Commit Graph

149 Commits

Author SHA1 Message Date
Tatsuhiro Tsujikawa
5b3be0729c
ngtcp2: Build with latest ngtcp2 and ngtcp2_crypto_openssl
Closes #4270
2019-08-27 16:31:19 +02:00
Daniel Stenberg
5b2d703fe5
vssh: create directory for SSH backend code 2019-08-17 16:57:55 +02:00
Daniel Stenberg
d6cb1bdf6c
lib/quic.c: unused - removed 2019-08-13 12:41:04 +02:00
Daniel Stenberg
3af0e76d1e
HTTP3: initial (experimental) support
USe configure --with-ngtcp2 or --with-quiche

Using either option will enable a HTTP3 build.
Co-authored-by: Alessandro Ghedini <alessandro@ghedini.me>

Closes #3500
2019-07-21 23:49:03 +02:00
Daniel Stenberg
deb9462ff2
wolfssl: refer to it as wolfSSL only
Remove support for, references to and use of "cyaSSL" from the source
and docs. wolfSSL is the current name and there's no point in keeping
references to ancient history.

Assisted-by: Daniel Gustafsson

Closes #3903
2019-06-10 09:18:16 +02:00
Po-Chuan Hsieh
060f870b85 altsvc: Fix building with cookies disables
ALTSVC requires Curl_get_line which is defined in lib/cookie.c inside a #if
check of HTTP and COOKIES. That makes Curl_get_line undefined if COOKIES is
disabled. Fix by splitting out the function into a separate file which can
be included where needed.

Closes #3717
Reviewed-by: Daniel Gustafsson <daniel@yesql.se>
Reviewed-by: Marcel Raad <Marcel.Raad@teamviewer.com>
2019-04-20 22:46:21 +02:00
Daniel Stenberg
2f44e94efb
pipelining: removed
As previously planned and documented in DEPRECATE.md, all pipelining
code is removed.

Closes #3651
2019-04-06 22:49:50 +02:00
Daniel Stenberg
e1be825453
alt-svc: the libcurl bits 2019-03-03 11:17:52 +01:00
Daniel Stenberg
76a9c3c4be
Secure Transport: no more "darwinssl"
Everyone calls it Secure Transport, now we do too.

Reviewed-by: Nick Zitzmann

Closes #3619
2019-02-28 08:42:59 +01:00
Daniel Stenberg
302d125b42
axtls: removed
As has been outlined in the DEPRECATE.md document, the axTLS code has
been disabled for 6 months and is hereby removed.

Use a better supported TLS library!

Assisted-by: Daniel Gustafsson
Closes #3194
2018-11-01 10:29:53 +01:00
Yiming Jing
31ba404a9c
configure.ac: add a MesaLink vtls backend 2018-09-13 08:26:23 +02:00
Daniel Stenberg
fb30ac5a2d
URL-API
See header file and man pages for API. All documented API details work
and are tested in the 1560 test case.

Closes #2842
2018-09-08 15:36:11 +02:00
Daniel Stenberg
abff183387
setopt: add CURLOPT_DOH_URL
Closes #2668
2018-09-06 09:17:17 +02:00
Patrick Monnerat
8541d02c96 psl: use latest psl and refresh it periodically
The latest psl is cached in the multi or share handle. It is refreshed
before use after 72 hours.
New share lock CURL_LOCK_DATA_PSL controls the psl cache sharing.
If the latest psl is not available, the builtin psl is used.

Reported-by: Yaakov Selkowitz
Fixes #2553
Closes #2601
2018-05-28 20:37:14 +02:00
Dan McNulty
8996300211 schannel: add support for CURLOPT_CAINFO
- Move verify_certificate functionality in schannel.c into a new
  file called schannel_verify.c. Additionally, some structure defintions
  from schannel.c have been moved to schannel.h to allow them to be
  used in schannel_verify.c.

- Make verify_certificate functionality for Schannel available on
  all versions of Windows instead of just Windows CE. verify_certificate
  will be invoked on Windows CE or when the user specifies
  CURLOPT_CAINFO and CURLOPT_SSL_VERIFYPEER.

- In verify_certificate, create a custom certificate chain engine that
  exclusively trusts the certificate store backed by the CURLOPT_CAINFO
  file.

- doc updates of --cacert/CAINFO support for schannel

- Use CERT_NAME_SEARCH_ALL_NAMES_FLAG when invoking CertGetNameString
  when available. This implements a TODO in schannel.c to improve
  handling of multiple SANs in a certificate. In particular, all SANs
  will now be searched instead of just the first name.

