configure.ac: move -pthread CFLAGS setting back where it used to be
The fix for #8276 proposed in #8374 set `CFLAGS="$CFLAGS -pthead"`
earlier than it used to be set, applying it in cases where it should not
have been applied.
This moves the AIX XLC check to a new `case $host in` block inside of
the `if test "$USE_THREADS_POSIX" != "1"` block, where `CFLAGS="$CFLAGS
-pthead"` used to happen.
Daniel Stenberg [Wed, 9 Mar 2022 09:00:21 +0000 (10:00 +0100)]
curl: error out when options need features not present in libcurl
Trying to use a proxy when libcurl was built with proxy support disabled
should make curl error out properly.
Remove knowledge of disabled features from the tool code and instead
make it properly respond to what libcurl returns. Update all tests to
properly require the necessary features to be present/absent so that the
test suite can still be run even with libcurl builds with disabled
features.
Don [Tue, 8 Mar 2022 18:44:34 +0000 (10:44 -0800)]
nonblock: restore setsockopt method to curlx_nonblock
The implementation using setsockopt was removed when BeOS support was
purged. However this functionality wasn't BeOS specific, it is still
used by for example Orbis OS (Playstation 4/5 OS).
lwthiker [Mon, 28 Feb 2022 09:05:34 +0000 (11:05 +0200)]
openssl: enable CURLOPT_SSL_EC_CURVES with BoringSSL
The CURLOPT_SSL_EC_CURVES option (used by the '--curves' flag) in
libcurl was ignored when compiling with BoringSSL because
HAVE_SSL_CTX_SET_EC_CURVES was explicitly disabled if BoringSSL was
detected. However, this feature is supported in BoringSSL since 5fd1807d. This commit enables it, and also reduces the required minimal
OpenSSL version to 1.0.2 as per OpenSSL's official documentation.
Paul Howarth [Sun, 6 Mar 2022 13:13:34 +0000 (13:13 +0000)]
runtests: make 'oldlibssh' be before 0.9.4
The 'oldlibssh' feature indicates that the error code returned by libssh
for a broken known_hosts file should be 67 rather than 60 (test1459).
This feature was added as part of #8444 with 'oldlibssh' mapping to
libssh versions prior to 0.9.6, and then refined as part of #8511 to map
to versions prior to 0.9.5.
In Red Hat Enterprise Linux 8.5 there is a patched version of libssh
version 0.9.4 (https://git.centos.org/rpms/libssh/blob/c8/f/SOURCES) in
which test1459 fails because it returns the "new" value rather than the
"old" one. It's plausible that one of the patches is responsible for
this rather than the underlying code but I don't think so.
This change therefore drops the 'oldlibssh' version check to map to
libssh versions older than 0.9.4, which fixes builds on RHEL-8.
Stewart Gebbie [Thu, 24 Feb 2022 11:06:11 +0000 (13:06 +0200)]
hostip: avoid unused parameter error in Curl_resolv_check
When built without DNS-over-HTTP and without asynchronous resolvers,
neither the dns nor the data parameters are used.
That is Curl_resolv_check appears to call
Curl_resolver_is_resolved(data, dns). But,
with CURL_DISABLE_DOH without CURLRES_ASYNCH, the call is actually
elided via a macro definition.
This fix resolves the resultant: "unused parameter 'data'" error.
Jay Satiro [Sun, 20 Feb 2022 21:30:08 +0000 (16:30 -0500)]
openssl: check if sessionid flag is enabled before retrieving session
Ideally, Curl_ssl_getsessionid should not be called unless sessionid
caching is enabled. There is a debug assertion in the function to help
ensure that. Therefore, the pattern in all vtls is basically:
Jay Satiro [Sun, 20 Feb 2022 21:04:07 +0000 (16:04 -0500)]
multi: allow user callbacks to call curl_multi_assign
Several years ago a change was made to block user callbacks from calling
back into the API when not supported (recursive calls). One of the calls
blocked was curl_multi_assign. Recently the blocking was extended to the
multi interface API, however curl_multi_assign may need to be called
from within those user callbacks (eg CURLMOPT_SOCKETFUNCTION).
