- Wrap OpenSSL / wolfSSL MD5 functions instead of taking their function
addresses during static initialization.
Depending on how curl was built the old way may have used a dllimport
function address during static initialization, which is not standard
compliant, resulting in Visual Studio warning C4232 (nonstandard
extension). Instead the function pointers now point to the wrappers
which call the MD5 functions.
This change only affects OpenSSL and wolfSSL because calls to other SSL
libraries' md5 functions were already wrapped. Also sha256.c already
does this for all SSL libraries.
Ref: https://github.com/curl/curl/pull/8298
Closes https://github.com/curl/curl/pull/8318
The tools.ietf.org domain has been deprecated a while now, with the
links being redirected to datatracker.ietf.org.
Rather than make people eat that redirect time, this change switches the
URL to a more canonical source.
Closes#8317
put all #include of openssl files behind wolfssl ifdefs so that we can
use the wolfssl/ prefixed include paths. Without these curl only builds
when wolfssl is built with enable-all.
Fixes#8292Closes#8315
quiche has just switched it's qlog serialization format to JSON-SEQ by
default . The spec says this SHOULD use `.sqlog` extension.
I believe ngtcp2 also supports JSON-SEQ by default as of
9baf06fc3f
Let's update curl so that tools know what format we are using!
Closes#8316
- Change build-wolfssl.bat to disable SSLv3, enable TLSv1.3, enable
wolfSSL_DES_ecb_encrypt (needed by NTLM) and enable alt cert chains.
- Disable warning C4214 'bit field types other than int'.
- Add include directory wolfssl\wolfssl.
wolfSSL offers OpenSSL API compatibility that libcurl uses, and some
recent change in libcurl included an include file for wolfSSL like
openssl/foo.h, which has a path like wolfssl\wolfssl\openssl\foo.h.
The include directory issue was reported in #8292 but it's currently
unclear whether this type of change is needed for other build systems.
Bug: https://github.com/curl/curl/issues/8292
Reported-by: Harry Sarson
Closes https://github.com/curl/curl/pull/8298
Previously curl would just silently ignore it if the necessary defines
are not present at build-time.
Reported-by: Stefan Eissing
Fixes#8309Closes#8310
1. The function would only ever return CURLE_OK anyway
2. Only one caller actually used the return code
3. Most callers did (void)Curl_disconnect()
Closes#8303
Previously it could mistakenly match partial names when there are
options that start with the same prefix, leading to the wrong references
used.
Closes#8299
This makes most libcurl functions return error if called from within a
callback using the same multi handle. For example timer or socket
callbacks calling curl_multi_socket_action.
Reported-by: updatede on github
Fixes#8282Closes#8286
Follow-up to bbf8cae44d
We removed support for the watcom builds files back in September
2020. This removes all remaining watcom references and ifdefs.
Closes#8287
Unless muted (with -s) When doing globbing, curl would output mime-like
separators between the separate transfers. This is not documented
anywhere, surprises users and clobbers the output. Gone now.
Updated test 18 and 1235
Reported-by: jonny112 on github
Bug: https://github.com/curl/curl/discussions/8257Closes#8278
1. The callback is better described in the option for setting it. Having
it in a single place reduces the risk that one of them is wrong.
2. The "typical usage" is wrong since the functions described in this
man page are both deprecated so they cannot be used in any "typical" way
anymore.
Closes#8262
Mostly reverts ba0657c343, but now instead just run the plain macro on
darwin. The approach as used on other platforms is simply not necessary
on macOS.
Fixes#8229
Reported-by: Ryan Schmidt
Closes#8247
As credentials can be quite different depending on the mechanism used,
there are no default mechanisms for LDAP and simple bind with a DN is
then used.
The caller has to provide mechanism(s) using CURLOPT_LOGIN_OPTIONS to
enable SASL authentication and disable simple bind.
Closes#8152
83cc966 changed documentation from using http to https. However,
CURLOPT_RESOLVE being set to port 80 in the documentation means that it
isn't valid for the new URL. Update to 443.
Closes https://github.com/curl/curl/pull/8258
As the ps command may reveal sensitive command line info, obfuscate
options --tlsuser, --tlspasswd, --proxy-tlsuser, --proxy-tlspassword and
--oauth2-bearer arguments.
Reported-by: Stephen Boost <s.booth@epcc.ed.ac.uk>
Closes#7964
Mesalink has ceased development. We can no longer encourage use of it.
It seems to be continued under the name TabbySSL, but no attempts have
(yet) been to make curl support it.
Fixes#8188Closes#8191
For consistency, use the same return code for URL malformats,
independently of what scheme that is used. Previously this would return
CURLE_LDAP_INVALID_URL, but starting now that error cannot be returned.
Closes#8170
Add support for `CURLOPT_CAINFO_BLOB` `CURLOPT_PROXY_CAINFO_BLOB` to the
rustls TLS backend. Multiple certificates in a single PEM string are
supported just like OpenSSL does with this option.
This is compatible at least with rustls-ffi 0.8+ which is our new
minimum version anyway.
I was able to build and run this on Windows, pulling trusted certs from
the system and then add them to rustls by setting
`CURLOPT_CAINFO_BLOB`. Handy!
Closes#8255
Daniel Stenberg
xkernel
Jay Satiro
lucas
Harry Sarson
Lucas Pardue
pheiduck on githuh
Patrick Monnerat
Niels Martignène
Alessandro Ghedini
Ikko Ashimine
Marcel Raad
MAntoniak
Cameron Will
Fabian Keil
Stephen M. Coakley