Commit Graph

8181 Commits

Author SHA1 Message Date
Stefan Bühler
b4be97fb67 move Curl_share_lock and ref counting into Curl_fetch_addr 2015-04-03 16:46:14 +02:00
Stefan Bühler
0db831976e fix refreshing of obsolete dns cache entries
- cache entries must be also refreshed when they are in use
- have the cache count as inuse reference too, freeing timestamp == 0 special
  value
- use timestamp == 0 for CURLOPT_RESOLVE entries which don't get refreshed
- remove CURLOPT_RESOLVE special inuse reference (timestamp == 0 will prevent refresh)
- fix Curl_hostcache_clean - CURLOPT_RESOLVE entries don't have a special
  reference anymore, and it would also release non CURLOPT_RESOLVE references
- fix locking in Curl_hostcache_clean
- fix unit1305.c: hash now keeps a reference, need to set inuse = 1
2015-04-03 16:46:14 +02:00
Jay Satiro
f203edc544 cyassl: Set minimum protocol version before CTX callback
This change is to allow the user's CTX callback to change the minimum
protocol version in the CTX without us later overriding it, as we did
prior to this change.
2015-04-03 10:51:58 +02:00
Jay Satiro
0b5efa57ad cyassl: Fix certificate load check
SSL_CTX_load_verify_locations can return negative values on fail,
therefore to check for failure we check if load is != 1 (success)
instead of if load is == 0 (failure), the latter being incorrect given
that behavior.
2015-04-02 17:18:42 +02:00
Tatsuhiro Tsujikawa
21e82bd635 http2: Fix missing nghttp2_session_send call in Curl_http2_switched
Previously in Curl_http2_switched, we called nghttp2_session_mem_recv to
parse incoming data which were already received while curl was handling
upgrade.  But we didn't call nghttp2_session_send, and it led to make
curl not send any response to the received frames.  Most likely, we
received SETTINGS from server at this point, so we missed opportunity to
send SETTINGS + ACK.  This commit adds missing nghttp2_session_send call
in Curl_http2_switched to fix this issue.

Bug: https://github.com/bagder/curl/issues/192
Reported-by: Stefan Eissing
2015-04-02 15:19:29 +02:00
Daniel Stenberg
2685041a5c cookie: handle spaces after the name in Set-Cookie
"name =value" is fine and the space should just be skipped.

Updated test 31 to also test for this.

Bug: https://github.com/bagder/curl/issues/195
Reported-by: cromestant
Help-by: Frank Gevaerts
2015-04-01 23:25:29 +02:00
Jay Satiro
b121633402 cyassl: Fix library initialization return value
(Curl_cyassl_init)
- Return 1 on success, 0 in failure.

Prior to this change the fail path returned an incorrect value and the
evaluation to determine whether CyaSSL_Init had succeeded was incorrect.
Ironically that combined with the way curl_global_init tests SSL library
initialization (!Curl_ssl_init()) meant that CyaSSL having been
successfully initialized would be seen as that even though the code path
and return value in Curl_cyassl_init were wrong.
2015-04-01 08:10:58 +02:00
Dan Fandrich
049fe7fb53 axtls: add timeout within Curl_axtls_connect
This allows test 405 to pass on axTLS.
2015-03-31 02:04:22 +02:00
Jay Satiro
6419aee248 checksrc: Windows-specific input fixes
lib/config-win32ce.h
- Fix whitespace for checksrc compliance.

lib/checksrc.pl
- Remove trailing carriage returns from input.