- Update tool_operate.c to not search for the curl-ca-bundle.crt file
  when using Schannel to maintain backward compatibility. Previously,
  any curl-ca-bundle.crt file found in that search would have been
  ignored by Schannel. But, with CAINFO support, the file found by
  that search would have been used as the certificate store and
  could cause issues for any users that have curl-ca-bundle.crt in
  the search path.

- Update url.c to not set the build time CURL_CA_BUNDLE if the selected
  SSL backend is Schannel. We allow setting CA location for schannel
  only when explicitly specified by the user via CURLOPT_CAINFO /
  --cacert.

- Add new test cases 3000 and 3001. These test cases check that the first
  and last SAN, respectively, matches the connection hostname. New test
  certificates have been added for these cases. For 3000, the certificate
  prefix is Server-localhost-firstSAN and for 3001, the certificate
  prefix is Server-localhost-secondSAN.

- Remove TODO 15.2 (Add support for custom server certificate
  validation), this commit addresses it.

Closes https://github.com/curl/curl/pull/1325
2018-04-18 03:59:47 -04:00
Max Dymond
e04417d98f
Curl_range: commonize FTP and FILE range handling
Closes #2205
2018-01-30 17:23:26 +01:00
Daniel Stenberg
4272a0b0fc
curl_ctype: private is*() type macros and functions
... since the libc provided one are locale dependent in a way we don't
want. Also, the "native" isalnum() (for example) works differently on
different platforms which caused test 1307 failures on macos only.

Closes #2269
2018-01-29 22:56:43 +01:00
Nikos Mavrogiannopoulos
c92d2e14cf
Added support for libssh SSH SCP back-end
libssh is an alternative library to libssh2.
https://www.libssh.org/

That patch set also introduces support for ECDSA
ed25519 keys, as well as gssapi authentication.

Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
2017-12-01 17:35:14 +01:00
Daniel Stenberg
aa7668b948
setopt: split out curl_easy_setopt() to its own file
... to make url.c smaller.

Closes #1944
2017-11-10 23:08:20 +01:00
Florin
2b5b37cb91
auth: add support for RFC7616 - HTTP Digest access authentication
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-28 16:32:43 +02:00
Patrick Monnerat
ce0881edee mime: new MIME API.
Available in HTTP, SMTP and IMAP.
Deprecates the FORM API.
See CURLOPT_MIMEPOST.
Lib code and associated documentation.
2017-09-02 17:47:10 +01:00
Daniel Stenberg
f682156a4f Curl_rand: fixed and moved to rand.c
Now Curl_rand() is made to fail if it cannot get the necessary random
level.

Changed the proto of Curl_rand() slightly to provide a number of ints at
once.

Moved out from vtls, since it isn't a TLS function and vtls provides
Curl_ssl_random() for this to use.

Discussion: https://curl.haxx.se/mail/lib-2016-11/0119.html
2016-11-14 08:23:52 +01:00
Daniel Stenberg
811a693b80 strcasecompare: all case insensitive string compares ignore locale now
We had some confusions on when each function was used. We should not act
differently on different locales anyway.
2016-10-31 08:46:35 +01:00
Daniel Stenberg
502acba2af strcasecompare: is the new name for strequal()
... to make it less likely that we forget that the function actually
does case insentive compares. Also replaced several invokes of the
function with a plain strcmp when case sensitivity is not an issue (like
comparing with "-").
2016-10-31 08:46:35 +01:00
Steve Holme
6df916d751 loadlibrary: Only load system DLLs from the system directory
Inspiration provided by: Daniel Stenberg and Ray Satiro

Bug: https://curl.haxx.se/docs/adv_20160530.html

Ref: Windows DLL hijacking with curl, CVE-2016-4802
2016-05-30 08:14:27 +02:00
Steve Holme
f0bdd72c10 http_ntlm: Renamed from curl_ntlm.[c|h]
Renamed the header and source files for this module as they are HTTP
specific and as such, they should use the naming convention as other
HTTP authentication source files do - this revert commit 260ee6b7bf.

