Commit Graph

26828 Commits

Author SHA1 Message Date
Jay Satiro
e68ee39f3d doh: Fix sharing user's resolve list with DOH handles
- Share the shared object from the user's easy handle with the DOH
  handles.

Prior to this change if the user had set a shared object with shared
cached DNS (CURL_LOCK_DATA_DNS) for their easy handle then that wasn't
used by any associated DOH handles, since they used the multi's default
hostcache.

This change means all the handles now use the same hostcache, which is
either the shared hostcache from the user created shared object if it
exists or if not then the multi's default hostcache.

Reported-by: Manuj Bhatia

Fixes https://github.com/curl/curl/issues/6589
Closes https://github.com/curl/curl/pull/6607
2021-02-15 16:14:34 -05:00
Daniel Stenberg
723c0e75fa
http2: remove conn->data use
... but instead use a private alternative that points to the "driving
transfer" from the connection. We set the "user data" associated with
the connection to be the connectdata struct, but when we drive transfers
the code still needs to know the pointer to the transfer. We can change
the user data to become the Curl_easy handle, but with older nghttp2
version we cannot dynamically update that pointer properly when
different transfers are used over the same connection.

Closes #6520
2021-02-15 16:33:53 +01:00
Daniel Stenberg
f2f91ac709
openssl: remove conn->data use
We still make the trace callback function get the connectdata struct
passed to it, since the callback is anchored on the connection.

Repeatedly updating the callback pointer to set 'data' with
SSL_CTX_set_msg_callback_arg() doesn't seem to work, probably because
there might already be messages in the queue with the old pointer.

This code therefore makes sure to set the "logger" handle before using
OpenSSL calls so that the right easy handle gets used for tracing.

Closes #6522
2021-02-15 09:08:59 +01:00
Daniel Stenberg
fa959e697b
RELEASE-NOTES: synced 2021-02-15 08:31:34 +01:00
Jay Satiro
53022e1893 doh: add options to disable ssl verification
- New libcurl options CURLOPT_DOH_SSL_VERIFYHOST,
  CURLOPT_DOH_SSL_VERIFYPEER and CURLOPT_DOH_SSL_VERIFYSTATUS do the
  same as their respective counterparts.

- New curl tool options --doh-insecure and --doh-cert-status do the same
  as their respective counterparts.

Prior to this change DOH SSL certificate verification settings for
verifyhost and verifypeer were supposed to be inherited respectively
from CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER, but due to a bug
were not. As a result DOH verification remained at the default, ie
enabled, and it was not possible to disable. This commit changes
behavior so that the DOH verification settings are independent and not
inherited.

Ref: https://github.com/curl/curl/pull/4579#issuecomment-554723676

Fixes https://github.com/curl/curl/issues/4578
Closes https://github.com/curl/curl/pull/6597
2021-02-14 18:20:48 -05:00
Jay Satiro
b68026f7f4 hostip: fix crash in sync resolver builds that use DOH
- Guard some Curl_async accesses with USE_CURL_ASYNC instead of
  !CURLRES_SYNCH.

This is another follow-up to 8335c64 which moved the async struct from
the connectdata struct into the Curl_easy struct. A previous follow-up
6cd167a fixed building for sync resolver by guarding some async struct
accesses with !CURLRES_SYNCH. The problem is since DOH (DNS-over-HTTPS)
is available as an asynchronous secondary resolver the async struct may
be used even when libcurl is built for the sync resolver. That means
that CURLRES_SYNCH and USE_CURL_ASYNC may be defined at the same time.

Closes https://github.com/curl/curl/pull/6603
2021-02-13 23:03:58 -05:00
Daniel Stenberg
835c263421
KNOWN_BUGS: cannot enable LDAPS on Windows with cmake
Reported-by: Jack Boos Yu
Closes #6284
2021-02-13 22:49:16 +01:00
Daniel Stenberg
ab02bf4f0c
KNOWN_BUGS: Excessive HTTP/2 packets with TCP_NODELAY
Reported-by: Alex Xu
Closes #6363
2021-02-13 22:42:58 +01:00
Daniel Stenberg
46620b9743
http: use credentials from transfer, not connection
HTTP auth "accidentally" worked before this cleanup since the code would
always overwrite the connection credentials with the credentials from
the most recent transfer and since HTTP auth is typically done first
thing, this has not been an issue. It was still wrong and subject to
possible race conditions or future breakage if the sequence of functions
would change.

