Daniel Stenberg [Thu, 16 Jan 2020 07:17:04 +0000 (08:17 +0100)]
polarssl: removed
As detailed in DEPRECATE.md, the polarssl support is now removed after
having been disabled for 6 months and nobody has missed it.
The threadlock files used by mbedtls are renamed to an 'mbedtls' prefix
instead of the former 'polarssl' and the common functions that
previously were shared between mbedtls and polarssl and contained the
name 'polarssl' have now all been renamed to instead say 'mbedtls'.
Marcel Raad [Sat, 11 Jan 2020 10:20:38 +0000 (11:20 +0100)]
CMake: use check_symbol_exists also for inet_pton
It doesn't make much sense to only check if the function can be linked
when it's not declared in any header and that is treated as an error.
With the correct target Windows version set, the function is declared
in ws2tcpip.h and the comment above the modified block is invalid.
Also, move the definition of `_WIN32_WINNT` up to before all symbol
availability checks so that we don't have to care which ones must be
done after it.
Tested with Visual Studio 2019 and current MinGW-w64.
Daniel Stenberg [Sun, 5 Jan 2020 09:34:19 +0000 (10:34 +0100)]
ConnectionExists: respect the max_concurrent_streams limits
A regression made the code use 'multiplexed' as a boolean instead of the
counter it is intended to be. This made curl try to "over-populate"
connections with new streams.
This regression came with 41fcdf71a1, shipped in curl 7.65.0.
Also, respect the CURLMOPT_MAX_CONCURRENT_STREAMS value in the same
check.
Santino Keupp [Fri, 20 Dec 2019 12:37:20 +0000 (13:37 +0100)]
libssh2: add support for forcing a hostkey type
- Allow forcing the host's key type found in the known_hosts file.
Currently, curl (with libssh2) does not take keys from your known_hosts
file into account when talking to a server. With this patch the
known_hosts file will be searched for an entry matching the hostname
and, if found, libssh2 will be told to claim this key type from the
server.
nicoguillier [Fri, 10 Jan 2020 08:57:38 +0000 (09:57 +0100)]
cmake: Improve libssh2 check on Windows
- Add "libssh2" name to FindLibSSH2 library search.
On Windows systems, libSSH2 CMake installation may name the library
"LibSSH2".
Prior to this change cmake only checked for name "ssh2". On Linux that
works fine because it will prepend the "lib", but it doesn't do that on
Windows.
Faizur Rahman [Wed, 25 Dec 2019 23:49:48 +0000 (18:49 -0500)]
schannel: Make CURLOPT_CAINFO work better on Windows 7
- Support hostname verification via alternative names (SAN) in the
peer certificate when CURLOPT_CAINFO is used in Windows 7 and earlier.
CERT_NAME_SEARCH_ALL_NAMES_FLAG doesn't exist before Windows 8. As a
result CertGetNameString doesn't quite work on those versions of
Windows. This change provides an alternative solution for
CertGetNameString by iterating through CERT_ALT_NAME_INFO for earlier
versions of Windows.
Prior to this change many certificates failed the hostname validation
when CURLOPT_CAINFO was used in Windows 7 and earlier. Most certificates
now represent multiple hostnames and rely on the alternative names field
exclusively to represent their hostnames.
Marcel Raad [Mon, 6 Jan 2020 11:56:44 +0000 (12:56 +0100)]
hostip: move code to resolve IP address literals to `Curl_resolv`
The code was duplicated in the various resolver backends.
Also, it was called after the call to `Curl_ipvalid`, which matters in
case of `CURLRES_IPV4` when called from `connect.c:bindlocal`. This
caused test 1048 to fail on classic MinGW.
The code ignores `conn->ip_version` as done previously in the
individual resolver backends.
Move the call to the `resolver_start` callback up to appease test 655,
which wants it to be called also for literal addresses.
Jay Satiro [Wed, 8 Jan 2020 00:44:51 +0000 (19:44 -0500)]
tool_dirhie: Allow directory traversal during creation
- When creating a directory hierarchy do not error when mkdir fails due
to error EACCESS (13) "access denied".
Some file systems allow for directory traversal; in this case that it
should be possible to create child directories when permission to the
parent directory is restricted.
This is a regression caused by me in f16bed0 (precedes curl-7_61_1).
Basically I had assumed that if a directory already existed it would
fail only with error EEXIST, and not error EACCES. The latter may
happen if the directory exists but has certain restricted permissions.
Daniel Stenberg [Wed, 18 Dec 2019 14:37:20 +0000 (15:37 +0100)]
runtests: make random seed fixed for a month
When using randomized features of runtests (-R and --shallow) it is
useful to have a fixed random seed to make sure for example extra
commits in a branch or a rebase won't change the seed that would make
repeated runs work differently.
