Daniel Stenberg
fd137786e5
bundles: merged into conncache.c
...
All the existing Curl_bundle* functions were only ever used from within
the conncache.c file, so I moved them over and made them static (and
removed the Curl_ prefix).
2015-05-12 23:21:33 +02:00
Daniel Stenberg
b419e7ae0c
hostcache: made all host caches use structs, not pointers
...
This avoids unnecessary dynamic allocs and as this also removed the last
users of *hash_alloc() and *hash_destroy(), those two functions are now
removed.
2015-05-12 09:46:53 +02:00
Daniel Stenberg
d37e0160c2
multi: converted socket hash into non-allocated struct
...
avoids extra dynamic allocation
2015-05-12 09:28:37 +02:00
Daniel Stenberg
640296c95d
connection cache: avoid Curl_hash_alloc()
...
... by using plain structs instead of pointers for the connection cache,
we can avoid several dynamic allocations that weren't necessary.
2015-05-12 09:15:02 +02:00
Daniel Stenberg
c4d6f9163a
proxy: add newline to info message
2015-05-08 15:56:25 +02:00
Patrick Monnerat
c720cd6356
FTP: fix dangling conn->ip_addr dereference on verbose EPSV.
2015-05-08 15:28:48 +02:00
Patrick Monnerat
3377e692ee
FTP: Make EPSV use the control IP address rather than the original host.
...
This ensures an alternate address is not used.
Does not apply to proxy tunnel.
2015-05-08 15:28:48 +02:00
Orgad Shaneh
33058a1dc3
netrc: Read in text mode when cygwin
...
Use text mode when cygwin to eliminate trailing carriage returns.
Bug: https://github.com/bagder/curl/pull/258
2015-05-06 02:34:31 -04:00
Alessandro Ghedini
a5e09e9eea
gtls: properly retrieve certificate status
...
Also print the revocation reason if appropriate.
2015-05-04 13:42:45 +02:00
Daniel Stenberg
86bc654532
OpenSSL: conditional check for SSL3_RT_HEADER
...
The symbol is fairly new.
Reported-by: Kamil Dudka
2015-05-04 13:29:34 +02:00
Daniel Stenberg
690317aae2
openssl: skip trace outputs for ssl_ver == 0
...
The OpenSSL trace callback is wonderfully undocumented but given a
journey in the source code, it seems the cases were ssl_ver is zero
doesn't follow the same pattern and thus turned out confusing and
misleading. For now, we skip doing any CURLINFO_TEXT logging on those
but keep sending them as CURLINFO_SSL_DATA_OUT/IN.
Also, I added direction to the text info and I edited some functions
slightly.
Bug: https://github.com/bagder/curl/issues/219
Reported-by: Jay Satiro, Ashish Shukla
2015-05-04 12:27:59 +02:00
Marc Hoersken
3c104448d6
schannel.c: Small changes
2015-05-02 22:21:25 +02:00
Marc Hoersken
ae8387b91c
schannel.c: Improve code path and readability
2015-05-02 20:14:53 +02:00
Marc Hoersken
d93619ca5d
schannel.c: Improve error and return code handling upon aa99a63f03
2015-05-02 20:05:22 +02:00
Chris Araman
aa99a63f03
schannel: fix regression in schannel_recv
...
https://github.com/bagder/curl/issues/244
Commit 145c263
changed the behavior when Curl_read_plain returns
CURLE_AGAIN. We now handle CURLE_AGAIN and SEC_I_CONTEXT_EXPIRED
correctly.
2015-05-02 18:54:13 +02:00
Marc Hoersken
4bb8bad964
Bug born in changes made several days ago 9a91e80
.
...
Commit: https://github.com/bagder/curl/commit/926cb9f
Reported-by: Ray Satiro
2015-05-01 09:39:34 +02:00
Dan Fandrich
32606e4f0b
http_negotiate_sspi: added missing data variable
2015-04-30 12:13:49 +02:00
Viktor Szakats
6a61285909
build: update depedency versions, urls, example makefiles
...
