From 04ac54e1965041684fc1b6532eba90f58601264e Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Sat, 25 May 2019 10:04:08 +0200 Subject: sws: remove unused variables Unused since commit 2f44e94. Closes https://github.com/curl/curl/pull/3975 --- tests/server/sws.c | 25 ++++++++----------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/tests/server/sws.c b/tests/server/sws.c index e5806875c..963357799 100644 --- a/tests/server/sws.c +++ b/tests/server/sws.c @@ -952,28 +952,19 @@ static int get_request(curl_socket_t sock, struct httprequest *req) ssize_t got = 0; int overflow = 0; - char *pipereq = NULL; - size_t pipereq_length = 0; - if(req->offset >= REQBUFSIZ-1) { /* buffer is already full; do nothing */ overflow = 1; } else { - if(pipereq_length && pipereq) { - memmove(reqbuf, pipereq, pipereq_length); - got = curlx_uztosz(pipereq_length); - pipereq_length = 0; - } - else { - if(req->skip) - /* we are instructed to not read the entire thing, so we make sure to - only read what we're supposed to and NOT read the enire thing the - client wants to send! */ - got = sread(sock, reqbuf + req->offset, req->cl); - else - got = sread(sock, reqbuf + req->offset, REQBUFSIZ-1 - req->offset); - } + if(req->skip) + /* we are instructed to not read the entire thing, so we make sure to + only read what we're supposed to and NOT read the enire thing the + client wants to send! */ + got = sread(sock, reqbuf + req->offset, req->cl); + else + got = sread(sock, reqbuf + req->offset, REQBUFSIZ-1 - req->offset); + if(got_exit_signal) return -1; if(got == 0) { -- cgit v1.2.3 From e23c52b3295a525fbaae9e7ed3e7061fea6dffc2 Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Sat, 25 May 2019 10:06:08 +0200 Subject: build: fix Codacy warnings Reduce variable scopes and remove redundant variable stores. Closes https://github.com/curl/curl/pull/3975 --- CMake/CurlTests.c | 2 ++ docs/examples/ftp-wildcard.c | 4 +--- docs/examples/synctime.c | 9 +++++---- lib/curl_ntlm_core.c | 3 +-- lib/ftp.c | 18 +++--------------- lib/imap.c | 15 +++++---------- lib/pop3.c | 15 +++++---------- lib/smb.c | 4 ++-- lib/smtp.c | 15 +++++---------- lib/ssh-libssh.c | 3 +-- lib/vauth/digest.c | 11 ++++++----- lib/vtls/cyassl.c | 5 ++--- lib/vtls/mesalink.c | 2 +- packages/OS400/ccsidcurl.c | 17 +++++++++-------- packages/OS400/os400sys.c | 19 ++++++------------- src/tool_getpass.c | 2 +- tests/libtest/lib1541.c | 4 ++-- tests/libtest/lib1560.c | 34 +++++++++++++++------------------- tests/libtest/lib1905.c | 3 +-- tests/libtest/lib541.c | 2 +- tests/libtest/lib569.c | 3 +-- tests/libtest/lib571.c | 3 +-- tests/server/socksd.c | 10 ++++------ 23 files changed, 80 insertions(+), 123 deletions(-) diff --git a/CMake/CurlTests.c b/CMake/CurlTests.c index 07b516b4d..2a7632951 100644 --- a/CMake/CurlTests.c +++ b/CMake/CurlTests.c @@ -125,6 +125,7 @@ int main(void) #if defined(HAVE_GETHOSTBYADDR_R_5) || \ defined(HAVE_GETHOSTBYADDR_R_5_REENTRANT) rc = gethostbyaddr_r(address, length, type, &h, &hdata); + (void)rc; #elif defined(HAVE_GETHOSTBYADDR_R_7) || \ defined(HAVE_GETHOSTBYADDR_R_7_REENTRANT) hp = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &h_errnop); @@ -132,6 +133,7 @@ int main(void) #elif defined(HAVE_GETHOSTBYADDR_R_8) || \ defined(HAVE_GETHOSTBYADDR_R_8_REENTRANT) rc = gethostbyaddr_r(address, length, type, &h, buffer, 8192, &hp, &h_errnop); + (void)rc; #endif #if defined(HAVE_GETHOSTBYNAME_R_3) || \ diff --git a/docs/examples/ftp-wildcard.c b/docs/examples/ftp-wildcard.c index f249bc135..ee815973d 100644 --- a/docs/examples/ftp-wildcard.c +++ b/docs/examples/ftp-wildcard.c @@ -41,8 +41,6 @@ static size_t write_it(char *buff, size_t size, size_t nmemb, int main(int argc, char **argv) { - int rc = CURLE_OK; - /* curl easy handle */ CURL *handle; @@ -50,7 +48,7 @@ int main(int argc, char **argv) struct callback_data data = { 0 }; /* global initialization */ - rc = curl_global_init(CURL_GLOBAL_ALL); + int rc = curl_global_init(CURL_GLOBAL_ALL); if(rc) return rc; diff --git a/docs/examples/synctime.c b/docs/examples/synctime.c index 905f51189..0113007c8 100644 --- a/docs/examples/synctime.c +++ b/docs/examples/synctime.c @@ -137,7 +137,6 @@ size_t SyncTime_CURL_WriteOutput(void *ptr, size_t size, size_t nmemb, size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb, void *stream) { - int i, RetVal; char TmpStr1[26], TmpStr2[26]; (void)stream; @@ -156,11 +155,13 @@ size_t SyncTime_CURL_WriteHeader(void *ptr, size_t size, size_t nmemb, TmpStr1 & 2? */ AutoSyncTime = 0; else { - RetVal = sscanf((char *)(ptr), "Date: %s %hu %s %hu %hu:%hu:%hu", - TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear, - &SYSTime.wHour, &SYSTime.wMinute, &SYSTime.wSecond); + int RetVal = sscanf((char *)(ptr), "Date: %s %hu %s %hu %hu:%hu:%hu", + TmpStr1, &SYSTime.wDay, TmpStr2, &SYSTime.wYear, + &SYSTime.wHour, &SYSTime.wMinute, + &SYSTime.wSecond); if(RetVal == 7) { + int i; SYSTime.wMilliseconds = 500; /* adjust to midpoint, 0.5 sec */ for(i = 0; i<12; i++) { if(strcmp(MthStr[i], TmpStr2) == 0) { diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index b6df38f71..9e6fdcab2 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -218,7 +218,6 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, const unsigned char *key_56) { const CK_MECHANISM_TYPE mech = CKM_DES_ECB; /* DES cipher in ECB mode */ - PK11SlotInfo *slot = NULL; char key[8]; /* expanded 64 bit key */ SECItem key_item; PK11SymKey *symkey = NULL; @@ -228,7 +227,7 @@ static bool encrypt_des(const unsigned char *in, unsigned char *out, bool rv = FALSE; /* use internal slot for DES encryption (requires NSS to be initialized) */ - slot = PK11_GetInternalKeySlot(); + PK11SlotInfo *slot = PK11_GetInternalKeySlot(); if(!slot) return FALSE; diff --git a/lib/ftp.c b/lib/ftp.c index d6343fd51..76ebbc44f 100644 --- a/lib/ftp.c +++ b/lib/ftp.c @@ -565,10 +565,8 @@ static CURLcode ftp_readresp(curl_socket_t sockfd, #ifdef HAVE_GSSAPI char * const buf = data->state.buffer; #endif - CURLcode result = CURLE_OK; int code; - - result = Curl_pp_readresp(sockfd, pp, &code, size); + CURLcode result = Curl_pp_readresp(sockfd, pp, &code, size); #if defined(HAVE_GSSAPI) /* handle the security-oriented responses 6xx ***/ @@ -1499,24 +1497,14 @@ static CURLcode ftp_state_list(struct connectdata *conn) static CURLcode ftp_state_retr_prequote(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* We've sent the TYPE, now we must send the list of prequote strings */ - - result = ftp_state_quote(conn, TRUE, FTP_RETR_PREQUOTE); - - return result; + return ftp_state_quote(conn, TRUE, FTP_RETR_PREQUOTE); } static CURLcode ftp_state_stor_prequote(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* We've sent the TYPE, now we must send the list of prequote strings */ - - result = ftp_state_quote(conn, TRUE, FTP_STOR_PREQUOTE); - - return result; + return ftp_state_quote(conn, TRUE, FTP_STOR_PREQUOTE); } static CURLcode ftp_state_type(struct connectdata *conn) diff --git a/lib/imap.c b/lib/imap.c index bdcc69c67..f3ffa290b 100644 --- a/lib/imap.c +++ b/lib/imap.c @@ -444,10 +444,8 @@ static CURLcode imap_perform_capability(struct connectdata *conn) */ static CURLcode imap_perform_starttls(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* Send the STARTTLS command */ - result = imap_sendf(conn, "STARTTLS"); + CURLcode result = imap_sendf(conn, "STARTTLS"); if(!result) state(conn, IMAP_STARTTLS); @@ -463,11 +461,10 @@ static CURLcode imap_perform_starttls(struct connectdata *conn) */ static CURLcode imap_perform_upgrade_tls(struct connectdata *conn) { - CURLcode result = CURLE_OK; - struct imap_conn *imapc = &conn->proto.imapc; - /* Start the SSL connection */ - result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &imapc->ssldone); + struct imap_conn *imapc = &conn->proto.imapc; + CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, + &imapc->ssldone); if(!result) { if(imapc->state != IMAP_UPGRADETLS) @@ -826,10 +823,8 @@ static CURLcode imap_perform_search(struct connectdata *conn) */ static CURLcode imap_perform_logout(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* Send the LOGOUT command */ - result = imap_sendf(conn, "LOGOUT"); + CURLcode result = imap_sendf(conn, "LOGOUT"); if(!result) state(conn, IMAP_LOGOUT); diff --git a/lib/pop3.c b/lib/pop3.c index c8f3965e4..a681d5213 100644 --- a/lib/pop3.c +++ b/lib/pop3.c @@ -339,10 +339,8 @@ static CURLcode pop3_perform_capa(struct connectdata *conn) */ static CURLcode pop3_perform_starttls(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* Send the STLS command */ - result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "STLS"); + CURLcode result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "STLS"); if(!result) state(conn, POP3_STARTTLS); @@ -358,11 +356,10 @@ static CURLcode pop3_perform_starttls(struct connectdata *conn) */ static CURLcode pop3_perform_upgrade_tls(struct connectdata *conn) { - CURLcode result = CURLE_OK; - struct pop3_conn *pop3c = &conn->proto.pop3c; - /* Start the SSL connection */ - result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &pop3c->ssldone); + struct pop3_conn *pop3c = &conn->proto.pop3c; + CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, + &pop3c->ssldone); if(!result) { if(pop3c->state != POP3_UPGRADETLS) @@ -593,10 +590,8 @@ static CURLcode pop3_perform_command(struct connectdata *conn) */ static CURLcode pop3_perform_quit(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* Send the QUIT command */ - result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "QUIT"); + CURLcode result = Curl_pp_sendf(&conn->proto.pop3c.pp, "%s", "QUIT"); if(!result) state(conn, POP3_QUIT); diff --git a/lib/smb.c b/lib/smb.c index 76c99a230..5a4b7804d 100644 --- a/lib/smb.c +++ b/lib/smb.c @@ -957,7 +957,6 @@ static CURLcode smb_do(struct connectdata *conn, bool *done) static CURLcode smb_parse_url_path(struct connectdata *conn) { - CURLcode result = CURLE_OK; struct Curl_easy *data = conn->data; struct smb_request *req = data->req.protop; struct smb_conn *smbc = &conn->proto.smbc; @@ -965,7 +964,8 @@ static CURLcode smb_parse_url_path(struct connectdata *conn) char *slash; /* URL decode the path */ - result = Curl_urldecode(data, data->state.up.path, 0, &path, NULL, TRUE); + CURLcode result = Curl_urldecode(data, data->state.up.path, 0, &path, NULL, + TRUE); if(result) return result; diff --git a/lib/smtp.c b/lib/smtp.c index 4a3462b84..e10d0fbfc 100644 --- a/lib/smtp.c +++ b/lib/smtp.c @@ -359,10 +359,8 @@ static CURLcode smtp_perform_helo(struct connectdata *conn) */ static CURLcode smtp_perform_starttls(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* Send the STARTTLS command */ - result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "STARTTLS"); + CURLcode result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "STARTTLS"); if(!result) state(conn, SMTP_STARTTLS); @@ -378,11 +376,10 @@ static CURLcode smtp_perform_starttls(struct connectdata *conn) */ static CURLcode smtp_perform_upgrade_tls(struct connectdata *conn) { - CURLcode result = CURLE_OK; - struct smtp_conn *smtpc = &conn->proto.smtpc; - /* Start the SSL connection */ - result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, &smtpc->ssldone); + struct smtp_conn *smtpc = &conn->proto.smtpc; + CURLcode result = Curl_ssl_connect_nonblocking(conn, FIRSTSOCKET, + &smtpc->ssldone); if(!result) { if(smtpc->state != SMTP_UPGRADETLS) @@ -645,10 +642,8 @@ static CURLcode smtp_perform_rcpt_to(struct connectdata *conn) */ static CURLcode smtp_perform_quit(struct connectdata *conn) { - CURLcode result = CURLE_OK; - /* Send the QUIT command */ - result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "QUIT"); + CURLcode result = Curl_pp_sendf(&conn->proto.smtpc.pp, "%s", "QUIT"); if(!result) state(conn, SMTP_QUIT); diff --git a/lib/ssh-libssh.c b/lib/ssh-libssh.c index 6cfd6bda8..ca1337677 100644 --- a/lib/ssh-libssh.c +++ b/lib/ssh-libssh.c @@ -1968,11 +1968,10 @@ static CURLcode myssh_multi_statemach(struct connectdata *conn, bool *done) { struct ssh_conn *sshc = &conn->proto.sshc; - CURLcode result = CURLE_OK; bool block; /* we store the status and use that to provide a ssh_getsock() implementation */ + CURLcode result = myssh_statemach_act(conn, &block); - result = myssh_statemach_act(conn, &block); *done = (sshc->state == SSH_STOP) ? TRUE : FALSE; myssh_block2waitfor(conn, block); diff --git a/lib/vauth/digest.c b/lib/vauth/digest.c index f9cdc9dd0..8cd4d83ed 100644 --- a/lib/vauth/digest.c +++ b/lib/vauth/digest.c @@ -357,7 +357,6 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, const char *service, char **outptr, size_t *outlen) { - CURLcode result = CURLE_OK; size_t i; MD5_context *ctxt; char *response = NULL; @@ -377,10 +376,12 @@ CURLcode Curl_auth_create_digest_md5_message(struct Curl_easy *data, char *spn = NULL; /* Decode the challenge message */ - result = auth_decode_digest_md5_message(chlg64, nonce, sizeof(nonce), - realm, sizeof(realm), - algorithm, sizeof(algorithm), - qop_options, sizeof(qop_options)); + CURLcode result = auth_decode_digest_md5_message(chlg64, nonce, + sizeof(nonce), realm, + sizeof(realm), algorithm, + sizeof(algorithm), + qop_options, + sizeof(qop_options)); if(result) return result; diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c index 44a2bdda6..40626a5f1 100644 --- a/lib/vtls/cyassl.c +++ b/lib/vtls/cyassl.c @@ -357,9 +357,8 @@ cyassl_connect_step1(struct connectdata *conn, /* give application a chance to interfere with SSL set up. */ if(data->set.ssl.fsslctx) { - CURLcode result = CURLE_OK; - result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, - data->set.ssl.fsslctxp); + CURLcode result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, + data->set.ssl.fsslctxp); if(result) { failf(data, "error signaled by ssl ctx callback"); return result; diff --git a/lib/vtls/mesalink.c b/lib/vtls/mesalink.c index 718c282ee..7ca4f0eac 100644 --- a/lib/vtls/mesalink.c +++ b/lib/vtls/mesalink.c @@ -265,7 +265,6 @@ mesalink_connect_step2(struct connectdata *conn, int sockindex) ret = SSL_connect(BACKEND->handle); if(ret != SSL_SUCCESS) { - char error_buffer[MESALINK_MAX_ERROR_SZ]; int detail = SSL_get_error(BACKEND->handle, ret); if(SSL_ERROR_WANT_CONNECT == detail || SSL_ERROR_WANT_READ == detail) { @@ -273,6 +272,7 @@ mesalink_connect_step2(struct connectdata *conn, int sockindex) return CURLE_OK; } else { + char error_buffer[MESALINK_MAX_ERROR_SZ]; failf(data, "SSL_connect failed with error %d: %s", detail, diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c index fd3b5f073..39a1f99b5 100644 --- a/packages/OS400/ccsidcurl.c +++ b/packages/OS400/ccsidcurl.c @@ -620,12 +620,7 @@ curl_easy_getinfo_ccsid(CURL *curl, CURLINFO info, ...) va_list arg; void *paramp; CURLcode ret; - unsigned int ccsid; - char * * cpp; struct Curl_easy * data; - struct curl_slist * * slp; - struct curl_certinfo * cipf; - struct curl_certinfo * cipt; /* WARNING: unlike curl_easy_getinfo(), the strings returned by this procedure have to be free'ed. */ @@ -635,7 +630,13 @@ curl_easy_getinfo_ccsid(CURL *curl, CURLINFO info, ...) paramp = va_arg(arg, void *); ret = Curl_getinfo(data, info, paramp); - if(ret == CURLE_OK) + if(ret == CURLE_OK) { + unsigned int ccsid; + char **cpp; + struct curl_slist **slp; + struct curl_certinfo *cipf; + struct curl_certinfo *cipt; + switch((int) info & CURLINFO_TYPEMASK) { case CURLINFO_STRING: @@ -706,6 +707,7 @@ curl_easy_getinfo_ccsid(CURL *curl, CURLINFO info, ...) break; } } + } va_end(arg); return ret; @@ -1355,13 +1357,12 @@ curl_pushheader_byname_ccsid(struct curl_pushheaders *h, const char *header, { char *d = (char *) NULL; - char *s; if(header) { header = dynconvert(ASCII_CCSID, header, -1, ccsidin); if(header) { - s = curl_pushheader_byname(h, header); + char *s = curl_pushheader_byname(h, header); free((char *) header); if(s) diff --git a/packages/OS400/os400sys.c b/packages/OS400/os400sys.c index 84bc10abd..67b34a84c 100644 --- a/packages/OS400/os400sys.c +++ b/packages/OS400/os400sys.c @@ -268,13 +268,9 @@ Curl_getnameinfo_a(const struct sockaddr * sa, curl_socklen_t salen, int flags) { - char * enodename; - char * eservname; + char *enodename = NULL; + char *eservname = NULL; int status; - int i; - - enodename = (char *) NULL; - eservname = (char *) NULL; if(nodename && nodenamelen) { enodename = malloc(nodenamelen); @@ -294,6 +290,7 @@ Curl_getnameinfo_a(const struct sockaddr * sa, curl_socklen_t salen, eservname, servnamelen, flags); if(!status) { + int i; if(enodename) { i = QadrtConvertE2A(nodename, enodename, nodenamelen - 1, strlen(enodename)); @@ -766,16 +763,13 @@ static int Curl_gss_convert_in_place(OM_uint32 * minor_status, gss_buffer_t buf) { - unsigned int i; - char * t; + unsigned int i = buf->length; /* Convert `buf' in place, from EBCDIC to ASCII. If error, release the buffer and return -1. Else return 0. */ - i = buf->length; - if(i) { - t = malloc(i); + char *t = malloc(i); if(!t) { gss_release_buffer(minor_status, buf); @@ -865,7 +859,6 @@ Curl_gss_init_sec_context_a(OM_uint32 * minor_status, { int rc; - unsigned int i; gss_buffer_desc in; gss_buffer_t inp; @@ -874,7 +867,7 @@ Curl_gss_init_sec_context_a(OM_uint32 * minor_status, if(inp) { if(inp->length && inp->value) { - i = inp->length; + unsigned int i = inp->length; in.value = malloc(i + 1); if(!in.value) { diff --git a/src/tool_getpass.c b/src/tool_getpass.c index bf531a537..dfe363b21 100644 --- a/src/tool_getpass.c +++ b/src/tool_getpass.c @@ -93,7 +93,7 @@ char *getpass_r(const char *prompt, char *buffer, size_t buflen) if((sts & 1) && (iosb.iosb$w_status & 1)) buffer[iosb.iosb$w_bcnt] = '\0'; - sts = sys$dassgn(chan); + sys$dassgn(chan); } return buffer; /* we always return success */ } diff --git a/tests/libtest/lib1541.c b/tests/libtest/lib1541.c index 983a47e01..f3b41f5be 100644 --- a/tests/libtest/lib1541.c +++ b/tests/libtest/lib1541.c @@ -104,7 +104,6 @@ int test(char *URL) { pthread_t tid[NUM_THREADS]; int i; - int error; CURLSH *share; struct initurl url[NUM_THREADS]; @@ -119,6 +118,7 @@ int test(char *URL) init_locks(); for(i = 0; i< NUM_THREADS; i++) { + int error; url[i].url = URL; url[i].share = share; url[i].threadno = i; @@ -131,7 +131,7 @@ int test(char *URL) /* now wait for all threads to terminate */ for(i = 0; i< NUM_THREADS; i++) { - error = pthread_join(tid[i], NULL); + pthread_join(tid[i], NULL); fprintf(stderr, "Thread %d terminated\n", i); } diff --git a/tests/libtest/lib1560.c b/tests/libtest/lib1560.c index 1b72599ec..1185096d8 100644 --- a/tests/libtest/lib1560.c +++ b/tests/libtest/lib1560.c @@ -645,13 +645,11 @@ static struct redircase set_url_list[] = { static int set_url(void) { int i; - CURLUcode rc; - CURLU *urlp; int error = 0; for(i = 0; set_url_list[i].in && !error; i++) { - char *url = NULL; - urlp = curl_url(); + CURLUcode rc; + CURLU *urlp = curl_url(); if(!urlp) break; rc = curl_url_set(urlp, CURLUPART_URL, set_url_list[i].in, @@ -666,6 +664,7 @@ static int set_url(void) error++; } else { + char *url = NULL; rc = curl_url_get(urlp, CURLUPART_URL, &url, 0); if(rc) { fprintf(stderr, "%s:%d Get URL returned %d\n", @@ -677,8 +676,8 @@ static int set_url(void) error++; } } + curl_free(url); } - curl_free(url); } else if(rc != set_url_list[i].ucode) { fprintf(stderr, "Set URL\nin: %s\nreturned %d (expected %d)\n", @@ -693,11 +692,10 @@ static int set_url(void) static int set_parts(void) { int i; - CURLUcode rc; int error = 0; for(i = 0; set_parts_list[i].set && !error; i++) { - char *url = NULL; + CURLUcode rc; CURLU *urlp = curl_url(); if(!urlp) { error++; @@ -709,6 +707,7 @@ static int set_parts(void) else rc = CURLUE_OK; if(!rc) { + char *url = NULL; CURLUcode uc = updateurl(urlp, set_parts_list[i].set, set_parts_list[i].setflags); @@ -728,13 +727,13 @@ static int set_parts(void) else if(checkurl(url, set_parts_list[i].out)) { error++; } + curl_free(url); } else if(rc != set_parts_list[i].ucode) { fprintf(stderr, "Set parts\nin: %s\nreturned %d (expected %d)\n", set_parts_list[i].in, (int)rc, set_parts_list[i].ucode); error++; } - curl_free(url); curl_url_cleanup(urlp); } return error; @@ -743,10 +742,9 @@ static int set_parts(void) static int get_url(void) { int i; - CURLUcode rc; int error = 0; for(i = 0; get_url_list[i].in && !error; i++) { - char *url = NULL; + CURLUcode rc; CURLU *urlp = curl_url(); if(!urlp) { error++; @@ -755,6 +753,7 @@ static int get_url(void) rc = curl_url_set(urlp, CURLUPART_URL, get_url_list[i].in, get_url_list[i].urlflags); if(!rc) { + char *url = NULL; rc = curl_url_get(urlp, CURLUPART_URL, &url, get_url_list[i].getflags); if(rc) { @@ -767,13 +766,13 @@ static int get_url(void) error++; } } + curl_free(url); } else if(rc != get_url_list[i].ucode) { fprintf(stderr, "Get URL\nin: %s\nreturned %d (expected %d)\n", get_url_list[i].in, (int)rc, get_url_list[i].ucode); error++; } - curl_free(url); curl_url_cleanup(urlp); } return error; @@ -782,11 +781,10 @@ static int get_url(void) static int get_parts(void) { int i; - CURLUcode rc; - CURLU *urlp; int error = 0; for(i = 0; get_parts_list[i].in && !error; i++) { - urlp = curl_url(); + CURLUcode rc; + CURLU *urlp = curl_url(); if(!urlp) { error++; break; @@ -831,11 +829,10 @@ static struct querycase append_list[] = { static int append(void) { int i; - CURLUcode rc; - CURLU *urlp; int error = 0; for(i = 0; append_list[i].in && !error; i++) { - urlp = curl_url(); + CURLUcode rc; + CURLU *urlp = curl_url(); if(!urlp) { error++; break; @@ -881,12 +878,11 @@ static int append(void) static int scopeid(void) { - CURLU *u; + CURLU *u = curl_url(); int error = 0; CURLUcode rc; char *url; - u = curl_url(); rc = curl_url_set(u, CURLUPART_URL, "https://[fe80::20c:29ff:fe9c:409b%25eth0]/hello.html", 0); if(rc != CURLUE_OK) { diff --git a/tests/libtest/lib1905.c b/tests/libtest/lib1905.c index 79a50a782..7556d45e7 100644 --- a/tests/libtest/lib1905.c +++ b/tests/libtest/lib1905.c @@ -27,12 +27,11 @@ int test(char *URL) { - CURLM *cm = NULL; CURLSH *sh = NULL; CURL *ch = NULL; int unfinished; - cm = curl_multi_init(); + CURLM *cm = curl_multi_init(); if(!cm) return 1; sh = curl_share_init(); diff --git a/tests/libtest/lib541.c b/tests/libtest/lib541.c index 94a26a4b7..2861bfcc1 100644 --- a/tests/libtest/lib541.c +++ b/tests/libtest/lib541.c @@ -97,7 +97,7 @@ int test(char *URL) test_setopt(curl, CURLOPT_READDATA, hd_src); /* Now run off and do what you've been told! */ - res = curl_easy_perform(curl); + curl_easy_perform(curl); /* and now upload the exact same again, but without rewinding so it already is at end of file */ diff --git a/tests/libtest/lib569.c b/tests/libtest/lib569.c index 9c25db45d..3ddc10c4f 100644 --- a/tests/libtest/lib569.c +++ b/tests/libtest/lib569.c @@ -39,9 +39,8 @@ int test(char *URL) char *rtsp_session_id; int request = 1; int i; - FILE *idfile = NULL; - idfile = fopen(libtest_arg2, "wb"); + FILE *idfile = fopen(libtest_arg2, "wb"); if(idfile == NULL) { fprintf(stderr, "couldn't open the Session ID File\n"); return TEST_ERR_MAJOR_BAD; diff --git a/tests/libtest/lib571.c b/tests/libtest/lib571.c index c048747d9..f015f6bb2 100644 --- a/tests/libtest/lib571.c +++ b/tests/libtest/lib571.c @@ -104,9 +104,8 @@ int test(char *URL) CURL *curl; char *stream_uri = NULL; int request = 1; - FILE *protofile = NULL; - protofile = fopen(libtest_arg2, "wb"); + FILE *protofile = fopen(libtest_arg2, "wb"); if(protofile == NULL) { fprintf(stderr, "Couldn't open the protocol dump file\n"); return TEST_ERR_MAJOR_BAD; diff --git a/tests/server/socksd.c b/tests/server/socksd.c index df32a49a1..5e32bc904 100644 --- a/tests/server/socksd.c +++ b/tests/server/socksd.c @@ -749,10 +749,6 @@ static bool incoming(curl_socket_t listenfd) fd_set fds_read; fd_set fds_write; fd_set fds_err; - curl_socket_t sockfd = CURL_SOCKET_BAD; - int maxfd = -99; - ssize_t rc; - int error = 0; int clients = 0; /* connected clients */ struct perclient c[2]; @@ -772,15 +768,17 @@ static bool incoming(curl_socket_t listenfd) do { int i; + ssize_t rc; + int error = 0; + curl_socket_t sockfd = listenfd; + int maxfd = (int)sockfd; FD_ZERO(&fds_read); FD_ZERO(&fds_write); FD_ZERO(&fds_err); - sockfd = listenfd; /* there's always a socket to wait for */ FD_SET(sockfd, &fds_read); - maxfd = (int)sockfd; for(i = 0; i < 2; i++) { if(c[i].used) { -- cgit v1.2.3 From 992083b1abe2f19947abe1d5ba01c488458f6e66 Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Sat, 25 May 2019 19:24:13 +0200 Subject: examples/fopen: fix comparison As want is size_t, (file->buffer_pos - want) is unsigned, so checking if it's less than zero makes no sense. Check if file->buffer_pos is less than want instead to avoid the unsigned integer wraparound. Closes https://github.com/curl/curl/pull/3975 --- docs/examples/fopen.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/examples/fopen.c b/docs/examples/fopen.c index f1706fbe6..7151addde 100644 --- a/docs/examples/fopen.c +++ b/docs/examples/fopen.c @@ -211,7 +211,7 @@ static int fill_buffer(URL_FILE *file, size_t want) static int use_buffer(URL_FILE *file, size_t want) { /* sort out buffer */ - if((file->buffer_pos - want) <= 0) { + if(file->buffer_pos <= want) { /* ditch buffer - write will recreate */ free(file->buffer); file->buffer = NULL; -- cgit v1.2.3 From e1f3aaea0cf7d404d44e0dbdf608b1260fae6e1a Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Sat, 25 May 2019 19:36:35 +0200 Subject: examples/htmltitle: use C++ casts between pointer types Compilers and static analyzers warn about using C-style casts here. Closes https://github.com/curl/curl/pull/3975 --- docs/examples/htmltitle.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/examples/htmltitle.cpp b/docs/examples/htmltitle.cpp index 8148888a4..b81777736 100644 --- a/docs/examples/htmltitle.cpp +++ b/docs/examples/htmltitle.cpp @@ -136,9 +136,9 @@ static void StartElement(void *voidContext, const xmlChar *name, const xmlChar **attributes) { - Context *context = (Context *)voidContext; + Context *context = static_cast(voidContext); - if(COMPARE((char *)name, "TITLE")) { + if(COMPARE(reinterpret_cast(name), "TITLE")) { context->title = ""; context->addTitle = true; } @@ -152,9 +152,9 @@ static void StartElement(void *voidContext, static void EndElement(void *voidContext, const xmlChar *name) { - Context *context = (Context *)voidContext; + Context *context = static_cast(voidContext); - if(COMPARE((char *)name, "TITLE")) + if(COMPARE(reinterpret_cast(name), "TITLE")) context->addTitle = false; } @@ -167,7 +167,7 @@ static void handleCharacters(Context *context, int length) { if(context->addTitle) - context->title.append((char *)chars, length); + context->title.append(reinterpret_cast(chars), length); } // @@ -178,7 +178,7 @@ static void Characters(void *voidContext, const xmlChar *chars, int length) { - Context *context = (Context *)voidContext; + Context *context = static_cast(voidContext); handleCharacters(context, chars, length); } @@ -191,7 +191,7 @@ static void cdata(void *voidContext, const xmlChar *chars, int length) { - Context *context = (Context *)voidContext; + Context *context = static_cast(voidContext); handleCharacters(context, chars, length); } -- cgit v1.2.3 From 4ae6b5bb855bd63464c78fe37598f4655bf7d801 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 8 Jun 2019 22:39:36 +0200 Subject: bump: start working on 7.65.2 --- RELEASE-NOTES | 87 ++++---------------------------------------------- include/curl/curlver.h | 6 ++-- 2 files changed, 10 insertions(+), 83 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index fe82389e0..242bd1be6 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,6 +1,6 @@ -curl and libcurl 7.65.1 +curl and libcurl 7.65.2 - Public curl releases: 182 + Public curl releases: 183 Command line options: 221 curl_easy_setopt() options: 268 Public functions in libcurl: 80 @@ -8,42 +8,8 @@ curl and libcurl 7.65.1 This release includes the following bugfixes: - o CURLOPT_LOW_SPEED_* repaired [6] - o NTLM: reset proxy "multipass" state when CONNECT request is done [32] - o PolarSSL: deprecate support step 1. Removed from configure [3] - o appveyor: add Visual Studio solution build [25] - o cmake: check for if_nametoindex() [2] - o cmake: support CMAKE_OSX_ARCHITECTURES when detecting SIZEOF variables [17] - o config-win32: add support for if_nametoindex and getsockname [8] - o conncache: Remove the DEBUGASSERT on length check [27] - o conncache: make "bundles" per host name when doing proxy tunnels [21] - o curl-win32.h: Enable Unix Domain Sockets based on the Windows SDK version [16] - o curl_share_setopt.3: improve wording [34] - o dump-header.d: spell out that no headers == empty file [30] - o example/http2-download: fix format specifier [4] - o examples: cleanups and compiler warning fixes [4] - o http2: Stop drain from being permanently set [26] - o http: don't parse body-related headers in bodyless responses [28] - o md4: build correctly with openssl without MD4 [9] - o md4: include the mbedtls config.h to get the MD4 info [10] - o multi: track users of a socket better [15] - o nss: allow to specify TLS 1.3 ciphers if supported by NSS [20] - o parse_proxy: make sure portptr is initialized [23] - o parse_proxy: use the IPv6 zone id if given [1] - o sectransp: handle errSSLPeerAuthCompleted from SSLRead() [13] - o singlesocket: use separate variable for inner loop [31] - o ssl: Update outdated "openssl-only" comments for supported backends [33] - o tests: add HAProxy keywords [18] - o tests: add support to test against OpenSSH for Windows [5] - o tests: make test 1420 and 1406 work with rtsp-disabled libcurl [19] - o tls13-docs: mention it is only for OpenSSL >= 1.1.1 [29] - o tool_parse_cfg: Avoid 2 fopen() for WIN32 - o tool_setopt: for builds with disabled-proxy, skip all proxy setopts() [12] - o url: Load if_nametoindex() dynamically from iphlpapi.dll on Windows [24] - o url: fix bad feature-disable #ifdef [7] - o url: use correct port in ConnectionExists() [22] - o winbuild: Use two space indentation [11] - + o + This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) @@ -51,50 +17,11 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Benbuck Nason, Carlos ORyan, Daniel Stenberg, Dave Reisner, - dbrowndan on github, dkwolfe4 on github, Edmond Yu, elsamuko on github, - Eric Wu, Frank Gevaerts, Gisle Vanem, Hubert Kario, Jonas Vautherin, - Josie Huddleston, Kunal Ekawde, Maksim Stsepanenka, Marcel Raad, - Marc Hörsken, Michael Kaufmann, Patrick Monnerat, Ray Satiro, - Sergey Ogryzkov, smuellerDD on github, Steve Holme, Tom Greenslade, - Tom van der Woerdt, wesinator on github, - (27 contributors) + Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=3482 - [2] = https://curl.haxx.se/bug/?i=3917 - [3] = https://curl.haxx.se/bug/?i=3888 - [4] = https://curl.haxx.se/bug/?i=3919 - [5] = https://curl.haxx.se/bug/?i=3290 - [6] = https://curl.haxx.se/bug/?i=3927 - [7] = https://curl.haxx.se/bug/?i=3924 - [8] = https://curl.haxx.se/bug/?i=3923 - [9] = https://curl.haxx.se/bug/?i=3921 - [10] = https://curl.haxx.se/bug/?i=3922 - [11] = https://curl.haxx.se/bug/?i=3930 - [12] = https://curl.haxx.se/bug/?i=3926 - [13] = https://curl.haxx.se/bug/?i=3932 - [14] = https://curl.haxx.se/bug/?i=3653 - [15] = https://curl.haxx.se/bug/?i=3952 - [16] = https://curl.haxx.se/bug/?i=3939 - [17] = https://curl.haxx.se/bug/?i=3945 - [18] = https://curl.haxx.se/bug/?i=3949 - [19] = https://curl.haxx.se/bug/?i=3948 - [20] = https://curl.haxx.se/bug/?i=3916 - [21] = https://curl.haxx.se/bug/?i=3951 - [22] = https://curl.haxx.se/bug/?i=3956 - [23] = https://curl.haxx.se/bug/?i=3959 - [24] = https://curl.haxx.se/bug/?i=3960 - [25] = https://curl.haxx.se/bug/?i=3941 - [26] = https://curl.haxx.se/bug/?i=3966 - [27] = https://curl.haxx.se/bug/?i=3962 - [28] = https://curl.haxx.se/bug/?i=3968 - [29] = https://curl.haxx.se/bug/?i=3938 - [30] = https://curl.haxx.se/bug/?i=3964 - [31] = https://curl.haxx.se/bug/?i=3970 - [32] = https://curl.haxx.se/bug/?i=3972 - [33] = https://curl.haxx.se/bug/?i=3985 - [34] = https://curl.haxx.se/mail/lib-2019-06/0009.html + [1] = https://curl.haxx.se/bug/? + \ No newline at end of file diff --git a/include/curl/curlver.h b/include/curl/curlver.h index 4afe4a9d1..3ec2555e7 100644 --- a/include/curl/curlver.h +++ b/include/curl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.65.1-DEV" +#define LIBCURL_VERSION "7.65.2-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 #define LIBCURL_VERSION_MINOR 65 -#define LIBCURL_VERSION_PATCH 1 +#define LIBCURL_VERSION_PATCH 2 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074101 +#define LIBCURL_VERSION_NUM 0x074102 /* * This is the date and time when the full source package was created. The -- cgit v1.2.3 From 99a49d661f187e11114516bca748e1faff48349d Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Sat, 8 Jun 2019 15:02:07 +0200 Subject: travis: update scan-build job to xenial Closes https://github.com/curl/curl/pull/3999 --- .travis.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 9455b4e56..f2e3030c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -332,7 +332,7 @@ matrix: - libpsl-dev - os: linux compiler: clang - dist: trusty + dist: xenial env: - T=scan-build - OVERRIDE_CC="CC=clang-7" OVERRIDE_CXX="CXX=clang++-7" @@ -344,6 +344,7 @@ matrix: packages: - *common_packages - clang-7 + - libpsl-dev - os: linux compiler: clang dist: xenial -- cgit v1.2.3 From cf1ec70e721544ba39652abd6331dde6bbf9108d Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Sun, 9 Jun 2019 13:20:57 +0200 Subject: travis: use xenial LLVM package for scan-build I missed that in commit 99a49d6. --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index f2e3030c2..90c8fb3de 100644 --- a/.travis.yml +++ b/.travis.yml @@ -340,7 +340,7 @@ matrix: apt: sources: - *common_sources - - llvm-toolchain-trusty-7 + - llvm-toolchain-xenial-7 packages: - *common_packages - clang-7 -- cgit v1.2.3 From 680f1413321c0bad593a69a86511df4d98a3b5df Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 8 Jun 2019 23:03:03 +0200 Subject: unpause: trigger a timeout for event-based transfers ... so that timeouts or other state machine actions get going again after a changing pause state. For example, if the last delivery was paused there's no pending socket activity. Reported-by: sstruchtrup on github Fixes #3994 Closes #4001 --- lib/easy.c | 5 ++++- lib/multi.c | 52 ++++++++++++++++++++++++++-------------------------- lib/multiif.h | 1 + 3 files changed, 31 insertions(+), 27 deletions(-) diff --git a/lib/easy.c b/lib/easy.c index 4a6f96567..a4fff5b36 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -1038,8 +1038,11 @@ CURLcode curl_easy_pause(struct Curl_easy *data, int action) to have this handle checked soon */ if(!result && ((newstate&(KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) != - (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) ) + (KEEP_RECV_PAUSE|KEEP_SEND_PAUSE)) ) { Curl_expire(data, 0, EXPIRE_RUN_NOW); /* get this handle going again */ + if(data->multi) + Curl_update_timer(data->multi); + } /* This transfer may have been moved in or out of the bundle, update the corresponding socket callback, if used */ diff --git a/lib/multi.c b/lib/multi.c index 02f846033..dc780630b 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -71,8 +71,6 @@ static CURLMcode singlesocket(struct Curl_multi *multi, struct Curl_easy *data); -static int update_timer(struct Curl_multi *multi); - static CURLMcode add_next_timeout(struct curltime now, struct Curl_multi *multi, struct Curl_easy *d); @@ -462,16 +460,16 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, /* increase the alive-counter */ multi->num_alive++; - /* A somewhat crude work-around for a little glitch in update_timer() that - happens if the lastcall time is set to the same time when the handle is - removed as when the next handle is added, as then the check in - update_timer() that prevents calling the application multiple times with - the same timer info will not trigger and then the new handle's timeout - will not be notified to the app. + /* A somewhat crude work-around for a little glitch in Curl_update_timer() + that happens if the lastcall time is set to the same time when the handle + is removed as when the next handle is added, as then the check in + Curl_update_timer() that prevents calling the application multiple times + with the same timer info will not trigger and then the new handle's + timeout will not be notified to the app. The work-around is thus simply to clear the 'lastcall' variable to force - update_timer() to always trigger a callback to the app when a new easy - handle is added */ + Curl_update_timer() to always trigger a callback to the app when a new + easy handle is added */ memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); /* The closure handle only ever has default timeouts set. To improve the @@ -484,7 +482,7 @@ CURLMcode curl_multi_add_handle(struct Curl_multi *multi, data->state.conn_cache->closure_handle->set.no_signal = data->set.no_signal; - update_timer(multi); + Curl_update_timer(multi); return CURLM_OK; } @@ -774,7 +772,7 @@ CURLMcode curl_multi_remove_handle(struct Curl_multi *multi, We do not touch the easy handle here! */ multi->num_easy--; /* one less to care about now */ - update_timer(multi); + Curl_update_timer(multi); return CURLM_OK; } @@ -2107,7 +2105,7 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles) *running_handles = multi->num_alive; if(CURLM_OK >= returncode) - update_timer(multi); + Curl_update_timer(multi); return returncode; } @@ -2544,9 +2542,10 @@ static CURLMcode multi_socket(struct Curl_multi *multi, } else { /* Asked to run due to time-out. Clear the 'lastcall' variable to force - update_timer() to trigger a callback to the app again even if the same - timeout is still the one to run after this call. That handles the case - when the application asks libcurl to run the timeout prematurely. */ + Curl_update_timer() to trigger a callback to the app again even if the + same timeout is still the one to run after this call. That handles the + case when the application asks libcurl to run the timeout + prematurely. */ memset(&multi->timer_lastcall, 0, sizeof(multi->timer_lastcall)); } @@ -2664,7 +2663,7 @@ CURLMcode curl_multi_socket(struct Curl_multi *multi, curl_socket_t s, return CURLM_RECURSIVE_API_CALL; result = multi_socket(multi, FALSE, s, 0, running_handles); if(CURLM_OK >= result) - update_timer(multi); + Curl_update_timer(multi); return result; } @@ -2676,7 +2675,7 @@ CURLMcode curl_multi_socket_action(struct Curl_multi *multi, curl_socket_t s, return CURLM_RECURSIVE_API_CALL; result = multi_socket(multi, FALSE, s, ev_bitmask, running_handles); if(CURLM_OK >= result) - update_timer(multi); + Curl_update_timer(multi); return result; } @@ -2688,7 +2687,7 @@ CURLMcode curl_multi_socket_all(struct Curl_multi *multi, int *running_handles) return CURLM_RECURSIVE_API_CALL; result = multi_socket(multi, TRUE, CURL_SOCKET_BAD, 0, running_handles); if(CURLM_OK >= result) - update_timer(multi); + Curl_update_timer(multi); return result; } @@ -2748,14 +2747,14 @@ CURLMcode curl_multi_timeout(struct Curl_multi *multi, * Tell the application it should update its timers, if it subscribes to the * update timer callback. */ -static int update_timer(struct Curl_multi *multi) +void Curl_update_timer(struct Curl_multi *multi) { long timeout_ms; if(!multi->timer_cb) - return 0; + return; if(multi_timeout(multi, &timeout_ms)) { - return -1; + return; } if(timeout_ms < 0) { static const struct curltime none = {0, 0}; @@ -2763,9 +2762,10 @@ static int update_timer(struct Curl_multi *multi) multi->timer_lastcall = none; /* there's no timeout now but there was one previously, tell the app to disable it */ - return multi->timer_cb(multi, -1, multi->timer_userp); + multi->timer_cb(multi, -1, multi->timer_userp); + return; } - return 0; + return; } /* When multi_timeout() is done, multi->timetree points to the node with the @@ -2773,11 +2773,11 @@ static int update_timer(struct Curl_multi *multi) * if this is the same (fixed) time as we got in a previous call and then * avoid calling the callback again. */ if(Curl_splaycomparekeys(multi->timetree->key, multi->timer_lastcall) == 0) - return 0; + return; multi->timer_lastcall = multi->timetree->key; - return multi->timer_cb(multi, timeout_ms, multi->timer_userp); + multi->timer_cb(multi, timeout_ms, multi->timer_userp); } /* diff --git a/lib/multiif.h b/lib/multiif.h index e8a5e7062..55297ea51 100644 --- a/lib/multiif.h +++ b/lib/multiif.h @@ -30,6 +30,7 @@ void Curl_updatesocket(struct Curl_easy *data); void Curl_expire(struct Curl_easy *data, time_t milli, expire_id); void Curl_expire_clear(struct Curl_easy *data); void Curl_expire_done(struct Curl_easy *data, expire_id id); +void Curl_update_timer(struct Curl_multi *multi); void Curl_detach_connnection(struct Curl_easy *data); void Curl_attach_connnection(struct Curl_easy *data, struct connectdata *conn); -- cgit v1.2.3 From fb2839db24b0344d0c2a563787a70880486a19c8 Mon Sep 17 00:00:00 2001 From: Sorcus Date: Sat, 8 Jun 2019 20:18:18 +0000 Subject: libcurl-tutorial.3: Fix small typo (mutipart -> multipart) Fixed-by: MrSorcus on github Closes #4000 --- docs/libcurl/libcurl-tutorial.3 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/libcurl/libcurl-tutorial.3 b/docs/libcurl/libcurl-tutorial.3 index aeca76e2e..c06e37760 100644 --- a/docs/libcurl/libcurl-tutorial.3 +++ b/docs/libcurl/libcurl-tutorial.3 @@ -496,13 +496,13 @@ and then a file with binary contents and uploads the whole thing. .nf curl_mime *multipart = curl_mime_init(easyhandle); - curl_mimepart *part = curl_mime_addpart(mutipart); + curl_mimepart *part = curl_mime_addpart(multipart); curl_mime_name(part, "name"); curl_mime_data(part, "daniel", CURL_ZERO_TERMINATED); - part = curl_mime_addpart(mutipart); + part = curl_mime_addpart(multipart); curl_mime_name(part, "project"); curl_mime_data(part, "curl", CURL_ZERO_TERMINATED); - part = curl_mime_addpart(mutipart); + part = curl_mime_addpart(multipart); curl_mime_name(part, "logotype-image"); curl_mime_filedata(part, "curl.png"); -- cgit v1.2.3 From 094b5f3540fec1401f514bc470f11f441527d30a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 5 Jun 2019 15:50:49 +0200 Subject: multi: make sure 'data' can present in several sockhash entries Since more than one socket can be used by each transfer at a given time, each sockhash entry how has its own hash table with transfers using that socket. In addition, the sockhash entry can now be marked 'blocked = TRUE'" which then makes the delete function just set 'removed = TRUE' instead of removing it "for real", as a way to not rip out the carpet under the feet of a parent function that iterates over the transfers of that same sockhash entry. Reported-by: Tom van der Woerdt Fixes #3961 Fixes #3986 Fixes #3995 Fixes #4004 Closes #3997 --- lib/multi.c | 159 ++++++++++++++++++++++++++++++++++------------------------ lib/url.c | 9 +--- lib/urldata.h | 2 - 3 files changed, 95 insertions(+), 75 deletions(-) diff --git a/lib/multi.c b/lib/multi.c index dc780630b..33f0d9fd1 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -187,13 +187,16 @@ static void mstate(struct Curl_easy *data, CURLMstate state */ struct Curl_sh_entry { - struct curl_llist list; /* list of easy handles using this socket */ + struct curl_hash transfers; /* hash of transfers using this socket */ unsigned int action; /* what combined action READ/WRITE this socket waits for */ void *socketp; /* settable by users with curl_multi_assign() */ unsigned int users; /* number of transfers using this */ unsigned int readers; /* this many transfers want to read */ unsigned int writers; /* this many transfers want to write */ + unsigned int blocked:1; /* if TRUE, blocked from being removed */ + unsigned int removed:1; /* if TRUE, this entry is "removed" but prevented + from it by "blocked" being set! */ }; /* bits for 'action' having no bits means this socket is not expecting any action */ @@ -202,31 +205,67 @@ struct Curl_sh_entry { /* look up a given socket in the socket hash, skip invalid sockets */ static struct Curl_sh_entry *sh_getentry(struct curl_hash *sh, - curl_socket_t s) + curl_socket_t s, + bool also_hidden) { - if(s != CURL_SOCKET_BAD) + if(s != CURL_SOCKET_BAD) { /* only look for proper sockets */ - return Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t)); + struct Curl_sh_entry *entry = + Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t)); + if(entry && entry->removed && !also_hidden) + return NULL; + return entry; + } return NULL; } +#define TRHASH_SIZE 13 +static size_t trhash(void *key, size_t key_length, size_t slots_num) +{ + size_t keyval = (size_t)key; /* this is a data pointer */ + (void) key_length; + + return (keyval % slots_num); +} + +static size_t trhash_compare(void *k1, size_t k1_len, void *k2, size_t k2_len) +{ + (void)k1_len; + (void)k2_len; + + return k1 == k2; +} + +static void trhash_dtor(void *nada) +{ + (void)nada; +} + + /* make sure this socket is present in the hash for this handle */ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, curl_socket_t s) { - struct Curl_sh_entry *there = sh_getentry(sh, s); + struct Curl_sh_entry *there = sh_getentry(sh, s, TRUE); struct Curl_sh_entry *check; - if(there) + if(there) { /* it is present, return fine */ + if(there->removed) + there->removed = FALSE; /* clear the removed bit */ return there; + } /* not present, add it */ check = calloc(1, sizeof(struct Curl_sh_entry)); if(!check) return NULL; /* major failure */ - Curl_llist_init(&check->list, NULL); + if(Curl_hash_init(&check->transfers, TRHASH_SIZE, trhash, + trhash_compare, trhash_dtor)) { + free(check); + return NULL; + } /* make/add new hash entry */ if(!Curl_hash_add(sh, (char *)&s, sizeof(curl_socket_t), check)) { @@ -242,17 +281,17 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, static void sh_delentry(struct Curl_sh_entry *entry, struct curl_hash *sh, curl_socket_t s) { - struct curl_llist *list = &entry->list; - struct curl_llist_element *e; - /* clear the list of transfers first */ - for(e = list->head; e; e = list->head) { - struct Curl_easy *dta = e->ptr; - Curl_llist_remove(&entry->list, e, NULL); - dta->sh_entry = NULL; + if(entry->blocked) { + entry->removed = TRUE; /* pretend */ + return; + } + else { + Curl_hash_destroy(&entry->transfers); + + /* We remove the hash entry. This will end up in a call to + sh_freeentry(). */ + Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t)); } - /* We remove the hash entry. This will end up in a call to - sh_freeentry(). */ - Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t)); } /* @@ -318,17 +357,6 @@ static CURLMcode multi_addmsg(struct Curl_multi *multi, return CURLM_OK; } -/* - * multi_freeamsg() - * - * Callback used by the llist system when a single list entry is destroyed. - */ -static void multi_freeamsg(void *a, void *b) -{ - (void)a; - (void)b; -} - struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ int chashsize) /* connection hash */ { @@ -348,8 +376,8 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ if(Curl_conncache_init(&multi->conn_cache, chashsize)) goto error; - Curl_llist_init(&multi->msglist, multi_freeamsg); - Curl_llist_init(&multi->pending, multi_freeamsg); + Curl_llist_init(&multi->msglist, NULL); + Curl_llist_init(&multi->pending, NULL); /* -1 means it not set by user, use the default value */ multi->maxconnects = -1; @@ -787,11 +815,6 @@ bool Curl_multiplex_wanted(const struct Curl_multi *multi) static void detach_connnection(struct Curl_easy *data) { struct connectdata *conn = data->conn; - if(data->sh_entry) { - /* still listed as a user of a socket hash entry, remove it */ - Curl_llist_remove(&data->sh_entry->list, &data->sh_queue, NULL); - data->sh_entry = NULL; - } if(conn) Curl_llist_remove(&conn->easyq, &data->conn_queue, NULL); data->conn = NULL; @@ -1264,6 +1287,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi, bool stream_error = FALSE; rc = CURLM_OK; + DEBUGASSERT((data->mstate <= CURLM_STATE_CONNECT) || + (data->mstate >= CURLM_STATE_DONE) || + data->conn); if(!data->conn && data->mstate > CURLM_STATE_CONNECT && data->mstate < CURLM_STATE_DONE) { @@ -2240,7 +2266,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, s = socks[i]; /* get it from the hash */ - entry = sh_getentry(&multi->sockhash, s); + entry = sh_getentry(&multi->sockhash, s, FALSE); if(curraction & GETSOCK_READSOCK(i)) action |= CURL_POLL_IN; @@ -2285,30 +2311,22 @@ static CURLMcode singlesocket(struct Curl_multi *multi, if(action & CURL_POLL_OUT) entry->writers++; - /* add 'data' to the list of handles using this socket! */ - Curl_llist_insert_next(&entry->list, entry->list.tail, - data, &data->sh_queue); - data->sh_entry = entry; + /* add 'data' to the transfer hash on this socket! */ + if(!Curl_hash_add(&entry->transfers, (char *)data, /* hash key */ + sizeof(struct Curl_easy *), data)) + return CURLM_OUT_OF_MEMORY; } comboaction = (entry->writers? CURL_POLL_OUT : 0) | (entry->readers ? CURL_POLL_IN : 0); -#if 0 - infof(data, "--- Comboaction: %u readers %u writers\n", - entry->readers, entry->writers); -#endif - /* check if it has the same action set */ - if(entry->action == comboaction) + /* socket existed before and has the same action set as before */ + if(sincebefore && (entry->action == comboaction)) /* same, continue */ continue; - /* we know (entry != NULL) at this point, see the logic above */ if(multi->socket_cb) - multi->socket_cb(data, - s, - comboaction, - multi->socket_userp, + multi->socket_cb(data, s, comboaction, multi->socket_userp, entry->socketp); entry->action = comboaction; /* store the current action state */ @@ -2332,7 +2350,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, if(stillused) continue; - entry = sh_getentry(&multi->sockhash, s); + entry = sh_getentry(&multi->sockhash, s, FALSE); /* if this is NULL here, the socket has been closed and notified so already by Curl_multi_closed() */ if(entry) { @@ -2350,6 +2368,11 @@ static CURLMcode singlesocket(struct Curl_multi *multi, entry->socketp); sh_delentry(entry, &multi->sockhash, s); } + else { + /* still users, but remove this handle as a user of this socket */ + Curl_hash_delete(&entry->transfers, (char *)data, + sizeof(struct Curl_easy *)); + } } } /* for loop over numsocks */ @@ -2383,7 +2406,7 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) if(multi) { /* this is set if this connection is part of a handle that is added to a multi handle, and only then this is necessary */ - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); + struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s, FALSE); if(entry) { if(multi->socket_cb) @@ -2483,7 +2506,7 @@ static CURLMcode multi_socket(struct Curl_multi *multi, return result; } if(s != CURL_SOCKET_TIMEOUT) { - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); + struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s, FALSE); if(!entry) /* Unmatched socket, we can't act on it but we ignore this fact. In @@ -2493,18 +2516,20 @@ static CURLMcode multi_socket(struct Curl_multi *multi, and just move on. */ ; else { - struct curl_llist *list = &entry->list; - struct curl_llist_element *e; - struct curl_llist_element *enext; + struct curl_hash_iterator iter; + struct curl_hash_element *he; SIGPIPE_VARIABLE(pipe_st); - /* the socket can be shared by many transfers, iterate */ - for(e = list->head; e; e = enext) { - data = (struct Curl_easy *)e->ptr; + /* block this sockhash entry from being removed in a sub function called + from here */ + entry->blocked = TRUE; + DEBUGASSERT(!entry->removed); - /* assign 'enext' here since the 'e' struct might be cleared - further down in the singlesocket() call */ - enext = e->next; + /* the socket can be shared by many transfers, iterate */ + Curl_hash_start_iterate(&entry->transfers, &iter); + for(he = Curl_hash_next_element(&iter); he; + he = Curl_hash_next_element(&iter)) { + data = (struct Curl_easy *)he->ptr; DEBUGASSERT(data); DEBUGASSERT(data->magic == CURLEASY_MAGIC_NUMBER); @@ -2529,6 +2554,10 @@ static CURLMcode multi_socket(struct Curl_multi *multi, return result; } } + if(entry->removed) { + entry->blocked = FALSE; /* unblock */ + sh_delentry(entry, &multi->sockhash, s); /* delete for real */ + } /* Now we fall-through and do the timer-based stuff, since we don't want to force the user to have to deal with timeouts as long as at least @@ -2976,7 +3005,7 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - there = sh_getentry(&multi->sockhash, s); + there = sh_getentry(&multi->sockhash, s, FALSE); if(!there) return CURLM_BAD_SOCKET; @@ -3065,7 +3094,7 @@ void Curl_multi_dump(struct Curl_multi *multi) statename[data->mstate], data->numsocks); for(i = 0; i < data->numsocks; i++) { curl_socket_t s = data->sockets[i]; - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); + struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s, FALSE); fprintf(stderr, "%d ", (int)s); if(!entry) { diff --git a/lib/url.c b/lib/url.c index eb22dcc37..c37ce0494 100644 --- a/lib/url.c +++ b/lib/url.c @@ -1673,13 +1673,6 @@ static void free_idnconverted_hostname(struct hostname *host) #endif } -static void llist_dtor(void *user, void *element) -{ - (void)user; - (void)element; - /* Do nothing */ -} - /* * Allocate and initialize a new connectdata object. */ @@ -1791,7 +1784,7 @@ static struct connectdata *allocate_conn(struct Curl_easy *data) #endif /* Initialize the easy handle list */ - Curl_llist_init(&conn->easyq, (curl_llist_dtor) llist_dtor); + Curl_llist_init(&conn->easyq, NULL); #ifdef HAVE_GSSAPI conn->data_prot = PROT_CLEAR; diff --git a/lib/urldata.h b/lib/urldata.h index f8ba591dd..fdc185b22 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -1778,8 +1778,6 @@ struct Curl_easy { struct connectdata *conn; struct curl_llist_element connect_queue; - struct curl_llist_element sh_queue; /* list per Curl_sh_entry */ - struct Curl_sh_entry *sh_entry; /* the socket hash this was added to */ struct curl_llist_element conn_queue; /* list per connectdata */ CURLMstate mstate; /* the handle's state */ -- cgit v1.2.3 From 1667d5599dec62aa6836560f01e5c90bad52c6bb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sat, 8 Jun 2019 23:21:45 +0200 Subject: bindlocal: detect and avoid IP version mismatches in bind() Reported-by: Alex Grebenschikov Fixes #3993 Closes #4002 --- lib/connect.