diff options
| author | ng0 <ng0@n0.is> | 2019-06-07 16:10:38 +0000 |
|---|---|---|
| committer | ng0 <ng0@n0.is> | 2019-06-07 16:10:38 +0000 |
| commit | 61c8b4c19e66a9a70ebd5e2ade322859ae038d35 (patch) | |
| tree | 586e98e8a1a8af9cf9388f4f6dd768091dfa3965 | |
| parent | 7959939f112e7a86a0df994e19f02f5c198eb28a (diff) | |
| parent | 69248b58f649e35b09a126c12781353e3471f5c6 (diff) | |
| download | gnurl-61c8b4c19e66a9a70ebd5e2ade322859ae038d35.tar.gz gnurl-61c8b4c19e66a9a70ebd5e2ade322859ae038d35.tar.bz2 gnurl-61c8b4c19e66a9a70ebd5e2ade322859ae038d35.zip | |
Merge tag 'curl-7_65_1' of https://github.com/curl/curl
7.65.1
77 files changed, 942 insertions, 741 deletions
diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 000000000..fb9cb5b48 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +open_collective: curl diff --git a/CMakeLists.txt b/CMakeLists.txt index 8b9882276..4c0d082eb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -887,6 +887,7 @@ check_symbol_exists(ftruncate "${CURL_INCLUDES}" HAVE_FTRUNCATE) check_symbol_exists(getprotobyname "${CURL_INCLUDES}" HAVE_GETPROTOBYNAME) check_symbol_exists(getpeername "${CURL_INCLUDES}" HAVE_GETPEERNAME) check_symbol_exists(getsockname "${CURL_INCLUDES}" HAVE_GETSOCKNAME) +check_symbol_exists(if_nametoindex "${CURL_INCLUDES}" HAVE_IF_NAMETOINDEX) check_symbol_exists(getrlimit "${CURL_INCLUDES}" HAVE_GETRLIMIT) check_symbol_exists(setlocale "${CURL_INCLUDES}" HAVE_SETLOCALE) check_symbol_exists(setmode "${CURL_INCLUDES}" HAVE_SETMODE) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a29bf1c5a..fe82389e0 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,138 +1,48 @@ -curl and libcurl 7.65.0 +curl and libcurl 7.65.1 - Public curl releases: 181 + Public curl releases: 182 Command line options: 221 curl_easy_setopt() options: 268 Public functions in libcurl: 80 - Contributors: 1929 - -This release includes the following changes: - - o CURLOPT_DNS_USE_GLOBAL_CACHE: removed [25] - o CURLOPT_MAXAGE_CONN: set the maximum allowed age for conn reuse [37] - o pipelining: removed [10] + Contributors: 1965 This release includes the following bugfixes: - o CVE-2019-5435: Integer overflows in curl_url_set [87] - o CVE-2019-5436: tftp: use the current blksize for recvfrom() [82] - o --config: clarify that initial : and = might need quoting [17] - o AppVeyor: enable testing for WinSSL build [23] - o CURLMOPT_TIMERFUNCTION.3: warn about the recursive risk [52] - o CURLOPT_ADDRESS_SCOPE: fix range check and more [32] - o CURLOPT_CAINFO.3: with Schannel, you want Windows 8 or later [75] - o CURLOPT_CHUNK_BGN_FUNCTION.3: document the struct and time value [51] - o CURLOPT_READFUNCTION.3: see also CURLOPT_UPLOAD_BUFFERSIZE [71] - o CURL_MAX_INPUT_LENGTH: largest acceptable string input size [44] - o Curl_disconnect: treat all CONNECT_ONLY connections as "dead" [39] - o INTERNALS: Add code highlighting [47] - o OS400/ccsidcurl: replace use of Curl_vsetopt [50] - o OpenSSL: Report -fips in version if OpenSSL is built with FIPS [55] - o README.md: fix no-consecutive-blank-lines Codacy warning [22] - o VC15 project: remove MinimalRebuild - o VS projects: use Unicode for VC10+ [16] - o WRITEFUNCTION: add missing set_in_callback around callback [60] - o altsvc: Fix building with cookies disabled [38] - o auth: Rename the various authentication clean up functions [61] - o base64: build conditionally if there are users - o build-openssl.bat: Fixed support for OpenSSL v1.1.0+ - o build: fix "clarify calculation precedence" warnings [63] - o checksrc.bat: ignore snprintf warnings in docs/examples [67] - o cirrus: Customize the disabled tests per FreeBSD version - o cleanup: remove FIXME and TODO comments [81] - o cmake: avoid linking executable for some tests with cmake 3.6+ [18] - o cmake: clear CMAKE_REQUIRED_LIBRARIES after each use [19] - o cmake: rename CMAKE_USE_DARWINSSL to CMAKE_USE_SECTRANSP [46] - o cmake: set SSL_BACKENDS [12] - o configure: avoid unportable `==' test(1) operator [1] - o configure: error out if OpenSSL wasn't detected when asked for [74] - o configure: fix default location for fish completions [13] - o cookie: Guard against possible NULL ptr deref [42] - o curl: make code work with protocol-disabled libcurl [78] - o curl: report error for "--no-" on non-boolean options [86] - o curl_easy_getinfo.3: fix minor formatting mistake - o curlver.h: use parenthesis in CURL_VERSION_BITS macro [45] - o docs/BUG-BOUNTY: bug bounty time [48] - o docs/INSTALL: fix broken link [62] - o docs/RELEASE-PROCEDURE: link to live iCalendar [79] - o documentation: Fix several typos [7] - o doh: acknowledge CURL_DISABLE_DOH - o doh: disable DOH for the cases it doesn't work [66] - o examples: remove unused variables [88] - o ftplistparser: fix LGTM alert "Empty block without comment" [14] - o hostip: acknowledge CURL_DISABLE_SHUFFLE_DNS [78] - o http: Ignore HTTP/2 prior knowledge setting for HTTP proxies [54] - o http: acknowledge CURL_DISABLE_HTTP_AUTH - o http: mark bundle as not for multiuse on < HTTP/2 response [41] - o http_digest: Don't expose functions when HTTP and Crypto Auth are disabled [65] - o http_negotiate: do not treat failure of gss_init_sec_context() as fatal [53] - o http_ntlm: Corrected the name of the include guard [64] - o http_ntlm_wb: Handle auth for only a single request [77] - o http_ntlm_wb: Return the correct error on receiving an empty auth message [77] - o lib509: add missing include for strdup [22] - o lib557: initialize variables [22] - o makedebug: Fix ERRORLEVEL detection after running where.exe [58] - o mbedtls: enable use of EC keys [85] - o mime: acknowledge CURL_DISABLE_MIME - o multi: improved HTTP_1_1_REQUIRED handling [2] - o netrc: acknowledge CURL_DISABLE_NETRC [78] - o nss: allow fifos and character devices for certificates [56] - o nss: provide more specific error messages on failed init [43] - o ntlm: Fix misaligned function comments for Curl_auth_ntlm_cleanup [70] - o ntlm: Support the NT response in the type-3 when OpenSSL doesn't include MD4 - o openssl: mark connection for close on TLS close_notify [36] - o openvms: Remove pre-processor for SecureTransport [40] - o openvms: Remove pre-processors for Windows [40] - o parse_proxy: use the URL parser API [72] - o parsedate: disabled on CURL_DISABLE_PARSEDATE - o pingpong: disable more when no pingpong protocols are enabled - o polarssl_threadlock: remove conditionally unused code [22] - o progress: acknowledge CURL_DISABLE_PROGRESS_METER [78] - o proxy: acknowledge DISABLE_PROXY more - o resolve: apply Happy Eyeballs philosophy to parallel c-ares queries [3] - o revert "multi: support verbose conncache closure handle" [69] - o sasl: Don't send authcid as authzid for the PLAIN mechanism as per RFC 4616 - o sasl: only enable if there's a protocol enabled using it - o scripts: fix typos - o singleipconnect: show port in the verbose "Trying ..." message - o smtp: fix compiler warning [15] - o socks5: user name and passwords must be shorter than 256 [8] - o socks: fix error message - o socksd: new SOCKS 4+5 server for tests [31] - o spnego_gssapi: fix return code on gss_init_sec_context() failure [53] - o ssh-libssh: remove unused variable [83] - o ssh: define USE_SSH if SSH is enabled (any backend) [57] - o ssh: move variable declaration to where it's used [83] - o test1002: correct the name - o test2100: Fix typos in test description - o tests/server/util: fix Windows Unicode build [21] - o tests: Run global cleanup at end of tests [29] - o tests: make Impacket (SMB server) Python 3 compatible [11] - o tool_cb_wrt: fix bad-function-cast warning [5] - o tool_formparse: remove redundant assignment [83] - o tool_help: Warn if curl and libcurl versions do not match [28] - o tool_help: include <strings.h> for strcasecmp [4] - o transfer: fix LGTM alert "Comparison is always true" [14] - o travis: add an osx http-only build [80] - o travis: allow builds on branches named "ci" - o travis: install dependencies only when needed [24] - o travis: update some builds do Xenial [30] - o travis: updated mesalink builds [35] - o url: always clone the CUROPT_CURLU handle [26] - o url: convert the zone id from a IPv6 URL to correct scope id [89] - o urlapi: add CURLUPART_ZONEID to set and get [59] - o urlapi: increase supported scheme length to 40 bytes [84] - o urlapi: require a non-zero host name length when parsing URL [73] - o urlapi: stricter CURLUPART_PORT parsing [33] - o urlapi: strip off zone id from numerical IPv6 addresses [49] - o urlapi: urlencode characters above 0x7f correctly [9] - o vauth/cleartext: update the PLAIN login to match RFC 4616 [27] - o vauth/oauth2: Fix OAUTHBEARER token generation [6] - o vauth: Fix incorrect function description for Curl_auth_user_contains_domain [68] - o vtls: fix potential ssl_buffer stack overflow [76] - o wildcard: disable from build when FTP isn't present - o winbuild: Support MultiSSL builds [34] - o xattr: skip unittest on unsupported platforms [20] + o CURLOPT_LOW_SPEED_* repaired [6] + o NTLM: reset proxy "multipass" state when CONNECT request is done [32] + o PolarSSL: deprecate support step 1. Removed from configure [3] + o appveyor: add Visual Studio solution build [25] + o cmake: check for if_nametoindex() [2] + o cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables [17] + o config-win32: add support for if_nametoindex and getsockname [8] + o conncache: Remove the DEBUGASSERT on length check [27] + o conncache: make "bundles" per host name when doing proxy tunnels [21] + o curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version [16] + o curl_share_setopt.3: improve wording [34] + o dump-header.d: spell out that no headers == empty file [30] + o example/http2-download: fix format specifier [4] + o examples: cleanups and compiler warning fixes [4] + o http2: Stop drain from being permanently set [26] + o http: don't parse body-related headers in bodyless responses [28] + o md4: build correctly with openssl without MD4 [9] + o md4: include the mbedtls config.h to get the MD4 info [10] + o multi: track users of a socket better [15] + o nss: allow to specify TLS 1.3 ciphers if supported by NSS [20] + o parse_proxy: make sure portptr is initialized [23] + o parse_proxy: use the IPv6 zone id if given [1] + o sectransp: handle errSSLPeerAuthCompleted from SSLRead() [13] + o singlesocket: use separate variable for inner loop [31] + o ssl: Update outdated "openssl-only" comments for supported backends [33] + o tests: add HAProxy keywords [18] + o tests: add support to test against OpenSSH for Windows [5] + o tests: make test 1420 and 1406 work with rtsp-disabled libcurl [19] + o tls13-docs: mention it is only for OpenSSL >= 1.1.1 [29] + o tool_parse_cfg: Avoid 2 fopen() for WIN32 + o tool_setopt: for builds with disabled-proxy, skip all proxy setopts() [12] + o url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows [24] + o url: fix bad feature-disable #ifdef [7] + o url: use correct port in ConnectionExists() [22] + o winbuild: Use two space indentation [11] This release includes the following known bugs: @@ -141,110 +51,50 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Aron Bergman, Brad Spencer, cclauss on github, Dan Fandrich, - Daniel Gustafsson, Daniel Stenberg, Eli Schwartz, Even Rouault, - Frank Gevaerts, Gisle Vanem, GitYuanQu on github, Guy Poizat, Isaiah Norton, - Jakub Zakrzewski, Jan Ehrhardt, Jeroen Ooms, Jonathan Cardoso Machado, - Jonathan Moerman, Joombalaya on github, Kamil Dudka, Kristoffer Gleditsch, - l00p3r on hackerone, Leonardo Taccari, Marcel Raad, Mert Yazıcıoğlu, - nevv on HackerOne/curl, niner on github, Olen Andoni, Omar Ramadan, - Paolo Mossino, Patrick Monnerat, Po-Chuan Hsieh, Poul T Lomholt, Ray Satiro, - Reed Loden, Ricardo Gomes, Ricky Leverence, Rikard Falkeborn, Roy Bellingan, - Simon Warta, Steve Holme, Taiyu Len, Tim Rühsen, Tom van der Woerdt, - Tseng Jun, Viktor Szakats, Wenchao Li, Wyatt O'Day, XmiliaH on github, - Yiming Jing, - (50 contributors) + Benbuck Nason, Carlos ORyan, Daniel Stenberg, Dave Reisner, + dbrowndan on github, dkwolfe4 on github, Edmond Yu, elsamuko on github, + Eric Wu, Frank Gevaerts, Gisle Vanem, Hubert Kario, Jonas Vautherin, + Josie Huddleston, Kunal Ekawde, Maksim Stsepanenka, Marcel Raad, + Marc Hörsken, Michael Kaufmann, Patrick Monnerat, Ray Satiro, + Sergey Ogryzkov, smuellerDD on github, Steve Holme, Tom Greenslade, + Tom van der Woerdt, wesinator on github, + (27 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=3709 - [2] = https://curl.haxx.se/bug/?i=3707 - [3] = https://curl.haxx.se/bug/?i=3699 - [4] = https://curl.haxx.se/bug/?i=3715 - [5] = https://curl.haxx.se/bug/?i=3718 - [6] = https://curl.haxx.se/bug/?i=2487 - [7] = https://curl.haxx.se/bug/?i=3724 - [8] = https://curl.haxx.se/bug/?i=3737 - [9] = https://curl.haxx.se/bug/?i=3741 - [10] = https://curl.haxx.se/bug/?i=3651 - [11] = https://curl.haxx.se/bug/?i=3731 - [12] = https://curl.haxx.se/bug/?i=3736 - [13] = https://curl.haxx.se/bug/?i=3723 - [14] = https://curl.haxx.se/bug/?i=3732 - [15] = https://curl.haxx.se/bug/?i=3729 - [16] = https://curl.haxx.se/bug/?i=3720 - [17] = https://curl.haxx.se/bug/?i=3738 - [18] = https://curl.haxx.se/bug/?i=3744 - [19] = https://curl.haxx.se/bug/?i=3743 - [20] = https://curl.haxx.se/bug/?i=3759 - [21] = https://curl.haxx.se/bug/?i=3758 - [22] = https://curl.haxx.se/bug/?i=3739 - [23] = https://curl.haxx.se/bug/?i=3725 - [24] = https://curl.haxx.se/bug/?i=3721 - [25] = https://curl.haxx.se/bug/?i=3654 - [26] = https://curl.haxx.se/bug/?i=3753 - [27] = https://curl.haxx.se/bug/?i=3757 - [28] = https://curl.haxx.se/bug/?i=3774 - [29] = https://curl.haxx.se/bug/?i=3783 - [30] = https://curl.haxx.se/bug/?i=3777 - [31] = https://curl.haxx.se/bug/?i=3752 - [32] = https://curl.haxx.se/bug/?i=3713 - [33] = https://curl.haxx.se/bug/?i=3762 - [34] = https://curl.haxx.se/bug/?i=3772 - [35] = https://curl.haxx.se/bug/?i=3823 - [36] = https://curl.haxx.se/bug/?i=3750 - [37] = https://curl.haxx.se/bug/?i=3782 - [38] = https://curl.haxx.se/bug/?i=3717 - [39] = https://curl.haxx.se/mail/lib-2019-04/0052.html - [40] = https://curl.haxx.se/bug/?i=3768 - [41] = https://curl.haxx.se/bug/?i=3813 - [42] = https://curl.haxx.se/bug/?i=3820 - [43] = https://curl.haxx.se/bug/?i=3808 - [44] = https://curl.haxx.se/bug/?i=3805 - [45] = https://curl.haxx.se/bug/?i=3809 - [46] = https://curl.haxx.se/bug/?i=3769 - [47] = https://curl.haxx.se/bug/?i=3801 - [48] = https://curl.haxx.se/bug/?i=3488 - [49] = https://curl.haxx.se/bug/?i=3817 - [50] = https://curl.haxx.se/bug/?i=3833 - [51] = https://curl.haxx.se/bug/?i=3829 - [52] = https://curl.haxx.se/bug/?i=3537 - [53] = https://curl.haxx.se/bug/?i=3726 - [54] = https://curl.haxx.se/bug/?i=3570 - [55] = https://curl.haxx.se/bug/?i=3771 - [56] = https://curl.haxx.se/bug/?i=3807 - [57] = https://curl.haxx.se/bug/?i=3846 - [58] = https://curl.haxx.se/bug/?i=3838 - [59] = https://curl.haxx.se/bug/?i=3834 - [60] = https://curl.haxx.se/bug/?i=3837 - [61] = https://curl.haxx.se/bug/?i=3869 - [62] = https://curl.haxx.se/bug/?i=3818 - [63] = https://curl.haxx.se/bug/?i=3866 - [64] = https://curl.haxx.se/bug/?i=3867 - [65] = https://curl.haxx.se/bug/?i=3861 - [66] = https://curl.haxx.se/bug/?i=3850 - [67] = https://curl.haxx.se/bug/?i=3862 - [68] = https://curl.haxx.se/bug/?i=3860 - [69] = https://curl.haxx.se/bug/?i=3856 - [70] = https://curl.haxx.se/bug/?i=3858 - [71] = https://curl.haxx.se/bug/?i=3885 - [72] = https://curl.haxx.se/bug/?i=3878 - [73] = https://curl.haxx.se/bug/?i=3880 - [74] = https://curl.haxx.se/bug/?i=3824 - [75] = https://curl.haxx.se/bug/?i=3711 - [76] = https://curl.haxx.se/bug/?i=3863 - [77] = https://curl.haxx.se/bug/?i=3894 - [78] = https://curl.haxx.se/bug/?i=3844 - [79] = https://curl.haxx.se/bug/?i=3895 - [80] = https://curl.haxx.se/bug/?i=3887 - [81] = https://curl.haxx.se/bug/?i=3876 - [82] = https://curl.haxx.se/docs/CVE-2019-5436.html - [83] = https://curl.haxx.se/bug/?i=3873 - [84] = https://curl.haxx.se/bug/?i=3905 - [85] = https://curl.haxx.se/bug/?i=3892 - [86] = https://curl.haxx.se/bug/?i=3906 - [87] = https://curl.haxx.se/docs/CVE-2019-5435.html - [88] = https://curl.haxx.se/bug/?i=3908 - [89] = https://curl.haxx.se/bug/?i=3902 + [1] = https://curl.haxx.se/bug/?i=3482 + [2] = https://curl.haxx.se/bug/?i=3917 + [3] = https://curl.haxx.se/bug/?i=3888 + [4] = https://curl.haxx.se/bug/?i=3919 + [5] = https://curl.haxx.se/bug/?i=3290 + [6] = https://curl.haxx.se/bug/?i=3927 + [7] = https://curl.haxx.se/bug/?i=3924 + [8] = https://curl.haxx.se/bug/?i=3923 + [9] = https://curl.haxx.se/bug/?i=3921 + [10] = https://curl.haxx.se/bug/?i=3922 + [11] = https://curl.haxx.se/bug/?i=3930 + [12] = https://curl.haxx.se/bug/?i=3926 + [13] = https://curl.haxx.se/bug/?i=3932 + [14] = https://curl.haxx.se/bug/?i=3653 + [15] = https://curl.haxx.se/bug/?i=3952 + [16] = https://curl.haxx.se/bug/?i=3939 + [17] = https://curl.haxx.se/bug/?i=3945 + [18] = https://curl.haxx.se/bug/?i=3949 + [19] = https://curl.haxx.se/bug/?i=3948 + [20] = https://curl.haxx.se/bug/?i=3916 + [21] = https://curl.haxx.se/bug/?i=3951 + [22] = https://curl.haxx.se/bug/?i=3956 + [23] = https://curl.haxx.se/bug/?i=3959 + [24] = https://curl.haxx.se/bug/?i=3960 + [25] = https://curl.haxx.se/bug/?i=3941 + [26] = https://curl.haxx.se/bug/?i=3966 + [27] = https://curl.haxx.se/bug/?i=3962 + [28] = https://curl.haxx.se/bug/?i=3968 + [29] = https://curl.haxx.se/bug/?i=3938 + [30] = https://curl.haxx.se/bug/?i=3964 + [31] = https://curl.haxx.se/bug/?i=3970 + [32] = https://curl.haxx.se/bug/?i=3972 + [33] = https://curl.haxx.se/bug/?i=3985 + [34] = https://curl.haxx.se/mail/lib-2019-06/0009.html diff --git a/appveyor.yml b/appveyor.yml index 1e591b54e..a809fb917 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -3,6 +3,7 @@ version: 7.50.0.{build} environment: matrix: - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake PRJ_GEN: "Visual Studio 9 2008" PRJ_CFG: Release OPENSSL: OFF @@ -13,6 +14,7 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: CMake PRJ_GEN: "Visual Studio 15 2017 Win64" PRJ_CFG: Debug OPENSSL: OFF @@ -23,6 +25,7 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: CMake PRJ_GEN: "Visual Studio 15 2017 Win64" PRJ_CFG: Release OPENSSL: ON @@ -33,6 +36,7 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake PRJ_GEN: "Visual Studio 10 2010 Win64" PRJ_CFG: Debug OPENSSL: OFF @@ -43,6 +47,7 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: CMake PRJ_GEN: "Visual Studio 15 2017 Win64" PRJ_CFG: Debug OPENSSL: OFF @@ -53,6 +58,7 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: CMake PRJ_GEN: "Visual Studio 15 2017 Win64" PRJ_CFG: Debug OPENSSL: OFF @@ -63,6 +69,7 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake PRJ_GEN: "MSYS Makefiles" PRJ_CFG: Debug OPENSSL: OFF @@ -74,6 +81,7 @@ environment: COMPILER_PATH: "C:\\mingw-w64\\x86_64-8.1.0-posix-seh-rt_v6-rev0\\mingw64\\bin" MSYS2_ARG_CONV_EXCL: "/*" - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015" + BUILD_SYSTEM: CMake PRJ_GEN: "MSYS Makefiles" PRJ_CFG: Debug OPENSSL: OFF @@ -84,6 +92,11 @@ environment: DISABLED_TESTS: "" COMPILER_PATH: "C:\\MinGW\\bin" MSYS2_ARG_CONV_EXCL: "/*" + - APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017" + BUILD_SYSTEM: VisualStudioSolution + PRJ_CFG: "DLL Debug - DLL Windows SSPI - DLL WinIDN" + TESTING: OFF + VC_VERSION: VC15 install: - set "PATH=C:\msys64\usr\bin;%PATH%" @@ -91,20 +104,25 @@ install: set "PATH=%COMPILER_PATH%;%PATH%" ) build_script: - - cmake . - -G"%PRJ_GEN%" - -DCMAKE_USE_OPENSSL=%OPENSSL% - -DCMAKE_USE_WINSSL=%WINSSL% - -DHTTP_ONLY=%HTTP_ONLY% - -DBUILD_SHARED_LIBS=%SHARED% - -DBUILD_TESTING=%TESTING% - -DCURL_WERROR=ON - -DENABLE_DEBUG=ON - -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE="" - -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG="" - -DCMAKE_INSTALL_PREFIX="C:/CURL" - -DCMAKE_BUILD_TYPE=%PRJ_CFG% - - cmake --build . --config %PRJ_CFG% --clean-first + - if %BUILD_SYSTEM%==CMake ( + cmake . + -G"%PRJ_GEN%" + -DCMAKE_USE_OPENSSL=%OPENSSL% + -DCMAKE_USE_WINSSL=%WINSSL% + -DHTTP_ONLY=%HTTP_ONLY% + -DBUILD_SHARED_LIBS=%SHARED% + -DBUILD_TESTING=%TESTING% + -DCURL_WERROR=ON + -DENABLE_DEBUG=ON + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_RELEASE="" + -DCMAKE_RUNTIME_OUTPUT_DIRECTORY_DEBUG="" + -DCMAKE_INSTALL_PREFIX="C:/CURL" + -DCMAKE_BUILD_TYPE=%PRJ_CFG% && + cmake --build . --config %PRJ_CFG% --clean-first ) else ( + if %BUILD_SYSTEM%==VisualStudioSolution ( + cd projects && + .\\generate.bat %VC_VERSION% && + msbuild.exe /p:Configuration="%PRJ_CFG%" "Windows\\%VC_VERSION%\\curl-all.sln" )) test_script: - if %TESTING%==ON ( diff --git a/configure.ac b/configure.ac index 1c66317cf..f14bee011 100755 --- a/configure.ac +++ b/configure.ac @@ -155,7 +155,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{ssl,gnutls,nss,polarssl,mbedtls,cyassl,schannel,secure-transport,mesalink,amissl} )" + curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,cyassl,schannel,secure-transport,mesalink,amissl} )" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" curl_brotli_msg="no (--with-brotli)" @@ -2181,98 +2181,6 @@ if test "$GNUTLS_ENABLED" = "1"; then fi dnl ---------------------------------------------------- -dnl check for PolarSSL -dnl ---------------------------------------------------- - -dnl Default to compiler & linker defaults for PolarSSL files & libraries. -OPT_POLARSSL=no - -_cppflags=$CPPFLAGS -_ldflags=$LDFLAGS -AC_ARG_WITH(polarssl,dnl -AC_HELP_STRING([--with-polarssl=PATH],[where to look for PolarSSL, PATH points to the installation root]) -AC_HELP_STRING([--without-polarssl], [disable PolarSSL detection]), - OPT_POLARSSL=$withval) - -if test -z "$ssl_backends" -o "x$OPT_POLARSSL" != xno; then - ssl_msg= - - if test X"$OPT_POLARSSL" != Xno; then - - if test "$OPT_POLARSSL" = "yes"; then - OPT_POLARSSL="" - fi - - if test -z "$OPT_POLARSSL" ; then - dnl check for lib first without setting any new path - - AC_CHECK_LIB(polarssl, havege_init, - dnl libpolarssl found, set the variable - [ - AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled]) - AC_SUBST(USE_POLARSSL, [1]) - POLARSSL_ENABLED=1 - USE_POLARSSL="yes" - ssl_msg="PolarSSL" - test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ]) - fi - - addld="" - addlib="" - addcflags="" - polarssllib="" - - if test "x$USE_POLARSSL" != "xyes"; then - dnl add the path and test again - addld=-L$OPT_POLARSSL/lib$libsuff - addcflags=-I$OPT_POLARSSL/include - polarssllib=$OPT_POLARSSL/lib$libsuff - - LDFLAGS="$LDFLAGS $addld" - if test "$addcflags" != "-I/usr/include"; then - CPPFLAGS="$CPPFLAGS $addcflags" - fi - - AC_CHECK_LIB(polarssl, ssl_init, - [ - AC_DEFINE(USE_POLARSSL, 1, [if PolarSSL is enabled]) - AC_SUBST(USE_POLARSSL, [1]) - POLARSSL_ENABLED=1 - USE_POLARSSL="yes" - ssl_msg="PolarSSL" - test polarssl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes - ], - [ - CPPFLAGS=$_cppflags - LDFLAGS=$_ldflags - ]) - fi - - if test "x$USE_POLARSSL" = "xyes"; then - AC_MSG_NOTICE([detected PolarSSL]) - check_for_ca_bundle=1 - LIBS="-lpolarssl $LIBS" - - if test -n "$polarssllib"; then - dnl when shared libs were found in a path that the run-time - dnl linker doesn't search through, we need to add it to - dnl CURL_LIBRARY_PATH to prevent further configure tests to fail - dnl due to this - if test "x$cross_compiling" != "xyes"; then - CURL_LIBRARY_PATH="$CURL_LIBRARY_PATH:$polarssllib" - export CURL_LIBRARY_PATH - AC_MSG_NOTICE([Added $polarssllib to CURL_LIBRARY_PATH]) - fi - fi - fi - - fi dnl PolarSSL not disabled - - test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" -fi - -dnl ---------------------------------------------------- dnl check for mbedTLS dnl ---------------------------------------------------- @@ -2760,10 +2668,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$POLARSSL_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in x) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) - AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-polarssl, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.]) + AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.]) ;; x1) # one SSL backend is enabled @@ -3195,8 +3103,6 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar versioned_symbols_flavour="GNUTLS_" elif test "x$NSS_ENABLED" = "x1"; then versioned_symbols_flavour="NSS_" - elif test "x$POLARSSL_ENABLED" = "x1"; then - versioned_symbols_flavour="POLARSSL_" elif test "x$CYASSL_ENABLED" = "x1"; then versioned_symbols_flavour="CYASSL_" elif test "x$WINSSL_ENABLED" = "x1"; then @@ -3793,6 +3699,7 @@ CURL_CHECK_FUNC_GETHOSTBYNAME_R CURL_CHECK_FUNC_GETHOSTNAME CURL_CHECK_FUNC_GETPEERNAME CURL_CHECK_FUNC_GETSOCKNAME +CURL_CHECK_FUNC_IF_NAMETOINDEX CURL_CHECK_FUNC_GETIFADDRS CURL_CHECK_FUNC_GETSERVBYPORT_R CURL_CHECK_FUNC_GMTIME_R diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md index 0b7ccebf9..5b2dde189 100644 --- a/docs/CIPHERS.md +++ b/docs/CIPHERS.md @@ -6,11 +6,12 @@ and [`--ciphers`](https://curl.haxx.se/docs/manpage.html#--ciphers) users can control which ciphers to consider when negotiating TLS connections. -TLS 1.3 ciphers are supported since curl 7.61 with options +TLS 1.3 ciphers are supported since curl 7.61 for OpenSSL 1.1.1+ with options [`CURLOPT_TLS13_CIPHERS`](https://curl.haxx.se/libcurl/c/CURLOPT_TLS13_CIPHERS.html) and [`--tls13-ciphers`](https://curl.haxx.se/docs/manpage.html#--tls13-ciphers) -. +. If you are using a different SSL backend you can try setting TLS 1.3 cipher +suites by using the respective regular cipher option. The names of the known ciphers differ depending on which TLS backend that libcurl was built to use. This is an attempt to list known cipher names. @@ -269,6 +270,12 @@ When specifying multiple cipher names, separate them with colon (`:`). `ecdhe_ecdsa_chacha20_poly1305_sha_256` `dhe_rsa_chacha20_poly1305_sha_256` +### TLS 1.3 cipher suites + +`aes_128_gcm_sha_256` +`aes_256_gcm_sha_384` +`chacha20_poly1305_sha_256` + ## GSKit Ciphers are internally defined as diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md index 4f2570ade..94a5c6256 100644 --- a/docs/DEPRECATE.md +++ b/docs/DEPRECATE.md @@ -19,3 +19,32 @@ version. The default remains supported for now. The support for HTTP/0.9 will be switched to disabled by default in 6 months, in the September 2019 release (possibly called curl 7.68.0). + +## PolarSSL + +The polarssl TLS library has not had an update in over three years. The last +release was done on [January 7 +2016](https://tls.mbed.org/tech-updates/releases). This library has been +superceded by the mbedTLS library, which is the current incarnation of +PolarSSL. curl has supported mbedTLS since 2015. + +It seems unlikely that this library is a good choice for users to get proper +TLS security and support today and at the same time there are plenty of good +and updated alternatives. + +I consider it likely that the existing users of curl + polarssl out there are +stuck on old curl versions and when they eventually manage to update curl they +should also be able to update their TLS library. + +### State + +In the curl 7.66.0 release (July 17, 2019) the ability to build with this TLS +backend is removed from the configure script. The code remains and can be +built and used going forward, but it has to be manually enabled in a build (or +the configure removal reverted). + +### Removal + +The support for PolarSSL and all code for it will be completely removed from +the curl code base six months after it ships disabled in configure in a +release. In the release on or near February 27, 2020. (Named 7.70.0?) @@ -43,8 +43,8 @@ FAQ 3.9 How do I use curl in my favorite programming language? 3.10 What about SOAP, WebDAV, XML-RPC or similar protocols over HTTP? 3.11 How do I POST with a different Content-Type? - 3.12 Why do FTP specific features over HTTP proxy fail? - 3.13 Why does my single/double quotes fail? + 3.12 Why do FTP-specific features over HTTP proxy fail? + 3.13 Why do my single/double quotes fail? 3.14 Does curl support Javascript or PAC (automated proxy config)? 3.15 Can I do recursive fetches with curl? 3.16 What certificates do I need when I use SSL? @@ -72,7 +72,7 @@ FAQ 4.8 I found a bug! 4.9 Curl can't authenticate to the server that requires NTLM? 4.10 My HTTP request using HEAD, PUT or DELETE doesn't work! - 4.11 Why does my HTTP range requests return the full document? + 4.11 Why do my HTTP range requests return the full document? 4.12 Why do I get "certificate verify failed" ? 