -1; return -1;
@@ -166,7 +167,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
return -1; return -1;
neg_ctx->status = neg_ctx->status =
s_pSecFn->AcquireCredentialsHandle(NULL, (SEC_CHAR *)"Negotiate", s_pSecFn->AcquireCredentialsHandle(NULL,
(TCHAR *) TEXT("Negotiate"),
SECPKG_CRED_OUTBOUND, NULL, NULL, SECPKG_CRED_OUTBOUND, NULL, NULL,
NULL, NULL, neg_ctx->credentials, NULL, NULL, neg_ctx->credentials,
&lifetime); &lifetime);
@@ -205,10 +207,14 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
in_sec_buff.pvBuffer = input_token; in_sec_buff.pvBuffer = input_token;
} }
sname = Curl_convert_UTF8_to_tchar(neg_ctx->server_name);
if(!sname)
return CURLE_OUT_OF_MEMORY;
neg_ctx->status = s_pSecFn->InitializeSecurityContext( neg_ctx->status = s_pSecFn->InitializeSecurityContext(
neg_ctx->credentials, neg_ctx->credentials,
input_token ? neg_ctx->context : 0, input_token ? neg_ctx->context : 0,
neg_ctx->server_name, sname,
ISC_REQ_CONFIDENTIALITY, ISC_REQ_CONFIDENTIALITY,
0, 0,
SECURITY_NATIVE_DREP, SECURITY_NATIVE_DREP,
@@ -219,6 +225,8 @@ int Curl_input_negotiate(struct connectdata *conn, bool proxy,
&context_attributes, &context_attributes,
&lifetime); &lifetime);
Curl_unicodefree(sname);
if(GSS_ERROR(neg_ctx->status)) if(GSS_ERROR(neg_ctx->status))
return -1; return -1;

View File

@@ -65,10 +65,14 @@ CURLcode Curl_proxy_connect(struct connectdata *conn)
* to change the member temporarily for connecting to the HTTP * to change the member temporarily for connecting to the HTTP
* proxy. After Curl_proxyCONNECT we have to set back the member to the * proxy. After Curl_proxyCONNECT we have to set back the member to the
* original pointer * original pointer
*
* This function might be called several times in the multi interface case
* if the proxy's CONNTECT response is not instant.
*/ */
prot_save = conn->data->state.proto.generic; prot_save = conn->data->state.proto.generic;
memset(&http_proxy, 0, sizeof(http_proxy)); memset(&http_proxy, 0, sizeof(http_proxy));
conn->data->state.proto.http = &http_proxy; conn->data->state.proto.http = &http_proxy;
conn->bits.close = FALSE;
result = Curl_proxyCONNECT(conn, FIRSTSOCKET, result = Curl_proxyCONNECT(conn, FIRSTSOCKET,
conn->host.name, conn->remote_port); conn->host.name, conn->remote_port);
conn->data->state.proto.generic = prot_save; conn->data->state.proto.generic = prot_save;
@@ -357,6 +361,8 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
/* we're done reading chunks! */ /* we're done reading chunks! */
infof(data, "chunk reading DONE\n"); infof(data, "chunk reading DONE\n");
keepon = FALSE; keepon = FALSE;
/* we did the full CONNECT treatment, go COMPLETE */
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
} }
else else
infof(data, "Read %zd bytes of chunk, continue\n", infof(data, "Read %zd bytes of chunk, continue\n",
@@ -445,6 +451,9 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
/* we're done reading chunks! */ /* we're done reading chunks! */
infof(data, "chunk reading DONE\n"); infof(data, "chunk reading DONE\n");
keepon = FALSE; keepon = FALSE;
/* we did the full CONNECT treatment, go to
COMPLETE */
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
} }
else else
infof(data, "Read %zd bytes of chunk, continue\n", infof(data, "Read %zd bytes of chunk, continue\n",
@@ -466,6 +475,8 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
gotbytes - (i+1)); gotbytes - (i+1));
} }
} }
/* we did the full CONNECT treatment, go to COMPLETE */
conn->tunnel_state[sockindex] = TUNNEL_COMPLETE;
break; /* breaks out of for-loop, not switch() */ break; /* breaks out of for-loop, not switch() */
} }
@@ -544,6 +555,17 @@ CURLcode Curl_proxyCONNECT(struct connectdata *conn,
break; break;
} }
} /* END NEGOTIATION PHASE */ } /* END NEGOTIATION PHASE */
/* If we are supposed to continue and request a new URL, which basically
* means the HTTP authentication is still going on so if the tunnel
* is complete we start over in INIT state */
if(data->req.newurl &&
(TUNNEL_COMPLETE == conn->tunnel_state[sockindex])) {
conn->tunnel_state[sockindex] = TUNNEL_INIT;
infof(data, "TUNNEL_STATE switched to: %d\n",
conn->tunnel_state[sockindex]);
}
} while(data->req.newurl); } while(data->req.newurl);
if(200 != data->req.httpcode) { if(200 != data->req.httpcode) {

