Граф коммитов

674 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg 151da51404 cyassl: deal with lack of *get_peer_certificate
The function is only present in wolfssl/cyassl if it was built with
--enable-opensslextra. With these checks added, pinning support is disabled
unless the TLS lib has that function available.

Also fix the mistake in configure that checks for the wrong lib name.

Closes #566
2015-12-16 10:27:18 +01:00
Daniel Stenberg 1ff3a07be9 wolfssl: handle builds without SSLv3 support 2015-12-16 10:06:09 +01:00
Daniel Shahaf be0d4141af build: Install zsh completion
Fixes #534
Closes #537
2015-11-24 22:22:01 +01:00
Jay Satiro 72d99f2e7b build: Fix mingw ssl gdi32 order
- If mingw ssl make sure -lgdi32 comes after ssl libs

- Allow PKG_CONFIG to set pkg-config location and options

Bug: https://github.com/bagder/curl/pull/501
Reported-by: Kang Lin
2015-10-23 17:17:54 -04:00
Jonas Minnberg fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Daniel Stenberg 5cf0166636 configure: add PSL to the list of features
... to make test 1014 work again after e77b5b7453.
2015-10-18 00:11:13 +02:00
Tim Rühsen e77b5b7453 cookies: Add support for Mozilla's Publix Suffix List
Use libpsl to check the domain value of Set-Cookie headers (and cookie
jar entries) for not being a Publix Suffix.

The configure script checks for "libpsl" by default. Disable the check
with --without-libpsl.

Ref: https://publicsuffix.org/
Ref: https://github.com/publicsuffix/list
Ref: https://github.com/rockdaboot/libpsl
2015-10-17 16:37:49 +02:00
Daniel Stenberg 3771da335b configure: build silently by default
'make V=1' will make the build verbose like before
2015-10-07 14:56:07 +02:00
Mike Crowe 6b56901b56 gnutls: Support CURLOPT_KEYPASSWD
The gnutls vtls back-end was previously ignoring any password set via
CURLOPT_KEYPASSWD. Presumably this was because
gnutls_certificate_set_x509_key_file did not support encrypted keys.

gnutls now has a gnutls_certificate_set_x509_key_file2 function that
does support encrypted keys. Let's determine at compile time whether the
available gnutls supports this new function. If it does then use it to
pass the password. If it does not then emit a helpful diagnostic if a
password is set. This is preferable to the previous behaviour of just
failing to read the certificate without giving a reason in that case.

Signed-off-by: Mike Crowe <mac@mcrowe.com>
2015-09-22 17:30:33 +02:00
Daniel Stenberg eb8283bb1a configure: check for HMAC_Update in openssl
Turns out HMAC_Init is now deprecated in openssl master (and I spelled
HMAC_Init_ex wrong in previous commit)
2015-08-30 23:21:30 +02:00
Daniel Stenberg 2c12ac8de2 configure: detect latest boringssl
Since boringssl brought back DES_set_odd_parity again, it cannot be used
to differentiate from boringssl. Using the OPENSSL_IS_BORINGSSL define
seems better anyway.

URL: f551028d5c%5E!/
Original-patch-by: Bertrand Simonnet

Closes #393
2015-08-22 00:08:03 +02:00
Daniel Stenberg 30aa38c818 configure: change functions to detect openssl (clones)
... since boringssl moved the former ones and the check started to fail.

URL: f551028d5c%5E!/
Original-patch-by: Bertrand Simonnet
2015-08-22 00:03:56 +02:00
Daniel Stenberg 0b8e9c8522 Revert "configure: disable libidn by default"
This reverts commit e6749055d6.

... since libidn has since been fixed.
2015-08-10 14:54:41 +02:00
Daniel Stenberg a284b0ebc4 configure: check if OpenSSL linking wants -ldl
To make it easier to link with static versions of OpenSSL, the configure
script now checks if -ldl is needed for linking.

Help-by: TJ Saunders
2015-07-25 10:52:49 +02:00
Michał Fita cee21eb6a7 configure: add --disable-rt option
This option disables any attempts in configure to create dependency on
stuff requiring linking to librt.so and libpthread.so, in this case this
means clock_gettime(CLOCK_MONOTONIC, &mt).

We were in need to build curl which doesn't link libpthread.so to avoid
the following bug:
https://sourceware.org/bugzilla/show_bug.cgi?id=16628.
2015-07-24 00:09:29 +02:00
Daniel Stenberg e6749055d6 configure: disable libidn by default
For security reasons, until there is a fix.

Bug: http://curl.haxx.se/mail/lib-2015-06/0143.html
Reported-by: Gustavo Grieco, Feist Josselin
2015-06-29 23:17:30 +02:00
Tatsuhiro Tsujikawa 4ac6cc3ebd Require nghttp2 v1.0.0
This commit requires nghttp2 v1.0.0 to compile, and migrate to v1.0.0,
and utilize recent version of nghttp2 to simplify the code,

First we use nghttp2_option_set_no_recv_client_magic function to
detect nghttp2 v1.0.0.  That function only exists since v1.0.0.

