Граф коммитов

25928 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg 43f7ffb6c4
CURLOPT_READFUNCTION.3: provide the upload data size up front
Assisted-by: Jay Satiro
Closes #5607
2020-06-26 15:12:21 +02:00
Daniel Stenberg 1529838a14
test1539: do a HTTP 1.0 POST without a set size (fails)
Attempt to reproduce #5593. Test case 1514 is very similar but uses
HTTP/1.1 and thus switches to chunked.

Closes #5595
2020-06-26 15:11:04 +02:00
Baruch Siach 989e6dffc5
mbedtls: fix build with disabled proxy support
Don't reference fields that do not exist. Fixes build failure:

vtls/mbedtls.c: In function 'mbed_connect_step1':
vtls/mbedtls.c:249:54: error: 'struct connectdata' has no member named 'http_proxy'

Closes #5615
2020-06-26 14:20:20 +02:00
Daniel Stenberg 7de2a4ce35
codeql-analysis.yml: fix the 'languages' setting
It needs a 'with:' in front of it.
2020-06-26 08:49:47 +02:00
Daniel Stenberg 7183f5acc3
gtihub: codeql-analysis.yml
enables code security scanning with github actions
2020-06-26 01:06:05 +02:00
Daniel Stenberg 8acfb932ef
tests: verify newline in username and password for HTTP
test 1296 is a simply command line test

test 1910 is a libcurl test including a redirect
2020-06-25 09:57:19 +02:00
Daniel Stenberg d5ed571948
url: allow user + password to contain "control codes" for HTTP(S)
Reported-by: Jon Johnson Jr
Fixes #5582
Closes #5592
2020-06-25 09:57:19 +02:00
Daniel Stenberg 31e53584db
escape: make the URL decode able to reject only %00 bytes
... or all "control codes" or nothing.

Assisted-by: Nicolas Sterchele
2020-06-25 09:57:18 +02:00
Daniel Stenberg 646cc574f0
http2: set the correct URL in pushed transfers
...previously CURLINFO_EFFECTIVE_URL would report the URL of the
original "mother transfer", not the actually pushed resource.

Reported-by: Jonathan Cardoso Machado
Fixes #5589
Closes #5591
2020-06-25 09:31:21 +02:00
Javier Blazquez ae3d1e04f6 openssl: Fix compilation on Windows when ngtcp2 is enabled
- Include wincrypt before OpenSSL includes so that the latter can
  properly handle any conflicts between the two.

Closes https://github.com/curl/curl/pull/5606
2020-06-25 03:11:46 -04:00
Daniel Stenberg 79d8099ff0
test543: extended to verify zero length input
As was reported in #5601
2020-06-25 00:00:35 +02:00
Daniel Stenberg 32defc3197
escape: zero length input should return a zero length output
Regression added in 7.71.0.

Fixes #5601
Reported-by: Kristoffer Gleditsch
Closes #5602
2020-06-25 00:00:28 +02:00
Daniel Stenberg d2baa502fc
Curl_inet_ntop: always check the return code
Reported-by: Siva Sivaraman
Fixes #5412
Closes #5597
2020-06-24 16:04:54 +02:00
Daniel Stenberg 550bcdd442
sendf: improve the message on client write errors
Replace "Failed writing body (X != Y)" with
"Failure writing output to destination". Possibly slightly less cryptic.

Reported-by: coinhubs on github
Fixes #5594
Closes #5596
2020-06-24 16:03:40 +02:00
Daniel Stenberg 7fb33ee871
RELEASE-NOTES: synced 2020-06-24 11:44:22 +02:00
Daniel Stenberg 906bb64ac9
curlver: start working on 7.71.1 2020-06-24 11:44:10 +02:00
Denis Baručić 923296dc1c
DYNBUF.md: fix a typo: trail => tail
Closes #5599
2020-06-24 11:33:02 +02:00
Daniel Stenberg e9db32a09a
RELEASE-NOTES: curl 7.71.0 release 2020-06-23 23:41:50 +02:00
Daniel Stenberg cc9144b1f3
THANKS: curl 7.71.0 additions 2020-06-23 23:41:49 +02:00
Daniel Stenberg ff1c37cbe3
url: make sure pushed streams get an allocated download buffer
Follow-up to c4e6968127

When a new transfer is created, as a resuly of an acknowledged push,
that transfer needs a download buffer allocated.