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -28,66 +28,21 @@
#ifdef USE_WIN32_IDN #ifdef USE_WIN32_IDN
#include <tchar.h> #include "curl_multibyte.h"
#ifdef WANT_IDN_PROTOTYPES #ifdef WANT_IDN_PROTOTYPES
WINBASEAPI int WINAPI IdnToAscii(DWORD, LPCWSTR, int, LPWSTR, int); WINBASEAPI int WINAPI IdnToAscii(DWORD, const WCHAR *, int, WCHAR *, int);
WINBASEAPI int WINAPI IdnToUnicode(DWORD, LPCWSTR, int, LPWSTR, int); WINBASEAPI int WINAPI IdnToUnicode(DWORD, const WCHAR *, int, WCHAR *, int);
#endif #endif
#define IDN_MAX_LENGTH 255 #define IDN_MAX_LENGTH 255
static wchar_t *_curl_win32_UTF8_to_wchar(const char *str_utf8) int curl_win32_idn_to_ascii(const char *in, char **out);
{ int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8);
wchar_t *str_w = NULL;
if(str_utf8) {
int str_w_len = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS,
str_utf8, -1, NULL, 0);
if(str_w_len) {
str_w = malloc(str_w_len * sizeof(wchar_t));
if(str_w) {
if(MultiByteToWideChar(CP_UTF8, 0, str_utf8, -1, str_w,
str_w_len) == 0) {
free(str_w);
str_w = NULL;
}
}
}
}
return str_w;
}
static const char *_curl_win32_wchar_to_UTF8(const wchar_t *str_w)
{
char *str_utf8 = NULL;
if(str_w) {
size_t str_utf8_len = WideCharToMultiByte(CP_UTF8, 0, str_w, -1, NULL,
0, NULL, NULL);
if(str_utf8_len) {
str_utf8 = malloc(str_utf8_len * sizeof(wchar_t));
if(str_utf8) {
if(WideCharToMultiByte(CP_UTF8, 0, str_w, -1, str_utf8, str_utf8_len,
NULL, FALSE) == 0) {
(void) GetLastError();
free((void *)str_utf8);
str_utf8 = NULL;
}
}
}
else {
(void) GetLastError();
}
}
return str_utf8;
}
int curl_win32_idn_to_ascii(const char *in, char **out) int curl_win32_idn_to_ascii(const char *in, char **out)
{ {
wchar_t *in_w = _curl_win32_UTF8_to_wchar(in); wchar_t *in_w = Curl_convert_UTF8_to_wchar(in);
if(in_w) { if(in_w) {
wchar_t punycode[IDN_MAX_LENGTH]; wchar_t punycode[IDN_MAX_LENGTH];
if(IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH) == 0) { if(IdnToAscii(0, in_w, -1, punycode, IDN_MAX_LENGTH) == 0) {
@@ -97,16 +52,16 @@ int curl_win32_idn_to_ascii(const char *in, char **out)
} }
free(in_w); free(in_w);
*out = (char *)_curl_win32_wchar_to_UTF8(punycode); *out = Curl_convert_wchar_to_UTF8(punycode);
if(!(*out)) { if(!*out)
return 0; return 0;
}
} }
return 1; return 1;
} }
int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8) int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8)
{ {
(void)in_len; /* unused */
if(in) { if(in) {
WCHAR unicode[IDN_MAX_LENGTH]; WCHAR unicode[IDN_MAX_LENGTH];
@@ -115,10 +70,9 @@ int curl_win32_ascii_to_idn(const char *in, size_t in_len, char **out_utf8)
return 0; return 0;
} }
else { else {
const char *out_utf8 = _curl_win32_wchar_to_UTF8(unicode); *out_utf8 = Curl_convert_wchar_to_UTF8(unicode);
if(!out_utf8) { if(!*out_utf8)
return 0; return 0;
}
} }
} }
return 1; return 1;

View File

@@ -77,7 +77,6 @@
#include "multiif.h" #include "multiif.h"
#include "url.h" #include "url.h"
#include "rawstr.h" #include "rawstr.h"
#include "strtoofft.h"
#define _MPRINTF_REPLACE /* use our functions only */ #define _MPRINTF_REPLACE /* use our functions only */
#include <curl/mprintf.h> #include <curl/mprintf.h>