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/connect.c b/lib/connect.c index 002535b42..4a1f2c640 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -368,6 +368,11 @@ static CURLcode bindlocal(struct connectdata *conn, infof(data, "Name '%s' family %i resolved to '%s' family %i\n", dev, af, myhost, h->addr->ai_family); Curl_resolv_unlock(data, h); + if(af != h->addr->ai_family) { + /* bad IP version combo, signal the caller to try another address + family if available */ + return CURLE_UNSUPPORTED_PROTOCOL; + } done = 1; } else { -- cgit v1.2.3 From fc6f9ecd8954edc247d216b0bb01a929d29246e0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 08:50:30 +0200 Subject: RELEASE-NOTES: synced --- RELEASE-NOTES | 24 +++++++++++++++++++----- 1 file changed, 19 insertions(+), 5 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 242bd1be6..57e88cbc9 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -8,8 +8,16 @@ curl and libcurl 7.65.2 This release includes the following bugfixes: - o - + o bindlocal: detect and avoid IP version mismatches in bind() [1] + o build: fix Codacy warnings [6] + o examples/fopen: fix comparison [6] + o examples/htmltitle: use C++ casts between pointer types [6] + o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] + o multi: make sure 'data' can present in several sockhash entries [2] + o sws: remove unused variables [6] + o travis: update scan-build job to xenial [5] + o unpause: trigger a timeout for event-based transfers [4] + This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) @@ -17,11 +25,17 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - + Alex Grebenschikov, Daniel Stenberg, Marcel Raad, MrSorcus on github, + sstruchtrup on github, Tom van der Woerdt, + (6 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/? - \ No newline at end of file + [1] = https://curl.haxx.se/bug/?id=3993 + [2] = https://curl.haxx.se/bug/?id=3986 + [3] = https://curl.haxx.se/bug/?id=4000 + [4] = https://curl.haxx.se/bug/?id=3994 + [5] = https://curl.haxx.se/bug/?id=3999 + [6] = https://curl.haxx.se/bug/?id=3975 -- cgit v1.2.3 From deb9462ff2de8e955c67ed441f5f48619a31198d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 2 Jun 2019 16:55:05 +0200 Subject: wolfssl: refer to it as wolfSSL only Remove support for, references to and use of "cyaSSL" from the source and docs. wolfSSL is the current name and there's no point in keeping references to ancient history. Assisted-by: Daniel Gustafsson Closes #3903 --- configure.ac | 96 ++- docs/INTERNALS.md | 2 +- docs/cmdline-opts/pinnedpubkey.d | 4 +- docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 | 6 +- docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 | 2 +- docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 | 6 +- docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 | 23 +- lib/Makefile.inc | 4 +- lib/curl_setup.h | 2 +- lib/vtls/cyassl.c | 1017 -------------------------- lib/vtls/cyassl.h | 31 - lib/vtls/vtls.c | 10 +- lib/vtls/vtls.h | 2 +- lib/vtls/wolfssl.c | 991 +++++++++++++++++++++++++ lib/vtls/wolfssl.h | 31 + lib/x509asn1.c | 4 +- lib/x509asn1.h | 6 +- tests/runtests.pl | 6 +- tests/unit/unit1651.c | 2 +- 19 files changed, 1103 insertions(+), 1142 deletions(-) delete mode 100644 lib/vtls/cyassl.c delete mode 100644 lib/vtls/cyassl.h create mode 100644 lib/vtls/wolfssl.c create mode 100644 lib/vtls/wolfssl.h diff --git a/configure.ac b/configure.ac index 4cd2cb81f..1a2e237d4 100755 --- a/configure.ac +++ b/configure.ac @@ -155,7 +155,7 @@ AC_SUBST(PKGADD_VENDOR) dnl dnl initialize all the info variables - curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,cyassl,schannel,secure-transport,mesalink,amissl} )" + curl_ssl_msg="no (--with-{ssl,gnutls,nss,mbedtls,wolfssl,schannel,secure-transport,mesalink,amissl} )" curl_ssh_msg="no (--with-libssh2)" curl_zlib_msg="no (--with-zlib)" curl_brotli_msg="no (--with-brotli)" @@ -2211,48 +2211,48 @@ if test -z "$ssl_backends" -o "x$OPT_MBEDTLS" != xno; then fi dnl ---------------------------------------------------- -dnl check for CyaSSL +dnl check for wolfSSL dnl ---------------------------------------------------- -dnl Default to compiler & linker defaults for CyaSSL files & libraries. -OPT_CYASSL=no +dnl Default to compiler & linker defaults for wolfSSL files & libraries. +OPT_WOLFSSL=no _cppflags=$CPPFLAGS _ldflags=$LDFLAGS AC_ARG_WITH(cyassl,dnl AC_HELP_STRING([--with-cyassl=PATH],[where to look for CyaSSL, PATH points to the installation root (default: system lib default)]) AC_HELP_STRING([--without-cyassl], [disable CyaSSL detection]), - OPT_CYASSL=$withval) + OPT_WOLFSSL=$withval) dnl provide --with-wolfssl as an alias for --with-cyassl AC_ARG_WITH(wolfssl,dnl AC_HELP_STRING([--with-wolfssl=PATH],[where to look for WolfSSL, PATH points to the installation root (default: system lib default)]) AC_HELP_STRING([--without-wolfssl], [disable WolfSSL detection]), - OPT_CYASSL=$withval) + OPT_WOLFSSL=$withval) -if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then +if test -z "$ssl_backends" -o "x$OPT_WOLFSSL" != xno; then ssl_msg= - if test X"$OPT_CYASSL" != Xno; then + if test X"$OPT_WOLFSSL" != Xno; then - if test "$OPT_CYASSL" = "yes"; then - OPT_CYASSL="" + if test "$OPT_WOLFSSL" = "yes"; then + OPT_WOLFSSL="" fi dnl This should be reworked to use pkg-config instead cyassllibname=cyassl - if test -z "$OPT_CYASSL" ; then + if test -z "$OPT_WOLFSSL" ; then dnl check for lib in system default first AC_CHECK_LIB(cyassl, CyaSSL_Init, dnl libcyassl found, set the variable [ - AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled]) - AC_SUBST(USE_CYASSL, [1]) - CYASSL_ENABLED=1 - USE_CYASSL="yes" + AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled]) + AC_SUBST(USE_WOLFSSL, [1]) + WOLFSSL_ENABLED=1 + USE_WOLFSSL="yes" ssl_msg="CyaSSL" test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ]) @@ -2263,11 +2263,11 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then addcflags="" cyassllib="" - if test "x$USE_CYASSL" != "xyes"; then + if test "x$USE_WOLFSSL" != "xyes"; then dnl add the path and test again - addld=-L$OPT_CYASSL/lib$libsuff - addcflags=-I$OPT_CYASSL/include - cyassllib=$OPT_CYASSL/lib$libsuff + addld=-L$OPT_WOLFSSL/lib$libsuff + addcflags=-I$OPT_WOLFSSL/include + cyassllib=$OPT_WOLFSSL/lib$libsuff LDFLAGS="$LDFLAGS $addld" if test "$addcflags" != "-I/usr/include"; then @@ -2276,10 +2276,10 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then AC_CHECK_LIB(cyassl, CyaSSL_Init, [ - AC_DEFINE(USE_CYASSL, 1, [if CyaSSL is enabled]) - AC_SUBST(USE_CYASSL, [1]) - CYASSL_ENABLED=1 - USE_CYASSL="yes" + AC_DEFINE(USE_WOLFSSL, 1, [if CyaSSL is enabled]) + AC_SUBST(USE_WOLFSSL, [1]) + WOLFSSL_ENABLED=1 + USE_WOLFSSL="yes" ssl_msg="CyaSSL" test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], @@ -2294,11 +2294,11 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then addlib="" addcflags="" - if test "x$USE_CYASSL" != "xyes"; then + if test "x$USE_WOLFSSL" != "xyes"; then dnl libcyassl renamed to libwolfssl as of 3.4.0 - addld=-L$OPT_CYASSL/lib$libsuff - addcflags=-I$OPT_CYASSL/include - cyassllib=$OPT_CYASSL/lib$libsuff + addld=-L$OPT_WOLFSSL/lib$libsuff + addcflags=-I$OPT_WOLFSSL/include + cyassllib=$OPT_WOLFSSL/lib$libsuff LDFLAGS="$LDFLAGS $addld" if test "$addcflags" != "-I/usr/include"; then @@ -2322,10 +2322,10 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then ]]) ],[ AC_MSG_RESULT(yes) - AC_DEFINE(USE_CYASSL, 1, [if CyaSSL/WolfSSL is enabled]) - AC_SUBST(USE_CYASSL, [1]) - CYASSL_ENABLED=1 - USE_CYASSL="yes" + AC_DEFINE(USE_WOLFSSL, 1, [if wolfSSL is enabled]) + AC_SUBST(USE_WOLFSSL, [1]) + WOLFSSL_ENABLED=1 + USE_WOLFSSL="yes" ssl_msg="WolfSSL" test cyassl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes ], @@ -2338,32 +2338,20 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then LIBS="$my_ac_save_LIBS" fi - if test "x$USE_CYASSL" = "xyes"; then + if test "x$USE_WOLFSSL" = "xyes"; then AC_MSG_NOTICE([detected $cyassllibname]) check_for_ca_bundle=1 dnl cyassl/ctaocrypt/types.h needs SIZEOF_LONG_LONG defined! AX_COMPILE_CHECK_SIZEOF(long long) - dnl Versions since at least 2.6.0 may have options.h - AC_CHECK_HEADERS(cyassl/options.h) - - dnl Versions since at least 2.9.4 renamed error.h to error-ssl.h - AC_CHECK_HEADERS(cyassl/error-ssl.h) - LIBS="-l$cyassllibname -lm $LIBS" - if test "x$cyassllibname" = "xwolfssl"; then - dnl Recent WolfSSL versions build without SSLv3 by default - dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* - AC_CHECK_FUNCS(wolfSSLv3_client_method \ - wolfSSL_get_peer_certificate \ - wolfSSL_UseALPN) - else - dnl Cyassl needs configure --enable-opensslextra to have *get_peer* - AC_CHECK_FUNCS(CyaSSL_CTX_UseSupportedCurve \ - CyaSSL_get_peer_certificate) - fi + dnl Recent WolfSSL versions build without SSLv3 by default + dnl WolfSSL needs configure --enable-opensslextra to have *get_peer* + AC_CHECK_FUNCS(wolfSSLv3_client_method \ + wolfSSL_get_peer_certificate \ + wolfSSL_UseALPN) if test -n "$cyassllib"; then dnl when shared libs were found in a path that the run-time @@ -2379,7 +2367,7 @@ if test -z "$ssl_backends" -o "x$OPT_CYASSL" != xno; then fi - fi dnl CyaSSL not disabled + fi dnl wolfSSL not disabled test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi @@ -2606,10 +2594,10 @@ if test -z "$ssl_backends" -o "x$OPT_NSS" != xno; then test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$CYASSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$WINSSL_ENABLED$SECURETRANSPORT_ENABLED$MESALINK_ENABLED$AMISSL_ENABLED" in x) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) - AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-cyassl, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.]) + AC_MSG_WARN([Use --with-ssl, --with-gnutls, --with-wolfssl, --with-mbedtls, --with-nss, --with-schannel, --with-secure-transport, --with-mesalink or --with-amissl to address this.]) ;; x1) # one SSL backend is enabled @@ -3033,8 +3021,8 @@ AC_HELP_STRING([--disable-versioned-symbols], [Disable versioned symbols in shar versioned_symbols_flavour="GNUTLS_" elif test "x$NSS_ENABLED" = "x1"; then versioned_symbols_flavour="NSS_" - elif test "x$CYASSL_ENABLED" = "x1"; then - versioned_symbols_flavour="CYASSL_" + elif test "x$WOLFSSL_ENABLED" = "x1"; then + versioned_symbols_flavour="WOLFSSL_" elif test "x$WINSSL_ENABLED" = "x1"; then versioned_symbols_flavour="SCHANNEL_" elif test "x$SECURETRANSPORT_ENABLED" = "x1"; then diff --git a/docs/INTERNALS.md b/docs/INTERNALS.md index 1563ec516..cd004e8f4 100644 --- a/docs/INTERNALS.md +++ b/docs/INTERNALS.md @@ -90,7 +90,7 @@ Dependencies - libssh2 0.16 - c-ares 1.6.0 - libidn2 2.0.0 - - cyassl 2.0.0 + - wolfSSL 2.0.0 - openldap 2.0 - MIT Kerberos 1.2.4 - GSKit V5R3M0 diff --git a/docs/cmdline-opts/pinnedpubkey.d b/docs/cmdline-opts/pinnedpubkey.d index b1c7bdef6..cd21911f8 100644 --- a/docs/cmdline-opts/pinnedpubkey.d +++ b/docs/cmdline-opts/pinnedpubkey.d @@ -15,10 +15,10 @@ abort the connection before sending or receiving any data. PEM/DER support: 7.39.0: OpenSSL, GnuTLS and GSKit - 7.43.0: NSS and wolfSSL/CyaSSL + 7.43.0: NSS and wolfSSL 7.47.0: mbedtls sha256 support: - 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL. + 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL 7.47.0: mbedtls Other SSL backends not supported. diff --git a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 index 44ad40574..b4a74a92e 100644 --- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 +++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 @@ -54,7 +54,7 @@ struct curl_tlssessioninfo { The \fIbackend\fP struct member is one of the defines in the CURLSSLBACKEND_* series: CURLSSLBACKEND_NONE (when built without TLS support), -CURLSSLBACKEND_CYASSL, CURLSSLBACKEND_DARWINSSL, +CURLSSLBACKEND_WOLFSSL, CURLSSLBACKEND_DARWINSSL, CURLSSLBACKEND_GNUTLS, CURLSSLBACKEND_GSKIT, CURLSSLBACKEND_MBEDTLS, CURLSSLBACKEND_NSS, CURLSSLBACKEND_OPENSSL, CURLSSLBACKEND_POLARSSL, CURLSSLBACKEND_SCHANNEL or CURLSSLBACKEND_MESALINK. (Note that the OpenSSL @@ -83,9 +83,9 @@ mbedtls_ssl_context * ssl_context * .IP "Secure Channel" CtxtHandle * -.IP "Secure Transport (DarwinSSL)" +.IP "Secure Transport" SSLContext * -.IP "WolfSSL (formerly CyaSSL)" +.IP "wolfSSL" SSL * .IP "MesaLink" SSL * diff --git a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 index 987a24357..fb9698c24 100644 --- a/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 +++ b/docs/libcurl/opts/CURLOPT_PINNEDPUBLICKEY.3 @@ -109,7 +109,7 @@ PEM/DER support: sha256 support: - 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL/CyaSSL + 7.44.0: OpenSSL, GnuTLS, NSS and wolfSSL 7.47.0: mbedtls diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 index 216bdec3a..85e1168e5 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_DATA.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -112,8 +112,8 @@ int main(void) } .fi .SH AVAILABILITY -Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Other SSL -backends not supported. +Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for +mbedTLS. Other SSL backends are not supported. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff --git a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 index 04d8e297e..01acb9766 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_CTX_FUNCTION.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -22,7 +22,7 @@ .\" .TH CURLOPT_SSL_CTX_FUNCTION 3 "19 Jun 2014" "libcurl 7.37.0" "curl_easy_setopt options" .SH NAME -CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL/CyaSSL or mbedTLS +CURLOPT_SSL_CTX_FUNCTION \- SSL context callback for OpenSSL, wolfSSL or mbedTLS .SH SYNOPSIS .nf #include @@ -32,9 +32,8 @@ CURLcode ssl_ctx_callback(CURL *curl, void *ssl_ctx, void *userptr); CURLcode curl_easy_setopt(CURL *handle, CURLOPT_SSL_CTX_FUNCTION, ssl_ctx_callback); .SH DESCRIPTION -This option only works for libcurl powered by OpenSSL, wolfSSL/CyaSSL or -mbedTLS. If libcurl was built against another SSL library this functionality is -absent. +This option only works for libcurl powered by OpenSSL, wolfSSL or mbedTLS. If +libcurl was built against another SSL library this functionality is absent. Pass a pointer to your callback function, which should match the prototype shown above. @@ -43,11 +42,11 @@ This callback function gets called by libcurl just before the initialization of an SSL connection after having processed all other SSL related options to give a last chance to an application to modify the behavior of the SSL initialization. The \fIssl_ctx\fP parameter is actually a pointer to the SSL -library's \fISSL_CTX\fP for OpenSSL or wolfSSL/CyaSSL, and a pointer to -\fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the callback -no attempt to establish a connection is made and the perform operation will -return the callback's error code. Set the \fIuserptr\fP argument with the -\fICURLOPT_SSL_CTX_DATA(3)\fP option. +library's \fISSL_CTX\fP for OpenSSL or wolfSSL, and a pointer to +\fImbedtls_ssl_config\fP for mbedTLS. If an error is returned from the +callback no attempt to establish a connection is made and the perform +operation will return the callback's error code. Set the \fIuserptr\fP +argument with the \fICURLOPT_SSL_CTX_DATA(3)\fP option. This function will get called on all new connections made to a server, during the SSL negotiation. The \fIssl_ctx\fP will point to a newly initialized object @@ -72,8 +71,8 @@ See cacertinmem.c in docs/examples directory for usage example. https://curl.haxx.se/libcurl/c/cacertinmem.html .SH AVAILABILITY -Added in 7.11.0 for OpenSSL. Added in 7.42.0 for wolfSSL/CyaSSL. Added in -7.54.0 for mbedTLS. Other SSL backends not supported. +Added in 7.11.0 for OpenSSL, in 7.42.0 for wolfSSL and in 7.54.0 for +mbedTLS. Other SSL backends are not supported. .SH RETURN VALUE CURLE_OK if supported; or an error such as: diff --git a/lib/Makefile.inc b/lib/Makefile.inc index 235b82b0e..37f702681 100644 --- a/lib/Makefile.inc +++ b/lib/Makefile.inc @@ -29,12 +29,12 @@ LIB_VAUTH_HFILES = vauth/vauth.h vauth/digest.h vauth/ntlm.h LIB_VTLS_CFILES = vtls/openssl.c vtls/gtls.c vtls/vtls.c vtls/nss.c \ vtls/polarssl.c vtls/polarssl_threadlock.c \ - vtls/cyassl.c vtls/schannel.c vtls/schannel_verify.c \ + vtls/wolfssl.c vtls/schannel.c vtls/schannel_verify.c \ vtls/sectransp.c vtls/gskit.c vtls/mbedtls.c vtls/mesalink.c LIB_VTLS_HFILES = vtls/openssl.h vtls/vtls.h vtls/gtls.h \ vtls/nssg.h vtls/polarssl.h vtls/polarssl_threadlock.h \ - vtls/cyassl.h vtls/schannel.h vtls/sectransp.h vtls/gskit.h \ + vtls/wolfssl.h vtls/schannel.h vtls/sectransp.h vtls/gskit.h \ vtls/mbedtls.h vtls/mesalink.h LIB_CFILES = file.c timeval.c base64.c hostip.c progress.c formdata.c \ diff --git a/lib/curl_setup.h b/lib/curl_setup.h index a4601c49e..27414a540 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -648,7 +648,7 @@ int netware_init(void); #if defined(USE_GNUTLS) || defined(USE_OPENSSL) || defined(USE_NSS) || \ defined(USE_MBEDTLS) || \ - defined(USE_CYASSL) || defined(USE_SCHANNEL) || \ + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) || \ defined(USE_SECTRANSP) || defined(USE_GSKIT) || defined(USE_MESALINK) #define USE_SSL /* SSL support has been enabled */ #endif diff --git a/lib/vtls/cyassl.c b/lib/vtls/cyassl.c deleted file mode 100644 index 40626a5f1..000000000 --- a/lib/vtls/cyassl.c +++ /dev/null @@ -1,1017 +0,0 @@ -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ - -/* - * Source file for all CyaSSL-specific code for the TLS/SSL layer. No code - * but vtls.c should ever call or use these functions. - * - */ - -#include "curl_setup.h" - -#ifdef USE_CYASSL - -#define WOLFSSL_OPTIONS_IGNORE_SYS -/* CyaSSL's version.h, which should contain only the version, should come -before all other CyaSSL includes and be immediately followed by build config -aka options.h. https://curl.haxx.se/mail/lib-2015-04/0069.html */ -#include -#if defined(HAVE_CYASSL_OPTIONS_H) && (LIBCYASSL_VERSION_HEX > 0x03004008) -#if defined(CYASSL_API) || defined(WOLFSSL_API) -/* Safety measure. If either is defined some API include was already included -and that's a problem since options.h hasn't been included yet. */ -#error "CyaSSL API was included before the CyaSSL build options." -#endif -#include -#endif - -/* To determine what functions are available we rely on one or both of: - - the user's options.h generated by CyaSSL/wolfSSL - - the symbols detected by curl's configure - Since they are markedly different from one another, and one or the other may - not be available, we do some checking below to bring things in sync. */ - -/* HAVE_ALPN is wolfSSL's build time symbol for enabling ALPN in options.h. */ -#ifndef HAVE_ALPN -#ifdef HAVE_WOLFSSL_USEALPN -#define HAVE_ALPN -#endif -#endif - -/* WOLFSSL_ALLOW_SSLV3 is wolfSSL's build time symbol for enabling SSLv3 in - options.h, but is only seen in >= 3.6.6 since that's when they started - disabling SSLv3 by default. */ -#ifndef WOLFSSL_ALLOW_SSLV3 -#if (LIBCYASSL_VERSION_HEX < 0x03006006) || \ - defined(HAVE_WOLFSSLV3_CLIENT_METHOD) -#define WOLFSSL_ALLOW_SSLV3 -#endif -#endif - -#include - -#include "urldata.h" -#include "sendf.h" -#include "inet_pton.h" -#include "vtls.h" -#include "parsedate.h" -#include "connect.h" /* for the connect timeout */ -#include "select.h" -#include "strcase.h" -#include "x509asn1.h" -#include "curl_printf.h" -#include "multiif.h" - -#include -#include -#ifdef HAVE_CYASSL_ERROR_SSL_H -#include -#else -#include -#endif -#include -#include - -#include "cyassl.h" - -/* The last #include files should be: */ -#include "curl_memory.h" -#include "memdebug.h" - -#if LIBCYASSL_VERSION_HEX < 0x02007002 /* < 2.7.2 */ -#define CYASSL_MAX_ERROR_SZ 80 -#endif - -/* KEEP_PEER_CERT is a product of the presence of build time symbol - OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is - in wolfSSL's settings.h, and the latter two are build time symbols in - options.h. */ -#ifndef KEEP_PEER_CERT -#if defined(HAVE_CYASSL_GET_PEER_CERTIFICATE) || \ - defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ - (defined(OPENSSL_EXTRA) && !defined(NO_CERTS)) -#define KEEP_PEER_CERT -#endif -#endif - -struct ssl_backend_data { - SSL_CTX* ctx; - SSL* handle; -}; - -#define BACKEND connssl->backend - -static Curl_recv cyassl_recv; -static Curl_send cyassl_send; - - -static int do_file_type(const char *type) -{ - if(!type || !type[0]) - return SSL_FILETYPE_PEM; - if(strcasecompare(type, "PEM")) - return SSL_FILETYPE_PEM; - if(strcasecompare(type, "DER")) - return SSL_FILETYPE_ASN1; - return -1; -} - -/* - * This function loads all the client/CA certificates and CRLs. Setup the TLS - * layer and do all necessary magic. - */ -static CURLcode -cyassl_connect_step1(struct connectdata *conn, - int sockindex) -{ - char *ciphers; - struct Curl_easy *data = conn->data; - struct ssl_connect_data* connssl = &conn->ssl[sockindex]; - SSL_METHOD* req_method = NULL; - curl_socket_t sockfd = conn->sock[sockindex]; -#ifdef HAVE_SNI - bool sni = FALSE; -#define use_sni(x) sni = (x) -#else -#define use_sni(x) Curl_nop_stmt -#endif - - if(connssl->state == ssl_connection_complete) - return CURLE_OK; - - if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) { - failf(data, "CyaSSL does not support to set maximum SSL/TLS version"); - return CURLE_SSL_CONNECT_ERROR; - } - - /* check to see if we've been told to use an explicit SSL/TLS version */ - switch(SSL_CONN_CONFIG(version)) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: -#if LIBCYASSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */ - /* minimum protocol version is set later after the CTX object is created */ - req_method = SSLv23_client_method(); -#else - infof(data, "CyaSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, " - "TLS 1.0 is used exclusively\n"); - req_method = TLSv1_client_method(); -#endif - use_sni(TRUE); - break; - case CURL_SSLVERSION_TLSv1_0: -#ifdef WOLFSSL_ALLOW_TLSV10 - req_method = TLSv1_client_method(); - use_sni(TRUE); -#else - failf(data, "CyaSSL does not support TLS 1.0"); - return CURLE_NOT_BUILT_IN; -#endif - break; - case CURL_SSLVERSION_TLSv1_1: - req_method = TLSv1_1_client_method(); - use_sni(TRUE); - break; - case CURL_SSLVERSION_TLSv1_2: - req_method = TLSv1_2_client_method(); - use_sni(TRUE); - break; - case CURL_SSLVERSION_TLSv1_3: -#ifdef WOLFSSL_TLS13 - req_method = wolfTLSv1_3_client_method(); - use_sni(TRUE); - break; -#else - failf(data, "CyaSSL: TLS 1.3 is not yet supported"); - return CURLE_SSL_CONNECT_ERROR; -#endif - case CURL_SSLVERSION_SSLv3: -#ifdef WOLFSSL_ALLOW_SSLV3 - req_method = SSLv3_client_method(); - use_sni(FALSE); -#else - failf(data, "CyaSSL does not support SSLv3"); - return CURLE_NOT_BUILT_IN; -#endif - break; - case CURL_SSLVERSION_SSLv2: - failf(data, "CyaSSL does not support SSLv2"); - return CURLE_SSL_CONNECT_ERROR; - default: - failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); - return CURLE_SSL_CONNECT_ERROR; - } - - if(!req_method) { - failf(data, "SSL: couldn't create a method!"); - return CURLE_OUT_OF_MEMORY; - } - - if(BACKEND->ctx) - SSL_CTX_free(BACKEND->ctx); - BACKEND->ctx = SSL_CTX_new(req_method); - - if(!BACKEND->ctx) { - failf(data, "SSL: couldn't create a context!"); - return CURLE_OUT_OF_MEMORY; - } - - switch(SSL_CONN_CONFIG(version)) { - case CURL_SSLVERSION_DEFAULT: - case CURL_SSLVERSION_TLSv1: -#if LIBCYASSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */ - /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is whatever - minimum version of TLS was built in and at least TLS 1.0. For later library - versions that could change (eg TLS 1.0 built in but defaults to TLS 1.1) so - we have this short circuit evaluation to find the minimum supported TLS - version. We use wolfSSL_CTX_SetMinVersion and not CyaSSL_SetMinVersion - because only the former will work before the user's CTX callback is called. - */ - if((wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1) != 1) && - (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_1) != 1) && - (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_2) != 1) -#ifdef WOLFSSL_TLS13 - && (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_3) != 1) -#endif - ) { - failf(data, "SSL: couldn't set the minimum protocol version"); - return CURLE_SSL_CONNECT_ERROR; - } -#endif - break; - } - - ciphers = SSL_CONN_CONFIG(cipher_list); - if(ciphers) { - if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) { - failf(data, "failed setting cipher list: %s", ciphers); - return CURLE_SSL_CIPHER; - } - infof(data, "Cipher selection: %s\n", ciphers); - } - -#ifndef NO_FILESYSTEM - /* load trusted cacert */ - if(SSL_CONN_CONFIG(CAfile)) { - if(1 != SSL_CTX_load_verify_locations(BACKEND->ctx, - SSL_CONN_CONFIG(CAfile), - SSL_CONN_CONFIG(CApath))) { - if(SSL_CONN_CONFIG(verifypeer)) { - /* Fail if we insist on successfully verifying the server. */ - failf(data, "error setting certificate verify locations:\n" - " CAfile: %s\n CApath: %s", - SSL_CONN_CONFIG(CAfile)? - SSL_CONN_CONFIG(CAfile): "none", - SSL_CONN_CONFIG(CApath)? - SSL_CONN_CONFIG(CApath) : "none"); - return CURLE_SSL_CACERT_BADFILE; - } - else { - /* Just continue with a warning if no strict certificate - verification is required. */ - infof(data, "error setting certificate verify locations," - " continuing anyway:\n"); - } - } - else { - /* Everything is fine. */ - infof(data, "successfully set certificate verify locations:\n"); - } - infof(data, - " CAfile: %s\n" - " CApath: %s\n", - SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): - "none", - SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): - "none"); - } - - /* Load the client certificate, and private key */ - if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) { - int file_type = do_file_type(SSL_SET_OPTION(cert_type)); - - if(SSL_CTX_use_certificate_file(BACKEND->ctx, SSL_SET_OPTION(cert), - file_type) != 1) { - failf(data, "unable to use client certificate (no key or wrong pass" - " phrase?)"); - return CURLE_SSL_CONNECT_ERROR; - } - - file_type = do_file_type(SSL_SET_OPTION(key_type)); - if(SSL_CTX_use_PrivateKey_file(BACKEND->ctx, SSL_SET_OPTION(key), - file_type) != 1) { - failf(data, "unable to set private key"); - return CURLE_SSL_CONNECT_ERROR; - } - } -#endif /* !NO_FILESYSTEM */ - - /* SSL always tries to verify the peer, this only says whether it should - * fail to connect if the verification fails, or if it should continue - * anyway. In the latter case the result of the verification is checked with - * SSL_get_verify_result() below. */ - SSL_CTX_set_verify(BACKEND->ctx, - SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER: - SSL_VERIFY_NONE, - NULL); - -#ifdef HAVE_SNI - if(sni) { - struct in_addr addr4; -#ifdef ENABLE_IPV6 - struct in6_addr addr6; -#endif - const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : - conn->host.name; - size_t hostname_len = strlen(hostname); - if((hostname_len < USHRT_MAX) && - (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) && -#ifdef ENABLE_IPV6 - (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) && -#endif - (CyaSSL_CTX_UseSNI(BACKEND->ctx, CYASSL_SNI_HOST_NAME, hostname, - (unsigned short)hostname_len) != 1)) { - infof(data, "WARNING: failed to configure server name indication (SNI) " - "TLS extension\n"); - } - } -#endif - - /* give application a chance to interfere with SSL set up. */ - if(data->set.ssl.fsslctx) { - CURLcode result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, - data->set.ssl.fsslctxp); - if(result) { - failf(data, "error signaled by ssl ctx callback"); - return result; - } - } -#ifdef NO_FILESYSTEM - else if(SSL_CONN_CONFIG(verifypeer)) { - failf(data, "SSL: Certificates couldn't be loaded because CyaSSL was built" - " with \"no filesystem\". Either disable peer verification" - " (insecure) or if you are building an application with libcurl you" - " can load certificates via CURLOPT_SSL_CTX_FUNCTION."); - return CURLE_SSL_CONNECT_ERROR; - } -#endif - - /* Let's make an SSL structure */ - if(BACKEND->handle) - SSL_free(BACKEND->handle); - BACKEND->handle = SSL_new(BACKEND->ctx); - if(!BACKEND->handle) { - failf(data, "SSL: couldn't create a context (handle)!"); - return CURLE_OUT_OF_MEMORY; - } - -#ifdef HAVE_ALPN - if(conn->bits.tls_enable_alpn) { - char protocols[128]; - *protocols = '\0'; - - /* wolfSSL's ALPN protocol name list format is a comma separated string of - protocols in descending order of preference, eg: "h2,http/1.1" */ - -#ifdef USE_NGHTTP2 - if(data->set.httpversion >= CURL_HTTP_VERSION_2) { - strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ","); - infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); - } -#endif - - strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); - infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1); - - if(wolfSSL_UseALPN(BACKEND->handle, protocols, - (unsigned)strlen(protocols), - WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { - failf(data, "SSL: failed setting ALPN protocols"); - return CURLE_SSL_CONNECT_ERROR; - } - } -#endif /* HAVE_ALPN */ - - /* Check if there's a cached ID we can/should use here! */ - if(SSL_SET_OPTION(primary.sessionid)) { - void *ssl_sessionid = NULL; - - Curl_ssl_sessionid_lock(conn); - if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { - /* we got a session id, use it! */ - if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { - char error_buffer[CYASSL_MAX_ERROR_SZ]; - Curl_ssl_sessionid_unlock(conn); - failf(data, "SSL: SSL_set_session failed: %s", - ERR_error_string(SSL_get_error(BACKEND->handle, 0), - error_buffer)); - return CURLE_SSL_CONNECT_ERROR; - } - /* Informational message */ - infof(data, "SSL re-using session ID\n"); - } - Curl_ssl_sessionid_unlock(conn); - } - - /* pass the raw socket into the SSL layer */ - if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { - failf(data, "SSL: SSL_set_fd failed"); - return CURLE_SSL_CONNECT_ERROR; - } - - connssl->connecting_state = ssl_connect_2; - return CURLE_OK; -} - - -static CURLcode -cyassl_connect_step2(struct connectdata *conn, - int sockindex) -{ - int ret = -1; - struct Curl_easy *data = conn->data; - struct ssl_connect_data* connssl = &conn->ssl[sockindex]; - const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : - conn->host.name; - const char * const dispname = SSL_IS_PROXY() ? - conn->http_proxy.host.dispname : conn->host.dispname; - const char * const pinnedpubkey = SSL_IS_PROXY() ? - data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : - data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; - - conn->recv[sockindex] = cyassl_recv; - conn->send[sockindex] = cyassl_send; - - /* Enable RFC2818 checks */ - if(SSL_CONN_CONFIG(verifyhost)) { - ret = CyaSSL_check_domain_name(BACKEND->handle, hostname); - if(ret == SSL_FAILURE) - return CURLE_OUT_OF_MEMORY; - } - - ret = SSL_connect(BACKEND->handle); - if(ret != 1) { - char error_buffer[CYASSL_MAX_ERROR_SZ]; - int detail = SSL_get_error(BACKEND->handle, ret); - - if(SSL_ERROR_WANT_READ == detail) { - connssl->connecting_state = ssl_connect_2_reading; - return CURLE_OK; - } - else if(SSL_ERROR_WANT_WRITE == detail) { - connssl->connecting_state = ssl_connect_2_writing; - return CURLE_OK; - } - /* There is no easy way to override only the CN matching. - * This will enable the override of both mismatching SubjectAltNames - * as also mismatching CN fields */ - else if(DOMAIN_NAME_MISMATCH == detail) { -#if 1 - failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n", - dispname); - return CURLE_PEER_FAILED_VERIFICATION; -#else - /* When the CyaSSL_check_domain_name() is used and you desire to continue - * on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost == 0', - * CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA error. The only - * way to do this is currently to switch the CyaSSL_check_domain_name() - * in and out based on the 'conn->ssl_config.verifyhost' value. */ - if(SSL_CONN_CONFIG(verifyhost)) { - failf(data, - "\tsubject alt name(s) or common name do not match \"%s\"\n", - dispname); - return CURLE_PEER_FAILED_VERIFICATION; - } - else { - infof(data, - "\tsubject alt name(s) and/or common name do not match \"%s\"\n", - dispname); - return CURLE_OK; - } -#endif - } -#if LIBCYASSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */ - else if(ASN_NO_SIGNER_E == detail) { - if(SSL_CONN_CONFIG(verifypeer)) { - failf(data, "\tCA signer not available for verification\n"); - return CURLE_SSL_CACERT_BADFILE; - } - else { - /* Just continue with a warning if no strict certificate - verification is required. */ - infof(data, "CA signer not available for verification, " - "continuing anyway\n"); - } - } -#endif - else { - failf(data, "SSL_connect failed with error %d: %s", detail, - ERR_error_string(detail, error_buffer)); - return CURLE_SSL_CONNECT_ERROR; - } - } - - if(pinnedpubkey) { -#ifdef KEEP_PEER_CERT - X509 *x509; - const char *x509_der; - int x509_der_len; - curl_X509certificate x509_parsed; - curl_asn1Element *pubkey; - CURLcode result; - - x509 = SSL_get_peer_certificate(BACKEND->handle); - if(!x509) { - failf(data, "SSL: failed retrieving server certificate"); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; - } - - x509_der = (const char *)CyaSSL_X509_get_der(x509, &x509_der_len); - if(!x509_der) { - failf(data, "SSL: failed retrieving ASN.1 server certificate"); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; - } - - memset(&x509_parsed, 0, sizeof(x509_parsed)); - if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len)) - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; - - pubkey = &x509_parsed.subjectPublicKeyInfo; - if(!pubkey->header || pubkey->end <= pubkey->header) { - failf(data, "SSL: failed retrieving public key from server certificate"); - return CURLE_SSL_PINNEDPUBKEYNOTMATCH; - } - - result = Curl_pin_peer_pubkey(data, - pinnedpubkey, - (const unsigned char *)pubkey->header, - (size_t)(pubkey->end - pubkey->header)); - if(result) { - failf(data, "SSL: public key does not match pinned public key!"); - return result; - } -#else - failf(data, "Library lacks pinning support built-in"); - return CURLE_NOT_BUILT_IN; -#endif - } - -#ifdef HAVE_ALPN - if(conn->bits.tls_enable_alpn) { - int rc; - char *protocol = NULL; - unsigned short protocol_len = 0; - - rc = wolfSSL_ALPN_GetProtocol(BACKEND->handle, &protocol, &protocol_len); - - if(rc == SSL_SUCCESS) { - infof(data, "ALPN, server accepted to use %.*s\n", protocol_len, - protocol); - - if(protocol_len == ALPN_HTTP_1_1_LENGTH && - !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) - conn->negnpn = CURL_HTTP_VERSION_1_1; -#ifdef USE_NGHTTP2 - else if(data->set.httpversion >= CURL_HTTP_VERSION_2 && - protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN && - !memcmp(protocol, NGHTTP2_PROTO_VERSION_ID, - NGHTTP2_PROTO_VERSION_ID_LEN)) - conn->negnpn = CURL_HTTP_VERSION_2; -#endif - else - infof(data, "ALPN, unrecognized protocol %.*s\n", protocol_len, - protocol); - Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? - BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); - } - else if(rc == SSL_ALPN_NOT_FOUND) - infof(data, "ALPN, server did not agree to a protocol\n"); - else { - failf(data, "ALPN, failure getting protocol, error %d", rc); - return CURLE_SSL_CONNECT_ERROR; - } - } -#endif /* HAVE_ALPN */ - - connssl->connecting_state = ssl_connect_3; -#if (LIBCYASSL_VERSION_HEX >= 0x03009010) - infof(data, "SSL connection using %s / %s\n", - wolfSSL_get_version(BACKEND->handle), - wolfSSL_get_cipher_name(BACKEND->handle)); -#else - infof(data, "SSL connected\n"); -#endif - - return CURLE_OK; -} - - -static CURLcode -cyassl_connect_step3(struct connectdata *conn, - int sockindex) -{ - CURLcode result = CURLE_OK; - struct Curl_easy *data = conn->data; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); - - if(SSL_SET_OPTION(primary.sessionid)) { - bool incache; - SSL_SESSION *our_ssl_sessionid; - void *old_ssl_sessionid = NULL; - - our_ssl_sessionid = SSL_get_session(BACKEND->handle); - - Curl_ssl_sessionid_lock(conn); - incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, - sockindex)); - if(incache) { - if(old_ssl_sessionid != our_ssl_sessionid) { - infof(data, "old SSL session ID is stale, removing\n"); - Curl_ssl_delsessionid(conn, old_ssl_sessionid); - incache = FALSE; - } - } - - if(!incache) { - result = Curl_ssl_addsessionid(conn, our_ssl_sessionid, - 0 /* unknown size */, sockindex); - if(result) { - Curl_ssl_sessionid_unlock(conn); - failf(data, "failed to store ssl session"); - return result; - } - } - Curl_ssl_sessionid_unlock(conn); - } - - connssl->connecting_state = ssl_connect_done; - - return result; -} - - -static ssize_t cyassl_send(struct connectdata *conn, - int sockindex, - const void *mem, - size_t len, - CURLcode *curlcode) -{ - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - char error_buffer[CYASSL_MAX_ERROR_SZ]; - int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; - int rc = SSL_write(BACKEND->handle, mem, memlen); - - if(rc < 0) { - int err = SSL_get_error(BACKEND->handle, rc); - - switch(err) { - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_write() */ - *curlcode = CURLE_AGAIN; - return -1; - default: - failf(conn->data, "SSL write: %s, errno %d", - ERR_error_string(err, error_buffer), - SOCKERRNO); - *curlcode = CURLE_SEND_ERROR; - return -1; - } - } - return rc; -} - -static void Curl_cyassl_close(struct connectdata *conn, int sockindex) -{ - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - if(BACKEND->handle) { - (void)SSL_shutdown(BACKEND->handle); - SSL_free(BACKEND->handle); - BACKEND->handle = NULL; - } - if(BACKEND->ctx) { - SSL_CTX_free(BACKEND->ctx); - BACKEND->ctx = NULL; - } -} - -static ssize_t cyassl_recv(struct connectdata *conn, - int num, - char *buf, - size_t buffersize, - CURLcode *curlcode) -{ - struct ssl_connect_data *connssl = &conn->ssl[num]; - char error_buffer[CYASSL_MAX_ERROR_SZ]; - int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; - int nread = SSL_read(BACKEND->handle, buf, buffsize); - - if(nread < 0) { - int err = SSL_get_error(BACKEND->handle, nread); - - switch(err) { - case SSL_ERROR_ZERO_RETURN: /* no more data */ - break; - case SSL_ERROR_WANT_READ: - case SSL_ERROR_WANT_WRITE: - /* there's data pending, re-invoke SSL_read() */ - *curlcode = CURLE_AGAIN; - return -1; - default: - failf(conn->data, "SSL read: %s, errno %d", - ERR_error_string(err, error_buffer), - SOCKERRNO); - *curlcode = CURLE_RECV_ERROR; - return -1; - } - } - return nread; -} - - -static void Curl_cyassl_session_free(void *ptr) -{ - (void)ptr; - /* CyaSSL reuses sessions on own, no free */ -} - - -static size_t Curl_cyassl_version(char *buffer, size_t size) -{ -#if LIBCYASSL_VERSION_HEX >= 0x03006000 - return msnprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version()); -#elif defined(WOLFSSL_VERSION) - return msnprintf(buffer, size, "wolfSSL/%s", WOLFSSL_VERSION); -#elif defined(CYASSL_VERSION) - return msnprintf(buffer, size, "CyaSSL/%s", CYASSL_VERSION); -#else - return msnprintf(buffer, size, "CyaSSL/%s", "<1.8.8"); -#endif -} - - -static int Curl_cyassl_init(void) -{ - return (CyaSSL_Init() == SSL_SUCCESS); -} - - -static void Curl_cyassl_cleanup(void) -{ - CyaSSL_Cleanup(); -} - - -static bool Curl_cyassl_data_pending(const struct connectdata* conn, - int connindex) -{ - const struct ssl_connect_data *connssl = &conn->ssl[connindex]; - if(BACKEND->handle) /* SSL is in use */ - return (0 != SSL_pending(BACKEND->handle)) ? TRUE : FALSE; - else - return FALSE; -} - - -/* - * This function is called to shut down the SSL layer but keep the - * socket open (CCC - Clear Command Channel) - */ -static int Curl_cyassl_shutdown(struct connectdata *conn, int sockindex) -{ - int retval = 0; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - - if(BACKEND->handle) { - SSL_free(BACKEND->handle); - BACKEND->handle = NULL; - } - return retval; -} - - -static CURLcode -cyassl_connect_common(struct connectdata *conn, - int sockindex, - bool nonblocking, - bool *done) -{ - CURLcode result; - struct Curl_easy *data = conn->data; - struct ssl_connect_data *connssl = &conn->ssl[sockindex]; - curl_socket_t sockfd = conn->sock[sockindex]; - time_t timeout_ms; - int what; - - /* check if the connection has already been established */ - if(ssl_connection_complete == connssl->state) { - *done = TRUE; - return CURLE_OK; - } - - if(ssl_connect_1 == connssl->connecting_state) { - /* Find out how much more time we're allowed */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - result = cyassl_connect_step1(conn, sockindex); - if(result) - return result; - } - - while(ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state) { - - /* check allowed time left */ - timeout_ms = Curl_timeleft(data, NULL, TRUE); - - if(timeout_ms < 0) { - /* no need to continue if time already is up */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - - /* if ssl is expecting something, check if it's available. */ - if(connssl->connecting_state == ssl_connect_2_reading - || connssl->connecting_state == ssl_connect_2_writing) { - - curl_socket_t writefd = ssl_connect_2_writing == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - curl_socket_t readfd = ssl_connect_2_reading == - connssl->connecting_state?sockfd:CURL_SOCKET_BAD; - - what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, - nonblocking?0:timeout_ms); - if(what < 0) { - /* fatal error */ - failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); - return CURLE_SSL_CONNECT_ERROR; - } - else if(0 == what) { - if(nonblocking) { - *done = FALSE; - return CURLE_OK; - } - else { - /* timeout */ - failf(data, "SSL connection timeout"); - return CURLE_OPERATION_TIMEDOUT; - } - } - /* socket is readable or writable */ - } - - /* Run transaction, and return to the caller if it failed or if - * this connection is part of a multi handle and this loop would - * execute again. This permits the owner of a multi handle to - * abort a connection attempt before step2 has completed while - * ensuring that a client using select() or epoll() will always - * have a valid fdset to wait on. - */ - result = cyassl_connect_step2(conn, sockindex); - if(result || (nonblocking && - (ssl_connect_2 == connssl->connecting_state || - ssl_connect_2_reading == connssl->connecting_state || - ssl_connect_2_writing == connssl->connecting_state))) - return result; - } /* repeat step2 until all transactions are done. */ - - if(ssl_connect_3 == connssl->connecting_state) { - result = cyassl_connect_step3(conn, sockindex); - if(result) - return result; - } - - if(ssl_connect_done == connssl->connecting_state) { - connssl->state = ssl_connection_complete; - conn->recv[sockindex] = cyassl_recv; - conn->send[sockindex] = cyassl_send; - *done = TRUE; - } - else - *done = FALSE; - - /* Reset our connect state machine */ - connssl->connecting_state = ssl_connect_1; - - return CURLE_OK; -} - - -static CURLcode Curl_cyassl_connect_nonblocking(struct connectdata *conn, - int sockindex, bool *done) -{ - return cyassl_connect_common(conn, sockindex, TRUE, done); -} - - -static CURLcode Curl_cyassl_connect(struct connectdata *conn, int sockindex) -{ - CURLcode result; - bool done = FALSE; - - result = cyassl_connect_common(conn, sockindex, FALSE, &done); - if(result) - return result; - - DEBUGASSERT(done); - - return CURLE_OK; -} - -static CURLcode Curl_cyassl_random(struct Curl_easy *data, - unsigned char *entropy, size_t length) -{ - RNG rng; - (void)data; - if(InitRng(&rng)) - return CURLE_FAILED_INIT; - if(length > UINT_MAX) - return CURLE_FAILED_INIT; - if(RNG_GenerateBlock(&rng, entropy, (unsigned)length)) - return CURLE_FAILED_INIT; - if(FreeRng(&rng)) - return CURLE_FAILED_INIT; - return CURLE_OK; -} - -static CURLcode Curl_cyassl_sha256sum(const unsigned char *tmp, /* input */ - size_t tmplen, - unsigned