Closes #5590
2020-06-23 15:13:27 +02:00
Jay Satiro abbc5d6044 openssl: Don't ignore CA paths when using Windows CA store
This commit changes the behavior of CURLSSLOPT_NATIVE_CA so that it does
not override CURLOPT_CAINFO / CURLOPT_CAPATH, or the hardcoded default
locations. Instead the CA store can now be used at the same time.

The change is due to the impending release. The issue is still being
discussed. The behavior of CURLSSLOPT_NATIVE_CA is subject to change and
is now documented as experimental.

Ref: bc052cc (parent commit)
Ref: https://github.com/curl/curl/issues/5585
2020-06-22 15:31:38 -04:00
Jay Satiro bc052cc878 tool_operate: Don't use Windows CA store as a fallback
Background:

148534d added CURLSSLOPT_NATIVE_CA to use the Windows OS certificate
store in libcurl w/ OpenSSL on Windows. CURLSSLOPT_NATIVE_CA overrides
CURLOPT_CAINFO if both are set. The curl tool will fall back to
CURLSSLOPT_NATIVE_CA if it could not find a certificate bundle to set
via CURLOPT_CAINFO.

Problem:

libcurl may be built with hardcoded paths to a certificate bundle or
directory, and if CURLSSLOPT_NATIVE_CA is used then those paths are
ignored.

Solution:

A solution is still being discussed but since there's an impending
release this commit removes using CURLSSLOPT_NATIVE_CA in the curl tool.

Ref: https://github.com/curl/curl/issues/5585
2020-06-22 15:26:07 -04:00
Jay Satiro c9c31b9245 openssl: Fix CA fallback logic for OpenSSL 3.0 build
Prior to this change I assume a build error would occur when
CURL_CA_FALLBACK was used.

Closes https://github.com/curl/curl/pull/5587
2020-06-22 12:24:57 -04:00
Daniel Stenberg 0f55269aff
copyright: update mismatched copyright years 2020-06-22 11:55:34 +02:00
Daniel Stenberg 5bf653464f
test1460: verify that -Ji is not ok 2020-06-22 00:50:08 +02:00
Daniel Stenberg 8236aba585
tool_getparam: -i is not OK if -J is used
Reported-by: sn on hackerone
Bug: https://curl.haxx.se/docs/CVE-2020-8177.html
2020-06-22 00:49:58 +02:00
Peter Wu 26d2755d7c
CMake: ignore INTERFACE_LIBRARY targets for pkg-config file
Reviewed-by: Marcel Raad
Fixes #5512
Closes #5517
2020-06-21 19:37:28 +02:00
Valentyn Korniienko e39a6e2cea
multibyte: Fixed access-> waccess to file for Windows Plarform
Reviewed-by: Marcel Raad
Closes #5580
2020-06-21 19:31:39 +02:00
Daniel Stenberg 3f84b3e39a
altsvc: bump to h3-29
Closes #5584
2020-06-19 23:29:26 +02:00
Daniel Stenberg fa4fbc533f
urlglob: treat literal IPv6 addresses with zone IDs as a host name
... and not as a "glob". Now done by passing the supposed host to the
URL parser which supposedly will do a better job at identifying "real"
numerical IPv6 addresses.

Reported-by: puckipedia on github
Fixes #5576
Closes #5579
2020-06-18 16:43:06 +02:00
Daniel Stenberg c888e3f6ce
test1179: verify error message for non-existing cmdline option 2020-06-18 13:59:49 +02:00
Daniel Stenberg ada7bd1191
tool_getparam: repair the error message for unknown flag
Follow-up to 9e5669f388
Detected by Coverity CID 1464582 ("Logically dead code")

Closes #5577
2020-06-18 13:59:42 +02:00
Daniel Stenberg 185890d5d7
FILEFORMAT: describe verify/stderr 2020-06-18 09:50:43 +02:00
Daniel Stenberg dc90f51065
connect: improve happy eyeballs handling
For QUIC but also for regular TCP when the second family runs out of IPs
with a failure while the first family is still trying to connect.

