Граф коммитов

21345 Коммитов

Автор SHA1 Сообщение Дата
Daniel Stenberg aab33215af URL parser: reject non-numerical port numbers
Test 1281 added to verify
2016-12-01 10:36:37 +01:00
Dan Fandrich 42253ad943 runtests: made Servers: output be more consistent by removing OFF 2016-11-30 22:39:39 +01:00
Dan Fandrich 18b02f1964 cyassl: fixed typo introduced in 4f8b1774 2016-11-30 21:57:55 +01:00
Michael Kaufmann b34ea05d9d CURLOPT_CONNECT_TO: Skip non-matching "connect-to" entries properly
If a port number in a "connect-to" entry does not match, skip this
entry instead of connecting to port 0.

If a port number in a "connect-to" entry matches, use this entry
and look no further.

Reported-by: Jay Satiro
Assisted-by: Jay Satiro, Daniel Stenberg

Closes #1148
2016-11-30 12:02:44 +01:00
Daniel Stenberg 12d6794b10 BUGS: describe bug handling process 2016-11-29 11:58:50 +01:00
Daniel Stenberg 4e8e22c25b RELEASE-NOTES: synced with 19613fb3 2016-11-28 23:40:48 +01:00
Jay Satiro 19613fb355 http2: check nghttp2_session_set_local_window_size exists
The function only exists since nghttp2 1.12.0.

Bug: https://github.com/curl/curl/commit/a4d8888#commitcomment-19985676
Reported-by: Michael Kaufmann
2016-11-28 14:08:35 -05:00
Anders Bakken 421f740164 http2: Fix crashes when parent stream gets aborted
Closes #1125
2016-11-28 15:06:17 +01:00
Daniel Stenberg a387d881ec cmdline-docs: more options converted and fixed
Now all options are in the new system.
2016-11-28 09:53:15 +01:00
Daniel Stenberg ac85f332f1 gen: include footer in mainpage output 2016-11-28 09:52:05 +01:00
Jay Satiro 30593d4534 lib1536: checksrc compliance 2016-11-28 03:06:04 -05:00
Daniel Stenberg 5c4a526388 cmdline-opts: more command line options documented
Moved over to the new format
2016-11-28 00:50:25 +01:00
Daniel Stenberg 720ea577dc curl: remove --proxy-ssl* options
There's mostly likely no need to allow setting SSLv2/3 version for HTTPS
proxy. Those protocols are insecure by design and deprecated.
2016-11-28 00:07:45 +01:00
Daniel Stenberg c67f842093 CURLOPT_PROXY_*.3: polished some proxy option man pages 2016-11-27 00:21:15 +01:00
Patrick Monnerat d2c5503e0c os400: support CURLOPT_PROXY_PINNEDPUBLICKEY
Also define it in ILE/RPG binding.
2016-11-26 18:52:30 +01:00
Okhin Vasilij a4b2f7aafd curl_version_info: add CURL_VERSION_HTTPS_PROXY
Closes #1142
2016-11-26 17:28:53 +01:00
Frank Gevaerts e38fe7abbf tests: Add some testcases for recent new features.
Add missing tests for CURLINFO_SCHEME, CURLINFO_PROTOCOL, %{scheme},
and %{http_version}

closes #1143
2016-11-26 17:04:55 +01:00
Frank Gevaerts 267b26b24a curl_easy_reset: clear info for CULRINFO_PROTOCOL and CURLINFO_SCHEME 2016-11-26 16:53:51 +01:00
Daniel Stenberg 3f7d9b9001 CURLOPT_PROXY_CAINFO.3: clarify proxy use 2016-11-25 16:40:32 +01:00
Daniel Stenberg 2527dd4378 CURLOPT_PROXY_CRLFILE.3: clarify https proxy and availability 2016-11-25 16:36:27 +01:00
Daniel Stenberg 67edddeb92 curl_easy_setopt.3: add CURLOPT_PROXY_PINNEDPUBLICKEY
Follow-up to 4f8b17743d
2016-11-25 14:17:44 +01:00
Daniel Stenberg 9bfb00efc9 docs: include all opts man pages in dist
Sorted the lists too.