4.13 Why is curl -R on Windows one hour off? 4.14 Redirects work in browser but not with curl! @@ -557,10 +557,9 @@ FAQ 3.9 How do I use curl in my favorite programming language? - There exist many language interfaces/bindings for curl that integrates it - better with various languages. If you are fluid in a script language, you - may very well opt to use such an interface instead of using the command line - tool. + Many programming languages have interfaces/bindings that allow you to use + curl without having to use the command line tool. If you are fluent in such + a language, you may prefer to use one of these interfaces instead. Find out more about which languages that support curl directly, and how to install and use them, in the libcurl section of the curl web site: @@ -598,11 +597,11 @@ FAQ curl -d "datatopost" -H "Content-Type: text/xml" [URL] - 3.12 Why do FTP specific features over HTTP proxy fail? + 3.12 Why do FTP-specific features over HTTP proxy fail? Because when you use a HTTP proxy, the protocol spoken on the network will be HTTP, even if you specify a FTP URL. This effectively means that you - normally can't use FTP specific features such as FTP upload and FTP quote + normally can't use FTP-specific features such as FTP upload and FTP quote etc. There is one exception to this rule, and that is if you can "tunnel through" @@ -610,7 +609,7 @@ FAQ and is generally not available as proxy admins usually disable tunneling to ports other than 443 (which is used for HTTPS access through proxies). - 3.13 Why does my single/double quotes fail? + 3.13 Why do my single/double quotes fail? To specify a command line option that includes spaces, you might need to put the entire option within quotes. Like in: @@ -895,7 +894,7 @@ FAQ <H1>Moved Permanently</H1> The document has moved <A HREF="http://same_url_now_with_a_trailing_slash/">here</A>. - it might be because you request a directory URL but without the trailing + it might be because you requested a directory URL but without the trailing slash. Try the same operation again _with_ the trailing URL, or use the -L/--location option to follow the redirection. @@ -926,8 +925,8 @@ FAQ anyone would call security. Also note that regular HTTP (using Basic authentication) and FTP passwords - are sent in clear across the network. All it takes for anyone to fetch them - is to listen on the network. Eavesdropping is very easy. Use more secure + are sent as cleartext across the network. All it takes for anyone to fetch + them is to listen on the network. Eavesdropping is very easy. Use more secure authentication methods (like Digest, Negotiate or even NTLM) or consider the SSL-based alternatives HTTPS and FTPS. @@ -962,7 +961,7 @@ FAQ software you're trying to interact with. This is not anything curl can do anything about. - 4.11 Why does my HTTP range requests return the full document? + 4.11 Why do my HTTP range requests return the full document? Because the range may not be supported by the server, or the server may choose to ignore it and return the full document anyway. @@ -1012,8 +1011,8 @@ FAQ redirects the browser to another given URL. There is no way to make curl follow these redirects. You must either - manually figure out what the page is set to do, or you write a script that - parses the results and fetches the new URL. + manually figure out what the page is set to do, or write a script that parses + the results and fetches the new URL. 4.15 FTPS doesn't work diff --git a/docs/THANKS b/docs/THANKS index abad9619f..ef4d7a3c6 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -257,6 +257,7 @@ Carie Pointer Carlo Cannas Carlo Teubner Carlo Wood +Carlos ORyan Carsten Lange Casey O'Donnell Catalin Patulea @@ -489,6 +490,7 @@ Eason-Yu on github Ebenezer Ikonne Ed Morley Edin Kadribasic +Edmond Yu Eduard Bloch Edward Kimmel Edward Rudd @@ -528,6 +530,7 @@ Eric S. Raymond Eric Thelin Eric Vergnaud Eric Wong +Eric Wu Eric Young Erick Nuwendam Erik Jacobsen @@ -880,6 +883,7 @@ Jon Turner Jonas Forsman Jonas Minnberg Jonas Schnelli +Jonas Vautherin Jonatan Lander Jonatan Vela Jonathan Cardoso Machado @@ -896,6 +900,7 @@ Josh Bialkowski Josh Kapell Joshua Kwan Joshua Swink +Josie Huddleston Josue Andrade Gomes Jozef Kralik Juan Barreto @@ -978,6 +983,7 @@ Kristian Gunstone Kristian Köhntopp Kristiyan Tsaklev Kristoffer Gleditsch +Kunal Ekawde Kurt Fankhauser Kyle J. McKay Kyle L. Huff @@ -1591,6 +1597,7 @@ Sebastian Rasmussen Senthil Raja Velu Sergei Kuzmin Sergei Nikulov +Sergey Ogryzkov Sergey Tatarincev Sergii Kavunenko Sergii Pylypenko @@ -1746,6 +1753,7 @@ Todd Vierling Tom Benoist Tom Donovan Tom Grace +Tom Greenslade Tom Lee Tom Mattison Tom Moers @@ -1892,14 +1900,17 @@ cmfrolick on github d912e3 on github daboul on github dasimx on github +dbrowndan on github destman on github dkjjr89 on github +dkwolfe4 on github dnivras on github dpull on github dtmsecurity on github eXeC64 on github elelel on github elephoenix on github +elsamuko on github guitared on github hsiao yi imilli on github @@ -1937,6 +1948,7 @@ ovidiu-benea on github patelvivekv1993 on github pszemus on github silveja1 on github +smuellerDD on github steelman on github steini2000 on github stootill on github @@ -149,7 +149,7 @@ 18.4 simultaneous parallel transfers 18.5 UTF-8 filenames in Content-Disposition 18.6 warning when setting an option - 18.8 offer color-coded HTTP header output + 18.7 at least N milliseconds between requests 18.9 Choose the name of file in braces for complex URLs 18.10 improve how curl works in a windows console window 18.11 Windows: set attribute 'archive' for completed downloads @@ -1015,11 +1015,16 @@ that doesn't exist on the server, just like --ftp-create-dirs. This can be useful to tell when support for a particular feature hasn't been compiled into the library. -18.8 offer color-coded HTTP header output +18.7 at least N milliseconds between requests - By offering different color output on the header name and the header - contents, they could be made more readable and thus help users working on - HTTP services. + Allow curl command lines issue a lot of request against services that limit + users to no more than N requests/second or similar. Could be implemented with + an option asking that at least a certain time has elapsed since the previous + request before the next one will be performed. Example: + + $ curl "https://example.com/api?input=[1-1000]" -d yadayada --after 500 + + See https://github.com/curl/curl/issues/3920 18.9 Choose the name of file in braces for complex URLs diff --git a/docs/cmdline-opts/dump-header.d b/docs/cmdline-opts/dump-header.d index 05c10affd..33c6674e8 100644 --- a/docs/cmdline-opts/dump-header.d +++ b/docs/cmdline-opts/dump-header.d @@ -12,6 +12,8 @@ site sends to you. Cookies from the headers could then be read in a second curl invocation by using the --cookie option! The --cookie-jar option is a better way to store cookies. +If no headers are received, the use of this option will create an empty file. + When used in FTP, the FTP server response lines are considered being "headers" and thus are saved there. diff --git a/docs/cmdline-opts/pinnedpubkey.d b/docs/cmdline-opts/pinnedpubkey.d index 0657e6e79..b1c7bdef6 100644 --- a/docs/cmdline-opts/pinnedpubkey.d +++ b/docs/cmdline-opts/pinnedpubkey.d @@ -17,11 +17,9 @@ PEM/DER support: 7.39.0: OpenSSL, GnuTLS and GSKit 7.43.0: NSS and wolfSSL/CyaSSL 7.47.0: mbedtls - 7.49.0: PolarSSL sha256 support: 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. 7.47.0: mbedtls - 7.49.0: PolarSSL Other SSL backends not supported. If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/proxy-tls13-ciphers.d b/docs/cmdline-opts/proxy-tls13-ciphers.d index 3e35b0764..08961b72e 100644 --- a/docs/cmdline-opts/proxy-tls13-ciphers.d +++ b/docs/cmdline-opts/proxy-tls13-ciphers.d @@ -9,4 +9,8 @@ ciphers. Read up on TLS 1.3 cipher suite details on this URL: https://curl.haxx.se/docs/ssl-ciphers.html +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the --proxy-ciphers option. + If this option is used several times, the last one will be used. diff --git a/docs/cmdline-opts/tls13-ciphers.d b/docs/cmdline-opts/tls13-ciphers.d index add161595..654a25b4c 100644 --- a/docs/cmdline-opts/tls13-ciphers.d +++ b/docs/cmdline-opts/tls13-ciphers.d @@ -9,4 +9,8 @@ cipher suite details on this URL: https://curl.haxx.se/docs/ssl-ciphers.html +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the --ciphers option. + If this option is used several times, the last one will be used. diff --git a/docs/examples/cacertinmem.c b/docs/examples/cacertinmem.c index 7d2be991a..fd132809b 100644 --- a/docs/examples/cacertinmem.c +++ b/docs/examples/cacertinmem.c @@ -85,7 +85,6 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) BIO *cbio = BIO_new_mem_buf(mypem, sizeof(mypem)); X509_STORE *cts = SSL_CTX_get_cert_store((SSL_CTX *)sslctx); - X509_INFO *itmp; int i; STACK_OF(X509_INFO) *inf; (void)curl; @@ -103,7 +102,7 @@ static CURLcode sslctx_function(CURL *curl, void *sslctx, void *parm) } for(i = 0; i < sk_X509_INFO_num(inf); i++) { - itmp = sk_X509_INFO_value(inf, i); + X509_INFO *itmp = sk_X509_INFO_value(inf, i); if(itmp->x509) { X509_STORE_add_cert(cts, itmp->x509); } @@ -124,26 +123,26 @@ int main(void) CURL *ch; CURLcode rv; - rv = curl_global_init(CURL_GLOBAL_ALL); + curl_global_init(CURL_GLOBAL_ALL); ch = curl_easy_init(); - rv = curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L); - rv = curl_easy_setopt(ch, CURLOPT_HEADER, 0L); - rv = curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L); - rv = curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L); - rv = curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, *writefunction); - rv = curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout); - rv = curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, *writefunction); - rv = curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr); - rv = curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); - rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); - rv = curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); + curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L); + curl_easy_setopt(ch, CURLOPT_HEADER, 0L); + curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L); + curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L); + curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, *writefunction); + curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout); + curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, *writefunction); + curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr); + curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); + curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 1L); + curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); /* Turn off the default CA locations, otherwise libcurl will load CA * certificates from the locations that were detected/specified at * build-time */ - rv = curl_easy_setopt(ch, CURLOPT_CAINFO, NULL); - rv = curl_easy_setopt(ch, CURLOPT_CAPATH, NULL); + curl_easy_setopt(ch, CURLOPT_CAINFO, NULL); + curl_easy_setopt(ch, CURLOPT_CAPATH, NULL); /* first try: retrieve page without ca certificates -> should fail * unless libcurl was built --with-ca-fallback enabled at build-time @@ -163,13 +162,13 @@ int main(void) * handle. normally you would set the ssl ctx function before making * any transfers, and not use this option. */ - rv = curl_easy_setopt(ch, CURLOPT_FRESH_CONNECT, 1L); + curl_easy_setopt(ch, CURLOPT_FRESH_CONNECT, 1L); /* second try: retrieve page using cacerts' certificate -> will succeed * load the certificate by installing a function doing the necessary * "modifications" to the SSL CONTEXT just before link init */ - rv = curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); + curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); rv = curl_easy_perform(ch); if(rv == CURLE_OK) printf("*** transfer succeeded ***\n"); diff --git a/docs/examples/curlgtk.c b/docs/examples/curlgtk.c index f1df52c19..77352607f 100644 --- a/docs/examples/curlgtk.c +++ b/docs/examples/curlgtk.c @@ -45,13 +45,12 @@ int my_progress_func(GtkWidget *bar, void *my_thread(void *ptr) { CURL *curl; - FILE *outfile; - gchar *url = ptr; curl = curl_easy_init(); if(curl) { + gchar *url = ptr; const char *filename = "test.curl"; - outfile = fopen(filename, "wb"); + FILE *outfile = fopen(filename, "wb"); curl_easy_setopt(curl, CURLOPT_URL, url); curl_easy_setopt(curl, CURLOPT_WRITEDATA, outfile); diff --git a/docs/examples/ephiperfifo.c b/docs/examples/ephiperfifo.c index 6eb8ddb9d..4668c6ca3 100644 --- a/docs/examples/ephiperfifo.c +++ b/docs/examples/ephiperfifo.c @@ -207,8 +207,8 @@ static void event_cb(GlobalInfo *g, int fd, int revents) CURLMcode rc; struct itimerspec its; - int action = (revents & EPOLLIN ? CURL_CSELECT_IN : 0) | - (revents & EPOLLOUT ? CURL_CSELECT_OUT : 0); + int action = ((revents & EPOLLIN) ? CURL_CSELECT_IN : 0) | + ((revents & EPOLLOUT) ? CURL_CSELECT_OUT : 0); rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running); mcode_or_die("event_cb: curl_multi_socket_action", rc); @@ -273,8 +273,8 @@ static void setsock(SockInfo *f, curl_socket_t s, CURL *e, int act, GlobalInfo *g) { struct epoll_event ev; - int kind = (act & CURL_POLL_IN ? EPOLLIN : 0) | - (act & CURL_POLL_OUT ? EPOLLOUT : 0); + int kind = ((act & CURL_POLL_IN) ? EPOLLIN : 0) | + ((act & CURL_POLL_OUT) ? EPOLLOUT : 0); if(f->sockfd) { if(epoll_ctl(g->epfd, EPOLL_CTL_DEL, f->sockfd, NULL)) @@ -472,8 +472,6 @@ void SignalHandler(int signo) int main(int argc _Unused, char **argv _Unused) { GlobalInfo g; - int err; - int idx; struct itimerspec its; struct epoll_event ev; struct epoll_event events[10]; @@ -518,8 +516,9 @@ int main(int argc _Unused, char **argv _Unused) fprintf(MSG_OUT, "Entering wait loop\n"); fflush(MSG_OUT); while(!g_should_exit_) { - err = epoll_wait(g.epfd, events, sizeof(events)/sizeof(struct epoll_event), - 10000); + int idx; + int err = epoll_wait(g.epfd, events, + sizeof(events)/sizeof(struct epoll_event), 10000); if(err == -1) { if(errno == EINTR) { fprintf(MSG_OUT, "note: wait interrupted\n"); diff --git a/docs/examples/evhiperfifo.c b/docs/examples/evhiperfifo.c index 336541bb9..cfce7fc06 100644 --- a/docs/examples/evhiperfifo.c +++ b/docs/examples/evhiperfifo.c @@ -203,8 +203,8 @@ static void event_cb(EV_P_ struct ev_io *w, int revents) GlobalInfo *g = (GlobalInfo*) w->data; CURLMcode rc; - int action = (revents&EV_READ?CURL_POLL_IN:0)| - (revents&EV_WRITE?CURL_POLL_OUT:0); + int action = ((revents & EV_READ) ? CURL_POLL_IN : 0) | + ((revents & EV_WRITE) ? CURL_POLL_OUT : 0); rc = curl_multi_socket_action(g->multi, w->fd, action, &g->still_running); mcode_or_die("event_cb: curl_multi_socket_action", rc); check_multi_info(g); @@ -247,7 +247,8 @@ static void setsock(SockInfo *f, curl_socket_t s, CURL *e, int act, { printf("%s \n", __PRETTY_FUNCTION__); - int kind = (act&CURL_POLL_IN?EV_READ:0)|(act&CURL_POLL_OUT?EV_WRITE:0); + int kind = ((act & CURL_POLL_IN) ? EV_READ : 0) | + ((act & CURL_POLL_OUT) ? EV_WRITE : 0); f->sockfd = s; f->action = act; diff --git a/docs/examples/ghiper.c b/docs/examples/ghiper.c index 9b7a88892..a157094c7 100644 --- a/docs/examples/ghiper.c +++ b/docs/examples/ghiper.c @@ -182,8 +182,8 @@ static gboolean event_cb(GIOChannel *ch, GIOCondition condition, gpointer data) int fd = g_io_channel_unix_get_fd(ch); int action = - (condition & G_IO_IN ? CURL_CSELECT_IN : 0) | - (condition & G_IO_OUT ? CURL_CSELECT_OUT : 0); + ((condition & G_IO_IN) ? CURL_CSELECT_IN : 0) | + ((condition & G_IO_OUT) ? CURL_CSELECT_OUT : 0); rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running); mcode_or_die("event_cb: curl_multi_socket_action", rc); @@ -218,7 +218,8 @@ static void setsock(SockInfo *f, curl_socket_t s, CURL *e, int act, GlobalInfo *g) { GIOCondition kind = - (act&CURL_POLL_IN?G_IO_IN:0)|(act&CURL_POLL_OUT?G_IO_OUT:0); + ((act & CURL_POLL_IN) ? G_IO_IN : 0) | + ((act & CURL_POLL_OUT) ? G_IO_OUT : 0); f->sockfd = s; f->action = act; @@ -255,8 +256,8 @@ static int sock_cb(CURL *e, curl_socket_t s, int what, void *cbp, void *sockp) else { if(!fdp) { MSG_OUT("Adding data: %s%s\n", - what&CURL_POLL_IN?"READ":"", - what&CURL_POLL_OUT?"WRITE":""); + (what & CURL_POLL_IN) ? "READ" : "", + (what & CURL_POLL_OUT) ? "WRITE" : ""); addsock(s, e, what, g); } else { diff --git a/docs/examples/hiperfifo.c b/docs/examples/hiperfifo.c index 7efae6d50..fb25259c2 100644 --- a/docs/examples/hiperfifo.c +++ b/docs/examples/hiperfifo.c @@ -146,7 +146,6 @@ static void mcode_or_die(const char *where, CURLMcode code) static int multi_timer_cb(CURLM *multi _Unused, long timeout_ms, GlobalInfo *g) { struct timeval timeout; - CURLMcode rc; timeout.tv_sec = timeout_ms/1000; timeout.tv_usec = (timeout_ms%1000)*1000; @@ -203,8 +202,8 @@ static void event_cb(int fd, short kind, void *userp) CURLMcode rc; int action = - (kind & EV_READ ? CURL_CSELECT_IN : 0) | - (kind & EV_WRITE ? CURL_CSELECT_OUT : 0); + ((kind & EV_READ) ? CURL_CSELECT_IN : 0) | + ((kind & EV_WRITE) ? CURL_CSELECT_OUT : 0); rc = curl_multi_socket_action(g->multi, fd, action, &g->still_running); mcode_or_die("event_cb: curl_multi_socket_action", rc); @@ -250,7 +249,8 @@ static void setsock(SockInfo *f, curl_socket_t s, CURL *e, int act, GlobalInfo *g) { int kind = - (act&CURL_POLL_IN?EV_READ:0)|(act&CURL_POLL_OUT?EV_WRITE:0)|EV_PERSIST; + ((act & CURL_POLL_IN) ? EV_READ : 0) | + ((act & CURL_POLL_OUT) ? EV_WRITE : 0) | EV_PERSIST; f->sockfd = s; f->action = act; diff --git a/docs/examples/htmltidy.c b/docs/examples/htmltidy.c index f1c636c58..cdfc89dac 100644 --- a/docs/examples/htmltidy.c +++ b/docs/examples/htmltidy.c @@ -74,13 +74,14 @@ void dumpNode(TidyDoc doc, TidyNode tnod, int indent) int main(int argc, char **argv) { - CURL *curl; - char curl_errbuf[CURL_ERROR_SIZE]; - TidyDoc tdoc; - TidyBuffer docbuf = {0}; - TidyBuffer tidy_errbuf = {0}; - int err; if(argc == 2) { + CURL *curl; + char curl_errbuf[CURL_ERROR_SIZE]; + TidyDoc tdoc; + TidyBuffer docbuf = {0}; + TidyBuffer tidy_errbuf = {0}; + int err; + curl = curl_easy_init(); curl_easy_setopt(curl, CURLOPT_URL, argv[1]); curl_easy_setopt(curl, CURLOPT_ERRORBUFFER, curl_errbuf); diff --git a/docs/examples/http2-download.c b/docs/examples/http2-download.c index febb89bb2..e550f6020 100644 --- a/docs/examples/http2-download.c +++ b/docs/examples/http2-download.c @@ -110,7 +110,7 @@ int my_trace(CURL *handle, curl_infotype type, switch(type) { case CURLINFO_TEXT: - fprintf(stderr, "== %d Info: %s", num, data); + fprintf(stderr, "== %u Info: %s", num, data); /* FALLTHROUGH */ default: /* in case a new one is introduced to shock us */ return 0; diff --git a/docs/examples/imap-append.c b/docs/examples/imap-append.c index 3cb3964e0..6c903dd4c 100644 --- a/docs/examples/imap-append.c +++ b/docs/examples/imap-append.c @@ -85,14 +85,15 @@ int main(void) { CURL *curl; CURLcode res = CURLE_OK; - const char **p; - long infilesize; - struct upload_status upload_ctx; - - upload_ctx.lines_read = 0; curl = curl_easy_init(); if(curl) { + const char **p; + long infilesize; + struct upload_status upload_ctx; + + upload_ctx.lines_read = 0; + /* Set username and password */ curl_easy_setopt(curl, CURLOPT_USERNAME, "user"); curl_easy_setopt(curl, CURLOPT_PASSWORD, "secret"); diff --git a/docs/examples/multi-app.c b/docs/examples/multi-app.c index a6a721778..1b8fa30e1 100644 --- a/docs/examples/multi-app.c +++ b/docs/examples/multi-app.c @@ -147,11 +147,11 @@ int main(void) /* See how the transfers went */ while((msg = curl_multi_info_read(multi_handle, &msgs_left))) { if(msg->msg == CURLMSG_DONE) { - int idx, found = 0; + int idx; /* Find out which handle this message is about */ for(idx = 0; idx<HANDLECOUNT; idx++) { - found = (msg->easy_handle == handles[idx]); + int found = (msg->easy_handle == handles[idx]); if(found) break; } diff --git a/docs/examples/resolve.c b/docs/examples/resolve.c index 5f9a58166..417046076 100644 --- a/docs/examples/resolve.c +++ b/docs/examples/resolve.c @@ -31,14 +31,14 @@ int main(void) { CURL *curl; CURLcode res = CURLE_OK; - struct curl_slist *host = NULL; /* Each single name resolve string should be written using the format HOST:PORT:ADDRESS where HOST is the name libcurl will try to resolve, PORT is the port number of the service where libcurl wants to connect to the HOST and ADDRESS is the numerical IP address */ - host = curl_slist_append(NULL, "example.com:443:127.0.0.1"); + struct curl_slist *host = curl_slist_append(NULL, + "example.com:443:127.0.0.1"); curl = curl_easy_init(); if(curl) { diff --git a/docs/examples/sendrecv.c b/docs/examples/sendrecv.c index d564c2532..9c8f12a2b 100644 --- a/docs/examples/sendrecv.c +++ b/docs/examples/sendrecv.c @@ -59,12 +59,9 @@ static int wait_on_socket(curl_socket_t sockfd, int for_recv, long timeout_ms) int main(void) { CURL *curl; - CURLcode res; /* Minimalistic http request */ const char *request = "GET / HTTP/1.0\r\nHost: example.com\r\n\r\n"; size_t request_len = strlen(request); - curl_socket_t sockfd; - size_t nsent_total = 0; /* A general note of caution here: if you're using curl_easy_recv() or curl_easy_send() to implement HTTP or _any_ other protocol libcurl @@ -76,6 +73,10 @@ int main(void) curl = curl_easy_init(); if(curl) { + CURLcode res; + curl_socket_t sockfd; + size_t nsent_total = 0; + curl_easy_setopt(curl, CURLOPT_URL, "https://example.com"); /* Do not do the transfer - only connect to host */ curl_easy_setopt(curl, CURLOPT_CONNECT_ONLY, 1L); diff --git a/docs/examples/sftpuploadresume.c b/docs/examples/sftpuploadresume.c index 4e070fb35..f428ae489 100644 --- a/docs/examples/sftpuploadresume.c +++ b/docs/examples/sftpuploadresume.c @@ -49,9 +49,8 @@ static curl_off_t sftpGetRemoteFileSize(const char *i_remoteFile) { CURLcode result = CURLE_GOT_NOTHING; curl_off_t remoteFileSizeByte = -1; - CURL *curlHandlePtr = NULL; + CURL *curlHandlePtr = curl_easy_init(); - curlHandlePtr = curl_easy_init(); curl_easy_setopt(curlHandlePtr, CURLOPT_VERBOSE, 1L); curl_easy_setopt(curlHandlePtr, CURLOPT_URL, i_remoteFile); diff --git a/docs/examples/shared-connection-cache.c b/docs/examples/shared-connection-cache.c index da1270377..edf6c827c 100644 --- a/docs/examples/shared-connection-cache.c +++ b/docs/examples/shared-connection-cache.c @@ -46,8 +46,6 @@ static void my_unlock(CURL *handle, curl_lock_data data, void *useptr) int main(void) { - CURL *curl; - CURLcode res; CURLSH *share; int i; @@ -61,8 +59,10 @@ int main(void) still reuse connections since the pool is in the shared object! */ for(i = 0; i < 3; i++) { - curl = curl_easy_init(); + CURL *curl = curl_easy_init(); if(curl) { + CURLcode res; + curl_easy_setopt(curl, CURLOPT_URL, "https://curl.haxx.se/"); /* use the share object */ diff --git a/docs/examples/smooth-gtk-thread.c b/docs/examples/smooth-gtk-thread.c index d4bafd8d2..8b11d0fbc 100644 --- a/docs/examples/smooth-gtk-thread.c +++ b/docs/examples/smooth-gtk-thread.c @@ -67,13 +67,12 @@ size_t write_file(void *ptr, size_t size, size_t nmemb, FILE *stream) /* https://weather.com/weather/today/l/46214?cc=*&dayf=5&unit=i */ void *pull_one_url(void *NaN) { - CURL *curl; - gchar *http; - FILE *outfile; - /* Stop threads from entering unless j is incremented */ pthread_mutex_lock(&lock); while(j < num_urls) { + CURL *curl; + gchar *http; + printf("j = %d\n", j); http = @@ -85,7 +84,7 @@ void *pull_one_url(void *NaN) curl = curl_easy_init(); if(curl) { - outfile = fopen(urls[j], "wb"); + FILE *outfile = fopen(urls[j], "wb"); /* Set the URL and transfer type */ curl_easy_setopt(curl, CURLOPT_URL, http); diff --git a/docs/examples/smtp-mime.c b/docs/examples/smtp-mime.c index 38a0a06d7..ff54d04ca 100644 --- a/docs/examples/smtp-mime.c +++ b/docs/examples/smtp-mime.c @@ -70,16 +70,17 @@ int main(void) { CURL *curl; CURLcode res = CURLE_OK; - struct curl_slist *headers = NULL; - struct curl_slist *recipients = NULL; - struct curl_slist *slist = NULL; - curl_mime *mime; - curl_mime *alt; - curl_mimepart *part; - const char **cpp; curl = curl_easy_init(); if(curl) { + struct curl_slist *headers = NULL; + struct curl_slist *recipients = NULL; + struct curl_slist *slist = NULL; + curl_mime *mime; + curl_mime *alt; + curl_mimepart *part; + const char **cpp; + /* This is the URL for your mailserver */ curl_easy_setopt(curl, CURLOPT_URL, "smtp://mail.example.com"); diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c index 82a0742f4..9582ce123 100644 --- a/docs/examples/synctime.c +++ b/docs/examples/synctime.c @@ -257,25 +257,15 @@ int main(int argc, char *argv[]) { CURL *curl; conf_t conf[1]; - int OptionIndex; - struct tm *lt; - struct tm *gmt; - time_t tt; - time_t tt_local; - time_t tt_gmt; - double tzonediffFloat; - int tzonediffWord; - char timeBuf[61]; - char tzoneBuf[16]; int RetValue; - OptionIndex = 0; ShowAllHeader = 0; /* Do not show HTTP Header */ AutoSyncTime = 0; /* Do not synchronise computer clock */ RetValue = 0; /* Successful Exit */ conf_init(conf); if(argc > 1) { + int OptionIndex = 0; while(OptionIndex < argc) { if(strncmp(argv[OptionIndex], "--server=", 9) == 0) snprintf(conf->timeserver, MAX_STRING, "%s", &argv[OptionIndex][9]); @@ -308,6 +298,16 @@ int main(int argc, char *argv[]) curl_global_init(CURL_GLOBAL_ALL); curl = curl_easy_init(); if(curl) { + struct tm *lt; + struct tm *gmt; + time_t tt; + time_t tt_local; + time_t tt_gmt; + double tzonediffFloat; + int tzonediffWord; + char timeBuf[61]; + char tzoneBuf[16]; + SyncTime_CURL_Init(curl, conf->http_proxy, conf->proxy_user); /* Calculating time diff between GMT and localtime */ diff --git a/docs/examples/usercertinmem.c b/docs/examples/usercertinmem.c index 47740dc65..c005f28b8 100644 --- a/docs/examples/usercertinmem.c +++ b/docs/examples/usercertinmem.c @@ -177,25 +177,25 @@ int main(void) CURL *ch; CURLcode rv; - rv = curl_global_init(CURL_GLOBAL_ALL); + curl_global_init(CURL_GLOBAL_ALL); ch = curl_easy_init(); - rv = curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L); - rv = curl_easy_setopt(ch, CURLOPT_HEADER, 0L); - rv = curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L); - rv = curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L); - rv = curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, writefunction); - rv = curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout); - rv = curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, writefunction); - rv = curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr); - rv = curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); + curl_easy_setopt(ch, CURLOPT_VERBOSE, 0L); + curl_easy_setopt(ch, CURLOPT_HEADER, 0L); + curl_easy_setopt(ch, CURLOPT_NOPROGRESS, 1L); + curl_easy_setopt(ch, CURLOPT_NOSIGNAL, 1L); + curl_easy_setopt(ch, CURLOPT_WRITEFUNCTION, writefunction); + curl_easy_setopt(ch, CURLOPT_WRITEDATA, stdout); + curl_easy_setopt(ch, CURLOPT_HEADERFUNCTION, writefunction); + curl_easy_setopt(ch, CURLOPT_HEADERDATA, stderr); + curl_easy_setopt(ch, CURLOPT_SSLCERTTYPE, "PEM"); /* both VERIFYPEER and VERIFYHOST are set to 0 in this case because there is no CA certificate*/ - rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 0L); - rv = curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 0L); - rv = curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); - rv = curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM"); + curl_easy_setopt(ch, CURLOPT_SSL_VERIFYPEER, 0L); + curl_easy_setopt(ch, CURLOPT_SSL_VERIFYHOST, 0L); + curl_easy_setopt(ch, CURLOPT_URL, "https://www.example.com/"); + curl_easy_setopt(ch, CURLOPT_SSLKEYTYPE, "PEM"); /* first try: retrieve page without user certificate and key -> will fail */ @@ -211,7 +211,7 @@ int main(void) * load the certificate and key by installing a function doing the necessary * "modifications" to the SSL CONTEXT just before link init */ - rv = curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); + curl_easy_setopt(ch, CURLOPT_SSL_CTX_FUNCTION, *sslctx_function); rv = curl_easy_perform(ch); if(rv == CURLE_OK) { printf("*** transfer succeeded ***\n"); diff --git a/docs/libcurl/gnurl_share_setopt.3 b/docs/libcurl/gnurl_share_setopt.3 index 0646b348e..fd464b349 100644 --- a/docs/libcurl/gnurl_share_setopt.3 +++ b/docs/libcurl/gnurl_share_setopt.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -37,8 +37,8 @@ prototype: void lock_function(CURL *handle, curl_lock_data data, curl_lock_access access, void *userptr); -\fIdata\fP defines what data libcurl wants to lock, and you must make sure that -only one lock is given at any time for each kind of data. +The \fIdata\fP argument tells what kind of data libcurl wants to lock. Make +sure that the callback uses a different lock for each kind of data. \fIaccess\fP defines what access type libcurl wants, shared or single. diff --git a/docs/libcurl/libgnurl-thread.3 b/docs/libcurl/libgnurl-thread.3 index 1692b0fda..ae1e387be 100644 --- a/docs/libcurl/libgnurl-thread.3 +++ b/docs/libcurl/libgnurl-thread.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 2015 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 2015 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -56,10 +56,6 @@ https://curl.haxx.se/libcurl/c/opensslthreadlock.html https://gnutls.org/manual/html_node/Thread-safety.html .IP NSS thread-safe already without anything required. -.IP PolarSSL -Required actions unknown. -.IP yassl -Required actions unknown. .IP Secure-Transport The engine is used by libcurl in a way that is fully thread-safe. .IP WinSSL diff --git a/docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3 index 498717373..a0e15a686 100644 --- a/docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3 +++ b/docs/libcurl/opts/GNURLOPT_PINNEDPUBLICKEY.3 @@ -99,13 +99,11 @@ PEM/DER support: 7.39.0-7.48.0,7.58.1+: GSKit - 7.43.0: NSS and wolfSSL/CyaSSL + 7.43.0: NSS and wolfSSL 7.47.0: mbedtls - 7.49.0: PolarSSL - - 7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+ + 7.54.1: SecureTransport on macOS 10.7+/iOS 10+ 7.58.1: SChannel @@ -115,9 +113,7 @@ sha256 support: 7.47.0: mbedtls - 7.49.0: PolarSSL - - 7.54.1: SecureTransport/DarwinSSL on macOS 10.7+/iOS 10+ + 7.54.1: SecureTransport on macOS 10.7+/iOS 10+ 7.58.1: SChannel Windows XP SP3+ diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3 b/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3 index bcd8bb0ca..693609f02 100644 --- a/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3 +++ b/docs/libcurl/opts/GNURLOPT_PROXY_CAPATH.