When SRP is requested in the priority string, GnuTLS will disable
support for TLS 1.3. Before this change, curl would always add +SRP to
the priority list, effectively always disabling TLS 1.3 support.
With this change, +SRP is only added to the priority list when SRP
authentication is also requested. This also allows updating the error
handling here to not have to retry without SRP. This is because SRP is
only added when requested and in that case a retry is not needed.
Marc Hoersken [Fri, 10 Apr 2020 20:54:24 +0000 (22:54 +0200)]
tests: use Cygwin/msys PIDs for stunnel and sshd on Windows
Since the Windows versions of both programs would write Windows
PIDs to their pidfiles which we cannot handle, we need to use
our known perl.exe Cygwin/msys PID together with exec() in order
to tie the spawned processes to the existance of our perl.exe
The perl.exe that is executing secureserver.pl and sshserver.pl
has a Cygwin/msys PID, because it is started inside Cygwin/msys.
- Support locales that use a character other than period as decimal
separator (eg 100,0%).
test1148 checks that the progress finishes at 100% and has the right
bar width. Prior to this change the test assumed that the only progress
reported for such a quick transfer was 100%, however in rare instances
(like in the CI where transfer time can slow considerably) there may be
intermediate updates. For example, below is stderrlog1148 from a failed
CI run with explicit \r and \n added (it is one line; broken up so that
it's easier to understand).
Daniel Stenberg [Wed, 8 Apr 2020 14:40:51 +0000 (16:40 +0200)]
server/resolve: remove AI_CANONNAME to make macos tell the truth
With this bit set, my mac successfully resolves "ip6-localhost" when in
fact there is no such host known to my machine! That in turn made test
241 wrongly execute and fail.
Daniel Stenberg [Tue, 7 Apr 2020 13:10:37 +0000 (15:10 +0200)]
tests: verify split initial HTTP requests with CURL_SMALLREQSEND
test1294: "split request" being when the entire request isn't sent in
the first go, and the remainder is sent in the PERFORM state. A GET
request is otherwise not sending anything during PERFORM.
Daniel Stenberg [Tue, 7 Apr 2020 13:09:04 +0000 (15:09 +0200)]
http: allow Curl_add_buffer_send() to do a short first send by force
In a debug build, settting the environment variable "CURL_SMALLREQSEND"
will make the first HTTP request send not send more bytes than the set
amount, thus ending up verifying that the logic for handling a split
HTTP request send works correctly.
Daniel Stenberg [Mon, 6 Apr 2020 14:20:27 +0000 (16:20 +0200)]
scripts/release-notes.pl: add helper script for RELEASE-NOTES maintenance
This script helps putting entries in the RELEASE-NOTES using a coherent
style and sorting with a minimal human editing effort - as long as the
first line in the commit message is good enough! There's a short howto
at the top of the file.
CURLINFO_CONDITION_UNMET: return true for 304 http status code
In libcurl, CURLINFO_CONDITION_UNMET is used to avoid writing to the
output file if the server did not transfered a file based on time
condition. In the same manner, getting a 304 HTTP response back from the
server, for example after passing a custom If-Match-* header, also
fulfill this condition.
curl: allow both --etag-compare and --etag-save with same file name
This change inverse the order of processing for the --etag-compare and
--etag-save option to process first --etag-compare. This in turn allows
to use the same file name to compare and save an etag.
The original behavior of not failing if the etag file does not exists is
conserved.
Viktor Szakats [Sat, 4 Apr 2020 17:49:20 +0000 (17:49 +0000)]
windows: enable UnixSockets with all build toolchains
Extend existing unix socket support in Windows builds to be
enabled for all toolchain vendors or versions. (Previously
it was only supported with certain MSVC versions + more recent
Windows 10 SDKs)
Marc Hoersken [Sun, 29 Mar 2020 16:25:31 +0000 (18:25 +0200)]
sockfilt: fix handling of ready closed sockets on Windows
Replace the incomplete workaround regarding FD_CLOSE
only signalling once by instead doing a pre-check with
standard select and storing the result for later use.
select keeps triggering on closed sockets on Windows while
WSAEventSelect fires only once with data still available.
By doing the pre-check we do not run in a deadlock
due to waiting forever for another FD_CLOSE event.
Daiki Ueno [Sun, 29 Mar 2020 12:53:39 +0000 (14:53 +0200)]
ngtcp2: update to git master for the key installation API change
This updates the ngtcp2 OpenSSL backend to follow the API change in
commit 32e703164 of ngtcp2.
Notable changes are:
- ngtcp2_crypto_derive_and_install_{rx,tx}_key have been added to replace
ngtcp2_crypto_derive_and_install_key
- the 'side' argument of ngtcp2_crypto_derive_and_install_initial_key
has been removed
Daniel Stenberg [Wed, 25 Mar 2020 22:16:28 +0000 (23:16 +0100)]
docs/make: generate curl.1 from listed files only
Previously it rendered the page from files matching "*.d" in the correct
directory, which worked fine in git builds when the files were added but
made it easy to forget adding the files to the dist.
Now, only man page sections listed in DPAGES in Makefile.inc will be
used, thus "forcing" us to update this to get the man page right and get
it included in the dist at the same time.
Daniel Stenberg [Mon, 23 Mar 2020 11:28:20 +0000 (12:28 +0100)]
openssl: adapt to functions marked as deprecated since version 3
OpenSSL 3 deprecates SSL_CTX_load_verify_locations and the MD4, DES
functions we use.
Fix the MD4 and SSL_CTX_load_verify_locations warnings.
In configure, detect OpenSSL v3 and if so, inhibit the deprecation
warnings. OpenSSL v3 deprecates the DES functions we use for NTLM and
until we rewrite the code to use non-deprecated functions we better
ignore these warnings as they don't help us.
projects / thirdparty / curl.git / log
