ftp,imap,pop3,smtp: reject STARTTLS server response pipelining
If a server pipelines future responses within the STARTTLS response, the
former are preserved in the pingpong cache across TLS negotiation and
used as responses to the encrypted commands.
This fix detects pipelined STARTTLS responses and rejects them with an
error.
Daniel Stenberg [Sat, 11 Sep 2021 22:20:22 +0000 (00:20 +0200)]
http_proxy: fix the User-Agent inclusion in CONNECT
It should not refer to the uagent string that is allocated and created
for the end server http request, as that pointer may be cleared on
subsequent CONNECT requests.
Added test case 1184 to verify.
Reported-by: T200proX7 on github
Fixes #7705
Closes #7707
Daniel Stenberg [Fri, 10 Sep 2021 09:39:22 +0000 (11:39 +0200)]
http2: Curl_http2_setup needs to init stream data in all invokes
Thus function was written to avoid doing multiple connection data
initializations, which is fine, but since it also initiates stream
related data it is crucial that it doesn't skip those even if called
again for the same connection. Solved by moving the stream
initializations before the "doing-it-again" check.
Marc Hoersken [Wed, 2 Jun 2021 18:57:44 +0000 (20:57 +0200)]
runtests: add option -u to error on server unexpectedly alive
Let's try to actually handle the server unexpectedly alive
case by first making them visible on CI builds as failures.
This is needed to detect issues with killing of the test
servers completely including nested process chains with
multiple PIDs per test server (including bash and perl).
On Windows/cygwin platforms this is especially helpful with
debugging PID mixups due to cygwin using its own PID space.
Daniel Stenberg [Wed, 8 Sep 2021 20:55:58 +0000 (22:55 +0200)]
opts docs: unify phrasing in NAME header
- avoid writing "set ..." or "enable/disable ..." or "specify ..."
*All* options for curl_easy_setopt() are about setting or enabling
things and most of the existing options didn't use that way of
description.
- start with lowercase letter, unless abbreviation. For consistency.
cirrus: Add FreeBSD 13.0 job and disable sanitizer build
As alluded to the in the now removed comment, a 13.0 image became
available and is now ready to be used.
The sanitizer builds were running on the 12.1 image which since has
been removed from the config, leaving the builds not running at all.
When enabled it turns out that they don't actually work due to very
long timeouts in executing the tests, so keep the disabled for now
but a bit more controlled.
MAntoniak [Tue, 17 Aug 2021 16:40:25 +0000 (18:40 +0200)]
mbedtls: avoid using a large buffer on the stack
Use dynamic memory allocation for the buffer used in checking "pinned
public key". The PUB_DER_MAX_BYTES parameter with default settings is
set to a value greater than 2kB.
Daniel Stenberg [Sat, 4 Sep 2021 21:41:07 +0000 (23:41 +0200)]
configure: make --disable-hsts work
The AC_ARG_ENABLE() macro itself uses a variable called
'enable_[option]', so when our script also used a variable with that
name for the purpose of storing what the user wants, it also
accidentally made it impossible to switch off the feature with
--disable-hsts. Fix this by renaming our variable.
Daniel Stenberg [Wed, 1 Sep 2021 08:26:36 +0000 (10:26 +0200)]
opt-docs: verify man page sections + order
In every libcurl option man page there are now 8 mandatory sections that
must use the right name in the correct order and test 1173 verifies
this. Only 14 man pages needed adjustments.
The sections and the order is as follows:
- NAME
- SYNOPSIS
- DESCRIPTION
- PROTOCOLS
- EXAMPLE
- AVAILABILITY
- RETURN VALUE
- SEE ALSO
Daniel Stenberg [Wed, 1 Sep 2021 07:23:37 +0000 (09:23 +0200)]
opt-docs: make sure all man pages have examples
Extended manpage-syntax.pl (run by test 1173) to check that every man
page for a libcurl option has an EXAMPLE section that is more than two
lines. Then fixed all errors it found and added examples.
Daniel Stenberg [Thu, 2 Sep 2021 13:57:25 +0000 (15:57 +0200)]
connect: get local port + ip also when reusing connections
Regression. In d6a37c23a3c (7.75.0) we removed the duplicated storage
(connection + easy handle), so this info needs be extracted again even
for re-used connections.