View File

@@ -1,56 +0,0 @@
#
# Definition file for the NLM version of the LIBCURL library from curl
#
# (LIBCURL)
curl_easy_cleanup,
curl_easy_escape,
curl_easy_unescape,
curl_easy_getinfo,
curl_easy_init,
curl_easy_pause,
curl_easy_perform,
curl_easy_recv,
curl_easy_send,
curl_easy_setopt,
curl_escape,
curl_unescape,
curl_formfree,
curl_getdate,
curl_getenv,
curl_global_cleanup,
curl_global_init,
curl_slist_append,
curl_slist_free_all,
curl_version,
curl_maprintf,
curl_mfprintf,
curl_mprintf,
curl_msprintf,
curl_msnprintf,
curl_mvaprintf,
curl_mvfprintf,
curl_mvsnprintf,
curl_strequal,
curl_strnequal,
curl_easy_duphandle,
curl_formadd,
curl_multi_init,
curl_multi_add_handle,
curl_multi_remove_handle,
curl_multi_fdset,
curl_multi_perform,
curl_multi_cleanup,
curl_multi_info_read,
curl_multi_setopt,
curl_multi_timeout,
curl_free,
curl_version_info,
curl_share_init,
curl_share_setopt,
curl_share_cleanup,
curl_global_init_mem,
curl_easy_strerror,
curl_multi_strerror,
curl_share_strerror,
curl_easy_reset

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -984,6 +984,16 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
break; break;
} }
if(!easy->easy_conn &&
easy->state > CURLM_STATE_CONNECT &&
easy->state < CURLM_STATE_DONE) {
/* In all these states, the code will blindly access 'easy->easy_conn'
so this is precaution that it isn't NULL. And it silences static
analyzers. */
failf(data, "In state %d with no easy_conn, bail out!\n", easy->state);
return CURLM_INTERNAL_ERROR;
}
if(easy->easy_conn && easy->state > CURLM_STATE_CONNECT && if(easy->easy_conn && easy->state > CURLM_STATE_CONNECT &&
easy->state < CURLM_STATE_COMPLETED) easy->state < CURLM_STATE_COMPLETED)
/* Make sure we set the connection's current owner */ /* Make sure we set the connection's current owner */
@@ -2018,12 +2028,13 @@ static void singlesocket(struct Curl_multi *multi,
remove_sock_from_hash = FALSE; remove_sock_from_hash = FALSE;
if(remove_sock_from_hash) { if(remove_sock_from_hash) {
/* in this case 'entry' is always non-NULL */
if(multi->socket_cb) if(multi->socket_cb)
multi->socket_cb(easy->easy_handle, multi->socket_cb(easy->easy_handle,
s, s,
CURL_POLL_REMOVE, CURL_POLL_REMOVE,
multi->socket_userp, multi->socket_userp,
entry ? entry->socketp : NULL); entry->socketp);
sh_delentry(multi->sockhash, s); sh_delentry(multi->sockhash, s);
} }

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -51,10 +51,7 @@
enum host_lookup_state { enum host_lookup_state {
NOTHING, NOTHING,
HOSTFOUND, /* the 'machine' keyword was found */ HOSTFOUND, /* the 'machine' keyword was found */
HOSTCOMPLETE, /* the machine name following the keyword was found too */ HOSTVALID /* this is "our" machine! */
HOSTVALID, /* this is "our" machine! */
HOSTEND /* LAST enum */
}; };
/* /*
@@ -174,10 +171,6 @@ int Curl_parsenetrc(const char *host,
state_our_login = FALSE; state_our_login = FALSE;
} }
break; break;
case HOSTCOMPLETE:
case HOSTEND:
/* Should not be reached. */
DEBUGASSERT(0);
} /* switch (state) */ } /* switch (state) */
tok = strtok_r(NULL, " \t\n", &tok_buf); tok = strtok_r(NULL, " \t\n", &tok_buf);

