Daniel Stenberg [Thu, 3 Feb 2022 09:42:02 +0000 (10:42 +0100)]
TPF: drop support
There has been no TPF related changes done since September 2010 (commit 7e1a45e224e57) and since this is a platform that is relatively different
than many others (== needs attention), I draw the conclusion that this
build is broken since a long time.
Leah Neukirchen [Mon, 31 Jan 2022 17:28:01 +0000 (18:28 +0100)]
scripts/completion.pl: improve zsh completion
- Detect all spellings of <file>, <file name> etc as well as <path>.
- Only complete directories for <dir>.
- Complete URLs for <URL>.
- Complete --request and --ftp-method.
Jay Satiro [Tue, 1 Feb 2022 22:44:26 +0000 (17:44 -0500)]
build: fix ngtcp2 crypto library detection
- Change library link check for ngtcp2_crypto_{gnutls,openssl} to
to use function ngtcp2_crypto_recv_client_initial_cb instead of
ngtcp2_crypto_ctx_initial.
The latter function is no longer external since two days ago in
ngtcp2/ngtcp2@533451f. curl HTTP/3 CI builds have been failing since
then because they would not link to the ngtcp2 crypto library.
multi: remember connection_id before returning connection to pool
Fix a bug that does not require a new CVE as discussed on hackerone.com.
Previously `connection_id` was accessed after returning connection to
the shared pool.
Daniel Stenberg [Fri, 28 Jan 2022 07:17:15 +0000 (08:17 +0100)]
nss: handshake callback during shutdown has no conn->bundle
The callback gets called because of the call to PR_Recv() done to
attempt to avoid RST on the TCP connection. The conn->bundle pointer is
already cleared at this point so avoid dereferencing it.
MAntoniak [Fri, 28 Jan 2022 12:45:30 +0000 (13:45 +0100)]
mbedtls: remove #include <mbedtls/certs.h>
mbedtls/certs.h file contains only certificates example (all definitions
is beginning by mbedtls_test_*). None of them is used so we can avoid
include the file.
Jay Satiro [Thu, 27 Jan 2022 08:32:37 +0000 (03:32 -0500)]
schannel: restore debug message in schannel_connect_step2
This is a follow-up to recent commit 2218c3a which removed the debug
message to avoid an unused variable warning. The message has been
reworked to avoid the warning.
Jay Satiro [Tue, 25 Jan 2022 03:53:29 +0000 (22:53 -0500)]
test3021: disable all msys2 path transformation
- Disable all MSYS2 path transformation in test3021 and test3022.
Prior to this change path transformation in those tests was disabled
only for arguments that start with forward slashes. However arguments
that are in base64 contain forward slashes at any position and caused
unwanted translations.
== Info: Denied establishing ssh session: mismatch sha256 fingerprint.
Remote +/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw= is not equal to
+C:/msys64/EYG2YDzDGm6yiwepEMSuExgRRMoTi8Di1UN3kixZw
In the above example an argument containing a base64 sha256 fingerprint
was passed to curl after MSYS2 translated +/ into +C:/msys64/, and then
the fingerprint didn't match what was expected.
Daniel Stenberg [Sat, 22 Jan 2022 15:56:00 +0000 (16:56 +0100)]
url: revert the removal of trailing dot from host name
Reverts 5de8d84098db1bd24e (May 2014, shipped in 7.37.0) and the
follow-up changes done afterward.
Keep the dot in names for everything except the SNI to make curl behave
more similar to current browsers. This means 'name' and 'name.' send the
same SNI for different 'Host:' headers.
Updated test 1322 accordingly
Fixes #8290 Reported-by: Charles Cazabon
Closes #8320
Daniel Stenberg [Wed, 26 Jan 2022 10:05:45 +0000 (11:05 +0100)]
tests/memanalyze.pl: also count and show "total allocations"
This is the total number of bytes allocated, increasing for new
allocations and never reduced when freed. The existing "Maximum
allocated" is the high water mark.
Daniel Stenberg [Mon, 24 Jan 2022 10:02:55 +0000 (11:02 +0100)]
hostcheck: fixed to not touch used input strings
Avoids the need to clone the strings before check, thus avoiding
mallocs, which for cases where there are many SAN names in a cert could
end up numerous.
Jay Satiro [Fri, 21 Jan 2022 22:09:29 +0000 (17:09 -0500)]
md5: refactor for standard compliance
- Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function
addresses during static initialization.
Depending on how curl was built the old way may have used a dllimport
function address during static initialization, which is not standard
compliant, resulting in Visual Studio warning C4232 (nonstandard
extension). Instead the function pointers now point to the wrappers
which call the MD5 functions.
This change only affects OpenSSL and wolfSSL because calls to other SSL
libraries' md5 functions were already wrapped. Also sha256.c already
does this for all SSL libraries.
