Commit Graph

25568 Commits

Author SHA1 Message Date
Daniel Stenberg
4b355dd13b
TODO: Use "random" ports for the test servers 2020-03-22 23:30:09 +01:00
Daniel Stenberg
21b3893a11
lib/curl_setup: adjust the copyright year range
Follow-up from d820224b8
2020-03-21 23:19:39 +01:00
Jay Satiro
d820224b8b curl_setup: define _WIN32_WINNT_[OS] symbols
.. because not all Windows build systems have those symbols, and even
those that do may be missing newer symbols (eg the Windows 7 SDK does
not define _WIN32_WINNT_WIN10).

Those symbols are used in build-time logic to decide which API to use
and prior to this change if the symbols were missing it would have
resulted in deprecated API being used when more recent functions were
available (eg GetVersionEx used instead of VerifyVersionInfo).

Reported-by: FuccDucc@users.noreply.github.com

Probably fixes https://github.com/curl/curl/issues/4995
Closes https://github.com/curl/curl/pull/5057
2020-03-21 17:42:44 -04:00
Ross Burton
f25f602ffd curl-functions.m4: remove inappropriate AC_REQUIRE
AC_REQUIRE means "if this macro hasn't been executed already, execute
it".  So in a wrapper around AC_RUN_IFELSE, AC_REQUIRE(AC_RUN_IFELSE)
isn't correct at that will execute AC_RUN_IFELSE without any arguments.

With autoconf 2.69 this is basically a no-op, but with autoconf 2.70,
AC_RUN_IFELSE without a default value when cross-compiling is fatal.
The result is that curl with autoconf 2.70 cannot cross-compile.

Fixes https://github.com/curl/curl/issues/5126
Closes https://github.com/curl/curl/pull/5130
2020-03-21 17:31:32 -04:00
Marc Hoersken
9b4990f068
ci/tests: fix Azure Pipelines not running Windows containers
Workaround posted here: microsoft/azure-pipelines-agent#2864

Assisted-by: Simon Chalifoux
Assisted-by: Tommy Petty

Fixes #5117
Closes #5129
2020-03-20 20:55:08 +01:00
Daniel Stenberg
ab18027d6c
tests: add test 430, 431 and 432 to verify the --config fix
Verify the fixes in 4e0b4fee4
2020-03-20 11:14:56 +01:00
Rici Lake
4e0b4fee4a
cmdline: fix handling of OperationConfig linked list (--next)
Ensures that -K/--config inserts new items at the end of the list
instead of overwriting the second item, and that after a -K/--config
option has been parsed, the option parser's view of the current config
is update.

Fixes #5120
Closes #5123
2020-03-20 11:14:12 +01:00
Marc Hoersken
3d77d089a4
test2100: fix static port instead of dynamic value being used 2020-03-20 00:28:31 +01:00
Marc Hoersken
9c2aaf3d33
test970: fix static ip:port instead of dynamic values being used 2020-03-20 00:24:36 +01:00
Daniel Stenberg
cb2f57c0cd
secure transport: remove the BACKEND define kludge
Closes #5122
2020-03-19 13:22:46 +01:00
Daniel Stenberg
2efc3a424a
mbedtls: remove the BACKEND define kludge 2020-03-19 13:22:35 +01:00
Daniel Stenberg
52182e4b8f
bearssl: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
5076b8668f
wolfssl: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
259d62c7c0
nss: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
89865c149d
gnutls: remove the BACKEND define kludge 2020-03-19 13:22:34 +01:00
Daniel Stenberg
aec0b49df3
openssl: remove the BACKEND define kludge
Use a proper variable instead to make it easier to use a debugger and
read the code.
2020-03-19 13:22:34 +01:00
Marc Hoersken
3c9066fce5
tests: make Python-based servers compatible with Python 2 and 3
Update smbserver.py and negtelnetserver.py to be compatible with
Python 3 while staying backwards-compatible to support Python 2.

Fix string encoding and handling of echoed and transferred data.

Tested with both Python 2.7.17 and Python 3.7.7

Reported-by: Daniel Stenberg
Assisted-by: Kamil Dudka
Reviewed-by: Marcel Raad

Fixes #5104
Closes #5110
2020-03-19 03:26:19 +01:00
Daniel Stenberg
8d9802b0ae
writeout_json: use curl_off_t printf() option for the time output
Follow-up to: 04c03416e6

Closes #5115
2020-03-18 23:31:37 +01:00
Daniel Stenberg
daf1eee11e
RELEASE-NOTES: synced
Uh, I missed this in 1a46b218db
2020-03-18 10:23:47 +01:00
Daniel Stenberg
1a46b218db
RELEASE-NOTES: synced
... and bumped curlver.h to 7.70.0
2020-03-18 08:48:35 +01:00
Jay Satiro
347a374c56 http2: Fix erroneous debug message that h2 connection closed
Prior to this change in libcurl debug builds http2 stream closure was
erroneously referred to as connection closure.