164
lib/nss.c
View File

@@ -27,6 +27,8 @@
#include "setup.h" #include "setup.h"
#ifdef USE_NSS
#ifdef HAVE_SYS_SOCKET_H #ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h> #include <sys/socket.h>
#endif #endif
@@ -44,8 +46,6 @@
#define _MPRINTF_REPLACE /* use the internal *printf() functions */ #define _MPRINTF_REPLACE /* use the internal *printf() functions */
#include <curl/mprintf.h> #include <curl/mprintf.h>
#ifdef USE_NSS
#include "nssg.h" #include "nssg.h"
#include <nspr.h> #include <nspr.h>
#include <nss.h> #include <nss.h>
@@ -66,6 +66,7 @@
#include "curl_memory.h" #include "curl_memory.h"
#include "rawstr.h" #include "rawstr.h"
#include "warnless.h"
/* The last #include file should be: */ /* The last #include file should be: */
#include "memdebug.h" #include "memdebug.h"
@@ -186,6 +187,11 @@ static const char* nss_error_to_name(PRErrorCode code)
return "unknown error"; return "unknown error";
} }
static void nss_print_error_message(struct SessionHandle *data, PRUint32 err)
{
failf(data, "%s", PR_ErrorToString(err, PR_LANGUAGE_I_DEFAULT));
}
static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model, static SECStatus set_ciphers(struct SessionHandle *data, PRFileDesc * model,
char *cipher_list) char *cipher_list)
{ {
@@ -612,69 +618,13 @@ static SECStatus nss_auth_cert_hook(void *arg, PRFileDesc *fd, PRBool checksig,
return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer); return SSL_AuthCertificate(CERT_GetDefaultCertDB(), fd, checksig, isServer);
} }
static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
{
SECStatus result = SECFailure;
struct connectdata *conn = (struct connectdata *)arg;
PRErrorCode err = PR_GetError();
CERTCertificate *cert = NULL;
char *subject, *subject_cn, *issuer;
conn->data->set.ssl.certverifyresult=err;
cert = SSL_PeerCertificate(sock);
subject = CERT_NameToAscii(&cert->subject);
subject_cn = CERT_GetCommonName(&cert->subject);
issuer = CERT_NameToAscii(&cert->issuer);
CERT_DestroyCertificate(cert);
switch(err) {
case SEC_ERROR_CA_CERT_INVALID:
infof(conn->data, "Issuer certificate is invalid: '%s'\n", issuer);
break;
case SEC_ERROR_UNTRUSTED_ISSUER:
infof(conn->data, "Certificate is signed by an untrusted issuer: '%s'\n",
issuer);
break;
case SSL_ERROR_BAD_CERT_DOMAIN:
if(conn->data->set.ssl.verifyhost) {
failf(conn->data, "SSL: certificate subject name '%s' does not match "
"target host name '%s'", subject_cn, conn->host.dispname);
}
else {
result = SECSuccess;
infof(conn->data, "warning: SSL: certificate subject name '%s' does not "
"match target host name '%s'\n", subject_cn, conn->host.dispname);
}
break;
case SEC_ERROR_EXPIRED_CERTIFICATE:
infof(conn->data, "Remote Certificate has expired.\n");
break;
case SEC_ERROR_UNKNOWN_ISSUER:
infof(conn->data, "Peer's certificate issuer is not recognized: '%s'\n",
issuer);
break;
default:
infof(conn->data, "Bad certificate received. Subject = '%s', "
"Issuer = '%s'\n", subject, issuer);
break;
}
if(result == SECSuccess)
infof(conn->data, "SSL certificate verify ok.\n");
PR_Free(subject);
PR_Free(subject_cn);
PR_Free(issuer);
return result;
}
/** /**
* Inform the application that the handshake is complete. * Inform the application that the handshake is complete.
*/ */
static SECStatus HandshakeCallback(PRFileDesc *sock, void *arg) static void HandshakeCallback(PRFileDesc *sock, void *arg)
{ {
(void)sock; (void)sock;
(void)arg; (void)arg;
return SECSuccess;
} }
static void display_cert_info(struct SessionHandle *data, static void display_cert_info(struct SessionHandle *data,
@@ -729,6 +679,31 @@ static void display_conn_info(struct connectdata *conn, PRFileDesc *sock)
return; return;
} }
static SECStatus BadCertHandler(void *arg, PRFileDesc *sock)
{
struct connectdata *conn = (struct connectdata *)arg;
struct SessionHandle *data = conn->data;
PRErrorCode err = PR_GetError();
CERTCertificate *cert;
/* remember the cert verification result */
data->set.ssl.certverifyresult = err;
if(err == SSL_ERROR_BAD_CERT_DOMAIN && !data->set.ssl.verifyhost)
/* we are asked not to verify the host name */
return SECSuccess;
/* print only info about the cert, the error is printed off the callback */
cert = SSL_PeerCertificate(sock);
if(cert) {
infof(data, "Server certificate:\n");
display_cert_info(data, cert);
CERT_DestroyCertificate(cert);
}
return SECFailure;
}
/** /**
* *
* Check that the Peer certificate's issuer certificate matches the one found * Check that the Peer certificate's issuer certificate matches the one found