Daniel Stenberg [Tue, 31 Aug 2021 14:37:14 +0000 (16:37 +0200)]
curl.1: provide examples for each option
The file format for each option now features a "Example:" header that
can provide one or more examples that get rendered appropriately in the
output. All options MUST have at least one example or gen.pl complains
at build-time.
This fix also does a few other minor format and consistency cleanups.
Daniel Stenberg [Fri, 27 Aug 2021 15:42:40 +0000 (17:42 +0200)]
http_proxy: only wait for writable socket while sending request
Otherwise it would wait socket writability even after the entire CONNECT
request has sent and make curl basically busy-loop while waiting for a
response to come back.
The previous fix attempt in #7484 (c27a70a591a4) was inadequate.
Daniel Stenberg [Thu, 26 Aug 2021 05:43:34 +0000 (07:43 +0200)]
curl: better error message when -O fails to get a good name
Due to how this currently works internally, it needs a working initial
file name to store contents in, so it may still fail even with -J is
used (and thus accepting a name from content-disposition:) if the file
name part of the URL isn't "good enough".
Don [Tue, 24 Aug 2021 18:27:39 +0000 (11:27 -0700)]
cmake: sync CURL_DISABLE options
Adds the full listing of CURL_DISABLE options to the CMake build. Moves
all option code, except for CURL_DISABLE_OPENSSL_AUTO_LOA_CONFIG which
resides near OpenSSL configuration, to the same block of code. Also
sorts the options here and in the cmake config header.
Additionally sorted the CURL-DISABLE listing and fixed the
CURL_DISABLE_POP3 option.
Ehren Bendler [Thu, 19 Aug 2021 17:45:55 +0000 (13:45 -0400)]
wolfssl: clean up wolfcrypt error queue
If wolfSSL is built in certain ways (OPENSSL_EXTRA or Debug), the error
queue gets added on to for each session and never freed. Fix it by
calling ERR_clear_error() like in vtls/openssl when needed. This func is
a no-op in wolfcrypt if the error queue is not enabled.
Don [Fri, 20 Aug 2021 16:29:10 +0000 (09:29 -0700)]
curl_setup.h: sync values for HTTP_ONLY
The values for HTTP_ONLY differed between CMakeLists.txt and
curl_setup.h. Sync them and sort the values in curl_setup.h to make it
easier to spot differences.
Jay Satiro [Tue, 17 Aug 2021 06:24:48 +0000 (02:24 -0400)]
configure: set classic mingw minimum OS version to XP
- If the user has not specified a minimum OS version (via WINVER or
_WIN32_WINNT macros) then set it to Windows XP.
Prior to this change classic MinGW defaulted the minimum OS version
to Windows NT 4.0 which is way too old. At least Windows XP is needed
for getaddrinfo (which resolves hostnames to IPv6 addresses).
Jay Satiro [Tue, 17 Aug 2021 06:17:21 +0000 (02:17 -0400)]
schannel: Work around typo in classic mingw macro
- Define ALG_CLASS_DHASH (the typo from the include) to ALG_CLASS_HASH.
Prior to this change there was an incomplete fix to ignore the
CALG_TLS1PRF macro on those versions of MinGW where it uses the
ALG_CLASS_DHASH typoed macro.
Marc Hoersken [Tue, 17 Aug 2021 19:16:41 +0000 (21:16 +0200)]
tests/*server.pl: flush output before executing subprocess
Also avoid shell processes staying around by using exec.
This is necessary to avoid output data being buffering
inside the process chain of Perl, Bash/Shell and our
test server binaries. On non-Windows systems the exec
will also make the subprocess replace the intermediate
shell, but on Windows it will at least bind the processes
together since there is no real fork or exec available.
Daniel Stenberg [Tue, 17 Aug 2021 14:52:55 +0000 (16:52 +0200)]
openssl: when creating a new context, there cannot be an old one
Remove the previous handling that would call SSL_CTX_free(), and instead
add an assert that halts a debug build if there ever is a context
already set at this point.
Marc Hoersken [Sun, 15 Aug 2021 10:40:54 +0000 (12:40 +0200)]
tests/server/*.c: align handling of portfile argument and file
1. Call the internal variable portname (like pidname) everywhere.
2. Have a variable wroteportfile (like wrotepidfile) everywhere.
3. Make sure the file is cleaned up on exit (like pidfile).
4. Add parameter --portfile to usage outputs everywhere.
Reviewed-by: Daniel Stenberg
Replaces #7523
Closes #7574
projects / thirdparty / curl.git / log