char *sha256sum /* output */, - size_t unused) -{ - Sha256 SHA256pw; - (void)unused; - InitSha256(&SHA256pw); - Sha256Update(&SHA256pw, tmp, (word32)tmplen); - Sha256Final(&SHA256pw, sha256sum); - return CURLE_OK; -} - -static void *Curl_cyassl_get_internals(struct ssl_connect_data *connssl, - CURLINFO info UNUSED_PARAM) -{ - (void)info; - return BACKEND->handle; -} - -const struct Curl_ssl Curl_ssl_cyassl = { - { CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */ - -#ifdef KEEP_PEER_CERT - SSLSUPP_PINNEDPUBKEY | -#endif - SSLSUPP_SSL_CTX, - - sizeof(struct ssl_backend_data), - - Curl_cyassl_init, /* init */ - Curl_cyassl_cleanup, /* cleanup */ - Curl_cyassl_version, /* version */ - Curl_none_check_cxn, /* check_cxn */ - Curl_cyassl_shutdown, /* shutdown */ - Curl_cyassl_data_pending, /* data_pending */ - Curl_cyassl_random, /* random */ - Curl_none_cert_status_request, /* cert_status_request */ - Curl_cyassl_connect, /* connect */ - Curl_cyassl_connect_nonblocking, /* connect_nonblocking */ - Curl_cyassl_get_internals, /* get_internals */ - Curl_cyassl_close, /* close_one */ - Curl_none_close_all, /* close_all */ - Curl_cyassl_session_free, /* session_free */ - Curl_none_set_engine, /* set_engine */ - Curl_none_set_engine_default, /* set_engine_default */ - Curl_none_engines_list, /* engines_list */ - Curl_none_false_start, /* false_start */ - Curl_none_md5sum, /* md5sum */ - Curl_cyassl_sha256sum /* sha256sum */ -}; - -#endif diff --git a/lib/vtls/cyassl.h b/lib/vtls/cyassl.h deleted file mode 100644 index 01e11cc23..000000000 --- a/lib/vtls/cyassl.h +++ /dev/null @@ -1,31 +0,0 @@ -#ifndef HEADER_CURL_CYASSL_H -#define HEADER_CURL_CYASSL_H -/*************************************************************************** - * _ _ ____ _ - * Project ___| | | | _ \| | - * / __| | | | |_) | | - * | (__| |_| | _ <| |___ - * \___|\___/|_| \_\_____| - * - * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. - * - * This software is licensed as described in the file COPYING, which - * you should have received as part of this distribution. The terms - * are also available at https://curl.haxx.se/docs/copyright.html. - * - * You may opt to use, copy, modify, merge, publish, distribute and/or sell - * copies of the Software, and permit persons to whom the Software is - * furnished to do so, under the terms of the COPYING file. - * - * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY - * KIND, either express or implied. - * - ***************************************************************************/ -#include "curl_setup.h" - -#ifdef USE_CYASSL - -extern const struct Curl_ssl Curl_ssl_cyassl; - -#endif /* USE_CYASSL */ -#endif /* HEADER_CURL_CYASSL_H */ diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index a7452dcd5..6a0e60fb6 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -514,7 +514,7 @@ void Curl_ssl_close_all(struct Curl_easy *data) #if defined(USE_OPENSSL) || defined(USE_GNUTLS) || defined(USE_SCHANNEL) || \ defined(USE_SECTRANSP) || defined(USE_POLARSSL) || defined(USE_NSS) || \ - defined(USE_MBEDTLS) || defined(USE_CYASSL) + defined(USE_MBEDTLS) || defined(USE_WOLFSSL) int Curl_ssl_getsock(struct connectdata *conn, curl_socket_t *socks, int numsocks) { @@ -1172,8 +1172,8 @@ static const struct Curl_ssl Curl_ssl_multi = { const struct Curl_ssl *Curl_ssl = #if defined(CURL_WITH_MULTI_SSL) &Curl_ssl_multi; -#elif defined(USE_CYASSL) - &Curl_ssl_cyassl; +#elif defined(USE_WOLFSSL) + &Curl_ssl_wolfssl; #elif defined(USE_SECTRANSP) &Curl_ssl_sectransp; #elif defined(USE_GNUTLS) @@ -1197,8 +1197,8 @@ const struct Curl_ssl *Curl_ssl = #endif static const struct Curl_ssl *available_backends[] = { -#if defined(USE_CYASSL) - &Curl_ssl_cyassl, +#if defined(USE_WOLFSSL) + &Curl_ssl_wolfssl, #endif #if defined(USE_SECTRANSP) &Curl_ssl_sectransp, diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 2a87ca1f7..173d360de 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -103,7 +103,7 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, #include "nssg.h" /* NSS versions */ #include "gskit.h" /* Global Secure ToolKit versions */ #include "polarssl.h" /* PolarSSL versions */ -#include "cyassl.h" /* CyaSSL versions */ +#include "wolfssl.h" /* wolfSSL versions */ #include "schannel.h" /* Schannel SSPI version */ #include "sectransp.h" /* SecureTransport (Darwin) version */ #include "mbedtls.h" /* mbedTLS versions */ diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c new file mode 100644 index 000000000..30e3756bf --- /dev/null +++ b/lib/vtls/wolfssl.c @@ -0,0 +1,991 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * Source file for all wolfSSL specific code for the TLS/SSL layer. No code + * but vtls.c should ever call or use these functions. + * + */ + +#include "curl_setup.h" + +#ifdef USE_WOLFSSL + +#define WOLFSSL_OPTIONS_IGNORE_SYS +#include +#include + +/* To determine what functions are available we rely on one or both of: + - the user's options.h generated by wolfSSL + - the symbols detected by curl's configure + Since they are markedly different from one another, and one or the other may + not be available, we do some checking below to bring things in sync. */ + +/* HAVE_ALPN is wolfSSL's build time symbol for enabling ALPN in options.h. */ +#ifndef HAVE_ALPN +#ifdef HAVE_WOLFSSL_USEALPN +#define HAVE_ALPN +#endif +#endif + +/* WOLFSSL_ALLOW_SSLV3 is wolfSSL's build time symbol for enabling SSLv3 in + options.h, but is only seen in >= 3.6.6 since that's when they started + disabling SSLv3 by default. */ +#ifndef WOLFSSL_ALLOW_SSLV3 +#if (LIBWOLFSSL_VERSION_HEX < 0x03006006) || \ + defined(HAVE_WOLFSSLV3_CLIENT_METHOD) +#define WOLFSSL_ALLOW_SSLV3 +#endif +#endif + +#include + +#include "urldata.h" +#include "sendf.h" +#include "inet_pton.h" +#include "vtls.h" +#include "parsedate.h" +#include "connect.h" /* for the connect timeout */ +#include "select.h" +#include "strcase.h" +#include "x509asn1.h" +#include "curl_printf.h" +#include "multiif.h" + +#include +#include +#include +#include "wolfssl.h" + +/* The last #include files should be: */ +#include "curl_memory.h" +#include "memdebug.h" + +/* KEEP_PEER_CERT is a product of the presence of build time symbol + OPENSSL_EXTRA without NO_CERTS, depending on the version. KEEP_PEER_CERT is + in wolfSSL's settings.h, and the latter two are build time symbols in + options.h. */ +#ifndef KEEP_PEER_CERT +#if defined(HAVE_WOLFSSL_GET_PEER_CERTIFICATE) || \ + (defined(OPENSSL_EXTRA) && !defined(NO_CERTS)) +#define KEEP_PEER_CERT +#endif +#endif + +struct ssl_backend_data { + SSL_CTX* ctx; + SSL* handle; +}; + +#define BACKEND connssl->backend + +static Curl_recv wolfssl_recv; +static Curl_send wolfssl_send; + + +static int do_file_type(const char *type) +{ + if(!type || !type[0]) + return SSL_FILETYPE_PEM; + if(strcasecompare(type, "PEM")) + return SSL_FILETYPE_PEM; + if(strcasecompare(type, "DER")) + return SSL_FILETYPE_ASN1; + return -1; +} + +/* + * This function loads all the client/CA certificates and CRLs. Setup the TLS + * layer and do all necessary magic. + */ +static CURLcode +wolfssl_connect_step1(struct connectdata *conn, + int sockindex) +{ + char *ciphers; + struct Curl_easy *data = conn->data; + struct ssl_connect_data* connssl = &conn->ssl[sockindex]; + SSL_METHOD* req_method = NULL; + curl_socket_t sockfd = conn->sock[sockindex]; +#ifdef HAVE_SNI + bool sni = FALSE; +#define use_sni(x) sni = (x) +#else +#define use_sni(x) Curl_nop_stmt +#endif + + if(connssl->state == ssl_connection_complete) + return CURLE_OK; + + if(SSL_CONN_CONFIG(version_max) != CURL_SSLVERSION_MAX_NONE) { + failf(data, "wolfSSL does not support to set maximum SSL/TLS version"); + return CURLE_SSL_CONNECT_ERROR; + } + + /* check to see if we've been told to use an explicit SSL/TLS version */ + switch(SSL_CONN_CONFIG(version)) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: +#if LIBWOLFSSL_VERSION_HEX >= 0x03003000 /* >= 3.3.0 */ + /* minimum protocol version is set later after the CTX object is created */ + req_method = SSLv23_client_method(); +#else + infof(data, "wolfSSL <3.3.0 cannot be configured to use TLS 1.0-1.2, " + "TLS 1.0 is used exclusively\n"); + req_method = TLSv1_client_method(); +#endif + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_0: +#ifdef WOLFSSL_ALLOW_TLSV10 + req_method = TLSv1_client_method(); + use_sni(TRUE); +#else + failf(data, "wolfSSL does not support TLS 1.0"); + return CURLE_NOT_BUILT_IN; +#endif + break; + case CURL_SSLVERSION_TLSv1_1: + req_method = TLSv1_1_client_method(); + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_2: + req_method = TLSv1_2_client_method(); + use_sni(TRUE); + break; + case CURL_SSLVERSION_TLSv1_3: +#ifdef WOLFSSL_TLS13 + req_method = wolfTLSv1_3_client_method(); + use_sni(TRUE); + break; +#else + failf(data, "wolfSSL: TLS 1.3 is not yet supported"); + return CURLE_SSL_CONNECT_ERROR; +#endif + case CURL_SSLVERSION_SSLv3: +#ifdef WOLFSSL_ALLOW_SSLV3 + req_method = SSLv3_client_method(); + use_sni(FALSE); +#else + failf(data, "wolfSSL does not support SSLv3"); + return CURLE_NOT_BUILT_IN; +#endif + break; + case CURL_SSLVERSION_SSLv2: + failf(data, "wolfSSL does not support SSLv2"); + return CURLE_SSL_CONNECT_ERROR; + default: + failf(data, "Unrecognized parameter passed via CURLOPT_SSLVERSION"); + return CURLE_SSL_CONNECT_ERROR; + } + + if(!req_method) { + failf(data, "SSL: couldn't create a method!"); + return CURLE_OUT_OF_MEMORY; + } + + if(BACKEND->ctx) + SSL_CTX_free(BACKEND->ctx); + BACKEND->ctx = SSL_CTX_new(req_method); + + if(!BACKEND->ctx) { + failf(data, "SSL: couldn't create a context!"); + return CURLE_OUT_OF_MEMORY; + } + + switch(SSL_CONN_CONFIG(version)) { + case CURL_SSLVERSION_DEFAULT: + case CURL_SSLVERSION_TLSv1: +#if LIBWOLFSSL_VERSION_HEX > 0x03004006 /* > 3.4.6 */ + /* Versions 3.3.0 to 3.4.6 we know the minimum protocol version is + * whatever minimum version of TLS was built in and at least TLS 1.0. For + * later library versions that could change (eg TLS 1.0 built in but + * defaults to TLS 1.1) so we have this short circuit evaluation to find + * the minimum supported TLS version. + */ + if((wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1) != 1) && + (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_1) != 1) && + (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_2) != 1) +#ifdef WOLFSSL_TLS13 + && (wolfSSL_CTX_SetMinVersion(BACKEND->ctx, WOLFSSL_TLSV1_3) != 1) +#endif + ) { + failf(data, "SSL: couldn't set the minimum protocol version"); + return CURLE_SSL_CONNECT_ERROR; + } +#endif + break; + } + + ciphers = SSL_CONN_CONFIG(cipher_list); + if(ciphers) { + if(!SSL_CTX_set_cipher_list(BACKEND->ctx, ciphers)) { + failf(data, "failed setting cipher list: %s", ciphers); + return CURLE_SSL_CIPHER; + } + infof(data, "Cipher selection: %s\n", ciphers); + } + +#ifndef NO_FILESYSTEM + /* load trusted cacert */ + if(SSL_CONN_CONFIG(CAfile)) { + if(1 != SSL_CTX_load_verify_locations(BACKEND->ctx, + SSL_CONN_CONFIG(CAfile), + SSL_CONN_CONFIG(CApath))) { + if(SSL_CONN_CONFIG(verifypeer)) { + /* Fail if we insist on successfully verifying the server. */ + failf(data, "error setting certificate verify locations:\n" + " CAfile: %s\n CApath: %s", + SSL_CONN_CONFIG(CAfile)? + SSL_CONN_CONFIG(CAfile): "none", + SSL_CONN_CONFIG(CApath)? + SSL_CONN_CONFIG(CApath) : "none"); + return CURLE_SSL_CACERT_BADFILE; + } + else { + /* Just continue with a warning if no strict certificate + verification is required. */ + infof(data, "error setting certificate verify locations," + " continuing anyway:\n"); + } + } + else { + /* Everything is fine. */ + infof(data, "successfully set certificate verify locations:\n"); + } + infof(data, + " CAfile: %s\n" + " CApath: %s\n", + SSL_CONN_CONFIG(CAfile) ? SSL_CONN_CONFIG(CAfile): + "none", + SSL_CONN_CONFIG(CApath) ? SSL_CONN_CONFIG(CApath): + "none"); + } + + /* Load the client certificate, and private key */ + if(SSL_SET_OPTION(cert) && SSL_SET_OPTION(key)) { + int file_type = do_file_type(SSL_SET_OPTION(cert_type)); + + if(SSL_CTX_use_certificate_file(BACKEND->ctx, SSL_SET_OPTION(cert), + file_type) != 1) { + failf(data, "unable to use client certificate (no key or wrong pass" + " phrase?)"); + return CURLE_SSL_CONNECT_ERROR; + } + + file_type = do_file_type(SSL_SET_OPTION(key_type)); + if(SSL_CTX_use_PrivateKey_file(BACKEND->ctx, SSL_SET_OPTION(key), + file_type) != 1) { + failf(data, "unable to set private key"); + return CURLE_SSL_CONNECT_ERROR; + } + } +#endif /* !NO_FILESYSTEM */ + + /* SSL always tries to verify the peer, this only says whether it should + * fail to connect if the verification fails, or if it should continue + * anyway. In the latter case the result of the verification is checked with + * SSL_get_verify_result() below. */ + SSL_CTX_set_verify(BACKEND->ctx, + SSL_CONN_CONFIG(verifypeer)?SSL_VERIFY_PEER: + SSL_VERIFY_NONE, + NULL); + +#ifdef HAVE_SNI + if(sni) { + struct in_addr addr4; +#ifdef ENABLE_IPV6 + struct in6_addr addr6; +#endif + const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : + conn->host.name; + size_t hostname_len = strlen(hostname); + if((hostname_len < USHRT_MAX) && + (0 == Curl_inet_pton(AF_INET, hostname, &addr4)) && +#ifdef ENABLE_IPV6 + (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) && +#endif + (wolfssl_CTX_UseSNI(BACKEND->ctx, WOLFSSL_SNI_HOST_NAME, hostname, + (unsigned short)hostname_len) != 1)) { + infof(data, "WARNING: failed to configure server name indication (SNI) " + "TLS extension\n"); + } + } +#endif + + /* give application a chance to interfere with SSL set up. */ + if(data->set.ssl.fsslctx) { + CURLcode result = (*data->set.ssl.fsslctx)(data, BACKEND->ctx, + data->set.ssl.fsslctxp); + if(result) { + failf(data, "error signaled by ssl ctx callback"); + return result; + } + } +#ifdef NO_FILESYSTEM + else if(SSL_CONN_CONFIG(verifypeer)) { + failf(data, "SSL: Certificates can't be loaded because wolfSSL was built" + " with \"no filesystem\". Either disable peer verification" + " (insecure) or if you are building an application with libcurl you" + " can load certificates via CURLOPT_SSL_CTX_FUNCTION."); + return CURLE_SSL_CONNECT_ERROR; + } +#endif + + /* Let's make an SSL structure */ + if(BACKEND->handle) + SSL_free(BACKEND->handle); + BACKEND->handle = SSL_new(BACKEND->ctx); + if(!BACKEND->handle) { + failf(data, "SSL: couldn't create a context (handle)!"); + return CURLE_OUT_OF_MEMORY; + } + +#ifdef HAVE_ALPN + if(conn->bits.tls_enable_alpn) { + char protocols[128]; + *protocols = '\0'; + + /* wolfSSL's ALPN protocol name list format is a comma separated string of + protocols in descending order of preference, eg: "h2,http/1.1" */ + +#ifdef USE_NGHTTP2 + if(data->set.httpversion >= CURL_HTTP_VERSION_2) { + strcpy(protocols + strlen(protocols), NGHTTP2_PROTO_VERSION_ID ","); + infof(data, "ALPN, offering %s\n", NGHTTP2_PROTO_VERSION_ID); + } +#endif + + strcpy(protocols + strlen(protocols), ALPN_HTTP_1_1); + infof(data, "ALPN, offering %s\n", ALPN_HTTP_1_1); + + if(wolfSSL_UseALPN(BACKEND->handle, protocols, + (unsigned)strlen(protocols), + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) != SSL_SUCCESS) { + failf(data, "SSL: failed setting ALPN protocols"); + return CURLE_SSL_CONNECT_ERROR; + } + } +#endif /* HAVE_ALPN */ + + /* Check if there's a cached ID we can/should use here! */ + if(SSL_SET_OPTION(primary.sessionid)) { + void *ssl_sessionid = NULL; + + Curl_ssl_sessionid_lock(conn); + if(!Curl_ssl_getsessionid(conn, &ssl_sessionid, NULL, sockindex)) { + /* we got a session id, use it! */ + if(!SSL_set_session(BACKEND->handle, ssl_sessionid)) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + Curl_ssl_sessionid_unlock(conn); + failf(data, "SSL: SSL_set_session failed: %s", + ERR_error_string(SSL_get_error(BACKEND->handle, 0), + error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } + /* Informational message */ + infof(data, "SSL re-using session ID\n"); + } + Curl_ssl_sessionid_unlock(conn); + } + + /* pass the raw socket into the SSL layer */ + if(!SSL_set_fd(BACKEND->handle, (int)sockfd)) { + failf(data, "SSL: SSL_set_fd failed"); + return CURLE_SSL_CONNECT_ERROR; + } + + connssl->connecting_state = ssl_connect_2; + return CURLE_OK; +} + + +static CURLcode +wolfssl_connect_step2(struct connectdata *conn, + int sockindex) +{ + int ret = -1; + struct Curl_easy *data = conn->data; + struct ssl_connect_data* connssl = &conn->ssl[sockindex]; + const char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name : + conn->host.name; + const char * const dispname = SSL_IS_PROXY() ? + conn->http_proxy.host.dispname : conn->host.dispname; + const char * const pinnedpubkey = SSL_IS_PROXY() ? + data->set.str[STRING_SSL_PINNEDPUBLICKEY_PROXY] : + data->set.str[STRING_SSL_PINNEDPUBLICKEY_ORIG]; + + conn->recv[sockindex] = wolfssl_recv; + conn->send[sockindex] = wolfssl_send; + + /* Enable RFC2818 checks */ + if(SSL_CONN_CONFIG(verifyhost)) { + ret = wolfSSL_check_domain_name(BACKEND->handle, hostname); + if(ret == SSL_FAILURE) + return CURLE_OUT_OF_MEMORY; + } + + ret = SSL_connect(BACKEND->handle); + if(ret != 1) { + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int detail = SSL_get_error(BACKEND->handle, ret); + + if(SSL_ERROR_WANT_READ == detail) { + connssl->connecting_state = ssl_connect_2_reading; + return CURLE_OK; + } + else if(SSL_ERROR_WANT_WRITE == detail) { + connssl->connecting_state = ssl_connect_2_writing; + return CURLE_OK; + } + /* There is no easy way to override only the CN matching. + * This will enable the override of both mismatching SubjectAltNames + * as also mismatching CN fields */ + else if(DOMAIN_NAME_MISMATCH == detail) { +#if 1 + failf(data, "\tsubject alt name(s) or common name do not match \"%s\"\n", + dispname); + return CURLE_PEER_FAILED_VERIFICATION; +#else + /* When the wolfssl_check_domain_name() is used and you desire to + * continue on a DOMAIN_NAME_MISMATCH, i.e. 'conn->ssl_config.verifyhost + * == 0', CyaSSL version 2.4.0 will fail with an INCOMPLETE_DATA + * error. The only way to do this is currently to switch the + * Wolfssl_check_domain_name() in and out based on the + * 'conn->ssl_config.verifyhost' value. */ + if(SSL_CONN_CONFIG(verifyhost)) { + failf(data, + "\tsubject alt name(s) or common name do not match \"%s\"\n", + dispname); + return CURLE_PEER_FAILED_VERIFICATION; + } + else { + infof(data, + "\tsubject alt name(s) and/or common name do not match \"%s\"\n", + dispname); + return CURLE_OK; + } +#endif + } +#if LIBWOLFSSL_VERSION_HEX >= 0x02007000 /* 2.7.0 */ + else if(ASN_NO_SIGNER_E == detail) { + if(SSL_CONN_CONFIG(verifypeer)) { + failf(data, "\tCA signer not available for verification\n"); + return CURLE_SSL_CACERT_BADFILE; + } + else { + /* Just continue with a warning if no strict certificate + verification is required. */ + infof(data, "CA signer not available for verification, " + "continuing anyway\n"); + } + } +#endif + else { + failf(data, "SSL_connect failed with error %d: %s", detail, + ERR_error_string(detail, error_buffer)); + return CURLE_SSL_CONNECT_ERROR; + } + } + + if(pinnedpubkey) { +#ifdef KEEP_PEER_CERT + X509 *x509; + const char *x509_der; + int x509_der_len; + curl_X509certificate x509_parsed; + curl_asn1Element *pubkey; + CURLcode result; + + x509 = SSL_get_peer_certificate(BACKEND->handle); + if(!x509) { + failf(data, "SSL: failed retrieving server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + } + + x509_der = (const char *)wolfssl_X509_get_der(x509, &x509_der_len); + if(!x509_der) { + failf(data, "SSL: failed retrieving ASN.1 server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + } + + memset(&x509_parsed, 0, sizeof(x509_parsed)); + if(Curl_parseX509(&x509_parsed, x509_der, x509_der + x509_der_len)) + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + + pubkey = &x509_parsed.subjectPublicKeyInfo; + if(!pubkey->header || pubkey->end <= pubkey->header) { + failf(data, "SSL: failed retrieving public key from server certificate"); + return CURLE_SSL_PINNEDPUBKEYNOTMATCH; + } + + result = Curl_pin_peer_pubkey(data, + pinnedpubkey, + (const unsigned char *)pubkey->header, + (size_t)(pubkey->end - pubkey->header)); + if(result) { + failf(data, "SSL: public key does not match pinned public key!"); + return result; + } +#else + failf(data, "Library lacks pinning support built-in"); + return CURLE_NOT_BUILT_IN; +#endif + } + +#ifdef HAVE_ALPN + if(conn->bits.tls_enable_alpn) { + int rc; + char *protocol = NULL; + unsigned short protocol_len = 0; + + rc = wolfSSL_ALPN_GetProtocol(BACKEND->handle, &protocol, &protocol_len); + + if(rc == SSL_SUCCESS) { + infof(data, "ALPN, server accepted to use %.*s\n", protocol_len, + protocol); + + if(protocol_len == ALPN_HTTP_1_1_LENGTH && + !memcmp(protocol, ALPN_HTTP_1_1, ALPN_HTTP_1_1_LENGTH)) + conn->negnpn = CURL_HTTP_VERSION_1_1; +#ifdef USE_NGHTTP2 + else if(data->set.httpversion >= CURL_HTTP_VERSION_2 && + protocol_len == NGHTTP2_PROTO_VERSION_ID_LEN && + !memcmp(protocol, NGHTTP2_PROTO_VERSION_ID, + NGHTTP2_PROTO_VERSION_ID_LEN)) + conn->negnpn = CURL_HTTP_VERSION_2; +#endif + else + infof(data, "ALPN, unrecognized protocol %.*s\n", protocol_len, + protocol); + Curl_multiuse_state(conn, conn->negnpn == CURL_HTTP_VERSION_2 ? + BUNDLE_MULTIPLEX : BUNDLE_NO_MULTIUSE); + } + else if(rc == SSL_ALPN_NOT_FOUND) + infof(data, "ALPN, server did not agree to a protocol\n"); + else { + failf(data, "ALPN, failure getting protocol, error %d", rc); + return CURLE_SSL_CONNECT_ERROR; + } + } +#endif /* HAVE_ALPN */ + + connssl->connecting_state = ssl_connect_3; +#if (LIBWOLFSSL_VERSION_HEX >= 0x03009010) + infof(data, "SSL connection using %s / %s\n", + wolfSSL_get_version(BACKEND->handle), + wolfSSL_get_cipher_name(BACKEND->handle)); +#else + infof(data, "SSL connected\n"); +#endif + + return CURLE_OK; +} + + +static CURLcode +wolfssl_connect_step3(struct connectdata *conn, + int sockindex) +{ + CURLcode result = CURLE_OK; + struct Curl_easy *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + + DEBUGASSERT(ssl_connect_3 == connssl->connecting_state); + + if(SSL_SET_OPTION(primary.sessionid)) { + bool incache; + SSL_SESSION *our_ssl_sessionid; + void *old_ssl_sessionid = NULL; + + our_ssl_sessionid = SSL_get_session(BACKEND->handle); + + Curl_ssl_sessionid_lock(conn); + incache = !(Curl_ssl_getsessionid(conn, &old_ssl_sessionid, NULL, + sockindex)); + if(incache) { + if(old_ssl_sessionid != our_ssl_sessionid) { + infof(data, "old SSL session ID is stale, removing\n"); + Curl_ssl_delsessionid(conn, old_ssl_sessionid); + incache = FALSE; + } + } + + if(!incache) { + result = Curl_ssl_addsessionid(conn, our_ssl_sessionid, + 0 /* unknown size */, sockindex); + if(result) { + Curl_ssl_sessionid_unlock(conn); + failf(data, "failed to store ssl session"); + return result; + } + } + Curl_ssl_sessionid_unlock(conn); + } + + connssl->connecting_state = ssl_connect_done; + + return result; +} + + +static ssize_t wolfssl_send(struct connectdata *conn, + int sockindex, + const void *mem, + size_t len, + CURLcode *curlcode) +{ + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int memlen = (len > (size_t)INT_MAX) ? INT_MAX : (int)len; + int rc = SSL_write(BACKEND->handle, mem, memlen); + + if(rc < 0) { + int err = SSL_get_error(BACKEND->handle, rc); + + switch(err) { + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + /* there's data pending, re-invoke SSL_write() */ + *curlcode = CURLE_AGAIN; + return -1; + default: + failf(conn->data, "SSL write: %s, errno %d", + ERR_error_string(err, error_buffer), + SOCKERRNO); + *curlcode = CURLE_SEND_ERROR; + return -1; + } + } + return rc; +} + +static void Curl_wolfssl_close(struct connectdata *conn, int sockindex) +{ + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + + if(BACKEND->handle) { + (void)SSL_shutdown(BACKEND->handle); + SSL_free(BACKEND->handle); + BACKEND->handle = NULL; + } + if(BACKEND->ctx) { + SSL_CTX_free(BACKEND->ctx); + BACKEND->ctx = NULL; + } +} + +static ssize_t wolfssl_recv(struct connectdata *conn, + int num, + char *buf, + size_t buffersize, + CURLcode *curlcode) +{ + struct ssl_connect_data *connssl = &conn->ssl[num]; + char error_buffer[WOLFSSL_MAX_ERROR_SZ]; + int buffsize = (buffersize > (size_t)INT_MAX) ? INT_MAX : (int)buffersize; + int nread = SSL_read(BACKEND->handle, buf, buffsize); + + if(nread < 0) { + int err = SSL_get_error(BACKEND->handle, nread); + + switch(err) { + case SSL_ERROR_ZERO_RETURN: /* no more data */ + break; + case SSL_ERROR_WANT_READ: + case SSL_ERROR_WANT_WRITE: + /* there's data pending, re-invoke SSL_read() */ + *curlcode = CURLE_AGAIN; + return -1; + default: + failf(conn->data, "SSL read: %s, errno %d", + ERR_error_string(err, error_buffer), + SOCKERRNO); + *curlcode = CURLE_RECV_ERROR; + return -1; + } + } + return nread; +} + + +static void Curl_wolfssl_session_free(void *ptr) +{ + (void)ptr; + /* wolfSSL reuses sessions on own, no free */ +} + + +static size_t Curl_wolfssl_version(char *buffer, size_t size) +{ +#if LIBWOLFSSL_VERSION_HEX >= 0x03006000 + return msnprintf(buffer, size, "wolfSSL/%s", wolfSSL_lib_version()); +#elif defined(WOLFSSL_VERSION) + return msnprintf(buffer, size, "wolfSSL/%s", WOLFSSL_VERSION); +#endif +} + + +static int Curl_wolfssl_init(void) +{ + return (wolfSSL_Init() == SSL_SUCCESS); +} + + +static void Curl_wolfssl_cleanup(void) +{ + wolfSSL_Cleanup(); +} + + +static bool Curl_wolfssl_data_pending(const struct connectdata* conn, + int connindex) +{ + const struct ssl_connect_data *connssl = &conn->ssl[connindex]; + if(BACKEND->handle) /* SSL is in use */ + return (0 != SSL_pending(BACKEND->handle)) ? TRUE : FALSE; + else + return FALSE; +} + + +/* + * This function is called to shut down the SSL layer but keep the + * socket open (CCC - Clear Command Channel) + */ +static int Curl_wolfssl_shutdown(struct connectdata *conn, int sockindex) +{ + int retval = 0; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + + if(BACKEND->handle) { + SSL_free(BACKEND->handle); + BACKEND->handle = NULL; + } + return retval; +} + + +static CURLcode +wolfssl_connect_common(struct connectdata *conn, + int sockindex, + bool nonblocking, + bool *done) +{ + CURLcode result; + struct Curl_easy *data = conn->data; + struct ssl_connect_data *connssl = &conn->ssl[sockindex]; + curl_socket_t sockfd = conn->sock[sockindex]; + time_t timeout_ms; + int what; + + /* check if the connection has already been established */ + if(ssl_connection_complete == connssl->state) { + *done = TRUE; + return CURLE_OK; + } + + if(ssl_connect_1 == connssl->connecting_state) { + /* Find out how much more time we're allowed */ + timeout_ms = Curl_timeleft(data, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + + result = wolfssl_connect_step1(conn, sockindex); + if(result) + return result; + } + + while(ssl_connect_2 == connssl->connecting_state || + ssl_connect_2_reading == connssl->connecting_state || + ssl_connect_2_writing == connssl->connecting_state) { + + /* check allowed time left */ + timeout_ms = Curl_timeleft(data, NULL, TRUE); + + if(timeout_ms < 0) { + /* no need to continue if time already is up */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + + /* if ssl is expecting something, check if it's available. */ + if(connssl->connecting_state == ssl_connect_2_reading + || connssl->connecting_state == ssl_connect_2_writing) { + + curl_socket_t writefd = ssl_connect_2_writing == + connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + curl_socket_t readfd = ssl_connect_2_reading == + connssl->connecting_state?sockfd:CURL_SOCKET_BAD; + + what = Curl_socket_check(readfd, CURL_SOCKET_BAD, writefd, + nonblocking?0:timeout_ms); + if(what < 0) { + /* fatal error */ + failf(data, "select/poll on SSL socket, errno: %d", SOCKERRNO); + return CURLE_SSL_CONNECT_ERROR; + } + else if(0 == what) { + if(nonblocking) { + *done = FALSE; + return CURLE_OK; + } + else { + /* timeout */ + failf(data, "SSL connection timeout"); + return CURLE_OPERATION_TIMEDOUT; + } + } + /* socket is readable or writable */ + } + + /* Run transaction, and return to the caller if it failed or if + * this connection is part of a multi handle and this loop would + * execute again. This permits the owner of a multi handle to + * abort a connection attempt before step2 has completed while + * ensuring that a client using select() or epoll() will always + * have a valid fdset to wait on. + */ + result = wolfssl_connect_step2(conn, sockindex); + if(result || (nonblocking && + (ssl_connect_2 == connssl->connecting_state || + ssl_connect_2_reading == connssl->connecting_state || + ssl_connect_2_writing == connssl->connecting_state))) + return result; + } /* repeat step2 until all transactions are done. */ + + if(ssl_connect_3 == connssl->connecting_state) { + result = wolfssl_connect_step3(conn, sockindex); + if(result) + return result; + } + + if(ssl_connect_done == connssl->connecting_state) { + connssl->state = ssl_connection_complete; + conn->recv[sockindex] = wolfssl_recv; + conn->send[sockindex] = wolfssl_send; + *done = TRUE; + } + else + *done = FALSE; + + /* Reset our connect state machine */ + connssl->connecting_state = ssl_connect_1; + + return CURLE_OK; +} + + +static CURLcode Curl_wolfssl_connect_nonblocking(struct connectdata *conn, + int sockindex, bool *done) +{ + return wolfssl_connect_common(conn, sockindex, TRUE, done); +} + + +static CURLcode Curl_wolfssl_connect(struct connectdata *conn, int sockindex) +{ + CURLcode result; + bool done = FALSE; + + result = wolfssl_connect_common(conn, sockindex, FALSE, &done); + if(result) + return result; + + DEBUGASSERT(done); + + return CURLE_OK; +} + +static CURLcode Curl_wolfssl_random(struct Curl_easy *data, + unsigned char *entropy, size_t length) +{ + RNG rng; + (void)data; + if(wc_InitRng(&rng)) + return CURLE_FAILED_INIT; + if(length > UINT_MAX) + return CURLE_FAILED_INIT; + if(wc_RNG_GenerateBlock(&rng, entropy, (unsigned)length)) + return CURLE_FAILED_INIT; + if(wc_FreeRng(&rng)) + return CURLE_FAILED_INIT; + return CURLE_OK; +} + +static CURLcode Curl_wolfssl_sha256sum(const unsigned char *tmp, /* input */ + size_t tmplen, + unsigned char *sha256sum /* output */, + size_t unused) +{ + Sha256 SHA256pw; + (void)unused; + wc_InitSha256(&SHA256pw); + wc_Sha256Update(&SHA256pw, tmp, (word32)tmplen); + wc_Sha256Final(&SHA256pw, sha256sum); + return CURLE_OK; +} + +static void *Curl_wolfssl_get_internals(struct ssl_connect_data *connssl, + CURLINFO info UNUSED_PARAM) +{ + (void)info; + return BACKEND->handle; +} + +const struct Curl_ssl Curl_ssl_wolfssl = { + { CURLSSLBACKEND_WOLFSSL, "WolfSSL" }, /* info */ + +#ifdef KEEP_PEER_CERT + SSLSUPP_PINNEDPUBKEY | +#endif + SSLSUPP_SSL_CTX, + + sizeof(struct ssl_backend_data), + + Curl_wolfssl_init, /* init */ + Curl_wolfssl_cleanup, /* cleanup */ + Curl_wolfssl_version, /* version */ + Curl_none_check_cxn, /* check_cxn */ + Curl_wolfssl_shutdown, /* shutdown */ + Curl_wolfssl_data_pending, /* data_pending */ + Curl_wolfssl_random, /* random */ + Curl_none_cert_status_request, /* cert_status_request */ + Curl_wolfssl_connect, /* connect */ + Curl_wolfssl_connect_nonblocking, /* connect_nonblocking */ + Curl_wolfssl_get_internals, /* get_internals */ + Curl_wolfssl_close, /* close_one */ + Curl_none_close_all, /* close_all */ + Curl_wolfssl_session_free, /* session_free */ + Curl_none_set_engine, /* set_engine */ + Curl_none_set_engine_default, /* set_engine_default */ + Curl_none_engines_list, /* engines_list */ + Curl_none_false_start, /* false_start */ + Curl_none_md5sum, /* md5sum */ + Curl_wolfssl_sha256sum /* sha256sum */ +}; + +#endif diff --git a/lib/vtls/wolfssl.h b/lib/vtls/wolfssl.h new file mode 100644 index 000000000..2b9673c0f --- /dev/null +++ b/lib/vtls/wolfssl.h @@ -0,0 +1,31 @@ +#ifndef HEADER_CURL_WOLFSSL_H +#define HEADER_CURL_WOLFSSL_H +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "curl_setup.h" + +#ifdef USE_WOLFSSL + +extern const struct Curl_ssl Curl_ssl_wolfssl; + +#endif /* USE_WOLFSSL */ +#endif /* HEADER_CURL_WOLFSSL_H */ diff --git a/lib/x509asn1.c b/lib/x509asn1.c index 0c1256ba8..ece5364d8 100644 --- a/lib/x509asn1.c +++ b/lib/x509asn1.c @@ -23,7 +23,7 @@ #include "curl_setup.h" #if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_CYASSL) || defined(USE_SCHANNEL) + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) #include #include "urldata.h" @@ -1104,7 +1104,7 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn, return CURLE_OK; } -#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL or USE_SCHANNEL */ +#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL */ #if defined(USE_GSKIT) diff --git a/lib/x509asn1.h b/lib/x509asn1.h index ce4029792..205fdc0d7 100644 --- a/lib/x509asn1.h +++ b/lib/x509asn1.h @@ -8,7 +8,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -26,7 +26,7 @@ #include "curl_setup.h" #if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_CYASSL) || defined(USE_SCHANNEL) + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) #include "urldata.h" @@ -130,5 +130,5 @@ CURLcode Curl_extract_certinfo(struct connectdata *conn, int certnum, const char *beg, const char *end); CURLcode Curl_verifyhost(struct connectdata *conn, const char *beg, const char *end); -#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_CYASSL or USE_SCHANNEL */ +#endif /* USE_GSKIT or USE_NSS or USE_GNUTLS or USE_WOLFSSL or USE_SCHANNEL */ #endif /* HEADER_CURL_X509ASN1_H */ diff --git a/tests/runtests.pl b/tests/runtests.pl index b5182513b..a6e1adde3 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -244,7 +244,7 @@ my $h2cver = "h2c"; my $has_openssl; # built with a lib using an OpenSSL-like API my $has_gnutls; # built with GnuTLS my $has_nss; # built with NSS -my $has_yassl; # built with yassl +my $has_wolfssl; # built with wolfSSL my $has_polarssl; # built with polarssl my $has_winssl; # built with WinSSL (Secure Channel aka Schannel) my $has_darwinssl; # built with DarwinSSL (Secure Transport) @@ -2622,8 +2622,8 @@ sub checksystem { $has_nss=1; $has_sslpinning=1; } - elsif ($libcurl =~ /(yassl|wolfssl)/i) { - $has_yassl=1; + elsif ($libcurl =~ /wolfssl/i) { + $has_wolfssl=1; $has_sslpinning=1; } elsif ($libcurl =~ /polarssl/i) { diff --git a/tests/unit/unit1651.c b/tests/unit/unit1651.c index db3a0f35b..3652601f9 100644 --- a/tests/unit/unit1651.c +++ b/tests/unit/unit1651.c @@ -33,7 +33,7 @@ static void unit_stop(void) } #if defined(USE_GSKIT) || defined(USE_NSS) || defined(USE_GNUTLS) || \ - defined(USE_CYASSL) || defined(USE_SCHANNEL) + defined(USE_WOLFSSL) || defined(USE_SCHANNEL) /* cert captured from gdb when connecting to curl.haxx.se on October 26 2018 */ -- cgit v1.2.3 From 6df5f35e6ac5f0f1adf7e5c7bf4bd2ec87b9d4bb Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 10 Jun 2019 09:32:30 +0200 Subject: tool_cb_prg: Fix integer overflow in progress bar Commit 61faa0b420c236480bc9ef6fd52b4ecc1e0f8d17 fixed the progress bar width calculation to avoid integer overflow, but failed to account for the fact that initial_size is initialized to -1 when the file size is retrieved from the remote on an upload, causing another signed integer overflow. Fix by separately checking for this case before the width calculation. Closes #3984 Reported-by: Brian Carpenter (Geeknik Labs) Reviewed-by: Daniel Stenberg --- src/tool_cb_prg.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c index e2ee54225..05fe0e636 100644 --- a/src/tool_cb_prg.c +++ b/src/tool_cb_prg.c @@ -125,14 +125,19 @@ int tool_progress_cb(void *clientp, curl_off_t total; curl_off_t point; - /* expected transfer size */ - if((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal)) + /* Calculate expected transfer size. initial_size can be less than zero + when indicating that we are expecting to get the filesize from the + remote */ + if(bar->initial_size < 0 || + ((CURL_OFF_T_MAX - bar->initial_size) < (dltotal + ultotal))) total = CURL_OFF_T_MAX; else total = dltotal + ultotal + bar->initial_size; - /* we've come this far */ - if((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow)) + /* Calculate the current progress. initial_size can be less than zero when + indicating that we are expecting to get the filesize from the remote */ + if(bar->initial_size < 0 || + ((CURL_OFF_T_MAX - bar->initial_size) < (dlnow + ulnow))) point = CURL_OFF_T_MAX; else point = dlnow + ulnow + bar->initial_size; -- cgit v1.2.3 From b9a6130dc553685c3ab28632bbc69a6e49bd6c0c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 10:16:02 +0200 Subject: SECURITY.md: created Brief security policy description for use/display on github. --- SECURITY.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..871c06a50 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,10 @@ +# Security Policy + +See [docs/SECURITY-PROCESS.md](docs/SECURITY-PROCESS.md) for full details. + +## Reporting a Vulnerability + +If you have found or just suspect a security problem somewhere in curl or libcurl, +report it on [https://hackerone.com/curl](https://hackerone.com/curl). + +We treat security issuse with confidentiality until disclosed controlled and responsibly. -- cgit v1.2.3 From 027c065f3cbc5b87ba9e658b14b78c9793af8584 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 09:10:14 +0200 Subject: CURLOPT_CAINFO.3: polished wording Clarify the functionality when built to use Schannel and Secure Transport and stop calling it the "recommended" or "preferred" way and instead rather call it the default. Removed the reference to the ssl comparison table as it isn't necessary. Reported-by: Richard Alcock Bug: https://curl.haxx.se/mail/lib-2019-06/0019.html Closes #4005 --- docs/libcurl/opts/CURLOPT_CAINFO.3 | 20 +++++++++----------- 1 file changed, 9 insertions(+), 11 deletions(-) diff --git a/docs/libcurl/opts/CURLOPT_CAINFO.3 b/docs/libcurl/opts/CURLOPT_CAINFO.3 index 5f1068240..e253eb529 100644 --- a/docs/libcurl/opts/CURLOPT_CAINFO.3 +++ b/docs/libcurl/opts/CURLOPT_CAINFO.3 @@ -46,22 +46,20 @@ libnssckbi.so, which contains a more comprehensive set of trust information than supported by nss-pem, because libnssckbi.so also includes information about distrusted certificates. -(iOS and macOS) If curl is built against Secure Transport, then this -option is supported for backward compatibility with other SSL engines, but it -should not be set. If the option is not set, then curl will use the -certificates in the system and user Keychain to verify the peer, which is the -preferred method of verifying the peer's certificate chain. +(iOS and macOS) When curl uses Secure Transport this option is supported. If +the option is not set, then curl will use the certificates in the system and +user Keychain to verify the peer. (Schannel) This option is supported for Schannel in Windows 7 or later but we recommend not using it until Windows 8 since it works better starting then. -Added in libcurl 7.60. This option is supported for backward compatibility -with other SSL engines; instead it is recommended to use Windows' store of -root certificates (the default for Schannel). +If the option is not set, then curl will use the certificates in the Windows' +store of root certificates (the default for Schannel). The application does not have to keep the string around after setting this option. .SH DEFAULT -Built-in system specific +Built-in system specific. When curl is built with Secure Transport or +Schannel, this option is not set by default. .SH PROTOCOLS All TLS based protocols: HTTPS, FTPS, IMAPS, POP3S, SMTPS etc. .SH EXAMPLE @@ -75,8 +73,8 @@ if(curl) { } .fi .SH AVAILABILITY -For SSL engines that don't support certificate files the CURLOPT_CAINFO option -is ignored. Refer to https://curl.haxx.se/docs/ssl-compared.html +For the SSL engines that don't support certificate files the CURLOPT_CAINFO +option is ignored. Schannel support added in libcurl 7.60. .SH RETURN VALUE Returns CURLE_OK if the option is supported, CURLE_UNKNOWN_OPTION if not, or CURLE_OUT_OF_MEMORY if there was insufficient heap space. -- cgit v1.2.3 From 4da5794d81521d7fe363479255a891bb56a19f60 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 12:40:25 +0200 Subject: wolfssl: fixup for SNI use follow-up from deb9462ff2de8 Closes #4007 --- lib/vtls/wolfssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index 30e3756bf..d8fd379ef 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -324,7 +324,7 @@ wolfssl_connect_step1(struct connectdata *conn, #ifdef ENABLE_IPV6 (0 == Curl_inet_pton(AF_INET6, hostname, &addr6)) && #endif - (wolfssl_CTX_UseSNI(BACKEND->ctx, WOLFSSL_SNI_HOST_NAME, hostname, + (wolfSSL_CTX_UseSNI(BACKEND->ctx, WOLFSSL_SNI_HOST_NAME, hostname, (unsigned short)hostname_len) != 1)) { infof(data, "WARNING: failed to configure server name indication (SNI) " "TLS extension\n"); -- cgit v1.2.3 From f0b7b106ff409f0128dc7bb0f435b37891f297fd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 11:47:17 +0200 Subject: CURLMOPT_SOCKETFUNCTION.3: clarified Moved away the callback explanation from curl_multi_socket_action.3 and expanded it somewhat. Closes #4006 --- docs/libcurl/curl_multi_socket_action.3 | 76 +++-------------------------- docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 | 26 +++++++--- 2 files changed, 26 insertions(+), 76 deletions(-) diff --git a/docs/libcurl/curl_multi_socket_action.3 b/docs/libcurl/curl_multi_socket_action.3 index 8d7731f84..27647f1bf 100644 --- a/docs/libcurl/curl_multi_socket_action.3 +++ b/docs/libcurl/curl_multi_socket_action.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -43,15 +43,14 @@ libcurl will test the descriptor internally. It is also permissible to pass CURL_SOCKET_TIMEOUT to the \fBsockfd\fP parameter in order to initiate the whole process or when a timeout occurs. -At return, \fBrunning_handles\fP points to the number -of running easy handles within the multi handle. When this number reaches -zero, all transfers are complete/done. When you call -\fIcurl_multi_socket_action(3)\fP on a specific socket and the counter -decreases by one, it DOES NOT necessarily mean that this exact socket/transfer -is the one that completed. Use \fIcurl_multi_info_read(3)\fP to figure out -which easy handle that completed. +At return, \fBrunning_handles\fP points to the number of running easy handles +within the multi handle. When this number reaches zero, all transfers are +complete/done. When you call \fIcurl_multi_socket_action(3)\fP on a specific +socket and the counter decreases by one, it DOES NOT necessarily mean that +this exact socket/transfer is the one that completed. Use +\fIcurl_multi_info_read(3)\fP to figure out which easy handle that completed. -The \fIcurl_multi_socket_action(3)\fP functions inform the application about +The \fIcurl_multi_socket_action(3)\fP function informs the application about updates in the socket (file descriptor) status by doing none, one, or multiple calls to the socket callback function set with the \fICURLMOPT_SOCKETFUNCTION(3)\fP option to \fIcurl_multi_setopt(3)\fP. They @@ -66,65 +65,6 @@ timeout action: call the \fIcurl_multi_socket_action(3)\fP function with the \fIcurl_multi_timeout(3)\fP function to poll the value at any given time, but for an event-based system using the callback is far better than relying on polling the timeout value. -.SH "CALLBACK DETAILS" - -The socket \fBcallback\fP function uses a prototype like this -.nf - - int curl_socket_callback(CURL *easy, /* easy handle */ - curl_socket_t s, /* socket */ - int action, /* see values below */ - void *userp, /* private callback pointer */ - void *socketp); /* private socket pointer, - \fBNULL\fP if not - previously assigned with - \fIcurl_multi_assign(3)\fP */ - -.fi -The callback MUST return 0. - -The \fIeasy\fP argument is a pointer to the easy handle that deals with this -particular socket. Note that a single handle may work with several sockets -simultaneously. - -The \fIs\fP argument is the actual socket value as you use it within your -system. - -The \fIaction\fP argument to the callback has one of five values: -.RS -.IP "CURL_POLL_NONE (0)" -register, not interested in readiness (yet) -.IP "CURL_POLL_IN (1)" -register, interested in read readiness -.IP "CURL_POLL_OUT (2)" -register, interested in write readiness -.IP "CURL_POLL_INOUT (3)" -register, interested in both read and write readiness -.IP "CURL_POLL_REMOVE (4)" -unregister -.RE - -The \fIsocketp\fP argument is a private pointer you have previously set with -\fIcurl_multi_assign(3)\fP to be associated with the \fIs\fP socket. If no -pointer has been set, socketp will be NULL. This argument is of course a -service to applications that want to keep certain data or structs that are -strictly associated to the given socket. - -The \fIuserp\fP argument is a private pointer you have previously set with -\fIcurl_multi_setopt(3)\fP and the \fICURLMOPT_SOCKETDATA(3)\fP option. -.SH "RETURN VALUE" -CURLMcode type, general libcurl multi interface error code. - -Before version 7.20.0: If you receive \fICURLM_CALL_MULTI_PERFORM\fP, this -basically means that you should call \fIcurl_multi_socket_action(3)\fP again -before you wait for more actions on libcurl's sockets. You don't have to do it -immediately, but the return code means that libcurl may have more data -available to return or that there may be more data to send off before it is -"satisfied". - -The return code from this function is for the whole multi stack. Problems -still might have occurred on individual transfers even when one of these -functions return OK. .SH "TYPICAL USAGE" 1. Create a multi handle diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 index e55ff5e0b..dc0ccd836 100644 --- a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 +++ b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -38,14 +38,24 @@ CURLMcode curl_multi_setopt(CURLM *handle, CURLMOPT_SOCKETFUNCTION, socket_callb Pass a pointer to your callback function, which should match the prototype shown above. -When the \fIcurl_multi_socket_action(3)\fP function runs, it informs the +When the \fIcurl_multi_socket_action(3)\fP function is called, it informs the application about updates in the socket (file descriptor) status by doing -none, one, or multiple calls to the \fBsocket_callback\fP. The callback gets -status updates with changes since the previous time the callback was called. -If the given callback pointer is NULL, no callback will be called. Set the -callback's \fBuserp\fP argument with \fICURLMOPT_SOCKETDATA(3)\fP. See -\fIcurl_multi_socket_action(3)\fP for more details on how the callback is used -and should work. +none, one, or multiple calls to the \fBsocket_callback\fP. The callback +function gets status updates with changes since the previous time the callback +was called. If the given callback pointer is set to NULL, no callback will be +called. +.SH "CALLBACK ARGUMENTS" +\fIeasy\fP identifies the specific transfer for which this update is related. + +\fIs\fP is the specific socket this function invocation concerns. If the +\fBwhat\fP argument is not CURL_POLL_REMOVE then it holds information about +what activity on this socket the application is supposed to +monitor. Subsequent calls to this callback might update the \fBwhat\fP bits +for a socket that is alredy monitored. + +\fBuserp\fP is set with \fICURLMOPT_SOCKETDATA(3)\fP. + +\fBsocketp\fP is set with \fIcurl_multi_assign(3)\fP or will be NULL. The \fBwhat\fP parameter informs the callback on the status of the given socket. It can hold one of these values: -- cgit v1.2.3 From 342a0c7ddff1017b8fbb0319bc51e56da445aedd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 07:45:12 +0200 Subject: wolfssl: fix key pinning build error follow-up from deb9462ff2de8 --- lib/vtls/wolfssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vtls/wolfssl.c b/lib/vtls/wolfssl.c index d8fd379ef..890bcbf79 100644 --- a/lib/vtls/wolfssl.c +++ b/lib/vtls/wolfssl.c @@ -522,7 +522,7 @@ wolfssl_connect_step2(struct connectdata *conn, return CURLE_SSL_PINNEDPUBKEYNOTMATCH; } - x509_der = (const char *)wolfssl_X509_get_der(x509, &x509_der_len); + x509_der = (const char *)wolfSSL_X509_get_der(x509, &x509_der_len); if(!x509_der) { failf(data, "SSL: failed retrieving ASN.1 server certificate"); return CURLE_SSL_PINNEDPUBKEYNOTMATCH; -- cgit v1.2.3 From 860ca310ad0c6436ba446905fab2531cb48e8506 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 23:10:19 +0200 Subject: configure: more --disable switches to toggle off individual features ... actual support in the code for disabling these has already landed. Closes #4009 --- configure.ac | 110 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 109 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 1a2e237d4..fb14e0337 100755 --- a/configure.ac +++ b/configure.ac @@ -4010,7 +4010,7 @@ fi dnl ************************************************************ dnl disable cookies support dnl -AC_MSG_CHECKING([whether to enable support for cookies]) +AC_MSG_CHECKING([whether to support cookies]) AC_ARG_ENABLE(cookies, AC_HELP_STRING([--enable-cookies],[Enable cookies support]) AC_HELP_STRING([--disable-cookies],[Disable cookies support]), @@ -4025,6 +4025,114 @@ AC_HELP_STRING([--disable-cookies],[Disable cookies support]), AC_MSG_RESULT(yes) ) +dnl ************************************************************ +dnl disable HTTP authentication support +dnl +AC_MSG_CHECKING([whether to support HTTP authentication]) +AC_ARG_ENABLE(http-auth, +AC_HELP_STRING([--enable-http-auth],[Enable HTTP authentication support]) +AC_HELP_STRING([--disable-http-uath],[Disable HTTP authentication support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_HTTP_AUTH, 1, [disable HTTP authentication]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable DoH support +dnl +AC_MSG_CHECKING([whether to support DoH]) +AC_ARG_ENABLE(doh, +AC_HELP_STRING([--enable-doh],[Enable DoH support]) +AC_HELP_STRING([--disable-doh],[Disable DoH support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_DOH, 1, [disable DoH]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable mime API support +dnl +AC_MSG_CHECKING([whether to support the MIME API]) +AC_ARG_ENABLE(mime, +AC_HELP_STRING([--enable-mime],[Enable mime API support]) +AC_HELP_STRING([--disable-mime],[Disable mime API support]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_MIME, 1, [disable mime API]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable date parsing +dnl +AC_MSG_CHECKING([whether to support date parsing]) +AC_ARG_ENABLE(dateparse, +AC_HELP_STRING([--enable-dateparse],[Enable date parsing]) +AC_HELP_STRING([--disable-dateparse],[Disable date parsing]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PARSEDATE, 1, [disable date parsing]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable netrc +dnl +AC_MSG_CHECKING([whether to support netrc parsing]) +AC_ARG_ENABLE(netrc, +AC_HELP_STRING([--enable-netrc],[Enable netrc parsing]) +AC_HELP_STRING([--disable-netrc],[Disable netrc parsing]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_NETRC, 1, [disable netrc parsing]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + +dnl ************************************************************ +dnl disable shuffle DNS support +dnl +AC_MSG_CHECKING([whether to support DNS shuffling]) +AC_ARG_ENABLE(dnsshuffle, +AC_HELP_STRING([--enable-dnsshuffle],[Enable DNS shuffling]) +AC_HELP_STRING([--disable-dnsshuffle],[Disable DNS shufflinf]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_SHUFFLE_DNS, 1, [disable DNS shuffling]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + dnl ************************************************************ dnl switch on/off alt-svc dnl -- cgit v1.2.3 From ee6945c088535609c1996ce2fe93230afa8cef22 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 07:49:24 +0200 Subject: http2: remove CURL_DISABLE_TYPECHECK define ... in http2-less builds as it served no use. --- lib/http2.