@@ -1109,20 +1084,17 @@ int Curl_nss_close_all(struct SessionHandle *data)
return 0; return 0;
} }
/* handle client certificate related errors if any; return false otherwise */ /* return true if the given error code is related to a client certificate */
static bool handle_cc_error(PRInt32 err, struct SessionHandle *data) static bool is_cc_error(PRInt32 err)
{ {
switch(err) { switch(err) {
case SSL_ERROR_BAD_CERT_ALERT: case SSL_ERROR_BAD_CERT_ALERT:
failf(data, "SSL error: SSL_ERROR_BAD_CERT_ALERT");
return true; return true;
case SSL_ERROR_REVOKED_CERT_ALERT: case SSL_ERROR_REVOKED_CERT_ALERT:
failf(data, "SSL error: SSL_ERROR_REVOKED_CERT_ALERT");
return true; return true;
case SSL_ERROR_EXPIRED_CERT_ALERT: case SSL_ERROR_EXPIRED_CERT_ALERT:
failf(data, "SSL error: SSL_ERROR_EXPIRED_CERT_ALERT");
return true; return true;
default: default:
@@ -1341,12 +1313,10 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
goto error; goto error;
data->set.ssl.certverifyresult=0; /* not checked yet */ data->set.ssl.certverifyresult=0; /* not checked yet */
if(SSL_BadCertHook(model, (SSLBadCertHandler) BadCertHandler, conn) if(SSL_BadCertHook(model, BadCertHandler, conn) != SECSuccess)
!= SECSuccess) {
goto error; goto error;
}
if(SSL_HandshakeCallback(model, (SSLHandshakeCallback) HandshakeCallback, if(SSL_HandshakeCallback(model, HandshakeCallback, NULL) != SECSuccess)
NULL) != SECSuccess)
goto error; goto error;
if(data->set.ssl.verifypeer) { if(data->set.ssl.verifypeer) {
@@ -1463,10 +1433,14 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
data->state.ssl_connect_retry = FALSE; data->state.ssl_connect_retry = FALSE;
err = PR_GetError(); err = PR_GetError();
if(handle_cc_error(err, data)) if(is_cc_error(err))
curlerr = CURLE_SSL_CERTPROBLEM; curlerr = CURLE_SSL_CERTPROBLEM;
else
infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err)); /* print the error number and error string */
infof(data, "NSS error %d (%s)\n", err, nss_error_to_name(err));
/* print a human-readable message describing the error if available */
nss_print_error_message(data, err);
if(model) if(model)
PR_Close(model); PR_Close(model);
@@ -1499,12 +1473,17 @@ static ssize_t nss_send(struct connectdata *conn, /* connection data */
PRInt32 err = PR_GetError(); PRInt32 err = PR_GetError();
if(err == PR_WOULD_BLOCK_ERROR) if(err == PR_WOULD_BLOCK_ERROR)
*curlcode = CURLE_AGAIN; *curlcode = CURLE_AGAIN;
else if(handle_cc_error(err, conn->data))
*curlcode = CURLE_SSL_CERTPROBLEM;
else { else {
/* print the error number and error string */
const char *err_name = nss_error_to_name(err); const char *err_name = nss_error_to_name(err);
failf(conn->data, "SSL write: error %d (%s)", err, err_name); infof(conn->data, "SSL write: error %d (%s)\n", err, err_name);
*curlcode = CURLE_SEND_ERROR;
/* print a human-readable message describing the error if available */
nss_print_error_message(conn->data, err);
*curlcode = (is_cc_error(err))
? CURLE_SSL_CERTPROBLEM
: CURLE_SEND_ERROR;
} }
return -1; return -1;
} }
@@ -1526,12 +1505,17 @@ static ssize_t nss_recv(struct connectdata * conn, /* connection data */
if(err == PR_WOULD_BLOCK_ERROR) if(err == PR_WOULD_BLOCK_ERROR)
*curlcode = CURLE_AGAIN; *curlcode = CURLE_AGAIN;
else if(handle_cc_error(err, conn->data))
*curlcode = CURLE_SSL_CERTPROBLEM;
else { else {
/* print the error number and error string */
const char *err_name = nss_error_to_name(err); const char *err_name = nss_error_to_name(err);
failf(conn->data, "SSL read: errno %d (%s)", err, err_name); infof(conn->data, "SSL read: errno %d (%s)\n", err, err_name);
*curlcode = CURLE_RECV_ERROR;
/* print a human-readable message describing the error if available */
nss_print_error_message(conn->data, err);
*curlcode = (is_cc_error(err))
? CURLE_SSL_CERTPROBLEM
: CURLE_RECV_ERROR;
} }
return -1; return -1;
} }
@@ -1550,4 +1534,24 @@ int Curl_nss_seed(struct SessionHandle *data)
return 0; return 0;
} }
void Curl_nss_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length)
{
Curl_nss_seed(data); /* Initiate the seed if not already done */
PK11_GenerateRandom(entropy, curlx_uztosi(length));
}
void Curl_nss_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len)
{
PK11Context *MD5pw = PK11_CreateDigestContext(SEC_OID_MD5);
unsigned int MD5out;
PK11_DigestOp(MD5pw, tmp, curlx_uztoui(tmplen));
PK11_DigestFinal(MD5pw, md5sum, &MD5out, curlx_uztoui(md5len));
PK11_DestroyContext(MD5pw, PR_TRUE);
}
#endif /* USE_NSS */ #endif /* USE_NSS */