... and include the new ones in the PDF and HTML generation targets
2016-11-25 11:14:58 +01:00
Thomas Glanzmann 4f8b17743d HTTPS Proxy: Implement CURLOPT_PROXY_PINNEDPUBLICKEY 2016-11-25 10:49:38 +01:00
Thomas Glanzmann 1232dbb8bd url: proxy: Use 443 as default port for https proxies 2016-11-25 10:01:58 +01:00
Daniel Stenberg 8ebc5cda8f TODO: removed "HTTPS proxy" 2016-11-25 09:52:22 +01:00
Jan-E 65894c9846 winbuild: add config option ENABLE_NGHTTP2
Closes #1141
2016-11-25 09:00:54 +01:00
Jay Satiro a6618b5250 tool_urlglob: Improve sanity check in glob_range
Prior to this change we depended on errno if strtol could not perform a
conversion. POSIX says EINVAL *may* be set. Some implementations like
Microsoft's will not set it if there's no conversion.

Ref: https://github.com/curl/curl/commit/ee4f7660#commitcomment-19658189
2016-11-24 22:25:46 -05:00
Jay Satiro 4bda3e04b2 tool_help: Change description for --retry-connrefused
Ref: https://github.com/curl/curl/pull/1064#issuecomment-260052409
2016-11-24 22:15:14 -05:00
Patrick Monnerat 93c04cb14a os400: sync ILE/RPG binding 2016-11-25 03:25:21 +01:00
Jay Satiro c34fa31f3a test1135: Fix curl_easy_duphandle prototype for code style
Follow-up to dbadaeb which changed the style.
2016-11-24 19:52:36 -05:00
Jay Satiro 2127457018 x509asn1: Restore the parameter check in Curl_getASN1Element
- Restore the removed parts of the parameter check.

Follow-up to 945f60e which altered the parameter check.
2016-11-24 19:43:20 -05:00
Daniel Stenberg 7d967c80bc RELEASE-NOTES: update option counters 2016-11-25 00:47:52 +01:00
Frank Gevaerts ba410f6c64 add CURLINFO_SCHEME, CURLINFO_PROTOCOL, and %{scheme}
Adds access to the effectively used protocol/scheme to both libcurl and
curl, both in string and numeric (CURLPROTO_*) form.

Note that the string form will be uppercase, as it is just the internal
string.

As these strings are declared internally as const, and all other strings
returned by curl_easy_getinfo() are de-facto const as well, string
handling in getinfo.c got const-ified.

Closes #1137
2016-11-25 00:45:18 +01:00
Daniel Stenberg 54789f9444 RELEASE-NOTES: synced with 63198a4750 2016-11-25 00:31:48 +01:00
Daniel Stenberg 63198a4750 curl.1: the new --proxy options ship in 7.52.0 2016-11-25 00:14:39 +01:00
Daniel Stenberg 6832c1d4b2 checksrc: move open braces to comply with function declaration style 2016-11-24 23:58:22 +01:00
Daniel Stenberg 80e7cfeb87 checksrc: detect wrongly placed open braces in func declarations 2016-11-24 23:58:22 +01:00
Daniel Stenberg 8657c268e1 checksrc: white space edits to comply to stricter checksrc 2016-11-24 23:58:22 +01:00
Daniel Stenberg ec0a5c96ac checksrc: verify ASTERISKNOSPACE
Detects (char*) and 'char*foo' uses.
2016-11-24 23:58:22 +01:00
Daniel Stenberg dbadaebfc4 checksrc: code style: use 'char *name' style 2016-11-24 23:58:22 +01:00
Daniel Stenberg bc7e08471c checksrc: add ASTERISKSPACE
Verifies a 'char *name' style, with no space after the asterisk.
2016-11-24 23:48:45 +01:00
Daniel Stenberg 74ffa040a4 openssl: remove dead code
Coverity CID 1394666
2016-11-24 23:41:45 +01:00
Okhin Vasilij c6da05a5ec HTTPS-proxy: fixed mbedtls and polishing 2016-11-24 23:41:45 +01:00
Daniel Stenberg 49765cd75c darwinssl: adopted to the HTTPS proxy changes
It builds and runs all test cases. No adaptations for actual HTTPS proxy
support has been made.
2016-11-24 23:41:45 +01:00
Daniel Stenberg 8b4352658a gtls: fix indent to silence compiler warning
vtls/gtls.c: In function ‘Curl_gtls_data_pending’:
vtls/gtls.c:1429:3: error: this ‘if’ clause does not guard... [-Werror=misleading-indentation]
   if(conn->proxy_ssl[connindex].session &&
      ^~
      vtls/gtls.c:1433:5: note: ...this statement, but the latter is misleadingly indented as if it is guarded by the ‘if’
           return res;
2016-11-24 23:41:45 +01:00
Thomas Glanzmann 8cb872df10 mbedtls: Fix compile errors 2016-11-24 23:41:45 +01:00
Alex Rousskov cb4e2be7c6 proxy: Support HTTPS proxy and SOCKS+HTTP(s)
* HTTPS proxies:

An HTTPS proxy receives all transactions over an SSL/TLS connection.
Once a secure connection with the proxy is established, the user agent
uses the proxy as usual, including sending CONNECT requests to instruct
the proxy to establish a [usually secure] TCP tunnel with an origin
server. HTTPS proxies protect nearly all aspects of user-proxy
communications as opposed to HTTP proxies that receive all requests
(including CONNECT requests) in vulnerable clear text.

With HTTPS proxies, it is possible to have two concurrent _nested_
SSL/TLS sessions: the "outer" one between the user agent and the proxy
and the "inner" one between the user agent and the origin server
(through the proxy). This change adds supports for such nested sessions
as well.

A secure connection with a proxy requires its own set of the usual SSL
options (their actual descriptions differ and need polishing, see TODO):

  --proxy-cacert FILE        CA certificate to verify peer against
  --proxy-capath DIR         CA directory to verify peer against
  --proxy-cert CERT[:PASSWD] Client certificate file and password
  --proxy-cert-type TYPE     Certificate file type (DER/PEM/ENG)
  --proxy-ciphers LIST       SSL ciphers to use
  --proxy-crlfile FILE       Get a CRL list in PEM format from the file
  --proxy-insecure           Allow connections to proxies with bad certs
  --proxy-key KEY            Private key file name
  --proxy-key-type TYPE      Private key file type (DER/PEM/ENG)
  --proxy-pass PASS          Pass phrase for the private key
  --proxy-ssl-allow-beast    Allow security flaw to improve interop
  --proxy-sslv2              Use SSLv2
  --proxy-sslv3              Use SSLv3
  --proxy-tlsv1              Use TLSv1
  --proxy-tlsuser USER       TLS username
  --proxy-tlspassword STRING TLS password
  --proxy-tlsauthtype STRING TLS authentication type (default SRP)

All --proxy-foo options are independent from their --foo counterparts,
except --proxy-crlfile which defaults to --crlfile and --proxy-capath
which defaults to --capath.

Curl now also supports %{proxy_ssl_verify_result} --write-out variable,
similar to the existing %{ssl_verify_result} variable.

Supported backends: OpenSSL, GnuTLS, and NSS.

* A SOCKS proxy + HTTP/HTTPS proxy combination:

If both --socks* and --proxy options are given, Curl first connects to
the SOCKS proxy and then connects (through SOCKS) to the HTTP or HTTPS
proxy.

TODO: Update documentation for the new APIs and --proxy-* options.
Look for "Added in 7.XXX" marks.
2016-11-24 23:41:44 +01:00
Patrick Monnerat 8034d8fc62 Declare endian read functions argument as a const pointer.
This is done for all functions of the form Curl_read[136][624]_[lb]e.
2016-11-24 16:14:21 +01:00
Patrick Monnerat 945f60e8a7 Limit ASN.1 structure sizes to 256K. Prevent some allocation size overflows.
See CRL-01-006.
2016-11-24 14:28:39 +01:00
Jay Satiro 3e9c0230f4 url: Fix conn reuse for local ports and interfaces
- Fix connection reuse for when the proposed new conn 'needle' has a
specified local port but does not have a specified device interface.

Bug: https://curl.haxx.se/mail/lib-2016-11/0137.html
Reported-by: bjt3[at]hotmail.com
2016-11-22 16:10:06 -05:00