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/http2.c b/lib/http2.c index a535d14bb..6724eeeb0 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -2415,8 +2415,6 @@ bool Curl_h2_http_1_1_error(struct connectdata *conn) #else /* !USE_NGHTTP2 */ /* Satisfy external references even if http2 is not compiled in. */ - -#define CURL_DISABLE_TYPECHECK #include char *curl_pushheader_bynum(struct curl_pushheaders *h, size_t num) -- cgit v1.2.3 From 81da0965cfc5ded6cc1b6f82c323c0cd155e1300 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 08:20:14 +0200 Subject: RELEASE-NOTES: synced --- RELEASE-NOTES | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 57e88cbc9..dd6a88d4d 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -8,15 +8,21 @@ curl and libcurl 7.65.2 This release includes the following bugfixes: + o CURLMOPT_SOCKETFUNCTION.3: clarified [8] + o CURLOPT_CAINFO.3: polished wording [9] o bindlocal: detect and avoid IP version mismatches in bind() [1] o build: fix Codacy warnings [6] + o configure: more --disable switches to toggle off individual features [7] o examples/fopen: fix comparison [6] o examples/htmltitle: use C++ casts between pointer types [6] + o http2: remove CURL_DISABLE_TYPECHECK define o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] o multi: make sure 'data' can present in several sockhash entries [2] o sws: remove unused variables [6] + o tool_cb_prg: Fix integer overflow in progress bar [10] o travis: update scan-build job to xenial [5] o unpause: trigger a timeout for event-based transfers [4] + o wolfssl: refer to it as wolfSSL only [11] This release includes the following known bugs: @@ -25,9 +31,10 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alex Grebenschikov, Daniel Stenberg, Marcel Raad, MrSorcus on github, - sstruchtrup on github, Tom van der Woerdt, - (6 contributors) + Alex Grebenschikov, Brian Carpenter, Daniel Gustafsson, Daniel Stenberg, + Marcel Raad, MrSorcus on github, Richard Alcock, sstruchtrup on github, + Tom van der Woerdt, + (9 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -39,3 +46,8 @@ References to bug reports and discussions on issues: [4] = https://curl.haxx.se/bug/?id=3994 [5] = https://curl.haxx.se/bug/?id=3999 [6] = https://curl.haxx.se/bug/?id=3975 + [7] = https://curl.haxx.se/bug/?id=4009 + [8] = https://curl.haxx.se/bug/?id=4006 + [9] = https://curl.haxx.se/mail/lib-2019-06/0019.html + [10] = https://curl.haxx.se/bug/?id=3984 + [11] = https://curl.haxx.se/bug/?id=3903 -- cgit v1.2.3 From 36738caeb78603ce24e3ea089a167b8c216fb938 Mon Sep 17 00:00:00 2001 From: sergey-raevskiy Date: Fri, 12 Apr 2019 16:28:37 +0300 Subject: cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified Reviewed-by: Jakub Zakrzewski Closes #3770 --- CMakeLists.txt | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CMakeLists.txt b/CMakeLists.txt index 388f790db..5fa5bf0ff 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -160,6 +160,8 @@ option(CURL_DISABLE_SMTP "to disable SMTP" OFF) mark_as_advanced(CURL_DISABLE_SMTP) option(CURL_DISABLE_GOPHER "to disable Gopher" OFF) mark_as_advanced(CURL_DISABLE_GOPHER) +option(CURL_DISABLE_SMB "disables SMB" OFF) +mark_as_advanced(CURL_DISABLE_SMB) if(HTTP_ONLY) set(CURL_DISABLE_FTP ON) @@ -174,6 +176,7 @@ if(HTTP_ONLY) set(CURL_DISABLE_IMAP ON) set(CURL_DISABLE_SMTP ON) set(CURL_DISABLE_GOPHER ON) + set(CURL_DISABLE_SMB ON) endif() option(CURL_DISABLE_COOKIES "to disable cookies support" OFF) @@ -1240,6 +1243,7 @@ _add_if("SCP" USE_LIBSSH2) _add_if("SFTP" USE_LIBSSH2) _add_if("RTSP" NOT CURL_DISABLE_RTSP) _add_if("RTMP" USE_LIBRTMP) +_add_if("SMB" NOT CURL_DISABLE_SMB) if(_items) list(SORT _items) endif() -- cgit v1.2.3 From 48016832dc179a6cfd819bb7925f4723904eaaaa Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 15:19:47 +0200 Subject: Revert "cmake: add SMB to list of disabled protocols if HTTP_ONLY is specified" This reverts commit 36738caeb78603ce24e3ea089a167b8c216fb938. Apparently several of the appveyor windows builds broke. --- CMakeLists.txt | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 5fa5bf0ff..388f790db 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -160,8 +160,6 @@ option(CURL_DISABLE_SMTP "to disable SMTP" OFF) mark_as_advanced(CURL_DISABLE_SMTP) option(CURL_DISABLE_GOPHER "to disable Gopher" OFF) mark_as_advanced(CURL_DISABLE_GOPHER) -option(CURL_DISABLE_SMB "disables SMB" OFF) -mark_as_advanced(CURL_DISABLE_SMB) if(HTTP_ONLY) set(CURL_DISABLE_FTP ON) @@ -176,7 +174,6 @@ if(HTTP_ONLY) set(CURL_DISABLE_IMAP ON) set(CURL_DISABLE_SMTP ON) set(CURL_DISABLE_GOPHER ON) - set(CURL_DISABLE_SMB ON) endif() option(CURL_DISABLE_COOKIES "to disable cookies support" OFF) @@ -1243,7 +1240,6 @@ _add_if("SCP" USE_LIBSSH2) _add_if("SFTP" USE_LIBSSH2) _add_if("RTSP" NOT CURL_DISABLE_RTSP) _add_if("RTMP" USE_LIBRTMP) -_add_if("SMB" NOT CURL_DISABLE_SMB) if(_items) list(SORT _items) endif() -- cgit v1.2.3 From 002cdc929da802ae048cfe661a94bd83bf0734df Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 15:33:29 +0200 Subject: configure: remove CURL_DISABLE_TLS_SRP It isn't used by code so stop providing the define. Closes #4010 --- configure.ac | 1 - 1 file changed, 1 deletion(-) diff --git a/configure.ac b/configure.ac index fb14e0337..9b69e1bb4 100755 --- a/configure.ac +++ b/configure.ac @@ -3957,7 +3957,6 @@ AC_HELP_STRING([--disable-tls-srp],[Disable TLS-SRP authentication]), [ case "$enableval" in no) AC_MSG_RESULT(no) - AC_DEFINE(CURL_DISABLE_TLS_SRP, 1, [to disable TLS-SRP authentication]) want_tls_srp=no ;; *) AC_MSG_RESULT(yes) -- cgit v1.2.3 From 29177f422a55310976378440ffb00ee7d19ce6e9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 15:33:29 +0200 Subject: test1165: verify that CURL_DISABLE_ symbols are in sync between configure.ac and source code. They should be possible to switch on/off in configure AND be used in source code. --- tests/data/Makefile.inc | 3 +- tests/data/test1165 | 25 +++++++++++++ tests/disable-scan.pl | 97 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 123 insertions(+), 2 deletions(-) create mode 100644 tests/data/test1165 create mode 100755 tests/disable-scan.pl diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 0c5217365..d1556dadc 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -128,8 +128,7 @@ test1128 test1129 test1130 test1131 test1132 test1133 test1134 test1135 \ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ -\ -test1160 test1161 test1162 test1163 test1164 \ +test1160 test1161 test1162 test1163 test1164 test1165 \ test1170 test1171 test1172 \ \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ diff --git a/tests/data/test1165 b/tests/data/test1165 new file mode 100644 index 000000000..24c1c3eb1 --- /dev/null +++ b/tests/data/test1165 @@ -0,0 +1,25 @@ + + + +source analysis +CURL_DISABLE + + + +# +# Client-side + + +none + + + +Verify configure.ac and source code CURL_DISABLE_-sync + + + +%SRCDIR/disable-scan.pl %SRCDIR/.. + + + + diff --git a/tests/disable-scan.pl b/tests/disable-scan.pl new file mode 100755 index 000000000..e57fdc697 --- /dev/null +++ b/tests/disable-scan.pl @@ -0,0 +1,97 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 2010-2019, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### +# + +use strict; +use warnings; + +# the DISABLE options that can be set by configure +my %disable; +# the DISABLE options that are used in C files +my %file; + +# we may get the dir root pointed out +my $root=$ARGV[0] || "."; + +sub scan_configure { + open S, "<$root/configure.ac"; + while() { + if(/(CURL_DISABLE_[A-Z_]+)/g) { + my ($sym)=($1); + $disable{$sym} = 1; + } + } + close S; +} + +sub scan_file { + my ($source)=@_; + open F, "<$source"; + while() { + if(/(CURL_DISABLE_[A-Z_]+)/g) { + my ($sym)=($1); + $file{$sym} = $source; + } + } + close F; +} + +sub scan_dir { + my ($dir)=@_; + opendir(my $dh, $dir) || die "Can't opendir $dir: $!"; + my @cfiles = grep { /\.c\z/ && -f "$dir/$_" } readdir($dh); + closedir $dh; + for my $f (sort @cfiles) { + scan_file("$dir/$f"); + } +} + +sub scan_sources { + scan_dir("$root/src"); + scan_dir("$root/lib"); + scan_dir("$root/lib/vtls"); + scan_dir("$root/lib/vauth"); +} + +scan_configure(); +scan_sources(); + + +my $error = 0; +# Check the configure symbols for use in code +for my $s (sort keys %disable) { + if(!$file{$s}) { + printf "Present in configure.ac, not used by code: %s\n", $s; + $error++; + } +} + +# Check the code symbols for use in configure +for my $s (sort keys %file) { + if(!$disable{$s}) { + printf "Not set by configure: %s (%s)\n", $s, $file{$s}; + $error++; + } +} + +exit $error; -- cgit v1.2.3 From f67009dd980d370f0518a923ba17947fe452451d Mon Sep 17 00:00:00 2001 From: Cliff Crosland Date: Tue, 11 Jun 2019 14:17:30 -0700 Subject: url: Fix CURLOPT_MAXAGE_CONN time comparison Old connections are meant to expire from the connection cache after CURLOPT_MAXAGE_CONN seconds. However, they actually expire after 1000x that value. This occurs because a time value measured in milliseconds is accidentally divided by 1M instead of by 1,000. Closes https://github.com/curl/curl/pull/4013 --- lib/url.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/url.c b/lib/url.c index c37ce0494..bf1c7c9ea 100644 --- a/lib/url.c +++ b/lib/url.c @@ -975,7 +975,7 @@ static bool conn_maxage(struct Curl_easy *data, timediff_t idletime = Curl_timediff(now, conn->lastused); idletime /= 1000; /* integer seconds is fine */ - if(idletime/1000 > data->set.maxage_conn) { + if(idletime > data->set.maxage_conn) { infof(data, "Too old connection (%ld seconds), disconnect it\n", idletime); return TRUE; -- cgit v1.2.3 From 8b987cc7eb8bd58eaf7c184e0db7103a236704bd Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 11 Jun 2019 23:50:26 +0200 Subject: multi: fix the transfer hashes in the socket hash entries - The transfer hashes weren't using the correct keys so removing entries failed. - Simplified the iteration logic over transfers sharing the same socket and they now simply are set to expire and thus get handled in the "regular" timer loop instead. Reported-by: Tom van der Woerdt Fixes #4012 Closes #4014 --- lib/hash.h | 4 ++-- lib/multi.c | 79 ++++++++++++++++--------------------------------------------- 2 files changed, 22 insertions(+), 61 deletions(-) diff --git a/lib/hash.h b/lib/hash.h index 90a25d1ca..558d0f47c 100644 --- a/lib/hash.h +++ b/lib/hash.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -80,7 +80,7 @@ int Curl_hash_delete(struct curl_hash *h, void *key, size_t key_len); void *Curl_hash_pick(struct curl_hash *, void *key, size_t key_len); void Curl_hash_apply(struct curl_hash *h, void *user, void (*cb)(void *user, void *ptr)); -int Curl_hash_count(struct curl_hash *h); +#define Curl_hash_count(h) ((h)->size) void Curl_hash_destroy(struct curl_hash *h); void Curl_hash_clean(struct curl_hash *h); void Curl_hash_clean_with_criterium(struct curl_hash *h, void *user, diff --git a/lib/multi.c b/lib/multi.c index 33f0d9fd1..34a74b8fb 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -194,9 +194,6 @@ struct Curl_sh_entry { unsigned int users; /* number of transfers using this */ unsigned int readers; /* this many transfers want to read */ unsigned int writers; /* this many transfers want to write */ - unsigned int blocked:1; /* if TRUE, blocked from being removed */ - unsigned int removed:1; /* if TRUE, this entry is "removed" but prevented - from it by "blocked" being set! */ }; /* bits for 'action' having no bits means this socket is not expecting any action */ @@ -205,16 +202,11 @@ struct Curl_sh_entry { /* look up a given socket in the socket hash, skip invalid sockets */ static struct Curl_sh_entry *sh_getentry(struct curl_hash *sh, - curl_socket_t s, - bool also_hidden) + curl_socket_t s) { if(s != CURL_SOCKET_BAD) { /* only look for proper sockets */ - struct Curl_sh_entry *entry = - Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t)); - if(entry && entry->removed && !also_hidden) - return NULL; - return entry; + return Curl_hash_pick(sh, (char *)&s, sizeof(curl_socket_t)); } return NULL; } @@ -233,7 +225,7 @@ static size_t trhash_compare(void *k1, size_t k1_len, void *k2, size_t k2_len) (void)k1_len; (void)k2_len; - return k1 == k2; + return *(struct Curl_easy **)k1 == *(struct Curl_easy **)k2; } static void trhash_dtor(void *nada) @@ -246,13 +238,11 @@ static void trhash_dtor(void *nada) static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, curl_socket_t s) { - struct Curl_sh_entry *there = sh_getentry(sh, s, TRUE); + struct Curl_sh_entry *there = sh_getentry(sh, s); struct Curl_sh_entry *check; if(there) { /* it is present, return fine */ - if(there->removed) - there->removed = FALSE; /* clear the removed bit */ return there; } @@ -281,17 +271,11 @@ static struct Curl_sh_entry *sh_addentry(struct curl_hash *sh, static void sh_delentry(struct Curl_sh_entry *entry, struct curl_hash *sh, curl_socket_t s) { - if(entry->blocked) { - entry->removed = TRUE; /* pretend */ - return; - } - else { - Curl_hash_destroy(&entry->transfers); + Curl_hash_destroy(&entry->transfers); - /* We remove the hash entry. This will end up in a call to - sh_freeentry(). */ - Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t)); - } + /* We remove the hash entry. This will end up in a call to + sh_freeentry(). */ + Curl_hash_delete(sh, (char *)&s, sizeof(curl_socket_t)); } /* @@ -2266,7 +2250,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, s = socks[i]; /* get it from the hash */ - entry = sh_getentry(&multi->sockhash, s, FALSE); + entry = sh_getentry(&multi->sockhash, s); if(curraction & GETSOCK_READSOCK(i)) action |= CURL_POLL_IN; @@ -2312,7 +2296,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, entry->writers++; /* add 'data' to the transfer hash on this socket! */ - if(!Curl_hash_add(&entry->transfers, (char *)data, /* hash key */ + if(!Curl_hash_add(&entry->transfers, (char *)&data, /* hash key */ sizeof(struct Curl_easy *), data)) return CURLM_OUT_OF_MEMORY; } @@ -2350,7 +2334,7 @@ static CURLMcode singlesocket(struct Curl_multi *multi, if(stillused) continue; - entry = sh_getentry(&multi->sockhash, s, FALSE); + entry = sh_getentry(&multi->sockhash, s); /* if this is NULL here, the socket has been closed and notified so already by Curl_multi_closed() */ if(entry) { @@ -2370,8 +2354,10 @@ static CURLMcode singlesocket(struct Curl_multi *multi, } else { /* still users, but remove this handle as a user of this socket */ - Curl_hash_delete(&entry->transfers, (char *)data, - sizeof(struct Curl_easy *)); + if(Curl_hash_delete(&entry->transfers, (char *)&data, + sizeof(struct Curl_easy *))) { + DEBUGASSERT(NULL); + } } } } /* for loop over numsocks */ @@ -2406,7 +2392,7 @@ void Curl_multi_closed(struct Curl_easy *data, curl_socket_t s) if(multi) { /* this is set if this connection is part of a handle that is added to a multi handle, and only then this is necessary */ - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s, FALSE); + struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); if(entry) { if(multi->socket_cb) @@ -2506,7 +2492,7 @@ static CURLMcode multi_socket(struct Curl_multi *multi, return result; } if(s != CURL_SOCKET_TIMEOUT) { - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s, FALSE); + struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); if(!entry) /* Unmatched socket, we can't act on it but we ignore this fact. In @@ -2518,19 +2504,12 @@ static CURLMcode multi_socket(struct Curl_multi *multi, else { struct curl_hash_iterator iter; struct curl_hash_element *he; - SIGPIPE_VARIABLE(pipe_st); - - /* block this sockhash entry from being removed in a sub function called - from here */ - entry->blocked = TRUE; - DEBUGASSERT(!entry->removed); /* the socket can be shared by many transfers, iterate */ Curl_hash_start_iterate(&entry->transfers, &iter); for(he = Curl_hash_next_element(&iter); he; he = Curl_hash_next_element(&iter)) { data = (struct Curl_easy *)he->ptr; - DEBUGASSERT(data); DEBUGASSERT(data->magic == CURLEASY_MAGIC_NUMBER); @@ -2538,25 +2517,7 @@ static CURLMcode multi_socket(struct Curl_multi *multi, /* set socket event bitmask if they're not locked */ data->conn->cselect_bits = ev_bitmask; - sigpipe_ignore(data, &pipe_st); - result = multi_runsingle(multi, now, data); - sigpipe_restore(&pipe_st); - - if(data->conn && !(data->conn->handler->flags & PROTOPT_DIRLOCK)) - /* clear the bitmask only if not locked */ - data->conn->cselect_bits = 0; - - if(CURLM_OK >= result) { - /* get the socket(s) and check if the state has been changed since - last */ - result = singlesocket(multi, data); - if(result) - return result; - } - } - if(entry->removed) { - entry->blocked = FALSE; /* unblock */ - sh_delentry(entry, &multi->sockhash, s); /* delete for real */ + Curl_expire(data, 0, EXPIRE_RUN_NOW); } /* Now we fall-through and do the timer-based stuff, since we don't want @@ -3005,7 +2966,7 @@ CURLMcode curl_multi_assign(struct Curl_multi *multi, curl_socket_t s, if(multi->in_callback) return CURLM_RECURSIVE_API_CALL; - there = sh_getentry(&multi->sockhash, s, FALSE); + there = sh_getentry(&multi->sockhash, s); if(!there) return CURLM_BAD_SOCKET; @@ -3094,7 +3055,7 @@ void Curl_multi_dump(struct Curl_multi *multi) statename[data->mstate], data->numsocks); for(i = 0; i < data->numsocks; i++) { curl_socket_t s = data->sockets[i]; - struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s, FALSE); + struct Curl_sh_entry *entry = sh_getentry(&multi->sockhash, s); fprintf(stderr, "%d ", (int)s); if(!entry) { -- cgit v1.2.3 From 9dd731c94e29e5422c5bd2811219a0987d4aeb91 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 12 Jun 2019 22:36:47 +0200 Subject: quote.d: asterisk prefix works for SFTP as well Reported-by: Ben Voris Fixes #4017 Closes #4019 --- docs/cmdline-opts/quote.d | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/cmdline-opts/quote.d b/docs/cmdline-opts/quote.d index cdd3ca6bd..59a98eafb 100644 --- a/docs/cmdline-opts/quote.d +++ b/docs/cmdline-opts/quote.d @@ -16,9 +16,10 @@ If the server returns failure for one of the commands, the entire operation will be aborted. You must send syntactically correct FTP commands as RFC 959 defines to FTP servers, or one of the commands listed below to SFTP servers. -This option can be used multiple times. When speaking to an FTP server, prefix -the command with an asterisk (*) to make curl continue even if the command -fails as by default curl will stop at first failure. +Prefix the command with an asterisk (*) to make curl continue even if the +command fails as by default curl will stop at first failure. + +This option can be used multiple times. SFTP is a binary protocol. Unlike for FTP, curl interprets SFTP quote commands itself before sending them to the server. File names may be quoted -- cgit v1.2.3 From 74f911d4635a2f120e9afee2810fa62a41f18bce Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Wed, 12 Jun 2019 23:07:07 +0200 Subject: krb5: fix compiler warning Even though the variable was used in a DEBUGASSERT, GCC 8 warned in debug mode: krb5.c:324:17: error: unused variable 'maj' [-Werror=unused-variable] Just suppress the warning and declare the variable unconditionally instead of only for DEBUGBUILD (which also missed the check for HAVE_ASSERT_H). Closes https://github.com/curl/curl/pull/4020 --- lib/krb5.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/lib/krb5.c b/lib/krb5.c index e51dcd1c6..3c340eaf9 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -320,10 +320,8 @@ static void krb5_end(void *app_data) OM_uint32 min; gss_ctx_id_t *context = app_data; if(*context != GSS_C_NO_CONTEXT) { -#ifdef DEBUGBUILD - OM_uint32 maj = -#endif - gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER); + OM_uint32 maj = gss_delete_sec_context(&min, context, GSS_C_NO_BUFFER); + (void)maj; DEBUGASSERT(maj == GSS_S_COMPLETE); } } -- cgit v1.2.3 From ff3876046e6ab71c48014c2a421a51d2168a4c94 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 13 Jun 2019 11:09:32 +0200 Subject: unit1654: cleanup on memory failure ... to make it handle torture tests properly. Reported-by: Marcel Raad Fixes #4021 Closes #4022 --- tests/unit/unit1654.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/unit/unit1654.c b/tests/unit/unit1654.c index 7532c6d61..9d1a3e211 100644 --- a/tests/unit/unit1654.c +++ b/tests/unit/unit1654.c @@ -53,8 +53,10 @@ UNITTEST_START if(!asi) return 1; result = Curl_altsvc_load(asi, arg); - if(result) + if(result) { + Curl_altsvc_cleanup(asi); return result; + } curl = curl_easy_init(); if(!curl) goto fail; -- cgit v1.2.3 From 6cc18c59a77bccdd04f65a9abcc9a2b2f88d368d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 13 Jun 2019 17:07:59 +0200 Subject: multi: fix the transfer hash function Follow-up from 8b987cc7eb Reported-by: Tom van der Woerdt Fixes #4018 Closes #4024 --- lib/multi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/multi.c b/lib/multi.c index 34a74b8fb..abd8ae563 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -214,7 +214,7 @@ static struct Curl_sh_entry *sh_getentry(struct curl_hash *sh, #define TRHASH_SIZE 13 static size_t trhash(void *key, size_t key_length, size_t slots_num) { - size_t keyval = (size_t)key; /* this is a data pointer */ + size_t keyval = (size_t)*(struct Curl_easy **)key; (void) key_length; return (keyval % slots_num); -- cgit v1.2.3 From c97e8493a629d7d2087197a7be8dd0dbc22f90ec Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 14 Jun 2019 11:06:03 +0200 Subject: runtests: report single test time + total duration ... after each successful test. Closes #4027 --- tests/runtests.pl | 43 +++++++++++++++++++++++-------------------- 1 file changed, 23 insertions(+), 20 deletions(-) diff --git a/tests/runtests.pl b/tests/runtests.pl index a6e1adde3..59788404e 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -2544,7 +2544,7 @@ sub compare { if($result) { # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); if(!$short) { logmsg "\n $testnum: $subject FAILED:\n"; @@ -3130,7 +3130,7 @@ sub singletest { $testnumcheck = $testnum; # timestamp test preparation start - $timeprepini{$testnum} = Time::HiRes::time() if($timestats); + $timeprepini{$testnum} = Time::HiRes::time(); if($disttests !~ /test$testnum\W/ ) { logmsg "Warning: test$testnum not present in tests/data/Makefile.inc\n"; @@ -3526,14 +3526,14 @@ sub singletest { unlink($FTPDCMD) if(-f $FTPDCMD); # timestamp required servers verification start - $timesrvrini{$testnum} = Time::HiRes::time() if($timestats); + $timesrvrini{$testnum} = Time::HiRes::time(); if(!$why) { $why = serverfortest($testnum); } # timestamp required servers verification end - $timesrvrend{$testnum} = Time::HiRes::time() if($timestats); + $timesrvrend{$testnum} = Time::HiRes::time(); my @setenv = getpart("client", "setenv"); if(@setenv) { @@ -3900,7 +3900,7 @@ sub singletest { } # timestamp starting of test command - $timetoolini{$testnum} = Time::HiRes::time() if($timestats); + $timetoolini{$testnum} = Time::HiRes::time(); # run the command line we built if ($torture) { @@ -3928,7 +3928,7 @@ sub singletest { } # timestamp finishing of test command - $timetoolend{$testnum} = Time::HiRes::time() if($timestats); + $timetoolend{$testnum} = Time::HiRes::time(); if(!$dumped_core) { if(-r "core") { @@ -3978,7 +3978,7 @@ sub singletest { sleep($postcommanddelay) if($postcommanddelay); # timestamp removal of server logs advisor read lock - $timesrvrlog{$testnum} = Time::HiRes::time() if($timestats); + $timesrvrlog{$testnum} = Time::HiRes::time(); # test definition might instruct to stop some servers # stop also all servers relative to the given one @@ -4063,7 +4063,7 @@ sub singletest { if($rc != 0 && !$torture) { logmsg " postcheck FAILED\n"; # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return 1; } } @@ -4087,7 +4087,7 @@ sub singletest { cleardir($LOGDIR); } # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return $cmdres; } @@ -4344,7 +4344,7 @@ sub singletest { "has no name attribute\n"; stopservers($verbose); # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return -1; } my @generated=loadarray($filename); @@ -4408,7 +4408,7 @@ sub singletest { } logmsg " exit FAILED\n"; # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return 1; } @@ -4431,7 +4431,7 @@ sub singletest { logmsg "\n** MEMORY FAILURE\n"; logmsg @memdata; # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return 1; } else { @@ -4448,7 +4448,7 @@ sub singletest { unless(opendir(DIR, "$LOGDIR")) { logmsg "ERROR: unable to read $LOGDIR\n"; # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return 1; } my @files = readdir(DIR); @@ -4463,7 +4463,7 @@ sub singletest { if(!$vgfile) { logmsg "ERROR: valgrind log file missing for test $testnum\n"; # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return 1; } my @e = valgrindparse("$LOGDIR/$vgfile"); @@ -4476,7 +4476,7 @@ sub singletest { logmsg @e; } # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); + $timevrfyend{$testnum} = Time::HiRes::time(); return 1; } $ok .= "v"; @@ -4496,15 +4496,21 @@ sub singletest { logmsg "$ok " if(!$short); + # timestamp test result verification end + $timevrfyend{$testnum} = Time::HiRes::time(); + my $sofar= time()-$start; my $esttotal = $sofar/$count * $total; my $estleft = $esttotal - $sofar; my $left=sprintf("remaining: %02d:%02d", $estleft/60, $estleft%60); - + my $took = $timevrfyend{$testnum} - $timeprepini{$testnum}; + my $duration = sprintf("duration: %02d:%02d", + $sofar/60, $sofar%60); if(!$automakestyle) { - logmsg sprintf("OK (%-3d out of %-3d, %s)\n", $count, $total, $left); + logmsg sprintf("OK (%-3d out of %-3d, %s, took %.1fs, %s)\n", + $count, $total, $left, $took, $duration); } else { logmsg "PASS: $testnum - $testname\n"; @@ -4515,9 +4521,6 @@ sub singletest { cleardir($LOGDIR); } - # timestamp test result verification end - $timevrfyend{$testnum} = Time::HiRes::time() if($timestats); - return 0; } -- cgit v1.2.3 From ef8d98bbbab0ca083aa179bd595aab39019ec8de Mon Sep 17 00:00:00 2001 From: Patrick Monnerat Date: Sun, 16 Jun 2019 01:05:53 +0200 Subject: os400: make vsetopt() non-static as Curl_vsetopt() for os400 support. Use it in curl_easy_setopt_ccsid(). Reported-by: jonrumsey on github Fixes #3833 Closes #4028 --- lib/setopt.c | 9 ++++++--- lib/setopt.h | 5 ++--- packages/OS400/ccsidcurl.c | 5 +---- 3 files changed, 9 insertions(+), 10 deletions(-) diff --git a/lib/setopt.c b/lib/setopt.c index 92cd5b271..bdfe86ac7 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -119,8 +119,11 @@ static CURLcode setstropt_userpwd(char *option, char **userp, char **passwdp) #define C_SSLVERSION_VALUE(x) (x & 0xffff) #define C_SSLVERSION_MAX_VALUE(x) (x & 0xffff0000) -static CURLcode vsetopt(struct Curl_easy *data, CURLoption option, - va_list param) +/* + * Do not make Curl_vsetopt() static: it is called from + * packages/OS400/ccsidcurl.c. + */ +CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) { char *argptr; CURLcode result = CURLE_OK; @@ -2770,7 +2773,7 @@ CURLcode curl_easy_setopt(struct Curl_easy *data, CURLoption tag, ...) va_start(arg, tag); - result = vsetopt(data, tag, arg); + result = Curl_vsetopt(data, tag, arg); va_end(arg); return result; diff --git a/lib/setopt.h b/lib/setopt.h index c658e04ae..5e347dd66 100644 --- a/lib/setopt.h +++ b/lib/setopt.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -23,7 +23,6 @@ ***************************************************************************/ CURLcode Curl_setstropt(char **charp, const char *s); -CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, - va_list arg); +CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list arg); #endif /* HEADER_CURL_SETOPT_H */ diff --git a/packages/OS400/ccsidcurl.c b/packages/OS400/ccsidcurl.c index 39a1f99b5..4b462a273 100644 --- a/packages/OS400/ccsidcurl.c +++ b/packages/OS400/ccsidcurl.c @@ -1314,12 +1314,9 @@ curl_easy_setopt_ccsid(CURL *curl, CURLoption tag, ...) case CURLOPT_ERRORBUFFER: /* This is an output buffer. */ default: - { - long val = va_arg(arg, long); - result = curl_easy_setopt(curl, tag, val); + result = Curl_vsetopt(curl, tag, arg); break; } - } va_end(arg); return result; -- cgit v1.2.3 From 4b1e7dd4ee70e898d00c74e2d4c6b0a60ded6dc3 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 16 Jun 2019 22:48:26 +0200 Subject: RELEASE-NOTES: synced --- RELEASE-NOTES | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index dd6a88d4d..1d6b4498e 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -13,15 +13,24 @@ This release includes the following bugfixes: o bindlocal: detect and avoid IP version mismatches in bind() [1] o build: fix Codacy warnings [6] o configure: more --disable switches to toggle off individual features [7] + o configure: remove CURL_DISABLE_TLS_SRP [19] o examples/fopen: fix comparison [6] o examples/htmltitle: use C++ casts between pointer types [6] o http2: remove CURL_DISABLE_TYPECHECK define + o krb5: fix compiler warning [15] o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] + o multi: fix the transfer hashes in the socket hash entries [17] o multi: make sure 'data' can present in several sockhash entries [2] + o os400: make vsetopt() non-static as Curl_vsetopt() for os400 support [12] + o quote.d: asterisk prefix works for SFTP as well [16] + o runtests: report single test time + total duration [13] o sws: remove unused variables [6] + o test1165: verify that CURL_DISABLE_ symbols are in sync o tool_cb_prg: Fix integer overflow in progress bar [10] o travis: update scan-build job to xenial [5] + o unit1654: cleanup on memory failure [14] o unpause: trigger a timeout for event-based transfers [4] + o url: Fix CURLOPT_MAXAGE_CONN time comparison [18] o wolfssl: refer to it as wolfSSL only [11] This release includes the following known bugs: @@ -31,10 +40,11 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alex Grebenschikov, Brian Carpenter, Daniel Gustafsson, Daniel Stenberg, - Marcel Raad, MrSorcus on github, Richard Alcock, sstruchtrup on github, - Tom van der Woerdt, - (9 contributors) + Alex Grebenschikov, Ben Voris, Brian Carpenter, Cliff Crosland, + Daniel Gustafsson, Daniel Stenberg, Jakub Zakrzewski, jonrumsey on github, + Marcel Raad, MrSorcus on github, Patrick Monnerat, Richard Alcock, + sstruchtrup on github, Tom van der Woerdt, + (14 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -51,3 +61,11 @@ References to bug reports and discussions on issues: [9] = https://curl.haxx.se/mail/lib-2019-06/0019.html [10] = https://curl.haxx.se/bug/?id=3984 [11] = https://curl.haxx.se/bug/?id=3903 + [12] = https://curl.haxx.se/bug/?id=3833 + [13] = https://curl.haxx.se/bug/?id=4027 + [14] = https://curl.haxx.se/bug/?id=4021 + [15] = https://curl.haxx.se/bug/?id=4020 + [16] = https://curl.haxx.se/bug/?id=4017 + [17] = https://curl.haxx.se/bug/?id=4012 + [18] = https://curl.haxx.se/bug/?id=4013 + [19] = https://curl.haxx.se/bug/?id=4010 -- cgit v1.2.3 From 03a22a26c6f9bb5fe122f7b61b508486c2a03f32 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 17 Jun 2019 13:11:02 +0200 Subject: openssl: remove outdated comment OpenSSL used to call exit(1) on syntax errors in OPENSSL_config(), which is why we switched to CONF_modules_load_file() and introduced a comment stating why. This behavior was however changed in OpenSSL commit abdd677125f3a9e3082f8c5692203590fdb9b860, so remove the now outdated and incorrect comment. The mentioned commit also declares OPENSSL_config() deprecated so keep the current coding. Closes #4033 Reviewed-by: Daniel Stenberg --- lib/vtls/openssl.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 85e9be616..1a7a18563 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1022,14 +1022,8 @@ static int Curl_ossl_init(void) ENGINE_load_builtin_engines(); #endif - /* OPENSSL_config(NULL); is "strongly recommended" to use but unfortunately - that function makes an exit() call on wrongly formatted config files - which makes it hard to use in some situations. OPENSSL_config() itself - calls CONF_modules_load_file() and we use that instead and we ignore - its return code! */ - - /* CONF_MFLAGS_DEFAULT_SECTION introduced some time between 0.9.8b and - 0.9.8e */ +/* CONF_MFLAGS_DEFAULT_SECTION was introduced some time between 0.9.8b and + 0.9.8e */ #ifndef CONF_MFLAGS_DEFAULT_SECTION #define CONF_MFLAGS_DEFAULT_SECTION 0x0 #endif -- cgit v1.2.3 From 672ff597e500e38cda87aee60de655acbbc22ed7 Mon Sep 17 00:00:00 2001 From: Thomas Gamper Date: Sun, 16 Jun 2019 15:38:13 +0200 Subject: winbuild: use WITH_PREFIX if given Closes #4031 --- winbuild/BUILD.WINDOWS.txt | 1 + winbuild/Makefile.vc | 6 +++++- winbuild/MakefileBuild.vc | 9 +++++++-- 3 files changed, 13 insertions(+), 3 deletions(-) diff --git a/winbuild/BUILD.WINDOWS.txt b/winbuild/BUILD.WINDOWS.txt index c75b15c4e..1ede14f01 100644 --- a/winbuild/BUILD.WINDOWS.txt +++ b/winbuild/BUILD.WINDOWS.txt @@ -86,6 +86,7 @@ where is one or many of: WITH_CARES= - Enable c-ares support, DLL or static WITH_ZLIB= - Enable zlib support, DLL or static WITH_SSH2= - Enable libSSH2 support, DLL or static + WITH_PREFIX= - Where to install the build ENABLE_SSPI= - Enable SSPI support, defaults to yes ENABLE_IPV6= - Enable IPv6, defaults to yes ENABLE_IDN= - Enable use of Windows IDN APIs, defaults to yes diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc index 26ab90693..f5c0c7b00 100644 --- a/winbuild/Makefile.vc +++ b/winbuild/Makefile.vc @@ -39,9 +39,13 @@ CFGSET=true !MESSAGE where is one or many of: !MESSAGE VC=<6,7,8,9,10,11,12,14,15> - VC versions !MESSAGE WITH_DEVEL= - Paths for the development files (SSL, zlib, etc.) -!MESSAGE Defaults to sibbling directory deps: ../deps +!MESSAGE Defaults to curl's sibling directory deps: ../deps !MESSAGE Libraries can be fetched at https://windows.php.net/downloads/php-sdk/deps/ !MESSAGE Uncompress them into the deps folder. +!MESSAGE WITH_PREFIX= - Installation directory path +!MESSAGE Defaults to a configuration dependent (SSL, zlib, etc.) +!MESSAGE directory inside curl's subdirectory builds: ./builds +!MESSAGE Use backslashes as path separator !MESSAGE WITH_SSL= - Enable OpenSSL support, DLL or static !MESSAGE WITH_NGHTTP2= - Enable HTTP/2 support, DLL or static !MESSAGE WITH_CARES= - Enable c-ares support, DLL or static diff --git a/winbuild/MakefileBuild.vc b/winbuild/MakefileBuild.vc index 8d942b759..993ab38bc 100644 --- a/winbuild/MakefileBuild.vc +++ b/winbuild/MakefileBuild.vc @@ -486,8 +486,13 @@ CFLAGS = $(CFLAGS) /DCURL_WITH_MULTI_SSL !ENDIF LIB_DIROBJ = ..\builds\$(CONFIG_NAME_LIB)-obj-lib -CURL_DIROBJ = ..\builds\$(CONFIG_NAME_LIB)-obj-curl -DIRDIST = ..\builds\$(CONFIG_NAME_LIB)\ +CURL_DIROBJ = ..\builds\$(CONFIG_NAME_LIB)-obj-curl + +!IFDEF WITH_PREFIX +DIRDIST = $(WITH_PREFIX) +!ELSE +DIRDIST = ..\builds\$(CONFIG_NAME_LIB)\ +!ENDIF # # curl.exe -- cgit v1.2.3 From 13d9bb8bad62dfcf23486885bfa3d0b5542a8193 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 17 Jun 2019 11:44:21 +0200 Subject: test188/189: fix Content-Length This cures the flaky test results Closes #4034 --- tests/data/test188 | 4 ++-- tests/data/test189 | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/data/test188 b/tests/data/test188 index a23a2a11e..d8ca1cd47 100644 --- a/tests/data/test188 +++ b/tests/data/test188 @@ -14,7 +14,7 @@ followlocation HTTP/1.1 301 OK swsbounce Location: /188 -Content-Length: 2 +Content-Length: 3 OK @@ -30,7 +30,7 @@ Actual content HTTP/1.1 301 OK swsbounce Location: /188 -Content-Length: 2 +Content-Length: 3 HTTP/1.1 200 OK Connection: close diff --git a/tests/data/test189 b/tests/data/test189 index f82b4ad90..65780f804 100644 --- a/tests/data/test189 +++ b/tests/data/test189 @@ -11,7 +11,7 @@ HTTP GET HTTP/1.1 301 OK swsbounce Location: /189 -Content-Length: 2 +Content-Length: 3 OK @@ -26,7 +26,7 @@ Actual content HTTP/1.1 301 OK swsbounce Location: /189 -Content-Length: 2 +Content-Length: 3 HTTP/1.1 200 OK Connection: close -- cgit v1.2.3 From 40259ca65544cd5227cec387d1bb4ded01596ebc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 10 Jun 2019 08:17:16 +0200 Subject: tests: have runtests figure out disabled features ... so that runtests can skip individual test cases that test features that are explicitly disabled in this build. This new logic is intended for disabled features that aren't otherwise easily visible through the curl_version_info() or other API calls. tests/server/disabled is a newly built executable that will output a list of disabled features. Outputs nothing for a default build. Closes #3950 --- tests/data/test1001 | 1 + tests/runtests.pl | 399 ++++++++++------------------------------------ tests/server/Makefile.inc | 4 +- tests/server/disabled.c | 79 +++++++++ 4 files changed, 168 insertions(+), 315 deletions(-) create mode 100644 tests/server/disabled.c diff --git a/tests/data/test1001 b/tests/data/test1001 index 91b13203e..53d7da381 100644 --- a/tests/data/test1001 +++ b/tests/data/test1001 @@ -66,6 +66,7 @@ http !SSPI crypto +proxy HTTP POST --digest with PUT and resumed upload and modified method diff --git a/tests/runtests.pl b/tests/runtests.pl index 59788404e..52045ab14 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -291,6 +291,7 @@ my %timevrfyend; # timestamp for each test result verification end my $testnumcheck; # test number, set in singletest sub. my %oldenv; +my %feature; # array of enabled features ####################################################################### # variables that command line options may set @@ -2561,6 +2562,65 @@ sub compare { return $result; } +sub setupfeatures { + $feature{"SSL"} = $has_ssl; + $feature{"MultiSSL"} = $has_multissl; + $feature{"SSLpinning"} = $has_sslpinning; + $feature{"OpenSSL"} = $has_openssl; + $feature{"GnuTLS"} = $has_gnutls; + $feature{"NSS"} = $has_nss; + $feature{"WinSSL"} = $has_winssl; + $feature{"Schannel"} = $has_winssl; # alias + $feature{"sectransp"} = $has_darwinssl; + $feature{"DarwinSSL"} = $has_darwinssl; # alias + $feature{"ld_preload"} = ($has_ldpreload && !$debug_build); + $feature{"unittest"} = $debug_build; + $feature{"debug"} = $debug_build; + $feature{"TrackMemory"} = $has_memory_tracking; + $feature{"large_file"} = $has_largefile; + $feature{"idn"} = $has_idn; + $feature{"ipv6"} = $has_ipv6; + $feature{"libz"} = $has_libz; + $feature{"brotli"} = $has_brotli; + $feature{"NTLM"} = $has_ntlm; + $feature{"NTLM_WB"} = $has_ntlm_wb; + $feature{"SSPI"} = $has_sspi; + $feature{"GSS-API"} = $has_gssapi; + $feature{"Kerberos"} = $has_kerberos; + $feature{"SPNEGO"} = $has_spnego; + $feature{"getrlimit"} = $has_getrlimit; + $feature{"crypto"} = $has_crypto; + $feature{"TLS-SRP"} = $has_tls_srp; + $feature{"Metalink"} = $has_metalink; + $feature{"http/2"} = $has_http2; + $feature{"threaded-resolver"} = $has_threadedres; + $feature{"PSL"} = $has_psl; + $feature{"alt-svc"} = $has_altsvc; + $feature{"manual"} = $has_manual; + $feature{"unix-sockets"} = $has_unix; + + # make each protocol an enabled "feature" + for my $p (@protocols) { + $feature{$p} = 1; + } + # 'socks' was once here but is now removed + + # + # strings that must match the names used in server/disabled.c + # + $feature{"cookies"} = 1; + $feature{"DoH"} = 1; + $feature{"HTTP-auth"} = 1; + $feature{"Mime"} = 1; + $feature{"netrc"} = 1; + $feature{"parsedate"} = 1; + $feature{"proxy"} = 1; + $feature{"shuffle-dns"} = 1; + $feature{"typecheck"} = 1; + $feature{"verbose-strings"} = 1; + +} + ####################################################################### # display information about curl and the host the test suite runs on # @@ -2574,6 +2634,8 @@ sub checksystem { my $versretval; my $versnoexec; my @version=(); + my @disabled; + my $dis = ""; my $curlverout="$LOGDIR/curlverout.log"; my $curlvererr="$LOGDIR/curlvererr.log"; @@ -2589,6 +2651,15 @@ sub checksystem { @version = ; close(VERSOUT); + open(DISABLED, "server/disabled|"); + @disabled = ; + close(DISABLED); + + if($disabled[0]) { + map s/[\r\n]//g, @disabled; + $dis = join(", ", @disabled); + } + $resolver="stock"; for(@version) { chomp; @@ -2877,11 +2948,12 @@ sub checksystem { my $hosttype=join(' ', runclientoutput("uname -a")); logmsg ("********* System characteristics ******** \n", - "* $curl\n", - "* $libcurl\n", - "* Features: $feat\n", - "* Host: $hostname", - "* System: $hosttype"); + "* $curl\n", + "* $libcurl\n", + "* Features: $feat\n", + "* Disabled: $dis\n", + "* Host: $hostname", + "* System: $hosttype"); if($has_memory_tracking && $has_threadedres) { $has_memory_tracking = 0; @@ -2953,6 +3025,12 @@ sub checksystem { $has_textaware = ($^O eq 'MSWin32') || ($^O eq 'msys'); logmsg "***************************************** \n"; + + setupfeatures(); + # toggle off the features that were disabled in the build + for my $d(@disabled) { + $feature{$d} = 0; + } } ####################################################################### @@ -3121,7 +3199,6 @@ sub singletest { my @what; my $why; - my %feature; my $cmd; my $disablevalgrind; @@ -3157,177 +3234,7 @@ sub singletest { $f =~ s/\s//g; if($f =~ /^([^!].*)$/) { - # Store the feature for later - $feature{$1} = $1; - - if($1 eq "SSL") { - if($has_ssl) { - next; - } - } - elsif($1 eq "MultiSSL") { - if($has_multissl) { - next; - } - } - elsif($1 eq "SSLpinning") { - if($has_sslpinning) { - next; - } - } - elsif($1 eq "OpenSSL") { - if($has_openssl) { - next; - } - } - elsif($1 eq "GnuTLS") { - if($has_gnutls) { - next; - } - } - elsif($1 eq "NSS") { - if($has_nss) { - next; - } - } - elsif(($1 eq "WinSSL") || ($1 eq "Schannel")) { - if($has_winssl) { - next; - } - } - elsif($1 eq "DarwinSSL") { - if($has_darwinssl) { - next; - } - } - elsif($1 eq "ld_preload") { - if($has_ldpreload && !$debug_build) { - next; - } - } - elsif($1 eq "unittest") { - if($debug_build) { - next; - } - } - elsif($1 eq "debug") { - if($debug_build) { - next; - } - } - elsif($1 eq "TrackMemory") { - if($has_memory_tracking) { - next; - } - } - elsif($1 eq "large_file") { - if($has_largefile) { - next; - } - } - elsif($1 eq "idn") { - if($has_idn) { - next; - } - } - elsif($1 eq "ipv6") { - if($has_ipv6) { - next; - } - } - elsif($1 eq "libz") { - if($has_libz) { - next; - } - } - elsif($1 eq "brotli") { - if($has_brotli) { - next; - } - } - elsif($1 eq "NTLM") { - if($has_ntlm) { - next; - } - } - elsif($1 eq "NTLM_WB") { - if($has_ntlm_wb) { - next; - } - } - elsif($1 eq "SSPI") { - if($has_sspi) { - next; - } - } - elsif($1 eq "GSS-API") { - if($has_gssapi) { - next; - } - } - elsif($1 eq "Kerberos") { - if($has_kerberos) { - next; - } - } - elsif($1 eq "SPNEGO") { - if($has_spnego) { - next; - } - } - elsif($1 eq "getrlimit") { - if($has_getrlimit) { - next; - } - } - elsif($1 eq "crypto") { - if($has_crypto) { - next; - } - } - elsif($1 eq "TLS-SRP") { - if($has_tls_srp) { - next; - } - } - elsif($1 eq "Metalink") { - if($has_metalink) { - next; - } - } - elsif($1 eq "http/2") { - if($has_http2) { - next; - } - } - elsif($1 eq "threaded-resolver") { - if($has_threadedres) { - next; - } - } - elsif($1 eq "PSL") { - if($has_psl) { - next; - } - } - elsif($1 eq "alt-svc") { - if($has_altsvc) { - next; - } - } - elsif($1 eq "manual") { - if($has_manual) { - next; - } - } - elsif($1 eq "socks") { - next; - } - elsif($1 eq "unix-sockets") { - next if $has_unix; - } - # See if this "feature" is in the list of supported protocols - elsif (grep /^\Q$1\E$/i, @protocols) { + if($feature{$1}) { next; } @@ -3343,135 +3250,7 @@ sub singletest { $f =~ s/\s//g; if($f =~ /^!(.*)$/) { - if($1 eq "SSL") { - if(!$has_ssl) { - next; - } - } - elsif($1 eq "MultiSSL") { - if(!$has_multissl) { - next; - } - } - elsif($1 eq "OpenSSL") { - if(!$has_openssl) { - next; - } - } - elsif($1 eq "GnuTLS") { - if(!$has_gnutls) { - next; - } - } - elsif($1 eq "NSS") { - if(!$has_nss) { - next; - } - } - elsif(($1 eq "WinSSL") || ($1 eq "Schannel")) { - if(!$has_winssl) { - next; - } - } - elsif($1 eq "DarwinSSL") { - if(!$has_darwinssl) { - next; - } - } - elsif($1 eq "TrackMemory") { - if(!$has_memory_tracking) { - next; - } - } - elsif($1 eq "large_file") { - if(!$has_largefile) { - next; - } - } - elsif($1 eq "idn") { - if(!$has_idn) { - next; - } - } - elsif($1 eq "ipv6") { - if(!$has_ipv6) { - next; - } - } - elsif($1 eq "unix-sockets") { - next if !$has_unix; - } - elsif($1 eq "libz") { - if(!$has_libz) { - next; - } - } - elsif($1 eq "brotli") { - if(!$has_brotli) { - next; - } - } - elsif($1 eq "NTLM") { - if(!$has_ntlm) { - next; - } - } - elsif($1 eq "NTLM_WB") { - if(!$has_ntlm_wb) { - next; - } - } - elsif($1 eq "SSPI") { - if(!$has_sspi) { - next; - } - } - elsif($1 eq "GSS-API") { - if(!$has_gssapi) { - next; - } - } - elsif($1 eq "Kerberos") { - if(!$has_kerberos) { - next; - } - } - elsif($1 eq "SPNEGO") { - if(!$has_spnego) { - next; - } - } - elsif($1 eq "getrlimit") { - if(!$has_getrlimit) { - next; - } - } - elsif($1 eq "crypto") { - if(!$has_crypto) { - next; - } - } - elsif($1 eq "TLS-SRP") { - if(!$has_tls_srp) { - next; - } - } - elsif($1 eq "Metalink") { - if(!$has_metalink) { - next; - } - } - elsif($1 eq "PSL") { - if(!$has_psl) { - next; - } - } - elsif($1 eq "threaded-resolver") { - if(!$has_threadedres) { - next; - } - } - else { + if(!$feature{$1}) { next; } } @@ -4761,10 +4540,6 @@ sub startservers { # we can't run ftps tests without stunnel return "no stunnel"; } - if(!$has_ssl) { - # we can't run ftps tests if libcurl is SSL-less - return "curl lacks SSL support"; - } if($runcert{'ftps'} && ($runcert{'ftps'} ne $certfile)) { # stop server when running and using a different cert stopserver('ftps'); @@ -4799,10 +4574,6 @@ sub startservers { # we can't run https tests without stunnel return "no stunnel"; } - if(!