I can't think of any callback where it would be unsafe to call
curl_multi_assign so I removed the restriction entirely.
Reported-by: Michael Wallner
Ref: https://github.com/curl/curl/commit/b46cfbc
Ref: https://github.com/curl/curl/commit/340bb19
Jan Venekamp [Mon, 6 Dec 2021 17:35:55 +0000 (18:35 +0100)]
bearssl: fix EXC_BAD_ACCESS on incomplete CA cert
- Do not create trust anchor object for a CA certificate until after it
is processed.
Prior to this change the object was created at state BR_PEM_BEGIN_OBJ
(certificate processing begin state). An incomplete certificate (for
example missing a newline at the end) never reaches BR_PEM_END_OBJ
(certificate processing end state) and therefore the trust anchor data
was not set in those objects, which caused EXC_BAD_ACCESS.
Jan Venekamp [Mon, 6 Dec 2021 17:36:01 +0000 (18:36 +0100)]
bearssl: fix connect error on expired cert and no verify
- When peer verification is disabled use the x509_decode engine instead
of the x509_minimal engine to parse and extract the public key from
the first cert of the chain.
Prior to this change in such a case no key was extracted and that caused
CURLE_SSL_CONNECT_ERROR. The x509_minimal engine will stop parsing if
any validity check fails but the x509_decode won't.
Joel Depooter [Thu, 17 Feb 2022 19:33:17 +0000 (11:33 -0800)]
schannel: move the algIds array out of schannel.h
This array is only used by the SCHANNEL_CRED struct in the
schannel_acquire_credential_handle function. It can therefore be kept as
a local variable. This is a minor update to bbb71507b7bab52002f9b1e0880bed6a32834511.
This change also updates the NUM_CIPHERS value to accurately count the
number of ciphers options listed in schannel.c, which is 47 instead of
45. It is unlikely that anyone tries to set all 47 values, but if they
had tried, the last two would not have been set.
Kevin Adler [Mon, 24 Jan 2022 22:44:26 +0000 (16:44 -0600)]
os400: Default build to target current release
V6R1M0 is not available as a target release since IBM i 7.2. To keep
from having to keep this up to date in git, default to the current
release. Users can configure this to whatever release they want to
actually build for.
Daniel Stenberg [Thu, 17 Feb 2022 09:49:05 +0000 (10:49 +0100)]
docs/INTERNALS.md: clean up, refer to the book
The explanatory parts are now in the everything curl book (which can
also use images etc). This document now refers to that resource and only
leaves listings of supported versions of libs, tools and operating
systems. See https://everything.curl.dev/internals
Marcel Raad [Wed, 16 Feb 2022 08:19:58 +0000 (09:19 +0100)]
des: fix compile break for OpenSSL without DES
When `USE_OPENSSL` was defined but OpenSSL had no DES support and a
different crypto library was used for that, `Curl_des_set_odd_parity`
was called but not defined. This could for example happen on Windows
and macOS when using OpenSSL v3 with deprecated features disabled.
Use the same condition for the function definition as used at the
caller side, but leaving out the OpenSSL part to avoid including
OpenSSL headers.
- Change the minimum OpenSSL version for using their SHA256
implementation from 0.9.7 to 0.9.8.
EVP_sha256() does not appear in the OpenSSL source before 0.9.7h, and
does not get built by default until 0.9.8, so trying to use it for all
0.9.7 is wrong, and before 0.9.8 is unreliable.
Kevin Adler [Mon, 24 Jan 2022 22:56:38 +0000 (16:56 -0600)]
gskit: Fix initialization of Curl_ssl_gskit struct
In c30bf22, Curl_ssl_getsock was factored out in to a member of
struct Curl_ssl but the gskit initialization was not updated to reflect
this new member.
Kevin Adler [Mon, 24 Jan 2022 22:50:36 +0000 (16:50 -0600)]
gskit: Fix errors from Curl_strerror refactor
2f0bb864c1 replaced sterror with Curl_strerror, but the strerror buffer
shadows the set_buffer "buffer" parameter. To keep consistency with the
other functions that use Curl_strerror, rename the parameter.
In addition, strerror.h is needed for the definition of STRERROR_LEN.
projects / thirdparty / curl.git / log
