Daniel Stenberg [Tue, 23 Nov 2021 16:07:31 +0000 (17:07 +0100)]
urlapi: provide more detailed return codes
Previously, the return code CURLUE_MALFORMED_INPUT was used for almost
30 different URL format violations. This made it hard for users to
understand why a particular URL was not acceptable. Since the API cannot
point out a specific position within the URL for the problem, this now
instead introduces a number of additional and more fine-grained error
codes to allow the API to return more exactly in what "part" or section
of the URL a problem was detected.
Also bug-fixes curl_url_get() with CURLUPART_ZONEID, which previously
returned CURLUE_OK even if no zoneid existed.
Test cases in 1560 have been adjusted and extended. Tests 1538 and 1559
have been updated.
Updated libcurl-errors.3 and curl_url_strerror() accordingly.
Daniel Stenberg [Tue, 23 Nov 2021 13:16:38 +0000 (14:16 +0100)]
urlapi: make Curl_is_absolute_url always use MAX_SCHEME_LEN
Instad of having all callers pass in the maximum length, always use
it. The passed in length is instead used only as the length of the
target buffer for to storing the scheme name in, if used.
Added the scheme max length restriction to the curl_url_set.3 man page.
Daniel Stenberg [Mon, 22 Nov 2021 17:09:43 +0000 (18:09 +0100)]
curl: improve error message for --head with -J
... it now focuses on the "output of headers" combined with the
--remote-header-name option, as that is actually the problem. Both
--head and --include can output headers.
Reported-by: nimaje on github
Fixes #7987
Closes #8045
The comment is incorrect in two ways:
- It says the check needs to be last, but the check is actually first.
- is_handshaking actually starts out true.
Daniel Stenberg [Fri, 19 Nov 2021 09:55:23 +0000 (10:55 +0100)]
http: enable haproxy support for hyper backend
This is done by having native code do the haproxy header output before
hyper issues its request. The little downside with this approach is that
we need the entire Curl_buffer_send() function built, which is otherwise
not used for hyper builds.
If hyper ends up getting native support for the haproxy protocols we can
backpedal on this.
Bernhard Walle [Wed, 17 Nov 2021 10:40:41 +0000 (11:40 +0100)]
configure: fix runtime-lib detection on macOS
With a non-standard installation of openssl we get this error:
checking run-time libs availability... failed
configure: error: one or more libs available at link-time are not available run-time. Libs used at link-time: -lnghttp2 -lssl -lcrypto -lssl -lcrypto -lz
There's already code to set LD_LIBRARY_PATH on Linux, so set
DYLD_LIBRARY_PATH equivalent on macOS.
Daniel Stenberg [Mon, 15 Nov 2021 16:13:17 +0000 (17:13 +0100)]
docs/cmdline-opts: do not say "protocols: all"
Remove the lines saying "protocols: all". It makes the output in the
manpage look funny, and the expectation is probably by default that if
not anything is mentioned about protocols the option apply to them all.
Patrick Monnerat [Mon, 25 Oct 2021 10:58:37 +0000 (12:58 +0200)]
mime: use percent-escaping for multipart form field and file names
Until now, form field and file names where escaped using the
backslash-escaping algorithm defined for multipart mails. This commit
replaces this with the percent-escaping method for URLs.
As this may introduce incompatibilities with server-side applications, a
new libcurl option CURLOPT_MIME_OPTIONS with bitmask
CURLMIMEOPT_FORMESCAPE is introduced to revert to legacy use of
backslash-escaping. This is controlled by new cli tool option
--form-escape.
New tests and documentation are provided for this feature.
Daniel Stenberg [Sat, 13 Nov 2021 10:44:34 +0000 (11:44 +0100)]
configure: better diagnostics if hyper is built wrong
If hyper is indeed present in the specified directory but couldn't be
used to find the correct symbol, then offer a different error message to
better help the user understand the issue.
Suggested-by: Jacob Hoffman-Andrews
Fixes #8001
Closes #8005
When we're reading out plaintext from rustls' internal buffers, we might
get a read of zero bytes (meaning a clean TCP close, including
close_notify). However, we shouldn't return immediately when that
happens, since we may have already copied out some plaintext bytes.
Break out of the loop when we get a read of zero bytes, and figure out
which path we're dealing with.
The update to rustls-ffi 0.8.0 changed handling of EOF and close_notify.
From the CHANGELOG:
> Handling of unclean close and the close_notify TLS alert. Mirroring
> upstream changes, a rustls_connection now tracks TCP closed state like
> so: rustls_connection_read_tls considers a 0-length read from its
> callback to mean "TCP stream was closed by peer." If that happens
> before the peer sent close_notify, rustls_connection_read will return
> RUSTLS_RESULT_UNEXPECTED_EOF once the available plaintext bytes are
> exhausted. This is useful to protect against truncation attacks. Note:
> some TLS implementations don't send close_notify. If you are already
> getting length information from your protocol (e.g. Content-Length in
> HTTP) you may choose to ignore UNEXPECTED_EOF so long as the number of
> plaintext bytes was as expected.