projects/checksrc.bat
- Ignore tool_hugehelp.c.
2015-03-30 22:39:13 +02:00
Daniel Stenberg
787c2ae91b multi: remove_handle: move pending connections
If the handle removed from the multi handle happens to be the one
"owning" the pipeline other transfers will be waiting indefinitely. Now
we move such handles back to connect to have them race (again) for
getting the connection and thus avoid hanging.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
2015-03-29 23:49:12 +02:00
Jay Satiro
fcdc597b1a cyassl: CTX callback cosmetic changes and doc fix
- More descriptive fail message for NO_FILESYSTEM builds.
- Cosmetic changes.
- Change more of CURLOPT_SSL_CTX_* doc to not be OpenSSL specific.
2015-03-28 16:41:51 +01:00
Kyle L. Huff
d2feb71752 cyassl: add SSL context callback support for CyaSSL
Adds support for CURLOPT_SSL_CTX_FUNCTION when using CyaSSL, and better
handles CyaSSL instances using NO_FILESYSTEM.
2015-03-27 23:32:14 +01:00
Kyle L. Huff
211f1e3c6b cyassl: remove undefined reference to CyaSSL_no_filesystem_verify
CyaSSL_no_filesystem_verify is not (or no longer) defined by cURL or
CyaSSL. This reference causes build errors when compiling with
NO_FILESYSTEM.
2015-03-27 23:31:12 +01:00
Jay Satiro
e7a289ebb9 vtls: Don't accept unknown CURLOPT_SSLVERSION values 2015-03-27 09:32:23 +01:00
Jay Satiro
488102fc17 url: Don't accept CURLOPT_SSLVERSION unless USE_SSL is defined 2015-03-27 09:31:30 +01:00
Daniel Stenberg
318ad8d767 multi: on a request completion, check all CONNECT_PEND transfers
... even if they don't have an associated connection anymore. It could
leave the waiting transfers pending with no active one on the
connection.

Bug: http://curl.haxx.se/bug/view.cgi?id=1465
Reported-by: Jiri Dvorak
2015-03-26 08:14:22 +01:00
Daniel Stenberg
eb2a6180fb README.http2: refreshed and added TODO items 2015-03-25 12:13:16 +01:00
Daniel Stenberg
5b58bface3 polarssl: called mbedTLS in 1.3.10 and later 2015-03-25 09:19:57 +01:00
Daniel Stenberg
83b29e43cd polarssl: remove dead code
and simplify code by changing if-elses to a switch()

CID 1291706: Logically dead code. Execution cannot reach this statement
2015-03-25 09:01:11 +01:00
Daniel Stenberg
24908c12d7 polarssl: remove superfluous for(;;) loop
"unreachable: Since the loop increment is unreachable, the loop body
will never execute more than once."

Coverity CID 1291707
2015-03-25 08:49:34 +01:00
Daniel Stenberg
4e299192ed Curl_ssl_md5sum: return CURLcode
... since the funciton can fail on OOM. Check this return code.

Coverity CID 1291705.
2015-03-25 08:32:12 +01:00
Jay Satiro
e35f2e61ec cyassl: default to highest possible TLS version
(cyassl_connect_step1)
- Use TLS 1.0-1.2 by default when available.

CyaSSL/wolfSSL >= v3.3.0 supports setting a minimum protocol downgrade
version.

cyassl/cyassl@322f79f
2015-03-25 08:10:24 +01:00
Jay Satiro
d29f8b460c cyassl: Check for invalid length parameter in Curl_cyassl_random 2015-03-25 08:08:12 +01:00
Jay Satiro
ec31962640 cyassl: If wolfSSL then identify as such in version string 2015-03-25 08:08:12 +01:00
Dan Fandrich
35648f2e79 curl_memory: make curl_memory.h the second-last header file loaded
This header file must be included after all header files except
memdebug.h, as it does similar memory function redefinitions and can be
similarly affected by conflicting definitions in system or dependent
library headers.
2015-03-24 23:47:01 +01:00
Daniel Stenberg
ac2827ac09 openssl: do the OCSP work-around for libressl too
I tested with libressl git master now (v2.1.4-27-g34bf96c) and it seems to
still require the work-around for stapling to work.
2015-03-24 23:39:52 +01:00
Daniel Stenberg
bd9ac3cff2 openssl: verifystatus: only use the OCSP work-around <= 1.0.2a
URL: http://curl.haxx.se/mail/lib-2015-03/0205.html
Reported-by: Alessandro Ghedini
2015-03-24 23:06:37 +01:00
Daniel Stenberg
7e6ca87a72 openssl: adapt to ASN1/X509 things gone opaque in 1.1 2015-03-24 22:59:33 +01:00
Dan Fandrich
56ae66d518 vtls: fix compile with --disable-crypto-auth but with SSL
This is a strange combination of options, but is allowed.
2015-03-24 21:41:22 +01:00
Daniel Stenberg
5d23279299 CURLOPT_PATH_AS_IS: added
--path-as-is is the command line option

