Daniel Stenberg [Wed, 25 Mar 2020 22:16:28 +0000 (23:16 +0100)]
docs/make: generate curl.1 from listed files only
Previously it rendered the page from files matching "*.d" in the correct
directory, which worked fine in git builds when the files were added but
made it easy to forget adding the files to the dist.
Now, only man page sections listed in DPAGES in Makefile.inc will be
used, thus "forcing" us to update this to get the man page right and get
it included in the dist at the same time.
Daniel Stenberg [Mon, 23 Mar 2020 11:28:20 +0000 (12:28 +0100)]
openssl: adapt to functions marked as deprecated since version 3
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
functions we use.
Fix the MD4 and SSL_CTX_load_verify_locations warnings.
In configure, detect OpenSSL v3 and if so, inhibit the deprecation
warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
until we rewrite the code to use non-deprecated functions we better
ignore these warnings as they don't help us.
Daniel Stenberg [Sun, 22 Mar 2020 11:08:39 +0000 (12:08 +0100)]
test970: improve the test
- send more data to make problems more obvious
- don't start the data with minus, it makes diffs harder to read
- skip the headers in the stdout comparison
- save to a file name to also verify 'filename_effective'
Jay Satiro [Sat, 7 Mar 2020 08:21:33 +0000 (03:21 -0500)]
curl_setup: define _WIN32_WINNT_[OS] symbols
.. because not all Windows build systems have those symbols, and even
those that do may be missing newer symbols (eg the Windows 7 SDK does
not define _WIN32_WINNT_WIN10).
Those symbols are used in build-time logic to decide which API to use
and prior to this change if the symbols were missing it would have
resulted in deprecated API being used when more recent functions were
available (eg GetVersionEx used instead of VerifyVersionInfo).
AC_REQUIRE means "if this macro hasn't been executed already, execute
it". So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFELSE)
isn't correct at that will execute AC_RUN_IFELSE without any arguments.
With autoconf 2.69 this is basically a no-op, but with autoconf 2.70,
AC_RUN_IFELSE without a default value when cross-compiling is fatal.
The result is that curl with autoconf 2.70 cannot cross-compile.
Rici Lake [Wed, 18 Mar 2020 23:28:19 +0000 (18:28 -0500)]
cmdline: fix handling of OperationConfig linked list (--next)
Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -K/--config
option has been parsed, the option parser's view of the current config
is update.
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
--ssl-revoke-best-effort to allow a "best effort" revocation check.
A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.
---
When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:
Unknown error (0x80092012) - The revocation function was unable
to check revocation for the certificate.
Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.
This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.
In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.
Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).
To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.
Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.
The test 2070 was added to verify this behavior, adapted from 310.
Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com> Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com> Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Closes https://github.com/curl/curl/pull/4981
Daniel Stenberg [Sat, 8 Feb 2020 23:04:05 +0000 (00:04 +0100)]
test 970: verify --write-out '%{json}'
Makes curl_easy_getinfo() of "variable" numerical content instead return
the number set in the env variable `CURL_TIME`.
Makes curl_version() of "variable" textual content. This guarantees a
stable version string which can be tested against. Environment variable
`CURL_VERSION` defines the content.
Daniel Stenberg [Mon, 16 Mar 2020 08:33:27 +0000 (09:33 +0100)]
tool_operate: fix add_parallel_transfers when more are in queue
Trying to return early from the function if no new transfers were added
would break the "morep" argument and cause issues. This could lead to
zero content "transfers" (within quotes since they would never be
started) when parallel-max was reduced.
Reported-by: Gavin Wong Analyzed-by: Jay Satiro
Fixes #4937
Closes #5112
Daniel Stenberg [Tue, 10 Mar 2020 21:31:47 +0000 (22:31 +0100)]
transfer: cap retries of "dead connections" to 5
When libcurl retries a connection due to it being "seemingly dead" or by
REFUSED_STREAM, it will now only do it up five times before giving up,
to avoid never-ending loops.
Marc Hoersken [Sun, 15 Mar 2020 09:01:38 +0000 (10:01 +0100)]
tests: remove python_dependencies for smbserver from our tree
Users of the SMB tests will have to install impacket manually.
Reasoning: our in-tree version of impacket was quite outdated
and only compatible with Python 2 which is already end-of-life.
Upgrading to Python 3 and a compatible impacket version would
require to import additional Python-only and CPython-extension
dependencies. This would have hindered portability enormously.
Jay Satiro [Sat, 14 Mar 2020 06:19:04 +0000 (02:19 -0400)]
easy: Fix curl_easy_duphandle for builds missing IPv6 that use c-ares
- Ignore CURLE_NOT_BUILT_IN errors returned by c-ares functions in
curl_easy_duphandle.
Prior to this change if c-ares was used as the resolver backend and
either it was too old or libcurl was built without IPv6 support then
some of our resolver functions could return CURLE_NOT_BUILT_IN to
curl_easy_duphandle causing it to fail.
Daniel Stenberg [Tue, 10 Mar 2020 16:47:44 +0000 (17:47 +0100)]
server/getpart: make the "XML-parser" stricter
When extracting a <section> <part> and there's no </part> before
</section>, this now outputs an error and returns a wrong string to
make users spot the mistake.
In bmake, if the directory is changed (with cd or anything else), bmake
won't return to the "root directory" on the next command (in the same
Makefile rule). This commit runs the cd command in a subshell so it
would work in bmake.
Daniel Stenberg [Tue, 10 Mar 2020 12:55:44 +0000 (13:55 +0100)]
configure: fix -pedantic-errors for GCC 5 and later
If --enable-werror is used.
Follow-up to d5c0351055d5709da which added it too early in the configure
script before $compiler_num was set correctly and thus this option was
never used.
Daniel Stenberg [Tue, 10 Mar 2020 13:37:43 +0000 (14:37 +0100)]
configure: document 'compiler_num' for gcc
The CURL_CHECK_COMPILER_GNU_C function sets the number to MAJOR*100 +
MINOR and ignores the patch version, and since gcc version 7 it only
sets it to MAJOR*100.
Patrick Monnerat [Tue, 28 Jan 2020 10:56:41 +0000 (11:56 +0100)]
silly web server: silent a compilation warning
Recent gcc warns when byte count of strncpy() equals the destination
buffer size. Since the destination buffer is previously cleared and
the source string is always shorter, reducing the byte count by one
silents the warning without affecting the result.
projects / thirdparty / curl.git / log