As it is also useful to change seed sometimes, the default seed is now
determined based on the current month (and first line curl -V
output). When the month changes, so will the random seed.
The specific seed is also shown in the standard test suite top header
and it can be set explictly with the new --seed=[num] option so that the
exact order of a previous run can be achieved.
Marcel Raad [Mon, 6 Jan 2020 10:11:50 +0000 (11:11 +0100)]
TrackMemory tests: always remove CR before LF
It was removed for output containing ' =' via `s/ =.*//`. With classic
MinGW, this made lines with `free()` end with CRLF, but lines with e.g.
`malloc()` end with only LF. The tests expect LF only.
Marc Aldorasi [Thu, 2 Jan 2020 17:05:11 +0000 (12:05 -0500)]
tests: Fix bounce requests with truncated writes
Prior to this change the swsbounce check in service_connection could
fail because prevtestno and prevpartno were not set, which would cause
the wrong response data to be sent to some tests and cause them to fail.
Jay Satiro [Sun, 29 Dec 2019 20:23:25 +0000 (15:23 -0500)]
tests: Change NTLM tests to require SSL
Prior to this change tests that required NTLM feature did not require
SSL feature.
There are pending changes to cmake builds that will allow enabling NTLM
in non-SSL builds in Windows. In that case the NTLM auth strings created
are different from what is expected by the NTLM tests and they fail:
"The issue with NTLM is that previous non-SSL builds would not enable
NTLM and so the NTLM tests would be skipped."
Michael Forney [Sat, 21 Dec 2019 03:20:18 +0000 (19:20 -0800)]
bearssl: Improve I/O handling
Factor out common I/O loop as bearssl_run_until, which reads/writes TLS
records until the desired engine state is reached. This is now used for
the handshake, read, write, and close.
Match OpenSSL SSL_write behavior, and don't return the number of bytes
written until the corresponding records have been completely flushed
across the socket. This involves keeping track of the length of data
buffered into the TLS engine, and assumes that when CURLE_AGAIN is
returned, the write function will be called again with the same data
and length arguments. This is the same requirement of SSL_write.
Handle TLS close notify as EOF when reading by returning 0.
Jay Satiro [Thu, 26 Dec 2019 07:26:08 +0000 (02:26 -0500)]
CURLOPT_HEADERFUNCTION.3: Document that size is always 1
For compatibility with `fwrite`, the `CURLOPT_HEADERFUNCTION` callback
is passed two `size_t` parameters which, when multiplied, designate the
number of bytes of data passed in. In practice, CURL always sets the
first parameter (`size`) to 1.
This practice is also enshrined in documentation and cannot be changed
in future. The documentation states that the default callback is
`fwrite`, which means `fwrite` must be a suitable function for this
purpose. However, the documentation also states that the callback must
return the number of *bytes* it successfully handled, whereas ISO C
`fwrite` returns the number of items (each of size `size`) which it
wrote. The only way these numbers can be equal is if `size` is 1.
Since `size` is 1 and can never be changed in future anyway, document
that fact explicitly and let users rely on it.
Reported-by: Frank Gevaerts Commit-message-by: Christopher Head
Ref: https://github.com/curl/curl/pull/2787
The comment was confusing and suggested that setting CURLOPT_NOPROGRESS
to 0L would both enable and disable debug output at the same time, like
a Schrödinger's cat of CURLOPTs.
Jay Satiro [Wed, 18 Dec 2019 18:56:16 +0000 (13:56 -0500)]
ngtcp2: Support the latest update key callback type
- Remove our cb_update_key in favor of ngtcp2's new
ngtcp2_crypto_update_key_cb which does the same thing.
Several days ago the ngtcp2_update_key callback function prototype was
changed in ngtcp2/ngtcp2@42ce09c. Though it would be possible to
fix up our cb_update_key for that change they also added
ngtcp2_crypto_update_key_cb which does the same thing so we'll use that
instead.
Daniel Stenberg [Wed, 18 Dec 2019 13:03:36 +0000 (14:03 +0100)]
create_conn: prefer multiplexing to using new connections
... as it would previously prefer new connections rather than
multiplexing in most conditions! The (now removed) code was a leftover
from the Pipelining code that was translated wrongly into a
multiplex-only world.
Jay Satiro [Sun, 15 Dec 2019 22:31:23 +0000 (17:31 -0500)]
winbuild: Document CURL_STATICLIB requirement for static libcurl
A static libcurl (ie winbuild mode=static) requires that the user define
CURL_STATICLIB when using it in their application. This is already
covered in the FAQ and INSTALL.md, but is a pretty important point so
now it's noted in the BUILD.WINDOWS.txt as well.
Assisted-by: Michael Vittiglio
Closes https://github.com/curl/curl/pull/4721
projects / thirdparty / curl.git / log