- update default versions of dependencies (except for rare/old platforms)
- update urls
- sync examples makefiles with main ones
- remove line ending space
2015-04-30 08:29:00 +02:00
Anders Bakken
b23fda76c1
curl_multi_add_handle: next is already NULL
2015-04-30 08:21:34 +02:00
Jay Satiro
926cb9ff65
schannel: Fix out of bounds array
...
Bug born in changes made several days ago 9a91e80
.
Bug: http://curl.haxx.se/mail/lib-2015-04/0199.html
Reported-by: Brian Chrisman
2015-04-30 01:44:45 -04:00
Viktor Szakats
790d1a4816
lib/makefile.m32: add arch -m32/-m64 to LDFLAGS
...
This fixes using a multi-target mingw distro to build curl .dll for the
non-default target.
(mirroring the same patch present in src/makefile.m32)
2015-04-29 13:18:17 -04:00
Daniel Stenberg
6ba2e88a64
CURLOPT_HEADEROPT: default to separate
...
Make the HTTP headers separated by default for improved security and
reduced risk for information leakage.
Bug: http://curl.haxx.se/docs/adv_20150429.html
Reported-by: Yehezkel Horowitz, Oren Souroujon
2015-04-28 21:02:37 +02:00
Daniel Stenberg
b2ea1bfcd6
hash: simplify Curl_str_key_compare()
2015-04-28 13:10:53 +02:00
Linus Nielsen
97c272e5d1
Negotiate: custom service names for SPNEGO.
...
* Add new options, CURLOPT_PROXY_SERVICE_NAME and CURLOPT_SERVICE_NAME.
* Add new curl options, --proxy-service-name and --service-name.
2015-04-28 08:29:56 +02:00
Daniel Stenberg
54c394699d
http2: unify http_conn variable names to 'c'
2015-04-27 22:54:34 +02:00
Daniel Stenberg
09a31fabe4
ConnectionExists: call it multi-use instead of pipelining
...
So that it fits HTTP/2 as well
2015-04-27 22:54:34 +02:00
Paul Howarth
d4f62f6c5d
nss: fix compilation failure with old versions of NSS
...
Bug: http://curl.haxx.se/mail/lib-2015-04/0095.html
2015-04-27 15:37:16 +02:00
Marc Hoersken
92e754de78
schannel.c: Fix typo introduced with 3447c973d0
2015-04-26 19:57:05 +02:00
Marc Hoersken
9a91e8059b
schannel.c: Fix possible SEC_E_BUFFER_TOO_SMALL error
...
Reported-by: Brian Chrisman
2015-04-26 17:59:01 +02:00
Daniel Stenberg
3447c973d0
schannel: re-indented file to follow curl style better
...
white space changes only
2015-04-26 17:40:40 +02:00
Daniel Stenberg
cae43a10cb
Curl_ossl_init: load builtin modules
...
To have engine modules work, we must tell openssl to load builtin
modules first.
Bug: https://github.com/bagder/curl/pull/206
2015-04-26 17:26:31 +02:00
Daniel Stenberg
aff153f83a
openssl: fix serial number output
...
The code extracting the cert serial number was broken and didn't display
it properly.
Bug: https://github.com/bagder/curl/issues/235
Reported-by: dkjjr89
2015-04-26 16:36:19 +02:00
Grant Pannell
59f3f92ba6
sasl_sspi: Populate domain from the realm in the challenge
...
Without this, SSPI based digest auth was broken.
Bug: https://github.com/bagder/curl/pull/141.patch
2015-04-26 16:12:23 +02:00
Viktor Szakats
48be87e5f0
netrc: support 'default' token
...
The 'default' token has no argument and means to match _any_ domain.
It must be placed last if there are 'machine <name>' tokens in the same file.
See full description here:
https://www.gnu.org/software/inetutils/manual/html_node/The-_002enetrc-File.html
2015-04-24 23:57:37 +02:00
Jay Satiro
0675abbc75
cyassl: Implement public key pinning
...
Also add public key extraction example to CURLOPT_PINNEDPUBLICKEY doc.