Added docs in curl.1 and CURLOPT_PATH_AS_IS.3

Added test in test 1241
2015-03-24 10:31:58 +01:00
Yamada Yasuharu
ecc4940df2 curl_easy_recv/send: make them work with the multi interface
By making sure Curl_getconnectinfo() uses the correct connection cache
to find the last connection.
2015-03-23 22:46:58 +01:00
Daniel Stenberg
4b02b84897 http2: move the init too for when its actually needed
... it would otherwise lead to memory leakage if we never actually do
the switch.
2015-03-23 10:26:04 +01:00
Dan Fandrich
145c4692ff dict: rename byte to avoid compiler shadowed declaration warning
This conflicted with a WolfSSL typedef.
2015-03-23 10:16:10 +01:00
Dan Fandrich
430006c5e2 cyassl: include version.h to ensure the version macros are defined 2015-03-23 10:10:03 +01:00
Nick Zitzmann
7f5a170442 darwinsssl: add support for TLS False Start
TLS False Start support requires iOS 7.0 or later, or OS X 10.9 or later.
2015-03-21 12:22:56 -05:00
Daniel Stenberg
ed429b72d7 gtls: add check of return code
Coverity CID 1291167 pointed out that 'rc' was received but never used when
gnutls_credentials_set() was used. Added return code check now.
2015-03-21 16:53:43 +01:00
Daniel Stenberg
fea13a17d8 gtls: dereferencing NULL pointer
Coverity CID 1291165 pointed out 'chainp' could be dereferenced when
NULL if gnutls_certificate_get_peers() had previously failed.
2015-03-21 16:53:23 +01:00
Daniel Stenberg
5f6f9e8b59 gtls: avoid uninitialized variable.
Coverity CID 1291166 pointed out that we could read this variable
uninitialized.
2015-03-21 16:53:09 +01:00
Daniel Stenberg
9cd4d6518f x509asn1: add /* fallthrough */ in switch() case 2015-03-21 16:29:58 +01:00
Daniel Stenberg
e6917d3b77 x509asn1: minor edit to unconfuse Coverity
CID 1202732 warns on the previous use, although I cannot fine any
problems with it. I'm doing this change only to make the code use a more
familiar approach to accomplish the same thing.
2015-03-21 16:21:01 +01:00
Daniel Stenberg
b734518371 nss: error: unused variable 'connssl' 2015-03-21 15:47:03 +01:00
Dan Fandrich
6779c50e26 cyassl: use new library version macro when available 2015-03-20 23:49:53 +01:00
Alessandro Ghedini
185914fd31 nss: add support for TLS False Start 2015-03-20 20:14:35 +01:00
Alessandro Ghedini
4dcd25e138 url: add CURLOPT_SSL_FALSESTART option
This option can be used to enable/disable TLS False Start defined in the RFC
draft-bmoeller-tls-falsestart.
2015-03-20 20:14:33 +01:00
Alessandro Ghedini
a332922a52 gtls: implement CURLOPT_CERTINFO 2015-03-20 19:03:53 +01:00
Alessandro Ghedini
8854f8d45a openssl: try to avoid accessing OCSP structs when possible 2015-03-20 15:36:05 +01:00
Daniel Stenberg
abfab1786e HTTP: don't switch to HTTP/2 from 1.1 until we get the 101
We prematurely changed protocol handler to HTTP/2 which made things very
slow (and wrong).

Reported-by: Stefan Eissing
Bug: https://github.com/bagder/curl/issues/169
2015-03-19 13:44:18 +01:00
Dan Fandrich
9e66d3f4d3 axtls: version 1.5.2 now requires that config.h be manually included 2015-03-19 10:11:17 +01:00
Kamil Dudka
e3fbdc7c8a nss: explicitly tell NSS to disable NPN/ALPN
... if disabled at libcurl level.  Otherwise, we would allow to
negotiate NPN despite curl was invoked with the --no-npn option.
2015-03-18 19:43:14 +01:00
Dan Fandrich
252e9acd50 checksrc: Fix whitelist on out-of-tree builds 2015-03-17 23:26:48 +01:00