$has_ssl) { - # we can't run https tests if libcurl is SSL-less - return "curl lacks SSL support"; - } if($runcert{'https'} && ($runcert{'https'} ne $certfile)) { # stop server when running and using a different cert stopserver('https'); diff --git a/tests/server/Makefile.inc b/tests/server/Makefile.inc index f14d35d12..6296af7cc 100644 --- a/tests/server/Makefile.inc +++ b/tests/server/Makefile.inc @@ -1,4 +1,4 @@ -noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm socksd +noinst_PROGRAMS = getpart resolve rtspd sockfilt sws tftpd fake_ntlm socksd disabled CURLX_SRCS = \ ../../lib/mprintf.c \ @@ -74,3 +74,5 @@ fake_ntlm_SOURCES = $(CURLX_SRCS) $(CURLX_HDRS) $(USEFUL) $(UTIL) \ fake_ntlm.c fake_ntlm_LDADD = @CURL_NETWORK_AND_TIME_LIBS@ fake_ntlm_CFLAGS = $(AM_CFLAGS) + +disabled_SOURCES = disabled.c diff --git a/tests/server/disabled.c b/tests/server/disabled.c new file mode 100644 index 000000000..c82847d8e --- /dev/null +++ b/tests/server/disabled.c @@ -0,0 +1,79 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* + * The purpose of this tool is to figure out which, if any, features that are + * disabled which should otherwise exist and work. These aren't visible in + * regular curl -V output. + * + * Disabled protocols are visible in curl_version_info() and are not included + * in this table. + */ + +#include "curl_setup.h" +#include + +static const char *disabled[]={ +#ifdef CURL_DISABLE_COOKIES + "cookies", +#endif +#ifdef CURL_DISABLE_CRYPTO_AUTH + "crypto", +#endif +#ifdef CURL_DISABLE_DOH + "DoH", +#endif +#ifdef CURL_DISABLE_HTTP_AUTH + "HTTP-auth", +#endif +#ifdef CURL_DISABLE_MIME + "Mime", +#endif +#ifdef CURL_DISABLE_NETRC + "netrc", +#endif +#ifdef CURL_DISABLE_PARSEDATE + "parsedate", +#endif +#ifdef CURL_DISABLE_PROXY + "proxy", +#endif +#ifdef CURL_DISABLE_SHUFFLE_DNS + "shuffle-dns", +#endif +#ifdef CURL_DISABLE_TYPECHECK + "typecheck", +#endif +#ifdef CURL_DISABLE_VERBOSE_STRINGS + "verbose-strings", +#endif + NULL +}; + +int main(void) +{ + int i; + for(i = 0; disabled[i]; i++) + printf("%s\n", disabled[i]); + + return 0; +} -- cgit v1.2.3 From 755083d00deb167667882e775b0885da0e63d034 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 16 Jun 2019 23:25:38 +0200 Subject: conn_maxage: move the check to prune_dead_connections() ... and avoid the locking issue. Reported-by: Kunal Ekawde Fixes #4029 Closes #4032 --- lib/url.c | 52 +++++++++++++++++++++++++--------------------------- 1 file changed, 25 insertions(+), 27 deletions(-) diff --git a/lib/url.c b/lib/url.c index bf1c7c9ea..22b930015 100644 --- a/lib/url.c +++ b/lib/url.c @@ -881,6 +881,26 @@ proxy_info_matches(const struct proxy_info* data, #define proxy_info_matches(x,y) FALSE #endif +/* A connection has to have been idle for a shorter time than 'maxage_conn' to + be subject for reuse. The success rate is just too low after this. */ + +static bool conn_maxage(struct Curl_easy *data, + struct connectdata *conn, + struct curltime now) +{ + if(!conn->data) { + timediff_t idletime = Curl_timediff(now, conn->lastused); + idletime /= 1000; /* integer seconds is fine */ + + if(idletime > data->set.maxage_conn) { + infof(data, "Too old connection (%ld seconds), disconnect it\n", + idletime); + return TRUE; + } + } + return FALSE; +} + /* * This function checks if the given connection is dead and extracts it from * the connection cache if so. @@ -897,7 +917,11 @@ static bool extract_if_dead(struct connectdata *conn, /* The check for a dead socket makes sense only if the connection isn't in use */ bool dead; - if(conn->handler->connection_check) { + struct curltime now = Curl_now(); + if(conn_maxage(data, conn, now)) { + dead = TRUE; + } + else if(conn->handler->connection_check) { /* The protocol has a special method for checking the state of the connection. Use it to check if the connection is dead. */ unsigned int state; @@ -964,25 +988,6 @@ static void prune_dead_connections(struct Curl_easy *data) } } -/* A connection has to have been idle for a shorter time than 'maxage_conn' to - be subject for reuse. The success rate is just too low after this. */ - -static bool conn_maxage(struct Curl_easy *data, - struct connectdata *conn, - struct curltime now) -{ - if(!conn->data) { - timediff_t idletime = Curl_timediff(now, conn->lastused); - idletime /= 1000; /* integer seconds is fine */ - - if(idletime > data->set.maxage_conn) { - infof(data, "Too old connection (%ld seconds), disconnect it\n", - idletime); - return TRUE; - } - } - return FALSE; -} /* * Given one filled in connection struct (named needle), this function should * detect if there already is one that has all the significant details @@ -1006,7 +1011,6 @@ ConnectionExists(struct Curl_easy *data, bool foundPendingCandidate = FALSE; bool canmultiplex = IsMultiplexingPossible(data, needle); struct connectbundle *bundle; - struct curltime now = Curl_now(); const char *hostbundle; #ifdef USE_NTLM @@ -1074,12 +1078,6 @@ ConnectionExists(struct Curl_easy *data, /* connect-only connections will not be reused */ continue; - if(conn_maxage(data, check, now) || extract_if_dead(check, data)) { - /* disconnect it */ - (void)Curl_disconnect(data, check, /* dead_connection */TRUE); - continue; - } - multiplexed = CONN_INUSE(check) && (bundle->multiuse == BUNDLE_MULTIPLEX); -- cgit v1.2.3 From 6c2b7d44e3171b634f88a6840176d780e08d8790 Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Sun, 16 Jun 2019 09:44:21 +0200 Subject: openssl: fix pubkey/signature algorithm detection in certinfo Certinfo gives the same result for all OpenSSL versions. Also made printing RSA pubkeys consistent with older versions. Reported-by: Michael Wallner Fixes #3706 Closes #4030 --- lib/vtls/openssl.c | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 1a7a18563..fa6d0201a 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3085,18 +3085,25 @@ static CURLcode get_cert_chain(struct connectdata *conn, #if defined(HAVE_X509_GET0_SIGNATURE) && defined(HAVE_X509_GET0_EXTENSIONS) { - const X509_ALGOR *palg = NULL; - ASN1_STRING *a = ASN1_STRING_new(); - if(a) { - X509_get0_signature(&psig, &palg, x); - X509_signature_print(mem, ARG2_X509_signature_print palg, a); - ASN1_STRING_free(a); - - if(palg) { - i2a_ASN1_OBJECT(mem, palg->algorithm); + const X509_ALGOR *sigalg = NULL; + X509_PUBKEY *xpubkey = NULL; + ASN1_OBJECT *pubkeyoid = NULL; + + X509_get0_signature(&psig, &sigalg, x); + if(sigalg) { + i2a_ASN1_OBJECT(mem, sigalg->algorithm); + push_certinfo("Signature Algorithm", i); + } + + xpubkey = X509_get_X509_PUBKEY(x); + if(xpubkey) { + X509_PUBKEY_get0_param(&pubkeyoid, NULL, NULL, NULL, xpubkey); + if(pubkeyoid) { + i2a_ASN1_OBJECT(mem, pubkeyoid); push_certinfo("Public Key Algorithm", i); } } + X509V3_ext(data, i, X509_get0_extensions(x)); } #else @@ -3148,7 +3155,7 @@ static CURLcode get_cert_chain(struct connectdata *conn, const BIGNUM *e; RSA_get0_key(rsa, &n, &e, NULL); - BN_print(mem, n); + BIO_printf(mem, "%d", BN_num_bits(n)); push_certinfo("RSA Public Key", i); print_pubkey_BN(rsa, n, i); print_pubkey_BN(rsa, e, i); -- cgit v1.2.3 From 6617db6a7ed322d28322896aa20bcabf3a479e7c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 17 Jun 2019 14:20:51 +0200 Subject: runtests: keep logfiles around by default Make '-k' a no-op. The singletest function now clears the log directory BEFORE each individual test and not after, which makes it possible to always keep the logfiles around after a test has been run. No need to specify -k anymore. Keeping the option parsing around to work with users of old habits. Some tests also didn't work properly when -k was used (since the old logs would be kep when a new test starts) which this change also fixes. Closes #4035 --- tests/runtests.pl | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/tests/runtests.pl b/tests/runtests.pl index 52045ab14..e7ea11c46 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -3202,6 +3202,9 @@ sub singletest { my $cmd; my $disablevalgrind; + # fist, remove all lingering log files + cleardir($LOGDIR); + # copy test number to a global scope var, this allows # testnum checking when starting test harness servers. $testnumcheck = $testnum; @@ -3862,9 +3865,6 @@ sub singletest { # Skip all the verification on torture tests if ($torture) { - if(!$cmdres && !$keepoutfiles) { - cleardir($LOGDIR); - } # timestamp test result verification end $timevrfyend{$testnum} = Time::HiRes::time(); return $cmdres; @@ -4295,10 +4295,6 @@ sub singletest { logmsg "PASS: $testnum - $testname\n"; } - # the test succeeded, remove all log files - if(!$keepoutfiles) { - cleardir($LOGDIR); - } return 0; } -- cgit v1.2.3 From 7fb54ef89b3e4a5e86b29f78325dea5fadbf124e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2019 15:44:01 +0200 Subject: config-os400: add getpeername and getsockname defines Reported-by: jonrumsey on github Fixes #4037 Closes #4039 --- lib/config-os400.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/config-os400.h b/lib/config-os400.h index bde4f0b33..a741e9185 100644 --- a/lib/config-os400.h +++ b/lib/config-os400.h @@ -127,12 +127,18 @@ /* Define if you have the `getpass_r' function. */ #undef HAVE_GETPASS_R +/* Define to 1 if you have the getpeername function. */ +#define HAVE_GETPEERNAME 1 + /* Define if you have the `getpwuid' function. */ #define HAVE_GETPWUID /* Define if you have the `getservbyname' function. */ #define HAVE_GETSERVBYNAME +/* Define to 1 if you have the getsockname function. */ +#define HAVE_GETSOCKNAME 1 + /* Define if you have the `gettimeofday' function. */ #define HAVE_GETTIMEOFDAY -- cgit v1.2.3 From 6c2f9bea70b928067b854f0a17981e3da0c65aeb Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Mon, 17 Jun 2019 23:01:49 +0100 Subject: netrc: Return the correct error code when out of memory Introduced in 763c5178. Closes #4036 --- lib/netrc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/netrc.c b/lib/netrc.c index 1bd998f9c..f41636e97 100644 --- a/lib/netrc.c +++ b/lib/netrc.c @@ -89,7 +89,7 @@ int Curl_parsenetrc(const char *host, && pw_res) { home = strdup(pw.pw_dir); if(!home) - return CURLE_OUT_OF_MEMORY; + return -1; home_alloc = TRUE; } #elif defined(HAVE_GETPWUID) && defined(HAVE_GETEUID) -- cgit v1.2.3 From b9e0c6d28c3e89cf27ce15b14a8c2300ad32a4e5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 18 Jun 2019 22:30:54 +0200 Subject: curl: improved skip-setopt-options when built with disabled features Reduces #ifdefs in src/tool_operate.c Follow-up from 4e86f2fc4e6 Closes #3936 --- src/tool_operate.c | 32 +++++------------------- src/tool_setopt.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++---- src/tool_setopt.h | 10 +++++--- 3 files changed, 80 insertions(+), 35 deletions(-) diff --git a/src/tool_operate.c b/src/tool_operate.c index 462119a1c..b5f87cea4 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -825,9 +825,8 @@ static CURLcode operate_do(struct GlobalConfig *global, /* where to store */ my_setopt(curl, CURLOPT_WRITEDATA, &outs); -#ifndef CURL_DISABLE_RTSP my_setopt(curl, CURLOPT_INTERLEAVEDATA, &outs); -#endif + if(metalink || !config->use_metalink) /* what call to write */ my_setopt(curl, CURLOPT_WRITEFUNCTION, tool_write_cb); @@ -875,7 +874,6 @@ static CURLcode operate_do(struct GlobalConfig *global, if(config->oauth_bearer) my_setopt_str(curl, CURLOPT_XOAUTH2_BEARER, config->oauth_bearer); -#if !defined(CURL_DISABLE_PROXY) { my_setopt_str(curl, CURLOPT_PROXY, config->proxy); /* new in libcurl 7.5 */ @@ -914,7 +912,6 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt(curl, CURLOPT_SUPPRESS_CONNECT_HEADERS, config->suppress_connect_headers?1L:0L); } -#endif /* !CURL_DISABLE_PROXY */ my_setopt(curl, CURLOPT_FAILONERROR, config->failonerror?1L:0L); my_setopt(curl, CURLOPT_REQUEST_TARGET, config->request_target); @@ -1017,9 +1014,7 @@ static CURLcode operate_do(struct GlobalConfig *global, } /* (built_in_protos & CURLPROTO_HTTP) */ -#ifndef CURL_DISABLE_FTP my_setopt_str(curl, CURLOPT_FTPPORT, config->ftpport); -#endif my_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, config->low_speed_limit); my_setopt(curl, CURLOPT_LOW_SPEED_TIME, config->low_speed_time); @@ -1034,9 +1029,8 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt(curl, CURLOPT_RESUME_FROM_LARGE, CURL_OFF_T_C(0)); my_setopt_str(curl, CURLOPT_KEYPASSWD, config->key_passwd); -#ifndef CURL_DISABLE_PROXY my_setopt_str(curl, CURLOPT_PROXY_KEYPASSWD, config->proxy_key_passwd); -#endif + if(built_in_protos & (CURLPROTO_SCP|CURLPROTO_SFTP)) { /* SSH and SSL private key uses same command-line option */ @@ -1213,7 +1207,6 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_slist(curl, CURLOPT_POSTQUOTE, config->postquote); my_setopt_slist(curl, CURLOPT_PREQUOTE, config->prequote); -#if !defined(CURL_DISABLE_HTTP) && !defined(CURL_DISABLE_COOKIES) if(config->cookie) my_setopt_str(curl, CURLOPT_COOKIE, config->cookie); @@ -1226,13 +1219,6 @@ static CURLcode operate_do(struct GlobalConfig *global, /* new in libcurl 7.9.7 */ my_setopt(curl, CURLOPT_COOKIESESSION, config->cookiesession?1L:0L); -#else - if(config->cookie || config->cookiefile || config->cookiejar) { - warnf(config->global, "cookie option(s) used even though cookie " - "support is disabled!\n"); - return CURLE_NOT_BUILT_IN; - } -#endif my_setopt_enum(curl, CURLOPT_TIMECONDITION, (long)config->timecond); my_setopt(curl, CURLOPT_TIMEVALUE_LARGE, config->condtime); @@ -1242,9 +1228,8 @@ static CURLcode operate_do(struct GlobalConfig *global, /* three new ones in libcurl 7.3: */ my_setopt_str(curl, CURLOPT_INTERFACE, config->iface); -#ifndef CURL_DISABLE_FTP my_setopt_str(curl, CURLOPT_KRBLEVEL, config->krblevel); -#endif + progressbarinit(&progressbar, config); if((global->progressmode == CURL_PROGRESS_BAR) && !global->noprogress && !global->mute) { @@ -1266,10 +1251,9 @@ static CURLcode operate_do(struct GlobalConfig *global, if(config->dns_ipv6_addr) my_setopt_str(curl, CURLOPT_DNS_LOCAL_IP6, config->dns_ipv6_addr); -#ifndef CURL_DISABLE_TELNET /* new in libcurl 7.6.2: */ my_setopt_slist(curl, CURLOPT_TELNETOPTIONS, config->telnet_options); -#endif + /* new in libcurl 7.7: */ my_setopt_str(curl, CURLOPT_RANDOM_FILE, config->random_file); my_setopt_str(curl, CURLOPT_EGDSOCKET, config->egd_file); @@ -1372,30 +1356,26 @@ static CURLcode operate_do(struct GlobalConfig *global, my_setopt_str(curl, CURLOPT_SERVICE_NAME, config->service_name); -#ifndef CURL_DISABLE_FTP /* curl 7.13.0 */ my_setopt_str(curl, CURLOPT_FTP_ACCOUNT, config->ftp_account); -#endif my_setopt(curl, CURLOPT_IGNORE_CONTENT_LENGTH, config->ignorecl?1L:0L); -#ifndef CURL_DISABLE_FTP /* curl 7.14.2 */ my_setopt(curl, CURLOPT_FTP_SKIP_PASV_IP, config->ftp_skip_ip?1L:0L); /* curl 7.15.1 */ my_setopt(curl, CURLOPT_FTP_FILEMETHOD, (long)config->ftp_filemethod); -#endif + /* curl 7.15.2 */ if(config->localport) { my_setopt(curl, CURLOPT_LOCALPORT, config->localport); my_setopt_str(curl, CURLOPT_LOCALPORTRANGE, config->localportrange); } -#ifndef CURL_DISABLE_FTP /* curl 7.15.5 */ my_setopt_str(curl, CURLOPT_FTP_ALTERNATIVE_TO_USER, config->ftp_alternative_to_user); -#endif + /* curl 7.16.0 */ if(config->disable_sessionid) /* disable it */ diff --git a/src/tool_setopt.c b/src/tool_setopt.c index ff67c22e7..b5486e6ef 100644 --- a/src/tool_setopt.c +++ b/src/tool_setopt.c @@ -720,9 +720,14 @@ CURLcode tool_setopt(CURL *curl, bool str, struct GlobalConfig *config, #endif /* CURL_DISABLE_LIBCURL_OPTION */ -CURLcode tool_real_error(CURLcode result, CURLoption tag) +/* + * tool_setopt_skip() allows the curl tool code to avoid setopt options that + * are explicitly disabled in the build. + */ +bool tool_setopt_skip(CURLoption tag) { #ifdef CURL_DISABLE_PROXY +#define USED_TAG switch(tag) { case CURLOPT_HAPROXYPROTOCOL: case CURLOPT_HTTPPROXYTUNNEL: @@ -756,13 +761,71 @@ CURLcode tool_real_error(CURLcode result, CURLoption tag) case CURLOPT_PROXYTYPE: case CURLOPT_PROXYUSERNAME: case CURLOPT_PROXYUSERPWD: - return CURLE_OK; /* pretend it worked */ + return TRUE; default: break; } -#else +#endif +#ifdef CURL_DISABLE_FTP +#define USED_TAG + switch(tag) { + case CURLOPT_FTPPORT: + case CURLOPT_FTP_ACCOUNT: + case CURLOPT_FTP_ALTERNATIVE_TO_USER: + case CURLOPT_FTP_FILEMETHOD: + case CURLOPT_FTP_SKIP_PASV_IP: + case CURLOPT_FTP_USE_EPRT: + case CURLOPT_FTP_USE_EPSV: + case CURLOPT_FTP_USE_PRET: + case CURLOPT_KRBLEVEL: + return TRUE; + default: + break; + } +#endif +#ifdef CURL_DISABLE_RTSP +#define USED_TAG + switch(tag) { + case CURLOPT_INTERLEAVEDATA: + return TRUE; + default: + break; + } +#endif +#if defined(CURL_DISABLE_HTTP) || defined(CURL_DISABLE_COOKIES) +#define USED_TAG + switch(tag) { + case CURLOPT_COOKIE: + case CURLOPT_COOKIEFILE: + case CURLOPT_COOKIEJAR: + case CURLOPT_COOKIESESSION: + return TRUE; + default: + break; + } +#endif +#if defined(CURL_DISABLE_TELNET) +#define USED_TAG + switch(tag) { + case CURLOPT_TELNETOPTIONS: + return TRUE; + default: + break; + } +#endif +#ifdef CURL_DISABLE_TFTP +#define USED_TAG + switch(tag) { + case CURLOPT_TFTP_BLKSIZE: + case CURLOPT_TFTP_NO_OPTIONS: + return TRUE; + default: + break; + } +#endif + +#ifndef USED_TAG (void)tag; #endif - return result; + return FALSE; } - diff --git a/src/tool_setopt.h b/src/tool_setopt.h index 2266d1c9c..690b2c6f3 100644 --- a/src/tool_setopt.h +++ b/src/tool_setopt.h @@ -30,13 +30,15 @@ */ #define SETOPT_CHECK(v,opt) do { \ - result = tool_real_error((v), opt); \ - if(result) \ - goto show_error; \ + if(!tool_setopt_skip(opt)) { \ + result = (v); \ + if(result) \ + goto show_error; \ + } \ } WHILE_FALSE /* allow removed features to simulate success: */ -CURLcode tool_real_error(CURLcode result, CURLoption tag); +bool tool_setopt_skip(CURLoption tag); #ifndef CURL_DISABLE_LIBCURL_OPTION -- cgit v1.2.3 From 21080e1828cab80c9260c83b83b884a98577c2a9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 11 Feb 2019 16:38:19 +0100 Subject: configure: --disable-progress-meter Builds libcurl without support for the built-in progress meter. Closes #4023 --- configure.ac | 18 ++++++++ lib/progress.c | 131 +++++++++++++++++++++++++++++++++------------------------ 2 files changed, 94 insertions(+), 55 deletions(-) diff --git a/configure.ac b/configure.ac index 9b69e1bb4..ebcc44761 100755 --- a/configure.ac +++ b/configure.ac @@ -4114,6 +4114,24 @@ AC_HELP_STRING([--disable-netrc],[Disable netrc parsing]), AC_MSG_RESULT(yes) ) +dnl ************************************************************ +dnl disable progress-meter +dnl +AC_MSG_CHECKING([whether to support progress-meter]) +AC_ARG_ENABLE(progress-meter, +AC_HELP_STRING([--enable-progress-meter],[Enable progress-meter]) +AC_HELP_STRING([--disable-progress-meter],[Disable progress-meter]), +[ case "$enableval" in + no) + AC_MSG_RESULT(no) + AC_DEFINE(CURL_DISABLE_PROGRESS_METER, 1, [disable progress-meter]) + ;; + *) AC_MSG_RESULT(yes) + ;; + esac ], + AC_MSG_RESULT(yes) +) + dnl ************************************************************ dnl disable shuffle DNS support dnl diff --git a/lib/progress.c b/lib/progress.c index fe9929bb9..7282e0232 100644 --- a/lib/progress.c +++ b/lib/progress.c @@ -5,7 +5,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,6 +31,7 @@ /* check rate limits within this many recent milliseconds, at minimum. */ #define MIN_RATE_LIMIT_PERIOD 3000 +#ifndef CURL_DISABLE_PROGRESS_METER /* Provide a string that is 2 + 1 + 2 + 1 + 2 = 8 letters long (plus the zero byte) */ static void time2str(char *r, curl_off_t seconds) @@ -119,6 +120,7 @@ static char *max5data(curl_off_t bytes, char *max5) return max5; } +#endif /* @@ -362,23 +364,14 @@ void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size) } } -/* - * Curl_pgrsUpdate() returns 0 for success or the value returned by the - * progress callback! - */ -int Curl_pgrsUpdate(struct connectdata *conn) +static void progress_calc(struct connectdata *conn, struct curltime now) { - struct curltime now; curl_off_t timespent; curl_off_t timespent_ms; /* milliseconds */ struct Curl_easy *data = conn->data; - int nowindex = data->progress.speeder_c% CURR_TIME; - bool shownow = FALSE; curl_off_t dl = data->progress.downloaded; curl_off_t ul = data->progress.uploaded; - now = Curl_now(); /* what time is it */ - /* The time spent so far (from the start) */ data->progress.timespent = Curl_timediff_us(now, data->progress.start); timespent = (curl_off_t)data->progress.timespent/1000000; /* seconds */ @@ -399,8 +392,7 @@ int Curl_pgrsUpdate(struct connectdata *conn) /* Calculations done at most once a second, unless end is reached */ if(data->progress.lastshow != now.tv_sec) { int countindex; /* amount of seconds stored in the speeder array */ - shownow = TRUE; - + int nowindex = data->progress.speeder_c% CURR_TIME; data->progress.lastshow = now.tv_sec; /* Let's do the "current speed" thing, with the dl + ul speeds @@ -434,8 +426,7 @@ int Curl_pgrsUpdate(struct connectdata *conn) data->progress.speeder_c%CURR_TIME:0; /* Figure out the exact time for the time span */ - span_ms = Curl_timediff(now, - data->progress.speeder_time[checkindex]); + span_ms = Curl_timediff(now, data->progress.speeder_time[checkindex]); if(0 == span_ms) span_ms = 1; /* at least one millisecond MUST have passed */ @@ -461,8 +452,25 @@ int Curl_pgrsUpdate(struct connectdata *conn) data->progress.ulspeed + data->progress.dlspeed; } /* Calculations end */ +} - if(!(data->progress.flags & PGRS_HIDE)) { +#ifndef CURL_DISABLE_PROGRESS_METER +static void progress_meter(struct connectdata *conn, + struct curltime now) +{ + struct Curl_easy *data = conn->data; + bool shownow = FALSE; + if(data->progress.lastshow != now.tv_sec) { + if(!(data->progress.flags & PGRS_HIDE)) + shownow = TRUE; + } + + if(!shownow) + /* only show the internal progress meter once per second */ + return; + else { + /* If there's no external callback set, use internal code to show + progress */ /* progress meter has not been shut off */ char max5[6][10]; curl_off_t dlpercen = 0; @@ -476,42 +484,8 @@ int Curl_pgrsUpdate(struct connectdata *conn) curl_off_t ulestimate = 0; curl_off_t dlestimate = 0; curl_off_t total_estimate; - - if(data->set.fxferinfo) { - int result; - /* There's a callback set, call that */ - Curl_set_in_callback(data, true); - result = data->set.fxferinfo(data->set.progress_client, - data->progress.size_dl, - data->progress.downloaded, - data->progress.size_ul, - data->progress.uploaded); - Curl_set_in_callback(data, false); - if(result) - failf(data, "Callback aborted"); - return result; - } - if(data->set.fprogress) { - int result; - /* The older deprecated callback is set, call that */ - Curl_set_in_callback(data, true); - result = data->set.fprogress(data->set.progress_client, - (double)data->progress.size_dl, - (double)data->progress.downloaded, - (double)data->progress.size_ul, - (double)data->progress.uploaded); - Curl_set_in_callback(data, false); - if(result) - failf(data, "Callback aborted"); - return result; - } - - if(!shownow) - /* only show the internal progress meter once per second */ - return 0; - - /* If there's no external callback set, use internal code to show - progress */ + curl_off_t timespent = + (curl_off_t)data->progress.timespent/1000000; /* seconds */ if(!(data->progress.flags & PGRS_HEADERS_OUT)) { if(data->state.resume_from) { @@ -595,13 +569,60 @@ int Curl_pgrsUpdate(struct connectdata *conn) time_total, /* 8 letters */ /* total time */ time_spent, /* 8 letters */ /* time spent */ time_left, /* 8 letters */ /* time left */ - max5data(data->progress.current_speed, max5[5]) /* current speed */ - ); + max5data(data->progress.current_speed, max5[5]) + ); /* we flush the output stream to make it appear as soon as possible */ fflush(data->set.err); + } /* don't show now */ +} +#else + /* progress bar disabled */ +#define progress_meter(x,y) +#endif + + +/* + * Curl_pgrsUpdate() returns 0 for success or the value returned by the + * progress callback! + */ +int Curl_pgrsUpdate(struct connectdata *conn) +{ + struct Curl_easy *data = conn->data; + struct curltime now = Curl_now(); /* what time is it */ - } /* !(data->progress.flags & PGRS_HIDE) */ + progress_calc(conn, now); + if(!(data->progress.flags & PGRS_HIDE)) { + if(data->set.fxferinfo) { + int result; + /* There's a callback set, call that */ + Curl_set_in_callback(data, true); + result = data->set.fxferinfo(data->set.progress_client, + data->progress.size_dl, + data->progress.downloaded, + data->progress.size_ul, + data->progress.uploaded); + Curl_set_in_callback(data, false); + if(result) + failf(data, "Callback aborted"); + return result; + } + if(data->set.fprogress) { + int result; + /* The older deprecated callback is set, call that */ + Curl_set_in_callback(data, true); + result = data->set.fprogress(data->set.progress_client, + (double)data->progress.size_dl, + (double)data->progress.downloaded, + (double)data->progress.size_ul, + (double)data->progress.uploaded); + Curl_set_in_callback(data, false); + if(result) + failf(data, "Callback aborted"); + return result; + } + } + progress_meter(conn, now); return 0; } -- cgit v1.2.3 From cf35bd79bdbe7b2155c87ed5a5da7815367ec9de Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 13 Jun 2019 12:08:57 +0200 Subject: test1523: basic test of CURLOPT_LOW_SPEED_LIMIT --- tests/data/Makefile.inc | 2 +- tests/data/test1523 | 49 +++++++++++++++++++++++++++ tests/libtest/Makefile.inc | 5 ++- tests/libtest/lib1523.c | 82 ++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 136 insertions(+), 2 deletions(-) create mode 100644 tests/data/test1523 create mode 100644 tests/libtest/lib1523.c diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index d1556dadc..f28f24c8b 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -169,7 +169,7 @@ test1444 test1445 test1446 test1447 test1448 test1449 test1450 test1451 \ test1452 test1453 test1454 test1455 test1456 test1457 test1458\ test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 \ test1508 test1509 test1510 test1511 test1512 test1513 test1514 test1515 \ -test1516 test1517 test1518 test1519 test1520 test1521 test1522 \ +test1516 test1517 test1518 test1519 test1520 test1521 test1522 test1523 \ \ test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \ test1533 test1534 test1535 test1536 test1537 test1538 \ diff --git a/tests/data/test1523 b/tests/data/test1523 new file mode 100644 index 000000000..015f50518 --- /dev/null +++ b/tests/data/test1523 @@ -0,0 +1,49 @@ + + + +CURLINFO_LOW_SPEED_LIMIT + + + +# Server-side + + +HTTP/1.1 200 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Content-Length: 3 +Connection: close +Funny-head: yesyes + +AA + + +writedelay: 1 + + +# +# Client-side + + +http + + +lib1523 + + + +CURLINFO_LOW_SPEED_LIMIT + + + +http://%HOSTIP:%HTTPPORT/1523 + + +http + + + +# +# Verify data after the test has been "shot" + + + diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index 31467e135..0eb99a1d8 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -26,7 +26,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib1156 \ lib1500 lib1501 lib1502 lib1503 lib1504 lib1505 lib1506 lib1507 lib1508 \ lib1509 lib1510 lib1511 lib1512 lib1513 lib1514 lib1515 lib1517 \ - lib1518 lib1520 lib1521 lib1522 \ + lib1518 lib1520 lib1521 lib1522 lib1523 \ lib1525 lib1526 lib1527 lib1528 lib1529 lib1530 lib1531 lib1532 lib1533 \ lib1534 lib1535 lib1536 lib1537 lib1538 \ lib1540 lib1541 \ @@ -428,6 +428,9 @@ lib1521_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir) lib1522_SOURCES = lib1522.c $(SUPPORTFILES) lib1522_CPPFLAGS = $(AM_CPPFLAGS) +lib1523_SOURCES = lib1523.c $(SUPPORTFILES) +lib1523_CPPFLAGS = $(AM_CPPFLAGS) + lib1525_SOURCES = lib1525.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1525_LDADD = $(TESTUTIL_LIBS) lib1525_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1525 diff --git a/tests/libtest/lib1523.c b/tests/libtest/lib1523.c new file mode 100644 index 000000000..170527d84 --- /dev/null +++ b/tests/libtest/lib1523.c @@ -0,0 +1,82 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ +#include "test.h" + +/* test case and code based on https://github.com/curl/curl/issues/3927 */ + +#include "testutil.h" +#include "warnless.h" +#include "memdebug.h" + +static int dload_progress_cb(void *a, curl_off_t b, curl_off_t c, + curl_off_t d, curl_off_t e) +{ + (void)a; + (void)b; + (void)c; + (void)d; + (void)e; + return 0; +} + +static size_t write_cb(char *d, size_t n, size_t l, void *p) +{ + /* take care of the data here, ignored in this example */ + (void)d; + (void)p; + return n*l; +} + +static CURLcode run(CURL *hnd, long limit, long time) +{ + curl_easy_setopt(hnd, CURLOPT_LOW_SPEED_LIMIT, limit); + curl_easy_setopt(hnd, CURLOPT_LOW_SPEED_TIME, time); + return curl_easy_perform(hnd); +} + +int test(char *URL) +{ + CURLcode ret; + CURL *hnd = curl_easy_init(); + char buffer[CURL_ERROR_SIZE]; + curl_easy_setopt(hnd, CURLOPT_URL, URL); + curl_easy_setopt(hnd, CURLOPT_WRITEFUNCTION, write_cb); + curl_easy_setopt(hnd, CURLOPT_ERRORBUFFER, buffer); + curl_easy_setopt(hnd, CURLOPT_NOPROGRESS, 0L); + curl_easy_setopt(hnd, CURLOPT_XFERINFOFUNCTION, dload_progress_cb); + + printf("Start: %d\n", time(NULL)); + ret = run(hnd, 1, 2); + if(ret) + fprintf(stderr, "error %d: %s\n", ret, buffer); + + ret = run(hnd, 12000, 1); + if(ret != CURLE_OPERATION_TIMEDOUT) + fprintf(stderr, "error %d: %s\n", ret, buffer); + else + ret = 0; + + printf("End: %d\n", time(NULL)); + curl_easy_cleanup(hnd); + + return (int)ret; +} -- cgit v1.2.3 From 2aff76c571e72d78af690e5fd6ba11642fb06f14 Mon Sep 17 00:00:00 2001 From: Stephan Szabo Date: Wed, 19 Jun 2019 15:54:18 -0700 Subject: tests: support non-localhost HOSTIP for dict/smb servers smbserver.py/dictserver.py were explicitly using localhost/127.0.0.1 for binding the server which when we were running the tests with a separate HOSTIP and CLIENTIP had failures verifying the server from the device we were testing. This changes them to take the address from runtests.py and default to localhost/127.0.0.1 if none is given. Closes #4048 --- tests/dictserver.py | 4 +++- tests/runtests.pl | 6 ++++-- tests/smbserver.py | 4 +++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/tests/dictserver.py b/tests/dictserver.py index a41a8a0d6..2d1b5a3b6 100755 --- a/tests/dictserver.py +++ b/tests/dictserver.py @@ -33,7 +33,7 @@ def dictserver(options): with open(options.pidfile, "w") as f: f.write("{0}".format(pid)) - local_bind = (HOST, options.port) + local_bind = (options.host, options.port) log.info("[DICT] Listening on %s", local_bind) # Need to set the allow_reuse on the class, not on the instance. @@ -83,6 +83,8 @@ def get_options(): parser.add_argument("--port", action="store", default=9016, type=int, help="port to listen on") + parser.add_argument("--host", action="store", default=HOST, + help="host to listen on") parser.add_argument("--verbose", action="store", type=int, default=0, help="verbose output") parser.add_argument("--pidfile", action="store", diff --git a/tests/runtests.pl b/tests/runtests.pl index e7ea11c46..9413f0d41 100755 --- a/tests/runtests.pl +++ b/tests/runtests.pl @@ -2203,7 +2203,8 @@ sub rundictserver { $flags .= "--verbose 1 " if($debugprotocol); $flags .= "--pidfile \"$pidfile\" --logfile \"$logfile\" "; $flags .= "--id $idnum " if($idnum > 1); - $flags .= "--port $port --srcdir \"$srcdir\""; + $flags .= "--port $port --srcdir \"$srcdir\" "; + $flags .= "--host $HOSTIP"; my $cmd = "$srcdir/dictserver.py $flags"; my ($dictpid, $pid2) = startnew($cmd, $pidfile, 15, 0); @@ -2279,7 +2280,8 @@ sub runsmbserver { $flags .= "--verbose 1 " if($debugprotocol); $flags .= "--pidfile \"$pidfile\" --logfile \"$logfile\" "; $flags .= "--id $idnum " if($idnum > 1); - $flags .= "--port $port --srcdir \"$srcdir\""; + $flags .= "--port $port --srcdir \"$srcdir\" "; + $flags .= "--host $HOSTIP"; my $cmd = "$srcdir/smbserver.py $flags"; my ($smbpid, $pid2) = startnew($cmd, $pidfile, 15, 0); diff --git a/tests/smbserver.py b/tests/smbserver.py index 195ae395b..474e0612b 100755 --- a/tests/smbserver.py +++ b/tests/smbserver.py @@ -86,7 +86,7 @@ def smbserver(options): test_data_dir = os.path.join(options.srcdir, "data") - smb_server = TestSmbServer(("127.0.0.1", options.port), + smb_server = TestSmbServer((options.host, options.port), config_parser=smb_config, test_data_directory=test_data_dir) log.info("[SMB] setting up SMB server on port %s", options.port) @@ -312,6 +312,8 @@ def get_options(): parser.add_argument("--port", action="store", default=9017, type=int, help="port to listen on") + parser.add_argument("--host", action="store", default="127.0.0.1", + help="host to listen on") parser.add_argument("--verbose", action="store", type=int, default=0, help="verbose output") parser.add_argument("--pidfile", action="store", -- cgit v1.2.3 From ae99b4de1c443ae9892b1c0fc2b39e3afe73c4bc Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 19 Jun 2019 09:17:03 +0200 Subject: typecheck: CURLOPT_CONNECT_TO takes an slist too Additionally, add an alias in curl.h for slist-using options so that we can grep/parse those out at will. Closes #4042 --- docs/libcurl/symbols-in-versions | 1 + include/curl/curl.h | 26 ++++++++++++++------------ include/curl/typecheck-gcc.h | 1 + 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/docs/libcurl/symbols-in-versions b/docs/libcurl/symbols-in-versions index 715badf97..5244a7cdb 100644 --- a/docs/libcurl/symbols-in-versions +++ b/docs/libcurl/symbols-in-versions @@ -345,6 +345,7 @@ CURLOPTTYPE_LONG 7.1 CURLOPTTYPE_OBJECTPOINT 7.1 CURLOPTTYPE_OFF_T 7.11.0 CURLOPTTYPE_STRINGPOINT 7.46.0 +CURLOPTTYPE_SLISTPOINT 7.65.2 CURLOPT_ABSTRACT_UNIX_SOCKET 7.53.0 CURLOPT_ACCEPTTIMEOUT_MS 7.24.0 CURLOPT_ACCEPT_ENCODING 7.21.6 diff --git a/include/curl/curl.h b/include/curl/curl.h index e7f812dac..20f0d7155 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -927,7 +927,6 @@ typedef enum { but 32 */ #define CURLOPTTYPE_LONG 0 #define CURLOPTTYPE_OBJECTPOINT 10000 -#define CURLOPTTYPE_STRINGPOINT 10000 #define CURLOPTTYPE_FUNCTIONPOINT 20000 #define CURLOPTTYPE_OFF_T 30000 @@ -947,12 +946,15 @@ typedef enum { /* The macro "##" is ISO C, we assume pre-ISO C doesn't support it. */ #define LONG CURLOPTTYPE_LONG #define OBJECTPOINT CURLOPTTYPE_OBJECTPOINT -#define STRINGPOINT CURLOPTTYPE_OBJECTPOINT #define FUNCTIONPOINT CURLOPTTYPE_FUNCTIONPOINT #define OFF_T CURLOPTTYPE_OFF_T #define CINIT(name,type,number) CURLOPT_/**/name = type + number #endif +/* handy aliases that make no run-time difference */ +#define CURLOPTTYPE_STRINGPOINT CURLOPTTYPE_OBJECTPOINT +#define CURLOPTTYPE_SLISTPOINT CURLOPTTYPE_OBJECTPOINT + /* * This macro-mania below setups the CURLOPT_[what] enum, to be used with * curl_easy_setopt(). The first argument in the CINIT() macro is the [what] @@ -1050,7 +1052,7 @@ typedef enum { /* This points to a linked list of headers, struct curl_slist kind. This list is also used for RTSP (in spite of its name) */ - CINIT(HTTPHEADER, OBJECTPOINT, 23), + CINIT(HTTPHEADER, SLISTPOINT, 23), /* This points to a linked list of post entries, struct curl_httppost */ CINIT(HTTPPOST, OBJECTPOINT, 24), @@ -1065,7 +1067,7 @@ typedef enum { CINIT(CRLF, LONG, 27), /* send linked-list of QUOTE commands */ - CINIT(QUOTE, OBJECTPOINT, 28), + CINIT(QUOTE, SLISTPOINT, 28), /* send FILE * or void * to store headers to, if you use a callback it is simply passed to the callback unmodified */ @@ -1100,7 +1102,7 @@ typedef enum { /* 38 is not used */ /* send linked-list of post-transfer QUOTE commands */ - CINIT(POSTQUOTE, OBJECTPOINT, 39), + CINIT(POSTQUOTE, SLISTPOINT, 39), CINIT(OBSOLETE40, OBJECTPOINT, 40), /* OBSOLETE, do not use! */ @@ -1176,7 +1178,7 @@ typedef enum { CINIT(FILETIME, LONG, 69), /* This points to a linked list of telnet options */ - CINIT(TELNETOPTIONS, OBJECTPOINT, 70), + CINIT(TELNETOPTIONS, SLISTPOINT, 70), /* Max amount of cached alive connections */ CINIT(MAXCONNECTS, LONG, 71), @@ -1260,7 +1262,7 @@ typedef enum { CINIT(DNS_CACHE_TIMEOUT, LONG, 92), /* send linked-list of pre-transfer QUOTE commands */ - CINIT(PREQUOTE, OBJECTPOINT, 93), + CINIT(PREQUOTE, SLISTPOINT, 93), /* set the debug function */ CINIT(DEBUGFUNCTION, FUNCTIONPOINT, 94), @@ -1300,7 +1302,7 @@ typedef enum { CINIT(PRIVATE, OBJECTPOINT, 103), /* Set aliases for HTTP 200 in the HTTP Response header */ - CINIT(HTTP200ALIASES, OBJECTPOINT, 104), + CINIT(HTTP200ALIASES, SLISTPOINT, 104), /* Continue to send authentication (user+password) when following locations, even when hostname changed. This can potentially send off the name @@ -1590,7 +1592,7 @@ typedef enum { CINIT(MAIL_FROM, STRINGPOINT, 186), /* set the list of SMTP mail receiver(s) */ - CINIT(MAIL_RCPT, OBJECTPOINT, 187), + CINIT(MAIL_RCPT, SLISTPOINT, 187), /* FTP: send PRET before PASV */ CINIT(FTP_USE_PRET, LONG, 188), @@ -1640,7 +1642,7 @@ typedef enum { CINIT(FNMATCH_DATA, OBJECTPOINT, 202), /* send linked-list of name:port:address sets */ - CINIT(RESOLVE, OBJECTPOINT, 203), + CINIT(RESOLVE, SLISTPOINT, 203), /* Set a username for authenticated TLS */ CINIT(TLSAUTH_USERNAME, STRINGPOINT, 204), @@ -1730,7 +1732,7 @@ typedef enum { /* This points to a linked list of headers used for proxy requests only, struct curl_slist kind */ - CINIT(PROXYHEADER, OBJECTPOINT, 228), + CINIT(PROXYHEADER, SLISTPOINT, 228), /* Pass in a bitmask of "header options" */ CINIT(HEADEROPT, LONG, 229), @@ -1777,7 +1779,7 @@ typedef enum { /* Linked-list of host:port:connect-to-host:connect-to-port, overrides the URL's host:port (only for the network layer) */ - CINIT(CONNECT_TO, OBJECTPOINT, 243), + CINIT(CONNECT_TO, SLISTPOINT, 243), /* Set TCP Fast Open */ CINIT(TCP_FASTOPEN, LONG, 244), diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h index 2d1de4d43..c1d054f82 100644 --- a/include/curl/typecheck-gcc.h +++ b/include/curl/typecheck-gcc.h @@ -382,6 +382,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_QUOTE || \ (option) == CURLOPT_RESOLVE || \ (option) == CURLOPT_TELNETOPTIONS || \ + (option) == CURLOPT_CONNECT_TO || \ 0) /* groups of curl_easy_getinfo infos that take the same type of argument */ -- cgit v1.2.3 From 8f332e589bc6d4068e67c5445f646433d40ad64b Mon Sep 17 00:00:00 2001 From: Gisle Vanem Date: Thu, 20 Jun 2019 09:39:10 +0200 Subject: system_win32: fix typo --- lib/system_win32.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/system_win32.h b/lib/system_win32.h index c07cf1fb7..ef83a512c 100644 --- a/lib/system_win32.h +++ b/lib/system_win32.h @@ -51,7 +51,7 @@ typedef enum { /* We use our own typedef here since some headers might lack this */ typedef unsigned int(WINAPI *IF_NAMETOINDEX_FN)(const char *); -/* This is used instread of if_nametoindex if available on Windows */ +/* This is used instead of if_nametoindex if available on Windows */ IF_NAMETOINDEX_FN Curl_if_nametoindex; /* This is used to verify if we are running on a specific windows version */ -- cgit v1.2.3 From ba2192e6c87d3bd52772fdb65e24f2b88e0eea2c Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Wed, 12 Jun 2019 16:06:06 +0200 Subject: travis: enable warnings-as-errors for coverage build Closes --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 90c8fb3de..367fbef5c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -453,7 +453,7 @@ script: - | set -eo pipefail if [ "$T" = "coverage" ]; then - ./configure --enable-debug --disable-shared --enable-code-coverage + ./configure --enable-debug --disable-shared --enable-code-coverage --enable-werror make make TFLAGS=-n test-nonflaky make "TFLAGS=-n -e" test-nonflaky -- cgit v1.2.3 From ce1b0da99e8fdd3fe6632a653001a255e26e74f0 Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Wed, 12 Jun 2019 16:15:39 +0200 Subject: travis: enable brotli for all xenial jobs There's no need for a separate job, and no need to build it from source with Xenial. Closes --- .travis.yml | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/.travis.yml b/.travis.yml index 367fbef5c..74b30c495 100644 --- a/.travis.yml +++ b/.travis.yml @@ -82,12 +82,7 @@ matrix: packages: - *common_packages - libpsl-dev - - os: linux - compiler: gcc - dist: trusty - env: - - T=normal BROTLI=yes - - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + - libbrotli-dev - os: linux compiler: gcc dist: xenial @@ -101,6 +96,7 @@ matrix: packages: - *common_packages - libpsl-dev + - libbrotli-dev - os: linux compiler: gcc dist: xenial @@ -114,12 +110,21 @@ matrix: packages: - *common_packages - libpsl-dev + - libbrotli-dev - os: linux compiler: gcc dist: xenial env: - T=debug-mesalink C="--with-mesalink --without-ssl" - OVERRIDE_CC="CC=gcc-8" OVERRIDE_CXX="CXX=g++-8" + addons: + apt: + sources: + - *common_sources + packages: + - *common_packages + - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -135,6 +140,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -150,6 +156,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -165,6 +172,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - libmbedtls-dev - os: linux compiler: clang @@ -182,6 +190,7 @@ matrix: - clang-7 - libgnutls28-dev - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -197,6 +206,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -213,6 +223,7 @@ matrix: - clang-7 - libnss3-dev - libpsl-dev + - libbrotli-dev - os: linux compiler: gcc dist: trusty @@ -257,6 +268,7 @@ matrix: packages: - *common_packages - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -272,6 +284,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: gcc dist: xenial @@ -286,6 +299,7 @@ matrix: - *common_packages - lcov - libpsl-dev + - libbrotli-dev - os: linux compiler: gcc dist: xenial @@ -299,6 +313,7 @@ matrix: packages: - *common_packages - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -314,6 +329,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -330,6 +346,7 @@ matrix: - clang-7 - clang-tidy-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -345,6 +362,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev - os: linux compiler: clang dist: xenial @@ -360,6 +378,7 @@ matrix: - *common_packages - clang-7 - libpsl-dev + - libbrotli-dev before_install: - eval "${OVERRIDE_CC}" @@ -373,20 +392,6 @@ install: before_script: - ./buildconf - - | - # No brotli package available for Trusty. Download & compile from source. - # Cannot be done in the install script because cmake is needed. - if [ "$TRAVIS_OS_NAME" = linux -a "$BROTLI" ]; then - curl -L https://github.com/google/brotli/archive/v1.0.1.tar.gz | - tar xzf - && - ( - cd brotli-1.0.1 && - cmake . -DCMAKE_INSTALL_PREFIX=/usr \ - -DCMAKE_INSTALL_LIBDIR=/usr/lib && - make && - sudo make install - ) - fi - | if [ "$TRAVIS_OS_NAME" = linux -a "$BORINGSSL" ]; then (cd $HOME && -- cgit v1.2.3 From db4f42a6ff5cc4680086123f8ec4adb08344841c Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Wed, 12 Jun 2019 16:23:19 +0200 Subject: travis: disable threaded resolver for coverage build This enables more tests. Closes --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 74b30c495..6263dc6d6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -458,7 +458,7 @@ script: - | set -eo pipefail if [ "$T" = "coverage" ]; then - ./configure --enable-debug --disable-shared --enable-code-coverage --enable-werror + ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror make make TFLAGS=-n test-nonflaky make "TFLAGS=-n -e" test-nonflaky -- cgit v1.2.3 From 31f8c8f32108a4f060b274d8d9aae14b2f576bfe Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Wed, 12 Jun 2019 20:59:12 +0200 Subject: travis: enable libssh2 for coverage build It was enabled by default before commit c92d2e14cfb. Disable torture tests 600 and 601 because of https://github.com/curl/curl/issues/1678. Closes --- .travis.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 6263dc6d6..0c22fb1a9 100644 --- a/.travis.yml +++ b/.travis.yml @@ -300,6 +300,7 @@ matrix: - lcov - libpsl-dev - libbrotli-dev + - libssh2-1-dev - os: linux compiler: gcc dist: xenial @@ -458,11 +459,11 @@ script: - | set -eo pipefail if [ "$T" = "coverage" ]; then - ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror + ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror --with-libssh2 make make TFLAGS=-n test-nonflaky make "TFLAGS=-n -e" test-nonflaky - tests="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 200 201 202 300 301 302 500 501 502 503 504 506 507 508 509 510 511 512 513 514 515 516 517 518 519 600 601 700 701 702 800 801 802 803 900 901 902 903 1000 1001 1002 1004 1100 1101 1200 1201 1302 1303 1304 1305 1306 1308 1400 1401 1402 1404 1450 1451 1452 1502 1507 1508 1600 1602 1603 1605 1650 1651 1652 1653 1654 2001 2100 3000" + tests="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 200 201 202 300 301 302 500 501 502 503 504 506 507 508 509 510 511 512 513 514 515 516 517 518 519 700 701 702 800 801 802 803 900 901 902 903 1000 1001 1002 1004 1100 1101 1200 1201 1302 1303 1304 1305 1306 1308 1400 1401 1402 1404 1450 1451 1452 1502 1507 1508 1600 1602 1603 1605 1650 1651 1652 1653 1654 2001 2100 3000" make "TFLAGS=-n -t $tests" test-nonflaky coveralls --gcov /usr/bin/gcov-8 --gcov-options '\-lp' -i src -e lib -e tests -e docs -b $PWD/src coveralls --gcov /usr/bin/gcov-8 --gcov-options '\-lp' -e src -i lib -e tests -e docs -b $PWD/lib -- cgit v1.2.3 From 972bdffb9f675e44abb85d93fd26507d9602d90d Mon Sep 17 00:00:00 2001 From: Marcel Raad Date: Thu, 13 Jun 2019 11:18:40 +0200 Subject: travis: enable alt-svc for coverage build Closes --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 0c22fb1a9..76bd6114f 100644 --- a/.travis.yml +++ b/.travis.yml @@ -459,7 +459,7 @@ script: - | set -eo pipefail if [ "$T" = "coverage" ]; then - ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror --with-libssh2 + ./configure --enable-debug --disable-shared --disable-threaded-resolver --enable-code-coverage --enable-werror --enable-alt-svc --with-libssh2 make make TFLAGS=-n test-nonflaky make "TFLAGS=-n -e" test-nonflaky -- cgit v1.2.3 From c0c40ab075cdf86424dfe346a70a31b08dc651da Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 20 Jun 2019 12:30:25 +0200 Subject: http2: don't call stream-close on already closed streams Closes #4055 --- lib/http2.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/lib/http2.c b/lib/http2.c index 6724eeeb0..b016bac92 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -1758,11 +1758,10 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex, return retlen; } - /* If stream is closed, return 0 to signal the http routine to close + /* If this stream is closed, return 0 to signal the http routine to close the connection */ - if(stream->closed) { - return http2_handle_stream_close(conn, data, stream, err); - } + if(stream->closed) + return 0; *err = CURLE_AGAIN; H2BUGF(infof(data, "http2_recv returns AGAIN for stream %u\n", stream->stream_id)); -- cgit v1.2.3 From 8927d1c2b0b2fb5d78da19e671b6aa8d7a233453 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 20 Jun 2019 23:35:04 +0200 Subject: tests: add disable-scan.pl to dist follow-up from 29177f422a5 Closes #4059 --- tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index 6c995e168..dd9b4e3ca 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -38,7 +38,7 @@ EXTRA_DIST = ftpserver.pl httpserver.pl secureserver.pl runtests.pl \ CMakeLists.txt mem-include-scan.pl valgrind.supp extern-scan.pl \ manpage-scan.pl nroff-scan.pl http2-server.pl dictserver.py \ negtelnetserver.py $(SMBDEPS) objnames-test08.sh objnames-test10.sh \ - objnames.inc + objnames.inc disable-scan.pl DISTCLEANFILES = configurehelp.pm -- cgit v1.2.3 From bd4390b1a15ead209fb1436514057f4b440c082b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 20 Jun 2019 09:01:40 +0200 Subject: typecheck: add 3 missing strings and a callback data pointer Closes #4050 --- include/curl/typecheck-gcc.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/include/curl/typecheck-gcc.h b/include/curl/typecheck-gcc.h index c1d054f82..eeb36abc0 100644 --- a/include/curl/typecheck-gcc.h +++ b/include/curl/typecheck-gcc.h @@ -300,12 +300,14 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_PROXY_SSLKEY || \ (option) == CURLOPT_PROXY_SSLKEYTYPE || \ (option) == CURLOPT_PROXY_SSL_CIPHER_LIST || \ + (option) == CURLOPT_PROXY_TLS13_CIPHERS || \ (option) == CURLOPT_PROXY_TLSAUTH_PASSWORD || \ - (option) == CURLOPT_PROXY_TLSAUTH_USERNAME || \ (option) == CURLOPT_PROXY_TLSAUTH_TYPE || \ + (option) == CURLOPT_PROXY_TLSAUTH_USERNAME || \ (option) == CURLOPT_RANDOM_FILE || \ (option) == CURLOPT_RANGE || \ (option) == CURLOPT_REFERER || \ + (option) == CURLOPT_REQUEST_TARGET || \ (option) == CURLOPT_RTSP_SESSION_ID || \ (option) == CURLOPT_RTSP_STREAM_URI || \ (option) == CURLOPT_RTSP_TRANSPORT || \ @@ -321,6 +323,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_SSLKEY || \ (option) == CURLOPT_SSLKEYTYPE || \ (option) == CURLOPT_SSL_CIPHER_LIST || \ + (option) == CURLOPT_TLS13_CIPHERS || \ (option) == CURLOPT_TLSAUTH_PASSWORD || \ (option) == CURLOPT_TLSAUTH_TYPE || \ (option) == CURLOPT_TLSAUTH_USERNAME || \ @@ -362,7 +365,7 @@ _CURL_WARNING(_curl_easy_getinfo_err_curl_off_t, (option) == CURLOPT_SSL_CTX_DATA || \ (option) == CURLOPT_WRITEDATA || \ (option) == CURLOPT_RESOLVER_START_DATA || \ - (option) == CURLOPT_CURLU || \ + (option) == CURLOPT_TRAILERDATA || \ 0) /* evaluates to true if option takes a POST data argument (void* or char*) */ -- cgit v1.2.3 From e73b4782467d6db7c2c81b11f421afceba48daea Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 20 Jun 2019 09:19:26 +0200 Subject: multi: enable multiplexing by default (again) It was originally made default in d7c4213bd0c (7.62.0) but mistakenly reverted in commit 2f44e94efb3d (7.65.0). Now enabled again. Closes #4051 --- lib/multi.