View File

@@ -7,7 +7,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -51,6 +51,15 @@ int Curl_nss_seed(struct SessionHandle *data);
/* initialize NSS library if not already */ /* initialize NSS library if not already */
CURLcode Curl_nss_force_init(struct SessionHandle *data); CURLcode Curl_nss_force_init(struct SessionHandle *data);
void Curl_nss_random(struct SessionHandle *data,
unsigned char *entropy,
size_t length);
void Curl_nss_md5sum(unsigned char *tmp, /* input */
size_t tmplen,
unsigned char *md5sum, /* output */
size_t md5len);
/* API setup for NSS */ /* API setup for NSS */
#define curlssl_init Curl_nss_init #define curlssl_init Curl_nss_init
#define curlssl_cleanup Curl_nss_cleanup #define curlssl_cleanup Curl_nss_cleanup
@@ -68,6 +77,8 @@ CURLcode Curl_nss_force_init(struct SessionHandle *data);
#define curlssl_version Curl_nss_version #define curlssl_version Curl_nss_version
#define curlssl_check_cxn(x) Curl_nss_check_cxn(x) #define curlssl_check_cxn(x) Curl_nss_check_cxn(x)
#define curlssl_data_pending(x,y) (x=x, y=y, 0) #define curlssl_data_pending(x,y) (x=x, y=y, 0)
#define curlssl_random(x,y,z) Curl_nss_random(x,y,z)
#define curlssl_md5sum(a,b,c,d) Curl_nss_md5sum(a,b,c,d)
#endif /* USE_NSS */ #endif /* USE_NSS */
#endif /* HEADER_CURL_NSSG_H */ #endif /* HEADER_CURL_NSSG_H */

View File

@@ -171,6 +171,8 @@ static CURLcode ldap_setup(struct connectdata *conn)
ldap_free_urldesc(lud); ldap_free_urldesc(lud);
li = calloc(1, sizeof(ldapconninfo)); li = calloc(1, sizeof(ldapconninfo));
if(!li)
return CURLE_OUT_OF_MEMORY;
li->proto = proto; li->proto = proto;
conn->proto.generic = li; conn->proto.generic = li;
conn->bits.close = FALSE; conn->bits.close = FALSE;
@@ -386,6 +388,8 @@ static CURLcode ldap_do(struct connectdata *conn, bool *done)
return CURLE_LDAP_SEARCH_FAILED; return CURLE_LDAP_SEARCH_FAILED;
} }
lr = calloc(1,sizeof(ldapreqinfo)); lr = calloc(1,sizeof(ldapreqinfo));
if(!lr)
return CURLE_OUT_OF_MEMORY;
lr->msgid = msgid; lr->msgid = msgid;
data->state.proto.generic = lr; data->state.proto.generic = lr;
Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL); Curl_setup_transfer(conn, FIRSTSOCKET, -1, FALSE, NULL, -1, NULL);

View File

@@ -6,6 +6,7 @@
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com> * Copyright (C) 2010, 2011, Hoi-Ho Chan, <hoiho.chan@gmail.com>
* Copyright (C) 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -90,7 +91,7 @@ static void polarssl_debug(void *context, int level, char *line)
data = (struct SessionHandle *)context; data = (struct SessionHandle *)context;
infof(data, "%s", line); infof(data, "%s\n", line);
} }
#else #else
#endif #endif
@@ -289,7 +290,7 @@ polarssl_connect_step2(struct connectdata *conn,
if(ret && data->set.ssl.verifypeer) { if(ret && data->set.ssl.verifypeer) {
if(ret & BADCERT_EXPIRED) if(ret & BADCERT_EXPIRED)
failf(data, "Cert verify failed: BADCERT_EXPIRED\n"); failf(data, "Cert verify failed: BADCERT_EXPIRED");
if(ret & BADCERT_REVOKED) { if(ret & BADCERT_REVOKED) {
failf(data, "Cert verify failed: BADCERT_REVOKED"); failf(data, "Cert verify failed: BADCERT_REVOKED");