Before:
* nread <= 0, server closed connection, bailing

After:
* nread == 0, stream closed, bailing

Closes https://github.com/curl/curl/pull/5118
2020-03-18 03:39:27 -04:00
Daniel Stenberg
0ae463ffd4
tool_setopt: correct the copyright year range
Follow-up to 5450428491
2020-03-18 08:33:28 +01:00
Johannes Schindelin
5450428491 schannel: add "best effort" revocation check option
- Implement new option CURLSSLOPT_REVOKE_BEST_EFFORT and
  --ssl-revoke-best-effort to allow a "best effort" revocation check.

A best effort revocation check ignores errors that the revocation check
was unable to take place. The reasoning is described in detail below and
discussed further in the PR.

---

When running e.g. with Fiddler, the schannel backend fails with an
unhelpful error message:

	Unknown error (0x80092012) - The revocation function was unable
	to check revocation for the certificate.

Sadly, many enterprise users who are stuck behind MITM proxies suffer
the very same problem.

This has been discussed in plenty of issues:
https://github.com/curl/curl/issues/3727,
https://github.com/curl/curl/issues/264, for example.

In the latter, a Microsoft Edge developer even made the case that the
common behavior is to ignore issues when a certificate has no recorded
distribution point for revocation lists, or when the server is offline.
This is also known as "best effort" strategy and addresses the Fiddler
issue.

Unfortunately, this strategy was not chosen as the default for schannel
(and is therefore a backend-specific behavior: OpenSSL seems to happily
ignore the offline servers and missing distribution points).

To maintain backward-compatibility, we therefore add a new flag
(`CURLSSLOPT_REVOKE_BEST_EFFORT`) and a new option
(`--ssl-revoke-best-effort`) to select the new behavior.

Due to the many related issues Git for Windows and GitHub Desktop, the
plan is to make this behavior the default in these software packages.

The test 2070 was added to verify this behavior, adapted from 310.

Based-on-work-by: georgeok <giorgos.n.oikonomou@gmail.com>
Co-authored-by: Markus Olsson <j.markus.olsson@gmail.com>
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>

Closes https://github.com/curl/curl/pull/4981
2020-03-18 03:23:39 -04:00
Jay Satiro
a268ad5d7e multi: Improve parameter check for curl_multi_remove_handle
- If an easy handle is owned by a multi different from the one specified
  then return CURLM_BAD_EASY_HANDLE.

Prior to this change I assume user error could cause corruption.

Closes https://github.com/curl/curl/pull/5116
2020-03-18 02:58:42 -04:00
Viktor Szakats
7284061361 windows: suppress UI in all CryptAcquireContext() calls
Ref: https://docs.microsoft.com/windows/win32/api/wincrypt/nf-wincrypt-cryptacquirecontexta#parameters
Reviewed-by: Marc Hörsken
Closes https://github.com/curl/curl/pull/5088
2020-03-17 23:08:02 +00:00
Daniel Stenberg
ab9dc5ae2a
writeout_json: add missing comma to fix the HTTP version
Follow-up to 04c03416e6
2020-03-17 16:05:05 +01:00
Daniel Stenberg
7631f2b752
test 970: verify --write-out '%{json}'
Makes curl_easy_getinfo() of "variable" numerical content instead return
the number set in the env variable `CURL_TIME`.

Makes curl_version() of "variable" textual content. This guarantees a
stable version string which can be tested against. Environment variable
`CURL_VERSION` defines the content.

Assisted-by: Mathias Gumz
2020-03-17 15:04:24 +01:00
Mathias Gumz
04c03416e6
writeout: support to generate JSON output
This commit adds support to generate JSON via the writeout feature:

    -w "%{json}"

It leverages the existing infrastructure as much as possible. Thus,
generating the JSON on STDERR is possible by:

    -w "%{stderr}%{json}"

This implements a variant of
https://github.com/curl/curl/wiki/JSON#--write-out-json.

Closes #4870
2020-03-17 15:01:28 +01:00
Daniel Stenberg
d83402813b
CI: stop ignoring 323, it is disabled 2020-03-17 09:55:35 +01:00
Daniel Stenberg
8a2b36df5b
DISABLED: disable test 323
The test uses SRP to "a server not supporting it" but modern stunnel
versions will silently accept it and remain happy. The test is therefore
faulty.

I haven't figured out how to make stunnel explicitly reject SRP-using
connects.

Reported-by: Marc Hörsken
Fixes #5105
Closes #5113
2020-03-17 09:55:35 +01:00
Marc Hoersken
45008cb485
ci/tests: increase timeouts for torture builds on Azure Pipelines
For some reason the torture builds have slowed down recently.