Since nghttp2 v0.7.5, nghttp2 ensures header field ordering, and
validates received header field.  If it found error, RST_STREAM with
PROTOCOL_ERROR is issued.  Since we require v1.0.0, we can utilize
this feature to simplify libcurl code.  This commit does this.

Migration from 0.7 series are done based on nghttp2 migration
document.  For libcurl, we removed the code sending first 24 bytes
client magic.  It is now done by nghttp2 library.
on_invalid_frame_recv callback signature changed, and is updated
accordingly.
2015-05-18 09:33:48 +02:00
Daniel Stenberg aa8f613e98 configure: follow-up fix for krb5-config
commit 5b66860652 was incomplete so here's a follow-up fix

Reported-by: Dagobert Michelsen
Bug: 5b66860652 (commitcomment-10473445)
2015-04-26 17:04:18 +02:00
Mostyn Bramley-Moore 875a6d9324 configure --with-nss: remove unneeded libs from the fallback 2015-04-20 10:25:07 +02:00
Kamil Dudka 8dc3bbf0f8 configure --with-nss: drop redundant if statement 2015-04-17 16:43:20 +02:00
Kamil Dudka 67a8bbb51a configure --with-nss=PATH: query pkg-config if available
Bug: https://github.com/bagder/curl/pull/171
2015-04-17 16:43:20 +02:00
Jay Satiro 72bea7cc65 cyassl: Include the CyaSSL build config
CyaSSL >= 2.6.0 may have an options.h that was generated during
its build by configure.
2015-04-11 23:58:42 -04:00
Dagobert Michelsen 5b66860652 configure: Use KRB5CONFIG for krb5-config
Allows the user to easier override its path.

Bug: http://curl.haxx.se/bug/view.cgi?id=1486
2015-03-30 14:19:23 +02:00
Paul Howarth 559e2cc921 build: link curl to openssl libraries when openssl support is enabled
This fixes a build failure where openssl and libmetalink are used
together and the system linker does not do implicit linking (e.g.
Fedora 13 and later releases). The MD5 functions required for
metalink support must be pulled in from the openssl crypto library.

This is similar to commit c6e7cbb94e,
which fixes the same sort of problem for NSS builds.
2015-03-26 13:23:37 +01:00
Dan Fandrich 7868dc7103 cyassl: detect the library as renamed wolfssl
This change was made in CyaSSL/WolfSSL ver. 3.4.0
2015-03-19 23:51:40 +01:00
Daniel Stenberg 64736dd1be configure: follow-up fix from 709cf76f6
OpenSSL handling was a little broken.
2015-03-05 15:43:38 +01:00
Daniel Stenberg 709cf76f6b openssl: remove all uses of USE_SSLEAY
SSLeay was the name of the library that was subsequently turned into
OpenSSL many moons ago (1999). curl does not work with the old SSLeay
library since years. This is now reflected by only using USE_OPENSSL in
code that depends on OpenSSL.
2015-03-05 10:57:52 +01:00
Daniel Stenberg 37824498a3 configure: remove detection of the old yassl emulation API
... as that is ancient history and not used.
2015-01-22 23:53:52 +01:00
Daniel Stenberg e888e30476 BoringSSL: fix build for non-configure builds
HAVE_BORINGSSL gets defined now by configure and should be defined by
other build systems in case a BoringSSL build is desired.
2015-01-22 23:04:10 +01:00
Daniel Stenberg 3d5648f9ee configure: fix BoringSSL detection and detect libresssl 2015-01-22 22:52:53 +01:00
Daniel Stenberg eb748f159a BoringSSL: detected by configure, switches off NTLM 2015-01-22 16:39:01 +01:00
Steve Holme 2cc571f9e3 ldap: Renamed the CURL_LDAP_WIN definition to USE_WIN32_LDAP
For consistency with other USE_WIN32_ defines as well as the
USE_OPENLDAP define.
2015-01-18 20:52:43 +00:00
Steve Holme 151ae59436 code/docs: Use correct case for IPv4 and IPv6
For consistency, as we seem to have a bit of a mixed bag, changed all
instances of ipv4 and ipv6 in comments and documentations to use the
correct case.
2014-12-27 11:31:55 +00:00
Steve Holme 1abe65d928 code/docs: Use Unix rather than UNIX to avoid use of the trademark
Use Unix when generically writing about Unix based systems as UNIX is
the trademark and should only be used in a particular product's name.
2014-12-26 21:42:44 +00:00
Steve Holme 1ac4db23f7 configure: Use camel case for UNIX sockets feature output
To match the curl --version output.
2014-12-26 12:13:44 +00:00
Bill Nagel 526603ff05 smb: Build with SSPI enabled
Build SMB/CIFS protocol support when SSPI is enabled.
2014-12-07 18:36:23 +00:00
Peter Wu 970c22f970 libcurl: add UNIX domain sockets support
The ability to do HTTP requests over a UNIX domain socket has been
requested before, in Apr 2008 [0][1] and Sep 2010 [2]. While a
discussion happened, no patch seems to get through. I decided to give it
a go since I need to test a nginx HTTP server which listens on a UNIX
domain socket.