Note: We could also rename curl_ntlm_wb.[c|h], however, the Winbind
code needs separating from the HTTP protocol and migrating into the
vauth directory, thus adding support for Winbind to the SASL based
protocols such as IMAP, POP3 and SMTP.
2016-03-27 17:58:50 +01:00
Steve Holme
4adee1947c http_negotiate: Combine GSS-API and SSPI source files
As the GSS-API and SSPI based source files are no longer library/API
specific, following the extraction of that authentication code to the
vauth directory, combine these files rather than maintain two separate
versions.
2016-03-26 17:21:22 +00:00
Steve Holme
6d6f9ca1d9 vauth: Moved the Negotiate authentication code to the new vauth directory
Part 2 of 2 - Moved the GSS-API based Negotiate authentication code.
2016-03-26 17:21:22 +00:00
Steve Holme
ad5e9bfd5d vauth: Moved the Negotiate authentication code to the new vauth directory
Part 1 of 2 - Moved the SSPI based Negotiate authentication code.
2016-03-26 17:21:22 +00:00
Steve Holme
7d2a5a05f6 vauth: Updated the copyright year after recent changes
As most of this work was performed in 2015 but not pushed until 2016
updated the copyright year to reflect the public facing changes.
2016-03-25 17:40:12 +00:00
Steve Holme
70e56939aa vauth: Moved the OAuth 2.0 authentication code to the new vauth directory 2016-03-25 15:11:10 +00:00
Steve Holme
6012fa5aee vauth: Moved the NTLM authentication code to the new vauth directory 2016-03-25 15:11:09 +00:00
Steve Holme
e1dca8a117 vauth: Moved the Kerberos V5 authentication code to the new vauth directory 2016-03-25 15:11:07 +00:00
Steve Holme
51358a3f40 vauth: Moved the DIGEST authentication code to the new vauth directory 2016-03-25 12:05:23 +00:00
Steve Holme
ec5b8dc647 vauth: Moved the CRAM-MD5 authentication code to the new vauth directory 2016-03-25 12:05:23 +00:00
Steve Holme
6101e35819 vauth: Moved the ClearText authentication code to the new vauth directory 2016-03-25 12:05:23 +00:00
Steve Holme
685fee3828 vauth: Moved Curl_sasl_build_spn() to create the initial vauth source files 2016-03-25 09:12:01 +00:00
Daniel Stenberg
4af40b3646 URLs: change all http:// URLs to https:// 2016-02-03 00:19:02 +01:00
Jonas Minnberg
fe7590f729 vtls: added support for mbedTLS
closes #496
2015-10-20 07:57:24 +02:00
Daniel Stenberg
fd137786e5 bundles: merged into conncache.c
All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed the Curl_ prefix).
2015-05-12 23:21:33 +02:00
Daniel Stenberg
df5578a7a3 mprintf.h: remove #ifdef CURLDEBUG
... and as a consequence, introduce curl_printf.h with that re-define
magic instead and make all libcurl code use that instead.
2015-03-03 12:36:18 +01:00
Nick Zitzmann
b1c7fc050b By request, change the name of "curl_darwinssl.[ch]" to "darwinssl.[ch]" 2015-02-15 17:11:01 -06:00
Steve Holme
761d5166af schannel: Removed curl_ prefix from source files
Removed the curl_ prefix from the schannel source files as discussed
with Marc and Daniel at FOSDEM.
2015-02-07 21:34:33 +00:00
Steve Holme
300876a7a6 des: Added Curl_des_set_odd_parity()
Added Curl_des_set_odd_parity() for use when cryptography engines
don't include this functionality.
2015-01-28 22:34:49 +00:00
Steve Holme
b40e37f93d endian: Fixed Linux compilation issues
Having files named endian.[c|h] seemed to cause issues under Linux so
renamed them both to have the curl_ prefix in the filenames.
2014-12-31 14:02:25 +00:00
Steve Holme
81951d9874 endian: Introduced endian module
To allow the little endian functions, currently used in two of the NTLM
source files, to be used by other modules such as the SMB module.
2014-12-31 11:50:28 +00:00
Steve Holme
4bdb1ca8d6 Makefile.inc: Updated file formatting
Aligned continuation character and used space as the separator
character as per other makefile files.
2014-12-06 19:50:00 +00:00
Steve Holme
018b9d421a sasl_gssapi: Introduced GSS-API based SASL module
Added the initial version of curl_sasl_gssapi.c and updated the project
files in preparation for adding GSS-API based Kerberos V5 support.
2014-12-02 21:57:45 +00:00
Bill Nagel
e80d9d5902 smb: Added initial source files for SMB
Added the initial source files and updated the relevant project files in
order to support SMB/CIFS.
2014-11-29 18:10:41 +00:00
Patrick Monnerat
265b9a2e49 vtls: remove QsoSSL 2014-10-13 16:33:47 +02:00