2015-04-22 17:07:19 -04:00
Daniel Stenberg
85c45d153b
connectionexists: follow-up to fd9d3a1ef1
...
PROTOPT_CREDSPERREQUEST still needs to be checked even when NTLM is not
enabled.
Mistake-caught-by: Kamil Dudka
2015-04-22 13:59:04 +02:00
Daniel Stenberg
fd9d3a1ef1
connectionexists: fix build without NTLM
...
Do not access NTLM-specific struct fields when built without NTLM
enabled!
bug: http://curl.haxx.se/?i=231
Reported-by: Patrick Rapin
2015-04-22 13:32:45 +02:00
Kamil Dudka
b47c17d67c
nss: implement public key pinning for NSS backend
...
Bug: https://bugzilla.redhat.com/1195771
2015-04-22 13:21:31 +02:00
Daniel Stenberg
1fd33e3ec8
dist: include {src,lib}/checksrc.whitelist
2015-04-22 13:16:04 +02:00
Daniel Stenberg
79b9d5f1a4
http_done: close Negotiate connections when done
...
When doing HTTP requests Negotiate authenticated, the entire connnection
may become authenticated and not just the specific HTTP request which is
otherwise how HTTP works, as Negotiate can basically use NTLM under the
hood. curl was not adhering to this fact but would assume that such
requests would also be authenticated per request.
CVE-2015-3148
Bug: http://curl.haxx.se/docs/adv_20150422B.html
Reported-by: Isaac Boukris
2015-04-21 23:20:37 +02:00
Daniel Stenberg
0583e87ada
fix_hostname: zero length host name caused -1 index offset
...
If a URL is given with a zero-length host name, like in "http://:80 " or
just ":80", `fix_hostname()` will index the host name pointer with a -1
offset (as it blindly assumes a non-zero length) and both read and
assign that address.
CVE-2015-3144
Bug: http://curl.haxx.se/docs/adv_20150422D.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
b5f947b8ac
cookie: cookie parser out of boundary memory access
...
The internal libcurl function called sanitize_cookie_path() that cleans
up the path element as given to it from a remote site or when read from
a file, did not properly validate the input. If given a path that
consisted of a single double-quote, libcurl would index a newly
allocated memory area with index -1 and assign a zero to it, thus
destroying heap memory it wasn't supposed to.
CVE-2015-3145
Bug: http://curl.haxx.se/docs/adv_20150422C.html
Reported-by: Hanno Böck
2015-04-21 23:20:36 +02:00
Daniel Stenberg
31be461c6b
ConnectionExists: for NTLM re-use, require credentials to match
...
CVE-2015-3143
Bug: http://curl.haxx.se/docs/adv_20150422A.html
Reported-by: Paras Sethia
2015-04-21 23:20:36 +02:00
byronhe
6088fbce06
openssl: add OPENSSL_NO_SSL3_METHOD check
2015-04-21 15:25:21 -04:00
Viktor Szakáts
3a87bdebd1
vtls/openssl: use https in URLs and a comment typo fixed
2015-04-19 19:52:37 +02:00
Daniel Stenberg
2eb02480ef
Revert "HTTP: don't abort connections with pending Negotiate authentication"
...
This reverts commit 5dc68dd609
.
Bug: https://github.com/bagder/curl/issues/223
Reported-by: Michael Osipov
2015-04-17 23:23:42 +02:00
Jay Satiro
f70112522f
cyassl: Fix include order
...
Prior to this change CyaSSL's build options could redefine some generic
build symbols.
http://curl.haxx.se/mail/lib-2015-04/0069.html
2015-04-17 15:24:04 -04:00
Jay Satiro
9430dd583e
cyassl: Add support for TLS extension SNI
2015-04-14 02:05:25 -04:00
Matthew Hall
a471a9f3b6
vtls_openssl: improve PKCS#12 load failure error message
2015-04-13 22:25:04 +02:00
Matthew Hall
27ac643455
vtls_openssl: fix minor typo in PKCS#12 load routine
2015-04-13 22:25:04 +02:00