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -55,9 +55,8 @@ if(curl) { .SH AVAILABILITY Added in 7.52.0 -This option is supported by the OpenSSL, GnuTLS, PolarSSL and mbedTLS -(since 7.56.0) backends. The NSS backend provides the option only for -backward compatibility. +This option is supported by the OpenSSL, GnuTLS, and mbedTLS (since 7.56.0) +backends. The NSS backend provides the option only for backward compatibility. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3 index 333daf919..c362e24f0 100644 --- a/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3 +++ b/docs/libcurl/opts/GNURLOPT_PROXY_PINNEDPUBLICKEY.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -94,11 +94,11 @@ footer: .SH AVAILABILITY PEM/DER support: - 7.52.0: GSKit, GnuTLS, NSS, OpenSSL, PolarSSL, mbedtls, wolfSSL/CyaSSL + 7.52.0: GSKit, GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL sha256 support: - 7.52.0: GnuTLS, NSS, OpenSSL, PolarSSL, mbedtls, wolfSSL/CyaSSL + 7.52.0: GnuTLS, NSS, OpenSSL, mbedtls, wolfSSL Other SSL backends not supported. .SH RETURN VALUE diff --git a/docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3 b/docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3 index 18d7c4091..6e9918c8e 100644 --- a/docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3 +++ b/docs/libcurl/opts/GNURLOPT_PROXY_TLS13_CIPHERS.3 @@ -37,6 +37,10 @@ You'll find more details about cipher lists on this URL: https://curl.haxx.se/docs/ssl-ciphers.html +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the CURLOPT_PROXY_SSL_CIPHER_LIST option. + The application does not have to keep the string around after setting this option. .SH DEFAULT diff --git a/docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3 b/docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3 index f6b997048..f2666f6a8 100644 --- a/docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3 +++ b/docs/libcurl/opts/GNURLOPT_TLS13_CIPHERS.3 @@ -36,6 +36,10 @@ You'll find more details about cipher lists on this URL: https://curl.haxx.se/docs/ssl-ciphers.html +This option is currently used only when curl is built to use OpenSSL 1.1.1 or +later. If you are using a different SSL backend you can try setting TLS 1.3 +cipher suites by using the CURLOPT_SSL_CIPHER_LIST option. + The application does not have to keep the string around after setting this option. .SH DEFAULT diff --git a/include/gnurl/curl.h b/include/gnurl/curl.h index d83b21798..e7f812dac 100644 --- a/include/gnurl/curl.h +++ b/include/gnurl/curl.h @@ -209,16 +209,17 @@ struct curl_httppost { set. Added in 7.46.0 */ }; -/* This is the CURLOPT_PROGRESSFUNCTION callback proto. It is now considered - deprecated but was the only choice up until 7.31.0 */ +/* This is the CURLOPT_PROGRESSFUNCTION callback prototype. It is now + considered deprecated but was the only choice up until 7.31.0 */ typedef int (*curl_progress_callback)(void *clientp, double dltotal, double dlnow, double ultotal, double ulnow); -/* This is the CURLOPT_XFERINFOFUNCTION callback proto. It was introduced in - 7.32.0, it avoids floating point and provides more detailed information. */ +/* This is the CURLOPT_XFERINFOFUNCTION callback prototype. It was introduced + in 7.32.0, avoids the use of floating point numbers and provides more + detailed information. */ typedef int (*curl_xferinfo_callback)(void *clientp, curl_off_t dltotal, curl_off_t dlnow, @@ -685,8 +686,10 @@ typedef enum { typedef CURLcode (*curl_conv_callback)(char *buffer, size_t length); typedef CURLcode (*curl_ssl_ctx_callback)(CURL *curl, /* easy handle */ - void *ssl_ctx, /* actually an - OpenSSL SSL_CTX */ + void *ssl_ctx, /* actually an OpenSSL + or WolfSSL SSL_CTX, + or an mbedTLS + mbedtls_ssl_config */ void *userptr); typedef enum { @@ -1314,9 +1317,9 @@ typedef enum { Note that setting multiple bits may cause extra network round-trips. */ CINIT(HTTPAUTH, LONG, 107), - /* Set the ssl context callback function, currently only for OpenSSL ssl_ctx - in second argument. The function must be matching the - curl_ssl_ctx_callback proto. */ + /* Set the ssl context callback function, currently only for OpenSSL or + WolfSSL ssl_ctx, or mbedTLS mbedtls_ssl_config in the second argument. + The function must match the curl_ssl_ctx_callback prototype. */ CINIT(SSL_CTX_FUNCTION, FUNCTIONPOINT, 108), /* Set the userdata for the ssl context callback function's third @@ -2514,8 +2517,8 @@ CURL_EXTERN void curl_slist_free_all(struct curl_slist *); */ CURL_EXTERN time_t curl_getdate(const char *p, const time_t *unused); -/* info about the certificate chain, only for OpenSSL builds. Asked - for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ +/* info about the certificate chain, only for OpenSSL, GnuTLS, Schannel, NSS + and GSKit builds. Asked for with CURLOPT_CERTINFO / CURLINFO_CERTINFO */ struct curl_certinfo { int num_of_certs; /* number of certificates with information */ struct curl_slist **certinfo; /* for each index in this array, there's a diff --git a/include/gnurl/curlver.h b/include/gnurl/curlver.h index bca53cb6b..4afe4a9d1 100644 --- a/include/gnurl/curlver.h +++ b/include/gnurl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.65.0-DEV" +#define LIBCURL_VERSION "7.65.1-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 #define LIBCURL_VERSION_MINOR 65 -#define LIBCURL_VERSION_PATCH 0 +#define LIBCURL_VERSION_PATCH 1 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074100 +#define LIBCURL_VERSION_NUM 0x074101 /* * This is the date and time when the full source package was created. The diff --git a/lib/config-win32.h b/lib/config-win32.h index 24c35d339..90c105476 100644 --- a/lib/config-win32.h +++ b/lib/config-win32.h @@ -188,6 +188,9 @@ /* Define to 1 if you have the `getpeername' function. */ #define HAVE_GETPEERNAME 1 +/* Define to 1 if you have the getsockname function. */ +#define HAVE_GETSOCKNAME 1 + /* Define if you have the gethostbyaddr function. */ #define HAVE_GETHOSTBYADDR 1 @@ -582,8 +585,9 @@ Vista # endif #endif -/* Availability of freeaddrinfo, getaddrinfo and getnameinfo functions is - quite convoluted, compiler dependent and even build target dependent. */ +/* Availability of freeaddrinfo, getaddrinfo, getnameinfo and if_nametoindex + functions is quite convoluted, compiler dependent and even build target + dependent. */ #if defined(HAVE_WS2TCPIP_H) # if defined(__POCC__) # define HAVE_FREEADDRINFO 1 @@ -713,8 +717,12 @@ Vista #define USE_WIN32_CRYPTO /* Define to use Unix sockets. */ -#if defined(_MSC_VER) && _MSC_VER >= 1900 -/* #define USE_UNIX_SOCKETS */ +#if defined(_MSC_VER) && (_MSC_VER >= 1500) +/* sdkddkver.h first shipped with Platform SDK v6.0A included with VS2008 */ +#include <sdkddkver.h> +#if defined(NTDDI_WIN10_RS4) +#define USE_UNIX_SOCKETS +#endif #endif /* ---------------------------------------------------------------- */ diff --git a/lib/conncache.c b/lib/conncache.c index 49fad83e5..028f4aed3 100644 --- a/lib/conncache.c +++ b/lib/conncache.c @@ -61,6 +61,8 @@ Curl_share_unlock((x), CURL_LOCK_DATA_CONNECT) #endif +#define HASHKEY_SIZE 128 + static void conn_llist_dtor(void *user, void *element) { struct connectdata *conn = element; @@ -159,23 +161,27 @@ void Curl_conncache_destroy(struct conncache *connc) /* creates a key to find a bundle for this connection */ static void hashkey(struct connectdata *conn, char *buf, - size_t len) /* something like 128 is fine */ + size_t len, /* something like 128 is fine */ + const char **hostp) { const char *hostname; + long port = conn->remote_port; - if(conn->bits.socksproxy) - hostname = conn->socks_proxy.host.name; - else if(conn->bits.httpproxy) + if(conn->bits.httpproxy && !conn->bits.tunnel_proxy) { hostname = conn->http_proxy.host.name; + port = conn->port; + } else if(conn->bits.conn_to_host) hostname = conn->conn_to_host.name; else hostname = conn->host.name; - DEBUGASSERT(len > 32); + if(hostp) + /* report back which name we used */ + *hostp = hostname; /* put the number first so that the hostname gets cut off if too long */ - msnprintf(buf, len, "%ld%s", conn->port, hostname); + msnprintf(buf, len, "%ld%s", port, hostname); } void Curl_conncache_unlock(struct Curl_easy *data) @@ -212,13 +218,14 @@ size_t Curl_conncache_bundle_size(struct connectdata *conn) **NOTE**: When it returns, it holds the connection cache lock! */ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, - struct conncache *connc) + struct conncache *connc, + const char **hostp) { struct connectbundle *bundle = NULL; CONN_LOCK(conn->data); if(connc) { - char key[128]; - hashkey(conn, key, sizeof(key)); + char key[HASHKEY_SIZE]; + hashkey(conn, key, sizeof(key), hostp); bundle = Curl_hash_pick(&connc->hash, key, strlen(key)); } @@ -267,17 +274,17 @@ CURLcode Curl_conncache_add_conn(struct conncache *connc, struct Curl_easy *data = conn->data; /* *find_bundle() locks the connection cache */ - bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache); + bundle = Curl_conncache_find_bundle(conn, data->state.conn_cache, NULL); if(!bundle) { int rc; - char key[128]; + char key[HASHKEY_SIZE]; result = bundle_create(data, &new_bundle); if(result) { goto unlock; } - hashkey(conn, key, sizeof(key)); + hashkey(conn, key, sizeof(key), NULL); rc = conncache_add_bundle(data->state.conn_cache, key, new_bundle); if(!rc) { diff --git a/lib/conncache.h b/lib/conncache.h index 35be9e0aa..58f902409 100644 --- a/lib/conncache.h +++ b/lib/conncache.h @@ -54,7 +54,8 @@ void Curl_conncache_destroy(struct conncache *connc); /* return the correct bundle, to a host or a proxy */ struct connectbundle *Curl_conncache_find_bundle(struct connectdata *conn, - struct conncache *connc); + struct conncache *connc, + const char **hostp); void Curl_conncache_unlock(struct Curl_easy *data); /* returns number of connections currently held in the connection cache */ size_t Curl_conncache_size(struct Curl_easy *data); diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 9ac64f651..3d96c498c 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -241,6 +241,9 @@ /* Define to 1 if you have the `getsockname' function. */ #cmakedefine HAVE_GETSOCKNAME 1 +/* Define to 1 if you have the `if_nametoindex' function. */ +#cmakedefine HAVE_IF_NAMETOINDEX 1 + /* Define to 1 if you have the `getpwuid' function. */ #cmakedefine HAVE_GETPWUID 1 @@ -888,26 +891,35 @@ /* Define to the function return type for send. */ #cmakedefine SEND_TYPE_RETV ${SEND_TYPE_RETV} +/* + Note: SIZEOF_* variables are fetched with CMake through check_type_size(). + As per CMake documentation on CheckTypeSize, C preprocessor code is + generated by CMake into SIZEOF_*_CODE. This is what we use in the + following statements. + + Reference: https://cmake.org/cmake/help/latest/module/CheckTypeSize.html +*/ + /* The size of `int', as computed by sizeof. */ -#cmakedefine SIZEOF_INT ${SIZEOF_INT} +${SIZEOF_INT_CODE} /* The size of `short', as computed by sizeof. */ -#cmakedefine SIZEOF_SHORT ${SIZEOF_SHORT} +${SIZEOF_SHORT_CODE} /* The size of `long', as computed by sizeof. */ -#cmakedefine SIZEOF_LONG ${SIZEOF_LONG} +${SIZEOF_LONG_CODE} /* The size of `off_t', as computed by sizeof. */ -#cmakedefine SIZEOF_OFF_T ${SIZEOF_OFF_T} +${SIZEOF_OFF_T_CODE} /* The size of `curl_off_t', as computed by sizeof. */ -#cmakedefine SIZEOF_CURL_OFF_T ${SIZEOF_CURL_OFF_T} +${SIZEOF_CURL_OFF_T_CODE} /* The size of `size_t', as computed by sizeof. */ -#cmakedefine SIZEOF_SIZE_T ${SIZEOF_SIZE_T} +${SIZEOF_SIZE_T_CODE} /* The size of `time_t', as computed by sizeof. */ -#cmakedefine SIZEOF_TIME_T ${SIZEOF_TIME_T} +${SIZEOF_TIME_T_CODE} /* Define to 1 if you have the ANSI C header files. */ #cmakedefine STDC_HEADERS 1 diff --git a/lib/curl_setup.h b/lib/curl_setup.h index 35f69d141..3ce879237 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -647,7 +647,7 @@ int netware_init(void); #define LIBIDN_REQUIRED_VERSION "0.4.1" #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ - defined(USE_POLARSSL) || defined(USE_MBEDTLS) || \ + defined(USE_MBEDTLS) || \ defined(USE_CYASSL) || defined(USE_SCHANNEL) || \ defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK) #define USE_SSL /* SSL support has been enabled */ diff --git a/lib/http.c b/lib/http.c index 92c06a144..5a2ed4dec 100644 --- a/lib/http.c +++ b/lib/http.c @@ -644,7 +644,7 @@ output_auth_headers(struct connectdata *conn, #endif #ifdef USE_SPNEGO - if((authstatus->picked == CURLAUTH_NEGOTIATE)) { + if(authstatus->picked == CURLAUTH_NEGOTIATE) { auth = "Negotiate"; result = Curl_output_negotiate(conn, proxy); if(result) @@ -3769,6 +3769,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, "HTTP 1.1 or later with persistent connection\n")); } + k->http_bodyless = k->httpcode >= 100 && k->httpcode < 200; switch(k->httpcode) { case 304: /* (quote from RFC2616, section 10.3.5): The 304 response @@ -3786,10 +3787,9 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, * empty line after the header fields. */ k->size = 0; k->maxdownload = 0; - k->ignorecl = TRUE; /* ignore Content-Length headers */ + k->http_bodyless = TRUE; break; default: - /* nothing */ break; } } @@ -3805,8 +3805,8 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, return result; /* Check for Content-Length: header lines to get size */ - if(!k->ignorecl && !data->set.ignorecl && - checkprefix("Content-Length:", k->p)) { + if(!k->http_bodyless && + !data->set.ignorecl && checkprefix("Content-Length:", k->p)) { curl_off_t contentlength; CURLofft offt = curlx_strtoofft(k->p + 15, NULL, 10, &contentlength); @@ -3895,7 +3895,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, */ streamclose(conn, "Connection: close used"); } - else if(checkprefix("Transfer-Encoding:", k->p)) { + else if(!k->http_bodyless && checkprefix("Transfer-Encoding:", k->p)) { /* One or more encodings. We check for chunked and/or a compression algorithm. */ /* @@ -3911,7 +3911,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(result) return result; } - else if(checkprefix("Content-Encoding:", k->p) && + else if(!k->http_bodyless && checkprefix("Content-Encoding:", k->p) && data->set.str[STRING_ENCODING]) { /* * Process Content-Encoding. Look for the values: identity, @@ -3924,7 +3924,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, if(result) return result; } - else if(checkprefix("Content-Range:", k->p)) { + else if(!k->http_bodyless && checkprefix("Content-Range:", k->p)) { /* Content-Range: bytes [num]- Content-Range: bytes: [num]- Content-Range: [num]- @@ -3970,7 +3970,7 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, Curl_share_unlock(data, CURL_LOCK_DATA_COOKIE); } #endif - else if(checkprefix("Last-Modified:", k->p) && + else if(!k->http_bodyless && checkprefix("Last-Modified:", k->p) && (data->set.timecondition || data->set.get_filetime) ) { time_t secs = time(NULL); k->timeofdoc = curl_getdate(k->p + strlen("Last-Modified:"), diff --git a/lib/http2.c b/lib/http2.c index 221afec28..aef16370e 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -1199,9 +1199,6 @@ void Curl_http2_done(struct connectdata *conn, bool premature) if(!httpc->h2) /* not HTTP/2 ? */ return; - if(data->state.drain) - drained_transfer(data, httpc); - if(premature) { /* RST_STREAM */ if(!nghttp2_submit_rst_stream(httpc->h2, NGHTTP2_FLAG_NONE, @@ -1213,6 +1210,10 @@ void Curl_http2_done(struct connectdata *conn, bool premature) httpc->pause_stream_id = 0; } } + + if(data->state.drain) + drained_transfer(data, httpc); + /* -1 means unassigned and 0 means cleared */ if(http->stream_id > 0) { int rv = nghttp2_session_set_stream_user_data(httpc->h2, diff --git a/lib/http_proxy.c b/lib/http_proxy.c index 1b4294a3c..7d8c5eb63 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -632,6 +632,7 @@ static CURLcode CONNECT(struct connectdata *conn, conn->allocptr.proxyuserpwd = NULL; data->state.authproxy.done = TRUE; + data->state.authproxy.multipass = FALSE; infof(data, "Proxy replied %d to CONNECT request\n", data->info.httpproxycode); @@ -38,6 +38,13 @@ #include "curl_setup.h" +#ifdef USE_OPENSSL +#include <openssl/opensslconf.h> +#endif +#ifdef USE_MBEDTLS +#include <mbedtls/config.h> +#endif + /* The NSS, OS/400, and when not included, OpenSSL and mbed TLS crypto * libraries do not provide the MD4 hash algorithm, so we use this * implementation of it */ diff --git a/lib/multi.c b/lib/multi.c index fa6e8f31a..9ea4c8278 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -241,8 +241,17 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, /* delete the given socket + handle from the hash */ -static void sh_delentry(struct curl_hash *sh, curl_socket_t s) +static void sh_delentry(struct Curl_sh_entry *entry, + struct curl_hash *sh, curl_socket_t s) { + struct curl_llist *list = &entry->list; + struct curl_llist_element *e; + /* clear the list of transfers first */ + for(e = list->head; e; e = list->head) { + struct Curl_easy *dta = e->ptr; + Curl_llist_remove(&entry->list, e, NULL); + dta->sh_entry = NULL; + } /* We remove the hash entry. This will end up in a call to sh_freeentry(). */ Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t)); @@ -780,6 +789,11 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi) static void detach_connnection(struct Curl_easy *data) { struct connectdata *conn = data->conn; + if(data->sh_entry) { + /* still listed as a user of a socket hash entry, remove it */ + Curl_llist_remove(&data->sh_entry->list, &data->sh_queue, NULL); + data->sh_entry = NULL; + } if(conn) Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL); data->conn = NULL; @@ -2238,14 +2252,14 @@ static CURLMcode singlesocket(struct Curl_multi *multi, actions[i] = action; if(entry) { /* check if new for this transfer */ - for(i = 0; i< data->numsocks; i++) { - if(s == data->sockets[i]) { - prevaction = data->actions[i]; + int j; + for(j = 0; j< data->numsocks; j++) { + if(s == data->sockets[j]) { + prevaction = data->actions[j]; sincebefore = TRUE; break; } } - } else { /* this is a socket we didn't have before, add it to the hash! */ @@ -2276,6 +2290,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, /* add 'data' to the list of handles using this socket! */ Curl_llist_insert_next(&entry->list, entry->list.tail, data, &data->sh_queue); + data->sh_entry = entry; } comboaction = (entry->writers? CURL_POLL_OUT : 0) | @@ -2335,11 +2350,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, multi->socket_cb(data, s, CURL_POLL_REMOVE, multi->socket_userp, entry->socketp); - sh_delentry(&multi->sockhash, s); - } - else { - /* remove this transfer as a user of this socket */ - Curl_llist_remove(&entry->list, &data->sh_queue, NULL); + sh_delentry(entry, &multi->sockhash, s); } } } /* for loop over numsocks */ @@ -2383,7 +2394,7 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) entry->socketp); /* now remove it from the socket hash */ - sh_delentry(&multi->sockhash, s); + sh_delentry(entry, &multi->sockhash, s); } } } @@ -2474,7 +2485,6 @@ static CURLMcode multi_socket(struct Curl_multi *multi, return result; } if(s != CURL_SOCKET_TIMEOUT) { - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); if(!entry) @@ -2487,15 +2497,19 @@ static CURLMcode multi_socket(struct Curl_multi *multi, else { struct curl_llist *list = &entry->list; struct curl_llist_element *e; + struct curl_llist_element *enext; SIGPIPE_VARIABLE(pipe_st); /* the socket can be shared by many transfers, iterate */ - for(e = list->head; e; e = e->next) { + for(e = list->head; e; e = enext) { data = (struct Curl_easy *)e->ptr; - if(data->magic != CURLEASY_MAGIC_NUMBER) - /* bad bad bad bad bad bad bad */ - return CURLM_INTERNAL_ERROR; + /* assign 'enext' here since the 'e' struct might be cleared + further down in the singlesocket() call */ + enext = e->next; + + DEBUGASSERT(data); + DEBUGASSERT(data->magic == CURLEASY_MAGIC_NUMBER); if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) /* set socket event bitmask if they're not locked */ diff --git a/lib/progress.c b/lib/progress.c index f586d59b4..fe9929bb9 100644 --- a/lib/progress.c +++ b/lib/progress.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,7 +31,6 @@ /* check rate limits within this many recent milliseconds, at minimum. */ #define MIN_RATE_LIMIT_PERIOD 3000 -#ifndef CURL_DISABLE_PROGRESS_METER /* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero byte) */ static void time2str(char *r, curl_off_t seconds) @@ -120,7 +119,6 @@ static char *max5data(curl_off_t bytes, char *max5) return max5; } -#endif /* @@ -364,13 +362,17 @@ void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size) } } -#ifndef CURL_DISABLE_PROGRESS_METER -static void progress_meter(struct connectdata *conn) +/* + * Curl_pgrsUpdate() returns 0 for success or the value returned by the + * progress callback! + */ +int Curl_pgrsUpdate(struct connectdata *conn) { struct curltime now; curl_off_t timespent; curl_off_t timespent_ms; /* milliseconds */ struct Curl_easy *data = conn->data; + int nowindex = data->progress.speeder_c% CURR_TIME; bool shownow = FALSE; curl_off_t dl = data->progress.downloaded; curl_off_t ul = data->progress.uploaded; @@ -397,9 +399,7 @@ static void progress_meter(struct connectdata *conn) /* Calculations done at most once a second, unless end is reached */ if(data->progress.lastshow != now.tv_sec) { int countindex; /* amount of seconds stored in the speeder array */ - int nowindex = data->progress.speeder_c% CURR_TIME; - if(!(data->progress.flags & PGRS_HIDE)) - shownow = TRUE; + shownow = TRUE; data->progress.lastshow = now.tv_sec; @@ -461,12 +461,8 @@ static void progress_meter(struct connectdata *conn) data->progress.ulspeed + data->progress.dlspeed; } /* Calculations end */ - if(!shownow) - /* only show the internal progress meter once per second */ - return; - else { - /* If there's no external callback set, use internal code to show - progress */ + + if(!(data->progress.flags & PGRS_HIDE)) { /* progress meter has not been shut off */ char max5[6][10]; curl_off_t dlpercen = 0; @@ -481,6 +477,42 @@ static void progress_meter(struct connectdata *conn) curl_off_t dlestimate = 0; curl_off_t total_estimate; + if(data->set.fxferinfo) { + int result; + /* There's a callback set, call that */ + Curl_set_in_callback(data, true); + result = data->set.fxferinfo(data->set.progress_client, + data->progress.size_dl, + data->progress.downloaded, + data->progress.size_ul, + data->progress.uploaded); + Curl_set_in_callback(data, false); + if(result) + failf(data, "Callback aborted"); + return result; + } + if(data->set.fprogress) { + int result; + /* The older deprecated callback is set, call that */ + Curl_set_in_callback(data, true); + result = data->set.fprogress(data->set.progress_client, + (double)data->progress.size_dl, + (double)data->progress.downloaded, + (double)data->progress.size_ul, + (double)data->progress.uploaded); + Curl_set_in_callback(data, false); + if(result) + failf(data, "Callback aborted"); + return result; + } + + if(!shownow) + /* only show the internal progress meter once per second */ + return 0; + + /* If there's no external callback set, use internal code to show + progress */ + if(!(data->progress.flags & PGRS_HEADERS_OUT)) { if(data->state.resume_from) { fprintf(data->set.err, @@ -563,57 +595,13 @@ static void progress_meter(struct connectdata *conn) time_total, /* 8 letters */ /* total time */ time_spent, /* 8 letters */ /* time spent */ time_left, /* 8 letters */ /* time left */ - max5data(data->progress.current_speed, max5[5]) - ); + max5data(data->progress.current_speed, max5[5]) /* current speed */ + ); /* we flush the output stream to make it appear as soon as possible */ fflush(data->set.err); - } /* don't show now */ -} -#else - /* progress bar disabled */ -#define progress_meter(x) -#endif - -/* - * Curl_pgrsUpdate() returns 0 for success or the value returned by the - * progress callback! - */ -int Curl_pgrsUpdate(struct connectdata *conn) -{ - struct Curl_easy *data = conn->data; - if(!(data->progress.flags & PGRS_HIDE)) { - if(data->set.fxferinfo) { - int result; - /* There's a callback set, call that */ - Curl_set_in_callback(data, true); - result = data->set.fxferinfo(data->set.progress_client, - data->progress.size_dl, - data->progress.downloaded, - data->progress.size_ul, - data->progress.uploaded); - Curl_set_in_callback(data, false); - if(result) - failf(data, "Callback aborted"); - return result; - } - if(data->set.fprogress) { - int result; - /* The older deprecated callback is set, call that */ - Curl_set_in_callback(data, true); - result = data->set.fprogress(data->set.progress_client, - (double)data->progress.size_dl, - (double)data->progress.downloaded, - (double)data->progress.size_ul, - (double)data->progress.uploaded); - Curl_set_in_callback(data, false); - if(result) - failf(data, "Callback aborted"); - return result; - } - } - progress_meter(conn); + } /* !(data->progress.flags & PGRS_HIDE) */ return 0; } diff --git a/lib/rand.c b/lib/rand.c index e252e7e54..d470c24be 100644 --- a/lib/rand.c +++ b/lib/rand.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -106,8 +106,7 @@ static CURLcode randit(struct Curl_easy *data, unsigned int *rnd) * 'rndptr' points to. * * If libcurl is built without TLS support or with a TLS backend that lacks a - * proper random API (Gskit, PolarSSL or mbedTLS), this function will use - * "weak" random. + * proper random API (Gskit or mbedTLS), this function will use "weak" random. * * When built *with* TLS support and a backend that offers strong random, it * will return error if it cannot provide strong random values. diff --git a/lib/rand.h b/lib/rand.h index 5deb04161..3c8e2b81d 100644 --- a/lib/rand.h +++ b/lib/rand.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -27,8 +27,7 @@ * 'rnd' points to. * * If libcurl is built without TLS support or with a TLS backend that lacks a - * proper random API (Gskit, PolarSSL or mbedTLS), this function will use - * "weak" random. + * proper random API (Gskit or mbedTLS), this function will use "weak" random. * * When built *with* TLS support and a backend that offers strong random, it * will return error if it cannot provide strong random values. diff --git a/lib/system_win32.c b/lib/system_win32.c index 258ef9f4f..3804afe55 100644 --- a/lib/system_win32.c +++ b/lib/system_win32.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016 - 2017, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2019, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -36,6 +36,12 @@ LARGE_INTEGER Curl_freq; bool Curl_isVistaOrGreater; +/* Handle of iphlpapp.dll */ +static HMODULE s_hIpHlpApiDll = NULL; + +/* Pointer to the if_nametoindex function */ +IF_NAMETOINDEX_FN Curl_if_nametoindex = NULL; + /* Curl_win32_init() performs win32 global initialization */ CURLcode Curl_win32_init(long flags) { @@ -89,6 +95,17 @@ CURLcode Curl_win32_init(long flags) } #endif + s_hIpHlpApiDll = Curl_load_library(TEXT("iphlpapi.dll")); + if(s_hIpHlpApiDll) { + /* Get the address of the if_nametoindex function */ + IF_NAMETOINDEX_FN pIfNameToIndex = + CURLX_FUNCTION_CAST(IF_NAMETOINDEX_FN, + (GetProcAddress(s_hIpHlpApiDll, "if_nametoindex"))); + + if(pIfNameToIndex) + Curl_if_nametoindex = pIfNameToIndex; + } + if(Curl_verify_windows_version(6, 0, PLATFORM_WINNT, VERSION_GREATER_THAN_EQUAL)) { Curl_isVistaOrGreater = TRUE; @@ -103,6 +120,12 @@ CURLcode Curl_win32_init(long flags) /* Curl_win32_cleanup() is the opposite of Curl_win32_init() */ void Curl_win32_cleanup(long init_flags) { + if(s_hIpHlpApiDll) { + FreeLibrary(s_hIpHlpApiDll); + s_hIpHlpApiDll = NULL; + Curl_if_nametoindex = NULL; + } + #ifdef USE_WINDOWS_SSPI Curl_sspi_global_cleanup(); #endif @@ -114,10 +137,6 @@ void Curl_win32_cleanup(long init_flags) } } -#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ - defined(USE_WINSOCK)) - - #if !defined(LOAD_WITH_ALTERED_SEARCH_PATH) #define LOAD_WITH_ALTERED_SEARCH_PATH 0x00000008 #endif @@ -140,8 +159,6 @@ typedef HMODULE (APIENTRY *LOADLIBRARYEX_FN)(LPCTSTR, HANDLE, DWORD); # define LOADLIBARYEX "LoadLibraryExA" #endif -#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ - /* * Curl_verify_windows_version() * @@ -334,9 +351,6 @@ bool Curl_verify_windows_version(const unsigned int majorVersion, return matched; } -#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ - defined(USE_WINSOCK)) - /* * Curl_load_library() * @@ -411,6 +425,4 @@ HMODULE Curl_load_library(LPCTSTR filename) return hModule; } -#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ - #endif /* WIN32 */ diff --git a/lib/system_win32.h b/lib/system_win32.h index 926328a9a..c07cf1fb7 100644 --- a/lib/system_win32.h +++ b/lib/system_win32.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 2016, Steve Holme, <steve_holme@hotmail.com>. + * Copyright (C) 2016 - 2019, Steve Holme, <steve_holme@hotmail.com>. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -48,20 +48,21 @@ typedef enum { PLATFORM_WINNT } PlatformIdentifier; +/* We use our own typedef here since some headers might lack this */ +typedef unsigned int(WINAPI *IF_NAMETOINDEX_FN)(const char *); + +/* This is used instread of if_nametoindex if available on Windows */ +IF_NAMETOINDEX_FN Curl_if_nametoindex; + /* This is used to verify if we are running on a specific windows version */ bool Curl_verify_windows_version(const unsigned int majorVersion, const unsigned int minorVersion, const PlatformIdentifier platform, const VersionCondition condition); -#if defined(USE_WINDOWS_SSPI) || (!defined(CURL_DISABLE_TELNET) && \ - defined(USE_WINSOCK)) - /* This is used to dynamically load DLLs */ HMODULE Curl_load_library(LPCTSTR filename); -#endif /* USE_WINDOWS_SSPI || (!CURL_DISABLE_TELNET && USE_WINSOCK) */ - #endif /* WIN32 */ #endif /* HEADER_CURL_SYSTEM_WIN32_H */ @@ -34,10 +34,12 @@ #ifdef HAVE_NET_IF_H #include <net/if.h> #endif +#ifdef HAVE_IPHLPAPI_H +#include <Iphlpapi.h> +#endif #ifdef HAVE_SYS_IOCTL_H #include <sys/ioctl.h> #endif - #ifdef HAVE_SYS_PARAM_H #include <sys/param.h> #endif @@ -93,6 +95,7 @@ bool curl_win32_idn_to_ascii(const char *in, char **out); #include "inet_pton.h" #include "getinfo.h" #include "urlapi-int.h" +#include "system_win32.h" /* And now for the protocols */ #include "ftp.h" @@ -439,7 +442,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) set->httpreq = HTTPREQ_GET; /* Default HTTP request */ set->rtspreq = RTSPREQ_OPTIONS; /* Default RTSP request */ -#ifndef CURL_DISABLE_FILE +#ifndef CURL_DISABLE_FTP set->ftp_use_epsv = TRUE; /* FTP defaults to EPSV operations */ set->ftp_use_eprt = TRUE; /* FTP defaults to EPRT operations */ set->ftp_use_pret = FALSE; /* mainly useful for drftpd servers */ @@ -1004,6 +1007,7 @@ ConnectionExists(struct Curl_easy *data, bool canmultiplex = IsMultiplexingPossible(data, needle); struct connectbundle *bundle; struct curltime now = Curl_now(); + const char *hostbundle; #ifdef USE_NTLM bool wantNTLMhttp = ((data->state.authhost.want & @@ -1020,16 +1024,15 @@ ConnectionExists(struct Curl_easy *data, /* Look up the bundle with all the connections to this particular host. Locks the connection cache, beware of early returns! */ - bundle = Curl_conncache_find_bundle(needle, data->state.conn_cache); + bundle = Curl_conncache_find_bundle(needle, data->state.conn_cache, + &hostbundle); if(bundle) { /* Max pipe length is zero (unlimited) for multiplexed connections */ struct curl_llist_element *curr; infof(data, "Found bundle for host %s: %p [%s]\n", - (needle->bits.conn_to_host ? needle->conn_to_host.name : - needle->host.name), (void *)bundle, - (bundle->multiuse == BUNDLE_MULTIPLEX ? - "can multiplex" : "serially")); + hostbundle, (void *)bundle, (bundle->multiuse == BUNDLE_MULTIPLEX ? + "can multiplex" : "serially")); /* We can't multiplex if we don't know anything about the server */ if(canmultiplex) { @@ -1884,6 +1887,50 @@ CURLcode Curl_uc_to_curlcode(CURLUcode uc) } /* + * If the URL was set with an IPv6 numerical address with a zone id part, set + * the scope_id based on that! + */ + +static void zonefrom_url(CURLU *uh, struct connectdata *conn) +{ + char *zoneid; + CURLUcode uc; + + uc = curl_url_get(uh, CURLUPART_ZONEID, &zoneid, 0); + + if(!uc && zoneid) { + char *endp; + unsigned long scope = strtoul(zoneid, &endp, 10); + if(!*endp && (scope < UINT_MAX)) + /* A plain number, use it directly as a scope id. */ + conn->scope_id = (unsigned int)scope; +#if defined(HAVE_IF_NAMETOINDEX) + else { +#elif defined(WIN32) + else if(Curl_if_nametoindex) { +#endif + +#if defined(HAVE_IF_NAMETOINDEX) || defined(WIN32) + /* Zone identifier is not numeric */ + unsigned int scopeidx = 0; +#if defined(WIN32) + scopeidx = Curl_if_nametoindex(zoneid); +#else + scopeidx = if_nametoindex(zoneid); +#endif + if(!scopeidx) + infof(conn->data, "Invalid zoneid: %s; %s\n", zoneid, + strerror(errno)); + else + conn->scope_id = scopeidx; + } +#endif /* HAVE_IF_NAMETOINDEX || WIN32 */ + + free(zoneid); + } +} + +/* * Parse URL and fill in the relevant members of the connection struct. */ static CURLcode parseurlandfillconn(struct Curl_easy *data, @@ -1991,7 +2038,7 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, } else { unsigned long port = strtoul(data->state.up.port, NULL, 10); - conn->remote_port = curlx_ultous(port); + conn->port = conn->remote_port = curlx_ultous(port); } (void)curl_url_get(uh, CURLUPART_QUERY, &data->state.up.query, 0); @@ -2004,38 +2051,14 @@ static CURLcode parseurlandfillconn(struct Curl_easy *data, if(hostname[0] == '[') { /* This looks like an IPv6 address literal. See if there is an address scope. */ - char *zoneid; size_t hlen; - uc = curl_url_get(uh, CURLUPART_ZONEID, &zoneid, 0); conn->bits.ipv6_ip = TRUE; - /* cut off the brackets! */ hostname++; hlen = strlen(hostname); hostname[hlen - 1] = 0; - if(!uc && zoneid) { - char *endp; - unsigned long scope; - scope = strtoul(zoneid, &endp, 10); - if(!*endp && (scope < UINT_MAX)) { - /* A plain number, use it direcly as a scope id. */ - conn->scope_id = (unsigned int)scope; - } -#ifdef HAVE_IF_NAMETOINDEX - else { - /* Zone identifier is not numeric */ - unsigned int scopeidx = 0; - scopeidx = if_nametoindex(zoneid); - if(!scopeidx) - infof(data, "Invalid zoneid id: %s; %s\n", zoneid, - strerror(errno)); - else - conn->scope_id = scopeidx; - } -#endif /* HAVE_IF_NAMETOINDEX */ - free(zoneid); - } + zonefrom_url(uh, conn); } /* make sure the connect struct gets its own copy of the host name */ @@ -2298,7 +2321,7 @@ static CURLcode parse_proxy(struct Curl_easy *data, struct connectdata *conn, char *proxy, curl_proxytype proxytype) { - char *portptr; + char *portptr = NULL; long port = -1; char *proxyuser = NULL; char *proxypasswd = NULL; @@ -2422,6 +2445,7 @@ static CURLcode parse_proxy(struct Curl_easy *data, size_t len = strlen(host); host[len-1] = 0; /* clear the trailing bracket */ host++; + zonefrom_url(uhp, conn); } proxyinfo->host.name = host; @@ -3749,8 +3773,9 @@ static CURLcode create_conn(struct Curl_easy *data, connections_available = FALSE; else { /* this gets a lock on the conncache */ + const char *bundlehost; struct connectbundle *bundle = - Curl_conncache_find_bundle(conn, data->state.conn_cache); + Curl_conncache_find_bundle(conn, data->state.conn_cache, &bundlehost); if(max_host_connections > 0 && bundle && (bundle->num_connections >= max_host_connections)) { @@ -3764,8 +3789,8 @@ static CURLcode create_conn(struct Curl_easy *data, (void)Curl_disconnect(data, conn_candidate, /* dead_connection */ FALSE); else { - infof(data, "No more connections allowed to host: %zu\n", - max_host_connections); + infof(data, "No more connections allowed to host %s: %zu\n", + bundlehost, max_host_connections); connections_available = FALSE; } } diff --git a/lib/urldata.h b/lib/urldata.h index 5ca202f2e..7a30134a6 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -618,8 +618,8 @@ struct SingleRequest { bit upload_done:1; /* set to TRUE when doing chunked transfer-encoding upload and we're uploading the last chunk */ bit ignorebody:1; /* we read a response-body but we ignore it! */ - bit ignorecl:1; /* This HTTP response has no body so we ignore the - Content-Length: header */ + bit http_bodyless:1; /* HTTP response status code is between 100 and 199, + 204 or 304 */ bit chunk:1; /* if set, this is a chunked transfer-encoding */ bit upload_chunky:1; /* set TRUE if we are doing chunked transfer-encoding on upload */ @@ -1082,8 +1082,9 @@ struct PureInfo { const char *conn_scheme; unsigned int conn_protocol; struct curl_certinfo certs; /* info about the certs, only populated in - OpenSSL builds. Asked for with - CURLOPT_CERTINFO / CURLINFO_CERTINFO */ + OpenSSL, GnuTLS, Schannel, NSS and GSKit + builds. Asked for with CURLOPT_CERTINFO + / CURLINFO_CERTINFO */ bit timecond:1; /* set to TRUE if the time condition didn't match, which thus made the document NOT get fetched */ @@ -1779,6 +1780,7 @@ struct Curl_easy { struct connectdata *conn; struct curl_llist_element connect_queue; struct curl_llist_element sh_queue; /* list per Curl_sh_entry */ + struct Curl_sh_entry *sh_entry; /* the socket hash this was added to */ struct curl_llist_element conn_queue; /* list per connectdata */ CURLMstate mstate; /* the handle's state */ diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 491def106..3125f0b70 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -216,6 +216,11 @@ static const cipher_s cipherlist[] = { {"dhe_rsa_chacha20_poly1305_sha_256", TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, #endif +#ifdef TLS_AES_256_GCM_SHA384 + {"aes_128_gcm_sha_256", TLS_AES_128_GCM_SHA256}, + {"aes_256_gcm_sha_384", TLS_AES_256_GCM_SHA384}, + {"chacha20_poly1305_sha_256", TLS_CHACHA20_POLY1305_SHA256}, +#endif }; #ifdef WIN32 diff --git a/lib/vtls/sectransp.c b/lib/vtls/sectransp.c index 2fdf662a1..3fb125ab5 100644 --- a/lib/vtls/sectransp.c +++ b/lib/vtls/sectransp.c @@ -2111,8 +2111,8 @@ static int append_cert_to_array(struct Curl_easy *data, return CURLE_OK; } -static int verify_cert(const char *cafile, struct Curl_easy *data, - SSLContextRef ctx) +static CURLcode verify_cert(const char *cafile, struct Curl_easy *data, + SSLContextRef ctx) { int n = 0, rc; long res; @@ -2370,10 +2370,10 @@ sectransp_connect_step2(struct connectdata *conn, int sockindex) Leopard's headers */ case -9841: if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { - int res = verify_cert(SSL_CONN_CONFIG(CAfile), data, - BACKEND->ssl_ctx); - if(res != CURLE_OK) - return res; + CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), data, + BACKEND->ssl_ctx); + if(result) + return result; } /* the documentation says we need to call SSLHandshake() again */ return sectransp_connect_step2(conn, sockindex); @@ -3186,7 +3186,10 @@ static ssize_t sectransp_recv(struct connectdata *conn, /*struct Curl_easy *data = conn->data;*/ struct ssl_connect_data *connssl = &conn->ssl[num]; size_t processed = 0UL; - OSStatus err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); + OSStatus err; + + again: + err = SSLRead(BACKEND->ssl_ctx, buf, buffersize, &processed); if(err != noErr) { switch(err) { @@ -3207,6 +3210,16 @@ static ssize_t sectransp_recv(struct connectdata *conn, return -1L; break; + /* The below is errSSLPeerAuthCompleted; it's not defined in + Leopard's headers */ + case -9841: + if(SSL_CONN_CONFIG(CAfile) && SSL_CONN_CONFIG(verifypeer)) { + CURLcode result = verify_cert(SSL_CONN_CONFIG(CAfile), conn->data, + BACKEND->ssl_ctx); + if(result) + return result; + } + goto again; default: failf(conn->data, "SSLRead() return error %d", err); *curlcode = CURLE_RECV_ERROR; diff --git a/m4/curl-functions.m4 b/m4/curl-functions.m4 index b79e18198..84f6ffcb2 100644 --- a/m4/curl-functions.m4 +++ b/m4/curl-functions.m4 @@ -563,6 +563,23 @@ curl_includes_bsdsocket="\ [], [], [ $curl_includes_bsdsocket]) ]) +dnl CURL_INCLUDES_NETIF +dnl ------------------------------------------------- +dnl Set up variable with list of headers that must be +dnl included when net/if.h is to be included. + +AC_DEFUN([CURL_INCLUDES_NETIF], [ +curl_includes_netif="\ +/* includes start */ +#ifdef HAVE_NET_IF_H +# include <net/if.h> +#endif +/* includes end */" + AC_CHECK_HEADERS( + net/if.h, + [], [], [$curl_includes_netif]) +]) + dnl CURL_PREPROCESS_CALLCONV dnl ------------------------------------------------- @@ -3108,6 +3125,102 @@ AC_DEFUN([CURL_CHECK_FUNC_GETSOCKNAME], [ fi ]) +dnl CURL_CHECK_FUNC_IF_NAMETOINDEX +dnl ------------------------------------------------- +dnl Verify if if_nametoindex is available, prototyped, and +dnl can be compiled. If all of these are true, and +dnl usage has not been previously disallowed with +dnl shell variable curl_disallow_if_nametoindex, then +dnl HAVE_IF_NAMETOINDEX will be defined. + +AC_DEFUN([CURL_CHECK_FUNC_IF_NAMETOINDEX], [ + AC_REQUIRE([CURL_INCLUDES_WINSOCK2])dnl + AC_REQUIRE([CURL_INCLUDES_NETIF])dnl + AC_REQUIRE([CURL_PREPROCESS_CALLCONV])dnl + # + tst_links_if_nametoindex="unknown" + tst_proto_if_nametoindex="unknown" + tst_compi_if_nametoindex="unknown" + tst_allow_if_nametoindex="unknown" + # + AC_MSG_CHECKING([if if_nametoindex can be linked]) + AC_LINK_IFELSE([ + AC_LANG_PROGRAM([[ + $curl_includes_winsock2 + $curl_includes_bsdsocket + #include <net/if.h> + ]],[[ + if(0 != if_nametoindex("")) + return 1; + ]]) + ],[ + AC_MSG_RESULT([yes]) + tst_links_if_nametoindex="yes" + ],[ + AC_MSG_RESULT([no]) + tst_links_if_nametoindex="no" + ]) + # + if test "$tst_links_if_nametoindex" = "yes"; then + AC_MSG_CHECKING([if if_nametoindex is prototyped]) + AC_EGREP_CPP([if_nametoindex],[ + $curl_includes_winsock2 + $curl_includes_netif + ],[ + AC_MSG_RESULT([yes]) + tst_proto_if_nametoindex="yes" + ],[ + AC_MSG_RESULT([no]) + tst_proto_if_nametoindex="no" + ]) + fi + # + if test "$tst_proto_if_nametoindex" = "yes"; then + AC_MSG_CHECKING([if if_nametoindex is compilable]) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + $curl_includes_winsock2 + $curl_includes_netif + ]],[[ + if(0 != if_nametoindex("")) + return 1; + ]]) + ],[ + AC_MSG_RESULT([yes]) + tst_compi_if_nametoindex="yes" + ],[ + AC_MSG_RESULT([no]) + tst_compi_if_nametoindex="no" + ]) + fi + # + if test "$tst_compi_if_nametoindex" = "yes"; then + AC_MSG_CHECKING([if if_nametoindex usage allowed]) + if test "x$curl_disallow_if_nametoindex" != "xyes"; then + AC_MSG_RESULT([yes]) + tst_allow_if_nametoindex="yes" + else + AC_MSG_RESULT([no]) + tst_allow_if_nametoindex="no" + fi + fi + # + AC_MSG_CHECKING([if if_nametoindex might be used]) + if test "$tst_links_if_nametoindex" = "yes" && + test "$tst_proto_if_nametoindex" = "yes" && + test "$tst_compi_if_nametoindex" = "yes" && + test "$tst_allow_if_nametoindex" = "yes"; then + AC_MSG_RESULT([yes]) + AC_DEFINE_UNQUOTED(HAVE_IF_NAMETOINDEX, 1, + [Define to 1 if you have the if_nametoindex function.]) + curl_cv_func_if_nametoindex="yes" + else + AC_MSG_RESULT([no]) + curl_cv_func_if_nametoindex="no" + fi +]) + + dnl CURL_CHECK_FUNC_GETIFADDRS dnl ------------------------------------------------- dnl Verify if getifaddrs is available, prototyped, can diff --git a/src/tool_help.c b/src/tool_help.c index ad6b6a107..9209a13dd 100644 --- a/src/tool_help.c +++ b/src/tool_help.c @@ -335,8 +335,8 @@ static const struct helptxt helptext[] = { "SPNEGO proxy service name"}, {" --proxy-ssl-allow-beast", "Allow security flaw for interop for HTTPS proxy"}, - {" --proxy-tls13-ciphers <ciphersuite list>", - "TLS 1.3 proxy cipher suites"}, + {" --proxy-tls13-ciphers <list>", + "TLS 1.3 ciphersuites for proxy (OpenSSL)"}, {" --proxy-tlsauthtype <type>", "TLS authentication type for HTTPS proxy"}, {" --proxy-tlspassword <string>", @@ -445,8 +445,8 @@ static const struct helptxt helptext[] = { "Transfer based on a time condition"}, {" --tls-max <VERSION>", "Set maximum allowed TLS version"}, - {" --tls13-ciphers <list of TLS 1.3 ciphersuites>", - "TLS 1.3 cipher suites to use"}, + {" --tls13-ciphers <list>", + "TLS 1.3 ciphersuites (OpenSSL)"}, {" --tlsauthtype <type>", "TLS authentication type"}, {" --tlspassword", diff --git a/src/tool_parsecfg.c b/src/tool_parsecfg.c index e36b06c23..36c7bccf0 100644 --- a/src/tool_parsecfg.c +++ b/src/tool_parsecfg.