Harry Sarson [Fri, 21 Jan 2022 13:32:16 +0000 (13:32 +0000)]
misc: allow curl to build with wolfssl --enable-opensslextra
put all #include of openssl files behind wolfssl ifdefs so that we can
use the wolfssl/ prefixed include paths. Without these curl only builds
when wolfssl is built with enable-all.
Jay Satiro [Wed, 19 Jan 2022 08:40:46 +0000 (03:40 -0500)]
projects: Fix Visual Studio wolfSSL configurations
- Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable
wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chains.
- Disable warning C4214 'bit field types other than int'.
- Add include directory wolfssl\wolfssl.
wolfSSL offers OpenSSL API compatibility that libcurl uses, and some
recent change in libcurl included an include file for wolfSSL like
openssl/foo.h, which has a path like wolfssl\wolfssl\openssl\foo.h.
The include directory issue was reported in #8292 but it's currently
unclear whether this type of change is needed for other build systems.
Bug: https://github.com/curl/curl/issues/8292 Reported-by: Harry Sarson
Closes https://github.com/curl/curl/pull/8298
Daniel Stenberg [Sun, 16 Jan 2022 22:00:09 +0000 (23:00 +0100)]
multi: set in_callback for multi interface callbacks
This makes most libcurl functions return error if called from within a
callback using the same multi handle. For example timer or socket
callbacks calling curl_multi_socket_action.
Reported-by: updatede on github
Fixes #8282
Closes #8286
Daniel Stenberg [Fri, 14 Jan 2022 07:30:26 +0000 (08:30 +0100)]
curl: remove "separators" (when using globbed URLs)
Unless muted (with -s) When doing globbing, curl would output mime-like
separators between the separate transfers. This is not documented
anywhere, surprises users and clobbers the output. Gone now.
Updated test 18 and 1235
Reported-by: jonny112 on github
Bug: https://github.com/curl/curl/discussions/8257
Closes #8278
Niels Martignène [Tue, 11 Jan 2022 08:25:00 +0000 (03:25 -0500)]
mbedtls: fix CURLOPT_SSLCERT_BLOB (again)
- Increase the buffer length passed to mbedtls_x509_crt_parse to account
for the null byte appended to the temporary blob.
Follow-up to 867ad1c which uses a null terminated copy of the
certificate blob, because mbedtls_x509_crt_parse requires PEM data
to be null terminated.
Daniel Stenberg [Tue, 11 Jan 2022 10:28:16 +0000 (11:28 +0100)]
curl_multi_socket.3: remove callback and typical usage descriptions
1. The callback is better described in the option for setting it. Having
it in a single place reduces the risk that one of them is wrong.
2. The "typical usage" is wrong since the functions described in this
man page are both deprecated so they cannot be used in any "typical" way
anymore.
Daniel Stenberg [Sat, 8 Jan 2022 14:40:04 +0000 (15:40 +0100)]
curl-functions.m4: revert DYLD_LIBRARY_PATH tricks in CURL_RUN_IFELSE
Mostly reverts ba0657c343f, but now instead just run the plain macro on
darwin. The approach as used on other platforms is simply not necessary
on macOS.
Fixes #8229 Reported-by: Ryan Schmidt
Closes #8247
Patrick Monnerat [Mon, 10 Jan 2022 10:57:02 +0000 (11:57 +0100)]
openldap: implement SASL authentication
As credentials can be quite different depending on the mechanism used,
there are no default mechanisms for LDAP and simple bind with a DN is
then used.
The caller has to provide mechanism(s) using CURLOPT_LOGIN_OPTIONS to
enable SASL authentication and disable simple bind.
Cameron Will [Tue, 11 Jan 2022 02:39:42 +0000 (21:39 -0500)]
CURLOPT_RESOLVE.3: change example port to 443
83cc966 changed documentation from using http to https. However,
CURLOPT_RESOLVE being set to port 80 in the documentation means that it
isn't valid for the new URL. Update to 443.
Patrick Monnerat [Mon, 10 Jan 2022 10:51:16 +0000 (11:51 +0100)]
curl tool: erase some more sensitive command line arguments
As the ps command may reveal sensitive command line info, obfuscate
options --tlsuser, --tlspasswd, --proxy-tlsuser, --proxy-tlspassword and
--oauth2-bearer arguments.
Reported-by: Stephen Boost <s.booth@epcc.ed.ac.uk>
Closes #7964
Daniel Stenberg [Sun, 9 Jan 2022 21:28:48 +0000 (22:28 +0100)]
mesalink: remove support
Mesalink has ceased development. We can no longer encourage use of it.
It seems to be continued under the name TabbySSL, but no attempts have
(yet) been to make curl support it.
Daniel Stenberg [Sun, 9 Jan 2022 21:38:22 +0000 (22:38 +0100)]
ldap: return CURLE_URL_MALFORMAT for bad URL
For consistency, use the same return code for URL malformats,
independently of what scheme that is used. Previously this would return
CURLE_LDAP_INVALID_URL, but starting now that error cannot be returned.
projects / thirdparty / curl.git / log