File diff suppressed because it is too large Load Diff

View File

@@ -26,38 +26,59 @@
* POP3 unique setup * POP3 unique setup
***************************************************************************/ ***************************************************************************/
typedef enum { typedef enum {
POP3_STOP, /* do nothing state, stops the state machine */ POP3_STOP, /* do nothing state, stops the state machine */
POP3_SERVERGREET, /* waiting for the initial greeting immediately after POP3_SERVERGREET, /* waiting for the initial greeting immediately after
a connect */ a connect */
POP3_STARTTLS,
POP3_CAPA,
POP3_AUTH_PLAIN,
POP3_AUTH_LOGIN,
POP3_AUTH_LOGIN_PASSWD,
POP3_AUTH_CRAMMD5,
POP3_AUTH_DIGESTMD5,
POP3_AUTH_DIGESTMD5_RESP,
POP3_AUTH_NTLM,
POP3_AUTH_NTLM_TYPE2MSG,
POP3_AUTH,
POP3_APOP,
POP3_USER, POP3_USER,
POP3_PASS, POP3_PASS,
POP3_STARTTLS,
POP3_COMMAND, POP3_COMMAND,
POP3_QUIT, POP3_QUIT,
POP3_LAST /* never used */ POP3_LAST /* never used */
} pop3state; } pop3state;
/* pop3_conn is used for struct connection-oriented data in the connectdata /* pop3_conn is used for struct connection-oriented data in the connectdata
struct */ struct */
struct pop3_conn { struct pop3_conn {
struct pingpong pp; struct pingpong pp;
char *mailbox; /* message id */ char *mailbox; /* Message ID */
char *custom; /* custom request */ char *custom; /* Custom Request */
size_t eob; /* number of bytes of the EOB (End Of Body) that has been size_t eob; /* Number of bytes of the EOB (End Of Body) that
received thus far */ have been received so far */
size_t strip; /* number of bytes from the start to ignore as non-body */ size_t strip; /* Number of bytes from the start to ignore as
pop3state state; /* always use pop3.c:state() to change state! */ non-body */
unsigned int authtypes; /* Supported authentication types */
unsigned int authmechs; /* Accepted SASL authentication mechanisms */
unsigned int authused; /* SASL auth mechanism used for the connection */
char *apoptimestamp; /* APOP timestamp from the server greeting */
pop3state state; /* Always use pop3.c:state() to change state! */
}; };
extern const struct Curl_handler Curl_handler_pop3; extern const struct Curl_handler Curl_handler_pop3;
extern const struct Curl_handler Curl_handler_pop3s; extern const struct Curl_handler Curl_handler_pop3s;
/* /* Authentication type flags */
* This function scans the body after the end-of-body and writes everything #define POP3_TYPE_CLEARTEXT 0x0001
* until the end is found. #define POP3_TYPE_APOP 0x0002
*/ #define POP3_TYPE_SASL 0x0004
CURLcode Curl_pop3_write(struct connectdata *conn,
char *str, /* This is the 5-bytes End-Of-Body marker for POP3 */
size_t nread); #define POP3_EOB "\x0d\x0a\x2e\x0d\x0a"
#define POP3_EOB_LEN 5
/* This function scans the body after the end-of-body and writes everything
* until the end is found */
CURLcode Curl_pop3_write(struct connectdata *conn, char *str, size_t nread);
#endif /* HEADER_CURL_POP3_H */ #endif /* HEADER_CURL_POP3_H */

View File

@@ -131,11 +131,14 @@ static char *max5data(curl_off_t bytes, char *max5)
*/ */
void Curl_pgrsDone(struct connectdata *conn) int Curl_pgrsDone(struct connectdata *conn)
{ {
int rc;
struct SessionHandle *data = conn->data; struct SessionHandle *data = conn->data;
data->progress.lastshow=0; data->progress.lastshow=0;
Curl_pgrsUpdate(conn); /* the final (forced) update */ rc = Curl_pgrsUpdate(conn); /* the final (forced) update */
if(rc)
return rc;
if(!(data->progress.flags & PGRS_HIDE) && if(!(data->progress.flags & PGRS_HIDE) &&
!data->progress.callback) !data->progress.callback)
@@ -144,6 +147,7 @@ void Curl_pgrsDone(struct connectdata *conn)
fprintf(data->set.err, "\n"); fprintf(data->set.err, "\n");
data->progress.speeder_c = 0; /* reset the progress meter display */ data->progress.speeder_c = 0; /* reset the progress meter display */
return 0;
} }
/* reset all times except redirect, and reset the known transfer sizes */ /* reset all times except redirect, and reset the known transfer sizes */
@@ -241,6 +245,10 @@ void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size)
data->progress.flags &= ~PGRS_UL_SIZE_KNOWN; data->progress.flags &= ~PGRS_UL_SIZE_KNOWN;
} }
/*
* Curl_pgrsUpdate() returns 0 for success or the value returned by the
* progress callback!
*/
int Curl_pgrsUpdate(struct connectdata *conn) int Curl_pgrsUpdate(struct connectdata *conn)
{ {
struct timeval now; struct timeval now;