The data.set.str[] strings MUST remain unmodified exactly as set by the
user, and the credentials to use internally are instead set/updated in
state.aptr.*

Added test 675 to verify different credentials used in two requests done
over a reused HTTP connection, which previously behaved wrongly.

Fixes #6542
Closes #6545
2021-02-13 22:36:15 +01:00
Daniel Stenberg
e992770e8d
test433: clear some home dir env variables
Follow-up to bd6b54ba1f

... so that XDG_CONFIG_HOME is the only home dir variable set and thus
used correctly in the test!

Fixes #6599
Closes #6600
2021-02-12 14:02:07 +01:00
Daniel Stenberg
9e95105617
RELEASE-NOTES: synced
bumped the version to 7.76.0
2021-02-12 09:55:04 +01:00
Daniel Stenberg
150545de82
travis: install libgsasl-dev to add that to the builds
Closes #6588
2021-02-12 09:45:34 +01:00
Daniel Stenberg
88dd1a8a11
urldata: don't touch data->set.httpversion at run-time
Rename it to 'httpwant' and make a cloned field in the state struct as
well for run-time updates.

Also: refuse non-supported HTTP versions. Verified with test 129.

Closes #6585
2021-02-12 08:13:37 +01:00
Viktor Szakats
bd6b54ba1f
tests: disable .curlrc in more environments
by also setting CURL_HOME and XDG_CONFIG_HOME envvars to the local
directory.

Reviewed-by: Daniel Stenberg
Fixes #6595
Closes #6596
2021-02-11 22:06:02 +00:00
Viktor Szakats
acd90af51f
docs/Makefile.inc: format to be update-friendly
- one source file per line
- convert tabs to spaces
- do not align line-continuation backslashes
- sort source files alphabetically

Reviewed-by: Daniel Stenberg
Closes #6593
2021-02-11 16:12:12 +00:00
Daniel Stenberg
1560cd1f9f
curl: provide libgsasl version and feature info in -V output
Closes #6592
2021-02-11 16:16:45 +01:00
Daniel Stenberg
8d9346f1a0
gsasl: provide CURL_VERSION_GSASL if built-in
To let applications know the feature is available.

Closes #6592
2021-02-11 16:16:34 +01:00
Daniel Stenberg
8a964cb217
curl: add --fail-with-body
Prevent both --fail and --fail-with-body on the same command line.

Verify with test 349, 360 and 361.

Closes #6449
2021-02-11 08:35:27 +01:00
Daniel Stenberg
c386a0df44
TODO: remove HSTS
Provided now since commit 7385610d0c
2021-02-10 22:54:33 +01:00
Jay Satiro
89e572af82 tests: Fix tests failing due to change in curl --help
Follow-up to parent 3183217 which added add missing <mode> argument to
--create-file-mode <mode>.

Ref: https://github.com/curl/curl/issues/6590
2021-02-10 15:57:26 -05:00
Jay Satiro
3183217246 tool_help: add missing argument for --create-file-mode
Prior to this change the required argument was not shown in curl --help.

before:
     --create-file-mode File mode for created files

after:
     --create-file-mode <mode> File mode (octal) for created files

Reported-by: ZimCodes@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/6590
2021-02-10 14:10:49 -05:00
Jay Satiro
41863a94b5 create-file-mode.d: add missing Arg tag
Prior to this change the required argument was not shown.

curl.1 before: --create-file-mode
curl.1 after: --create-file-mode <mode>

Reported-by: ZimCodes@users.noreply.github.com

Fixes https://github.com/curl/curl/issues/6590
2021-02-10 13:57:40 -05:00
Viktor Szakats
62c4f2f10f
gsasl: fix errors/warnings building against libgsasl
- also fix an indentation
- make Curl_auth_gsasl_token() use CURLcode (by Daniel Stenberg)

Ref: https://github.com/curl/curl/pull/6372#issuecomment-776118711
Ref: https://github.com/curl/curl/pull/6588

Reviewed-by: Jay Satiro
Assisted-by: Daniel Stenberg
Reviewed-by: Simon Josefsson
Closes #6587
2021-02-10 18:55:58 +00:00
Viktor Szakats
2dfe3d7093
Makefile.m32: add support for libgsasl dependency
Reviewed-by: Marcel Raad
Closes #6586
2021-02-10 18:48:29 +00:00
Marcel Raad
89193ed518
ngtcp2: clarify calculation precedence
As suggested by Codacy/cppcheck.

Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:49 +01:00
Marcel Raad
1636076e70
server: remove redundant condition
`end` is always non-null here.

Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:34 +01:00
Marcel Raad
1cd823ed5a
lib: remove redundant code
Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:27 +01:00
Marcel Raad
cc9c4e0f4e
mqttd: remove unused variable
Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:21 +01:00
Marcel Raad
fa624f0baa
tool_paramhlp: reduce variable scope
Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:15 +01:00
Marcel Raad
4c02d003ff
tests: reduce variable scopes
Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:09 +01:00
Marcel Raad
a774b3f304
lib: reduce variable scopes
Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:47:03 +01:00
Marcel Raad
a3f93a62a2
ftp: fix Codacy/cppcheck warning about null pointer arithmetic
Increment `bytes` only if it is non-null.

Closes https://github.com/curl/curl/pull/6576
2021-02-10 16:46:52 +01:00
Daniel Stenberg
ec5d9b44a2
ngtcp2: adapt to the new recv_datagram callback 2021-02-09 23:25:20 +01:00
Daniel Stenberg
69a396f593
quiche: fix build error: use 'int' for port number
Follow-up to cb2dc1ba8
2021-02-09 23:21:39 +01:00
Daniel Stenberg
528f71c2ec
ftp: add 'list_only' to the transfer state struct
and rename it from 'ftp_list_only' since it is also used for SSH and
POP3. The state is updated internally for 'type=D' FTP URLs.

Added test case 1570 to verify.

Closes #6578
2021-02-09 14:06:28 +01:00
Daniel Stenberg
115c9e27f5
ftp: add 'prefer_ascii' to the transfer state struct
... and make sure the code never updates 'set.prefer_ascii' as it breaks
handle reuse which should use the setting as the user specified it.

Added test 1569 to verify: it first makes an FTP transfer with ';type=A'
and then another without type on the same handle and the second should
then use binary. Previously, curl failed this.

Closes #6578
2021-02-09 14:06:28 +01:00
Daniel Stenberg
0829909ebd
RELEASE-NOTES: synced 2021-02-09 11:36:07 +01:00
Jacob Hoffman-Andrews
246399a874
vtls: initial implementation of rustls backend
This adds a new TLS backend, rustls. It uses the C-to-rustls bindings
from https://github.com/abetterinternet/crustls.

Rustls is at https://github.com/ctz/rustls/.

There is still a fair bit to be done, like sending CloseNotify on
connection shutdown, respecting CAPATH, and properly indicating features
like "supports TLS 1.3 ciphersuites." But it works well enough to make
requests and receive responses.

Blog post for context:
https://www.abetterinternet.org/post/memory-safe-curl/

Closes #6350
2021-02-09 11:06:18 +01:00
Simon Josefsson
3eebbfe8f3
sasl: support SCRAM-SHA-1 and SCRAM-SHA-256 via libgsasl
Closes #6372
2021-02-09 10:53:25 +01:00
Jay Satiro
cb2dc1ba89 lib: use int type for more port variables
This is a follow-up to 764c6bd. Prior to that change port variables
were usually type long.

Closes https://github.com/curl/curl/pull/6553
2021-02-09 02:53:31 -05:00
Jay Satiro
65ca229461 tool_writeout: refactor write-out and write-out json
- Deduplicate the logic used by write-out and write-out json.

Rather than have separate writeLong, writeString, etc, logic for
each of write-out and write-out json instead have respective shared
functions that can output either format and a 'use_json' parameter to
indicate whether it is json that is output.

This will make it easier to maintain. Rather than have to go through
two sets of logic now we only have to go through one.

- Support write-out %{errormsg} and %{exitcode} in json.

- Clarify in the doc that %{exitcode} is the exit code of the transfer.

Prior to this change it just said "The numerical exitcode" which
implies it's the exit code of the tool, and it's not necessarily that.