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/multi.c b/lib/multi.c index abd8ae563..2b6b1bc52 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -363,6 +363,8 @@ struct Curl_multi *Curl_multi_handle(int hashsize, /* socket hash */ Curl_llist_init(&multi->msglist, NULL); Curl_llist_init(&multi->pending, NULL); + multi->multiplexing = CURLPIPE_MULTIPLEX; + /* -1 means it not set by user, use the default value */ multi->maxconnects = -1; return multi; -- cgit v1.2.3 From a206d805a03b97c41c10cff20ec1f615b275814b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 24 Jun 2019 08:29:53 +0200 Subject: RELEASE-NOTES: synced --- RELEASE-NOTES | 47 +++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 4 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 1d6b4498e..ea6c1a7b3 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -12,25 +12,47 @@ This release includes the following bugfixes: o CURLOPT_CAINFO.3: polished wording [9] o bindlocal: detect and avoid IP version mismatches in bind() [1] o build: fix Codacy warnings [6] + o config-os400: add getpeername and getsockname defines [27] + o configure: --disable-progress-meter [29] o configure: more --disable switches to toggle off individual features [7] o configure: remove CURL_DISABLE_TLS_SRP [19] + o conn_maxage: move the check to prune_dead_connections() [24] o examples/fopen: fix comparison [6] o examples/htmltitle: use C++ casts between pointer types [6] + o http2: don't call stream-close on already closed streams [32] o http2: remove CURL_DISABLE_TYPECHECK define o krb5: fix compiler warning [15] o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] + o multi: enable multiplexing by default (again) [34] o multi: fix the transfer hashes in the socket hash entries [17] o multi: make sure 'data' can present in several sockhash entries [2] + o netrc: Return the correct error code when out of memory [28] + o openssl: fix pubkey/signature algorithm detection in certinfo [25] + o openssl: remove outdated comment [20] o os400: make vsetopt() non-static as Curl_vsetopt() for os400 support [12] o quote.d: asterisk prefix works for SFTP as well [16] + o runtests: keep logfiles around by default [26] o runtests: report single test time + total duration [13] o sws: remove unused variables [6] + o system_win32: fix typo o test1165: verify that CURL_DISABLE_ symbols are in sync + o test1523: test CURLOPT_LOW_SPEED_LIMIT + o test188/189: fix Content-Length [22] + o tests: have runtests figure out disabled features [23] + o tests: support non-localhost HOSTIP for dict/smb servers [30] o tool_cb_prg: Fix integer overflow in progress bar [10] + o travis: disable threaded resolver for coverage build + o travis: enable alt-svc for coverage build + o travis: enable brotli for all xenial jobs + o travis: enable libssh2 for coverage build + o travis: enable warnings-as-errors for coverage build o travis: update scan-build job to xenial [5] + o typecheck: CURLOPT_CONNECT_TO takes an slist too [31] + o typecheck: add 3 missing strings and a callback data pointer [33] o unit1654: cleanup on memory failure [14] o unpause: trigger a timeout for event-based transfers [4] o url: Fix CURLOPT_MAXAGE_CONN time comparison [18] + o winbuild: use WITH_PREFIX if given [21] o wolfssl: refer to it as wolfSSL only [11] This release includes the following known bugs: @@ -41,10 +63,12 @@ This release would not have looked like this without help, code, reports and advice from friends like these: Alex Grebenschikov, Ben Voris, Brian Carpenter, Cliff Crosland, - Daniel Gustafsson, Daniel Stenberg, Jakub Zakrzewski, jonrumsey on github, - Marcel Raad, MrSorcus on github, Patrick Monnerat, Richard Alcock, - sstruchtrup on github, Tom van der Woerdt, - (14 contributors) + Daniel Gustafsson, Daniel Stenberg, Gergely Nagy, Gisle Vanem, + Jakub Zakrzewski, jonrumsey on github, Kunal Ekawde, Marcel Raad, + Michael Wallner, MrSorcus on github, Patrick Monnerat, Richard Alcock, + Rich Mirch, sstruchtrup on github, Stephan Szabo, Steve Holme, Thomas Gamper, + Tom van der Woerdt, Viktor Szakats, + (23 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -69,3 +93,18 @@ References to bug reports and discussions on issues: [17] = https://curl.haxx.se/bug/?id=4012 [18] = https://curl.haxx.se/bug/?id=4013 [19] = https://curl.haxx.se/bug/?id=4010 + [20] = https://curl.haxx.se/bug/?id=4033 + [21] = https://curl.haxx.se/bug/?id=4031 + [22] = https://curl.haxx.se/bug/?id=4034 + [23] = https://curl.haxx.se/bug/?id=3950 + [24] = https://curl.haxx.se/bug/?id=4029 + [25] = https://curl.haxx.se/bug/?id=3706 + [26] = https://curl.haxx.se/bug/?id=4035 + [27] = https://curl.haxx.se/bug/?id=4037 + [28] = https://curl.haxx.se/bug/?id=4036 + [29] = https://curl.haxx.se/bug/?id=4023 + [30] = https://curl.haxx.se/bug/?id=4048 + [31] = https://curl.haxx.se/bug/?id=4042 + [32] = https://curl.haxx.se/bug/?id=4055 + [33] = https://curl.haxx.se/bug/?id=4050 + [34] = https://curl.haxx.se/bug/?id=4051 -- cgit v1.2.3 From 1e9769639b57ffd4f587d39efafaae6ff1d75c4a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 23 Jun 2019 23:12:48 +0200 Subject: test153: fix content-length to avoid occasional hang Closes #4065 --- tests/data/test153 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/data/test153 b/tests/data/test153 index fc1d812de..f679de4ea 100644 --- a/tests/data/test153 +++ b/tests/data/test153 @@ -40,7 +40,7 @@ HTTP/1.1 401 Authorization re-negotiation please swsbounce Server: Apache/1.3.27 (Darwin) PHP/4.1.2 WWW-Authenticate: Digest realm="testrealm", algorithm=MD5, nonce="999999", stale=true, qop="auth" Content-Type: text/html; charset=iso-8859-1 -Content-Length: 25 +Content-Length: 26 This is not the real page @@ -121,7 +121,7 @@ HTTP/1.1 401 Authorization re-negotiation please swsbounce Server: Apache/1.3.27 (Darwin) PHP/4.1.2 WWW-Authenticate: Digest realm="testrealm", algorithm=MD5, nonce="999999", stale=true, qop="auth" Content-Type: text/html; charset=iso-8859-1 -Content-Length: 25 +Content-Length: 26 HTTP/1.1 200 OK Server: Apache/1.3.27 (Darwin) PHP/4.1.2 -- cgit v1.2.3 From 92963d612b9c5ef32d63d26c72d6fff64930eba6 Mon Sep 17 00:00:00 2001 From: Koen Dergent Date: Mon, 24 Jun 2019 12:45:01 +0200 Subject: curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds Closes #4061 --- src/tool_operate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tool_operate.c b/src/tool_operate.c index b5f87cea4..bf9a9b8d8 100644 --- a/src/tool_operate.c +++ b/src/tool_operate.c @@ -1066,7 +1066,8 @@ static CURLcode operate_do(struct GlobalConfig *global, } /* For the time being if --proxy-capath is not set then we use the --capath value for it, if any. See #1257 */ - if(config->proxy_capath || config->capath) { + if((config->proxy_capath || config->capath) && + !tool_setopt_skip(CURLOPT_PROXY_CAPATH)) { result = res_setopt_str(curl, CURLOPT_PROXY_CAPATH, (config->proxy_capath ? config->proxy_capath : -- cgit v1.2.3 From 1862cacd038a0b6a0360528162e1719f8f164126 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 24 Jun 2019 14:19:13 +0200 Subject: CURLMOPT_SOCKETFUNCTION.3: fix typo --- docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 index dc0ccd836..b0d511119 100644 --- a/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 +++ b/docs/libcurl/opts/CURLMOPT_SOCKETFUNCTION.3 @@ -51,7 +51,7 @@ called. \fBwhat\fP argument is not CURL_POLL_REMOVE then it holds information about what activity on this socket the application is supposed to monitor. Subsequent calls to this callback might update the \fBwhat\fP bits -for a socket that is alredy monitored. +for a socket that is already monitored. \fBuserp\fP is set with \fICURLMOPT_SOCKETDATA(3)\fP. -- cgit v1.2.3 From d331227cf0a0f4a1ae4b97081ed2fd2c55164489 Mon Sep 17 00:00:00 2001 From: James Brown Date: Sun, 23 Jun 2019 23:15:02 -0700 Subject: c-ares: honor port numbers in CURLOPT_DNS_SERVERS By using ares_set_servers_ports_csv on new enough c-ares. Fixes #4066 Closes #4067 --- lib/asyn-ares.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/asyn-ares.c b/lib/asyn-ares.c index 8561a4724..6b14aa698 100644 --- a/lib/asyn-ares.c +++ b/lib/asyn-ares.c @@ -734,7 +734,11 @@ CURLcode Curl_set_dns_servers(struct Curl_easy *data, return CURLE_OK; #if (ARES_VERSION >= 0x010704) +#if (ARES_VERSION >= 0x010b00) + ares_result = ares_set_servers_ports_csv(data->state.resolver, servers); +#else ares_result = ares_set_servers_csv(data->state.resolver, servers); +#endif switch(ares_result) { case ARES_SUCCESS: result = CURLE_OK; -- cgit v1.2.3 From 265f7f42f678db4157e7d6f7f987aba01e71cfeb Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 24 Jun 2019 11:21:26 +0200 Subject: http2: call done_sending on end of upload To make sure a HTTP/2 stream registers the end of stream. Bug #4043 made me find this problem but this fix doesn't correct the reported issue. Closes #4068 --- lib/http.c | 4 +++- lib/http2.c | 6 +++++- lib/transfer.c | 8 ++++---- lib/transfer.h | 3 +++ 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/lib/http.c b/lib/http.c index a80e80157..d01e1bfdb 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3511,8 +3511,10 @@ CURLcode Curl_http_readwrite_headers(struct Curl_easy *data, else { infof(data, "HTTP error before end of send, stop sending\n"); streamclose(conn, "Stop sending data before everything sent"); + result = Curl_done_sending(conn, k); + if(result) + return result; k->upload_done = TRUE; - k->keepon &= ~KEEP_SEND; /* don't send */ if(data->state.expect100header) k->exp100 = EXP100_FAILED; } diff --git a/lib/http2.c b/lib/http2.c index b016bac92..bbd42bf2f 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -1880,7 +1880,11 @@ static ssize_t http2_send(struct connectdata *conn, int sockindex, are going to send or sending request body in DATA frame */ stream->upload_mem = mem; stream->upload_len = len; - nghttp2_session_resume_data(h2, stream->stream_id); + rv = nghttp2_session_resume_data(h2, stream->stream_id); + if(nghttp2_is_fatal(rv)) { + *err = CURLE_SEND_ERROR; + return -1; + } rv = h2_session_send(conn->data, h2); if(nghttp2_is_fatal(rv)) { *err = CURLE_SEND_ERROR; diff --git a/lib/transfer.c b/lib/transfer.c index 514330e8c..b25359196 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -937,8 +937,8 @@ static CURLcode readwrite_data(struct Curl_easy *data, return CURLE_OK; } -static CURLcode done_sending(struct connectdata *conn, - struct SingleRequest *k) +CURLcode Curl_done_sending(struct connectdata *conn, + struct SingleRequest *k) { k->keepon &= ~KEEP_SEND; /* we're done writing */ @@ -1046,7 +1046,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data, break; } if(nread <= 0) { - result = done_sending(conn, k); + result = Curl_done_sending(conn, k); if(result) return result; break; @@ -1164,7 +1164,7 @@ static CURLcode readwrite_upload(struct Curl_easy *data, k->upload_present = 0; /* no more bytes left */ if(k->upload_done) { - result = done_sending(conn, k); + result = Curl_done_sending(conn, k); if(result) return result; } diff --git a/lib/transfer.h b/lib/transfer.h index a9bff6348..ab7110a80 100644 --- a/lib/transfer.h +++ b/lib/transfer.h @@ -57,6 +57,9 @@ CURLcode Curl_retry_request(struct connectdata *conn, char **url); bool Curl_meets_timecondition(struct Curl_easy *data, time_t timeofdoc); CURLcode Curl_get_upload_buffer(struct Curl_easy *data); +CURLcode Curl_done_sending(struct connectdata *conn, + struct SingleRequest *k); + /* This sets up a forthcoming transfer */ void Curl_setup_transfer (struct Curl_easy *data, -- cgit v1.2.3 From 53cc6c79f1401a86285326bb8a7314f49da6bc19 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 24 Jun 2019 23:23:13 +0200 Subject: KNOWN_BUGS: Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname Closes #3284 --- docs/KNOWN_BUGS | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index 8431baaf5..a4e7e9f43 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -32,6 +32,7 @@ problems may have been fixed or changed somewhat since this was written! 2.5 Client cert handling with Issuer DN differs between backends 2.6 CURL_GLOBAL_SSL 2.7 Client cert (MTLS) issues with Schannel + 2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname 3. Email protocols 3.1 IMAP SEARCH ALL truncated response @@ -299,6 +300,11 @@ problems may have been fixed or changed somewhat since this was written! See https://github.com/curl/curl/issues/3145 +2.8 Schannel disable CURLOPT_SSL_VERIFYPEER and verify hostname + + This seems to be a limitation in the underlying Schannel API. + + https://github.com/curl/curl/issues/3284 3. Email protocols -- cgit v1.2.3 From 1853c884ef28197339e57f4ec405630944300855 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 24 Jun 2019 23:26:59 +0200 Subject: KNOWN_BUGS: Don't clear digest for single realm Closes #3267 --- docs/KNOWN_BUGS | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/KNOWN_BUGS b/docs/KNOWN_BUGS index a4e7e9f43..e385ef597 100644 --- a/docs/KNOWN_BUGS +++ b/docs/KNOWN_BUGS @@ -64,6 +64,7 @@ problems may have been fixed or changed somewhat since this was written! 6.4 Negotiate and Kerberos V5 need a fake user name 6.5 NTLM doesn't support password with § character 6.6 libcurl can fail to try alternatives with --proxy-any + 6.7 Don't clear digest for single realm 7. FTP 7.1 FTP without or slow 220 response @@ -516,6 +517,10 @@ problems may have been fixed or changed somewhat since this was written! https://github.com/curl/curl/issues/876 +6.7 Don't clear digest for single realm + + https://github.com/curl/curl/issues/3267 + 7. FTP 7.1 FTP without or slow 220 response -- cgit v1.2.3 From b96282010e4b8bf373c1fb631a5e305442af634a Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 24 Jun 2019 23:30:31 +0200 Subject: http: clarify header buffer size calculation The header buffer size calculation can from static analysis seem to overlow as it performs an addition between two size_t variables and stores the result in a size_t variable. Overflow is however guarded against elsewhere since the input to the addition is regulated by the maximum read buffer size. Clarify this with a comment since the question was asked. Reviewed-by: Daniel Stenberg --- lib/http.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/lib/http.c b/lib/http.c index d01e1bfdb..14d1e89eb 100644 --- a/lib/http.c +++ b/lib/http.c @@ -3147,6 +3147,9 @@ static CURLcode header_append(struct Curl_easy *data, struct SingleRequest *k, size_t length) { + /* length is at most the size of a full read buffer, for which the upper + bound is CURL_MAX_READ_SIZE. There is thus no chance of overflow in this + calculation. */ size_t newsize = k->hbuflen + length; if(newsize > CURL_MAX_HTTP_HEADER) { /* The reason to have a max limit for this is to avoid the risk of a bad -- cgit v1.2.3 From 35b8bea20f90873e321e1e77d8a9936245c11ac9 Mon Sep 17 00:00:00 2001 From: Stephan Szabo Date: Mon, 24 Jun 2019 09:25:31 -0700 Subject: tests: update fixed IP for hostip/clientip split These tests give differences for me on linux when using a hostip pointing to the external ip address for the local machine. Closes #4070 --- tests/data/test1519 | 2 +- tests/data/test2032 | 8 ++++---- tests/data/test651 | 2 +- tests/data/test653 | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/data/test1519 b/tests/data/test1519 index ab23dadca..292a49c65 100644 --- a/tests/data/test1519 +++ b/tests/data/test1519 @@ -53,7 +53,7 @@ res: 0 status: 302 redirects: 0 effectiveurl: http://%HOSTIP:%HTTPPORT/1519 -redirecturl: http://127.0.0.1:8990/h%20ttp://1.2.4.5/test +redirecturl: http://%HOSTIP:%HTTPPORT/h%20ttp://1.2.4.5/test 0 diff --git a/tests/data/test2032 b/tests/data/test2032 index a63e11ef1..ec5771f81 100644 --- a/tests/data/test2032 +++ b/tests/data/test2032 @@ -99,22 +99,22 @@ chkhostname curlhost GET /20320100 HTTP/1.1 -Host: 127.0.0.1:%HTTPPORT +Host: %HOSTIP:%HTTPPORT Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= Accept: */* GET /20320100 HTTP/1.1 -Host: 127.0.0.1:%HTTPPORT +Host: %HOSTIP:%HTTPPORT Authorization: Basic dGVzdHVzZXI6dGVzdHBhc3M= Accept: */* GET /20320200 HTTP/1.1 -Host: 127.0.0.1:%HTTPPORT +Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAABAAAABoIIAAAAAAAAAAAAAAAAAAAAAAA= Accept: */* GET /20320200 HTTP/1.1 -Host: 127.0.0.1:%HTTPPORT +Host: %HOSTIP:%HTTPPORT Authorization: NTLM TlRMTVNTUAADAAAAGAAYAEAAAAAYABgAWAAAAAAAAABwAAAACAAIAHAAAAAIAAgAeAAAAAAAAAAAAAAAhoABAI+/Fp9IERAQ74OsdNPbBpg7o8CVwLSO4DtFyIcZHUMKVktWIu92s2892OVpd2JzqnRlc3R1c2VyY3VybGhvc3Q= Accept: */* diff --git a/tests/data/test651 b/tests/data/test651 index b00ca5d0e..ae6409479 100644 --- a/tests/data/test651 +++ b/tests/data/test651 @@ -57,7 +57,7 @@ s/boundary=------------------------[a-z0-9]*/boundary=-------------------------- # (5*12) == 60 bytes less POST /651 HTTP/1.1 -Host: 127.0.0.1:8990 +Host: %HOSTIP:%HTTPPORT Accept: */* Content-Length: 17139 Content-Type: multipart/form-data; boundary=---------------------------- diff --git a/tests/data/test653 b/tests/data/test653 index d620b5761..d7be05923 100644 --- a/tests/data/test653 +++ b/tests/data/test653 @@ -67,7 +67,7 @@ s/boundary=------------------------[a-z0-9]*/boundary=-------------------------- # (5*12) == 60 bytes less POST /653 HTTP/1.1 -Host: 127.0.0.1:8990 +Host: %HOSTIP:%HTTPPORT Accept: */* Content-Length: 150 Content-Type: multipart/form-data; boundary=---------------------------- @@ -78,7 +78,7 @@ Content-Disposition: form-data; name="name" short value -------------------------------- POST /653 HTTP/1.1 -Host: 127.0.0.1:8990 +Host: %HOSTIP:%HTTPPORT Accept: */* Content-Length: 167 Content-Type: multipart/form-data; boundary=---------------------------- -- cgit v1.2.3 From 8c34a4dc49c3d906f100a218b6d6c3afc485d07c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 25 Jun 2019 08:54:11 +0200 Subject: RELEASE-NOTES: synced --- RELEASE-NOTES | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index ea6c1a7b3..cefe37f69 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -9,18 +9,23 @@ curl and libcurl 7.65.2 This release includes the following bugfixes: o CURLMOPT_SOCKETFUNCTION.3: clarified [8] + o CURLMOPT_SOCKETFUNCTION.3: fix typo o CURLOPT_CAINFO.3: polished wording [9] o bindlocal: detect and avoid IP version mismatches in bind() [1] o build: fix Codacy warnings [6] + o c-ares: honor port numbers in CURLOPT_DNS_SERVERS [37] o config-os400: add getpeername and getsockname defines [27] o configure: --disable-progress-meter [29] o configure: more --disable switches to toggle off individual features [7] o configure: remove CURL_DISABLE_TLS_SRP [19] o conn_maxage: move the check to prune_dead_connections() [24] + o curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds [38] o examples/fopen: fix comparison [6] o examples/htmltitle: use C++ casts between pointer types [6] + o http2: call done_sending on end of upload [36] o http2: don't call stream-close on already closed streams [32] o http2: remove CURL_DISABLE_TYPECHECK define + o http: clarify header buffer size calculation o krb5: fix compiler warning [15] o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] o multi: enable multiplexing by default (again) [34] @@ -37,9 +42,11 @@ This release includes the following bugfixes: o system_win32: fix typo o test1165: verify that CURL_DISABLE_ symbols are in sync o test1523: test CURLOPT_LOW_SPEED_LIMIT + o test153: fix content-length to avoid occasional hang [39] o test188/189: fix Content-Length [22] o tests: have runtests figure out disabled features [23] o tests: support non-localhost HOSTIP for dict/smb servers [30] + o tests: update fixed IP for hostip/clientip split [35] o tool_cb_prg: Fix integer overflow in progress bar [10] o travis: disable threaded resolver for coverage build o travis: enable alt-svc for coverage build @@ -64,11 +71,12 @@ advice from friends like these: Alex Grebenschikov, Ben Voris, Brian Carpenter, Cliff Crosland, Daniel Gustafsson, Daniel Stenberg, Gergely Nagy, Gisle Vanem, - Jakub Zakrzewski, jonrumsey on github, Kunal Ekawde, Marcel Raad, - Michael Wallner, MrSorcus on github, Patrick Monnerat, Richard Alcock, - Rich Mirch, sstruchtrup on github, Stephan Szabo, Steve Holme, Thomas Gamper, - Tom van der Woerdt, Viktor Szakats, - (23 contributors) + Jakub Zakrzewski, James Brown, jonrumsey on github, Koen Dergent, + Kunal Ekawde, Marcel Raad, Michael Wallner, MrSorcus on github, + Patrick Monnerat, Richard Alcock, Rich Mirch, sstruchtrup on github, + Stephan Szabo, Steve Holme, Thomas Gamper, Tom van der Woerdt, + Viktor Szakats, + (25 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -108,3 +116,8 @@ References to bug reports and discussions on issues: [32] = https://curl.haxx.se/bug/?id=4055 [33] = https://curl.haxx.se/bug/?id=4050 [34] = https://curl.haxx.se/bug/?id=4051 + [35] = https://curl.haxx.se/bug/?id=4070 + [36] = https://curl.haxx.se/bug/?id=4068 + [37] = https://curl.haxx.se/bug/?id=4066 + [38] = https://curl.haxx.se/bug/?id=4061 + [39] = https://curl.haxx.se/bug/?id=4065 -- cgit v1.2.3 From 8dd041bf0a422eda773702eb9d5c004544a4870e Mon Sep 17 00:00:00 2001 From: Niklas Hambüchen Date: Tue, 25 Jun 2019 13:39:00 +0200 Subject: docs: fix string suggesting HTTP/2 is not the default Commit 25fd1057c9c86e3 made HTTP2 the default, and further down in the man page that new default is mentioned, but the section at the top contradicted it until now. Also remove claim that setting the HTTP version is not sensible. Closes #4075 --- docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 index 7b7a08144..741dfaa6c 100644 --- a/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 +++ b/docs/libcurl/opts/CURLOPT_HTTP_VERSION.3 @@ -29,9 +29,7 @@ CURLOPT_HTTP_VERSION \- specify HTTP protocol version to use CURLcode curl_easy_setopt(CURL *handle, CURLOPT_HTTP_VERSION, long version); .SH DESCRIPTION Pass \fIversion\fP a long, set to one of the values described below. They ask -libcurl to use the specific HTTP versions. This is not sensible to do unless -you have a good reason. You have to set this option if you want to use -libcurl's HTTP/2 support. +libcurl to use the specific HTTP versions. Note that the HTTP version is just a request. libcurl will still prioritize to re-use an existing connection so it might then re-use a connection using a -- cgit v1.2.3 From 909aca20b58e18e3a763d81aec3b38f8fc93a0b2 Mon Sep 17 00:00:00 2001 From: 1ocalhost <41312227+1ocalhost@users.noreply.github.com> Date: Tue, 25 Jun 2019 23:20:15 +0800 Subject: configure: fix typo '--disable-http-uath' Closes #4076 --- configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index ebcc44761..dc97ba108 100755 --- a/configure.ac +++ b/configure.ac @@ -4030,7 +4030,7 @@ dnl AC_MSG_CHECKING([whether to support HTTP authentication]) AC_ARG_ENABLE(http-auth, AC_HELP_STRING([--enable-http-auth],[Enable HTTP authentication support]) -AC_HELP_STRING([--disable-http-uath],[Disable HTTP authentication support]), +AC_HELP_STRING([--disable-http-auth],[Disable HTTP authentication support]), [ case "$enableval" in no) AC_MSG_RESULT(no) -- cgit v1.2.3 From e4b5dd29874c5746a35e9b3b8c8cfd01ffa4363a Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 25 Jun 2019 08:26:05 +0200 Subject: win32: make DLL loading a no-op for UWP Reported-by: Michael Brehm Fixes #4060 Closes #4072 --- lib/system_win32.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/system_win32.c b/lib/system_win32.c index 1143fa6aa..52a5fd951 100644 --- a/lib/system_win32.c +++ b/lib/system_win32.c @@ -367,6 +367,7 @@ bool Curl_verify_windows_version(const unsigned int majorVersion, */ HMODULE Curl_load_library(LPCTSTR filename) { +#ifndef CURL_WINDOWS_APP HMODULE hModule = NULL; LOADLIBRARYEX_FN pLoadLibraryEx = NULL; @@ -421,8 +422,12 @@ HMODULE Curl_load_library(LPCTSTR filename) free(path); } } - return hModule; +#else + /* the Universal Windows Platform (UWP) can't do this */ + (void)filename; + return NULL; +#endif } #endif /* WIN32 */ -- cgit v1.2.3 From 8b159d1fe9aac769fbdb3d6602665f9845db435f Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 25 Jun 2019 13:09:22 +0200 Subject: test1521: adapt to SLISTPOINT The header now has the slist-using options marked as SLISTPOINT so this makes sure test 1521 understands that. Follow-up to ae99b4de1c443ae989 Closes #4074 --- tests/libtest/mk-lib1521.pl | 16 ++++------------ 1 file changed, 4 insertions(+), 12 deletions(-) diff --git a/tests/libtest/mk-lib1521.pl b/tests/libtest/mk-lib1521.pl index fb1401a53..f4add1a02 100755 --- a/tests/libtest/mk-lib1521.pl +++ b/tests/libtest/mk-lib1521.pl @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 2017, Daniel Stenberg, , et al. +# Copyright (C) 2017 - 2019, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -205,17 +205,6 @@ while() { print " (void)curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, 0);\n"; print "${pref} stringpointerextra);\n$check"; } - elsif(($name eq "HTTPHEADER") || - ($name eq "POSTQUOTE") || - ($name eq "PREQUOTE") || - ($name eq "HTTP200ALIASES") || - ($name eq "TELNETOPTIONS") || - ($name eq "MAIL_RCPT") || - ($name eq "RESOLVE") || - ($name eq "PROXYHEADER") || - ($name eq "QUOTE")) { - print "${pref} slist);\n$check"; - } elsif($name eq "HTTPPOST") { print "${pref} httppost);\n$check"; } @@ -230,6 +219,9 @@ while() { } print "${pref} NULL);\n$check"; } + elsif($type eq "SLISTPOINT") { + print "${pref} slist);\n$check"; + } elsif($type eq "FUNCTIONPOINT") { if($name =~ /([^ ]*)FUNCTION/) { my $l=lc($1); -- cgit v1.2.3 From c40eb3220cf73323aef6e49f8ab75b79cc435008 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 25 Jun 2019 20:35:22 +0200 Subject: openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined ... since that needs UI_OpenSSL() which isn't provided when OpenSSL is built with OPENSSL_NO_UI_CONSOLE which happens when OpenSSL is built for UWP (with "VC-WIN32-UWP"). Reported-by: Vasily Lobaskin Fixes #4073 Closes #4077 --- lib/vtls/openssl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index fa6d0201a..3cdcbfeb9 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -75,7 +75,7 @@ #endif #if (OPENSSL_VERSION_NUMBER >= 0x0090700fL) && /* 0.9.7 or later */ \ - !defined(OPENSSL_NO_ENGINE) + !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_UI_CONSOLE) #define USE_OPENSSL_ENGINE #include #endif -- cgit v1.2.3 From 44b5468e8eeae889c5f7c8d6f457c6fa6c2c737d Mon Sep 17 00:00:00 2001 From: Gaël PORTAY Date: Wed, 26 Jun 2019 06:27:04 -0400 Subject: curl_multi_wait.3: escape backslash in example The backslash in the character Line Feed must be escaped. The current man-page outputs the code as following: fprintf(stderr, "curl_multi failed, code %d.0, mc); The commit fixes it as follow: fprintf(stderr, "curl_multi failed, code %d\n", mc); Closes #4079 --- docs/libcurl/curl_multi_wait.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/libcurl/curl_multi_wait.3 b/docs/libcurl/curl_multi_wait.3 index 9f15c5f89..ae5d3d16c 100644 --- a/docs/libcurl/curl_multi_wait.3 +++ b/docs/libcurl/curl_multi_wait.3 @@ -91,7 +91,7 @@ do { } if(mc != CURLM_OK) { - fprintf(stderr, "curl_multi failed, code %d.\n", mc); + fprintf(stderr, "curl_multi failed, code %d.\\n", mc); break; } -- cgit v1.2.3 From 3609ab3147b11118319da4584a0c72f638697838 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Sun, 30 Jun 2019 17:16:28 -0400 Subject: docs: Fix links to OpenSSL docs OpenSSL changed their manual locations and does not redirect to the new locations. Bug: https://curl.haxx.se/mail/lib-2019-06/0056.html Reported-by: Daniel Stenberg --- docs/examples/threaded-ssl.c | 2 +- docs/libcurl/libcurl-thread.3 | 9 +++++---- lib/vtls/openssl.c | 2 -- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/docs/examples/threaded-ssl.c b/docs/examples/threaded-ssl.c index 522f8c49a..f6083ab3d 100644 --- a/docs/examples/threaded-ssl.c +++ b/docs/examples/threaded-ssl.c @@ -29,7 +29,7 @@ * (libgcrypt) so far. * * OpenSSL docs for this: - * https://www.openssl.org/docs/crypto/threads.html + * https://www.openssl.org/docs/man1.0.2/man3/CRYPTO_num_locks.html * gcrypt docs for this: * https://gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html */ diff --git a/docs/libcurl/libcurl-thread.3 b/docs/libcurl/libcurl-thread.3 index ae1e387be..796a5bb59 100644 --- a/docs/libcurl/libcurl-thread.3 +++ b/docs/libcurl/libcurl-thread.3 @@ -41,14 +41,15 @@ then of course using the underlying SSL library multi-threaded and those libs might have their own requirements on this issue. You may need to provide one or two functions to allow it to function properly: .IP OpenSSL -OpenSSL 1.1.0 "can be safely used in multi-threaded applications provided that -support for the underlying OS threading API is built-in." +OpenSSL 1.1.0+ "can be safely used in multi-threaded applications provided that +support for the underlying OS threading API is built-in." In that case the +engine is used by libcurl in a way that is fully thread-safe. -https://www.openssl.org/docs/manmaster/crypto/threads.html#DESCRIPTION +https://www.openssl.org/docs/man1.1.0/man3/CRYPTO_THREAD_run_once.html#DESCRIPTION OpenSSL <= 1.0.2 the user must set callbacks. -https://www.openssl.org/docs/man1.0.2/crypto/threads.html#DESCRIPTION +https://www.openssl.org/docs/man1.0.2/man3/CRYPTO_set_locking_callback.html#DESCRIPTION https://curl.haxx.se/libcurl/c/opensslthreadlock.html diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 3cdcbfeb9..1d2ec04ed 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -3280,7 +3280,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, if(len1 < 1) break; /* failed */ - /* https://www.openssl.org/docs/crypto/buffer.html */ buff1 = temp = malloc(len1); if(!buff1) break; /* failed */ @@ -3302,7 +3301,6 @@ static CURLcode pkp_pin_peer_pubkey(struct Curl_easy *data, X509* cert, result = Curl_pin_peer_pubkey(data, pinnedpubkey, buff1, len1); } while(0); - /* https://www.openssl.org/docs/crypto/buffer.html */ if(buff1) free(buff1); -- cgit v1.2.3 From 8ad61c6847349b71e7e7b9c544c4c7b40e6d6ff5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 4 Jul 2019 14:02:20 +0200 Subject: doh-url.d: added in 7.62.0 --- docs/cmdline-opts/doh-url.d | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/cmdline-opts/doh-url.d b/docs/cmdline-opts/doh-url.d index 8fa42c1b2..c871c4d22 100644 --- a/docs/cmdline-opts/doh-url.d +++ b/docs/cmdline-opts/doh-url.d @@ -2,6 +2,7 @@ Long: doh-url Arg: Help: Resolve host names over DOH Protocols: all +Added: 7.62.0 --- Specifies which DNS-over-HTTPS (DOH) server to use to resolve hostnames, instead of using the default name resolver mechanism. The URL must be HTTPS. -- cgit v1.2.3 From 5feb58ca12d576159b176d810dab0212c940ce00 Mon Sep 17 00:00:00 2001 From: Shankar Jadhavar Date: Fri, 5 Jul 2019 00:25:50 -0500 Subject: winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG - Made changes so that ENABLE_OPENSSL_AUTO_LOAD_CONFIG will be honored. - Also removed some ^M chars from file. Prior to this change while building on Windows platform even if we pass the ENABLE_OPENSSL_AUTO_LOAD_CONFIG option with value as "no" it does not set the CURL_DISABLE_OPENSSL_AUTO_LOAD_CONFIG flag. Closes https://github.com/curl/curl/pull/4086 --- winbuild/Makefile.vc | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/winbuild/Makefile.vc b/winbuild/Makefile.vc index f5c0c7b00..9b3b35513 100644 --- a/winbuild/Makefile.vc +++ b/winbuild/Makefile.vc @@ -5,7 +5,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1999 - 2017, Daniel Stenberg, , et al. +# Copyright (C) 1999 - 2019, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -43,8 +43,8 @@ CFGSET=true !MESSAGE Libraries can be fetched at https://windows.php.net/downloads/php-sdk/deps/ !MESSAGE Uncompress them into the deps folder. !MESSAGE WITH_PREFIX= - Installation directory path -!MESSAGE Defaults to a configuration dependent (SSL, zlib, etc.) -!MESSAGE directory inside curl's subdirectory builds: ./builds +!MESSAGE Defaults to a configuration dependent (SSL, zlib, etc.) +!MESSAGE directory inside curl's subdirectory builds: ./builds !MESSAGE Use backslashes as path separator !MESSAGE WITH_SSL= - Enable OpenSSL support, DLL or static !MESSAGE WITH_NGHTTP2= - Enable HTTP/2 support, DLL or static @@ -138,6 +138,12 @@ USE_WINSSL = false !IFNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG ENABLE_OPENSSL_AUTO_LOAD_CONFIG = true +!ELSEIF "$(ENABLE_OPENSSL_AUTO_LOAD_CONFIG)"=="yes" +!UNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG +ENABLE_OPENSSL_AUTO_LOAD_CONFIG = true +!ELSEIF "$(ENABLE_OPENSSL_AUTO_LOAD_CONFIG)"=="no" +!UNDEF ENABLE_OPENSSL_AUTO_LOAD_CONFIG +ENABLE_OPENSSL_AUTO_LOAD_CONFIG = false !ENDIF CONFIG_NAME_LIB = libcurl -- cgit v1.2.3 From 21e2df801556dcdc451c3372248c481552451d7f Mon Sep 17 00:00:00 2001 From: Caleb Raitto Date: Wed, 3 Jul 2019 17:35:52 -0400 Subject: CURLOPT_HEADEROPT.3: Fix example Fix an issue where example builds a curl_slist, but fails to actually use it, or free it. Closes https://github.com/curl/curl/pull/4090 --- docs/libcurl/opts/CURLOPT_HEADEROPT.3 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/libcurl/opts/CURLOPT_HEADEROPT.3 b/docs/libcurl/opts/CURLOPT_HEADEROPT.3 index b9a0075cc..7d7a7fc68 100644 --- a/docs/libcurl/opts/CURLOPT_HEADEROPT.3 +++ b/docs/libcurl/opts/CURLOPT_HEADEROPT.3 @@ -57,12 +57,14 @@ if(curl) { list = curl_slist_append(list, "Accept:"); curl_easy_setopt(curl, CURLOPT_URL, "https://example.com/"); curl_easy_setopt(curl, CURLOPT_PROXY, "http://localhost:8080"); + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, list); /* HTTPS over a proxy makes a separate CONNECT to the proxy, so tell libcurl to not send the custom headers to the proxy. Keep them separate! */ curl_easy_setopt(curl, CURLOPT_HEADEROPT, CURLHEADER_SEPARATE); ret = curl_easy_perform(curl); + curl_slist_free_all(list); curl_easy_cleanup(curl); } .fi -- cgit v1.2.3 From cf4255c8476ba919456a69099d02245419ff6ac3 Mon Sep 17 00:00:00 2001 From: Gergely Nagy Date: Wed, 3 Jul 2019 14:31:31 +0200 Subject: lib: Use UTF-8 encoding in comments Some editors and IDEs assume that source files use UTF-8 file encodings. It also fixes the build with MSVC when /utf-8 command line option is used (this option is mandatory for some other open-source projects, this is useful when using the same options is desired for building all libraries of a project). Closes https://github.com/curl/curl/pull/4087 --- lib/cookie.c | 4 ++-- lib/krb5.c | 2 +- lib/security.c | 2 +- lib/transfer.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/cookie.c b/lib/cookie.c index 05ce62193..9a9e14d01 100644 --- a/lib/cookie.c +++ b/lib/cookie.c @@ -820,7 +820,7 @@ Curl_cookie_add(struct Curl_easy *data, break; case 1: /* This field got its explanation on the 23rd of May 2001 by - Andrés García: + Andrés García: flag: A TRUE/FALSE value indicating if all machines within a given domain can access the variable. This value is set automatically by @@ -834,7 +834,7 @@ Curl_cookie_add(struct Curl_easy *data, case 2: /* It turns out, that sometimes the file format allows the path field to remain not filled in, we try to detect this and work - around it! Andrés García made us aware of this... */ + around it! Andrés García made us aware of this... */ if(strcmp("TRUE", ptr) && strcmp("FALSE", ptr)) { /* only if the path doesn't look like a boolean option! */ co->path = strdup(ptr); diff --git a/lib/krb5.c b/lib/krb5.c index 3c340eaf9..5a47d481b 100644 --- a/lib/krb5.c +++ b/lib/krb5.c @@ -1,6 +1,6 @@ /* GSSAPI/krb5 support for FTP - loosely based on old krb4.c * - * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan + * Copyright (c) 1995, 1996, 1997, 1998, 1999 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * Copyright (c) 2004 - 2017 Daniel Stenberg * All rights reserved. diff --git a/lib/security.c b/lib/security.c index 82ae5c2cd..76951548d 100644 --- a/lib/security.c +++ b/lib/security.c @@ -7,7 +7,7 @@ * rewrite to work around the paragraph 2 in the BSD licenses as explained * below. * - * Copyright (c) 1998, 1999, 2017 Kungliga Tekniska Högskolan + * Copyright (c) 1998, 1999, 2017 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * * Copyright (C) 2001 - 2019, Daniel Stenberg, , et al. diff --git a/lib/transfer.c b/lib/transfer.c index b25359196..b9bb5f6ed 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -225,7 +225,7 @@ CURLcode Curl_fillreadbuffer(struct connectdata *conn, size_t bytes, if(data->state.trailers_state == TRAILERS_SENDING) { /* if we're here then that means that we already sent the last empty chunk but we didn't send a final CR LF, so we sent 0 CR LF. We then start - pulling trailing data until we ²have no more at which point we + pulling trailing data until we have no more at which point we simply return to the previous point in the state machine as if nothing happened. */ -- cgit v1.2.3 From 2028a1a977e91e5eae4852a778ab67bda3d3b9ad Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Thu, 20 Jun 2019 12:11:59 +0200 Subject: nss: only cache valid CRL entries Change the logic around such that we only keep CRLs that NSS actually ended up caching around for later deletion. If CERT_CacheCRL() fails then there is little point in delaying the freeing of the CRL as it is not used. Closes https://github.com/curl/curl/pull/4053 --- lib/vtls/nss.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 3125f0b70..7a5213b2b 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -578,17 +578,19 @@ static CURLcode nss_cache_crl(SECItem *crl_der) /* acquire lock before call of CERT_CacheCRL() and accessing nss_crl_list */ PR_Lock(nss_crllock); - /* store the CRL item so that we can free it in Curl_nss_cleanup() */ - if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) { + if(SECSuccess != CERT_CacheCRL(db, crl_der)) { + /* unable to cache CRL */ SECITEM_FreeItem(crl_der, PR_TRUE); PR_Unlock(nss_crllock); - return CURLE_OUT_OF_MEMORY; + return CURLE_SSL_CRL_BADFILE; } - if(SECSuccess != CERT_CacheCRL(db, crl_der)) { - /* unable to cache CRL */ + /* store the CRL item so that we can free it in Curl_nss_cleanup() */ + if(insert_wrapped_ptr(&nss_crl_list, crl_der) != CURLE_OK) { + if(SECSuccess == CERT_UncacheCRL(db, crl_der)) + SECITEM_FreeItem(crl_der, PR_TRUE); PR_Unlock(nss_crllock); - return CURLE_SSL_CRL_BADFILE; + return CURLE_OUT_OF_MEMORY; } /* we need to clear session cache, so that the CRL could take effect */ -- cgit v1.2.3 From 67171025031184bb86703746422a88573d9ef3c1 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Thu, 20 Jun 2019 12:19:41 +0200 Subject: nss: don't set unused parameter The value of the maxPTDs parameter to PR_Init() has since at least NSPR 2.1, which was released sometime in 1998, been marked ignored as is accordingly not used in the initialization code. Setting it to a value when calling PR_Init() is thus benign, but indicates an intent which may be misleading. Reset the value to zero to improve clarity. Closes https://github.com/curl/curl/pull/4054 --- lib/vtls/nss.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 7a5213b2b..5e0cd2414 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -1423,7 +1423,7 @@ static int Curl_nss_init(void) { /* curl_global_init() is not thread-safe so this test is ok */ if(nss_initlock == NULL) { - PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 256); + PR_Init(PR_USER_THREAD, PR_PRIORITY_NORMAL, 0); nss_initlock = PR_NewLock(); nss_crllock = PR_NewLock(); nss_findslot_lock = PR_NewLock(); -- cgit v1.2.3 From 24e92a71d5a19957a2250c8876d703cc919ae576 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Wed, 19 Jun 2019 22:28:20 +0200 Subject: nss: support using libnss on macOS The file suffix for dynamically loadable objects on macOS is .dylib, which need to be added for the module definitions in order to get the NSS TLS backend to work properly on macOS. Closes https://github.com/curl/curl/pull/4046 --- lib/vtls/nss.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 5e0cd2414..85b851ff8 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -223,9 +223,12 @@ static const cipher_s cipherlist[] = { #endif }; -#ifdef WIN32 +#if defined(WIN32) static const char *pem_library = "nsspem.dll"; static const char *trust_library = "nssckbi.dll"; +#elif defined(__APPLE__) +static const char *pem_library = "libnsspem.dylib"; +static const char *trust_library = "libnssckbi.dylib"; #else static const char *pem_library = "libnsspem.so"; static const char *trust_library = "libnssckbi.so"; -- cgit v1.2.3 From 0dc3be9aa9b1573fe2e89bba8d4f1b172adc1b2a Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 8 Jul 2019 12:56:20 +0200 Subject: RELEASE-NOTES: synced --- RELEASE-NOTES | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index cefe37f69..88de580eb 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -11,15 +11,20 @@ This release includes the following bugfixes: o CURLMOPT_SOCKETFUNCTION.3: clarified [8] o CURLMOPT_SOCKETFUNCTION.3: fix typo o CURLOPT_CAINFO.3: polished wording [9] + o CURLOPT_HEADEROPT.3: Fix example [46] o bindlocal: detect and avoid IP version mismatches in bind() [1] o build: fix Codacy warnings [6] o c-ares: honor port numbers in CURLOPT_DNS_SERVERS [37] o config-os400: add getpeername and getsockname defines [27] o configure: --disable-progress-meter [29] + o configure: fix typo '--disable-http-uath' [41] o configure: more --disable switches to toggle off individual features [7] o configure: remove CURL_DISABLE_TLS_SRP [19] o conn_maxage: move the check to prune_dead_connections() [24] o curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds [38] + o curl_multi_wait.3: escape backslash in example [44] + o docs: Fix links to OpenSSL docs + o docs: fix string suggesting HTTP/2 is not the default [40] o examples/fopen: fix comparison [6] o examples/htmltitle: use C++ casts between pointer types [6] o http2: call done_sending on end of upload [36] @@ -27,11 +32,16 @@ This release includes the following bugfixes: o http2: remove CURL_DISABLE_TYPECHECK define o http: clarify header buffer size calculation o krb5: fix compiler warning [15] + o lib: Use UTF-8 encoding in comments [47] o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] o multi: enable multiplexing by default (again) [34] o multi: fix the transfer hashes in the socket hash entries [17] o multi: make sure 'data' can present in several sockhash entries [2] o netrc: Return the correct error code when out of memory [28] + o nss: don't set unused parameter [49] + o nss: only cache valid CRL entries [48] + o nss: support using libnss on macOS [50] + o openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined [43] o openssl: fix pubkey/signature algorithm detection in certinfo [25] o openssl: remove outdated comment [20] o os400: make vsetopt() non-static as Curl_vsetopt() for os400 support [12] @@ -41,6 +51,7 @@ This release includes the following bugfixes: o sws: remove unused variables [6] o system_win32: fix typo o test1165: verify that CURL_DISABLE_ symbols are in sync + o test1521: adapt to SLISTPOINT o test1523: test CURLOPT_LOW_SPEED_LIMIT o test153: fix content-length to avoid occasional hang [39] o test188/189: fix Content-Length [22] @@ -59,6 +70,8 @@ This release includes the following bugfixes: o unit1654: cleanup on memory failure [14] o unpause: trigger a timeout for event-based transfers [4] o url: Fix CURLOPT_MAXAGE_CONN time comparison [18] + o win32: make DLL loading a no-op for UWP [42] + o winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG [45] o winbuild: use WITH_PREFIX if given [21] o wolfssl: refer to it as wolfSSL only [11] @@ -69,14 +82,15 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - Alex Grebenschikov, Ben Voris, Brian Carpenter, Cliff Crosland, - Daniel Gustafsson, Daniel Stenberg, Gergely Nagy, Gisle Vanem, - Jakub Zakrzewski, James Brown, jonrumsey on github, Koen Dergent, - Kunal Ekawde, Marcel Raad, Michael Wallner, MrSorcus on github, - Patrick Monnerat, Richard Alcock, Rich Mirch, sstruchtrup on github, + 1ocalhost on github, Alex Grebenschikov, Ben Voris, Brian Carpenter, + Caleb Raitto, Cliff Crosland, Daniel Gustafsson, Daniel Stenberg, + Gaël Portay, Gergely Nagy, Gisle Vanem, Jakub Zakrzewski, James Brown, + Jay Satiro, jonrumsey on github, Koen Dergent, Kunal Ekawde, Marcel Raad, + Michael Wallner, MrSorcus on github, Niklas Hambüchen, Patrick Monnerat, + Richard Alcock, Rich Mirch, Shankar Jadhavar, sstruchtrup on github, Stephan Szabo, Steve Holme, Thomas Gamper, Tom van der Woerdt, Viktor Szakats, - (25 contributors) + (31 contributors) Thanks! (and sorry if I forgot to mention someone) @@ -121,3 +135,14 @@ References to bug reports and discussions on issues: [37] = https://curl.haxx.se/bug/?id=4066 [38] = https://curl.haxx.se/bug/?id=4061 [39] = https://curl.haxx.se/bug/?id=4065 + [40] = https://curl.haxx.se/bug/?id=4075 + [41] = https://curl.haxx.se/bug/?id=4076 + [42] = https://curl.haxx.se/bug/?id=4072 + [43] = https://curl.haxx.se/bug/?id=4073 + [44] = https://curl.haxx.se/bug/?id=4079 + [45] = https://curl.haxx.se/bug/?id=4086 + [46] = https://curl.haxx.se/bug/?id=4090 + [47] = https://curl.haxx.se/bug/?id=4087 + [48] = https://curl.haxx.se/bug/?id=4053 + [49] = https://curl.haxx.se/bug/?id=4054 + [50] = https://curl.haxx.se/bug/?id=4046 -- cgit v1.2.3 From efc55b8986970f2feea6c09e62c72e81e553fd88 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 8 Jul 2019 13:19:35 +0200 Subject: cleanup: fix typo in comment --- lib/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/security.c b/lib/security.c index 76951548d..550ea2da8 100644 --- a/lib/security.c +++ b/lib/security.c @@ -267,7 +267,7 @@ static ssize_t sec_recv(struct connectdata *conn, int sockindex, } /* Send |length| bytes from |from| to the |fd| socket taking care of encoding - and negociating with the server. |from| can be NULL. */ + and negotiating with the server. |from| can be NULL. */ static void do_sec_send(struct connectdata *conn, curl_socket_t fd, const char *from, int length) { -- cgit v1.2.3 From 5fecc4d6267b6dfba023347289ddff66c2521635 Mon Sep 17 00:00:00 2001 From: Jan Chren Date: Mon, 8 Jul 2019 20:20:26 +0000 Subject: configure: fix --disable-code-coverage This fixes the case when --disable-code-coverage supplied to ./configure would result in coverage="yes" being set. Closes #4099 Reviewed-by: Daniel Gustafsson --- m4/curl-functions.m4 | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/m4/curl-functions.m4 b/m4/curl-functions.m4 index 84f6ffcb2..9020f3942 100644 --- a/m4/curl-functions.m4 +++ b/m4/curl-functions.m4 @@ -7313,8 +7313,7 @@ AC_DEFUN([CURL_COVERAGE],[ dnl check if enabled by argument AC_ARG_ENABLE(code-coverage, AC_HELP_STRING([--enable-code-coverage], [Provide code coverage]), - coverage="yes", - coverage="no") + coverage="$enableval") dnl if not gcc switch off again AS_IF([ test "$GCC" != "yes" ], coverage="no" ) -- cgit v1.2.3 From 8dc21dbb8472e8bb68ec3dc35e7fed9cefb679f4 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Tue, 9 Jul 2019 17:33:07 +0200 Subject: buildconf: fix header filename The header file inclusion had a typo, it should be .h and not .hd. Fix by renaming. Fixes #4102 Reported-by: AceCrow on Github --- buildconf.bat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/buildconf.bat b/buildconf.bat index a6bded34b..8511a1fcb 100644 --- a/buildconf.bat +++ b/buildconf.bat @@ -212,7 +212,7 @@ rem copy /Y src\tool_hugehelp.c.cvs src\tool_hugehelp.c 1>NUL 2>&1 ) else ( echo #include "tool_setup.h"> src\tool_hugehelp.c - echo #include "tool_hugehelp.hd">> src\tool_hugehelp.c + echo #include "tool_hugehelp.h">> src\tool_hugehelp.c echo.