One patch [3] seems to make it possible to use the
CURLOPT_OPENSOCKETFUNCTION function to gain a UNIX domain socket.
Another person wrote a Go program which can do HTTP over a UNIX socket
for Docker[4] which uses a special URL scheme (though the name contains
cURL, it has no relation to the cURL library).

This patch considers support for UNIX domain sockets at the same level
as HTTP proxies / IPv6, it acts as an intermediate socket provider and
not as a separate protocol. Since this feature affects network
operations, a new feature flag was added ("unix-sockets") with a
corresponding CURL_VERSION_UNIX_SOCKETS macro.

A new CURLOPT_UNIX_SOCKET_PATH option is added and documented. This
option enables UNIX domain sockets support for all requests on the
handle (replacing IP sockets and skipping proxies).

A new configure option (--enable-unix-sockets) and CMake option
(ENABLE_UNIX_SOCKETS) can disable this optional feature. Note that I
deliberately did not mark this feature as advanced, this is a
feature/component that should easily be available.

 [0]: http://curl.haxx.se/mail/lib-2008-04/0279.html
 [1]: http://daniel.haxx.se/blog/2008/04/14/http-over-unix-domain-sockets/
 [2]: http://sourceforge.net/p/curl/feature-requests/53/
 [3]: http://curl.haxx.se/mail/lib-2008-04/0361.html
 [4]: https://github.com/Soulou/curl-unix-socket

Signed-off-by: Peter Wu <peter@lekensteyn.nl>
2014-12-04 02:52:19 +01:00
Steve Holme 2ad1df7327 configure: Fixed inclusion of SMB when no crypto engines available 2014-12-02 18:36:40 +00:00
Bill Nagel 3529903afb smb: Added configuration options for SMB
Added --enable-smb and --disable-smb configuration options for the
upcoming SMB/CIFS protocol support.
2014-11-29 18:10:38 +00:00
Michael Osipov a4b7f716d3 tool: Use Kerberos for supported features 2014-11-15 14:43:35 +00:00
Steve Holme 676d62fa0e configure: Fixed inclusion of krb5 when CURL_DISABLE_CRYPTO_AUTH is defined
Commit fe0f8967bf fixed a problem with krb5 not being defined as a
supported feature when HAVE_GSSAPI is defined, however, it should
only be included if CURL_DISABLE_CRYPTO_AUTH is not set, like when
SPNEGO is listed as a feature.
2014-11-11 00:14:33 +00:00
Daniel Stenberg fe0f8967bf configure: assume krb5 when gss-api works
To please test 1014 while we work out if this is truly the a correct
assumption.
2014-11-10 09:05:56 +01:00
Daniel Stenberg 9dbbba9976 libssh2: detect features based on version, not configure checks
... so that non-configure builds get the correct functions too based on
the libssh2 version used.
2014-11-09 15:43:27 +01:00
Steve Holme f0d860d35f configure: Fixed NTLM missing from features when CURL_DISABLE_HTTP defined 2014-11-09 13:11:00 +00:00
Steve Holme eda919f4dc configure: Added krb5 to the supported features 2014-11-07 10:56:57 +00:00
Daniel Stenberg e62e77426f configure.ac: remove checks for OpenSSL NPN/ALPN funcs again
... since the conditional in the code are now based on OpenSSL versions
instead to better support non-configure builds.
2014-10-29 22:38:39 +01:00
Tatsuhiro Tsujikawa da933ee29d Compile with latest nghttp2 2014-08-26 23:02:50 +02:00
Michael Osipov ee40b6882d configure.ac: Add support for recent GSS-API implementations for HP-UX
By default, configure script assumes that libcurl will use the
HP-supplied GSS-API implementation which does not have krb5-config.
If a dev needs a more recent version which has that config script,
the change will allow to pass an appropriate GSSAPI_ROOT.
2014-08-25 15:09:26 +02:00
Michael Osipov 46750c39bd configure/features: Add feature and version info for GSS-API and SPNEGO 2014-07-23 00:01:39 +02:00
Alessandro Ghedini c6e7cbb94e build: link curl to NSS libraries when NSS support is enabled
This fixes a build failure on Debian caused by commit
24c3cdce88.

Bug: http://curl.haxx.se/mail/lib-2014-07/0209.html
2014-07-18 14:20:42 +02:00