Reported-by: Daniel Stenberg
2020-03-17 09:24:29 +01:00
Daniel Stenberg
37a0541882
cmake: add support for building with wolfSSL
My working build cmdline:

$ cmake -DCMAKE_PREFIX_PATH=$HOME/build-wolfssl -DCMAKE_USE_WOLFSSL=ON .

Assisted-by: Brad King
Closes #5095
2020-03-16 22:56:50 +01:00
Daniel Stenberg
95c36fff75
tool_operate: fix add_parallel_transfers when more are in queue
Trying to return early from the function if no new transfers were added
would break the "morep" argument and cause issues. This could lead to
zero content "transfers" (within quotes since they would never be
started) when parallel-max was reduced.

Reported-by: Gavin Wong
Analyzed-by: Jay Satiro
Fixes #4937
Closes #5112
2020-03-16 09:51:34 +01:00
Daniel Stenberg
2eba5e4c7b
vtls: free ssl_config leftovers on out-of-memory
Torture testing 2034 and 2037 found this.

Reported-by: Marc Hörsken
Fixes #5108
Closes #5109
2020-03-16 08:10:30 +01:00
Marc Hoersken
404d5f200b
ci/tests: fix Azure Pipelines not running for pull requests
Closes #5111
2020-03-16 00:08:54 +01:00
Daniel Stenberg
92c152c2ef
gskit: update the copyright year range
Follow-up from 083603c63a
2020-03-15 23:43:50 +01:00
Marc Hoersken
083603c63a
gskit: use our internal select wrapper for portability
Follow up to c52b342
Closes #5106
2020-03-15 23:39:40 +01:00
Marc Hoersken
dda8babd07
tests: fix verification of stdout in test 1452 due to newline
Fixes test1452:41:1: error: missing </stdout> tag before </verify>
2020-03-15 23:17:01 +01:00
Marc Hoersken
49fbe01908
ci/tests: install impacket for SMB tests on FreeBSD using CirrusCI
Also force the package index/cache to be updated before installing.

Closes #5103
2020-03-15 13:38:41 +01:00
Marc Hoersken
92f129cd9f
tests/README: add note about manually installing python-impacket
Follow up to 4be2560
2020-03-15 12:34:17 +01:00
Daniel Stenberg
f38c7290b1
transfer: cap retries of "dead connections" to 5
When libcurl retries a connection due to it being "seemingly dead" or by
REFUSED_STREAM, it will now only do it up five times before giving up,
to avoid never-ending loops.

Reported-by: Dima Tisnek
Bug: https://curl.haxx.se/mail/lib-2020-03/0044.html
Closes #5074
2020-03-15 11:43:47 +01:00
Daniel Stenberg
51fde33747
TODO: TLS-PSK with OpenSSL
Closes #5081
2020-03-15 11:34:14 +01:00
Marc Hoersken
696cfc0f6c
select: add 'timeout_ms' wrap-around precaution to Curl_select 2020-03-15 11:08:27 +01:00
Marc Hoersken
041e778f1e
select: fix 'pending_ms' is assigned a value that is never used
Detected by Codacy
2020-03-15 11:08:27 +01:00
Marc Hoersken
c52b342051
select: move duplicate select preparation code into Curl_select
Reviewed by Daniel Stenberg
Reviewed by Marcel Raad
Closes #5078
2020-03-15 11:08:27 +01:00
Daniel Stenberg
dbd16c3e25
connect: happy eyeballs cleanup
Make sure each separate index in connn->tempaddr[] is used for a fixed
family (and only that family) during the connection process.

If family one takes a long time and family two fails immediately, the
previous logic could misbehave and retry the same family two address
repeatedly.

Reported-by: Paul Vixie
Reported-by: Jay Satiro
Fixes #5083
Fixes #4954
Closes #5089
2020-03-15 11:03:11 +01:00
Marc Hoersken
dc595210ae
ci/tests: fix and align setting TFLAGS for make test-nonflaky 2020-03-15 10:02:17 +01:00
Marc Hoersken
ac56683438
ci/tests: install test suite dependencies stunnel and impacket 2020-03-15 10:02:11 +01:00
Marc Hoersken
4be2560e01
tests: remove python_dependencies for smbserver from our tree
Users of the SMB tests will have to install impacket manually.

Reasoning: our in-tree version of impacket was quite outdated
and only compatible with Python 2 which is already end-of-life.
Upgrading to Python 3 and a compatible impacket version would
require to import additional Python-only and CPython-extension
dependencies. This would have hindered portability enormously.

Closes #5094
2020-03-15 10:01:38 +01:00
Jay Satiro
67f3f6cff1 Makefile.m32: Improve windres parameter compatibility
- s/COFF/coff/

Some versions of windres do not recognize uppercase COFF as a valid
way to specify the COFF output format.

Reported-by: Steven Penny

Fixes https://github.com/curl/curl/issues/5099
Closes https://github.com/curl/curl/pull/5101
2020-03-14 19:08:17 -04:00