Closes https://github.com/curl/curl/pull/6544
2021-02-09 02:48:27 -05:00
Jay Satiro
b9f11ae875 lib: drop USE_SOCKETPAIR in favor of CURL_DISABLE_SOCKETPAIR
.. since the former is undocumented and they both do the same thing.

Closes https://github.com/curl/curl/pull/6517
2021-02-09 02:47:51 -05:00
Jay Satiro
b48db908e0 curl_multibyte: fall back to local code page stat/access on Windows
If libcurl is built with Unicode support for Windows then it is assumed
the filename string is Unicode in UTF-8 encoding and it is converted to
UTF-16 to be passed to the wide character version of the respective
function (eg wstat). However the filename string may actually be in the
local encoding so, even if it successfully converted to UTF-16, if it
could not be stat/accessed then try again using the local code page
version of the function (eg wstat fails try stat).

We already do this with fopen (ie wfopen fails try fopen), so I think it
makes sense to extend it to stat and access functions.

Closes https://github.com/curl/curl/pull/6514
2021-02-09 02:47:05 -05:00
Stephan Szabo
1269c80af1 file: Support unicode urls on windows
Closes https://github.com/curl/curl/pull/6501
2021-02-09 02:45:51 -05:00
Vincent Torri
d4a3b87c13 cmake: fix import library name for non-MS compiler on Windows
- Use _imp.lib suffix only for Microsoft's compiler (MSVC).

Prior to this change library suffix _imp.lib was used for the import
library on Windows regardless of compiler.

With this change the other compilers should now use their default
suffix which should be .dll.a.

This change is motivated by the usage of pkg-config on MSYS2.
Indeed, when 'pkg-config --libs libcurl' is used, -lcurl is
passed to ld. The documentation of ld on Windows :

https://sourceware.org/binutils/docs/ld/WIN32.html

lists, in the 'direct linking to a dll' section, the pattern
of the searched import library, and libcurl_imp.lib is not there.

Closes https://github.com/curl/curl/pull/6225
2021-02-09 02:43:04 -05:00
Daniel Stenberg
f1e5e49879
urldata: move 'followlocation' to UrlState
As this is a state variable it does not belong in UserDefined which is
used to store values set by the user.

Closes #6582
2021-02-09 08:22:45 +01:00
Ikko Ashimine
13d8a56408
http_proxy: fix typo in http_proxy.c
settting -> setting

Closes #6583
2021-02-09 08:21:56 +01:00
Fabian Keil
461e3ef680
tests/server: Bump MAX_TAG_LEN to 200
This is useful for tests containing HTML inside of <data> sections.
For <img> tags it's not uncommon to be longer than the previous
limit of 79 bytes.

An example of a previously problem-causing tag is:
<img src="http://config.privoxy.org/send-banner?type=auto" border="0" title="Killed-http://www.privoxy.org/images/privoxy.png-by-size" width="88" height="31">
which is needed for a Privoxy test for the banners-by-size filter.

Previously it caused server failures like:
12:29:05.786961 ====> Client connect
12:29:05.787116 accept_connection 3 returned 4
12:29:05.787194 accept_connection 3 returned 0
12:29:05.787285 Read 119 bytes
12:29:05.787345 Process 119 bytes request
12:29:05.787407 Got request: GET /banners-by-size/9 HTTP/1.1
12:29:05.787464 Requested test number 9 part 0
12:29:05.787686 getpart() failed with error: -2
12:29:05.787744 - request found to be complete (9)
12:29:05.787912 getpart() failed with error: -2
12:29:05.788048 Wrote request (119 bytes) input to log/server.input
12:29:05.788157 Send response test9 section <data>
12:29:05.788443 getpart() failed with error: -2
12:29:05.788498 instructed to close connection after server-reply
12:29:05.788550 ====> Client disconnect 0
12:29:05.871448 exit_signal_handler: 15
12:29:05.871714 signalled to die
12:29:05.872040 ========> IPv4 sws (port 21108 pid: 51758) exits with signal (15)
2021-02-09 08:16:40 +01:00
Fabian Keil
e11e5b2d46
tests/badsymbols.pl: when opening '$incdir' fails include it in the error message 2021-02-09 08:16:40 +01:00
Fabian Keil
e6f4ab3477
runtests.1: document -o, -P, -L, and -E 2021-02-09 08:16:40 +01:00