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, <daniel@haxx.se>, et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -46,7 +46,7 @@ static char *my_get_line(FILE *fp); /* return 0 on everything-is-fine, and non-zero otherwise */ int parseconfig(const char *filename, struct GlobalConfig *global) { - FILE *file; + FILE *file = NULL; char filebuffer[512]; bool usedarg = FALSE; int rc = 0; @@ -69,7 +69,6 @@ int parseconfig(const char *filename, struct GlobalConfig *global) */ file = fopen(filebuffer, FOPEN_READTEXT); if(file != NULL) { - fclose(file); filename = filebuffer; } else { @@ -77,8 +76,9 @@ int parseconfig(const char *filename, struct GlobalConfig *global) * already declared via inclusions done in setup header file. * We assume that we are using the ASCII version here. */ - int n = GetModuleFileNameA(0, filebuffer, sizeof(filebuffer)); - if(n > 0 && n < (int)sizeof(filebuffer)) { + unsigned long len = GetModuleFileNameA(0, filebuffer, + sizeof(filebuffer)); + if(len > 0 && len < sizeof(filebuffer)) { /* We got a valid filename - get the directory part */ char *lastdirchar = strrchr(filebuffer, '\\'); if(lastdirchar) { @@ -110,10 +110,12 @@ int parseconfig(const char *filename, struct GlobalConfig *global) #endif } - if(strcmp(filename, "-")) - file = fopen(filename, FOPEN_READTEXT); - else - file = stdin; + if(!file) { /* WIN32: no need to fopen() again */ + if(strcmp(filename, "-")) + file = fopen(filename, FOPEN_READTEXT); + else + file = stdin; + } if(file) { char *line; diff --git a/src/tool_setopt.c b/src/tool_setopt.c index 745b4546e..ff67c22e7 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -713,4 +713,56 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *config, return ret; } +#else /* CURL_DISABLE_LIBCURL_OPTION */ + +#include "tool_cfgable.h" +#include "tool_setopt.h" + #endif /* CURL_DISABLE_LIBCURL_OPTION */ + +CURLcode tool_real_error(CURLcode result, CURLoption tag) +{ +#ifdef CURL_DISABLE_PROXY + switch(tag) { + case CURLOPT_HAPROXYPROTOCOL: + case CURLOPT_HTTPPROXYTUNNEL: + case CURLOPT_NOPROXY: + case CURLOPT_PRE_PROXY: + case CURLOPT_PROXY: + case CURLOPT_PROXYAUTH: + case CURLOPT_PROXY_CAINFO: + case CURLOPT_PROXY_CAPATH: + case CURLOPT_PROXY_CRLFILE: + case CURLOPT_PROXYHEADER: + case CURLOPT_PROXY_KEYPASSWD: + case CURLOPT_PROXYPASSWORD: + case CURLOPT_PROXY_PINNEDPUBLICKEY: + case CURLOPT_PROXYPORT: + case CURLOPT_PROXY_SERVICE_NAME: + case CURLOPT_PROXY_SSLCERT: + case CURLOPT_PROXY_SSLCERTTYPE: + case CURLOPT_PROXY_SSL_CIPHER_LIST: + case CURLOPT_PROXY_SSLKEY: + case CURLOPT_PROXY_SSLKEYTYPE: + case CURLOPT_PROXY_SSL_OPTIONS: + case CURLOPT_PROXY_SSL_VERIFYHOST: + case CURLOPT_PROXY_SSL_VERIFYPEER: + case CURLOPT_PROXY_SSLVERSION: + case CURLOPT_PROXY_TLS13_CIPHERS: + case CURLOPT_PROXY_TLSAUTH_PASSWORD: + case CURLOPT_PROXY_TLSAUTH_TYPE: + case CURLOPT_PROXY_TLSAUTH_USERNAME: + case CURLOPT_PROXY_TRANSFER_MODE: + case CURLOPT_PROXYTYPE: + case CURLOPT_PROXYUSERNAME: + case CURLOPT_PROXYUSERPWD: + return CURLE_OK; /* pretend it worked */ + default: + break; + } +#else + (void)tag; +#endif + return result; +} + diff --git a/src/tool_setopt.h b/src/tool_setopt.h index 663041f65..2266d1c9c 100644 --- a/src/tool_setopt.h +++ b/src/tool_setopt.h @@ -29,11 +29,14 @@ * Macros used in operate() */ -#define SETOPT_CHECK(v) do { \ - result = (v); \ - if(result) \ - goto show_error; \ -} WHILE_FALSE +#define SETOPT_CHECK(v,opt) do { \ + result = tool_real_error((v), opt); \ + if(result) \ + goto show_error; \ + } WHILE_FALSE + +/* allow removed features to simulate success: */ +CURLcode tool_real_error(CURLcode result, CURLoption tag); #ifndef CURL_DISABLE_LIBCURL_OPTION @@ -97,25 +100,25 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *config, const char *name, CURLoption tag, ...); #define my_setopt(x,y,z) \ - SETOPT_CHECK(tool_setopt(x, FALSE, global, #y, y, z)) + SETOPT_CHECK(tool_setopt(x, FALSE, global, #y, y, z), y) #define my_setopt_str(x,y,z) \ - SETOPT_CHECK(tool_setopt(x, TRUE, global, #y, y, z)) + SETOPT_CHECK(tool_setopt(x, TRUE, global, #y, y, z), y) #define my_setopt_enum(x,y,z) \ - SETOPT_CHECK(tool_setopt_enum(x, global, #y, y, setopt_nv_ ## y, z)) + SETOPT_CHECK(tool_setopt_enum(x, global, #y, y, setopt_nv_ ## y, z), y) #define my_setopt_flags(x,y,z) \ - SETOPT_CHECK(tool_setopt_flags(x, global, #y, y, setopt_nv_ ## y, z)) + SETOPT_CHECK(tool_setopt_flags(x, global, #y, y, setopt_nv_ ## y, z), y) #define my_setopt_bitmask(x,y,z) \ - SETOPT_CHECK(tool_setopt_bitmask(x, global, #y, y, setopt_nv_ ## y, z)) + SETOPT_CHECK(tool_setopt_bitmask(x, global, #y, y, setopt_nv_ ## y, z), y) #define my_setopt_mimepost(x,y,z) \ - SETOPT_CHECK(tool_setopt_mimepost(x, global, #y, y, z)) + SETOPT_CHECK(tool_setopt_mimepost(x, global, #y, y, z), y) #define my_setopt_slist(x,y,z) \ - SETOPT_CHECK(tool_setopt_slist(x, global, #y, y, z)) + SETOPT_CHECK(tool_setopt_slist(x, global, #y, y, z), y) #define res_setopt(x,y,z) tool_setopt(x, FALSE, global, #y, y, z) @@ -126,25 +129,25 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *config, /* No --libcurl, so pass options directly to library */ #define my_setopt(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define my_setopt_str(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define my_setopt_enum(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define my_setopt_flags(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define my_setopt_bitmask(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define my_setopt_mimepost(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define my_setopt_slist(x,y,z) \ - SETOPT_CHECK(curl_easy_setopt(x, y, z)) + SETOPT_CHECK(curl_easy_setopt(x, y, z), y) #define res_setopt(x,y,z) curl_easy_setopt(x,y,z) diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index e01c1ae01..72db6b148 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -57,7 +57,7 @@ test298 test299 test300 test301 test302 test303 test304 test305 test306 \ test307 test308 test309 test310 test311 test312 test313 test314 test315 \ test316 test317 test318 test319 test320 test321 test322 test323 test324 \ test325 test326 test327 test328 test329 test330 test331 test332 test333 \ -\ +test334 \ test340 \ \ test350 test351 test352 test353 test354 test355 test356 \ diff --git a/tests/data/test1406 b/tests/data/test1406 index 0c2e8602f..fb134b1f3 100644 --- a/tests/data/test1406 +++ b/tests/data/test1406 @@ -89,7 +89,6 @@ int main(int argc, char *argv[]) them yourself. CURLOPT_WRITEDATA set to a objectpointer - CURLOPT_INTERLEAVEDATA set to a objectpointer CURLOPT_WRITEFUNCTION set to a functionpointer CURLOPT_READDATA set to a objectpointer CURLOPT_READFUNCTION set to a functionpointer @@ -117,12 +116,14 @@ int main(int argc, char *argv[]) </file> <stripfile> # These options vary with configurations - just ignore them +# CURLOPT_INTERLEAVEDATA requires RTSP (HTTP) protocol $_ = '' if /CURLOPT_USERAGENT/ $_ = '' if /CURLOPT_MAXREDIRS/ $_ = '' if /CURLOPT_SSL_VERIFYPEER/ $_ = '' if /CURLOPT_SSH_KNOWNHOSTS/ $_ = '' if /CURLOPT_HTTP_VERSION/ $_ = '' if /CURLOPT_HTTP09_ALLOWED/ +$_ = '' if /CURLOPT_INTERLEAVEDATA/ </stripfile> </verify> </testcase> diff --git a/tests/data/test1420 b/tests/data/test1420 index a1153a788..b47510511 100644 --- a/tests/data/test1420 +++ b/tests/data/test1420 @@ -75,7 +75,6 @@ int main(int argc, char *argv[]) them yourself. CURLOPT_WRITEDATA set to a objectpointer - CURLOPT_INTERLEAVEDATA set to a objectpointer CURLOPT_WRITEFUNCTION set to a functionpointer CURLOPT_READDATA set to a objectpointer CURLOPT_READFUNCTION set to a functionpointer @@ -101,11 +100,13 @@ int main(int argc, char *argv[]) </file> <stripfile> # These options vary with configurations - just ignore them +# CURLOPT_INTERLEAVEDATA requires RTSP (HTTP) protocol $_ = '' if /CURLOPT_USERAGENT/ $_ = '' if /CURLOPT_MAXREDIRS/ $_ = '' if /CURLOPT_SSL_VERIFYPEER/ $_ = '' if /CURLOPT_SSH_KNOWNHOSTS/ $_ = '' if /CURLOPT_HTTP_VERSION/ +$_ = '' if /CURLOPT_INTERLEAVEDATA/ </stripfile> </verify> </testcase> diff --git a/tests/data/test1429 b/tests/data/test1429 index 20b031a1e..b6a66c75f 100644 --- a/tests/data/test1429 +++ b/tests/data/test1429 @@ -9,7 +9,7 @@ HTTP/0.9 <reply> <data nocheck="yes"> -HTTP/1.1 1234 OK +HTTP/1.1 2345 OK Date: Thu, 09 Nov 2010 14:49:00 GMT Server: test-server/fake Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT @@ -43,7 +43,7 @@ http://%HOSTIP:%HTTPPORT/1429 --write-out '%{response_code}' --http0.9 # Verify data after the test has been "shot" <verify> <stdout nonewline="yes"> -HTTP/1.1 1234 OK +HTTP/1.1 2345 OK Date: Thu, 09 Nov 2010 14:49:00 GMT Server: test-server/fake Last-Modified: Tue, 13 Jun 2000 12:10:00 GMT @@ -55,7 +55,7 @@ Content-Type: text/html Funny-head: yesyes -foo- -123 +234 </stdout> <strip> ^User-Agent:.* diff --git a/tests/data/test1455 b/tests/data/test1455 index 7276ea4ec..2684d34e9 100644 --- a/tests/data/test1455 +++ b/tests/data/test1455 @@ -3,6 +3,8 @@ <keywords> HTTP HTTP GET +proxy +haproxy </keywords> </info> diff --git a/tests/data/test1456 b/tests/data/test1456 index 007473618..45244e604 100644 --- a/tests/data/test1456 +++ b/tests/data/test1456 @@ -3,6 +3,8 @@ <keywords> HTTP HTTP GET +proxy +haproxy IPv6 </keywords> </info> diff --git a/tests/data/test334 b/tests/data/test334 new file mode 100644 index 000000000..c02a65b8d --- /dev/null +++ b/tests/data/test334 @@ -0,0 +1,44 @@ +<testcase> +<info> +<keywords> +HTTP +204 +</keywords> +</info> +# Server-side +<reply> +<data> +HTTP/1.1 204 No Content +Date: Mon, 13 Nov 2000 13:41:09 GMT +Server: myown/1.0 +Transfer-Encoding: chunked + +</data> +</reply> + +# Client-side +<client> +<server> +http +</server> +<name> +HTTP 204 No content with chunked header +</name> +<command> +http://%HOSTIP:%HTTPPORT/want/334 +</command> +</client> + +# Verify data after the test has been "shot" +<verify> +<strip> +^User-Agent:.* +</strip> +<protocol> +GET /want/334 HTTP/1.1
+Host: %HOSTIP:%HTTPPORT
+Accept: */*
+
+</protocol> +</verify> +</testcase> diff --git a/tests/server/.gitignore b/tests/server/.gitignore index 497783b82..d410f5ea4 100644 --- a/tests/server/.gitignore +++ b/tests/server/.gitignore @@ -5,3 +5,4 @@ rtspd sockfilt sws tftpd +socksd diff --git a/tests/sshhelp.pm b/tests/sshhelp.pm index 7345eb300..47ea2324c 100644 --- a/tests/sshhelp.pm +++ b/tests/sshhelp.pm @@ -430,6 +430,16 @@ sub sshversioninfo { $error = undef; last; } + if($tmpstr =~ /OpenSSH[_-]for[_-]Windows[_-](\d+)\.(\d+)(\.(\d+))*/i) { + $major = $1; + $minor = $2; + $patch = $4?$4:0; + $sshid = 'OpenSSH-Windows'; + $versnum = (100*$major) + (10*$minor) + $patch; + $versstr = "$sshid $major.$minor.$patch"; + $error = undef; + last; + } if($tmpstr =~ /Sun[_-]SSH[_-](\d+)\.(\d+)(\.(\d+))*/i) { $major = $1; $minor = $2; diff --git a/tests/sshserver.pl b/tests/sshserver.pl index 428535ece..bcb2f1b3a 100755..100644 --- a/tests/sshserver.pl +++ b/tests/sshserver.pl @@ -389,6 +389,17 @@ if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys') { $pidfile_config = pathhelp::build_sys_abs_path($pidfile_config); $sftpsrv_config = "internal-sftp"; } +if ($sshdid =~ /OpenSSH-Windows/) { + # Ensure to use native Windows paths with OpenSSH for Windows + $clipubkeyf_config = pathhelp::sys_native_abs_path($clipubkeyf); + $hstprvkeyf_config = pathhelp::sys_native_abs_path($hstprvkeyf); + $pidfile_config = pathhelp::sys_native_abs_path($pidfile); + $sftpsrv_config = pathhelp::sys_native_abs_path($sftpsrv); + + $sshdconfig = pathhelp::sys_native_abs_path($sshdconfig); + $sshconfig = pathhelp::sys_native_abs_path($sshconfig); + $sftpconfig = pathhelp::sys_native_abs_path($sftpconfig); +} #*************************************************************************** # ssh daemon configuration file options we might use and version support @@ -483,8 +494,18 @@ logmsg 'generating ssh server config file...' if($verbose); push @cfgarr, '# This is a generated file. Do not edit.'; push @cfgarr, "# $sshdverstr sshd configuration file for curl testing"; push @cfgarr, '#'; -push @cfgarr, "DenyUsers !$username"; -push @cfgarr, "AllowUsers $username"; + +# AllowUsers and DenyUsers options should use lowercase on Windows +# and do not support quotes around values for some unknown reason. +if ($sshdid =~ /OpenSSH-Windows/) { + my $username_lc = lc $username; + push @cfgarr, "DenyUsers !$username_lc"; + push @cfgarr, "AllowUsers $username_lc"; +} else { + push @cfgarr, "DenyUsers !$username"; + push @cfgarr, "AllowUsers $username"; +} + push @cfgarr, 'DenyGroups'; push @cfgarr, 'AllowGroups'; push @cfgarr, '#'; @@ -758,7 +779,11 @@ if ($^O eq 'MSWin32' || $^O eq 'cygwin' || $^O eq 'msys') { $identity_config = pathhelp::build_sys_abs_path($identity_config); $knownhosts_config = pathhelp::build_sys_abs_path($knownhosts_config); } - +if ($sshdid =~ /OpenSSH-Windows/) { + # Ensure to use native Windows paths with OpenSSH for Windows + $identity_config = pathhelp::sys_native_abs_path($identity); + $knownhosts_config = pathhelp::sys_native_abs_path($knownhosts); +} #*************************************************************************** # ssh client configuration file options we might use and version support @@ -853,7 +878,12 @@ push @cfgarr, "HostName $listenaddr"; push @cfgarr, "User $username"; push @cfgarr, 'Protocol 2'; push @cfgarr, '#'; -push @cfgarr, "BindAddress $listenaddr"; + +# BindAddress option is not supported by OpenSSH for Windows +if (!($sshdid =~ /OpenSSH-Windows/)) { + push @cfgarr, "BindAddress $listenaddr"; +} + push @cfgarr, '#'; push @cfgarr, "IdentityFile $identity_config"; push @cfgarr, "UserKnownHostsFile $knownhosts_config"; @@ -875,8 +905,12 @@ push @cfgarr, 'NumberOfPasswordPrompts 0'; push @cfgarr, 'PasswordAuthentication no'; push @cfgarr, 'PreferredAuthentications publickey'; push @cfgarr, 'PubkeyAuthentication yes'; -push @cfgarr, 'RhostsRSAAuthentication no'; -push @cfgarr, 'RSAAuthentication no'; + +# RSA authentication options are not supported by OpenSSH for Windows +if (!($sshdid =~ /OpenSSH-Windows/)) { + push @cfgarr, 'RhostsRSAAuthentication no'; + push @cfgarr, 'RSAAuthentication no'; +} # Disabled StrictHostKeyChecking since it makes the tests fail on my # OpenSSH_6.0p1 on Debian Linux / Daniel diff --git a/winbuild/gen_resp_file.bat b/winbuild/gen_resp_file.bat index 8b6dbc577..79a27acf7 100755 --- a/winbuild/gen_resp_file.bat +++ b/winbuild/gen_resp_file.bat @@ -22,7 +22,7 @@ rem * rem *************************************************************************** if exist %OUTFILE% ( - del %OUTFILE% + del %OUTFILE% ) echo %MACRO_NAME% = \> %OUTFILE% diff --git a/winbuild/makedebug.cmd b/winbuild/makedebug.cmd index 899b744d7..9b59284c6 100644 --- a/winbuild/makedebug.cmd +++ b/winbuild/makedebug.cmd @@ -24,10 +24,11 @@ rem *************************************************************************** where.exe nmake.exe >nul 2>&1 IF %ERRORLEVEL% == 1 ( - ECHO Error: Can't find `nmake.exe` - be sure to run this script from within a Developer Command-Prompt - ECHO. + ECHO Error: Can't find `nmake.exe` - be sure to run this script from within a Developer Command-Prompt + ECHO. ) ELSE ( - nmake /f Makefile.vc mode=static DEBUG=yes GEN_PDB=yes - IF %ERRORLEVEL% NEQ 0 (ECHO "Error: Build Failed") + nmake /f Makefile.vc mode=static DEBUG=yes GEN_PDB=yes + IF %ERRORLEVEL% NEQ 0 ( + ECHO "Error: Build Failed" + ) ) - |