>> src\tool_hugehelp.c echo void hugehelp(void^)>> src\tool_hugehelp.c echo {>> src\tool_hugehelp.c -- cgit v1.2.3 From 9d1821755ea652becf1e1086f1bbc1398e58245c Mon Sep 17 00:00:00 2001 From: Kyle Edwards Date: Tue, 9 Jul 2019 10:03:06 -0400 Subject: CMake: Convert errant elseif() to else() CMake interprets an elseif() with no arguments as elseif(FALSE), resulting in the elseif() block not being executed. That is not what was intended here. Change the empty elseif() to an else() as it was intended. Closes #4101 Reported-by: Artalus Reviewed-by: Daniel Gustafsson --- CMake/CurlSymbolHiding.cmake | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMake/CurlSymbolHiding.cmake b/CMake/CurlSymbolHiding.cmake index 15ba46e46..60ee8e682 100644 --- a/CMake/CurlSymbolHiding.cmake +++ b/CMake/CurlSymbolHiding.cmake @@ -53,7 +53,7 @@ elseif(MSVC) message(WARNING "Hiding private symbols regardless CURL_HIDDEN_SYMBOLS being disabled.") set(HIDES_CURL_PRIVATE_SYMBOLS TRUE) endif() -elseif() +else() set(HIDES_CURL_PRIVATE_SYMBOLS FALSE) endif() -- cgit v1.2.3 From abfef94882128ab17b4d88376fd9d7d4e08b6818 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Tue, 9 Jul 2019 22:27:59 +0200 Subject: CMake: fix typos and spelling --- CMake/CurlSymbolHiding.cmake | 2 +- CMake/FindGSS.cmake | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/CMake/CurlSymbolHiding.cmake b/CMake/CurlSymbolHiding.cmake index 60ee8e682..224755a31 100644 --- a/CMake/CurlSymbolHiding.cmake +++ b/CMake/CurlSymbolHiding.cmake @@ -29,7 +29,7 @@ if(CURL_HIDDEN_SYMBOLS) set(_CFLAG_SYMBOLS_HIDE "-xldscope=hidden") elseif(CMAKE_C_COMPILER_ID MATCHES "Intel" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.0) # note: this should probably just check for version 9.1.045 but I'm not 100% sure - # so let's to it the same way autotools do. + # so let's do it the same way autotools do. set(SUPPORTS_SYMBOL_HIDING TRUE) set(_SYMBOL_EXTERN "__attribute__ ((__visibility__ (\"default\")))") set(_CFLAG_SYMBOLS_HIDE "-fvisibility=hidden") diff --git a/CMake/FindGSS.cmake b/CMake/FindGSS.cmake index 8a28f2fb6..44bcfd063 100644 --- a/CMake/FindGSS.cmake +++ b/CMake/FindGSS.cmake @@ -134,7 +134,7 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac endif() endif() - else() # either there is no config script or we are on platform that doesn't provide one (Windows?) + else() # either there is no config script or we are on a platform that doesn't provide one (Windows?) find_path(_GSS_INCLUDE_DIR NAMES @@ -164,7 +164,7 @@ if(NOT _GSS_FOUND) #not found by pkg-config. Let's take more traditional approac set(CMAKE_REQUIRED_DEFINITIONS "") endif() else() - # I'm not convienced if this is the right way but this is what autotools do at the moment + # I'm not convinced if this is the right way but this is what autotools do at the moment find_path(_GSS_INCLUDE_DIR NAMES "gssapi.h" -- cgit v1.2.3 From 11d7fe118dc980d104a8ff2e209dec0151c56939 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Wed, 10 Jul 2019 19:26:40 +0200 Subject: headers: Remove no longer exported functions There were a leftover few prototypes of Curl_ functions that we used to export but no longer do, this removes those prototypes and cleans up any comments still referring to them. Curl_write32_le(), Curl_strcpy_url(), Curl_strlen_url(), Curl_up_free() Curl_concat_url(), Curl_detach_connnection(), Curl_http_setup_conn() were made static in 05b100aee247bb9bec8e9a1b0166496aa4248d1c. Curl_http_perhapsrewind() made static in 574aecee208f79d391f10d57520b3. For the remainder, I didn't trawl the Git logs hard enough to capture their exact time of deletion, but they were all gone: Curl_splayprint(), Curl_http2_send_request(), Curl_global_host_cache_dtor(), Curl_scan_cache_used(), Curl_hostcache_destroy(), Curl_second_connect(), Curl_http_auth_stage() and Curl_close_connections(). Closes #4096 Reviewed-by: Daniel Stenberg --- lib/curl_endian.h | 5 +---- lib/hostip.h | 9 --------- lib/http.c | 2 +- lib/http.h | 3 --- lib/http2.c | 4 ++-- lib/http2.h | 4 +--- lib/multiif.h | 1 - lib/splay.h | 8 +------- lib/transfer.h | 1 - lib/url.h | 3 --- lib/urlapi-int.h | 3 --- 11 files changed, 6 insertions(+), 37 deletions(-) diff --git a/lib/curl_endian.h b/lib/curl_endian.h index 4f345a6a2..9830e58fd 100644 --- a/lib/curl_endian.h +++ b/lib/curl_endian.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -31,9 +31,6 @@ unsigned int Curl_read32_le(const unsigned char *buf); /* Converts a 16-bit integer from big endian */ unsigned short Curl_read16_be(const unsigned char *buf); -/* Converts a 32-bit integer to little endian */ -void Curl_write32_le(const int value, unsigned char *buffer); - #if (CURL_SIZEOF_CURL_OFF_T > 4) /* Converts a 64-bit integer to little endian */ #if defined(HAVE_LONGLONG) diff --git a/lib/hostip.h b/lib/hostip.h index 9dc0d5a17..1bda524be 100644 --- a/lib/hostip.h +++ b/lib/hostip.h @@ -61,7 +61,6 @@ struct connectdata; * Returns a struct curl_hash pointer on success, NULL on failure. */ struct curl_hash *Curl_global_host_cache_init(void); -void Curl_global_host_cache_dtor(void); struct Curl_dns_entry { Curl_addrinfo *addr; @@ -124,9 +123,6 @@ Curl_addrinfo *Curl_getaddrinfo(struct connectdata *conn, void Curl_resolv_unlock(struct Curl_easy *data, struct Curl_dns_entry *dns); -/* for debugging purposes only: */ -void Curl_scan_cache_used(void *user, void *ptr); - /* init a new dns cache and return success */ int Curl_mk_dnscache(struct curl_hash *hash); @@ -236,11 +232,6 @@ CURLcode Curl_set_dns_local_ip6(struct Curl_easy *data, */ void Curl_hostcache_clean(struct Curl_easy *data, struct curl_hash *hash); -/* - * Destroy the hostcache of this handle. - */ -void Curl_hostcache_destroy(struct Curl_easy *data); - /* * Populate the cache with specified entries from CURLOPT_RESOLVE. */ diff --git a/lib/http.c b/lib/http.c index 14d1e89eb..ccf64a270 100644 --- a/lib/http.c +++ b/lib/http.c @@ -383,7 +383,7 @@ static bool pickoneauth(struct auth *pick, unsigned long mask) } /* - * Curl_http_perhapsrewind() + * http_perhapsrewind() * * If we are doing POST or PUT { * If we have more data to send { diff --git a/lib/http.h b/lib/http.h index a59fe7af0..5af80e75d 100644 --- a/lib/http.h +++ b/lib/http.h @@ -82,7 +82,6 @@ CURLcode Curl_http_compile_trailers(struct curl_slist *trailers, CURLcode Curl_http(struct connectdata *conn, bool *done); CURLcode Curl_http_done(struct connectdata *, CURLcode, bool premature); CURLcode Curl_http_connect(struct connectdata *conn, bool *done); -CURLcode Curl_http_setup_conn(struct connectdata *conn); /* The following functions are defined in http_chunks.c */ void Curl_httpchunk_init(struct connectdata *conn); @@ -90,11 +89,9 @@ CHUNKcode Curl_httpchunk_read(struct connectdata *conn, char *datap, ssize_t length, ssize_t *wrote); /* These functions are in http.c */ -void Curl_http_auth_stage(struct Curl_easy *data, int stage); CURLcode Curl_http_input_auth(struct connectdata *conn, bool proxy, const char *auth); CURLcode Curl_http_auth_act(struct connectdata *conn); -CURLcode Curl_http_perhapsrewind(struct connectdata *conn); /* If only the PICKNONE bit is set, there has been a round-trip and we selected to use no auth at all. Ie, we actively select no auth, as opposed diff --git a/lib/http2.c b/lib/http2.c index bbd42bf2f..eb55e62d1 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -269,7 +269,7 @@ static unsigned int http2_conncheck(struct connectdata *check, return ret_val; } -/* called from Curl_http_setup_conn */ +/* called from http_setup_conn */ void Curl_http2_setup_req(struct Curl_easy *data) { struct HTTP *http = data->req.protop; @@ -286,7 +286,7 @@ void Curl_http2_setup_req(struct Curl_easy *data) http->memlen = 0; } -/* called from Curl_http_setup_conn */ +/* called from http_setup_conn */ void Curl_http2_setup_conn(struct connectdata *conn) { conn->proto.httpc.settings.max_concurrent_streams = diff --git a/lib/http2.h b/lib/http2.h index db6217b11..93058ccb3 100644 --- a/lib/http2.h +++ b/lib/http2.h @@ -42,13 +42,12 @@ const char *Curl_http2_strerror(uint32_t err); CURLcode Curl_http2_init(struct connectdata *conn); void Curl_http2_init_state(struct UrlState *state); void Curl_http2_init_userset(struct UserDefined *set); -CURLcode Curl_http2_send_request(struct connectdata *conn); CURLcode Curl_http2_request_upgrade(Curl_send_buffer *req, struct connectdata *conn); CURLcode Curl_http2_setup(struct connectdata *conn); CURLcode Curl_http2_switched(struct connectdata *conn, const char *data, size_t nread); -/* called from Curl_http_setup_conn */ +/* called from http_setup_conn */ void Curl_http2_setup_conn(struct connectdata *conn); void Curl_http2_setup_req(struct Curl_easy *data); void Curl_http2_done(struct connectdata *conn, bool premature); @@ -63,7 +62,6 @@ void Curl_http2_cleanup_dependencies(struct Curl_easy *data); /* returns true if the HTTP/2 stream error was HTTP_1_1_REQUIRED */ bool Curl_h2_http_1_1_error(struct connectdata *conn); #else /* USE_NGHTTP2 */ -#define Curl_http2_send_request(x) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_request_upgrade(x,y) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_setup(x) CURLE_UNSUPPORTED_PROTOCOL #define Curl_http2_switched(x,y,z) CURLE_UNSUPPORTED_PROTOCOL diff --git a/lib/multiif.h b/lib/multiif.h index 55297ea51..a64455867 100644 --- a/lib/multiif.h +++ b/lib/multiif.h @@ -31,7 +31,6 @@ void Curl_expire(struct Curl_easy *data, time_t milli, expire_id); void Curl_expire_clear(struct Curl_easy *data); void Curl_expire_done(struct Curl_easy *data, expire_id id); void Curl_update_timer(struct Curl_multi *multi); -void Curl_detach_connnection(struct Curl_easy *data); void Curl_attach_connnection(struct Curl_easy *data, struct connectdata *conn); bool Curl_multiplex_wanted(const struct Curl_multi *multi); diff --git a/lib/splay.h b/lib/splay.h index 4612ec271..9292f349b 100644 --- a/lib/splay.h +++ b/lib/splay.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1997 - 2017, Daniel Stenberg, , et al. + * Copyright (C) 1997 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -59,10 +59,4 @@ int Curl_splayremovebyaddr(struct Curl_tree *t, ( ((i.tv_usec) < (j.tv_usec)) ? -1 : \ ( ((i.tv_usec) > (j.tv_usec)) ? 1 : 0)))) -#ifdef DEBUGBUILD -void Curl_splayprint(struct Curl_tree * t, int d, char output); -#else -#define Curl_splayprint(x,y,z) Curl_nop_stmt -#endif - #endif /* HEADER_CURL_SPLAY_H */ diff --git a/lib/transfer.h b/lib/transfer.h index ab7110a80..da36f19f8 100644 --- a/lib/transfer.h +++ b/lib/transfer.h @@ -29,7 +29,6 @@ char *Curl_checkheaders(const struct connectdata *conn, void Curl_init_CONNECT(struct Curl_easy *data); CURLcode Curl_pretransfer(struct Curl_easy *data); -CURLcode Curl_second_connect(struct connectdata *conn); CURLcode Curl_posttransfer(struct Curl_easy *data); typedef enum { diff --git a/lib/url.h b/lib/url.h index 4db9e8653..7c87432c9 100644 --- a/lib/url.h +++ b/lib/url.h @@ -48,8 +48,6 @@ CURLcode Curl_open(struct Curl_easy **curl); CURLcode Curl_init_userdefined(struct Curl_easy *data); void Curl_freeset(struct Curl_easy * data); -/* free the URL pieces */ -void Curl_up_free(struct Curl_easy *data); CURLcode Curl_uc_to_curlcode(CURLUcode uc); CURLcode Curl_close(struct Curl_easy *data); /* opposite of curl_open() */ CURLcode Curl_connect(struct Curl_easy *, bool *async, bool *protocol_connect); @@ -71,7 +69,6 @@ int Curl_doing_getsock(struct connectdata *conn, CURLcode Curl_parse_login_details(const char *login, const size_t len, char **userptr, char **passwdptr, char **optionsptr); -void Curl_close_connections(struct Curl_easy *data); CURLcode Curl_upkeep(struct conncache *conn_cache, void *data); const struct Curl_handler *Curl_builtin_scheme(const char *scheme); diff --git a/lib/urlapi-int.h b/lib/urlapi-int.h index 5f059c203..d14d53d97 100644 --- a/lib/urlapi-int.h +++ b/lib/urlapi-int.h @@ -26,9 +26,6 @@ #define MAX_SCHEME_LEN 40 bool Curl_is_absolute_url(const char *url, char *scheme, size_t buflen); -char *Curl_concat_url(const char *base, const char *relurl); -size_t Curl_strlen_url(const char *url, bool relative); -void Curl_strcpy_url(char *output, const char *url, bool relative); #ifdef DEBUGBUILD CURLUcode Curl_parse_port(struct Curl_URL *u, char *hostname); -- cgit v1.2.3 From 26da21c84a1a4830c93fa515df4036f880f266f2 Mon Sep 17 00:00:00 2001 From: Gisle Vanem Date: Thu, 11 Jul 2019 02:26:57 -0400 Subject: system_win32: fix clang warning - Declare variable in header as extern. Bug: https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597 --- lib/system_win32.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/system_win32.h b/lib/system_win32.h index ef83a512c..d2882fce1 100644 --- a/lib/system_win32.h +++ b/lib/system_win32.h @@ -52,7 +52,7 @@ typedef enum { typedef unsigned int(WINAPI *IF_NAMETOINDEX_FN)(const char *); /* This is used instead of if_nametoindex if available on Windows */ -IF_NAMETOINDEX_FN Curl_if_nametoindex; +extern IF_NAMETOINDEX_FN Curl_if_nametoindex; /* This is used to verify if we are running on a specific windows version */ bool Curl_verify_windows_version(const unsigned int majorVersion, -- cgit v1.2.3 From 0428852c2ccb01823bfdd0954f731d33f41276f5 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Wed, 10 Jul 2019 13:12:40 +0200 Subject: DEPRECATE: fixup versions and spelling Correctly set the July 17 version to 7.65.2, and update spelling to be consistent. Also fix a typo. Closes https://github.com/curl/curl/pull/4107 --- docs/DEPRECATE.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/DEPRECATE.md b/docs/DEPRECATE.md index 94a5c6256..f04f0eeaa 100644 --- a/docs/DEPRECATE.md +++ b/docs/DEPRECATE.md @@ -25,7 +25,7 @@ in the September 2019 release (possibly called curl 7.68.0). The polarssl TLS library has not had an update in over three years. The last release was done on [January 7 2016](https://tls.mbed.org/tech-updates/releases). This library has been -superceded by the mbedTLS library, which is the current incarnation of +superseded by the mbedTLS library, which is the current incarnation of PolarSSL. curl has supported mbedTLS since 2015. It seems unlikely that this library is a good choice for users to get proper @@ -38,7 +38,7 @@ should also be able to update their TLS library. ### State -In the curl 7.66.0 release (July 17, 2019) the ability to build with this TLS +In the curl 7.65.2 release (July 17, 2019) the ability to build with this TLS backend is removed from the configure script. The code remains and can be built and used going forward, but it has to be manually enabled in a build (or the configure removal reverted). @@ -47,4 +47,5 @@ the configure removal reverted). The support for PolarSSL and all code for it will be completely removed from the curl code base six months after it ships disabled in configure in a -release. In the release on or near February 27, 2020. (Named 7.70.0?) +release. In the release on or near February 27, 2020. (possibly called curl +7.70.0). -- cgit v1.2.3 From ac3d19a26de79d9ec62d20a1a0b645d7ddcc40fd Mon Sep 17 00:00:00 2001 From: Juergen Hoetzel Date: Sun, 7 Jul 2019 17:10:24 +0200 Subject: smb: Use the correct error code for access denied on file open - Return CURLE_REMOTE_ACCESS_DENIED for SMB access denied on file open. Prior to this change CURLE_REMOTE_FILE_NOT_FOUND was returned instead. Closes https://github.com/curl/curl/pull/4095 --- lib/smb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/smb.c b/lib/smb.c index 5a4b7804d..870244cb7 100644 --- a/lib/smb.c +++ b/lib/smb.c @@ -785,6 +785,8 @@ static CURLcode smb_request_state(struct connectdata *conn, bool *done) case SMB_OPEN: if(h->status || smbc->got < sizeof(struct smb_nt_create_response)) { req->result = CURLE_REMOTE_FILE_NOT_FOUND; + if(h->status == smb_swap32(SMB_ERR_NOACCESS)) + req->result = CURLE_REMOTE_ACCESS_DENIED; next_state = SMB_TREE_DISCONNECT; break; } -- cgit v1.2.3 From 855887af7928d70a2938b7c9c750a0c237c47c15 Mon Sep 17 00:00:00 2001 From: Peter Simonyi Date: Wed, 10 Jul 2019 18:42:35 -0400 Subject: http: allow overriding timecond with custom header With CURLOPT_TIMECONDITION set, a header is automatically added (e.g. If-Modified-Since). Allow this to be replaced or suppressed with CURLOPT_HTTPHEADER. Fixes #4103 Closes #4109 --- lib/http.c | 14 +++++--- lib/http.h | 2 +- lib/rtsp.c | 2 +- tests/data/Makefile.inc | 2 +- tests/data/test1593 | 49 ++++++++++++++++++++++++++++ tests/libtest/Makefile.inc | 5 ++- tests/libtest/lib1593.c | 79 ++++++++++++++++++++++++++++++++++++++++++++++ 7 files changed, 145 insertions(+), 8 deletions(-) create mode 100644 tests/data/test1593 create mode 100644 tests/libtest/lib1593.c diff --git a/lib/http.c b/lib/http.c index ccf64a270..9fbd7201e 100644 --- a/lib/http.c +++ b/lib/http.c @@ -1881,9 +1881,10 @@ CURLcode Curl_add_custom_headers(struct connectdata *conn, } #ifndef CURL_DISABLE_PARSEDATE -CURLcode Curl_add_timecondition(struct Curl_easy *data, +CURLcode Curl_add_timecondition(const struct connectdata *conn, Curl_send_buffer *req_buffer) { + struct Curl_easy *data = conn->data; const struct tm *tm; struct tm keeptime; CURLcode result; @@ -1916,6 +1917,11 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, break; } + if(Curl_checkheaders(conn, condp)) { + /* A custom header was specified; it will be sent instead. */ + return CURLE_OK; + } + /* The If-Modified-Since header family should have their times set in * GMT as RFC2616 defines: "All HTTP date/time stamps MUST be * represented in Greenwich Mean Time (GMT), without exception. For the @@ -1941,10 +1947,10 @@ CURLcode Curl_add_timecondition(struct Curl_easy *data, } #else /* disabled */ -CURLcode Curl_add_timecondition(struct Curl_easy *data, +CURLcode Curl_add_timecondition(const struct connectdata *conn, Curl_send_buffer *req_buffer) { - (void)data; + (void)conn; (void)req_buffer; return CURLE_OK; } @@ -2683,7 +2689,7 @@ CURLcode Curl_http(struct connectdata *conn, bool *done) } #endif - result = Curl_add_timecondition(data, req_buffer); + result = Curl_add_timecondition(conn, req_buffer); if(result) return result; diff --git a/lib/http.h b/lib/http.h index 5af80e75d..72161f6b0 100644 --- a/lib/http.h +++ b/lib/http.h @@ -69,7 +69,7 @@ CURLcode Curl_add_buffer_send(Curl_send_buffer **inp, size_t included_body_bytes, int socketindex); -CURLcode Curl_add_timecondition(struct Curl_easy *data, +CURLcode Curl_add_timecondition(const struct connectdata *conn, Curl_send_buffer *buf); CURLcode Curl_add_custom_headers(struct connectdata *conn, bool is_connect, diff --git a/lib/rtsp.c b/lib/rtsp.c index 74cf23244..25e194a23 100644 --- a/lib/rtsp.c +++ b/lib/rtsp.c @@ -491,7 +491,7 @@ static CURLcode rtsp_do(struct connectdata *conn, bool *done) return result; if((rtspreq == RTSPREQ_SETUP) || (rtspreq == RTSPREQ_DESCRIBE)) { - result = Curl_add_timecondition(data, req_buffer); + result = Curl_add_timecondition(conn, req_buffer); if(result) return result; } diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index f28f24c8b..a8f85af54 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -177,7 +177,7 @@ test1540 test1541 \ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ test1558 test1559 test1560 test1561 test1562 \ \ -test1590 test1591 test1592 \ +test1590 test1591 test1592 test1593 \ \ test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 \ test1608 test1609 test1620 test1621 \ diff --git a/tests/data/test1593 b/tests/data/test1593 new file mode 100644 index 000000000..405aa84e5 --- /dev/null +++ b/tests/data/test1593 @@ -0,0 +1,49 @@ + + + +HTTP +HTTP GET +HTTP replaced headers +CURLOPT_TIMECONDITION +If-Modified-Since + + + +# Server-side + + +HTTP/1.1 304 Not Modified +Date: Thu, 11 Jul 2019 02:26:59 GMT +Server: test-server/swsclose + + + +# Client-side + + +http + + +HTTP custom header overrides CURLOPT_TIMECONDITION + + +lib1593 + + +http://%HOSTIP:%HTTPPORT/1593 + + + + + +^User-Agent:.* + +# Note here the lack of If-Modified-Since + +GET /1593 HTTP/1.1 +Host: %HOSTIP:%HTTPPORT +Accept: */* + + + + diff --git a/tests/libtest/Makefile.inc b/tests/libtest/Makefile.inc index 0eb99a1d8..f5effd97d 100644 --- a/tests/libtest/Makefile.inc +++ b/tests/libtest/Makefile.inc @@ -32,7 +32,7 @@ noinst_PROGRAMS = chkhostname libauthretry libntlmconnect \ lib1540 lib1541 \ lib1550 lib1551 lib1552 lib1553 lib1554 lib1555 lib1556 lib1557 \ lib1558 lib1559 lib1560 \ - lib1591 lib1592 \ + lib1591 lib1592 lib1593 \ lib1900 lib1905 lib1906 \ lib2033 @@ -541,6 +541,9 @@ lib1592_SOURCES = lib1592.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1592_LDADD = $(TESTUTIL_LIBS) lib1592_CPPFLAGS = $(AM_CPPFLAGS) -DLIB1592 +lib1593_SOURCES = lib1593.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) +lib1593_LDADD = $(TESTUTIL_LIBS) + lib1900_SOURCES = lib1900.c $(SUPPORTFILES) $(TESTUTIL) $(WARNLESS) lib1900_LDADD = $(TESTUTIL_LIBS) lib1900_CPPFLAGS = $(AM_CPPFLAGS) diff --git a/tests/libtest/lib1593.c b/tests/libtest/lib1593.c new file mode 100644 index 000000000..5408c724a --- /dev/null +++ b/tests/libtest/lib1593.c @@ -0,0 +1,79 @@ +/*************************************************************************** + * _ _ ____ _ + * Project ___| | | | _ \| | + * / __| | | | |_) | | + * | (__| |_| | _ <| |___ + * \___|\___/|_| \_\_____| + * + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. + * + * This software is licensed as described in the file COPYING, which + * you should have received as part of this distribution. The terms + * are also available at https://curl.haxx.se/docs/copyright.html. + * + * You may opt to use, copy, modify, merge, publish, distribute and/or sell + * copies of the Software, and permit persons to whom the Software is + * furnished to do so, under the terms of the COPYING file. + * + * This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY + * KIND, either express or implied. + * + ***************************************************************************/ + +/* Test suppressing the If-Modified-Since header */ + +#include "test.h" + +#include "memdebug.h" + +int test(char *URL) +{ + struct curl_slist *header = NULL; + long unmet; + CURL *curl = NULL; + int res = 0; + + global_init(CURL_GLOBAL_ALL); + + easy_init(curl); + + easy_setopt(curl, CURLOPT_URL, URL); + easy_setopt(curl, CURLOPT_TIMECONDITION, (long)CURL_TIMECOND_IFMODSINCE); + /* Some TIMEVALUE; it doesn't matter. */ + easy_setopt(curl, CURLOPT_TIMEVALUE, 1566210680L); + + header = curl_slist_append(NULL, "If-Modified-Since:"); + if(!header) { + res = TEST_ERR_MAJOR_BAD; + goto test_cleanup; + } + + easy_setopt(curl, CURLOPT_HTTPHEADER, header); + + res = curl_easy_perform(curl); + if(res) + goto test_cleanup; + + /* Confirm that the condition checking still worked, even though we + * suppressed the actual header. + * The server returns 304, which means the condition is "unmet". + */ + + res = curl_easy_getinfo(curl, CURLINFO_CONDITION_UNMET, &unmet); + if(res) + goto test_cleanup; + + if(unmet != 1L) { + res = TEST_ERR_FAILURE; + goto test_cleanup; + } + +test_cleanup: + + /* always cleanup */ + curl_easy_cleanup(curl); + curl_slist_free_all(header); + curl_global_cleanup(); + + return res; +} -- cgit v1.2.3 From 7e8f1916d6d90b6b2a68833846a52e1ea9dbb309 Mon Sep 17 00:00:00 2001 From: Zenju Date: Tue, 9 Jul 2019 11:24:41 +0200 Subject: openssl: define HAVE_SSL_GET_SHUTDOWN based on version number Closes #4100 --- configure.ac | 4 ---- lib/config-symbian.h | 5 +---- lib/config-vxworks.h | 3 --- lib/curl_config.h.cmake | 3 --- lib/vtls/openssl.c | 4 ++++ packages/vms/config_h.com | 13 ------------- 6 files changed, 5 insertions(+), 27 deletions(-) diff --git a/configure.ac b/configure.ac index dc97ba108..cbf038080 100755 --- a/configure.ac +++ b/configure.ac @@ -1826,13 +1826,9 @@ if test -z "$ssl_backends" -o "x$OPT_SSL" != xno && if test X"$OPENSSL_ENABLED" = X"1"; then dnl These can only exist if OpenSSL exists - dnl Older versions of Cyassl (some time before 2.9.4) don't have - dnl SSL_get_shutdown (but this check won't actually detect it there - dnl as it's a macro that needs the header files be included) dnl OpenSSL_version is introduced in 3.0.0 AC_CHECK_FUNCS( RAND_egd \ - SSL_get_shutdown \ SSLv2_client_method \ OpenSSL_version ) diff --git a/lib/config-symbian.h b/lib/config-symbian.h index d23de3325..b7b93c6f4 100644 --- a/lib/config-symbian.h +++ b/lib/config-symbian.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2016, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -478,9 +478,6 @@ /* Define to 1 if you have the `socket' function. */ #define HAVE_SOCKET 1 -/* Define to 1 if you have the `SSL_get_shutdown' function. */ -/*#define HAVE_SSL_GET_SHUTDOWN 1*/ - /* Define to 1 if you have the header file. */ /* #undef HAVE_SSL_H */ diff --git a/lib/config-vxworks.h b/lib/config-vxworks.h index 8790f8266..89af3525b 100644 --- a/lib/config-vxworks.h +++ b/lib/config-vxworks.h @@ -541,9 +541,6 @@ /* Define to 1 if you have the `socket' function. */ #define HAVE_SOCKET 1 -/* Define to 1 if you have the `SSL_get_shutdown' function. */ -#define HAVE_SSL_GET_SHUTDOWN 1 - /* Define to 1 if you have the header file. */ /* #undef HAVE_SSL_H */ diff --git a/lib/curl_config.h.cmake b/lib/curl_config.h.cmake index 3d96c498c..5458cbaca 100644 --- a/lib/curl_config.h.cmake +++ b/lib/curl_config.h.cmake @@ -587,9 +587,6 @@ /* Define to 1 if you have the `socket' function. */ #cmakedefine HAVE_SOCKET 1 -/* Define to 1 if you have the `SSL_get_shutdown' function. */ -#cmakedefine HAVE_SSL_GET_SHUTDOWN 1 - /* Define to 1 if you have the header file. */ #cmakedefine HAVE_SSL_H 1 diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 1d2ec04ed..fb9f27123 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -156,6 +156,10 @@ #define HAVE_X509_GET0_SIGNATURE 1 #endif +#if (OPENSSL_VERSION_NUMBER >= 0x1000200fL) /* 1.0.2 or later */ +#define HAVE_SSL_GET_SHUTDOWN 1 +#endif + #if OPENSSL_VERSION_NUMBER >= 0x10002003L && \ OPENSSL_VERSION_NUMBER <= 0x10002FFFL && \ !defined(OPENSSL_NO_COMP) diff --git a/packages/vms/config_h.com b/packages/vms/config_h.com index 0f1fa0f62..967eb40de 100644 --- a/packages/vms/config_h.com +++ b/packages/vms/config_h.com @@ -825,19 +825,6 @@ $ endif $ goto cfgh_in_loop1 $ endif $! -$ if key2 .eqs. "HAVE_SSL_GET_SHUTDOWN" -$ then -$ if f$search("''ssl_header_dir'ssl.h") .nes. "" -$ then -$ write tf "#ifndef ''key2'" -$ write tf "#define ''key2' 1" -$ write tf "#endif" -$ else -$ write tf "/* #undef ''key2' */" -$ endif -$ goto cfgh_in_loop1 -$ endif -$! $ if key2b .eqs. "RAND" .and. key2c .nes. "" .and. key2d .eqs. "" $ then $ if (key2c .eqs. "EGD") .or. - -- cgit v1.2.3 From 6080ea098d97393da32c6f66eb95c7144620298c Mon Sep 17 00:00:00 2001 From: Linos Giannopoulos Date: Fri, 5 Jul 2019 17:48:07 +0300 Subject: libcurl: Restrict redirect schemes All protocols except for CURLPROTO_FILE/CURLPROTO_SMB and their TLS counterpart were allowed for redirect. This vastly broadens the exploitation surface in case of a vulnerability such as SSRF [1], where libcurl-based clients are forced to make requests to arbitrary hosts. For instance, CURLPROTO_GOPHER can be used to smuggle any TCP-based protocol by URL-encoding a payload in the URI. Gopher will open a TCP connection and send the payload. Only HTTP/HTTPS and FTP are allowed. All other protocols have to be explicitly enabled for redirects through CURLOPT_REDIR_PROTOCOLS. [1]: https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/ Signed-off-by: Linos Giannopoulos Closes #4094 --- lib/url.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/lib/url.c b/lib/url.c index 22b930015..258f60c8f 100644 --- a/lib/url.c +++ b/lib/url.c @@ -488,9 +488,7 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) define since we internally only use the lower 16 bits for the passed in bitmask to not conflict with the private bits */ set->allowed_protocols = CURLPROTO_ALL; - set->redir_protocols = CURLPROTO_ALL & /* All except FILE, SCP and SMB */ - ~(CURLPROTO_FILE | CURLPROTO_SCP | CURLPROTO_SMB | - CURLPROTO_SMBS); + set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP; #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* -- cgit v1.2.3 From 797e549d0d6009b60786ac82465df26e1fc52ac6 Mon Sep 17 00:00:00 2001 From: Linos Giannopoulos Date: Wed, 10 Jul 2019 14:11:57 +0300 Subject: libcurl: Add testcase for gopher redirects The testcase ensures that redirects to CURLPROTO_GOPHER won't be allowed, by default, in the future. Also, curl is being used for convenience while keeping the testcases DRY. The expected error code is CURLE_UNSUPPORTED_PROTOCOL when the client is redirected to CURLPROTO_GOPHER Signed-off-by: Linos Giannopoulos --- tests/data/Makefile.inc | 2 +- tests/data/test1563 | 51 +++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 tests/data/test1563 diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index a8f85af54..6c5ace0b6 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -175,7 +175,7 @@ test1525 test1526 test1527 test1528 test1529 test1530 test1531 test1532 \ test1533 test1534 test1535 test1536 test1537 test1538 \ test1540 test1541 \ test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 \ -test1558 test1559 test1560 test1561 test1562 \ +test1558 test1559 test1560 test1561 test1562 test1563 \ \ test1590 test1591 test1592 test1593 \ \ diff --git a/tests/data/test1563 b/tests/data/test1563 new file mode 100644 index 000000000..a3597b9b5 --- /dev/null +++ b/tests/data/test1563 @@ -0,0 +1,51 @@ + + + +GOPHER +HTTP GET +followlocation + + + +# Server-side + + +HTTP/1.1 302 OK +Date: Thu, 09 Nov 2010 14:49:00 GMT +Server: test-server/fake +Content-Length: 7 +Location: gopher://www.example.co.uk + +nomnom + + + +# Client-side + + +http + + +Make sure redirects to CURLPROTO_GOPHER are forbidden by default + + +http://%HOSTIP:%HTTPPORT/15630001 -L -H "Host: www.example.com" + + + + +^User-Agent:.* + + +1 + + +GET /15630001 HTTP/1.1 +Host: www.example.com +Accept: */* + + + + + + -- cgit v1.2.3 From 02a62074c77e5932655a136b39637051bfac30d6 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 14 Jul 2019 16:32:50 +0200 Subject: libcurl-security.3: update to new CURLOPT_REDIR_PROTOCOLS defaults follow-up to 6080ea098 --- docs/libcurl/libcurl-security.3 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3 index 0cfdddea8..cdb97915c 100644 --- a/docs/libcurl/libcurl-security.3 +++ b/docs/libcurl/libcurl-security.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -97,8 +97,8 @@ Never ever switch off certificate verification. The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP redirects sent by a remote server. These redirects can refer to any kind of URL, not just HTTP. libcurl restricts the protocols allowed to be used in -redirects for security reasons: FILE, SCP, SMB and SMBS are disabled by -default. Applications are encouraged to restrict that set further. +redirects for security reasons: only HTTP, HTTPS and FTP are enabled by +default. Applications may opt to restrict thus set further. A redirect to a file: URL would cause the libcurl to read (or write) arbitrary files from the local filesystem. If the application returns the data back to -- cgit v1.2.3 From 4c91ab7b2f757aa87d992a167a9815f2a92dea76 Mon Sep 17 00:00:00 2001 From: Bjarni Ingi Gislason Date: Tue, 2 Apr 2019 21:55:11 +0000 Subject: docs: Fix missing lines caused by undefined macros - Escape apostrophes at line start. Some lines begin with a "'" (apostrophe, single quote), which is then interpreted as a control character in *roff. Such lines are interpreted as being a call to a macro, and if undefined, the lines are removed from the output. Bug: https://bugs.debian.org/926352 Signed-off-by: Bjarni Ingi Gislason Submitted-by: Alessandro Ghedini Closes https://github.com/curl/curl/pull/4111 --- docs/cmdline-opts/data.d | 2 +- docs/cmdline-opts/key.d | 2 +- docs/cmdline-opts/proto.d | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/cmdline-opts/data.d b/docs/cmdline-opts/data.d index 7d499665e..d18312aaa 100644 --- a/docs/cmdline-opts/data.d +++ b/docs/cmdline-opts/data.d @@ -24,7 +24,7 @@ chunk that looks like \&'name=daniel&skill=lousy'. If you start the data with the letter @, the rest should be a file name to read the data from, or - if you want curl to read the data from stdin. Multiple files can also be specified. Posting data from a file named -'foobar' would thus be done with --data @foobar. When --data is told to read +\&'foobar' would thus be done with --data @foobar. When --data is told to read from a file like that, carriage returns and newlines will be stripped out. If you don't want the @ character to have a special interpretation use --data-raw instead. diff --git a/docs/cmdline-opts/key.d b/docs/cmdline-opts/key.d index 4877b4238..855e2f7b6 100644 --- a/docs/cmdline-opts/key.d +++ b/docs/cmdline-opts/key.d @@ -5,7 +5,7 @@ Help: Private key file name --- Private key file name. Allows you to provide your private key in this separate file. For SSH, if not specified, curl tries the following candidates in order: -'~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. +\&'~/.ssh/id_rsa', '~/.ssh/id_dsa', './id_rsa', './id_dsa'. If curl is built against OpenSSL library, and the engine pkcs11 is available, then a PKCS#11 URI (RFC 7512) can be used to specify a private key located in a diff --git a/docs/cmdline-opts/proto.d b/docs/cmdline-opts/proto.d index 1513fdc05..e1ece1788 100644 --- a/docs/cmdline-opts/proto.d +++ b/docs/cmdline-opts/proto.d @@ -6,7 +6,7 @@ Added: 7.20.2 --- Tells curl to limit what protocols it may use in the transfer. Protocols are evaluated left to right, are comma separated, and are each a protocol name or -'all', optionally prefixed by zero or more modifiers. Available modifiers are: +\&'all', optionally prefixed by zero or more modifiers. Available modifiers are: .RS .TP 3 .B + -- cgit v1.2.3 From 7fb66c403474174b2563ee605f0c7e89572a1ef2 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jul 2019 01:38:39 +0200 Subject: test1173: detect some basic man page format mistakes Triggered by PR #4111 Closes #4113 --- tests/data/Makefile.inc | 2 +- tests/data/test1173 | 26 ++++++++++++++++++++ tests/manpage-syntax.pl | 63 +++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 90 insertions(+), 1 deletion(-) create mode 100644 tests/data/test1173 create mode 100644 tests/manpage-syntax.pl diff --git a/tests/data/Makefile.inc b/tests/data/Makefile.inc index 6c5ace0b6..6ec5a3c18 100644 --- a/tests/data/Makefile.inc +++ b/tests/data/Makefile.inc @@ -129,7 +129,7 @@ test1136 test1137 test1138 test1139 test1140 test1141 test1142 test1143 \ test1144 test1145 test1146 test1147 test1148 test1149 test1150 test1151 \ test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 \ test1160 test1161 test1162 test1163 test1164 test1165 \ -test1170 test1171 test1172 \ +test1170 test1171 test1172 test1173 \ \ test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 \ test1208 test1209 test1210 test1211 test1212 test1213 test1214 test1215 \ diff --git a/tests/data/test1173 b/tests/data/test1173 new file mode 100644 index 000000000..d48996552 --- /dev/null +++ b/tests/data/test1173 @@ -0,0 +1,26 @@ + + + +source analysis +documentation +--manual + + + +# +# Client-side + + +none + + + +Basic man page syntax check + + + +%SRCDIR/manpage-syntax.pl %SRCDIR/../docs/*.1 %SRCDIR/../docs/libcurl/*.3 + + + + diff --git a/tests/manpage-syntax.pl b/tests/manpage-syntax.pl new file mode 100644 index 000000000..7a7137a70 --- /dev/null +++ b/tests/manpage-syntax.pl @@ -0,0 +1,63 @@ +#!/usr/bin/env perl +#*************************************************************************** +# _ _ ____ _ +# Project ___| | | | _ \| | +# / __| | | | |_) | | +# | (__| |_| | _ <| |___ +# \___|\___/|_| \_\_____| +# +# Copyright (C) 2019, Daniel Stenberg, , et al. +# +# This software is licensed as described in the file COPYING, which +# you should have received as part of this distribution. The terms +# are also available at https://curl.haxx.se/docs/copyright.html. +# +# You may opt to use, copy, modify, merge, publish, distribute and/or sell +# copies of the Software, and permit persons to whom the Software is +# furnished to do so, under the terms of the COPYING file. +# +# This software is distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY +# KIND, either express or implied. +# +########################################################################### +# +# Scan man page(s) and detect some simple and yet common formatting mistakes. +# +# Output all deviances to stderr. + +use strict; +use warnings; + +# we may get the dir roots pointed out +my @manpages=@ARGV; +my $errors = 0; + +sub scanmanpage { + my ($file) = @_; + + print "Check $file\n"; + open(M, "<$file") || die "no such file: $file"; + my $line = 1; + while() { + if($_ =~ /^\'/) { + print STDERR "$file:$line line starts with single quote!\n"; + $errors++; + } + if($_ =~ /\\f([BI])(.*)/) { + my ($format, $rest) = ($1, $2); + if($rest !~ /\\fP/) { + print STDERR "$file:$line missing \\f${format} terminator!\n"; + $errors++; + } + } + $line++; + } + close(M); +} + + +for my $m (@manpages) { + scanmanpage($m); +} + +exit $errors; -- cgit v1.2.3 From 275b74a53d47174fcc29bab2fc23f599e1205f41 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jul 2019 15:24:25 +0200 Subject: dist: add manpage-syntax.pl follow-up to 7fb66c403 --- tests/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile.am b/tests/Makefile.am index dd9b4e3ca..f830ae417 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -38,7 +38,7 @@ EXTRA_DIST = ftpserver.pl httpserver.pl secureserver.pl runtests.pl \ CMakeLists.txt mem-include-scan.pl valgrind.supp extern-scan.pl \ manpage-scan.pl nroff-scan.pl http2-server.pl dictserver.py \ negtelnetserver.py $(SMBDEPS) objnames-test08.sh objnames-test10.sh \ - objnames.inc disable-scan.pl + objnames.inc disable-scan.pl manpage-syntax.pl DISTCLEANFILES = configurehelp.pm -- cgit v1.2.3 From 952998cbdb86a6b177881a013021c588a53e5801 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jul 2019 23:52:43 +0200 Subject: curl: only accept COLUMNS less than 10000 ... as larger values would rather indicate something silly (and could potentially cause buffer problems). Reported-by: pendrek at hackerone Closes #4114 --- src/tool_cb_prg.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/tool_cb_prg.c b/src/tool_cb_prg.c index 05fe0e636..a18827c8b 100644 --- a/src/tool_cb_prg.c +++ b/src/tool_cb_prg.c @@ -210,7 +210,8 @@ void progressbarinit(struct ProgressData *bar, if(colp) { char *endptr; long num = strtol(colp, &endptr, 10); - if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20)) + if((endptr != colp) && (endptr == colp + strlen(colp)) && (num > 20) && + (num < 10000)) bar->width = (int)num; curl_free(colp); } -- cgit v1.2.3 From 647e726d78798356b5af7585ededd762ba76df6e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 16 Jul 2019 11:23:59 +0200 Subject: test1173: make it also check all libcurl option man pages ... and adjust those that cause errors Closes #4116 --- docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 | 20 ++++++++++---------- docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 | 9 +++++---- docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 | 11 ++++------- docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 | 18 +++++++++--------- docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 | 4 ++-- docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 | 10 ++++------ tests/data/test1173 | 2 +- 7 files changed, 35 insertions(+), 39 deletions(-) diff --git a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 index b4a74a92e..6abebd32f 100644 --- a/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 +++ b/docs/libcurl/opts/CURLINFO_TLS_SSL_PTR.3 @@ -95,26 +95,26 @@ If the \fIinternals\fP pointer is NULL then either the SSL backend is not supported, an SSL session has not yet been established or the connection is no longer associated with the easy handle (eg curl_easy_perform has returned). .SH LIMITATIONS -\fBThis option has some limitations that could make it unsafe when it comes to -the manual verification of certificates.\fP +This option has some limitations that could make it unsafe when it comes to +the manual verification of certificates. This option only retrieves the first in-use SSL session pointer for your easy handle, however your easy handle may have more than one in-use SSL session if using FTP over SSL. That is because the FTP protocol has a control channel and -a data channel and one or both may be over SSL. \fBCurrently there is no way to -retrieve a second in-use SSL session associated with an easy handle.\fP +a data channel and one or both may be over SSL. Currently there is no way to +retrieve a second in-use SSL session associated with an easy handle. -This option has not been thoroughly tested with plaintext protocols that can be -upgraded/downgraded to/from SSL: FTP, SMTP, POP3, IMAP when used with +This option has not been thoroughly tested with plaintext protocols that can +be upgraded/downgraded to/from SSL: FTP, SMTP, POP3, IMAP when used with \fICURLOPT_USE_SSL(3)\fP. Though you will be able to retrieve the SSL pointer, -it's possible that before you can do that \fBdata (including auth) may have -already been sent over a connection after it was upgraded.\fP +it's possible that before you can do that data (including auth) may have +already been sent over a connection after it was upgraded. Renegotiation. If unsafe renegotiation or renegotiation in a way that the certificate is allowed to change is allowed by your SSL library this may occur -and the certificate may change, and \fBdata may continue to be sent or received +and the certificate may change, and data may continue to be sent or received after renegotiation but before you are able to get the (possibly) changed SSL -pointer,\fP with the (possibly) changed certificate information. +pointer, with the (possibly) changed certificate information. If you are using OpenSSL or wolfSSL then \fICURLOPT_SSL_CTX_FUNCTION(3)\fP can be used to set a certificate verification callback in the CTX. That is safer diff --git a/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 b/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 index 403a7a510..38ce4c73b 100644 --- a/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 +++ b/docs/libcurl/opts/CURLOPT_MAIL_RCPT.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -31,9 +31,10 @@ CURLcode curl_easy_setopt(CURL *handle, CURLOPT_MAIL_RCPT, struct curl_slist *rcpts); .SH DESCRIPTION Pass a pointer to a linked list of recipients to pass to the server in your -SMTP mail request. The linked list should be a fully valid list of \fBstruct -curl_slist\fP structs properly filled in. Use \fIcurl_slist_append(3)\fP to -create the list and \fIcurl_slist_free_all(3)\fP to clean up an entire list. +SMTP mail request. The linked list should be a fully valid list of +\fBstruct curl_slist\fP structs properly filled in. Use +\fIcurl_slist_append(3)\fP to create the list and \fIcurl_slist_free_all(3)\fP +to clean up an entire list. When performing a mail transfer, each recipient should be specified within a pair of angled brackets (<>), however, should you not use an angled bracket as diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 index 0d09a2ce7..e38852e6c 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSL_OPTIONS.3 @@ -39,13 +39,10 @@ lessens the security, and by setting this option to 1 you ask for exactly that. This option is only supported for DarwinSSL, NSS and OpenSSL. \fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation -checks for those SSL backends where such behavior is present. \fBCurrently -this option is only supported for Schannel (the native Windows SSL library), -with an exception in the case of Windows' Untrusted Publishers blacklist which -it seems can't be bypassed.\fP This option may have broader support to -accommodate other SSL backends in the future. -https://curl.haxx.se/docs/ssl-compared.html - +checks for those SSL backends where such behavior is present. This option is +only supported for Schannel (the native Windows SSL library), with an +exception in the case of Windows' Untrusted Publishers blacklist which it +seems can't be bypassed. .SH DEFAULT 0 .SH PROTOCOLS diff --git a/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 b/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 index 07ac517df..6e2727d2d 100644 --- a/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 +++ b/docs/libcurl/opts/CURLOPT_RTSP_REQUEST.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2014, 2017, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -33,15 +33,15 @@ enum values as a long in the \fIrequest\fP argument. Unless noted otherwise, commands require the Session ID to be initialized. .IP CURL_RTSPREQ_OPTIONS Used to retrieve the available methods of the server. The application is -responsible for parsing and obeying the response. \fB(The session ID is not -needed for this method.)\fP +responsible for parsing and obeying the response. The session ID is not needed +for this method. .IP CURL_RTSPREQ_DESCRIBE Used to get the low level description of a stream. The application should note what formats it understands in the \fI'Accept:'\fP header. Unless set -manually, libcurl will automatically fill in \fI'Accept: -application/sdp'\fP. Time-condition headers will be added to Describe requests -if the \fICURLOPT_TIMECONDITION(3)\fP option is active. \fB(The session ID is -not needed for this method)\fP +manually, libcurl will automatically fill in \fI'Accept: application/sdp'\fP. +Time-condition headers will be added to Describe requests if the +\fICURLOPT_TIMECONDITION(3)\fP option is active. \fB(The session ID is not +needed for this method)\fP .IP CURL_RTSPREQ_ANNOUNCE When sent by a client, this method changes the description of the session. For example, if a client is using the server to record a meeting, the client can @@ -53,8 +53,8 @@ Setup is used to initialize the transport layer for the session. The application must set the desired Transport options for a session by using the \fICURLOPT_RTSP_TRANSPORT(3)\fP option prior to calling setup. If no session ID is currently set with \fICURLOPT_RTSP_SESSION_ID(3)\fP, libcurl will -extract and use the session ID in the response to this request. \fB(The -session ID is not needed for this method).\fP +extract and use the session ID in the response to this request. The session ID +is not needed for this method. .IP CURL_RTSPREQ_PLAY Send a Play command to the server. Use the \fICURLOPT_RANGE(3)\fP option to modify the playback time (e.g. 'npt=10-15'). diff --git a/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 b/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 index 3bdf4e414..b680eb466 100644 --- a/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 +++ b/docs/libcurl/opts/CURLOPT_RTSP_STREAM_URI.3 @@ -5,7 +5,7 @@ .\" * | (__| |_| | _ <| |___ .\" * \___|\___/|_| \_\_____| .\" * -.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. +.\" * Copyright (C) 1998 - 2019, Daniel Stenberg, , et al. .\" * .\" * This software is licensed as described in the file COPYING, which .\" * you should have received as part of this distribution. The terms @@ -42,7 +42,7 @@ examples might be set to \fIrtsp://foo/twister\fP The application does not have to keep the string around after setting this option. .SH DEFAULT -'*' +\&'*' .SH PROTOCOLS RTSP .SH EXAMPLE diff --git a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 index cd65409c5..ace496abc 100644 --- a/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 +++ b/docs/libcurl/opts/CURLOPT_SSL_OPTIONS.3 @@ -41,12 +41,10 @@ This option is only supported for DarwinSSL, NSS and OpenSSL. Added in 7.44.0: \fICURLSSLOPT_NO_REVOKE\fP tells libcurl to disable certificate revocation -checks for those SSL backends where such behavior is present. \fBCurrently this -option is only supported for Schannel (the native Windows SSL library), with an -exception in the case of Windows' Untrusted Publishers blacklist which it seems -can't be bypassed.