View File

@@ -39,7 +39,7 @@ typedef enum {
TIMER_LAST /* must be last */ TIMER_LAST /* must be last */
} timerid; } timerid;
void Curl_pgrsDone(struct connectdata *); int Curl_pgrsDone(struct connectdata *);
void Curl_pgrsStartNow(struct SessionHandle *data); void Curl_pgrsStartNow(struct SessionHandle *data);
void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size); void Curl_pgrsSetDownloadSize(struct SessionHandle *data, curl_off_t size);
void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size); void Curl_pgrsSetUploadSize(struct SessionHandle *data, curl_off_t size);

View File

@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___ * | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____| * \___|\___/|_| \_\_____|
* *
* Copyright (C) 1998 - 2011, Daniel Stenberg, <daniel@haxx.se>, et al. * Copyright (C) 1998 - 2012, Daniel Stenberg, <daniel@haxx.se>, et al.
* *
* This software is licensed as described in the file COPYING, which * This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms * you should have received as part of this distribution. The terms
@@ -747,13 +747,7 @@ CURLcode Curl_rtsp_parseheader(struct connectdata *conn,
if(checkprefix("CSeq:", header)) { if(checkprefix("CSeq:", header)) {
/* Store the received CSeq. Match is verified in rtsp_done */ /* Store the received CSeq. Match is verified in rtsp_done */
int nc; int nc = sscanf(&header[4], ": %ld", &CSeq);
char *temp = strdup(header);
if(!temp)
return CURLE_OUT_OF_MEMORY;
Curl_strntoupper(temp, temp, sizeof(temp));
nc = sscanf(temp, "CSEQ: %ld", &CSeq);
free(temp);
if(nc == 1) { if(nc == 1) {
data->state.proto.rtsp->CSeq_recv = CSeq; /* mark the request */ data->state.proto.rtsp->CSeq_recv = CSeq; /* mark the request */
data->state.rtsp_CSeq_recv = CSeq; /* update the handle */ data->state.rtsp_CSeq_recv = CSeq; /* update the handle */

View File

@@ -223,6 +223,12 @@
*/ */
#ifdef HAVE_WINDOWS_H #ifdef HAVE_WINDOWS_H
# if defined(UNICODE) && !defined(_UNICODE)
# define _UNICODE
# endif
# if defined(_UNICODE) && !defined(UNICODE)
# define UNICODE
# endif
# ifndef WIN32_LEAN_AND_MEAN # ifndef WIN32_LEAN_AND_MEAN
# define WIN32_LEAN_AND_MEAN # define WIN32_LEAN_AND_MEAN
# endif # endif
@@ -237,6 +243,7 @@
# include <winsock.h> # include <winsock.h>
# endif # endif
# endif # endif
# include <tchar.h>
#endif #endif
/* /*
@@ -349,11 +356,13 @@
# include <io.h> # include <io.h>
# include <sys/types.h> # include <sys/types.h>
# include <sys/stat.h> # include <sys/stat.h>
# undef lseek # ifndef _WIN32_WCE
# define lseek(fdes,offset,whence) _lseek(fdes, (long)offset, whence) # undef lseek
# define fstat(fdes,stp) _fstat(fdes, stp) # define lseek(fdes,offset,whence) _lseek(fdes, (long)offset, whence)
# define stat(fname,stp) _stat(fname, stp) # define fstat(fdes,stp) _fstat(fdes, stp)
# define struct_stat struct _stat # define stat(fname,stp) _stat(fname, stp)
# define struct_stat struct _stat
# endif
# define LSEEK_ERROR (long)-1 # define LSEEK_ERROR (long)-1
#endif #endif
@@ -579,7 +588,8 @@ int netware_init(void);
#if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || \ #if defined(USE_GNUTLS) || defined(USE_SSLEAY) || defined(USE_NSS) || \
defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || \ defined(USE_QSOSSL) || defined(USE_POLARSSL) || defined(USE_AXTLS) || \
defined(USE_CYASSL) defined(USE_CYASSL) || defined(USE_SCHANNEL) || \
defined(USE_DARWINSSL)
#define USE_SSL /* SSL support has been enabled */ #define USE_SSL /* SSL support has been enabled */
#endif #endif
@@ -590,7 +600,7 @@ int netware_init(void);
/* Single point where USE_NTLM definition might be done */ /* Single point where USE_NTLM definition might be done */
#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM) #if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_NTLM)
#if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \ #if defined(USE_SSLEAY) || defined(USE_WINDOWS_SSPI) || \
defined(USE_GNUTLS) || defined(USE_NSS) defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_DARWINSSL)
#define USE_NTLM #define USE_NTLM
#endif #endif
#endif #endif

Some files were not shown because too many files have changed in this diff Show More