Separated the timeout handling for IPv4 and IPv6 connections when they
both have a number of addresses to iterate over.
2020-06-18 00:20:42 +02:00
Daniel Stenberg 325866fd6f
ngtcp2: never call fprintf() in lib code in release version 2020-06-18 00:20:42 +02:00
Daniel Stenberg b6af4c2336
ngtcp2: fix happy eyeballs quic connect crash
Reported-by: Peter Wu
Fixes #5565
Closes #5568
2020-06-18 00:20:42 +02:00
Daniel Stenberg 3bf18cdadd
select: remove the unused ELAPSED_MS() macro
Closes #5573
2020-06-18 00:11:25 +02:00
rcombs 8bc25c590e
multi: implement wait using winsock events
This avoids using a pair of TCP ports to provide wakeup functionality
for every multi instance on Windows, where socketpair() is emulated
using a TCP socket on loopback which could in turn lead to socket
resource exhaustion.

Reviewed-by: Gergely Nagy
Reviewed-by: Marc Hörsken

Closes #5397
2020-06-17 07:18:08 +02:00
Daniel Stenberg 477a4e31d7
manpage: add three missing environment variables
CURL_SSL_BACKEND, QLOGDIR and SSLKEYLOGFILE

Closes #5571
2020-06-17 00:03:07 +02:00
Daniel Stenberg 83503c7240
RELEASE-NOTES: synced 2020-06-16 09:30:35 +02:00
Daniel Stenberg 774eff9fcd
configure: for wolfSSL, check for the DES func needed for NTLM
Also adds pkg-config support for the wolfSSL detection.
2020-06-16 09:06:53 +02:00
Ruurd Beerstra d80d419d3e
ntlm: enable NTLM support with wolfSSL
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES*
functions that OpenSSL has. This change take advantage of that.

Co-authored-by: Daniel Stenberg
Closes #5556
Fixes #5548
2020-06-16 09:06:19 +02:00
Daniel Stenberg e15e51384a
http: move header storage to Curl_easy from connectdata
Since the connection can be used by many independent requests (using
HTTP/2 or HTTP/3), things like user-agent and other transfer-specific
data MUST NOT be kept connection oriented as it could lead to requests
getting the wrong string for their requests. This struct data was
lingering like this due to old HTTP1 legacy thinking where it didn't
mattered..

Fixes #5566
Closes #5567
2020-06-15 22:56:25 +02:00
Daniel Stenberg 350a99b21f
CODE_REVIEW.md: how to do code reviews in curl
Assisted-by: Daniel Gustafsson
Assisted-by: Rich Salz
Assisted-by: Hugo van Kemenade
Assisted-by: James Fuller
Assisted-by: Marc Hörsken
Assisted-by: Jay Satiro

Closes #5555
2020-06-13 22:16:58 +02:00
Daniel Stenberg b88bdedf9c
altsvc: remove the num field from the altsvc struct
It was superfluous since we have the list.size alredy

Reported-by: Jay Satiro
Fixes #5553
Closes #5563
2020-06-12 23:24:11 +02:00
Daniel Stenberg 17f2dcf6b2
version.d: expanded and alpha-sorted
Added a few missing features not previously mentioned. Ordered them
alphabetically.

Closes #5558
2020-06-12 17:08:27 +02:00
Daniel Stenberg 2a0269589a
ABI.md: rename to .md and polish the markdown
Closes #5562
2020-06-12 17:05:21 +02:00
Daniel Stenberg bc392074d2
HELP-US: add a section for "smaller tasks"
The point of this section is to meet the CII Best Practices gold level
critera:

 "The project MUST clearly identify small tasks that can be performed by
  new or casual contributors"

Closes #5560
2020-06-12 15:22:58 +02:00
Daniel Stenberg 95f2732e75
TODO: retry on the redirected-to URL
Closes #5462
2020-06-12 14:43:27 +02:00
Daniel Stenberg ac91b0dd71
mailmap: Nicolas Sterchele 2020-06-12 13:41:52 +02:00