\fP This option may have broader support to accommodate other -SSL backends in the future. -https://curl.haxx.se/docs/ssl-compared.html +checks for those SSL backends where such behavior is present. This option is +only supported for Schannel (the native Windows SSL library), with an +exception in the case of Windows' Untrusted Publishers blacklist which it +seems can't be bypassed. .SH DEFAULT 0 .SH PROTOCOLS diff --git a/tests/data/test1173 b/tests/data/test1173 index d48996552..dd09f81d8 100644 --- a/tests/data/test1173 +++ b/tests/data/test1173 @@ -19,7 +19,7 @@ Basic man page syntax check -%SRCDIR/manpage-syntax.pl %SRCDIR/../docs/*.1 %SRCDIR/../docs/libcurl/*.3 +%SRCDIR/manpage-syntax.pl %SRCDIR/../docs/*.1 %SRCDIR/../docs/libcurl/*.3 %SRCDIR/../docs/libcurl/opts/*.3 -- cgit v1.2.3 From e8442e4ffcecf3e290c7e26c44e4aa313e016f9a Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 16 Jul 2019 03:35:54 -0400 Subject: libcurl: Restrict redirect schemes (follow-up) - Allow FTPS on redirect. - Update default allowed redirect protocols in documentation. Follow-up to 6080ea0. Ref: https://github.com/curl/curl/pull/4094 Closes https://github.com/curl/curl/pull/4115 --- docs/cmdline-opts/proto-redir.d | 9 +++++---- docs/libcurl/libcurl-security.3 | 4 ++-- docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 | 3 ++- docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 | 9 +++++---- include/curl/curl.h | 3 +-- lib/setopt.c | 3 +-- lib/url.c | 3 ++- 7 files changed, 18 insertions(+), 16 deletions(-) diff --git a/docs/cmdline-opts/proto-redir.d b/docs/cmdline-opts/proto-redir.d index c9eeeab1d..a1205dd03 100644 --- a/docs/cmdline-opts/proto-redir.d +++ b/docs/cmdline-opts/proto-redir.d @@ -11,7 +11,8 @@ Example, allow only HTTP and HTTPS on redirect: curl --proto-redir -all,http,https http://example.com -By default curl will allow all protocols on redirect except several disabled -for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 -SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP enables all -protocols on redirect, including those disabled for security. +By default curl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). +Older versions of curl allowed all protocols on redirect except several +disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and +since 7.40.0 SMB and SMBS are also disabled. Specifying \fIall\fP or \fI+all\fP +enables all protocols on redirect, including those disabled for security. diff --git a/docs/libcurl/libcurl-security.3 b/docs/libcurl/libcurl-security.3 index cdb97915c..da45ed7f6 100644 --- a/docs/libcurl/libcurl-security.3 +++ b/docs/libcurl/libcurl-security.3 @@ -97,8 +97,8 @@ Never ever switch off certificate verification. The \fICURLOPT_FOLLOWLOCATION(3)\fP option automatically follows HTTP redirects sent by a remote server. These redirects can refer to any kind of URL, not just HTTP. libcurl restricts the protocols allowed to be used in -redirects for security reasons: only HTTP, HTTPS and FTP are enabled by -default. Applications may opt to restrict thus set further. +redirects for security reasons: only HTTP, HTTPS, FTP and FTPS are +enabled by default. Applications may opt to restrict that set further. A redirect to a file: URL would cause the libcurl to read (or write) arbitrary files from the local filesystem. If the application returns the data back to diff --git a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 index f8d2b1889..d9f453817 100644 --- a/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 +++ b/docs/libcurl/opts/CURLOPT_FOLLOWLOCATION.3 @@ -39,7 +39,8 @@ libcurl will follow. libcurl limits what protocols it automatically follows to. The accepted protocols are set with \fICURLOPT_REDIR_PROTOCOLS(3)\fP. By default libcurl -will allow all protocols on redirect except those disabled for security +will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). Older versions of +libcurl allowed all protocols on redirect except those disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 SMB and SMBS are also disabled. diff --git a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 index 3a5c3fcdc..f8901108b 100644 --- a/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 +++ b/docs/libcurl/opts/CURLOPT_REDIR_PROTOCOLS.3 @@ -37,10 +37,11 @@ redirections. Protocols denied by \fICURLOPT_PROTOCOLS(3)\fP are not overridden by this option. -By default libcurl will allow all protocols on redirect except several disabled -for security reasons: Since 7.19.4 FILE and SCP are disabled, and since 7.40.0 -SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all protocols on -redirect, including those disabled for security. +By default libcurl will allow HTTP, HTTPS, FTP and FTPS on redirect (7.65.2). +Older versions of libcurl allowed all protocols on redirect except several +disabled for security reasons: Since 7.19.4 FILE and SCP are disabled, and +since 7.40.0 SMB and SMBS are also disabled. \fICURLPROTO_ALL\fP enables all +protocols on redirect, including those disabled for security. These are the available protocol defines: .nf diff --git a/include/curl/curl.h b/include/curl/curl.h index 20f0d7155..19f6c0b5a 100644 --- a/include/curl/curl.h +++ b/include/curl/curl.h @@ -1574,8 +1574,7 @@ typedef enum { /* set the bitmask for the protocols that libcurl is allowed to follow to, as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs - to be set in both bitmasks to be allowed to get redirected to. Defaults - to all protocols except FILE and SCP. */ + to be set in both bitmasks to be allowed to get redirected to. */ CINIT(REDIR_PROTOCOLS, LONG, 182), /* set the SSH knownhost file name to use */ diff --git a/lib/setopt.c b/lib/setopt.c index bdfe86ac7..1dbf00faf 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -2374,8 +2374,7 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) case CURLOPT_REDIR_PROTOCOLS: /* set the bitmask for the protocols that libcurl is allowed to follow to, as a subset of the CURLOPT_PROTOCOLS ones. That means the protocol needs - to be set in both bitmasks to be allowed to get redirected to. Defaults - to all protocols except FILE and SCP. */ + to be set in both bitmasks to be allowed to get redirected to. */ data->set.redir_protocols = va_arg(param, long); break; diff --git a/lib/url.c b/lib/url.c index 258f60c8f..2b47b235d 100644 --- a/lib/url.c +++ b/lib/url.c @@ -488,7 +488,8 @@ CURLcode Curl_init_userdefined(struct Curl_easy *data) define since we internally only use the lower 16 bits for the passed in bitmask to not conflict with the private bits */ set->allowed_protocols = CURLPROTO_ALL; - set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP; + set->redir_protocols = CURLPROTO_HTTP | CURLPROTO_HTTPS | CURLPROTO_FTP | + CURLPROTO_FTPS; #if defined(HAVE_GSSAPI) || defined(USE_WINDOWS_SSPI) /* -- cgit v1.2.3 From c7f3c073f4821ed70281c4867b796cb3522dc6e0 Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Tue, 16 Jul 2019 12:27:35 -0400 Subject: docs: Explain behavior change in --tlsv1. options since 7.54 Since 7.54 --tlsv1. options use the specified version or later, however older versions of curl documented it as using just the specified version which may or may not have happened depending on the TLS library. Document this discrepancy to allay confusion for users familiar with the old documentation that expect just the specified version. Fixes https://github.com/curl/curl/issues/4097 Closes https://github.com/curl/curl/pull/4119 --- docs/cmdline-opts/tlsv1.0.d | 4 ++++ docs/cmdline-opts/tlsv1.1.d | 4 ++++ docs/cmdline-opts/tlsv1.2.d | 4 ++++ docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 | 5 +++++ docs/libcurl/opts/CURLOPT_SSLVERSION.3 | 5 +++++ 5 files changed, 22 insertions(+) diff --git a/docs/cmdline-opts/tlsv1.0.d b/docs/cmdline-opts/tlsv1.0.d index 312b67b3f..2b1f0156a 100644 --- a/docs/cmdline-opts/tlsv1.0.d +++ b/docs/cmdline-opts/tlsv1.0.d @@ -4,3 +4,7 @@ Protocols: TLS Added: 7.34.0 --- Forces curl to use TLS version 1.0 or later when connecting to a remote TLS server. + +In old versions of curl this option was documented to allow _only_ TLS 1.0, +but behavior was inconsistent depending on the TLS library. Use --tls-max if +you want to set a maximum TLS version. diff --git a/docs/cmdline-opts/tlsv1.1.d b/docs/cmdline-opts/tlsv1.1.d index 8182ac6d5..405d552bb 100644 --- a/docs/cmdline-opts/tlsv1.1.d +++ b/docs/cmdline-opts/tlsv1.1.d @@ -4,3 +4,7 @@ Protocols: TLS Added: 7.34.0 --- Forces curl to use TLS version 1.1 or later when connecting to a remote TLS server. + +In old versions of curl this option was documented to allow _only_ TLS 1.1, +but behavior was inconsistent depending on the TLS library. Use --tls-max if +you want to set a maximum TLS version. diff --git a/docs/cmdline-opts/tlsv1.2.d b/docs/cmdline-opts/tlsv1.2.d index 7ba440225..bdf1fcf62 100644 --- a/docs/cmdline-opts/tlsv1.2.d +++ b/docs/cmdline-opts/tlsv1.2.d @@ -4,3 +4,7 @@ Protocols: TLS Added: 7.34.0 --- Forces curl to use TLS version 1.2 or later when connecting to a remote TLS server. + +In old versions of curl this option was documented to allow _only_ TLS 1.2, +but behavior was inconsistent depending on the TLS library. Use --tls-max if +you want to set a maximum TLS version. diff --git a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 index 9dc69959c..204a7a997 100644 --- a/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_PROXY_SSLVERSION.3 @@ -69,6 +69,11 @@ The flag defines maximum supported TLS version as TLSv1.2. The flag defines maximum supported TLS version as TLSv1.3. (Added in 7.54.0) .RE + +In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were +documented to allow \fIonly\fP the specified TLS version, but behavior was +inconsistent depending on the TLS library. + .SH DEFAULT CURL_SSLVERSION_DEFAULT .SH PROTOCOLS diff --git a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 index 42ef20abc..354b004e6 100644 --- a/docs/libcurl/opts/CURLOPT_SSLVERSION.3 +++ b/docs/libcurl/opts/CURLOPT_SSLVERSION.3 @@ -79,6 +79,11 @@ The flag defines maximum supported TLS version as TLS v1.2. The flag defines maximum supported TLS version as TLS v1.3. (Added in 7.54.0) .RE + +In versions of curl prior to 7.54 the CURL_SSLVERSION_TLS options were +documented to allow \fIonly\fP the specified TLS version, but behavior was +inconsistent depending on the TLS library. + .SH DEFAULT CURL_SSLVERSION_DEFAULT .SH PROTOCOLS -- cgit v1.2.3 From e5b371dc51cb957984a0a2cbfe698f41876debed Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Fri, 12 Jul 2019 16:13:31 +0200 Subject: nss: inspect returnvalue of token check PK11_IsPresent() checks for the token for the given slot is available, and sets needlogin flags for the PK11_Authenticate() call. Should it return false, we should however treat it as an error and bail out. Closes https://github.com/curl/curl/pull/4110 --- lib/vtls/nss.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c index 85b851ff8..482fd5e99 100644 --- a/lib/vtls/nss.c +++ b/lib/vtls/nss.c @@ -691,7 +691,10 @@ static CURLcode nss_load_key(struct connectdata *conn, int sockindex, tmp = SECMOD_WaitForAnyTokenEvent(pem_module, 0, 0); if(tmp) PK11_FreeSlot(tmp); - PK11_IsPresent(slot); + if(!PK11_IsPresent(slot)) { + PK11_FreeSlot(slot); + return CURLE_SSL_CERTPROBLEM; + } status = PK11_Authenticate(slot, PR_TRUE, SSL_SET_OPTION(key_passwd)); PK11_FreeSlot(slot); -- cgit v1.2.3 From fea0120312f0e6a74b9dcc2a194c76c87c727ffe Mon Sep 17 00:00:00 2001 From: georgeok Date: Wed, 10 Jul 2019 14:34:17 +0300 Subject: CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH If the SSL backend is Schannel and the user specifies an Schannel CALG_ that is not supported by the protocol or the server then curl returns CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH. Fixes https://github.com/curl/curl/issues/3389 Closes https://github.com/curl/curl/pull/4106 --- docs/CIPHERS.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/CIPHERS.md b/docs/CIPHERS.md index 5b2dde189..19aedf36f 100644 --- a/docs/CIPHERS.md +++ b/docs/CIPHERS.md @@ -461,6 +461,12 @@ specific ciphersuites. They are [defined](https://docs.microsoft.com/windows/desktop/SecCrypto/alg-id) by Microsoft. +There is also the case that the selected algorithm is not supported by the +protocol or does not match the ciphers offered by the server during the SSL +negotiation. In this case curl will return error +`CURLE_SSL_CONNECT_ERROR (35) SEC_E_ALGORITHM_MISMATCH` +and the request will fail. + `CALG_MD2`, `CALG_MD4`, `CALG_MD5`, -- cgit v1.2.3 From fdcb0f40c374246c4db8659b816832f05cb10de2 Mon Sep 17 00:00:00 2001 From: Stefano Simonelli Date: Tue, 16 Jul 2019 16:34:09 +0200 Subject: CURLOPT_SEEKDATA.3: fix variable name Closes https://github.com/curl/curl/pull/4118 --- docs/libcurl/opts/CURLOPT_SEEKDATA.3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/libcurl/opts/CURLOPT_SEEKDATA.3 b/docs/libcurl/opts/CURLOPT_SEEKDATA.3 index 6ffa7d12a..6541f74dc 100644 --- a/docs/libcurl/opts/CURLOPT_SEEKDATA.3 +++ b/docs/libcurl/opts/CURLOPT_SEEKDATA.3 @@ -40,7 +40,7 @@ HTTP, FTP, SFTP static int seek_cb(void *userp, curl_off_t offset, int origin) { struct data *d = (struct data *)userp; - lseek(our_fd, offset, origin); + lseek(d->our_fd, offset, origin); return CURL_SEEKFUNC_OK; } -- cgit v1.2.3 From 28f6fda8dcedbe49dcbdb5c5d3a272486d559abc Mon Sep 17 00:00:00 2001 From: Jay Satiro Date: Wed, 17 Jul 2019 01:45:26 -0400 Subject: CURLOPT_RANGE.3: Caution against using it for HTTP PUT AFAICT CURLOPT_RANGE does not support ranged HTTP PUT uploads so I've cautioned against using it for that purpose and included a workaround. Bug: https://curl.haxx.se/mail/lib-2019-04/0075.html Reported-by: Christopher Head Closes https://github.com/curl/curl/issues/3814 --- docs/libcurl/opts/CURLOPT_RANGE.3 | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/libcurl/opts/CURLOPT_RANGE.3 b/docs/libcurl/opts/CURLOPT_RANGE.3 index e90696c01..02ac2762b 100644 --- a/docs/libcurl/opts/CURLOPT_RANGE.3 +++ b/docs/libcurl/opts/CURLOPT_RANGE.3 @@ -43,6 +43,14 @@ For RTSP, the formatting of a range should follow RFC2326 Section 12.29. For RTSP, byte ranges are \fBnot\fP permitted. Instead, ranges should be given in npt, utc, or smpte formats. +For HTTP PUT uploads this option should not be used, since it may conflict with +other options. If you need to upload arbitrary parts of a file (like for +Amazon's web services) support is limited. We suggest set resume position using +\fICURLOPT_RESUME_FROM(3)\fP, set end (resume+size) position using +\fICURLOPT_INFILESIZE(3)\fP and seek to the resume position before initiating +the transfer for each part. For more information refer to +https://curl.haxx.se/mail/lib-2019-05/0012.html + Pass a NULL to this option to disable the use of ranges. The application does not have to keep the string around after setting this -- cgit v1.2.3 From 2527eca91e768e5192a77c1721d02b0ffc253df2 Mon Sep 17 00:00:00 2001 From: aasivov Date: Wed, 17 Jul 2019 02:01:45 -0400 Subject: cmake: Fix finding Brotli on case-sensitive file systems - Find package "Brotli" instead of "BROTLI" since the former is the casing used for CMake/FindBrotli.cmake, and otherwise find_package may fail on a case-sensitive file system. Fixes https://github.com/curl/curl/issues/4117 --- CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 388f790db..29cb5f598 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -530,7 +530,7 @@ endif() option(CURL_BROTLI "Set to ON to enable building curl with brotli support." OFF) set(HAVE_BROTLI OFF) if(CURL_BROTLI) - find_package(BROTLI QUIET) + find_package(Brotli QUIET) if(BROTLI_FOUND) set(HAVE_BROTLI ON) list(APPEND CURL_LIBS ${BROTLI_LIBRARIES}) -- cgit v1.2.3 From 51b0feb590c541ae2e7ec0c07918c960e687d62c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 16 Jul 2019 11:48:41 +0200 Subject: THANKS: add contributors from 7.65.2 --- docs/THANKS | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/docs/THANKS b/docs/THANKS index ef4d7a3c6..16c3c378e 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -6,11 +6,13 @@ "Captain Basil" "Spoon Man" +1ocalhost on github Aaro Koskinen Aaron Oneal Aaron Orenstein Aaron Scarisbrick Abram Pousada +AceCrow on Github Adam Barclay Adam Brown Adam Coyne @@ -47,6 +49,7 @@ Alex Baines Alex Bligh Alex Chan Alex Fishman +Alex Grebenschikov Alex Gruz Alex Malinovich Alex McLellan @@ -182,6 +185,7 @@ Ben Kohler Ben Madsen Ben Noordhuis Ben Van Hof +Ben Voris Ben Winslow Benbuck Nason Benjamin Gerard @@ -208,6 +212,7 @@ Bill Hoffman Bill Middlecamp Bill Nagel Bill Pyne +Bjarni Ingi Gislason Bjoern Sikora Bjorn Augustsson Bjorn Reese @@ -249,6 +254,7 @@ Bruno de Carvalho Bryan Henderson Bryan Kemp Byrial Jensen +Caleb Raitto Cameron Kaiser Cameron MacMinn Camille Moncelier @@ -305,6 +311,7 @@ Claes Jakobsson Clarence Gardner Claudio Neves Clemens Gruber +Cliff Crosland Clifford Wolf Clint Clayton Cody Jones @@ -752,6 +759,7 @@ Jamie Lokier Jamie Newton Jamie Wilkinson Jan Alexander Steffens +Jan Chren Jan Ehrhardt Jan Koen Annot Jan Kunder @@ -908,6 +916,7 @@ Juan F. Codagnone Juan Ignacio Hervás Juan RP Judson Bishop +Juergen Hoetzel Juergen Wilke Jukka Pihl Julian Noble @@ -974,6 +983,7 @@ Kjetil Jacobsen Klaus Stein Klevtsov Vadim Kobi Gurkan +Koen Dergent Konstantin Isakov Konstantin Kushnir Kris Kennaway @@ -985,6 +995,7 @@ Kristiyan Tsaklev Kristoffer Gleditsch Kunal Ekawde Kurt Fankhauser +Kyle Edwards Kyle J. McKay Kyle L. Huff Kyle Sallee @@ -1026,6 +1037,7 @@ Lijo Antony Linas Vepstas Lindley French Ling Thio +Linos Giannopoulos Linus Lewandowski Linus Nielsen Feltzing Linus Nordberg @@ -1179,6 +1191,7 @@ Mert YazıcıoÄŸlu Mettgut Jamalla Michael Anti Michael Benedict +Michael Brehm Michael Calmer Michael Cronenworth Michael Curtis @@ -1243,6 +1256,7 @@ Mohammad AlSaleh Mohun Biswas Mostyn Bramley-Moore Moti Avrahami +MrSorcus on github Muz Dima Myk Taylor NTMan on Github @@ -1279,6 +1293,7 @@ Niels van Tongeren Nikita Schmidt Nikitinskit Dmitriy Niklas Angebrand +Niklas Hambüchen Nikolai Kondrashov Nikos Mavrogiannopoulos Nikos Tsipinakis @@ -1381,6 +1396,7 @@ Peter O'Gorman Peter Pentchev Peter Piekarski Peter Silva +Peter Simonyi Peter Su Peter Sylvester Peter Todd @@ -1471,6 +1487,7 @@ Ricardo Cadime Ricardo Gomes Rich Burridge Rich Gray +Rich Mirch Rich Rauenzahn Rich Turner Richard Adams @@ -1610,6 +1627,7 @@ Seth Mos Sevan Janiyan Sh Diao Shachaf Ben-Kiki +Shankar Jadhavar Shao Shuchao Sharad Gupta Shard @@ -1650,11 +1668,13 @@ Stefan Neis Stefan Teleman Stefan Tomanek Stefan Ulrich +Stefano Simonelli Steinar H. Gunderson Stepan Broz Stephan Bergmann Stephan Lagerholm Stephan Mühlstrasser +Stephan Szabo Stephen Brokenshire Stephen Collyer Stephen Kick @@ -1705,6 +1725,7 @@ Terry Wu TheAssassin on github Theodore Dubois Thomas Braun +Thomas Gamper Thomas Glanzmann Thomas J. Moore Thomas Klausner @@ -1801,6 +1822,7 @@ Ulrich Telle Ulrich Zadow Valentin David Vasiliy Faronov +Vasily Lobaskin Vasy Okhin Venkat Akella Venkataramana Mokkapati @@ -1882,6 +1904,7 @@ Zhibiao Wu Zhouyihai Ding Zmey Petroff Zvi Har'El +aasivov on github accountantM on github adnn on github afrind on github @@ -1946,9 +1969,11 @@ olesteban on github omau on github ovidiu-benea on github patelvivekv1993 on github +pendrek at hackerone pszemus on github silveja1 on github smuellerDD on github +sstruchtrup on github steelman on github steini2000 on github stootill on github -- cgit v1.2.3 From 72c2cac8f0ac3a89c21d00b6c6e36fe6c6a8e62b Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 15 Jul 2019 00:59:09 +0200 Subject: RELEASE-NOTES: 7.65.2 --- RELEASE-NOTES | 148 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 92 insertions(+), 56 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 88de580eb..30b7a85fb 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -8,39 +8,53 @@ curl and libcurl 7.65.2 This release includes the following bugfixes: + o CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH [64] + o CMake: Convert errant elseif() to else() [58] + o CMake: Fix finding Brotli on case-sensitive file systems [61] o CURLMOPT_SOCKETFUNCTION.3: clarified [8] o CURLMOPT_SOCKETFUNCTION.3: fix typo o CURLOPT_CAINFO.3: polished wording [9] o CURLOPT_HEADEROPT.3: Fix example [46] + o CURLOPT_RANGE.3: Caution against using it for HTTP PUT [62] + o CURLOPT_SEEKDATA.3: fix variable name [63] + o DEPRECATE: fixup versions and spelling [55] o bindlocal: detect and avoid IP version mismatches in bind() [1] o build: fix Codacy warnings [6] + o buildconf.bat: fix header filename [59] o c-ares: honor port numbers in CURLOPT_DNS_SERVERS [37] o config-os400: add getpeername and getsockname defines [27] o configure: --disable-progress-meter [29] + o configure: fix --disable-code-coverage [60] o configure: fix typo '--disable-http-uath' [41] o configure: more --disable switches to toggle off individual features [7] o configure: remove CURL_DISABLE_TLS_SRP [19] o conn_maxage: move the check to prune_dead_connections() [24] o curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds [38] o curl_multi_wait.3: escape backslash in example [44] + o docs: Explain behavior change in --tlsv1. options since 7.54 [66] o docs: Fix links to OpenSSL docs o docs: fix string suggesting HTTP/2 is not the default [40] o examples/fopen: fix comparison [6] o examples/htmltitle: use C++ casts between pointer types [6] + o headers: Remove no longer exported functions [57] o http2: call done_sending on end of upload [36] o http2: don't call stream-close on already closed streams [32] o http2: remove CURL_DISABLE_TYPECHECK define + o http: allow overriding timecond with custom header [53] o http: clarify header buffer size calculation o krb5: fix compiler warning [15] o lib: Use UTF-8 encoding in comments [47] o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] + o libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS [51] o multi: enable multiplexing by default (again) [34] o multi: fix the transfer hashes in the socket hash entries [17] o multi: make sure 'data' can present in several sockhash entries [2] o netrc: Return the correct error code when out of memory [28] o nss: don't set unused parameter [49] + o nss: inspect returnvalue of token check [65] o nss: only cache valid CRL entries [48] o nss: support using libnss on macOS [50] + o openssl: define HAVE_SSL_GET_SHUTDOWN based on version number [52] o openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined [43] o openssl: fix pubkey/signature algorithm detection in certinfo [25] o openssl: remove outdated comment [20] @@ -48,7 +62,9 @@ This release includes the following bugfixes: o quote.d: asterisk prefix works for SFTP as well [16] o runtests: keep logfiles around by default [26] o runtests: report single test time + total duration [13] + o smb: Use the correct error code for access denied on file open [54] o sws: remove unused variables [6] + o system_win32: fix clang warning [56] o system_win32: fix typo o test1165: verify that CURL_DISABLE_ symbols are in sync o test1521: adapt to SLISTPOINT @@ -82,67 +98,87 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - 1ocalhost on github, Alex Grebenschikov, Ben Voris, Brian Carpenter, - Caleb Raitto, Cliff Crosland, Daniel Gustafsson, Daniel Stenberg, - Gaël Portay, Gergely Nagy, Gisle Vanem, Jakub Zakrzewski, James Brown, - Jay Satiro, jonrumsey on github, Koen Dergent, Kunal Ekawde, Marcel Raad, + 1ocalhost on github, aasivov on github, AceCrow on Github, + Alessandro Ghedini, Alex Grebenschikov, Ben Voris, Bjarni Ingi Gislason, + Brian Carpenter, Caleb Raitto, Christopher Head, Cliff Crosland, + Daniel Gustafsson, Daniel Stenberg, Gaël Portay, Gergely Nagy, + Giorgos Oikonomou, Gisle Vanem, Jakub Zakrzewski, James Brown, Jan Chren, + jonrumsey on github, Juergen Hoetzel, Koen Dergent, Kunal Ekawde, + Kyle Edwards, Linos Giannopoulos, Marcel Raad, Michael Brehm, Michael Wallner, MrSorcus on github, Niklas Hambüchen, Patrick Monnerat, - Richard Alcock, Rich Mirch, Shankar Jadhavar, sstruchtrup on github, - Stephan Szabo, Steve Holme, Thomas Gamper, Tom van der Woerdt, + pendrek at hackerone, Peter Simonyi, Ray Satiro, Richard Alcock, Rich Mirch, + Shankar Jadhavar, sstruchtrup on github, Stefano Simonelli, Stephan Szabo, + Steve Holme, Thomas Gamper, Tom van der Woerdt, Vasily Lobaskin, Viktor Szakats, - (31 contributors) + (46 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?id=3993 - [2] = https://curl.haxx.se/bug/?id=3986 - [3] = https://curl.haxx.se/bug/?id=4000 - [4] = https://curl.haxx.se/bug/?id=3994 - [5] = https://curl.haxx.se/bug/?id=3999 - [6] = https://curl.haxx.se/bug/?id=3975 - [7] = https://curl.haxx.se/bug/?id=4009 - [8] = https://curl.haxx.se/bug/?id=4006 + [1] = https://curl.haxx.se/bug/?i=3993 + [2] = https://curl.haxx.se/bug/?i=3986 + [3] = https://curl.haxx.se/bug/?i=4000 + [4] = https://curl.haxx.se/bug/?i=3994 + [5] = https://curl.haxx.se/bug/?i=3999 + [6] = https://curl.haxx.se/bug/?i=3975 + [7] = https://curl.haxx.se/bug/?i=4009 + [8] = https://curl.haxx.se/bug/?i=4006 [9] = https://curl.haxx.se/mail/lib-2019-06/0019.html - [10] = https://curl.haxx.se/bug/?id=3984 - [11] = https://curl.haxx.se/bug/?id=3903 - [12] = https://curl.haxx.se/bug/?id=3833 - [13] = https://curl.haxx.se/bug/?id=4027 - [14] = https://curl.haxx.se/bug/?id=4021 - [15] = https://curl.haxx.se/bug/?id=4020 - [16] = https://curl.haxx.se/bug/?id=4017 - [17] = https://curl.haxx.se/bug/?id=4012 - [18] = https://curl.haxx.se/bug/?id=4013 - [19] = https://curl.haxx.se/bug/?id=4010 - [20] = https://curl.haxx.se/bug/?id=4033 - [21] = https://curl.haxx.se/bug/?id=4031 - [22] = https://curl.haxx.se/bug/?id=4034 - [23] = https://curl.haxx.se/bug/?id=3950 - [24] = https://curl.haxx.se/bug/?id=4029 - [25] = https://curl.haxx.se/bug/?id=3706 - [26] = https://curl.haxx.se/bug/?id=4035 - [27] = https://curl.haxx.se/bug/?id=4037 - [28] = https://curl.haxx.se/bug/?id=4036 - [29] = https://curl.haxx.se/bug/?id=4023 - [30] = https://curl.haxx.se/bug/?id=4048 - [31] = https://curl.haxx.se/bug/?id=4042 - [32] = https://curl.haxx.se/bug/?id=4055 - [33] = https://curl.haxx.se/bug/?id=4050 - [34] = https://curl.haxx.se/bug/?id=4051 - [35] = https://curl.haxx.se/bug/?id=4070 - [36] = https://curl.haxx.se/bug/?id=4068 - [37] = https://curl.haxx.se/bug/?id=4066 - [38] = https://curl.haxx.se/bug/?id=4061 - [39] = https://curl.haxx.se/bug/?id=4065 - [40] = https://curl.haxx.se/bug/?id=4075 - [41] = https://curl.haxx.se/bug/?id=4076 - [42] = https://curl.haxx.se/bug/?id=4072 - [43] = https://curl.haxx.se/bug/?id=4073 - [44] = https://curl.haxx.se/bug/?id=4079 - [45] = https://curl.haxx.se/bug/?id=4086 - [46] = https://curl.haxx.se/bug/?id=4090 - [47] = https://curl.haxx.se/bug/?id=4087 - [48] = https://curl.haxx.se/bug/?id=4053 - [49] = https://curl.haxx.se/bug/?id=4054 - [50] = https://curl.haxx.se/bug/?id=4046 + [10] = https://curl.haxx.se/bug/?i=3984 + [11] = https://curl.haxx.se/bug/?i=3903 + [12] = https://curl.haxx.se/bug/?i=3833 + [13] = https://curl.haxx.se/bug/?i=4027 + [14] = https://curl.haxx.se/bug/?i=4021 + [15] = https://curl.haxx.se/bug/?i=4020 + [16] = https://curl.haxx.se/bug/?i=4017 + [17] = https://curl.haxx.se/bug/?i=4012 + [18] = https://curl.haxx.se/bug/?i=4013 + [19] = https://curl.haxx.se/bug/?i=4010 + [20] = https://curl.haxx.se/bug/?i=4033 + [21] = https://curl.haxx.se/bug/?i=4031 + [22] = https://curl.haxx.se/bug/?i=4034 + [23] = https://curl.haxx.se/bug/?i=3950 + [24] = https://curl.haxx.se/bug/?i=4029 + [25] = https://curl.haxx.se/bug/?i=3706 + [26] = https://curl.haxx.se/bug/?i=4035 + [27] = https://curl.haxx.se/bug/?i=4037 + [28] = https://curl.haxx.se/bug/?i=4036 + [29] = https://curl.haxx.se/bug/?i=4023 + [30] = https://curl.haxx.se/bug/?i=4048 + [31] = https://curl.haxx.se/bug/?i=4042 + [32] = https://curl.haxx.se/bug/?i=4055 + [33] = https://curl.haxx.se/bug/?i=4050 + [34] = https://curl.haxx.se/bug/?i=4051 + [35] = https://curl.haxx.se/bug/?i=4070 + [36] = https://curl.haxx.se/bug/?i=4068 + [37] = https://curl.haxx.se/bug/?i=4066 + [38] = https://curl.haxx.se/bug/?i=4061 + [39] = https://curl.haxx.se/bug/?i=4065 + [40] = https://curl.haxx.se/bug/?i=4075 + [41] = https://curl.haxx.se/bug/?i=4076 + [42] = https://curl.haxx.se/bug/?i=4072 + [43] = https://curl.haxx.se/bug/?i=4073 + [44] = https://curl.haxx.se/bug/?i=4079 + [45] = https://curl.haxx.se/bug/?i=4086 + [46] = https://curl.haxx.se/bug/?i=4090 + [47] = https://curl.haxx.se/bug/?i=4087 + [48] = https://curl.haxx.se/bug/?i=4053 + [49] = https://curl.haxx.se/bug/?i=4054 + [50] = https://curl.haxx.se/bug/?i=4046 + [51] = https://curl.haxx.se/bug/?i=4094 + [52] = https://curl.haxx.se/bug/?i=4100 + [53] = https://curl.haxx.se/bug/?i=4103 + [54] = https://curl.haxx.se/bug/?i=4095 + [55] = https://curl.haxx.se/bug/?i=4107 + [56] = https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597 + [57] = https://curl.haxx.se/bug/?i=4096 + [58] = https://curl.haxx.se/bug/?i=4101 + [59] = https://curl.haxx.se/bug/?i=4102 + [60] = https://curl.haxx.se/bug/?i=4099 + [61] = https://curl.haxx.se/bug/?i=4117 + [62] = https://curl.haxx.se/bug/?i=3814 + [63] = https://curl.haxx.se/bug/?i=4118 + [64] = https://curl.haxx.se/bug/?i=3389 + [65] = https://curl.haxx.se/bug/?i=4110 + [66] = https://curl.haxx.se/bug/?i=4097 -- cgit v1.2.3 From 09b30659ef3b9ea130936072229c6e29e1a8887e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 17 Jul 2019 09:34:49 +0200 Subject: RELEASE-NOTES: Contributors or now 1990 --- RELEASE-NOTES | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 30b7a85fb..3f963a091 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -4,7 +4,7 @@ curl and libcurl 7.65.2 Command line options: 221 curl_easy_setopt() options: 268 Public functions in libcurl: 80 - Contributors: 1965 + Contributors: 1990 This release includes the following bugfixes: -- cgit v1.2.3 From 13af7cf1e8996e39ff2514e95379deb8ee62ff92 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 19 Jul 2019 00:40:51 +0200 Subject: version: bump to 7.65.3 --- RELEASE-NOTES | 172 +++---------------------------------------------- include/curl/curlver.h | 6 +- 2 files changed, 11 insertions(+), 167 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 3f963a091..9b7447e25 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -1,6 +1,6 @@ -curl and libcurl 7.65.2 +curl and libcurl 7.65.3 - Public curl releases: 183 + Public curl releases: 184 Command line options: 221 curl_easy_setopt() options: 268 Public functions in libcurl: 80 @@ -8,89 +8,8 @@ curl and libcurl 7.65.2 This release includes the following bugfixes: - o CIPHERS.md: Explain Schannel error SEC_E_ALGORITHM_MISMATCH [64] - o CMake: Convert errant elseif() to else() [58] - o CMake: Fix finding Brotli on case-sensitive file systems [61] - o CURLMOPT_SOCKETFUNCTION.3: clarified [8] - o CURLMOPT_SOCKETFUNCTION.3: fix typo - o CURLOPT_CAINFO.3: polished wording [9] - o CURLOPT_HEADEROPT.3: Fix example [46] - o CURLOPT_RANGE.3: Caution against using it for HTTP PUT [62] - o CURLOPT_SEEKDATA.3: fix variable name [63] - o DEPRECATE: fixup versions and spelling [55] - o bindlocal: detect and avoid IP version mismatches in bind() [1] - o build: fix Codacy warnings [6] - o buildconf.bat: fix header filename [59] - o c-ares: honor port numbers in CURLOPT_DNS_SERVERS [37] - o config-os400: add getpeername and getsockname defines [27] - o configure: --disable-progress-meter [29] - o configure: fix --disable-code-coverage [60] - o configure: fix typo '--disable-http-uath' [41] - o configure: more --disable switches to toggle off individual features [7] - o configure: remove CURL_DISABLE_TLS_SRP [19] - o conn_maxage: move the check to prune_dead_connections() [24] - o curl: skip CURLOPT_PROXY_CAPATH for disabled-proxy builds [38] - o curl_multi_wait.3: escape backslash in example [44] - o docs: Explain behavior change in --tlsv1. options since 7.54 [66] - o docs: Fix links to OpenSSL docs - o docs: fix string suggesting HTTP/2 is not the default [40] - o examples/fopen: fix comparison [6] - o examples/htmltitle: use C++ casts between pointer types [6] - o headers: Remove no longer exported functions [57] - o http2: call done_sending on end of upload [36] - o http2: don't call stream-close on already closed streams [32] - o http2: remove CURL_DISABLE_TYPECHECK define - o http: allow overriding timecond with custom header [53] - o http: clarify header buffer size calculation - o krb5: fix compiler warning [15] - o lib: Use UTF-8 encoding in comments [47] - o libcurl-tutorial.3: Fix small typo (mutipart -> multipart) [3] - o libcurl: Restrict redirect schemes to HTTP, HTTPS, FTP and FTPS [51] - o multi: enable multiplexing by default (again) [34] - o multi: fix the transfer hashes in the socket hash entries [17] - o multi: make sure 'data' can present in several sockhash entries [2] - o netrc: Return the correct error code when out of memory [28] - o nss: don't set unused parameter [49] - o nss: inspect returnvalue of token check [65] - o nss: only cache valid CRL entries [48] - o nss: support using libnss on macOS [50] - o openssl: define HAVE_SSL_GET_SHUTDOWN based on version number [52] - o openssl: disable engine if OPENSSL_NO_UI_CONSOLE is defined [43] - o openssl: fix pubkey/signature algorithm detection in certinfo [25] - o openssl: remove outdated comment [20] - o os400: make vsetopt() non-static as Curl_vsetopt() for os400 support [12] - o quote.d: asterisk prefix works for SFTP as well [16] - o runtests: keep logfiles around by default [26] - o runtests: report single test time + total duration [13] - o smb: Use the correct error code for access denied on file open [54] - o sws: remove unused variables [6] - o system_win32: fix clang warning [56] - o system_win32: fix typo - o test1165: verify that CURL_DISABLE_ symbols are in sync - o test1521: adapt to SLISTPOINT - o test1523: test CURLOPT_LOW_SPEED_LIMIT - o test153: fix content-length to avoid occasional hang [39] - o test188/189: fix Content-Length [22] - o tests: have runtests figure out disabled features [23] - o tests: support non-localhost HOSTIP for dict/smb servers [30] - o tests: update fixed IP for hostip/clientip split [35] - o tool_cb_prg: Fix integer overflow in progress bar [10] - o travis: disable threaded resolver for coverage build - o travis: enable alt-svc for coverage build - o travis: enable brotli for all xenial jobs - o travis: enable libssh2 for coverage build - o travis: enable warnings-as-errors for coverage build - o travis: update scan-build job to xenial [5] - o typecheck: CURLOPT_CONNECT_TO takes an slist too [31] - o typecheck: add 3 missing strings and a callback data pointer [33] - o unit1654: cleanup on memory failure [14] - o unpause: trigger a timeout for event-based transfers [4] - o url: Fix CURLOPT_MAXAGE_CONN time comparison [18] - o win32: make DLL loading a no-op for UWP [42] - o winbuild: Change Makefile to honor ENABLE_OPENSSL_AUTO_LOAD_CONFIG [45] - o winbuild: use WITH_PREFIX if given [21] - o wolfssl: refer to it as wolfSSL only [11] - + o + This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) @@ -98,87 +17,12 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - 1ocalhost on github, aasivov on github, AceCrow on Github, - Alessandro Ghedini, Alex Grebenschikov, Ben Voris, Bjarni Ingi Gislason, - Brian Carpenter, Caleb Raitto, Christopher Head, Cliff Crosland, - Daniel Gustafsson, Daniel Stenberg, Gaël Portay, Gergely Nagy, - Giorgos Oikonomou, Gisle Vanem, Jakub Zakrzewski, James Brown, Jan Chren, - jonrumsey on github, Juergen Hoetzel, Koen Dergent, Kunal Ekawde, - Kyle Edwards, Linos Giannopoulos, Marcel Raad, Michael Brehm, - Michael Wallner, MrSorcus on github, Niklas Hambüchen, Patrick Monnerat, - pendrek at hackerone, Peter Simonyi, Ray Satiro, Richard Alcock, Rich Mirch, - Shankar Jadhavar, sstruchtrup on github, Stefano Simonelli, Stephan Szabo, - Steve Holme, Thomas Gamper, Tom van der Woerdt, Vasily Lobaskin, - Viktor Szakats, - (46 contributors) + + (N contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i=3993 - [2] = https://curl.haxx.se/bug/?i=3986 - [3] = https://curl.haxx.se/bug/?i=4000 - [4] = https://curl.haxx.se/bug/?i=3994 - [5] = https://curl.haxx.se/bug/?i=3999 - [6] = https://curl.haxx.se/bug/?i=3975 - [7] = https://curl.haxx.se/bug/?i=4009 - [8] = https://curl.haxx.se/bug/?i=4006 - [9] = https://curl.haxx.se/mail/lib-2019-06/0019.html - [10] = https://curl.haxx.se/bug/?i=3984 - [11] = https://curl.haxx.se/bug/?i=3903 - [12] = https://curl.haxx.se/bug/?i=3833 - [13] = https://curl.haxx.se/bug/?i=4027 - [14] = https://curl.haxx.se/bug/?i=4021 - [15] = https://curl.haxx.se/bug/?i=4020 - [16] = https://curl.haxx.se/bug/?i=4017 - [17] = https://curl.haxx.se/bug/?i=4012 - [18] = https://curl.haxx.se/bug/?i=4013 - [19] = https://curl.haxx.se/bug/?i=4010 - [20] = https://curl.haxx.se/bug/?i=4033 - [21] = https://curl.haxx.se/bug/?i=4031 - [22] = https://curl.haxx.se/bug/?i=4034 - [23] = https://curl.haxx.se/bug/?i=3950 - [24] = https://curl.haxx.se/bug/?i=4029 - [25] = https://curl.haxx.se/bug/?i=3706 - [26] = https://curl.haxx.se/bug/?i=4035 - [27] = https://curl.haxx.se/bug/?i=4037 - [28] = https://curl.haxx.se/bug/?i=4036 - [29] = https://curl.haxx.se/bug/?i=4023 - [30] = https://curl.haxx.se/bug/?i=4048 - [31] = https://curl.haxx.se/bug/?i=4042 - [32] = https://curl.haxx.se/bug/?i=4055 - [33] = https://curl.haxx.se/bug/?i=4050 - [34] = https://curl.haxx.se/bug/?i=4051 - [35] = https://curl.haxx.se/bug/?i=4070 - [36] = https://curl.haxx.se/bug/?i=4068 - [37] = https://curl.haxx.se/bug/?i=4066 - [38] = https://curl.haxx.se/bug/?i=4061 - [39] = https://curl.haxx.se/bug/?i=4065 - [40] = https://curl.haxx.se/bug/?i=4075 - [41] = https://curl.haxx.se/bug/?i=4076 - [42] = https://curl.haxx.se/bug/?i=4072 - [43] = https://curl.haxx.se/bug/?i=4073 - [44] = https://curl.haxx.se/bug/?i=4079 - [45] = https://curl.haxx.se/bug/?i=4086 - [46] = https://curl.haxx.se/bug/?i=4090 - [47] = https://curl.haxx.se/bug/?i=4087 - [48] = https://curl.haxx.se/bug/?i=4053 - [49] = https://curl.haxx.se/bug/?i=4054 - [50] = https://curl.haxx.se/bug/?i=4046 - [51] = https://curl.haxx.se/bug/?i=4094 - [52] = https://curl.haxx.se/bug/?i=4100 - [53] = https://curl.haxx.se/bug/?i=4103 - [54] = https://curl.haxx.se/bug/?i=4095 - [55] = https://curl.haxx.se/bug/?i=4107 - [56] = https://github.com/curl/curl/commit/48b9ea4#commitcomment-34084597 - [57] = https://curl.haxx.se/bug/?i=4096 - [58] = https://curl.haxx.se/bug/?i=4101 - [59] = https://curl.haxx.se/bug/?i=4102 - [60] = https://curl.haxx.se/bug/?i=4099 - [61] = https://curl.haxx.se/bug/?i=4117 - [62] = https://curl.haxx.se/bug/?i=3814 - [63] = https://curl.haxx.se/bug/?i=4118 - [64] = https://curl.haxx.se/bug/?i=3389 - [65] = https://curl.haxx.se/bug/?i=4110 - [66] = https://curl.haxx.se/bug/?i=4097 + [1] = https://curl.haxx.se/bug/?i= + \ No newline at end of file diff --git a/include/curl/curlver.h b/include/curl/curlver.h index 3ec2555e7..846b9796e 100644 --- a/include/curl/curlver.h +++ b/include/curl/curlver.h @@ -30,13 +30,13 @@ /* This is the version number of the libcurl package from which this header file origins: */ -#define LIBCURL_VERSION "7.65.2-DEV" +#define LIBCURL_VERSION "7.65.3-DEV" /* The numeric version number is also available "in parts" by using these defines: */ #define LIBCURL_VERSION_MAJOR 7 #define LIBCURL_VERSION_MINOR 65 -#define LIBCURL_VERSION_PATCH 2 +#define LIBCURL_VERSION_PATCH 3 /* This is the numeric version of the libcurl version number, meant for easier parsing and comparions by programs. The LIBCURL_VERSION_NUM define will @@ -57,7 +57,7 @@ CURL_VERSION_BITS() macro since curl's own configure script greps for it and needs it to contain the full number. */ -#define LIBCURL_VERSION_NUM 0x074102 +#define LIBCURL_VERSION_NUM 0x074103 /* * This is the date and time when the full source package was created. The -- cgit v1.2.3 From 27e14efe5f330a9aca0c57795a23928e3198fcd0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 18 Jul 2019 23:23:35 +0200 Subject: progress: make the progress meter appear again Fix regression caused by 21080e1 Reported-by: Chih-Hsuan Yen Fixes #4122 Closes #4124 --- lib/progress.c | 226 +++++++++++++++++++++++++++------------------------------ 1 file changed, 108 insertions(+), 118 deletions(-) diff --git a/lib/progress.c b/lib/progress.c index 7282e0232..9f953ef5a 100644 --- a/lib/progress.c +++ b/lib/progress.c @@ -364,13 +364,15 @@ void Curl_pgrsSetUploadSize(struct Curl_easy *data, curl_off_t size) } } -static void progress_calc(struct connectdata *conn, struct curltime now) +/* returns TRUE if it's time to show the progress meter */ +static bool progress_calc(struct connectdata *conn, struct curltime now) { curl_off_t timespent; curl_off_t timespent_ms; /* milliseconds */ struct Curl_easy *data = conn->data; curl_off_t dl = data->progress.downloaded; curl_off_t ul = data->progress.uploaded; + bool timetoshow = FALSE; /* The time spent so far (from the start) */ data->progress.timespent = Curl_timediff_us(now, data->progress.start); @@ -394,6 +396,7 @@ static void progress_calc(struct connectdata *conn, struct curltime now) int countindex; /* amount of seconds stored in the speeder array */ int nowindex = data->progress.speeder_c% CURR_TIME; data->progress.lastshow = now.tv_sec; + timetoshow = TRUE; /* Let's do the "current speed" thing, with the dl + ul speeds combined. Store the speed at entry 'nowindex'. */ @@ -452,133 +455,119 @@ static void progress_calc(struct connectdata *conn, struct curltime now) data->progress.ulspeed + data->progress.dlspeed; } /* Calculations end */ + return timetoshow; } #ifndef CURL_DISABLE_PROGRESS_METER -static void progress_meter(struct connectdata *conn, - struct curltime now) +static void progress_meter(struct connectdata *conn) { struct Curl_easy *data = conn->data; - bool shownow = FALSE; - if(data->progress.lastshow != now.tv_sec) { - if(!(data->progress.flags & PGRS_HIDE)) - shownow = TRUE; - } - - if(!shownow) - /* only show the internal progress meter once per second */ - return; - else { - /* If there's no external callback set, use internal code to show - progress */ - /* progress meter has not been shut off */ - char max5[6][10]; - curl_off_t dlpercen = 0; - curl_off_t ulpercen = 0; - curl_off_t total_percen = 0; - curl_off_t total_transfer; - curl_off_t total_expected_transfer; - char time_left[10]; - char time_total[10]; - char time_spent[10]; - curl_off_t ulestimate = 0; - curl_off_t dlestimate = 0; - curl_off_t total_estimate; - curl_off_t timespent = - (curl_off_t)data->progress.timespent/1000000; /* seconds */ - - if(!(data->progress.flags & PGRS_HEADERS_OUT)) { - if(data->state.resume_from) { - fprintf(data->set.err, - "** Resuming transfer from byte position %" - CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from); - } + char max5[6][10]; + curl_off_t dlpercen = 0; + curl_off_t ulpercen = 0; + curl_off_t total_percen = 0; + curl_off_t total_transfer; + curl_off_t total_expected_transfer; + char time_left[10]; + char time_total[10]; + char time_spent[10]; + curl_off_t ulestimate = 0; + curl_off_t dlestimate = 0; + curl_off_t total_estimate; + curl_off_t timespent = + (curl_off_t)data->progress.timespent/1000000; /* seconds */ + + if(!(data->progress.flags & PGRS_HEADERS_OUT)) { + if(data->state.resume_from) { fprintf(data->set.err, - " %% Total %% Received %% Xferd Average Speed " - "Time Time Time Current\n" - " Dload Upload " - "Total Spent Left Speed\n"); - data->progress.flags |= PGRS_HEADERS_OUT; /* headers are shown */ - } - - /* Figure out the estimated time of arrival for the upload */ - if((data->progress.flags & PGRS_UL_SIZE_KNOWN) && - (data->progress.ulspeed > CURL_OFF_T_C(0))) { - ulestimate = data->progress.size_ul / data->progress.ulspeed; - - if(data->progress.size_ul > CURL_OFF_T_C(10000)) - ulpercen = data->progress.uploaded / - (data->progress.size_ul/CURL_OFF_T_C(100)); - else if(data->progress.size_ul > CURL_OFF_T_C(0)) - ulpercen = (data->progress.uploaded*100) / - data->progress.size_ul; - } - - /* ... and the download */ - if((data->progress.flags & PGRS_DL_SIZE_KNOWN) && - (data->progress.dlspeed > CURL_OFF_T_C(0))) { - dlestimate = data->progress.size_dl / data->progress.dlspeed; - - if(data->progress.size_dl > CURL_OFF_T_C(10000)) - dlpercen = data->progress.downloaded / - (data->progress.size_dl/CURL_OFF_T_C(100)); - else if(data->progress.size_dl > CURL_OFF_T_C(0)) - dlpercen = (data->progress.downloaded*100) / - data->progress.size_dl; + "** Resuming transfer from byte position %" + CURL_FORMAT_CURL_OFF_T "\n", data->state.resume_from); } + fprintf(data->set.err, + " %% Total %% Received %% Xferd Average Speed " + "Time Time Time Current\n" + " Dload Upload " + "Total Spent Left Speed\n"); + data->progress.flags |= PGRS_HEADERS_OUT; /* headers are shown */ + } - /* Now figure out which of them is slower and use that one for the - total estimate! */ - total_estimate = ulestimate>dlestimate?ulestimate:dlestimate; - - /* create the three time strings */ - time2str(time_left, total_estimate > 0?(total_estimate - timespent):0); - time2str(time_total, total_estimate); - time2str(time_spent, timespent); - - /* Get the total amount of data expected to get transferred */ - total_expected_transfer = - ((data->progress.flags & PGRS_UL_SIZE_KNOWN)? - data->progress.size_ul:data->progress.uploaded)+ - ((data->progress.flags & PGRS_DL_SIZE_KNOWN)? - data->progress.size_dl:data->progress.downloaded); - - /* We have transferred this much so far */ - total_transfer = data->progress.downloaded + data->progress.uploaded; + /* Figure out the estimated time of arrival for the upload */ + if((data->progress.flags & PGRS_UL_SIZE_KNOWN) && + (data->progress.ulspeed > CURL_OFF_T_C(0))) { + ulestimate = data->progress.size_ul / data->progress.ulspeed; + + if(data->progress.size_ul > CURL_OFF_T_C(10000)) + ulpercen = data->progress.uploaded / + (data->progress.size_ul/CURL_OFF_T_C(100)); + else if(data->progress.size_ul > CURL_OFF_T_C(0)) + ulpercen = (data->progress.uploaded*100) / + data->progress.size_ul; + } - /* Get the percentage of data transferred so far */ - if(total_expected_transfer > CURL_OFF_T_C(10000)) - total_percen = total_transfer / - (total_expected_transfer/CURL_OFF_T_C(100)); - else if(total_expected_transfer > CURL_OFF_T_C(0)) - total_percen = (total_transfer*100) / total_expected_transfer; + /* ... and the download */ + if((data->progress.flags & PGRS_DL_SIZE_KNOWN) && + (data->progress.dlspeed > CURL_OFF_T_C(0))) { + dlestimate = data->progress.size_dl / data->progress.dlspeed; + + if(data->progress.size_dl > CURL_OFF_T_C(10000)) + dlpercen = data->progress.downloaded / + (data->progress.size_dl/CURL_OFF_T_C(100)); + else if(data->progress.size_dl > CURL_OFF_T_C(0)) + dlpercen = (data->progress.downloaded*100) / + data->progress.size_dl; + } - fprintf(data->set.err, - "\r" - "%3" CURL_FORMAT_CURL_OFF_T " %s " - "%3" CURL_FORMAT_CURL_OFF_T " %s " - "%3" CURL_FORMAT_CURL_OFF_T " %s %s %s %s %s %s %s", - total_percen, /* 3 letters */ /* total % */ - max5data(total_expected_transfer, max5[2]), /* total size */ - dlpercen, /* 3 letters */ /* rcvd % */ - max5data(data->progress.downloaded, max5[0]), /* rcvd size */ - ulpercen, /* 3 letters */ /* xfer % */ - max5data(data->progress.uploaded, max5[1]), /* xfer size */ - max5data(data->progress.dlspeed, max5[3]), /* avrg dl speed */ - max5data(data->progress.ulspeed, max5[4]), /* avrg ul speed */ - time_total, /* 8 letters */ /* total time */ - time_spent, /* 8 letters */ /* time spent */ - time_left, /* 8 letters */ /* time left */ - max5data(data->progress.current_speed, max5[5]) - ); - - /* we flush the output stream to make it appear as soon as possible */ - fflush(data->set.err); - } /* don't show now */ + /* Now figure out which of them is slower and use that one for the + total estimate! */ + total_estimate = ulestimate>dlestimate?ulestimate:dlestimate; + + /* create the three time strings */ + time2str(time_left, total_estimate > 0?(total_estimate - timespent):0); + time2str(time_total, total_estimate); + time2str(time_spent, timespent); + + /* Get the total amount of data expected to get transferred */ + total_expected_transfer = + ((data->progress.flags & PGRS_UL_SIZE_KNOWN)? + data->progress.size_ul:data->progress.uploaded)+ + ((data->progress.flags & PGRS_DL_SIZE_KNOWN)? + data->progress.size_dl:data->progress.downloaded); + + /* We have transferred this much so far */ + total_transfer = data->progress.downloaded + data->progress.uploaded; + + /* Get the percentage of data transferred so far */ + if(total_expected_transfer > CURL_OFF_T_C(10000)) + total_percen = total_transfer / + (total_expected_transfer/CURL_OFF_T_C(100)); + else if(total_expected_transfer > CURL_OFF_T_C(0)) + total_percen = (total_transfer*100) / total_expected_transfer; + + fprintf(data->set.err, + "\r" + "%3" CURL_FORMAT_CURL_OFF_T " %s " + "%3" CURL_FORMAT_CURL_OFF_T " %s " + "%3" CURL_FORMAT_CURL_OFF_T " %s %s %s %s %s %s %s", + total_percen, /* 3 letters */ /* total % */ + max5data(total_expected_transfer, max5[2]), /* total size */ + dlpercen, /* 3 letters */ /* rcvd % */ + max5data(data->progress.downloaded, max5[0]), /* rcvd size */ + ulpercen, /* 3 letters */ /* xfer % */ + max5data(data->progress.uploaded, max5[1]), /* xfer size */ + max5data(data->progress.dlspeed, max5[3]), /* avrg dl speed */ + max5data(data->progress.ulspeed, max5[4]), /* avrg ul speed */ + time_total, /* 8 letters */ /* total time */ + time_spent, /* 8 letters */ /* time spent */ + time_left, /* 8 letters */ /* time left */ + max5data(data->progress.current_speed, max5[5]) + ); + + /* we flush the output stream to make it appear as soon as possible */ + fflush(data->set.err); } #else /* progress bar disabled */ -#define progress_meter(x,y) +#define progress_meter(x) Curl_nop_stmt #endif @@ -590,8 +579,7 @@ int Curl_pgrsUpdate(struct connectdata *conn) { struct Curl_easy *data = conn->data; struct curltime now = Curl_now(); /* what time is it */ - - progress_calc(conn, now); + bool showprogress = progress_calc(conn, now); if(!(data->progress.flags & PGRS_HIDE)) { if(data->set.fxferinfo) { int result; @@ -621,8 +609,10 @@ int Curl_pgrsUpdate(struct connectdata *conn) failf(data, "Callback aborted"); return result; } + + if(showprogress) + progress_meter(conn); } - progress_meter(conn, now); return 0; } -- cgit v1.2.3 From 56fc8db02fcbf076fa859073365811c2a778974c Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 19 Jul 2019 11:32:15 +0200 Subject: THANKS: 7.65.3 status --- docs/THANKS | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/THANKS b/docs/THANKS index 16c3c378e..385ecd851 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -274,6 +274,7 @@ Charles Romestant Chen Prog Chester Liu Chih-Chung Chang +Chih-Hsuan Yen Chris "Bob Bob" Chris Araman Chris Carlmar -- cgit v1.2.3 From aa73eb47bc8583070734696b25b34ad54c2c1f5e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 19 Jul 2019 11:32:23 +0200 Subject: RELEASE-NOTES: 7.65.3 --- RELEASE-NOTES | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 9b7447e25..bedfa2c56 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -4,12 +4,12 @@ curl and libcurl 7.65.3 Command line options: 221 curl_easy_setopt() options: 268 Public functions in libcurl: 80 - Contributors: 1990 + Contributors: 1991 This release includes the following bugfixes: - o - + o progress: make the progress meter appear again [1] + This release includes the following known bugs: o see docs/KNOWN_BUGS (https://curl.haxx.se/docs/knownbugs.html) @@ -17,12 +17,11 @@ This release includes the following known bugs: This release would not have looked like this without help, code, reports and advice from friends like these: - - (N contributors) + Chih-Hsuan Yen, Daniel Stenberg, + (2 contributors) Thanks! (and sorry if I forgot to mention someone) References to bug reports and discussions on issues: - [1] = https://curl.haxx.se/bug/?i= - \ No newline at end of file + [1] = https://curl.haxx.se/bug/?i=4122 -- cgit v1.2.3