That means we don't need to check for unclean EOF in `cr_recv()`,
because `process_new_packets()` will give us an error if appropriate.
Daniel Stenberg [Sat, 13 Nov 2021 10:50:59 +0000 (11:50 +0100)]
azure: make the "w/o HTTP/SMTP/IMAP" build disable SSL proper
The configure line would previously depend on a configure mistake using
--without-openssl that is fixed and now this configure line needs
adjusting to use --without-ssl.
Note: The list of libraries that rustc tells us we need to include is
longer, but also includes some more platform-specific libraries that I
am not sure how to effectively incorporate. Adding just -lm seems to
solve an immediate problem, so I'm adding just that.
When torture testing 1021, it turns out the Curl_connect_done function
might be called twice and that previously then wrongly cleared the HTTP
pointer in the second invoke.
Stan Hu [Fri, 12 Nov 2021 00:24:57 +0000 (16:24 -0800)]
configure: don't enable TLS when --without-* flags are used
Previously specifying `--without-gnutls` would unexpectedly attempt to
compile with GnuTLS, effectively interpreting this as
`--with-gnutls`. This caused a significant amount of confusion when
`libcurl` was built with SSL disabled since GnuTLS wasn't present.
68d89f24 dropped the `--without-*` options from the configure help, but
`AC_ARG_WITH` still defines these flags automatically. As
https://www.gnu.org/software/autoconf/manual/autoconf-2.60/html_node/External-Software.html
describes, the `action-if-given` is called when the user specifies
`--with-*` or `--without-*` options.
To prevent this confusion, we make the `--without` flag do the right
thing by ignoring the value if it set to "no".
Kevin Burke [Wed, 3 Nov 2021 05:14:02 +0000 (22:14 -0700)]
vtls/rustls: update to compile with rustls-ffi v0.8.0
Some method names, as well as the generated library name, were changed
in a recent refactoring.
Further, change the default configuration instructions to check for
Hyper in either "target/debug" or "target/release" - the latter
contains an optimized build configuration.
Marc Hoersken [Sat, 6 Nov 2021 15:14:17 +0000 (16:14 +0100)]
tests: add Schannel-specific tests and disable unsupported ones
Adds Schannel variants of SSLpinning tests that include the option
--ssl-revoke-best-effort to ignore certificate revocation check
failures which is required due to our custom test CA certificate.
Disable the original variants if the Schannel backend is enabled.
Also skip all IDN tests which are broken while using an msys shell.
This is a step to simplify test exclusions for Windows and MinGW.
Reviewed-by: Jay Satiro Reviewed-by: Marcel Raad Reviewed-by: Daniel Stenberg
Closes #7968
QUIC Transport Parameters Extension has been changed between draft-29
and latest RFC9001. Most notably, its identifier has been updated from
0xffa5 to 0x0039. The version is selected through the QUIC TLS library
via the legacy codepoint.
Disable the usage of legacy codepoint in curl to switch to latest
RFC9001. This is required to be able to keep up with latest QUIC
implementations.
Daniel Stenberg [Tue, 2 Nov 2021 14:16:18 +0000 (15:16 +0100)]
tool_operate: a failed etag save now only fails that transfer
When failing to create the output file for saving an etag, only fail
that particular single transfer and allow others to follow.
In a serial transfer setup, if no transfer at all is done due to them
all being skipped because of this error, curl will output an error
message and return exit code 26.
Added test 369 and 370 to verify.
Reported-by: Earnestly on github
Ref: #7942
Closes #7945
Kevin Burke [Wed, 3 Nov 2021 23:41:57 +0000 (16:41 -0700)]
.github: retry macos "brew install" command on failure
Previously we saw errors attempting to run "brew install", see
https://github.com/curl/curl/runs/4095721123?check_suite_focus=true for
an example, since this command is idempotent, it is safe to run again.
Daniel Stenberg [Wed, 3 Nov 2021 13:25:49 +0000 (14:25 +0100)]
zuul: pin the quiche build to use an older cmake-rs
The latest cmake-rs assumes cmake's --parallel works. That was added in
cmake 3.12, but a lot of our CI builds run on Ubuntu Bionic which only
has cmake 3.10.
Jay Satiro [Tue, 2 Nov 2021 19:34:04 +0000 (15:34 -0400)]
schannel: fix memory leak due to failed SSL connection
- Call schannel_shutdown if the SSL connection fails.
Prior to this change schannel_shutdown (which shuts down the SSL
connection as well as memory cleanup) was not called when the SSL
connection failed (eg due to failed handshake).
Co-authored-by: Gisle Vanem
Fixes https://github.com/curl/curl/issues/7877
Closes https://github.com/curl/curl/pull/7878
Roy Li [Tue, 26 Apr 2016 05:13:01 +0000 (13:13 +0800)]
configure.ac: replace krb5-config with pkg-config
The rationale is that custom *-config tools don't work well when
cross-compiling or using sysroots (such as when using Yocto project) and
require custom fixing for each of them; pkg-config on the other hand
works similarly everywhere.
Signed-off-by: Roy Li <rongqing.li@windriver.com> Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Closes #7916
projects / thirdparty / curl.git / log
